ML16242A006
| ML16242A006 | |
| Person / Time | |
|---|---|
| Site: | Hope Creek  |
| Issue date: | 08/25/2016 |
| From: | Carleen Parker Plant Licensing Branch 1 |
| To: | Duke P, Bernard Thomas Public Service Enterprise Group |
| References | |
| MF6768 | |
| Download: ML16242A006 (8) | |
Text
NRR-PMDAPEm Resource From: Parker, Carleen Sent: Thursday, August 25, 2016 2:50 PM To: Duke, Paul R. (Paul.Duke@pseg.com); Thomas, Brian J. (Brian.Thomas@pseg.com)
Cc: Stattel, Richard; Alvarado, Rossnyev; Huckabay, Victoria; Thomas, George; Saenz, Diego; Chernoff, Margaret; Vu, Hang
Subject:
Updated Draft Hope Creek Audit Plan for GEH Related to the PRNM LAR (MF6768)
Attachments: Hope Creek Audit Plan (EMV).pdf Good Afternoon, Attached is the updated draft audit plan for the staffs audit at GEH related to the Hope Creek PRNM LAR. The updated audit plan reflects the change in dates, the removal of the Architectural Diagram reference, and the current audit team members.
Please let me know if you have any questions.
Thank you, Carleen Carleen Parker Project Manager -
Hope Creek and Salem Plant Licensing Branch I-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission (301)415-1603 carleen.parker@nrc.gov 1
Hearing Identifier: NRR_PMDA Email Number: 3011 Mail Envelope Properties (Carleen.Parker@nrc.gov20160825144900)
Subject:
Updated Draft Hope Creek Audit Plan for GEH Related to the PRNM LAR (MF6768)
Sent Date: 8/25/2016 2:49:58 PM Received Date: 8/25/2016 2:49:00 PM From: Parker, Carleen Created By: Carleen.Parker@nrc.gov Recipients:
"Stattel, Richard" <Richard.Stattel@nrc.gov>
Tracking Status: None "Alvarado, Rossnyev" <Rossnyev.Alvarado@nrc.gov>
Tracking Status: None "Huckabay, Victoria" <Victoria.Huckabay@nrc.gov>
Tracking Status: None "Thomas, George" <George.Thomas@nrc.gov>
Tracking Status: None "Saenz, Diego" <Diego.Saenz@nrc.gov>
Tracking Status: None "Chernoff, Margaret" <Margaret.Chernoff@nrc.gov>
Tracking Status: None "Vu, Hang" <Hang.Vu@nrc.gov>
Tracking Status: None "Duke, Paul R. (Paul.Duke@pseg.com)" <Paul.Duke@pseg.com>
Tracking Status: None "Thomas, Brian J. (Brian.Thomas@pseg.com)" <Brian.Thomas@pseg.com>
Tracking Status: None Post Office:
Files Size Date & Time MESSAGE 672 8/25/2016 2:49:00 PM Hope Creek Audit Plan (EMV).pdf 176749 Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date:
Recipients Received:
U.S. NUCLEAR REGULATORY COMMISSION INSTRUMENTATION AND CONTROLS BRANCH HOPE CREEK GENERATING STATION REGULATORY AUDIT PLAN FOR GENERAL ELECTRIC - HITACHI NUMAC POWER RANGE NEUTRON MONITORING SYSTEM (PRNM) SYSTEM
Background
The U.S. Nuclear Regulatory Commission (NRC) staff is currently engaged in a review of a digi-tal PRNM system replacement for the Hope Creek Generating Station (HCGS). By letter dated September 21, 2015, PSEG Nuclear LLC (PSEG), the licensee, submitted a license amendment request (LAR) (Agencywide Document Access and Management System (ADAMS) Accession No. ML15265A224) to support the installation of a digital General Electric - Hitachi (GEH) Nu-clear Measurement Analysis and Control (NUMAC) Power Range Neutron Monitor (PRNM) sys-tem for Hope Creek Generating Station (HCGS). The LAR requested NRC review and approval of the proposed design.
Regulatory Audit Basis To support its safety evaluation, the NRC Instrumentation and Controls Branch (EICB) will con-duct an audit at the GEH facility in Castle Hayne, North Carolina. This audit will be conducted in accordance with NRR Office Instruction LIC-111, Regulatory Audits. The purpose of this audit is to gain a better understanding of the NUMAC development life cycle processes to support the safety evaluation of the PRNM system for use at HCGS, to confirm the staffs understanding of this application and to inform future regulatory actions involving NUMAC product based safety related instrumentation and control systems.
