ML13093A313
| ML13093A313 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 12/18/2012 |
| From: | Phan S Invensys Operations Management, Invensys/Triconex |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| DCL-13-028 993754-1-802, Rev 3 | |
| Download: ML13093A313 (91) | |
Text
Attachments 9-14 to the Enclosure contain Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure PG&E Letter DCL-1 3-028 Invensys Operations Management Document "993754-1-802, Revision 3, Software Verification and Validation Plan" (Non-Proprietary)
Attachments 9-14 to the Enclosure contain Proprietary Information When separated from Attachments 9-14 to the Enclosure, this document is decontrolled.
i nv
- e. n S"
1u Operations Management i rVe.ri s'.w s" Triconex Project:
PG&E PROCESS PROTECTON SYSTEM REPLACEMENT Purchase Order No.:
3500897372 Project Sales Order:.993754 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT SOFTWARE VERIFICATION AND VALIDATION PLAN (SVVP)
Document No. 993754-1-802 (-NP)
Revision 3 December 18, 2012 Non -Propietary copy per 10CFR2390
- Areas of InveaMs Opuos Magee prorietary Wf=ation, nudicod
[P], hat beev redacted based on 10CFR2.390(aX4).
II I
Name
_Signature OPTitle Author:
Son Phan IV&V Engieer Reviewer:
Hoan Nguyen IV&V Engineer Approval:
Kevin Vu t IV&V Manager
in v'e. n s".
s-i n V e. n s
Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Softar Verification And Validation Plan Revision:
3 Page:
2 of 51 Date:
12/18/2012 Document Change History_
Revision Date Change Author 0
08/17/11 Initial Release S. Phan 1
10/13/11 Revise the Figure 3. PPS Replacement Project S. Phan Organization Structure.
Revise the Figure 2 Tricon Protection Set Architecture for the PPS Replacement System.
2 06/07/12 Section 1.1: Add paragraph "Compliance with IEEE S. Phan Standard 1012-1998 is demonstrated by the attached compliance matrix, 993754-1-802, Software Verification and Validation Plan Compliance to IEEE Standard 1012-1998 [Attachment 1]".
Section 3.1: Revised the definition for "Acceptance Testing".
Section 4.1.2: Added a listing of the documents independent review IV&V activities.
Revised section 4.3:
Added discussion of mapping IV&V tasks to IEEE Standard 1012.
Added Table 1 "Minimum V&V task assigned to SIL -4 PPS Replacement Project".
Section 4.4: Added discussion of resource summary for IV&V activities.
Added Section 5.1.1 Management of V&V.
Section 5.2: Revised the discussion of verification activities during project life cycle.
Section 5.2: Added reference to IEEE Standard 829; added clarifying statements regarding component, integration, and system-level testing activities.
Revised consistent with the use of "life cycle" entire document.
Added section: 8.0 Revised figure 2 Revised some typos Added IV&V task generate and verify the Software Verification Test Report, 993754-1n2-853 at section 5.2.4.2.1, and 5.2.4.2.2.
Deleted section 8. Attachment I Added Appendix D - Compliance Matrix: Software Verification and Validation Plan Compliance to IEEE Standard 1012-1998 3
12/18/12 Section 1.1: Deleted the [Ref 2.4.4] at PPM 7.0.
S. Phan Section 4.1.2: Deleted the [Ref 2.4.4] at PPM 4.0 and added the PPM title "Project Document and Data Control".
Section 4.5.1: Deleted the [Ref 2.4.4] at PPM 7.04 and added the PPM title "Software Tool Development".
i n v'e.n s.
s nVe. n s'.s Operations ManagemenTriconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
1 3 of 51 1
Date:
12/18/2012 Section 4.5.2: Deleted the [Ref 2.4.4] at PPM 3.0 and added the PPM title "Drawing Prepare and Control".
Section 4.5.2: Deleted the [Ref 2.4.41 at PPM 2.0 and added the PPM title "Design Control".
Section 5.2.1: Deleted the [Ref 2.4.4] at PPM 2.0.
Section 5.2.2.2.1: Deleted the [Ref 2.4.4] at PPM 6.0 and added the PPM title "Test Control".
Section 5.2.3.2.1 4): Deleted the [Ref 2.4.4] at PPM 6.0.
Section 5.2.3.2.1 5): Deleted the [Ref 2.4.4] at PPM 7.01 and added the PPM title "Software Verification".
Section 5.2.3.2.1 6): Deleted the [Ref 2.4.4] at PPM 6.0.
Section 5.2.4.2.1 5): Deleted the [Ref 2.4.4] at PPM 7.01.
Section 5.2.5.2.1 2): Deleted the [Ref 2.4.4] at PPM 6.0.
Section 5.3: Deleted the [Ref 2.4.4] at PPM 8.0 and added the PPM title "System Integration Implementation".
Section 6.1: Deleted the [Ref 2.4.41 at PPM 7.02 and added the PPM title "V&V Phase Summary Reports".
Section 6.3: Deleted the [Ref 2.4.4] at PPM 10.0 and added the PPM title "Nonconformance and Corrective Action".
Section 1.2: Revised the figure 2. "Tricon Protection Set Architecture for the PPS Replacement System".
Section 4.1.1: Revised the figure 3. "PPS Replacement Project Organization Structure".
in v'e. n s'.w s" Operations Management in V n.
n' s.'
s" Triconex I
Document:
1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
4of51 1
Date:
1 12/18/2012 Table of Contents List of Tables W
List of]
7 K
0.
.0.......0....0....
1.
1.1.
1.2.
1.3.
Introduction.00....
0...
00..... 0...
0-0....
0....
- .*.*Ooooooooooooooooooo0000"00006000000000"00000066000006*00*68 Purpose............................................................................................................................................................
8 Scope................................................................................................................................
9 9 Verification and Validation Progrm Implementation.........................................................
11.
- 2.
References..................................................................................................... 12 2.1.
2.2.
2.3.
2.4.
3.
3.1.
3.2.
Industry Documents.......................................................................................................................................
12 NRC Docum ents............................................................................................................................................
12 PG&E Docum ents.........................................................................................................................................
13 Invensys Triconex Docum ents.......................................................................................................................
13 Definition and Acronyms.........................................
............. 14 Definitions.....................................................................................................................................................
14 Acronym s......................................................................................................................................................
15
- 4.
V&V Overview.
17
... o................. oo--
....... o................
4.1.
4.2.
4.3.
4.4.
4.5.
Organization..................................................................................................................................................
17 4.1.1.
V&V Organization...................................................................................................... 17 4.1.2.
V&V Responsibilities...................................................................................................................
18 Project Schedule............................................................................................................................................
20 Software Integrity Level (SIL)......................................................................................................................
20 Resource Summary........................................................................................................................................
22 Tools, Techniques, and M ethods...................................................................................................................
