ML11319A070
ML11319A070 | |
Person / Time | |
---|---|
Site: | Diablo Canyon |
Issue date: | 08/17/2011 |
From: | Dwire S Invensys Operations Management, Invensys/Triconex |
To: | Office of New Reactors |
References | |
3500897372 993754-1-801(NP), Rev 0 | |
Download: ML11319A070 (21) | |
Text
i n v e. n s..y s,TM in V e. n s-. s.
Operations Management Triconex Project: PG&E PROCESS PROTECTION SYSTEM REPLACEMENT Purchase Order No.: 3500897372 Project Sales Order: 993754 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT SOFTWARE QUALITY ASSURANCE PLAN (SQAP)
Document No. 993754-1-801 (-NP)
Revision 0 August 17, 2011 Non -Proprietary copy per I OCFR2.390
- Areas of Invensys Operations Management proprietary infonnation, marked as [P], have been redacted based on I OCFR2.390(a)(4).
I Name Sig*, Title Author: S. Dwire Project QA Engineer Reviewers: H. Nguyen IV&V Engineer Approvals: J. Larson Director, Nuclear QA ISI R. Shaffer 1 Project Manager
i n v e. n S*.* S" TM in V e. n l- .*o s-Operations Management Triconex I Document: I 993754-1-801 I
Title:
Software Quality Assurance Plan Revision: 0 Page: 2 of 21 Date: [ 08/17/11 Document Change History Revision Date Change Author 0 08/17/11 Initial Issue. S. Dwire
n v* e. n s-.ý=j s-Im in V e. n s-.,=j s-Operations Management Triconex Document.::[ 993754-1-801
Title:
Software Quality Assurance Plan Revision: 0 Page: 3 of 21 1 Date: r 08/17/11 TABLE OF CONTENTS L ist of T ables ............................................................................................................ 5
- 1. PURPOSE AND SCOPE ................................................................................ 6
- 1. I.P u rp o se ....................................................................................... 6 1.2 . S c op e ........................................................................................ 6 1.2.1 Embedded Software ............................................................................. 6 1.2.2 Software Tools ................................................................................. 7
- 2. R E FE RE N CE S ................................................................................................ 7
- 2. 1. Reference Documents ............................................................................. 7 2.2.Reference W ork Process ........................................................................... 8 2.2.1 TSAP W ork Process ........................................................................ 8 2.2.2 V&V W ork Process ......................................................................... 9
- 3. SOFTW ARE MANAGEMENT .................................................................... 9
- 3. 1. Software Team Organization ........................................................................ 9 3.2. Software Tasks .................................................................................. 9 3.3. Project Responsibilities Table ....................................................................... 10 3.4. Software Developm ent ............................................................................ 10
- 4. DOCUM ENTATION .................................................................................... 10
- 4. L M inimum Documentation Requirements ................................................................ 10
- 4. 1.1 Software Requirements Specification (SRS) ........................................................ 11 4.1.2 Software Design Description (SDD ) ............................................................. 11 4.1.3 Software Verification and Validation Plan (SVVP) ................................................... 11 4.1.4 Software Verification and Validation Reports ....................................................... 11 4.1.5 User Documentation ........................................................................ 11 4.1.6 Software Configuration M anagem ent Plan (SCM P) .................................................. 12 4.1.7 Project M anagement Plan (.PMP.) ............................................................... 12 4 .1.8 T est Plan s ................................................................................ 12 4.1.9 Test Specifications ......................................................................... 12
- 4. LI 0 Project Traceability M atrix (PTM ).............................................................. 12
- 5. STANDARDS, PRACTICES, CONVENTIONS, AND METRICS ........ 12
- 5. 1. Content Table .................................................................................. 12 5 .2 . M e tric s ....................................................................................... 13 5.2.1 Process M etrics ........................................................................... 13 5.2.2 Product M etrics ........................................................................... 14 5.2.3 Quality M etrics ............................................................................ 14
- 6. REVIEW S AND AUDITS ............................................................................ 14
- 6. L M inimum Requirements ........................................................................... 14
- 6. 1.1 Software Requirements Evaluation (SRE) ......................................................... 14 6.1.2 Prelim inary Design Review (PDR) .............................................................. 14 6.1.3 Critical Design Review (.CDR.) ................................................................. 15 6.1.4 Software Verification and Validation Plan Review (SVVP Review) ....................................... 15 6.1.5 Functional Audits .......................................................................... 15 6.1.6 Physical Audit ............................................................................ 15
