ML13029A667

From kanterella
Jump to navigation Jump to search

Audit Plan for 2/11-14/13, Regulatory Audit at the CS Innovations/Westinghouse Facility in Scottsdale, Az, to Support Digital Replacement of Process Protection System License Amendment Request (TAC Nos. ME7522-ME7523)
ML13029A667
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 02/01/2013
From: Joseph Sebrosky
Plant Licensing Branch IV
To: Halpin E
Pacific Gas & Electric Co
Sebrosky J
References
TAC ME7522, TAC ME7523
Download: ML13029A667 (10)


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 February 1, 2013 Mr. Edward D. Halpin Senior Vice President and Chief Nuclear Officer Pacific Gas and Electric Company Diablo Canyon Power Plant P.O. Box 56, Mail Code 104/6 Avila Beach, CA 93424

SUBJECT:

DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 - REGULATORY AUDIT PLAN FOR FEBRUARY 11-14, 2013, AUDIT AT THE CS INNOVATIONSI WESTINGHOUSE FACILITY IN SCOTTSDALE, ARIZONIA, TO SUPPORT REVIEW OF DIGITAL INSTRUMENTATION AND CONTROL LICENSE AMENDMENT REQUEST (TAC NOS. ME7522 AND ME7523)

Dear Mr. Halpin:

By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2, September 11, November 27 and December 5, 2012 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094, ML12256A308, ML13004A468, and ML12342A149, respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staffs approval of an amendment for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.

To support its safety evaluation, the NRC Instrumentation and Controls Branch will conduct an audit at the CS InnovationslWestinghouse facility in Scottsdale, Arizona, during the week of February 11-14, 2013. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS for use at DCPP which will meet regulatory requirements. This audit will provide information necessary to complete the staffs evaluation of the proposed Advanced Logic System portion of the DCPP PPS. Enclosed is the plan to support this audit.

E. Halpin

- 2 If you have any questions, please contact me at 301-415-1132 or via e-mail at joseph.sebrosky@nrc.gov.

J se M. Sebrosk, Senior Proj ct lant Licensing Branch IV ivision of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosure:

As stated cc w/encl: Distribution via Listserv

NRC INSTRUMENTATION AND CONTROL BRANCH DIABLO CANYON POWER PLANT. UNIT NOS. 1 AND 2 DIGITAL PROCESS PROTECTION SYSTEM REGULATORY AUDIT PLAN FEBRUARY 11-14. 2013 CS INNOVATIONSIWESTINGHOUSE FACILITY IN SCOTTSDALE. ARIZONA BACKGROUND By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2, September 11, November 27 and December 5, 2012 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094, ML12256A308, ML13004A468, and ML12342A149, respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request (LAR) would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP. The LAR requested NRC review and approval of the proposed design.

REGULATORY AUDIT BASIS To support its safety evaluation, the NRC Instrumentation and Controls Branch (EICB) will conduct an audit at the CS Innovations (CSI)lWestinghouse facility in Scottsdale, Arizona. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS system for use at DCPP which will meet regulatory requirements.

This audit will provide information necessary to complete the NRC staffs evaluation of the proposed Westinghouse Advanced Logic System (ALS) portion of the DCPP PPS.

REGULATORY AUDIT SCOPE The objective of this audit is to verify via an independent evaluation, that the ALS logic platform to be used at DCPP for the PPS system conforms to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process. A review of activities associated with the licensee's cyber security plan will also be conducted.

The audit team will conduct an assessment of the development environment for ALS portion of the DCPP PPS system. The team will evaluate this environment against the criteria provided in NRC Regulatory Guide (RG) 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants," July 2011 (ADAMS Accession No. ML102870022), for the life cycle development phases that are complete and in progress.

Enclosure

- 2 The Westinghouse ALS platform is currently being evaluated by NRC for referencing in LARs.

The ALS platform safety evaluation is expected to be completed prior to the installation of the PPS system at DCPP.

AUDIT REQUIREMENTS ALS Logic Verification and Validation - Verify that the DCPP PPS application logic verification and validation (V&V) program meets the requirements of Institute of Electrical and Electronics Engineers (IEEE) Standard IEEE-1012, "Standard for Software Verification and Validation," and that the V&V program is implemented in a manner which reliably verifies and validates the design outputs of each stage of the design process.

