ML11136A097
| ML11136A097 | |
| Person / Time | |
|---|---|
| Site: | Watts Bar  |
| Issue date: | 04/26/2011 |
| From: | - No Known Affiliation |
| To: | Division of Operating Reactor Licensing |
| References | |
| Download: ML11136A097 (149) | |
Text
WBN2Public Resource From: Clark, Mark Steven [msclark0@tva.gov]
Sent: Tuesday, April 26, 2011 2:23 PM To: Crouch, William D Cc: Hilmes, Steven A; Kepler, Jeffrey T; Raley, Thomas R; Poole, Justin
Subject:
20110421 Open Item List Master TVA Update 04-26-11.docx Attachments: Comparison of RG 1 180 and SS E18 14 01.docx; 25402-011-V1A-HARA-00184-001.pdf; NPG-SPP-12-7.pdf; WBT-D-2782.pdf; 20110421 Open Item List Master TVA Update 04-26-11.docx All:
Attached is the matrix update for this week. I have included the non-proprietary attachments that have been reviewed by engineering.
Bill:
Please forward to Justin.
- Regards, Steve Steve Clark Bechtel Power Corp.
Control Systems Watts Bar 2 Completion Project Phone: 423.365.3007 e-mail: msclark0@tva.gov 1
Hearing Identifier: Watts_Bar_2_Operating_LA_Public Email Number: 359 Mail Envelope Properties (7AB41F650F76BD44B5BCAB7C0CCABFAF1816A0CC)
Subject:
20110421 Open Item List Master TVA Update 04-26-11.docx Sent Date: 4/26/2011 2:23:16 PM Received Date: 4/26/2011 2:23:50 PM From: Clark, Mark Steven Created By: msclark0@tva.gov Recipients:
"Hilmes, Steven A" <sahilmes@tva.gov>
Tracking Status: None "Kepler, Jeffrey T" <jtkepler@tva.gov>
Tracking Status: None "Raley, Thomas R" <trraley@tva.gov>
Tracking Status: None "Poole, Justin" <Justin.Poole@nrc.gov>
Tracking Status: None "Crouch, William D" <wdcrouch@tva.gov>
Tracking Status: None Post Office: TVANUCXVS2.main.tva.gov Files Size Date & Time MESSAGE 422 4/26/2011 2:23:50 PM Comparison of RG 1 180 and SS E18 14 01.docx 27515 25402-011-V1A-HARA-00184-001.pdf 2927286 NPG-SPP-12-7.pdf 280938 WBT-D-2782.pdf 67036 20110421 Open Item List Master TVA Update 04-26-11.docx 516459 Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date:
Recipients Received:
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 1 of 8 TVA SS E 18.14.01 History and Program Description o TVA SS E18.14.01 Revision 0 issued in 1980 o TVA experience used extensively in Electric Power Research Institute (EPRI1) Topical Report (TR)-102323, Guidelines for Electromagnetic Interference Testing of Power Plant Equipment o SS E18.14.01Revision 3 updated to reflect EPRI TR-102323 Revision1 o Nuclear Regulatory Commission (NRC) Safety Evaluation Report (SER) dated April 17, 1996 accepted EPRI TR-102323 Revision 1 o Test levels conservative to RG 1.180 Revision 1 o SS allows alternate tests (like RG 1.180 Revision 1) o Equipment that requires certification to the SS require reports/testing to be evaluated and approved for the application by the Corporate Electromagnetic Compatibility (EMC)
Program Manager o SS applied to all electronic equipment - not just digital safety systems Graded approach SS for equipment requirements is shown in sections 1.5 and 1.6 Emissions - for all electronic equipment Susceptibility - required for equipment in the RG 1.180 Revision 1 area.
o Main difference with RG 1.180 - Magnetic Field testing Typically not applicable The location of electronic equipment not in high fields Considered realm of harmonic distortion and not EMI - TVA requires a THD of <5%
on sources such as inverters.
Testing would be applicable and specified for Cathode Ray Tube (CRT) equipment if installed in magnetic field locations 30 years of evaluating equipment TVA has not seen a failure from the susceptibility testing 1
EPRI is a registered service mark of the Electric Power Research Institute Incorporated.
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 2 of 8 Specific comparisons Emissions SS E18.14.01 Revision 3 SS 6.7 Radiated Emissions - electromagnetic fields o System is required to be configured per the test plan and operable o Frequency range is 1 MHz to 1GHz o EPRI TR-102323 Figure 7.4 limit is specified o Alternate tests are allowed - Industry standard test levels [Federal Communications Commission (FCC), International Special Committee on Radio Interference (CISPR),
European Standard (EN)] have more conservative limits over comparable frequency ranges SS 6.8 Conducted Emissions o The equipment under test (EUT) is required to be configured normally and operable o Typically a power line test o TVA requires testing on output lines where applicable o Frequency range is 10kHz to 400MHz o EPRI TR-102323 Figure 7-2 limit is specified o Alternate tests are allowed - Military Standard (MIL STD) tests referenced Emissions RG 1.180 Revision 1 Radiated Emissions (RE) o RE 101 Magnetic Fields 30Hz to 100kHz o RE 102 Electric Fields 2 MHz to 1GHz o CISPR 11 Electric Field 30MHz to 1GHz Conducted Emissions (CE) o CE 101 30Hz to 10kHz
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 3 of 8 This frequency range is considered in the power quality distortion requirements of sources and not EMI. The recommendation in EPRI TR-102323 Revision 1 is followed.
MIL STD 461F does not require this for Army Ground equipment. The issues for this test relate to ships and aircraft that use the hull/structure for returns o CE102 10kHz to 2MHz TVA tests over a greater range and requires testing on output of sources such as DC power supplies o CISPR11 150kHz to 30MHz TVA tests require a greater frequency range and requires testing on output of sources such as DC power supplies o Alternate or commercial tests The RG as with TVA alternate commercial tests are acceptable when evaluated.
Susceptibility SS E18.14.01 Revision 3 SS 6.1 Radiated Susceptibility - electric field o 10V/meter, 1kHz, 80% sin wave modulated from 10kHz to 1GHz o Panel doors are required to be open o Alternative tests are allowed - same field strength required SS 6.2 Conducted susceptibility - Low frequency o 30Hz to 50kHz, 6.3Vrms as calibrated through 50ohm load o Typically applied to power input but can be specified on other ports o Alternate tests allowed SS 6.3 Conducted susceptibility - High Frequency o 50kHz to 400MHz, 7Vrms, 1kHz, 80% modulated o Required on all cable bundles including power o Alternate tests allowed
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 4 of 8 SS 6.4 - Surge - High Energy o 3kV, asymmetric waveform o Power and any conductor / shield that connects to external structures o Alternate tests allowed SS 6.5 Impulse & Bursts of Impulses (EFT) - Low Energy o 3kV, asymmetric wave Power o 2kV, asymmetric wave Data/Control o Alternate tests allowed SS 6.6 Electrostatic Discharge o 6kV contact, 8kV air discharge - equivalent to International Electrotechnical Commission (IEC) 61000-4-2 level 3 o For man-machine interfaces such as switches and push buttons on electronic equipment o Alternate tests allowed Susceptibility RG 1.180 Revision 1 Radiated Susceptibility o RS101 magnetic field 30Hz to 100kHz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o RS103 electric field 30MHz to 1GHz 10V/m per standard This is the same as TVA testing o IEC 61000-4 Magnetic Field
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 5 of 8 50Hz and 60Hz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o IEC 61000-4 Magnetic field 50/60Hz to 50kHz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o IEC 61000-4 Magnetic field 100kHz and 1MHz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o IEC 61000-4 electric field 26Mhz to 1GHz 10V/m per standard This is the same level as TVA testing Conducted Susceptibility (CS) o Power Leads CS101 30Hz to 150kHz - 136dBµV to 5kHz then decreasing linearly to 106.5dBµV at 150kHz Over the comparable range, TVA testing is equal to or greater than the RG requirements. the range from 50kHz to 150khz is covered by CS - High injection testing CS114 10kHz to 30MHz - 100dBµA from 10kHz to 200kHz then decreasing to 97dBµA from 200kHz to 30MHz TVA test level is 103dBµA from 10kHz to 400MHz enveloping the RG test.
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 6 of 8 IEC 61000-4 10Vrms into a calibrated 150ohm load TVA test level is 103dBµA from 10kHz to 400MHz enveloping the RG test.
IEC 61000-4-13 TVA CS-low is equivalent to this test IEC 61000-4-16 This test is designed for power harmonics from sources. TVA controls this in the power quality program. Sources such as inverters are required to have a THD <5%. These disturbances are not considered in the EMI program.
o Signal Leads CS114 - 10kHz to 30MHz - 91dBµA TVA testing is at 103dBµA over a wider frequency range CS115 - 2A - impulse This is an alternate test that TVA would accept in lieu of an EFT test The equivalent calibrated voltage level is lower than required by TVA CS116 - 5A - damped sinusoid Damped sinusoidal tests are less intrusive than IEC asymmetric surge wave in both frequency content and energy. Therefore TVA has chosen the IEC surge test. However, on signal and data lines this test is only required on cables that would be subject to this type of surge. Ones that go between structures or go between different ground planes.
IEC 61000-4 EFT TVA requires 2kV on signal and data leads. This is the maximum level required by the RG 1.180 Revision 1 IEC 61000-4 Surge TVA requires 3kV surge on signal and data lines that connect between external structures and differing ground planes. This is greater than required by RG 1.180 Revision 1 IEC 61000-4 conducted radio frequency (RF)
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 7 of 8 This is an alternative test acceptable to TVA TVA requires a higher level test than RG 1.180 Revision 1 IEC 61000-4 damped sinusoid Damped sinusoidal tests are less intrusive than IEC asymmetric surge wave in both frequency content and energy. Therefore TVA has chosen the IEC surge test. However, on signal and data lines this test is only required on cables that would be subject to this type of surge. Ones that go between structures or go between different ground planes.
IEC 61000-4-16 This test is designed for power harmonics from sources. TVA controls this in the power quality program. Sources such as inverters are required to have a THD <5%. These disturbances are not considered in the EMI program.
Institute of Electrical and Electronic Engineers (IEEE'2) C62.41'3-1991, IEEE Recommended Practice for Surge Voltages in Low-Voltage AC Power Circuits The RG discusses various categories for the IEEE surge withstand test. TVA follows the same categories but not the same levels. EPRI TR-102323 Revision 1 defined surge test level of 3kV. This puts the test level between category A and B. This level was approved by the NRC.
Most equipment will fall in the category A 2kV level. TVA required test levels are typically conservative.
Ring Wave Testing TVA does not require ring wave testing. The frequency that a circuit will ring in the plant is determined by the length, resistance, capacitance and inductance due to an impulse generator.
The IEC surge wave would be such an impulse generator. The IEC pulse has more energy and greater frequency content.
TVA has determined that the IEC surge impulse test is more severe than the ring wave test.
Radiated susceptibility testing above 1GHz 2
IEEE is a registered trademark of the Institute of Electrical and Electronics Engineers Incorporated.
3 C62.41 is a registered trademark of the Institute of Electrical and Electronics Engineers Incorporated.
Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 8 of 8 TVA does not presently require testing above 1GHz Intentional transmitters are approved on a case by case basis. This is for all new frequencies not just above 1GHz.
This is a legacy issue. Intentional transmitters are evaluated for impact.
EPRI TR-102323 working group contracted with Wyle labs to show that >1GHz signals are difficult to couple to typical plant equipment. Additionally, the signal loss with distance on cables is high.
TVA will add a requirement for radiated susceptibility testing above 1GHz in the future.
==
Conclusion:==
TVA meets the intent of the RG 1.180 Revision 1. TVA required tests are typically conservative with the required tests of RG 1.180 Revision 1 TVA has a Corporate EMC Program Manager who reviews and approves vendor test reports to assure that proper testing has been performed on the critical equipment.
All electronic equipment is required to meet emissions standards to assure the susceptibility test envelopes are conservative.
TVA Corporate EMC Program Manager evaluates and approves all intentional radiators on a case by case basis.
TVAs EMC program gives assurance that equipment coming into the plant will perform as needed in the EMC environment that it is subject.
Richard Brehm Corporate EMC Program Manager April 21, 2011
TITLE NPG-SPP-12.7 Computer Software Control Rev. 0000 Page 1 of 56 Quality Related ; Yes No NPG Standard Programs and Processes Effective Date 12-17-2010 Responsible Peer Team/Working Group: Engineering Sam Harvey 8/11/10 Approved by:
Corporate Functional Area Manager Date
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 2 of 56 Revision Log Revision or Affected Change Effective Page Number Date Numbers Description of Revision/Change 0 12/17/10 All Minor/editorial revisions:
Due to the conversion of NPG procedures to the new TVA procedure numbering system this procedure replaces SPP-2.6. It also includes the change of "NPG Computer Engineering Group to Computer Engineering and some reformatting due to new procedure format requirements. Added Section
6.0 REFERENCES
to incorporate the external Requirements and References document.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 3 of 56 Table of Contents 1.0 PURPOSE ................................................................................................................................. 6 2.0 SCOPE ...................................................................................................................................... 6 3.0 INSTRUCTIONS ........................................................................................................................ 7 3.1 Roles and Responsibilities ......................................................................................................... 7 3.2 General Requirements ............................................................................................................... 9 3.3 Purchasing or Developing New Application Software or Digital Plant Control Systems/Components .............................................................................................................. 10 3.3.1 Application Software Datasheet (ASD) - Software Categorization ........................... 10 3.3.2 Purchasing Digital Plant Control Systems/Components ........................................... 11 3.3.3 Purchasing Computer Software ................................................................................ 12 3.3.4 Developing New Application Software ...................................................................... 14 3.3.5 Software Documentation .......................................................................................... 15 3.3.6 Software Interfaces ................................................................................................... 15 3.3.7 Data Migration .......................................................................................................... 15 3.3.8 Software Testing ....................................................................................................... 16 3.3.9 Software Verification and Validation Report ............................................................. 16 3.3.10 Software Configuration Control ................................................................................ 16 3.3.11 Installation and Deployment ..................................................................................... 16 3.4 Changes to Computer Software and Software Integral to Plant Digital Systems/Components .............................................................................................................. 17 3.4.1 Changes to Software Integral to Plant Digital Systems/Components ....................... 17 3.4.2 Changes to Computer Software - Software Service Request (SSR) ........................ 18 3.4.3 Initiating A Software Change .................................................................................... 18 3.4.4 Software Change Request Approval ........................................................................ 19 3.4.5 Software Implementation .......................................................................................... 19 3.4.6 Software Testing ....................................................................................................... 19 3.4.7 Software Service Request Closure ........................................................................... 20 3.4.8 Software Control Configuration ................................................................................ 21 3.4.9 Installation and Deployment ..................................................................................... 21 3.4.10 Emergency Software Changes ................................................................................. 21 3.5 Software Validation Testing ..................................................................................................... 22 3.6 Software Operability Testing .................................................................................................... 24 3.7 Software Dedication Process ................................................................................................... 25
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 4 of 56 Table of Contents (continued) 3.8 Software Trouble Reporting ..................................................................................................... 25 3.9 Software Using Electronic Approvals ....................................................................................... 26 3.10 Data Management ................................................................................................................... 26 3.10.1 Data Verification Activities ........................................................................................ 26 3.10.2 Application Software Data Management Requirements ........................................... 27 3.11 Computer Application Software Inventory................................................................................ 27 3.12 Changes to Software Operating Environments........................................................................ 28 3.13 Software Compatibility Testing ................................................................................................ 29 3.14 Retiring Application Software ................................................................................................... 29 3.15 Plant Control System Boundary Protection Devices ................................................................ 29 4.0 RECORDS ............................................................................................................................... 31 4.1 QA Records ............................................................................................................................. 31 4.2 Non-QA Records...................................................................................................................... 32 5.0 DEFINITIONS .......................................................................................................................... 32
6.0 REFERENCES
........................................................................................................................ 35 6.1 Source Documents .................................................................................................................. 35 6.1.1 Business Requirements ............................................................................................ 35 6.1.2 Requirements Documents ........................................................................................ 35 6.2 Developmental References...................................................................................................... 35 Appendix A: Application Software Categories ........................................................................ 36 Appendix B: Software Documentation Summary.................................................................... 37 Appendix C: Guidelines For SQAPs and SVVPs ..................................................................... 39 Appendix D: Guidelines For Software Requirements Specifications (SRS) ......................... 41 Appendix E: Guidelines For Software Design Descriptions (SDD) ....................................... 43 Appendix F: Guidelines For Software Verification And Validation Report (SVVR) ................................................................................................................... 45 Appendix G: Guidelines For User Documentation .................................................................. 47 Appendix H: Cross-Reference Of NPG-SPP-12.7 And Summit Terminology ....................... 48 Appendix I: System Hardening Guidelines ............................................................................ 49 : NPG-SPP-12.7-1 Application Software DataSheet (QA Record) ...................... 52
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 5 of 56 Table of Contents (continued) : NPG-SPP-12.7-2 Software Verification and Validation Deficiency Form ................................................................................................... 53 : NPG-SPP-12.7-3 Computer Software Service Request (SSR) .......................... 54 : NPG-SPP-12.7-4 Vendor Software Error Report Evaluation ............................. 55 Source Notes ........................................................................................................ 56
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 6 of 56 1.0 PURPOSE This document describes the quality controls and processes for the development, procurement, modification, and configuration management of computer software used to support the design, operation, modification, and maintenance of TVAs nuclear power plants consistent with the Nuclear Quality Assurance Plan (NQAP).
These controls and processes provide assurance that the computer software within the scope of this procedure performs its intended functions correctly and that the output of the software is correct and can be used without further verification for its intended purpose.
2.0 SCOPE A. The processes and requirements specified in this SPP apply to all computer application software used in TVA Nuclear Power Group (NPG) with the following exceptions.
- 1. Computer software integral to devices such as phones, phone systems, radios, beepers, and programmable calculators.
- 2. Computer software integral to test equipment, test instruments, and lab equipment whose functions can be validated by conventional test methodologies.
These methodologies include NPGs measuring and test equipment calibration program or periodic checks against known standards. To meet this exception, the test methodologies must be able to validate all of the devices critical characteristics. If the exception criteria cannot be met, the software must comply with the requirements of this SPP.
- 3. NPGs nuclear plant simulators. Simulator software is managed in accordance with applicable ANSI standards.
- 4. System software (computer vendor operating systems and network software) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system and associated programs.
- 5. Computer application software that is not owned by NPG and does not meet the criteria for Category B or C software as specified in Appendix A of this SPP.
- 6. End user software tools, as defined in Section 5.0 of this SPP, TVA core applications provided to all TVA employees, and applications available through TVAs InsideNet unless they meet the criteria for Category B or C software as defined in Appendix A of this SPP.
B. Applications utilized internally by contractors performing quality-assured functions for NPG under their own 10 CFR 50 Appendix B Quality Assurance Program shall meet the intent of the requirements of this SPP. Should the contractor deliver computer application software to TVA, then that software is subject to the applicable requirements of this document.
C. This document provides guidance for evaluating the software Quality Assurance Program of suppliers of computer software and software services for inclusion on the NPG Acceptable Suppliers List (ASL).
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 7 of 56 3.0 INSTRUCTIONS 3.1 Roles and Responsibilities Application Owner The individual with administrative and technical responsibility for defining the functional requirements of the computer software. The application owner represents the interests of all users of the application. The application owner is responsible for ensuring software documentation required by NPG-SPP-12.7 has been prepared and approved, and that all required software testing has been completed and that the test results are documented and acceptable. Specific roles and responsibilities of the application owner include the following:
A. Ensuring that the application software is properly classified and documented on the ASD.
B. Ensuring that the application software functional requirements are documented in an SRS. In doing so the application owner represents the interest of the users of the software.
C. Authorizing changes to the application software. All changes to the application software must be approved by the application owner including installation of new releases to previously installed software.
D. Approving software documentation including the software requirements specification, software verification and validation report, software quality assurance and verification and validation plans, if applicable, validation and operability test results, user documentation, and Software Service Requests (SSRs).
E. Ensuring that software documentation is submitted to NPG DCRM for archival within 60 days of the in-service date of the software.
F. Ensuring that purchased application software within the scope of this procedure meets the requirements of this procedure.
G. In conjunction with the software developer; ensuring that software validation and operability test procedures are prepared, and that the test results are documented.
Reviews and approves test results.
H. Authorizing installation of validated (tested) application software and software changes.
I. Ensuring that a cyber security assessment has been performed if required.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 8 of 56 3.1 Roles and Responsibilities (continued)
NOTE The application owner ensures that the software documentation listed in the Software Documentation Summary for newly developed/purchased application software in Appendix B is prepared, reviewed, and approved for the new software application. These documents may be prepared by the application owner, application developer, application custodian, or others.
However, the application owner must ensure that they have been completed, reviewed, approved, and submitted to Corporate NPG DCRM for archival within 60 days of the in-service (production) date of the software application. Document submittal may be made in hardcopy or as an electronic document and is made using Form NPG-SPP-31.1-2, Document and Record Release Form.
Application Developer The individual, organization, or vendor responsible for development of a computer software application and associated software documentation and application owner authorized changes to this software. Specific roles and responsibilities of the application developer include the following.
A. Developing and/or modifying the application software as specified by the application owner.
B. Preparing and/or revising software documentation as required by this procedure for application owner approval.
C. Performing and documenting validation and operability testing in conjunction with the application owner.
Application Custodian The organization, individual, or vendor who ensures the computer software is installed after validation testing has been completed as authorized by the application owner.
A. Ensures that only the validated version of the application software is available for use in the production environment.
B. Ensures software security measures are implemented to prevent unauthorized changes to software.
NPG Point of Contact Represents NPGs interest in software applications owned by organizations outside NPG, but which are used by NPG in quality-related ways. (Application meets the criteria for Category B or C software.)
A. Ensures NPGs functional requirements are documented in the software documentation.
B. Ensures validation and operability tests are performed and that the results obtained are acceptable. (NPGs functional requirements have been successfully implemented.)
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 9 of 56 3.1 Roles and Responsibilities (continued)
C. Ensures software changes are documented and tested and that the changes do not adversely affect NPGs use of the application software.
3.2 General Requirements A. Classification of Computer Software Computer software is divided into five classifications depending on how the outputs of the application are used. Software classifications are defined in Appendix A of this SPP and may be applied to individual subsystems or subprograms within a particular software application. It is not necessary for all subsystems/subprograms to be classified at the same level. Classifications of component parts of an application must take into account the functions performed by the subsystem/subprogram, their impact on the integrity of the applications outputs, and how the outputs of the software application are used. The classification of computer software is documented on an Application Software Datasheet (ASD), Form 40522 NPG-SPP-12.7-1.
- 1. An Application Software Datasheet (ASD) shall be completed and submitted to Computer Engineering for review and archival in EDMS for all software applications with the exceptions of end-user software tools as defined in Section 5.0 of this SPP. Classification of the software shall be based on the criteria listed in Appendix A of this SPP.
NOTE Questions regarding classification of application software should be directed to Computer Engineering.
- 2. It is the responsibility of the application owner to ensure the computer software is used consistent with its classification. If the manner in which the software is used changes, its classification must be re-evaluated. The ASD must be revised to reflect changes in software classifications.
NOTE If a software application is reclassified, the controls in effect at the time of its reclassification shall be applied.
- 3. ASDs are not required for computer application software that is provided to all TVA employees as a TVA core application or that is available through TVAs InsideNet unless it meets the criteria for Category B or C software as defined in Appendix A of this SPP.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 10 of 56 3.2 General Requirements (continued)
- 4. ASDs should be updated whenever information on the form changes. This is particularly important for changes in software ownership and changes to software versions.
B. Application software placed in service prior to 7-14-1997 (SPP-2.6 Rev. 0) is required to have software documentation which meets the requirements applicable at the time the software was placed in service. As a minimum, documentation describing the correct use of the software must be available and up-to-date. Retrofitting documentation for these applications is not required. However, the application owner shall ensure that available software documentation has been archived as a record in accordance with Section 4.0 of this SPP. The following sections of this SPP apply to this software.
Requirement NPG-SPP-12.7 Reference Changes to Application Software Section 3.4 Software Validation Testing Section3.5 Software Operability Testing Section 3.6 Software Trouble Reporting Section 3.8 Data Management Section 3.10 Computer Software Inventory Section 3.11 Changes to Software Operating Environments Section 3.12 Software Compatibility Testing Section 3.13 Retiring Application Software Section 3.14 C. With the exception of the ASD and any IS required software compatibility testing, Category E software is exempt from all other requirements of this SPP.
3.3 Purchasing or Developing New Application Software or Digital Plant Control Systems/Components This section of the SPP defines the requirements for purchasing or developing new application software or digital plant control systems/components.
3.3.1 Application Software Datasheet (ASD) - Software Categorization A. An application owner for the software application or digital control systems to be purchased or developed must be documented on the ASD, Form NPG-SPP-12.7-1.
Digital plant components are excluded from this requirement.
NOTE The application owner for computer software specifically for a particular site is typically an organization at that site. The application owner for computer software used at all sites should be a corporate organization; it is permissible to have joint ownership of a computer application when the software is used at more than one but not all sites.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 11 of 56 3.3.1 Application Software Datasheet (ASD) - Software Categorization (continued)
B. The application owner assigns a Software Category to the application software or digital plant control system to be purchased or developed using the Table in Appendix A of this SPP and documents the assigned software category along with the rationale on an Application Software Datasheet, Form NPG-SPP-12.7-1. Categorization of the software must be done before proceeding. End user software tools, as defined in Section 5.0, are Category E by definition and do not require an ASD.
NOTE Questions regarding classification of application software should be directed to Computer Engineering.
NOTE Programs/subsystems within an application may be classified individually. If clear distinctions between functions/programs cannot be made or are not practical, then a single classification for the computer application would be appropriate.
C. The Application Owner completes and signs the ASD verifying that the form is complete and the information is correct.
D. The completed ASD is submitted to the Manager, Computer Engineering for review and archival in EDMS. The information is also used by Computer Engineering to update software inventory data.
3.3.2 Purchasing Digital Plant Control Systems/Components A. Plant digital instrumentation and control systems/components shall be specified, purchased, and implemented, tested, and documented in accordance with Electrical Engineering Standard Specification, SS-E18.15.01 Software Requirements for Real Time Data Acquisition and Control Computer Systems. Guidance and useful information on evaluation and acceptance of commercial grade digital equipment in nuclear safety systems may be found in EPRI document TR-106439, Guideline on Evaluation and Acceptance of Commercial-Grade Digital Equipment for Nuclear Safety Applications.
B. System hardening guidelines identified in Appendix I of this SPP must be considered as part of the system implementation.
C. A cyber security assessment is required for purchased plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 12 of 56 NOTE The remainder of Section 3.3 of this SPP does not apply to digital plant instrumentation and control systems/components purchased and implemented in accordance with Standard Specification, SS-E18.15.01. Plant systems defined to be outside the scope of this specification are purchased or developed in accordance with NPG-SPP-12.7 Section 3.3.3 and 3.3.4, respectively.
3.3.3 Purchasing Computer Software A. Category E software may be purchased through the IT Online Store and is not subject to further requirements of this section of the SPP. If the IT Online Store does not support procuring the desired category E software, the remainder of this section of the SPP should be followed.
B. When application software is purchased, it shall be procured to the appropriate quality level as noted in the following table. Category A and B application software must be procured from a vendor on NPGs ASL as a qualified supplier of computer software (QA Level 1) or dedicated in accordance with Section 3.7 of this SPP (QA Level 2).
Software Category Procurement Quality Level A 1 or 2 B 1, 2, Note 1 C Note 2 D 0 E 0 NOTE 1 Category B software that is used exclusively for the design, analysis, testing, or acceptance of quality-related and not safety-related plant structures, systems, and components may be procured QA Level 3.
NOTE 2 Software that falls within the scope of NPG-SPP-09.3 shall be procured at the quality level determined by the NPG-SPP-09.3 process. Software used to implement quality related programs listed in section 5.1 of the Nuclear Quality Assurance Plan shall be procured QA level 3. All other category C software shall be procured non-quality.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 13 of 56 3.3.3 Purchasing Computer Software (continued)
C. The application owner or designee prepares a procurement request that defines the required deliverables and required vendor activities in accordance with SPP-4.1, Procurement of Material, Labor, and Services. The request shall state whether or not the application software will be installed as part of a plant system. For applications that are installed as part of a plant system, procurement shall be reviewed by PEG. All other applications will not require a PEG review.
D. Items to be included in the procurement request are noted below:
- 1. The request shall specify the version and/or versions to be delivered to TVA.
- 2. Software documentation to be provided.
NOTE The software documentation that must be available for the completed application software is identified in Appendix B . Any required software documentation not provided by the software vendor must be prepared by TVA or obtained from another source.
NOTE Documents required by the procurement specification document but considered proprietary by the software supplier must be available to TVA for audit purposes if they are not delivered to TVA.
- 3. Verification reviews to be performed. The contract should specify the software documentation verification reviews to be performed by the supplier or by TVA.
- 4. Validation testing required of the software supplier. This includes written validation test procedures and results which demonstrate that the requirements specified in the SRS have been implemented correctly. If features and functionality have been implemented in the software beyond those specified in the SRS, they shall be addressed in the test procedure to demonstrate that they work correctly and that they do not have an unintended impact on the specified requirements. Validation testing required in Section 3.5 must be completed and the results reviewed and approved by the application owner.
- 5. Contract specifications shall require that changes to the application software be controlled commencing with the software validation test.
- 6. Any onsite installation support.
- 7. Training and training materials to be provided.
- 8. Maintenance support to be provided by the vendor, if any.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 14 of 56 3.3.3 Purchasing Computer Software (continued)
- 9. If TVA does not take delivery of the source code, then consideration should be given to having the software supplier place a copy of the source code in escrow which would be given to TVA in the event the vendor no longer supports the application software.
E. The completed procurement request is processed in accordance with SPP-4.1.
F. A cyber security assessment may be required for the new software application.
Contact Computer Engineering for assistance. Assessments are made based on guidance in NEI-04-04, Cyber Security Program for Power Reactors.
G. Proceed to implement Sections 3.3.5 through 3.3.11 of this SPP.
3.3.4 Developing New Application Software The following defines the requirements for the development of application software. The extent of the implementation of each requirement is based on the applications classification and its importance to safe and reliable plant operations.
A. Software development shall proceed in a traceable manner. The number of steps in the process and their order depends on the nature and complexity of the software. As such, development may be performed in an iterative or sequential manner.
B. Development of new application software begins with the determination of its classification based on its intended end use. The application owner is responsible for classifying the software and documenting the rationale for its classification. Refer to section 3.3.1 of this SPP.
C. The application owner ensures that the software documentation listed in Appendix B, is prepared, reviewed, and approved for the new software application. These documents may be prepared by the application owner, application developer, application custodian, or others.
Appendix B identifies software documentation by generic document names and provides details on document content. Software documentation may be assigned titles as appropriate to the application. In addition, these documents need not exist as discrete packages but may be combined provided the content requirements are addressed.
D. Additional documentation, as necessary, may be prepared for a given application such as operations and maintenance manuals, system managers manuals, and training manuals. This documentation shall be reviewed, approved, and issued in a manner similar to the aforementioned documentation.
E. A cyber security assessment is required for purchased plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 15 of 56 3.3.5 Software Documentation A. The application owner must ensure that all required software documentation has been completed, reviewed, approved, and submitted to Corporate NPG Document Control and Records Management (DCRM) for archival within 60 days of the in-service (production) date of the software application. Document submittal may be made in hardcopy or as an electronic document and is made using Form NPG-SPP-31.1-2, Document and Record Release Form. Software documentation must reflect the as validated and installed version of the software.
B. Those documents designated as quality assurance records (refer to Section 4.1) shall be uniquely identified and noted as QA records before they are submitted to Corporate NPG DCRM.
C. Corporate NPG DCRM archives the software documentation. Typically, no controlled hardcopy distribution of the software manuals is made. However, information only copies may be made available as authorized by the application owner. All hardcopy distribution of software documentation is controlled in accordance with NPG-SPP-31.1.
For the purposes of this SPP, software documentation excludes plant drawings.
D. Software documentation may be submitted directly to Electronic Document Management System (EDMS) by the software developer provided the documentation is submitted consistent with applicable indexing specifications and with prior approval by the Manager, NPG DCRM.
NOTE Appendix H contains an NPG-SPP-12.7 to Summit cross-reference of software documentation terminology. Either terminology is acceptable.
3.3.6 Software Interfaces The application owner shall ensure that the interfaces to other applications are specified, developed, and tested such that the data being used by the application is of the necessary quality. If the data is to be automatically transferred and used without further verification from another application, then the owner is responsible for ensuring that the source applications meet the requirements of this SPP or TVA-SPP-12.5. The owner can establish less automated interfaces that have the appropriate manual checks to ensure the quality of the data being transferred without invoking this SPP. The application owner shall also ensure that configuration control processes are in place to provide notification when changes are made to the source applications and/or interfaces that impact the quality of the transferred data.
3.3.7 Data Migration If implementation of the application software involves data migration from another application, the requirements of Section 3.10 of this SPP must be addressed.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 16 of 56 3.3.8 Software Testing A. When software development activities are complete, software validation testing shall be performed in accordance with Section 3.5.
B. The validation test procedure and test results are documented in a Software Verification and Validation Report (SVVR).
C. The application owner authorizes software installation after reviewing and approving the validation test results.
NOTE If the software is to be installed on a standard NPG desktop/laptop computer, then the functional application profile (FAP) must be updated prior to installation of the software and software compatibility testing must be performed by IS.
D. Software operability testing shall be performed in accordance with Section 3.6 of this SPP after it is installed in its production environment but before it is released for use.
The operability test and test results are documented in a SVVR.
3.3.9 Software Verification and Validation Report A Software Verification and Validation Report (SVVR) is prepared to document validation and operability test procedures and test results. (Refer to Appendix F.) It is permissible to include test procedures and results in the SVVR by reference for large test packages.
3.3.10 Software Configuration Control The TVA application custodian shall store the applications source code and/or executables in a physically secure, environmentally controlled space. The applications source code and/or executables shall be stored in an environment that it is protected from inadvertent changes. Cyber security considerations should be addressed in the storage environment.
Cyber security considerations may include protection against source code contamination by malicious codes (viruses, worm Trojans, etc.), protection against code information exploited for malicious intent (i.e., storage area is not connected to a LAN that has internet connectivity), username and password required to access source code, firewall protection to prevent unwanted access, and Intrusion Detection to monitor access.
3.3.11 Installation and Deployment The process for moving application software from a production to operational environment should include cyber security considerations to ensure it contains no malicious code or software. All applications, binaries, and supporting files transferred from the production to operational environment should include cyber security considerations to ensure they contain no viruses, worms, or other forms of malicious code.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 17 of 56 3.4 Changes to Computer Software and Software Integral to Plant Digital Systems/Components 3.4.1 Changes to Software Integral to Plant Digital Systems/Components A. Software changes purchased or supplied by the equipment vendor shall be implemented, tested, and documented in accordance with Electrical Engineering Standard Specification, SS-E18.15.01 for those systems/components within the scope of that specification.
- 1. System hardening guidelines identified in Appendix I of this SPP must be considered as part of the change to the plant system/component.
- 2. A cyber security assessment is required for changes to plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.
NOTE The remainder of this section of this SPP does not apply to software changes supplied by the equipment vendor and implemented under Standard Specification SS-E18.15.01.
B. Changes to the human-machine interface for plant digital systems/components within the scope of SS-E18.15.01 not supplied by the equipment vendor shall be made using the Software Service Request process described in Section 3.4.2 through 3.4.9 of this SPP. In addition, the following items should be addressed:
- 1. A site impact review shall be performed, documented, and attached to the SSR.
- 2. A 10 CFR 50.59 evaluation shall be performed and attached to or referenced in the SSR.
- 3. A human factors review of the proposed change shall be conducted in accordance with NPG-SPP-09.3. The reviewed should be attached to or referenced in the SSR.
