DCL-12-030, Response to Items Contained in NRC Acceptance Review of License Amendment Request for Digital Process Protection System Replacement

From kanterella
(Redirected from ML12094A072)
Jump to navigation Jump to search

Response to Items Contained in NRC Acceptance Review of License Amendment Request for Digital Process Protection System Replacement
ML12094A072
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 04/02/2012
From: Becker J
Pacific Gas & Electric Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
Shared Package
ML120940116 List:
References
DCL-12-030, TAC ME7522, TAC ME7523
Download: ML12094A072 (24)
v  d  e


Text

Attachment 1 to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390

__ Pacific Gas and

~&~

. Electric Company April 2, 2012 PG&E Letter DCL-12-030 James R. Becker Site Vice President Diablo Canyon Power Plant Mail Code 104/6 P. O. Box 56 Avila Beach, CA 93424 805.545.3462 Internal: 691.3462 Fax: 805.545.6445 10 CFR 50.90 u.s. Nuclear Regulatory Commission ATTN: Docu ment Control Desk Washington, DC 20555-0001 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 Diablo Canyon Units 1 and 2 Response to Items Contained in NRC Acceptance Review of License Amendment Request for Digital Process Protection System Replacement

References:

1. PG&E Letter DCL-11-104, "License Amendment Request 11-07,

. Process Protection System Replacement," dated October 26, 2011.

2. ' NRC Letter "Diablo Canyon Power Plant, Unit Nos. 1 and 2 -.

Acceptance Review of License Amendment Request for Digital Process Protection System Replacement (TAC Nos. ME7522 and ME7523)," dated January 13, 2012.

Dear Commissioners and Staff:

In Reference 1, Pacific Gas and Electric (PG&E) submitted License Amendment Request (LAR) 11-07 to request NRC approval to replace the Diablo Canyon Power Plant Eagle 21 digital process protection system (PPS) with a new digital PPS that is based on the Invensys Operations Management Tricon Programmable Logic Controller (PLC), Version 10, and the CS Innovations, LLC (a Westinghouse Electric Company), Advanced Logic System.

In Reference 2, the NRC staff documented its acceptance of Reference 1 for review and requested further clarification be provided for nine items. PG&E's response to the staff's request for further clarification is provided in Enclosure 1.

The CS Innovations document 6116-00000, "Diablo Canyon PPS Management Plan," Revision 1, contained in Attachment 1 to the Enclosure contains information proprietary to CS Innovations, LLC ("CS Innovations"). Accordingly, Attachment 2 to the Enclosure includes a CS Innovations authorization letter, Affidavit #AFF6116-00053-2, an accompanying affidavit, a Proprietary Information Notice, and a Copyright Notice. The affidavit is signed by CS Innovations, the owner of the information. The affidavit sets forth the basis on which the CS Innovations to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

A member of the STARS (Strategic Teaming and Resource Sharing)

Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Onofre
  • Wolf Creek to the Enclosure contains Proprietary Information - Withhold Under 10 CF'R 2,390 m Document Control Desk

~&~ April 2, 2012 Page 2 PG&E Letter DCL-12-030 proprietary information contained in CS Innovations document 6116-00000, "Diablo Canyon PPS Management Plan," Revision 1 may be withheld from public disclosure by the Commission, and it addresses with specificity the considerations listed in paragraph (b )(4) of 10 CFR 2.390 of the Commission's regulations. PG&E requests that the CS Innovations proprietary information be withheld from public disclosure in accordance with 10 CFR 2.390.

Correspondence with respect to the copyright or proprietary aspects of the application for withholding related to the CS Innovations proprietary information or the CS Innovations affidavit provided in Attachment 2 to the Enclosure should reference CS Innovations Affidavit AFF6116-00053-2 and be addressed to Scott Roberts, Director, CS Innovations, LLC, 7400 E Tierra Buena Lane, Suite 101, Scottsdale, AZ 85260-1795.

If you have any questions, or require additional information, please contact Tom Baldwin at (805) 545-4720.

This information does not affect the results of the technical evaluation or the significant hazards consideration determination previously transmitted in Reference 1.

This communication contains new regulatory commitments (as defined by NEI 99-04) that were not previously made in Reference 1. The commitments are contained in Attachment 3 of the Enclosure to this letter. This communication contains one commitment that revises a commitment made in Reference 1.

I state under penalty of perjury that the foregoing is true and correct.

Executed on April 2, 2012.