0 9 i n v e. n s*.ýj s* W i n V e. n s-.t:s s-Operations Management Triconex I DocumentEj Revision: 1 993754-1-801 0
Title:
Page:
Software Quality Assurance Plan 4 of 21 1 Date: 1 08/17/11 6 .1.7 M an agerial Rev iew s ........................................................................ 16 6.1.8 Software Configuration Management Plan Review (SCMP Review) ....................................... 16 6.1.9 Post M ortem R eview ........................................................................ 16 6.2. IEEE 10 12-1998 SIL4 Required R eview s ............................................................... 16 6 .2 .1 Co d e R ev iew ............................................................................. 16 6.2.2 V &V T est Plan V erifi cations .................................................................. 16 6.2.3 V &V Test Specification Verifications ............................................................ 16 6.2.4 V &V Test C ase V erifications .................................................................. 16 6.2.5 V &V Test Procedure V erifications .............................................................. 16 6.2.6 V &V Test R eport V erifications ................................................................. 17 6 .2 .7 S afety A naly sis ............................................................................ 17 6 .2 .8 T raceab ility A naly sis ........................................................................ 17 6.2.9 B aseline C hange A ssessm ent .................................................................. 17 6.3. Reliability and A vailability A nalysis ................................................................... 17
- 7. TEST .............................................................................................................. 17
- 8. PROBLEM REPORTING AND CORRECTIVE ACTION .................... 18
- 9. TOOLS, TECHNIQUES, AND METHODOLOGIES ............................. 18
- 10. CODE CONTROL ........................................................................................ 19
- 11. M EDIA CONTROL ...................................................................................... 20
- 12. SUPPLIER CONTROL ................................................................................ 20
- 13. RECORDS COLLECTION, MAINTENANCE AND RETENTION ..... 20
- 14. TRAINING .................................................................................................... 20
- 15. RISK M ANAGEM ENT ................................................................................ 21
in v e. nI s.Y s"OTM inv'e. ns'.. s" Operations Management Triconex Document: I 993754-1-801 I title: I Software Quality Assurance Plan I Revision: 0 Page: 5 of 21 Date: 08/17/11 List of Tables Tab le 1. Content Tab le ........................................................................................................................................ 13
in ve. n s.ý 'm i n V 'e. n s '.i::S "
Operations Management Triconex Document: I 993754-1-801
Title:
I Software Quality Assurance Plan Revision: 0 Page: 6 of 21 Date: 08/17/11
- 1. PURPOSE AND SCOPE 1.1. Purpose This Software Quality Assurance Plan (SQAP) defines the activities to be followed in the design, development, review, and testing for the Pacific Gas and Electric Company's Plant Protection System Upgrade Phase 1 in accordance with Purchase Order #3500897372 [Reference 2.1.1],
Master Service Agreement #4600018177 [Reference 2.1.2] and Invensys Operations Management Proposal # TPC061009291 [Reference 2.1.3]. Additional scope added to this document for all phases of the upgrade project assumes contract award of sequential phases.
This SQAP is written using the guidance of IEEE 730.1-1995 [Reference 2.1.14], Branch Technical Position 7-14 [Reference 2.1.23] and NUREG/CR-6101 [Reference 2.1.32].
1.2. Scope There are four types of software involved in this project:
- 1) TriStation Application Program (TSAP) Software
- 2) Embedded Software (i.e., operating system software, communication software, and firmware)
- 3) Software Development Tools
- 4) Software Verification and Validation (V&V) Tools The activities outlined in this SQAP apply specifically to the design, development, implementation and testing of the TSAP. Subsections 1.2.1 and 1.2.2 of this plan describe the required controls for embedded software, software development tools and software V&V tools.
The TSAP is the highest-level program organization unit within a project; it is an assembly of functions and function blocks that provide the logic for the commands executed by the Tricon.
Embedded software is present on various Tricon System modules; this software is used for internal diagnostics or other innate functions of the Tricon System. Refer to section 1.2.1 for the scope of embedded software for this project.
Invensys shall perform TSAP development and V&V activities as Safety-Related (Class IE).
Class 1E is as defined in IEEE 603-1991 [Reference 2.1.12].
Cross-references to other documents that contain IEEE 730-1998 required information are provided as permitted in Section 3 of IEEE 730-1998. Cross-references may refer to documents provided to PG&E, or to documents maintained internally at Invensys. In the latter case, the documents shall be made available to PG&E during technical and QA audits.