23 4.5.1.
Tools.............................................................................................................................................
23 4.5.2.
Techniques and methods.........................................................................................................
24
- 5.
V&V Process 26
... *... 0........ 0... 0....... 0.................. *0.0... 0.... 00.-
.0... 00.0... 00-00....... *00..
5.1.
V&V M anagem ent-General............................................................................................ 28 5.1.1.
M anagem ent of V&V....................................................................................................................
28 5.2.
Life Cycle Verification Activities..................................................................................................................
28 5.2.1.
Planning Phase..............................................................................................................................
29 5.2.2.
Requirem ents Phase......................................................................................................................
30 5.2.3.
Design Phase.................................................................................................................................
32 5.2.4.
Implem entation Phase...................................................................................................................
34 5.2.5.
Test Phase.....................................................................................................................................
35 5.3.
Post Test/Pre-Ship Checkout.........................................................................................................................
37
in V'e.ns.ý s in Ve. n s".Los' Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
5 of 51 1
Date:
1 12/18/2012 5.4.
R isks and A ssum ptions..................................................................................................................................
38
- 6.
V&V Reporting............................................................................................
39 6.1.
V & V A ctivity Sum m ary Report....................................................................................................................
39 6.2.
T est R eports..................................................................................................................................................
39 6.3.
A nom aly R eports...........................................................................................................................................
39 6.4.
V & V Final R eport.........................................................................................................................................
39
- 7.
V&V Administrative Requirements......................................................
41 7.1.
Anomaly Reporting and Resolution.........................................................................................................
41 7.2.
T ask Iteration Policy.....................................................................................................................................
4 1 7.3.
D eviation Policy............................................................................................................................................
4 1 7.4.
C ontrol Procedures........................................................................................................................................
4 1 7.5.
Software Standards, Practices, and Conventions......................................................................................
41
- 8.
Appendices...................................................................................................
44 Appendix A - Typical Verification and Validation Flow Chart........................................................................
45 Appendix B - Task Report Log...............................................................................................................................
46 Appendix C - Task Report Form.............................................................................................................................
48 Appendix D - Compliance Matrix: SVVP Compliance to IEEE Standard 1012-1998........................
51
in v'e. ns.
s" Operations Management inv'e.n s'.Y s" Triconex Document:
993754-1-802
Title:
Software Verification And Validation Plan Revision:
3 Page:
6 of 51 1
Date:
12/18/2012 List of Tables Table 1. Minimum V&V tasks assigned to SIL-4 PPS Replacement Project...............................................
21 Table 2 Life cycle M apping................................................................................................................................
26
in v'e. n s'.4 s" Operations Management in V e. n s'.
s" Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
7 of 51 1
Date:
12/18/2012 List of Figures Figure 1. Westinghouse PWR Reactor Protection Concept........................................................
8 Figure 2. Tricon Protection Set Architecture for the PPS Replacement System...................... 10 Figure 3. PPS Replacement Project Organization Structure...................................................
17
i n V'e. n s'.y s" Operations Management i nV e.
v n s.w s" Triconex Document: 1993754-1-802 1 Tite:
Software Verification And Validation Plan Revision:
3 Page:
8 of 51 Date:
12/18/2012
- 1. Introduction 1.1. Purpose The purpose of this Software Verification and Validation Plan (SVVP) is to establish the requirements for the Verification and Validation (V&V) process to be applied to the TriStation Application Project (TSAP) software developed for the Process Protection System (PPS)
Replacement Project, running on the Safety-Related VIO Tricon platform hardware. This SVVP is described in the Software Quality Assurance Plan (SQAP) [Ref 2.4.8]. This SVVP includes the TSAP software and VIO Tricon system hardware interface with Advanced Logic System (ALS)
(but not the ALS functions themselves), and Maintenance Workstation (MWS).
- PWR Protection Concept Rod Control Power Cabinet Figure 1. Westinghouse PWR Reactor Protection Concept.
This SVVP also defines when, how, and by whom specific V&V activities are to be performed, including options and alternatives as required, and description of the various V&V methodologies used. Various methods will be used to detect errors in the TSAP software and hardware interface during the system design, development, and implementation process.
The PPS is classified as Nuclear Safety-Related (Class IE) and all project activities shall comply with the applicable requirements of the Invensys Operation Management Nuclear Quality
i n V'e. n s.
s i nv'e. n s"
Operations Management Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
9 of 51 1
Date:
1 12/18/2012 Assurance Manual (IOM-Q2) [Ref 2.4.1 ] and any additional quality requirements specified in the Project Quality Plan (PQP) [Ref 2.4.7].
This SVVP is prepared in accordance with PPM 7.0, Application Program Development, and follows the guidelines described in IEEE 10 12-1998 "IEEE Standard for Software Verification and Validation" [Ref 2.1.6], IEEE 1074-1995, "IEEE Standard for Developing Software Life Cycle Processes" [Ref 2.1.9], and Branch Technical Position 7-14, "Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems", [Ref 2.2.6].
Compliance with IEEE Standard 1012-1998 is demonstrated by the attached Compliance Matrix:
Software Verification and Validation Plan Compliance to IEEE Standard 1012-1998 [Appendix D].
The goals of this SVVP are to:
- 1) Provide an integrated solution that will improve V10 Tricon Protection Set reliability and availability.
- 2) Reduce costs by detecting system errors as early as possible.
- 3) Provide objective evidence for system performance evaluation.
- 4) Demonstrate compliance with customer requirements and the Invensys QA Program.
- 5) This SVVP describes the verification and validation requirements for the PPS Replacement Project.
1.2. Scope The V&V activities described in this SVVP apply to V10 Tricon Protection Set software, documents, and other items that are produced during implementation of this project. The boundaries of the V&V activities include 1/0 inputs from ALS and data link inputs via the TCM for the MWS. These ALS inputs to the V1O Tricon will be simulated during the factory acceptance test, as discussed in Invensys document 993754-1-813, Validation Test Plan. This SVVP does not include V&V of the software running on ALS and the MWS as shown in Figure
- 2. This V&V process does not include operating systems, software, or firmware other than the TSAP generated by the TriStation 1131 (TS 1131). This SVVP does not include V&V of the TS 1131 programming tool, which will be used to develop the TSAP software. Software generated by Vendors other than Invensys Operations Management are verified and validated by the originating organization under separate programs. This SVVP addresses the attributes of third-party software only to the extent of verifying that the inputs, outputs, and displays are correct as specified.
