ML13004A471

From kanterella
Jump to navigation Jump to search
993754-1-801, Rev. 1, Pacific Gas & Electric Co Nuclear Safety-Related Process Protection System Replacement Diablo Canyon Power Plant, Software Quality Assurance Plan.
ML13004A471
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 03/14/2012
From: Dwire S
Invensys Operations Management
To:
Office of Nuclear Reactor Regulation
Shared Package
ML130040687 List:
References
993754-1-801(NP), Rev 1
Download: ML13004A471 (22)
v  d  e


Text

Attachments 8-13 to the Enclosure contain Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure Attachment 4 PG&E Letter DCL-1 2-120 Invensys Operations Management Document "993754-1-801, Revision 1, Process Protection System Replacement Diablo Canyon Power Plant Software Quality Assurance Plan (SQAP)"

(Non-Proprietary)

Attachments 8-13 to the Enclosure contain Proprietary Information When separated from Attachments 8-13 to the Enclosure, this document is decontrolled.

i1n v e. n S*.ý-. So TM inve, ns'.i s" Operations Management Triconex Project: PG&E PROCESS PROTECTION SYSTEM REPLACEMENT Purchase Order No.: 3500897372 Project Sales Order: 993754 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT SOFTWARE QUALITY ASSURANCE PLAN (SQAP)

Document No. 993754-1-801 (-NP)

Revision 1 March 14, 2012 Non -Proprietary copy per 10CFR2390

- Areas of Invensys Operations Mangement proprietary information, marked as [P], have been redacted based on 10CFR2.390(aX4).

Name Signatur/ A Title Author: S. Dwire Project QA Engineer Reviewers: H. Nguyen j j ~ I I IV&V Engineer Approvals: H. Rice Quality Manager - Nuclear R.

S___Shaffer / .1 Projject Manager

Orn vae. n sM.anm sn in V e. n s'. s" Operations Management Triconex Document: I 993754-1-801

Title:

Software Quality Assurance Plan Revision: 1 Page: 2 of 2l Date: 03/14/12 Document Chane History Revision Date Change Author 0 08/17/11 Initial Issue. S. Dwire 1 03/14/12 -Updated for reward of Phase 2 contract S. Dwire

-Removed original proposal as design input

-Incorporate DRCS comments

n" V" e.

  • n "TM s" .ý s" i n. V'e. n s'.ý= S" Operations Management Triconex Document: I 993754-1-801 I

Title:

I Software Quality Assurance flan Revision: I Page: 3 of 21 1 Date: 03/14/12 TABLE OF CONTENTS List of Tables ...................................................................................................... 5

1. PURPOSE AND SCO PE .......................................................................... 6
1. PURPO SE AND SCOPE ........................................................................... 6 1.I .Purpose ...................................................................................... .......................................................................... 6 1.2. Scope .................................................................................................................................................................. 6 1.2.1 Embedded Software .......................................................................................................................................... 6 1.2.2 Software T ools .................................................................................................................................................. 7
2. REFERENCES ............................................................................................ 7
2. 1. Referene Dcuments ......................................................................................................................................... 7 2.2.Reference Work Process ...................................................................................................................................... 8 2.2.1 TSAP Work Process ............................................................................................................................... 8 2.2.2 V&V Work Process ................................................................................................................................ 9
3. SOFTW ARE M ANAGEM ENT ................................................................ 9
3. 1. Software Team Organization .............................................................................................................................. 9 3.2. Software Tasks ................................................................................................................................................. 9 3.3. Project Responsibilities Table .............................................................................................. .......................... 10 3.4. Software Development .................................................................................................................................... 10
4. DOCUM ENTATION ............................................................................... 10 4.1. Minimum Documentation Requirements ............................................. 10 4.1.1 Software Requirements Specification (SRS) ..................................... 11 4.1.2 Software Design Description (SDD) ........................................... 11 4.1.3 Software Verification and Validation Plan (SVVP) ....................................... 11 4.1.4 Software Verification and Validation Reports ............. ............................................................... 11 4.1.5 User Documentation ..................................................................... ................................................ 12 4.1.6 Software Configuration Management Plan (SCMP) ...................................................................... 12 4.1.7 Project Management Plan (PMP) ............................................. 12 4.1.8 Test Plans ................................................................................-- . ............................................... 12 4.1.9 Test Specifications .................................................... ..................................................... 12 4.1.10 Project Traceability Matrix (PTM) ........................................... 12
5. STANDARDS, PRACTICES, CONVENTIONS, ANI) METRICS ........ 13 5.1. Content T able ................................................................................................................................................... 13 5.2 . M etrics .................................................................................................. .......................................................... 13 5.2.1 P rocess M etrics ............................................................................................................................................... 13 5.2.2 P roduct M etrics ............................................................................................................................................... 14 5.2.3 Q uality M etrics ............................................................................................................................................... 14
6. REVIEW S AND AUDITS ........................................................................ 14 6.1. M inimum Requirem ents ........................................................... ................................................................... 14 6.1.1 Software Requirements Evaluation (SRE) ...................................................................................... 14 6.1.2 Preliminary Design Review (PDR) .................................................................................................. 15 6.1.3 Critical Design Review (CDR) ...................................................................................................... 15 6.1.4 Software Verification and Validation Plan Review (SVVP Review) .............................................. 15

i n v'.fn s.Y se. n s"y Operations Management Triconex Document: I 993754-1-801 I

