ML18016B023
| ML18016B023 | |
| Person / Time | |
|---|---|
| Issue date: | 01/31/2018 |
| From: | Lynnea Wilkins NRC/NRR/DLP/PLPB |
| To: | |
| Wilkins L, NRR/DLP, 301-415-1377 | |
| References | |
| Download: ML18016B023 (31) | |
Text
ML17277B643 Enclosure IAP - Revision 2 NUCLEAR REGULATORY COMMISSION Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure Updated: 12/15/2017 Issued: 1/31/2018
ML17277B643 IAP - Revision 2 Contents Summary........................................................................................................................................ 5 1.0 Introduction............................................................................................................................... 6 2.0 Background.............................................................................................................................. 6 3.0 Updating Processes for this Integrated Action Plan................................................................. 7 4.0 Detailed Modernization Plans................................................................................................... 8 MP #1. Protection against Common Cause Failure................................................................. 10 Introduction............................................................................................................................ 10 Background........................................................................................................................... 10 Objectives.............................................................................................................................. 12 Actions................................................................................................................................... 13 Status.................................................................................................................................... 16 Potential Regulatory Challenges and Policy Issues.............................................................. 16 Interactions with other Action Plan Items.............................................................................. 16 MP #2. Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59.... 16 Introduction............................................................................................................................ 16 Background........................................................................................................................... 17 Objectives.............................................................................................................................. 18 Actions................................................................................................................................... 18 Status.................................................................................................................................... 18 Potential Regulatory Challenges and Policy Issues.............................................................. 19 Interactions with Other Action Plan Items............................................................................. 19 MP #3. Acceptance of Digital Equipment................................................................................. 19 Introduction............................................................................................................................ 19 Background........................................................................................................................... 20 Objectives.............................................................................................................................. 21 Actions................................................................................................................................... 21 Status.................................................................................................................................... 22 Potential Regulatory Challenges and Policy Issues.............................................................. 23 Interactions with other Action Plan Items.............................................................................. 23 MP #4. Assessment for Modernization of the Instrumentation & Controls Regulatory Infrastructure............................................................................................................................. 23 Introduction............................................................................................................................ 23
ML17277B643 IAP - Revision 2 Background........................................................................................................................... 24 Objectives.............................................................................................................................. 24 Actions................................................................................................................................... 25 Status.................................................................................................................................... 26 Potential Regulatory Challenges and Policy Issues.............................................................. 27 Interactions with other Action Plan Items.............................................................................. 28 Appendix A.................................................................................................................................. 1
- concurrence via e-mail OFFICE NRR/DLP/PLPB/LA*
NRR/DLP/PLPB/BC*
NRO/DEI/ICE/BC*
NAME DHarrison DMorey IJung DATE 1/22/18 1/23/18 1/26/18 OFFICE NRO/DE/ICEEB/BC*
RES/DE*
NRR/DE/EICB/BC*
NAME RJenkins BThomas MWaters DATE 1/26/18 1/29/18 1/30/18 OFFICE NRO/DEI*
NRR/DE*
NRR/DLP/PLPB/PM NAME RCaldwell EBenner LWilkins DATE 1/29/18 1/26/18 1/31/18
ML17277B643 IAP - Revision 2 Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure Summary As identified in SECY-16-00701, the U.S. Nuclear Regulatory Commission (NRC or the Commission) staff continues to update and modify the integrated action plan (IAP) as a living document. This revision to the IAP maintains the Staff Requirements Memorandum (SRM) to SECY-15-01062, direction to develop an integrated strategy to modernize the NRC's digital instrumentation and control (l&C) regulatory infrastructure. Additionally, consistent with Commission direction, this revision updates the strategy for engaging external stakeholders to reach a common understanding of digital I&C regulatory challenges, priorities, and potential solutions to address them. The plan considers the broad context of digital l&C regulatory challenges and includes related activities being pursued by the staff. The plan has been revised using NRC staff and external stakeholder input. In resolving the regulatory challenges, the plan continues to provide for frequent public and stakeholder interactions. A senior management steering committee (SC) oversees the resolution of digital I&C regulatory challenges identified within the plan. As the IAP is implemented and the modernization plans are accomplished, the staff will submit any recommended changes to NRC policies to the Commission.
The staff, in coordination with stakeholders, continues to update key topics including Protection Against Common Cause Failure, Digital I&C Upgrades and Replacements under Title 10 of the Code of Federal Regulations (10 CFR) Section 50.59, Commercial Grade Dedication of Off-the-Shelf Digital Equipment for Safety Related Applications, and Licensing Process Improvements that have the greatest tactical impact, in the near-term, in addressing regulatory challenges and improving timeliness, efficiency, and effectiveness. These key topics have resulted in corresponding detailed modernization programs that are defined herein. The staff will prioritize and implement the regulatory activities, including building upon those in the first three key topics, needed to provide tactical regulatory clarity and support industry confidence to perform digital I&C upgrades.
The longer-term goal is to evaluate and strategically implement the follow-on steps for continued improvement of the NRCs digital I&C regulatory infrastructure. The infrastructure improvements will result in a state in which the nuclear power industry can perform digital upgrades under the 10 CFR 50.59 licensing process or, where necessary, obtain regulatory approval to use digital technology that provides for adequate safety and security through processes that are efficient, minimize uncertainty, and can be consistently applied across different technologies. The staff will review and modify the current regulatory infrastructure to be more performance-based and flexible by using new methods in the most effective way and updating the regulatory infrastructure to acknowledge changes in the technology, the way it is developed, and how it is used. The staff will evaluate the results of implementation of the tactical activities and, with continued stakeholder interaction, will develop a performance-based, 1 SECY-16-0070, Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure (Agencywide Documents Access and Management System (ADAMS) Accession No. ML16126A140) 2 SRM-SECY-15-0106, Proposed Rule: Incorporation by Reference of Institute of Electrical and Electronics Engineers Standard 603-2009, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations (ADAMS Accession No. ML16056A614).
ML17277B643 IAP - Revision 2 technology-neutral regulatory infrastructure that will anticipate the evolution and future development of digital I&C technology as it is applied to nuclear technologies.
For the longer-term items (Modernization of the Digital I&C Regulatory Infrastructure), the staff will identify actions needed to implement a simpler, streamlined, scalable, and agile I&C regulatory infrastructure that will reduce the implementation risks by allowing NRC approval earlier in the process.
This effort will also improve the clarity of the priorities and sequencing of further improvements with consideration of the objectives of transparency, regulatory stability and predictability, effective consideration of the cumulative effects of regulation, and efficient and effective use of limited NRC resources.
The staff developed a strategy to modernize the NRCs regulatory infrastructure. This strategy will serve as a learning platform, to identify needs for future improvements in NRCs regulatory and guidance framework and acknowledge ongoing changes in the technology. The staff will engage the public and relevant stakeholders in the improvement of license reviews and other regulatory processes to develop a performance based, technology-neutral regulatory infrastructure.
