Request for Additional Information, Round 2 - Amendment Request to Replace Digital Process Protection System for Reactor Protection System and Engineered Safety Features Actuation System Functions

ML13101A072
Person / Time
Site:	Diablo Canyon
Issue date:	04/12/2013
From:	Polickoski J Plant Licensing Branch IV
To:	Halpin E Pacific Gas & Electric Co
Polickoski J
References
TAC ME7522, TAC ME7523
Download: ML13101A072 (12)
v • d • e

Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 April 12, 2013 Mr. Edward D. Halpin Senior Vice President and Chief Nuclear Officer Pacific Gas and Electric Company Diablo Canyon Power Plant P.O. Box 56, Mail Code 104/6 Avila Beach, CA 93424

SUBJECT:

DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 - REQUEST FOR ADDITIONAL INFORMATION REGARDING DIGITAL REPLACEMENT OF THE PROCESS PROTECTION SYSTEM PORTION OF THE REACTOR TRIP SYSTEM AND ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (TAC NOS. ME7522 AND ME7523)

Dear Mr. Halpin:

By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, April 2, April 30, June 6, August 2, September 11, November 27, and December 5,2012, and March 25, 2013 (Agencywide Documents Access and Management System (ADAMS) Accession Nos.

ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094, ML12256A308, ML13004A468, ML12342A149, and ML13093A311 respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.

The NRC staff has reviewed the information provided by the licensee and determined that additional information is needed to complete its review. Enclosed is a request for additional information (RAI) for your consideration and response. Please note that review efforts on these tasks (TAC Nos. ME7522 and ME7523) are continuing and additional RAls will be submitted.

These RAls were discussed with the licensee during recurring public meetings reviewing submittal open items most recently held on February 20 and March 27,2013. It was agreed that a formal response will be provided 30 days from the date of this letter. The NRC staff has determined that no security-related or proprietary information is contained in the RAls.

E. Halpin -2 If you have any questions regarding this matter, I may be reached at 301-415-5430.

Sincerely, 0~-

James T. Polickoski, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosure:

As stated cc w/encl: Distribution via Listserv

REQU EST FOR ADDITIONAL INFORMATION LICENSE AMENDMENT REQUEST FOR DIGITAL REPLACEMENT OF THE PROCESS PROTECTION SYSTEM PORTION OF THE REACTOR TRIP SYSTEM AND ENGINEERED SAFETY FEATURES ACTUATION SYSTEM DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 DOCKET NOS. 50-275 AND 50-323 By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, April 2, April 30, June 6. August 2. September 11, November 27. and December 5, 2012, and March 25, 2013 (Agencywide Documents Access and Management System (ADAMS) Accession Nos.

ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094.

ML12256A308, ML13004A468, ML12342A149, and ML13093A311 respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment for the Diablo Canyon Power Plant. Unit Nos. 1 and 2 (DCPP). The proposed license amendment request would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.

The NRC staff has reviewed the information provided by the licensee and determined that the following additional information is needed to complete its review. Each request for additional information begins with a reference to an Open Item (01). The 01 number that follows corresponds to the number of the item in the open item table that the NRC staff discussed with the licensee during periodic public meetings mostly recently held on February 20 and March 27, 2013. As the previous RAlletter (dated August 7,2012; ADAMS Accession No. ML12208A364) requested additional information for 20 open items numbered sequentially, this letter will commence with RAI question number 21 to maintain clarity in the tracking of these multiple information requests:

21. (Ols 21 and 35) Software Test Plan - Westinghouse/CS Innovations (CSI) document 6116-00005, "Diablo Canyon PPS System Test Plan," states that the Advanced Logic System (ALS)-102 Field Programmable Gate Array (FPGA) design is changed for the DCPP PPS. Further, Section 5.3.3 states "Test as many of the ALS-102 requirements as possible." Please identify what document describes the design verification test for this board.

The scope of Revision 1 of document 6116-00005 is different from the scope described in Revision 0 of that same document. For example, Section 1.2 in both Revisions states that test coverage includes all ALS modules, backplane, license sense modules (LSM),

and ALS service unit (ASU). However, Section 2 is different between Revisions 0 and 1.

Revision 1 only focuses on ALS-102 and backplane assemblies and does not include the other ALS modules, LSM, and ATU as in Revision O. Please explain why these other ALS modules are not included in Section 2 of Revision 1.

