Meeting Summary for Public Teleconference Between PSEG LLC and the Nuclear Regulatory Commission, Hope Creek Generating Station - Power Range Neutron Monitoring System Digital Upgrade LAR HCGS Numac Upgrade - Open Item DOC-0006-2118 Ri

ML16116A235
Person / Time
Site:	Hope Creek
Issue date:	03/15/2016
From:	Public Service Enterprise Group
To:	Office of Nuclear Reactor Regulation
Parker C, NRR/DORL/LPLI-II, 415-1603
References
DOC-0006-2118 R1
Download: ML16116A235 (26)
v • d • e

Text

Enclosure to Meeting Summary for March 15, 2016, Public Teleconference between PSEG LLC and the Nuclear Regulatory Commission Hope Creek Generating Station {HCGS)

Power Range Neutron Monitoring {PRNM) System Digital Upgrade License Amendment Request HCGS NUMAC Upgrade - Open Items DOC-0006-2118 R1

DOC-0006-2118 R1 a HCGS NUMAC Upgrade -Open Items No. Resp. Issue Description Status RAI No. PSEG Response

1. EICB System Description Close No LTR 5.3.1 first bullet discusses APRM chassis and (for large cores) LPRM chassis.

Appendix R provides responses to plant NEDC-33864P Appendix A refers to these specific responses to the NU MAC LTR. two chassis as APRM-Master and Slave.

The response to LTR 2.3.4 identifies the configuration for HCGS to be 4 APRM Master refers to the APRM chassis and channels with one APRM chassis and one Slave refers to the LPRM chassis. These LPRM chassis. However the LTR and terms are used interchangeably.

Appendix A system architecture do not describe this. NEDC-33864P Appendix A page A-11 Appendix A describes a master/slave shows the system level architecture.

APRM instrument, but the LTR describes a LPRM unit not clear how these two concepts relate, if they do.

Provide a figure showing the system architecture for the HCGS PRNMS.

2. EICB System Description Close No The LTR describes variants of PRNM system architecture, depending on whether Appendix A seems to describe the generic the target application (plant) has a large or PRNM system architecture and not the small core, and whether it is BWR6 or non-architecture for HCGS. What is different BWR6. Appendix A provides additional between this description and the one details about large core, non-BWR6, such provided in the LTR? as Hope Creek.

Also there are system differences, which are described in Appendix J. How do these The differences described in Appendix J are modules work and fit in the system not architectural differences.

architecture for HCGS?

3. EICB System Description Close No NRC update 03022016: NRC will identify the documents to be placed in the portal.

Appendix J identifies Hope Creek deviations from the approved aeneric a) 1

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response NUMAC PRNM system. This is required in

• These are GEH references pointing to ISG-06 Section D.8. where the support for the justification is a) Table 1 lists these deviations and stored in the GEH document system.

provide justifications for such. The following two referenced documents Please provide additional can be placed in reading room upon information for the following items: request.

• Column Reference Document -

• Item 2 - 001 N5637 PRNM Time to what are these documents? Calculate Flow-biased Trip Setpoint

• Item 2 - Why the modification

• Item 5 - 001 N5640 PRNM Increased for time to calculate flow-biased Instrument Security trip setpoint is a clarification? It seems that the total time for the b)

Hope Creek Design has "Relay Logic Module" and "Relay Logic changed. Card" refer to the same thing. Hope Creek

• Item 5 - What higher level of will receive the new design.

security was applied and to what activities?

b) Section 4.2 describes the relay logic for HCGS. Please clarify how the improved relay logic module relates to the new relay logic card to be included in the Hope Creek PRNM system.

4. EICB Software Development Plans Close No NRC update 03022016: NRC will identify the documents to be placed in the portal.

The plans submitted describe GEH processes, but they do not include the PSEG is required to create or acquire a activities to be performed by the licensee, number of documents from vendors such as oversight. Please describe the providing safety related equipment per IT-activities and processes for which PSEG is AA-101. The purpose of many of these responsible. documents is to ensure the vendor has a quality process in place for software and 2

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response product design and that the process and design are accurately documented and tested. The required documents include a configuration management plan, a problem management and reporting process, a disaster recovery process, documented functional requirements, a documented technical design, a verification and validation plan, testing reports, user documentation, code review process and documentation and a traceability matrix to ensure all requirements are tested.

In addition, CC-AA-103-1007 responsibilities state:

Lead Responsible Engineers (LREs) are responsible for ensuring DCPs with digital devices are provided to DTS Design Engineer for review. DTS Design Engineers are responsible for reviewing Design Change Packages (DCP) with digital devices ensuring an adequate Critical Digital Review (CDR) is performed and documented. The DTS Engineer determines the scope and breadth of the CDR for the particular application.

A critical digital review is a review of a vendor's software QA processes and a technical review (EMl/RFI, failure analysis) of the design, documentation, and testing of a digital device determining the software/hardware's suitability for purchase and installation at PSEG Nuclear facilities.

3

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response PSEG personnel participated in critical digital review that was led by ProDesCon on the GEH Power Range Neutron Monitoring System (also refer to LAR Attachment 1 Section 3). The CDR report pointed out that GEH has an established regulatory approved Appendix B quality program and that they're processes are suitable to ensure the quality of the design, configuration control, Part 21 reportability and the system maintenance throughout the life cycle. The CDR included a high-level review of the overall system design, focusing on the safety functions of the system and how digital design principles indicative of highly reliable digital systems were applied to the PRNM system.

PSEG has reviewed and commented on software lifecycle documentation produced by GEH throughout the project.

In addition PSEG has performed two audits (reference Survey numbers NOV2116-014 and NOD-15-038) thus far on GEH to help ensure product reliability. These audits focused on G EH audits performed on subcontractor Gavial, the GEH actions and process to correct identified issues, QA hold points placed on the purchase order, overall test plans and completed testing, restrictions placed on the Gavial subcontractor, cyber security aspects of the project and the GEH engineerina change 4

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response process.

PSEG also plans to witness continued factory testing with the quality assurance department.

5. EICB Software Development Plans Open Appendix B Sections 4.2 and 4.3 should be marked proprietary to match Appendix D.

The proprietary markings in the appendices Updated copies of Appendix B proprietary are inconsistent. For example, information and non-proprietary can be provided.

in Sections 4.2 and 4.3 in Appendix B is not marked proprietary, but this same information is also provided in Sections 4.2 and 4.3 of Appendix D, where is marked as proprietary.

6. EICB Appendix E, PRNM System Management open yes Plan a) Section 2.3 describes how project A Project Work Plan (PWP) is required by management will be performed. GEH policies and procedures. As stated in This section refers to critical-to- Appendix B Section 3.1.1.5, the PWP quality features to be part of the contains personnel and commercial management process. However, information, including project budgetary this plan does no define these information that is classified as G EH features. Since these features are Proprietary Class Ill (confidential). The PWP part of project oversight, please is created and maintained by the Project describe these features and in Manager to manage the commercial which document will they be aspects of the project. Critical to quality recorded? features are project specific and are listed in the PWP. For Hope Creek, these are listed in Appendix C3 of the Hope Creek PRNM Upgrade PWP.

5

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response b) Section 2.4.1 describes the secure A collection of administrative procedures development environment. This covers specific topics related to the secure section states the control employs development environment:

in the system development should

• Asset Identification be in accordance with GEH

• Secure Development Network established procedures, consistent

• Physical Security with guidance provided in RG

• Malicious Code Protection 1.152. Please describe the GEH

• Patch Management procedures to be followed for

• Server and Computer Hardening secure development environment.

• Threat Analysis

• Software Usage

• Electronic Access Control

• Log Management

• Personnel Security and Segregation of Duties

• Production Deployment

• Product Handling and Delivery

• Incident Response

• Contingency Planning

• Security Control Review

• Changes to Physical, Logical, or Programmatic Controls c) Section 3.1 describes the need to 3/15/2016 Sugglemental Resgonse establish project quality metrics.