The basis of this audit is the HCGS PRNM system license amendment request and the follow-ing regulations and regulatory guidance:
x 10 CFR 50.55a (a)(1), Quality Standards requires that structures, systems, and compo-nents must be designed, fabricated, erected, constructed, tested, and inspected to qual-ity standards commensurate with the importance of the safety function to be performed.
x 10 CFR 50.55a(h) requires that the protection systems meet IEEE 279. Section 4.2 of IEEE 279-1971 discusses the general functional requirement for independence of pro-tection systems to assure they satisfy the single failure criterion.
x Title 10 of the Code of Federal Regulations (10 CFR) Part 50 establishes the fundamen-tal regulatory requirements with respect to the domestic licensing of nuclear production and utilization facilities. Specifically, Appendix A, General Design Criteria for Nuclear Power Plants, to 10 CFR Part 50 provides, in part, the necessary design, fabrication, construction, testing, and performance requirements for structures, systems, and compo-nents important to safety.
x General Design Criteria (GDC) - 1, Quality standards and records, requires structures, systems, and components important to safety to be designed, fabricated, erected, and
tested to quality standards commensurate with the importance of the safety functions to be performed.
x GDC - 10, Reactor design, requires the reactor core and associated coolant, control, and protection systems be designed with appropriate margin to assure that specified ac-ceptable fuel design limits are not exceeded during any condition of normal operation, including the effects of anticipated operational occurrences.
x GDC - 12, Suppression of reactor power oscillations, requires the reactor core and as-sociated coolant, control, and protection systems to be designed to assure that power oscillations which can result in conditions exceeding specified acceptable fuel design limits are not possible or can be reliably and readily detected and suppressed.
x GDC - 13, Instrumentation and control, requires that instrumentation shall be provided to monitor variables and systems over their anticipated ranges for normal operation, for anticipated operational occurrences, and for accident conditions as appropriate to assure adequate safety, including those variables and systems that can affect the fission pro-cess, the integrity of the reactor core, the reactor coolant pressure boundary, and the containment and its associated systems. Appropriate controls shall be provided to main-tain these variables and systems within prescribed operating ranges.
x GDC - 20, Protective system functions, requires the protection system be designed (1) to initiate automatically the operation of appropriate systems including the reactivity con-trol systems, to assure that specified acceptable fuel design limits are not exceeded as a result of anticipated operational occurrences and (2) to sense accident conditions and to initiate the operation of systems and components important to safety.
x GDC 21, "Protection System Reliability and Testability," requires that the system be de-signed for high functional reliability and in service testability, with redundancy and inde-pendence sufficient to preclude loss of the protection function from a single failure and preservation of minimum redundancy despite removal from service of any component or channel.
x GDC 22, "Protection System Independence," requires that the system be designed so that natural phenomena, operating, maintenance, testing and postulated accident condi-tions do not result in loss of the protection function.
x GDC 23, "Protection System Failure Modes," requires that the system be designed to fail to a safe state in the event of conditions such as disconnection, loss of energy, or postu-lated adverse environments.
x GDC 24, "Separation of Protection and Control Systems," requires that interconnection of the protection and control systems be limited to assure safety in case of failure or re-moval from service of common components.
x GDC 29, Protection against anticipated operational occurrences, requires that protec-tion and reactivity control systems shall be designed to assure an extremely high proba-bility of accomplishing their safety functions in the event of anticipated operational occur-rences.
Regulatory Audit Scope The objective of this audit is to verify, via an independent evaluation, the NUMAC based PRNM system to be used at HCGS conforms to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle pro-cess. A review of activities associated with the establishment of a secure development environ-ment will also be conducted.
Audit Requirements x Software Verification and Validation (V&V) - Verify the NUMAC application software V&V program meets the requirements of IEEE Std. 1012, IEEE Standard for Software Verification and Validation and the V&V program is implemented in a manner which reli-ably verifies and validates the design outputs at each stage of the NUMAC software de-velopment process.
x Configuration Management - Verify the configuration management system has the ap-propriate hardware and software under configuration management, and the configuration management system is effectively controlling the items under configuration manage-ment. A review of DSS-CD Plant Applicability Checklist determinations will also be performed as part of this activity.
x Software Quality Assurance - Verify the Software Quality Assurance (SQA) program is effective in controlling the software development process to assure quality of NUMAC application software.
x Software Safety - Verify that software safety plans and procedures used for safety anal-ysis activities are adequate to determine that PRNM software is safe to be used for safety related nuclear power plant operations.
x Secure Development Environment - The audit team will evaluate the NUMAC systems development environment. The results of this audit activity will be used to determine conformance to the secure development environment requirements of RG 1.152, Revi-sion 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.