Enclosure

-2

22. (0138) Software Management Plan - PG&E document "PPS Replacement Concept, Requirements, and Licensing Phase 1 Project Plan," Revision 1 (Attachment 3 of the license amendment request [LARD, Section 2, "Project Organization" does not describe the activities to be performed by the Engineering of Choice Design Change Package Team. Additionally, this document does not clarify the roles and responsibilities for this team. Please clarify and provide the applicable PG&E control document that describes PG&E roles and responsibilities specifically for the Engineering of Choice Design Change Package Team.

23. (01 39) Software Management Plan - Figure 2-1 of the PG&E document, "PPS Replacement Concept, Requirements, and licensing Phase 1 Project Plan," and Figure 3-1 of the PPS System Quality Assurance Plan (SyQAP) identify "Altran" under the PG&E Project Engineering box. However, Figure 4-1 of the PPS System Replacement Verification and Validation Plan (SyWP) identifies the "PG&E project team" under the PG&E Project Engineering box. Please provide a description of the roles and responsibilities for "Altran" and the "PG&E project team" during the PPS Replacement Project.

24. (0141) Software Verification and Validation (V&V) and Test Plan - Westinghouse/CSI document 6116-00005, "Diablo Canyon PPS System Test Plan." Revision 1, Section 8.2 identifies the software tools to be used in the PPS replacement project. However. this list is not consistent with the list of Independent Verification and Validation (IV&V) tools identified in Section 3.6 of ALS W Plan, document 6002-00003. Specifically. the test tools identified in 6002-00003 are not listed in 6116-00005 and vice versa. For example.

the W Plan (6002-00003) identifies Automated Test Equipment (ATE) tool for IV&V, but this tool is not listed in 6116-0005, Revision 1. Furthermore, the NRC staff reviewed 6116-0005, Revision 0 and found that the ATE tool was listed in this version. Please clarify what software tools will be used and what document describes them.

25. (0142) Software V&V - The PG&E "PPS System Replacement Verification and Validation Plan (SyWP)" does not describe the V&V activities to be performed during the Operation Phase and Maintenance Phase. This document states that these activities are covered by approved DCPP procedures. Please identify these procedures.

26. (0143) Software V&V - PG&E "PPS System Replacement System Verification and Validation Plan (SyWP)," Section 5.1.1, explains that during the Concept Phase, PG&E will verify system requirements in accordance with PG&E procedure CF2.ID9, "Software Quality Assurance for Software Development." However, the NRC staff's understanding is that procedure CF2.ID9 is for in-house development of software applications. Please explain how this procedure is going to be used to verify the system requirements for the DCPP PPS replacement project.

Furthermore, Section 5.1.2 of procedure CF2.ID9 states that an independent review of the functional requirements prepared during the Concept Phase would be performed.

The PG&E SyWP does not identify this review, and thus there is no specific V&V

-3 product for this phase. Please identify who will perform this review and if this review is considered a V&V product.

27. (0146) Software V&V - Several sections in the Invensys document 993754-1-802, "Software Verification and Validation Plan (SWP)" reference "applicable Project Procedure Manual (PPM)" to perform certain activities. The Reference section in this document only identifies "PPM" (see Reference 2.4.4). It is not clear if the PPM is constituted by several procedures or if it is only one procedure. For example, Section 1.1, states the SWP was prepared in accordance with PPM 7.0 (Ref. 2.4.4),

and then Section 4 states that V&V activities will be planned and scheduled in accordance with the applicable PPM. Please describe what the PPM is, and explain how this is going to be used in the PPS replacement project.

28. (0147) Software V&V - Invensys Document No. 993754-1-802, "Software Verification and Validation Plan" requires the use of V&V metrics to evaluate software development process and products. This section does not explain what methods and criteria will be used for software safety metrics. The need for and importance of this information is described in NRC Regulatory Guide (RG) 1.152, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants"; RG 1.173, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants"; Institute of Electrical and Electronics Engineers, Inc. (IEEE) Standard 1061, "Software Quality Metrics Methodology"; and IEEE Standard 1074, "Developing Software Life Cycle Processes." Please provide this information.

29. (0149) Software V&V - Invensys Document No. 993754-1-802, "Software Verification and Validation Plan," Section 6.3 states that the Invensys personnel prepared the System Deficiency Integration Report (SDIR) to document non-conformances and corrective actions during testing, and that the SDIR is prepared in accordance with PPM 10.0. Please explain what PPM this is.

Furthermore, the Invensys "Validation Test Plan," Section 5.4.2 states that the Test Review Board and PG&E shall review SDIRs, but this is not indicated in the Invensys V&V plan. Please explain why this review activity is not identified as a V&V task in the V&V Plan.