However, this section does not NRC Clarification identify the project quality metrics. BTP 7-14 requires the applicant identify the metrics to track progress and determine appropriateness of its software development process. The NRC staff needs a clear description on how the licensee is using configuration reviews and technical reviews to measure success or failure of the software development process.

This item is identified in open items: 6c, 7g, 6

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Ba, and 11 e

Response

The software development process includes a series of technical design reviews and baseline reviews. At the end of each of these reviews, a review report and a scorecard will be issued by the review chair.

The review report summarizes the results of the review. The scorecard evaluates the content of the review material and the performance of the design team based on pre-established criteria also known as metrics, e.g., "Did the design team resolve action items assigned at previous reviews, or are acceptable plans in place?" A successful review will require a passing grade of 75%. However, any grade below 90% would result in action items to correct the deficiency in the design or in the compliance with the design process.

Condition reports will be issued in accordance with GEH problem reporting procedure should a design fail any of the reviews.

2/16/2016 The Design Review Summary Report and Design Review Scorecard provide a record of quality metrics applied by the Chief Engineer's Office. A copy of a scorecard can be placed in the Reading Room upon request.

7

DOC-0006-211S R1 No. Resp. Issue Description Status RAI No. PSEG Response

7. EICB Appendix B, PRNM Systems Engineering open yes Development Plan a) Section 2.4.1 of Appendix K states When the design team prepares and the verification of the design releases design artifacts, GEH procedures documents is performed by the require the Design team to perform design team prior to IVV activities. verification of documents prior to the But section 2.3 seems to imply that document release. The released document these reviews are performed by a is then provided to the IVV team who team independent of the design conducts the independent verification in team. In addition, section 4.2 of accordance with the SylVVP. Conducting Appendix B also describes an the IVV activities defined in the SylVVP independent review team who (Section 3.0) constitutes the Technical perform the technical design review. Design Review, which is performed by the Please clarify what group (in the IVV team and is supervised by the Chief GEH organization) performs these Engineers Office.

independent reviews.

b) Section 2.4.1 describes the 3/15/2016 Su1212lemental Res12onse technical design reviews. This section states the design team is NRC Clarification responsible for resolving issues BTP 7-14 requires the applicant identify identified during these reviews. How how anomalies are identified, documented, are these issues being recorded tracked and resolved. The staff needs a and tracked? Section 4.5 of this clear description on how PSEG and GEH appendix describes how are performing these activities during the deficiencies or discrepancies could design and development, V&V, and testing, be tracked, and Section 7.0 states and then after the system is installed in they could use engineering change HCGS. This item is identified in open items:

order to handle problems 7b, Sa, Sb, and 11 f encountered during product development. But these statements G EH Res12onse are not specific. In addition, it DurinQ desiQn & development of the PRNM s

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response seems that these options are used system for PSEG, the IVV Team would after delivery of the NUMAC review and provide comments about design system. Please explain what artifacts at each phase. The comments and method will be used to identify and resolutions are archived in the design track problems identified during the records in accordance with GEH technical design reviews. Also, procedures. The comments, resolutions and explain the process to approve the any open items are also reported and resolution of these problems. tracked in Appendix A of the SyVV Task Report or SySA Task Report for each phase as discussed in Section 4.4 of the SyEDP, SylVVP and SyQAP.

During IVV team testing, when anomalies are observed, they are recorded in the control copy of the test datasheets. The anomalies and the resolutions, which may include changes or corrections to the design, are discussed in the test reports. An independent engineer is responsible to verify that the content of test report is consistent with the test data sheets. The technical design reviews and baseline reviews will confirm that the acceptance of the resolution and the closure of the anomalies or open items. Resolution of all anomalies and closure of all open items are required before the system can be delivered to PSEG.

After GEH delivers the system to PSEG, if an anomaly is discovered it would be tracked in the GEH Corrective Action Program.

9

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response PSEG Response As discussed in the response to Open Item (01) #4, PSEG will continue oversight and audit activities during the design, development, V&V, and testing of the PRNM system. The processes discussed in 01#4 will disposition any anomalies identified. This will include, as appropriate, resolution in the PSEG Corrective Action Program (CAP) -LS-AA-125 - and in the Engineer of Choice (EOC) corrective action program (for the vendor performing the design change package for the PRNM upgrade - Sargent and Lundy).

During installation and acceptance testing, and after installation, both the PSEG CAP and EOC CAP will be used to identify, document, track and resolve anomalies.

2/16/2016 Project specific issues that remain open across project phases are tracked in the task reports. See Section 4.4.2 of the NUMAC Systems Engineering Development Plan. Closure of open items is reviewed as part of subsequent Baseline reviews; open items are resolved and closed prior to completion of the final Baseline review.

c) Section 4.3 states the baseline The SyQA Functional Configuration Audit review team would also review and Checklist (NUMAC System Quality approve development tools. Was Assurance Plan Section 4.4.1) lists tools 10

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response this necessary for the HCGS PRNM that were approved for the associated system? baseline. A SyQA Functional Configuration Audit Checklist is developed for each Baseline.

Tools are approved for use via the Baseline review process for application to a specific project. Tools were used for the HCGS PRNM system development.

d) Section 5.0 describes the use of 3/15/2016 Sui;mlemental Resgonse development tools. BTP 7-14, Section B.3.1.2.3 requires licensee NRG Clarification to provide a description of software BTP 7-14 requires the applicant identify the tools to be used. Please identify the software tools used for the development of software development tools. the system. The NRG staff needs a list and reference of the software tools being used for the development of the HCS NUMAC.

During the call, the licensee noted these tools were described in previous license amendments, if this is the case, then the staff needs the references or ML numbers for the documents that described the software tools. This item is identified in open items: 7d and 9b Resgonse The Hope Creek PRNM system has similar hardware and software designs as previously approved PRNM projects, e.g.,

Grand Gulf and Columbia. Therefore, the software tools for the HCGS PRNM are the same as those previously described for Columbia in NEDC-33685P Revision 2 (ML12040A074) Section 4.4.6.

11

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response 2/16/2016 Tools are selected and approved for use throughout the various phases of project.

The approved tools are documented in the SyQA Functional Configuration Audit Checklists (NUMAC System Quality Assurance Plan Section 4.4.1 ).

G EH provided details on software tools during previous (Grand Gulf and Columbia) projects. See RAI #3 in GNR0-2011/00038 (ML111370259) and Section 4.4.6 in NEDC-33685(ML12040A074).

e) Section 6.0 describes the secure GEH has a procedure for controlling access development and operational to the NUMAC lab; see response to Open environment. This section states Item 6.b.

access to the NUMAC lab is controlled and monitored. But it does not provide details on how these are perform. Please provide detail explanation.

f) Section 6.0 describes the secure GEH has a procedure for access control of development and operational the secure server, see response to Open environment. This section states the Item 6.b.

code is maintained in the secure server. How is access granted to this server?

g) Section B.3.1.2.2 of BTP 7-14 3/15/2016 Su1212lemental Res12onse requires licensee to identify the See open item 6.c.

indicators to determine the success or failure of the development 2/16/2016 processes. This information was not Success or failure is indicated by the provided in the enqineerinq Desiqn Review Summary Report and 12

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response development plan. In addition, Design Review Scorecard.

Appendix A in Appendix K identifies the alignment to NUMAC documents. This table identifies that this information in SyMP (See open item 6.c). Please provide this information.

8. EICB Appendix C, NUMAC Systems Quality Open yes Assurance Plan a) General comment: This plan does 3/15/2016 Sum2lemental Res12onse not cover all the activities identified See open item 6.c and open item 7.b.

in section B.3.1.3 of the BTP 7-14.