C. Software changes for plant systems outside the scope of SS-E18.15.01 shall be made using the software change process defined in Sections 3.4.2 through 3.4.9 of this SPP.
D. Cyber system hardening guidelines identified in Appendix I of this SPP must be considered as part of the software changes in paragraphs B and C above.
E. A cyber security assessment is required for software changes to plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 18 of 56 3.4.2 Changes to Computer Software - Software Service Request (SSR)
A. Changes to application software are documented and controlled using the Software Service Request (SSR). Changes to application software include
- 1. Those implemented to resolve validation test or operability test deficiencies after the computer software is placed in service,
- 2. Changes made to add new or enhanced functionality,
- 3. Vendor supplied software updates, releases, and patches,
- 4. New versions of software, and
- 5. Changes to database structure and data files (control code tables) which determine the function of the computer application.
This requirement does not apply to information entered into a database.
B. Changes to application software implemented as part of a change to plant structures, systems, or components which result in changes to Engineering issued system design criteria, the FSAR, or plant technical specifications shall be implemented under the engineering design change process. In these cases, the software change controls defined in NPG-SPP-12.7 guide the development and testing of the computer software.
The SSR must be closed prior to the Design Change Notice (DCN) closing and the SSR package must include references to the DCN number.
C. Changes to computer software, control variables, setpoints, and other data constants on digital plant control systems from remote locations are prohibited. Remote locations are defined as any location physically located outside the power plant or not in the same location as the installed control system component.
D. The Software Service Request process applies to Category A, B, C, and D software.
SSRs are not required for Category E software.
3.4.3 Initiating A Software Change A change to application software within the scope of this SPP may be requested by completing Section 1 of the Software Service Request (SSR), Form NPG-SPP-12.7-3, and submitting it to the application owner. An SSR shall be initiated for any of the following:
A. Implementing software changes after the computer software has been placed in service. This includes changes for enhancements, to correct problems, or to resolve outstanding test deficiencies (after the software was placed in service).
B. Installing new releases, new versions, (software updates), patches, or updates of vendor supplied application software.
C. Changes which add or enhance software application functionality.
D. Changes which eliminate software functionality.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 19 of 56 3.4.3 Initiating A Software Change (continued)
E. Changes to database structures, files, or software control variables which determine the functions performed by the software.
3.4.4 Software Change Request Approval The application owner evaluates the request, dispositions the request by completing and signing Section 2 of the SSR form. For applications owned outside of NPG, the application owner forwards a copy of the SSR to the NPG Point of Contact for information. The application owner forwards the approved SSR to the application developer for implementation. Each approved SSR shall be assigned a unique number. Disapproved requests should be returned to the requester along with an explanation for its disapproval.
NOTE The NPG Point of Contact serves as the NPG owner for the software and represents NPGs interest in its functionality and use. See Section 3.1 for Roles and Responsibilities.
3.4.5 Software Implementation A. The application custodian shall implement controls to prevent unauthorized changes to application software. These controls shall include the following:
- 1. Prevention of unauthorized or accidental changes to the production (validated) version of the application software.
- 2. Control of the migration of the software between development/test and production environments.
B. The application developer designs the software change taking into consideration the interfaces with other applications, and modifies the software to implement the approved change.
C. Software changes shall be made to the current, in service version of the software in a nonproduction environment or with the software application in an off-line mode (out of service) unless it is not practical/possible to do so.
D. The application developer evaluates the impact of the software change on the software documentation, updates the software documentation impacted by the change, and notes the results of this evaluation in Section 3 of the SSR. The assessment of software documentation includes the ASD. If the ASD is revised, the form is submitted to the Manager, Computer Engineering for review and archival.
3.4.6 Software Testing A. When software development activities are complete, validation testing of the software change shall be performed in accordance with Section 3.5 of this SPP. The validation test demonstrates that the modified software correctly implements the requested change.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 20 of 56 3.4.6 Software Testing (continued)
B. Following completion of the validation test, Section 4 of the SSR is completed and the validation test and validation test results including any test deficiency reports are attached. It is permissible to reference validation test procedures and results in Section 4 of the SSR rather than attaching them to the SSR.
C. The application owner authorizes software installation only after reviewing and approving the validation test results.
NOTE If the software is to be installed on a standard NPG desktop/laptop computer, then the functional application profile (FAP) must be updated prior to installation of the software and software compatibility testing must be performed by IS.
D. After installation of the software changes is complete, the application custodian notifies the application owner that the software is ready for operability testing. Operability tests of the software changes shall be performed in accordance with Section 3.6 of this SPP.
Operability testing must be complete and results approved by the application owner before the modified software is released for use. A signature on the test documentation denotes approval.
E. The operability test and test results, including any test deficiency reports, are attached to the SSR and Section 5 of this SSR is completed. It is permissible to reference the operability test procedures and results rather than attaching them to the SSR.
3.4.7 Software Service Request Closure A. The application owner completes Section 6 of the SSR indicating if a cyber security assessment was performed. Contact Computer Engineering for assistance.
B. The application owner completes and signs Section 7 of the SSR releasing the software change for use. If any restrictions are placed on its use, the application owner attaches the restrictions to the SSR or provides a reference for the restrictions and notifies the users of those restrictions.
C. The SSR package includes the following: (1) validation test procedure and test results, and (2) operability test procedure and results or at least references to these documents. Since the operability test may be a site post modification test (PMT), it is permissible to simply reference the PMT or any other post installation test that can be taken credit for as an operability test. If the software change is installed on more than one unit at a site, the SSR package must include the operability test and test results for each unit. If the software change is installed at more than one site, the SSR package must include the operability test and results for each installation unless the software is installed on a standard TVA desktop/laptop computer.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 21 of 56 3.4.7 Software Service Request Closure (continued)
NOTE A SVVR may be prepared for the software change to document the results of software testing. If a SVVR is prepared it should be consistent with requirements of Appendix F and may be attached to or referenced in the SSR.
NOTE In general, resubmittal of the entire SVVR including revisions is preferred.
D. The application owner is responsible for ensuring that the completed SSR form with any attachments is submitted to Corporate NPG DCRM for archival using transmittal Form NPG-SPP-31.1-2 within 60 days of the in service date of the software change.
Revised software documentation is not part of the SSR and is submitted separately to Corporate NPG DCRM for archival in EDMS.
E. The application owner notifies Corporate NPG DCRM if copies of user documentation are to be distributed and provides the approved distribution.
3.4.8 Software Control Configuration The TVA application custodian shall store the applications source code and/or executables in a physically secure, environmentally controlled space. The applications source code and/or executables shall be stored in an environment that it is protected from inadvertent changes. Cyber security considerations should be considered in the storage environment.
Cyber security considerations may include protection against source code contamination by malicious codes, (viruses, worm Trojans, etc.), protection against code information exploited for malicious intent (i.e., storage area is not connected to a LAN that has internet connectivity), username and password required to access source code, firewall protection to prevent unwanted access, and Intrusion Detection to monitor access.
3.4.9 Installation and Deployment The process for moving application software from a production to operational environment should include Cyber security considerations to ensure it contains no malicious code or software. All applications, binaries, and supporting files transferred from the production to operational environment should include cyber security considerations to ensure they contain no viruses, worms, or other forms of malicious code.
3.4.10 Emergency Software Changes Emergency software changes may be made to application software provided the change is approved by the application owner and it is tested prior to use in its production environment.
If the change affects plant components or plant operations, notification of the Shift Manager is required before the change is implemented. Within 30 days of installation of the change, a SSR shall be prepared in accordance with the software change control process specified above. In addition, a justification of the emergency change shall be attached to the SSR form.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 22 of 56 3.5 Software Validation Testing The purpose of validation testing is to provide confidence that new or revised applications perform as specified in the SRS or SSR.
A. The application owner ensures that a written validation test procedure that demonstrates that the software requirements specified in an application owner approved software requirements specification (SRS) or Software Service Request (SSR) have been implemented correctly is prepared and executed before the software is installed on the computer on which it will be used. For new Category A software, a traceability matrix shall be prepared that cross references the software functional requirement with the portion/section of the test procedure which tests it. The matrix may be a separate table included in the test report (SVVR), a standalone document which is referenced in the test report, or a cross reference documented in individual steps in the test procedure. To the extent possible, this testing is done off-line or in a non-production environment. If the validation test must be run on the target system, that system shall be declared out of service until the testing is completed. Testing should also consider impact of new software on software already in service and system interfaces.
B. The validation test criteria include the following:
NOTE Not all of the criteria listed below are applicable to every software application.
- 1. Functions and features specified in the SRS or SSR work correctly.
- 2. Software revisions do not adversely affect previously approved and tested functions that were not intended to be within the scope of the change. This criteria may be met by running a test case for the application which demonstrates overall software functionality.
- 3. Values entered into data control tables to trigger a set of programmatic logic or provide for system functionality have been correctly entered and the output of the logic is correct.
- 4. Interfaces with software systems/applications with which the application transfers or shares data function properly.
- 5. Data conversions and migrations are correct. The data sample size included in the test should be commensurate with the magnitude of the data migration. The scope of the test should be commensurate with the complexity of the application.
- 6. Software responses to abnormal/error conditions.
- 7. Software response to system loading and expected number of simultaneous users.
- 8. Software response to other than normally expected sequences of inputs and transactions.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 23 of 56 3.5 Software Validation Testing (continued)
- 9. Software performance at end of period (shift, month, day, year, etc.).
- 10. Interaction of multiple changes or patches installed at the same time.
C. The application owner approves the validation test procedure.
NOTE The application owner and application developer/custodian should consider the latest completed validation/functional test, including any test deficiencies, for lessons learned in developing the current validation test plan. The application developer and/or custodian should assist the owner in the development of an adequate validation test, providing input direction, and help as needed.
NOTE For database applications, the acceptance database will be refreshed with a production copy of the data and all database objects. This refresh will be done prior to operability testing. It should be noted that not all software changes require a refresh of the acceptance environment. The refresh will be done at the discretion of the application owner and application custodian based on the magnitude of the software change and the condition of the acceptance environment.
NOTE Refer to IEEE 7-4.3.2, Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations, for additional guidance regarding Category A software validation activities.
D. The validation test procedure is reviewed to ensure that the validation test addresses the items specified in the SRS or SSR. These reviews shall be performed by an independent reviewer for Category A and B software.
E. Prior to initiating software validation testing, the software to be tested shall be placed under configuration control. Once the validation test begins, the software development phase ends and all subsequent changes to the software shall be controlled, including changes necessary to resolve test deficiencies. Software changes are documented on deficiency reports prior to placing the software in service and by software service requests after the software is in use.
F. Validation tests shall be conducted in a non-production environment whenever practical. This environment may include offline development systems, simulators, or systems isolated from the production (in service) system such that the users of the application cannot use the computer software during the test.
G. Validation test results shall be documented. Test deficiencies identified during the validation test as well as their resolution are documented using Form NPG-SPP-12.7-2 or similar document.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 24 of 56 3.5 Software Validation Testing (continued)
H. Validation test results, including resolution of test deficiencies, shall be reviewed and approved by the application owner. Approval is denoted by signature on the test documentation. Application owner approval indicates the results are valid and acceptable. In addition, for Category A and B software, the validation test results shall be reviewed by an independent reviewer.
I. Validation test procedure/plan and test results become part of the SVVR for new software applications or the SSR for software changes. Test procedures and results may be included by reference.
3.6 Software Operability Testing The purpose of operability testing is to ensure that the application has been installed correctly and operates correctly in the production environment.
NOTE The operability test procedure is run after the software change is installed on the computer system(s) on which it will be used. The purpose for the testing is to verify that the installed software works correctly in its production environment. For business process application software, the operability test should address major transactions that may have been affected by the change. For applications run on PCs, an operability test on a representative production system can be used even if the software is installed at multiple sites.
A. The application owner ensures preparation and execution of an operability test procedure which demonstrates that the software performs correctly in its operating environment. This testing is done after software installation on the target system is complete but before the software is released for use. Commencement of the operability testing should be coordinated between the installer of the software and the application owner and users.
B. The operability test procedure should be sufficiently comprehensive to demonstrate (1) that the software installation was correct and (2) that the software is functioning correctly in its operating environment. The operability test procedure may be a plant post modification test, a rerun of the software validation test, or a subset of the validation test depending on the complexity of the software and its interfaces with other systems and equipment. The operability test does not have to be a complete rerun of the software validation test.
C. Operability test results shall be documented, including test deficiencies and their resolution. Operability test deficiencies are documented along with their resolution using Form NPG-SPP-12.7-2 or similar form.
D. Software changes to resolve test deficiencies made prior to placing the software in service are controlled under the test deficiency report. Each software change to resolve test deficiencies must be tested to demonstrate that it resolves the test deficiency.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 25 of 56 3.6 Software Operability Testing (continued)
E. Once the software is placed in service (made available for use), all software changes, including those to resolve any remaining (outstanding) test deficiencies, must be controlled in accordance with Section 3.4.
F. The application owner reviews and approves the operability test results after the resolution of any test deficiencies identified during the operability test. Approval is denoted by signature on the test documentation.
G. Operability test procedures and test results become part of the SVVR for new software and the SSR for software changes. Test procedures and results may be included by reference in these documents.
3.7 Software Dedication Process Category A or B application software procured QA Level 2 must be dedicated as follows unless the software is part of a plant computer system and is dedicated under the DCN process. The application owner is responsible for ensuring that the software dedication is performed when required.
A. A documented evaluation of the industry operating experience with the software being purchased. The review should focus on the same version of the software as much as practical and the software vendors error reporting process.
B. A documented review of the software vendors software verification and validation procedure, software development and configuration management procedures, and software error reporting and correction practices. This SPP should be used as guidance for conducting the review.
C. Formal documentation which summarizes the basis for accepting the software for use as a Category A or B computer application. This documentation may be a memorandum or report which summarizes the activities performed and the results which provide the application owner confidence that the computer software is ready for use as a Category A or B application.
D. Software dedication documentation is submitted to Corporate NPG DCRM for archival as a QA record.
E. When new versions of the software are released by the software supplier, installation of the new release is controlled by Section 3.4 of this SPP. The software dedication process is not required for these subsequent releases.
3.8 Software Trouble Reporting A. Problems identified with computer application software that is part of an in service plant system should be reported directly to the application owner for evaluation. For computer application software that is not part of a plant system, problems should be reported to the Information Technology Customer Center (ITCC) (Help Desk - 751-4357).
B. The ITSC shall report problems with computer application software that they cannot resolve to the application custodian.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 26 of 56 3.8 Software Trouble Reporting (continued)
C. The application custodian is responsible for ensuring the reported problem is evaluated for impact to the application software as installed and used.
D. If the software does not perform as specified in the SRS or yields incorrect results, the problem shall be documented and resolved in accordance with NPGs Corrective Action Program.
NOTE Software changes necessary to resolve a confirmed problem are controlled in accordance with Section 3.4.
E. Error reports received from software suppliers shall be forwarded to the application custodian for screening. The application custodian shall perform the screening and send the results to the application owner within 28 days of receiving the error report.
The screening evaluation shall be documented on the Vendor Software Error Report Evaluation, Form NPG-SPP-12.7-4 and submitted to NPG DCRM for archival in EDMS.
F. If the vendor reported problem is not screened out in Step 3.8E, the application owner shall assess NPGs specific use of the software to determine if the reported error affects the output of the software as used by NPG. If the error does not affect the output, the error report shall be submitted to DCRM as part of the software documentation for the affected application. If the error affects the output, the error shall be documented and resolved in accordance with NPGs Corrective Action Program.
3.9 Software Using Electronic Approvals Electronic approval is the process where a document or information displayed on a computer display monitor is reviewed, concurred with, and/or approved electronically. This electronic process replaces initials or signature on a hard copy of the document as indication of concurrence or approval. Functional requirements for application software which implement/utilize electronic approvals are contained in NPG Standard Programs and Processes NPG-SPP-31.2, Records Management.
3.10 Data Management 3.10.1 Data Verification Activities In order for the outputs of Category A-C software to be used without further verification, it is essential that the data used by the software in generating its output be verified and properly managed. It is the responsibility of the application owner to ensure that data verification activities are implemented. Data verification, when required, should be implemented using the following guidelines:
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 27 of 56 3.10.1 Data Verification Activities (continued)
A. Electronic data may be verified by being compared to a reference source. If large amounts of data need to be verified, statistical sampling of the data is permissible.
Should reference sources not be available for verifying the data, the application owner is responsible for documenting the basis for using the unverified data in a process where the output of the quality assured application software will be used without further verification.
B. Electronic data may be transferred from another application (electronic source) in which it has already been verified.
C. Electronic data may be verified electronically through a formal review process including independent checking as appropriate. This type of verification is appropriate for use on electronic documents such as procedures or calculations that are being routed electronically for checking, review, and approval.
D. Data values which are entered into data control tables to trigger a set of programmatic logic or provide for system functionality shall be verified and the logical operation tested within the Verification and Validation process to ensure the data value has been correctly entered and the output of the logic is correct.
3.10.2 Application Software Data Management Requirements A. For data that has been verified and is being stored within the computer, the software providing the storage environment must ensure that the integrity of the verified data is not compromised either by outside sources or by the computer software providing the storage environment itself.
B. Computer software providing for the transfer of verified data must not compromise the datas integrity while the verified data is being transferred. If the transfer application is performing data conversion, the application software must identify and resolve data which does not successfully pass through the data conversion.
C. Application software that outputs or distributes data must not compromise the integrity of the data while performing that function.
D. Application software generating new data (for example, results of calculations) from verified input data must generate the results correctly.
E. Data shall be protected from unauthorized modifications.
3.11 Computer Application Software Inventory An inventory of Computer Application Software used in NPG shall be maintained by Computer Engineering. This inventory may be kept in hardcopy form or in an electronic file such as a spreadsheet or database. This inventory contains, as a minimum, the application name, owner, custodian, and software QA classification. Training on the contents and purpose of the inventory is satisfied by training individuals on the requirements of this SPP.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 28 of 56 3.12 Changes to Software Operating Environments NOTE Whenever system software used by a computer program within the scope of this SPP is upgraded to a major new version, the operating environment under which the computer program was qualified and tested has been changed. Examples include, but are not limited to the following A. Upgrading computer operating system software.
B. Installing new releases of database management software such as Oracle, or MS Access, etc., which are used by application software within the scope of this procedure.
C. Installing new releases to end-user software tools used by application software within the scope of this procedure, such as Excel, Access, or MathCAD.
A. When changes to the software operating environment have been made (as defined above), an operability test for computer programs (software application) within the scope of this SPP which are to run in the new operating environment is performed.
The purpose of this operability test is to verify that the computer program (application software) has not been adversely affected by the change. It is not intended to be a complete rerun of previous application software validation tests.
NOTE Refer to Section 3.6 for guidance on operability testing.
B. The application developer or custodian evaluates the proposed change to the operating environment and determines the extent of operability testing required to demonstrate that the application software was not adversely affected by the change to the operating environment.
C. The application owner is responsible for ensuring that an operability test, in accordance with the findings of the previous paragraph, is performed and documented before the system software is placed into production. The operability test and test results are documented and submitted to Corporate NPG DCRM for archival using Form NPG-SPP-31.1-2. The Application Owner is responsible for ensuring that identified deficiencies are resolved.
NOTE The operability test may include (1) rerunning the entire software validation test, (2) running selected test cases or subsets of a previously run validation test, or (3) verifying that the application runs and that data screens/data can be accessed. The extent of the test depends on the nature and scope of the change to the operating environment.
D. In cases where emergency changes to system software must be made, the application owner shall be notified within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> and operability tests conducted and documented within 30 calendar days of the change. The application owner shall identify any required interim control procedures needed until the operability testing is completed and the test results approved.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 29 of 56 3.13 Software Compatibility Testing The purpose of compatibility testing is to provide confidence that new or revised PC-based software does not adversely impact other quality assured software installed on PC desktop computers. It is in addition to software validation and operability testing specified in Sections 3.5 and 3.6. The application owner ensures that appropriate compatibility testing is performed.
A. Software compatibility testing is required for most PC-based software.
Information Services is responsible for making the determination if compatibility testing is required.
B. Information Services determines the appropriate subset of PC-based software applications to be included in the compatibility test and conducts or coordinates the compatibility testing before the new or revised software is installed in its production environment. Information Services works with affected Application Owners and Application Custodians to resolve any identified conflicts.
C. Compatibility testing should be documented to the extent that it identifies when and by whom the test was conducted and the subset of PC-based software included in the test and the test results. Software compatibility testing documentation is the responsibility of Information Services. IS is responsible for submitting this documentation to EDMS.
3.14 Retiring Application Software Software applications that are no longer needed shall be retired as follows:
A. The Application Software Datasheet (ASD) shall be revised to indicate the software application is retired and the effective date of the retirement. The revised ASD is submitted to Computer Engineering for review and archival to NPG DCRM.
B. The Application Custodian shall remove the application from the production environment and store the source code, executable code, and data files in a physically secure, environmentally controlled space. Code and files shall be protected from unauthorized access and inadvertent use in a production environment.
C. Computer Engineering shall notify the IS FAP Administrator to remove the software from FAPs on which it is listed.
3.15 Plant Control System Boundary Protection Devices Boundary Protection Devices are used to monitor and control communications at the external boundary of a network to prevent and detect malicious and other unauthorized communications. This section of the SPP applies to firewalls, routers, switches, and network intrusion detection devices managed by NPG.
A. Guideline for configuring Boundary Protection Devices when initially installed.
- 1. Whenever possible disable, through software or physical disconnection, all unneeded communication ports and removable media drives, or provide engineered barriers.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 30 of 56 3.15 Plant Control System Boundary Protection Devices (continued)
- 2. Examine Boundary Protection Devices for configuration settings such as access control lists, firewall and proxy server settings, inspecting to verify that only authorized network traffic is being allowed through the external boundary interfaces.
- 3. Firewalls
- a. Provide firewalls and firewall rule sets between network zones.
- b. Provide detailed information on all communications (including protocols) required through a firewall, whether inbound or outbound, and identify each network device initiating a communication.
- c. Provide firewall rule sets or other equivalent documentation. The basis of the rule set shall be deny all, with exceptions explicitly identified.
- 4. Network Intrusion Detection Systems (NIDS) provide traffic profiles with expected communication paths, network traffic, and expected utilization boundaries. For signature based NIDSs, provide appropriate signatures.
- 5. When replacing existing Boundary Protection Devices, if possible, verify that configuration of the new device is the same as the one replaced. If not possible, verify that the configuration is equivalent to the one replaced.
B. Documenting and controlling Boundary Protection Device configurations
- 1. An Application Software Datasheet (ASD) is not required for a Plant Control System Boundary Protection Device.
- 2. A Software Service Request (SSR) shall be completed for each Boundary Protection Device when it is initially installed or whenever the configuration of the device is changed. Configuration file(s) shall be obtained from the Plant Control System Boundary Protection Device and attached to the SSR. The configuration file(s) shall be noted in Section 3 of the SSR. No other software documentation is required for Section 3 of the form. For the purposes of completing the SSR, the Boundary Protection Device configuration settings shall be classified Category C on the SSR.
- 3. A validation test is not applicable or required for the Plant Control System Boundary Protection Device and should be so noted in section 4 of the SSR.
- 4. An operability test shall be performed on the device once its configuration is finalized. The operability test and test results shall be attached to SSR or included by reference.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 31 of 56 3.15 Plant Control System Boundary Protection Devices (continued)
NOTE The SSR and all related documentation are deemed business sensitive and shall be protected as such according to the Business Practice 29 guidelines. Forward the completed SSR and all attached documentation to Computer Engineering for archival into the EDMS Sensitive Information Vault.
C. Cyber security assessments A cyber security assessment may be required for Boundary Protection Devices when they are installed or whenever the configuration of the device is changed. Contact Computer Engineering to determine if a cyber security assessment is required. This determination shall be documented in Section 6 of the SSR form. If a cyber security assessment is required, the cyber security assessment shall be performed, completed and submitted to Computer Engineering for review and archival in the EDMS sensitive information vault.
4.0 RECORDS 4.1 QA Records The following documents are considered QA records for software classified as Category A, B, or C software.
A. Software Requirement Specification B. Validation and Operability Test Procedures and Results C. Software Verification and Validation Report D. Software Service Requests (TVA Form NPG-SPP-12.7-3)
E. Software Quality Assurance Plan (SQAPs)
F. Software Verification and Validation Plan (SVVPs)
G. Documentation of reviews prepared as part of the software dedication process in Section 3.7.
H. Application Software Datasheet (NPG-SPP-12.7-1)
I. Software Verification and Validation Deficiency Form ( NPG-SPP-12.7-2)
J. Vendor Software Error Report Evaluation (NPG-SPP-12.7-4)
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 32 of 56 4.2 Non-QA Records A. Software documentation not specifically identified in Section 4.1 of this SPP, including Software Design Descriptions, User Documentation, and Maintenance Manuals.
B. Documentation associated with end-user tools or system software as defined in Section 5.0.
C. Software change requests that are not implemented in the production version of the application software.
D. All Category D and E software documentation.
5.0 DEFINITIONS Application Custodian - The organization or individual who has responsibility for the information technology implementation of a computer software application or software changes.
Application Developer - The individual, organization, or vendor responsible for development of a computer software application and associated software documentation including changes to the software. The application developer develops and tests the computer software.
Application Owner - Individual with administrative and technical responsibility for defining the functional requirements of the computer software. The application owner represents the interests of all users of the application, authorizes changes to the software, and approves software documentation.
Application Software - A logically-related group of computer programs used by the end-user to perform specific and defined functions.
Business Process Application Software - Computer software used to enable critical NPG business processes. Examples include software used to enable the work management, document management, radiation exposure tracking, master equipment list, bill of materials, and equipment clearance control processes.
Commercially Available Software - Software which is procured and used without modification.
Database (Data) - Data collected and managed through a software system (including commercially available software packages); accessed through a computer (including personal computer, minicomputer, or mainframe computer); and used to calculate a result or satisfy a set of information or process requirements.
Data Dictionary - A dictionary that defines the meaning of all the data represented on the data flow. The definitions include NOT only the English definitions, but also describes the detailed sub-data elements that comprise the data that are registered on the data flow.
Emergency Software Change - A change made to application software to prevent compromising plant safety systems or safe plant operations whose delays could result in a degradation of plant or personnel safety or result in a reduction of electrical generation.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 33 of 56 5.0 DEFINITIONS (continued)
End-User Software Tools - Commercially available software designed to support the development and operation of end-user applications. It includes database programs, spreadsheet programs, report generators, CAD/CAM programs, desktop publishing, word processing programs, graphics programs, terminal emulators, communications programs (i.e., Telnet, FTP, etc.), office equipment device drivers (printers, scanners, etc.), Mathcad or similar programs, Project Management, handbooks, and catalogs. These applications are Category E and do not require an Application Software Data Sheet.
FAP Administrators - Information Services employees that update and maintain FAPs.
The FAP Administrator is available at e-mail address FAP - Administrator.
Functional Application Profiles (FAPs) - A FAP is a logical grouping of applications associated with performing a specified business function that is managed by a business peer team. FAPs define the appropriate applications an employee is authorized to use in the performance of their job.
Independent Review - A review of software documentation or test procedures and results by an individual other than those who prepared the document, but who may be from the same organization.
NPG Point of Contact - The designated individual responsible for representing NPGs interest in software applications owned by organizations outside NPG, but which are used by NPG in quality-related ways.
Off-the-Shelf Software - Off-the-shelf software is computer software procured and used without modification of any kind. Same as commercially available software.
Operability Tests - A test of a computer program which demonstrates that the validated computer software including changes to the software, performs properly after it is installed in its operating environment.
Plant Systems - A permanent plant system is one that implements an engineering design requirement and is included on an engineering issued drawing.
Software - Computer programs, procedures, rules and data pertaining to the operation of a computer system independent of the media on which it resides (tape, disk, eprom, prom, etc.).
Software Categories - A categorization of software based upon usage of the software that determines the level of software quality assurance that will be applied to the acquisition, development, enhancement, or maintenance of the software.
Software Dedication - An acceptable process undertaken to provide reasonable assurance that computer software from vendors not on the NPG Acceptable Suppliers List will perform its intended function and in this respect is deemed equivalent to computer software developed under a 10CFR50 Appendix B QA program.
Software Modification - Changes to previously validated computer software (1) to eliminate defects, (2) to enhance existing functions/features, or (3) to implement new functions/features in the application software.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 34 of 56 5.0 DEFINITIONS (continued)
Software Operating Environment - Those elements of the system hardware and system software which are required for or may affect the successful functioning of the application software which operates in that environment.
Software Quality Assurance Plan (SQAP) - A plan for the development and maintenance of computer software necessary to provide adequate confidence that the software conforms to established requirements. This SPP serves as the software quality assurance plan for all application software within the scope of this procedure except for Category A software.
Software Validation - The test and evaluation of the completed software to ensure compliance with software requirements.
Software Verification - The process of determining whether or not the product of a given phase of the software development cycle fulfills the requirements imposed by the previous phase.
Software Verification and Validation Plan (SVVP) - A document describing the verification (review) and validation (test) activities to be performed. This SPP serves as the SVVP for all application software within the scope of this procedure except for Category A software.
Software Verification and Validation Report (SVVR) - A document containing the results of completed verification and validation activities and identifying any constraints or restrictions placed on the use of the computer software.
Software Design Description (SDD) - A document which provides a technical description of how the computer software design satisfies/addresses the functional requirements specified in the software requirements specification.
Software Requirements Specification (SRS) - A document which defines the requirements the software must satisfy.
System Software - Software designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system and associated programs.
System Version - The numerical designation of a particular version of a computer software system. For new software systems it shall be the integer 1. Existing software systems will maintain their current version until they are modified. Major revisions (e.g., incorporation of significant requirements changes or expansions to the software scope) are identified by incrementing the version to the next highest integer.
User Documentation (User Manual) - An organized compilation of information which explains the use of the application software and/or computer software system.
Validation Test - A test of the completed application software performed before the software is installed in its production environment which demonstrates that the specified requirements have been implemented correctly. If additional features/functions have been implemented in the software and will be used, they must be tested to demonstrate that they work correctly and do not have an unintended impact on the specified requirements.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 35 of 56
6.0 REFERENCES
6.1 Source Documents 6.1.1 Business Requirements None 6.1.2 Requirements Documents Nuclear Quality Assurance Plan 6.2 Developmental References ASME NQA2 Part 2.7, Quality Assurance Requirements of Computer Software for Nuclear Facility Applications NUREG/CR-4640, Handbook of Software Quality Assurance Techniques Applicable to the Nuclear Industry
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 36 of 56 Appendix A (Page 1 of 1)
Application Software Categories APPLICATION SOFTWARE CATEGORIES Category Description A Application software which is an integral part of a safety-related plant system or component and is essential to the performance of the safety-related function. These systems have direct, active effect on the operation of Class 1E plant systems.
B Application Software which performs calculations used without further verification for the design and analysis of safety- or quality-related structures, systems, or components or to establish the design basis as described in the final safety analysis report.
Application software used without further verification for the design of reactor core loads.
Software or portions of software which perform calculations used without further verification to verify compliance with plant technical specifications or nuclear regulatory requirements.
Software which performs calculations used without further verification for testing and/or acceptance of safety-related or quality-related plant structures, systems, or components.
C Software and data which are an integral part of a quality-related but not safety-related plant system or component and are essential to the performance of that function.
Software, portions of software, and data essential to the implementation of quality-related programs listed in Section 5.1.B of the Nuclear Quality Assurance Plan, including software used to implement regulatory physical security requirements.
Software and data which implements NQAP requirements but not specifically identified as an augmented quality-related program as defined in Section 5.1.B of the NQAP.
Software, not associated with a specific plant system, which stores, maintains, controls, distributes or manages data which can be used without further verification in activities which affect safety- or quality- related plant structures, systems, and components.
Software, portions of software, and data which are an integral part of a nonsafety-related, non-quality related plant system or component whose failure would significantly impact plant operations.
Software used in the design of nonquality-related, nonsafety-related plant structures, systems, and components.
D Computer software used to enable critical NPG business processes or software not meeting the criteria for Category A-C software. These are considered business process application software.
E Other application software not meeting any of the criteria identified for Category A, B, C, or D software. Category E includes end user software tools.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 37 of 56 Appendix B (Page 1 of 2)
Software Documentation Summary Category NPG-SPP-12.7 Software Documentation A B C D E Approved By: Reference ASD (See note below) X X X X X Application Owner Form NPG-SPP-12.7-1 Software Quality Assurance Plan (SQAP) X O NR NR NR Application Owner Appendix C Software Verification and Validation Plan (SVVP) X O NR NR NR Application Owner Appendix C Software Requirements Specification (SRS) X X X X NR Application Owner Appendix D Software Design Description (SDD) X X O NR NR Application Appendix E Developer Software Verification and Validation Report X X X X NR Application Owner Appendix F (SVVR)
- Traceability Matrix X NR NR NR NR Application Owner Section 3.5
- Validation Test Procedure (Part of SVVR) X X X X NR Application Owner Section 3.5
- Validation Test Results (Part of SVVR) X X X X NR Application Owner Section 3.5
- Operability Test Procedure (Part of SVVR) X X X X NR Application Owner Section 3.6
- Operability Test Results (Part of SVVR) X X X X NR Application Owner Section 3.6 Software Dedication Documentation X X NR NR NR Application Owner Section 3.7 User Documentation X X X X O Application Owner Appendix G Software Service Requests (SSR) X X X X NR Application Owner Section 3.4 X = Required O = Optional (Discretionary) NR=Not Required NOTE All software applications used in NPG are required to have an Application Software Datasheet (ASD) with the exception of end user software tools as defined in Section 5.0 of this SPP and TVA core applications provided to all TVA employees.
NOTE For applications requiring a software design description (SDD), the SDD may be combined with the SRS into a single document which meets the requirements of both.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 38 of 56 Appendix B (Page 2 of 2)
Software Documentation Summary NOTE A SQAP and SVVP is required for Category A software. Appendix C of this SPP provides guidance for contents of these documents. For Category B software, this SPP may serve as the SQAP and SVVP, since it defines the standard processes for managing the development and configuration control of computer software. If requirements unique to a computer application are not adequately addressed by this SPP, a SQAP and SVVP may be developed to address these requirements and/or provide supplemental guidance. However, these documents may not supersede the requirements set forth in this SPP.
NOTE Software Dedication Documentation is only required for Category A or B software purchased from a vendor not on the Nuclear Assurance maintained NPG Acceptable Suppliers List for software products.
NOTE If the user documentation is incorporated in the software application as an online help feature, it is controlled as part of the application and is excluded from the user documentation requirements above.
NOTE For applications that were placed in service prior 7-14/1997 (SPP-2.6 Rev. 0), the backfit of documentation (i.e., SRS, SDD, Initial SVVP) to what is specified in this appendix is not required.
The backfit of documentation is also not required for applications that are category E applications as established on 3/31/2003 (SPP-2.6 Rev.8) and were in use on 3/31/2003. However, all changes to the software implemented after 7-14/1997 (SPP-2.6 Rev. 0) must be tested and documented in accordance with the procedure revision in effect at the time the software change is made.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 39 of 56 Appendix C (Page 1 of 2)
Guidelines For SQAPs and SVVPs 1.0 GUIDELINES FOR SQAPS A software quality assurance plan is required for Category A software. The SQAP should address the following:
A. The software to which the SQAP applies.
B. Roles and responsibilities of those individuals/organizations performing tasks within the scope of the SQAP.
C. Required documentation.
D. Software verification and validation activities for the development and/or maintenance of the software.
E. Software configuration management and change control.
F. Code and Media Control.
G. Problem and error reporting.
H. Supplier Control.
I. Records Collection, Maintenance, and Retention 2.0 GUIDELINES FOR SVVPS A Software Verification and Validation Plan (SVVP) is required for Category A software. The SVVP should address the following:
A. Software to which the SVVP applies.
B. Roles and responsibilities of those individuals/organizations performing tasks within the scope of the SVVP.
C. A description of the tasks for accomplishing the verification activities for application software development and/or maintenance/modification.
