ML16265A449

From kanterella
Jump to navigation Jump to search

Regulatory Audit Plan for October 3-6, 2016, at General Electric - Hitachi in Support of License Amendment Request to Upgrade Hope Creek Generating Station'S Power Range Neutron Monitoring System to a Digital Power Range Neutron Monitoring
ML16265A449
Person / Time
Site: Hope Creek PSEG icon.png
Issue date: 09/28/2016
From: Carleen Parker
Plant Licensing Branch 1
To: Sena P
Public Service Enterprise Group
Parker C, NRR/DORL/LPLI-II, 415-1603
References
CAC MF6768
Download: ML16265A449 (9)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 September 28, 2016 Mr. Peter P. Sena, Ill President PSEG Nuclear LLC - N09 P.O. Box 236 Hancocks Bridge, NJ 08038

SUBJECT:

REGULATORY AUDIT PLAN FOR OCTOBER 3- 6, 2016, AT GE HITACHI IN SUPPORT OF LICENSE AMENDMENT REQUEST TO UPGRADE HOPE CREEK GENERATING STATION'S POWER RANGE NEUTRON MONITORING SYSTEM TO A DIGITAL POWER RANGE NEUTRON MONITORING SYSTEM (CAC NO. MF6768)

Dear Mr. Sena:

By letter dated September 21, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15265A223), as supplemented by letter dated November 19, 2015 (ADAMS Accession No. ML15323A268), PSEG Nuclear LLC (PSEG) submitted a license amendment request (LAR) for the Hope Creek Generating Station (HCGS). The proposed amendment would allow for the replacement and upgrade of the existing analog Average Power Range Monitor subsystem of the Neutron Monitoring System with GE Hitachi digital Nuclear Measurement Analysis and Control (NUMAC) Power Range Neutron Monitoring (PRNM) system. The PRNM upgrade also includes Oscillation Power Range Monitor capability and will allow full Average Power Range Monitor, Rod Block Monitor, Technical Specification Improvement Program implementation. This upgrade will also include application of Technical Specification Task Force (TSTF) Traveler TSTF-493, Revision 4, "Clarify Application of Setpoint Methodology for LSSS Functions" (ADAMS Accession No. ML092150990), to affected PRNM functions. By letter dated September 12, 2016 (ADAMS Accession No. ML16256A639), PSEG submitted Phase 2 of the LAR.

To support its review of the LAR, the U.S. Nuclear Regulatory Commission staff plans to conduct a regulatory audit at the GE Hitachi, Castle Hayne, North Carolina, site from October 3 - 6, 2016, to (1) gain a better understanding of the NU MAC development life cycle processes to support the staff review of the PRNM system for use at HCGS, and (2) confirm the staff's understanding of this application. In addition, this audit could inform future regulatory actions involving NUMAC product-based safety-related instrumentation and control systems.

P. Sena, Ill If you have any questions, please contact me at (301) 415-1603 or Carleen.Parker@nrc.gov.

Sincerely, r~

C~. P r er, Project Manager Plant Licens1 Branch 1-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-354

Enclosure:

Audit Plan cc w/enclosure: Distribution via Listserv

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 REGULATORY AUDIT PLAN FOR AUDIT AT GE HITACHI TO SUPPORT REVIEW OF THE LICENSE AMENDMENT REQUEST TO INSTALL A DIGITAL NUCLEAR MEASUREMENT ANALYSIS AND CONTROL POWER RANGE NEUTRON MONITOR SYSTEM FOR HOPE CREEK GENERATING STATION PSEG NUCLEAR LLC DOCKET NO. 50-354

Background

By letter dated September 21, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15265A223), as supplemented by letter dated November 19, 2015 (ADAMS Accession No. ML15323A268), PSEG Nuclear LLC (PSEG, the licensee) submitted a license amendment request (LAR) for the Hope Creek Generating Station (HCGS). The proposed amendment would allow for the replacement and upgrade of the existing analog Average Power Range Monitor subsystem of the Neutron Monitoring System with GE Hitachi (GEH) digital Nuclear Measurement Analysis and Control (NUMAC) Power Range Neutron Monitoring (PRNM) system. The PRNM upgrade also includes Oscillation Power Range Monitor capability and will allow full Average Power Range Monitor, Rod Block Monitor, Technical Specification Improvement Program implementation. This upgrade also will include application of Technical Specification Task Force (TSTF) Traveler TSTF-493, Revision 4, "Clarify Application of Setpoint Methodology for LSSS Functions," to affected PRNM functions.

