ML15113A719
| ML15113A719 | |
| Person / Time | |
|---|---|
| Site: | Oconee  |
| Issue date: | 07/13/1999 |
| From: | NRC (Affiliation Not Assigned) |
| To: | |
| Shared Package | |
| ML15113A717 | List: |
| References | |
| GL-98-01, GL-98-1, NUDOCS 9907150235 | |
| Download: ML15113A719 (8) | |
Text
S U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION AUDIT REPORT ON IMPLEMENTATION OF GENERIC LETTER 98-01 "YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" Docket Nos:
50-269, 50-270, and 50-287 License Nos:
DRP-38, DRP-47, and DRP-55 Licensee:
Duke Power Corporation Facility:
Oconee Nuclear Station, Units 1, 2, and 3 Location:
Seneca, South Carolina Dates:
June 8-9, 1999 Audit Team Members: Matthew Chiramal, NRR Duc T. Nguyen, NRR Barry S. Marcus, NRR Danny E. Billings, Resident Inspector Approved by:
Josd A. Calvo, Chief Electrical and Instrumentation and Controls Branch Division of Engineering Office of Nuclear Reactor Regulation EXECUTIVE
SUMMARY
On June 8 and 9, 1999, the staff of the U. S. Nuclear Regulatory Commission (NRC) conducted an audit of the Year 2000 (Y2K) Readiness Contingency Planning Program at the Duke Power Corporation's (licensee) Oconee Nuclear Station (ONS), Units 1, 2, and 3. The audit addressed the contingency planning activities for six classes of plant systems, internal facility risks, external risks, and activities that integrated these contingency plans into a single overall plan. The basis for this audit was provided in two nuclear industry guidelines, Nuclear Energy Institute/Nuclear Utilities Software Management Group (NEI/NUSMG) 97-07, "Nuclear Utility Year 2000 Readiness," and NEI/NUSMG 98-07, "Nuclear Utility Year 2000 Readiness Contingency Planning." The audit guidelines were provided in a checklist format, "Y2K Review Checklist for Contingency Planning," which was based on the two NEI/NUSMG reports. Additionally, the audit addressed emergency power availability and equipment issues. The audit team reviewed selected licensee documentation regarding the ONS Y2K readiness program and conducted interviews with the cognizant licensee personnel. The results of this audit and subsequent audits at other selected plants will be used by the staff to determine the need for additional action, if any, on Y2K readiness for nuclear power plants.
9907150235 990713 PDR ADOCK 05000269 P
PDR Enclosure
-2 On the basis of its assessment and evaluation of the ONS Y2K Readiness Contingency Planning Program, the audit team makes the following observations:
- 1.
The licensee has a Y2K integrated contingency plan, "Oconee Nuclear Station Y2K Event Plan" which establishes the scope and control of the Y2K contingency planning at ONS. The Y2K contingency planning is comprehensive and incorporates the major elements of the nuclear power industry's Y2K guidance contained in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
- 2.
The ONS Y2K contingency planning program is receiving appropriate management support and oversight.
- 3.
The ONS supplemental Y2K contingency plans based on the event plan were completed on June 3, 1999.
1.0 INTRODUCTION
On June 8 and 9, 1999, the NRC staff conducted an audit of the ONS Y2K contingency planning activities. The basis for this audit was provided in two nuclear industry.guidelines, NEI/NUSMG 97-07, "Nuclear Utility Year 2000 Readiness," and NEI/NUSMG 98-07, "Nuclear Utility Year 2000 Readiness Contingency Planning." The audit guidelines were provided in a checklist format, "Y2K Review Checklist for Contingency Planning," which was based on the two NEI/NUSMG documents. This audit addressed the contingency planning activities conducted by the licensee in accordance with their Y2K integrated contingency plan, "Oconee Nuclear Station Y2K Event Plan." The event plan addresses contingency planning activities for ONS components and applications that were identified as part of the ONS Y2K readiness project.
Also included are activities for the interfaces external to ONS, including suppliers and supporting organizations and agencies that are critical to the continued operation of ONS. The event plan specifically provides perspective of risks to the facility (internal and external) and resources and staff required to implement identified mitigation strategies. The event plan integrates operational, internal, and external mitigation activities, which are supplemental to the existing approved ONS contingency and emergency procedures and will be in effect for a specified time during the Y2K critical event period. The audit addressed several additional questions dealing with offsite electric grid and onsite emergency power system availability and equipment issues.