- 1. A system requirements review to determine if the requirements are correct, complete, consistent and testable.
- 2. A design review to demonstrate that the stated system requirements are satisfied in the system design.
- 3. A review of the overall structure of the computer code to verify that the design has been implemented.
- 4. Verification that the system users manual reflects the proper use of the software and that specified functions are addressed.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 40 of 56 Appendix C (Page 2 of 2)
Guidelines For SQAPs and SVVPs 2.0 GUIDELINES FOR SVVPS (continued)
- 5. Verification that validation test procedures test system requirements. This includes a traceability matrix for Category A software.
D. A description of software validation activities which demonstrate that the completed software performs its intended functions correctly and has been properly integrated with system hardware.
E. Method for documenting and resolving discrepancies identified during verification and validation activities.
F. Method for documenting the results of the verification and validation activities.
NOTE IEEE STD 7-4.3.2 may provide guidance for specifying verification and validation requirements for Category A software to ensure appropriate integration of computer system hardware and software.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 41 of 56 Appendix D (Page 1 of 2)
Guidelines For Software Requirements Specifications (SRS) 1.0 REQUIREMENT SPECIFICATIONS A. The application owner ensures the Software Requirements Specification (SRS) is prepared to document the functions and requirements the computer software must satisfy. Requirements should be specified so that their achievement can be verified and validated. The SRS is required for Category A through D software. The following provides guidance for preparation of the SRS.
- 1. Title Page The SRS should be identified by a title page that contains the following as a minimum:
- a. The words Software Requirements Specification.
- b. The SRS revision number.
- c. The software name, acronym and release version (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).
- d. The computing system identification, if applicable.
- e. The name and dated signature of the preparer(s) (authors).
- f. The name and dated signature of the SRS reviewer(s).
- g. The name and dated signature of the application owner.
- 2. Revision Log
- 3. Functions to be Performed by the Software
- 4. Calculations, algorithms, or logical operations (if any)
- 5. Software performance acceptance criteria (for example, response time)
- 6. Responses to valid and invalid inputs
- 7. Responses to abnormal situations
- 8. Data input/output requirements
- 9. Interfaces/communications with other systems or databases at the application software level
- 10. User interface
- 11. Security/access restraints or controls
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 42 of 56 Appendix D (Page 2 of 2)
Guidelines For Software Requirements Specifications (SRS) 1.0 REQUIREMENT SPECIFICATIONS (continued)
- 12. Regulatory requirements, if any, the software is intended to satisfy (implement)
- 13. Design constraints/restrictions which must be considered NOTE It is recommended that the SRS be developed with input/assistance from the application developer or custodian.
NOTE For Category A software, IEEE STD 7-4.3.2 provides additional guidance for developing and specifying system requirements.
B. The SRS is reviewed for (1) completeness, (2) verifiability, (3) technical feasibility, and (4) consistency by a technically competent individual other than the one that prepared the document. The individual, however, may be from the same organization.
NOTE A new application software implemented as part of a change to plant structures, systems, or components or which result in changes to Engineering issued system design criteria, the FSAR, or plant technical specifications is implemented under the engineering design change process. In these cases, Section 3.3 of NPG-SPP-12.7 guides the development and testing of the computer software.
C. Approval of the SRS is not a prerequisite for software development activities to proceed. However, it must be recognized that software design and coding activities started before final approval of the SRS could be significantly impacted by changes to the SRS during the review and approval process.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 43 of 56 Appendix E (Page 1 of 2)
Guidelines For Software Design Descriptions (SDD) 1.0 SOFTWARE DESIGN DESCRIPTION (SDD)
A. A software design description (SDD) is prepared to provide a technical description of how the software and/or data base design satisfies the requirements in the SRS.
Typically the SDD is prepared by the application developer. The SDD is required for Category A and B software.
Differences between the SDD, SRS and actual available (or practically achievable) software should be resolved by referring to the SRS and revising, if necessary, the SRS. Ultimately the SDD, SRS, and software must agree.
The following provides guidance for the preparation of the SDD. Typical topics to be addressed in the SDD are noted below. The scope of the SDD is determined by the scope and complexity of the software requirements:
- 1. Title Page The SDD will be identified by a title page that contains:
- a. The words Software Design Description.
- b. The SDD revision number.
- c. The software name, acronym and/or release version (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).
- d. The SDD author(s) name and dated signature.
- e. The name and dated signature of the reviewer(s).
- f. The name and dated signature of the application developer.
- 2. Revision Log
- 3. Overall structure of software including major components
- 4. Technical description of models, algorithms, calculations, and logical operations
- 5. Description of data and file structure
- 6. Description of global control structure
- 7. Description of control and data flow
- 8. Description of software modules describing their inputs and outputs
- 9. Design constraints limitations
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 44 of 56 Appendix E (Page 2 of 2)
Guidelines For Software Design Descriptions (SDD) 1.0 SOFTWARE DESIGN DESCRIPTION (SDD) (continued)
- 10. Design assumptions
- 11. Description of security provisions NOTE For Category A software IEEE STD 7-4.3.2 may provide additional guidance for preparation of software design documentation.
B. The SDD is reviewed for (1) technical adequacy, (2) completeness, (3) consistency, and (4) verification that all requirements in the SRS are addressed in the software design. The reviews may include logic, screen designs, data field lists, etc., for which specific application requirements exist. The review is performed by an individual other than the one that prepared the document. The individual, however, may be from the same organization.
C. The finalized SDD, including changes made to resolve reviewer comments, is approved by the application developer.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 45 of 56 Appendix F (Page 1 of 2)
Guidelines For Software Verification And Validation Report (SVVR) 1.0 GUIDELINES FOR SOFTWARE VERIFICATION AND VALIDATION REPORT (SVVR)
A. The application owner ensures that the results of validation and operability testing are documented in a SVVR.
The SVVR has the following characteristics:
- 1. Reports the results of the verification and validation activities required by NPG-SPP-12.7.
- 2. Includes objective data and test results, wherever possible.
- 3. Documents test results that demonstrate the software performs as anticipated over the entire range of predicted use including indication as to whether the product passed or failed specified test criteria.
B. A typical SVVR should include the following:
- 1. Title page
- a. The word Software Verification and Validation Report.
- b. The SVVR revision number.
- c. The software name, acronym and version number (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).
- d. The authors name and dated signature.
- e. The reviewer(s) name and dated signature.
- f. The application owners name and dated signature.
- 2. Validation test procedure and test results.
- 3. Validation test deficiency reports.
- 4. Operability test procedure(s) and results.
- 5. Operability test deficiency reports.
- 6. Statement certifying (declaring) the software is ready for use along with identification of any restrictions placed on the use of the software.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 46 of 56 Appendix F (Page 2 of 2)
Guidelines For Software Verification And Validation Report (SVVR) 1.0 GUIDELINES FOR SOFTWARE VERIFICATION AND VALIDATION REPORT (SVVR) (continued)
NOTE Reference to test procedures which can be retrieved through Records Management or Design Change Packages is an acceptable alternative to attaching test procedure packages to the SVVR.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 47 of 56 Appendix G (Page 1 of 1)
Guidelines For User Documentation NOTE The user documentation may be an online help feature of the application, an electronic desktop procedure, an approved hardcopy procedure, or a hardcopy manual.
1.0 GUIDELINES FOR USER DOCUMENTATION A. The application owner ensures that user documentation is prepared. The following provides guidance for its preparation. User documentation may be prepared by the application developer, application custodian, or application owner.
Suggested topics to address in the user documentation are noted below. However, the extent of the documentation should be determined by the application owner.
- 1. Title page
- a. The words Users Documentation or similar designation.
- b. Revision number of document.
- c. The software name, acronym and version number (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).
- d. The authors name and dated signature.
- e. The dated signature of the reviewer(s).
- f. The application owners name and dated signature.
- 2. Revision Log
- 3. A system overview including purpose and applicability.
- 4. Description of the purpose and instructions for use of each software function.
- 5. Restrictions or limitations on use.
- 6. Description of the user interface with the software including input data requirements with acceptable ranges, interpretation of data outputs, and required responses to system error messages or prompts.
- 7. Samples of outputs, forms, reports, or displays.
- 8. Information for obtaining user and maintenance support.
- 9. Organization to which problems with the software should be reported.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 48 of 56 Appendix H (Page 1 of 1)
Cross-Reference Of NPG-SPP-12.7 And Summit Terminology The following table provides a cross-reference of software documentation terminology between NPG-SPP-12.7 and the summit methodology used by Information Services. Either terminology may be used provided the requirements of NPG-SPP-12.7 are satisfied.
NPG-SPP-12.7 SUMMIT METHODOLOGY Software Service Request Service Request Software Requirements Specification System Prospectus Software Design Description Technical System Design Validation Test Acceptance Test Operability Test System Test
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 49 of 56 Appendix I (Page 1 of 3)
System Hardening Guidelines The following cyber security principles should be considered when purchasing, developing, or modifying digital plant control systems/components and their associated network, if any (software, systems, networks). Note that all items are not applicable to every system, component or device.
1.0 REMOVAL OF UNNECESSARY SERVICES AND PROGRAMS A. All software artifacts should be removed or disabled that are not required for the operation and maintenance of the Control System. The services and software to be removed or disabled should include, but not be limited to:
- 1. Games
- 2. Device drivers for network devices not delivered
- 3. Messaging services
- 4. Servers or clients for unused Internet services
- 5. Software compilers in all user workstations and servers except for development workstations and servers
- 6. Software compilers for languages that are not used in the Control System
- 7. Unused networking and communications protocols
- 8. Unused administrative utilities, diagnostics, network management, and system management functions
- 9. Backups of files, databases, and programs used only during system development
- 10. All unused data and configuration files
- 11. Sample programs and scripts
- 12. Unused document processing utilities, for example, Microsoft Word, Excel, PowerPoint, Adobe Acrobat, OpenOffice, etc.
2.0 CHANGES TO FILE SYSTEMS AND OPERATING SYSTEM PERMISSIONS The system shall be configured with hosts having the least privileged file and account access necessary to perform the functions of the system.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 50 of 56 Appendix I (Page 2 of 3)
System Hardening Guidelines 3.0 HARDWARE CONFIGURATION A. Whenever possible, all unneeded communication ports and removable media drives shall be disabled through software or physical disconnection or be protected by other engineered barriers.
B. If technically feasible, the system BIOS shall be password protected from unauthorized changes.
C. Where possible, network devices shall be configured to limit access to/from specific locations.
D. The system shall be configured to allow the system administrators the ability to re-enable devices if they are disabled by software.
4.0 PERIMETER PROTECTION A. Firewalls and firewall rule sets between network zones shall be implemented.
B. Network Intrusion Detection Systems shall be implemented within the control network.
5.0 ACCOUNT AND SESSION MANAGEMENT A. All default and guest accounts shall be removed prior to placing the system in service.
Vendor owned accounts shall be removed or disabled unless required by the contract.
B. The system should not transmit user credentials in clear text.
C. The system shall not allow applications to retain login information between sessions, nor provide any auto-fill functionality during login, nor allow anonymous logins. User account based logout and timeout settings should be used to the extent practical.
6.0 PASSWORD/AUTHENTICATION POLICY AND MANAGEMENT To the extent practical the system should have a configurable account password management system that allows for selection of password length, frequency of change, setting of required password complexity, number of login attempts, inactive session logout, screen lock by application, and denial of repeated or recycled use of the same password.
7.0 ACCOUNT AUDIT AND LOGGING The system should have an account activity log that is auditable both from a management (policy) and operational (account use activity) perspective. The audit trails and logging files must be time stamped and access controlled.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 51 of 56 Appendix I (Page 3 of 3)
System Hardening Guidelines 8.0 ROLE-BASED ACCESS CONTROL FOR CONTROL SYSTEM APPLICATIONS The system shall provide for user accounts with configurable access and permissions associated with the defined user role.
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 52 of 56 Attachment 1 (Page 1 of 1)
NPG-SPP-12.7-1 Application Software DataSheet (QA Record)
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 53 of 56 Attachment 2 (Page 1 of 1)
NPG-SPP-12.7-2 Software Verification and Validation Deficiency Form
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 54 of 56 Attachment 3 (Page 1 of 1)
NPG-SPP-12.7-3 Computer Software Service Request (SSR)
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 55 of 56 Attachment 4 (Page 1 of 1)
NPG-SPP-12.7-4 Vendor Software Error Report Evaluation
NPG Standard Computer Software Control NPG-SPP-12.7 Programs and Rev. 0000 Processes Page 56 of 56 Source Notes (Page 1 of 1)
Implementing Requirements Statement Source Document Statement Section 13.2 A Nuclear Quality Assurance Program Section 3.3 Section 13.2 B Nuclear Quality Assurance Program Section 3.4 Section 13.2 C Nuclear Quality Assurance Program Section 3.3.5 Section 13.2 D Nuclear Quality Assurance Program Section 3.3.5 Section 13.2 E Nuclear Quality Assurance Program Appendix G Section 13.2 F Nuclear Quality Assurance Program Section 3.11 Section 13.2 G Nuclear Quality Assurance Program Section 3.5 Section 13.2 H Nuclear Quality Assurance Program Section 3.10 Section 13.2 I Nuclear Quality Assurance Program Section 3.2 B
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N B (
1.
001 All All A The Watts Bar Nuclear Plant FSAR red-line for Unit 2 (Agency 12/15/2009 Presentation Slides Y Closed Closed EICB RAI 3/12/2010 NNC 11/19/09: The FSAR contains B (
2.
002 All All A Are there I&C components and systems that have changed to a 12/15/2009 Presentation Slides Y Closed Closed EICB RAI 3/12/2010 NNC 11/19/09: The FSAR contains B (
3.
003 All All A Because a digital I&C platform can be configured and programmed 12/15/2009 Presentation Slides Y Closed Closed EICB RAI 3/12/2010 NNC 11/19/09: The FSAR contains
( ( ( ( B 004 All All Please identify the information that will be submitted for each Responder: Webb 1/13/10 Public Meeting 4. Y Closed Closed EICB RAI January 13, 2010 NNC 11/19/09: LIC-110 Rev. 1 Section 005 7.1.3. By letter date February 28, 2008 (Agencywide Documents Access Responder: Craig/Webb 5. Y Closed Closed EICB RAI TVA Letter dated 006 Amendment 95 of the FSAR, Chapter 7.3, shows that change 7.3-1 By letter dated February 5, 2010: TVA provided the Unit 2 6. Y Closed Closed EICB RAI TVA Letter dated NNC: WCAP-12096 Rev. 7 D D D D 007 7.1.3. The setpoint methodology has been reviewed and approved by the TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 7 7. Y Closed Closed EICB RAI TVA Letter dated TVA to provide Rev. 8 of the Unit 1
( ( ( ( (
008 7.3 There are several staff positions that provide guidance on setpoint TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 8 8. Y Closed Closed EICB RAI TVA Letter dated a a a a (
009 7.3.2 5.6, Change 7.3-2, identified in Watts Bar Nuclear Plant FSAR red-line TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 9 9. Y Closed Closed EICB RAI 3/12/10, G G G G G 010 7.3 7.3 The original SER on Watts Bar (NUREG-0847) documents that the TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 10 10. Y Closed Closed EICB RAI 3/12/10, 011 7.3.2 5.6, NUREG-0847 Supplement No. 2 Section 7.3.2 includes an TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 11 11. Closed Closed EICB RAI ML101680598, A
Y 012 7.4 7.4 The original SER on Watts Bar (NUREG-0847) documents that the TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 12 12. Y Closed Closed EICB RAI TVA Letter dated 013 7.1.3. Chapter 7 and Chapter 16 of Amendment 95 to the FSAR do not TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 13 13. Y Closed Closed EICB RAI TVA Letter dated TS have been docketed.
( ( B 014 All All Provide the justification for any hardware and software changes Date: 4/27/10 14. Y Closed Closed NRC Meeting TVA Letter dated 015 Verify that the refurbishment of the power range nuclear Date: 4/27/10 15. Y Closed Closed NRC Meeting TVA Letter dated 016 Identify the precedents in license amendment requests (LARs), if Date: 4/27/10 16. Y Closed Closed NRC Meeting TVA Letter dated
( D D (
017 7.3.1 7.3.1, Identify precedents in LARs, if any, for the solid state protection Date: 4/27/10 17. Y Closed Closed NRC Meeting TVA Letter dated
( ( ( ( ( (
018 Identify any changes made to any instrumentation and control Date: 4/27/10 18. Y Closed Closed NRC Meeting TVA Letter dated 019 Verify that the containment purge isolation radiation monitor is the Date: 4/27/10 19. Y Closed Closed NRC Meeting TVA Letter dated C a a C (
020 Provide environmental qualification information pursuant to Section Date: 4/27/10 20. Y Closed Closed NRC Meeting TVA Letter dated NNC 4/30/10: SRP Section 7.0 states:
G G G G G G 021 7.3 For the Foxboro Spec 200 platform, identify any changes in Date: 5/25/10 21. Y Closed Closed NRC Meeting TVA Letter dated The resolution of this item will be A
022 7.3.2 5.6, Verify the auxiliary feedwater control refurbishment results in a like- Date: 4/27/10 22. Y Closed Closed NRC Meeting TVA Letter dated 023 Provide environmental qualification (10 CFR 50.49) information for Date: 4/27/10 23. Y Closed Closed NRC Meeting TVA Letter dated NNC 4/30/10: SRP Section 7.0 states:
024 Provide a schedule by the January 13, 2010, meeting for providing During the January 13, 2010 meeting, TVA presented a 24. Y Closed Closed NRC Meeting N/A - Request for NNC 4/30/10: Carte to address
( ( ( ( ( (
025 7.5.2 7.5.1 For the containment radiation high radiation monitor, verify that the Date: 4/27/10 25. Y Closed Closed NRC Meeting ML101230248, 026 Provide environmental qualification (10 CFR 50.49) information for Date: 4/27/10 26. Y Closed Closed NRC Meeting TVA Letter dated NNC 4/30/10: SRP Section 7.0 states:
( ( ( (
027 7.7.1. For Foxboro I/A provide information regarding safety/non-safety- Date: 4/27/10 27. Y Closed Closed NRC Meeting TVA Letter dated 028 For the turbine control AEH system, verify that the refurbishment Responder: Mark Scansen 28. Y Closed Closed NRC Meeting TVA Letter dated C C C C C S 029 For the rod control system, verify that the refurbishment results in a Date: 4/27/10 29. Y Closed Closed NRC Meeting TVA Letter dated G G G G 030 Regarding the refurbishment of I&C equipment, identify any Responder: Clark 30. Y Closed Closed NRC Meeting TVA Letter dated 031 For the rod position indication system (CERPI), provide information Date: 4/27/10 31. Y Closed Closed NRC Meeting TVA Letter dated CERPI is non-safety related.
i 032 For the process computer, need to consider cyber security issues Date: 4/27/10 32. Y Closed Closed NRC Meeting TVA Letter dated EICB will no longer consider cyber 033 For the loose parts monitoring system, provide information Date: 4/27/10 33. Y Closed Closed NRC Meeting TVA Letter dated The loose parts monitoring system is 034 2/4/2010 Responder: TVA 34. Y Closed Closed N/A TVA Letter dated 034. ( Chapter 7.1 - Introduction 35. Y Closed Closed N/A N/A
( a 034. D Chapter 7.2 - Reactor Trip System 36. Y Closed Closed N/A N/A M ( r 034. 7.3 7.3 a Chapter 7.3 - ESFAS 37. Y Closed Closed N/A N/A a G g 034. 7.5.1. 7.5.2 Chapter 7.5 - Instrumentation Systems Important to Safety 38. Y Closed Closed N/A N/A Closed 034. 7.5.1. 7.5.2 Chapter 7.6 - All Other Systems Required for Safety 39. Y Closed Closed N/A N/A Closed r
c u
034. Chapter 7.7 Control Systems 40. Y Closed Closed N/A N/A n
g h
/
035 ( 2/18/2010 Responder: Clark 41. Y Closed Closed RAI No. 1 TVA Letter dated LIC-110 Section 6.2.2 states: Design
( (
M 036 7.5.2 7.5.1 C S February 18, 2010 Date: 5/25/10 42. Y Closed Closed NRC Meeting NNC: Unit 2 FSAR Section 7.5.1, Post a
i 037 7.5.1. 7.5.2 2/18/2010 Responder: Clark Date: 5/25/10 43. Y Closed Closed N/A TVA Letter dated FSAR Amendment 100 provides
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 038 7.5.1. 7.5.2 ( 2/18/2010 Responder: Clark Date: 5/25/10 44. Y Closed Closed EICB RAI TVA Letter dated The slides presented at the December 039 ( ( M January 13, 2010 Responder: Clark Date: 5/25/10 45. Y Closed Closed EICB RAI FSAR amendment The equation for the calculation of the G G a 040 January 13, 2010 Responder: Clark Date: 5/25/10 46. Y Closed Closed EICB RAI EICB RAI FSAR amendment The equation for the calculation of the 041 7.5.2 7.5.1 2/19/2010 Responder: WEC 1. N Open Open-NRC Review NRC Meeting TVA Letter dated See also Open Item Nos. 226 & 270.
EICB (Carte)
Summary NRC 6/18/10 Please provide the following Westinghouse documents: Items (1) and (2) were docketed by TVA letter dated April 8, Pending Submittal of the Test Due 3/29/11 Meeting Summary (1) WNA-DS-01617-WBT Rev. 1, "PAMS System Requirements 2010. Summary Report due 3/29/11 ML093560019, Item TVA Letter dated Specification" NNC 1/27/11: Issues No. 11 10/5/10 (2) WNA-DS-01667-WBT Rev. 0, "PAMS System Design Item (3) will be addressed by Revision 2 of the Licensing Final Response included in with the STP were Specification" Technical Report. Due 12/3/10 letter dated 12/3/10 discussed in the weekly (3) WNA-CD-00018-GEN Rev. 3, "CGD for QNX version 4.5g" public meetings.
Please provide the following Westinghouse documents or pointers Item (4) will be addressed by Westinghouse developing a Partial Response is included in Westinghouse to:
to where the material was reviewed and approved in the CQ TR or WBN2 Specific Test Plan to compensate for the fact that the letter dated 10/5/10. (1) perfrom STP self SPM: NRC disapproved WNA-PT-00058-GEN during the original The SysRS and SRS assessment., and (4) WNA-PT-00058-GEN Rev. 0, "Testing Process for Common Q Common Q review. Due 12/7/10 incorporate requirements from (2) Augment Test Safety systems" many other documents by Summary report to (5) WNA-TP-00357-GEN Rev. 4, "Element Software Test Item (5) Procedures that are listed in the SPM compliance reference. provide missing test Procedure" table in the Licensing Technical Report revision 1 supersede plan information that test procedure WNA-TP-00357-GEN.Due 10/22/10 NNC 8/25/10: (3) An earlier version of this report was NNC 2/3/11: At next For Item 3, Attachment 19 contains the Westinghouse docketed for the Common Q audit compare &
document Post-Accident Monitoring System (PAMS) topical report; therefore, there discuss:
Licensing Technical Report, WNA-LI-00058-WBT, Revision should be no problem to docket (1) WNA-PT-00058-2, dated December 2010. Attachment 20 contains the this version. (4) Per GEN Rev. 0 Westinghouse Application for Withholding for the Post- ML091560352, the testing (2) WNA-PT-00138-Accident Monitoring System (PAMS) Licensing Technical process document does not WBT Rev. 0 Report, WNA-LI-00058-WBT, Revision 2, dated December address the test plan (3) AP1000 STP 2010. requirements of the SPM.
Please provide a test plan that For Item 4, Attachment 9 contains the Westinghouse implements the requirements of document Nuclear Automation Watts Bar 2 NSSS the SPM.
Completion Program I&C Projects, Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0, dated November 2010. Attachment 10 contains the Westinghouse Application for Withholding for the WNA-PT-00138-WBT, Revision 0 Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0, dated November 17, 2010.
TVA Response to Follow-up NRC Request:
(1) WEC presented the results of the self assessment to the NRC on February 2, 2011.
(2) By agreement between TVA, WEC and the NRC, the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0 will not be revised. Instead a non-proprietary Common Q PAMS Test Summary Report will be developed and submitted to address the issues with the STP. Attachment 1 contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.
B (
- 47. Y 042 All All A February 25, 2010: Telecom Date: 5/25/10 Closed Closed EICB RAI TVA Letter dated The drawing provided did not have the 043 7.5.2 7.5.1 CB (C 2/19/2010 Responder: WEC 2. N Open Open-NRC Review EICB RAI TVA Letter dated NNC 8/25/10: A CQ PAMS ISG6 art Date: 5/25/10 ML102910002 2/5/10 compliance matrix was docketed on: (1)
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N The PAMS ISG6 compliance matrix supplied as Enclosure 1 to Pending Submittal of Revision 3 Due 3/29/11 Item No. 2 February, 5 12010, (2) March 12, 2010, TVA letter dated February 5, 2010 is a first draft of the information The PAMS ISG6 compliance matrix supplied as Enclosure 1 of the Licensing Technical TVA Letter dated & (3) June 18, 2010. The staff has needed. The shortcomings of the first three lines in the matrix are: to TVA letter dated February 5, 2010 is a first draft of the Report due 3/29/11. NNC 2/2/11: Issues 5/12/10 expressed issued with all of these information needed. with Common Q TR & compliance evaluations. The staff is still Line 1: Section 11 of the Common Q topical report did include a Revised response included in SPM compliance were TVA Letter dated waiting for a good compliance commercial grade dedication program, but this program was not By letter dated April 8, 2010 TVA provided the PAMS letter dated 12/22/10. discussed in the weekly 6/18/10 evaluation.
approved in the associated SE. Westinghouse stated that this was Licensing Technical Report provided additional information. public meetings.
the program and it could now be reviewed. The NRC stated that Response is included in letter Westinghouse to TVA Letter dated NNC 11/23/10: WNA-LI-00058-WT-P TVA should identified what they believe was previously reviewed Attachment 3 contains the revised Common Q PAMS ISG-6 dated 10/5/10. perform Common Q TR 10/5/10 Rev. 1 Section 7 does not include the and approved. Compliance Matrix, dated June 11, 2010, that addresses & SPM compliance self RSED documents, and it should. Table these items (Reference 13). Revised compliance matrix is assessment; his will be 6-1 Item No. 15 should also include the Line 2: TVA stated the D3 analysis was not applicable to PAMS, unacceptable. discussed in detail on RSED RTMs.
but provided no justification. The NRC asked for justification since By letter Dated June 18, 2010 (see Attachment 3) TVA the next audit.
SRP Chapter 7.5 identified SRM to SECV-93-087 Item II.Q as provided a table, "Watts Bar 2 - Common Q PAMS ISG-6 NNC 8/12/10: It is not quite being SRP acceptance criteria for PAMS. Compliance Matrix." enough to provide all of the documents requested. There Line 3: TVA identified that the Design report for computer integrity It is TVAs understanding that this comment is focused on are two possible routes to was completed as part of the common Q topical report. The NRC the fact that there are documents that NRC has requested review that the NRC can noted that this report is applicable for a system in a plant, and the that are currently listed as being available for audit at the undertake: (1) follow ISG6, and CQ topical report did no specifically address this PAMS system at Westinghouse offices. For those Common Q PAMS (2) follow the CQ SPM. The Watts Bar Unit 2. documents that are TVA deliverable documents from TVA response that was Westinghouse, TVA has agreed to provide those to NRC. originally pursued was to follow NRC then concluded that TVA should go through and provide a Westinghouse documents that are not deliverable to TVA will ISG6, but some of the more complete and thorough compliance matrix. be available for audit as stated above. Requirements compliance items for ISG6 were Traceability Matrix issues will be tracked under NRC RAI addressed by referencing the Matrix Items 142 (Software Requirements Specification) and SPM. The NRC approved the 145 (System Design Specification). Commercial Item CQ TR and associated SPM; it Dedication issues will be tracked under NRC RAI Matrix may be more appropriate to Item 138. This item is considered closed. review the WBN2 PAMS application to for adherence to TVA Response to Follow-up NRC Request: the SPM that to ISG6. In either path chosen, the applicant WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring should provide documents and a System (PAMS) Licensing Technical Report submitted in justification for the acceptability TVA Letter to NRC dated December 3, 2010, (Reference 1) of any deviation from the path contains the following changes to address the NRC chosen. For example, it requests: appears that the Westinghouse's CDIs are (1) While RSEDs are not specifically mentioned, Section 7 commercial grade dedication has been revised to be applicable to both hardware and plans, but Westinghouse software which includes the RSEDs. maintains that they are (2) Table 6-1 item 15 reference added for WNA-VR-00280- commercial grade dedication WBT (RESD) reports; this apparent deviation should be justified or explained.
TVA Response to Second Follow-up NRC Request:
The NRC audited the Westinghouse commercial item dedication process for both hardware and software during the week of February 28 to March 4, 2011. The audif found the processes acceptable. Westinghouse and TVA previously agreed to provide additional information to address this item in Revision 3 of the Licensing Technical Report.
Attachment 2 contains WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary).
Attachment 3 contains WNA-LI-00058-WBT-NP, Post-Accident Monitoring System (PAMS) Licensing Technical
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Report, Revision 3 dated March 2011 (non-proprietary).
Attachment 4 contains CWA-11-311, Application for Withholding Proprietary Information from Public Disclosure, WNA-LI-00058-WBT-P, Revision 3 Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post-Accident Monitoring System (PAMS) Licensing Technical Report, dated March 14, 2011.
( ( ( ( ( ( (
044 7.5.2 7.5.1 February 25, 2010 Date: 5/25/10 48. Y Closed Closed EICB RAI TVA Letter dated 045 February 25, 2010 Date: 5/25/10 49. Y Closed Closed EICB RAI TVA Letter dated
(
046 February 25, 2010 Date: 5/25/10 50. Y Closed Closed N/A - Request for N/A C C C C C C C 047 7.5.2 7.5.1 4/8/2010 Responder: WEC/Hilmes Date: 5/25/10 51. Y Closed Closed EICB RAI TVA Letter dated 048 7.5.2 7.5.1 April 8, 2010 Date: 5/25/10 52. Y Closed Closed EICB RAI TVA Letter dated G
049 7.5.2 7.5.1 4/8/2010 Responder: WEC Date: 5/25/10 53. Y Closed Closed EICB RAI TVA Letter dated 050 7.5.2 7.5.1 4/8/2010 Responder: WEC Date: 5/25/10 54. N Closed Closed EICB RAI TVA Letter dated NNC 11/18/10: SysRS Rev. 2 contains 051 April 15, 2010 Date: 5/25/10 55. Y Closed Closed N/A N/A Review addressed by another Open
(
052 7.5.2 7.5.1 April 19, 2010 Date: 5/25/10 56. Y Closed Closed RAI No. 12 S
i
(
053 7.5.2 7.5.1 April 19, 2010 Date: 5/25/10 57. Y Closed Closed RAI No. 13 S
i
(
054 7.5.2 7.5.1 4/19/2010 Responder: Slifer/Clark Date: 5/25/10 58. Y Closed Closed RAI No. 14 TVA Letter dated S
i
(
055 7.5.2 7.5.1 4/19/2010 Responder: Slifer/Clark Date: 5/25/10 59. Y Closed Closed RAI No. 15 TVA Letter dated S
i
(
056 April 19, 2010 Date: 5/25/10 60. Y Closed Closed RAI No. 16 TVA Letter dated Sorrento Radiation Monitoring S
i
(
057 7.5.2 7.5.1 4/19/2010 Responder: TVA I&C Staff Date: 5/25/10 61. Y Closed Closed RAI No. 17 TVA Letter dated S
i
(
058 7.5.0 7.5 April 19, 2010 Date: 5/25/10 62. Y Closed Closed RAI No. 18 TVA Letter dated S
i
( ( ( ( ( ( ( (
059 7.5.2 7.5.1 April 19, 2010 Date: 63. Y Closed Closed RAI No. 19 TVA Letter dated 060 7.5.2 7.5.1 April 19, 2010 Date: 5/25/10 64. Y Closed Closed N/A N/A Addressed by Open Item No. 47 061 7.5.2 7.5.1 April 19, 2010 Date: 5/25/10 65. Y Closed Closed N/A N/A Addressed by Open Item No. 48 C C C C C C C S 062 7.5.2 7.5.1 April 19, 2010 Date: 5/25/10 66. Y Closed Closed N/A N/A Addressed by Open Item No. 49 063 7.5.2 7.5.1 April 19, 2010 Date: 5/25/10 67. Y Closed Closed N/A N/A Addressed by Open Item No. 50 i
064 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: Webb Date: 4/8/2010 68. Y Closed Closed N/A - No question TVA Letter dated 065 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 69. Y Closed Closed N/A - No question TVA Letter dated 066 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 70. Y Closed Closed N/A - No question TVA Letter dated 067 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 3. N Open Open-NRC Review N/A - No question TVA Letter dated EICB (Carte) date for the "Commercial Grade Dedication Instructions for AI687, Due: 3/29/11 was asked. Item 6/18/10 AI688, Upgraded PC node box and flat panels." was September The following status is from the revised WB2 Common Q Pending Submittal of Revision 3 was opened to track 28, 2010. PAMS ISG-6 Compliance Matrix submitted in response to of the Licensing Technical comm8ittment Item 43: Report due 3/29/11. NNC 2/2/11: Section 7 made by applicant.
of the WBN2 PAMS
- a. AI687, AI688 - Scheduled for September 28, 2010 Response included in letter LTR should be updated dated 12/22/10. to include:
- b. Upgraded PC node box and flat panel displays - Per (1) non-proprietary Westinghouse letter WBT-D-2024 (Reference 7), these items This item is addressed in Rev. 2 description of are available for audit at the Westinghouse Rockville office. of the Licensing Technical commercial grade Report dedication, and
- c. Power supplies - Per Westinghouse letter WBT-D-2035 (2) Software example (Reference 12), these items are available for audit at the Westinghouse Rockville office. Commercial grade dedication will also be To be addressed during 9/20-9/21 audit addressed at the next audit.
TVA Response to Follow-up NRC Request:
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following change to address the NRC request:
Section 7, Commercial Grade Dedication Process, has been revised to describe the general commercial grade dedication process for both hardware and software and uses a description of the AI687 dedication process as an example of how the process is applied.
TVA Response to Follow-up NRC Request dated 2/2/11:
The non-proprietary commercial grade dedication discussion is included in Attachment 3, WNA-LI-00058-WBT-NP, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3 dated March 2011 (non-proprietary)
Section 7. The software example is included in Attachment 2, WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary) Section 7.
068 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 4. N Open Open-NRC Review N/A - No question TVA Letter dated EICB (Carte) date for the "Summary Report on acceptance of AI687, AI688, was asked. Item 6/18/10 Upgraded PC node box, flat panels, and power supplies." was The following status is from the revised WB2 Common Q Response included in letter NNC 2/2/11: was opened to track September 28, 2010. PAMS ISG-6 Compliance Matrix submitted in response to dated 12/22/10. Commercial grade comm8ittment Item 43: dedication will be made by applicant.
addressed at the next
- a. AI687, AI688 - Scheduled for September 28, 2010 This item is addressed in Rev. 2 audit. Summary of the Licensing Technical reports for AI687 &
- b. Upgraded PC node box - Per Westinghouse letter WBT- Report AI688 were docketed D-2024 (Reference 7), this item is available for audit at the one month late.
Westinghouse Rockville office.
- c. Flat panel displays - Per Westinghouse letter WBT-D-2024 (Reference 7), this item is available for audit at the Westinghouse Rockville office.
- d. Power supplies - Per Westinghouse letter WBT-D-2035 (Reference 12), these items are available for audit at the Westinghouse Rockville office.
To be addressed during 9/20-9/21 audit TVA Response to Follow-up NRC Request:
For the commercial grade dedication process, please see the response to Request for Additional Information (RAI) item 3 in this letter, NRC Matrix Item 067.
