ML16266A031
| ML16266A031 | |
| Person / Time | |
|---|---|
| Site: | Hope Creek  |
| Issue date: | 09/22/2016 |
| From: | Carleen Parker Plant Licensing Branch 1 |
| To: | Duke P, Bernard Thomas Public Service Enterprise Group |
| Parker C | |
| References | |
| MF6768 | |
| Download: ML16266A031 (8) | |
Text
NRR-PMDAPEm Resource From: Parker, Carleen Sent: Thursday, September 22, 2016 8:13 AM To: Duke, Paul R. (Paul.Duke@pseg.com); Thomas, Brian J. (Brian.Thomas@pseg.com)
Cc: Stattel, Richard; Alvarado, Rossnyev; Huckabay, Victoria; Thomas, George; Saenz, Diego; Chernoff, Margaret; Vu, Hang
Subject:
Updated Draft Hope Creek Audit Plan for GEH Related to the PRNM LAR (MF6768)
Attachments: Draft Final Audit Plan.pdf Good Morning, Attached is the updated draft audit plan for the staffs audit at GEH related to the Hope Creek PRNM LAR. The updated audit plan reflects the change in dates and scope.
Please let me know if you have any questions.
Thank you, Carleen Carleen Parker Project Manager -
Hope Creek and Salem Plant Licensing Branch I-2 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission (301)415-1603 carleen.parker@nrc.gov 1
Hearing Identifier: NRR_PMDA Email Number: 3079 Mail Envelope Properties (Carleen.Parker@nrc.gov20160922081200)
Subject:
Updated Draft Hope Creek Audit Plan for GEH Related to the PRNM LAR (MF6768)
Sent Date: 9/22/2016 8:12:57 AM Received Date: 9/22/2016 8:12:00 AM From: Parker, Carleen Created By: Carleen.Parker@nrc.gov Recipients:
"Stattel, Richard" <Richard.Stattel@nrc.gov>
Tracking Status: None "Alvarado, Rossnyev" <Rossnyev.Alvarado@nrc.gov>
Tracking Status: None "Huckabay, Victoria" <Victoria.Huckabay@nrc.gov>
Tracking Status: None "Thomas, George" <George.Thomas@nrc.gov>
Tracking Status: None "Saenz, Diego" <Diego.Saenz@nrc.gov>
Tracking Status: None "Chernoff, Margaret" <Margaret.Chernoff@nrc.gov>
Tracking Status: None "Vu, Hang" <Hang.Vu@nrc.gov>
Tracking Status: None "Duke, Paul R. (Paul.Duke@pseg.com)" <Paul.Duke@pseg.com>
Tracking Status: None "Thomas, Brian J. (Brian.Thomas@pseg.com)" <Brian.Thomas@pseg.com>
Tracking Status: None Post Office:
Files Size Date & Time MESSAGE 590 9/22/2016 8:12:00 AM Draft Final Audit Plan.pdf 182433 Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date:
Recipients Received:
DRAFT REGULATORY AUDIT PLAN FOR AUDIT AT GENERAL ELECTRIC - HITACHI TO SUPPORT REVIEW OF THE LICENSE AMENDMENT REQUEST TO INSTALL A DIGITAL NUCLEAR MEASUREMENT ANALYSIS AND CONTROL POWER RANGE NEUTRON MONITOR SYSTEM FOR HOPE CREEK GENERATING STATION PSEG NUCLEAR LLC SALEM NUCLEAR GENERATING STATION, UNIT NOS. 1 AND 2 DOCKET NO. 50-354
Background
By letter dated September 21, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15265A223), as supplemented by letter dated November 19, 2015 (ADAMS Accession No. ML15323A268), PSEG Nuclear LLC (PSEG) submitted a license amendment request (LAR) for the Hope Creek Generating Station (HCGS). The proposed amendment would allow for the replacement and upgrade of the existing analog Average Power Range Monitor sub-system of the Neutron Monitoring System with General Electric-Hitachi (GEH) digital Nuclear Measurement Analysis and Control (NUMAC) Power Range Neutron Monitoring (PRNM) system. The PRNM upgrade also includes Oscillation Power Range Monitor capability and will allow full Average Power Range Monitor, Rod Block Monitor, Technical Specification Improvement Program implementation, and will include application of Technical Specification Task Force (TSTF) Traveler-493, Revision 4, Clarify Application of Setpoint Methodology for LSSS Functions, to affected PRNM functions. By letter dated September 12, 2016 (ADAMS Accession No. ML16256A639) PSEG submitted Phase 2 of the LAR.
Regulatory Audit Basis To support its review of the LAR, the NRC staff will conduct an audit at the GEH facility in Castle Hayne, North Carolina. This audit will be conducted in accordance with NRR Office Instruction LIC-111, Regulatory Audits. The purpose of this audit is to gain a better understanding of the NUMAC development life cycle processes to support the staffs review of the PRNM system for use at HCGS, to confirm the staffs understanding of this application and to inform future regulatory actions involving NUMAC product based safety related instrumentation and control systems.