The details of this updated plan continue to reflect the integrated strategy consistent with the Commission-directed attributes in SRM-SECY-15-0106 as listed in Section 2.0 of this document.
This IAP is a living document. It is updated based on progress made on related activities and modified, if necessary, based on Commission direction and new information.
1.0 Introduction This document provides the staffs IAP for modernizing the digital I&C regulatory infrastructure as approved by the Commission in SRM-SECY-16-0070. This IAP will help ensure safety and security while improving the predictability and consistency of the agencys regulatory process for licensing and oversight of digital I&C systems. This plan builds upon ongoing regulatory activities, stakeholder feedback concerning the previous version of the action plan, and specific Commission direction in SRM-SECY-15-0106 to modernize the digital I&C regulatory infrastructure. The staff is working with industry to produce implementable guidance for use in early 2018.
2.0 Background
On February 25, 2016, the Commission issued SRM-SECY-15-0106, which disapproved the staff's recommendation to publish for comment in the Federal Register a proposed rule which would incorporate by reference into 10 CFR 50.55a the Institute of Electrical and Electronics Engineers (IEEE) Standard (Std.) 603-2009, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations. This proposed rule had included, along with the incorporation by reference of IEEE Std. 603-2009, additional conditions for addressing digital hazards analysis, independence, and digital communications.
In the SRM, the Commission directed the staff to develop an integrated strategy, with proposed implementation milestones, to modernize the NRC's digital I&C regulatory infrastructure. In developing an IAP, the Commission directed the staff to consider the broader context of digital I&C regulatory challenges and include all related activities being pursued by the staff including
ML17277B643 IAP - Revision 2 incorporation by reference of IEEE Std. 603-2009, updates to the policy on common cause failure (CCF) in SRM-SECY-93-087, and development of guidance for 10 CFR 50.59 evaluations of digital I&C upgrades.
The Commission also directed the staff to engage in public workshops and meetings with the relevant IEEE standards setting committee, licensees, vendors, and other external stakeholders to reach a common understanding of the digital I&C regulatory challenges, priorities, and potential solutions to address them. The Commission also directed the development of the plan to be guided by the following principles:
The staff's plan should include the establishment of a senior management SC to oversee resolution of digital I&C regulatory challenges.
Any new or revised requirements addressed in the action plan should be performance-based rather than prescriptive.
Digital I&C safety requirements should be technology neutral, however, guidance should be tailored, if necessary.
The same requirements should apply to operating and new reactors.
The guidance should focus on acceptable approaches to complying with requirements and may include specific technology-focused provisions. If only one approach is acceptable to the staff to ensure safety based on current understanding, and this approach is appropriately technology neutral and performance-based, then it should be included in a requirement rather than in guidance.
The NRC requirements and guidance should not pose an unnecessary impediment to advancement in nuclear applications of digital technology.
On October 25, 2016, the Commission issued SRM-SECY-16-00703, which approved the implementation of the staffs IAP to modernize the NRCs digital instrumentation and control regulatory infrastructure. As identified in the above text, this plan includes continued engagement with stakeholders on the development of the 2018 version of IEEE Std. 603, in lieu of adopting the 2009 standard.
3.0 Updating Processes for this Integrated Action Plan The digital I&C SC was established to provide senior management oversight of the formulation of the strategy and execution of this action plan to modernize the digital I&C regulatory infrastructure.
The SC is comprised of division directors with management responsibility for I&C technology in the Office of Nuclear Reactor Regulation (Chairperson), Office of New Reactors, and the Office of Nuclear Regulatory Research. The SC is supplemented as needed with members from the Office of Nuclear Material Safety and Safeguards (NMSS) and the Office of Nuclear Security and Incident Response (NSIR). The SC ensures appropriate management focus on the resolution of regulatory issues and enhancement initiatives.
The SC will periodically assess the status and effectiveness of this IAP consistent with the Commission direction in SRM-SECY-15-0106, and evaluate the progress of meeting the overall objectives of the modernization of the NRCs I&C regulatory infrastructure. The SC will be supported by managers and staff in the offices with expertise and shared responsibility in the 3 SRM-SECY-16-0070, Staff Requirements - SECY-16-0070 - Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure (ADAMS Accession No. ML16299A157)
ML17277B643 IAP - Revision 2 field of digital I&C. This IAP will be implemented and updated by the respective NRC line organizations under the supervision of the SC. Ownership of each modernization plan will be assigned to appropriate NRC office leads. This IAP will be updated semi-annually to indicate progress made within each activity, so that the document can also be used as a reporting/briefing tool. Changes to the modernization plans that are identified during these periodic reviews shall be agreed upon by the SC.
4.0 Detailed Modernization Plans The following four Modernization Plans (MPs) will be used to resolve regulatory challenges, provide confidence to licensees, and modernize the I&C regulatory infrastructure. Detailed plans have been developed for each activity and updated for this revision based on lessons learned and interfaces between NRC Offices and industry stakeholders. These activities are inter-related and the NRC working groups will ensure integration and coordination on common issues.
- 1. Protection against Common Cause Failure. This modernization plan addresses developing guidance for using effective qualitative assessments of the likelihood of failures, along with coping and/or bounding analysis for addressing CCFs, use of defensive design measures for eliminating CCF from further consideration, and staff evaluation of the NRCs existing positions on defense against CCF. The NRCs current position on CCF is guided by SRM-SECY-93-087 and Standard Review Plan (SRP)
Branch Technical Position (BTP) 7-19. The NRCs current position allows the use of sufficient diversity and simple designs which provide for complete testability of components to eliminate the potential for software CCF from further consideration in a defense-in-depth and diversity analysis. However, the current guidance is not clear regarding the applicability of criteria for using coping analysis and other defensive measures for eliminating CCF from further consideration.
Based on continuous reevaluations of work scope and priorities, MP #1 has been divided into the following sub-sections to allow for focused product development:
A. Develop clarifying guidance for evaluating (using a qualitative assessment process) and documenting the proposed use of design attributes, and quality design processes to address CCF when replacing or modifying lower risk-significant safety system auxiliary and/or support digital I&C systems (e.g., chiller control systems) under 10 CFR 50.59.
B. Evaluate NEIs proposed guidance in NEI 16-16 for addressing CCF in digital I&C systems, based on the application of key design measures for preventing, limiting, or mitigating the effects of potential CCF that are to be incorporated during the development process.
C. Propose modifications to NRCs current position on protection of digital I&C systems and components against CCF. This modification will include: (1) a clarification of the scope of systems intended to be addressed under the position; and (2) examination of the technical acceptability for using a graded approach based on risk significance or safety significance.