1.2.1 Embedded Software The TRICON System's embedded software is under configuration control by Invensys; its development is outside the scope of this project. Once a TRICON device(s) is received, the device's software configuration information (software version, revision, and maintenance
i n v'e. n s*.ý s'
- TM i r"nV" e. n7 s" .ý:: s" Operations Management Triconex Document:::[ 993754-1-801 ITitle: Software Quality Assurance Plan Revision: 0 Page: 7 of 21 1 Date: I 08/17/11 number) from the supplied Certificate of Conformance will be entered into configuration management. The TRICON System and TRICON operating system have been qualified for use in safety-related systems and are listed on Invensys-Triconex Document No. 9100150-001, Tricon VIO Nuclear QualifiedEquipment List (Tricon v0O NQEL) [Reference 2.1.27]. The current processes and procedures for their development were audited by the NRC, and were shown to comply with 10 CFR Part 50, Appendix B [Reference 2.1.5], and 10 CFR Part 21
[Reference 2.1.4].
1.2.2 Software Tools The TriStation 1131 Developers Workbench (TS 1131) is used to develop, configure, test, debug, and document the TSAP. The TS 1131 software and associated libraries were qualified for use in safety-related applications by Invensys. The TS 1131 is under developmental control by Invensys and is outside the scope of this project. The TS 1131 (and other software development tools if used) will have its software configuration information placed into configuration management in accordance with the project Software Configuration Management Plan, 993754-1-909. Section 9 of this plan describes requirements for the use of software development tools.
The TS 1131 Emulator and the Emulator Test Driver may be used to component test the TSAP structured text code and/or custom function block diagrams. All software V&V tools used in the project will be placed into configuration management in accordance with the project Software Configuration Management Plan, 993754-1-909. Section 9 of this plan described requirements for the use of software verification tools.
- 2. REFERENCES 2.1. Reference Documents 2.1.1. PG&E Purchase Order # 3500897372 2.1.2. Master Service Agreement # 4600018177 2.1.3. Invensys Proposal PPS Upgrade # TPC061009291 dated September 27, 2010 2.1.4. 10 CFR Part 21, Reporting of Defects andNonconformance 2.1.5. 10 CFR Part 50 Appendix B, Quality Assurance Criteriafor Nuclear Power Plantsand Fuel Reprocessing Plants 2.1.6. US NRC RG- 1.168, Verification, Validation, Reviews. and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants 2.1.7. US NRC RG- 1.169, ConfigurationManagement Plansfor DigitalComputer Software Used in Safey Systems of Nuclear Power Plants 2.1.8. US NRC RG- 1.170, Software Test Documentationfor DigitalComputer Software Used in Safety Systems of Nuclear Power Plants 2.1.9. US NRC RG- 1.172, Software Requirements Speefications for DigitalComputer Software Used in Safety Systeins of Nuclear Power Plants
i n- v" e.
- nl* s" .ý s"*, n V" e. n. ". s" Operations Management Triconex I Documient:
Revision:
I 993754-1-80 1 0
I
Title:
Page:
I Software Quality Assurance Plan 8 of 21 1 Date: I 08/17/11 2.1.10. ASME NQA- 1-1994 Subpart 2.7, Quality Assurance Requirementsfor Computer Software for Nuclear FacilityApplications (ASME NQA- I a- 1995 addenda) 2.1.11. IEEE 577-2004, IEEE Standardfor ReliabilitvAnalysis 2.1.12. IEEE 603-1991, Criteriafor Safety Svsterns for Nuclear Power GeneratingStations 2.1.13. IEEE 730-1998, Standardfor Software Quality Assurance Plans 2.1.14. IEEE 730.1-1995, Guidefor Software Quality Assurance Planning 2.1.15. IEEE 828-1998, Standardfor Software ConfigurationManagement Plans 2.1.16. IEEE 829-1998, Standardfor Software Test Documentation 2.1.17. IEEE 830-1998, Guide to Software Requirements Specifications 2.1.18. IEEE 1008-1987, Standardfor Software Unit Testing 2.1.19. IEEE 1012-1998, Standardfor Software Verification and Validation 2.1.20. IEEE 1016-1998, Recommended Practicefor Software Design Descriptions 2.1.21. IEEE 1028-1997, Standardfor Software Reviews 2.1.22. IEEE 1042-1987, Guide to Software Configuration Management 2.1.23. Branch Technical Position 7-14, Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems, Revision 5, U.S. Nuclear Regulatory Commission, dated March 2007 2.1.24. Invensys, Nuclear Quality Assurance Manual (IOM-Q2) 2.1.25. Invensys-Triconex, Nuclear System Integration Program Manual (NSIPM) 2.1.26. Invensys-Triconex, Quality Project Manual (QPM) 2.1.27. Invensys-Triconex Document No. 9100150-001, Tricon VJO Nuclear Qualified Equipment List (Tricon v1O NQEL.)
