ML12200A127
| ML12200A127 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 08/02/2012 |
| From: | Joseph Sebrosky Plant Licensing Branch IV |
| To: | |
| Sebrosky J | |
| References | |
| TAC ME7522, TAC ME7523 | |
| Download: ML12200A127 (57) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 August 2, 2012 LICENSEE:
Pacific Gas and Electric Company FACILITY:
Diablo Canyon Power Plant, Unit Nos. 1 and 2
SUBJECT:
SUMMARY
OF JULY 11, 2012, TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY ON DIGITAL REPLACEMENT OF THE PROCESS PROTECTION SYSTEM PORTION OF THE REACTOR TRIP SYSTEM AND ENGINEERED SAFETY FEATURES ACTUATION SYSTEM AT DIABLO CANYON POWER PLANT (TAC NOS. ME7522 AND ME7523)
On July 11,2012, a Category 1 teleconference public meeting was held between the U.S. Nuclear Regulatory Commission (NRC) and representatives of Pacific Gas and Electric Company (PG&E, the licensee) at NRC Headquarters, One White Flint North, 11555 Rockville, Maryland. The purpose of the teleconference meeting was to discuss the license amendment request (LAR) submitted by PG&E on October 26, 2011, for the Digital Replacement of the Process Protection System (PPS) Portion of the Reactor Trip System and Engineered Safety Features Actuation System at Diablo Canyon Power Plant, Unit Nos. 1 and 2 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML113070457). A list of attendees is provided in Enclosure 1.
The teleconference meeting is one in a series of publicly noticed teleconference meetings to be held periodically to discuss issues associated with the NRC staff's LAR review. Preliminary issues that the NRC staff identified during the initial review, and the licensee's responses to these preliminary issues, were discussed during the teleconference meeting. The list of preliminary issues is provided in Enclosure 2. Enclosure 3 provides an updated status of the project plan for the review of the LAR that was discussed during the meeting and subsequently provided to the licensee. Enclosure 4 provides a cross reference of the Phase 2 documents that are being submitted to support the review and how these documents address the items found in Digital Instrumentation and Controls (DI&C)-ISG-06, "Task Working Group #6:
Licensing Process, Interim Staff Guidance, Revision 1," dated January 19,2011 (ADAMS Accession No. ML110140103).
The NRC staff and licensee confirmed that the next meeting on this topic would be held on August 22, 2012. There were several action items associated with the meeting. Specifically, the NRC took the following as action items:
Issue requests for additional information (RAls) associated with the Phase 1 documentation that the NRC staff has reviewed and schedule a clarification phone call, if necessary, with PG&E prior to issuing the RAls formally.
Arrange a phone call with Westinghouse to discuss the Advanced Logic Systems (ALS) schedule for issuing the topical report safety evaluation report (SER) that is referenced in the PG&E LAR. The purpose of the phone call is to determine
-2 the schedule for the completion of this review and identify what effect, if any, the ALS topic report SER schedule will have on the PG&E LAR review.
Provide the updated project plan for the review of the LAR. The updated project plan was subsequently provided to PG&E (see Enclosure 3).
Determine if cyber security RAls are necessary and, if so, develop these RAls and provide them to PG&E.
Review PG&E's submittal dated December 20, 2011 (ADAMS Accession No. ML113610541), that provides security-related information to support the PPS LAR, and keep PG&E informed regarding the status of the cyber security review.
The following discussions led to PG&E action items:
PG&E informed the staff that several Phase 2 documents that it intended to provide by the end of July 2012 would be delayed. PG&E indicated that some of the Phase 2 documents would be provided in the August time frame with others being provided in early September. The NRC staff indicated that it would review the documents when they became available and update the project plan as appropriate. The staff requested that PG&E provide a matrix for phase 2 documents similar to what was done for the phase 1 documents in accordance with DI&C-ISG-06. This matrix was provided subsequent to the meeting and is provided as Enclosure 4 of this summary During the meeting, PG&E provided a discussion of a design change that was under consideration. In previous meetings, in response to items 16, 17, and 22 found in Enclosure 2, PG&E had provided a discussion of how the PPS factory acceptance testing (FAT) would be performed. The NRC staff expressed concern about how the testing would be performed given that the ALS and the Invensys Operations Management Tricon (Tricon) portions of the PPS shared a maintenance workstation. PG&E indicated that it was considering a design change such that the ALS and Tricon systems would have their own maintenance workstation, which could alleviate some of the NRC's concerns about how the FAT would be performed. The staff indicated at a high level the approach sounded viable, however, the staff would need to review the details of the design to ensure that there was not a capability to have the ALS and Tricon systems interconnected. If such an interconnection was possible, some type of integrated testing would be needed. PG&E indicated that it would consider the staff's feedback and how to implement such a change if it decided to pursue such a design change.
- 3 Please direct any inquiries to me at 301-415-1132 or at.::..Jo::;:c:~==:..:=~:r...:;&J~:;.z' Docket Nos. 50-275 and 50-323
Enclosures:
- 1. List of attendees
- 2. Staff identified issues
- 3. Project Plan
- 4. ISG-6 matrix for Phase 2 documents cc w/encls: Distribution via Listserv
LIST OF ATTENDEES JULY 11. 2012. TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY REGARDING DIABLO CANYON POWER PLANT DIGITAL UPGRADE DOCKET NOS. 50-273 AND 50-323 NAME Ken Schrader Scott Patterson John Hefler R. Lint J. Rengepis E. Quinn J. Basso W. Odess-Gillet Roman Shaffer Rich Stattel Bill Kemper Rossnyev Alvarado Darryl Parsons Joe Sebrosky Shiattin Makor Gordon Clefton ORGANIZATION Pacific Gas and Electric Pacific Gas and Electric Altran Altran Altran Altran Westinghouse Westinghouse InvensyslTriconex U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission Nuclear Energy Institute
I July 10, 12 DCPP PPS Open Item Summary Table No SrC/RI 001 AR (80)
I Issue Description P&GE response:
[ISG-06 Enclosure 8, Item 1.3] Deterministic Nature of Software:
The Diablo Canyon Specific Application should identify the board access sequence and provide corresponding analysis associated with digital response time performance. This analysis should be of sufficient detail to enable the NRC staff to determine that the logic-cycle; I
I I
I Specification", Section 7.5, identifies the ALS board access sequence and I
provides an analysis associated with digital response time performance.
I
- a.
The Diablo Canyon PPS ALS system is configured in accordance with the qualification requirements of the ALS platform topical report,
- b.
The analysis in Diablo Canyon PPS document 6116-00011, "ALS I
I System Design Specification", Section 7, describes a logic cycle that is deterministic.
I
- c.
The requirements for the response time of the PPS processing instrumentation (from input conditioner to conditioned output signal) is specified as not to exceed 0.409 seconds in Section 3.2.1.10 of the "Diablo Canyon Power Plant Units 1 & 2 Process Protection System Replacement I
Functional Requirements Specification (FRS)", Revision 4 submitted as IAttachment 7 of the LAR. In Section 1.5.8 of the "Diablo Canyon Power Plant Units 1 & 2 Process Protection System Replacement Interface j Requirements Specification (IRS)", Revision 4, submitted as Attachment 8 of the LAR, the 0.409 seconds PPS processing instrumentation response time
- a. has been implemented in conformance with the ALS Topical Report design basis,
- b. is deterministic, and
- c. the response time is derived from plant safety analysis performance requirements and in full consideration of communication errors that have been observed during equipment qualification.
As stated in the LAR, information pertaining to response time performance will be submitted as a Phase 2 document. Please ensure this matter is addressed accordingly.
P&GE response:
ALS Diablo Canyon PPS document 6116-00011, "ALS System Design Status RAI No.
RAI (Date Sent)
Response
(Due Date)
Closed RAII# 19 I
1 I
I I
I I I I
I I
j I
Page 1 of 43 Comments 4/18/2011 - Staff reviewed time response calc on share point and agrees that this is the correct information to support the SE.
Requested that these calcs be docketed.
Response
received April 2, 29,2012. Staff will review and discuss further if needed at subsequent telecom meeting.
Response
acceptable; waiting on PG&E to provide the time response calculation for the V10 Tricon PPS Replacement architecture by April 16, 2012.
I
July 10, 12 DCPP PPS Open Item Summary Table Page 2 of 43 I
I I
I 1
1 I
No SrclRI Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments is allocated between the ALS and Tricon as follows:
ALS: 175 ms for RTD processing Tricon: 200 ms Contingency: 34 ms The 0.409 seconds PPS processing instrumentation value is the same as the value that is currently allocated to PPS processing instrumentation. As long as the 0.409 second PPS processing instrumentation value is not exceeded, the total response time values assumed in the plant safety analyses contained in FSAR Table 15.1-2 will not be exceeded; 7 seconds for Overtemperature tlT RT and Overpower tlT RT functions, 2 seconds for High pressurizer pressure RT, Low pressurizer pressure RT, and Low Low SG water level RT functions, 1 second for Low reactor coolant flow RT function, 25 seconds for Low pressurizer pressure, High containment pressure, and Low steam line pressure Safety Injection initiation, 60 seconds for Low low SG water level auxiliary feedwater initiation, 18 seconds for High containment pressure, Low pressurizer pressure, and Low steam line pressure Phase A containment isolation, 48.5 seconds for High High containment pressure containment spray initiation, 7 seconds for High High containment pressure steam line isolation, 66 seconds for High High SG water level auxiliary feedwater isolation, and 8 seconds for Low steam line pressure steam line isolation.
The ALS response time will be verified as part of the FAT and the results will be included in the FAT summary report to be submitted by 12/31/12.
Tricon Invensys provided detailed information on the deterministic operation of the V10 Tricon in Invensys Letter No. NRC V10-11-001, dated January 5,2011.
In support of the V10 Tricon safety evaluation, Invensys submitted document 9600164-731, Maximum Response Time Calculations. describing the worst-case response time for the V10 Tricon Qualification System. Included in document 9600164-731 are the standard equations for calculating worst-case response time of a given V10 Tricon configuration. The time response calculation for the V10 Tricon PPS Replacement architecture was submitted on April 30, 2012. The System Response Time Confirmation Report.
993754-1-818, will be submitted to the staff as part of the ISG-06 Phase 2 submittals at the completion of factory acceptance testing of the V1 0 Tricon PPS Replacement.
Response time calc received Letter:
Calc:
July 10, 12 DCPP PPS Open Item Summary Table Page 30f43 Status RA/
P&GE response:
RAI No.
Comments (Date Sent)
No SrclRI IIssue Description
Response
(Due Date)
The Tricon response time will be verified as part of the FAT and the results will be included in the FAT summary report to be submitted by 12/31/12.
Licensee representatives stated that PG&E will provide the I
Tricon Time response calc's in a document submitted on the docket.
[ISG-06 Enclosure B, Item 1.4]
Closed 4/23/2011 - Staff I
(RA)
Software Management Plan: Regulatory Guide (RG) 1.168, Revision 1, has confirmed that I "Verification, Validation, Reviews and Audits for Digital Computer Software the new version of Used in Safety Systems of Nuclear Power Plants," dated February 2004 the ALS SWP is endorses IEEE (Institute of Electrical and Electronics Engineers) 1012-1998, available for review "IEEE Standard for Software Verification and Validation," and IEEE 1028 1997,"IEEE Standard for Software Reviews and Audits," with the exceptions
Response
stated in the Regulatory Position of RG 1.168. RG 1.168 describes a method received April 2, acceptable to the NRC staff for complying with parts of the NRC's regulations 29, 2012. Staff will for promoting high functional reliability and design quality in software used in review and discuss safety systems. Standard Review Plan(SRP) Table 7-1 and Appendix 7.1-A further if needed at identify Regulatory Guide 1.168 as SRP acceptance criteria for reactor trip subsequent systems (RTS) and for engineered safety features telecom meeting.