Specifically, this plan does not 2/16/2016 describe the corrective action The NUMAC plans augment and program, description of QA supplement the GEH QA Program. As procedures, and indicators to stated in Section 1.0 of the NUMAC determine software quality. Systems Quality Assurance Plan, the GEH Quality Assurance Program encompasses quality assurance related activities such as audits, supplier control, and archiving of quality records. Although not explicitly mentioned, the corrective action program is a component of the GEH Quality Assurance Program.

b) Section 3.0 states unresolved 3/15/2016 Su1212lemental Res12onse configuration items is grounds for See open item 7.b.

failure. How are these issues identified, recorded and tracked? 2/16/2016 Who is responsible for approving Open items are listed in the System Quality resolution of these issues? (see Assurance Configuration Audit Checklist open item 7.b) and tracked in the System Configuration Management Task report (SyEDP 4.4.2).

13

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response The checklist and task report are part of the Baseline Review Records. These records are approved by the baseline review team, which is chaired by the Chief Consulting Engineer.

c) Section 4.4.1 describes the As discussed in response to Question 8.a, oversight activity associated with the GEH Quality Assurance Program has quality assurance. Is the activity other activities. Problems are tracked in described in this section the only accordance with GEH procedures.

oversight activity to be performed?

(This section is marked proprietary so the specific activity is not identified in the question). What happens if problems are identified durinq this oversiqht activity?

9. EICB Software Integration Plan (SlntP) open yes GEH did not submit a separate plan for this. However, GEH (Appendix K) identified the NUMAC documents that cover the requirements for this plan (BTP 7-14, Section B.3.1.4). Based on this information, the staff identified the followinq questions:

a) Section B.3.1.4.2 identifies the G EH does not have a separate software implementation characteristics of integration team, rather software integration the SlntP. His section requires is performed by the design team. Therefore, description of the software the characteristics described in the SyEDP integration activities. GEH for design team activities apply to references SyEDp for this, but integration activities as well. For SyEDP does not provide enough explanation of how measurement is information about the software performed, see response to 6.c.

integration process. Please provide this information.

14

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response b) Section B.3.1.4.3 identifies software 3/15/2016 Sugglemental Resgonse tools. As mentioned in open item See open item 7.d.

7.d, these GEH document do not identify the software tools to be 2/16/2016 used. Please provide this See response to open item 7.d.

information.

10. EICB Software Safety Plan (SSP) open yes The PRNM upgrade is a retrofit system. As GEH did to submit a separate plan for this. a retrofit system, the GEH approach to However, GEH (Appendix K) identified the software safety planning for PRNM is to NU MAC documents that cover the ensure that the safety significance of the requirements for this plan (BTP 7-14, PRNM retrofit is consistent with the design Section B.3.1.9). Based on this information, basis of the replaced system and of the the staff identified the following question: plant. GEH provided details on software Appendix K refers to the IVVP and SyMP safety approach during previous (Grand for the information required in BTP 7-14. Gulf and Columbia) projects. See RAI #1 However, the information identified in these and 2 in GNR0-2011/00039 sources seem to address the hazard (ML111460590) and Section 4.4.1.9 in analysis required by IEEE 102, and not NEDC-33685(ML12040A074).

what is required in BTP 7-14.

The SSP should provide a general description of the software safety effort, and the intended interactions between the software safety organization and the general system safety organization.

11. Appendix D, NUMAC Systems open yes Independent Verification and Validation a) Section 2.1 describes the GEH The Chief Consulting Engineer reports to organization. This section states the the Chief Engineer's Office.

GEH Chief Engineer's office supervises independent V&V activities. However, Appendix D, Figure 2-1 identifies the Chief 15

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Consulting Engineer as the person responsible for V&V activities.

b) Section 3.1.2 describes the safety See response to open item 10.

analysis for the concept phase. It is not clear if this activity will include the preliminary hazard analysis, since it seems to only cover evaluation of the documentation.

c) Is the safety analyses described in Hazard analysis is performed during various each lifecycle phase considered to lifecycle phases as indicated in Appendix K, be the hazard analysis identified in Table 5 for cross-reference of IEEE Std IEEE Std. 1012? If so, will this also 1012 to NUMAC process.

include the risk analysis identified in Project risk management is performed IEEE Std. 1012? during all system life cycle development phases in accordance with the GEH Quality Assurance Program d) Appendix K refers to the IVVP Project risk management is performed Section 4.0 to confirm item during all system life cycle development B.3.1.10.1, risks. Section 4.0 phases in accordance with the GEH Quality describes the baseline process. So Assurance Program. SylVVP Section 4.2 it is not clear how the baseline describes Technical Reviews. Although not process will be used to identify and stated in the SylVVP, the GEH procedure manage risks associated with the for Technical Design Reviews requires risks V&V process. management. SylVVP Section 4.3 describes Baseline Reviews, which are a process check to ensure the project plans are beinq followed.

e) Appendix K refers to several 3/15/2016 Sugglemental Resgonse sections in the IVVP to confirm item See open item 6.c.

B.3.1.10.2, measurement. However, the information provided does not 2/16/2016 clearly define the indicators that will See response to open item 6.c.

be used.

16

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response f) Section B.3.1.10.2, procedures 3/15/2016 Su1212lemental Res12onse requires applicants to describe how See open item 7.b.

anomalies are identified and reported. This information is not 2/16/2016 provide in the plan (See item 11.b Per section 2.2.2 and 2.2.3 of the SylVV, above) the System Verification Engineer and System Safety Analysis Engineer are responsible for documenting results of reviews including anomalies in their respective tasks reports. The task reports are discussed in sections 4.4.1 and 4.4.2.

12. EICB Software Configuration Management Plan open yes SyEDP - section 3.4 specifies configuration (SCMP) management of source code and section 5 specifies configuration management of GEH did to submit a separate plan for this. firmware. Tools are controlled at the However, GEH (Appendix K) identified the baseline in which they are introduced.

NU MAC documents that cover the Configuration Status Accounting includes all requirements for this plan (BTP 7-14, the configurable items.

Section B.3.1.11 ). Based on this information, the staff identified the following question:

Appendix K refers to the SyEDP for the information required in section B.3.1.11.2, procedures. However, the information identified in these sources seem to address only configuration of documents, and not all configuration items (e.g., software tools, source code, etc.). How will GEH control these items?

13. EICB EQ Testing Close no NRC update 03022016: The qualification summary report will provide the information The system equipment qualification (EQ) requested.

test plan was not submitted with the LAR.

17

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Instead the licensee submitted an EQ These items are encompassed by Appendix program in Appendix H. This program H. They are specifically identified in Section states the EQ plans will provide the details 3.3 and qualification approach is discussed on the system to be qualified. Also, that the in Section 5.

EQ program provides guidance to prepare EQ plans, if they are necessary. For this amendment, GEH described design changes for the HVPS, Relay Logic Card, and UFP Display. Therefore, a qualification plan for these components should be submitted. ISG-06, Section D.5.2 describes the information to be provided for the staff to evaluate EQ of l&C systems. Section D.5.2 requires submittal of the EQ plan.

14. EICB EQ Testing Requirements Close no The EQ requirements are based on plant conditions:

Are the EQ requirements based on the plant conditions? From NEDC-33864P Appendix H Section 1.1:

The replacement NUMAC PRNM system is designed to maintain functional operability under conditions specified in the PSEG Hope Creek Generating Station Power Range Neutron Monitoring System (PRNM)

Upgrade Project H-1-SE-KDS-0494

[Reference 7.1 ]. The qualification requirements, the subject of this system qualification program, are further delineated in the NUMAC PRNM System Requirements Specification [Reference 7.2].

Reference 7.2 is provided as NEDC-18

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response 33864P Appendix F Part 1 (NUMAC PRNM System Requirements Specification).

Section 2.5 references Hope Creek specification H-1-SE-KDS-0494; the qualification requirements in Appendix F Part 1 Section 9 are obtained directly from the Hope Creek specification.