Title:

I Software Quality Assurance Plan Revision: 1 Page: 4 of 21 Date: 03/14/12 6.1.5 Functional A udits ................................................................................................................................. 15 6.1.6 Physical Audit ...................................................................................................................................... 16 6.1.7 M anagerial R eviews ............................................................................................................................. 16 6.1.8 Software Configuration Management Plan Review (SCMP Review) ........................................... 16 6.1.9 Post Mortem R eview ........................................................................................................................... 16 6.2. IEEE 10 12-1998 SIL4 Required Reviews ................................................................................................. 16 6.2.1 Code R eview ....................................................................................................................................... 16 6.2.2 V&V Test Plan Verifications ........................................................................................................ 16 6.2.3 V&V Test Specification Verifications............................................................................................ 17 6.2.4 V&V Test Case Verifications ......................................................................................................... 17 6.2.5 V&V Test Procedure Verifications ................................................................................................. 17 6.2.6 V&V Test Report Verifications ........................................................................................................ 17 6.2.7 Safety A nalysis ..................................................................................................................................... 17 6.2.8 Traceability Analysis ............................................................................................................................ 17 6.2.9 Baseline Change Assessment ......................................................................................................... 17 6.3. Reliability and Availability Analysis ........................................................................................................ 17.

7. TEST ............................................... 18
8. PROBLEM REPORTING AND CORRECTIVE ACTION ............... 18
9. TOOLS, TECHNIQUES, AND METHODOLOGIES ............ 19
10. CODE CONTROL ..................................... 20
11. M EDIA CONTROL ................................................................................. 20
12. SUPPLIER CONTROL .......................................................................... 20
13. RECORDS COLLECTION, MAINTENANCE AND RETENTION ..... 21
14. TRAINING ................................................................................................ 21
15. RISK M ANAGEM ENT .......................................................................... 21

in v* e. n s-.!: s- i n V e. n s'.w s" Operations Management Triconex Document: I 993754-1-801

Title:

S oftware Quality Assurance Plan Revision: II Page: 5 of21I Date: I 03/14/12 List of Tables Table 1. Content Table ........................................................................................................................................ 13

in v'e. n s'. sn Operations Management Triconex Document: I 993754-1-801 I

Title:

I Software Quality Assurance Plan Revision: I Page: 6 of 21 Date: 03/14/12

1. PURPOSE AND SCOPE 1.1. Purpose This Software Quality Assurance Plan (SQAP) defines the activities to be followed in the design, development, review, and testing for the Pacific Gas and Electric Company's Plant Protection System Upgrade in accordance with Purchase Order #3500897372 [Reference 2.1.1] and Master Service Agreement #4600018177 [Reference 2.1.2]. Additional scope added to this document for all phases of the upgrade project assumes contract award of sequential phases.

This SQAP is written using the guidance of IEEE 730.1-1995 [Reference 2.1.14], Branch Technical Position 7-14 [Reference 2.1.23] and NUREG/CR-6101 [Reference 2.1.32].

1.2. Scope There are four types of software involved in this project:

1) TriStation Application Program (TSAP) Software
2) Embedded Software (i.e., operating system software, communication software, and firmware)
3) Software Development Tools
4) Software Verification and Validation (V&V) Tools The activities outlined in this SQAP apply specifically to the design, development, implementation and testing of the TSAP. Subsections 1.2.1 and 1.2.2 of this plan describe the required controls for embedded software, software development tools and software V&V tools.

The TSAP is the highest-level program organization unit within a project; it is an assembly of functions and function blocks that provide the logic for the commands executed by the Tricon.

Embedded software is present on various Tricon System modules; this software is used for internal diagnostics or other innate functions of the Tricon System. Refer to section 1.2.1 for the scope of embedded software for this project.

Invensys shall perform TSAP development and V&V activities as Safety-Related (Class 1E).

Class IE is as defined in IEEE 603-1991 [Reference 2.1.12].

Cross-references to other documents that contain IEEE 730-1998 required information are provided as permitted in Section 3 of IEEE 730-1998. Cross-references may refer to documents provided to PG&E, or to documents maintained internally at Invensys. In the latter case, the documents shall be made available to PG&E during QA audits.