(Kemper 4/12/12)
Figure 2-2, shows the Verification and Validation (V&V) organization Westinghouse/ALS 6116-00000 Diablo Canyon PPS Management Plan,
Response
reporting to the Project Manager. This is inconsistent with the information acceptable; the described in the ALS Management Plan for the generiC system platform, staff received the where the V&V organization is independent form the Project Manager. This
July 10, 12 DCPP PPS Open Item Summary Table Page 4 of 43 No SrciR/
Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments is also inconsistent with the criteria of RG 1.168 and will need to be reconciled during the LAR and AlS l TR reviews.
revised W/AlS PPS MP on April 2, 2012 and will review for consistency with RG 1.168.
P&GE response:
AlS The PPS Replacement LAR referenced Westinghouse document 6116 00000 Diablo Canyon PPS Management Plan, dated July 25, 2011, that was based on CSI document 6002-00003 AlS Verification and Validation Plan, Revision 4. CS Innovations subsequently submitted a revised V&V plan, "6002-00003 AlS Verification and Validation Plan", Revision 5, on November 11, 2011, that revised the required V&V organization structure such that the management of the verification personnel is separate and independent of the management of the development personnel. The Westinghouse 6116-00000 Diablo Canyon PPS Management Plan was revised to require a V&V organization structure in which the management of the verification personnel is separate and independent of the management of the development personnel. PG&E submitted the revised Westinghouse 6116-00000 Diablo Canyon PPS Management Plan, Revision 1, document on April 2, 2012.
[ISG-06 Enclosure B, Item 1.9]
Software V&V Plan: The AlS V&V plan states that Project Manager of the supplier is responsible for providing directions during implementation of V&V activities. Also, the organization chart in the Diablo Canyon PPS Management Plan shows the IW manager reporting to the PM.
Closed N/A
Response
received April 2, 2012. Staff will review and discuss further if needed at The AlS V&V plan described in ISG-6 matrix for the AlS platform and the Diablo Canyon PPS Management Plan do not provide sufficient information about the activities to be performed during V&V. For example, the AlS V&V Plan states that for project specific systems, V&V activities are determined on a project by project basis and are described in the project Management Plan, in this case, 6116-00000, "Diablo Canyon PPS Management Plan."
However, the 6116-00000 Diablo Canyon PPS Management Plan states:
"See the AlS V& V Plan for more information and the interface between the IV&V team and the PPS Replacement project team."
subsequent telecom meeting.
Status: Fig. 3 of the PPS SWP (Pg.
16/46) indicates sufficient organizational
July 10, 12 DCPP PPS Open Item Summary Table Page 5 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments The Triconex V&V plan states that the Engineering Project Plan defines the scope for V&V activities. As mentioned before, the Triconex EPP is not listed in the ISG-6 matrix.
These items will need further clarification during the LAR review to demonstrate compliance with Regulatory Guide (RG) 1.168, Revision 1, "Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants,"
independence between the Nuclear Delivery (Design)
Organization and the IV&V Organization.
Fig. 3 of the PPS PMP (993754-1 905) (pg. 22/81) also denotes the DCPP PPS project organization, and provides sufficient independence between the NO and IV&V Organizations.
Closethelnvensys part of the 01.
P&GE response:
ALS The Westinghouse 6116-00000 Diablo Canyon PPS Management Plan was revised to include details on how the IV&V team has an independent organizational reporting structure from the design and implementation team; the Scottsdale Operations Director and the ALS Platform & Systems Director report to different Westinghouse Vice Presidents. The IW Manager and Scottsdale Operations Director both report to the same Westinghouse Vice President, but via independent reporting structures.
Description of 6116-00000 Diablo Canyon PPS Management Plan V&Vwas also revised to add information on the activities being performed for the V&V.
PG&E submitted the revised Westinghouse 6116-00000 Diablo Canyon PPS Management Plan that includes the above changes on April 2, 2012.
Tricon The organizational structure of Invensys Operations Management comprises, in part, Engineering and Nuclear Delivery. Each of these organizations plays a specific role in the V10 Tricon application project life cycle. Invensys Engineering is responsible for designing and maintaining the V1 0 Tricon platform, and Nuclear Delivery is responsible for working with nuclear customers on safety-related V1 0 Tricon system integration projects.
Invensys Engineering department procedures require "Engineering Project Plans (EPP)," whereas Nuclear Delivery department procedures require "Project Plans." Invensys Engineering is not directly involved in system W/ALS response acceptable; (Kemper 4/12/12) the staff received the revised W/ALS PPS MP on April 2, 2012 and will review for
July 10, 12 DCPP PPS Open Item Summary Table Page 6 of 43 No SrclRI Issue Description P&GE response:
integration, but Nuclear Delivery may consult with Engineering on technical issues related to the V1 0 Tricon platform.
The NRC applied ISG-06 to the V10 Tricon safety evaluation. Invensys submitted a number of documents pertaining to the design of the V10 Tricon platform as well as process and procedure documents governing Invensys Engineering activities, including the EPP. In most cases, these platform-related documents are preceded with document number 9600164. The platform-level documents reviewed by the staff during the V1 0 Tricon safety evaluation will not be resubmitted by Nuclear Delivery during application-specific system integration projects.
In support of the PG&E LAR for the DCPP PPS Replacement, Invensys Nuclear Delivery is required to submit the application design documents as defined in ISG-06. These project documents are preceded by document number 993754. The Phase 1 submittal under Invensys Project Letter 993754-026T, dated October 26, 2011, contained, in part, the following:
PPS Replacement Project Management Plan (PMP), 993754-1-905. "Project Management Plan" was used to more closely match BTP 7-14 with regard to "management plans"; and PPS Replacement Software Verification and Validation Plan (SWP),
993754-1-802.
The PMP describes the PPS Replacement Project management activities within the Invensys scope of supply. The guidance documents BTP 7-14 and NUREG/CR-6101 were used as input during development of the PMP.
With regard to compliance with RG 1.168, the PPS Replacement PMP and SWP both describe the organizational structure and interfaces of the PPS Replacement Project. The documents describe the Nuclear Delivery (NO) design team structure and responsibilities, the Nuclear Independent Verification and Validation (IV&V) team structure and responsibilities, the interfaces between NO and Nuclear IV&V, lines of reporting, and degree of independence between NO and Nuclear IV&V. In addition, the PMP describes organizational boundaries between Invensys and the other Status RAI No.
RAI Comments (Date Sent)
Response
(Due Date) consistency with RG 1.168.
Status: Fig. 3 of the PPS SWP (Pg.
16/46) indicates sufficient organizational independence between the Nuclear Delivery (Design)
Organization and the IV&V Organization.
Fig. 3 of the PPS PMP (993754-1 905) (pg. 22/81) also denotes the DCPP PPS project I organization, and provides sufficient independence between the NO and IV&V Organizations.
Close the Invensys part of the 01.
July 10, 12 DCPP PPS Open Item Summary Table Page 7 of 43 No SrclRl Issue Description P&GE response:
external entities involved in the PPS Replacement project: PG&E. Altran.
Westinghouse. and Invensys suppliers. The combination of the PMP and SWP demonstrate compliance of the Invensys organization with RG 1.168.
Status RAJ No.
(Date Sent)
RA/
Response
(Due Date)
Comments
-~
[ISG-06 Enclosure B, Item 1.10]
Software Configuration Management Plan: The LAR includes PG&E CF2.ID2, "Software Configuration Management for Plant Operations and Operations Support," in Attachment 12. However, the document provided in 2 only provides a guideline for preparing Software Configuration Management (SCM) and SQA plans. Though it is understood that the licensee will not perform development of software. PGE personnel will become responsible for maintaining configuration control over software upon delivery from the vendor.
The staff requires the actual plan to be used by the licensee for maintaining configuration control over PPS software in order to evaluate against the acceptance criteria of the SRP. For example, the ALS Configuration Management (CM) Plan (6002-00002) describes initial design activities related to ALS generic boards. This plan does describe the configuration management activities to be used for the development and application of the ALS platform for the Diablo Canyon PPS System. The staff requires that configuration management for this design be described in the DCPP project specific plan. These items will need further clarification during the LAR review to demonstrate compliance with BTP-14.
Closed N/A (Kemper 4-12-12)
Response
received April 2, 2012. Staff will review the PG&E SyCMP procedure when it arrives on May 31, 2012.
Alvarado (6/13/12):
PG&E placed a copy of their SyCMP SCM 36-01 in its SharePoint.
The staff will review this information and identify questions, if necessary.
P&GE response:
PG&E developed a SCMP procedure to address configuration control after shipment of equipment from the vendor and submitted the SCMP on June 6, 2012, in Attachment 4 to the Enclosure of PG&E Letter DCL-12-050.
July 10, 12 DCPP PPS Open Item Summary Table Page 8 of 43 No SrclRI Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments 5
[ISG-06 Enclosure B, Item 1.11]
Software Test Plan: The V10 platform documents identified in ISG6 matrix state that the interface between the NGIO (Next Generation Input Output)
Core Software and 10-specific software will not be tested. It is not clear when and how this interface will be tested, and why this test is not part of the software unit testing and integration testing activities.
Further, the 993754-1-813 Diablo Canyon Triconex PPS Validation Test Plan states that the DCPP's TSAP will not be loaded on the system; instead Triconex will use another TSAP for the validation test. It is not clear why the DCPP's TSAP will not be used for the validation test or when the DCPP's TSAP will be loaded on the system and validated for the Diablo Canyon PPS System. These items will need further clarification during the LAR review to demonstrate compliance with BTP-14.
Closed N/A
Response
I received April 2, 29, 2012. Staff will review and discuss further if needed at subsequent telecom meeting.
Tricon Next Generation Input Output (NGIO)
Core software is tested and qualified as a platform component. As such, it does not need to be separately tested during the application development process.
TSAP is a Test Specimen Application Program used for purposes of platform qualification.
P&GE response:
Tricon The next-generation input/output (I/O) modules qualified for the V1 0 Tricon are the 3721N 4-20 mA, 32-point analog input (AI) module, and the 3625N 24 Vdc, 32-point digital output (DO) module. Technical data on these two modules was provided to the NRC in support of the V10 Tricon safety evaluation. Configuration and functional testing is performed when the 110 modules (hardware and embedded core firmware) are manufactured. From the factory the I/O modules are shipped to Invensys Nuclear Delivery for use in nuclear system integration projects, Le., application specific configurations.
Because the module hardware and embedded core firmware are within the scope of the V10 Tricon safety evaluation, the verification and validation of the embedded core firmware will not be repeated as part of application-specific system integration projects.
There are certain design items that must be done with TriStation 1131 (TS1131). such as specifying which 110 module is installed in a particular
July 10, 12 DCPP PPS Open Item Summary Table Page 9 of 43 No Src/RI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments physical slot of the Tricon chassis, resulting in each module having a unique hardware address in the system. Also, TS1131 is used to specify which application program parameters (Le., program variable tagnames) are assigned to a particular point on a given I/O module. The design items configured in TS1131 will be within the scope of validation activities conducted by Invensys Nuclear IV&V for application-specific system integration projects. The necessary collateral (system build documents, configuration tables, test procedures, test results, etc.) will be submitted to the NRC to support the staff's technical review of the PPS Replacement LAR in accordance with ISG-06.
The Phase 1 submittal under Invensys Project Letter 993754-026T, dated October 26, 2011, contained, in part, the Validation Test Plan (VTP), 993754 1-813. This document describes the scope, approach, and resources of the testing activities that are required for validation testing of the V1 0 Tricon portion of the PPS Replacement, including:
Preparing for and conducting system integration tests Defining technical inputs to validation planning Defining the test tools and environment necessary for system validation testing Scheduling (and resource loading of the schedule)
Section 1.3.2 of the VTP describes the Hardware Validation Test activities and Section 1.3.3 of the VTP describes the V10 Tricon portion of the Factory Acceptance Test activities for the V10 Tricon portion of the PPS Replacement. Details on the application program are proprietary and need to be provided to the staff separately.
Invensys stated that The Diablo Canyon Application will be loaded onto plant system hardware during FAT.
Staff re-examined Invensys doc.
"Validation Test Plan (VTP),
993754-1-813,"
Section 1.3.2 of the VTP that describes the Hardware Validation Test activities and Section 1.3.3 of the VTP and determined that the application program TSAP will be used for the FAT (Section 5.1.5 FAT)
Close this portion of the 01.