Configuration Management - Verify that the configuration management system has the appropriate hardware and software tools under configuration management. and that the configuration management system is effectively controlling these items.

Quality Assurance - Verify that the Quality Assurance (QA) program used for ALS logic implementation is effective in controlling the development process to assure quality of the DCPP PPS application.

System Safety - Verify that the ALS system safety plans and the plans and procedures used during the safety analysis activities of the DCPP PPS were adequate to determine that the logic implementation is safe to be used in a safety-related application.

Secure Development Environment - Verify that the development environment established for the DCPP PPS system development effort conforms to the requirements of RG 1.152, Revision 3.

Cyber Security - Review of activities associated with addressing system and services acquisition controls as set forth in the licensee's NRC-approved Cyber Security Plan, and in accordance with Section 73.54, "Protection of digital computer and communication systems and networks," of Title 10 of the Code of Federal Regulations (10 CFR), will be conducted.

INFORMATION NECESSARY FOR THE REGULATORY AUDIT The following documentation and supporting materials will be required for performance of this audit. Hard copies of these documents shall be available for review to the audit team upon arrival at the CSllWestinghouse facilities.

Configuration diagrams for the ALS portion of the DCPP PPS system.

PPS architecture drawings as required to demonstrate required functionality.

- 3 Documentation associated with the how CSllWestinghouse addressed system and services acquisition control requirements obtained from the licensee.

DCPP PPS Management Plan 6116-00000, Revision 3.

CSI Electronics Development Procedure 9000-00311, Revision 4.

CSI FPGA [Field Programmable Gate Array] Development Procedure 9000-00313, Revision 2.

CSI PPS V&V Plan 6116-00003, Revision 1.

DCPP PPS Conceptual Design Document (PPS CDD).

DCPP PPS Replacement System Functional Requirements Specification (PPS FRS) 08-001150SP-001, Revision 7.

CSI DCPP PPS System Requirements Specification WNA-DS-02442-PGE, Revision 3.

DCPP PPS Replacement System Interface Requirements Specification (PPS IRS), Revision 7.

CSI PPS System Design Specification 6116-00011, Revision O.

DCPP PPS ALS-1 02 FPGA Requirements Specification 6116-10201, Revision O.

ALS-102 Design Specification document, 6002-10202, Revision X (most current).

DCPP PPS ALS to ASU Communications Protocol, 6116-00100, Revision X (most current).

DCPP PPS Requirements Traceability Matrix 6116-00059, Revision A.

DCPP PPS Secure Development Environment Vulnerability Assessment.

The audit staff also requires access to the current Requirements Traceability Matrix information in order to observe that applicable functional requirements are correctly implemented in the PPS.

- 4 TEAM ASSIGNMENTS/RESOURCE ESTIMATES The resource estimate for this audit visit is approximately 200 hours0.00231 days <br />0.0556 hours <br />3.306878e-4 weeks <br />7.61e-5 months <br /> of direct inspection effort.

The NRC staff performing this audit will be:

NRC/NRR/DE/EICB Richard Stattel-301-415-8472 Rossnyev Alvarado - 301-415-6808 SamirDarbali -301-415-1360 NRC/Region IV/DRS/EB2 Shiattin Makor, 817-200-1507 NRC/NSIR Eric Lee - 301-415-8099 George Simonds - 301-415-0722 Stacy Smith - 301-415-6025 Christopher Chenoweth This audit will be conducted at the CSI/Westinghouse offices in Scottsdale, Arizona. The estimated length of the audit is 4 days.

LOGISTICS The audit will start on the morning of Monday, February 11, 2013, and conclude on the afternoon of Thursday, February 14, 2013.

The tentative schedule for the audit is as follows:

Monday, February 11, 2013 (9:00 a.m. - 5:30 p.m.)

9:00 a.m. - Entrance meeting (NRC staff - purpose of audit; CSI/Westinghouse staff - brief overview of PPS project and facility).

10:00 a.m. - Factory / training facility tour.