1.2.1 Embedded Software The TRICON System's embedded software is under configuration control by Invensys; its development life cycle is outside the scope of this project. Once a TRICON device is received, the device's software configuration information (software version, revision, and maintenance number) from the supplied Certificate of Conformance will be entered into configuration

n v'e. ni s'.. s- i n V. 'e. n s-",*s "

o T.*

Operations Management Triconex Document: I993754-1-80 1

Title:

Software Quality Assurance Plan Revision: 1 Page: 7 of 2l Date: 03/14/12 management. The TRICON System and TRICON operating system have been qualified for use in safety-related systems and are listed on Invensys-Triconex Document No. 9100150-001, Tricon VI ONuclear QualifiedEquipment List (Tricon v] O NQEL) [Reference 2.1.27]. The current processes and procedures for their development were audited by the NRC, and were shown to comply with 10 CFR Part 50, Appendix B [Reference 2.1.5], and 10 CFR Part 21

[Reference 2.1.4].

1.2.2 Software Tools The TriStation 1131 Developers Workbench (TS 1131) is used to develop, configure, test, debug, and document the TSAP. The TS 1131 software and associated libraries were qualified for use in safety-related applications by Invensys. The TS 1131 is under developmental control by Invensys and it's software life cycle is outside the scope of this project. The TS1 131 (and other software development tools if used) will have its software configuration information placed into configuration control in accordance with the project Software Configuration Management Plan, 993754-1-909. Section 9 of this plan describes requirements for the use of software development tools.

The TS 1131 Emulator and the Emulator Test Driver may be used to component test the TSAP structured text code and/or custom function block diagrams. All software V&V tools used in the project will be placed into configuration control in accordance with the project Software Configuration Management Plan, 993754-1-909. Section 9 of this plan described requirements for the use of software verification tools.

2. REFERENCES 2.1. Reference Documents 2.1.1. PG&E Purchase Order # 3500897372 2.1.2. Master Service Agreement # 4600018177 2.1.3. Invensys Proposal PPS Upgrade # TPC061009291 dated September 27, 2010 2.1.4. 10 CFR Part 2 1, Reporting of Defects andNonconformance 2.1.5. 10 CFR Part 50 Appendix B, Quality Assurance Criteriafor NuclearPower Plants and Fuel ReprocessingPlants 2.1.6. US NRC RG-1.168, Verification, Validation, Reviews, andAuditafor DigitalComputer Software Used in Safety Systems of Nuclear Power Plants 2.1.7. US NRC RG-1.169, ConfigurationManagementPlansfor DigitalComputer Software Used in Safety Systems of Nuclear Power Plants 2.1.8. US NRC RG-l. 170, Software Test Documentationfor Digital Computer Software Used in Safety Systems of Nuclear PowerPlants 2.1.9. US NRC RG-1. 172, Software Requirements Specificationsfor DigitalComputer Software Used in Safety Systems of NuclearPower Plants

nv e. n s'.s s" T.* inQVe. n s'.w s" Operations Management Triconex Document: I 993754-1-801 - -J

Title:

I Software Quality Assurance Plan Revision: 1 Page: 8 of 21 1 Date: T 03/14/12 2.1.10. ASME NQA-1-1994 Subpart 2.7, Quality Assurance Requirementsfor Computer Softwarefor NuclearFacilityApplications (ASME NQA-1 a- 1995 addenda) 2.1.11. IEEE 577-2004, IEEE Standardfor ReliabilityAnalysis 2.1.12. IEEE 603-1991, Criteriafor Safety Systems for NuclearPower GeneratingStations 2.1.13. IEEE 730-1998, Standardfor Software QualityAssurancePlans 2.1.14. IEEE 730.1-1995, Guidefor Software Quality Assurance Planning 2.1.15. IEEE 828-1998, Standardfor Software ConfigurationManagement Plans 2.1.16. IEEE 829-1998, Standardfor Software Test Documentation 2.1.17. IEEE 830-1998, Guide to Software Requirements Specifications 2.1.18. IEEE 1008-1987, Standardfor Software Unit Testing 2.1.19. IEEE 1012-1998, Standardfor Software Verification and Validation 2.1.20. IEEE 1016-1998, Recommended Practicefor Software Design Descriptions 2.1.21. IEEE 1028-1997, Standardfor Software Reviews 2.1.22. IEEE 1042-1987, Guide to Software ConfigurationManagement 2.1.23. Branch Technical Position 7-14, Guidance on Software Reviews for Digital Computer-BasedInstrumentationand ControlSystems, Revision 5, U.S. Nuclear Regulatory Commission, dated March 2007 2.1.24. Invensys, Nuclear Quality Assurance Manual (QM-2) 2.1.25. Invensys-Triconex, Nuclear System Integration Program Manuall (NSIPM) 2.1.26. Invensys-Triconex, Quality Project Manual (QPM) 2.1.27. Invensys-Triconex Document No. 9100150-00 1, Tricon VIO Nuclear Qualified Equipment List (Tricon vWO NQEL) 2.1.28. NRC Digital Instrumentation and Controls Interim Staff Guidance 06, DI&C-ISG-06, Revision 1 (ISG 06) 2.1.29. IEEE 7-4.3.2-2003, Standard Criteriafor DigitalComputers in Safety Systems of Nuclear Power GeneratingStations 2.1.30. Invensys-Triconex Document No. 9720068-001, TiStation 1131 Developers Workbench, Getting Started Manual 2.1.31. Invensys-Triconex, Project Procedures Manual (PPM) 2.1.32. NUREG/CR-6 101, Software Reliabilityand Safety in Nuclear Reactor Protection Systems, U.S. Nuclear Regulatory Commission, dated June 11, 1993 2.2. Reference Work Process 2.2.1 TSAP Work Process The TSAP work process is a set of efforts that transform design information/design requirements into software that performs specific control, human interface, and communications functions within a control system. The inputs to this process are design information (e.g. Documents,

