ML12355A529

From kanterella
Jump to navigation Jump to search
Public Comments and Responses on DG-1206
ML12355A529
Person / Time
Issue date: 07/19/2013
From: Michael Orr, Sturzebecher K
NRC/RES/DE
To:
Orr M
Shared Package
ML12354A524 List:
References
DG-1206 RG-1.169, Rev 1
Download: ML12355A529 (7)
v  d  e


Text

Public Comments and NRC Responses for Draft Regulatory Guide (DG) -1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of Nuclear Power Plants DG-1206 is Revision 1 of Regulatory Guide (RG) 1.169 A Federal Register Notice was published on August 22, 2012 (77 FR 50727) announcing the availability of Draft Regulatory Guide (DG) -1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of Nuclear Power Plants for public comment. DG-1206 is Revision 1 of Regulatory Guide (RG) 1.168 dated September 1997. The following table contains the public comments received and the NRC staff responses.

Comments were received from the following individuals:

1. David Herrell 2. Matt Gibson 3. Mark Burzynski, MPR Associates, Inc. Duke Energy New Clear Day, Inc.

320 King St. Matt.Gibson@Duke-Energy.Com 2036 Marina Cove Dr.

Alexandria, VA 22314 (ADAMS - ML12321A012) Hixson, TX 37343 (ADAMS - ML12346A034) (ADAMS - ML122910783)

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response

1. David DG-1206 With the current emphasis on FPGAs, one would Thank you for your comment. No changes have been Herrell (RG 1.169) have thought that the topic would have at least been made in response to your comment. The information General mentioned in this draft. on software can also be applied to the software of field-programmable gate arrays (FPGAs). For more Incorporate sufficient guidance on software lifecycle direct information on FPGAs see NUREG/CR-7006, techniques to support FPGA VHDL code Guidelines for Field-Programmable Gate Arrays in development.

Nuclear Power Plant Safety Systems (ADAMS Accession No. ML100880142)

1. David DG-1206 This regulatory guide clearly defines the roles and Thank you for your comment. No changes have been Herrell (RG 1.169) responsibilities of licensees, applicants, and NRC made in response to your comment. The NRC is General staff for software processes. However, this responsible for regulating commercial nuclear power reviewer's experience shows that most, if not almost plants and other uses of nuclear material, such as in all, safety software is not written by licensees or nuclear medicine, through its licensing, inspection applicants. Rather, safety software and safety systems Page 1

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response are designed and developed by various vendors. This and enforcement of its regulations and requirements.

regulatory guide does not define how software and The NRC issues regulatory guidance documents, system vendors are to apply the regulatory guidance.

such as regulatory guides, standard review plans, and This regulatory guide does not define which version the NRC's Inspection Manual to aid licensees in of the regulatory guide is to be applied by a software meeting the agencys safety requirements.

vendor, or the requirements for software vendors to maintain their programs current with regulatory The NRC has no authority to regulate or direct the guidance, which seems to be the NRC requirement, activities of software developers or software system based on topical report submittals. vendors. The NRC promulgates its regulatory guidance documents to the NRCs licensees and Consistently define the application of RGs 1.168 applicants and it is the responsibility of the licensee through 1.173 for software and system vendors, and applicant to define software and software system throughout all sections of each of the regulatory requirements to their vendors as needed to guides. Define the expectations for use of current demonstrate compliance with the NRC regulations.

regulatory guides, since software and system vendors do not have the capability to commit to a given version of the regulatory guides and industry standards in a license. Define the expectations for use of current or older regulatory guides in topical report submissions, or point to other NRC documents that define these requirements.

1. David DG-1206 Page 1, last paragraph in the body of the text, 14th Thank you for your comment. We agree that Herrell (RG 1.169) line - The structure of the sentence is awkward and sentence structure was awkward and it was revised to Section A difficult to read. read as follows:

Replace the wording all activities, such as In particular, besides the SSCs that directly prevent designing, purchasing, installing, testing, operating, or mitigate the consequences of postulated accidents, maintaining, or modifying, that affect the safety- the criteria of Appendix B also apply to all activities related functions of such structures, systems, and that affect the safety-related functions of such SSCs, components with all activities that affect the including activities such as designing, purchasing, safety-related functions of such structures, systems, installing, reviewing, testing, operating, maintaining, and components, including such activities as design, and modifying.

Page 2

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response purchase, installation, review, test, operation, maintenance, and modification.