- 2. Considering Digital Instrumentation & Controls in accordance with 10 CFR 50.59.
This activity addresses the need for clarity of mutual industry and staff understanding
ML17277B643 IAP - Revision 2 that NRC guidance is being properly translated into industry actions for performing 10 CFR 50.59 evaluations of proposed digital I&C plant modifications. Under existing guidance for the 10 CFR 50.59 screening and evaluation of digital I&C systems, several licensees have improperly performed or documented the technical bases for 10 CFR 50.59 analyses for modifications of I&C systems using digital technologies.
Industry stakeholders have stated they are hesitant to pursue the deployment of digital I&C upgrades through changes under the 10 CFR 50.59 process because of regulatory uncertainty. The objective of this effort is to ensure there is adequate guidance with sufficient clarity for staff and stakeholder understanding of how to adequately document the performance of 10 CFR 50.59 evaluations of digital I&C upgrades.
- 3. Acceptance of Digital Equipment. This activity will support improved guidance for acceptance of commercial grade digital equipment. Many digital I&C and other digital equipment that is readily available in the marketplace was not designed specifically for use in nuclear facilities and has not been designed, developed, and fabricated in accordance with NRC quality assurance criteria (as defined in Appendix B to 10 CFR Part 50).
This plan consists of activities intended to evaluate the suitability of additional guidance and industry standards to determine whether the NRC should accept third party certifications based on industry consensus standards to accept commercial grade digital equipment for use in nuclear safety-related applications.
The staff recently endorsed guidance for the commercial grade dedication (CGD) acceptance method in RG 1.164, Dedication of Commercial-Grade Items for Use in Nuclear Power Plants (previously draft guide (DG)-1292), including specific reference to digital equipment. The staff will engage with stakeholders to better understand current challenges, potential benefits, and evaluate recommended solutions concerning acceptance of commercial grade digital equipment.
- 4. Modernization of the Instrumentation & Control Regulatory Infrastructure. The objective of this effort is to perform a comprehensive modernization assessment to identify further improvements to the regulatory infrastructure (regulations and guidance) and develop plans for accomplishing such improvements. The staff will assess progress on the first three MPs in the action plan and the list of topics provided in Appendix A of this plan to determine the appropriate sequencing of activities based on meeting the following key objectives:
A. Prioritize and implement the complete set of regulatory activities, including building upon those in the first three MPs, needed to provide tactical regulatory clarity and support industry confidence to perform digital I&C upgrades. These activities will include but may not be limited to: a) implementing an updated CCF position into technical guidance for use both in concert with endorsed 10 CFR 50.59 change authority guidance and additional licensing guidance improvements, b) improving licensing guidance through evaluating lessons learned from review of license applications, and reconsidering the need for inclusion of factory acceptance test results within the scope of supporting application material, and c) developing inspection guidance for digital I&C upgrades performed under 10 CFR 50.59 and license application approvals.
ML17277B643 IAP - Revision 2 The staff has initially identified these additional topic areas as being necessary to meet objective 4A and will seek stakeholder feedback in identifying the complete list of activities from its review of all activities listed in Appendix A. The staff will develop detailed schedules for additional, high-priority tactical topics during the comprehensive modernization assessment.
The staff will implement revised guidance to improve the efficiency of the license application review process. Also, the staff will work with industry stakeholders to identify efficiency metrics for new application reviews. The staff is updating the guidance in Digital I&C Interim Staff Guidance (DI&C-ISG)-06, Licensing Process as a specific tactical activity to streamline the efficiency and effectiveness of licensing reviews.
B. Identify actions needed to implement a simpler, streamlined, and agile I&C regulatory infrastructure that will ensure safety and security while effectively addressing larger scale digital I&C upgrades to operating reactors and the I&C designs for new and advanced reactors. The outcome will also improve clarity regarding the interrelationships between the regulatory issues, the priorities and sequencing of further improvements, and the supporting research that is needed to accomplish such improvements to meet both objectives.
Completion of the modernization efforts will ensure safety and security and result in greater regulatory efficiency, predictability, and agility in addressing strategic digital I&C applications by the nuclear industry. Both the tactical and strategic goals of the IAP involve the development of technical bases to support resolution of identified technical issues. The development of the technical basis to support the comprehensive modernization activities in MP #4B will likely require relatively greater research activities.
MP #1. Protection against Common Cause Failure Introduction This modernization plan describes the activities and schedule for addressing methods for evaluating the potential for a CCF, which could lead to safety-significant consequences. The occurrence of CCF can compromise functional independence across redundant channels or divisions, across echelons of defense, across operator displays and monitored elements, and other layers of defense. As part of modernizing the NRCs digital I&C regulatory infrastructure, the staff is evaluating the NRCs existing positions on acceptable defenses against CCF within digital I&C systems and measures that can be applied to prevent, or mitigate against postulated CCF events occurring within digital I&C safety and non-safety systems.
=
Background===
The Commission provided its current direction to the staff regarding protection against CCF in Digital I&C systems in its Staff Requirements Memorandum SRM-SECY-93-087 item II.Q. The SRM provides specific acceptance criteria for the evaluation of CCF, which the staff implemented in SRP BTP 7-19. Item II.Q of the SRM includes the following position: The applicant shall assess the defense-in-depth and diversity of the proposed instrumentation and control system to demonstrate that vulnerabilities to common mode failures have adequately been addressed. The intent behind the application of the defense-in-depth and diversity (D3) philosophy in digital I&C safety systems is to protect against residual unknowns (beyond design
ML17277B643 IAP - Revision 2 basis) such as latent engineering development (including software) deficiencies.
SRM-SECY-93-087 does not specify the criteria which must be evaluated to eliminate from further consideration the potential of a latent software deficiency in a defense-in-depth and diversity analysis. However, the staff review guidance in SRP BTP 7-19 includes two criteria, which, if satisfied, can be used to eliminate from further consideration the potential for software CCF, based on a demonstration that adequate internal diversity exists, or based on assurance that the systems are sufficiently simple that all possible logic failure paths can be tested for and shown to be non-existent. The staffs position was last communicated to the Commission in SECY-09-0061, Status of the Nuclear Regulatory Commission Staff Efforts to Improve the Predictability and Effectiveness of Digital Instrumentation and Control Reviews (ADAMS Accession No. ML090790409).
Representatives of the nuclear industry (hereinafter referred to as industry) have stated that the current digital I&C licensing and oversight process for power and non-power reactors is cumbersome, inefficient, and/or unpredictable. In particular, they have suggested the current guidance to perform digital I&C plant modifications is insufficiently detailed regarding: a) how to address the potential for introduction of new forms of CCF (e.g., potential plant vulnerabilities from having identical redundant digital I&C divisions, or mistakes made or errors introduced by processes for implementing configuration changes); b) how to acceptably analyze and document the safety impact of any new instances of potential CCF; and c) how conclusions from this analysis may be acceptably applied in licensing activities.