I July 10, 12 DCPP PPS Open Item Summary Table Page 10 of 43 No 6
7 SrC/RI Issue Description P&GE response:
[ISG-06 Enclosure B, Item 1.14]
(SM)
Equipment Qualification Testing Plans - The LAR Sections 4.6,4.10.2.4 and 4.11.1.2 provide little information on the plant specific application environmental factors. The Tricon V10 Safety Evaluation, ML11298A246, Section 6.2 lists 19 application specific actions Items (ASAI's) that the licensee should address for plant specific applications. The licensee should address each of these for Tricon portion of the PPS replacement. Similar information for the ALS portion of the PPS replacement will also be required.
P&GE response:
ALS PG&E will respond to ALS ASAl's when they are available.
Tricon IN PROGRESS. All of the Application Specific Action Items will be addressed by March 21,2012.
[ISG-06 Enclosure B, Item 1.16]
(BK)
Design Analysis Reports: The LAR does not appear to comply with the SRP (lSG-04) regarding the connectivity of the Maintenance Work Station to the PPS. The TriStation V10 platform relies on software to effect the disconnection of the TriStation's capability to modify the safety system software. Based on the information provided in the L TR, the NRC staff determined that the Tricon V10 platform does not comply with the NRC guidance provided in ISG-04, Highly Integrated Control Rooms-Communications Issues, (ADAMS Accession No. ML083310185), Staff Position 1, Point 10, hence the DCPP PPS configuration does not fully 1comply with this guidance.
In order for the NRC staff to accept this keyswitch function as an acceptable Status Closed Closed RAJ No.
(Date Sent)
Develop a generic RAI to provide a response to ASAls for both platforms when the SERs are issued.
RA#01 Drafted RAI # 17
&18 to obtain an answer I report to address this topic.
Response
(Due Date)
Comments
Response
received April 2, 29, 2012. Staff will review and discuss further if needed at subsequent telecom meeting.
Staff agreed that PG&E should submit a separate submittal (LAR amendment) to address the ASAls for both platforms.
it is not necessary to delineate exactly what will be done for each ASAI in this 01 matrix.
(Kemper 4-12-12)
Response
received April 2, 29, 2012. Staff reviewed this item and still need additional information to close this item. The staff will need to review this item further during an NRC
July 10, 12 DCPP PPS Open Item Summary Table Page 11 of 43 No SrclRJ Jssue Description Status P&GE response:
RAJ No.
RAJ Comments (Date Sent)
Response
(Due Date) deviation to this staff position, the staff will have to evaluate the DCPP PPS audit at the specific system communications control configuration--including the Invensys facility.
operation of the keyswitch, the software affected by the keyswitch, and any All the items noted testing performed on failures of the hardware and software associated with below will be the the keyswitch. The status of the ALS platform on this matter is unclear at this scope of the audit.
time and will be resolved as the ALS L TR review is completed.
3/21/12 update: it Moreover, the Tricon V10 system Operational Mode Change (OMC) was agreed that keyswitch does change operational modes of the 3008N MPs and enables PG&E/lnvensys the TriStation 1131 PC to change parameters, software algorithms, etc, and related to the application program of the safety channel without the channel PG&ElWestinghou or division being in bypass or in trip. As stated in Section 3.1.3.2 of the Tricon se/CSI would V10 SER, the TriStation 1131 PC should not normally be connected while the Tricon V10 is operational and performing safety critical functions.
provide a report However, it is physically possible for the TriStation PC to be connected at aI/
(LAR supplement) times, and this should be strictly controlled via administrative controls (e.g.,
to explain how place the respective channel out of service while changing the software, these two issues parameters, etc). The LAR does not mention any administrative controls will be resolved and I such as this to control the operation of the OMC (operational mode change) submit to NRC keyswitch. Furthermore, in order to leave the non-safety TriStation 1131 PC Date to be provided attached to the SR Tricon V10 system while the key switch is in the RUN position, a detailed FMEA of the TriStation 1131 PC system will be required TBD.
to ascertain the potential effects this non-safety PC may have on the execution of the safety application program/operability of the channel or Waiting for the V1 0 division. These issues must be addressed in order for the NRC staff to Tricon portion of determine that the DCPP PPS complies with the NRC Staff Guidance the PPS provided in Staff Position 1, Point 11. The status of the ALS platform on this Replacement point is unclear at this time.
Failure Modes and P&GE response:
Effects Analysis, an Tricon ISG-06 Phase 2 The OMC keyswitch controls only the mode of the V10 Tricon 3008N MPs.
document to be In RUN position the 3008N MPs ignore* all commands from external devices, submitted to NRC whether WRITE commands from external operator interfaces or program-in May 2012.
related commands from TS1131.
I
July 10, 12 DCPP PPS Open Item Summary Table Page 12 of 43 No SrciR/
Issue Description P&GE response:
Status RAI No.
(Date Sent)
RA/
Response
(Due Date)
Comments The keyswitch is a four-position, three-ganged switch so that the three Main Processor (MP) modules can monitor the position of the switch independently. The Operating System Executive (ETSX) executing on the MP application processor monitors the position of the keyswitch. The three MPs vote the position of the keyswitch. The voted position of the keyswitch is available as a read-only system variable that can be monitored by the 3121/12 Update:
PG&E/lnvensys needs to provide a technical explanation of how the MP3008N TSAP. This allows alarming the keyswitch position when it is taken out of the RUN position. TS1131 messages to and from the Tricon (i.e., ETSX executing on the MPs) are of a defined format. TS1131 messages for control program (i.e., TSAP) changes - whether download of new control programs or modification of the executing control program - are uniquely identifiable.
Such messages are received by ETSX and appropriate response provided depending upon, among other things, the position of the keyswitch. When a request from TS1131 is received by ETSX to download a new control processor actually ignores all commands when in RUN-address the items in the 01.
4/4/12 Update:
Need to explain program or modify the executing control program, ETSX accepts or rejects the request based on the voted keyswitch position. If the keyswitch is in RUN, all such messages are rejected. If the keyswitch is in PROGRAM, the Tricon is considered out of service and ETSX runs through the sequence of steps to download the new or modified control program, as appropriate.
Multiple hardware and software failures would have to occur on the V10 Tricon (in combination with human-performance errors in the control room and at the computer with TS 1131 installed) in order for the application program to be inadvertently reprogrammed. Therefore, there is no credible single failure on the V1 0 Tricon that would allow the safety-related application program to be inadvertently programmed, e.g., as a result of unexpected operation of the connected computer with TS1131 installed on it The above conclusion will be confirmed (for the V10 Tricon portion of the PPS Replacement) in the Failure Modes and Effects Analysis, an ISG-06 Phase 2 document planned for submittal to NRC in May 2012. Additionally, Invensys Operations Management will support the staffs review of the hardware and software associated with the OMC keyswitch by making all of the technical data available for audit.
how this message format works to reject messages from the Tristation when in RUN??
Graphs and visual presentation of these concepts would be helpful.
This issue will also have to be addressed for the ALS platform.
PG&EII nvensys needs to provide a
July 10, 12 DCPP PPS Open Item Summary Table Page 13 of 43 No SrC/RI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments
- TS 1131 contains function blocks that allow WRITE-access to a limited set of parameters programmed into the application software, but only for a limited duration after which the capability is disabled until WRITE-access is re-enabled. However, without these function blocks programmed into the application program neither the application program nor application program parameters can be modified with the OMC keyswitch in the RUN position.
technical explanation of how the MP3008N processor actually ignores all commands when in PG&E Administrative controls on use of keyswitch will be provided with commitment to include in procedures in response.
Note, TS 1131 is not used to change setpoints and protection set is inoperable when keyswitch is not in RUN position.
RUN-address the items in the 01.
1 8
AR (RS)
[ISG-06 Enclosure B, Item 1.21]
Setpoint Methodology: The NRC staff understands that a summary of SP (setpoint) Calculations will be provided in Phase 2, however, section 4.10.3.8 of the LAR also states that PGE plans to submit a separate LAR to adopt TSTF 493. The NRC cannot accept this dependency on an unapproved future licensing action. The staff therefore expects the licensee to submit a summary of setpoint calculations which includes a discussion of the methods used for determining as-found and as-left tolerances. This submittal should satisfy all of the informational requirements set forth in ISG6 section 0.9.4.3.8 without a condition of TSTF 493 LAR approval Closed N/A Discussed at 4/18/2011 CC.
Requested that PGE add to the response a statement that the setpoint changes associated with this modification will be submitted for evaluation independently with no reliance on TSTF 439 licensing action.
(Kemper 4-12-12)
Response
received April 2, P&GE response:
The evaluation of the setpoints for the PPS replacement will need to be performed by Westinghouse in two phases in order to provide sufficient documentation to support 95/95 setpoint values for the setpoints. This is because the NRC staff has been requesting additional information and additional data and analysis to demonstrate that the uncertainties used in the
July 10, 12 DCPP PPS Open Item Summary Table Page 14 of 43 P&GE response:
Status RAI No.
RAI Comments No I SrclRI I Issue Description (Date Sent)
Response
(Due Date) setpoint calculation have been based sample data to bound the assumed v the calculation is appropriate) during setpoints. Significant information is r, vendors, that has never been obtaine calculations that can support 95/95 s The first phase of the evaluation of th PPS replacement setpoints for the Tr expected bounding uncertainty value includes a discussion of the methods as-left tolerances will be submitted b commitment 31 in Attachment 1 to th LAR The setpoint information assoc submitted independently of the LAR f, TSTF-493 licensing action.
The second phase of the evaluation 0 on a statistically sufficient quantity of
,lIues (to justify the confidence level of
'ecent Westinghouse projects involving
~quired from the transmitter and RTD j before, to support development of
~tpoint values.
~ setpoints will include evaluation of the con and ALS architecture using
" A setpoint summary evaluation which used for determining the as-found and May 31, 2012. This is a change to the
~ Enclosure to the PPS Replacement ated with the PPS replacement is being
)r TSTF-493 and does not rely on a f the setpoints will include development of Westinghouse calculations of the P PS replacement setpoints for the Tricon and ALS architecture using su ficient information from vendors to substantiate that the setpoints are 95. 95 values. The Westinghouse calculations will be completed by Dec ember 31,2012 and will be available for inspection by NRC staff in Washin gton DC with support provided by Westinghouse setpoint group person Westinghouse calculations in Washin another recent utility project involving leI. The NRC staff inspection of
~ton DC has been performed for setpoints.
29, 2012, PG&E's commitment to provide summary calc's by May 31, 2012 and not revise these setpoints via a TSTF-439 LAR addresses this 01.
Close this 01.
317112 update:
PG&E stated that all setpoints determinations will be addressed as part of this LAR, and NOT submitted as a TSTF-493 licensing action.
3/21/12 update:
The staff may chose to review the Westinghouse calculations at the Westinghouse office in Washington DC.
However, if the safety finding is dependent on these calculations,
July 10, 12 DCPP PPS Open Item Summary Table Page 15 of 43 No r-SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments then the setpoint calculations will be required to be submitted on the docket per NRC licensing procedures 9
AR (BK)
L TR Safety Conclusion Scope and Applicability - Many important sections of the DCPP PPS LAR refer the reader to the ALS licensing topical report (LTR) to demonstrate compliance of the system with various Clauses of IEEE 603 1991, IEEE 7-4.3.2-203, and ISG-04. However, many important sections of the ALS L TR state that compliance with various Clauses of these IEEE Stds and ISG-04 are application specific and refer the reader to an application specific license amendment submittal (Le., the DCPP PPS LAR in this case).
The staff has not yet had time to evaluate al\\ the LAR information in detail and compare this information with that provided in the ALS L TR to ensure there is no missing information. However, PG&E and its contractors are encouraged to review these two licensing submittals promptly to verify that compliance with these IEEE Stds and ISG-04 are adequately addressed within both licensing documents.
Closed No specific RAI needed for this
- 01. RAI
- 4 addresse s this item as noted below in 0115.
complian ce matrix for the ALS platform.
(Kemper 4-12-12)
Response
received April 2, 29,2012. The PG&E response to this item address the 01. Close this
- 01.