I
i n V'e. n s'.* s" Operations Management i n V e. n s'.w s" Triconex I
Document: 1993754-1-802
Title:
Software Verification And Validation Plan Revision:
3 Pae:
10 of 51 1
Date:
1 12/18/2012 IliP0021 via setS& ft" A.UMW.* lap~
AmquwIpot j?"
ip fY #2 T", M$S 64 (TA91 jTpW AL Ward A.S S7 ft-~CM in~t~
exlf imif Cav jdie iIOWPwALS.5 rd AW -0 Pr Pcset I RerCRXI OMwl Cw" I MtiWMoft 0W9 FOer RS422WS48 SeW or lOO05mT Coope
-4.20 frA Ang pppe Figure 2. Tricon Protection Set Architecture for the PPS Replacement System.
in
~~
n
.i in V e. n s-.ty i n V'e. n s.
s" -',
s.s Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
11 of 51 1
Date:
12/18/2012 1.3. Verification and Validation Program Implementation V&V activities are integrated into the project activities from beginning to end and include Planning, Requirements, Design, Implementation, and Test Phases of the system software life cycle. During the Planning Phase the SVVP is developed to describe Nuclear IV&V activities, and also define when, how and by whom specific IV&V activities that are to be performed, includes various V&V methodologies used. The Requirements Phase entails the review of the Software Requirements Specification (SRS) developed based on customer design inputs [Ref 2.3]. Verification of each of these documents is performed to ensure that the applicable customer requirements have been adequately and accurately translated. The Design Phase is development of the Software Design Description (SDD). Again, verification of the SDD is performed to ensure that the applicable customer requirements have been adequately and accurately translated.
The Implementation Phase addresses the implementation of the SDD. The Implementation Phase activities are verified throughout the implementation process to ensure that the design has been correctly implemented. When all Implementation Phase activities have been completed, the system validation Test Phase activities are performed. These activities yield objective evidence that the operation of the system is consistent with the specified system requirements.
Traceability is critical to the success of the project. Traceability is achieved through the development of a Project Traceability Matrix (PTM). Traceability shall be determined sufficient if one is able to trace requirements from design inputs to design outputs and to trace requirement from design outputs back to design inputs (forward and backward traceability).
The PTM has shared responsibility. The Requirement and Design Phase PTM are prepared by Nuclear Delivery, where the Implementation and Test Phase PTM are prepared by Nuclear IV&V.
Refer to Appendix A of this SVVP for a typical V&V Flow Chart.
i n V'e.
n s".nys.
Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan L
Revision:
3 Page:
12 of 51 Date:
12/18/2012
- 2. References 2.1. Industry Documents 2.1.1 IEEE 7 - 4.3.2 - 2003, Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations.
2.1.2 IEEE 730 - 1998, Software Quality Assurance Plans.
2.1.3 IEEE 829 - 1983, Standard for Software Test Documentation.
2.1.4 IEEE 830 - 1998, Recommended Practice for Software Requirements Specifications.
2.1.5 IEEE 1008 - 1987, Standard for Software Unit Testing.
2.1.6 IEEE 1012 - 1998, Standard for Software Verification and Validation.
2.1.7 IEEE 1028 - 1997, Standard for Software Reviews and Audits.
2.1.8 IEEE 1059 - 1993, Guide for Software Verification and Validation Plans.
2.1.9 IEEE 1074 - 1995, Standard for Developing Software Life Cycle Processes.
2.1.10 IEEE 1228 - 1994, IEEE Standard for Software Safety Plans.
2.1.11 IEEE 828 - 1998, IEEE Standard for Software Configuration Management Plans.
2.2. NRC Documents 2.2.1 U.S. NRC Regulatory Guide (RG) 1.168, Rev. 1, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
2.2.2 U.S. NRC RG-1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
2.2.3 U.S. NRC RG-1.172, Software Requirements Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
2.2.4 U.S. NRC Digital Instrumentation and Controls Interim Staff Guidance (ISG6), DI&C-ISG-06.
2.2.5 NUREG-0800, Standard Review Plan, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 7 - Instrumentation and Controls, Revision 4, U.S. Nuclear Regulatory Commission, dated June 1997.
2.2.6 DI&C-ISG-01, Digital Instrumentation and Controls Task Working Group #f1: Cyber Security Interim Staff Guidance, Revision 0, U.S. Nuclear Regulatory Commission, dated December 31, 2007.
2.2.6 Branch Technical Position 7-14, Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems, Revision 5, U.S. Nuclear Regulatory Commission, dated March 2007.
2.2.7 U.S. NUREG/CR-6430, Software Safety Hazard Analysis.
2.2.8 U.S. NRC RG-1.170, Software Test Documentation for Digital Computer Software Used in Safety Systems of Nuclear Power Plans.
2.2.9 U.S. NRC RG-I.171, Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
i n v"ens
.ý s in Ve. n s-'.
s" Operations Management Triconex Document: I993754-1-802 I
Title:
I Software Verification And Validation Plan Revision:
3 Page:
13 of 51 Date:
12/18/2012 2.3. PG&E Documents 2.3.1 PG&E Purchase Order # 3500897372.
2.3.2 Master Service Agreement # 4600016720.
2.3.3 PG&E 08-0015-SP-001, Function Requirements Specification (FRS).
2.3.4 PG&E Process Protection System (PPS) Replacement Conceptual Design Document.
2.3.5 PG&E Process Protection System (PPS) Replacement Interface Requirements Specification.
2.3.6 PG&E Process Protection System Controller Transfer Functions Design Input Specification, 1011 5-J-NPG.
2.3.7 PG&E Process Protection System (PPS) Function Block Diagram (FBD) 08-0015-D Series.
2.4. Invensys Triconex Documents 2.4.1 IOM-Q2, Invensys Operation Management Nuclear Quality Assurance Manual.
2.4.2 NSIPM, Nuclear Systems Integration Program Manual, NTX-SER-09-2 1.
2.4.3 Quality Procedure Manual (QPM).
2.4.4 Invensys Project Procedures Manual (PPMs).
2.4.5 Invensys 9100150-001, Tricon VI0 Nuclear Qualified Equipment List (NQEL).
2.4.6 Project Management Plan (PMP), 993754-1-905.
2.4.7 Project Quality Plan (PQP), 993754-1-900.
2.4.8 Software Quality Assurance Plan (SQAP), 993754-1-801.
2.4.9 V10 Tricon Topical Report, 7286-1-545, Revision 4, Invensys Operations Management (ADAMS Accession Number MLI 10140443), dated December 20,2010.
2.4.10 Tricon V10 Conformance to Regulatory Guide 1.152, NTX-SER-10-14.
2.4.11 RG 1.152 Conformance Report, 993754-1-913.
~~~i n
V'e.
n s".t iven s'.s n N/e. ns s
r e-s Operations Management Triconex I Dwomnnet: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
14 of 51 Date:
12/18/2012
- 3. Definition and Acronyms 3.1. Definitions Acceptance Testing: Testing conducted in an operational environment to determine whether a system satisfies its acceptance criteria (i.e., initial requirements and current needs of its user) and to enable the customer to determine whether to accept the system.