The event plan and the 34 ONS supplemental Y2K contingency plans were completed on June 3, 1999. The audit team reviewed the event plan, all of the supplemental contingency plans, and two contingency plan decision packages. The audit team performed detailed audits on the event plan, 17 contingency plans, the 2 contingency plan decision packages, contingency planning management, internal facility risks, and external facility risks.
The audit process began with an entrance meeting attended by the licensee's Y2K project manager, ONS management, other ONS personnel, the NRC resident inspector, and the members of the audit team. The audit activity concluded with an exit meeting in which the audit team summarized the results of the audit. Attachment 1 lists the entrance meeting attendees and the exit meeting attendees.
-3 2.0 ONS SUPPLEMENTAL CONTINGENCY PLANNING The ONS contingency planning activities followed a four-phase process: identification, impact analysis, plan development, and plan verification.
The identification phase included the consideration of existing contingency and emergency plans, operating procedures and the determination of risks due to dependencies on other cross functional departments within the corporate organization, such as telecommunication and information management, and due to circumstances, conditions, or events that are not under the direct control of the organization, such as transmission and distribution events and supply chain risks.
The impact analysis and management activities included review of information gathered in the earlier phase, determination of consequence/likelihood and integrated priority of each identified risk, the performance of impact analysis and identification of areas needing Y2K supplemental contingency plans, consideration of possible Y2K event scenarios, performance of critical supplier risk and mitigation strategies, and identification of scope of contingency plans required.
The licensee considered, as a minimum, risks that have priorities A (high consequence/high likelihood), B (high consequence/low likelihood), and C (moderate consequence/high likelihood) for impact analysis and contingency plans.
In the development phase, individual supplemental Y2K contingency plans were developed and training and validation activity schedules were established.
The verification of plans provided confidence in the mitigation strategy and included management and independent assessments and reviews, which documented the approach to testing, training of personnel, and the performance of validation exercises and drills.
2.1 ONS Y2K Contingency Planning Audit The audit team identified and reviewed contingency plans and contingency plan decision packages addressing specific software applications and embedded components (SAEC) in six classes of plant systems: reactor protection system (RPS) and engineered safety features (ESF), feedwater systems (FWS) and balance of plant (BOP) systems, radiation monitoring systems (RMS), emergency notification systems (ENS), plant process computer (PPC), and plant security systems (PSS). The results of these audits are discussed in the following sections:
2.1.1 RPS/ESF SAEC Contingency Plan Decision Packages The audit team identified and audited the RPS Analog - Cal Test Computer and Star Modules contingency plan decision package. This system was determined to not have a date function; therefore, a contingency plan was not necessary for this system. The audit team found the contingency plan decision package to be consistent with the guidance in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
-4 2.1.2 FWS/BOP SAEC Contingency Plans and Contingency Plan Decision Packages The audit team identified and audited one contingency plan decision package and eight contingency plan packages in this class of plant systems: FWS Feedwater Pump Controls (Contingency Plan Decision Package only), BOP Work Control Work Control Work Management System (Contingency Plan CP0080), BOP Work Control Schedules (Contingency Plan CP0081), BOP Work Control Equipment Database (Contingency Plan CP0082), BOP Work Control NuReport (Contingency Plan 0083), BOP Work Control Procedures (Contingency Plan CP0084), BOP Transient Monitor System (Contingency Plan CP001 1), BOP Fire Detection System (Contingency Plan CP0016), and BOP Micro Key Fire Detection System (Contingency Plan CP0057). The Feedwater Pump Controls System was determined to not have a date function; therefore, a contingency plan was not necessary for this system. The audit team found the contingency plan decision package and the above contingency plans to be consistent with the guidance in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
2.1.3 RMS SAEC Contingency Plans The audit team identified and audited five contingency plan packages in this class of plant systems: Radiation Monitoring System (Contingency Plan CP0018), Electronic Dosimeter Capture System (Contingency Plan CP0063), RMC Mainframe (Contingency Plan CP0066), Dosimeter Calibrator for Windows (Contingency Plan CP0069), and Contamination Monitor (Contingency Plan CP0040). The audit team found these contingency plans to be consistent with the guidance in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
2.1.4 ENS SAEC Contingency Plans The audit team identified and audited the Siren Controller contingency plan package (Contingency Plan CP0009). The audit team found this contingency plan to be consistent with the guidance in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
2.1.5 PPC SAEC Contingency Plans The audit team identified and audited the Operator Aid Computer contingency plan package (Contingency Plan CP0059). The audit team found this contingency plan to be consistent with the guidance in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
2.1.6 PSS SAEC Contingency Plans The audit team identified and audited two contingency plan packages in this class of plant systems: Plant Security System (Contingency Plan CP0129) and Video Badging Network (Contingency Plan CP0128). The audit team found these contingency plans to be consistent with the guidance in NEI/NUSMG 97-07 and NEI/NUSMG 98-07.