DRAFT
The basis of this audit is the HCGS PRNM system license amendment request and the following regulations and regulatory guidance:
x Title 10 of the Code of Federal Regulations (10 CFR) Part 50 establishes the fundamental regulatory requirements with respect to the domestic licensing of nuclear production and utilization facilities. Specifically, Appendix A, General Design Criteria for Nuclear Power Plants, to 10 CFR Part 50 provides, in part, the necessary design, fabrication, construction, testing, and performance requirements for structures, systems, and components important to safety.
x General Design Criteria (GDC) - 1, Quality standards and records, requires structures, systems, and components important to safety to be designed, fabricated, erected, and tested to quality standards commensurate with the importance of the safety functions to be performed.
x GDC - 10, Reactor design, requires the reactor core and associated coolant, control, and protection systems be designed with appropriate margin to assure that specified acceptable fuel design limits are not exceeded during any condition of normal operation, including the effects of anticipated operational occurrences.
x GDC - 12, Suppression of reactor power oscillations, requires the reactor core and associated coolant, control, and protection systems to be designed to assure that power oscillations which can result in conditions exceeding specified acceptable fuel design limits are not possible or can be reliably and readily detected and suppressed.
x GDC - 13, Instrumentation and control, requires that instrumentation shall be provided to monitor variables and systems over their anticipated ranges for normal operation, for anticipated operational occurrences, and for accident conditions as appropriate to assure adequate safety, including those variables and systems that can affect the fission process, the integrity of the reactor core, the reactor coolant pressure boundary, and the containment and its associated systems. Appropriate controls shall be provided to maintain these variables and systems within prescribed operating ranges.
x GDC - 20, Protective system functions, requires the protection system be designed (1) to initiate automatically the operation of appropriate systems including the reactivity control systems, to assure that specified acceptable fuel design limits are not exceeded as a result of anticipated operational occurrences and (2) to sense accident conditions and to initiate the operation of systems and components important to safety.
x GDC 21, "Protection system reliability and testability," requires that the system be designed for high functional reliability and in service testability, with redundancy and independence sufficient to preclude loss of the protection function from a single failure and preservation of minimum redundancy despite removal from service of any component or channel.
x GDC 22, "Protection system independence," requires that the system be designed so that natural phenomena, operating, maintenance, testing and postulated accident conditions do not result in loss of the protection function.
x GDC 23, "Protection system failure modes," requires that the system be designed to fail to a safe state in the event of conditions such as disconnection, loss of energy, or postulated adverse environments.
x GDC 24, "Separation of protection and control systems," requires that interconnection of the protection and control systems be limited to assure safety in case of failure or removal from service of common components.
x GDC 29, Protection against anticipated operational occurrences, requires that protection and reactivity control systems shall be designed to assure an extremely high probability of accomplishing their safety functions in the event of anticipated operational occurrences.
x 10 CFR 50.55, requires in part that structures, systems, and components subject to the standards in 10 CFR 50.55a must be designed, fabricated, erected, constructed, tested, and inspected to quality standards commensurate with the importance of the safety function to be performed.
x 10 CFR 50.55a(h) requires that the protection systems meet IEEE 279. Section 4.2 of IEEE 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations, discusses the general functional requirement for independence of protection systems to assure they satisfy the single failure criterion.
Regulatory Audit Scope The objective of this audit is to verify, via an independent evaluation, the NUMAC based PRNM system to be used at HCGS conforms to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process. A review of activities associated with the establishment of a secure development environment will also be conducted.
Audit Requirements x Software Verification and Validation (V&V) - Verify the NUMAC application software V&V program meets the requirements of IEEE Std. 1012, IEEE Standard for Software Verification and Validation, and the V&V program is implemented in a manner which reliably verifies and validates the design outputs at each stage of the NUMAC software development process.
x Configuration Management - Verify the configuration management system has the appropriate hardware and software under configuration management, and the configuration management system is effectively controlling the items under configuration management. A review of DSS-CD Plant Applicability Checklist determinations will also be performed as part of this activity.
x Software Quality Assurance - Verify the Software Quality Assurance (SQA) program is effective in controlling the software development process to assure quality of NUMAC application software.
x Software Safety - Verify that software safety plans and procedures used for safety analysis activities are adequate to determine that PRNM software is safe to be used for safety related nuclear power plant operations.
x Secure Development Environment - The audit team will evaluate the NUMAC systems development environment. The results of this audit activity will be used to determine conformance to the secure development environment requirements of RG 1.152, Revision 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.
x Review CPU Board Anomalies - Review identified anomalies of NUMAC CPU board.
Evaluate effectiveness of corrective action programs in identifying the scope and severity, determining causes and initiating corrective measures to address the issue.