1. David DG-1206 Page 1, last paragraph in the body of the text, 17th Thank you for your comment. The commenter is Herrell (RG 1.169) line - The phrase design changes shall be subject to correct, it is not the intent of this guidance to require Section A design control measures commensurate with those the application of the same software V&V process applied to the original design generates problems used for the analog system. The intent of this when updating from analog to digital systems, or guidance is to inform the user that new software must updating an older digital system to a newer digital undergo V&V processes that are, at a minimum, system. Please provide clarification that current equivalent to or commensurate with the design practices need to be used for current programs. This control measures applied to the original design.

paragraph appears to require application of the analog The specific language identified by the commenter is or primitive software processes used in the last part a direct quote from NRC regulations and is provided of the 20th century to current replacement digital to inform the reader that the design control measures systems, or to modification to existing systems. That for software used in safety systems of nuclear power cannot be the intent of this guidance.

plants is required by existing regulations. The sentence has been modified to more clearly identify the quoted text.

1. David DG-1206 Page 2, third paragraph, fourth line - In the paragraph Thank you for your comment. No change has been Herrell (RG 1.169) starting The NRC issues regulatory simplify the made in response to the comment. The existing Section A sentence structure. Replace applicants, however sentence is designed to eliminate the choppy with applicants. However, for consistency with sentence transition issue. See Diana Hackers A other regulatory guides. Writers Reference, Page 112. The use of ;

however, has been revised.

1. David DG-1206 Page 2, third paragraph, next to last line - Please Thank you for your comment. No change has been Herrell (RG 1.169) clarify the version of NUREG-0800 used in reviews. made in response to the comment. The NRC staff Section A After the phrase The NRC staff uses the add the does not identify specific revisions for some guidance phrase latest version of to provide guidance to documents. This type of dynamic referencing is done industry. because different licensees and applicants may have committed to different versions of the guidance Page 3

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response documents and it would be inappropriate to always use the latest version of the guidance document for reviews when different applicants and licensees may have committed to alternate versions.

1. David DG-1206 Page 3, third paragraph, second sentence - In the Thank you for your comment. The term Criterions Herrell (RG 1.169) paragraph beginning Several criteria in Appendix was revised to criteria.

Section B B the word Criterions is used. The plural form of criterion is criteria. While criterions shows up in several informal dictionaries, it should not be used in formal writing. Suggest rephrasing the start of the second sentence to either The listed criteria are only part or Each criterion listed below is only part to use correct grammar.

2. Matt Gibson DG-1206 Item 'k' in the list for documentation: commercial Thank you for your comment. As a result of your (RG 1.169) software items that are safety system software. The comment Item k was deleted.

Page 8, first paragraph identifies all software deliverables of Section C.6. safety systems are to be identified and controlled as configuration items. Item 'a' states requirements, designs, and code. There is no distinction about the type of code (source, object, executable), therefore the presumption is that all code which has already been stated in the first paragraph. Item 'k' seems to imply that there is something possibly different in "commercial software items" than what has already been explicitly defined by the first paragraph and Item 'a'. There is no definition provided as to what could possibly be "commercial software" that is not already included. Recommend this item be eliminated or clarification should be given.

Page 4

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response

1. David DG-1206 Page 8, Staff Regulatory Position 7, first paragraph, Thank you for your comment. The sentence was Herrell (RG 1.169) second line - The second line inappropriately revised to remove the term contractually.

Section C.7 eliminates any software developed by a vendor under a Research and Development (R&D) program from these regulatory requirements. Delete the word contractually which will restore software developed by any vendor for safety related use back into the regulatory requirements.

1. David DG-1206 Page 8, Staff Regulatory Position 7, second Thank you for your comment. In response to the Herrell (RG 1.169) paragraph, lines 6 While the comment made is comment. The paragraph has been revised to indicate Section C.7 correct (EPRI TR-106439 has never been endorsed that the NRC issued a saferty evaluation report on by a regulatory guide), the technical report has been July 17, 1997 that endorses EPRI TR-106439.

endorsed through an NRC SER. Include a statement in the RG text that EPRI TR-106439 has been endorsed by the NRC through a Safety Evaluation Report, dated 17 July 1997.

1. David DG-1206 Page 9, Staff Regulatory Position 8, first paragraph, Thank you for your comment. No changes have been Herrell (RG 1.169) lines 2 Redundant information is provided in this made in response to the comment. The IEEE title Section C.8 sentence. Delete the phrase issued 2003 from the may use the year as part of the number for the sentence, as the phrase is redundant to the reference standard, however that doesnt mean that it is to the IEEE Std. in the same sentence, which also improper to state the year issued as part of the includes the issue date with the standard number. citation.
2. Matt Gibson DG-1206 The "Downward Adaptation" in IEEE Std. 828-2005 Thank you for your comment. No changes have been (RG 1.169) allows for the omission of standard requirements made as a result of the comment. The project Page 9 where they do not apply to a project. An example assumptions as described in Section 3.1 of IEEE Std.