Further, licensees have stated that the current regulatory treatment and acceptance criteria dealing with the potential for CCF in the analysis of digital I&C systems has been problematic.
Specifically, they have stated that the proper application of the screening criteria for simple systems as identified in SRP BTP 7-19 regarding 100 percent testability, and the lack of a graded approach based on risk significance or safety significance, place a high burden for demonstrating that adequate digital I&C system development processes have been employed, especially for systems containing local embedded digital I&C components. Therefore, the resolution of CCF concerns is the lead technical issue and a critical enabler for successfully addressing other issues related to digital I&C. Industry stakeholders are seeking clearer NRC staff guidance on methods for analysis of the potential for CCF of digital I&C systems. In addition, industry is seeking a more risk-informed, consequence-based regulatory infrastructure that removes uncertainty, ambiguity, and overlap in requirements and enables technical consistency.
In April 2016, industry submitted its comments to the draft digital I&C IAP which included recommendations to resolve CCF concerns. Industry agrees with the staff that review of the CCF concerns is a high-priority regulatory issue. In its recommendations, industry proposed use of and greater reliance upon development practices and deterministic defensive measures within digital I&C systems to minimize the impact of potential CCF. Specifically, they suggested the staff credit development practices and deterministic defensive measures within digital I&C systems that play a part in assuring that CCF will be unlikely.
The staff previously endorsed NEI-developed guidance (NEI 01-01, Guideline on Licensing Digital Upgrades: EPRI [Electric Power Research Institute] TR [Technical Report] -102348, Revision 1, NEI 01-01: A Revision of EPRI TR-102348 to Reflect Changes to the 10 CFR 50.59
[Code of Federal Regulations, Title 10, Section 50.59, Changes, tests and experiments]
Rule.). This document provides guidance for designing, implementing, and licensing plant modifications that employ digital I&C components and systems. In its endorsement of the use of that guidance (Regulatory Issue Summary (RIS) 2002-22, ADAMS Accession
ML17277B643 IAP - Revision 2 No. ML023160044), the staff found the guidance to be acceptable for designing a digital replacement for equipment currently installed, and for determining whether the modification can be implemented under 10 CFR 50.59 without prior staff approval. However, during inspections of modification documentation prepared by some licensees, the staff has found inconsistencies in the evaluation of proposed modifications and inadequacies in the documentation of the technical bases for responses made to the 10 CFR 50.59 evaluation criteria. The staff plans to clarify its previous endorsement of the NEI 01-01 guidance by providing additional guidance for developing and documenting acceptable qualitative assessments of the characteristics of proposed designs that may be used, to credit proposed system critical design attributes, quality processes employed, inherent system level defense-in-depth, and available operating history when assessing the likelihood of failure of the proposed digital modification while performing evaluations of the proposed modification under 10 CFR 50.59. This clarification of the staffs previous endorsement of NEI 01-01 will appear in RIS 2002-22, Supplement 1, which is now under development. This document has been issued via the Federal Register for public comments. In all, 13 sets of public comments totaling more than 100 comments were received in response. The staff is currently updating this supplemental guidance to address the public and stakeholder comments.
The staff also plans to evaluate an industry-proposed guidance document outlining a technical basis for application of such development practices and defensive measures. The staff is attempting to ascertain how the effectiveness of applying such measures may be assessed, and whether the criteria and methodology for crediting them can be consistently applied. Also, industry representatives recommended the use of previous plant licensing basis analyses to demonstrate that the consequences of a potential CCF are bounded.
The staff will consider the recommendations proposed by industry as part of the broader effort to develop a technical basis evaluating the current NRC position and evaluation of the alternatives available to resolve CCF concerns.
Objectives The objectives of MP #1 are to:
A. Produce durable guidance for evaluating and documenting the proposed use of design attributes, quality design processes, operating history to address CCF when replacing or modifying lower risk-significant safety system auxiliary and/or support digital I&C systems (e.g., main control room chiller control systems), in the form of a supplement to RIS 2002-22, clarifying the staffs previous endorsement of NEI 01-01. This RIS supplement is aimed at supporting the upgrade of lower risk-significant digital upgrades under 10 CFR 50.59, and is not intended to address potential CCF evaluation issues associated with the implementation of protection systems or I&C-based engineered safety features initiation logic systems, which are addressed in SRP BTP 7-19 and NUREG/CR-6303, Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems. This guidance will identify clarifications to the staffs endorsement of currently used digital I&C CCF technical evaluation process guidance for use by NRC and licensees.
B. Evaluate NEIs proposed guidance in NEI 16-16 for addressing CCF in digital I&C systems, based on the application of key design measures for preventing, limiting, or mitigating CCF that are incorporated during the development process. The NRC staff will evaluate the industry proposal to use such defensive design measures, as
ML17277B643 IAP - Revision 2 described in NEI 16-16, to ascertain whether there is adequate technical justification to preclude the need for performance of a D3 analysis for lower risk and safety significant applications. The staff will evaluate the acceptability for use of a graded approach based on the risk significance of potential CCF. The staff will also evaluate the proposed guidance for assessing credible CCF malfunctions with coping and bounding assessments. If industrys proposal is deemed technically acceptable and provides reasonable assurance of adequate protection, the staff will develop a document to convey its endorsement, in whole or in part, of the NEI 16-16 guidance.
C. Propose modifications to NRCs current position on protection of digital I&C systems and components against CCF. This modification will include: (1) a clarification of the scope of systems intended to be addressed under the position; and (2) examination of the technical acceptability for using a graded approach based on risk significance or safety significance. The results of activities completed while addressing MP #1 Objectives A and B will be included with the results of the staffs examination of the NRCs current position.
Actions The staff will engage industry through workshops and public meetings to discuss its findings and refine the project plan as needed. As part of the activities below, the staff will take into consideration applicable information within NEI 16-16 in developing relevant guidance.
NEI 16-16 describes a set of methods to assess and address CCF concerns.
The industry acknowledges that the document may be segmented to allow agreement on certain topics (e.g., scope, coping analysis, and bounded results) in the near term while other topics (e.g., design measures that result in reasonable assurance of adequate protection against a potential CCF) may be evaluated over a longer term schedule. In addition, once finalized, NEI intends to submit NEI 16-16 for NRCs review and potential endorsement.