2.1.28. NRC Digital Instrumentation and Controls Interim Staff Guidance 06, DI&C-ISG-06, Revision I (ISG 06) 2.1.29. IEEE 7-4.3.2-2003, StandardCriteriafor DigitalComputers in Safety Systems of Nuclear Power GeneratingStations 2.1.30. Invensys-Triconex Document No. 9720068-001, TriStation 1131 Developers Workbench, Getting StartedManual 2.1.31. Invensys-Triconex, Project Procedures Manual (PPM) 2.1.32. NUREG/CR-6101, Software Reliability and Safety in Nuclear Reactor Protection Systems, U.S. Nuclear Regulatory Commission, dated June 11, 1993 2.2. Reference Work Process 2.2.1 TSAP Work Process The TSAP work process is a set of efforts that transform design information/design requirements into software that perforns specific control, human interface, and communications functions within a control system. The inputs to this process are design information (e.g. Documents,
Sn v'e. n "T& s " n N/
inve. n s-.h s-5 Operations Management Triconex I DocumentI 993754-1-801
Title:
Software Quality Assurance PlanI Revision: 0 Page: 9 of 21 1 Date: ] 08/17/11 Logic Diagrams, and a Functional Requirements Specification, etc.), and relevant regulatory requirements and guidance.
Application engineers will develop application programs to enable a TRICON to manipulate process information using the TS 1131 software development tool and the PPS Replacement Project Coding Guidelines document, 993754-1-907 for guidance. Application development normally involves configuration Function Block Diagrams (FBD) and Ladder Diagrams (LD),
but may also involve the development of source code using Structured Text (ST). FBD and LD programming languages are graphical, with standard software items interconnected and configured with attributes defined by the engineer. ST is a general purpose, high-level programming language, specifically developed for process control applications. ST is particularly useful for complex arithmetic calculations; event based sequential (procedurals) logic implementations, and can be used to implement complicated procedures that are not easily expressed in FBD or LD. ST allows the creation of Boolean and arithmetic expressions as well as structured programming constructs such as conditional statements. The Structured Text editor allows the direct development of programs and functions by writing code.
2.2.2 V&V Work Process The V&V activities for the TSAP are a combination of documentation reviews, code review, and testing. Tasks required shall be specified in the Software Verification and Validation Plan (SVVP), 993754-1-802 following the guidance contained in IEEE 1012 [Reference 2.1.19]
Safety Integrity Level (SIL) 4 requirements.
- 3. SOFTWARE MANAGEMENT 3.1. Software Team Organization A project team shall be established, based on the resources needed to deliver the completed system in accordance with the contract. The project team's organizational structure shall be outlined in the Project Management Plan (PMP), 993754-1-905.
Any conflicts between organizations that cannot be resolved at the lowest level shall be increasingly escalated through the organization in accordance with the PMP.
3.2. Software Tasks Invensys tasks and their relationships to planned major checkpoints are defined in the Project Schedule. The processes, reviews, and tests to be followed are outlined in the Invensys Nuclear System Integration Program Manual (NSIPM) [Reference 2.1.25] as implemented by the Project Procedures Manual (PPM) [Reference 2.1.31 ].
The quality assurance processes to be applied to each task are described in this SQAP, the Project Quality Plan (PQP), 993754-1-900, IOM-Q2 [Reference 2.1.24], and in the applicable procedures of the Invensys-Triconex Quality Procedures Manual (QPM) [Reference 2.1.26].
i n- v" e. n- s".-. s" 11Ae nsv'e.n s' Operations Management Triconex IDocument:
Revision:
I 993754-1-801 0
ITitle:
Page:
Software Quality Assurance Plan 10 of 21 Date: 08/17/11 Tasks covered by this SQAP are:
- 1) 10 CFR Part 21 [Reference 2.1.4] Training
- 2) Project Indoctrination Training
- 3) Reviews and audits of the project activities to verify compliance with project plans and procedures, compliance with customer contract and specifications, and compliance with 10 CFR Part 50, Appendix B [Reference 2.1.5] and 10 CFR Part 21.
- 4) Inspections, tests, and reviews as required by the Software Verification and Validation Plan (SVVP), 993754-1-802 Project tasks and their relationships are defined in the PQP and PMP. For Application Program Software, the following life cycle phases are applicable to this Project:
- 1) Requirements
- 2) Design
- 3) Implementation
- 4) Test (Validation)
The quality assurance (QA) requirements applicable to these life cycles phases are described in this SQAP, the SVVP and applicable procedures of the Invensys-Triconex QPM [Reference 2.1.26], and NSIPM [Reference 2.1.25] as implemented by the PPM.
3.3. Project Responsibilities Table Refer to the Project Management Plan (PMP), 993754-1-905, for a detailed explanation of project personnel responsibilities.
3.4. Software Development The Software Designer shall develop the TriStation Application Project (TSAP) using TriStation 1131 software in accordance with the requirements of the NSIPM [Reference 2.1.25] as implemented by the PPM.