n V e.ns s inVe. n". "

Operations Management Triconex D~ocumnent: I 993754-1-801 I T~itle: I Software Quality Assurance Plan Revision: 1 Page: 9 of 21 1 Date: T 03/14/12 Logic Diagrams, and a Functional Requirements Specification, etc.), and relevant regulatory requirements and guidance.

Application engineers will develop application programs to enable a TRICON to manipulate process information using the TS 1131 software development tool and the PPS Replacement Project Coding Guidelines document, 993754-1-907 for guidance. Application development normally involves configuration Function Block Diagrams (FBD) and Ladder Diagrams (LD),

but may also involve the development of source code using Structured Text (ST). FBD and LD programming languages are graphical, with standard software items interconnected and configured with attributes defined by the engineer. ST is a general purpose, high-level programming language, specifically developed for process control applications. ST is particularly useful for complex arithmetic calculations; event based sequential (procedurals) logic implementations, and can be used to implement complicated procedures that are not easily expressed in FBD or LID. ST allows the creation of Boolean and arithmetic expressions as well as structured programming constructs such as conditional statements. The Structured Text editor allows the direct development of programs and functions by writing code.

2.2.2 V&V Work Process The V&V activities for the TSAP are a combination of documentation reviews, code review, and testing. Tasks required shall be specified in the Software Verification and Validation Plan (SVVP), 993754-1-802 following the guidance contained in IEEE 1012 [Reference 2.1.19]

Safety Integrity Level (SIL) 4 requirements.

3. SOFTWARE MANAGEMENT 3.1. Software Team Organization A project team shall be established, based on the resources needed to deliver the completed system in accordance with the contract. The project team's organizational structure shall be outlined in the Project Management Plan (PMP), 993754-1-905.

Any conflicts between organizations that cannot be resolved at the lowest level shall be increasingly escalated through the organization in accordance with the PMP.

3.2. Software Tasks Invensys tasks and their relationships to planned major checkpoints are defined in the Project Schedule. The processes, reviews, and tests to be followed are outlined in the Invensys Nuclear System Integration Program Manual (NSIPM) [Reference 2.1.25] as implemented by the Project Procedures Manual (PPM) [Reference 2.1.31].

The quality assurance processes to be applied to each task are described in this SQAP, the Project Quality Plan (PQP), 993754-1-900, QM-2 [Reference 2.1.24], and in the applicable procedures of the Invensys-Triconex Quality Procedures Manual (QPM) [Reference 2.1.26].

i n v e. n s".>y s" M i n v'e n. s.Y s" Operations Management Triconex Docume~nt: I 993754-1-80 1 jTitle: jSoftware Quality Assurance Plan Revision: 1 Page: 10 of 21 Date: 03/14/12 Tasks covered by this SQAP are:

1) 10 CFR Part 21 [Reference 2.1.4] Training
2) Project Indoctrination Training
3) Reviews and audits of the project activities to verify compliance with project plans and procedures, compliance with customer contract and specifications, and compliance with 10 CFR Part 50, Appendix B [Reference 2.1.5] and 10 CFR Part 21.
4) Inspections, tests, and reviews as required by the Software Verification and Validation Plan (SVVP), 993754-1-802 Project tasks and their relationships are defined in the PQP and PMP. For Application Program Software, the following life cycle phases are applicable to this Project:
1) Requirements
2) Design
3) Implementation
4) Test (Validation)

The quality assurance (QA) requirements applicable to these life cycles phases are described in this SQAP, the SVVP and applicable procedures of the Invensys-Triconex QPM [Reference 2.1.26], and NSIPM [Reference 2.1.25] as implemented by the PPM.

3.3. Project Responsibilities Table Refer to the Project Management Plan (PMP), 993754-1-905, for a detailed explanation of project personnel responsibilities.

3.4. Software Development The Software Designer shall develop the TriStation Application Project (TSAP) using TriStation 1131 software in accordance with the requirements of the NSIPM [Reference 2.1.25] as implemented by PPM 7.0, Application Program Development and Project Instruction 7.0 (PI7.0).