By letter dated September 12, 2016 (ADAMS Accession No. ML16256A639), PSEG submitted Phase 2 of the LAR.

Regulatory Audit Basis To support its review of the LAR, the U.S. Nuclear Regulatory Commission (NRC) staff will conduct an audit at the GEH facility in Castle Hayne, North Carolina. This audit will be conducted in accordance with the Office of Nuclear Reactor Regulation Office Instruction LIC-111, "Regulatory Audits." The purpose of this audit is to (1) gain a better understanding of the NUMAC development life cycle processes to support the staff's review of the PRNM system for use at HCGS, and (2) confirm the staff's understanding of this application. In addition, this audit could inform future regulatory actions involving NUMAC product-based safety-related instrumentation and control systems.

Enclosure

The basis of this audit is the HCGS PRNM system LAR and the following regulations:

  • Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Appendix A General Design Criteria (GDC) 1, "Quality standards and records," requires structures, systems, and components important to safety be designed, fabricated, erected, and tested to quality standards commensurate with the importance of the safety functions to be performed.
  • GDC 10, "Reactor design," requires the reactor core and associated coolant, control, and protection systems be designed with appropriate margin to assure that specified acceptable fuel design limits are not exceeded during any condition of normal operation, including the effects of anticipated operational occurrences.
  • GDC 12, "Suppression of reactor power oscillations," requires the reactor core and associated coolant, control, and protection systems to be designed to assure that power oscillations, which can result in conditions exceeding specified acceptable fuel design limits are not possible or can be reliably and readily detected and suppressed.
  • GDC 13, "Instrumentation and control," requires that instrumentation shall be provided to monitor variables and systems over their anticipated ranges for normal operation, for anticipated operational occurrences, and for accident conditions, as appropriate, to assure adequate safety, including those variables and systems that can affect the fission process, the integrity of the reactor core, the reactor coolant pressure boundary, and the containment and its associated systems. Appropriate controls shall be provided to maintain these variables and systems within prescribed operating ranges.
  • GDC 20, "Protective system functions," requires the protection system be designed (1) to initiate automatically the operation of appropriate systems, including the reactivity control systems, to assure that specified acceptable fuel design limits are not exceeded as a result of anticipated operational occurrences and (2) to sense accident conditions and to initiate the operation of systems and components important to safety.
  • GDC 21, "Protection system reliability and testability," requires that the system be designed for high functional reliability and inservice testability, with redundancy and independence sufficient to preclude loss of the protection function from a single failure and preservation of minimum redundancy, despite removal from service of any component or channel.
  • GDC 22, "Protection system independence," requires that the system be designed so that natural phenomena, operating, maintenance, testing, and postulated accident conditions do not result in loss of the protection function.
  • GDC 23, "Protection system failure modes," requires that the system be designed to fail to a safe state in the event of conditions such as disconnection, loss of energy, or postulated adverse environments.
  • GDC 24, "Separation of protection and control systems," requires that interconnection of the protection and control systems be limited to assure safety in case of failure or removal from service of common components.
  • 10 CFR 50.55 requires, in part, that structures, systems, and components subject to the standards in 10 CFR 50.55a must be designed, fabricated, erected, constructed, tested, and inspected to quality standards commensurate with the importance of the safety function to be performed.
  • 10 CFR 50.55a(h) requires that the protection systems meet the Institute of Electrical and Electronics Engineers (IEEE) Standard 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations," Section 4.2, which discusses the general functional requirement for independence of protection systems to assure they satisfy the single failure criterion.