The component level EQ/Seismic summary reports for the hardware listed above are available for NRC review/audit as described below:
(1) AI687 and AI688, the following documents were submitted in TVA Letter to NRC dated October 26, 2010, Watts Bar Nuclear Plant (WBN) Unit 2 -
Instrumentation and Controls Staff Information
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Requests, (Reference 5):
- a. EQ-EV-62-WBT, Revision 0, Common Q PAMS Comparison of Tested Conditions for the AI687 and AI688 Common Q Modules and Supporting Components to the Watts Bar Unit 2 (WBT)
Requirements, dated September 10, 2010
- b. EQLR-171, Revision 0, Environmental and Seismic Test Report, Analog Input (AI)687 &
AI688 Modules for use in Common Q PAMS, dated September 10, 2010
- c. CN-EQT-10-44, Revision 0, Dynamic Similarity Analysis for the Watts Bar Unit 2 Post Accident Monitoring System (PAMS), dated September 28, 2010 (2) Upgraded PC Node Box - As stated in Westinghouse letter WBT-D-2024, dated June 9, 2010 NRC Access to Common Q Documents at the Westinghouse Rockville Office, (Reference 6), the following documents are available for NRC audit at the Westinghouse Rockville office:
- a. CDI-3722, Revision 7, Next Generation PC Node Box Commercial Dedication Instruction
- b. LTR-EQ-10-50 PC Node Box/Flat Panel Display System Components Qualification Summary (3) Flat Panel Displays - As stated in Westinghouse letter WBT-D-2024, dated June 9, 2010 NRC Access to Common Q Documents at the Westinghouse Rockville Office, (Reference 6), the following documents are available for NRC audit at the Westinghouse Rockville office:
- a. CDI-3803, Revision 8, Next Generation Flat Panel Display (FPD) Commercial Dedication Instruction
- b. LTR-EQ-10-50 PC Node Box/Flat Panel Display System Components Qualification Summary (4) Power supplies - As stated in Westinghouse letter WBT-D-2035 dated June 11, 2010 NRC Access to Common Q Documents at the Westinghouse Rockville Office (Reference 7), the following documents are available for NRC audit at the Westinghouse Rockville office:
- a. CDI- 4057, Revision 4, Commercial Dedication Instruction
- b. EQ-TP-1 05-GEN, Revision 0, Electromagnetic Compatibility Test Plan and Procedure for Quint Power Supplies and Safety System Line Filter
- c. Breakers, EQ-TP-114-GEN, Revision 0, Seismic Qualification Test Procedure For Common Q Power Supplies, Quint Power Supplies, Line Filter Assemblies, and South Texas Units 3 & 4 Circuit
- d. EQ-TP-117-GEN, Revision 0, Environmental Qualification Test Procedure For Common Q Powe Supplies, Quint Power Supplies, and Line Filter Assemblies 069 7.5.2 7.5.1 CB (C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 5. N Open Open-NRC Review N/A - No question N/A art date for the "Watts Bar 2 PAMS Specific FAT Report" was October Due 3/29/11 was asked. Item
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 2010. Attachment 1 contains non-proprietary WNA-TR-02451- Pending Submittal of the Test was opened to track WBT, Revision 0, Test Summary Report for the Post Summary Report due 3/29/11 NNC 2/3/11: The comm8ittment As agreed, the Watts Bar 2 PAMS Specific FAT Report will not be Accident Monitoring System, dated March 2011. current due dated made by applicant.
submitted. Instead a non-proprietary PAMS Test Summary Report Awaiting for document to be above is 4 months will be submitted. docketed by TVA. later than planned.
( ( ( (
070 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 71. N Closed Closed N/A - No question TVA Letter dated NNC 11/23/10: The dues date in this 071 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 72. N Closed Closed N/A - No question N/A NNC 11/23/10: The dues date in this C C C C 072 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 73. Y Closed Closed N/A - No question N/A 073 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 74. N Closed Closed N/A - No question N/A 074 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 6. N Open Open-NRC Review N/A - No question N/A Rev. 4 will be available for the NRC EICB (Carte) date for the Post FAT IV&V Phase Summary Report was was asked. Item audit on 2/28/11. This document will not November 30, 2010. Attachment 1 contains WNA-VR-00283-WBT-P, IV&V Response in letter dated March Due TBD was opened to track be submitted. Rev. 5 will be submitted Summary Report for the Post Accident Monitoring System, 16, 2011 commitment made after resolution of the datastorm display Revision 4, dated March 2011 (proprietary). Attachment 2 NNC 2/3/11: At least 3 by applicant. issue.
contains WNA-VR-00283-WBT-NP, IV&V Summary Report months later than for the Post Accident Monitoring System, Revision 4, dated planned.
March 2011 (non-proprietary). Attachment 3 contains CWA-11-3121, Application for Withholding Proprietary Information from Public Disclosure, WNA-VR-00283-WBT-P, Revision 4 Nuclear Automation IV&V Summary Report for the Post Accident Monitoring System" (Proprietary), dated March 3, 2011.
( ( (
075 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 75. N Closed Closed N/A - No question N/A
( (
076 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: Clark Date: 5/25/10 76. Y Closed Closed N/A - No question N/A C C C 077 7.5.2 7.5.1 By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10 77. Y Closed Closed N/A - No question TVA Letter dated G G 078 4/26/2010 Responder: Clark Date: 5/25/10 78. Y Closed Closed EICB RAI TVA Letter dated 079 4/26/2010 Responder: Clark Date: 5/25/10 79. Y Closed Closed EICB RAI TVA Letter dated Reviewed under Item 154
(
080 4/26/2010 Responder: WEC 80. Y Closed Closed RAI No. 2 TVA Letter dated S
i 081 7.5.2 7.5.1 5/6/2010 Responder: Merten/WEC 7. N Open Open-NRC Review EICB RAI TVA Letter dated NNC 1/5/11: See Also Open Item No.
EICB (Carte)
ML102910002 6/18/10 86 and 202.
The PAMS Licensing Technical Report (WNA-LI-00058-WBT Rev. The codes and standards documents listed in Section 7 of ML101600092 Item No.1: There Due 2/25/11 Item No. 9 0, Dated April 2010), in Section 7, lists codes and standards the Common Q PAMS Licensing Technical Report are the are three sets of regulatory NNC 4/125/2011: See Open Item No.
applicable to the Common Q PAMS. This list contains references documents that the Common Q platform was licensed to criteria that relate to a Common TVA to provide 364.
to old revisions of several regulatory documents, for example: when the NRC approved the original topical report and Q application (e.g. WBN2 requested information.
(1) RG 1.29 - September 1978 vs. March 2007 issued the approved SER. The WBN Unit 2 Common Q PAMS):
(2) RG 1.53 - June 1973 vs. November 2003 PAMS is designed in accordance with the approved (a) Common Q platform NNC 2/3/11: The (a) IEEE 379-1994 vs. -2000 Common Q topical report and approved SER and the codes components - Common Q TR above due date has (3) RG 1.75 - September 1975 vs. February 2005 and standards on which the SER was based. Since the (b) Application Development been missed by at (a) IEEE 384-1992 vs. -1992 current versions referenced are not applicable to WBN Unit Processes - Common Q SPM least 2 months.
(4) RG 1.100 - June 1988 vs. September 2009 2, there is no basis for a comparison review. (c) Application Specific - current Please provide new (a) IEEE 344-1987 vs. -2004 regulatory criteria due date.
(5) RG 1.152 - January 1996 vs. January 2006 Bechtel to develop a matrix and work with Westinghouse to The Common Q Topical Report (a) IEEE 7-4.33.2-1993 vs. -2003 provide justification. and associated appendices (6) RG 1.168 - September 1997 vs. February 2004 primarily addressed (a) and (b).
(a) IEEE 1012-1986 vs. -1998 TVA Response to Follow-up NRC Request: The Common Q SER states:
(b) IEEE 1028-1988 vs. -1997 (7) IEEE 279-1991 vs. 603-1991 Attachment 4 contains the results of the TVA analysis of Appendix 1, Post Accident (8) IEEE 323-1983 vs. -1974 (RG 1.89 Rev. 1 June 1984 endorses standards and regulatory guides applicable to the Common Monitoring Systems, provides 323-1974) Q PAMS. Based on the results of the analysis, the Common the functional requirements and However, LIC-110, "Watts Bar Unit 2 License Application Review," Q PAMS design meets the applicable requirements and is conceptual design approach for states: "Design features and administrative programs that are acceptable. upgrading an existing PAMS unique to Unit 2 should then be reviewed in accordance with the based on Common Q current staff positions." Please identify all differences between the components (page 58, Section versions referenced and the current staff positions. Please provide 4.4.1.1, Description)On the
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N a justification for the acceptability PAMS with respect to these basis of the above review, the differences. staff concludes that Appendix 1 does not contain sufficient information to establish the generic acceptability of the proposed PAMS design (page 56, Section 4.4.1.3, PAMS Evaluation)
The NRC did not approve the proposed PAMS design.
Section 6, References, and Section 7, Codes and Standards Applicable to the Common Q PAMS, of the PAMS Licensing Technical Report contain items that are not the current regulatory criteria.
Please provide an explanation of how the WBN2 PAMS conforms with the application specific regulatory criteria applicable to the WBN2 PAMS design. For example IEEE Std.
603-1991 Clause 5.6.3, Independence Between Safety Systems and Other Systems, and Clause 6.3, Interaction Between the Sense and Command Features and Other Systems, contain application specific requirements that must be addressed by a PAMS system.
Awaiting TVA Response.
( ( ( (
082 7.5.2 7.5.1 5/6/2010 Responder: WEC Date: 6/18/10 81. N Closed Closed EICB RAI TVA Letter dated NNC 11/18/10: See also Open Item No.
083 7.5.2 7.5.1 May 6, 2010 Date: 6/18/10 82. Y Closed Closed EICB RAI TVA Letter dated C C C C 084 7.5.2 7.5.1 May 6, 2010 Date: 6/18/10 83. Y Closed Closed EICB RAI TVA Letter dated 085 7.5.2 7.5.1 5/6/2010 Responder: WEC 84. N Closed Closed EICB RAI 086 7.5.2 7.5.1 5/6/2010 Responder: WEC Date: 5/24/10 8. N Open Open-NRC Review EICB RAI TVA Letter dated NNC 1/6/11: See Also Open Item No.81 EICB (Carte)
ML102910002 6/18/10 & 202 The PAMS Licensing Technical Report (WNA-LI-00058-WBT Rev. The regulatory documents listed in the Common Q PAMS TVA to address with item OI Due 2/25/11 Item No. 14 0, Dated April 2010), in Section 6, lists references applicable to the Licensing Technical Report are the documents that the 81.
Common Q PAMS. This list contains references to old revisions of Common Q platform was licensed to when the NRC NNC 2/3/11: The several regulatory documents, for example: approved the original topical report and issued the approved above due date has (1) DI&C-ISG04 - Rev. 0 (ML072540138) vs. Rev. 1 SER. The WBN Unit 2 Common Q PAMS is designed in been missed by at (ML083310185) accordance with the approved Common Q topical report and least 2 months.
However, LIC-110, "Watts Bar Unit 2 License Application Review," approved SER and the regulatory documents on which the Please provide new states: "Design features and administrative programs that are SER was based. Since the current versions referenced are due date.
unique to Unit 2 should then be reviewed in accordance with the not applicable to WBN Unit 2, there is no basis for a
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N current staff positions." Please identify all differences between the comparison review.
versions referenced and the current staff positions. Please provide a justification for the acceptability PAMS with respect to these Rev 0 of the Licensing Technical Report references Rev. 1 of differences. ISG4 TVA Response to Follow-up NRC Request:
The analysis for compliance with DI&C-ISG04, Revision 0 to Revision 1 was previously submitted as part of the Common Q PAMS Licensing Technical Report Revision 2 on December 22, 2010. Attachment 4 contains the results of the TVA analysis of standards and regulatory guides applicable to the Common Q PAMS. Based on the results of the analysis, the Common Q PAMS design is acceptable.
(
087 7.5.2 7.5.1 May 6, 2010 Date: 5/24/10 85. Y Closed Closed RAI No. 20 TVA Letter dated S
i 088 7.5.2 7.5.1 ( May 6, 2010 Date: 5/24/10 86. Y Closed Closed RAI No. 21 TVA Letter dated 089 D ( ( ( 5/6/2010 Responder: Clark 87. Y Closed Closed EICB RAI TVA Letter dated NNC: Docketed response states that 090 a C C S 5/6/2010 Responder: Clark Date: 5/25/10 88. Y Closed Closed EICB RAI TVA Letter dated i
091 7.4 7.4 May 20, 2010 Date: 5/25/10 89. Y Closed Closed EICB RAI No.1 TVA Letter dated 092 5/20/2010 Responder: Hilmes 1. Y Open Open-TVA/Oversight Continuous review as items are added DORL Due SER Issue (Poole) TVA to review Licensee Open Item list and determine which items This item will close when we are no longer using this Due: SER Issue are proprietary. document as a communications tool.
( ( ( (
093 May 20, 2010 Date: 5/25/10 90. Y Closed Closed N/A N/A Will be reviewed under item 154 094 5/20/2010 Responder: Clark Date: 5/25/10 91. Y Closed Closed N/A N/A Information was found in FSAR 095 7.8.1, XX D D D D May 20, 2010 Date: 92. Y Closed Closed EICB RAI No. 2 TVA Letter dated 096 7.7.5 XX ( ( 5/20/2010 Responder: 93. Y Closed Closed EICB RAI No.3 TVA Letter dated a a a a G G 097 7.4.2 7.4 May 20, 2010 Date: 94. Y Closed Closed EICB RAI No.4 TVA Letter dated 098 7.4.2 7.4 May 25, 2010 Date: 95. Y Closed Closed EICB RAI No.5 TVA Letter dated 099 ( ( April 12, 2010 Date: 96. Y Closed Closed Closed to Item 129 C B a 97. Y 100 5/20/2010 Responder: WEC Closed Closed N/A - No question N/A 101 4/12/2010 Responder: Slifer 9. Y Open Open-NRC Review N/A TVA is working with the vendor to meet DORL (Poole) the 6/30 date, however there is the The non-proprietary versions of the following RM-1000, The documents, and affidavits for withholding for the listed Documents provided in letter Due 10/14/10 potential this will slip to 7/14.
Containment High Range Post Accident Radiation Monitor documents were submitted to the NRC on TVA letter to the dated 07/15/10 documents will be provided by June 30, 2010. NRC dated July 15, 2010. Confirm receipt.
- 1. V&V Report 04508006A
- 2. System Description 04508100-1TM
- 3. Qualification Reports 04508905-QR, 04508905-1 SP, 04508905-2SP, 04508905-3SP
- 4. Functional Testing Report 04507007-1TR 102 ( ( May 24, 2010 Date: 5/24/10 98. Y Closed Closed N/A TVA Letter dated Request for schedule not information.
103 7.4 7.4 D D ( 5/27/2010 Responder: Ayala Date: 5/27/10 99. Y Closed Closed EICB RAI No.1 TVA Letter dated Submittal date is based on current a a C 104 7.4 7.4 5/27/2010 Responder: Merten Date: 5/27/10 100. Y Closed Closed EICB RAI No.1 TVA Letter dated Submittal date is based on current
(
105 G April 29, 2010 Date: 101. Y Closed Closed N/A N/A Will be reviewed under item 154.
106 May 6, 2010 Date: 5/25/10 102. Y Closed Closed RAI No. 9 TVA Letter dated
(
S i
107 ( ( May 6, 2010 Date: 5/28/10 103. Y Closed Closed RAI No. 22 TVA Letter dated G S i 104. Y 108 May 6, 2010 Date: 5/25/10 Closed Closed N/A N/A Will be reviewed under OI#154
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
( (
109. 7.8 XX 5/6/2010 Responder: N/A 105. Y Closed Closed N/A N/A 109. 5/6/2010 Responder: N/A 106. Y Closed Closed N/A N/A Duplicate of another open Item.
110 May 6, 2010 Date: 107. Y Closed Closed N/A N/A Information was found.
111 May 6, 2010 Date: 5/28/10 108. Y Closed Closed N/A TVA Letter dated Request to help find, not a request for D ( ( ( D 112 June 1, 2010 Date: 109. Y Closed Closed N/A N/A Information was received
( ( ( ( ( (
113 6/1/2010 Responder: Clark 110. Y Closed Closed EICB RAI TVA Letter dated a C C C a 114 7.2 7.2 6/1/2010 Responder: WEC 111. Y Close Closed EICB RAI TVA Letter dated 115 2/25/2010 Responder: Clark 112. Y Closed Closed EICB RAI TVA Letter dated G G G G G G 116 6/3/2010 Responder: WEC 113. Y Closed Closed EICB RAI TVA Letter dated Letter sent to Westinghouse requesting 117 7.1 7.1 6/3/2010 Responder: Hilmes 114. Y Closed Closed EICB RAI TVA Letter dated 118 7.4 7.4 6/8/2010 Responder: Merten 115. Y Closed Closed EICB RAI No.1 TVA Letter dated Submittal date is based on current
( ( ( (
119 June 10, 2010 Date: 116. Y Closed Closed RAI No. 23 TVA Letter dated 120 5/6/2010 Responder: Hilmes/Merten/Costley 117. Y Closed Closed EICB RAI TVA Letter dated 121 5/6/2010 Responder: Webb/Webber 118. Y Closed Closed EICB RAI TVA Letter dated D D D D ( ( ( (
122 June 14, 2010 Date: 119. Y Closed Closed N/A - Request for N/A
( (
123 7.7.3 7.4.1, 6/14/2010 Responder: 120. Y Closed Closed ML101720589, TVA Letter dated a a a a C C C S 124 7.7.5 XX 6/14/2010 Responder: 121. Y Closed Closed ML101720589, Item TVA Letter dated G G 125 7.7.8 7.7.1.12 6/14/2010 Responder: 122. Y Closed Closed ML101720589, Item TVA Letter dated 126 7.8 7.8 June 14, 2010 Date: 123. Y Closed Closed ML101720589, Item TVA Letter dated i
127 7.2 7.2 6/16/2010 Responder: WEC/Clark 124. Y Closed Closed EICB RAI TVA Letter dated 128 7.2 7.2 6/18/2010 Responder: WEC Drake /TVA Craig 125. Y Closed Closed EICB RAI TVA Letter dated Track through SE open item
(
129 P 6/12/2010 Responder: WEC 126. Y Closed Closed N/A TVA Letter dated
(
130 P 6/28/2010 Responder: Clark 127. Y Closed Closed N/A TVA Letter dated
(
131 P 6/28/2010 Responder: Clark 128. Y Closed Closed N/A TVA Letter dated
(
132 P 6/28/2010 Responder: Clark 129. Y Closed Closed N/A TVA Letter dated
(
133 P 6/28/2010 Responder: Clark 130. Y Closed Closed TVA Letter dated
( (
134 6/28/2010 Responder: Clark 131. Y Closed Closed TVA Letter dated 135 7.3.1 7.3.1 6/30/2010 Responder: Clark 132. Y Closed Closed RAI not necessary TVA Letter dated
( D D (
136 7.3.2, 7.4, 5.6, 6/30/2010 Responder: Clark 133. Y Closed Closed RAI not necessary TVA Letter dated C a a P 137 Several WBN2 PAMS documents contain a table titled, Document Responder: WEC 134. Y Closed Closed ML101650255, Item TVA Letter dated 138 By letter dated February 3, 2010, Westinghouse informed TVA that Responder: WEC 10. N Open Open-NRC Review ML101650255, Item See also No. 82.
EICB (Carte) certain PAMS documentation has been completed. No. 2 This item is used to track all Commercial Grade Pending Submittal of Revision 3 NNC 2/2/11:
(a) The draft ISG6 states that a commercial grade dedication plan Dedication issues. of the Licensing Technical Commercial grade should be provided with an application for a Tier 2 review. Report due 3/29/11. dedication will be
- a. WNA-LI-00058-WT-P, Revision 2, Post-Accident addressed at the next By letter dated February 5, 2010, TVA stated that the commercial Monitoring System (PAMS) Licensing Technical Report Revised response included in audit.
grade dedication plan was included in the Common Q Topical submitted in TVA Letter to NRC dated December 3, letter dated 12/22/10 Report Section 11, Commercial Grade Dedication Program. 2010, (Reference 1) contains the following changes to NNC 2/17/11: The Section 11 includes a description of the Common Q Commercial address the NRC request: TVA agreed to include a description of the Grade Dedication Program, and states: A detailed review plan is description of the generic commercial grade developed for each Common Q hardware or software component Section 7, Commercial Grade Dedication Process has Westinghouse hardware dedication process in that requires commercial grade dedication. been revised to describe the general commercial grade commercial grade dedication the CQ PAMS LTR dedication process for both hardware and software and process in the PAMS licensing Rev. 2 should be Please provide the commercial grade dedication plans for each uses a description of the AI687 dedication process as technical report. (see updated to include a Common Q hardware or software component that has not been an example of how the process is applied. ML102920031 Item No 1) non-proprietary previously reviewed and approved by the NRC. description and to
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N As listed in Table 6-3. Westinghouse Watts Bar 2 TVA agreed to include (in the include a software (b) The draft ISG6 states that a commercial grade dedication report Common Q PAMS Documents at Westinghouse PAMS licensing technical report) example.
should be provided within 12 months of requested approval for a Rockville Office, the following commercial grade an evaluation of WBN2 critical Tier 2 review. dedication documents are available for NRC audit at the characteristics for commercial Westinghouse Rockville office: (list included in letter) Westinghouse hardware (i) Please provide 00000-ICE-37722 Rev. 0, Commercial Grade components against the generic Dedication Report for the QNX Operating System for Common Q b. It is TVAs understanding that the submittal of the critical characteristics. (see Applications. documents listed in (b.i) and (b.ii) is no longer required. ML102920031 Item No 2)
Rather, it was agreed, that the inclusion of a description (ii) Please provide WNA-CD-00018-GEN Rev. 3, Commercial of the commercial grade dedication process in revision TVA agreed to include a Dedication Report for QNX 4.25G for Common Q Applications. 2 of the Post-Accident Monitoring System (PAMS) description of the generic Licensing Technical Report, WNA-LI-00058-WT-P, Westinghouse software would be sufficient to address this request. commercial grade dedication process in the PAMS licensing TVA Response to Follow-up NRC Request: technical report. (see ML102920031 Item No 3)
The non-proprietary commercial grade dedication discussion is included in Attachment 3, WNA-LI-00058-WBT-NP, Post- TVA agreed to include (in the Accident Monitoring System (PAMS) Licensing Technical PAMS licensing technical report)
Report, Revision 3 dated March 2011 (non-proprietary) an evaluation of WBN2 critical Section 7. The software example is included in Attachment characteristics for commercial 2, WNA-LI-00058-WBT-P, Post-Accident Monitoring System software components against (PAMS) Licensing Technical Report, Revision 3, dated the generic critical March 2011 (proprietary) Section 7. characteristics. (see ML102920031 Item No 4)
( ( (
139 The WBN2 PAMS System Requirements Specification (WBN2 Responder: WEC 135. Y Closed Closed ML101650255, Item TVA Letter dated WBN2 PAMS System Requirements 140 The first requirement in the WBN2 PAMS SysRS (i.e., R2.2-1) Responder: Clark 136. N Closed Closed ML101650255, Item TVA Letter dated WBN2 PAMS System Requirements C C C 141 Deleted by DORL Date: 137. Y Closed Closed ML101650255, Item WBN2 PAMS System Requirements 142 The applicable regulatory guidance for reviewing the WBN2 PAMS Responder: WEC 11. N Open Open-NRC Review ML101650255, Item WBN2 PAMS System Requirements EICB (Carte)
SysRS would be IEEE 830 as endorsed by Regulatory Guide 1.172 No. 6 Specification and BTP 7-14 Section B.3.3.1, Requirements Activities - Software This item is used to track all traceability issues with the Due 2/25/11 (document Requirements Specifications. IEEE 830-1994 Section 4.3.8, Software Requirements Specification (SRS). Revised response included in submittals) TVA docketed WNA-DS-01617-WBT Traceable, states: A [requirements specification] is traceable of letter dated 02/25/11 Rev. 1, RRAS Watts Bar 2 NSSS the origin of each of its requirements is clear NNC 2/2/11: Updated Completion Program I&C Projects Post Response included in letter Specifications and Accident Monitoring System- System
- 1. How did TVA ensure the traceability of each requirement in TVA Response to 1: dated 12/22/10 RTMs to be provided by Requirements Specification, dated the WBN2 PAMS SysRS. Traceability of requirements for the WBN Unit 2 Common Q TVA December 2009.
PAMS is ensured by: TVA/Westinghouse agreed to
- a. Preparation of the TVA Contract Compliance Matrix include the V&V evaluation of Tracability to be contained in WNA-LI-00058-WBT-P, Revision 2, Post- their reusable software element addressed during the Accident Monitoring System (PAMS) Licensing development process in the next audit.
Technical Report submitted in TVA Letter to NRC V&V design phase summary dated December 3, 2010 (Reference 1). report. This evaluation would
- b. Engineering review/comment/status of each revision include an evaluation against of: the development process
- i. WNA-DS-01617-WBT, Post Accident requirements. This evaluation Monitoring System - System Requirements would also include an evaluation Specification of how the WBN2 specific ii. WNA-DS-01667-WBT, Post Accident requirements were addressed Monitoring System - System Design by the reusable software Specification (hardware) elements. (see ML102920031 iii. WNA-SD-00239-WBT, Software Requirements Item No 5)
Specification for the Post Accident Monitoring System (software)
TVA Response to 2:
- 2. Explain the source(s) of the requirements present in the Post As documented in the RTM, some software requirements
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Accident Monitoring Systems Software Requirements are taken from generic documents. The decision to include Specification. To clarify, many documents have requirements generic software requirements was to reduce the overall that are incorporated by reference into the SRS, but what scope for Common Q features that are unchanged across served to direct the author to include those various projects. Westinghouse reviewed the generic PAMS documents in the SRS or, if the requirement is based on the requirements and included those requirements that were System Requirements Specification, what directed the author applicable to WBN Unit 2 PAMS.
to include the requirement there?
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 3. Clarify whether the unnumbered paragraphs in the Post TVA Response to 3:
Accident Monitoring Systems Software Requirements Unnumbered paragraphs in the Post Accident Monitoring Specification, such as in the section headings, or are all such Systems Software Requirements Specification, such as in sections simply considered to be informative? the section headings, are informative and are not to be interpreted as requirements. All requirements are explicitly Does the same apply to documents referenced by the SRS? numbered.
Such as WCAP-16096-NP-A, Rev. 1A, Software Program Manual for Common Q Systems, which is incorporated by It depends on the document type. The statement would be reference in requirement R2.3-2 in the SRS. true for requirements documents (such as the SysRS or SDS) if they were incorporated by reference. However, for R2.3-2 [The PAMS software shall comply with the the specific item cited, WCAP-16096-NP-A, Rev. 1A, it does requirements and guidelines defined in WCAP-16096-NP-A, not contain numbered requirements. The requirements Software Program Manual for Common Q Systems contained in this document are contained within the text of (reference 5).] the various sections.
If any requirements are expressed in such unnumbered Source: E-mail from Westinghouse (Matthew A. Shakun) to paragraph form instead of individually identified requirements, Bechtel (Mark S. Clark), RE: December 22 letter review, please list them, describe why they satisfy the fundamental dated December 17, 2010 (Reference 13) requirement of unambiguity, and describe how they were verified.
- 4. Are there any sources of requirements in parallel with the TVA Response to 4:
Post Accident Monitoring Systems Software Requirements The Westinghouse SRS, WNA-SD-00239-WBT, Revision 3 Specification? Meaning does the SRS contain, explicitly or contains references to other Westinghouse software by reference, all the requirements that were used in the requirements documents. Specifically, design phase for the application specific software, or do software design phase activities use requirements found in 00000-ICE-3238, Revision 5, Software Requirements any other source or document? If so, what are these Specification Post Accident Monitoring System sources or documents?
00000-ICE-3239, Revision 13, Software Requirements Specification for the Common Q Generic Flat Panel Display Software Source: E-mail from Westinghouse (Matthew A. Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 5. References 12, 27, 29, and 31-44 in the Post Accident TVA Response to 5:
Monitoring Systems Software Requirements Specification Requirements for the reusable software elements (RSEDs) are various types of Reusable Software Element. are evaluated in WNA-VR-00283-WBT-P, Revision 3, IV&V Summary Report for the Post Accident Monitoring System, These references are used in the body of the SRS, for dated December 2010 (Attachment 10).
example:
RSED traceability is contained in WNA-VR-00280-WBT, R5.3.14-2 [The Addressable Constants CRC error signal shall Revision 2, Watts Bar 2 NSSS Completion Program I&C be TRUE when any CAL CRC's respective ERROR terminal Projects Requirements Traceability Matrix for the Reactor
= TRUE (WNA-DS-00315-GEN, "Reusable Software Element Vessel Level Indication System (RVLIS) Custom PC Document CRC for Calibration Data" [Reference 12]).] Elements. This document can be made available for audit
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N at the Westinghouse Rockville office.
They are also included via tables such as found in requirement R7.1.2-1 At the September 15 public meeting in Rockville, the following actions were agreed to. These items address the
[The Watts Bar 2 PAMS shall use the application-specific traceability concerns with the Software Requirements type circuits and custom PC elements listed in Table 7.1-1.] Specification.
- 1. Westinghouse will perform a review of the Do the referenced reusable software element documents include Requirements Traceability Matrix(RTM), using the requirements not explicitly stated in the SRS? If so what is their issues identified at the 9/15 public meeting as a guide origin? (documented below) and update the RTM as required.
TVA Response:
See response to letter Item 13 (NRC Matrix Item 145).
- 2. The next issue of the IV&V report will include the Requirements phase review of the RTM and a partial review for the Design phase.
TVA Response:
See response to letter Item 13 (NRC Matrix Item 145).
- 3. Westinghouse will add a comments column in the Requirements Traceability Matrix (RTM) to address items not in the SRS or SysRS.
TVA Response:
A comments column has been added to WNA-VR-00279-WBT, Revision 3, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 4. IEEE 830 says you shouldnt have planning information in the SRS. Westinghouse has agreed to remove this information.
TVA Response:
Westinghouse has confirmed that process requirements have been removed from the SRS.
Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: Common Q RAI concerns, dated December 8, 2010 (Reference 17)
- 5. IEEE 830 says you shouldnt have process requirements in the SRS. Westinghouse has agreed to remove these requirements.
TVA Response:
Westinghouse confirmed that process requirements have been removed from the SRS.
Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: Common Q RAI concerns, dated December 8, 2010 (Reference 17)
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
- 6. Westinghouse will perform and document an evaluation of the SRS to ensure compliance with Reg.
Guide 1.172 and justify any deviations.
TVA Response:
WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1):
Section 9, Compliance Evaluation Of The Watts Bar 2 PAMS Software Requirements Specification To IEEE Standard 830-1998 And Regulatory Guide 1.172 has been added.
- 7. 25 issues identified by V&V where some requirements have not been included in the System Design Specification (SDS) (14) and SRS (11) at the revisions reviewed by V&V. Have these been addressed?
TVA Response:
The twenty-five (25) issues are captured in Exception Reports (ERs): V&V-769 and V&V-770. These ERs have all been addressed and the ERs have been closed satisfactorily by Westinghouse IV&V.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 8. Some hardware requirements are contained in the SRS instead of the System Design Specification (SDS). These will be removed from the SRS and incorporated into the next revision of the SDS.
TVA Response:
The hardware requirements in the Software Requirements Specification have been deleted and moved to System Design Specification.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 16, 2010 (Reference 15)
- 9. RTM item R4.2-2 protection class software set to 0.
Needs to be fixed internally. Write CAPs to revise the application restrictions document on AC160.
TVA Response:
Westinghouse CAPs IR# 10-259-M034 has been issued. This item will be addressed in revision 4 of the RTM.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 10. Westinghouse to improve the traceability of the tests
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N that are performed with the function enable (FE) switch in the ENABLE position.
TVA Response:
The tests that are performed with the FE keyswitch in the ENABLE position are defined in the SRS Sections:
6.2 Manually Initiated Testing, 7.2.23 Annunciator Test Display, 7.2.25 Saturation Margin Test Display, and 7.2.26 Analog Output Test Display.
- 11. Westinghouse to revise documents to be consistent with referring to the FE switch in the ENABLE position.
TVA Response:
Westinghouse has elected to standardize on the terms FE keyswitch and ENABLE. A review of recent documents for compliance with this comment and commitment was performed with the following results:
- a. Revision 3 of the SysRS, and SDS have been revised to use the terms FE keyswitch. Revision 3 of the SDS is consistent in use of the term ENABLE.
- b. SysRS Revision 3 is not consistent in use of the term ENABLE as noted below:
- i. R2.5.2.1-2 uses the term ENABLED instead of ENABLE ii. R2.5.2.1.3-3, R2.6.3.3-1, R2.6.3.3-2, R2.6.3.3-3, and R2.6.3.3-7, use the term Enable instead of ENABLE
- c. Revision 3 of the SRS is not consistent in use of the terms FE keyswitch and ENABLE as noted below:
- i. Tables 7.2-1 Train A PAMS Data Transmitted to the Plant Computer and 7.2-2 Train B PAMS Data Transmitted to the Plant Computer items 101 and 102 in the SRS refer to the FE switch.
All other items in the SRS refer to the FE keyswitch.
ii. Section 2.1, page 2-4, uses the term Enable instead of ENABLE iii. Requirements R7.2.14-6 and R7.2.16-7 use the term active instead of ENABLE iv. Requirements R7.2.23-2, R7.2.25-2, R7.2.26-2, R7.2.31-4, 7.2.56 FPDS Availability, and R7.2.57-4 use the term enabled instead of ENABLE
- d. WNA-AR-00180-WBT-P, Revision 0, Failure Modes and Effects Analysis (FMEA) for the Post Accident Monitoring System, dated October 2010, submitted in TVA letter to NRC dated (Reference
- 12) is not consistent in use of the term FE keyswitch as noted below:
ii. Table 3-1 describes the switch as the Functional Enable (FE) switch and the FE key-switch
- e. Revision 2 of the Licensing Technical Report is not
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N consistent in use of the term FE keyswitch as noted below:
- i. Sections 2.2, 5.3 use the term (FE) keylock switch on pages 2-3 (2 places), page 5-3, page 5-6 (4 places)
The identified discrepancies in the use of the terms FE keyswitch and ENABLE in the SysRS, SRS, FMEA and Licensing Technical Report, will be corrected in the next revision of the documents.
- 12. The flow of information is from the SysRS to the SDS (hardware) and SRS (software). Describe how the documents are used. Describe in 1.1 of the SysRS.
Need a good write up of how the process works.
TVA Response:
See response to letter item 13 (NRC Matrix Item 145).
- 13. Westinghouse and TVA will develop a revised schedule for document submittals and provide it to the NRC no later than 9/30/10 TVA Response:
The revised document submittal schedule was included as item 3 NRC Request (Matrix Item Number 142, TVA Commitments Nos. 10 and 17) in TVA letter to NRC dated October 26, 2010 (Reference 5).
- 14. TVA will update the Procurement Requisition Resolution Matrix and submit it to show how the Common Q PAMS design meets the contract requirements.
TVA Response:
The Procurement Requisition Resolution Matrix has been updated and is included in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS)
Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1), as Section 11, TVA Contract Compliance Matrix.
- 15. Westinghouse to add the Software Design Descriptions to the RTM TVA Response:
The Software Design Description documents were added to the RTM in WNA-VR-00279-WBT, Rev 2.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 16. Westinghouse to clarify how requirements or documents are incorporated by reference into the Common Q PAMS requirements.
TVA Response:
When a Common Q PAMS requirements document
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N references a section of another document, all requirements in that section are applicable.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 17. Westinghouse to review the use of shall outside of numbered paragraphs in requirements documents to ensure that all requirements are captured and clearly identified.