Site Vice President kjse/4328 SAPN 50452454 Enclosure to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled, A

member of the STARS (Strategic Teaming and Resource Sharing)

Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Onofre
  • Wolf Creek to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Document Control Desk April 2, 2012 PG&E Letter DCL-12-030 Page 3 cc:

cc/enc:

Diablo Distribution Gary W. Butner, Branch Chief, California Department of Public Health Elmo E. Collins, NRC Region IV Michael S. Peck, NRC, Senior Resident Inspector Joseph M. Sebrosky, NRR Project Manager Alan B. Wang, NRR Project Manager to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

A member of the STARS (Strategic Teaming and Resource Sharing)

Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Onofre
  • Wolf Creek to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 PG&E Response to Items Contained in NRC Acceptance Review of License Amendment Request for Digital Process Protection System Replacement NRC Item 1:

[Interim Staff Guidance (ISG) ISG-06 Enclosure B, Item 1.3} Deterministic Nature of Software:

Please identify the board access sequence and provide corresponding analysis associated with digital response time performance. This analysis should be of sufficient detail to enable the NRC staff to determine that the logic-cycle;

a. has been implemented in conformance with the ALS [Advanced Logic System}

Topical Report design basis,

b. is deterministic, and
c. the response time is derived from plant safety analysis performance requirements and in full consideration of communication errors that have been observed during equipment qualification.

As stated in the LAR [License Amendment Request}, information pertaining to response time performance will be submitted as a Phase 2 document. Please ensure this matter is addressed accordingly.

PG&E Response:

ALS In LAR 11-07 contained in Pacific Gas and Electric (PG&E) Letter DCL-11-1 04, dated October 26, 2011, PG&E submitted a request for NRC approval to replace the Diablo Canyon Power Plant (DCPP) Process Protection System (PPS).

The DCPP PPS document 6116-00011, "ALS System Design Specification," Section 7.5, identifies the ALS board access sequence and provides an analysis associated with digital response time performance.

The DCPP PPS ALS system is configured in accordance with the qualification requirements of the ALS platform topical report. The analysis in Diablo Canyon PPS document 6116-00011, "ALS System Design Specification," Section 7, describes a logic cycle that is deterministic. The requirements for the response time of the PPS processing instrumentation (from input conditioner to' conditioned output signal) is specified as not to exceed 0.409 seconds in Section 3.2.1.10 of the "Diablo Canyon Power Plant Units 1 & 2 Process Protection System Replacement Functional Requirements Specification (FRS)," Revision 4 submitted as of the LAR 11-07. In Section 1.5.8 of the "Diablo Canyon Power Plant Units 1 & 2 Process Protection System Replacement Interface Requirements 1 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 Specification (IRS)." Revision 4, submitted as Attachment 8 of the LAR 11-07, the 0.409 seconds PPS processing instrumentation response time is allocated between the ALS and Tricon as follows:

ALS: 175 ms for resistance temperature detector processing Tricon: 200 ms Contingency: 34 ms The 0.409 seconds PPS processing instrumentation value is the same as the value that is currently allocated to PPS processing instrumentation. As long as the 0.409 second PPS processing instrumentation value is not exceeded, the total reactor trip and engineered safety features actuation system response time values assumed in the plant safety analyses contained in Final Safety Analysis Report (FSAR) Tables 15.1-2, 15.2-1, 15.3-1, 15.3-3 and 15.4-8 will not be exceeded.

The ALS response time will be verified as part of the factory acceptance test (FAT) and the results will be included in the FAT summary report to be submitted by December 2012.

Tricon Invensys Operations Management provided detailed information on the deterministic operation of the V1 0 Tricon in Invensys Operations Management Letter No. NRC-V1 0-11-001, dated January 5,2011. In support of the V1 0 Tricon safety evaluation, Invensys Operations Management submitted document 9600164-731, "Maximum Response Time Calculations," describing the worst-case response time for the V1 0 Tricon Qualification System. Included in document 9600164-731 are the standard equations for calculating worst-case response time of a given V1 0 Tricon configuration. The time response calculation for the V1 0 Tricon PPS Replacement architecture will be submitted by April 16, 2012. The Tricon response time will be verified as part of the FAT and the results will be documented in the System Response Time Confirmation Report, 993754-1-818, that will be submitted to the staff as part of the ISG-06 Phase 2 submittals at the completion of FAT of the V10 Tricon PPS Replacement.

NRC Item 2:

[ISG-06 Enclosure B, Item 1.4] Software Management Plan:

Regulatory Guide (RG) 1.168, Revision 1, "Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," dated February 2004 endorses IEEE (Institute of Electrical and Electronics Engineers) 1 012-1998, "IEEE Standard for Software Verification and Validation,"

and IEEE 1 028-1997, "IEEE Standard for Software Reviews and Audits," with the exceptions stated in the Regulatory Position of RG 1. 168. RG 1. 168 describes a method acceptable to the NRC staff for complying with parts of the NRC's 2 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 regulations for promoting high functional reliability and design quality in software used in safety systems. Standard Review Plan (SRP) Table 7-1 and Appendix 7. 1-A identify Regulatory Guide 1. 168 as SRP acceptance criteria for reactor trip systems (RTS) and for engineered safety features Westinghouse/ALS 6116-00000 Diablo Canyon PPS Management Plan, Figure 2-2, shows the Verification and Validation (V& V) organization reporting to the Project Manager. This is inconsistent with the information described in the ALS Management Plan for the generic system platform, where the V& V organization is independent form the Project Manager. This is also inconsistent with the criteria of RG 1. 168 and will need to be reconciled during the LAR and ALS L TR reviews.