TSAP code will be developed specifically for the PG&E PPS Replacement Project and this program code is subject to full verification and validation (V&V). The TSAP will not utilize previously developed, verified and validated program code from any other projects. Project V&V activities shall be documented in the final V&V report. See SVVP, 993754-1-802.
- 4. DOCUMENTATION 4.1. Minimum Documentation Requirements The PE shall ensure reviews of supplied design input documents are performed, to ensure the documents are complete and adequate as specified in the NSIPM [Reference 2.1.25] as implemented by the PPM. Section 6 of this document describes the review of project-generated documentation.
Changes to approved documents shall be controlled in accordance with the NSIPM as implemented by the PPM.
i n v'e. n s'.y s'
- W inve n n'*s Operations Management Triconex Document::[ 993754-1-801 I
Title:
Software Quality Assurance Plan Revision: 0 Page: 11 of 21 1 Date: I 08/17/11 The following is a list of the minimum documentation required for the project.
4.1.1 Software Requirements Specification (SRS)
Using the provided and reviewed design inputs, Invensys shall develop a SRS draft and submit it to the customer for review and approval. The SRS shall be structured to capture all customer software functional requirements. The SRS shall describe each software function and each shall be defined such that its achievement can be verified during the V&V process. Each software safety-critical function shall be clearly identified. The requirements of the SRS are defined in the NSIPM as implemented by the PPM. The SRS shall be prepared using the guidance provided in RG 1.172 [Reference 2.1.8] and IEEE 830-1998 [Reference 2.1.17].
4.1.2 Software Design Description (SDD)
Based on the customer provided design inputs and the approved SRS, Invensys shall develop a SDD draft and submit it to the customer for review and approval. The SDD shall be structured to satisfy the requirements of the SRS. The SDD shall describe the components and subcomponents of the software design, including databases and internal interfaces. The requirements of the SDD are defined in the NSIPM [Reference 2.1.25] as implemented by the PPM. The SDD shall be prepared using the guidance provided in IEEE 1016-1998 [Reference 2.1.20].
4.1.3 Software Verification and Validation Plan (SVVP)
The Verification and Validation (V&V) Manager or designee shall prepare a Software V&V Plan in accordance with the NSIPM as implemented by the PPM. The SVVP, 993754-1-802, identifies the methods, tools and criteria used to determine the quality of items listed under this SQAP. The requirements for the preparation, review, approval and control of the SVVP are established in the NSIPM. The V&V Plan shall be prepared using the guidance provided in RG-1.168, Rev. I [Reference 2.1.6], IEEE 1028-1997 [Reference 2.1.21], IEEE 829-1998 [Reference 2.1.16] and IEEE 1012-1998, [Reference 2.1.19].
The SVVP shall also describe the requirements for a Validation Test Plan, 993754-1-813, and a Software Verification Test Plan, 993754-1-868.
4.1.4 Software Verification and Validation Reports The SVVP shall outline the required IEEE 10 12-1998 V&V Reports. The V&V Activity Summary Reports for each life cycle phase shall be developed and issued as required by the SVVP.
4.1.5 User Documentation Invensys should supply standard installation, operation, programming, and maintenance documentation for the system. Invensys standard user documentation will specify the required data and control inputs, input sequences, options, program limitations and other activities or items necessary for the use of the software. Error messages will be identified and corrective actions described, and a method provided for communicating problems to the correct technical
i n v'e. n s'.ý-. s" Operations Management Triconex IDocument:
Revision:
993754-1-801 0
ITitle:
Page:
j Software Quality Assurance Plan 12 of 21 1 Date: 1 08/17/11 support organization. Installation instructions and operating and maintenance manuals shall be provided to the extent defined in customer specifications.
4.1.6 Software Configuration Management Plan (SCMP)
A Software Configuration Management Plan shall be prepared using the guidance provided in IEEE 828-1998 [Reference 2.1.15] and IEEE 1042-1987 [Reference 2.1.22]. The SCMP is a means through which the integrity and traceability of software are recorded, communicated, and controlled. The SCMP shall require configuration management and control activities to be performed in accordance with the NSIPM [Reference 2.1.25] as implemented by the PPM.
4.1.7 Project Management Plan (PMP)
A PMP, 993754-1-905, shall be prepared as specified in the Project Procedures Manual (PPM)
[Reference 2.1.31 ], using guidance from BTP 7-14 [Reference 2.1.23] and NUREG/CR-6101
[Reference 2.1.28].