Information Needed for the Regulatory Audit The following documentation and supporting materials will be required for performance of this audit. The NRC requests that these documents be available to the audit team upon arrival at the GEH facility.
x NEDC-32410P-A, Nuclear Measurement Analysis and Control Power Range Neutron Monitor (NUMAC PRNM) Retrofit Plus Option III Stability Trip Function, Volumes 1 & 2 ,
October 1995 (9605290009-Propritary) x NEDO-11209 Revision 11, GE Hitachi Nuclear Energy Quality Assurance Program Description, February 12, 2015 (ADAMS Accession No. ML15043A414)
x NEDO-33075P-A, Rev. 8, Licensing Topical Report GE Hitachi Boiling Water Reactor Detect and Suppress, November 19, 2013 (ADAMS Accession No. ML13324A098 (Proprietary) and ML13324A099 (Non-Proprietary) x NEDO-32465-A, Licensing Topical Report, Reactor Stability Detect and Suppress Solutions Licensing Basis Methodology for Reload Applications, Class I, August 1996 (ADAMS Accession No. ML072260045)
The audit staff also requires access to the current HCGS Project Traceability Matrix in order to observe that applicable functional requirements are correctly implemented in the PRNM system.
Note: Non-docketed licensee information will not be removed from the audit site.
Team Assignments / Resource Estimates The resource estimate for this audit visit is approximately 75 hours8.680556e-4 days <br />0.0208 hours <br />1.240079e-4 weeks <br />2.85375e-5 months <br /> of direct audit effort. The NRC staff performing this audit will be:
x Richard Stattel (Audit Leader) x Rossnyev Alvarado ((Technical Reviewer)
Logistics This Audit will be conducted at the GEH NUMAC facilities in Castle Hayne, North Carolina. The audit will begin at 8:00 am on Tuesday Oct 4, 2016 and conclude on Thursday Oct 6, 2016 at 5:00 pm. Our tentative schedule for the audit is as follows:
Tuesday, (8:00 am - 5:30 pm) x Entrance meeting - NRC staff: Provide brief overview of HCGS PRNMS upgrade. Dis-cuss background information pertaining to NUMAC development process evolution. Re-view purpose of audit.
x Establish Documentation Flow processes and review requirements traceability matrix.
x Audit team to jointly work on selected requirements threads to evaluate effectiveness of NUMAC software development processes.
x Make appointments for interviews to be conducted on Wednesday.
Wednesday, (8:00 am - 5:30 pm) x Morning meeting between NRC staff and GEH to discuss activities and logistics for the day x Review of NUMAC documentation / Continue Thread reviews.
x Review DSS-CD Plant Applicability Checklist determinations and basis documentation.
(Reference NEDC-33075P-A Table 6-1, & 6-2) x Conduct scheduled interviews with key GEH personnel x NRC staff internal meeting - Discuss audit observations, need for additional information or additional audit activities. Forward follow-up questions to GEH.
Thursday, (8:00 am - 5:00 pm) x Review meeting to discuss current open item list and RAI responses.
x NRC staff internal meeting - identification / resolution of any open items 4:00 pm - Exit meeting: NRC staff - general overview of observations & identification of any open items
Deliverables At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope. The NRC Regulatory Audit Report will be issued by November 30, 2016.
References:
Licensee Documentation:
LR-N15-0178, License Amendment Request - Digital Power Range Neutron Monitoring (PRNM) System Upgrade, dated 21 September 2015. (ADAMS Accession No. ML15265A224), and appendices (ADAMS Accession No. ML15265A226)
Supplemental information - License Amendment Request - Digital Power Range Neutron Monitoring (PRNM) System Upgrade (ADAMS Accession No. ML16172A012)
NRC Guidance:
Standard Review Plan (NUREG-0800), Chapter 7, Instrumentation and Controls.
Regulatory Guide 1.152, Revision 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.
Regulatory Guide 1.153, Revision 1, Criteria for Safety Systems.
Regulatory Guide 1.168, Revision 1, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
Regulatory Guide 1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
Regulatory Guide 1.173, dated September 1997, Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
Industry Standards:
NEI 08-09, dated April 2010, Cyber Security Plan for Nuclear Power Reactors, Revision 2.
IEEE Std. 7-4.3.2-2003, IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations.
IEEE Std. 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations.
IEEE Std. 828-1990, IEEE Standard for Software Configuration Management Plans.
ANSI/IEEE Std. 1042-1987, IEEE Guide to Software Configuration Management.
IEEE Std. 1012-1998, IEEE Standard for Software Verification and Validation.
IEEE Std. 1028-1997, IEEE Standard for Software Reviews and Audits.
IEEE Std. 1074-1995, IEEE Standard for Developing Software Life Cycle Processes.