PG&E Response:

The PPS Replacement LAR referenced CS Innovations document 6116-00000 Diablo Canyon PPS Management Plan, Revision 0, dated July 25,2011, that was based on CS Innovations document 6002-00003 ALS Verification and Validation Plan, Revision 4. CS Innovations subsequently submitted a revised V&V plan, "6002-00003 ALS Verification and Validation Plan," Revision 5, on November 11, 2011, that revised the required V&V organization structure such that the management of the verification personnel is separate and independent of the management of the development personnel. The CS Innovations 6116-00000 Diablo Canyon PPS Management Plan has been revised to require a V&V organization structure in which the management of the verification personnel is separate and independent of the management of the development personnel. CS Innovations document 6116-00000 Diablo Canyon PPS Management Plan, Revision 1, is contained in Attachment 1 to this Enclosure.

NRC Item 3:

[ISG-06 Enclosure B, Item 1.9J Software V&V Plan:

The ALS V& V plan states that Project Manager of the supplier is responsible for providing directions during implementation of V& V activities. Also, the organization chart in the Diablo Canyon PPS Management Plan shows the IVV manager reporting to the PM.

The ALS V&V plan described in ISG6 matrix for the ALS platform and the Diablo Canyon PPS Management Plan do not provide sufficient information about the activities to be petiormed during V& V. For example, the ALS V& V Plan states that for project specific systems, V& V activities are determined on a project by project basis and are described in the project Management Plan, in this case, 6116-00000, "Diablo Canyon PPS Management Plan." However, the 6116-00000 Diablo Canyon PPS Management Plan states: "See the ALS V&V Plan for more information and the intetiace between the IV& V team and the PPS Replacement project team."

3 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 The Triconex V& V plan states that the Engineering Project Plan defines the scope for V& V activities. As mentioned before, the Triconex EPP is not listed in the ISG6 matrix.

These items will need further clarification during the LAR review to demonstrate compliance with Regulatory Guide (RG) 1. 168, Revision 1, "Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants."

PG&E Response:

ALS The CS Innovations 6116-00000 Diablo Canyon PPS Management Plan, Revision 1, includes details on how the IV&V team has an independent organizational reporting structure from the design and implementation team. The Scottsdale Operations Director and the ALS Platform & Systems Director report to different Westinghouse Vice Presidents. The IV&V Manager and Scottsdale Operations Director both report to the same Westinghouse Vice President, but via independent reporting structures.

The CS Innovations 6116-00000 Diablo Canyon PPS Management Plan, Revision 1, Section 5.2 states the IV& V team for the Diablo Canyon PPS system will follow the generic V&V plan, "6002-00003 ALS Verification and Validation Plan," for IV&V activities including FPGA simulation testing with specified considerations.

Tricon The organizational structure of Invensys Operations Management comprises, in part, Engineering and Nuclear Delivery. Each of these organizations plays a specific role in the V1 0 Tricon application project life cycle. "I nvensys Operations Management Engineering is responsible for designing and maintaining the V1 0 Tricon platform, and Nuclear Delivery is responsible for working with nuclear customers on safety-related V10 Tricon system integration projects. Invensys Operations Management Engineering department procedures require "Engineering Project Plans (EPP)," whereas Nuclear Delivery department procedures require "Project Plans." Invensys Operations Management Engineering is not directly involved in system integration, but Nuclear Delivery may consult with Engineering on technical issues related to the V1 0 Tricon platform.

The NRC applied ISG-06 to the V1 0 Tricon safety evaluation. Invensys Operations Management submitted a number of documents pertaining to the design of the V10 Tricon platform as well as process and procedure documents governing Invensys Operations Management Engineering activities, including the EPP. In most cases, these platform-related documents are preceded with document number 4 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 9600164. The platform-level documents reviewed by the staff during the V1 0 Tricon safety evaluation will not be resubmitted to the staff by Nuclear Delivery during application-specific system integration projects.

In support of the PG&E LAR 11-07 for the DCPP PPS Replacement, lnvensys Operations Management Nuclear Delivery is required to submit the application design documents as defined in ISG-06. These project documents are preceded by document number 993754. The Phase 1 submittal under lnvensys Operations Management Project Letter 993754-026T, dated October 26,2011, contained, in part, the following:

1)

PPS Replacement Project Management Plan (PMP), 993754-1-905, "Project Management Plan" was used to more closely match BTP 7-14 with regard to "management plans;" and

2)

PPS Replacement Software Verification and Validation Plan (SVVP),

993754-1-802.

The PMP describes the PPS Replacement Project management activities within the lnvensys Operations Management scope of supply. The guidance documents BTP 7-14 and NUREG/CR-6101 were used as input during development of the PMP.