30. (0150) Software V&V - The Invensys document "Validation Test Plan," Section 8.2, states that the Narrative Test Logs are used to document conduct of testing and any anomalies that occur. Please explain if the Narrative Test Logs are used only during validation, and why this is not mentioned in the Invensys SWP. Furthermore, please explain how the Narrative Test Logs are used in conjunction with Document Review Comment Sheet (DRCS) and System Deficiency Integration Report (SDIR).

31. (01 51.1.a) Software Configuration Management - In 01 4, the NRC staff requested the description of the software configuration management activities for configurable boards (e.g., ALS FPGA-102 board). Since the ALS FPGA-102 board is customer-specific to the PG&E design, its configuration management activities are not covered by the "ALS

-4 Configuration Management Plan." Even though item 4 is closed, this request was not addressed in the response to item 4. Please complete the response to 01 4.

32. (01 51.1.b) Software Configuration Management - The PG&E Software Configuration Management Plan (SCMP) SCM 36-01, item 1.2.8, states that ALS board has two sets of Non-Volatile Random Access Memory (NVRAM). Furthermore, this item explains that the configuration of the NVRAM can be changed only by removing the subject board from the ALS chassis and inserting it into a special test fixture. It is not clear who controls the NVRAM configuration process. Please explain.

33. (01 51.1.c) Software Configuration Management - Section 1.2 of the Invensys Document No. 993754-1-909, "Software Configuration Management Plan," states that this plan controls the operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purposes. However, the description provided throughout the plan only focuses on the configuration activities for the Test Software Application Program (TSAP) and not for the TriStation 1131 (e.g., Section 2.3 states that the software configuration management (SCM) procedures are for the TSAP).

Furthermore and later in this same section identifies the software configuration to be managed, and this list does not include the operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purpose. Please clarify the scope of this plan and how the configuration of TriStation 1131 and the signal simulation software is managed.

34. (01 51.3.b) Software Configuration Management - Section 3.2.4.7 of the SCM 36-01 states that PG&E uses an SAP order to track changes, but the same Section 3.2.4.7 also states that both the Change Package and an SAP order are entered in the Record Management System to track changes. Additionally, Section 3.3 describes a Configuration Status Account, which is used to track changes of configuration items.

Please clarify and describe what PG&E uses to track changes.

35. (0155) Final Safety Analysis Report (FSAR) - PG&E Letter DCL-12-050 dated June 6, 2012, "Submittal of Phase 2 Documents for the License Amendment Request for Digital Process Protection System Replacement," Attachment 2, "Final Safety Analysis Report Changes for Process Protection System Replacement," FSAR Section 7.1.2.5, "Conformance with Other Applicable Documents" (page 7.1-13) does not indicate that the NRC Safety Evaluation, that is, the NRC staff's basis for the potential approval of the PPS LAR, will be incorporated into this documentation. The staff's Safety Evaluation Report (SER) should become part of the DCPP licensing basis once it is issued. Please explain how the SER for the PPS LAR will be documented within the FSAR.

36. (0156) Final Safety Analysis Report - PG&E Letter DCL-12-050 dated June 6,2012, "Submittal of Phase 2 Documents for the License Amendment Request for Digital Process Protection System Replacement," Attachment 2, "Final Safety Analysis Report Changes for Process Protection System Replacement," FSAR Section 7.2.1.2, "Design Basis Information" (page 7.2-23) states that the evaluation for common mode failure in the PPS is presented in the DCPP PPS Diversity and Defense-in-Depth (D3) Licensee Topical Report (LTR) and approved in the NRC staff's SER for the DCPP PPS D3 LTR.

-5 It is noted, however, that this NRC staff 03 SER states that the 03 design features were approved based on confirmation that the proposed built-in diversity of the ALS sub system is found to be acceptable. This confirmation will be performed as part of the forthcoming DCPP PPS SER. Please confirm that a reference to the SER for the DCPP PPS will be included in the FSAR.