P&GE response:
PG&E and Westinghouse have reviewed the LAR 11-07 and the ALS topical report to verify information is provided to justify compliance with IEEE 603-1991, IEEE 7-4.3.2-2003, and ISG-04 in either the LAR or the ALS topical report. As a result of the review, it was identified that neither the LAR nor the ALS topical report contain a matrix that documents compliance with ISG-04 Table 5-4 for the DCPP ALS platform. PG&E will submit a matrix that documents compliance with ISG-04 Table 5-4 for the DCPP ALS platform by May 31,2012.
10 RS Plant Variable PPS Scope - In the Description section of the LAR, section 4.1.3, nine plant variables are defined as being required for RTS and section 4.1.4 lists seven plant variables that are required for the ESFAS. Three Closed RAI02
July 10, 12 DCPP PPS Open Item Summary Table Page 16 of 43 No Status SrC/R/
Issue Description P&GE response:
RA/ No.
RA/
Comments (Date Sent)
Response
(Due Date) f-additional plant variables were also listed in section 4.10.3.4.
Some variables are not listed in section 4.10.3.4 as being PPS monitored plant parameters. It is therefore assumed that these parameters are provided as direct inputs to the SSPS and that the PPS is not relied upon for the completion of required reactor trip or safety functions associated with them. Please confirm that these plant parameters and associated safety functions will continue to operate independently from the PPS and that the replacement PPS will not adversely impact the system's ability to reliably perform these functions.
P&GE response:
The PPS Replacement LAR Sections 4.1.3 and 4.1.4 describe the plant variables from which RTS and ESFAS protective functions are generated.
The initiation signal outputs to the SSPS coincidence logic are generated in Neutron Flux is an the PPS or other, independent systems, or in some cases, by discrete input to Tricon but it devices. Section 4.1.3 items 6 (RCP bus UF, UV, and breaker position, 8 is not listed in (Main Turbine trip fluid pressure and stop valve position) and 9 (seismic Table 4-2 "Process acceleration) are generated by discrete devices outside the PPS and provide Variable inputs to direct contact inputs to the SSPS. Section 1.4 items 6 (Containment Exhaust Tricon" Radiation) and 7 (RT breaker position Permissive P-4) are also generated outside the PPS and are direct contact inputs to the SSPS. The initiation Signals not signals associated with these plant parameters operate independently from associated with the PPS. The replacement PPS will not adversely affect the reliable PPS functions will performance of the safety functions associated with these plant parameters.
be designated as such in the SE and The three signals (Wide Range RCS Temperature and Pressure and Turbine they will not be Impulse Chamber Pressure) not listed in Sections 4.1.3 and 4.1.4 are described since monitored by the PPS per Section 4.10.3.4. The Wide Range RCS Pressure they are not in and Temperature signals are used to generate the LTOP function described
July 10, 12 DCPP PPS Open Item Summary Table Page 17 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments in DCPP FSAR Section 5. The PPS uses Turbine Impulse Chamber Pressure to generate an initiation signal that is used by the SSPS coincidence logic to develop Permissive P-13 as discussed in RAI 3, below.
Neutron Flux should be added to Section 4.2 Table 4-2 as follows:
Input to Overtemperature 11 Neutron Flux (Power Temperature (OTDT) RT Range, Upper & Lower)
Input to Overpower 11 Temperature (OPDT) RT scope.
11 RS Power Range NIS Function - Section 4.1.7 describes the Existing Power Range NlS Protection Functions and it states that the Power Range nuclear instrumentation provides input to the OTOT, and OPOT protection channels.
It is not entirely clear whether any of the described NIS protection functions will be performed by the PPS system. Please clarify exactly what the role of the PPS system is for these NIS Protection functions.
Closed* N/A Only PPS Functions will be described in the SE.
5/30/12 Determined that no RAI is needed for this item.
P&GE response:
Power range analog inputs are provided by the NIS to each PPS Protection Set for use in the calculation of the Overtemperature Oelta-T and Overpower Delta-T Setpoint in the Delta-Trravg channels. No other NIS signals interface with the PPS. The NIS Protection functions (RT and power range permissives) are generated independently by Nuclear Instrumentation bistable comparators. The NIS bistable outputs are sent directly to the SSPS and have no physical interface with the PPS.
12 RS Permissive Functions - Several Permissive functions are described within the LAR. It is not clear to the staff whether any of these functions are to be performed by the PPS or if the PPS will only be providing input to external systems that in turn perform the permissive logic described in the LAR.
Section 4.1.9 states that "Settings of the bistable comparators used to develoj) the permissives are not affected by the PPS Replacement Project", _
Closed RAI03
i July 10, 12 DCPP PPS Open Item Summary Table Page 18 of 43 No SrclRJ Status RAJ No.
RAJ Jssue Description P&GE response:
Comments (Date Sent)
Response
(Due Date) which implies that all of these permissive functions are performed by systems other than the PPS. However, it is still unclear if this statement applies to all permissive functions described throughout the LAR or if it applies only to those permissives relating to Pressurizer Pressure. It is also possible that the permissive functions are being performed by the existing PPS and will continue to be performed by the replacement system and therefore remain "not affected" by the PPS replacement project.
Please provide additional information for the following permissive functions to clearly define what the role of the PPS system will be for each.
P-4 Reactor Trip P-6 Intermediate Range Permissive P-7 Low Power Permissive (Bypasses low Ppzr reactor trip)
- P-8 Loss of Flow Permissive P-9 Power Permissive P-10 Power Range Power Low Permissive P-11 Low Pressurizer Pressure SI Operational Bypass P-12 No-Load Low-Low Tave Temperature Permissive P-13 Turbine Low Power Permissive
- P-14 Hi-Hi Steam Generator Level
Permissive function initiation signals generated within the existing PPS will continue to be performed by the replacement PPS and therefore remain "not affected" by the PPS replacement project. Permissive function initiation signals that are generated independently of the existing PPS will continue to be generated independently.
The NRC Permissive P6, P-8, P-9, and P-10 initiation signals are bistable understands that all comparator outputs from the independent NIS to the SSPS. There is permissives are no interface with the PPS.
developed within Permissive P-4 initiation signals are direct contact inputs to the SSPS
July 10, 12 DCPP PPS Open Item Summary Table Page 19 of 43 No SrC/R/
Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments coincidence logic generated from contacts in the Reactor Trip Breakers (RTB). There is no interface with the PPS.
Permissive P-11, P-12, P-13, and P-14 initiation signals are generated by bistable comparator outputs generated in the PPS and sent to the SSPS.
Permissive P-7 is generated in the SSPS from 3 out of 4 power range NI channels (from NIS - P-10) below setpoint and 2/2 turbine impulse chamber pressure channels below setpoint (From PPS - P13).
The bistable initiation signals described above are monitored by the SSPS.
The SSPS generates the Permissive when appropriate coincidence of initiation Signals is detected. No SSPS permissive or safety function coincidence logic is changed by the PPS replacement project.
Permissives P-6, P-7, P-8, P-9, P-10, and P-13 are functionally described in FSAR Table 7.2-2. Permissives P-4, P-11, P-12, and P-14 are functionally described in FSAR Table 7.3-3.
The bistable comparator setpoints for the above-listed permissives are not expected to change at this time.
the SSPS system.
Permissives P11 -
P14 use inputs provided by PPS system. All other permissives use inputs generated by external systems that are independent of the PPS.
See 13 below.
13 RS P12 Permissive Contradiction - The second paragraph of section 4.1.20 describes the P-12 interlock and states that "These signals are developed in the PPS". This statement is then contradicted in the third paragraph by the following statement;
'These valves are not safety-related, but are interlocked with the P-12 signal from the SSPS."
In conjunction with the response to RA13, please provide a resolution for this contradiction in section 4.1.20 of the LAR.
Closed N/A The NRC understands that 1
0--.
July 10, 12 DCPP PPS Open Item Summary Table Page 20 of43 No SrC/RI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments the P12 signal is generated by the SSPS using signals developed in the PPS.
5/30/2012 Determined that no RAI will be needed for this item.
P&GE response:
The word "signals" in the referenced Section 4.1.20 sentence, "These signals are developed... " is referring to the bistable comparator outputs which are monitored by the SSPS. The PPS does not generate the P-12 Permissive itself. The actual P-12 Permissive is generated by the SSPS when appropriate coincidence of initiation signals is detected. The SSPS output is interlocked with the valves as stated in the third paragraph of Section 4.1.20.
The LAR Section 4.1.20 is clarified by the following statement:
"... The P-12 Permissive is developed in the SSPS based on coincidence of the P-12 bistable comparator output initiation signals from the PPS...
Protection System Permissives (P-11 unblock SI from ALS, P13 Turbine power permissive from Tricon, and P-14 Steam Generator Level high-high from Tricon) are generated by coincident logic in the SSPS based on initiating signals (bistable outputs) from the PPS as noted in the response to 01 #12. Permissive development, including initiating signals and logic coincidence is shown in FSARU Tables 7.2-2 (RTS) and 7.3-3 (ESFAS).
The PPS does not perform coincident logic functions and does not "generate" any protection system permissives.
14 RS Section 4.1.1 SSPS contains the following statement in the last paragraph; "Information concerning the P PS status is transmitted to the control board status lamps and annunciators by way ofthe SSPS control board demultiplexer and to the PPS by way ofthe SSPS computer demultiplexer."
Why would the PPS status need to be transmitted to the PPS as the sentence suggests in the last phrase?
Closed N/A PGE Response resolves this Open Item. Change status to Closed.
PG&E response:
The sentence in Section 4.1.1 contains a a typographical error. The sentence should read:
-_.................... _~............ __..............._.
July 10, 12 DCPP PPS Open Item Summary Table Page 21 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments "Information concerning the PPS status is transmitted to the control board status lamps and annunciators by way of the SSPS control board demultiplexer and to the Plant Process Computer (PPC) by way of the SSPS computer demultiplexer."
As used in the Section 4.1.1. paragraph, "PPS Status" means "PPS Channel Trip Status."
15 (BK)
An ISG-04 compliance matrix for the DCPP PPS system was not submitted with, or referenced in, the LAR for the W/ALS platform. Instead the ISG-04 compliance section 4.8 of the LAR refers the reader to the ALS L TR for nearly all the points of ISG-04. Fig. 4.4 and 4.5 of the LAR indicate various 1E and non-1E communication pathways to and from ALS processor (e.g.,
Closed Drafted RAI#4 to obtain an answer I report to (Kemper 4-4-12)
No further discussion necessary until May 31,2012.
I Maintenance Work Station, plant computer, process control, port aggregator, and 4-20 ma temperature signal to Tricon processor). These are all application specific features of the PPS and the staff expects a W/CSI ALS document to be submitted, similar in scope and detail to the Invensys "PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT DI&C-ISG-04 CONFORMANCE REPORT" Document No.
993754-1-912 Revision 0, to be submitted on the docket, which explains how the ALS portion of the PPS application conforms with the guidance of ISG
- 04.
address this ISG 04 complian ce matrix for the ALS platform.
4/4/12 update: The draft ALS ISG-04 compliance matrix on the AL TRAN Sharepoint website is not detailed enough for the staff to use in approving the ALS portion of the PPS' communications
.. -.. --.-.-~-
July 10, 12 DCPP PPS Open Item Summary Table Page 22 of 43
,~---
No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
RA/
Response
(Due Date)
Comments PG&E response:
PG&E is developing the ISG-04 compliance matrixTable for the ALS platform and PG&E will submit the Table by July 31, 2012.
Section 1.4.4 (pg. 12/38) of document 993754-1-813 Diablo Canyon Triconex PPS Validation Test Plan (VTM) states "The network equipment, including media converter, NetOptics Network Aggregator Tap, and gateway hub, and the MWS will not be within the test scope of this VTP. The Nuclear Delivery (NO) group will coordinate with Pacific Gas & Electric for system staging prior to turn over to Nuclear IV&V. The Nuclear IV&V group will confirm proper operation of network communications system interfaces before beginning testing addressed in this VTP." When, where, and what procedures will be used to test the network equipment??