For compliance with RG 1.168, the PPS Replacement PMP and SVVP both describe the organizational structure and interfaces of the PPS Replacement Project. The documents describe the Nuclear Delivery design team structure and responsibilities, the Nuclear IV&V team structure and responsibilities, the interfaces between Nuclear Delivery and Nuclear IV&V, lines of reporting, and degree of independence between Nuclear Delivery and Nuclear IV&V. In addition, the PMP describes organizational boundaries between lnvensys Operations Management and the other external entities involved in the PPS Replacement project: PG&E, Altran, Westinghouse, and lnvensys Operations Management suppliers. The combination of the PMP and SVVP demonstrate compliance of the lnvensys Operations Management organization with RG 1.168.

NRC Item 4:

[ISG-06 Enclosure B, Item 1.10J Software Configuration Management Plan:

The LAR includes PG&E CF2.ID2, "Software Configuration Management for Plant Operations and Operations Supporl, " in Attachment 12. However, the document provided in Attachment 12 only provides a guideline for preparing Software Configuration Management (SCM) and SQA plans. Though it is understood that the licensee will not petiorm development of software, PGE personnel will become responsible for maintaining configuration control over software upon delivery from the vendor.

5 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 The staff requires the actual plan to be used by the licensee for maintaining configuration control over PPS software in order to evaluate against the acceptance criteria of the SRP. For example, the ALS Configuration Management (CM) Plan (6002-00002) describes initial design activities related to ALS generic boards. This plan does describe the configuration management activities to be used for the development and application of the ALS platform for the Diablo Canyon PPS System. The staff requires that configuration management for this design be described in the DCPP project specific plan. These items will need further clarification during the LAR review to demonstrate compliance with BTP-14.

PG&E Response:

PG&E will develop a Software Configuration Management Plan (SCMP) procedure to address configuration control after shipment of equipment from the vendor and will submit the document by May 31,2012.

NRC Item 5:

[ISG-06 Enclosure B, Item 1.11] Software Test Plan:

The V10 platform documents identified in ISG6 matrix state that the interface between the NGIO (Next Generation Input Output) Core Software and 10-specific software will not be tested. It is not clear when and how this interface will be tested, and why this test is not part of the software unit testing and integration testing activities.

Further, the 993754-1-813 Diablo Canyon Triconex PPS Validation Test Plan states that the DCPP's TSAP will not be loaded on the system; instead Triconex will use another TSAP for the validation test. It is not clear why the DCPP's TSAP will not be used for the validation test or when the DCPP's TSAP will be loaded on the system and validated for the Diablo Canyon PPS System. These items will need further clarification during the LAR review to demonstrate compliance with BTP-14.

PG&E Response:

The next-generation input/output (I/O) modules qualified for the V1 0 Tricon are the 3721 N 4-20 milliampere, 32-point analog input (AI) module, and the 3625N 24 Vdc, 32-point digital output (DO) module. Technical data on these two modules was provided to the NRC in support of the V1 0 Tricon safety evaluation. Configuration and functional testing is performed when the 1/0 modules (hardware and embedded core firmware) are manufactured. From the factory, the 1/0 modules are shipped to Invensys Operations Management Nuclear Delivery for use in nuclear system integration projects, i.e., application-specific configurations. Because the module hardware and embedded core firmware are within the scope of the V1 0 Tricon safety evaluation, the verification and validation of the embedded core firmware will not be repeated as part of application-specific system integration projects.

6 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 There are certain design items that must be done with TriStation 1131, such as specifying which I/O module is installed in a particular physical slot of the Tricon chassis, resulting in each module having a unique hardware address in the system.

Also, TriStation 1131 is used to specify which application program parameters (i.e.,

program variable tagnames) are assigned to a particular point on a given 1/0 module. The design items configured in TriStation 1131 will be within the scope of validation activities conducted by Invensys Operations Management Nuclear IV&V for application-specific system integration projects. The necessary collateral (system build documents, configuration tables, test procedures, test results, etc.) are being submitted to the NRC to support the staff's technical review of the PPS Replacement LAR in accordance with ISG-06 as previously committed in LAR 11-07.

The Phase 1 submittal under Invensys Operations Management Project-Letter 993754-026T, dated October 26,2011, contained, in part, the Validation Test Plan (VTP), 993754-1-813. This document describes the scope, approach, and resources of the testing activities that are required for validation testing of the V1 0 Tricon portion of the PPS Replacement, including:

Preparing for and conducting system integration tests Defining technical inputs to validation planning Defining the test tools and environment necessary for system validation testing Scheduling (and resource loading of the schedule)

Section 1.3.2 of the VTP describes the Hardware Validation Test activities and Section 1.3.3 of the VTP describes the V1 0 Tricon portion of the Factory Acceptance Test activities for the V1 0 Tricon portion of the PPS Replacement.

NRC Item 6:

[ISG-06 Enclosure B, Item 1.14J Equipment Qualification Testing Plans The LAR Sections 4.6, 4.10.2.4 and 4.11.1.2 provide little information on the plant specific application environmental factors. The Tricon V10 Safety Evaluation, ML11298A246, Section 6.2 lists 19 application specific actions Items (ASAl's) that the licensee should address for plant specific applications. The licensee should address each of these for Tricon portion of the PPS replacement. Similar information for the ALS portion of the PPS replacement will also be required.