15. APHB Section D.9.4, "Technical Evaluation," of Standby- An analysis, consistent with NUREG-0800, Dl&C-ISG-06, Subsection D.9.4.2.14, awaiting Appendix 18-A, will be provided "IEEE Std. 603, Clause 5.14, Human additional demonstrating that the manual operator Factors Considerations," states, in part, information actions remain both feasible and reliable, that the information provided should be from the and the ability to perform the actions reliably sufficient to demonstrate that the guidance licensee within the time available is maintained.

contained in Standard Review Plan, The analysis will be provided in the HCGS Appendix 18-A, has been met. PRNM Electronic Reading Room portal, in the second quarter of 2016.

NUREG-0800, Standard Review Plan, Appendix 18-A, "Crediting Manual Operator PSEG would like to discuss some Actions in Diversity and Defense-in-Depth clarifications concerning A1212endix 18-A:

(D3) Analyses," Revision 0, states, in part, that a diversity and defense-in-depth analysis should include the justification of a. Phase 3 vs Phase 1 required time: If the any operator actions that are credited for required time (and margin to time available) response to an Anticipated Operational has been verified via Phase 3 ISV, is it still Occurrence/Postulated Accident necessary to perform the Phase 1 time concurrent with software Common Cause required estimate?

Failure (CCF). It further states that credited manual operator actions and their b. For the two manual operator action items associated interfaces (controls, displays, from the D3 report the HCGS Operators and alarms) should be specifically have multiple existing indications available.

addressed in the Consequently, PSEG does not need the vendor/licensee/applicant's Human Factors simulator PRNM digital modification to Engineering (HFE) Program. The support the18-A Phase 3 ISV; the existing vendor/licensee/applicant should commit, plant/simulator configuration supports the 19

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response in the defense-in-depth submittal, to ISV. The ISV is scheduled to be completed include the proposed defense-in-depth in March/April 2016. (Note: if simulator coping actions in an HFE Program modifications were required before timing consistent with that described in NUREG- operator actions that could not be done until 0711 and to provide the results of the HFE couple of months before modification Program to the staff prior to implementation implementation, ie 2018) of the proposed action(s).

As stated in NUREG-0800, Appendix 18-A, to credit operator actions, an acceptable method would be to demonstrate that the manual actions in response to a BTP 7-19 software CCF are both feasible and reliable, given the time available, and that the ability of operators to perform credited actions reliably will be maintained for as long as the manual actions are necessary to satisfy the defense-in-depth analysis. Changes in plant design, including those that do not add, change, or delete the credited manual operator actions, may affect the ability of operators to correctly and reliably perform manual actions due to performance shaping factors (e.g., workload, time pressure) or other causes.

Provide information regarding the analysis, consistent with NUREG-0800, Appendix A, that was used to demonstrate that the manual actions remain both feasible and reliable, and the ability to perform the actions reliably within the time available is maintained. The analysis should 20

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response demonstrate that (1) the time available to perform the required manual actions is greater than the time required for the operator(s) to perform the actions, and (2) the operator(s) can perform the actions correctly and reliably in the time available. PSEG should provide sufficient information to demonstrate that the conclusions reached in the previously performed analysis regarding the feasibility and reliability of credited manual operator actions will remain valid in the post-modification environment (i.e., that the time available to perform the required manual actions and the time required to perform such actions will not be adversely affected bv the proposed modification).

16. RA System Requirements New 3/15/2016 The Hope Creek System Requirements Appendix F defines the system Specification (Appendix F) is plant specific.

requirements for the NUMAC PRNM The following discussion elaborates on how system. It is not clear if these requirements the topics from Appendix J are addressed in reflect the system to be installed in HCGS. the Hope Creek specifications.

Specifically, does appendix F include the requirements for the modified components LTR Deviations described in Appendix J?

1. APRM Upscale I OPRM Upscale I APRM lnop. Appendix F1, Section 6.1 reflects this LTR deviation.

NOTE: Appendix J Reference document 001 N5636 can be provided in the reading room portal, if desired. This topic was discussed during previous PRNM projects.

Please see, Enclosure 1 (Section 1.5 and 21

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Appendix A) of ML12040A073, submitted for Columbia.

2. Time to Calculate Flow-biased Trip Setpoint. This clarifies a statement in the

• LTR but does not affect the NUMAC PRNM design.

NOTE: Appendix J Reference document 001 N5637 can be provided in the reading room portal, if desired. This topic was discussed during a previous PRNM project.

Please see, Enclosure 1 of ML12040A073, submitted for Columbia.

3. Abnormal Conditions Leading to Inoperative Status. Appendix F2, Section 4.3.4.9 reflects this LTR deviation.

NOTE: Appendix J Reference document 001 N5635 can be provided in the reading room portal, if desired. This topic was discussed during a previous PRNM project.

Please see Enclosure 1 of ML12040A073, submitted for Columbia.

4. OPRM Pre-Trip Alarms. Appendix F1, Section 4.3.1.2 reflects this LTR deviation.

NOTE: Appendix J Reference document 001 N5641 can be provided in the reading room portal, if desired. This topic was discussed during a previous PRNM project.

Please see Appendix A (page A-5) of ML101790437, submitted for Grand Gulf (DSS-CD Plant like HCGS).

22

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response

5. Increased Instrument Security.

Appendix F1 Section 4.1 (traceable item 436R) provides the higher level requirement that the system provides a means to adjust user-configurable parameters, and Appendix F2 Section 4.4.14 (traceable item 2345R) incorporates the same feature at the instrument level. That the Hope Creek design implements increased security relative to previous applications may be seen by comparing it to a previous application. Please see Section 4.4.8 of 25A5916, APRM Performance Specification for CGS (Reference 64 and included in Appendix A) - ML12040A074 submitted for Columbia. That design includes an "OPER-SET" function, a function that enables the user to adjust a small number of select parameters after entering a password but without placing the instrument in INOP.

PSEG elected to not include this feature at Hope Creek.

NOTE: Appendix J Reference document 001 N5640 can be provided in the reading room portal, if desired.

6. PRNM System Input Power Source. The deviation does not affect the PRNM design.

Appendix F1 Section 7.5 reflects the type of input power as described in the Hope Creek LAR Attachment 1 Section 4.1. 1 page 28 of 46, which deviates from what is described in the LTR.

NOTE: Appendix J Reference document 23

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response 002N3909 can be provided in the reading room portal, if desired.

Differences from Columbia Generating Station PRNM

1. OPRM Solution. Appendix F1 Section 4.1 (traceable item 225) and 4.3 reflect this difference.

2. Relay Logic Module. The new part is incorporated in schematics and bills of material, which may be placed in the reading room portal if desired. The design function is not changed and therefore does not affect Appendix F.

3. APRM High voltage Power Supply.

Appendix F2 Section 4.4.2 (traceable item 2322) reflects this difference (note that

. Appendix F2 Table 4.3-1 erroneously points to Section 3.3.1 vs 4.4.2 for 'Manual LPRM l/V curve request').

4. Display of Calibration Constants for LPRM Detector and Flow Signals.

Appendix F2 Section 4.4.5 (traceable item 2287) reflects this difference.

5. Instrument Front Panel Display. The new part is incorporated in schematics and bills of material, which may be placed in the reading room portal if desired. The design function is not changed and therefore does 24

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response not affect Appendix F.

17. RA System Requirements New 3/15/2016 The requirements marked with brackets in Appendix F defines the system Appendix F are identified for traceability requirements for the NUMAC PRNM purposes. Appendix F also includes several system. There are requirements identified sections that are written in support of the (use of the word SHALL) that do not requirements marked with brackets for include identifiers in brackets (e.g., Section traceability. Section 4 of Appendix F1 5.6). Then there are statements that seems states "The primary system functions of the more description than requirements (e.g., integrated NUMAC PRNM replacement Sections 5.4 and 5.5). Clarify if all sections system are summarized below, followed by are requirements for the system. a specific identification of the safety functions of the system. See Sections 5 and 6 for more details on the input and output requirements discussed in this section." Therefore, Sections 5 and 6 are also considered as requirements although these requirements would not be explicitly traced in downstream documents. For example, it would be cumbersome to establish traceability for the LPRM assignments in Section 5.1. However, each LPRM assignment will be verified and validated in the V&V activities. The bases for the V&V would be Section 5.1 of Appendix F.