MP #1. Protection Against Common Cause Failure Activities for Each Objective Schedule A. Guidance for developing and documenting acceptable qualitative assessments crediting the proposed design attributes, quality measures, operating history in support of 10 CFR 50.59 evaluations of proposed digital I&C modifications A.1 Prepare preliminary drafts of RIS 2017-XX, clarifying the staffs previous endorsement of NEI 01-01 March 6-27, 2017 (c)
A.2 Share preliminary drafts with NEI/Stakeholders/Public ADAMS ahead of 1st public meeting March 28, 2017 (c)
A.3 Discuss NRC strategy and concepts with NEI/industry stakeholders at public meeting March 30, 2017 (c)
A.4 Issue subsequent drafts of RIS in support of next public working-level meeting April 5-18, 2017 (c)
A.5 Hold public working-level meeting to discuss NEI/industry stakeholder comments April 20, 2017 (c)
A.6 Address/resolve NEI/industry comments, perform legal reviews April 21-July 1, 2017 (c)
ML17277B643 IAP - Revision 2 MP #1. Protection Against Common Cause Failure Activities for Each Objective Schedule A.7 Federal Register notice to issue proposed RIS for public comments July 3, 2017(c)
A.8 Informational Brief to Advisor Committee on Reactor Safeguards (ACRS) on RIS May 17, 2017 (c)
A.9 Formal public comment period July 3-August 16, 2017 (c)
A.10 Public Workshop to Work Through Examples of Qualitative Assessments August 2, 2017 (c)
A.11 Resolve public comments August 17-September 30, 2017(c)
A.12 Public Comment Resolution Meeting October 2017 (c)
A.13 Develop final version of RIS October-November 2017 (c)
A.14 Issue final RIS version for use Early 20184 B. Evaluation of NEI 16-16.
B.1 Begin staff evaluation of NEI 16-16 [Draft 1]
received 12/22/2016 and develop staff comments/gap analysis December 2016 (c)
B.2 Meeting to discuss NEIs plans for completion of CCF likelihood technical basis, associated defensive measures, Appendices, and the balance of NEI 16-16 content February 8-9 2017 (c)
B.3 NRC to provide comments on NEI 16-16 [Draft 1]
March 13, 2017 (c)
B.4 Meeting to discuss and clarify NRC comments on NEI 16-16 [Draft 1]
March 29, 2017 (c)
B.5 Meeting to preview Appendix A content to be included in Draft 2 of NEI 16-16 April 11, 2017 (c)
B.6 NEI to deliver NEI 16-16 [Draft 2], including technical basis, examples, and Appendices May 12, 2017 (c)
B.7 NRC staff to review and provide comment on NEI 16-16 [Draft 2]
July 14, 2017 (c)
B.8 Meeting to discuss NRC comments on NEI 16-16
[Draft 2]
September 7, 2017 (c)
B.9 Meetings to discuss methodology, content, and technical basis of NEI 16-16 November 2017-January 2018 B.10 Meeting to discuss NRC comments on NEI 16-16
[Draft 2]
November 2, 2017 (c)
B.11 Teleconference Call/Webinar on NEI 16-16
[Draft 2]
November 29, 2017 (c)
B.125 Public Meeting on NEI 16-16 [Draft 2]
December 13, 2017 (c)
B.13 NRC to deliver final comments on NEI 16-16
[Draft 2], Appendix A February 1, 2018 4 Issuance has been delayed from the original date of November 2017, in order to further improve clarity on the relationship of 50.59 criteria, supporting technical evaluations, and qualitative assessment documentation.
5 Activities beyond B.12 are subject to change. Activities beyond B.9 are dependent on the staff and NEI reaching alignment on key issues related to NEI 16-16 following the November 2, 2017 public meeting.
ML17277B643 IAP - Revision 2 MP #1. Protection Against Common Cause Failure Activities for Each Objective Schedule B.14 Conference Call to clarify comments on Appendix A February 2018 B.15 NEI to deliver NEI 16-16 [Draft 3]
February 2018 B.16 NRC endorsement decision based on NEI 16-16
[Draft 3]
March 2018 B.17 Release NRC Regulatory Guide Draft for public comment April 2018 B.18 NEI to submit NEI 16-16 Rev. 0 April 2018 B.19 Present to ACRS Subcommittee and ACRS Committee April 3, 2018 May 3-4, 2018 B.20 Interact with Stakeholders on Draft Regulatory Guide August-November 2018 B.21 Issuance of Regulatory Guide endorsing NEI 16-16 February 2019 C. Evaluate NRCs current position on defense against CCF in digital I&C systems and components C.1 Begin staff review to identify specific aspects of NRCs position on CCF and communicate any policy issues that need to be modified. Meet with DI&C Steering Committee and other stakeholders as needed April-July 2017 (c)
C.2 Develop and finalize list of specific aspects of NRCs position on CCF impacted by review of NEI 16-16 draft updates and alert Commission of policy issues that will require attention April-August 2017(c)
C.3 Begin development of SECY on recommendations regarding NRC policy to protect digital I&C systems against CCF concerns September 2017-October 2017 (c)
C.4 Produce SECY Draft December 2017 C.5 Produce enclosure(s) to support NRCs policy recommendations in SECY November 2017-January 2018 C.6 Engage outside peer reviewer to assess staffs findings February-April 2018 C.7 Present to ACRS DI&C Subcommittee Present to Full ACRS Committee April 3, 2018 May 3-4, 2018 C.8 Submit SECY paper (with technical basis document) identifying proposed position to address CCF concerns in digital systems to the Commission June 2018 C.9 Implement resolution as determined by the Commission June-September 2018 Note: (c) indicates completed activity.
ML17277B643 IAP - Revision 2 Status (As of December 15, 2017)
The staff continues to have public meetings with NEI and external stakeholders. The NRC and industry have agreed to establish a high priority to the completion of activities for Objective A, with the activities for Objectives B and C in parallel and completing as soon as practical thereafter.
Potential Regulatory Challenges and Policy Issues Any change or affirmation of the current NRC CCF position is considered to be a potential policy issue that is to be coordinated through the Commission. The staff will prepare a SECY paper describing staffs recommendation, if policy changes are determined to be needed. The staff will also get direction from the Commission if any additional potential policy issues are identified when implementing this activity.
Potential actions for addressing CCF issues will have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.
Staff actions will be impacted if industry does not participate or is untimely with its deliverables as described in the above activities.
Interactions with other Action Plan Items CCF of digital I&C systems is an important aspect supporting the working group responsible for improving licensee guidance for replacing or modifying digital I&C using the 10 CFR 50.59 process (MP #2). In particular, the guidance being developed in activities for Objective (A) to address CCF in low significant digital auxiliary and support safety systems (e.g., chillers) or non-safety systems requires close coordination with MP #2.
Implementation of the resolution of CCF as identified in the SECY paper will be addressed in MP #4.
MP #2. Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59 Introduction This action plan describes the activities and schedule for improving guidance regarding digital I&C modifications using the 10 CFR 50.59 change process. These activities will address the need for mutual clarity between industry and NRC staff to ensure NRC guidance is being properly translated into industry actions while performing 10 CFR 50.59 screening and evaluations for potential digital I&C plant modifications.