TSAP code will be developed specifically for the PG&E PPS Replacement Project and this program code is subject to full verification and validation (V&V). The TSAP will not utilize previously developed, verified and validated program code from any other projects. Project V&V activities shall be documented in the final V&V report. See SVVP, 993754-1-802.

4. DOCUMENTATION 4.1. Minimum Documentation Requirements The PE shall ensure reviews of supplied design input documents are pertormed, to ensure the documents are complete and adequate as specified in the NSIPM [Reference 2.1.25] as implemented by PPM 2.0, Design Control; PPM 3.0, Drawing Preparation and Control; and PPM 4.0, Project Document and Data Control. Section 6 of this document describes the review of project-generated documentation.

Changes to approved documents shall be controlled in accordance with the NSIPM as implemented by PPM 2.0, Design Control.

n v e. n STs". s" ve.n s-.u s" n\/in Operations Management Triconex I Document: I 993754-1-801 I

Title:

I Software Qualty Assurance Plan Revision: 1 Page: 11 of 21 1 Date: 1 03/14/12 The following is a list of the minimum documentation required for the project.

4.1.1 Software Requirements Specification (SRS)

Using the provided and reviewed design inputs, Invensys shall develop a SRS draft and submit it to the customer for review and approval. The SRS shall be structured to capture all customer software functional requirements. The SRS shall describe each software function and each shall be defined such that its achievement can be verified during the V&V process. Each software safety-critical function shall be clearly identified. The requirements of the SRS are defined in the NSIPM as implemented by PPM 2.04, Software Requirements Specification and Design Description. The SRS shall be prepared using the guidance provided in RG 1.172 [Reference 2.1.8] and IEEE 830-1998 [Reference 2.1.17].

4.1.2 Software Design Description (SDD)

Based on the customer provided design inputs and the approved SRS, Invensys' shall develop a SDD draft and submit it to the customer for review and approval. The SDD shall be structured to satisfy the requirements of the SRS. The SDD shall describe the components and subcomponents of the software design, including databases and internal interfaces. The requirements of the SDD are defined in the NSIPM [Reference 2.1.25] as implemented by PPM 2.04, Software Requirements Specification and Design Description. The SDD shall be prepared using the guidance provided in IEEE 1016-1998 [Reference 2.1.20].

4.1.3 Software Verification and Validation Plan (SVVP)

The Verification and Validation (V&V) Manager or designee shall prepare a Software V&V Plan in accordance with the NSIPM as implemented by PPM 7.0, Application Program Development, and PI 7.0. The SVVP, 993754-1-802, identifies the methods, tools and criteria used to determine the quality of items listed under this SQAP. The requirements for the preparation, review, approval and control of the SVVP are established in the NSIPM. The V&V Plan shall be prepared using the guidance provided in RG-l. 168, Rev. 1 [Reference 2.1.6], IEEE 1028-1997 [Reference 2.1.21], IEEE 829-1998 [Reference 2.1.16] and IEEE 1012-1998,

[Reference 2.1.19].

The SVVP shall also describe the requirements for a Validation Test Plan, 993754-1-813, and a Software Verification Test Plan, 993754-1-868.

4.1.4 Software Verification and Validation Reports The SVVP shall outline the required IEEE 10 12-1998 V&V Reports. The V&V Activity Summary Reports for each life cycle phase shall be developed and issued as required by the SVVP.

n V e.n s .Li s i n. V'e. n s" .!= s" Operations Management Triconex Document: I 993754-1-801 T-itle: I Software Quality Assurance Plan Revision: 1 Page: 12 of 21 Date: 03/14/12 4.1.5 User Documentation Invensys should supply standard installation, operation, programming, and maintenance documentation for the system. Invensys standard user documentation will specify the required data and control inputs, input sequences, options, program limitations and other activities or items necessary for the use of the software. Error messages will be identified and corrective actions described, and a method provided for communicating problems to the correct technical support organization. Installation instructions and operating and maintenance manuals shall be provided to the extent defined in customer specifications.

4.1.6 Software Configuration Management Plan (SCMP)

A Software Configuration Management Plan shall be prepared using the guidance provided in IEEE 828-1998 [Reference 2.1.15] and IEEE 1042-1987 [Reference 2.1.22]. The SCMP is a means through which the integrity and traceability of software are recorded, communicated, and controlled. The SCMP shall require configuration management and control activities to be performed in accordance with the NSIPM [Reference 2.1.25] as implemented by PPM 2.0, Design Control.

4.1.7 Project Management Plan (PMP)

A PMP, 993754-1-905, shall be prepared as specified in the Project Procedures Manual (PPM)

[Reference 2.1.31 ], using guidance from BTP 7-14 [Reference 2.1.23] and NUREG/CR-6101

[Reference 2.1.28].