18.

25

Enclosure to Meeting Summary for March 15, 2016, Public Teleconference between PSEG LLC and the Nuclear Regulatory Commission Hope Creek Generating Station {HCGS)

Power Range Neutron Monitoring {PRNM) System Digital Upgrade License Amendment Request HCGS NUMAC Upgrade - Open Items DOC-0006-2118 R1

DOC-0006-2118 R1 a HCGS NUMAC Upgrade -Open Items No. Resp. Issue Description Status RAI No. PSEG Response

1. EICB System Description Close No LTR 5.3.1 first bullet discusses APRM chassis and (for large cores) LPRM chassis.

Appendix R provides responses to plant NEDC-33864P Appendix A refers to these specific responses to the NU MAC LTR. two chassis as APRM-Master and Slave.

The response to LTR 2.3.4 identifies the configuration for HCGS to be 4 APRM Master refers to the APRM chassis and channels with one APRM chassis and one Slave refers to the LPRM chassis. These LPRM chassis. However the LTR and terms are used interchangeably.

Appendix A system architecture do not describe this. NEDC-33864P Appendix A page A-11 Appendix A describes a master/slave shows the system level architecture.

APRM instrument, but the LTR describes a LPRM unit not clear how these two concepts relate, if they do.

Provide a figure showing the system architecture for the HCGS PRNMS.

2. EICB System Description Close No The LTR describes variants of PRNM system architecture, depending on whether Appendix A seems to describe the generic the target application (plant) has a large or PRNM system architecture and not the small core, and whether it is BWR6 or non-architecture for HCGS. What is different BWR6. Appendix A provides additional between this description and the one details about large core, non-BWR6, such provided in the LTR? as Hope Creek.

Also there are system differences, which are described in Appendix J. How do these The differences described in Appendix J are modules work and fit in the system not architectural differences.

architecture for HCGS?

3. EICB System Description Close No NRC update 03022016: NRC will identify the documents to be placed in the portal.

Appendix J identifies Hope Creek deviations from the approved aeneric a) 1

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response NUMAC PRNM system. This is required in

• These are GEH references pointing to ISG-06 Section D.8. where the support for the justification is a) Table 1 lists these deviations and stored in the GEH document system.

provide justifications for such. The following two referenced documents Please provide additional can be placed in reading room upon information for the following items: request.

• Column Reference Document -

• Item 2 - 001 N5637 PRNM Time to what are these documents? Calculate Flow-biased Trip Setpoint

• Item 2 - Why the modification

• Item 5 - 001 N5640 PRNM Increased for time to calculate flow-biased Instrument Security trip setpoint is a clarification? It seems that the total time for the b)

Hope Creek Design has "Relay Logic Module" and "Relay Logic changed. Card" refer to the same thing. Hope Creek

• Item 5 - What higher level of will receive the new design.

security was applied and to what activities?

b) Section 4.2 describes the relay logic for HCGS. Please clarify how the improved relay logic module relates to the new relay logic card to be included in the Hope Creek PRNM system.

4. EICB Software Development Plans Close No NRC update 03022016: NRC will identify the documents to be placed in the portal.

The plans submitted describe GEH processes, but they do not include the PSEG is required to create or acquire a activities to be performed by the licensee, number of documents from vendors such as oversight. Please describe the providing safety related equipment per IT-activities and processes for which PSEG is AA-101. The purpose of many of these responsible. documents is to ensure the vendor has a quality process in place for software and 2

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response product design and that the process and design are accurately documented and tested. The required documents include a configuration management plan, a problem management and reporting process, a disaster recovery process, documented functional requirements, a documented technical design, a verification and validation plan, testing reports, user documentation, code review process and documentation and a traceability matrix to ensure all requirements are tested.

In addition, CC-AA-103-1007 responsibilities state:

Lead Responsible Engineers (LREs) are responsible for ensuring DCPs with digital devices are provided to DTS Design Engineer for review. DTS Design Engineers are responsible for reviewing Design Change Packages (DCP) with digital devices ensuring an adequate Critical Digital Review (CDR) is performed and documented. The DTS Engineer determines the scope and breadth of the CDR for the particular application.

A critical digital review is a review of a vendor's software QA processes and a technical review (EMl/RFI, failure analysis) of the design, documentation, and testing of a digital device determining the software/hardware's suitability for purchase and installation at PSEG Nuclear facilities.

3

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response PSEG personnel participated in critical digital review that was led by ProDesCon on the GEH Power Range Neutron Monitoring System (also refer to LAR Attachment 1 Section 3). The CDR report pointed out that GEH has an established regulatory approved Appendix B quality program and that they're processes are suitable to ensure the quality of the design, configuration control, Part 21 reportability and the system maintenance throughout the life cycle. The CDR included a high-level review of the overall system design, focusing on the safety functions of the system and how digital design principles indicative of highly reliable digital systems were applied to the PRNM system.

PSEG has reviewed and commented on software lifecycle documentation produced by GEH throughout the project.

In addition PSEG has performed two audits (reference Survey numbers NOV2116-014 and NOD-15-038) thus far on GEH to help ensure product reliability. These audits focused on G EH audits performed on subcontractor Gavial, the GEH actions and process to correct identified issues, QA hold points placed on the purchase order, overall test plans and completed testing, restrictions placed on the Gavial subcontractor, cyber security aspects of the project and the GEH engineerina change 4

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response process.

PSEG also plans to witness continued factory testing with the quality assurance department.

5. EICB Software Development Plans Open Appendix B Sections 4.2 and 4.3 should be marked proprietary to match Appendix D.

The proprietary markings in the appendices Updated copies of Appendix B proprietary are inconsistent. For example, information and non-proprietary can be provided.

in Sections 4.2 and 4.3 in Appendix B is not marked proprietary, but this same information is also provided in Sections 4.2 and 4.3 of Appendix D, where is marked as proprietary.

6. EICB Appendix E, PRNM System Management open yes Plan a) Section 2.3 describes how project A Project Work Plan (PWP) is required by management will be performed. GEH policies and procedures. As stated in This section refers to critical-to- Appendix B Section 3.1.1.5, the PWP quality features to be part of the contains personnel and commercial management process. However, information, including project budgetary this plan does no define these information that is classified as G EH features. Since these features are Proprietary Class Ill (confidential). The PWP part of project oversight, please is created and maintained by the Project describe these features and in Manager to manage the commercial which document will they be aspects of the project. Critical to quality recorded? features are project specific and are listed in the PWP. For Hope Creek, these are listed in Appendix C3 of the Hope Creek PRNM Upgrade PWP.

5

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response b) Section 2.4.1 describes the secure A collection of administrative procedures development environment. This covers specific topics related to the secure section states the control employs development environment:

in the system development should

• Asset Identification be in accordance with GEH

• Secure Development Network established procedures, consistent

• Physical Security with guidance provided in RG

• Malicious Code Protection 1.152. Please describe the GEH

• Patch Management procedures to be followed for

• Server and Computer Hardening secure development environment.

• Threat Analysis

• Software Usage

• Electronic Access Control

• Log Management

• Personnel Security and Segregation of Duties

• Production Deployment

• Product Handling and Delivery

• Incident Response

• Contingency Planning

• Security Control Review

• Changes to Physical, Logical, or Programmatic Controls c) Section 3.1 describes the need to 3/15/2016 Sugglemental Resgonse establish project quality metrics.

However, this section does not NRC Clarification identify the project quality metrics. BTP 7-14 requires the applicant identify the metrics to track progress and determine appropriateness of its software development process. The NRC staff needs a clear description on how the licensee is using configuration reviews and technical reviews to measure success or failure of the software development process.