PG&E Response:

To address environmental factors, the physical requirements for the DCPP PPS replacement equipment were specified to the vendors in Section 3.1 of the DCPP FRS submitted as Attachment 7 of the LAR 11-07. Physical requirements specified 7 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 include temperature, relative humidity, pressure, radiation, seismic, electromagnetic capability, and emissions. The CS Innovations and Invensys Operations Management vendors are required to confirm the equipment meets the physical requirements in the DCPP FRS. The vendors will document the equipment meets the physical requirements in the DCPP FRS in the vendor requirements traceability matrix (RTM) in accordance with ISG-06.

During the March 21, 2012, teleconference meeting between PG&E and the NRC staff, the staff stated PG&E can respond to the Tricon V10 Safety Evaluation ASAls after the Tricon V1 0 Safety Evaluation has been issued.

NRC Item 7:

[ISG-06 Enclosure B, Item 1.16} Design Analysis Reports:

The LAR does not appear to comply with the SRP (ISG-04) regarding the connectivity of the Maintenance Work Station to the PPS. The TriStation V10 platform relies on software to effect the disconnection of the TriStation's capability to modify the safety system software. Based on the information provided in the L TR, the NRC staff determined that the Tricon V10 platform does not comply with the NRC guidance provided in ISG-04, Highly Integrated Control Rooms -

Communications Issues, (ADAMS Accession No. ML083310185), Staff Position 1, Point 10, hence the DCPP PPS configuration does not fully comply with this guidance.

In order for the NRC staff to accept this keys witch function as an acceptable deviation to this staff position, the staff will have to evaluate the DCPP PPS specific system communications control configuration--including the operation of the keys witch, the software affected by the keys witch, and any testing performed on failures of the hardware and software associated with the keyswitch. The status of the ALS platform on this matter is unclear at this time and will be resolved as the ALS L TR review is completed.

Moreover, the Tricon V10 system Operational,Mode Change (OMC) keyswitch does change operational modes of the 3008N MPs and enables the TriStation 1131 PC to change parameters, software algorithms, etc, related to the application program of the safety channel without the channel or division being in bypass or in trip. As stated in Section 3.1.3.2 of the Tricon V10 SER, the TriStation 1131 PC should not normally be connected while the Tricon V10 is operational and performing safety critical functions. However, it is physically possible for the TriStation PC to be connected at all times, and this should be strictly controlled via administrative controls (e.g., place the respective channel out of service while changing the software, parameters, etc). The LAR does not mention any administrative controls such as this to control the operation of the OMC (operational mode change) keys witch. Furthermore, in order to leave the non-safety TriStation 1131 PC attached to the SR Tricon V10 system while the key switch is in the RUN position, a 8 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 detailed FMEA of the TriStation 1131 PC system will be required to ascertain the potential effects this non-safety PC may have on the execution of the safety application program/operability of the channel or division. These issues must be addressed in order for the NRC staff to determine that the DCPP PPS complies with the NRC Staff Guidance provided in Staff Position 1, Point 11. The status of the ALS platform on this point is unclear at this time.

PG&E Response:

The Tricon main chassis OMC keyswitch controls only the mode of the V1 0 Tricon 3008N MPs. In the RUN position, the 3008N MPs ignore all commands from external devices, whether WRITE commands from external operator interfaces or program-related commands from the TriStation 1131. TriStation 1131 contains function blocks that allow WRITE-access to a limited set of parameters programmed into the application software, but only for a limited duration after which the capability is disabled until WRITE-access is re-enabled. However, without these function blocks programmed into the application program, neither the application program nor application program parameters can be modified with the Tricon keyswitch in the RUN position. Multiple hardware and software failures would have to occur on the V10 Tricon (in combination with human-performance errors in the control room and at the computer with TriStation 1131 installed) in order for the application program to be inadvertently reprogrammed. Therefore, there is no credible single failure on the V10 Tricon that would allow the safety-related application program to be inadvertently programmed, e.g., as a result of unexpected operation of the connected computer with TriStation 1131 installed on it. It is noted that the TriStation 1131 is not used to change setpoints.

If the Tricon keyswitch is not in the RUN position, an alarm is initiated on the control room Main Annunciator System and the Tricon is considered inoperable for the associated protection set as previously documented in Section 4.2.1.1 of LAR 11-07. Normally, the Tricon keyswitch is set to the RUN position and the key is removed and stored in a secure location as previously documented in Section 4.2.1.1 of LAR 11-07. The TriStation 1131 includes password security features to lessen the chance of unauthorized access as previously documented in Section 4.2.1.1 of LAR 11-07. Control of operation of the Tricon keyswitch will be included in a procedure to ensure the protection set is declared inoperable when the Tricon keyswitch is not in the RUN position.