Regulatory Audit Scope The following will be reviewed to verify by an independent evaluation that the NUMAC-based PRNM system to be used at HCGS conforms to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process. A review of activities associated with the establishment of a secure development environment will also be conducted.

  • Software Verification and Validation (V&V) - Verify the NUMAC application software V&V program meets IEEE Standard 1012-2012, "IEEE Standard for System and Software Verification and Validation," and the V&V program is implemented in a manner that reliably verifies and validates the design outputs at each stage of the NUMAC software development process.
  • Configuration Management - Verify the configuration management system has the appropriate hardware and software under configuration management, and the configuration management system is effectively controlling the items under configuration management. A review of the Detect and Suppress - Confirmation Density (DSS-CD) plant applicability checklist determinations will also be performed as part of this activity.
  • Software Quality Assurance - Verify the software quality assurance program is effective in controlling the software development process to assure quality of NUMAC application software.
  • Software Safety - Verify that software safety plans and procedures used for safety analysis activities are adequate to determine that PRNM software meets applicable criteria for safety-related nuclear power plant operations.
  • Secure Development Environment - The audit team will evaluate the NUMAC systems development environment. The results of this audit activity will be used to determine conformance to the secure development environment requirements of Regulatory

Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants" (ADAMS Accession No. ML102870022).

  • Review CPU Board Anomalies - Review identified anomalies of the NUMAC central processing unit (CPU) board. Evaluate the effectiveness of corrective action programs in identifying the scope and severity, determining causes, and initiating corrective measures to address the issue.

Information Needed for the Regulatory Audit The following documentation and supporting materials need to be reviewed to complete this audit. The NRC requests that these materials be available to the audit team upon arrival at the GEH facility.

  • NEDC-3241 OP-A, "Nuclear Measurement Analysis and Control Power Range Neutron Monitor (NUMAC PRNM) Retrofit Plus Option Ill Stability Trip Function, Volumes 1 & 2,"

October 1995 (9605290009-Proprietary).

  • NED0-11209, Revision 11, "GE Hitachi Nuclear Energy Quality Assurance Program Description," February 12, 2015 (ADAMS Accession No. ML15043A414).
  • NEDC-33075P-A, Revision 8, "Licensing Topical Report GE Hitachi Boiling Water Reactor Detect and Suppress Solution - Confirmation Density," November 19, 2013 (ADAMS Accession No. ML13324A098 (Proprietary) and ADAMS Accession No. ML13324A099 (Non-Proprietary)).
  • NED0-32465-A, "Licensing Topical Report, Reactor Stability Detect and Suppress Solutions Licensing Basis Methodology for Reload Applications, Class I, August 1996 (ADAMS Accession No. ML14093A210).
  • Access to the current HCGS Project Traceability Matrix Note: Non-docketed licensee information will not be removed from the audit site.

Team Assignments/Resource Estimates The resource estimate for this audit visit is approximately 75 hours8.680556e-4 days <br />0.0208 hours <br />1.240079e-4 weeks <br />2.85375e-5 months <br /> of direct audit effort. The NRC staff performing this audit will be:

  • Rossnyev Alvarado, Technical Reviewer Logistics This audit will be conducted at the GEH NUMAC facilities in Castle Hayne, North Carolina. The audit will begin at 8:00 a.m. on Monday, October 3, 2016, and conclude on Thursday, October 6, 2016, at 5:00 p.m. The audit may extend to Friday, October 7, 2016, if necessary, to complete required audit tasks. The NRC's tentative schedule for the audit is as follows:

Monday (8:00 a.m. - 5:30 p.m.)

  • Entrance meeting - NRG staff: Provide brief overview of HCGS PRNMS upgrade.

Discuss background information pertaining to NUMAC development process evolution.

Review purpose of audit.

  • GEH presentation of CPU board issue.
  • Review documentation, including root cause analysis and corrective measures being taken for CPU board anomaly.

Tuesday (8:00 a.m. - 5:30 p.m.)