Anomaly: A condition observed in the documentation or operation of hardware and software that deviates from expectations based on previously verified hardware/software products or reference documents. A critical anomaly is one that must be resolved before the V&V effort proceeds to the next phase.
Baseline: A work product that has been formally reviewed and accepted by the involved parties as the revision level approved for the Implementation Phase of the project. A baseline should be changed only through formal configuration management procedures. Some baselines may be the project deliverables, while others provide the basis for further work.
Component Testing: Testing conducted to verify the implementation of the design for a system hardware/software element (e.g., unit, module, function block etc,).
Criticality: A subjective description of the intended use and application of the system. Software and hardware criticality properties may include: safety, security, complexity, reliability, performance, or other characteristics.
Criticality Analysis: A structured evaluation of the software characteristics (e.g., safety, security, complexity, performance) for severity of impact of system failure, system degradation, or failure to meet software requirements or system objectives.
Deliverable: Document or product submitted to satisfy a requirement of the contract.
Demonstration: This is the life cycle activity where customer Factory Acceptance Testing occurs.
Detailed Design: This life cycle activity contains typical work packages used during the design stages of the project, such as: review design input, prepare P&IDs, define design control strategies, develop design reports, etc.
Hazard Analysis: A systematic qualitative or quantitative evaluation of software for undesirable outcomes resulting from the development or operation of a system. These outcomes may include injury, illness, death, mission failure, economic loss, environmental loss, or adverse social impact. This evaluation may include screening or analysis methods to categorize, eliminate, reduce, or mitigate hazards.
Implementation: This life cycle activity contains typical work packages used during the hardware staging and software installation phase of the project. Typical work packages include:
review detailed implementation input, procure materials, configure control strategies, and prepare test procedures and cases.
Inspection: A static analysis technique that relies on visual examination of development or purchased products to detect errors, violations of development standards, specifications, and other problems.
in v e. n s".ý--s-n V'e. n s'.y s' Operations Management Triconex Document: I993754-1-802 I
Title:
I Software Verification And Validation Plan Revision:
3 Page:
15 of 51 1
Date:
1 12/18/2012 Integration Testing: An orderly progression of testing of incremental pieces of the software program in which software elements, hardware elements, or both are combined and tested until the entire system has been integrated to show compliance with the programs design, and capabilities and requirements of the system. Typical work packages include verification of control strategies, document verification and resolution of discrepancies. Verification is performed during this activity.
Integrity level: A denotation of a range of values of a property of an item necessary to maintain system risks within acceptable limits. For items that perform mitigating functions, the property is the reliability with which the item must perform the mitigating function. For items whose failure can lead to a threat, the property is the limit on the frequency of that failure.
Life Cycle Activity: A set of interrelated activities or processes that result in the development or assessment of software and hardware products. For V&V purposes, no process is concluded until its development products are verified and validated according to the defined tasks in the SVVP.
Management Activity: This life cycle activity contains the generic activities and tasks, which may be employed by any party that manages its respective processes. Examples of tasks are 1) prepare plans for execution; 2) initiate the plans, etc. This activity is applicable to all life cycle phases.
Phase: Defined for this document as a step in life cycle activity.
Preliminary Design: This life cycle activity contains typical work packages used in the preliminary stages of a project, such as: contract review, define control strategies, develop Project Plans, and describe change management.
Project Traceability Matrix: A documented matrix indicating the origin of the requirements, their implementing design output documentation and the corresponding testing requirements.
Unit: An assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment. A unit can be disconnected, removed as a single piece, and replaced by a spare. It has definable performance characteristics that permit it to be tested as a single assembly. Software functions that meet the requirements of this definition are also defined as a unit. By this definition, the words "unit" and "module" (hardware/software) are interchangeable.
Verification: The process of evaluating a system or component to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.
Validation: The process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements.
3.2. Acronyms ALS Advanced Logic System DRCS Document Review Comment Sheet FAT Factory Acceptance Test FMEA Failure Modes and Effects Analysis HRS Hardware Requirements Specification HVT Hardware Validation Test 10 Input/Output
i n v'e. n s'.! s-i vn v/ e. n s"
Operations Management Triconex Document:
993754-1-802
Title:
Sofware Verification And Validation PlanI Revision:
3 Page:
16 of 51 1
Date:
1 12/18/2012 IV&V Independent Verification and Validation M&TE Measurement and Test Equipment MWS Maintenance Workstation ND Nuclear Delivery NQA Nuclear Quality Assurance NRC Nuclear Regulatory Commission NIST National Institute of Standards and Technology PE Project Engineer PQAE Project Quality Assurance Engineer PQP Project Quality Plan PLC Programmable Logic Controller PM Project Manager PPM Project Procedures Manual PPS Process Protect System PS Protection Set PTM Project Traceability Matrix QA Quality Assurance QPM Quality Procedures Manual SDC Software Development Checklist SDD Software Design Description SIDR System Integration Deficiency Report SIL Software Integrity Level SQAP System Quality Assurance Plan SRS Software Requirements Specification SVVP Software Verification and Validation Plan Tricon Programmable Logic Process Controller by Triconex TS 1131 TriStation 1131 Developer's Workbench TSAP TriStation Application Project V&V Verification and Validation
i n v'e.rn s'.ýj s" Operations Management in v e. n s'.w s' Triconex I
Document: 1993754-1-802 1
Title:
ISoftwar Veification And Validation Plan Revision:
3 Page:
17 of 51 Date:
12/18/2012
- 4. V&V Overview The V&V approach as described in IEEE 1012-1998 will be used for conducting project V&V activities. These activities will be planned and scheduled per the project schedule, the applicable PPMs [Ref 2.4.4], and the PQP.
The V&V efforts shall be accomplished using a Nuclear Independent Verification & Validation organization not associated with the Nuclear Delivery organization as identified in the PQP. This independent V&V process is consistent with the process described in Annex C.4.1 of IEEE 1012-1998.
4.1. Organization 4.1.1. V&V Organization The V&V organization for the Invensys Operations Management V&V team is shown in Figure
- 3. The figure shows the organizations involved in the PPS Replacement Project: Nuclear Independent Verification and Validation (lV&V); Nuclear Delivery (ND); and Nuclear Quality Assurance (NQA).
~ I offW Staff
&~
Ld (s
iee Figure 3. PPS Replacement Project Organization Structure The Nuclear IV&V group shall be responsible for performing independent design document review, software design verification, generating and verifying the V&V documents, and
n V e. n s-in V e. n s'.L s" Operations Management Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
18 of 51 1
Date:
I 12/18/2012 performing V&V test executions. The Nuclear IV&V group will define its own schedule for the V&V activities without any restrictions or influence from the Nuclear Delivery group.
The PPS Replacement Project team members from Nuclear IV&V include the IV&V Team Lead and four IV&V Engineers.