37. (0157) Final Safety Analysis Report - PG&E Letter DCL-12-050 dated June 6,2012, "Submittal of Phase 2 Documents for the License Amendment Request for Digital Process Protection System Replacement," Attachment 2, "Final Safety Analysis Report Changes for Process Protection System Replacement," FSAR Section 7.2.2.2.9.2, "IEEE 603-1991 Clause 5, System," Clause 5.12, "Auxiliary Features" (page 12) states that" ... the communication path between the maintenance workstation and the ALS subsystem is normally disabled with a hardwired switch ... " Also, Attachment 3, "PG&E PPS Interface Requirements Specification (IRS)," Revision 6 to PG&E Letter DCL-12-069 dated August 2, 2012, states in Section 1.5.6 ..... TAB communications between the ALS and Maintenance Work Station (MWS) takes place via RS-485 data link. The TAB is physically disconnected from the MWS when the TAB is not in use ...

the TAB is open at all times unless maintenance is being performed on the ALS ... "

Please identify administrative controls and design features associated with the PPS that are used to control how the MWS is disconnected/disabled from the PPS.

38. (0158) CSI Failure Modes and Effects Analysis (FMEA) - There are several failure modes identified in Table 4-4 of the CS Innovations Document 6116-00029, "Diablo Canyon PPS ALS Reliability Analysis and FMEA" where the System Effects entry provides a description of functions that are not affected by the failure mode identified, instead of stating what the effects of the failure mode are. For example, the System Effects in the Energize to Trip (ETT) failure in line 5b of table 4-4 are that the Alarm Function remains operational. Though this may be the case, it does not state what the effects of the failure mode are. Other examples of this can be found in lines 5b, 6a, 6b, 7a, 9h, 9i, 1'1 b, 11c, and 11d. Please provide appropriate and complete information for System Effects in Table 4-4.

39. (0160) Technical Specifications - In order for the NRC staff to make a determination that the existing technical specifications and surveillance intervals remain acceptable for the replacement PPS system, an evaluation to compare the ALSlTricon PPS system reliability and performance characteristics with those of the Eagle 21 system must be performed by PG&E.

Please provide an evaluation summary report to support the application of existing technical specification and surveillance test intervals to the upgraded ALSlTricon based PPS. This summary report is expected to include a quantitative analysis to demonstrate the new system's ability to perform its required safety functions between established surveillance test intervals. This report should also include a qualitative (i.e.,

deterministic) analysis which describes the self-diagnosis and fault detection features of the replacement PPS. In addition, this summary report should address the NRC staff's previous findings in Section 4.3, "Applicability of WCAPs ['Westinghouse Commercial

-6 Atomic Power' reports] to DCPP," of Amendment No. 179, dated January 31, 2005 (ADAMS Accession No. ML050330315).

40. (01 64) Software Management Plan - To close Items 27 and 29, PG&E issued the DCPP PPS Project Quality Assurance Plan to define the oversight activities to be performed during the PPS replacement project. Section 2 of this plan describes the responsibilities of those involved in oversight activities. However, it is not clear how these roles and responsibilities correlate to the project organization described in PG&E PPS Replacement Plan (Attachment 3 of the LAR) and PG&E PPS Replacement System Quality Assurance Plan (Attachment 4 of the LAR). For example, the Project Quality Assurance Plan describes the responsibilities of the "PPS replacement" Project Manager, but this role is not described in other documents. Furthermore, the responsibility described seems to align with the responsibility of the "PG&E" Project Manager. Please explain the relationship, if any, of the roles and responsibilities described in the DCPP PPS Project Quality Assurance Plan and those provided in other PG&E plans.

41. (01 66) - Section 4.2.13.1 of the LAR (page 85) states, " ... The NetOptics port aggregator tap device (Port Tap) was approved previously by NRC for a similar application in the Oconee Reactor Protection System (RPS)/(Engineered Safeguards Protection System (ESPS) SER Section 3.1.1.4.3. The NRC staff determined that due to the electrical isolation provided by use of fiber optic cables and the data isolation provided by the Port Tap and the Maintenance and Service Interface (MSI) in the Oconee RPS, there was reasonable assurance that a fault or failure within the Oconee Gateway computer or the Operator Aid Computer will not adversely affect the ability of the Oconee safety protection system to accomplish its safety functions."

The Tricon V10 topical report safety evaluation also approved the NetOptics Port aggregator Tap, Model 96443, No. PA-CU, or PAD-CU, as an acceptable data isolation device.

Please verify that the model number of the Port Tap that PG&E will use in the DCPP PPS is the same as Model 96443 and provide an explanation of its equivalency to the Port Tap approved for the Oconee RPS/ESPS LAR.

42. (01 67) - Section 4.2.13.1 of the DCPP PPS LAR (page 85) states that the "Port aggregator dual in-line package (DIP) switch positions will be controlled by DCPP configuration management processes."

Please provide a documented basis (e.g., a plant procedure, or engineering design package) that demonstrates how DIP switch positions will be controlled.