4.1.8 Test Plans V&V Test Plans shall be created as specified in IEEE 1012-1998 [Reference 2.1.19]. The Test Plans prescribe the scope, approach, resources and schedule of V&V testing activities for the applicable software listed under the SQAP. The requirements for the preparation, review, approval, and control of the Test Plans are established in the NSIPM [Reference 2.1.25] as implemented by the PPM. The Test Plans will also be prepared using the guidance provided in the PQP (99354-1-900), PPM, Test Specifications and SVVP, 993754-1-802.
4.1.9 Test Specifications The Test Specifications identify the scope, approach and acceptance criteria of software V&V testing for the applicable software listed under this SQAP. The requirements for the preparation, review, approval, and control of the Test Specifications will also be prepared using the guidance provided in the PQP, SVVP, and ISG 06 [Reference 2.1.28].
4.1.10 Project Traceability Matrix (PTM)
Traceability of all activities and documents is critical to the success of the Project. Traceability will be sufficient to trace design inputs to design outputs and to trace outputs back to inputs. The requirements for the preparation, review, approval and control of the PTM are defined in the PMP, 993754-1-905 and SVVP, 993754-1-802.
- 5. STANDARDS, PRACTICES, CONVENTIONS, AND METRICS This section identifies the standards, practices, conventions and metrics to be used, and quality requirements applied to the project.
5.1. Content Table Table 1, below, identifies the standards and guidelines documents for the PPS Replacement Project.
i n v'e. n s'.* s' inv'e. n s',* s" Operations Management Triconex I Document:
Revision:
I 993754-1-801 0
I
Title:
Page:
Software Quality Assurance Plan 13 of 21 Date: 08/17/11 5.2. Metrics The following metrics shall be analyzed at a minimum, to identify common features and potential changes in procedure or process needed, to prevent recurrence:
w
i n V e. n s"..j s* i nve. n s'. s" Operations Management Triconex IDocument Revision: I 993754-1-801 0
Title:
Page: SoftwareQualit 14 of 21 1 Assurance Date: Plan 1 08/17/1l LiI
- 6. REVIEWS AND AUDITS This section specifies the minimum reviews and audits required during the project.
6.1. Minimum Requirements The SVVP shall define the V&V review and audit activities for the project, and shall identify the tasks required, tools that will be used, the acceptance criteria, and the required documentation for each task. Subsection 4.1.3 of this plan describes the content of the SVVP, 993754-1-802.
Independent Reviewers shall perform technical reviews of software as required by IEEE 1012-1998 [Reference 2.1.19], Annex C, and "Classical V&V".
Technical reviews/audits will be performed in accordance with the PPM [Reference 2.1.31].
These technical reviews/audits will be performed during the work on those software items identified in the SRS. Reviews and audits by QA/IREN&V shall be performed in accordance with the SVVP, PQP, and as directed by the Invensys Triconex QA Manager. Management reviews and audits will be performed per the applicable audit plans and schedules, which are controlled in accordance with the NSIPM [Reference 2.1.25] as implemented by the PPM, to ensure that all required tasks have been completed and appropriately documented.
Scheduling of reviews and audits will be conducted in accordance with the Project Schedule.
Quality Assurance activities are required to be on the Project Schedule, where applicable.
EL
n v'e. n s'.y s" TM i n Ve.n s'.I s" Operations Management Triconex Document: 993754-1-801
Title:
S oftware Quality Assurance Plan Revision: 0 Page: 15 of 21 1 Date: I 08/17/11 w
i n v e. n s*." . s" ii V e. n s' 5" Operations Management Triconex ID°cument.:
Revision: 993754-1-801 0
Title:
Page: Software 16 of 21 Qualit 1 Assurance Date: Plan I 08/17/11 6.2. IEEE 1012-1998 SIL4 Required Reviews 6.2.1 Code Review Nuclear Project Delivery personnel shall conduct a code versus design input documentation review during in-process TSAP development. The required documentation shall be specified in the SVVP, 993754-1-802 and implemented via the Software Development Plan, 993754-1-910.
6.2.2 V&V Test Plan Verifications An IRE shall perform a Test Plan Verification using a Design Review Checklist (DRC) to ensure the V&V Test Plan using guidance from IEEE 1012-1998 is compliant. The required documentation shall be specified in the SVVP.
6.2.3 V&V Test Specification Verifications An IRE shall perform a Test Design Verification using a DRC, to ensure the V&V Test Specifications using guidance from IEEE 1012-1998 is compliant. The required documentation shall be specified in the SVVP.
6.2.4 V&V Test Case Verifications An IRE shall perform Test Case Verification using guidance from IEEE 10 12-1998 [Reference 2.1.19]. The required documentation shall be specified in the SVVP.