The PPS replacement contains design features that provide means to control physical access to safety related equipment. This includes access to PPS replacement equipment which encompasses the test points and the capabilities for changing setpoints. The PPS replacement equipment is located in a controlled area secured by the plant security system in a manner that only allows authorized personnel access. This limits the means to bypass safety system functions, via access controls, to authorized plant personnel. Keys to the cabinet doors for the 9 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 cabinets that contain the TriStation 1131 PC will be maintained under the administrative control of DCPP operating staff as previously documented in Section 4.10.2.9 of LAR 11 -07.

Additional security controls that apply to the TriStation 1131 PC are security-related information per 10 CFR 2.390 and were previously submitted to the NRC staff in PG&E Letter DCL-11-123, dated December 20, 2011.

The failures associated with the Tricon keyswitch are being assessed through a failure modes and effects analysis (FMEA). The result of the FMEA is a ISG-06 Phase 2 document that will be submitted to NRC in May 2012, as previously committed in LAR 11-07. Additionally, Invensys Operations Management has committed to PG&E to support the staff's review of the hardware and software associated with the Tricon keyswitch by making all of the technical data available for audit.

NRC Item 8:

[ISG-06 Enclosure B, Item 1.21] Setpoint Methodology:

The NRC staff understands that a summary of SP (setpoint) Calculations will be provided in Phase 2, however, section 4.10.3.8 of the LAR also states that PGE plans to submit a separate LAR to adopt TSTF 493. The NRC cannot accept this dependency on an unapproved future licensing action. The staff therefore expects the licensee to submit a summary of setpoint calculations which includes a discussion of the methods used for determining as-found and as-left tolerances.

This submittal should satisfy all of the informational requirements set forth in ISG6 section 0.9.4.3.8 without a condition of TSTF 493 LAR approval PG&E Response:

The evaluation of the setpoints for the PPS replacement is being performed by Westinghouse in two phases in order to provide sufficient documentation to support 95/95 two-sided uncertainty values for the setpoints.

The first phase of the evaluation of the setpoints will include evaluation of the PPS replacement setpoints for the Tricon and AL'S architecture using expected bounding setpoint uncertainty input values. A setpoint summary evaluation of the PPS replacement related setpoints, which includes a discussion of the methods used for determining the as-found and as-left tolerances, will be submitted by May 31,2012.

This supersedes the previous commitment 31 in Attachment 1 to the Enclosure to the PPS Replacement LAR 11-07 that stated the implementation of the as-found tolerance and as-left tolerance guidance from Regulatory Issue Summary 2006-17 and TSTF-493, Revision 4, to all applicable TS setpoints would be addressed as part of a License Amendment Request for TSTF-493.

10 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 The second phase of the evaluation of the setpoints will include development of Westinghouse calculations of the PPS replacement setpoints for the Tricon and ALS architecture using sufficient information from vendors to substantiate that the setpoints are based on 95/95 two-sided uncertainty values. The Westinghouse calculations will be completed by December 31,2012, and will be available for inspection by NRC staff in Washington DC with support provided by Westinghouse setpoint group personnel.

NRC Item 9:

Licensing Topical Reporl Safety Conclusion Scope and Applicability Many imporlant sections of the DCPP PPS LAR refer the reader to the ALS licensing topical reporl (L TR) to demonstrate compliance of the system with various Clauses of IEEE 603-1991, IEEE 7-4.3.2-2003, and ISG-04. However, many imporlant sections of the ALS L TR state that compliance with various Clauses of these IEEE Stds and ISG-04 are application specific and refer the reader to an application specific license amendment submittal (i.e., the DCPP PPS LAR in this case). The staff has not yet had time to evaluate all the LAR information in detail and compare this information with that provided in the ALS L TR to ensure there is no missing information. However, PG&E and its contractors are encouraged to review these two licensing submittals promptly to verify that compliance with these IEEE Stds and ISG-04 are adequately addressed within both licensing documents.

PG&E Response:

PG&E and Westinghouse have reviewed the LAR 11-07 and the ALS topical report to verify information is provided to justify compliance with IEEE 603-1991, IEEE 7-4.3.2-2003, and ISG-04 in either the LAR or the ALS topical report. As a result of the review, it was identified that neither the LAR nor the ALS topical report contain a matrix that documents compliance with ISG-04 Table 5-4 for the DCPP ALS platform. PG&E will submit a matrix that documents compliance with ISG-04 Table 5-4 for the DCPP ALS platform by May 31, 2012.

