Text

D.7 Communications D.7.1 Scope of Review The scope of the review includes the following:

• Communication within safety systems (e.g., within channels and divisions, between channels and divisions)

• Communication between safety and non-safety systems

• Any methods used for communication of data between equipment, including hardwiring and serial communication D.7.2 Information to be Provided The licensees submittal should provide documentation to explain and justify the use of communication, including hardwiring and serial data communication. This discussion shall include those aspects of the design that maintain data independence between channels and divisions.

The licensees submittal should demonstrate communication features provided meet the criteria The licensees submittal should provide documentation to support and justify the ability of the digital I&C system to limit the effect of malfunctions. The documentation should provide justification to allow the conclusion that the communication provided meets the standards of IEEE Std 603-1991 Clause 5.6, IEEE Std 7-4.3.2 Clause 5.6, DI&C-ISG-04, and address the electrical isolation concerns of BTP 7-11. The LAR should provide a detailed discussion of where communications are applied, the nature of those communications, and the features of the system that provide the ability to preclude or to cope with malfunctions.

D.7.3 Regulatory Evaluation

1. IEEE Std 603-1991 Clause 5.6 provides requirements for Independence. SRP, Chapter 7, Appendix 7.1-C, Section 5.6 Independence provides acceptance criteria for this requirement, and among other guidance, provides additional acceptance criteria for communications independence.

2. IEEE Std 7-4.3.2-2003, as endorsed by Regulatory Guide 1.152 Revision 3, Clause 5.6, Independence, provided guidance on how IEEE Std 603 requirements can be met by digital systems.

3. BTP 7-11 provides guidance for the application and qualification of isolation devices. BTP 7-11 applies to the use of electrical isolation devices to allow connections between redundant portions of safety systems or between safety and non-safety systems.

4. SRP Section 7.9, Data Communications Systems, also contains guidance for data communication systems.

5. DI&C-ISG-04 Rev. 1, Highly-Integrated Control Rooms - Communication Issues, (ADAMS Accession No. ML083310185).

D.7.4 Technical Evaluation The systems communication pathways should be evaluated determine if a malfunction in one channel and division of the safety system can adversely affect the safety function. The systems communication pathways should be evaluated to determine if a malfunction in connected non-safety digital equipment can adversely affect the safety function. The systems communication pathways should be evaluated to conclude that a malfunction in a safety system cannot affect other safety systems The technical evaluation should address each applicable section of DI&C-ISG-04, and should show that to determine whether the system is or is not in compliancecomplies with each clause.

Sections that are not applicable do not require detailed compliance evaluations, with a documented justification. Applicants should however provide an explanation for why criteria do not apply to enable NRC evaluators to forego the associated reviews. For those clauses where the system does not comply with the guidance provided in DI&C-ISG-04, the NRC staff should review the supplied justification for each proposed alternative, and assess whether the alternative meets regulatory requirements provided in Section D.7.3. It should be noted that Section 3 applies to workstations without regard to whether they are 1) permanently installed or portable; 2) provide direct or indirect control of safety equipment (e.g., non-safety workstations that interface with other safety workstations to control safety equipment); and 3) provide control of safety equipment through means other than direct data communications (e.g., translation of data communication signals to hardwired signals through use of associated circuits to the safety system).

In regards to the text in DI&C-ISG-04 that requires communications features in safety systems to cope with any operation, malfunction, design error, communication error or software error or corruption, the NRC evaluators should review that the LAR submittals include the following:

1. For those LARs referencing an NRC-approved topical report, verify that the Formatted: List Paragraph, Numbered + Level: 1 communications issues have been reviewed and resolved in the approved topical report + Numbering Style: 1, 2, 3, + Start at: 1 +

and SE. Alignment: Left + Aligned at: 0.25" + Indent at:

0.5", Tab stops: Not at 1" + 1.5" + 2"

2. For communications hazards that are not resolved by the approved topical report, confirm that the hazards analysis, for the plant-specific system, hardware and/or application software, evaluates and documents the communication issues and concerns that apply to the proposed I&C system design.

3. For communications hazards that are not resolved by the approved topical report, confirm that the vendor provides requirements that address the potential issues and concerns documented in the hazards analysis for the plant-specific system, hardware and/or application software.

4. For communications hazards that are not resolved by the approved topical report, confirm that the communication issues and concerns are addressed in the hazards analysis for proposed plant-specific design.

D.7.5 Conclusion The NRC staff should review the design and implementation of digital I&C systems to determine if data communication meets the requirements of IEEE Std 603-1991. The NRC staff should review the design and implementation of digital I&C systems to determine if data communication conforms to the guidance of IEEE Std 7-4.3.2 (as endorsed by RG 1.152) and DI&C-ISG-04, or

that the licensee has provided an acceptable alternative. The NRC staff should determine if the proposed digital I&C upgrade is acceptable with respect to data communications