1 :00 p.m. - Tentative plan is for the audit team to jointly work on a requirements thread to see an overview of the entire system development process.

Tuesday-Wednesday, February 12-13, 2013 (9:00 a.m. - 5:30 p.m.)

9:00 a.m. - Morning meeting between NRC staff and CSI/Westinghouse to discuss activities and logistics for the day.

- 5 9:30 a.m. - Review of PPS documentation I Interviews with key CSllWestinghouse personnel. NRC staff may work together or individually, as circumstances dictate.

4:30 p.m. - NRC staff internal meeting.

5:00 p.m. (as needed) - NRC staff and CSllWestinghouse to discuss any observations from the day Thursday, February 14.2013 (9:00 a.m. - 5:30 p.m.)

9:00 a.m. - Morning meeting between NRC staff and CSllWestinghouse to discuss activities and logistics for the day.

3:00 p.m. - NRC staff internal meeting - identification I resolution of any open items.

4:00 p.m. - Exit meeting (NRC staff - general overview of observations and identification of any open items)

DELIVERABLES At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope.

The NRC regulatory audit report and a separate audit report for cyber security will be issued by April 15, 2013. The Secure Development and Operational Environment (SDOE) portion of the regulatory audit report will be handled as Official Use Only (OUO) information.

REFERENCES Licensee Documentation:

DCPP PPS License Amendment Request dated October 26, 2011 (ADAMS Accession No. ML113070457).

DCPP PPS System Replacement Diversity & Defense-in-Depth Assessment Topical Report, Revision 1.

Process Protection System (PPS) Replacement Concept, Requirements, and Licensing Phase 1 Project Plan, Revision 1.

DCPP PPS System Quality Assurance Plan (SyQAP), Revision O.

DCPP PPS System Verification and Validation Plan (SyWP), Revision O.

SCMP 36-01 Software Configuration Management Plan (SCMP), Revision O.

PG&E Letter DCL-11-123, Enclosure, Security Related Information to Support Process Protection System Replacement Amendment Request 11-07, dated December 20, 2011 (ADAMS Accession No. ML113610535).

- 6 NRC Guidance:

NUREG-0800, "Review of Safety Analysis Reports for Nuclear Power Plants,"

Chapter 7, "Instrumentation and Controls."

Regulatory Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants," July 2011 (ADAMS Accession No. ML102870072).

Regulatory Guide 1.153, Revision 1, "Criteria for Safety Systems," June 1996 (ADAMS Accession No. ML003740022).

Regulatory Guide 1.168, Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," February 2004 (ADAMS Accession No. ML040410189).

Regulatory Guide 1.169, "Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," September 1997 (ADAMS Accession No. ML003740105).

Regulatory Guide 1.173, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants,"

September 1997 (ADAMS Accession No. ML003740101).

Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities," January 2010 (ADAMS Accession No. ML090340159).

Nuclear Energy Institute, NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," April 2010 (ADAMS Accession No. ML101180437).

Industry Standards:

IEEE Std 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations."

IEEE Std 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations."

IEEE Std 828-1990, "IEEE Standard for Software Configuration Management Plans."

IEEE Std 829-1998, "IEEE Standard for Software Test Documentation."

American National Standards Institute (ANSI)IIEEE Std 1008-1987, "IEEE Standard for Software Unit Testing."

IEEE Std 1012-1998, "IEEE Standard for Software Verification and Validation."

- 7 IEEE Std 1028-1997, "IEEE Standard for Software Reviews and Audits,"

ANSI/IEEE Std 1042-1987, "IEEE Guide to Software Configuration Management."

IEEE Std 1074-1995, "IEEE Standard for Developing Software Life Cycle Processes,"

ML13029A667 Sincerely, IRN Joseph M. Sebrosky, Senior Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation OFFICE NRRJDORULPL4IPM NRRJDORULPL4/LA NRRJDEIEICB/BC NRRJDORULPL4IBC NRRJDORULPL4/PM !

NAME JSebrosky JBurkhardt JThorp MMarkley JSebrosky DATE 1/30/13 1/30/13 1/31/13 2/1113 1/31/13