This action plan applies to operating reactors, new reactors, non-power production, and utilization facilities (e.g., research and test reactors and medical isotope processing facilities).
Overall, the goal of these actions is to reduce licensing uncertainty and provide clarity on the regulatory process.
ML17277B643 IAP - Revision 2
Background
Inadequate guidance for the 10 CFR 50.59 screening and evaluation of digital I&C systems has contributed to several licensees having improperly performed 10 CFR 50.59 evaluations for modifications of I&C systems using digital technologies. The current guidance addresses both 10 CFR 50.59 licensing positions and technical methodologies, which has resulted in ambiguity on key evaluation issues such as CCF in digital modifications. The staff held several public meetings with industry representatives on this subject, and indicated where the industry guidance should be improved. Industry representatives stated that they are hesitant to pursue the deployment of digital I&C upgrades through changes under the 10 CFR 50.59 process because of regulatory uncertainty and a lack of clarity in the regulatory process.
Regulatory Guide 1.187, Guidance for Implementation of 10 CFR 50.59, Changes, Tests, and Experiments, provides the staffs endorsement of industry guidance for evaluating the impact on plant safety analyses for plant modifications performed under 10 CFR 50.59. The objectives of 10 CFR 50.59 are to ensure that licensees: (1) evaluate proposed changes to their facilities for their effects on the licensing basis of the plant, as described in their updated final safety analysis report (UFSAR), and (2) obtain prior NRC approval for changes that meet specified criteria as having a potential impact upon the basis for issuance of the operating license.
Regulatory Guide 1.187 endorsed Revision 1 of NEI 96-07, Guidelines for 10 CFR 50.59 Evaluation, dated November 2000, which provides methods that are acceptable to the staff for complying with the provisions of 10 CFR 50.59.
RIS 2002-22, Use of EPRI/NEI Joint Task Force Report, Guideline on Licensing Digital Upgrades: EPRI TR-102348, Revision 1, NEI 01-01: A Revision of EPRI TR-102348 to Reflect Changes to the 10 CFR 50.59 Rule, provides the staffs endorsement for the use of NEI 01-016. However, experience with implementing digital I&C upgrades under 10 CFR 50.59 using NEI 01-01 at nuclear facilities has revealed several shortfalls in the screening of modifications, addressing the appropriate design criteria, and evaluating the impact of proposed digital I&C on established licensing bases. A key issue identified as a result of recent oversight experience has been licensee assessment of potential CCF and any potential new malfunctions, with respect to addressing the specific criteria in 10 CFR 50.59(c)(2).
In a November 2013 letter to NEI (ADAMS Accession No. ML13298A787), the staff summarized its concerns regarding licensee implementation of the current guidance in NEI 01-01.
In response, NEI formed a working group to update its guidance for implementing digital I&C modifications under 10 CFR 50.59. The NEI working group found that additional guidance was needed to support certain aspects of reviewing the impact of such modifications on design functions as described in licensees Updated Final Safety Analysis Reports.
In April 2016, NEI provided draft Appendix D to NEI 96-07 for digital modifications. NEI requested NRC endorsement of the Appendix through a new regulatory guide, separate of RG 1.187. NEI has stated that draft Appendix D is only focused on evaluating the specific licensing criteria in 10 CFR 50.59 for digital I&C, and not the supporting technical methodologies for addressing CCF and failure likelihoods. The NRC endorsed technical methods and associated regulatory positions are addressed in other existing regulatory documents. NEI is therefore not providing or referencing any technical methodologies in Appendix D. NEI recognizes that the NRC position on CCF will be updated separately as part of MP #1 activities.
Along with the requested endorsement of Appendix D, NEI will request removal of the NRCs 6 ADAMS Accession No. ML020860169
ML17277B643 IAP - Revision 2 endorsement of NEI 01-01 once Appendix D and related technical guidance under review by MP #1 activities receive endorsement by the agency.
Objectives The objective is to ensure there is adequate guidance for 10 CFR 50.59 evaluations of digital I&C upgrades in order to reduce licensing uncertainty and clarify the regulatory process. The NRC is evaluating draft Appendix D to NEI 96-07 for possible endorsement in NRC regulatory guidance to supersede its endorsement of NEI 01-01. Specifically, the goal is to address legacy issues identified with current guidance and provide additional licensing flexibilities to industry when considering CCF under 10 CFR 50.59 as well as evaluating what content in NEI 01-01 should be brought forward into draft Appendix D.
Actions MP #2. Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59 Activity Schedule
- 1. Receive NEI guidance document, Appendix D 96-07, Guidelines for 10 CFR 50.59 Evaluations.
April 4, 2016 (c)
- 2. Conduct public meeting: NEI presented the guidance in Appendix D and engaged with NRC staff discussion.
April 28, 2016 (c)
- 3. Complete initial review of Appendix D and provide general comments to NEI.
August 2016 (c)
- 4. Finalize Draft NEI 96-07 Appendix D, Definitions Section November 2016 (c)
- 5. Receive revised Draft NEI 96-07 Appendix D, Evaluation Guidance Section for review February 15, 2017 (c)
- 6. Finalize Draft NEI 96-07 Appendix D, Introduction Section March 2017 (c)
- 7. Provide formal comments on Draft NEI 96-07 Appendix D, Screen Guidance Section March 17, 2017 (c)
- 9. Finalize Draft NEI 96-07 Appendix D Screen Guidance Section September 2017 (c)
- 10. Finalize Draft NEI 96-07 Appendix D, Section 4.0, Evaluation Guidance Section December 2017
- 11. Finalize Draft NEI 96-07 Appendix D, Section 5.0, Examples Section March 2018
- 12. Conduct table top exercise with industry using the revised Appendix D to verify the new guidance is clear and consistent.
March 2018
- 13. Decide on appropriateness of issuing interim endorsement letter, and issue letter, if appropriate.
July 2018
- 14. NRC formally enters NEI 96-07 Appendix D into the Regulatory Guide development process (if decision is made to endorse)
December 2018 Note: (c) indicates completed activity.
Status (As of December 15, 2017)
The staff review of draft NEI 96-07, Revision 1, Appendix D is still ongoing. The staff and industry participated in public meetings throughout 2017, and starting in September 2017, began meeting on a monthly basis to quicken the pace of guidance development and review.
The staff is working with industry to develop content to be entered into Appendix D based on still
ML17277B643 IAP - Revision 2 relevant guidance and legacy concerns contained in NEI 01-01, as well as provide licensees more flexibility when considering CCF under 10 CFR 50.59 to reduce licensing uncertainty and clarify the 50.59 change process. Progress is slower than expected as the staff and industry are continually working toward alignment and updating the draft guidance, section by section.
Draft NEI 96-07, Revision 1, Appendix D, Section 1, Introduction - complete.