4.1.8 Test Plans V&V Test Plans shall be created as specified in IEEE 1012-1998 [Reference 2.1.19]. The Test Plans prescribe the scope, approach, resources and schedule of V&V testing activities for the applicable software listed under the SQAP. The requirements for the preparation, review, approval, and control of the Test Plans are established in the NSIPM [Reference 2.1.25] as implemented by PPM 6.0, Test Control; and PPM 7.01, Software Verification. The Test Plans will also be prepared using the guidance provided in the PQP (99354-1-900), PPM, Test Specifications and SVVP, 993754-1-802.

4.1.9 Test Specifications The Test Specifications identify the scope, approach and acceptance criteria of software V&V testing for the applicable software listed under this SQAP. The requirements for the preparation, review, approval, and control of the Test Specifications will also be prepared using the guidance provided in the PQP, SVVP, and ISG 06 [Reference 2.1.28].

4.1.10 Project Traceability Matrix (PTM)

Traceability of all activities and documents is critical to the success of the Project. Traceability will be sufficient to trace design inputs to design outputs and to trace outputs back to inputs. The requirements for the preparation, review, approval and control of the PTM are defined in the PMP, 993754-1-905 and SVVP, 993754-1-802.

n v'e. n s'.y so in v'e.n s'.5 s" Operations Management Triconex Document:- I 993754-1-801

Title:

I Software Quality Assurance Plan Revision: I Page: 13 of 21 1 Date: 1 03/14/12

5. STANDARDS, PRACTICES, CONVENTIONS, AND METRICS This section identifies the standards, practices, conventions and metrics to be used, and quality requirements applied to the project.

5.1. Content Table Table 1, below, identifies the standards and guidelines documents for the PPS Replacement Project.

5.2. Metrics The following metrics shall be analyzed at a minimum, to identify common features and potential changes in procedure or process needed, to prevent recurrence:

w

i n v'e. n TM i n V 'e. ns s s" Operations Management Triconex I Doeuinen~t:I 993754"1"801

Title:

] Software Quality' Assurance PlanI Revision: 1 Page: 14 of 21 1 Date: 1 03/14/12

6. REVIEWS AND AUDITS This section specifies the minimum reviews and audits required during the project.

6.1. Minimum Requirements The SVVP shall define the V&V review and audit activities for the project, and shall identify the tasks required, tools that will be used, the acceptance criteria, and the required documentation for each task. Subsection 4.1.3 of this plan describes the content of the SVVP, 993754-1-802.

Independent Reviewers shall perform technical reviews of software as required by IEEE 10 12-1998 [Reference 2.1.19], Annex C, and "Classical V&V".

Technical reviews/audits will be performed in accordance with the PPM [Reference 2.1.3 1].

These technical reviews/audits will be performed during the work on those software items identified in the SRS. Reviews and audits by QA/IREN&V shall be performed in accordance with the SVVP, PQP, and as directed by the Invensys Triconex QA Manager. Management reviews and audits will be performed per the applicable audit plans and schedules, which are controlled in accordance with the NSIPM [Reference 2.1.25] as implemented by the PPM, to ensure that all required tasks have been completed and appropriately documented.

Scheduling of reviews and audits will be conducted in accordance with the Project Schedule. 1 Quality Assurance activities are required to be on the Project Schedule, where applicable.

n v'e. n s'.y s, TM inv e. ns-.!A s" Operations Management Triconex

[ Documen~t: 993754-1-801

Title:

Software Quality Assurance Plan Revision: 1 Page: 15 of 21 Date: 03/14/12

i n ve. n s" .9 so "TM in. ve.ns s" Operations Management Triconex Docu"men: I 993754-1801

Title:

I Softwae Qualiy Asu'ran°e Plan wL_

Revision: I Page: 16 of 21 1 Date: 1 03/14/12 6.2. IEEE 1012-1998 SILA Required Reviews 6.2.1 Code Review Nuclear Project Delivery personnel shall conduct a code versus design input documentation review during in-process TSAP development. The required documentation shall be specified in the SVVP, 993754-1-802 and implemented via the Software Development Plan, 993754-1-910.

6.2.2 V&V Test Plan Verifications An IRE shall perform a Test Plan Verification using a Design Review Checklist (DRC) to ensure the V&V Test Plan using guidance from IEEE 1012-1998 is compliant. The required documentation shall be specified in the SVVP.

i n v e. n s'.j *

  • s" TM n V7 Ve. n* "*5 Operations Management Triconex Document: I 993754-1-801 I

Title:

I Software Quality Assurance Plan Revision: 1 Page: 17 of 21 Date: 03/14/12 6.2.3 V&V Test Specification Verifications An IRE shall perform a Test Design Verification using a DRC, to ensure the V&V Test Specifications using guidance from IEEE 1012-1998 is compliant. The required documentation shall be specified in the SVVP.

6.2.4 V&V Test Case Verifications An IRE shall perform Test Case Verification using guidance from IEEE 10 12-1998 [Reference 2.1.19]. The required documentation shall be specified in the SVVP.