11 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 CS Innovations document 6116-00000, "Diablo Canyon PPS Management Plan," Revision 1 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this cover sheet is decontrolled.

to the Enclosure contains Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-12-030 CS Innovations authorization letter, Affidavit #AFF6116-00053-2, including affidavit, Proprietary Information Notice, and Copyright Notice for CS Innovations document 6116-00000, "Diablo Canyon PPS Management Plan," Revision 1 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

CS Innovations, LLC 7400 E. Tierra Buena Lane, Suite 101 Scottsdale, AZ 85260 Phone: 480-567-1100 Fax: 480-315-9359 Pacific Gas & Electric Company Ken Schrader Diablo Canyon Power Plant, Bid 104/5/21 A 9 Miles NW of Avila Beach Avila Beach, CA 93424 CS Innovations A Westinghouse Electric Company March 8, 2012 Affidavit #AFF6116-00053-2 APPLICATION FOR WITHHOLDING PROPRIETARY INFORMATION FROM PUBLIC DISCLOSURE

Subject:

1) 6116-00000, Revision 1, "Diablo Canyon PPS Management Plan" (Proprietary)

Reference:

Letter from Scott Roberts to PG&E, 6116-00053, dated March 8, 2012 The Application for Withholding Proprietary Information from Public Disclosure is submitted by CS Innovations, LLC, a wholly-owned subsidiary of Westinghouse Electric Company LLC (Westinghouse),

pursuant to the provisions of paragraph (b)(l) of Section 2.390 of the Commission's regulations. It contains commercial strategic information proprietary to Westinghouse and customarily held in confidence.

The proprietary information for which withholding is being requested is contained in the documents identified in the Reference. In conformance with 10 CFR Section 2.390, Affidavit AFF6116-00053-2 accompanies this application for withholding, setting forth the basis on which the identified proprietary information may be withheld from public disclosure.

The documents identified in the Reference were prepared as Proprietary, and CS Innovations requests that they be considered proprietary in their entirety. CS Innovations does not plan to submit non-proprietary versions of these documents due to their extensive proprietary content. Non-proprietary versions would be of no value to the public.

It is respectfully requested that the subject information which is proprietary to CS Innovations be withheld from public disclosure in accordance with 10 CFR Section 2.390 of the Commission's regulations.

CS Innovations, LLC 7400 E. Tierra Buena Lane, Suite 101 Scottsdale, AZ 85260 Phone: 480-567-1100 Fax: 480-315-9359 CS Innovations A Westinghouse Electric Company March 8, 2012 Affidavit #AFF6116-00053-2 Correspondence with respect to the proprietary aspects of the application for withholding or the accompanying affidavit should reference AFF6116-00053-2 and should be addressed to Scott Roberts, Director, CS Innovations, LLC, 7400 E Tierra Buena Lane, Suite 101, Scottsdale, AZ 85260-1795.

Enclosures Very truly yours, Scott Roberts, President CS Innovations

AFF6116-00053-2 AFFIDAVIT STATE OF ARIZONA:

COUNTY OF MARICOPA:

Before me, the undersigned authority, personally appeared Scott Roberts, who, being by me duly sworn according to law, deposes and says that he is authorized to execute this Affidavit on behalf of CS Innovations, LLC, a wholly-owned subsidiary of Westinghouse Electric Company LLC (Westinghouse), and that the averments of fact set forth in this Affidavit are true and correct to the best of his knowledge, information, and belief:

Sworn to and subscribed before me OFFICIAL SEAL JAMES GULLEY Notary Public* State of Arizona MARICOPA COUNTY Comm. Expires May ", 2013 Scott Roberts, President CS Innovations

2 AFF6116-00053-2 (1)

I am President, CS Innovations, LLC, and as such, I have been specifically delegated the function of reviewing the proprietary information sought to be withheld from public disclosure in connection with nuclear power plant licensing and rule making proceedings, and am authorized to apply for its withholding on behalf of CS Innovations.

(2)

I am making this Affidavit in conformance with the provisions of 10 CFR Section 2.390 of the Commission's regulations and in conjunction with the CS Innovations Application for Withholding Proprietary Information from Public Disclosure accompanying this Affidavit.

(3)

I have personal knowledge of the criteria and procedures utilized by CS Innovations in designating information as a trade secret, privileged or as confidential commercial or financial information.

(4)

Pursuant to the provisions of paragraph (b)(4) of Section 2.390 of the Commission's regulations, the following is furnished for consideration by the Commission in determining whether the information sought to be withheld from public disclosure should be withheld.

(i)

The information sought to be withheld from public disclosure is owned and has been held in confidence by CS Innovations.

(ii)

The information is of a type customarily held in confidence by CS Innovations and not customarily disclosed to the pUblic. CS Innovations has a rational basis for determining the types of information customarily held in confidence by it and, in that connection, utilizes a system to determine when and whether to hold certain types of information in confidence. The application of that system and the substance of that system constitutes CS Innovations policy and provides the rational basis required.

Under that system, information is held in confidence if it falls in one or more of several types, the release of which might result in the loss of an existing or potential competitive advantage, as follows:

( a)

The information reveals the distinguishing aspects of a process (or component, structure, tool, method, etc.) where prevention of its use by any of

3 AFF6116-00053-2 CS Innovations' competitors without license from CS Innovations constitutes a competitive economic advantage over other companies.

(b)

It consists of supporting data, including test data, relative to a process (or component, structure, tool, method, etc.), the application of which data secures a competitive economic advantage, e.g., by optimization or improved marketability.