-5 2.1.7 Contingency Planning Management in the area of Contingency Planning Management, the audit team determined that licensee Y2K activities were consistent with NEI/NUSMG 98-07.
2.1.8 Internal Facility Risk Contingency Plans In the areas of Contingency Planning for Internal Facility Risks, Event Analysis for Internal Facility Risks, Risk Management for Internal Facility Risks, and Verification for Internal Facility Risks, the audit team determined that licensee Y2K activities were consistent with NEI/NUSMG 98-07.
2.1.9 External Risk Contingency Plans in the areas of Risk Identification for External Risks, Event Analysis for External Risks, Risk Notification, Mitigation Strategy Selection, and Verification for External Risks, the audit team determined that licensee Y2K activities were consistent with NEI/NUSMG 98-07.
2.1.10 Integrated Contingency Plans In the areas of Integrated Y2K Contingency Plan Development and Integrated Contingency Plan Content, the audit team determined that licensee Y2K activities were consistent with NEI/NUSMG 98-07.
3.0 ADDITIONAL ISSUES In addition to the contingency planning areas addressed by the Y2K contingency planning checklist, the staff reviewed the issues discussed in the following sections.
3.1 Assumed Duration of Lost Offsite Power The licensee's planning assumptions include the possibility of localized power outages of non determined durations. In the event of a complete loss of offsite power, ONS can be powered from the onsite hydroelectric plant indefinitely. In case of a load rejection, ONS units are capable of running back to house loads without the units tripping.
3.2 Switchyard Battery and Circuit Breaker Auxiliaries The switchyard battery and circuit breakers are capable of operating for four hours without offsite power. This capability allows sufficient time for obtaining and starting emergency power sources. The circuit breaker auxiliaries are hydraulic and do not use compressed gas.
3.3 Staffing During Rollover Staffing details are provided in the Y2K contingency plans, which includes staffing for "workarounds." Additionally, the ONS Emergency Response Organization will be staffed
-6 through a duty rotation method. Relief shift personnel will be required to report to ONS at specified times, unless notified not to report.
3.4 Y2K Procedures Existing plant procedures have been identified as adequate for mitigating any Y2K internally induced event. This determination is based on the premise that existing emergency operating procedures are based on a mitigation strategy that is procedurally independent of the initiating event. ONS procedures contain sufficient guidance to ensure mitigation of any reasonable Y2K-related event. The event plan provides specific Y2K mitigation strategies that supplement existing plant procedures.
3.5 Internal and External Communications Contingencies ONS has multiple fully redundant communications capabilities, including internal and external telephone systems, radio systems, cell phones, and satellite phones. Direct access tie-lines are used for emergency communications with the police department and emergency services. Use of the 911 emergency phone number is a backup method. In addition, ONS has its own emergency medical response team located onsite.
The shifts have been identified and will show up for work without being called. The licensee will set up a "reverse" callout in the event that the notification system is unavailable. The reverse callout requires all affected team members to report to ONS at specified times on January 1, 2000, unless notified not to report.
3.6 Participation in the North American Electric Reliability Council Drill on September 9, 1999 The licensee will participate in the North American Electric Reliability Council drill on September 9, 1999.
3.7 NRC Contingency Plan for Year 2000 Rollover The licensee is familiar with the NRC Year 2000 Rollover Contingency Plan and the planned communication by the NRC at 15 minutes past midnight on January 1, 2000, to obtain the status of operating plants.
3.8 Security Systems The security systems are included in the licensee's contingency plans.
3.9 Remediated Systems Classification Some remediated systems are not mission-critical systems. Those systems that are mission critical and that have been remediated are addressed in the contingency plans and/or use existing procedures.