6.2.5 V&V Test Procedure Verifications An IRE shall perform Test Procedure Verification using a DRC and guidance from IEEE 1012-1998 to ensure compliance. The required documentation shall be specified in the SVVP.
i n v e. n s".* *
- s5 .M in Ve n ' "
Operations Management Triconex I Document:[I 993754-1-801
Title:
Software Quality Assurance Plan Revision: 0 Page: 17 of 21 Date: I 08/17/11 6.2.6 V&V Test Report Verifications An IRE shall perform V&V Test Report Verifications using the guidance provided in the NSIPM, as implemented by the PPM, to ensure the V&V Test Reports are compliant. The required documentation shall be specified in the SVVP.
6.2.7 Safety Analysis Four separate analyses required by IEEE 10 12-1998 [Reference 2.1.19] shall be combined into this single document: Criticality, Risk, Hazard and Interface Analyses. An IRE shall perform these analyses using IEEE 1012-1998 [Reference 2.1.19] and NSIPM [Reference 2.1.25], as implemented by the PPM, as guidance during the Requirements, Design, Implementation and Test Phases. The required documentation shall be specified in the SVVP, 993754-1-802.
6.2.8 Traceability Analysis An IRE shall perform a Traceability Analysis using a Project Traceability Matrix (PTM) during the Requirements, Design, Implementation and Test Phases. An updated PTM shall document the review.
6.2.9 Baseline Change Assessment A Baseline Change Assessment as required by IEEE 1012-1998 [Reference 2.1.19] shall be performed by an IRE during the Planning, Design, Implementation, and Test Phases. The required documentation shall be specified in the SVVP.
6.3. Reliability and Availability Analysis A Reliability and Availability Analysis as required by IEEE 577-2004 [Reference 2.1.11] shall be performed using the concepts and methods of the Markov Process.
- 7. TEST The following tests shall be performed on the TSAP:
- 1) Component
- 2) Integration
- 3) System
- 4) Acceptance Component Testing shall be performed on TS 1131 structured text programs, and/or custom function block diagrams using guidance from IEEE 1012-1998 [Reference 2.1.19]. IEEE 1008-1987 [Reference 2.1.18] was evaluated for use in the project and it was determined that IEEE 10 12-1998 is more restrictive; therefore, there is no benefit in performing software unit testing in accordance with IEEE 1008-1987.
Component testing coverage shall include all functional and performance requirements pertaining to the test item, and shall be validated by test case. Internal structure coverage shall be validated by test case to include invalid inputs, full scope of valid inputs, and defined outputs.
i I Ve. rs.n * ° S"inýe
'7M n7 V" e. n* s" -S Operations Management Triconex I Document: 993754-1-801
Title:
Softxvare Quality Assurance Plan Revision: 0 Page: 18 of 21 1 Date: 1 08/17/11 The SVVP, 993754-1-802, shall define all the V&V test activities, specify the V&V tools to use, the required acceptance criteria, and the documentation required for each task. The Test Plan and Test Specification will detail the scope, approach, resources, schedule and acceptance criteria required for Software Verification and Validation testing activities.
V&V of embedded software in hardware devices is outside the scope of the project team, but proper operation of the hardware devices is ensured during Integration and System testing.
Integration and Acceptance testing shall be performed with all applicable 3 rd party hardware installed.
Embedded software will primarily be present in the Tricon modules, dedication of approval of this firmware is discussed in the V10 Tricon Topical Report. The firmware is part of the NRC Safety Evaluation of the V 10 Tricon Platform. 3rd party hardware that has firmware present will be either supplied by the customer or dedicated through an approved process or manufacturer.
The PQAE shall monitor testing activities to assure that tests are conducted using approved test procedures and tools, and that test anomalies and/or non-conformances are identified, documented, addressed, and tracked to closure. QA personnel shall review post-test execution related artifacts, including test reports, test results, nonconformance reports, and updated traceability matrices, to ensure the required documentation is prepared adequately.
Testing shall be performed and documented as specified in the NSIPM [Reference 2.1.25] and PPM [Reference 2.1.31 ].
- 8. PROBLEM REPORTING AND CORRECTIVE ACTION Software problems (anomaly) identified during the design, implementation, and test phases shall be documented and resolved in accordance with the NSIPM as implemented by the PPM. When unexpected test conditions and/or deviations from procedural requirements are identified, the problem(s) is also documented and dispositioned on an Action Request Report (ARR).
All project personnel are responsible for reporting problems when and where they are found.