TVA Response:
See response in letter dated December 22, 2010, item 2 (NRC Matrix Item 050).
- 18. Westinghouse to resolve the following questions concerning Software Design Descriptions (SDDs)
- a. Is the SDD a standalone document or will it incorporate the generic SDD by reference?
- b. What are the SDDs?
- c. PAMS is a delta document so how do we capture all the generic requirements for traceability.
TVA Response:
- a. There are three SDDs prepared specifically for the Watts Bar 2 PAMS project. These are listed below in Item b. These documents and superior requirements documents refer to other generic SDDs also listed in Item b.
- b. The SDDs developed for this project are:
- i. WNA-SD-00248-WBT, Revision 1, Watts Bar 2 NSSS Completion Program I&C Projects Software Design Description for the Post Accident Monitoring System Flat Panel Display ii. WNA-SD-00250-WBT, Revision 1, Watts Bar 2 NSSS Completion Program I&C Projects Software Design Description for the Post Accident Monitoring System AC160 Software iii. WNA-SD-00277-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Software Design Description for the Post Accident Monitoring System Flat Panel Display System Screen Design Details iv. Other generic SDDs referenced by the PAMS project are:
(a) 00000-ICE-20157, Revision 18, Software Design Description for the Common Q Generic Flat-Panel Software (b) 00000-ICE-30152, Revision 5,
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Software Design Description Post Accident Monitoring System AC160 (c) 00000-ICE-30140, Revision 4, Software Design Description for the Common Q Core Protection Calculator System Database and Utility Functions
- c. Refer to WNA-VR-00279-WBT, Revision 3.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
- 19. For Reusable Software Elements, Westinghouse to describe as qualified libraries by following the SPM and qualified using the Software Elements Test procedure under Appendix B program. Provide a summary of RSEDs generic WCAP. Westinghouse to determine if the WCAP was docketed under the AP1000. RSED concept is not in the SPM. WCAP-15927 AP-1000 does not discuss RCEDs. WCAP process was acceptable. RSEDs are listed in the SDD References.
TVA Response:
Section 3.2.4.1 of WCAP-15927 describes the RSED design process for custom PC elements and type circuits. The Glossary of Terms in the SPM defines custom PC elements and type circuits as modules.
Therefore, the relationship between WCAP-15927 describing the RSED process as circuits, is defined in the SPM requirements for software module development.
WCAP-15927 is on the AP1000 docket.
Source: E-mail from Westinghouse (Matthew A.
Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
TVA Response to Follow-up NRC Request:
WNA-VR-00279-WBT, Revision 4, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System is scheduled to be available for audit at the Westinghouse Rockville office February 21, 2011. The document will be available at the Westinghouse Cranberry offices to support the NRC Common Q PAMS audit.
Attachment 9 contains the proprietary version of WNA-DS-01617-WBT-P, Revision 4, Post Accident Monitoring System - System Requirements Specification, dated February 2011. Attachment 10 contains the non-proprietary version WNA-DS-01617-WBT-NP, Revision 4, Post Accident Monitoring System - System Requirements Specification, dated February, 2011. Attachment 11 contains the Application for Withholding Proprietary Information from Public Disclosure, WNA-DS-01617-WBT-P, Revision 4, Nuclear Automation Watts Bar 2 NSSS
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Completion Program I&C Projects, Post Accident Monitoring System - System Requirements Specification (Proprietary),
dated February 10, 2011.
Attachment 12 contains the proprietary version of WNA-DS-01667-WBT-P, Revision 4, Post Accident Monitoring System - System Design Specification, dated February 2011. Attachment 13 contains the non-proprietary version WNA-DS-01667-WBT-NP, Revision 4, Post Accident Monitoring System - System Design Specification, dated February 2011. Attachment 14 contains the Application for Withholding Proprietary Information from Public Disclosure, WNA-DS-01667-WBT-P, Revision 4, Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System - System Design Specification (Proprietary), dated February 11, 2011.
Attachment 15 contains the proprietary version of WNA-SD-00239-WBT-P, Revision 4, Software Requirements Specification for the Post Accident Monitoring System, dated February 2011. Attachment 16 contains the non-proprietary version WNA-SD-00239-WBT-NP, Revision 4, Software Requirements Specification for the Post Accident Monitoring System, dated February 2011. Attachment 17 contains the Application for Withholding Proprietary Information from Public Disclosure, WNA-SD-00239-WBT-P, Revision 4, Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Software Requirements Specification for the Post Accident Monitoring System (Proprietary), dated February 10, 2011.
143 The WBN2 PAMS Software Requirements Specification (WBN2 Responder: WEC 12. N Open Open-NRC Review ML101650255, Item WBN2 PAMS System Requirements EICB (Carte)
PAMS SRS - ML101050202) contains a table (see page iii) titled, No. 7 Specification Document Traceability & Compliance, which states that the Addressed in the 9/15 public meeting and 9/20 - 9/21 audit. Response included in letter Due 2/25/11 (document WBN2 PAMS SRS was created to support the three documents A detailed explanation will be provided. dated 12/22/10 submittals) TVA docketed WNA-DS-01617-WBT identified (one of which is the WBN2 PAMS SysRS). Section 1.1, Rev. 1, RRAS Watts Bar 2 NSSS Overview, of the WBN2 PAMS SRS states: This document TVA Response: To be addressed by Completion Program I&C Projects Post describes requirements for the major software components Revision of the RTM, Accident Monitoring System- System (a) and (b) The requested information is provided in the SRS, SysRS, and Requirements Specification, dated (a) Please list and describe each of the major software following documents: SysDS. December 2009.
components. Please include a description of any NRC review for i. WNA-LI-00058-WBT-P, Revision 2, Post-each of these components. Accident Monitoring System (PAMS) Licensing NNC 2/2/11: Updated Technical Report, Table 6-1, Document Specifications and (b) Please list and describe each of the other software Requirements which lists the software RTMs to be provided by components. Please include a description of any NRC review for documentation requirements for the Common Q TVA each of these components. PAMS and Section 11 TVA Contract Compliance Matrix submitted in TVA Letter to NNC 2/3/11: The (c) What other documents contain the requirements for the other NRC, dated December 3, 2010 (Reference 1). above due date has software components? ii. WNA-DS-01617-WBT-P, Revision 3, Post been missed by at Accident Monitoring System- System least 2 months.
The WBN2 PAMS System Design Specification (WBN2 PAMS Requirements Specification, dated December Please provide new SDS) contains a table (see page iii) titled, Document Traceability 2010 (Attachment 1) due date.
& Compliance, which states that the WBN2 PAMS SysRS was iii. WNA-SD-00239-WBT-P, Revision 3, Software created to support the WBN2 PAMS SysRS. Section 1.1, Requirements Specification for the Post Accident Purpose, of the WBN2 PAMS SDS states: The purpose of this Monitoring System, dated December 2010 document is to define the hardware design requirements (Attachment 7) iv. WNA-VR-00279-WBT, Revision 3, Watts Bar 2 (c) Do the WBN2 PAMS SRS and SDS, together, implement all of NSSS Completion Program I&C Projects the requirements in the WBN2 PAMS SysRS? Requirements Traceability Matrix for the Post
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Accident Monitoring System (available for NRC (e) Please briefly describe all of the documents that implement audit at the Westinghouse Rockville office) the WBN2 PAMS SysRS. To the best of TVAs knowledge, no prior NRC review of the software components has been performed.
(c) WNA-VR-00280-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements (available for NRC audit at the Westinghouse Rockville office)
(d) No. Please see Item (e) below.
(e) The documents that describe the requirements that implement the WBN Unit 2 SysRS are:
- i. WNA-VR-00279-WBT, Revision 3, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System (available for NRC audit at the Westinghouse Rockville office) ii. WNA-VR-00280-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements (available for NRC audit at the Westinghouse Rockville office)
Source: E-mail from Westinghouse (Matthew A. Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)
TVA Response to Follow-up NRC Request:
See Response to item 3 (Item number 142) 144 The WBN2 PAMS Software Requirements Specification (WBN2 Responder: WEC 13. N Open Open-NRC Review ML101650255, Item TVA Letter dated WBN2 PAMS Software Requirements EICB (Carte)
PAMS SRS) contains a table (see page iii) titled, Document No. 8 10/5/10 Specification Traceability & Compliance, which states that the WBN2 PAMS (a) The purpose of NABU-DP-00014-GEN document is to Pending Submittal of Revision 3 Due 3/29/11 SRS was created to support the three documents identified (two ofdefine the process for system level design, software design of the Licensing Technical By letter dated April 8, 2010 these documents have been provided on the docket). and implementation, and hardware design and Report due 3/29/11. Responses to items a (ML10101050203), TVA docketed implementation for Common Q safety system development. and e provided. WNA-SD-00239-WBT, Revision 1, (a) Please describe the third document (i.e., NABU-DP-00014-GEN This document supplements the Common Q SPM, WCAP- "RRAS Watts Bar 2 NSSS Completion Revision 2, Design Process for Common Q Safety Systems). 16096-NP-A. The scope of NABU-DP-00014-GEN includes Revised response included in NNC 11/18/10: Program I&C Projects, Software the design and implementation processes for the application letter dated 12/22/10 (1) Items b-d closed to Requirements Specification for the Post (b) Please describe the flow of information between these three development. For a fuller description of the design process other Open Item nos. Accident Monitoring System, dated documents. described in NABU-DP-00014-GEN please refer to the Response provided in letter (2) The point of these February 2010 (ML101050202).
Design Process for AP1000 Common Q Safety Systems, dated 10/5/10 questions was to (c) Does the PAMS SRS implement the requirements in these WCAP-15927 on the AP1000 docket. Since this is a understand how the three documents? Westinghouse process document that is not specifically NRC Review and WEC to origin of the referenced in the SRS, it will be removed in the next revision complete response. requirements in the (d) Please describe if and how these three documents are used in of the document. requirements the development of the PAMS Software Design Description. b-d to be addressed at public specifications were (b) - Closed to items 142 and 145 meeting and audit. Will require documented. TVA (e) Do the WBN2 V&V activities include verification that the information to be docketed. stated that the origin of requirements of these three documents have been incorporated (c) - Closed 142 the requirements would into the WBN2 PAMS SRS. be demonstrated in (d) - Closed to Item 142 Rev. 2 of the CQ PAMS LTR.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N (e) WBN2 PAMS Software Requirements Specification (WNA-SD-00239-WBT, Rev. 1) refers to Document NNC 2/3/11: CQ Traceability & Compliance table on page iii. This table has PAMS LTR Rev. 2 three entries; Design Process for Common Q Safety Section 11 & 12 do not Systems (NABU-DP-00014-GEN, Rev. 2), RRAS Watts Bar adequately 2 NSSS Completion Program I&C Projects Post Accident demonstrate the origin Monitoring System - System Requirements Specification of requirements in (WNA-DS-01617-WBT, Rev. 1), and RRAS Watts Bar 2 SysRS. TVA to NSSS Completion Program I&C Projects Post Accident describe how to Monitoring System - System Design Specification (WNA- address concern.
DS-01667-WBT, Rev. 1).
IV&V performed a Requirements Traceability Assessment during which it reviewed Software Requirements Specification (WBN2 PAMS SRS, WNA-SD-00239-WBT, Rev. 1) against System Requirements Specification (WNA-DS-01617-WBT, Rev. 1) and System Design Specification (WNA-DS-01667-WBT, Rev. 1). Requirements within Software Requirements Specification that are referring to NABU-DP-00014-GEN, Rev 2, Design Process for Common Q Safety Systems, have also been reviewed for traceability and compliance. During IV&V's RTA effort the anomaly reports V&V-769 and V&V- 770 have been initiated and reported in the IV&V Phase Summary Report for the System Definition Phase, WNA-VR-00283-WBT, Rev. 0.
IV&V has verified that the requirements in SRS are derived from the specified documents listed in the Document Traceability and Compliance Table of WBN2 PAMS SRS.
TVA Response to Follow-up NRC Request:
(1) Item (a) in the original list, NABU-DP-00014-GEN Revision 2, Design Process for Common Q Safety Systems, is available for NRC audit at the Westinghouse Rockville office.
(2) WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following change to address the NRC request:
Section 11, TVA Contract Compliance Matrix showing the origin of the requirements was added.
TVA Response to Second Follow-up NRC Request:
Section 13, Origin Tracing of WBN2 PAMS System Requirements Specification was added to the Licensing Technical Report Revision 3 to address this concern.
Attachment 2 contains WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary).
145 The WBN2 PAMS System Design Specification (WBN2 PAMS Responder: WEC 14. N Open Open-NRC Review ML101650255, Item WBN2 PAMS System Design EICB SDS) contains a table (see page iii) titled, Document Traceability No. 9 Specification (Carte) & Compliance, which states that the WBN2 PAMS SDS was (1) The review and update of the RTM is complete. The Response included in letter Due 2/25/11 created to support the WBN2 PAMS SysRS. revised RTM can be made available for NRC audit at dated 12/22/10 TVA docketed WNA-DS-01667-WBT
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N the Westinghouse office in Rockville. To be addressed by Rev. 1, RRAS Watts Bar 2 NSSS (a) Does the WBN2 PAMS SDS implement all of the hardware During the September 20-21, Revision of the RTM, Completion Program I&C Projects Post requirements in the WBN2 PAMS SysRS? (2) Please see letter Item 10 (NRC Matrix Item 142, sub 2010 audit at Westinghouse, it SRS, SysRS, and Accident Monitoring System- System item 13). was acknowledged that SysDS. Design Specification, dated December (b) Please briefly describe all of the documents that implement the TVA/Westinghouse had 2009.
hardware requirements of the WBN2 PAMS SysRS. (3) Please see letter Item 10 (NRC Matrix Item 142, sub previously (in September 15, item 12). 2010 public meeting) stated:
This item is used to track all traceability issues with the System Design Specification (SDS). (4) Section 11 TVA Contract Compliance Matrix was TVA would provide the RSED added to WNA-LI-00058-WBT-P, Revision 2, Post- RTM. (see ML102920031 Item At the September 15 public meeting in Rockville, the following Accident Monitoring System (PAMS) Licensing No 6) actions were agreed to. These items partially address the Technical Report submitted in TVA Letter to NRC traceability concerns with the System Design Specification. dated December 3, 2010, (Reference 1). TVA would revise and resubmit This item will be updated with the results of the September 20 the PAMS RTM to address all and 21 Commercial Grade Dedication and SDS RTM audit. (5) WNA-VR-00283-WBT, Revision 1, IV&V Summary types of issues identified in the Report for the Post Accident Monitoring System, public meeting. (see
- 1. Westinghouse will perform completed a review of the submitted in TVA to NRC letter dated December 3, ML102920031 Item No 7)
Requirements Traceability Matrix(RT), using the issues 2010 (Reference 1) includes the Requirements and identified at the 9/15 public meeting as a guide (documented Design phase reviews. TVA would revise and resubmit below) and update the RTM as required. the Software Verification and (6) Per Westinghouse letter WBT-D-2268 NRC Access to Validation phase summary
- 2. Some hardware requirements are contained in the SRS Common Q Documents at the Westinghouse Rockville report for the requirements instead of the System Design Specification (SDS). These will Office dated August 16, 2010 (Reference 9) System phase to document the be removed from the SRS and incorporated into the next Requirements Specification for the Common Q Generic completion of the requirements revision of the SDS. Flat Panel Display, 00000-ICE-30155, Revision 9 is phase review. (see available for audit at the Westinghouse Rockville office. ML102920031 Item No 8)
- 3. 25 issues identified by V&V where some requirements have not been included in the SDS (14) and SRS (11) at the The generic AC160 specifications are contained in the revisions reviewed by V&V. Have these been addressed? documents listed below. The documents are available Yes. The next revisions of the SDS and SRS address these for NRC audit at the Westinghouse Rockville office in issues. accordance with the letter number referenced. List is contained in letter.
- 4. TVA will update the Procurement Requisition Resolution Matrix and submit it to show how the Common Q PAMS (7) A schedule was developed and is reviewed weekly by design meets the contract requirements. Westinghouse and TVA project management.
- 5. The next issue of the IV&V report will include the (8) The revised document submittal schedule was Requirements phase review of the RTM and a partial review included as item 3 NRC Request (Matrix Item Number for the Design phase. 142, TVA Commitments Nos. 10 and 17) in TVA letter to NRC dated October 26, 2010.
- 6. Westinghouse to provide the generic AC160 and flat panel specifications. (9) The flow of documentation information was provided to the NRC inspector during the Common Q PAMS audit.
- 7. Westinghouse and TVA to develop a schedule of licensing document submittals that can be met by the project team. Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: RAI on SysRS, dated
- 8. The flow of information is from the SysRS to the SDS December 8, 2010 (hardware) and SRS (software). Describe how the documents are used. Describe in 1.1 of the SysRS. Need a TVA Response to Follow-up NRC Request:
good write up of how the process works.
See Response to item 3 (Item number 142)
( ( (
146 6/17/2010 Responder: 138. Y Closed Closed ML101650255, Item PAMS System Requirements
( (
147 6/17/2010 Responder: 139. Y Closed Closed ML101650255, Item PAMS System Requirements C C C 148 6/17/2010 Responder: 140. Y Closed Closed ML101650255, Item PAMS System Requirements G G 149 7.2 7.2 FSAR Section 7.1.1.2(2), Overtemperature delta T and Responder: Tindell 141. Y Close Closed ML101720589, Item TVA Letter dated 150 7.2 7.2 Many of the changes were based on the Westinghouse document Responder: Clark 142. Y Close Closed ML101720589, Item TVA Letter dated
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
( ( ( ( ( ( ( ( ( ( ( ( (
151 7.2 7.2 Provide the EDCR 52378 and 54504 which discusses the basis for Responder: Clark 143. Y Close Closed ML101720589, Item TVA Letter dated 152 7.2 7.2 Deleted portion of FSAR section 7.2.3.3.4 and moved to FSAR Responder: Merten/Clark 144. Y Close Closed ML101720589, Item TVA Letter dated 153 7.2 7.2 FSAR section 7.2.1.1.7 added the reference to FSAR section Responder: Craig/Webb 145. Y Close Closed ML101720589, Item TVA Letter dated 154 7.2 7.2 FSAR section 7.2.1.1.10, setpoints: NRC staff has issued RIS Responder: Craig/Webb 146. Y Closed Closed ML101720589, Item TVA Letter dated EICB RAI ML102861885 sent to DORL 155 7.2 7.2 Summary of FSAR change document section 7.2 states that Date: 147. Y Closed Closed ML101720589, Item 156 7.2 7.2 FSAR section 7.2.2.1.1 states that dashed lines in Figure 15.1- Responder: WEC 148. Y Closed Closed ML101720589, Item TVA Letter dated Response on hold pending 157 7.2 7.2 FSAR section 7.2.2.1.1, fifth paragraph was deleted except for the Responder: Tindell 149. Y Close Closed ML101720589, Item TVA Letter dated G G G G G G G G G G G G G 158 7.2 7.2 FSAR section 7.2.2.1.1, paragraph six was changed to state that Responder: Tindell 150. Y Closed Closed ML101720589, Item TVA Letter dated 159 7.2 7.2 FSAR section 7.2.2.1.2 discusses reactor coolant flow Responder: Craig 151. Y Close Closed ML101720589, Item TVA Letter dated 160 7.2 7.2 FSAR section 7.2.2.2(7) deleted text which has references 12 and Responder: Tindell 152. Y Close Closed ML101720589, Item TVA Letter dated 161 7.2 7.2 FSAR section 7.2.2.3 states that changes to the control function Responder: Clark 153. Y Closed Closed ML101720589, Item TVA Letter dated 162 7.2 7.2 FSAR section 7.2.2.2(14) states that bypass of a protection Responder: Tindell 154. Y Closed Closed ML101720589, Item TVA Letter dated 163 7.2 7.2 Deleted by DORL Date: 155. Y Closed Closed ML101720589, Item 164 7.2 7.2 FSAR section 7.2.2.2(20) has been revised to include the plant Responder: Perkins 156. Y Closed Closed ML101720589, Item TVA Letter dated Item No. 8 sent to DORL a
165 7.2 7.2 FSAR section 7.2.2.3.2, last paragraph of this section has been Responder: Clark 157. Y Closed Closed ML101720589, Item TVA Letter dated 166 7.2 7.2 Changes to FSAR section 7.2.2.2(20) are justified based on the Responder: Clark 158. Y Closed Closed ML101720589, Item TVA Letter dated
( (
167 7.2 7.2 FSAR section 7.2.2.4, provide an analysis or reference to chapter Responder: Clark 159. Y Close Closed ML101720589, Item TVA Letter dated 168 7.2 7.2 FSAR table 7.2-4, item 9 deleted loss of offsite power to station Responder: Clark 160. Y Close Closed ML101720589, Item TVA Letter dated
( ( ( ( r 169 6/18/2010 Responder: Clark 161. Y Closed Closed 170 6/17/2010 Responder: Clark 162. Y Closed Closed M M ( ( ( ( ( ( ( ( ( ( ( (
171 7.2 7.2 6/17/2010 Responder: Craig 163. Y Closed Closed EICB RAI TVA Letter dated Closed to SE Open Item 172 6/17/2010 Responder: Craig 164. Y Closed Closed EICB RAI 173 7.1 7.1 6/17/2010 Responder: Craig/Webb/Powers 165. Y Closed Closed EICB RAI C C C C g 174 6/28/2010 Responder: Hilmes/Craig 166. Y Closed Closed EICB RAI 175 June 28, 2010 Responder: 167. Y Closed Closed EICB RAI a a G G G G G G G G G G G G 176 7.1 7.1 6/28/2010 Responder: Craig/Webb 168. Y Closed Closed EICB RAI 177 7.5.2. 7.5.1 7/15/2010 Responder: Clark 169. Y Closed Closed N/A TVA Letter dated RAI not required l
178 7.5.2. 7.5.1 7/15/2010 Responder: Clark 170. Y Closed Closed N/A TVA Letter dated RAI not required 179 An emphasis is placed on traceability in System Requirements Responder: WEC 171. Y Closed Closed N/A - Closed to NA 180 The SRP, BTP 7-14, Section B.3.3.1 states that Regulatory Guide Responder: WEC 172. Y Closed Closed N/A - Closed to NA 181 An emphasis is placed on traceability in System Requirements Responder: WEC 173. Y Closed Closed N/A - Closed to NA 182 Characteristics that the SRP states that a Software Requirements Responder: WEC 174. Y Closed Closed N/A - Closed to NA 183 7/15/2010 Responder: WEC 15. Y Open Open-NRC Review EICB RAI TVA Letter dated EICB (Carte)
ML102980066 Item 10/21/10 An emphasis is placed on traceability in System Requirements The generic Software Requirements Specification applies Pending Submittal of Revision 3 Due 3/29/11 No. 9 Enclosure 1 Item Specifications in the SRP, in the unmodified IEEE std 830-1993, except as modified by the WBN Unit 2 System Requirements of the Licensing Technical No. 4 and even more so given the modifications to the standard listed in Specification. Report due 3/29/11. NNC 11/18/10: The Regulatory Guide 1.172, which breaks with typical NRC use of the point behind this open word should to say Each identifiable requirement in an SRS must TVA Response to Follow-up NRC Request: item was that TVA must be traceable backwards to the system requirements and the design Revised response included in demonstrate that the bases or regulatory requirements that is satisfies Please see the response to RAI item 12 in letter dated letter dated 12/22/10. origin of each 12/22/10, NRC Matrix Item 144. requirement in the On page 1-2 of the Post Accident Monitoring Systems Software WEC requirements Requirements Specification in the background section, is the TVA Response to Second Follow-up NRC Request: Response provided in letter specification is known sentence Those sections of the above references that require dated 10/21/10 and documented. TVA modification from the generic PAMS are defined in the document This item was addressed by updating the Contract stated that this
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N referring purely to the changes from WNA-DS-01617-WBT Post Compliance Matrix and adding Section 13, Origin Tracing of information would be in Accident Monitoring System-System Requirements Specification WBN2 PAMS System Requirements Specification to the CQ PAMS LTR Rev. 2.
or is it saying that there are additional changes beyond those and Licensing Technical Report Revision 3 to address this that the SRS defines them? concern. Attachment 2 contains WNA-LI-00058-WBT-P, NNC 2/3/11: CQ PMS Post-Accident Monitoring System (PAMS) Licensing LTR Rev. 2 Sections 11 If there are additional changes, what is their origin? Technical Report, Revision 3, dated March 2011 & 12 do not prove this (proprietary). information. TVA to proive a plan to address requested information.
(
184 C 7/15/2010 Responder: WEC 175. Y Closed Closed N/A - Closed to N/A 185 7/15/2010 Responder: WEC 16. N Open Open-NRC Review EICB RAI EICB (Carte)
ML102980066 Item An emphasis is placed on the traceability of requirements in Steve Clark to look at how to combine traceability items. Response included in letter NNC 11/18/10: (1)The No. 17 Software Requirements Specifications in the SRP, in the dated 12/22/10. point behind this open unmodified IEEE std 830-1993, and even more so given the Was addressed to during the 9/15 meeting and 9/20 - 9/21 item was that TVA must modifications to the standard listed in Regulatory Guide 1.172, audit. demonstrate that the which breaks with typical NRC use of the word should to say origin of each Each identifiable requirement in an SRS must be traceable TVA Response to Follow-up NRC Request: requirement in the backwards to the system requirements and the design bases or (1) See NRC Matrix Item 144 WEC requirements regulatory requirements that is satisfies Also the NRC considers (2) There is no RTM for development of the individual specification is known that the SRS is the complete set of requirements used for the reusable software elements. As listed in item 15 of and documented. TVA design of the software, whether it is contained within one document Table 6-1 Document Requirements of WNA-LI-00058- stated that this or many. In order to evaluate an SRS against the guidance in the WT-P, Revision 2, Post-Accident Monitoring System information would be in SRP the staff needs access to all the requirements. (PAMS) Licensing Technical Report submitted in TVA CQ PAMS LTR Rev. 2.
Letter to NRC, dated December 3, 2010, a RTM for (2) TVA also said it References 12, 27, 29, and 31-44 in the Post Accident Monitoring implementation of the RSEDs (WNA-VR-00280-WBT) would provide a RTM Systems Software Requirements Specification are various types of for the WBN Unit 2 Common Q PAMS has been for the RSED Reusable Software Element. developed. This document is available for NRC audit at the Westinghouse Rockville office. NNC 2/3/11: To be These references are used in the body of the SRS, for example: addressed during next audit.
R5.3.14-2 [The Addressable Constants CRC error signal shall be TRUE when any CAL CRC's respective ERROR terminal = TRUE (WNA-DS-00315-GEN, "Reusable Software Element Document CRC for Calibration Data" [Reference 12]).]
They are also included via tables such as found in requirement R7.1.2-1
[The Watts Bar 2 PAMS shall use the application-specific type circuits and custom PC elements listed in Table 7.1-1.]
Do the referenced reusable software element documents include requirements not explicitly stated in the SRS? If so what is their origin?
186 7.7.8 7.7.1.12 ( 7/15/2010 Responder: Perkins/Clark 176. Y Closed Closed EICB RAI No.6 TVA Letter dated 187 ( ( D By letter dated June 18, 2010, TVA docketed responses to NRC Responder: Merten 177. N Closed Closed ML101970033, Item TVA Letter dated Are these connections already C C a 188 By letter dated June 30, 2010, TVA docketed, Tennessee Valley Responder: Clark 178. Y Closed Closed ML101970033, Item TVA Letter dated
(
189 7.6.7 7/20/2010 Responder: Clark 179. Y Closed Closed RAI No. 3 TVA Letter dated S
i 190 7.9 ( ( FSAR Table 7.1-1 states: Regulatory Guide 1.133, May 1981 Responder: Clark 180. Y Closed Closed RAI No. 4 TVA Letter dated Closed to OI-331.
( (
191 7.9 M M NUREG-0800 Chapter 7, Section 7.9, "Data Communication Responder: Jimmie Perkins 181. Y Closed Closed ML10197016, Item TVA Letter dated C S 192 7.5.1. 7.5.2 a a The NRC Staff is using SRP (NUREG-0800) Chapter 7 Section Responder: Clark 182. Y Closed Closed Item No. 1 sent to TVA Letter dated EICB RAI ML1028618855 sent to i
193 7.5.1. 7.5.2 The WBU2 FSAR, Section 7.5.2, Plant Computer System, Responder: Clark 183. Y Closed Closed Item No. 2 sent to TVA Letter dated EICB RAI ML1028618855 sent to
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 194 7.5.1. 7.5.2.1 ( ( ( The WBU2 FSAR Section 7.5.2.1, Safety Parameter Display Responder: Costley/Norman 184. Y Closed Closed Item No. 3 sent to TVA Letter dated EICB RAI ML1028618855 sent to 195 7.5.1. 7.5.2.2 M M M Bypassed and Inoperable Status Indication (BISI) Responder: Costley/Norman 185. Y Closed Closed Item No. 4 sent to TVA Letter dated EICB RAI ML1028618855 sent to a a a 196 7.5.1. 7.5.2.2 Bypassed and Inoperable Status Indication (BISI) Responder: Costley/Norman 186. Y Closed Closed Item No. 5 sent to TVA Letter dated EICB RAI ML1028618855 sent to 197 ( ( Open Item 197 was never issued. 187. Y Closed Closed 198 7.5.1. 7.5.2.2 M M X SRP Section 7.5, Subsection III, Review Procedures states: Responder: Costley/Norman 188. Y Closed Closed Item No. 6 sent to TVA Letter dated EICB RAI ML1028618855 sent to a a 199 7.5.1. 7.5.2.3 The WBU2 FSAR Section 7.5.2.3, Technical Support Center and Responder: Costley/Norman 189. Y Closed Closed Item No. 7 sent to TVA Letter dated Related SE Section 7.5.5.3 EICB RAI 200 7.2 7/21/2010 Responder: Clark 190. Y Closed Closed EICB RAI TVA Letter dated
(
201 7.7.1. 7.7.11 C 7/21/2010 Responder: Webb 191. Y Closed Closed EICB RAI TVA Letter dated 202 7.5.2 7/22/2010 Responder: WEC 17. N Open Open-NRC Review EICB RAI TVA Letter dated NNC 1/5/11: See Also Open Item No.
EICB (Carte)
ML102980066 Item 10/5/10 81 and 86.
The letter (ML0003740165) which transmitted the Safety Revision 1 of the Licensing Technical Report will provide Pending Submittal of Revision 3 Due 2/25/11 & No. 4 Evaluation for the Common Q topical report to Westinghouse more detailed information on the changes to the platform. of the Licensing Technical 3/29/11 stated: "Should our criteria or regulations change so that our Report due 3/29/11.
conclusions as to the acceptability of the report are invalidated, CE to provide information Nuclear Power and/or the applicant referencing the topical report Rev. 2 of the Licensing Technical Report will include the Response included in letter requested.
will be expected to revise and resubmit their respective applicability of guidance. dated 12/22/10 documentation, or submit justification for continued applicability of Due TBD the topical report without revision of the respective documentation." TVA Response to Follow-up NRC Request: Partial Response provided in Question No 81 identified many criteria changes; please revise the WNA-LI-00058-WBT-P, Revision 2, Post-Accident letter dated 10/5/10 respective documentation or submit justification for continued Monitoring System (PAMS) Licensing Technical Report applicability of the topical report. (LTR) submitted in TVA Letter to NRC dated December 3, NNC 1/5/11: Summary provided 2010, contains the following change to address the NRC in Licensing Technical Report request: R2 has been reviewed and found to be unacceptable.
Section 9, Compliance Evaluation of the Watts Bar 2 PAMS Software Requirements Specification to IEEE Standard 830- LTR Section 9 evaluates the 1998 and Regulatory Guide 1.172 to show the origin of the compliance of the SRS to IEEE requirements has been added. 830-1998. There are two issues with this evaluation:
The descriptions and commitments in the Topical Report (1) IEEE 830-1998 is not the (TR) still apply. The LTR provides compliance evidence to current SRP acceptance criteria.
the new ISG-04 criteria. The statement in the SE means that IEEE 830-1998 has not been the TR can be evaluated against later NRC criteria when it formally endorsed by a appears. regulatory guide.
(2) Westinghouse committed to Source: E-mail from Westinghouse (Matthew A. Shakun) to evaluate the SRS against 830 Bechtel (Mark S. Clark), RE: December 22 letter review, when the NRC identified several dated December 17, 2010 inconsistencies.
Partial TVA Response to Follow-up NRC Request: Yes ISG-4 is one new criteria, and an evaluation against it has Attachment 4 contains the results of the TVA analysis of been provided.
standards and regulatory guides applicable to the Common Q PAMS. Based on the results of the analysis, the Common In addition, LTR Rev. 2 Section Q PAMS design is acceptable. 13 states: The applicable NRC regulatory guides, IEEE and The final response is pending submittal of the Licensing EPRI industry standards fo the Technical Report Revision 3 scheduled for March 29, 2011. common Q PAMS are shown below. Compliance to these TVA Response to Follow-up NRC Request: codes and standards are stated in Section 4 of Reference 1.
(1) As discussed on page 9-1 of the Licensing Technical Reference 1 is the common Q Report (Attachment 2) a comparison of IEEE 830-1993 topical report.
and IEEE 830-1998 was performed and it was determined that the 1998 version enveloped all the
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N requirements of the 1993 version which is endorsed by Regulatory Guide 1.172. Therefore the use of IEEE 830-1998 is acceptable.
(2) Table 9.1 IEEE Std 830-1998 Compliance of the Licensing Technical Report (Attachment 2) evaluates the Software Requirements Specification against the requirements of IEEE 830-1998.
(3) See TVA to NRC letter Watts Bar Nuclear Plant (WBN)
Unit 2 - Instrumentation And Controls Staff Information Requests, dated February 25, 2011 Attachment 4 Common Q PAMS Regulatory Guide and IEEE Standard Analysis.
(4) This section of the Licensing Technical Report (Attachment 2) has been relocated to section 15. The comment has been addressed by adding Reference 40 to TVA to NRC letter dated February 25, 2011, Attachment 4 which is the Common Q PAMS Regulatory Guide and IEEE Standard Analysis.
( ( ( ( ( (
203 7.5.1. 7.5.2 7/26/2010 Responder: Clark 192. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 204 7.5.1. 7.5.2 7/26/2010 Responder: Costley/Norman 193. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL
( (
205 7/26/2010 Responder: Clark 194. Y Closed Closed EICB RAI TVA Letter dated Question B related to prior NRC M M M M ( M M 206 7.5.1. 7.5.2 7/27/2010 Responder: Clark 195. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 207 July 27, 2010 Date: 196. Y Closed Closed C C 208 7.5.2. 7.5.1 7/27/2010 Responder: Clark 197. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL a a a a G a a 209 7.5.2. 7.5.1 7/27/2010 Responder: Clark 198. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 210 7.5.2. 7.5.1 7/27/2010 Responder: Clark 199. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 211 7.5.1. 7/27/2010 Responder: Clark 200. Y Closed Closed EICB RAI TVA Letter dated Relates to SE Sections:
212 7.5.2 7/27/2010 Responder: WEC 18. N Open Open-NRC Review EICB RAI EICB (Carte)
ML102980066 Item By letter dated June 18, 2010 (ML101940236) TVA stated Application specific requirements for testing. This cannot be Partial Response included in No. 10 (Enclosure 1, Attachment 3, Item No. 3) that the PAMS system addressed in a topical report. Evaluation of how the letter dated 03/16/11 design specification and software requirements specification hardware meets the regulatory requirements.
contain information to address the "Design Report on Computer Final response due 3/29/11 Integrity, Test and Calibration..." The staff has reviewed these WEC to provide the information and determine where the documents, and it is not clear how this is the case. information will be located.