( c )

Its use by a competitor would reduce his expenditure of resources or improve his competitive position in the design, manufacture, shipment, installation, assurance of quality, or licensing a similar product.

(d)

It reveals cost or price information, production capacities, budget levels, or commercial strategies of CS Innovations, its customers or suppliers.

(e)

It reveals aspects of past, present, or future CS Innovations or customer funded development plans and programs of potential commercial value to CS Innovations.

(f)

It contains patentable ideas, for which patent protection may be desirable.

There are sound policy reasons behind the CS Innovations system which include the following:

(a)

The use of such information by CS Innovations gives CS Innovations a competitive advantage over its competitors. It is, therefore, withheld from disclosure to protect the CS Innovations competitive position.

(b)

It is information that is marketable in many ways. The extent to which such information is available to competitors diminishes the CS Innovations ability to sell products and services involving the use of the information.

( c )

Use by our competitor would put CS Innovations at a competitive disadvantage by reducing his expenditure of resources at our expense.

4 AFF6116-00053-2 (d)

Each component of proprietary information pertinent to a particular competitive advantage is potentially as valuable as the total competitive advantage. If competitors acquire components of proprietary information, anyone component may be the key to the entire puzzle, thereby depriving CS Innovations of a competitive advantage.

(e)

Unrestricted disclosure would jeopardize the position of prominence of CS Innovations in the world market, and thereby give a market advantage to the competition of those countries.

(t)

The CS Innovations capacity to invest corporate assets in research and development depends upon the success in obtaining and maintaining a competitive advantage.

(iii)

The information is being transmitted to the Commission in confidence and, under the provisions of 10 CFR Section 2.390, it is to be received in confidence by the Commission.

(iv)

The information sought to be protected is not available in public sources or available information has not been previously employed in the same original manner or method to the best of our knowledge and belief.

(v)

The proprietary information sought to be withheld in this submittal is that which is contained in the following documents being submitted to the Commission.

1) 6116-00000, Revision 1, "Diablo Canyon PPS Management Plan" (Proprietary)

These documents are being transmitted by CS Innovations letter, 6116-00053, and Application for Withholding Proprietary Information from Public Disclosure, to the Document Control Desk. The proprietary information as submitted by CS Innovations is submitted in support of Pacific Gas & Electric Company's intention to submit a license amendment request for a digital upgrade of the Diablo Canyon Power Plant Reactor Trip System and Engineered Safety Features Actuation System, and may be used only for that purpose.

PROPRIETARY INFORMATION NOTICE Transmitted herewith is the proprietary version of documents furnished to the NRC in connection with requests for generic and/or plant-specific review and approval. The documents are to be considered proprietary in their entirety.

COPYRIGHT NOTICE The documents transmitted herewith bear a CS Innovations copyright notice. CS Innovations is a wholly-owned subsidiary of Westinghouse. The NRC is permitted to make the number of copies of the information contained in these documents which is necessary for its internal use in connection with generic and plant-specific reviews and approvals as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by Westinghouse, copyright protection notwithstanding.

Copies made by the NRC must include the copyright notice in all instances and the proprietary notice if the original was identified as proprietary.

to the Enclosure contains Proprietary Information-Withhold Under 10 CFR 2.390 List of Regulatory Commitments Commitment 1 Enclosure PG&E Letter DCL-12-030 The ALS response time will be verified as part of the FAT and the results will be included in the FAT summary report to be submitted by December 2012.

Commitment 2 The time response calculation for the V1 0 Tricon PPS Replacement architecture will be submitted by April 16, 2012.

Commitment 3 The Tricon response time will be verified as part of the FAT and the results will be documented in the System Response Time Confirmation Report, 993754-1-818, that will be submitted to the staff as part of the ISG-06 Phase 2 submittals at the completion

. of factory acceptance testing of the V1 0 Tricon PPS Replacement.

Commitment 4 PG&E will develop a Software Configuration Management Plan (SCMP) procedure to address configuration control after shipment of equipment from the vendor and will submit the document by May 31,2012.

Commitment 5 Control of operation of the Tricon keyswitch will be included in a procedure to ensure the protection set is declared inoperable when the Tricon keyswitch is not in the RUN position.

Commitment 6 Setpoint evaluations and calculations are being performed by Westinghouse for the PPS replacement. A setpoint summary evaluation considering the Tricon V1 0 will be submitted by May 31,2012 and setpoint calculations will be completed by December 31,2012 and will be available for inspection by NRC staff in Washington DC.

Commitment 7 PG&E will submit a matrix that documents compliance with ISG-04 Table 5-4 for the DCPP ALS platform by May 31, 2012.

1 to the Enclosure contains Proprietary Information When separated from Attachment 1 to the Enclosure, this document is decontrolled.

Retrieved from "https://kanterella.com/w/index.php?title=DCL-12-030,_Response_to_Items_Contained_in_NRC_Acceptance_Review_of_License_Amendment_Request_for_Digital_Process_Protection_System_Replacement&oldid=5261701"