43. (01 72) KVM Switch Question 3 - The KVM (keyboard, video, mouse) switch brochure indicates that there are other features and ports that may not be used for the DCPP PPS safety system. Please enumerate which features will not be used for the DCPP PPS application and explain how these unused features, such as the audio interface, unused USB (universal serial bus) ports, and remote control/channel switching by external

-7 control, will be disabled and how configuration control will be maintained for these disabled features.

44. (0173) KVM Switch Question 4 - This question is related to RAI # 46 and may be answered in conjunction with that RAI response if desired. Please explain how a KVM switch failure that permits data flows between the two platforms (Tricon V1 0 and ALS),

would not corrupt the safety function of the Tricon V1 0 and ALS systems. If the safety function for one or both platforms is affected by the KVM switch failure, then explain how the PPS will still perform its safety functions in light of these failures. If the KVM switch failure will not cause the platforms to fail then provide a detailed explanation of how the engineering design principals of the Tricon/ALS platforms physically prevent bad/erroneous data from corrupting the platforms. More directly, explain how these erroneous messages emanating from the MWS (regardless of origin) will be disregarded/rejected by the Tricon/ALS platforms.

45. (01 76) Tricon V10 platform changes/software revisions - The documents listed below are necessary for the NRC staff to complete its assessment of the Tricon V1 0 platform changes and software Revisions that have occurred since the platform was approved generically, and will be applied to the DCPP PPS:

a. Product Discrepancy Report (PDR) IRTX#21105

b. Technical Advisory Bulletin (TAB) 183

c. Engineering Project Plan (EPP) V1 0.5.2, 9100346-001, Rev. 1.4

d. Tricon V1 0.5.2 V&V Test Report, Revision 1.1, January 14, 2011

e. Software Release Definition (SRD) V10.5.2, 6200003-226, Revision 1.0

f. PDR IRTX#22481

g. Product Alert Notice (PAN) 25

h. Document "ARR 932 NSC Evaluation .pdf'

i. Tricon PAN 25 Fix Engineering Project Plan (EPP) 9100428-001, Revision 1.2

j. Tricon PAN 25 Master Test Report, Rev.1.0

k. Software Release Definition (SRD) V1 0.5.3, 6200003-230, Revision 1.0 I. Product Alert Notice (PAN) 22

m. Product Alert Notice (PAN) 24

n. Technical Advisory Notice (TAB) 147

o. Engineering Project Plan (EPP) TriStation V4.9 & Safety Suite Apps, 9100359 001, Revision 1.3

p. TriStation V4.9.0 Test Report, Rev. 0.4

q. Software Release Definition (SRD) 6200097-038, Revision 1.2

46. (01 68) Data communication with NSR (nonsafety-related) Gateway - Figure 4-13 (page 87) of the LAR indicates that data communications are provided directly between the SR (safety-related) ALS "A" & ALS "B" Protection Sets I, II, III, and IV, and the NSR Gateway Computers via RS-422 copper media (i.e., not through the Port Tap). Section 4.8.2.b) (page 110 of the LAR) states that "".AII other communication to non-safety equipment, i.e., Plant Computer, is via continuous one-way communication channels on the ALS-1 02." Please describe how Class 1E/non-Class 1E data communication and electrical isolation is implemented within the ALS portion of the PPS for this

- 8 configuration. Also, please explain how the Gateway computer and the Gateway Switch communication protocols will not corrupt the data signals coming from the ALS Protection Sets 1-4 and not impact the execution of the ALS safety function. Please provide a detailed response to this question in either the revised LAR or supporting documents.

In addition, please explain how the ALS "An & "B" inputs to the NSR Gateway computers are isolated from each other, and explain the data communication protocols associated with processing this data within the Gateway Computers. Furthermore, please provide a detailed functional description of the DCPP PPS NSR Gateway Computer{s) system, including computers/processors, communications protocols, and data isolation details.

Provide an explanation of the Gateway Switch discussed within the LAR (Fig. 4-13),

including its operating principal (hardware, logic based, etc.), data/electrical isolation design features, and any other pertinent information pertaining to its failure mechanisms.

47. (0169) Application programs within the MWS computers - Please provide an explanation of the application programs contained within the Tricon and ALS MWS computers.

Include how these programs will be used to support or enhance the performance of the PPS safety function as discussed in Staff Position 1, Point 3 of ISG (Interim Staff Guidance )-04.