Draft NEI 96-07, Revision 1, Appendix D, Section 2, Definitions - complete.
Draft NEI 96-07, Revision 1, Appendix D, Section 3, Screen Guidance - complete.
Draft NEI 96-07, Revision 1, Appendix D, Section 4, Evaluation Guidance - review currently underway Draft NEI 96-07, Revision 1, Appendix D, Section 5, Examples - Review commences after completion of Section 4 and the staff receives the revised version of this section.
Potential Regulatory Challenges and Policy Issues The staff does not expect any policy issues resulting from this guidance document. However, if any are identified, the staff will present to the Commission any potential policy issues in implementing this activity.
Industry has preferred to maintain separation between technical and licensing content from the 10 CFR 50.59 discussions held to date. Licensing decisions based upon guidance in current draft Appendix D (i.e. 10 CFR 50.59 licensing guidance for digital I&C) is supported by technical basis, which is not provided in Appendix D; a separation of this conversation requires deliberate coordination to ensure alignment with ultimate resolution of technical guidance. Technical guidance in support of draft Appendix D is being developed and reviewed separately as part of the MP #1 activities.
Though not currently identified, any potential actions for modifying the current 10 CFR 50.59 change process would have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.
Interactions with Other Action Plan Items Ongoing coordination with MP #1 activities is necessary to ensure alignment with NRC regulatory guidance and NRC policy for addressing CCF. Future updates of the IAP will capture any specific changes in strategy for MP #2 based on coordination with MP #1 activities.
This activity will also be coordinated within the context of the assessment activities as part of MP #4 to modernize the regulatory infrastructure.
MP #3. Acceptance of Digital Equipment Introduction The staff is currently updating generic agency guidance in support of CGD processes, including specific reference to digital equipment. The staff has also identified activities to: a) engage with
ML17277B643 IAP - Revision 2 stakeholders; b) further evaluate domestic and international standards; and c) continue to improve NRC regulatory infrastructure and guidance for acceptance of digital equipment. The staff will engage with stakeholders to better understand current challenges and evaluate recommended solutions. In addition to the guidance, challenges include taking credit for third party certification (i.e., International Electrotechnical Commission (IEC) 61508, Functional Safety, Safety Integrity Level (SIL) certification). Although existing guidance documents provide insights in this area, some have not been fully evaluated by the staff. Once the staff has reviewed this guidance, the agency will be able to identify how to best improve the regulatory infrastructure.
=
Background===
Many I&C and other digital equipment readily available in the marketplace is not designed specifically for use in nuclear facilities and have not been subject to NRC quality assurance criteria (as defined in Appendix B to 10 CFR Part 50). In order for this equipment to be used in safety-related and important-to-safety digital equipment (those whose adverse performance could challenge the assumptions in safety analyses) in nuclear facilities, they must undergo CGD under 10 CFR Part 21. For the purposes of this discussion, we will refer to this equipment as commercial grade items (CGIs).
In order for CGIs to be properly dedicated, critical characteristics (important design, material, performance, and dependability7 characteristics) must be defined and verified for the CGIs to provide reasonable assurance that the equipment will perform its intended safety function. The verification step is critical and must be performed by a dedicating entity (equipment manufacturer, NRC licensee, or an independent third-party dedicator). Increasing the industrys ability to utilize readily available marketplace CGIs which can be dedicated could help streamline the procurement process and reduce the licensing burden for nuclear facilities.
Industry guidance has been developed to clarify what steps are needed when evaluating and accepting CGIs for use in safety-related applications. Regulatory Guide 1.164 provides guidance and endorses in part, EPRI 3002002982, Revision 1. Specifically, EPRI NP-5652 and TR-102260, Guideline for the Acceptance of Commercial-Grade Items in Nuclear Safety-Related Applications, Section 14.1 on digital equipment and computer programs integral to plant safety systems includes references to two technical reports which have been reviewed and endorsed by the NRC:
EPRI TR-106439, Guideline on Evaluation and Acceptance of Commercial-Grade Digital Equipment for Nuclear Safety Applications, and EPRI TR-107330, Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants.
This plan provides activities intended to evaluate the suitability of additional guidance and standards and determine if the NRC should endorse them for the purpose of defining critical characteristics of digital equipment and the mechanism by which they are verified.
7 The dependability critical characteristic is unique to digital I&C as explained in EPRI TR-106439, Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications.
ML17277B643 IAP - Revision 2 Digital equipment is sometimes embedded within other components used in nuclear facilities.
As noted, this equipment is not specifically designed for nuclear applications. However, there may be advantages to using this third party certified digital equipment, such as the large amount of operating experience generated from use in non-nuclear applications.
In addition to commercially dedicating digital devices and I&C components, establishing improved guidelines for acceptance will also be applicable to embedded digital devices (EDDs). As equipment is replaced within licensee facilities, new safety-related components may contain EDDs. The staff issued RIS 2016-05, Embedded Digital Devices in Safety-Related Systems, to alert industry for the need to control implementation of these devices.
Certain forms of CCF and other new vulnerabilities can result from the introduction of EDDs.
Industry has stated that NRC licensing burden and licensee regulatory risk could be reduced by leveraging certification of commercially available digital hardware and software by independent third parties with demonstrated expertise and experience for part or all of the acceptance process. This independent, third-party certification has been effective in some other industries. These certifications, including certification to IEC 61508 are used to demonstrate that a high quality process was used to develop digital hardware and software equipment. The use of this process in conjunction with the CGD process could reduce the scope of digital systems reviews that the staff needs to complete. The staff will need to evaluate this concept and any policy implications that it may have.
Objectives The goal of this activity is to identify needed improvements to the regulatory infrastructure.
The objective of any regulatory improvements is to ensure that the implementation of digital devices (including EDDs) is being appropriately evaluated by licensees, applicants, and suppliers; and in compliance with regulations and policy.
Actions MP #3. Acceptance of Digital Equipment Activity Schedule
- 1. Public Meeting to discuss resolution of RIS 2016-05 public comments April 6, 2016 (c)
- 2. Issue RIS 2016-05 April 29, 2016 (c)
- 3. Obtain public comments on DG-1292 September 2016 (c)
- 4. Stakeholder interaction to discuss proposed use of standards and third party process certifiers November 3, 2016 (c)
- 5. NEI provide a revision to the Digital Device Procurement white paper (Appendix C from the April 22, 2016 NEI submittal) to further clarify objectives, terminology and incorporate discussion points from the November 3, 2016 public meeting February 16, 2017 (c)
- 6. Assess results of stakeholder information gathering and examine potential approaches for reviewing and endorsing additional EPRI guidance related to CGD February 16, 2017 (c)
ML17277B643 IAP - Revision 2 MP #3. Acceptance of Digital Equipment Activity Schedule
- 7. EPRI to confirm and communicate scope and schedule for EPRI research. NRC and industry reach mutual agreement on acceptability and sufficiency for this purpose. EPRI research begins February 16, 2017 (c)
- 8. NRC/stakeholder regular interactions to discuss progress and course adjustments as necessary Ongoing
- 9. Issue RG 1.164 (DG-1292), Dedication of Commercial-Grade Items for Use in Nuclear Power Plants June 2017 (c)
- 10. NRC will monitor EPRIs investigative and research activities to evaluate third party process certification for digital equipment Ongoing
- 11. EPRI publishes research results March 2018
- 12. NEI submits NEI 17-06 for NRC Review June 2018
- 13. NRC makes decision on technical adequacy of NEI 17-06 September 2018
- 14. NRC staff performs audits of SIL certification organizations and accrediting entities September 2018-November 2019
- 15. NRC formally enters NEI 17-06 into the Regulatory Guide development process (if decision is made to endorse)
December 2019 Note: (c) indicates completed activity.