- 9. TOOLS, TECHNIQUES, AND METHODOLOGIES The TriStation 1131 Developer's Workbench software tools will be used in this project. Invensys has validated the TS 1131 and associated libraries. In the V9 SER, the NRC staff recognized that TriStation 1131 is a non-safety-related tool used to develop software intended for safety-related applications. Knowing this, the staff found that the TriStation 1131 is acceptable to produce software that is intended for safety-related use in nuclear power plants. The approval is contingent on proper testing of the operational software. The staff also stated in the V9 SER that test plans, procedures, and results are to be reviewed on a plant-specific basis. The Invensys Operations Management PPMs that were developed under an approved Appendix B program provide traceability to the SER through a rigorous and well-defined software life cycle. The PPS
i n v'e. ns. *
- s *,TM n. N/ e. rn s".ý: ,s" Operations Management Triconex Document: 993754-1-801 I tile: Software Quality Assurance Plan Revision: 0 Page: 19 of 21 1 Date: 1 08/17/11 Replacement Project documents (project plans, design specifications, procedures, and results) will be developed and maintained in accordance with the PPMs.
The V&V Manager shall identify any additional tools, techniques and methodologies needed to V&V software developed for the project in the SVVP, 993754-1-802. The V&V Manager shall ensure that all software tools used are verified/validated using IEEE 1012-1998 SIL-4 criteria, to demonstrate the capability of the software tool to produce valid results.
The Lake Forest facilities shall be used in the development and testing of the software. Further details about the facilities features and physical security can be found in the Project Management Plan, 993754-1-905.
The V&V Manager shall place all software tools used in configuration management as specified in the SCMP.
- 10. CODE CONTROL Software development is an activity in progress until the TriStation Application Project (TSAP) code is considered fully functional and ready for verification. No rigorous procedural configuration controls are applied until that point.
Configuration controls are designed into the process from inception throughout the software life cycles.
The Invensys TriStation 1131 Developer's Workbench tool creates a TSAP file that is under password and revision level control. The TS 1131 tool increments the revision level each time an activity is compiled and adds an associated comments field. This information is retained in the project file. Access to the TSAP file is password protected and only the TS 1131 tool can be used to modify the software.
When the TSAP is ready for V&V, the code will be placed under the software configuration management process described in the NSIPM [Reference 2.1.25] and SCMP, 993754-1-909.
This will occur near the end of the implementation phase and continue until the software is prepared for turnover to the customer. Turnover is controlled in accordance with customer requirements.
in ve. n s'.iv s" TM i n V'e. n s'.i s" Operations Management Triconex Document::[ 993754-1-801
Title:
j Software Quality Assurance Plan Revision: 0 Page: 20 of 21 1 Date: I 08/17/11 Physical control of code is described in the NSIPM as implemented by the PPM.
- 11. MEDIA CONTROL The software designer will keep the PM/PE informed of the TriStation Application Project (TSAP) location, TSAP filename and associated password(s) as required by the SCMP, 993754-1-909.
The original code, or a copy thereof, will be maintained on a server accessible to management.
Backup provisions will be provided in accordance with local protocols. Alternatively, a copy may be retained on CD-ROM at a location known to the PM/PE. As long as the fundamental requirement of having a back up copy, which is retrievable by management, is maintained. If control of the program code is transferred, for testing or otherwise, then it must be maintained independently and be retrievable by Project Management. Any server used for storage of original code will have access control protocols and permissions enabled.
After the software code has been validated and, subsequently approved by the customer, it will be backed up onto a CD-ROM and labeled with the program (project) name and revision level, or otherwise controlled in accordance with customer requirements.
- 12. SUPPLIER CONTROL Sub-suppliers and Subcontractors used in the project shall be managed in accordance with the NSIPM [Reference 2.1.25], and the QPM [Reference 2.1.26].
Processing and controlling purchase requisitions and purchase orders, the bidding and awarding of supplier contracts, and revisions to procurement documents for material and services, shall be performed in accordance with the NSIPM as implemented by the PPM. Applicable customer specified regulatory and contract requirements shall be passed down to sub-suppliers, and subcontractors in accordance with the NSIPM.
- 13. RECORDS COLLECTION, MAINTENANCE AND RETENTION All Project records will be collected, stored, maintained and retained in accordance with the NSIPM as implemented by the PPM.
- 14. TRAINING Project personnel shall be trained and qualified in accordance with the Project Management Plan, 993754-1-905, and NSIPM as implemented by the PPM. Training will be provided to customer personnel as per their requirements.
i n v e. n s".!= s" IM in v'e. r s' Operations Management Triconex I Document:
Revision:
I 993754-1-801 0
I Ttle:
Page:
I Software Quality Assurance Plan 21 of 21 Date: 08/17/11
- 15. RISK MANAGEMENT Risks are managed in accordance with the Project Risk Management Plan, 993754-1-908, as highlighted in the PMP, 993754-1-905. The Risk Management Plan shall include all technical and project risks.
The PM and PE will evaluate all identified risks and determine the methods to be used in eliminating and/or mitigating their consequences.