48. (0170) KVM Switch Question 1 - The KVM Switch brochure indicates on page 3 that the Enumeration Switching Process will not enable control switching using the USB keyboard or mouse. However, it further states that Emulation USB switching was developed to support these enhanced monitor switching functions/devices (keyboard hotkeys or mouse buttons).

Please explain if the Enumerated USB switching function will be used in the PPS design and, if so, if the keyboard hotkeys and mouse buttons will be used to perform switching between the Tricon MWS and the ALS MWS. Please clarify how the KVM switching function will be accomplished and controlled during PPS system operation and maintenance.

49. (0171) KVM Switch Question 2 (Open Item 71) - Please explain if the KVM switch will be continuously on-line while the MWSs are monitoring data from either the Tricon or the ALS platform. If so, please provide a failure modes and affects analysis to address potential failures of the KVM switch. Also, provide an explanation of how failures of the KVM switch are prevented from being propagated into the MWS computers, and hence into the Tricon or ALS safety system processors.

This analysis should delineate how communications through the KVM switch conform to ISG-04, Points 10 and 11. Provide design documentation to support this analysis, such as ALS-102 Design Specification document 6002-10202.

50. (0174) KVM Switch Question 5 - Please explain in detail how connection between the MWS computers via the KVM switch will be prevented. Please explain if this will be

- 9 handled via a configuration control process, administrative controls, or a physical means of preventing connection between computers.

51. (01 51.3a) Software Configuration Management - Changes and Problems Identification PG&E document SCM 36-01 states that software, hardware, and configuration problems are reported in accordance with PG&E OM7.ID1 and that software and/or configuration problems are reported via a "PROG PDCM" Notification. The NRC staff requires an understanding of when and how these processes are used. For example, for software problems, please clarify if the problem is reported using both PG&E OM7.ID1 and PROG PDCM notification processes. Note that PG&E CF2.ID2 states that all problems associated with plant computer system should be reported and document per OM7.ID1 (See Section 5.11 and 5.16.10 (b) of CF2.ID2).

Furthermore, Section 3.2.1 of SCM 36-01 states that all PPS modifications should be initiated and tracked per plant procedures or CF4.ID1. Section 3.2.2 states that the implementation of the change is documented in the associated Change Package and an SAP notification and order. Section 3.2.10 states that all identified problems and corrective actions are documented using a "notification," which is not specified.

It is therefore unclear whether software modifications require reporting and tracking using OM7.ID1, CF4.ID1, "PROG PDCM" Notification, Change Package, and/or SAP Order. Please explain PG&E procedures for different changes and the documenting and tracking system used for all types of modification.

52. (01 51.4a) Software Configuration Management - Document Repository Section 2.3.3 of PG&E document SCM 36-01 identifies the Digital Systems Engineering SourceSafe as the repository to maintain the PPS configuration, system, firmware, and application source code, but Section 3.2.5.5 identifies http://dcpp142/idmws/home/asp.

Section 3.29 then states that the files necessary for recovery of the baseline are maintained in the PPS database in SC-I-36M, Eagle 21 Tunable Constants. It is not clear if these three sections are referring to the same document repository. Please clarify.

53. (01 51.4b) Software Configuration Management - Document Repository Access Restrictions PG&E has implemented restrictions to access files and documents associated with PPS replacement project. Furthermore, PG&E requires user authentication and access to edit configuration, software, and data. It is not clear if these restrictions apply for access to the Digital Systems Engineering SourceSafe or the repository in http://dcpp142/idmws/home/asp. Please clarify and explain the applicability of access restrictions.

E. Halpin If you have any questions regarding this matter, I may be reached at 301-415-5430.

Sincerely, IRN James T. Polickoski, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosure:

As stated cc w/encl: Distribution via Listserv DISTRI BUTION:

PUBLIC LPL4 RtF RidsAcrsAcnw_MailCTR Resource RidsNrrDeEicb Resource RidsNrrDorlLpl4 Resource RidsNrrLAJBurkhardt Resource RidsNrrPMDiabloCanyon Resource RidsRgn4MailCenter Resource RStattel, NRRIDE/EICB RAlvarado, NRR/DE/EICB SMakor, RIV/DRS/EB2 ADAMS Accession No. ML13101A072 *via email **via memo dated OFFICE ULPL4/PM NRRfDORULPL4/LA NRRfDElEICB/BC NRRfDORLlLPL4/BC NRRfDORULPL4/PM iNAME JBurkhardt* JThorp** MMarkley JPolickoski DATE 4/11/13 3/18/13 4/12/13 4/12/13 OFFICIAL RECORD COpy