(1) Please describe how the information provided demonstrates compliance with IEEE 603-1991 Clauses 5.5, 5.7, 5.10, & 6.5. IEEE-603 1991:
(2) Please describe how the information provided demonstrates 5.5 System Integrity. The safety systems shall be NNC 2/17/2011: IEEE conformance with IEEE 7-4.3.2-2003 Clauses 5.5 & 57. designed to accomplish their safety functions under the 603 Clause 5.5 full range of applicable conditions enumerated in the basically states that design basis. conditions identified in IEEE 603 Clauses 4.7 TVA Response: The applicable conditions and & 4.8 must be Common Q PAMS system compliance are contained in addressed in the WNA-LI-00058-WBT-P, Rev. 2, Post-Accident design. Energy supply Monitoring System (PAMS) Licensing Technical conditions have not Report submitted in TVA Letter to NRC dated been identified, or December 3, 2010, Section 11, Contract Compliance explicitly addressed.
Matrix items:
87 and 88 Seismic 89, 90, 91, 92 and 185 EMI/RFI
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 300, 301 and 302 Environmental Seismic qualification of the equipment to meet the design basis requirements NNC 2/18/11: Clause 5.7 is acceptably 5.7 Capability for Test and Calibration. Capability for addressed.
testing and calibration of safety system equipment shall be provided while retaining the capability of the safety systems to accomplish their safety functions.
The capability for testing and calibration of safety system equipment shall be provided during power operation and shall duplicate, as closely as practicable, performance of the safety function. Testing of Class 1E systems shall be in accordance with the requirements of IEEE Std 338-1987. Exceptions to testing and calibration during power operation are allowed where this capability cannot be provided without adversely affecting the safety or operability of the generating station. In this case:
(1) appropriate justification shall be provided (for example, demonstration that no practical design exists),
(2) acceptable reliability of equipment operation shall be otherwise demonstrated, and (3) the capability shall be provided while the generating station is shut down.
TVA Response: The requirements for test and calibration and Common Q PAMS system compliance, are contained in WNA-LI-00058-WBT-P, Rev. 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11, TVA Contract Compliance Matrix items:
202 self test 350 Maintenance Bypass NNC 2/18/2011: WNA-351 Loop Tuning Parameters, AR-00189-WBT Rev. 0 Table 5-2 shows a 400 and 401 3.7.2 Testing, Calibration, and MTTR of 7.2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. It Verification is not clear how this 402, 403 and 404, 3.7.3 Channel Bypass or satisfies the Removal from Operation contractual item No.
179.
5.10 Repair. The safety systems shall be designed to facilitate timely recognition, location, replacement, The Contract repair, and adjustment of malfunctioning equipment.
Compliance Matrix Item 179 in Revision 3 of the TVA Response: The requirements for repair and LTR has been revised Common Q PAMS system compliance are contained in to show this item as a WNA-LI-00058-WBT-P, Rev. 2, Post-Accident deviaition and to reflect Monitoring System (PAMS) Licensing Technical TVAs acceptance of Report Section 11, TVA Contract Compliance Matrix the 7.2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> MTTR items:
value. Attachment 2 179 Mean time to repair contains WNA-LI-202 self test 00058-WBT-P, Post-398 3.7 Maintenance Accident Monitoring 399 3.7.1 Troubleshooting System (PAMS)
Licensing Technical 6.5 Capability for Testing and Calibration Report, Revision 3, dated March 2011
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 6.5.1 Means shall be provided for checking, with a high (proprietary).
degree of confidence, the operational availability of each sense and command feature input sensor required for a safety function during reactor operation.
This may be accomplished in various ways; for example:
(1) by perturbing the monitored variable, (2) within the constraints of 6.6, by introducing and varying, as appropriate, a substitute input to the sensor of the same nature as the measured variable, or (3) by cross-checking between channels that bear a known relationship to each other and that have readouts available.
6.5.2 One of the following means shall be provided for assuring the operational availability of each sense and command feature required during the post-accident period:
(1) Checking the operational availability of sensors by use of the methods described in 6.5.1.
(2) Specifying equipment that is stable and retains its calibration during the post-accident time period.
TVA Response: The requirements for sense and command feature testing and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11 TVA Contract Compliance Matrix items:
10, display of sensor diagnostic information 202 self test 205 self diagnostics and watchdog timer 264 through 271, system self checks 311 system status displays, 341 alarms, 344 on-line diagnostics IEEE 7-4.3.2-2003 5.5 System integrity In addition to the system integrity criteria provided by IEEE Std 603-1998, the following are necessary to achieve system integrity in digital equipment for use in safety systems:
Design for computer integrity Design for test and calibration Fault detection and self-diagnostics 5.5.1 Design for computer integrity The computer shall be designed to perform its safety function when subjected to conditions, external or internal, that have significant potential for defeating the safety function. For example, input and output processing failures, precision or round off problems, improper recovery actions, electrical input voltage and frequency fluctuations, and maximum credible number of coincident signal changes.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N If the system requirements identify a safety system preferred failure mode, failures of the computer shall not preclude the safety system from being placed in that mode. Performance of computer system restart operations shall not result in the safety system being inhibited from performing its function.
TVA Response: Common Q PAMS system reliability and failure modes are described in:
WNA-AR-00180-WBT, Revision 0, Failure Modes and Effects Analysis (FMEA) for the Post Accident Monitoring System WNA-AR-00189-WBT, Revision 0 Post Accident Monitoring System Reliability Analysis The requirements for mean time between failure and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Section 11 TVA Contract Compliance Matrix item 178.
5.5.2 Design for test and calibration Test and calibration functions shall not adversely affect the ability of the computer to perform its safety function. Appropriate bypass of one redundant channel is not considered an adverse effect in this context. It shall be verified that the test and calibration functions do not affect computer functions that are not included in a calibration change (e.g., setpoint change).
V&V, configuration management, and QA shall be required for test and calibration functions on separate computers (e.g., test and calibration computer) that provide the sole verification of test and calibration data.
V&V, configuration management, and QA shall be required when the test and calibration function is inherent to the computer that is part of the safety system.
V&V, configuration management, and QA are not required when the test and calibration function is resident on a separate computer and does not provide the sole verification of test and calibration data for the computer that is part of the safety system.
TVA Response: The requirements for test and calibration and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11 TVA Contract Compliance Matrix items:
202 self test 350 Maintenance Bypass 351 Loop Tuning Parameters, 400 and 401 3.7.2 Testing, Calibration, and Verification
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 402, 403 and 404, 3.7.3 Channel Bypass or Removal from Operation 5.5.3 Fault detection and self-diagnostics Computer systems can experience partial failures that can degrade the capabilities of the computer system, but may not be immediately detectable by the system.
Self-diagnostics are one means that can be used to assist in detecting these failures. Fault detection and self-diagnostics requirements are addressed in this sub-clause.
The reliability requirements of the safety system shall be used to establish the need for self-diagnostics. Self diagnostics are not required for systems in which failures can be detected by alternate means in a timely manner. If self-diagnostics are incorporated into the system requirements, these functions shall be subject to the same V&V processes as the safety system functions.
If reliability requirements warrant self-diagnostics, then computer programs shall incorporate functions to detect and report computer system faults and failures in a timely manner. Conversely, self-diagnostic functions shall not adversely affect the ability of the computer system to perform its safety function, or cause spurious actuations of the safety function. A typical set of self-diagnostic functions includes the following:
Memory functionality and integrity tests (e.g.,
PROM checksum and RAM tests)
Computer system instruction set (e.g., calculation tests)
Computer peripheral hardware tests (e.g.,
watchdog timers and keyboards)
Computer architecture support hardware (e.g.,
address lines and shared memory interfaces)
Communication link diagnostics (e.g., CRC checks)
Infrequent communication link failures that do not result in a system failure or a lack of system functionality do not require reporting.
When self-diagnostics are applied, the following self-diagnostic features shall be incorporated into the system design:
a) Self-diagnostics during computer system startup b) Periodic self-diagnostics while the computer system is operating c) Self-diagnostic test failure reporting TVA Response: The requirements for fault detection and self diagnostics and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Rev. 2, Post-Accident Monitoring System (PAMS)
Licensing Technical Report Section 11 TVA Contract
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Compliance Matrix items:
107 error free download 202 self test 205 self diagnostics and watchdog timer 263 primary and backup communication 264 through 271, continuous on-line self checks 311 system status displays, 341 alarms, 344 on-line diagnostics 5.7 Capability for test and calibration No requirements beyond IEEE Std 603-1998 are necessary.
TVA Response: No response required.
Concurrence: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: RAI 212 Response - Errors in the Contract Compliance Matrix, dated December 17, 2010 (a) Energy Supply conditions are specified in WNA-DS-01617-WBT-P, System Requirements Specification Rev.
4, Requirement 4.1-1 which requires 120Vac +/-10% and 60+/-3Hz. Power to the Common Q PAMS is provided from the 120Vac vital power system. Per WBN Unit 2 FSAR section 8.3.1.1 the vital 120 volt ac system specifications are 120Vac +/-2% and 60+/-0.5Hz. Based on this, the power provided meets the system requirements.
Electromagnetic compatibility, seismic and environmental qualification of the equipment to meet the design basis requirements is documented in EQ-QR WBT-P, Revision 0 Qualification Summary Report for Post-Accident Monitoring System (PAMS)" (Proprietary)
(Attachment 4). Attachment 5 contains EQ-QR WBT-NP, Revision 0 Qualification Summary Report for Post-Accident Monitoring System (PAMS)" (non-proprietary). Attachment 6 contains CWA-11-3118, Application for Withholding Proprietary Information from Public Disclosure, EQ-QR-68-WBT-P, Revision 0 Qualification Summary Report for Post-Accident Monitoring System (PAMS), (Proprietary), dated February 28, 2011.
(b) The Contract Compliance Matrix Item 179 in Revision 3 of the Licensing Technical Report will be revised to show this item as a deviation and to reflect TVAs acceptance of the 7.2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> MTTR value. WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, (proprietary) dated March 2011, will be submitted no later than March 29, 2011.
213 7.5.2 7/27/2010 Responder: WEC 19. N Open Open-NRC Review EICB RAI EICB ML102980066 Item (Carte) By letter dated June 18, 2010 (ML101940236) TVA stated Conformance with IEEE 603 is documented in the revised Pending Submittal of Revision 3 Due 3/29/11 No. 18 (Enclosure 1, Attachment 3, Item No. 3) that the PAMS system Common Q PAMS Licensing Technical Report and the of the Licensing Technical design specification and software requirements specification Common Q PAMS System Design Specification. Report due 3/29/11. NNC 2/3/11: The
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N contain information to address the "Theory of Operation identified Description." The staff has reviewed these documents, and it is not Attachment 1 contains the proprietary version of Response is included in letter documentation does clear how this is the case. The docketed material does not appear Westinghouse document Tennessee Valley Authority dated 10/25/10 not include the design to contain the design basis information that is required to evaluate (TVA), Watts Bar Unit 2 (WBN2), Post-Accident Monitoring bases. Please provide compliance with the Clause of IEEE 603. System (PAMS), Licensing Technical Report, Revision 1, NNC to review and revise this schedule for providing (1) Please provide the design basis (as described in IEEE 604 WNA-LI-00058-WBT-P, Dated October 2010 question after LTR R2 is the requested Clause 4) of the Common Q PAMS. received. information.
(2) Please provide a regulatory evaluation of how the PAMs Attachment 8 contains the proprietary version of complies with the applicable regulatory requirements for the theory Westinghouse document Nuclear Automation Watts Bar 2 of operation. NSSS Completion Program I&C Projects Post Accident For example: Regarding IEEE 603 Clause 5.8.4 (1) What are the Monitoring System - System Design Specification, WNA-manually controlled protective actions? (2) How do the documents DS-01667-WBT, Rev. 2 dated September 2010.
identified demonstrate compliance with this clause?
TVA Response to Follow-up NRC Request:
The Regulatory Guide 1.97 classification of the Common Q PAMS variables is documented in TVA Design Criteria WB-DC-30-7 Post Accident Monitoring Instrumentation which was submitted as Attachment 5 on TVA to NRC letter Watts Bar Nuclear Plant (WBN) Unit 2 - Instrumentation And Controls Staff Information Requests dated June 18, 2010 (Reference 1)
The hardware design bases for the Common Q PAMS is described in the WBN Unit 2 FSAR section 7.5.1.8 Post Accident Monitoring System (PAMS).
The Common Q PAMS indications are used to support operator response to events described in chapter 15 of the WBN Unit 2 FSAR such as:
RCCA/RCCA Bank dropped/misaligned Steam Generator Tube Rupture Inadvertent Loading of a Fuel Assembly Into an Improper Position Loss of Shutdown Power Major Reactor Coolant System Pipe Ruptures (Loss Of Coolant Accident)
Major Secondary System Pipe Rupture
(
214 C 7/27/2010 Responder: WEC 201. Y Closed Closed EICB RAI TVA Letter dated
( ( (
215 7/29/2010 Responder: WEC 202. Y Closed Closed 216 7.5.1. 7.5.2 7/29/2010 Responder: Clark 203. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 217 7/6/2010 Responder: Clark 204. Y Close Closed EICB RAI TVA Letter dated
( (
218 7/6/2010 Responder: Clark 205. Y Closed Closed EICB RAI TVA Letter dated 219 8/4/2010 Responder: TVA Licensing 206. Y Closed Closed EICB RAI
( ( M ( ( M ( ( ( ( M 220 8/4/2010 Responder: Ayala 207. Y Closed Closed EICB RAI TVA Letter dated 221 7.7.1. 7.7.1.3 8/4/2010 Responder: Trelease 208. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL C P 222 8/4/2010 Responder: Clark 209. Y Close Closed EICB RAI TVA Letter dated 223 8/4/2010 Responder: Clark 210. Y Closed Closed EICB RAI G G a G G a G G G G a 224 7.5.1. 7.5.2 8/4/2010 Responder: Norman (TVA CEG) 211. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 225 8/4/2010 Responder: Scansen 212. Y Close Closed EICB RAI TVA Letter dated 226 8/4/2010 Responder: TVA Licensing 213. Y Closed Closed N/A - Information TVA Letter dated See also Open Item Nos. 41 & 270.
227 8/4/2010 Responder: Clark 214. Y Close Closed EICB RAI TVA Letter dated
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
( ( (
228 8/4/2010 Responder: Clark 215. Y Closed Closed EICB RAI TVA Letter dated 229 ( 8/4/2010 Responder: Clark 216. Y Closed Closed EICB RAI TVA Letter dated C C C 217. Y G
230 8/4/2010 Responder: Webb Closed Closed EICB RAI TVA Letter dated 231 8/4/2010 Responder: Clark 218. Y Closed Closed EICB RAI TVA Letter dated
( ( ( ( ( (
232 8/4/2010 Responder: Clark 219. Y Closed Closed RAI No. 5 TVA Letter dated 233 8/4/2010 Responder: Clark 220. Y Closed Closed EICB RAI TVA Letter dated
( ( (
234 8/4/2010 Responder: 221. Y Closed Closed N/A - Duplicate N/A C C C C C S 235 8/4/2010 Responder: TVA Licensing 222. Y Closed Closed N/A N/A 236 8/4/2010 Responder: Clark 223. Y Close Closed EICB RAI TVA Letter dated G G G 237 8/4/2010 Responder: Clark 224. Y Closed Closed EICB RAI TVA Letter dated i
238 8/4/2010 Responder: Webb/Hilmes 225. Y Closed Closed N/A - Duplicate N/A 239 8/4/2010 Responder: Hilmes 226. Y Closed Closed N/A - Meeting N/A 240 8/4/2010 Responder: Clark 227. Y Close Closed Ml102910008 TVA Letter dated 241 ( ( 8/4/2010 Responder: Davies 228. Y Closed Closed RAI No. 10 TVA Letter dated
(
242 C S 8/4/2010 Responder: Hilmes 229. Y Close Closed EICB RAI TVA Letter dated G
i 243 8/3/2010 Responder: WEC 230. Y Closed Closed N/A - Closed to N/A 244 8/3/2010 Responder: WEC 20. N Open Open-NRC Review EICB RAI Response is LIC-101 Rev. 3 Appendix B Section 4, EICB (Carte)
ML102980066 Item provided in letter "Safety Evaluation" states: "the Section 8.2.2 of the Common Q SPM (ML050350234) states that The process related requirements have been removed from Revised response is included in Due 2/25/11 Document No. 14 dated 10/25/10. information relied upon in the SE must the Software Requirements Specification (SRS) shall be developed revision 2 of the Software Requirements Specification (SRS). letter dated 12/22/10 revisions be docketed correspondence."
using IEEE 830 and RE 1.172. Clause 4.8, "Embedding project requirements in the SRS," of the IEEE 830 states that an SRS Attachment 3 of letter dated 10/25/10 contains the Response is provided in letter NNC 2/2/11: Issues LIC-101 Rev. 3 states: "The safety should address the software product, not the process of producing proprietary version of Westinghouse document Nuclear dated 10/25/10. with Common Q TR & analysis that supports the change the software. In addition Section 4.3.2.1 of the SPM states "Any Automation, Watts Bar 2 NSSS Completion Program, I&C SPM compliance were requested should include technical alternatives to the SPM processes or additional project specific Projects, Software Requirements Specification for the Post NNC 11/18/10: SysRS Rev. 2 discussed in the weekly information in sufficient detail to enable information for the ...SCMP...shall be specified in the PQP. Accident Monitoring System, WNA-SD-00239-WBT, also contains process public meetings. the NRC staff to make an independent Revision 2, Dated September 2010. requirements that are more Westinghouse to assessment regarding the acceptability Contrary to these two statements in the SPM, the WBN2 PAMS appropriately incorporated into perform Common Q TR of the proposal in terms of regulatory SRS (ML101050202) contains many process related requirements, process documentation. & SPM compliance self requirements and the protection of for example all seventeen requirements in Section 2.3.2, TVA Response to Follow-up NRC Request: assessment; this will be public health and safety."
"Configuration Control," address process requirements for As shown is the listed documents, process related discussed in detail on configuration control. requirements have been deleted from the SRS and SysRS in the next audit.
Revision 3:
Please explain how the above meets the intent of the approved SPM. Attachment 1 contains proprietary version of WNA-DS-01617-WBT-P, Revision 3, Post Accident Monitoring System-System Requirements Specification, dated December 2010.
Attachment 7 contains the proprietary version of WNA-SD-00239-WBT-P, Revision 3, Software Requirements Specification for the Post Accident Monitoring System, dated December 2010.
Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: Common Q RAI concerns, dated December 8, 2010 (Reference 17)
TVA Response to Follow-up NRC Request:
The documents discussed in Item 3 have been revised to address compliance with the Topical Report (TR) and the
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Software Program Manual (SPM).
245 8/3/2010 Responder: WEC 21. N Open Open-NRC Review EICB RAI LIC-101 Rev. 3 Appendix B Section 4, EICB (Carte)
ML102980066 Item "Safety Evaluation" states: "the Section 5.8 of the Common Q SPM (ML050350234) identifies the Relates to the commitment to provide the test plan and the Pending Submittal of the Test Due 3/29/11 No. 119 information relied upon in the SE must required test documentation for systems developed using the SPM compliance matrix Summary Report due 3/29/11 be docketed correspondence."
Common Q SPM. Please provide sufficient information for the NNC 2/2/11: Issues NRC staff to independently assess whether the test plan for WBN2 Attachment 9 contains the Westinghouse document Post Response included in letter with the Common Q TR LIC-101 Rev. 3 states: "The safety PAMS, is as described in the SPM (e.g., Section 5.8.1). Accident Monitoring System Test Plan, WNA-PT-00138- dated 12/3/10 & SPM were discussed analysis that supports the change WBT, Revision 0, dated November 2010. Attachment 10 in the weekly public requested should include technical contains the Westinghouse Application for Withholding for Common Q PAMS Test meetings. information in sufficient detail to enable the Post Accident Monitoring System Test Plan, WNA-PT- Summary Report scheduled to Westinghouse to the NRC staff to make an independent 00138-WBT, Revision 0, dated November 2010. be submitted March 29, 2011. perform Common Q TR assessment regarding the acceptability
& SPM compliance self of the proposal in terms of regulatory TVA Response to Follow-up NRC Request: assessment requirements and the protection of public health and safety."
The results of the self assessment were reviewed by Westinghouse with the NRC on February 2, 2011 and were further reviewed by TVA during the NRC Common Q PAMS audit during the week of February 28 to March 4, 2011.
Corrections to WNA-TR-02451-WBT, Test Summary Report for the Post Accident Monitoring System and the self assessment were made as a result of the TVA review to ensure this comment was fully addressed.
By agreement between TVA, WEC and the NRC, the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0 will not be revised. Instead a non-proprietary Common Q PAMS Test Summary Report will be developed and submitted to address the issues with TR and SPM compliance. Attachment 1 contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.
246 8/3/2010 Responder: WEC 22. N Open Open-NRC Review EICB RAI Response is LIC-101 Rev. 3 Appendix B Section 4, EICB (Carte)
ML102980066 Item provided in letter "Safety Evaluation" states: "the Section 4.3.2.1, "Initiation Phase" of the Common Q SPM As agreed ISG6 does not apply to the Common Q PAMS Pending Submittal of Revision 3 Due 3/29/11 No. 15 dated 10/25/10 information relied upon in the SE must (ML050350234) requires that a Project Quality Plan (PQP) be platform. The information required to address this question of the Licensing Technical be docketed correspondence."
developed. Many other section of the SPM identify that this PQP concerning the PQP and SPM has been added to Report due 3/29/11. PQP NNC 2/2/11: Issues should contain information required by ISG6. Please provide the compliance matrix in revision 1 of the Licensing Technical provided for audit the week of with the Common Q TR LIC-101 Rev. 3 states: "The safety PQP. If "PQP" is not the name of the documentation produced, Report. 2/28/11. & SPM implementation analysis that supports the change please describe the documentation produced and provide the were discussed in the requested should include technical information that the SPM states should be in the PQP. Attachment 1 of letter dated 10/25/10 contains the Response is provided in letter weekly public meetings. information in sufficient detail to enable proprietary version of Westinghouse document Tennessee dated 10/25/10 Westinghouse to the NRC staff to make an independent Valley Authority (TVA), Watts Bar Unit 2 (WBN2), Post- perform Common Q TR assessment regarding the acceptability Accident Monitoring System (PAMS), Licensing Technical NNC 11/18/10: PQP has not & SPM compliance self of the proposal in terms of regulatory Report, Revision 1, WNA-LI-00058-WBT-P, Dated October been provided and CQ PAMS assessment requirements and the protection of 2010 LTR Rev. 1 does not contain public health and safety."
comparable information.
TVA Response to Follow-up NRC Request:
The results of the Common Q TR and SPM self assessment were reviewed by Westinghouse with the NRC on February 2, 2011.
The Westinghouse Watts Bar Unit 2 NSSS Completion I&C Projects Project Quality Plan, WNA-PQ-00220-WBT, Revision 1 is available for NRC audit at the Westinghouse Rockville Office and was available for review during the NRC Common Q PAMS audit during the week of February 28 to
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N March 4, 2011. During the audit, the Westinghouse Quality Assurance in process audit of the Common Q PAMS project was reviewed by the NRC inspector with no issues identified.
( ( (
247 8/8/2010 Responder: WEC 231. Y Closed Closed EICB RAI Response is LIC-101 Rev. 3 Appendix B Section 4, 248 8/8/2010 Responder: WEC 232. Y Closed Closed Response is LIC-101 Rev. 3 Appendix B Section 4, C C C 249 8/8/2010 Responder: WEC 233. Y Closed Closed LIC-101 Rev. 3 Appendix B Section 4, 250 8/8/2010 Responder: WEC 23. N Open Open-NRC Review LIC-101 Rev. 3 Appendix B Section 4, EICB (Carte)
"Safety Evaluation" states: "the The SPM describes the software and documents that will be Westinghouse develops Software Release Reports/Records Revised response included in NNC 2/2/11: To be information relied upon in the SE must created and placed under configuration control. The SCMP (e.g., and a Configuration Management Release Report. Describe letter dated 12/22/10 addressed during the be docketed correspondence."
SPM Section 6, Software Configuration Management Plan) the documents and when they will be produced. Summarize next audit.
describes the implementation tasks that are to be carried out. The guidance on how to produce these records, focus on project Response included in letter LIC-101 Rev. 3 states: "The safety acceptance criterion for software CM implementation is that the specific requirements in SPM etc. dated 10/25/10. analysis that supports the change tasks in the SCMP have been carried out in their entirety. requested should include technical Documentation should exist that shows that the configuration TVA Response to Follow-up NRC Request: information in sufficient detail to enable management tasks for that activity group have been successfully the NRC staff to make an independent accomplished. Please provide information that shows that the CM The following documentation shows that the configuration assessment regarding the acceptability tasks have been successfully accomplished for each life cycle management tasks for that activity group have been of the proposal in terms of regulatory activity group. successfully accomplished. requirements and the protection of public health and safety."
- 1. WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following changes to address the NRC requests:
- a. Section 2.2.1 Hardware/Software Change Process has been added to describe the process of how changes are evaluated.
- b. Section 2.2.2, Software has been expanded to include a table detailing evolutionary software changes that have occurred since the initial submittal and the change evaluation of the life cycle.
- 2. WNA-PT-00138-WBT, Revision 0, Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post Accident Monitoring System Test Plan, (Proprietary), dated November 2010 submitted in TVA Letter to NRC, dated December 3, 2010 (Reference 1).
251 8/8/2010 Responder: WEC 24. N Open Open-NRC Review LIC-101 Rev. 3 Appendix B Section 4, EICB (Carte)
"Safety Evaluation" states: "the The SPM describes the software testing and documents that will be The software testing performed and documents created are Pending Submittal of the Test Due 3/29/11 information relied upon in the SE must created. The SPM also describes the testing tasks that are to be addressed by the SPM Compliance matrix contained in Summary Report due 3/29/11 be docketed correspondence."
carried out. The acceptance criterion for software test Revision 1 of the Licensing Technical Report. NNC 2/2/11: Issues implementation is that the tasks in the SPM have been carried out Revised response included in with the Common Q TR LIC-101 Rev. 3 states: "The safety in their entirety. Please provide information that shows that Attachment 1 of the letter dated 10/25/10 contains the letter dated 12/22/10 & SPM were discussed analysis that supports the change testing been successfully accomplished. Proprietary version of Westinghouses document titled: in the weekly public requested should include technical Tennessee Valley Authority (TVA), Watts Bar Unit 2 Partial response is provided in meetings. information in sufficient detail to enable (WBN2), Post-Accident Monitoring System (PAMS), letter dated 10/25/10 Westinghouse to the NRC staff to make an independent Licensing Technical Report, Revision 1, WNA-LI-00058- perform Common Q TR assessment regarding the acceptability WBT-P, Dated October 2010 & SPM compliance self of the proposal in terms of regulatory assessment requirements and the protection of TVA Response to Follow-up NRC Request: public health and safety."
Please see the response to RAI item 21 in letter dated
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 12/22/10, NRC Matrix Item 250.
TVA Response to second Follow-up NRC Request:
The results of the Common Q TR and SPM self assessment were reviewed by Westinghouse with the NRC on February 2, 2011.
By agreement between TVA, WEC and the NRC, the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0 will not be revised. Instead a non-proprietary Common Q PAMS Test Summary Report will be developed and submitted to address the issues with TR and SPM compliance. Attachment 1 contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.
252 8/8/2010 Responder: WEC 25. N Open Open-NRC Review LIC-101 Rev. 3 Appendix B Section 4, EICB (Carte)
"Safety Evaluation" states: "the The SPM contain requirements for software requirements Explain response to AP1000 audit report. Response included in letter Due 2/25/11 (document information relied upon in the SE must traceability analysis and associated documentation (see Section RTM docketed NRC awaiting V&V evaluation of RTM. dated 12/22/10 submittals) be docketed correspondence."
5.4.5.3, Requirements Traceability Analysis). Please provide information that demonstrates that requirements traceability The following responses are based on WBN Unit 2 Common Read ML091560352 NNC 2/2/11: Updated LIC-101 Rev. 3 states: "The safety analysis has been successfully accomplished. Q PAMS traceability: RTMs and analysis that supports the change specifications to be requested should include technical Software requirements traceability analysis is described in provided. information in sufficient detail to enable the following documents: the NRC staff to make an independent Requirements assessment regarding the acceptability
- 1. WNA-LI-00058-WBT-P, Revision 2, Post-Accident traceability to be of the proposal in terms of regulatory Monitoring System (PAMS) Licensing Technical addressed during he requirements and the protection of Report submitted in TVA Letter to NRC dated next audit. public health and safety."
December 3, 2010, (Reference 1) Section 11, TVA Contract Compliance Matrix
- 2. WNA-VR-00279-WBT, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System (available for NRC audit at the Westinghouse Rockville office)
- 3. WNA-VR-00280-WBT, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements (available for NRC audit at the Westinghouse Rockville office) This document addresses the RSEDs used in the WBN Unit 2 Common Q PAMS.
The V&V evaluation of the RTM is documented in section 2.2.2 of the following documents:
- 1. The Independent Verification & Validation (IV&V) report covering the Concept and Definition phases (Nuclear Automation Watts Bar Unit 2 NSSS Completion Program I&C Projects, IV&V Summary Report for the Post Accident Monitoring System, (Proprietary), WNA-VR-00283-WBT, Revision 1, dated November 2010), submitted in TVA Letter to NRC dated December 3, 2010 (Reference 1).
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
- 2. The Independent Verification &Validation (IV&V) report covering the Design and Implementation phases (Nuclear Automation Watts Bar Unit 2 NSSS Completion Program I&C Projects, IV&V Summary Report for the Post Accident Monitoring System, (Proprietary), WNA-VR-00283-WBT, Revision 2, dated November 2010), submitted in TVA Letter to NRC dated December 3, 2010 (Reference 1).
- 3. The integration phase is covered in Attachment 10, the proprietary version of IV&V Summary Report for the Post Accident Monitoring System, WNA-VR-00283-WBT-P, Revision 3, dated December 2010.
Attachment 11 contains the non-proprietary version of IV&V Summary Report for the Post Accident Monitoring System, WNA-VR-00283-WBT-NP, Revision 3, dated December 2010. Attachment 12 contains the Application For Withholding Proprietary Information From Public Disclosure WNA-VR-00283-WBT-P, Revision 3, IV &V Summary Report for the Post Accident Monitoring System (Proprietary), dated December 2010.
TVA Response to Follow-up NRC Request:
See Response to item 3 (Matrix Item Number 142)
( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (
253 8/8/2010 Responder: Clark 234. Y Closed Closed TVA Letter dated Related to Open Item no. 83.
254 8/10/2010 Responder: WEC 235. Y Closed Closed N/A - Request to TVA Letter dated 255 8/10/2010 Responder: WEC 236. Y Closed Closed N/A - Request to TVA Letter dated 256 8/10/2010 Responder: WEC 237. Y Closed Closed N/A - Request to TVA Letter dated 257 8/10/2010 Responder: WEC 238. Y Closed Closed N/A - Request to N/A 258 8/10/2010 Responder: WEC 239. Y Closed Closed N/A - Request to N/A 259 8/10/2010 Responder: WEC 240. Y Closed Closed N/A - Request to TVA Letter dated 260 8/10/2010 Responder: WEC 241. Y Closed Closed N/A - Request to N/A C C C C C C C C C C C C C C C C 261 8/10/2010 Responder: WEC 242. Y Closed Closed N/A - Closed to TVA Letter dated LIC-110 Rev. 1 Section 6.2.2 states:
262 8/10/2010 Responder: WEC 243. Y Closed Closed N/A - Request to N/A 263 8/11/2010 Responder: WEC 244. Y Closed Closed ML101650255, Item 264 8/11/2010 Responder: WEC 245. Y Closed Closed ML101650255, Item 265 8/11/2010 Responder: WEC 246. Y Closed Closed ML101650255, Item 266 8/11/2010 Responder: Webb/Webber 247. Y Closed Closed TVA Letter dated 267 8/11/2010 Responder: WEC 248. Y Closed Closed 268 8/19/2010 Responder: WEC 249. N Closed Closed
( (
269 8/20/2010 Responder: NRC 250. Y Closed Closed N/A N/A
( ( (
270 8/23/2010 Responder: Clark 251. Y Closed Closed See also Open Item Nod. 41 & 245.
271 M M 8/23/2010 Responder: WEC 252. Y Closed Closed N/A - Closed to NA C C P a a 272 7.5.2. 7.5.1 8/26/2010 Responder: Clark 253. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 273 7.5.2. 7.5.1 8/26/2010 Responder: Clark 254. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL
(
274. 8/26/2010 Responder: Stockton 255. Y Closed Closed RAI No. 6 TVA Letter dated S
i
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
(
274. 7.5.2. 7.5.1 8/26/2010 Responder: Clark 256. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL M
a
( ( ( ( (
275 8/27/2010 Responder: Clark 257. Y Closed Closed Not Required N/A 276 7.6 7.6 8/27/2010 Responder: Webb 258. Y Closed Closed EICB RAI TVA Letter dated 277 7.6 7.6.3 8/27/2010 Responder: Clark 259. Y Close Closed EICB RAI TVA Letter dated 278 7.6 7.6.6 8/27/2010 Responder: Trelease 260. Y Close Closed EICB RAI TVA Letter dated D D D D D (
279 7.6 7.6.6 8/27/2010 Responder: Mather 261. Y Close Closed EICB RAI TVA Letter dated 280 7.6 7.6.6 8/27/2010 Responder: Trelease 262. Y Closed Closed EICB RAI TVA Letter dated
( ( ( ( ( ( ( (
281 7.6 7.6.8 8/27/2010 Responder: Webb 263. Closed Closed EICB RAI TVA Letter dated a a a a a S 282 7.6 7.6.9 8/27/2010 Responder: Trelease 264. Y Close Closed EICB RAI TVA Letter dated 283 7.7.5 XX 8/27/2010 Responder: Clark 265. Y Closed Closed EICB RAI No.13 TVA Letter dated This item is a follow-up question to item G G G G G G G G 284 7.7.3 7.4.1 8/27/2010 Responder: Webber 266. Y Closed Closed EICB RAI No.14 TVA Letter dated This item is a follow-up question to item 285 7.3.3 7.3 8/27/2010 Responder: McNeil 267. Y Closed Closed EICB RAI No.15 TVA Letter dated This item is a follow-up question to item i
286 7.7.3 9.3.4.2.4 8/27/2010 Responder: Webber 268. Y Closed Closed EICB RAI No.16 TVA Letter dated 287 7.3 7.3-1 8/27/2010 Responder: Elton 269. Y Closed Closed ML102390538, Item Response 288 7.3 9/2/2010 Responder: McNeil 270. Y Closed Closed EICB RAI
( ( ( ( (
289 9/2/2010 Responder: Faulkner 271. Y Closed Closed RAI No. 24 TVA Letter dated 290 7.7 9/7/2010 Responder: Clark 272. Y Closed Closed N/A N/A This item is a duplicate of item 291.