Closed design. Suggest PG&E review the Invensys ISG-04 Doc. Document No.
993754-1-912 (-P)
Revision 0, and provide guidance for an ALS document at the same level of detail.
16 (BK)
RAI05 Received two papers discussing integration test plans for PPS system. These papers were discussed at the 4/18/2011 CC.
The staff agrees that the analog RTD signal loops may be tested separately at the Tricon FAT and at the ALS FAT to satisfy integration test requirements.
The staff expressed some concerns over the statement that "There is no digital data PG&E response: Additional information on the PPS testing is being provided to the staff. The information on the PPS testing was updated on May 9 to address staff comments provided in the 4/18/22 conference call. The VTM will need to be updated based on the additional information. A date that the updated VTM will be submitted will be provided after feedback from the staff is received on the additional information on the PPS testing.
July10,12 DCPP PPS Open Item Summary Table Page 23 of 43 No SrC/RI Issue Description P&GE response:
Status RAI No.
(Date Sent)
RA/
Response
(Due Date)
Comments connection between the Tricon and the ALS." This appears to be a misleading statement since both systems do have connections to the common MWS. Further clarification should be provided and the statement should be revised to describe the nature of the MWS connections to each system.
A follow-up discussion was had at the 5/16/12 conference call.
The NRC staff feels that the final integration to be performed during SAT as proposed, will have to be complete and the results submitted prior to issuance of the SE.
July 10, 12 DCPP PPS Open Item Summary Table Page 24 of 43
~
r-No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments 17 (BK)
Section 5.1.4.3, Hardware Validation Tests, (pg. 27/38) of document 993754 1-813 Diablo Canyon Triconex PPS Validation Test Plan (VTM) states that the ALS equipment will not be included in the FAT. Where, when, and what procedures will be used to fully test the Integrated PPS system (both Tricon V10 and ALS platforms together) be subjected to FAT.
Closed RAI06 This issue was discussed at the 4/18/2011 CC.
PGE proposed performance of separate but overlapping tests at each factory to accomplish the integration test.
The staff has some concern over the fact that the MWS's to be installed in the plant would only be tested during the Tricon FAT. A fifth MWS to be configured the same as the plant MWS's is to be used during the ALS FAT.
One option to resolve this concern may be to credit the SAT test results in the SE.
The current schedule for SAT (July 2013) does support this.
PG&E response: Additional information on the PPS testing is being provided to the staff. The VTM will need to be updated based on the additional information. A date that the updated VTM will be submitted will be provided after feedback from the staff is received on the additional information on the PPS testing.
~~-
July 10, 12 DCPP PPS Open Item Summary Table Page 25 of 43 r-No SrC/RI Issue Description P&GE response:
Status RAI No.
RAI Comments (Date Sent)
Response
(Due Date) 18 (BK)
Software Management Plan: Regulatory Guide (RG) 1.168, Revision 1, Closed RA17&8 (Kemper 4/12112)
"Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," dated February 2004 endorses IEEE (Institute of Electrical and Electronics Engineers) 1012-1998, "IEEE Standard for Software Verification and Validation," and IEEE 1028 1997,"IEEE Standard for Software Reviews and Audits," with the exceptions update: The staff has reviewed the Invensys IEEE 1012 compliance matrix on the PG&ElAltran stated in the Regulatory Position of RG 1.168. RG 1.168 describes a method sharepoint directory acceptable to the NRC staff for complying with parts of the NRC's regulations for promoting high functional reliability and design quality in software used in safety systems. Standard Review Plan (SRP) Table 7-1 and Appendix 7.1-A identify Regulatory Guide 1.168 as SRP acceptance criteria for reactor trip systems (RTS) and for engineered safety features actuation systems (ESFAS) and it appears to be acceptable. The matrix appears to be comprehensive and indicates no exceptions to any clauses in IEEE The Invensys PPS Replacement Software Verification and Validation Plan (SWP), 993754-1-802 does not provide a clear explanation of how the 1012. No attempt was made to Invensys SWP complies with IEEE 1012-1998. Please provide a cross reference table that explains how the Invensys SWP implements the criteria of IEEE 1012-1998.
review/verify that where I nvensys claims compliance Also, the Westinghouse/ALS 6116-00000 Diablo Canyon PPS Management Plan, does not provide a clear explanation of how the CSI SWP complies with IEEE 1012-1998. Please provide a cross reference table that explains how the WICSI SWP implements the criteria of IEEE 1012-1998.
with any particular Clause in the Std, that the respective section in their SWPis acceptable-the
19 July 10, 12 DCPP PPS Open Item Summary Table Page 26 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
RAI Comments (Date Sent)
Response
(Due Date)
PG&E response:
Westinghouse incorporated the IEEE-1012 compliance table in the AlS V&V plan document 6116-00003 in Appendix A Table A-1 and PG&E submited the AlS V&V plan document 6116-00003 to the staff on June 6,2012, in to the Enclosure of PG&E letter DCl-12-050.
staff will work through this as the SWP is reviewed and evaluated for approval. Please submit the document on the docket.
This 01 will remain open pending review of the Westinghouse/CSI document.
RS Section 4.1.1 of the LAR states that; "The SSPS evaluates the signals and performs RTS and ESFAS functions to mitigate Abnormal Operational Occurrences and Design Basis Events described in FSAR [26] Chapter 15. "
however, Chapter 15 of the DCPP FSAR does not use the terms Abnormal Operational Occurrence (AOO) or DeSign Basis Accident (DBE). Instead, the accident analysis in chapter 15 identifies conditions as follows; CONDITION I - NORMAL OPERATION AND OPERATIONAL TRANSIENTS CONDITION 11-FAULTS OF MODERATE FREQUENCY CONDITION III - INFREQUENT FAULTS Open RAI9 3/21/12 update:
PG&E has created a share point website for NRC to review PPS design drawings that will address this issue as well as 01 20 and 21. NRC staff will determine if they are needed to be submitted on the docket. PG&E will ensure the website is information is only applicable to this licensing action.
July 10, 12 DCPP PPS Open Item Summary Table Page 27 of 43 No SrclRJ Issue Description P&GE response:
CONDITION IV - LIMITING FAULTS As such, the statement that AOO's and DBE's are described in the FSAR appears to be inaccurate. Please explain the correlation between the Conditions described in FSAR chapter 15 and the Abnormal Operational Occurrences, and Design Basis Events described in the LAR.
PG&E response: The AOO's are referred to as ANS Condition I "Operational Transients" in FSAR Chapter 15 and are addressed in FSAR Chapter 15.1.
The design basis accidents are referred to as ANS Condition /I "faults of moderate frequency," ANS Condition III "infrequent faults," and ANS Condition IV "limiting faults" and are addressed in FSAR Chapter 15.2, 15.3, and 15.4 respectively.
Status RAJ No.
(Date Sent)
RAI Comments
Response
(Due Date)
July 10, 12 DCPP PPS Open Item Summary Table Page 28 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
RA/
Response
(Due Date)
Comments 20
~
RS The system description provided in Section 4 of the LAR includes "functions performed by other protective systems at DCPP in addition to the PPS functions". In many cases, there is no explanation of what system is performing the functions described nor is there a clarification of whether the described functions are being performed by the PPS system.
As an example, Section 4.1.16 describes a bypass function to support testing of the high-high containment pressure channel to meet requirements of IEEE 279 and IEEE 603. The description of this function does not however, state whether this latch feature is being implemented within the PPS system or in the SSPS.
The staff needs to have a clear understanding of the functional scope of the PPS system being modified in order to make its regulatory compliance determinations. Please provide additional information such as PPS function diagrams to help the staff distinguish PPS functions from functions performed by other external systems.
Closed N/A 3/21/12 update:
PG&E has created a share point website for NRC to review PPS design drawings that will address this issue.
NRC staff will determine if they are needed to be submitted on the docket. PG&E will ensure the website is information is only applicable to this licensing action.
5/30/12 Determined that no RAI will be needed for this item.
7/02/12 Closed Item. Information in Function diagrams is sufficient for NRC to determine PPS functionality.
PG&E Response: PPS design drawings have been provided to the staff on the Sharepoint site.
July 10, 12 DCPP PPS Open Item Summary Table Page 29 of 43 No SrclRI Issue Description P&GE response:
21 RA Westinghouse/CSI document 6116-00005, "Diablo Canyon PPS System Test Plan," states that the ALS-102 FPGA design is changed for the DCPPS System. Further, Section 5.3.3 states: "Test as many of the ALS-1 02 requirements as possible."
Please identify what document describes the design verification test for this board.
PG&E response: The documents that describe the design verification tests for the ALS-102 are 6116-70140, "Diablo Canyon PPS System Test Design Specification," submitted June 6,2012, and 6116-10216, "Diablo Canyon PPS W Simulation Environment Specification" that will be submitted by September 30,2012.
Status Open RAI No.
(Date Sent)
RAI10 RAI
Response
(Due Date)
Comments 6-13-12 update (Kemper):
PG&E understands that they need to provide an update to this response. In the meantime, PG&E and ALS have provided 2 design specifications that will address this 01.
These documents are placed on the PG&E sharepoint website. Doc. No 6116-10740 was submitted on June 6, 2012, which describes ALS system test design specification. Doc.
No 6116-00005 was also submitted on June 6,2012, which describes ALS system test plan.
Doc. No. 6116 10216 ALS W Simulation Environment Specification will be provided in the future.
3/21/12 update:
~--
July 10, 12 DCPP PPS Open Item Summary Table Page 30 of 43 No SrclRI Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments I
PG&E has created a share point website for NRC to review PPS design drawings that will address this issue.
NRC staff will determine if they are needed to be submitted on the docket. PG&E will ensure the website is information is only applicable to this licensing action.
NRC-the response provided does not address the question.
22 BK Follow-on 01 # 5 question pertaining to the PPS VTP:
Section 1.4.4 (pg. 12/38) states "The network equipment, including media converter, NetOptics Network Aggregator Tap, and gateway hub, and the MWS will not be within the test scope of this VTP. The Nuclear Delivery (NO) group will coordinate with Pacific Gas & Electric for system staging prior to turn over to Nuclear IV&V. The Nuclear IV&V group will confirm proper operation of network communications system interfaces before beginning testing addressed in this VTP," When, where, and what procedures will be used to test the network equipment??
Also, section 5.1.4 (3) Hardware Validation Tests states that the ALS equipment will not be included in the FAT (pg. 27/38). Where, when, and what procedures will be used to fully test the Integrated PPS system (both Tricon V10 and ALS platforms together) be subjected to FAT.
Closed RAI5 I
July 10, 12 DCPP PPS Open Item Summary Table Page 31 of 43 No SrciR/
Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments I
PG&E response:
Additional information on the PPS testing is being provided to the staff. The VTP will need to be updated based on the additional information. A date that the updated VTP will be submitted will be provided after feedback from the staff is received on the additional information on the PPS testing.
23 BK Section 4.2.13.1 of the LAR (page 85) states; "Figure 4-13 only shows one TCM installed in the Tricon Main Chassis (Slot 7L), the PPS replacement will utilize two TCM cards in each main chassis (Slots 7L and 7 -R). This will provide two non-safety-related communication paths to the MWS and the PPC Gateway Computer from each Protection Set to ensure continued communications if a single TCM fails.
The NetOptics Model PA-CU/PAD-CU1 PA-CU port aggregator network tap was approved previously by NRC for a similar application in the Oconee RPS SER Section 3.1.1.4.3 [18]. The NRC staff determined that due to the electrical isolation provided by use of fiber optic cables and the data isolation provided by the Port Tap and the Maintenance and Service Interface (MSI) in the Oconee RPS, there was reasonable assurance that a fault or failure within the Oconee Gateway computer or the Operator Aid Computer will not adversely affect the ability of the Oconee RPS to accomplish its safety functions.
During the SAT PG&E will test the Protection Set communications paths illustrated in Figure 4-13 to verify that there is no inbound communications path associated with port aggregator network tap Port 1. That is, PG&E will verify that communications from Port 1 to either the TCM on Port A or the MWS on Port B of the port aggregator network tap are not permitted.