-7 3.10 Training The training plans have been identified and the training schedules are included in the contingency plans.
4.0 ADDITIONAL AUDIT TEAM OBSERVATIONS On the basis of the audit team's review of the ONS Y2K Readiness Contingency Planning Program, the audit team makes the following observations:
4.1 The audit team reviewed the event plan, all 34 of the supplemental Y2K contingency plans, and two contingency plan decision packages. The audit team performed detailed audits of the event plan, 15 of the 17 internal risk contingency plans, two of the 17 external risk contingency plans, and 2 internal risk contingency plan decision packages.
The plans and packages are thorough and consistent with NEI/NUSMG 98-07. The Y2K contingency planning program is receiving the appropriate management support and oversight. The event plan and the supplemental Y2K contingency plans were completed on June 3, 1999.
4.2 The audit team traced some of the 182 internal remediation risk candidates through the impact analysis packages, priority assignments, contingency plans, and the event plan.
The audit team noticed some minor inconsistencies between the various documents and the way that priorities were assigned. These differences were based on the judgment of the various system experts. The audit team found some inconsistencies between the event plan and the individual contingency plans and some instances of omitted information and editorial inconsistencies. The licensee plans to complete an internal assessment of the Y2K documentation, which should resolve these and any other such inconsistencies.
5.0 CONCLUSION
S On the basis of the results obtained during the NRC Y2K contingency audit, the audit team concludes that the licensee's Y2K contingency planning activities for ONS are acceptable.
Attachment:
Oconee Y2K Contingency Planning Audit Entrance Meeting List of Attendees June 8, 1999 and Oconee Y2K Contingency Planning Audit Exit Meeting List of Attendees June 9, 1999
0 0
OCONEE Y2K CONTINGENCY PLANNING AUDIT ENTRANCE MEETING LIST OF ATTENDEES - June 8,1999 Judith H. Schulte Duke Duke Nuclear Y2K Project Manager Anne Houck Duke Duke Nuclear Y2k Contingency Planning Project Manager Jimmy Jones Duke Duke Information Technology Eddy Fortner Duke ONS Site Nuclear Y2K Project Manager Clay A. Little Duke ONS Engineering Manager Mano Narar Duke ONS Engineering Manager Bill Foster Duke ONS Safety Assurance Manager Ed Burchfield Duke ONS Regulatory Compliance Manager Glenda Johns Duke ONS Local Information Technology Manager Mike Thorne Duke ONS Emergency Planning Larry Nicholson Duke ONS Regulatory Compliance Judy Smith Duke ONS Regulatory Compliance Mike Semmler Duke ONS License Renewal Rounette Nader Duke ONS License Renewal Danny Billings NRC Region II Resident Inspector Ed Girard NRC Region II Special Inspection Branch Matthew Chiramal NRC/NRR Electrical and Instrumentation and Controls Branch Duc Nguyen NRC/NRR Electrical and Instrumentation and Controls Branch Barry Marcus NRC/NRR Electrical and Instrumentation and Controls Branch OCONEE Y2K CONTINGENCY PLANNING AUDIT EXIT MEETING LIST OF ATTENDEES - June 9,1999 William R. McCollum, Jr.
Duke Duke ONS Site Vice President Judith H. Schulte Duke Duke Nuclear Y2K Project Manager Anne Houck Duke Duke Nuclear Y2k Contingency Planning Project Manager Eddy Fortner Duke ONS Site Nuclear Y2K Project Manager Mano Narar Duke ONS Engineering Manager Bill Foster Duke ONS Safety Assurance Manager Ed Burchfield Duke ONS Regulatory Compliance Manager Glenda Johns Duke ONS Local Information Technology Manager Judy Smith Duke ONS Regulatory Compliance Mike Semmler Duke ONS License Renewal Rounette Nader Duke ONS License Renewal Danny Billings NRC Region 11 Resident Inspector Ed Girard NRC Region 11 Special Inspection Branch Matthew Chiramal NRCINRR Electrical and Instrumentation and Controls Branch Duc Nguyen NRC/NRR Electrical and Instrumentation and Controls Branch Barry Marcus NRC/NRR Electrical and Instrumentation and Controls Branch Attachment