During day-to-day V&V execution, the Nuclear IV&V team will interface with ND engineers and the PQAE as needed. When anomalies have been identified during the project life cycle, cases may arise that require escalating the resolution to higher levels of management within Invensys Operations Management. In Figure 3, the lines of communication between the organizations at the Management and Director levels are shown by the dashed lines. As shown, issues requiring escalation can be escalated up separate and independent reporting chains up to the Director level. In those rare cases that the Director level is not sufficient, IOM-Q2 allows escalation to the Regional and Global Director levels and still maintain the necessary managerial, technical, and financial independence necessary for compliance with NRC requirements contained in, for example, Regulatory Guide 1.168 [Ref 2.2.1].
4.1.2. V&V Responsibilities Invensys Operations Management will assign a core group of engineers and support staff to the PPS Replacement Project. As project needs change, assigned personnel will be added or removed. The following individuals will be involved in the PPS Replacement Project:
Director -
[
The Nuclear IV&V Director reports to the Global Director of Quality, and is responsible for providing resources and expertise to V&V operations.
Manager-
]
The Nuclear IV&V Manager reports to the Director, Nuclear IV&V, and is responsible for implementation of the nuclear IV&V activities conducted at the Invensys Operations Management Lake Forest Facility. The IV&V Manager has the authority and organizational freedom to ensure that V&V activities are managerially, technically, and financially independent of the development organization. The IV&V Manager approves Project IV&V documents, e.g.,
Software Verification and Validation Plan (SVVP), IV&V Phase Reports, etc.
Staff -
The Nuclear IV&V Staff reports to the Nuclear IV&V Manager. Some of the major functions and responsibilities for the IV&V Staff are listed below.
" Prepare the Software Verification and Validation Plan (SVVP).
Prepare the Software Safety Plan (SSP).
" Prepare the Safety Analysis (Criticality/Hazards/Risk/Interface).
Prepare the Validation and Verification Test Plans.
Perform independent review/verification of software design documents.
~~~~~i n v'V n
"ive.
n s.s-i nVe.
n s-.L-is-~V Operations Management Triconex I
Document: 1993754-1-802 I
Title:
I Software Verification And Validation Plan Revision:
3 Page:
19 of 51 Date:
12/18/2012
" Generate and execute Verification and Validation test procedures, and prepare reports on the test results.
- Perform independent review/verification of test documents.
Test Director/IV&V Lead m
The Test Director, also the IV&V Lead (
), is a member of the IV&V Staff and reports to the IV&V Manager. The Test Director is responsible for the overall conduct of assigned test activities and participates in Project Review Committee (PRC) activities.
The following is a listing of the documents generated as a result of PPS Replacement Project V&V activities. These documents shall be controlled per PPM 4.0, Project Document and Data Control. The specific documents shall be developed and processed in accordance with the controlling Project Procedures Manual. These documents shall be generated by the Nuclear IV&V staff, with the exception of the PTM1 and will be verified by Nuclear IV&V staff and approved by Nuclear IV&V Manager.
- 1) Software Verification and Validation Plan, 993754-1-802.
- 2) Software Safety Plan, 993754-1-911.
- 3) Safety Analysis (Criticality/ Hazard/ Risk/ Interface), 993754-1-915.
- 4) Validation Test Plan, 993754-1-813.
- 5) Project Traceability Matrix, 993754-1-804'
- 6) Phase Summary Report(s) (Requirements, Design, Implementation, and Test Phase)
- 7) Software Verification Test Plan, 993754-1-868.
- 8) Validation Test Specification, 993754-1-812.
- 9) Software Verification Test Specification, 993754-1-869.
- 10) Software Verification Test Procedure and Test Case, 993754-1n2-870-k3.
- 11) Software Verification Test Case Execution and Report, 993754-1n 2-853.
- 12) Hardware Validation Test Procedure, 993754-1 n2-902-0.
- 13) Factory Acceptance Test Procedure, 993754-1 n2-902-1.
- 14) Validation Test Report.
- a. Hardware Validation Test Report, 993754-1n 2-854-0.
- b. Factory Acceptance Test Report, 993754-1n 2-854-1.
- 15) Project Traceability Matrix', 993754-1-804.
- 16) V&V Phase Summary Reports, 993754-1-856 to -863.
- 17) System Response Time Confirmation Report, 993754-1-818.
'The PTMs has shared responsibility. The Requirements and Design Phase PTM are prepared by Nuclear Delivery, where the Implementation and Test Phase PTMs are prepared by Nuclear IV&V.
2 n = 1 through 4 to match the Protection Set. Project Plans are not required to have this additional number because the plans are at the project level and not specific to a particular Protection Set.
3 k = 1 through i, where i is the number of programs in the V10 Tricon Protection Set application program (PT2 file).
nni n V e. n s'.vs" Operations Management Triconex I Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
20 of 51 Date:
12/18/2012
- 18) V&V Final Report.
The following is a listing of the documents independent review as a result of PPS Replacement Project V&V activities.
- 1) Purchase Order Compliance Matrix
- 2) Software Configuration Management Plan
- 3) Software Integration Plan
- 4) Software Requirements Specification
- 5) Maximum TSAP Scan Time
- 6) Project Traceability Matrix
- 7) Software Design Description
- 8) Application Code (PT2 files)
- 9) Input / Output List
- 10) System Accuracy Report.
4.2. Project Schedule The project schedule was developed based on the life cycle defined in the NSIPM [Ref 2.4.2] as implemented by the PPM. Adhering to the procedures will also assure the required project deliverables will satisfy PG&E technical and NRC regulatory requirements, and that the necessary supporting collateral will be generated to support the safety conclusions of both ND and Nuclear IV&V.
4.3. Software Integrity Level (SIL)
IEEE 1012-1998, Section 4, provides guidance on selection of criticality levels for software based on its intended use and application. Criticality levels are established by a subjective evaluation of attributes. IEEE 1012 uses Integrity Levels to quantify criticality. The assigned Software Integrity Levels may vary as the software evolves. However, the software and hardware developed for nuclear safety related portions of this project will be used in a safety-critical application and shall be classified as Software Integrity Level 4 (Criticality-High).
The V&V effort will perform the minimum V&V tasks as shown in Table 1 for the assigned Software Integrity Level.
i n ve.
n s'.j s"
Operations Management in V e. n 5.'.y s" Triconex Revision:
3 Page:
21 of 51 1
Date:
1 12/18/2012 The project documents listed below identify the types of design outputs at the system level and will be assigned a Software Integrity Level 4 rating:
- 1) Project Plans, Software V&V Plan, Software Safety Plan.
- 2) Project Specifications/Reports
- a. Hardware Requirements Specification (HRS)
i n V e.ns.
s inVe. n s".nys' Operations Management Triconex Document: I993754-1-802 I
Title:
I Software Verification And Validation Plan Revision:
3 Page:
22 of 51 1
Date:
12/18/2012
- b. Software Requirements Specification (SRS)
- c. Software Design Description (SDD)
- d. Validation Test Specification
- e. Verification Test Specification
- f. V&V Activity Summary Reports
- 3) System Design Integration Drawings.