Results of this test will be documented in final System Verification and Validation Report. Port aggregator dual in-line package (DIP) switch positions will be controlled by DCPP configuration management processes."
In order for the Staff to approve the integrated configuration of the PPS, prior to shipment of the PPS equipment to DCPP site, all communications paths will require testing on or before FAT, and before completion of the SER. This testing is typically completed during or before the PPS FAT, otherwise, the SER will not be completed until after the SAT. Please provide a test scheme/procedures that satisfies all regulatory requirements prior to or Closed RAI11 1 The NetOptics Model PAO-CU has two one-way output ports but is otherwise identical in function to the PA-CU.
July 10,12 DCPP PPS Open Item Summary Table Page 32 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments during the FAT. Otherwise, if this testing will be completed during the SAT, as stated in the LAR, please provide a detailed schedule for this testing so the NRC can revise its PPS LAR Review Plan accordingly.
PG&E response: Additional information on the PPS testing for ALS is being provided to the staff. A date the additional information will be submitted will be provided after feedback from the staff is received on the additional information on the PPS testing for ALS.
I 24 RJS
~~~~
- a. Section 4.1.17 paragraph 3 discusses the protection functions associated with High - High Steam Generator Level or P-14. In this discussion it is stated that the SI signal initiates the same two functions (Turbine Trip and Feedwater Isolation) however, there is no mention of this in section 4.1.9 or in the discussion of the P-14 permissive. Please confirm that P-14 can be initiated by either High High SG Level or by initiation of SI.
- b. This same section also states that the described latched in function serves to comply with IEEE Std. 279 Section 4.16. The replacement Closed NIA
~-~
Item initiated on 4/23/2012.
PGE Response accepted.
I
July 10, 12 DCPP PPS Open Item Summary Table Page 33 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
RA/
Response
(Due Date) comments-I PPS system is not being evaluated against the criteria of IEEE 279.
Instead, IEEE 603-1991 is being used and the equivalent criteria is contained in section 5.2 of IEEE 603 1991. PGE needs to understand that the criteria of IEEE 279 are not relevant to this review effort.
PG&E response:
- a. Turbine Trip can be initiated by either the P-14 steam generator level protection function OR by the latched Safety Injection (SI).
Section 4.1.17 describes the Steam Generator Level High-High Protection function P-14. Upon sensing high steam generator level, the PPS generates an initiation signal to the SSPS, which generates the turbine trip signal and initiates Auxiliary Feedwater when coincidence of 2 of 33 high-high level signals in any steam generator is detected.
Section 4.1.9 describes Pressurizer Protection Functions, one of which is initiation of Safety Injection through the SSPS when coincidence 3 of 4 Pressurizer Pressure Low-Low signals from the PPS is detected. The SI actuation signal also actuates turbine trip and Auxiliary Feedwater through the SSPS, but SI is not initiated by Steam Generator Level High-High The P-14 protection function is initiated ONLY by steam Generator Level High-High. Through the SSPS, P-14 will trip the turbine and actuate Auxiliary Feedwater. A SI signal will also actuate Turbine trip and Auxiliary Feedwater, among other actions. Pressurizer Protection functions do not initiate P-14 and Steam Generator Level High-High P-14 does not initiate SI.
- b. PG&E intended Section 4.1 to describe the existing PPS and to apply only to the existing PPS, which complies with IEEE 279-1971.
Sections 4.2 to 4.13 of the LAR apply to the PPS Replacement.
Section 4.10.2.2 describes compliance of the PPS Replacement with IEEE 603-1991 Section 5.2. PG&E understands and appreciates that IEEE-603 applies to the PPS replacement.
July 10, 12 DCPP PPS Open Item Summary Table Page 34 of 43
~~~~~-~~~
~~~~~~-
~~~
No SrclRJ Status RAJ No.
RAJ Comments (Date Sent)
Jssue Description P&GE response:
Response
(Due Date) 25 Closed N/A RJS Sections 4.1.17, and 4.1.21 state that the P-9 permissive is the "Power Item initiated on Range at Power" function while Section 4.1.9 states that the P-10 Permissive 4/23/2012.
is also called the "Power Range at Power" function. Is it correct that both of these permissives are called "Power Range at Power" and that they perform PGE Response different functions?
Accepted.
PG&E response:
Both P-9 and P-10 are "Power Range at Power" functions; both are active when the Power Range NI channels are at power.
Permissive P-9 blocks reactor trip on turbine trip when 3 of 4 Power Range NI channels are below 50%.
Permissive P-10 is active when 2 of 4 Power Range NI channels are above 10%. Permissive P-10 is combined with Turbine Power Permissive P-13 (which is active above approximately 10% turbine load) to provide input to Permissive P-7 that allows blocking several low power reactor trips.
In effect, Permissive P-10 is the "Power Range at Power-Low" permissive" and Permissive P-9 is the Power Range at Power - High" permissive. This is consistent with the response to 01 #12, above.
Item Initiated on 26 RJS RAI12 The PG&E SyOAP defines Supplier tasks that are related to assurance of Open 4/25/2011 software quality for each of the following phases of development; Will need formal
- Project Initiation and Planning response for this
- Conceptual Design item. Therefore
- Requirements this will be an RAI.
- Design
- Implementation
- Integration
- Test These phases do not align with the phases used in the ALS or Tricon development lifecycles. For instance, the Tricon SOAP defines the phases as Requirements, Design, Implementation, and Test (Validation). Because
July 10, 12 DCPP PPS Open Item Summary Table Page 35 of 43 No SrciR/
Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments of this, it is not clear how assurance of task completion can be accomplished.
During which Tricon phases would those tasks listed under Integration, Initiation and Planning, and Conceptual Design be performed?
The ALS SOAP does not mention phases but the ALS Management plan defines the development phases as; Planning, Development, Manufacturing, System Test, and Installation.
Would it be possible for PGE to provide a mapping of Phases defined in the SyOAP to the Phases of the ALS and Tricon system development processes so that the staff can correctly identify and confirm performance of these QA tasks?
PG&E response:
PGE will provide a mapping of Phases defined in the SyOAP to the Phases of the ALS and Tricon system development processes. The determination of the location of the mapping information and date to be submitted is IN PROGRESS.
27 RA Software Management Plan The LAR, Attachment 3, describes the project organization, roles and responsibilities for the PPS replacement project. This document does not describe oversight activities that PG&E will perform during the PPS replacement project, as well as the interface between PG&E and Invensys and WEC/CSI, and the methodology to judge quality of the vendor effort.
Please provide this information.
Open RAI13 The POP will need to be submitted.
July 10, 12 No SrclRI DCPP PPS Open Item Summary Table Issue Description P&GE response:
PG&E response:
Oversight activities for the project were discussed in Section 4.2.11, Appendix B Compliance, of the LAR that discusses the DCPP Quality Assurance Program and Procurement Control Program and states that PG&E will audit 10M and CSI during the manufacturing phase under the PG&E Nuclear Procurement Program and associated directives.
Status RAI No.
(Date Sent)
Response
(Due Date)
Page 36 of43 Comments In support of the oversight activities, a PG&E will issue a Project Quality Plan (PQP) that will define the oversight activities to be performed, including technical audits, cyber security audits, and software quality assurance audits.
The PQP is expected to be issued in June and will be submitted to the staff by July 31,2012.
Following the performance of the PQP audits, audit reports will be created and a PQP Audit Summary Report will be created. PG&E will submit the PQP Audit Summary Report to the staff at the time the vendor hardware is delivered to PG&E. The vendor hardware is currently expected to be delivered to PG&E in Spring 2013.
The PQP audit reports will not be submitted but will be made available to the NRC staff for review.
28 RA Software Management Plan The LAR, Attachment 3, states that PG&E is responsible for the following activities in the lifecycle: project initiation and planning phase, conceptual design phase, requirements phase, installation and checkout phase, operation phase, and maintenance phase. Further, Section 3.1.10 states that PG&E will follow the activities described before for software modifications. Please explain how PG&E will perform software modifications to the Tricon and ALS platforms once the PPS replacement project is completed.
Closed NIA Alvarado (6/13/12):
PG&E place a copy of their Software Configuration Management Plan in their Sharepoint site.
July 10, 12 DCPP PPS Open Item Summary Table Page 37 of 43 No SrclRI Issue Description P&GE response:
Status RA/ No.
RA/
Comments (Date Sent)
Response
(Due Date)
PG&E response:
The control of the software modifications to the Tricon and ALS platforms once the PPS replacement project is completed will be by the Process Protection System Replacement Software Configuration Management Plan, SCM 36-01, Revision 0, which was submitted as part of the Phase 2 document submittal on June 6, 2012, in Attachment 4 to the Enclosure of PG&E Letter DCL-12-050.
The SCM-01, Revision 0, document has been placed on the Sharepoint site.
29 RA Software Management Plan -
Open RAI13 The LAR, Attachment 3, states that the PG&E Project Manager will share the responsibility for meeting the software quality goals and for implementing the software quality management throughout the project.
Please describe what responsibilities are going to be shared and how this is going to be performed.
PG&E response:
The PG&E Project Manager will share the responsibility for meeting the software quality goals with the PG&E Quality Verification organization personnel.
To implement the oversight activities, the PG&E Quality Verification organization will issue a Project Quality Plan (PQP) that will define the oversight activities to be performed, including technical audits, cyber security audits, and software quality assurance audits.
30 RA Software Development Plan -
Open RAI14 Section 7 of the Invensys Nuclear System Integration Program Manual (NSIPM) requires that non-conforming procedures shall be used to control parts, components, or systems which do not conform to requirements.
Invensys documents 993754-1-906, Software Development Plan, and 993754-1-905, PPS Replacement DCPP Project Management Plan, do not
31 July 10, 12 DCPP PPS Open Item Summary Table Page 38 of 43 No SrC/RI Issue Description P&GE response:
identify non-confirming procedures to be followed when deviations are identified and how deviations should be corrected.
Please provide this information.
PG&E response:
The Project Management Plan (PMP), 993754-1-905, is the overarching project management document for the Invensys scope of the PPS Replacement Project. It references other Invensys planning documents that discuss procedures to follow when deviations are identified and how they are corrected. The Software Development Plan, 993754-1-906, describes the software development process for the Invensys scope of the PPS Replacement Project. It will be revised to strengthen references to procedures to be followed when deviations are identified.
In addition, the Invensys Software Quality Assurance Plan, 993754-1-900, Section 8, and the Invensys Software Configuration Management Plan, 993754-1-909, Section 3.2, both provide reference to procedures to follow when deviations are identified and how deviations are corrected.
The revised Invensys project planning documents for the PPS Replacement Project will be submitted as part of the Phase 2 document submittals to the staff by July 31, 2012.
RJS Software Quality Assurance Plan:
IEEE 730 2002 stipulates in section 4 that "The SQAP shall be approved by the manager of each of the organizations having responsibilities in the SQAP. The PGE SYQAP has been approved by the PGE Diablo PPS Upgrade Project Manager and the Altran Project lead; however, there are several other organizations that have responsibilities delineated in the SOAP.
The managers of these organizations have not approved the SYQAP. The following organizations are aSSigned roles and Responsibilities within Section 3.4 of the SYQAP. Please explain the means by which these organizations have committed to comply with the requirements stated in the SYQAP.
- Vendor IW Projects Managers
- EOC DeSign Change Package Team
- PGE Project Engineering Team Status Open RAI No.
(Date Sent)
RAI15 RAI
Response
(Due Date)
Comments At the 5/16 meeting, the staff explained that PGE should have some commitment from all orgs that have activities in the SyQAP. This could be contractual or through activities that are delineated in other vendor plans or procedures.
July 10, 12 DCPP PPS Open Item Summary Table Page 39 of 43 No SrclRI Issue Description P&GE response:
Status RA/ No.
(Date Sent)
RA/
Response
(Due Date)
Comments
- OA Organization
- Testing and Integration Team
- V& V Organization PG&E response:
The software quality assurance plan was discussed in Section 4.11.1.1.1 of the LAR, which did not commit to IEEE 730 2002 criteria in developing the SOAP. IEEE Standard 7-4.3.2-2003 [76J Clause 5.3.1 references IEEE Std 730-1998 for guidancebut does not require itto be met.