This item is identified in open items: 6c, 7g, 6

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Ba, and 11 e

Response

The software development process includes a series of technical design reviews and baseline reviews. At the end of each of these reviews, a review report and a scorecard will be issued by the review chair.

The review report summarizes the results of the review. The scorecard evaluates the content of the review material and the performance of the design team based on pre-established criteria also known as metrics, e.g., "Did the design team resolve action items assigned at previous reviews, or are acceptable plans in place?" A successful review will require a passing grade of 75%. However, any grade below 90% would result in action items to correct the deficiency in the design or in the compliance with the design process.

Condition reports will be issued in accordance with GEH problem reporting procedure should a design fail any of the reviews.

2/16/2016 The Design Review Summary Report and Design Review Scorecard provide a record of quality metrics applied by the Chief Engineer's Office. A copy of a scorecard can be placed in the Reading Room upon request.

7

DOC-0006-211S R1 No. Resp. Issue Description Status RAI No. PSEG Response

7. EICB Appendix B, PRNM Systems Engineering open yes Development Plan a) Section 2.4.1 of Appendix K states When the design team prepares and the verification of the design releases design artifacts, GEH procedures documents is performed by the require the Design team to perform design team prior to IVV activities. verification of documents prior to the But section 2.3 seems to imply that document release. The released document these reviews are performed by a is then provided to the IVV team who team independent of the design conducts the independent verification in team. In addition, section 4.2 of accordance with the SylVVP. Conducting Appendix B also describes an the IVV activities defined in the SylVVP independent review team who (Section 3.0) constitutes the Technical perform the technical design review. Design Review, which is performed by the Please clarify what group (in the IVV team and is supervised by the Chief GEH organization) performs these Engineers Office.

independent reviews.

b) Section 2.4.1 describes the 3/15/2016 Su1212lemental Res12onse technical design reviews. This section states the design team is NRC Clarification responsible for resolving issues BTP 7-14 requires the applicant identify identified during these reviews. How how anomalies are identified, documented, are these issues being recorded tracked and resolved. The staff needs a and tracked? Section 4.5 of this clear description on how PSEG and GEH appendix describes how are performing these activities during the deficiencies or discrepancies could design and development, V&V, and testing, be tracked, and Section 7.0 states and then after the system is installed in they could use engineering change HCGS. This item is identified in open items:

order to handle problems 7b, Sa, Sb, and 11 f encountered during product development. But these statements G EH Res12onse are not specific. In addition, it DurinQ desiQn & development of the PRNM s

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response seems that these options are used system for PSEG, the IVV Team would after delivery of the NUMAC review and provide comments about design system. Please explain what artifacts at each phase. The comments and method will be used to identify and resolutions are archived in the design track problems identified during the records in accordance with GEH technical design reviews. Also, procedures. The comments, resolutions and explain the process to approve the any open items are also reported and resolution of these problems. tracked in Appendix A of the SyVV Task Report or SySA Task Report for each phase as discussed in Section 4.4 of the SyEDP, SylVVP and SyQAP.

During IVV team testing, when anomalies are observed, they are recorded in the control copy of the test datasheets. The anomalies and the resolutions, which may include changes or corrections to the design, are discussed in the test reports. An independent engineer is responsible to verify that the content of test report is consistent with the test data sheets. The technical design reviews and baseline reviews will confirm that the acceptance of the resolution and the closure of the anomalies or open items. Resolution of all anomalies and closure of all open items are required before the system can be delivered to PSEG.

After GEH delivers the system to PSEG, if an anomaly is discovered it would be tracked in the GEH Corrective Action Program.

9

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response PSEG Response As discussed in the response to Open Item (01) #4, PSEG will continue oversight and audit activities during the design, development, V&V, and testing of the PRNM system. The processes discussed in 01#4 will disposition any anomalies identified. This will include, as appropriate, resolution in the PSEG Corrective Action Program (CAP) -LS-AA-125 - and in the Engineer of Choice (EOC) corrective action program (for the vendor performing the design change package for the PRNM upgrade - Sargent and Lundy).

During installation and acceptance testing, and after installation, both the PSEG CAP and EOC CAP will be used to identify, document, track and resolve anomalies.

2/16/2016 Project specific issues that remain open across project phases are tracked in the task reports. See Section 4.4.2 of the NUMAC Systems Engineering Development Plan. Closure of open items is reviewed as part of subsequent Baseline reviews; open items are resolved and closed prior to completion of the final Baseline review.

c) Section 4.3 states the baseline The SyQA Functional Configuration Audit review team would also review and Checklist (NUMAC System Quality approve development tools. Was Assurance Plan Section 4.4.1) lists tools 10

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response this necessary for the HCGS PRNM that were approved for the associated system? baseline. A SyQA Functional Configuration Audit Checklist is developed for each Baseline.

Tools are approved for use via the Baseline review process for application to a specific project. Tools were used for the HCGS PRNM system development.

d) Section 5.0 describes the use of 3/15/2016 Sui;mlemental Resgonse development tools. BTP 7-14, Section B.3.1.2.3 requires licensee NRG Clarification to provide a description of software BTP 7-14 requires the applicant identify the tools to be used. Please identify the software tools used for the development of software development tools. the system. The NRG staff needs a list and reference of the software tools being used for the development of the HCS NUMAC.

During the call, the licensee noted these tools were described in previous license amendments, if this is the case, then the staff needs the references or ML numbers for the documents that described the software tools. This item is identified in open items: 7d and 9b Resgonse The Hope Creek PRNM system has similar hardware and software designs as previously approved PRNM projects, e.g.,

Grand Gulf and Columbia. Therefore, the software tools for the HCGS PRNM are the same as those previously described for Columbia in NEDC-33685P Revision 2 (ML12040A074) Section 4.4.6.

11

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response 2/16/2016 Tools are selected and approved for use throughout the various phases of project.

The approved tools are documented in the SyQA Functional Configuration Audit Checklists (NUMAC System Quality Assurance Plan Section 4.4.1 ).

G EH provided details on software tools during previous (Grand Gulf and Columbia) projects. See RAI #3 in GNR0-2011/00038 (ML111370259) and Section 4.4.6 in NEDC-33685(ML12040A074).

e) Section 6.0 describes the secure GEH has a procedure for controlling access development and operational to the NUMAC lab; see response to Open environment. This section states Item 6.b.

access to the NUMAC lab is controlled and monitored. But it does not provide details on how these are perform. Please provide detail explanation.

f) Section 6.0 describes the secure GEH has a procedure for access control of development and operational the secure server, see response to Open environment. This section states the Item 6.b.

code is maintained in the secure server. How is access granted to this server?

g) Section B.3.1.2.2 of BTP 7-14 3/15/2016 Su1212lemental Res12onse requires licensee to identify the See open item 6.c.

indicators to determine the success or failure of the development 2/16/2016 processes. This information was not Success or failure is indicated by the provided in the enqineerinq Desiqn Review Summary Report and 12

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response development plan. In addition, Design Review Scorecard.

Appendix A in Appendix K identifies the alignment to NUMAC documents. This table identifies that this information in SyMP (See open item 6.c). Please provide this information.

8. EICB Appendix C, NUMAC Systems Quality Open yes Assurance Plan a) General comment: This plan does 3/15/2016 Sum2lemental Res12onse not cover all the activities identified See open item 6.c and open item 7.b.

in section B.3.1.3 of the BTP 7-14.

Specifically, this plan does not 2/16/2016 describe the corrective action The NUMAC plans augment and program, description of QA supplement the GEH QA Program. As procedures, and indicators to stated in Section 1.0 of the NUMAC determine software quality. Systems Quality Assurance Plan, the GEH Quality Assurance Program encompasses quality assurance related activities such as audits, supplier control, and archiving of quality records. Although not explicitly mentioned, the corrective action program is a component of the GEH Quality Assurance Program.

b) Section 3.0 states unresolved 3/15/2016 Su1212lemental Res12onse configuration items is grounds for See open item 7.b.

failure. How are these issues identified, recorded and tracked? 2/16/2016 Who is responsible for approving Open items are listed in the System Quality resolution of these issues? (see Assurance Configuration Audit Checklist open item 7.b) and tracked in the System Configuration Management Task report (SyEDP 4.4.2).