- 4) TriStation Application Project application program.
- 5) Verification and Validation Test Produces, Test Reports, Final V&V Report.
4.4. Resource Summary Staffing Execution of Nuclear IV&V activities requires the following staff:
- Nuclear IV&V Lead
- Nuclear IV&V Engineer 1
" Nuclear IV&V Engineer 2
- Nuclear IV&V Engineer 3
" Nuclear IV&V Engineer 4 The PPS Replacement Project requires a Nuclear IV&V staff with combined knowledge and experience with the U.S. NRC regulations and processes, software engineering life cycle management, and verification and validation of nuclear safety-related hardware and software.
Specific skills and knowledge are required in the following areas:
" Application of U.S. NRC Regulatory Guides relevant to safety-system software development.
" Application of U.S. NRC Regulatory Guides relevant to independent verification and validation of safety-system software.
- Application of relevant U.S. NRC staff guidance related to design and licensing of nuclear safety systems, such as DI&C-ISG -06 [Ref 2.2.4].
- Understanding of staff guidance contained in Chapter 7 of U.S. NRC NUREG-0800, Standard Review Plan [Ref 2.2.5].
- Application of Institute of Electrical and Electronics Engineers standards (e.g., those endorsed by U.S. NRC Regulatory Guides) relevant to independent verification and validation of software for nuclear safety-related applications.
- Implementation of the Invensys Operations Management NSIPM and PPM to nuclear safety-related projects.
- Knowledgeable in the use of the TS 1131 Developer's Workbench, Invensys Emulator Test Driver (ETD) and Microsoft Excel.
Knowledgeable of Tricon hardware.
- Knowledgeable of safety and protection systems.
" Experienced with reading and interpreting P&IDs, instrument diagrams, and function block diagrams.
in v'e. n s".
s inVe.n s'.* s" Operations Management Triconex I Document: 1 993754-1-802 I
Title:
I Sofiare Verification And Validation Plan Revision:
3 Page:
23 of 51 Date:
12/18/2012 Tools Tool required for IV&V activities are detailed in Section 4.5.1 of this plan.
Facilities For system validation, the Invensys test area will be required to be secured, configuration controlled, and otherwise suitable environment. The test area will support the deliverable Tricon hardware and associated test apparatus, to allow Nuclear IV&V personal to validate the combined hardware/software system, prior to delivery to the customer.
Finances Aside from ordinary budget for personnel and tools, Nuclear IV&V has no financial resource needs.
Special Procedural Requirements Several procedures unique to IV&V test activities will be employed. These procedures are described along with the specific activities in the IV&V test plans, specifications, and procedures.
4.5. Tools, Techniques, and Methods I i I
in v'e. n s'.>
s" Operations Management inv'e.ns s"
Triconex Revision:
3 Page:
24 of 51 1
Date:
1 12/18/2012 1
in v'e. n s'.* s" Operations Management i n ve.n s'.
- s" Triconex Revision:
3 Page:
25 of 51 1
Date:
1 12/18/2012
i nN/e. n s-.ý.s l
nV
- e.
nl 5
.w 5*
Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
26 of 51 Date:
12/18/2012
- 5. V&V Process The following explains the correlation of the Invensys Operations Management NSIPM life cycle to IEEE 1012-1998 life cycle processes and activities.
Table 2 Life cycle Mapping IEEE 1012 V&V Life cycle Processes NSIPM V&V Life cycle Processes Management Throughout (Primary Planning)
Acquisition Acquisition Supply Throughout (Planning)
Development Development
" Concept
- Planning
- Requirements
- Requirements
" Design
- Design
" Implementation
- Implementation
" Test
- Test Operation Delivery (scope of supply based on contract requirement)
Maintenance I) Management The Management process is applicable to all phases the Project. Invensys Operations Management shall meet the task performance requirements for management of V&V as stated in IEEE 1012-1998. All acquisition process tasks shall be performed as Management process activities. The supply process contract review task shall be performed as a Management process activity.
- 2) Acquisition Prior to accepting a Purchase Order, Nuclear Delivery reviews it to identify any compliance issues. Until the review is completed, the Purchase Order is placed on Nuclear Hold until the Acceptance Review is completed. A compliance matrix is created to determine that the PG&E requirements can be satisfied. Nuclear IV&V reviews the compliance matrix in accordance with IEEE Standard 10 12-1998. Any deviations and exceptions to PG&E requirements will be documented by Invensys Operations Management and approved by PG&E.
- 3) Supply This process is applicable for purposes of contract review, because a purchase order has been offered and accepted. The supply process is initiated by either a decision to prepare a proposal to answer an acquirer's request for proposal, or by signing and entering into a contract with the acquirer to provide the system. This process also verifies that the request for proposal requirements and contract requirements are consistent.
- 4) Development This process is applicable to the Project and incorporates the majority of the project activities. Invensys Operations Management shall meet the task performance requirements for Development process activities as outlined below:
i n V e. n s.
s in Ve. ns'.
s" Operations Management Triconex Document: I993754-1-802 I
Title:
I Software Verification And Validation Plan Revision:
3 Page:
27 of 51 1
Date:
1 12/18/2012
- a. Concept V&V - System architecture, allocation of system requirements to hardware, software, and user interface components, and a specific implementation are delineated in the system requirements and technical specifications provided to Invensys Operations Management. Therefore these activities are not applicable.
- b. Requirements V&V - Invensys Operations Management shall meet the task performance requirements for Requirements V&V as stated in IEEE 10 12-1998.
- c. Design V&V - Invensys shall meet the task performance requirements for Design V&V as stated in IEEE 1012-1998.
- d. Implementation V&V - Invensys Operations Management shall meet the task performance requirements for Implementation V&V as stated in IEEE 1012-1998.
Regression testing, as recommended by RG 1.168 [Ref 2.2.1], is accommodated in this phase by the identification of required retest in the Anomaly Report.
- e. Test V&V - Invensys Operations Management shall meet the task performance requirements for Test V&V as stated in IEEE 10 12-1998.
- f. Installation and Checkout V&V - Invensys shall meet the task performance requirements for Installation and Checkout V&V as stated in IEEE 1012-1998 with the exception of the Final V&V Report which is produced in the Test phase.
During the development process, the following tasks shall be performed and the V&V task reports issued if any changes to design inputs occur.
- a. Evaluation of New Constraints
- b. Proposed Change Assessment These tasks shall be performed as part of the Baseline Change Assessment task included in each life cycle activity.
- 5) Operation This phase covers the operation of the software product and operational support to users after installation normal commissioning. It addresses operational testing, system operations, and user support with respect to the operating procedures.