PG&E is determining how to address the commitment from all organizations contained in the SyQAP as requested by the staff in the 5/16 meeting.
32 RJS Section 4.2.7 "Power Supply" of the LAR describes how power is supplied to the PPS. In this description, the 480V AC vital supply is described in the following ways.
- First it is described as back-up common bus to the 120 V distribution panels. We cannot tell if this is through a transformer or if this refers to the alternate supply to the inverters.
- It is also described as a supply to an inverter.
It is then described as supply to the battery charger From these descriptions, it is not clear to the staff how these vital power sources are configured in relation to the 120VAC panels thatfeed the PPS.
Would it be possible to provide a simplified diagram to show the relationship between the 125V Batteries 1DC Buses, Battery Chargers, Inverters, and the 120V AC distribution Panels that supply power to the PPS, Open RAI16 PGE Response accepted.
July 10, 12 DCPP PPS Open Item Summary Table Page 40 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments PG&E response:
The following description clarifies the 120 V vital instrument AC power supply to the pps:
1 Safety-related 480 VAC from vital AC motor control center (MCC) is fed to the UPS and rectified.
2 Rectifier output is fed to the inverter and converted to 120 VAC.
3 Safety related vital DC bus power is fed to UPS as immediate backup supply. The vital DC bus is backed up by the safety-related 125 VDC station battery, which is charged from vital 480 VAC.
4 Inverter output is fed through a static switch with integral manual bypass switch to vital instrument AC power distribution panels.
5 On loss of inverter output, the static switch will select backup regulating transformer output (120 VAC) to distribution panels.
6 The backup regulating transformer receives input from the 480 VAC supply. The backup regulating transformer may be aligned via a transfer switch to either of two 480 VAC busses; the normal supply or an alternate supply. The alternate supply circuit breaker is normally open to prevent interconnection of redundant power supplies due to a failed transfer switch. The transfer switch may not be used under load.
Refer to the attached block diagram for additional detail.
33 RJS (ALS SOAP) Software tools are used extensively during the FPGA development process. The staff therefore considers these tools to be a key component to the assurance of quality in the ALS system development process. The ALS SOAP states that "no additional tools, techniques, or methodologies have been identified" for the ALS system. The staff considers the development tools, as well as the techniques and methodologies used during system development to be relevant to the assurance of quality for the ALS system. Please provide information on the tools, and methodologies used during system development to ensure quality of the ALS system products.
Open Item initiated on 6/5/12.
6-13-12 update (Kemper): W/ALS agrees with NRC's position on tools and will revise the document (Doc.
No. 6002-00001) accordingly to
July 10, 12 DCPP PPS Open Item Summary Table Page 41 of 43 No SrC/RI Issue Description P&GE response:
Status RAI No.
(Date Sent)
Response
(Due Date)
Comments address this matter.
PG&E response: Westinghouse agrees that Section 8, Tools, Techniques, And Methodologies of the ALS QA Plan (6002-00001) should be revised to reference document 6002-00030, "ALS Design Tools." This document describes the tools used and how they are used in the design process. This document is also on the ALS docket. Westinghouse will submit a revision of the ALS QA Plan on the ALS docket.by IN PROGRESS 34 RJS (Software Integration Plans) The integration planning documentation referenced in section 4.5.4 of the LAR does not include any integration of the two sub systems (ALS integrated with Tricon). The PGE papers provided that discuss how FAT's will be performed may resolve this but these papers would have to be docketed as integration planning documents to support our SE. We also need to come to some agreement on the scope of integration to be accomplished prior to issuance of the SE.
Closed RAI20 Item initiated on 617/2012 6-13-12 update (Kemper): This seems duplicate of 0116 & 23.
7102/12 RJS This is related to 01 16 and 23, however, this specifically addresses the software integration planning documents being assessed. The current software integration plan discussed in section 4.5.4 of the LAR and the documents referenced from here do not adequately address PG&E response: IN PROGRESS
July 10, 12 DCPP PPS Open Item Summary Table Page 42 of 43 No SrclRI Issue Description P&GE response:
Status RAI No.
(Date Sent)
RA/
Response
(Due Date)
Comments this aspect of system integration.
As such the Integration Plan will have to be revised.
Just including integration in the FAT will not resolve the inadequacies of the integration planning documents.
I anticipate that a supplemental integration plan document will need to be submitted in order for PGE to resolve this.
New RAI added and 01 closed.
SD11 (21)
UPS IY11 (21)
- Nr TRY Transfer SWitch AC SwitCh To Protection SetiV July 10, 12 DCPP PPS Open Item Summary Table Page 43 of 43 Figure 1 DCPP 120 Volt Vital Instrument AC System (Simplified) 480V BUS 1 H (2H)
SD13 (23)
UPS IY13 (23)
AC AC Transfer Transfer Switch DC Nl Switch To Protection Set I Legend:
IY:
UPS and DC-AC Inverter PY:
120 VAC Distribution Panel SO:
125 VDC Distribution Panel TRY:
480 VAC/120 VAC Transformer and Regulator Normal Power Flow (N)
Bypass (120 VAC)/Backup (125 VDC) Power Flow Altemate Bypass Power Flow (A)
Unit 1 Component ID's are shown; Unit 2 Component ID's are in parentheses, For example, PY11 is Unit 1 Vital Instrument AC Distribution Panel 1; PY21 is Unit 2 Vital Instrument AC Distribution Panel 1 To Protection Set III
Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 2)
Actual Date Step Planned Task Date Oct.
26,2011 PG&E LAR Submittal for NRC approval. Submittal includes all 1
Oct.
26,2011 i
review per ISG-06, "Digital Licensing."
Phase 1 documents needed to be docketed prior to acceptance for Jan. 12, 2012 Jan. 12, Acceptance Review complete. LAR accepted for detailed technical 2
2012 the staff to complete its review. Scheduled public meeting with PG&E to discuss the results of the acceptance review.
3 review. Several issues identified that could present challenges for Jan. 13, 2012 Jan. 13, Acceptance letter sent to licensee.
2012 4
Jan. 18, 2012 Jan. 18, Conduct Public Meeting to discuss staff's findings during the LAR acceptance review. Staff proceeds with LAR technical review.
2012 5
PG&E provides information requested in acceptance letter. Initiate April 2, 2012 March 18.
bi-weekly telecoms with PG&E and its contractors to discuss 2012 potential RAI issues. Open Items spreadsheet will be maintained by NRC to document staff issues and planned licensee responses.
6 May 30, PG&E provides partial set of Phase 2 documentation per June 6, 2012 commitments made in LAR.
2012*
- PG&E provided a subset of the Phase 2 documents on June ffh and committed to send the rest by July 31, 2012.
7 July First RAI sent to PG&E on Phase 1 documentation (e.g.,
2012 speCifications, plans, and equipment qualification). Continue review of the application. Request 45 day response.
SER for Tricon V10 Platform issued final. This platform becomes a 2012 June 8
Tier 1 review of the LAR.
8.1 October SER for Westinghouse ALS Platform issued final. This platform 2012 becomes a Tier 1 review of the LAR.
August Receive answers to first RAI.
2012 10 9
September Audit trip to Invensys facility for thread audit; audit the life cycle 2012 planning documents and outputs, with particular emphases on verification and validation, configuration management, quality Assurance, software safety, the Invensys application software development procedures, and application software program design.
11 October Audit report provided to PG&E and its contractor.
2012 12 November Second RAI to PG&E on Phase 2 documentation (e.g., FEMA, 2012 safety analysis, RTM, EQ Tests results, setpoint calcs, SW Tool I
analysis reports, and any incomplete or un-satisfactory response to first RAI. Continue review - hardware and program design and V&V activities 13 December PG&E provides remaining set of Phase 2 documentation per 2012 commitments made in LAR.
14 January Receive answers to second RAI.
2013 Continue review - V&V program, security requirements (RG 1.152, Rev.2) 15 January Audit trip to W/ALS facilities for additional thread audit items; audit Page 1 of 2
Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 2) 2013 hardware and software installation plans, configuration management reports, detailed system and hardware design, completed test procedures, V&V activities, summary test results (including FAT) and incident reports, and application code listings.
15.1 February 2013 Audit trip to Invensys facilities for additional thread audit items; audit hardware and software installation plans, configuration management reports, detailed system and hardware design, completed test procedures, V&V activities, summary test results (including FAT) and incident reports, and application code listings.
15.2 TSD Audit trip to DCPP test facilities for additional thread audit items; audit hardware and software installation plans, configuration management reports, detailed system and hardware design, completed test procedures, V&V activities, summary test results (including FAT) and incident reports, and application code listings.
16 March 2013 Audit reports provided to PG&E and its contractors.
17 June 2013 Presentation to ACRS Subcommittee/Full ACRS Committee on DCPP PPS LAR Safety Evaluation.
18 June 2013 Complete draft technical SER for management review and approval.
19 July 2, 2013 Issue completed draft technical SER to DORL 20 July 2013 Draft SER sent it to PG&E, Invensys, and W/CSI to perform technical review and ensure no proprietary information was included.
21 August 2013 Receive comments from PG&E and its contractors on draft SER proprietary review.
22
-Oct. 2013 Approved License Amendment issued to PG&E 23
-Dec. 2013 Inspection trip to DCPP for PPS SAT and installation test, training and other preparation for new system. To be coordinated with regional visit. Date based on February 2014 Unit 1 Refueling Outage (1R18) of February 2014.