  • Establish documentation flow processes and review requirements traceability matrix.
  • Audit team to jointly work on selected requirements threads to evaluate effectiveness of NUMAC software development processes.
  • Make appointments for interviews to be conducted on Wednesday.

Wednesday (8:00 a.m. - 5:30 p.m.)

  • Morning meeting between NRG staff and GEH to discuss activities and logistics for the day.
  • Review of NUMAC documentation/continue thread reviews.
  • Review DSS-CD plant applicability checklist determinations and basis documentation.

(Reference NEDC-33075P-A, Table 6-1 and Table 6-2).

  • Conduct scheduled interviews with key GEH personnel.
  • NRG staff internal meeting - discuss audit observations, need for additional information or additional audit activities. Forward followup questions to GEH.

Thursday (8:00 a.m. - 5:00 p.m.)

  • Review meeting to discuss current open item list and request for additional information responses.
  • NRG staff internal meeting - identification/resolution of any open items.

4:00 p.m. - Exit meeting: NRG staff - general overview of observations and identification of any open items.

Deliverables At the conclusion of the audit, the NRG staff will conduct an exit briefing and provide a summary of audit results in each subject area defined in the audit scope. The NRG staff plans on preparing a regulatory audit summary within 90 days of the completion of the audit.

Bibliography Licensee Documentation

1. PSEG LAR dated September 21, 2015 (ADAMS Accession No. ML15265A224).
2. PSEG LAR supplemental letter dated November 19, 2015 (ADAMS Accession No. ML16172A012).

NRG Guidance

1. Standard Review Plan (NUREG-0800), Chapter 7, "Instrumentation and Controls."
2. Regulatory Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants."
3. Regulatory Guide 1.153, Revision 1, "Criteria for Safety Systems."
4. Regulatory Guide 1.168, Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants."
5. Regulatory Guide 1.169, "Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants."
6. Regulatory Guide 1.173, dated September 1997, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants."

Industry Standards

1. NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," dated April 2010.
2. IEEE Standard 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations."
3. IEEE Standard 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations."
4. IEEE Standard 828-1990, "IEEE Standard for Software Configuration Management Plans."
5. ANSI/IEEE Standard 1042-1987, "IEEE Guide to Software Configuration Management."
6. IEEE Standard 1012-1998, "IEEE Standard for Software Verification and Validation."
7. IEEE Standard. 1028-1997, "IEEE Standard for Software Reviews and Audits."
8. IEEE Standard 1074-1995, "IEEE Standard for Developing Software Life Cycle Processes."

P. Sena, Ill If you have any questions, please contact me at (301) 415-1603 or Carleen.Parker@nrc.gov.

Sincerely, IRA/

Carleen J. Parker, Project Manager Plant Licensing Branch 1-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-354

Enclosure:

Audit Plan cc w/enclosure: Distribution via Listserv DISTRIBUTION:

PUBLIC RidsNrrDssStsb Resource LPL 1-2 R/F RidsNrrDssSrxb Resource RidsACRS_MailCTR Resource RidsNrrDraAphb Resource RidsRgn1 MailCenter Resource RStattel, NRR RidsNrrDorlLpl1-2 Resource RAlvarado, NRR RidsNrrLALRonewicz Resource GThomas, NRR RidsNrrPMHopeCreek Resource DSaenz, NRR RidsNrrDeEicb Resource MChernoff, NRR VHuckabay, NRR ADAMS Access1on No.: ML16265A449 t d

  • b1y e-ma1., dae OFFICE DORL/LPLl-2/PM DORL/LPLl-2/LA DE/El CB/BC* DORL/LPLl-2/BC DORL/LPLl-2/PM NAME CParker LRonewicz MWaters DBroaddus CParker DATE 9/22/2016 9/23/2016 9/20/2016 9/28/2016 9/28/2016 OFFICIAL RECORD COPY
Retrieved from "https://kanterella.com/w/index.php?title=ML16265A449&oldid=2510355"