This is not applicable to the PPS Replacement Project after delivery to the customer.
Plant operating procedures are not within the Invensys Operations Management scope of work.
- 6) Maintenance This applies to modifications to code and associated documentation caused by a problem or a need for improvement or adaptation of the product. It addresses modifications, migration, or retirement of the software during the operational process.
Contract requirements are defined by the Warranty terms. These requirements shall be maintained, along with processes for bug fixes (hardware and software), repairs, and available upgrades. However, these processes are controlled at a corporate level, and outside the scope of the PPS Replacement Project once the system is delivered.
i n V'e.
n in
- e. n s*.w s" Operations Management Triconex I Document: 1993754-1-802 1
Title:
I Software Verification And Validation plan Revision:
3 Pae:
28 of 51 Date:
12/18/2012 5.1. V&V Management - General Project personnel resources are managed separately between the ND staff and the Nuclear IV&V staff. The Nuclear IV&V Manager ensures that the V&V process is not compromised due to schedule conflict causing a change in personnel, which may lead to a less rigorous level of technical review.
Good communication between the ND staff and the Nuclear IV&V staff is a significant contributor to a proper V&V process. One of the objectives of the V&V process is to verify the assumptions incorporated into the design solution. The V&V process must ensure that the basis for an assumption is correct and that the system requirements are met within the constraints of the assumptions.
5.1.1. Management of V&V The V&V effort shall perform, the following V&V tasks for Management of V&V as appropriate for the SIL 4 PPS Replacement Project:
" Software Verification and Validation Plan (SVVP) Generation
- Baseline Change Assessment
" Management Review of V&V
" Management and Technical Review Support
" Interface With Organizational and Supporting Processes 5.2. Life Cycle Verification Activities The V&V effort shall comply with the task descriptions, inputs, and outputs as described in Table 1 of IEEE Standard 1012-1998. The PPS Replacement Project uses the life cycle process defined in the NSIPM as implemented by the PPM. The minimum V&V tasks that are implemented during the project life cycle are as follows:
Planning
- Requirements Design Implementation
" Test This PPS Replacement Project will deliver a configured system that meets the requirements of the design defined by the customer. This will include translating the design requirements into the system, and will rely heavily on engineering documents to facilitate this translation.
Tricon system hardware and software were verified as part of the initial qualification program for Tricon hardware and software as identified in the Nuclear Qualified Equipment List (NQEL)
[Ref 2.4.5]. The TS 1131 programming tool is included in the set of software approved by the NRC. In accordance with PPM 7.0, Application Program Development, the TSAP software and
in v'e. n s".
in Ve. ns'.is" Operations Management Triconex Document: I993754-1-802 I
Title:
I Software Verification And Validation Plan Revision:
3 Page:
29 of51 1
Date:
1 12/18/2012 system hardware life cycle activities or phases applicable to the verification and validation of the PPS Replacement Project are described above.
5.2.1. Planning Phase The planning of V&V is applicable to all software life cycles. Software development is an iterative process. The V&V effort will usually identify the need to make certain software or document changes requiring subsequent new tasks to implement these changes. V&V tasks are re-performed if errors are discovered in the V&V inputs or outputs.
The Project will utilize the design review methodology to perform the design verification process as defined in PPM 2.0.
Should baseline documents require modification, the changes shall be controlled in accordance with PPM 2.0 and PPM 3.0 as appropriate. The design review will use both an in-process project peer review and an independent review by an independent review engineer.
i n V'e. n s'.* s" Operations Management i n V e. n s'.
s" Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
30 of 51 1
Date:
1 12/18/2012 wP 5.2.2. Requirements Phase The system requirements form the basis for all system design and verification activities, and are used throughout the rest of the system life cycle. They serve as the basis for the verification of design specifications, which are the basis of design implementation. The system requirements are the bases against which all validation activities are performed. The intent of verifying the system requirements is to ensure that the requirements are complete, correct, consistent, clear, traceable, and testable.
IEI
i n V e. n s' Operations Management inv'e.
ns'.i s"
Triconex Document:
199375-1-802 1
Title:
°*'°**'*'°'
IItaeVriiainAdVaiainPa Revision:
3 Page:
31 of 51 1
Date:
1 12/18/2012
i n V'e. n s'.w s" Operations Management in V e. n.s'.
Triconex I1 Dcumnt:1993754-1-802 1 Til: I Sfwr eiiato1n aiainPa Revision:
3 Page:
32 of 51 1
Date:
1 12/18/2012 5.2.3. Design Phase The purpose of design verification is to ensure that the design documents are adequately and accurately translated from the design inputs prior to design implementation. The design specification documents define and provide the details of the system design structure, information flow, processing steps, and other aspects required to be implemented in order to satisfy the system design requirements. The intent of design verification is to ensure that the design documents are clear and understandable, accurate, correct, consistent, complete, implementable, testable, and traceable to the design requirements. The V&V tasks are conducted on an ongoing basis. Test planning and verifying the conformance of the design are major objectives of these V&V activities.
EPL
in v'e. n s'.* s" Operations Management i n v'e.n s'*
s" Triconex I
Document: I993754-1-802
Title:
Software Verification And Validation Plan Revision:
3 Page:
33 of51 Date:
1 12/18/2012
inve n
.i n
V'e.
n s".ve n
s'.
Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification Anld Validation Plan Revision:
3 Page:
34 of 51 Date:
12/18/2012 5.2.4. Implementation Phase The purpose of implementation verification is to ensure the implementation documents are clear, understandable, logically correct, and adequately and correctly translate the design specifications.
The objectives of the implementation documents are to facilitate the effective production, testing, use, transfer, and conversion to a different environment with consideration of future modifications and traceability to design specifications. In general, the verification activities should answer the following questions:
- 1) Does the implementation satisfy design specifications?
- 2) Does implementation follow established design standards?
- 3) Does implementation follow established documentation standards?
- 4) Does the implementation serve production, test, use, transfer, and other needs of the customer?
5.2.4.1 Implementation Phase required inputs
in v'e. n s'.j s"
Operations Management inv'e.n,
- s.
s' Triconex I
Document: 1993754-1-802
Title:
I Software Verification And Validation Plan Revision:
3 Page:
35 of 51 1
Date:
1 12/18/2012 EL-5.2.5. Test Phase The above verification process should provide a reasonable degree of assurance that the design requirements were adequately and accurately translated through the Requirements, Design, and Implementation Phases.