13

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response The checklist and task report are part of the Baseline Review Records. These records are approved by the baseline review team, which is chaired by the Chief Consulting Engineer.

c) Section 4.4.1 describes the As discussed in response to Question 8.a, oversight activity associated with the GEH Quality Assurance Program has quality assurance. Is the activity other activities. Problems are tracked in described in this section the only accordance with GEH procedures.

oversight activity to be performed?

(This section is marked proprietary so the specific activity is not identified in the question). What happens if problems are identified durinq this oversiqht activity?

9. EICB Software Integration Plan (SlntP) open yes GEH did not submit a separate plan for this. However, GEH (Appendix K) identified the NUMAC documents that cover the requirements for this plan (BTP 7-14, Section B.3.1.4). Based on this information, the staff identified the followinq questions:

a) Section B.3.1.4.2 identifies the G EH does not have a separate software implementation characteristics of integration team, rather software integration the SlntP. His section requires is performed by the design team. Therefore, description of the software the characteristics described in the SyEDP integration activities. GEH for design team activities apply to references SyEDp for this, but integration activities as well. For SyEDP does not provide enough explanation of how measurement is information about the software performed, see response to 6.c.

integration process. Please provide this information.

14

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response b) Section B.3.1.4.3 identifies software 3/15/2016 Sugglemental Resgonse tools. As mentioned in open item See open item 7.d.

7.d, these GEH document do not identify the software tools to be 2/16/2016 used. Please provide this See response to open item 7.d.

information.

10. EICB Software Safety Plan (SSP) open yes The PRNM upgrade is a retrofit system. As GEH did to submit a separate plan for this. a retrofit system, the GEH approach to However, GEH (Appendix K) identified the software safety planning for PRNM is to NU MAC documents that cover the ensure that the safety significance of the requirements for this plan (BTP 7-14, PRNM retrofit is consistent with the design Section B.3.1.9). Based on this information, basis of the replaced system and of the the staff identified the following question: plant. GEH provided details on software Appendix K refers to the IVVP and SyMP safety approach during previous (Grand for the information required in BTP 7-14. Gulf and Columbia) projects. See RAI #1 However, the information identified in these and 2 in GNR0-2011/00039 sources seem to address the hazard (ML111460590) and Section 4.4.1.9 in analysis required by IEEE 102, and not NEDC-33685(ML12040A074).

what is required in BTP 7-14.

The SSP should provide a general description of the software safety effort, and the intended interactions between the software safety organization and the general system safety organization.

11. Appendix D, NUMAC Systems open yes Independent Verification and Validation a) Section 2.1 describes the GEH The Chief Consulting Engineer reports to organization. This section states the the Chief Engineer's Office.

GEH Chief Engineer's office supervises independent V&V activities. However, Appendix D, Figure 2-1 identifies the Chief 15

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Consulting Engineer as the person responsible for V&V activities.

b) Section 3.1.2 describes the safety See response to open item 10.

analysis for the concept phase. It is not clear if this activity will include the preliminary hazard analysis, since it seems to only cover evaluation of the documentation.

c) Is the safety analyses described in Hazard analysis is performed during various each lifecycle phase considered to lifecycle phases as indicated in Appendix K, be the hazard analysis identified in Table 5 for cross-reference of IEEE Std IEEE Std. 1012? If so, will this also 1012 to NUMAC process.

include the risk analysis identified in Project risk management is performed IEEE Std. 1012? during all system life cycle development phases in accordance with the GEH Quality Assurance Program d) Appendix K refers to the IVVP Project risk management is performed Section 4.0 to confirm item during all system life cycle development B.3.1.10.1, risks. Section 4.0 phases in accordance with the GEH Quality describes the baseline process. So Assurance Program. SylVVP Section 4.2 it is not clear how the baseline describes Technical Reviews. Although not process will be used to identify and stated in the SylVVP, the GEH procedure manage risks associated with the for Technical Design Reviews requires risks V&V process. management. SylVVP Section 4.3 describes Baseline Reviews, which are a process check to ensure the project plans are beinq followed.

e) Appendix K refers to several 3/15/2016 Sugglemental Resgonse sections in the IVVP to confirm item See open item 6.c.

B.3.1.10.2, measurement. However, the information provided does not 2/16/2016 clearly define the indicators that will See response to open item 6.c.

be used.

16

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response f) Section B.3.1.10.2, procedures 3/15/2016 Su1212lemental Res12onse requires applicants to describe how See open item 7.b.

anomalies are identified and reported. This information is not 2/16/2016 provide in the plan (See item 11.b Per section 2.2.2 and 2.2.3 of the SylVV, above) the System Verification Engineer and System Safety Analysis Engineer are responsible for documenting results of reviews including anomalies in their respective tasks reports. The task reports are discussed in sections 4.4.1 and 4.4.2.

12. EICB Software Configuration Management Plan open yes SyEDP - section 3.4 specifies configuration (SCMP) management of source code and section 5 specifies configuration management of GEH did to submit a separate plan for this. firmware. Tools are controlled at the However, GEH (Appendix K) identified the baseline in which they are introduced.

NU MAC documents that cover the Configuration Status Accounting includes all requirements for this plan (BTP 7-14, the configurable items.

Section B.3.1.11 ). Based on this information, the staff identified the following question:

Appendix K refers to the SyEDP for the information required in section B.3.1.11.2, procedures. However, the information identified in these sources seem to address only configuration of documents, and not all configuration items (e.g., software tools, source code, etc.). How will GEH control these items?

13. EICB EQ Testing Close no NRC update 03022016: The qualification summary report will provide the information The system equipment qualification (EQ) requested.

test plan was not submitted with the LAR.

17

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Instead the licensee submitted an EQ These items are encompassed by Appendix program in Appendix H. This program H. They are specifically identified in Section states the EQ plans will provide the details 3.3 and qualification approach is discussed on the system to be qualified. Also, that the in Section 5.

EQ program provides guidance to prepare EQ plans, if they are necessary. For this amendment, GEH described design changes for the HVPS, Relay Logic Card, and UFP Display. Therefore, a qualification plan for these components should be submitted. ISG-06, Section D.5.2 describes the information to be provided for the staff to evaluate EQ of l&C systems. Section D.5.2 requires submittal of the EQ plan.

14. EICB EQ Testing Requirements Close no The EQ requirements are based on plant conditions:

Are the EQ requirements based on the plant conditions? From NEDC-33864P Appendix H Section 1.1:

The replacement NUMAC PRNM system is designed to maintain functional operability under conditions specified in the PSEG Hope Creek Generating Station Power Range Neutron Monitoring System (PRNM)

Upgrade Project H-1-SE-KDS-0494

[Reference 7.1 ]. The qualification requirements, the subject of this system qualification program, are further delineated in the NUMAC PRNM System Requirements Specification [Reference 7.2].

Reference 7.2 is provided as NEDC-18

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response 33864P Appendix F Part 1 (NUMAC PRNM System Requirements Specification).

Section 2.5 references Hope Creek specification H-1-SE-KDS-0494; the qualification requirements in Appendix F Part 1 Section 9 are obtained directly from the Hope Creek specification.

15. APHB Section D.9.4, "Technical Evaluation," of Standby- An analysis, consistent with NUREG-0800, Dl&C-ISG-06, Subsection D.9.4.2.14, awaiting Appendix 18-A, will be provided "IEEE Std. 603, Clause 5.14, Human additional demonstrating that the manual operator Factors Considerations," states, in part, information actions remain both feasible and reliable, that the information provided should be from the and the ability to perform the actions reliably sufficient to demonstrate that the guidance licensee within the time available is maintained.

contained in Standard Review Plan, The analysis will be provided in the HCGS Appendix 18-A, has been met. PRNM Electronic Reading Room portal, in the second quarter of 2016.