Page 2 of 2
Pacific Gas and Electric Documents Section DI&G-ISG-06 Tier DI&G-ISG-06 Phase 2 Submitted Documents - Diablo Canyon PPS (7-12-12 version) 1 2
3 Document Section Topic PG&E Document Title PG&Eto NRC 2.1 X
X X
Software Safety Analysis (SSA) 0.4.4.2.1 Safety Analysis Activities Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.2 X
X X
V&VReports SW 0.4.4.2.2 Implementation Documentation Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.3 X
X X
As.Manufactured, System Configuration Documentation Plant 0.4.4.2.3 Configuration Data Phase 2 LAR submittal will reference vendor documentation See vendor tranmittal column 2.4 X
X X
Test Design Specification 0.4.4.2.4 Testing Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.5 X
X X
Summary Test Reports (Including FAT) 0.4.4.2.4 Testing Phase 2 LAR submittal will reference vendor documentation See vendor tranmittal column 2.6 X
X X
Summary of Test Results (Including FAT) 0.4.4.2.4 Testing Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.7 X
X X
Requirement Traceability Matrix 0.9.4.2 Requirement Traceability Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.8 X
X FMEA 0.9.4.2.1.1 FMEA Phase 2 LAR submittal references vendor documentation for platforms System Level FMEA performed by PG&E See vendor tranmittal column for platform System level Est. 8/31/2012 2.9 X
X X
System Build Documents 0.4.4.3.5 System Build Documents Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.10 Not Used Not Used Not Used 2.11 X
X
-~
Qualification Test Methodologies 0.5.2 Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 1
Section DI&G-ISG-06 Tier DI&G-ISG-06 Phase 2 Submitted Documents - Diablo Canyon PPS (7-12-12 version) 1 2
3 Document Section Topic PG&E Document Title PG&E to NRC 2.12 X
X Summary of Final Digital EMI, Temp., Humidity, and Seismic Testing Results 0.5.2 EQ Report(s)
Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.13 X
X X
As-Manufactured Logic Diagrams 0.9.4.2.2 (IEEE 603) 0.9.4.4.3 (IEEE 7-4.3.2)
Plant Logic Diagrams Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.14 X
X X
System Response Time Confirmation 0.9.4.2.4 Response Time Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.15 X
X X
Reliability AnalysiS 0.9.4.2.15 Reliability Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 0.10.4.2.15 Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.16 X
X X
Setpoint Calculations 0.9.4.3.8 Setpoints Phase 2 LAR submittal will reference vendor documentation See WEC tranmittal column 2.17 X
X Software Tool Analysis Report 0.10.4.2.3.2 SWToois Phase 2 LAR submittal references vendor documentation See vendor tranmittal column 2.18 X
~eport(s) 0.10.4.2.4.2
---.... -.-~
CGO Phase 2 LAR submittal references 10M documentation
........-.-~
See 10M tranmittal column 2
t Westinah o -
Section DI&G-ISG-06 DI&G-ISG-06 Phase 2 Submitted Documents - Diablo Canyon PPS Tier (7-12-12 version) 1 2
3 Document Section Topic WEC Document Title Transmittal to NRC 2.1 X
X X
Software Safety Analysis D.4.4.2.1 Safety Analysis 6002-00006, ALS Security Plan 7/2/10 ML102160471 (SSA)
Activities Phase 1 Platform Submittal 6002-30282 ALS*302 V&V Summary SW Report, 6002-32182 ALS-321 V&V 2/10/2012 ML120488425 2.2 X
X X
V&V Reports D.4.4.2.2 Implementation Summary Report 616/2012 ML12170A837 Documentation 6116-00500, Diablo Canyon PPS W Summary Report As-Manufactured, System Plant 6116-00400, Diablo Canyon PPS CM 2.3 X
X X
D.4.4.2.3 Configuration Est. 1213112012 Configuration Documentation Data Summary Report 6116-00005, DCPP PPS System Test Plan, 9/28/2011 ML11277A153 2.4 X
X X
Test Design Specification D.4.4.2.4 Testing 6116-70140, Diablo Canyon PPS System 616/2012 ML12170A837 Test Design Specification 2.5 X
X X
Summary Test Reports D.4.4.2.4 Testing 6116-71000, Diablo Canyon PPS System Est. 12/31/2012 (Including FAT)
Test Summary Report 2.6 X
X X
Summary of Test Results D.4.4.2.4 Testing 6116-71000, Diablo Canyon PPS System Est. 12/3112012 (Including FAT)
Test Summary Report 6002-30210, ALS-302 Core A RTM,6002 30211, ALS-302 Core 8 RTM, 6002-32110, and ALS-321 Core A RTM 6002-31110, ALS-311 Core A RTM 2/10/2012 ML120488425 Requirement Traceability Requirement 6002-32111, ALS-321 Core 8 RTM, 6002 3/2512011 ML110900127 2.7 X
X X
D.9.4.2 40210, ALS-402 Core A RTM, 6002-40211, 3/18/2011 ML110810494 Matrix Traceability ALS-402 Core 8 RTM, and 6002-42110, 2/25/2011 ML110600671 ALS-421 RTM 6002-10210, ALS-102 6/6/2012 ML12170A837 CoreA RTM 6116-00059, Revision A, Diablo Canyon PPS Tracabilitv Matrix
-~........-.-
3
Section DI&G-ISG-06 DI&G-ISG-06 Phase 2 Submitted Documents - Diablo Canyon PPS Tier (7-12-12 version) 1 2
3 Document Section Topic WEC Document Title Transmittal to NRC 6002-10212. ALS-102 FPA, FMEA, and Reliability Analsyis, 6002-30212, ALS-302 FPA, FMEA, and Reliability Analsyis, 6002 31112, ALS-311 FPA, FMEA, and Reliability Analsyis, 6002-32112, ALS-321 FPA, FMEA, and Reliability Analsyis, 6002-40212, 2.8 X
X FMEA D.9.4.2.1.1 FMEA ALS-402 FPA, FMEA, and Reliability 2/812011 ML110410380 Analsyis, 6002-42112, ALS-421 FPA, 6/6/2012 ML12170A837 FMEA, and Reliability Analsyis, and 6002 60112, ALS-601 FPA, FMEA, and Reliability Analsyis 6116-00029, Revision 1, Diablo Canyon ALS Reliability Analysis and Failure Mode and Effects Analysis 2.9 X
X X
System Build Documents D.4.4.3.5 System Build 6002-00060, Revision 0, ALS Board 6/6/2012 ML12170A837 Documents Manufacturing Procedures 2.10 Not Used Not Used 6002-00004, ALS EQ Plan EQ-TP-251-PGE, Revision 0, EMC Qualification Test Procedure for the LSM for Qualification Test Diablo Canyon and EQ-TP-253-PGE, 11/1112011 ML11320A047 2.11 X
X Methodologies D.5.2 Environmental Qualification Test Procedure 6/6/2012 ML12170A837 for the LSM for Diablo Canyon 91712012 EQ-TP-252-PGE, Seismic Qualification Test Procedure for the Line Sense Module (LSM) for Diablo Canyon Summary of Final Digital EMI, 6002-00200, ALS EQ Results 2.12 X
X Temp., Humidity, and Seismic D.5.2 EQ Report(s)
EQ-QR-120-PGE, Equipment Qualification
?
Summary Report for the LSM for Diablo Est. 12131/2012 Testing Results Canyon D.9.4.2.2 2.13 X
X X
As-Manufactured Logic (IEEE 603)
Plant Logic PGE-ALS-001, Diablo Canyon Detailed 0911012012 Diagrams D.9.4.4.3 Diagrams Functional Diagrams (IEEE 7-4.3.2) 2.14 X
X X
System Response Time D.9.4.2.4 Response Time 6116-00011, Diablo Canyon PPS ALS 9/28/2011 ML 11277A15 Confirmation System Design Specification, Section 7.5
. L-.. _.~.... _
..... _~..... __.................__ L.......... __.. _._
4
Section DI&G-ISG-06 Tier DI&G-ISG-06 Phase 2 Submitted Documents - Diablo Canyon PPS (7-12-12 version) 1 2
3 Document Section Topic WEe Document Title Transmittal to NRC 2.15 X
X X
Reliability Analysis D.9A.2.15 Reliability 6002-10212. ALS-102 FPA. FMEA. and Reliability Analsyis. 6002-30212. ALS-302 FPA. FMEA. and Reliability Analsyis, 6002 31112. ALS-311 FPA. FMEA. and Reliability Analsyis. 6002-32112. ALS-321 FPA.
FMEA. and Reliability Analsyis. 6002-40212.
ALS-402 FPA. FMEA, and Reliability Analsyis, 6002-42112, ALS-421 FPA.
FMEA, and Reliability Analsyis, and 6002 60112. ALS-601 FPA. FMEA. and Reliability Analsyis 6116-00029, Revision 1. Diablo Canyon ALS Reliability Analysis and Failure Mode and Effects Analysis 218/2011 ML110410380 6/6/2012 ML12170A837 D.10A.2.15 6116-00029. Revision 1. Diablo Canyon ALS Reliability Analysis and Failure Mode and Effects AnalysiS 6/6/2012 ML12170A837 2.16 X
X X
Setpoint Calculations D.9.4.3.8 Setpoints PGE-12-52 P-Attachemnt Westinghouse Input to Diablo Canyon PPS Replacement Uncertainty Calculations Summary LAR Setpoint Summary Report and Selected Calculations 6/6/2012 ML12170A837 Est. 1213112012 2.17 X
X Software Tool Analysis Report D.10A.2.3.2 SWToois 6002-00030. ALS Design Tools 11/1112011 ML11320A047 2.18 X
X Commercial Grade Dedication Report(s)
D.10A.2A.2 CGD N/A N/A 5
o M
o it Section DI&G-ISG-OS Tier DI&G-ISG-OS Phase 2 Submitted Documents - Diablo Canyon PPS (7-12-12 version) 1 2
3 Document Section Topic 10M Document Title Transmittal to NRC 2.1 X
X X
Software Safety Analysis (SSA) 0.4.4.2.1 Safety Analysis Activities 993754-1-915-P, Project Specific Design Phase Software Safety Analysis (includes Hazard, Risk, Interface)
Est. 8/31/2012 Est. 12/2012 2.2 X
X X
V&V Reports 0.4.4.2.2 SW Implementation Documentation Phase reports 99375-1-860, Requirements Phase Summary Report, Design phases as of submittal date Est. 8/3112012 Est. 12/2012 2.3 X
X X
As-Manufactured, System Configuration Documentation 0.4.4.2.3 Plant Configuration Data Printouts and reports from T riStation 1131.
Includes CM reports as of submittal date.
10M will package in submittal format.
Est. 12/3112012 2.4 X
X X
Test Design Specification 0.4.4.2.4 Testing 993754-1-812, Validation Test Specification (Integrated System) 993754-1-868, Software Verification Test Plan (CFB, TSAP wlo hardware)
Est. 8/3112012 Est. 8/31/2012 2.5 X
X X
Summary Test Reports (Including FAT) 0.4.4.2.4 Testing Summarize incident reports, resolution as of submittal date.
Est. 12/3112012 2.S X
X X
Summary of Test Results (Including FAT) 0.4.4.2.4 Testing Summarize test outcome Est. 12/3112012 2.7 X
X X
Requirement Traceability Matrix 0.9.4.2 Requirement Traceability 993754-1-804, Project Traceability Matrix as of submittal date.
Updated every project life cycle phase.
Requirements, Design phases Est. 8/31/2012 Est. 1212012 2.8 X
X FMEA 0.9.4.2.1.1 FMEA 993754-1-811. Project specific platform FMEA (IEEE 352)
Est. 813112012 2.9 X
X X
System Build Documents 0.4.4.3.5 System Build Documents 993754-11-810,993754-12-810,993754-13 810,993754-14-810, Software Design Description Est. 8/31/2012 2.10 Not Used Not Used Not Used I
6
Section DI&G*ISG-06 Tier DI&G*ISG-06 Phase 2 Submitted Documents - Diablo Canyon PPS (7*12-12 version) 1 2
3 Document Section Topic 10M Document Title Transmittal to NRC 2.11 X
X Qualification Test Methodologies 0.5.2 Covered by TR 7286-545*1 Revision 4, Sections 2.2.1 to 2.2.10, Hardware Qualification 1/5/2011 ML110140437 2.12 X
X Summary of Final Digital EMI, Temp., Humidity, and Seismic Testing Results 0.5.2 EQ Report(s)
Covered by TR 7286-545-1 Revision 4, Sections 2.2.2 to 2.2.7, except 3601TN Module Testing results (including EMIIRFI) 1/5/2011 ML110140437 Est.
12/2012 2.13 X
X X
As-Manufactured Logic Diagrams 0.9.4.2.2 (IEEE 603) 0.9.4.4.3 (IEEE 7-4.3.2)
Plant Logic Diagrams Part of System Build Documents, Printouts and reports from TriStation 1131 as of submittal date Est. 8/31/2012 2.14 X
X X
System Response Time Confirmation 0.9.4.2.4 Response Time 993754-1-817, Revision 1, Maximum TSAP Scan Time Confirm application response time (meets 200 ms) during FAT 4/30/2012 ML12131A513 Est. 1212012 2.15 X
X X
Reliability Analysis 0.9.4.2.15 Reliability 993754-1-819, Reliability Analysis Est. 8131/2012 0.10.4.2.15 2.16 X
X X
Setpoint Calculations 0.9.4.3.8 Setpoints Included as part ofWEC setpolnt documents Est. 12/31/2012 2.17 X
X Software Tool Analysis Report 0.10.4.2.3.2 SWToois Covered by Platform TR 7286*545-1 Revision 4, Section 2.1.3.2 No application specific tools required or used 1/512011 ML110140437 2.18 X
X Commercial Grade Dedication Report(s) 0.10.4.2.4.2 CGO Covered by Platform TR 7286-545-1 Revision 4, Section 2.0 1/5/2011 ML110140437 7
Meetin-.9 Notice M 1 L 21 IRA!
Joseph M. Sebrosky, Senior Project Manager Plant licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation WMaier, RIV TWertz, NRR WKemper, NRR/DE/EICB RStattel, NRR/DE/EICB RAlvarado, NRRIDE/EICB SMakor, RIV/DRS/EB2 SAchen, RIV SKennedy, EDO RIV ELee, NSIR DParsons, NSIR 70A034; Meetlng Summary ML12200A127 OFFICE DORULPL4/PM DORULPL4/LA NRR/DE/EICB DORL/LPL4/BC DORULPL4/PM NAME JSebrosky JBurkhardt RStattel MMarkley JSebrosky DATE 7/25/12 7/24/12 8/1112 8/2/12 8/2/12