Section C.9 standard requirement within IEEE 828-2005 is 828-2005 could be the degree of customer Section 3.1 where the scope of the SCM is defined. participation or the availability of automated aids Item 'f)' lists "Limitations, such as time constraints, during the software development plan. These factors which apply to the Plan." Item 'g)' lists "Assumptions are again outlined in IEEE Std. 1074- 2006, Annex, Page 5

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response that might have an impact on the cost, schedule or A., Section1.3.1.2. where the software feasibility is ability to perform SCM activities (e.g., assumptions analyzed and identified within a release management of the degree of customer participation in the SCM plan and required as a plan configuration activities or the availability of automated aids)." management activity.

These standard requirements may very well not apply Thus RG 1.169, regulatory position #9, takes an to the safety system software under configuration exception to Clause 4.2 in IEEE Std. 828-2005, control. If the Reg. Guide does not allow omission of which provides omission when deemed not standard requirements such as this when they do not applicable. The software configuration plan must apply, how is the user of the reg. guide capable of identify the corrective action for software conditions meeting it?

adverse to quality, and as per Criterion XVI, such Recommend clarification on what specifically are the failures, malfunctions, and deficiencies, be identified standard requirements of concern that should not be and that the cause be determined, the condition be omitted from a safety system software instead of a corrected, and the entire process be documented.

carte blanche nothing can be omitted.

1. David DG-1206 Page 9 Staff Regulatory Position 10, only paragraph, Thank you for your comment. No changes have been Herrell (RG 1.169) lines 3 The phrase commensurate with those made as a result of the comment. The original design Page 9 applied to the original design is problematic. This of a software system is to perform a function such as Section C.10 phrase generates problems when updating from turning a pump on or off. Whether that function is analog to digital systems, or updating an older digital controlled by a mechanical device such as a system to a newer digital system. mechanical float arm and switch or an analog or digital computer system, the function and hence the original design, remains the same.
1. David DG-1206 Page 9 Staff Regulatory Position 11, only paragraph, Thank you for your comment. No changes have been Herrell (RG 1.169) next to last line - The phrase activities authorized made as a result of the comment. As stated in the Page 9 by the operating license restricts the application introduction of this regulatory guide, this guidance Section C.11 of this guidance to applicants and licensees, document describes a method that the staff of the eliminating vendors from this guidance. It is also not NRC considers acceptable for use in demonstrating clear whether this guidance applies in the period compliance with the NRCs regulations dealing with before, or after, an operating license exists. Please configuration management plans for digital computer Page 6

Comments on DG-1206, Configuration Management Plans for Digital Computer Software used in Safety Systems of NPPs DG-1206 is Rev. 1 of RG 1.169 Originator Draft Guide Comment NRC Response reword this statement for appropriate coverage of this software used in the safety systems of nuclear power standard to vendors, and to licensees and applicants plants.

who do not have an operating license.

Every commercial nuclear power plant in the country must be licensed by the NRC and must operate in accordance with the terms and conditions of the license. Thus the phrase activities authorized by the operating license is correct.

3. Mark DG-1206 DG-1206 Section D states: No. - The statement in Section D reads as follows:

Burzynski (RG 1.169) Licensees may use the information The use of Licensees may use the information in this regulatory Section D. the word may indicates that compliance with the guide for actions which do not require NRC review guidance is optional for activities that require NRC and approval such as changes to a facility design review and approval as well as for activities that do under 10 CFR 50.59. Licensees may use the not require NRC review and approval.

information in this regulatory guide or applicable parts to resolve regulatory or inspection issues. As stated in Section A of this regulatory guide, regulatory guides are not substitutes for Does the first sentence of imply that this regulatory regulations and compliance with them is not guide is not for actions which do require NRC review required.

and approval?

1. David DG-1206 The current note 6 states that this report must be Thank you for your comment. No changes have been Herrell (RG 1.169) purchased. Since this report is older and since the made as a result of the comment. The footnote states References report did have a NRC SER issued, this report is that copies of the referenced documents may be freely available from the EPRI web site, at purchased The word may indicates one option www.EPRI.com. Please update the note to state that available to the reader. It is not a mandatory a PDF electronic version is freely available from statement and the reader is free to pursue alternative EPRI, but that printed copies still require purchase, to methods of obtaining the referenced documents.

be consistent with DG-1267.

Page 7

Retrieved from "https://kanterella.com/w/index.php?title=ML12355A529&oldid=2089578"