(
291 7.7 9/7/2010 Responder: Clark 273. Y Closed Closed TVA Letter dated
( D D D D D ( ( (
292 7.2.5 7.2 9/7/2010 Responder: Craig 274. Y Closed Closed EICB RAI TVA Letter dated M (
293 7.7.4 7.2.2.3.5 9/8/2010 Responder: Craig 275. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 294 7.3 7.3.1.1.1 9/9/2010 Responder: Elton 276. Y Closed Closed ML102390538, Item Response C a a a a a C C S 295 7.3 7.3.1.1.2 9/9/2010 Responder: Elton 277. Y Closed Closed ML102390538, Item Response a G 296 7.3 7.3.1.2.1 9/9/2010 Responder: Elton 278. Y Closed Closed ML102390538, Item Response i
297 7.3 7.3.1.2.2 9/9/2010 Responder: Elton 279. Y Closed Closed ML102390538, Item Response 298 7.3 XX 9/9/2010 Responder: Clark 280. Y Closed Closed ML102390538, Item Response 299 Provide Common Q Software Requirements Specification Post Attachment 41 of the 10/5 letter contains the Common Q 281. Y Closed Closed TVA Letter dated
(
300 Need Radiation Monitoring System Description/Design Criteria Responder: Temples/Mather 282. Y Closed Closed RAI No. 25 TVA Letter S
i
( (
301 1.TVA is requested to address the consequences of software Responder: WEC/Davies/Clark 283. Y Closed Closed RAI No. 11 TVA Letter dated Note 1:
302 7.5.2. 7.5.1 09/17/2010 Responder: Tindell 284. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL
( ( ( (
303 7.5.2. 7.5.1 09/17/2010 Responder: Tindell 285. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 304 7.5.2. 7.5.1 09/17/2010 Responder: Tindell 286. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL D D (
305 7.5.2. 7.5.1 09/17/2010 Responder: Tindell 287. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 306 7.1 7.1 FSAR amendment 100, page 7.1-12 provides the definition of Responder: Hilmes 288. Y Closed Closed EICB RAI TVA Letter dated
( ( ( ( ( ( ( ( M M M M 307 7.1 7.1 (1) FSAR amendment 100, Section 7.1, page 7.1-12, definition of Responder: Hilmes 289. Y Closed Closed EICB RAI TVA Letter dated 308 7.1 7.1 (1) FSAR Amendment 100, Section 7.1, page 7.1-13, definition of Responder: Hilmes 290. Y Closed Closed EICB RAI TVA Letter dated a a S 309 7.1 7.1.2.1.9 (1) FSAR amendment 100, Page 7.1-14, Westinghouse setpoint Responder: Hilmes 291. Y Closed Closed EICB RAI TVA Letter dated 310 7.1 7.1.2.1.9 292. Y G G G G G G G G a a a a (1) FSAR amendment 100, Page 7.1-14, TVA setpoint Responder: Hilmes Closed Closed EICB RAI TVA Letter dated 311 7.1 7.1 Both Westinghouse and TVA setpoint methodology do not have Responder: Hilmes 293. Y Closed Closed EICB RAI TVA Letter dated i
312 7.0 By letter dated September 10,2010, TVA provided the summary Responder: Stockton 294. Y Close Closed EICB RAI TVA Letter dated 313 7.7.8 7.7.1.12 EDCR 52408 (installation of AMSAC in Unit 2) states that Design Responder: Ayala 295. Y Closed Closed EICB RAI No.18 TVA Letter dated 314 7.3 7.3 The following 50.59 changes were listed in the March 12 RAI Responder: Stockton 296. Y Closed Closed EICB RAI No. 19 TVA Letter dated Related to OI 10 315 7.5.3 7.5.3 IE Bulletin 79-27 required that emergency operating procedures to Responder: S. Smith (TVA Operations) 297. Y Close Closed EICB RAI TVA Letter dated
(
316 7.5.2. 7.5 TVA has provided various documents in support of RM-1000 high Responder: Temples/Mather 298. Y Closed Closed RAI No. 26 S
i
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
(
317 7.5.2. 7.5 TVA has provided a proprietary and a non-proprietary version of Responder: Temples 299. Y Closed Closed RAI No. 27 TVA Letter dated S
i 318 7.5.2. 7.5 TVA has provided the following documents for RM-1000 Responder: Temples 26. Y Open Open-NRC Review RAI No. 28 TVA Letter dated 3 equipment qualification: ML102980005 10/29/10, Encl 1 Revised response is included in Due 2/25/11 10/26/2010 Item 34, and TVA (i) Qualification Test Report for RM-1000 Processor Module letter dated 12/22/10. letter 11/24/10, and Current-To-Frequency Converter 04508905-QR (i) Applicable to WBN Unit 2. 04508905-1QR is Response update Att. 2.
(January 2001) applicable only in regards to the RM-1000, with the Note check 04508905-1QR or required. It is clear that (ii) Qualification Test Report Supplement, RM-1000 Upgrades exception of re-qualification of certain RM-1000 QR. Staff version is QR only. 04508903-2SP and -
04508905-1SP (June 2006) equipment differences covered in the -1SP report. 3SP are not applicable.
(iii) Qualification Test Report Supplement, RM-1000 Upgrades The Current-to-Frequency (I-F) converter module Response is included in letter The response for 04508905-2SP (June 2008) qualifications in the base report and the -1SP report dated 10/29/10 applicability of (iv) Qualification Test Report Supplement, RM-1000 Upgrades are not applicable to the RM-1000s, and will be used 04508905-QR and -
04508905-3SP (May 2008) later as references in the WBN Unit 2 specific 1SP to RM-1000 and IF qualification reports. converter is not clear.
Please clarify whether all of these are fully applicable to WBN2 or are they applicable with exceptions? If with exceptions, then (ii) Applicable to WBN Unit 2. Check page numbers of please clarify what those are. Appendix F (iii) Not applicable to WBN Unit 2 (missing/duplicate Supplement 3 was issued one month prior to supplement 2. (iv) Not applicable to WBN Unit 2 pages).
Please explain the reason for the same. Check applicability of The 04508905-3SP report was prepared for another TVA Appendix C to RM1000 plant, as a monitor system-level report, where the system instead of RM2300?
included equipment mostly based on the base report See items 336 and 337.
equipment items. These two -2SP and -3SP supplement reports were essentially worked concurrently, but the -2SP All equipment document review/release process resulted in the release qualification reports time difference. including supplements 2SP and 3SP have EICB (Singh)
TVA Response to Follow-up NRC Request: been reviewed as vendor drawings for NOTE: The response for the current to frequency (I to F) WBN-2. Please explain converter in item 1 below is a reversal of the the reason for response previously provided in TVA to NRC letter applicability of one dated October 29, 2010 (Reference 22). General report and not the Atomics Electronic Systems Inc. (GA-ESI) notified other.
TVA of this change on December 8, 2010 (Reference 20). Further all TVA/Bechtel reviews seems to be (1) The applicability of the qualification reports from GA- dispositioned as Code ESI e-mail dated December 10, 2010 (Reference 19) is 4, Review not required.
as follows: Work may proceed.
The applicable reports
- a. 04508905-QR Qualification Test Report for RM- should have been 1000 Processor Module and Current-to- reviewed prior to Frequency Converter is applicable to the WBN dispositioning them.
Unit 2 RM-1000 and I to F converter modules. Please explain the apparent lack of review
- b. 04508905-1SP Supplement to Qualification Test of WBN-2 applicable Report for RM-1000 Processor Module and documents. Was Current-to-Frequency Converter is applicable to appropriate review the WBN Unit 2 RM-1000 module. guidance used?
- c. 04508905-1SP is not applicable to the WBN Unit Further update required 2 I to F converter module.
- d. 04508905-2SP Qualification Test Report Provide model Supplement, I-F Converter Upgrades is number/part number for applicable to the WBN Unit 2 I to F converter the RM-1000 and I/F converter used for
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N module. WBN-2. This information is needed GA-ESI provided two other reports required to support to verify that the model qualification of the containment high range radiation or part number used is monitors. The report descriptions are from GA-ESI e- the equipment that has mail on December 8, 2010 (Reference 20). The been qualified for WBN-reports are: 2.
- e. GA-ESI report 04038903-QSR, Qualification Provide qualification Summary Report for Watts Bar Nuclear Plant Unit reports 04038903-QSR 2 Replacement Radiation Monitors: The report is and 04038903-7SP by the principle report and the starting point for all the dues date of the radiation monitors provided as part of the 1/22/11.
replacement contract. The report describes each monitor; referenced to the technical manual for Submit a copy of any the physical and functional description and lists other relevant reviewed the major components of the monitor system. versions of the Report section 3 identifies the TVA Watts Bar Unit qualification reports.
2 Environmental, Seismic, Electromagnetic Compatibility (EMC), and software requirements Submit copies of the for each monitor. In section 4 a brief description reviewed reports for of GA-ESI generic qualification programs for all 04508905-QR, radiation monitoring equipment in each of the four 04508905-1SP, above areas is provided. The qualification basis 04508905-2SP.
for each monitor is provided in a separate supplement to the principle report and is identified Clarification of in section 5. applicability of existing reports is acceptable.
- f. GA-ESI report 04038903-7SP, Qualification Basis for 04034101-001 (2-RE-90-271, -272, -
273, & -274) [TVA Note: These are the containment post accident high range radiation monitors.]: GA-ESI report 04038903-7SP is divided into subsections to address the Environmental, Seismic, EMC, and Software qualification basis for the High Range Area Monitors. Within each subsection, the HRAM is compared to a tested or analyzed article to demonstrate similarity and/or evaluate differences, the tests that were performed, and evaluation to demonstrate qualification. In most cases, the qualification basis references other documents. In addition to qualification, a section is provided that lists the life of those replaceable components that have life expectancy less than 40 years.
(2) This is addressed by response to RAI Question 336 in TVA to NRC letter dated November 24, 2010 (Reference 8)
(3) This is addressed by response to RAI Question 337 in TVA to NRC letter dated November 24, 2010 (Reference 8)
(4) The 04508905-3SP Qualification Test Report Supplement, RM-1000 Upgrades is not applicable to WBN Unit 2 (Reference 19).
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Please see Item 1, above, for applicability of the other reports.
(5) TVA provided the proprietary versions of the reports by letter dated March 12, 2010 (Reference 10). By letter dated July 15, 2010 (Reference 23), TVA provided the non-proprietary version of the reports and included a copy of the proprietary report which had been erroneously marked as having not been reviewed.
04508905-QR report has been reviewed by TVA. The review of the remaining reports is ongoing.
(6) See item 5.
TVA Response to Follow-up NRC Request:
The following documents are the qualification documents associated with the RM-1000 radiation monitors:
Attachment 5 contains the approved proprietary version of General Atomics Electronic Systems 04508905-1SP, Qualification Test Report Supplement, RM-1000 Upgrade.
Attachment 6 contains the approved proprietary version of General Atomics Electronic Systems 04508905-2SP, Qualification Test Report Supplement, I-F Converter Upgrades.
Attachment 7 contains the approved proprietary version of General Atomics Electronic Systems 04038903-7SP, Qualification Basis for 04034101 (2-RE-90-271, 272, 273 & 274).
Attachment 8 contains the proprietary version of General Atomics Electronic Systems 04038903-QSR, Qualification Summary Report for Watts Bar Nuclear Plant Unit 2 Replacement Radiation Monitors. In order to meet the NRC submittal schedule, the engineering review of this document was limited to the RM-1000. The document has been accepted for the RM-1000 monitors. Engineering approval will not occur until full review for all covered monitors is complete.
Attachment 23 contains the approved proprietary version of General Atomics Electronic Systems 04508905-QR, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter.
(
319 7.5.2. 7.5 TVA provided System Verification Test Results 04507007-1TR Responder: Temples 300. Y Closed Closed RAI No. 29 TVA Letter dated S
i E
320 I Per Westinghouse letter WBT-D-2340, TENNESSEE VALLEY Responder: Clark 301. Y Closed Closed N/A N/A Duplicate of item 156 321 ( E For the purposes of measuring reactor coolant flow for Reactor Responder: Clark 302. Y Closed Closed N/A N/A Duplicate of OI# 157 C I 322 7.7.1.11 Section 7.7.1.11 will be added to FSAR Amendment 101 to provide Responder: Clark 303. Y Closed Closed 323 WCAP-13869 revision 1 was previously reviewed under WBN Unit Responder: Hilmes/Unit 1 1. Y Open Open-TVA/Bechtel TVA Letter dated EICB(Ga 1 SER SSER 13 (Reference 8). Unit 2 references revision 2. An 10/29/10 rg) analysis of the differences and their acceptability will be submitted Attachment 12 contains the WCAP 13869 Revision 1 to Due 3/29/11 Due: Enclosure 1 Item to the NRC by November 15, 2010 Revision 2 Change Analysis. No. 36
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Revised Response is included in Need to provide TVA Response to Follow-up NRC Request letter dated 10/29/10 additional info on why A FSAR change will be submitted in a future FSAR Rev. 1 is acceptable for amendment to change the revision level back to 1. The staff is confused with the both units.
response since both units have TVA Response to Second Follow-up NRC Request reference leg not insulated Rev 3/10/11 2 should apply to Unit 1 also Staff does not agree The differences between the Revision 1 and Revision 2 and there should be no with the statement that WCAPs is documented in Attachment 12, WCAP 13869 difference between Unit 1 and 2 there is no technical Revision 1 to Revision 2 Change Analysis, to TVA to NRC differences between letter dated October 29, 2010 (Reference 2). The design WCAP-13869 rev.1 and bases for the response to feedwater break inside rev2., but staff agree containment, as documented in Chapter 15 of the WBN Unit that rev1 and change 2 FSAR, is the same for WBN Unit 1. Since WBN Unit 2 is analysis could be basis required to match the WBN Unit 1 licensing basis to the for acceptance for both extent practical, the decision was made to revise the WBN Watts Bar units.
Unit 2 FSAR to agree with the WBN Unit 1 FSAR which uses Revision 1. 4/6/11 TVA response is acceptable, however this item remains open until TVA makes changes to FSAR.
324 B B Per the NRC reviewer, the BISI calculation is not required to be 304. Y Closed Closed
(
( (
325 M The Unit 2 loops in service for Unit 1 that are scheduled to be Responder: TVA Startup Olson 305. Y Closed Closed Closed to open item ?
G G a
326 TVA uses double-sided methodology for as-found and as-left Responder: Webb 306. Y Closed Closed TVA Letter dated 327 Attachment 36 contains Foxboro proprietary drawings 08F802403- Responder: Webber 27. Y Open Open-NRC Review SC-2001 sheets 1 through 6. An affidavit for withholding and non-DORL (Poole) proprietary versions of the drawings will be submitted by January In accordance with correspondence from Foxboro, there is Response Included in letter Due 11/24/10 31, 2011. no proprietary information contained in the 08F802403-SC- dated 11/24/10 2001 drawings. Based on this, no affidavit for withholding is required. Attachment 1 contains versions of the drawings with the proprietary information block removed.
(
328 7.5.2. 7.5 Provide the model number for the four containment high range Responder: Temples 307. Y Closed Closed RAI No. 30 TVA Letter dated S
i
( 308. Y 329 7.6.1 7.6.7 D ( Section 7.6.7 of the FSAR (Amendment 100) states that, The Responder: Clark Closed Closed RAI No. 1 TVA Letter dated a S i 309. Y 330 7.3 7.3 Related to Item 298 Responder: Hilmes/Faulkner Closed Closed EICB RAI No.20 Item 7, TVA letter 331 7.6.1 7.6.7 ( As a follow up of OI 190, Staff has reviewed the proprietary version Responder: WEC/Harless/Clark 310. Y Closed Closed RAI No. 8 TVA Letter dated Follow-up of OI-190.
( (
332 7.5.2. 7.5.1 D ( 10/26/2010 311. Y Closed Closed ML103000105 Item TBD EICB RAI ML103000105 sent to DORL M M 333 7.5.2. 7.5.1 a S 10/27/2010 312. Y Closed Closed ML103000105 Item TBD EICB RAI ML103000105 sent to DORL a a i
334 7 7 FSAR Figure 7A-3 Mechanical Flow and Control Diagram Responder: Stockton 313. Y Closed Closed RAI not required. N/A RAI not required because the figure is
(
335 7.6.1 7.6.7 LPMS: Reference to OI-331, sub item 2. Responder: WEC 314. Y Closed Closed RAI# 1, EICB letter TVA letter, dated We need to confirm when MEEB when S
i
(
336 7.5.2. 7.5 Re: RM-1000 Report 04508905-QR Responder: GA 315. Y Closed Closed S
i
(
337 7.5.2. 7.5 Re: RM-1000 Report 04508905-QR Responder: GA 316. Y Closed Closed S
i
(
338 7.5.2. 7.5 In page 3-15 and appendix B of Qualification Test Report 04508905-QR, Qualification Test Report for RM-1000 317. Y Closed Closed RAI #4 letter dated FSAR amend 103 Note: Item to be added to Section 3.10 S
i
(
339 7.5.2. 7.5 In the Qualification Test Report 04508905-QR, the licensee As agreed to with the reviewer, Attachment 1 contains the 318. Y Closed Closed RAI #5 letter dated FSAR amend 103 Note: Item to be added to Section 3.10 S
i 340 7.5.2. 7.5 Provide test result curves for all EMI/RFI tests listed in Table 3.2.3 Responder: GA 2. N Open Open-TVA/Bechtel 3 (page 3-8) of the Qualification Test Report 04508905-QR. In Due 4/30/11 EICB (Singh) addition, please provide the standards or the guidance documents The following responses are based on e-mail: GA-ESI to Provide the qual reports used as the source for ENV 50140, ENV 55011 Class A, and EN Bechtel, dated December 8, 2010 (Reference 20), Response included in letter by 1/28/11 per TVA 55022 Class B. dated 12/22/10. letter of 12/22/10.
(1) The EMI/RFI tests described in Table 3-2 are based on GA-ESI report 04509050 and are summarized in GA- Due: 2/25/11
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N ESI report 04508905-QR. The independent laboratory Clarification Needed:
report, with curves, is part of GA-ESI report 04509050. Per 2/25/11 response Subsequent to issuing GA-ESI report 04508905-QR TVA document SS-additional EMC testing was performed in accordance E18.14.01, Rev. 3 is with TVA specific requirements. The results of the the source document subsequent EMC testing are reported in GA-ESI report for all testing. Please 04038800. GA-ESI report 04038800 includes the test provide this document curves and the report is used as the basis for EMC for staff review. In qualification of the Upper and Lower Inside addition British Containment Post Accident Radiation Monitors (2-RE- Standards (e.g. ENV 90-271 through -274). The results of the testing and 50140) have been cited the acceptability of the RM-1000 monitors for use at in testing which are not WBN Unit 2 are addressed in GA-ESI report per RG 1.180, R1. TVA 04038903-7SP. This report will be submitted no later to describe compliance than January 28, 2010. of SS-E18-14.01 to RG 1.180 with justification (2) ENV 50140, EN 55011, and EN 55022 are British for deviations. No test Standard Institution (BSI) publications concerning curves have been equipment electromagnetic and radio frequency provided in any of the performance. The standard titles are shown below: reports. As a minimum
- a. ENV 50140 - Electromagnetic Compatibility - TVA to provide a few Basic Immunity Standard - Radiated Radio- sample test curves or Frequency Electromagnetic Field - Immunity Test justify not supplying
- b. EN 55011 - Industrial, scientific and medical them.
equipment - Radio-frequency disturbance characteristics - Limits and methods of No EMI/RFI curves measurement have been provided as
- c. EN 55022 - Information technology equipment - yet. TVA to provide Radio disturbance characteristics - Limits and representative curves.
methods of measurement NRC review proceeding TVA Response to Follow-up NRC Request: in parallel.
The total EMI/RFI testing of the RM-1000 and current-to- NRC current review frequency converter is documented in the following reports: guidance is based on compliance with RG Attachment 5 contains the proprietary version of 1.180 or equal with General Atomics Electronic Systems 04508905-1SP, justification for Qualification Test Report Supplement, RM-1000 variations. TVA is Upgrade. See sections 5.1.1, 5.1.2 and 5.1.4 for requested to provide EMI/RFI. the roadmap for Attachment 7 contains the proprietary version of compliance to RG General Atomics Electronic Systems 04038903-7SP, 1.180 with justifications Qualification Basis for 04034101 (2-RE-90-271, 272, for any deviations.
273 & 274). See section 5 for EMC qualification basis. Simply following TVA Attachment 8 contains the proprietary version of standard specification General Atomics Electronic Systems 04038903-QSR, SS E18.14.01, Rev. 3 is Qualification Summary Report for Watts Bar Nuclear not sufficient.
Plant Unit 2 Replacement Radiation Monitors. See section 3.4 for electromagnetic compatibility qualification requirements.
Attachment 23 contains the proprietary version of General Atomics Electronic Systems 04508905-QR, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter. See sections 3.2.1 through 3.2.5 and 6.2 for EMI/RFI.
Attachments 7 and 8 document the EMI/RFI testing specific
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N to the WBN Unit 2 RM-1000 monitors and current-to-frequency converters.
TVA Response to Second Follow-up NRC Request:
GA-ESI qualification report 04038903-7SP, Qualification Basis for 04034101 (2-RE-90-271, 272, 273 & 274) Revision C dated February 22, 2011(Proprietary), submitted on TVA to NRC letter dated February 25, 2011 (Reference 2),
section 5.1 states:
GA-ESI has performed the tests on a 2 channel RM-1000 radiation monitoring system the configuration of which is shown in GA-ESI drawing 04509000 System Installation Configuration, RFI/EMI Test, RM-1000 the results of which are issued in GA-ESI report 04038800, RM-1000 EMC Test Report, TVA and 04509050, RM-1000 EMC Test Report.
The equipment tested used an RM-1000 microprocessor radiation monitor Display/Control NIM Bin Assembly, an I-F Converter, line filter, and an RD-23 detector. The monitor system being qualified is the same as the monitor system tested and includes ECO-17656 modifications to ensure EMC compliance.
Attachment 1 contains the TVA Browns Ferry High Range Radiation Monitor which contains the requested EMI test curves. We have confirmed that the GA-ESI reports (04509050, RM-1000 EMC Test Report, dated 4/22/03 and 04038800, RM-1000 EMC Test Report, dated 11/11/99) included in the TVA report are applicable to the WBN Unit 2 RM-1000 monitors. The non-proprietary versions and affidavit for withholding of GA-ESI reports (04509050 and 04038800) will be submitted within two weeks of receipt from GA-ESI.
GA-ESI qualification report 04038903-7SP, section 5, provides a detailed discussion of the test results in GA-ESi report 04509050.
TVA Response to Follow-up NRC Request Attachment 1 provides a comparision of the TVA EMC specification SS E18.14.01, Revision 3 requirements to RG 1.180 requirements.
(
341 7.5.2. 7.5 FSAR Tables 3.10 list seismically qualified equipment. However, A review of WBN Unit 2 FSAR amendment 102 chapters 319. Y Closed Closed RAI #1 letter dated FSAR amend 103 S
i
(
342 7.5.2. 7.5 Please confirm that RM-1000 monitors and the associated The RM-1000 containment high range radiation monitors are 320. Y Closed Closed S
i g
343 7.5.2. 7.5 ( ( Seismic RRS in the 04508905-QR report Figures 3-2 and 3-3 (1) The cause of the difference between the RRS and TRS 321. Y Closed Closed G S i 322. Y 344 7.6.6 ? Unit 1 SE discussed in Section 7.6.5, Valve Power Lockout. (a) In accordance with0PDP-6, Locked Valve/Breaker Close Closed Close based on TVA letter dated
(
345 7.5.2. 7.5 Provide the normal temperatures and expected periods of high/low RM-1000 in a NIM Bin was Tested at 39°F for 72 Hrs and 323. Y Closed Closed Response S
i 346 7.5.2. 7.5 TVA has previously stated in response to open item 319 that RM- Document 04507007-1TR is the RM-1000 System 3. N Open Open-TVA/Bechtel 3 1000 System Verification Test Results report, 04507007-1TR is not Verification Test Results. 04038903-QSR, Qualification Due 4/15/11 EICB (Singh) applicable to WBN-2. However, TVA has not provided a WBN-2 Summary Report for Watts Bar Nuclear Plant Unit 2 Due: 2/25/11 specific test results report. Please identify and provide the Replacement Radiation Monitors (Attachment 8) and and appropriate test results reports to complete the review. 04038903-7SP, Qualification Basis for 04034101 (2-RE The proposed response 271, 272, 273 & 274) (Attachment 7) are the Watts Bar Unit appears to be 2 equipment specific qualification reports. conflicting with the
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N proposed response for TVA Response to Follow up NRC Request: OI-351 regarding not submitting the Report 04507007-1TR RM-1000 System Verification Test 04508905-QR report.
Results is applicable to the WBN Unit 2 monitors. The TVA to re-assess applicability is that 04507007-1TR includes all test cases proposed response for called out in the 04507006 RM-1000 System Test both OIs.
Procedure Specification and contains evidence that the V&V tests were performed with version 1.0 software code. The TVA to re-evaluate verification report for version 1.1 software is document previous responses to 04508005 RM-1000 Software Version 1.1 Software OI-316 and OI-319 Verification Report. Document 04508006 RM-1000 Version which have conflicting 1.2 Software Verification and Validation Report shows that responses regarding the required test was completed to validated version 1.2 the applicability of code for the RM-1000. 04507007-1TR.
The Engineering reviewed and approved proprietary versions NRC Follow-up of 04507007-1TR, 04508005 and 04508006 will be question submitted within two weeks of receipt from GA-ESI. The unreviewed proprietary versions, non-proprietary versions Report 04507007-1TR, and affidavit for withholding were submitted on TVA to NRC 1999 states in the Test letter July 15, 2010 (Reference 3). Summary that Initially the testing was done TVA Response to Follow up NRC Request using the SE safety related production The safety-related production modules and the Sequoyah modules that had non-safety-related modules are physically identical. The undergone software difference is that one was produced under the GA-ESI QA V&V testing. The program and the other was not. majority of the testing was done by using two of the Sequoyah non-safety related production modules for the TVA contract, substituted for the SE modules. Since the report is based on primarily non safety related components TVA to clarify and justify why NRC should accept this test report for safety related V&V testing.
(
347 7.5.2. 7.5 Qualification report 04508905-1SP does not address EMI/RFI Qualification report 04038903-7SP, Qualification Basis for 324. Y Closed Closed S
i
(
348 7.5.2. 7.5 Qualification report 04508905-2SP does not address EMI/RFI Qualification report 04038903-7SP, Qualification Basis for 325. Y Closed Closed S
i 349 7.5.2. 7.5 Radiation testing was not considered in any of the test reports as The design criteria provides the criteria for determining what 1. Y Open Open-TVA/Licensing 3 all the equipment has been assumed to be located in nuclear is a mild environment at WBN Unit 2. Calculation power plant areas with mild environments and radiation dosages WBNAPS4004 Summary of Mild Environment Conditions for Due: 2/25/11 less than 1 x 103 rads for total integrated dose (TID). However, Watts Bar Nuclear Plant provides the actual values for each EICB (Singh) the radiation monitors and the I/F converters are located in the area of the plant. In accordance with Table 1, the Control TVA to provide the main control room which is defined as mild environment. For Room has a 40 year maximum TID of 3.5x102 RAD and a assessment document WBN-2 mild environment is defined as room or building zone maximum integrated accident dose of 710.5 RAD for a or a summary of the where (1) the temperature, pressure, or relative humidity resulting maximum TID of 1060.5 RAD. document with the from the direct effects of a design basis event (DBE) (e.g., reference to the temperature rise due to steam release) are no more severe than The accident dose of 710.5 RAD is the dose for a 100 day appropriate those which would occur during an abnormal plant operational LOCA at the surface of the HEPA filter in the Mechanical document/documents.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N condition, (2) the temperature will not exceed 130ºF due to indirect Equipment Room. This is documented in TVA calculation effects of a DBE, (3) the event radiation dose is less than or equal WBNTSR-005, Dose Due to the Control Building February 25, 2011 to 1 x 104 rads, and (4) the total event plus the 40 year TID (total Emergency Air Cleanup Filters Revision 3. However, on response is acceptable.
integrated dose) is less than or equal to 5 x 104 rads (reference page 25 of WBNTSR-005, the shine from this source into the Item will be tracked as WB-DC-40-54). TVA to address lack of radiation qualification for control room is negligible and is not considered in the dose a confirmatory item in WBN-2. calculation for the control room. the SE. TVA to provide calculation or summary Calculation WBNAPS3-126, EQ Dose in the U1/U2 Auxiliary of calculation when Instrument Rooms and the Computer Room in the Control complete.
Building Revision 0 documents the environmental qualification (EQ) radiation dose in the control building. A review of this document by the TVA radiation protection engineer determined that the TID including the normal and accident dose values for the control room is less than 1x103 RAD. Calculation WBNAPS3-126, will be revised to include the control room by July 1, 2011. Since the control room TID has been determined to be less than 1x103 RAD, radiation qualification of the RM-1000.
(
350 7.5.2. 7.5 The seismic required response spectra (RRS) is shown in Figures The RM-1000 was seismically tested in a NIM Bin and the 326. Y Closed Closed RAI # 9, letter FSAR amend 103 Note: Item to be added to Section 3.10 S
i
(
351 7.5.2. 7.5 The replacement schedule for the components that have a The replacement schedules stated in 04508905-1SP, 327. Y Closed Closed S
i
(
352 7.5.2. 7.5 Please clarify how many RM-1000 radiation monitors are being The total number of RM-1000 units procured under MR 328. Y Closed Closed S
i 353 7.5.2. 7.5 Please provide a summary of the [manufacturers] commercial GA-ESI submitted their commercial grade dedication 4. N Open Open-TVA/Bechtel 3 dedication plan for radiation monitors with references to the procedure (OP-7.3-240, Safety-Related Commercial Grade Due 4/15/11 guidance document that it follows. Also please include different Item Parts Acceptance, Revision H) to engineering for TVA to note that staff facets (e.g. receiving, inspection, testing etc.) of the plan. review. Engineering review of the procedure found that the has written a safety procedure, Section 5, did not require multiple dedication evaluation and methods for complex CGI or CGI used in digital safety accepted EPRI TR-systems. As a result, it was determined that the GA-ESI 106439 (1996) as an program did not meet the requirements of NUREG-800, acceptable method of Section 7.0A, Revision 5. addressing commercial dedication. EPRI NP-A discussion with GA-ESI found that while not required by 5652 must be used in procedure, GA-ESI does perform vendor surveys as required conjunction with the by Method 2 of NP-5652. The surveys are done based on additional guidance in prudent business practices. Based on this discussion, GA- EPRI TR-106439 for ESI agreed to review the CGI used in the WBN Unit 2 digital commercial dedication safety-related monitors to determine if they had been processes e.g. EPRI EICB (Singh) dedicated by more than one method. NP-6404, EPRI TR-102260, GL 89-02, and The review of the CGI used in the WBN Unit 2 digital safety- GL-91-05 per Section related monitors determined that all CGI had been dedicated 3.3 of EPRI TR-using Method 1 of EPRI guideline NP-5652. However, in the 106439.
sample of items reviewed, there were CGI that were dedicated using a single method. Based on the results of the Follow-up engineering procedure review and the results of the GA-ESI clarification:
CGI review, Service Request 346896 was initiated to document the condition and to place the monitors in TVA to review and Conditional Release status. satisfy itself with the procedure and provide Based on the results of the previous reviews, GA-ESI agreed NRC a copy of the to the following plan of action to resolve the CGD issue: procedure for review.
In addition, TVA and
- 1. GA-ESI shall revise its commercial grade dedication GA to provide procedure (OP-7.3-240) to require multiple dedication information as to what methods be utilized for complex commercial grade additional measures items and commercial grade items for digital safety were taken by GA with class systems. The evidence that this has been available
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N completed will be provided to TVA by April 15, 2011. documentation to prove that more than one Specifically, Method 1 and at least one additional method was followed method from the list below will be used to ensure that for commercial the CGD procedure complies with the current SRP. dedication.
Method 1 - Special Tests and Inspections Method 2 - Commercial Grade Survey of Supplier Method 3 - Source Verification Method 4 - Acceptable Supplier/Item Performance Record
- 2. GA-ESI shall take actions consistent with the revised operating procedure to address the CGls used in the WBN Unit 2 safety-related digital monitors. Evidence that those actions have been completed will be provided no later than September 1, 2011.
Based on the above action plan, TVA will resolve the issues with the GA-ESI CGD of CGI used in the WBN Unit 2 monitors and submit documentation of the resolution to the NRC by:
GA-ESI procedure OP-7.3-240 revision: April 30, 2011 Resolution of CGD of CGI used in WBN Unit 2 RM-1000 monitors: September 15, 2011 TVA Response to Follow up NRC Request (1) TVA has reviewed the revised GA-ESI procedure and determined that changes bring the CGD program into conformance with the requirements of NUREG-800, Section 7.0A, Revision 5 EPRI topical report TR-106439 and EPRI guideline NP-5652. Attachment 2 contains GA-ESI procedure OP-7.3-240 Safety-Related Commercial Grade Item Parts Acceptance, Revision I.
(2) As stated in TVA to NRC letter dated April 15, 2011(Reference 1), Attachment 4, List of New Commitment Items, item 2, the due date for resolution of this issue is September 15, 2011.
(
354 7.5.2. 7.5 RG 1.180 endorsed the guidance of IEEE-1050-1996 with (1) The WBN Unit 2 grounding system design is in 329. Y Closed Closed The grounding specification used by S
i
(
355 7.5.2. 7.5 Staff has not found the stated exclusion zone for EMI/RFI Cautions and distance limitations for WBN Unit 1 legacy 330. Y Closed Closed S
i
(
356 7.5.2. 7.5 The attachment number refers to your February 25, 2011 letter. The loss of the RM-3 output (current to frequency (I/F) 331. Y Closed Closed Closed by TVA S
i 357 7.5.2. 7.5 In Attachment 5, Qualification Test Report Supplement, RM-1000 Attachment 8 contains GA-ESI qualification report 28. N Open-NRC Review 3 (04508905-1SP), Attachment 6, Qualification Test Report 04508903-1TR Seismic Qualification Test Results RM-1000 Supplement, I-F Converter Upgrade (04508905-2SP), and and Current-to Frequency (I/F) Converter original release, EICB (Singh)
Attachment 23, Qualification Test Report for RM-1000 Processor dated April 1999.
Module and Current-To-Frequency Converter (04508905-QR), the applicant made a statement that the results for these tests are provided in SE document 04508903-1TR. Please provide SE document 04508903-1TR for the staff to review. IF this report has been submitted earlier then please advise us the letter number and date by which it was submitted.
358 7.5.2. 7.5 CB (Si The attachment numbers refer to your February 25, 2011 letter. In An incomplete response was inadvertently submitted in TVA 29. N Open Open-NRC Review 3 ng Attachment 2, Wyle Test Report 41991 Safety Shutdown to NRC letter dated March 31, 2011 (Reference 1). The Due 4/15/11
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Earthquake (SSE) Test Response Spectra (TRS) Plots all five (5) following response supersedes the previous response in its pages, in Attachment 5, General Atomics Electronic Systems entirety.
04508905-1SP, page 5-5, Figure 5-2, and in Attachment 23, Qualification Test Report for RM-1000 Processor Module and 1. Attachment 2, Wyle Test Report 41991 Safety Current-To-Frequency Converter (04508905-QR), page 4-25, Shutdown Earthquake (SSE) Test Response Spectra Figure 4-5 X-Axis SSE Test Response Spectra (TRS) versus (TRS) Plots all five (5) pages. These five Test Required Response Spectra (RRS), it shows that the TRS were Response Spectra (TRS) Plots versus Required below the RRS at various frequency (5% Damping). Please provide Response Spectra (RRS) show that the TRS were an explanation regarding why this is acceptable. below the RRS at various frequency (5% Damping).
Please provide an explanation regarding why this is acceptable.
Attachment 2 of this letter provides five pages from the first seismic test (Wyle Test report 41991) from GA-ESI report 04508903-1TR, submitted in response to OI-357 on TVA to NRC letter dated March 31, 2011 (Reference 1). The following discussion refers to these pages.
Wyle test report 41991 provided the seismic test results for two RM-1000 monitors (one area monitor and one process monitor) and one I/F converter. During the test, the RM-1000 monitor configured as an area monitor was damaged due to the test table impacting its mechanical stop (see page 4 of Wyle Test Report 41991 attached).
This first test was completed for the RM-1000 monitor configured as a process monitor and the I/F converter.
A second seismic test for the RM-1000 monitor configured as an area monitor and two I/F converters (Wyle Test Report 41991-1) is also included in 04508903-1TR. The RM-1000 monitor used in this second test was the same RM-1000 process monitor used in the first seismic test reconfigured (switch in application type 1 mode) as an area monitor. One of the I/F converters tested was the same I/F converter tested in the first seismic test. This second test was performed to complete the testing which could not be performed during the first seismic test due to the damage to the RM-1000 area monitor and the loss of the high voltage power supply to the I/F converter that occurred during the first seismic test. None of the TRS plots in this second seismic test report 41991-1 were below the RRS.