6.2.5 V&V Test Procedure Verifications An IRE shall perform Test Procedure Verification using a DRC and guidance from IEEE 10 12-1998 to ensure compliance. The required documentation shall be specified in the SVVP.

6.2.6 V&V Test Report Verifications An IRE shall perform V&V Test Report Verifications using the guidance provided in the NSIPM, as implemented by PPM 6.0, Test Control, to ensure the V&V Test Reports are compliant. The required documentation shall be specified in the SVVP.

6.2.7 Safety Analysis Four separate analyses required by IEEE 1012-1998 [Reference 2.1.19] shall be combined into this single document: Criticality, Risk, Hazard and Interface Analyses. An IRE shall perform these analyses using IEEE 1012-1998 [Reference 2.1.19] and NSIPM [Reference 2.1.25], as implemented by PPM 1.0, Application Project Administrative Controls and Project Instruction 1.0, as guidance during the Requirements, Design, Implementation and Test Phases. The required documentation shall be specified in the SVVP, 993754-1-802.

6.2.8 Traceability Analysis An IRE shall perform a Traceability Analysis using a Project Traceability Matrix (PTM) during the Requirements, Design, Implementation and Test Phases. An updated PTM shall document the review.

6.2.9 Baseline Change Assessment A Baseline Change Assessment as required by IEEE 1012-1998 [Reference 2.1.19] shall be performed by an IRE during the Planning, Design, Implementation, and Test Phases. The required documentation shall be specified in the SVVP.

6.3. Reliability and Availability Analysis A Reliability and Availability Analysis as required by IEEE 577-2004 [Reference 2.1.11] shall be performed using the concepts and methods of the Markov Process.

i n v'e. n s'.v s" 1.M i n \/ e.* n s-!: s' Operations Management Triconex Document: I 993754-1-801 I

Title:

I Software Quality Assurance Plan Revision: 1 Page: 18 of 21 Date: 03/14/12

7. TEST The following tests shall be performed on the TSAP:
1) Component
2) Integration
3) System
4) Acceptance Component Testing shall be performed on TS 1131 structured text programs, and/or custom function block diagrams using guidance from IEEE 10 12-1998 [Reference 2.1.19]. IEEE 1008-1987 [Reference 2.1.18] was evaluated for use in the project and it was determined that IEEE 1012-1998 is more restrictive; therefore, there is no benefit in performing software unit testing in accordance with IEEE 1008-1987.

Component testing coverage shall include all functional and performance requirements pertaining to the test item, and shall be validated by test case. Internal structure coverage shall be validated by test case to include invalid inputs, full scope of valid inputs, and defined outputs.

The SVVP, 993754-1-802, shall define all the V&V test activities, specify the V&V tools to use, the required acceptance criteria, and the documentation required for each task. The Test Plan and Test Specification will detail the scope, approach, resources, schedule and acceptance criteria required for Software Verification and Validation testing activities.

V&V of embedded software in hardware devices is outside the scope of the project team, but proper operation of the hardware devices is ensured during Integration and System testing.

Integration and Acceptance testing shall be performed with all applicable 3 id party hardware installed.

Embedded software will primarily be present in the Tricon modules, dedication of approval of this firmware is discussed in the VI0 Tricon Topical Report. The firmware is part of the NRC Safety Evaluation of the V10 Tricon Platform. 3 rd party hardware that has firmware present will be either supplied by the customer or dedicated through an approved process or manufacturer.

The PQAE shall monitor testing activities to assure that tests are conducted using approved test procedures and tools, and that test anomalies and/or non-conformances are identified, documented, addressed, and tracked to closure. QA personnel shall review post-test execution related artifacts, including test reports, test results, nonconformance reports, and updated traceability matrices, to ensure the required documentation is prepared adequately.

Testing shall be performed and documented as specified in the NSIPM [Reference 2.1.25] and PPM 6.0, Test Control [Reference 2.1.31].

8. PROBLEM REPORTING AND CORRECTIVE ACTION Software problems (anomaly) identified during the design, implementation, and test phases shall be documented and resolved in accordance with the NSIPM as implemented by PPM 10.0,

in nVe.ns" s-

  • y Operations Management Triconex Documnent: 9=93754-1-801 I

Title:

I Software Quality Assurance Plan Revision: 1 Page: 19 of 2l 1 Date: 1 03/14/12 Nonconformance & Corrective Action. When unexpected test conditions and/or deviations from procedural requirements are identified, the problem(s) is also documented and dispositioned on an Action Request Report (ARR).

All project personnel are responsible for reporting problems when and where they are found.