Information Needed for the Regulatory Audit The following documentation and supporting materials will be required for performance of this audit. The NRC requests that these documents be available to the audit team upon arrival at the GEH facility.
x NEDC-32410P-A, Nuclear Measurement Analysis and Control Power Range Neutron Monitor (NUMAC PRNM) Retrofit Plus Option III Stability Trip Function, Volumes 1 & 2 ,
October 1995 (9605290009-Propritary);
x NEDO-11209 Revision 11, GE Hitachi Nuclear Energy Quality Assurance Program Description, February 12, 2015 (ADAMS Accession No. ML15043A414);
x NEDC-33075P-A, Rev. 8, Licensing Topical Report GE Hitachi Boiling Water Reactor Detect and Suppress, November 19, 2013 (ADAMS Accession No. ML13324A098 (Proprietary) and ML13324A099 (Non-Proprietary); and x NEDO-32465-A, Licensing Topical Report, Reactor Stability Detect and Suppress Solutions Licensing Basis Methodology for Reload Applications, Class I, August 1996 (ADAMS Accession No. ML072260045).
The audit staff also requires access to the current HCGS Project Traceability Matrix in order to observe that applicable functional requirements are correctly implemented in the PRNM system.
Note: Non-docketed licensee information will not be removed from the audit site.
Team Assignments / Resource Estimates The resource estimate for this audit visit is approximately 75 hours8.680556e-4 days <br />0.0208 hours <br />1.240079e-4 weeks <br />2.85375e-5 months <br /> of direct audit effort. The NRC staff performing this audit will be:
x Richard Stattel, Audit Leader x Rossnyev Alvarado, Technical Reviewer Logistics This Audit will be conducted at the GEH NUMAC facilities in Castle Hayne, North Carolina. The audit will begin at 8:00 am on Monday Oct 3, 2016 and conclude on Thursday Oct 6, 2016 at 5:00 pm. The audit may extend to Friday October 7th if necessary to complete required audit tasks. Our tentative schedule for the audit is as follows:
Monday, (8:00 am - 5:30 pm) x Entrance meeting - NRC staff: Provide brief overview of HCGS PRNMS upgrade.
Discuss background information pertaining to NUMAC development process evolution.
Review purpose of audit.
x GEH presentation of CPU Board Issue.
x Review documentation including root cause analysis and corrective measures being taken for CPU board anomaly.
Tuesday, (8:00 am - 5:30 pm) x Establish Documentation Flow processes and review requirements traceability matrix.
x Audit team to jointly work on selected requirements threads to evaluate effectiveness of NUMAC software development processes.
x Make appointments for interviews to be conducted on Wednesday.
Wednesday, (8:00 am - 5:30 pm) x Morning meeting between NRC staff and GEH to discuss activities and logistics for the day x Review of NUMAC documentation / Continue Thread reviews.
x Review DSS-CD Plant Applicability Checklist determinations and basis documentation.
(Reference NEDC-33075P-A Table 6-1, & 6-2) x Conduct scheduled interviews with key GEH personnel x NRC staff internal meeting - Discuss audit observations, need for additional information or additional audit activities. Forward follow-up questions to GEH.
Thursday, (8:00 am - 5:00 pm) x Review meeting to discuss current open item list and RAI responses.
x NRC staff internal meeting - identification / resolution of any open items 4:00 pm - Exit meeting: NRC staff - general overview of observations & identification of any open items Deliverables At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope. The NRC staff plans on preparing a regulatory audit summary within 90 days of the completion of the audit.
References:
Licensee Documentation
- 1. PSEG LAR dated September 21, 2015 (ADAMS Accession No. ML15265A224).
- 2. PSEG LAR supplemental dated November 19, 2015 (ADAMS Accession No. ML16172A012).
NRC Guidance:
- 3. Standard Review Plan (NUREG-0800), Chapter 7, Instrumentation and Controls.
- 4. Regulatory Guide 1.152, Revision 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.
- 5. Regulatory Guide 1.153, Revision 1, Criteria for Safety Systems.
- 6. Regulatory Guide 1.168, Revision 1, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
- 7. Regulatory Guide 1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
- 8. Regulatory Guide 1.173, dated September 1997, Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.
Industry Standards:
- 9. NEI 08-09, dated April 2010, Cyber Security Plan for Nuclear Power Reactors, Revision 2.
- 10. IEEE Std. 7-4.3.2-2003, IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations.
- 11. IEEE Std. 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations.
- 12. IEEE Std. 828-1990, IEEE Standard for Software Configuration Management Plans.
- 13. ANSI/IEEE Std. 1042-1987, IEEE Guide to Software Configuration Management.
- 14. IEEE Std. 1012-1998, IEEE Standard for Software Verification and Validation.
- 15. IEEE Std. 1028-1997, IEEE Standard for Software Reviews and Audits.
- 16. IEEE Std. 1074-1995, IEEE Standard for Developing Software Life Cycle Processes.