General Atomics Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter (04508905-QR) refers to both Wyle Reports 41991 and 41991-1 included in report 04508903-1TR. It is recognized that the five TRS Plots versus the RRS where the TRS were below the RRS is an exceedance that must be justified. From Wyle report 41991 it can be determined that these five TRS versus RRS plots are for the seismic response in the front to back panel direction.
The RRS used in the Wyle test reports envelopes the TVA standard RRS shown in Fig 3.1 of TVA Standard Specification CEB-SS-5.10, For Seismic Qualification of Electrical, Mechanical and I&C Devices, submitted on TVA to NRC letter dated February 25, 2011, (Reference
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N envelopes the in panel seismic demand for most TVA applications. For specific cases when required the actual in panel RRS can be developed. Calculation WCG-ACQ-0766, In-Cabinet Required Response Spectra for RM-1000 Radiation Monitors in MCR Panel 2-M-30, Revision 0, (Attachment 3) has been issued to generate the 5% RRS for these safety related RM-1000 monitors, I/F converters and NIM bins for the WBN2 panel (2-M-30) where they will be installed. As can be seen from the RRS plots in calculation WCG-ACQ-0766 the front to back 5% RRS broad band peak is 9.76 g which is lower than the front to back 5% TRS shown in the subject five (5) plots.
- 2. Attachment 5, General Atomics Electronic Systems 04508905-1SP, page 5-5, Figure 5-2. The Figure 5-2 Test Response Spectra (TRS) Plots versus Required Response Spectra (RRS) shows the TRS to be below the RRS at various frequency (5% Damping). Please provide an explanation regarding why this is acceptable.
The display module for the RM-1000 monitors procured for WBN2 differs from that used in previous RM-1000 qualification tests. The seismic qualification basis for the WBN2 display module is established by similarity to the display module used in RM-2000 monitor qualification tests shown on page 5-4 and 5-5 of 04508905-1SP (pages attached). The basis for the similarity discussion is provided on pages 5-2 and 5-3 of 04508905-1SP. The TRS non-exceedance at approximately 6-7 Hz shown on page 5-5 is not applicable to WBN2 since the RRS shown on that figure is not used for WBN2 qualification. The correct comparison for WBN2 would be the TVA standard RRS shown in Fig 3.1 of CEB-SS-5.10 for 5% damping. The TRS shown on page 5-5 meets or exceeds all points of the TVA standard RRS. Therefore, the seismic qualification of the WBN2 display module is provided by pages 5-4 and 5-5 for which the TRS completely envelopes the TVA standard RRS shown in Fig 3.1 of CEB-SS-5.10. Additionally, as previously stated, Calculation WCG-ACQ-0766 was issued to generate the 5% RRS for the WBN2 panel (2-M-30) where the safety related RM-1000 monitors will be installed. The vertical 5% RRS plot in calculation WCG-ACQ-0766 broad band peak is 4.2 g which is lower than the 5% TRS shown in 04508905-1SP, page 5-5, Figure 5-2.
- 3. Attachment 23, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter (04508905-QR), page 4-25, Figure 4-5 X-Axis SSE Test Response Spectra (TRS) versus Required Response Spectra (RRS) shows the TRS to be below the RRS at various frequency (5% Damping). Please provide an explanation regarding why this is acceptable.
This Figure 4-5 is one of the same figures identified in item 1. See item 1. for the appropriate discussion.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 359 7.7.1. Was the CERPI system developed under a 10 CFR 50 Appendix B CERPI is a non-safety related system. Therefore, 10 CFR 30. Open Open-NRC Review 1 EICB compliant program? 50 Appendix B is not applicable. Due 4/15/11 (Carte) 360 In order for staff to review the acceptability of the Incore (a) The Watts Bar Unit 2 In-core Instrumentation System 31. Open Open-NRC Review Instrumentation System (IIS): (IIS) replaces all of the functionality provided by the Due 4/15/11 Movable Incore Detector System (MIDS) used at Watts (a) Provide a brief system description of IIS and its regulatory Bar Unit 1. The IIS to be used at Watts Bar Unit 2 is a compliance. In your discussion include the discussion of Westinghouse IN-Core Information, Surveillance, and WINCISE and BEACON system which are part of the IIS. Engineering (WINCISE) System that is functionally Also provide the differences between the system used at described in Section 7.7.1.9 of the Watts Bar Unit 2 WBN Unit vs. at Unit 2, e.g. Movable vs. fixed IIS. For Final Safety Analysis Report (FSAR). The WINCISE-WINCISE provide the basis for acceptance. style IIS used at Watts Bar Unit 2 is essentially the same as the in-core power distribution measurement systems (b) If this system has been accepted by the staff previously at used at most Combustion Engineering style of operating some other plant then provide the reference to that SE. reactors that use a type of in-core neutron sensors Identify the document that describes the functionally of the IIS commonly called "Fixed In-core Detectors (FID)." The that is identical to the IIS used in the Westinghouse AP1000 Watts Bar Unit 2 IIS is functionally identical to the IIS reactor design. used in the Westinghouse 1AP1000' reactor design.
The Watts Bar Unit 2 IIS includes the FIDs, Core Exit (c) If this has not been evaluated by the staff previously, then Thermocouples (CET), FID and CET signal cables, the provide the effect of CCF of this system and its effect on FID signal processing hardware, and the FID signal safety system or chapter 15 analysis. processing software. This hardware and software is required to provide the measured signals to the (d) Does this have any interconnection with safety system?
associated BEACON System to periodically determine (e) For BEACON provide the acceptability of this system. I whether the reactor is operating within design core believe that this system was accepted at WBN Unit 1. If that peaking factor limits. A detailed description of the Watts is the case then provide the reference to that review. Also Bar Unit 2 IIS hardware is provided in the document titled, Westinghouse Incore Information Surveillance &
EICB (Garg) provide any differences of this system to the one at WBN Unit 1 system. Engineering (WINCISE) System Technical Manual, NO-WBT-002, Revision 0 supplied by Westinghouse to TVA (f) Please provide detailed information about the In-core in September of 2010.
Instrumentation System (IIS) to be installed in Watts Bar Unit
- 2. This information should indicate how the system meets the The qualification for the BEACON System to perform the requirements established in the Standard Review Plan, core power distribution measurement function using the including system concept, system requirements, system Watts Bar Unit 2 WINCISE style IIS instrumentation is design, and system development, as well as the regulatory documented in the generic NRC Safety Evaluation requirements identified for Watts Bar Unit 2. Reports (SER) provided with WCAP-12472-P-A, BEACON Core Monitoring and Operations Support (g) Please provide a description on how the system will meet the System, Addendum I-A and Addendum 2-A.
regulatory requirements identified in Table 7.1-1 of the SRP, applicable to the IIS. (b) The WINCISE style IIS used at Watts Bar Unit 2 is essentially the same as the in-core power distribution (h) Provide detailed description about the connection and measurement systems used at all Combustion communication for the signals to be transmitted from the Core Engineering style of operating reactors that use a type Exit Thermocouples to the Common Q Post Accident of in-core neutron sensors commonly called "Fixed In-Monitoring System (PAMS). Also, describe how this core Detectors (FID)." The Watts Bar Unit 2 IIS is communication will meet the NRC communications regulatory functionally identical to the IIS described in the requirements. Westinghouse AP1000 design documents and approved in the Westinghouse AP1000 SER section 7.5.7 as (i) Please provide the following Westinghouse document: NO- documented in Westinghouse Letter WBT-D-____ ,
WBT-002, Westinghouse Incore Information Surveillance & title, dated April 14, 2011 (Attachment 7)
Engineering (WINCISE') System Technical Manual.
(c) The digital in-core flux monitoring portion of the IIS is (j) Provide the failure modes and effects analyses for the IIS, non-safety-related. As such, CCF analysis is not documented in calculation WBNOSG4220 WB Incore required by NUREG-800 section 7.0-A. The IIS has no 1
AP-1000 is a registered trademark of the Westinghouse Electric Company LLC
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Instrumentation System Failure Modes and Effects Analyses, impact on any Safety Analysis documented in Chapter and demonstrate how these potential failures do not adversely 15 of the Watts Bar Unit 2 FSAR.
affect reactor safety.
(d) The IIS includes the 1E qualified CET and CET analog signal cables required to allow the CETs to be directly connected to the Common Q Post Accident Monitoring System (PAMS). There is no other interface to safety systems. The CET signals are electrically isolated from signals output from the non-1E FID signals and signal processing electronics.
(e) The qualification for the BEACON System to perform the core power distribution measurement function using the Watts Bar Unit 2 WINCISE style IIS instrumentation is documented in the generic NRC Safety Evaluation Reports (SER) provided with WCAP-12472-P-A. This WCAP generically approves the BEACON System for use at PWR reactors including those using Movable In-core Detector Systems (MIDS) like Watts Bar Unit 1 and, through Addendum I-A and 2-A, those like Watts Bar Unit 2 using a WINCISE type fixed in-core instrumentation system.
The specific differences between the Unit 1 and Unit 2 core power distribution measurement systems are too numerous to simply list. A detailed description of the Watts Bar Unit 2 IIS hardware is provided in section 2 of the WINCISE System Technical Manual NO-WBT-002 (Attachment 5).
(f) NUREG-800 section 7.0-A, Table 7.0-A-1. Review Topics for Various Systems, requires only a limited review for non-safety related system discussed in NUREG-800 section 7.7 Control. WINCISE is a non-safety-related, indication only system within the scope of NUREG-800 section 7.7. The limited review required is:
Control systems receive a limited review as necessary to confirm that control system failures cannot have an adverse effect on safety system functions and will not pose frequent challenges to the safety systems. The only WINCISE interface with a safety-related system is the CET in the IITA which is hardwired to the Common Q PAMS system. See item (g) below for a description of the qualification process that demonstrates that failures in the balance of the WINCISE system do not impact the performance of the safety-related CET function.
(g) With the exception of the IITA hardware, WINCISE is a non-safety-related indication system. The IITA assemblies meet the following criteria:
- i. R.G. 1.26 Rev. 3 Quality Group Classification and Standards for Water, Steam and Radioactive Waste Components of Nuclear Power Plants ii. R.G. 1.38 Rev. 2 Quality Assurance Requirements for Packaging, Shipping, Receiving, Storage and Handling of Items for Water-Cooled Nuclear Power
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Plants iii. R.G. 1.71 Rev. 0 Welder Qualification for Areas of Limited Accessibility iv. R.G. 8.8 Rev. 3 Information Relevant to Ensuring that Occupational Radiation Exposure at Nuclear Power Stations will be As Low As Reasonably Achievable
- v. R.G. 8.19 Rev. 1 Occupational Radiation Dose Assessment in Light-Water Reactor Plants Design State Man-Rem Estimates vi. R.G. 1.84 Rev. 27 Design and Fabrication Code Case Acceptability - ASME Section III, Division 1R.G. 1.85 Rev. 27 Material Code Case Acceptability - ASME Section III, Division 1 1.1.4 The design, materials, fabrication, inspection, and testing of the IITA shall be in accordance with the ASME Boiler and Pressure Vessel Code,Section III Class 3, and all applicable Code Cases as proposed by the supplier and approved by Westinghouse. Materials shall be in accordance with this specification.
1.1.5 Component Classification - The IITA is classified as an instrument tube, so it is not under the jurisdiction of the ASME per NCA-1130(c). However, the design, primary pressure boundary materials, and NDE Requirements are per ASME Section III, Class 3 and the IITA is classified as Safety Class 2.
The non-safety-related WINCISE Signal Processing System Cabinets are located inside containment and are therefore required to not impact the function of any safety-related equipment. To meet this requirement the cabinets were tested and passed based on the following criteria:
- i. In accordance with WB-DC-40-31.2, Watts Bar Nuclear Plant Seismic Qualification of Category 1 Fluid System Components and Electrical or Mechanical Equipment, Revision 8, November 2000 and U.S. N.R.C. Regulatory Guide 1.100, Seismic Qualification of Electrical and Mechanical Equipment for Nuclear Power Plants, Revision 2, June 1988, the equipment must withstand five OBEs and one SSE without creating missiles. Testing was done in accordance with:
(1) IEEE Std 344-1975, IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations, Institute of Electrical and Electronics
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Engineers, Inc., 1975 (2) IEEE Std 344-1987, IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations, Institute of Electrical and Electronics Engineers, Inc., 1987 ii. In accordance with U.S NRC Regulatory Guide 1.180 Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems, Revision 1, October 2003 and IEEE 323-1983 IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generator Stations, Institute of Electrical and Electronics Engineers, Inc., 1983, the equipment must not generate spurious electromagnetic emissions or suffer some common mode failure due to its operating environment that could directly or indirectly impact the operation of safety-related equipment (1) IEC 61000-6-2, Electromagnetic compatibility (EMC). Generic Standards. Immunity for Industrial Environments, 2005 (2) MIL-STD-461E, Requirements for the control of Electromagnetic interference Characteristics of Subsystems and Equipment, August 1999 (3) IEC 61000-4-4, Electromagnetic compatibility (EMC) - Part 4-4: Testing and Measurement Techniques - Electrical Fast Transient/Burst Immunity Test, 1995 (4) IEC 61000-4-12, Electromagnetic Compatibility (EMC) - Part 4: Testing and Measurement Techniques, Section 12:
Oscillatory Waves Immunity Tests, 1996 iii. In order to demonstrate that a maximum expected surge of 600 volts on the power input to the cabinets would not propagate and damage the CET cables in the IITA, the cabinets were surge tested in accordance with IEC 61000-4-5, Electromagnetic compatibility (EMC) - Part 4-5: Testing and Measurement Techniques - Surge Immunity Test, 1995.
(h) The cables for the CETs separate from the FID cables at the seal table. The CETs are connected directly to the Common Q PAMS cabinet. The FIDs are connected directly to the in-containment signal processing system cabinets.
(i) Attachment 5 is the proprietary section 2 Equipment Description of NO-WBT-002, Westinghouse Incore Information Surveillance & Engineering (WINCISE')
System Technical Manual. This is strictly a proprietary
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N document and a non-proprietary version will not be submitted. An affidavit for withholding will be submitted within two weeks of receipt from Westinghouse.
(j) Attachment 6 is the proprietary WINCISE FMEA. A non-proprietary version and affidavit for withholding will be provided within two weeks of receipt from Westinghouse.
Westinghouse is available to discuss any specific questions on the methodology and hardware used in the Watts Bar Unit 2 IIS that the NRC believes are not well defined in the documents listed above.
361 7.7.1. Was the Foxboro IA system developed under a 10 CFR 50 Foxboro I/A is a non-safety related system. Therefore, 10 32. Open Open-NRC Review 1 EICB Appendix B compliant program? CFR 50 Appendix B is not applicable. Due 4/15/11 (Carte) 362 7.6.1 7.6.7 OI #331 requested TVA to provide information regarding how the TVA committed to provide a letter on the docket (targeted is 5. Open-TVA Open-TVA/Bechtel Loose Parts Monitoring System (LPMS) in-containment for 4/30/2011) stating why the the in-containment equipment components (e.g., Accelerometer ( including the integral insulated has been qualified for vibration per RG 1.133, Rev. 1.
hardline cable), Softline cable, and Remote Charge Preamplifiers) were qualified for vibration as addressed in regulatory position (1) Attachment 4 contains Westinghouse document WBT C.1.g of RG 1.133, Rev. 1. TVA responded by stating that TVA DMIMS-DX' Seismic Evaluation of the Digital Metal has reviewed the information provided by Westinghouse describing Impact Monitoring System (DMIMS-DX') for Watts Bar how the Loose Part Monitoring System (LPMS) sensor is qualified Unit 2, EQ-QR-33-WBT, Revision 0 (proprietary). The for normal operating conditions provided in Westinghouse letter non-proprietary version and affidavit for withholding will WBT-D-2782, dated December 17, 2010 (Reference 11) as be submitted within two weeks of receipt from addressed in regulatory position C.1.g of Reg. Guide 1.133 and Westinghouse.
found it acceptable. Vibration qualification is not applicable to the softline cable. Due to the installation location (junction boxes Attachment 5 contains Westinghouse non-proprietary EICB ( Kemper & Singh) mounted to the shield or fan room walls) and previous seismic white paper WBT-D-2782, Westinghouse DMIMS-DX qualification, vibration qualification of the charge In-Containment equipment environmental specifications converter/preamplifier is not required. This completes the response to this item. EQ-EV-71-WBT-P, Revision 1, Environmental Evaluation and Operating History of the Westinghouse However, the staff still desires further clarification on this DMIMS-DX Preamplifier and Softline Cable Used at response. Specifically, please provide a documented basis that Watts Bar 2 dated February 2011 was submitted on demonstrates the LPMS in-containment equipment is qualified for TVA to NRC letter dated Februay 25, 2011 (Reference normal operating conditions (e.g., test results compared to the 4).
equipment qualification specification), including vibration qualification. Also, provide justification for why vibration WEC to address vibration qualification of the qualification if the Remote Charge Preamplifier is not required. accelerometer/hardline cable assembly.
(2) The Remote Charge Preamplifiers are mounted in junction boxes inside containment. The junction boxes are hard mounted either to the crane wall or to a fan room wall. The crane wall and fan room walls are subject to any significant vibration during normal operation.
363 7.5.1. 7.5.2 OI#199 requested TVA to provide information concerning how TVA TVA Procedure SPP-2.6 Computer Software Control has 6. Due 4/30/11 Open-TVA/Bechtel EICB (Rahn and 1.3 plans to meet regulatory criteria for Quality (10 CFR 50.55a(a)(1)) been superseded by TVA Procedure NPG-SPP-12.7, and associated with the Technical Support Center and Nuclear Data Computer Software Control, Revision 0, dated December 7.9.1 Link. TVA responded in Letter Dated October 5, 2010, Item 63; 17, 2010 (Attachment 3).
Mossman) however, TVAs response does not address the quality aspects of these system features. A similar question had been asked for To ensure quality, the design, testing, and inspection of all Quality Criteria adherence for the SPDS and the BISI functions of Integrated Computer System (ICS) software including a)
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N the Integrated Computer System. In response to that request SPDS, b) BISI and c) Technical Support Center (TSC) and (same letter) TVA provided a description of TVA procedures, BISI Nuclear Data Link (NDL) functionality is controlled by software development procedures, and various management qualified personnel in accordance with TVA procedure NPG-measures that will be taken to assure high quality in the design, SPP-12.7. The TSC and NDL functions are provided and operation, and maintenance of the SPDS and BISI functions of the performed by the ICS and, in the case of NDL, the Central ICS. Since the TSC and Nuclear Data Link information originates Emergency Control Center (CECC) computers in in the SPDS function of the ICS, are there any aspects of the Chattanooga.
quality measures that apply to the TSC and NDL features developed as part of quality processes for the ICS that are Any changes to ICS software must be documented and applicable to the data communications features? controlled using TVA procedure NPG-SPP-12.7. This includes the a) SPDS, b) BISI and c) TSC and NDL Specifically, what is the scope of TVA Procedure SPP-2.6 functions. The procedure details controls and processes Computer Software Control? How does it apply to the ICS required for the development, modification, and configuration functions of a) SPDS, b) BISI, and c) TSC and NDL functions? management of computer software used to support the Wouldnt there be aspects of the quality procedures that apply to design, operation, modification, and maintenance of TVAs the development, maintenance, and operations of the software nuclear power plants consistent with the Nuclear Quality needed to support the data communications features. Also, what Assurance Plan.
quality measures will be applied to develop, maintain, and operate the hardware that accomplishes the TSC and NDL functions to Controls in NPG-SPP-12.7 guide the development and ensure that these features will be reliable and available when testing of the software changes. Other controls established needed? by this procedure to further maintain quality standards are:
The application custodian implements controls to prevent unauthorized changes to the software.
Changes are made in a non-production environment, and validation testing takes place before the change is installed on the ICS when possible.
Once validation testing begins, the source code is placed under configuration control.
When the modifications are installed on the ICS, an operability test is performed to demonstrate that the software is installed correctly and is functioning correctly in its operating environment.
Documentation related to ICS software changes are QA records.
The software source code is kept in a physically secure, environmentally controlled space to prevent inadvertent changes.
Cyber security considerations are also considered in the storage environment.
The data goes through several validation steps before being presented to the operators.
When redundant sensors are used, the data received by the computer can be processed by software to determine if the quality of one or more points is questionable.
The hardware involved in the TSC and NDL functionality is verified to be operable on a periodic basis.
In the case of the NDL functionality, the ICS transmits the required data to the CECC on a continuous basis. The CECC monitors the status of the ICS data communications and alarms are generated when the link is not active. The Emergency Plan (EP) staff conducts a quarterly test that verifies that NDL data is successfully transmitted from each unit to the NRC.
364 7.5.2. 7.5 CB (C On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 1. Attachment __ contains the evaluation of the Common 1. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 art evaluation of the Common Q PAMS against the current staff Q PAMS against the regulatory requirements in IEEE Due 5/15/11 81.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N position. Std 603-1991. (Awaiting response from Westinghouse)
By letter dated 2/25/11 (ML110620219), TVA docketed a response: 2. Table 7.1-1 will be updated to reference IEEE Std 603-TVA performed an analysis and concluded that the Common Q 1991 for the Common Q PAMS.
PAMS equipment does not need to meet either IEEE 279-1971 or IEEE 603-1991 and so no analysis was performed or provided. TVA has reviewed the requirements of IEEE Std 603-1991 for the Sorrento Containment High Range However, SRP (NUREG-0800 Rev. 2 dated March 2007) Section Radiation Monitors and determined that IEEE Std 603-7.7, Information System Important to Safety, specifically identifies 1991 is not applicable. IEEE 603-1991 is applicable to IEEE Std 603-1991 as being applicable to accident monitoring actuation systems. While TVA lists the containment instrumentation. Based upon the review of this item, the staff finds high range radiation monitors as RG 1.97 Revision 2 the following open items: Typa A variables, the classification is not based on the 1 TVA to demonstrate that the Common Q PAMS meets the RG 1.97 requirements which states:
applicable regulatory requirements in IEEE Std 603-1991.
2 TVA to updated FSAR (Amendment 103) Table 7.1-1 to Type A, those variables that provide primary reference IEEE Std 603-1991 for WBN2 Common Q PAMS information needed to permit the control room operating and Sorento Containment High Radiation Monitors. personnel to take the specified manually controlled actions for which no automatic control is provided and that are required for safety systems to accomplish their safety functions for design basis accident event.
TVA calculation WBN0SG4047, PAM Type "A Variables Determination uses a broader definition.
The calculation definition is:
The type "A variables will be divided into three groups based on the parameter's purpose. The groups are: (1) event identification, (2) event recovery to plant stabilization, and (3) maintaining the stabilized conditions from event recovery to hot standby.
Following a reactor trip, the termination point for transients at WBNP is considered a stabilized condition at hot standby per chapter 15 of the WBN FSAR. Event recovery actions are those manual actions taken to mitigate a design basis accident to a stabilized condition. The plant can be considered stabilized when the plant parameters vary slowly and automatic systems are not being initiated. The diagnostic process consciously performed by the operator via the plant variables to interpret an event indication will be considered as a safety-related operator action regardless of the lack of manual manipulation of equipment. This diagnostic process is necessary to enable the operator to distinguish the "type" of transient and take the correct mitigating actions.
A review of TVA calculation WBN0SG4047 and the associated Emergency Instructions found that there are no operator actions that are meet the RG 1.97 Revision 2 definition for a Type A variable which are based on the containment high range radiation monitors. Based on this review, IEEE 603 is not applicable to the containment high range radiation monitors.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 365 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 2. Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Due 5/15/11 81.
position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response:
that WBN2 is not committed in complying with Reg. Guide 1.75Since WBN2 is not committed to RG 1.75 or IEEE-384, no comparison is required However, WBN2 is committed to RG 1.75 Rev. 2, Physical Independence of Electric Systems. RG 1.75 Rev. 3 and IEEE Std.
EICB (Carte) 384-1992 are used, in part, to address IEEE Std 603-1991 Clause 5.6.1. The current NRC staff position for RG 1.75 is documented in Rev. 3. Based upon the review of this item, the staff finds the following open item:
1 TVA to updated FSAR (Amendment 103) Table 7.1-1 to include RG 1.75 Rev. 3 for WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.
The Common Q PAMS was designed to meet the requirements of RG 1.75 Rev. 2. WBN2 did not perform an analysis to RG 1.75 Rev. 3. Based upon the review of this item, the staff finds the following open item:
2 TVA to evaluate Common Q PAMS and the Sorento Containment High Radiation monitor for conformance with RG 1.75 Rev. 3.
366 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 3. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Due 5/15/11 81.
position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response:
TVA stated that the Common Q PAMS equipment fully meets the RG 1.100 Rev. 0 and is compliant with Rev. 3, with exception of testing above 33 Hz, which is not applicable to Watts Bar.
The WBN2 FSAR (Amendment 103) references Regulatory Guide 1.100 Rev. 1 Seismic Qualification of Electrical Equipment for EICB (Carte)
Nuclear Power Plants. The Common Q PAMS was designed to meet the requirements of RG 1.100 Rev. 2. RG 1.100 Rev. 3 is the current revision of this guide and is endorsed by the NRC. RG 1.100 Rev. 3 endorses IEEE 344-2004.
Based upon the review of this item, the staff finds the following open item:
1 TVA to updated FSAR (Amendment 103) Table 7.1-1 to include RG 1.100 Rev. 3 for WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.
or 2 TVA to evaluate Common Q PAMS for conformance with RG 1.100 Rev. 1.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N 367 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 4. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Due 5/15/11 81.
position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) references RG 1.153 Rev. 0, Criteria for Safety Systems. The Common Q PAMS is designed to meet the requirements of RG 1.153 Rev. 1. By letter dated February 25, 2010 (ML110620219), TVA stated:
The subject Regulatory Guides [RG 1.153 Rev. 0 & 1]
endorse and reference other standards. Common Q PAMS has been evaluated to comply with the requirements of these EICB (Carte) other endorsed standards ([Comparison report in this letter titled IEEE-279-1971 to IEEE-603-1991 Comparison]).
Therefore no additional analysis needs to be performed and no further action is necessary.
However, the Comparison report in this letter titled IEEE-279-1971 to IEEE-603-1991 Comparison, stated:
The first of the two standards, IEEE-279, is part of the design basis of WBN2 but is not relevant to Common Q PAMS. The second standard, IEEE-603-1991 is not part of the design basis for the Common Q PAMS forWBN2.
Based on the reasoning quoted above, WBN2 did not evaluate the Common Q PAMS against the criteria of RG 1.153 Rev. 1; therefore, the staff finds the following open item (see also Open Items No. 1 & 2 above.):
1 TVA to evaluate Common Q PAMS for conformance with RG 1.153 Rev. 1.
368 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an Attachment 6 contains the evaluation for Common Q PAMS 5. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff for conformance with RG 1.152 Revision 2 Due 5/15/11 81.
position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) references RG 1.152 Rev. 0, Criteria for Digital Computers in Safety Systems of Nuclear Power Plants. The Common Q PAMS was designed to meet the EICB (Carte) requirements of RG 1.152 Rev. 1. RG 1.152 Rev. 2 is the current revision of this guide and is endorsed by the NRC. By letter dated February 25, 2010 (ML110620219), TVA stated:
RG 1.152 rev 2 endorses ANSI/IEEE-ANS-7-4.3.2-2003, but also provides extra regulatory guidance concerning computer based cyber security. Since this revision was not part of the design basis of WBN2 or Common Q PAMS, the project makes no commitment to the compliance of RG 1.152 rev 2.
Based upon the review of this item, the staff finds the following open item:
1 TVA to evaluate Common Q PAMS for conformance with RG 1.152 Rev. 2.
369 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 6. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Due 5/15/11 81.
EICB (Carte) position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) references IEEE 7-4.3.2-1982, "IEEE Standard Criteria for Digital Computers in Safety
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N Systems of Nuclear Power Generating Stations" as endorsed by Regulatory Guide (RG) 1.152, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants," Revision 0 for the Eagle 21 system. The current regulatory position is documented in RG 1.152 Rev. 2 which endorses IEEE Std 7-4.3.2-2003 as an acceptable method for using digital computers to meet IEEE Std 603-1991. Based upon the review of this item, the staff finds the following open item:
1 WBN2 to updated FSAR Table 7.1-1 to reference IEEE 7-4.3.2-2003 as being applicable to WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.
370 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 7. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Due 5/15/11 81.
position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) does not reference RG 1.168, EICB (Carte)
IEEE 1012, or IEEE 1028. IEEE Std 7-4.3.2-2003 indentifies IEEE Std 1012-1998 as normative. RG 1.168 Rev. 1 endorses, with clarifications, IEEE 1012-1998. The current staff positions are documented in RG 1.168 Rev. 1, IEEE 1012-1998, and IEEE 1020-1997. Based upon the review of this item, the staff finds the following open item:
1 WBN2 to updated FSAR Table 7.1-1 to reference RG 1.168 Rev. 1, IEEE 1012-1998, and IEEE 1020-1997 as being applicable to WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.
371 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 8. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Due 5/15/11 81.
position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) does not reference Regulatory Guide 1.209, Guidelines for Environmental EICB (Carte)
Qualification of Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants. Based upon the review of this item, the staff finds the following open item:
1 WBN2 to updated FSAR Table 7.1-1 to reference RG 1.209 and IEEE Std. 323-2003 as being applicable to WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.
TVA did not docket an evaluation against the criteria in RG 1.209.
Based upon the review of this item, the staff finds the following open item:
2 WBN2 to evaluate Common Q PAMS for conformance with RG 1.209 and IEEE Std. 323-2003.
372 7.5.2. 7.5 On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an 1. Attachment 7 contains the evaluation for how the 9. N Open Open-TVA/WEC NNC 4/125/2011: See Open Item No.
2 evaluation of the Common Q PAMS against the current staff Common Q PAMS SysRS and SRS implement the Due 5/15/11 81.
position. design basis requirements of IEEE 603-1991 Clause 4.
EICB (Carte)
By letter dated 2/25/11 (ML110620219), TVA docketed a response. 2.
The requirements in the SysRS and SRS are not traceable back to the design basis (e.g., IEEE Std 603-1991 Section 4) for the system. The SRS does not include any documented evidence that
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N it was ever independently reviewed in accordance with the 10CFR50 Appendix B Criterion III, Design Control. (Note: It appears that the only Common Q or WBN2 PAMS document that was independently reviewed in accordance with 10 CFR 50 Appendix B requirements is the SysRS.)
Based upon the review of the SysRS and SRS, the staff finds that there is reasonable assurance that the systems fully conform to the applicable guidelines, except for the following open items:
1 TVA to produce an acceptable description of how the SysRS and SRS implement the design basis requirements of IEEE 603-1991 Clause 4.
2 TVA to produce a final SRS that is independently reviewed in accordance with 10CFR50Appendix B, Criterion III Design Control, requirements.
373 7.5.2. 7.5 The SDDs do not include any documented evidence that they were 10. N Open Open-TVA/WEC 2 independently reviewed in accordance with the 10CFR50 Appendix Due 5/15/11 EICB (Carte)
B Criterion III, Design Control.
Based upon the review of the SDDs, the staff the following open item:
1 TVA to produce final SDDs that are independently reviewed in accordance with 10 CFR50 Appendix B Criterion III, Design Control, requirements.
374 7.5.2. 7.5 By letter dated October 29, 2010 (ML103120711), TVA docketed a 1. The Technical Specification Changes required by 11. N Open Open-TVA/WEC 2 draft technical evaluation associated with an engineering design implementation of the Common Q PAMS were made in Due 5/15/11 change (ML103120712) that states the Common Q PAMS will Revision B of the Technical Specifications which were EICB (Carte) require changes in the technical specifications. The technical submitted on TVA to NRC letter dated February 2, 2010, specifications (TS) have not be received yet for review. The TS will Watts Bar Nuclear Plant (WBN) - Unit 2 -
be reviewed once they are received. Developmental Revision B of the Technical 1 Confirm/Verify Technical Specification changes associated Specifications (TS), TS Bases, Technical Requirements with Common Q PAMS are acceptable. Manual (TRM), TRM Bases; and Pressure and Temperature Limits Report (PTLR) ADAMS ascension number ML100550326 (Reference 2).
375 7.7.9 1. During the conference call held on 4/12, the staff requested 12. N Open Open-TVA/WEC TVA to provide a description of the differences in hardware and/or software design and implementation of the Incore Instrumentation System instrumentation between WBN2 and WBN1. This information was not included in the 4/15 letter.
When will this be provided?
- 2. The response for item g provided by TVA does not describe how the regulatory requirements were met. It only listed the criteria and stated that it passed the test. Also, the criteria for EICB (Alvarado)
IITA does not list criteria for environmental qualifications of safety-related equipment (e.g., RG 1.29, Environmental Equipment Qualifications). Please provide summary test reports.
- 3. Attachment 4 of the TVA letter 4/15 states that the CET and CET cable assembly, as well as mineral insulated cables and IITA connectors, are EQ and class 1E qualified. Please provide the qualification summary test report for these components.
- 4. Attachment 5 of the TVA letter 4/15 provides the hardware description for the WINCISE (WEC document NO-WBT-002).
Does this document include a section for Software Description? If so, please provide a copy.
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N
- 5. Attachment 7 of the TVA letter 4/15 describes the functionality of the IIS for Watts Bar unit 2 and the IIS used in AP-1000.
The description provided only describes the similarity for the core exit thermocouple (CET) and the PAMS system.
However, this document does not describe the other components of the IIS (e.g. IITAs). Please clarify if the only similarity between Watts Bar unit 2 and AP-1000 is for the CETs and PAMS, and that there is not similar for the IITAs.
- 6. The WCAP-12472-P-A for the BEACON system describes that the system has three operational levels: on line monitoring, tech spec monitor (TSM), and direct margin monitor. For Unit 1, TVA requested approval of the Beacon TSM to be only used as a tech spec monitor for present peaking factor limits. Please confirm that the functionality to be implemented in Unit 2 is the same than the one requested and approved for unit 1. Note Attachment 5 states that the Beacon servers run the Beacon TSM, but it is not clear that this is the only level operating for the IIS.
- 7. The SE for use of the Beacon System in Unit 1 states that the BEACON system will be used when thermal power is greater than 25% RTP. Page 129 of Attachment 4 states that the WINCISE system will be capable of performing its required core monitoring functions at or above 20%RTP. Please clarify what the intent is for the Beacon system in Unit 2.
- 8. The technical evaluation provided for the Beacon System for unit 1 states that the movable incore detectors (MIDs) are used for periodic calibration of the PDMS when thermal power is greater than 25% RTP. Additionally, the MIDs are used whenever the PDMS is inoperable or whenever power distribution is below 25%. Please explain how this function will be performed with the fix incore detectors and the Beacon system for unit 2.
- 9. In the NRC SE for WCAP-12472-P-A for the BEACON system, the staff accepted this system but subject to three conditions. In the TVA submittal for use of the Beacon system in unit 1, TVA described how they met these conditions for Unit 1. Please describe how TVA will meet these conditions for Unit 2.
- 10. Please clarify the following statement provided in Attachment 4, Page 25: During certain accident scenarios, it is possible for the CETs to see temperatures up to 20 deg F different from Unit 1.
- 11. Attachment 4 and 5 explained that the Mineral Insulation cable allows the isolation of the core exit thermocouples (1E) and self-powered neutron detector (non-1E) signals. Please provide the analysis that evaluated this separation, as well as the evaluation that show that failure of the non-1E signal wont affect the 1E signal.
- 12. Page 129 of Attachment 4 states that a minimum of three thermocouples are operable in each quadrant. Table 7.5-2 of the SSER (R.G. 1.97) states that 4 thermocouples should be
Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval
Response
SE FSAR NRC No. Issue TVA Response(s) Acceptable Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Sec. Sec. POC Y/N operable in each quadrant. Please explain if TVA is deviating from the requirements in R.G 1.97, and how this is justified.