NUREG-0800, Standard Review Plan, Appendix 18-A, "Crediting Manual Operator PSEG would like to discuss some Actions in Diversity and Defense-in-Depth clarifications concerning A1212endix 18-A:

(D3) Analyses," Revision 0, states, in part, that a diversity and defense-in-depth analysis should include the justification of a. Phase 3 vs Phase 1 required time: If the any operator actions that are credited for required time (and margin to time available) response to an Anticipated Operational has been verified via Phase 3 ISV, is it still Occurrence/Postulated Accident necessary to perform the Phase 1 time concurrent with software Common Cause required estimate?

Failure (CCF). It further states that credited manual operator actions and their b. For the two manual operator action items associated interfaces (controls, displays, from the D3 report the HCGS Operators and alarms) should be specifically have multiple existing indications available.

addressed in the Consequently, PSEG does not need the vendor/licensee/applicant's Human Factors simulator PRNM digital modification to Engineering (HFE) Program. The support the18-A Phase 3 ISV; the existing vendor/licensee/applicant should commit, plant/simulator configuration supports the 19

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response in the defense-in-depth submittal, to ISV. The ISV is scheduled to be completed include the proposed defense-in-depth in March/April 2016. (Note: if simulator coping actions in an HFE Program modifications were required before timing consistent with that described in NUREG- operator actions that could not be done until 0711 and to provide the results of the HFE couple of months before modification Program to the staff prior to implementation implementation, ie 2018) of the proposed action(s).

As stated in NUREG-0800, Appendix 18-A, to credit operator actions, an acceptable method would be to demonstrate that the manual actions in response to a BTP 7-19 software CCF are both feasible and reliable, given the time available, and that the ability of operators to perform credited actions reliably will be maintained for as long as the manual actions are necessary to satisfy the defense-in-depth analysis. Changes in plant design, including those that do not add, change, or delete the credited manual operator actions, may affect the ability of operators to correctly and reliably perform manual actions due to performance shaping factors (e.g., workload, time pressure) or other causes.

Provide information regarding the analysis, consistent with NUREG-0800, Appendix A, that was used to demonstrate that the manual actions remain both feasible and reliable, and the ability to perform the actions reliably within the time available is maintained. The analysis should 20

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response demonstrate that (1) the time available to perform the required manual actions is greater than the time required for the operator(s) to perform the actions, and (2) the operator(s) can perform the actions correctly and reliably in the time available. PSEG should provide sufficient information to demonstrate that the conclusions reached in the previously performed analysis regarding the feasibility and reliability of credited manual operator actions will remain valid in the post-modification environment (i.e., that the time available to perform the required manual actions and the time required to perform such actions will not be adversely affected bv the proposed modification).

16. RA System Requirements New 3/15/2016 The Hope Creek System Requirements Appendix F defines the system Specification (Appendix F) is plant specific.

requirements for the NUMAC PRNM The following discussion elaborates on how system. It is not clear if these requirements the topics from Appendix J are addressed in reflect the system to be installed in HCGS. the Hope Creek specifications.

Specifically, does appendix F include the requirements for the modified components LTR Deviations described in Appendix J?

1. APRM Upscale I OPRM Upscale I APRM lnop. Appendix F1, Section 6.1 reflects this LTR deviation.

NOTE: Appendix J Reference document 001 N5636 can be provided in the reading room portal, if desired. This topic was discussed during previous PRNM projects.

Please see, Enclosure 1 (Section 1.5 and 21

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response Appendix A) of ML12040A073, submitted for Columbia.

2. Time to Calculate Flow-biased Trip Setpoint. This clarifies a statement in the

• LTR but does not affect the NUMAC PRNM design.

NOTE: Appendix J Reference document 001 N5637 can be provided in the reading room portal, if desired. This topic was discussed during a previous PRNM project.

Please see, Enclosure 1 of ML12040A073, submitted for Columbia.

3. Abnormal Conditions Leading to Inoperative Status. Appendix F2, Section 4.3.4.9 reflects this LTR deviation.

NOTE: Appendix J Reference document 001 N5635 can be provided in the reading room portal, if desired. This topic was discussed during a previous PRNM project.

Please see Enclosure 1 of ML12040A073, submitted for Columbia.

4. OPRM Pre-Trip Alarms. Appendix F1, Section 4.3.1.2 reflects this LTR deviation.

NOTE: Appendix J Reference document 001 N5641 can be provided in the reading room portal, if desired. This topic was discussed during a previous PRNM project.

Please see Appendix A (page A-5) of ML101790437, submitted for Grand Gulf (DSS-CD Plant like HCGS).

22

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response

5. Increased Instrument Security.

Appendix F1 Section 4.1 (traceable item 436R) provides the higher level requirement that the system provides a means to adjust user-configurable parameters, and Appendix F2 Section 4.4.14 (traceable item 2345R) incorporates the same feature at the instrument level. That the Hope Creek design implements increased security relative to previous applications may be seen by comparing it to a previous application. Please see Section 4.4.8 of 25A5916, APRM Performance Specification for CGS (Reference 64 and included in Appendix A) - ML12040A074 submitted for Columbia. That design includes an "OPER-SET" function, a function that enables the user to adjust a small number of select parameters after entering a password but without placing the instrument in INOP.

PSEG elected to not include this feature at Hope Creek.

NOTE: Appendix J Reference document 001 N5640 can be provided in the reading room portal, if desired.

6. PRNM System Input Power Source. The deviation does not affect the PRNM design.

Appendix F1 Section 7.5 reflects the type of input power as described in the Hope Creek LAR Attachment 1 Section 4.1. 1 page 28 of 46, which deviates from what is described in the LTR.

NOTE: Appendix J Reference document 23

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response 002N3909 can be provided in the reading room portal, if desired.

Differences from Columbia Generating Station PRNM

1. OPRM Solution. Appendix F1 Section 4.1 (traceable item 225) and 4.3 reflect this difference.

2. Relay Logic Module. The new part is incorporated in schematics and bills of material, which may be placed in the reading room portal if desired. The design function is not changed and therefore does not affect Appendix F.

3. APRM High voltage Power Supply.

Appendix F2 Section 4.4.2 (traceable item 2322) reflects this difference (note that

. Appendix F2 Table 4.3-1 erroneously points to Section 3.3.1 vs 4.4.2 for 'Manual LPRM l/V curve request').

4. Display of Calibration Constants for LPRM Detector and Flow Signals.

Appendix F2 Section 4.4.5 (traceable item 2287) reflects this difference.

5. Instrument Front Panel Display. The new part is incorporated in schematics and bills of material, which may be placed in the reading room portal if desired. The design function is not changed and therefore does 24

DOC-0006-2118 R1 No. Resp. Issue Description Status RAI No. PSEG Response not affect Appendix F.

17. RA System Requirements New 3/15/2016 The requirements marked with brackets in Appendix F defines the system Appendix F are identified for traceability requirements for the NUMAC PRNM purposes. Appendix F also includes several system. There are requirements identified sections that are written in support of the (use of the word SHALL) that do not requirements marked with brackets for include identifiers in brackets (e.g., Section traceability. Section 4 of Appendix F1 5.6). Then there are statements that seems states "The primary system functions of the more description than requirements (e.g., integrated NUMAC PRNM replacement Sections 5.4 and 5.5). Clarify if all sections system are summarized below, followed by are requirements for the system. a specific identification of the safety functions of the system. See Sections 5 and 6 for more details on the input and output requirements discussed in this section." Therefore, Sections 5 and 6 are also considered as requirements although these requirements would not be explicitly traced in downstream documents. For example, it would be cumbersome to establish traceability for the LPRM assignments in Section 5.1. However, each LPRM assignment will be verified and validated in the V&V activities. The bases for the V&V would be Section 5.1 of Appendix F.

18.

25