9. TOOLS, TECHNIQUES, AND METHODOLOGIES The TriStation 1131 Developer's Workbench software tools will be used in this project. Invensys has validated the TS1131 and associated libraries. In the V9 SER, the NRC staff recognized that TriStation 1131 is a non-safety-related tool used to develop software intended for safety-related applications. Knowing this, the staff found that the TriStation 1131 is acceptable to produce software that is intended for safety-related use in nuclear power plants. The approval is contingent on proper testing of the operational software. The staff also stated in the V9 SER that test plans, procedures, and results are to be reviewed on a plant-specific basis. The Invensys Operations Management PPM that were developed under an approved Appendix B program provide traceability to the SER through a rigorous and well-defined software life cycle. The PPS Replacement Project documents (project plans, design specifications, procedures, and results) will be developed and maintained in accordance with the PPM. L The V&V Manager shall identify any additional tools, techniques and methodologies needed to V&V software developed for the project in the SVVP, 993754-1-802. The V&V Manager shall ensure that all software tools used are verified/validated using IEEE 10 12-1998 SIL-4 criteria, to demonstrate the capability of the software tool to produce valid results.

The Lake Forest facilities shall be used in the development and testing of the software. Further details about the facilities features and physical security can be found in the Project Management Plan, 993754-1-905.

The V&V Manager shall place all software tools used under configuration control as specified in the SCMP.

nnv`e. n s-.ýj s*

    • M i nnv'e. n s'.! s" Operations Management Triconex IDocume~nt: I Revision:

993754-1-801 1

I

Title:

Page:

I Software Quality Assurance Plan 20 of 21 Date: 03/14/12

10. CODE CONTROL Software development is an activity in progress until the TriStation Application Project (TSAP) code is considered fully functional and ready for verification through the issuance of a Software Development Checklist (SDC). The Software Development Plan, 993754-1-906 defines how the software will be developed. No rigorous procedural configuration controls are applied until the SDC is issued.

Configuration controls are designed into the process from inception throughout the software life cycles. The Invensys TriStation 1131 Developer's Workbench tool creates a TSAP file that is under password and revision level control. The TS 1131 tool increments the revision level each time an activity is compiled and adds an associated comments field. This information is retained in the project file. Access to the TSAP file is password protected and only the TS 1131 tool can be used to modify the software.

When the TSAP is ready for V&V, the code will be placed under the software configuration control process described in the NSIPM [Reference 2.1.25] and SCMP, 993754-1-909. This will occur near the end of the implementation phase and continue until the software is prepared for turnover to the customer. Turnover is controlled in accordance with customer requirements.

Physical control of code is described in the NSIPM as implemented by PPM 7.0, Application Program Development and PI 7.0.

11. MEDIA CONTROL The software designer will keep the PM/PE informed of the TriStation Application Project (TSAP) location, TSAP filename and associated password(s) as required by the SCMP, 993754-1-909.

The original code, or a copy thereof, will be maintained on a server accessible to management.

Backup provisions will be provided in accordance with local protocols. Alternatively, a copy may be retained on CD-ROM at a location known to the PM/PE. As long as the fundamental requirement of having a back up copy, which is retrievable by management, is maintained. If control of the program code is transferred, for testing or otherwise, then it must be maintained independently and be retrievable by Project Management. Any server used for storage of original code will have access control protocols and permissions enabled.

After the software code has been validated and, subsequently approved by the customer, it will be backed up onto a CD-ROM and labeled with the program (project) name and revision level, or otherwise controlled in accordance with customer requirements.

12. SUPPLIER CONTROL Sub-suppliers and Subcontractors used in the project shall be managed in accordance with the NSIPM [Reference 2.1.25], and the QPM [Reference 2.1.26].

ino v'e. n se. s- T ,M in V e." n* s " s

.ý= "

Operations Management Triconex Document: 993754-1-801 I

Title:

Software Quality Assurance Plan Revision: I Page: 21 of 21 Date: 03/14/12 Processing and controlling purchase requisitions and purchase orders, the bidding and awarding of supplier contracts, and revisions to procurement documents for material and services, shall be performed in accordance with the NSIPM as implemented by PPM 5.0, Materials & Service.

Applicable customer specified regulatory and contract requirements shaJlI be passed down to sub-suppliers, and subcontractors in accordance with the NSIPM.

13. RECORDS COLLECTION, MAINTENANCE AND RETENTION All Project records will be collected, stored, maintained and retained in accordance with the NSIPM as implemented by PPM 4.0, Project Document & Data Control.
14. TRAINING Project personnel shall be trained and qualified in accordance with the Project Management Plan, 993754-1-905, and NSIPM as implemented by PPM 9.0, Personnel Training & Qualification.

Training will be provided to customer personnel as per their requirements.

15. RISK MANAGEMENT Risks are managed in accordance with the Project Management Plan, 993754-1-905. The Project Management Plan shall include all technical and project risks.

The PM and PE will evaluate all identified risks and determine the methods to be used in eliminating and/or mitigating their consequences.

Retrieved from "https://kanterella.com/w/index.php?title=ML13004A471&oldid=2458673"