The system validation process determines whether the system meets its functional requirements (functional operations, system level performance, external interfaces, internal interfiaces, testability, and other requirements stated during the requirements phase). System validation evaluates the system performance against simulated inputs at the factory test facility. The integrated system with the actual V10 Tricon Protection Set hardware and software is required. L:_
in v'e. n s'.>
s" Operations Management in V e. n s
".y 5
Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
36 of 51 1
Date:
1 12/18/2012 IEI
in v'e. n s'.u s" Operations Management i n V e. n s'.
s" Triconex I
Documet:1993541-021 ite I Sofwar I ° VerfiaionAnd Validatio Pla Revision:
3 Page:
37 of 51 1
Date:
1 12/18/2012 w--
5.3. Post Test/Pre-Ship Checkout Upon completion of the Test Phase activities, a system integration document package shall be assembled in accordance with PPM 8.0, System Integration Implementation. The package shall include all as-built drawings, completed test procedures, and customer-specified documents.
I
in V'e. n s'.* s" Operations Management i n V e. n s*'.
s" Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
38 of 51 D*ate:
1 12/18/2012
i n V'e. n s'.* s" Operations Management in V e. n s'.
s' Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
39 of 51 1
Date:
1 12/18/2012
- 6. V&V Reporting V&V reporting shall occur throughout the entire life cycle and include the following reporting mechanisms.
6.1. V&V Activity Summary Report Summary reports are required for the following phases:
" Requirements Phase
" Design Phase
" Implementation Phase
- Test Phase w
6.2. Test Reports A Software Verification Test Report will be developed per PPM 7.01, to summarize the results of the verification test execution.
I A Validation Test Report is required to be developed per PPM 6.0 to summarize the results of the tests performed. This Test Report may be either included the Test Phase summary reports or incorporated them as attachments.
6.3. Anomaly Reports The guidelines for the SIDR and its associated form are defined in PPM 10.0, Nonconformance and Corrective Action, Nonconformance and Corrective Action. Additional guidelines for SIDR generation can be found in PPM 6.0 and PPM 7.0.
6.4. V&V Final Report EI,
in v'e. n s'.* s" Operations Management inv'e.n s-.* s" Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
40 of 51 1
Date:
1 12/18/2012 I P I
i n V'e. ns-.ýj s" Operations Management ifnVe.nl' s"
Triconex I
Document: 1993754-1-802
Title:
Software Verification And Validation Plan Revision:
3 Page:
41 of Sl 1
Date:
1 12/18/2012
- 7. V&V Administrative Requirements 7.4. Control Procedures The control procedures and plans applied to the V&V effort are:
- 1) Project Procedures Manual.
- 2) Project Management Plan.
- 3) Software Quality Assurance Plan.
- 4) Software Configuration Management Plan.
- 5) Software Verification and Validation Plan.
The above documents describe the quality assurance, configuration management, data management, security, and protection of V&V results from unauthorized alterations.
7.5. Software Standards, Practices, and Conventions Replacement of the Diablo Canyon Power Plant Process Protection System requires NRC approval prior to installation of the VIO Tricon Protection Sets. PG&E intends to submit the License Amendment Request package in the middle of July 2011. There are a number of w
i n V e. n s.
s" i
e n Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
42 of 51 1
Date:
1 12/18/2012 regulatory requirements that must be satisfied, such as 10 CFR 50.55a (h), which incorporates IEEE Standard 603-1991 by reference. There are also a number of regulatory guidance documents that will be followed by Invensys Operations Management during the Vl0 Tricon Process Protection System development. The regulatory guidance documents endorse consensus standards from the Institute of Electronics and Electrical Engineers (IEEE). The standards to which Invensys Operations Management conforms are also listed below.
The software standards, practices, and conventions that govern the performance of V&V tasks are defined in the Project Procedures Manual. Verification and validation activities shall be performed in accordance with Project Procedure Manual PPM 2.0, PPM 6.0, and PPM 7.0.
NRC Staff Review Guidance:
NUREG-0800, Standard Review Plan, Chapter 7.
" Branch Technical Position 7-14, Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems.
Regulatory Guides:
1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.
1.168, Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
a 1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
1.170, Software Test Documentation for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
0 1.171, Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
1.172, Software Requirements Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
1.173, Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
0 1.180, Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-related Instrumentation and Control Systems.
IEEE standards:
- 603, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations.
0 7-4.3.2, IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations.
828, IEEE Standard for Configuration Management Plans.
0 829, IEEE Standard for Software Test Documentation.
0 830, IEEE Recommended Practice for Software Requirements Specifications.
1012, IEEE Standard for Software Verification and Validation.
1028, IEEE Standard for Software Reviews and Audits.
1059, IEEE Guide for Software Verification and Validation Plans.
i n VVe.
n s'.y*
Operations Management Triconex I Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
43 of 51 1
Date:
1 12/18/2012 1074, IEEE Standard for Developing Software Life Cycle Processes.
1228, IEEE Standard for Software Safety Plans.
Other standards:
- ANSI/ASME NQA-l-1983, Quality Assurance Program Requirements for Nuclear Facilities.
- ANSI/ASME NQA-la-1983 (Addenda), Addenda to ANSI/ASME NQA-I-1983, Quality Assurance Program Requirements for Nuclear Facilities.
" ANSI/ASME NQA-1-1994, the basis for the PPM.
in v'e. ns.
s" Operations Management in V e. n s".L s' Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
44 of 51 1
Date:
1 12/18/2012
- 8. Appendices Appendix A - Typical Verification and Validation Flow Chart Appendix B - Task Report Log Appendix C - Task Report Form Appendix D - Compliance Matrix: SVVP Compliance to IEEE Standard 1012-1998.
in v'e. n s'.y* s" Operations Management inv'e.
ns'.b s" Triconex Document:
993754-1-802
Title:
Software Verification And Validation Plan I Revision:
I 3
I Page:
I 45 ofl 51 Date:
1 12/18/2012 flI II Figure A. Typical V&V Flow Chart
in v'e. n s'.y s" Operations Management in v e. n s'.y s" Triconex I
Document: 1993754-1-802 1
Te:
I Software Verification And Validation Plan I Revision:
1 3
1 Page:
1 46 of 51l Date:
I
-12/18/2012 Appendix B - Task Report Log
i n v'e. n s'.! s" TM Operations Management in v'e ne.s
.- s*
Triconex Document: 993754-1-859
in v'e. n s'.i s"
Operations Management i n V e. n s'.* s" Triconex I
Document: 1993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
48 of 5l 1
Date:
12/18/2012 Appendix C - Task Report Form
i n v'e. n s'.>
s" TM Operations Management i n V e.
s "l
S s*
Triconex Document: 993754-1-859
i n v e. n s".ýj S" O
MTM Operations Management in V e. n s'.
s" Triconex Li Document: 993754-1-859
E i
E1
- .I--I
.J
_i inNve.n s'.
in ve.
n s.ý=
s-m.
Operations Management TriconE Document: 1 993754-1-802 1
Title:
I Software Verification And Validation Plan Revision:
3 Page:
51 of 5l I
Date:
1 12/18/2012 Appendix D - Compliance Matrix: SVVP Compliance to IEEE Standard 1012-1998 y: 5*