Status (As of December 15, 2017)
On November 3, 2016, the staff met with representatives from NEI and industry as part of activity 4 above. This resulted in an NRC request to NEI/Industry for suggested additions to the action table which were previously provided but also reflected above. On February 16, 2017, during the second meeting between the staff and NEI, the discussion focused on activities 5 through 7. The NEI clarified the proposed use of third party certification based on IEC 61508 for acceptance of digital I&C equipment in conjunction with the commercial dedication process, and the NRC provided the regulatory prospective on the CGD and acceptance process.
On June 8, 2017, during the third meeting between NRC staff and NEI, the discussions focused on scope clarification, the proposed NEI 17-06 content and timeline, and an update on the EPRI research and key action items. During the fourth public meeting on October 12, 2017, NEI shared a draft outline of NEI 17-06 and a proposed schedule for its issuance based on a similar set of activities performed for issuance of NEI 14-05, Guidelines for the Use of Accreditation in Lieu of Commercial Grade Surveys for Procurement of Laboratory Calibration and Test Services. The NRC identified additional activities related to NEI 14-05, which predated NEIs involvements. As a result, NEI will reassess the NEI 17-06 development schedule.
ML17277B643 IAP - Revision 2 In a December 15, 2017 planning call, NEI informed the NRC that work on NEI 17-06 is being suspended until completion of the EPRI research activities, which is still expected to be completed by the end of March 2018. NEI also instructed the NRC not to independently engage any SIL certification organizations in order not to impede EPRIs research. This essentially puts MP #3 tasks temporarily on hold. The NRC is scheduled to have the next public meeting planning call with NEI by the end of January 2018.
During each public meeting, and during monthly discussions with NRCs Office of Nuclear Regulatory Research (under the NRC / EPRI Memorandum of Understanding), the EPRI provided an overview of their research being undertaken to evaluate the rigor and quality of technical efforts employed in certification of digital I&C equipment based on IEC 61508.
It is anticipated that the plan will continue to evolve. Stakeholder interaction is expected to generate discussion and agreement on necessary details to further clarify the objectives and expand the plan appropriately. In the spirit of an integrated effort, it is likely that activities will continue to be added that reflect both NRC and industry responsibilities.
Potential Regulatory Challenges and Policy Issues The staff evaluation may identify potential policy issues arising from analysis and recommendations related to third party process certification. The staff will present to the Commission any potential policy issues identified in implementing this activity.
Potential actions for addressing acceptance involving third party process certification will have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.
Interactions with other Action Plan Items This activity will take into account the results from activities relating to CCF (MP #1) and 10 CFR 50.59 (MP #2). To provide the broadest possible agency alignment, this plan will also be coordinated with staff supporting fuel-cycle facilities (NMSS), identification of critical digital assets (NSIR), vendor inspections, and identification of counterfeit or fraudulent parts.
MP #4. Assessment for Modernization of the Instrumentation & Controls Regulatory Infrastructure Introduction Although activities in MP #1-3 above are considered by staff and industry to be important in the near-term, MP #4 focuses on: identifying and implementing the complete set of activities needed to provide regulatory clarity and achieve stakeholder confidence in how the NRC will review digital I&C upgrades and ensure nuclear safety and security; and, identifying additional efficiencies and effectiveness improvements to modernize the regulatory infrastructure in support of the strategic goal. This activity entails a broad look at the current I&C regulatory infrastructure (regulations and guidance), supporting technical basis for safety and security decisions, experiences from past licensing/inspection (operating experience), and stakeholder suggestions and priorities. This activity and the continuing work on the previous three activities will be executed in a coordinated and integrated manner.
ML17277B643 IAP - Revision 2
Background
MPs #1-3 of this plan identify specific activities in which significant work will be accomplished in 2018. The staff has identified other issues and areas for potential improvement to the regulatory infrastructure, many which may be dependent on outcomes of MPs #1-3. Some potential improvement items are broad-scoped in nature and others are focused on more specific regulatory challenges. Therefore, it was prudent to begin work on these activities after sufficient progress is made on MPs #1-3. Since the initial development of the plan, the staff has identified a specific activity in streamlining the guidance for licensing process (tracked under MP #4A).
A list of modernization topics is provided in Appendix A. This list is based on stakeholder feedback and experience from staff across multiple NRC Offices. The staffs broad assessment will include an evaluation of the list as part of the scope of the action plan. The staff will explore new high-level performance-based requirements or expectations, simplification of the regulatory infrastructure, to allow for future designs and technologies, and the concept of other innovative processes such as third-party assessment or certification in support of NRC reviews of proposed digital I&C upgrades.
Objectives The objective of this effort is to perform a comprehensive modernization assessment to identify further improvements to the regulatory infrastructure and develop plans for accomplishing such improvements. The staff recognizes that some additional modernization topics will be strategic in nature, while others can also support more tactical digital I&C regulatory improvements. The staff will update and consider the list of topics in Appendix A to determine the appropriate sequence of activities. There are two key objectives with the assessment:
(A) Tactical. Prioritize and implement the complete set of regulatory activities, including building upon those in the first three MPs, needed to provide tactical regulatory clarity and support stakeholder confidence in NRC reviews of digital I&C upgrades. These activities will include but may not be limited to: a) implementing an updated CCF position into technical guidance for use both in concert with endorsed 10 CFR 50.59 guidance and additional licensing guidance improvements, b) improving licensing guidance in DI&C-ISG-06 including evaluating lessons learned from review of license applications, including factory acceptance testing and scope of supporting application material, and c) developing inspection guidance for digital I&C upgrades performed under 10 CFR 50.59 and license approvals.
The staff has initially identified these additional topic areas as being necessary to meet objective A and will seek stakeholder feedback in identifying the complete list of activities based on the activities listed in Appendix A. The staff will develop detailed schedules for additional, high-priority tactical topics during the comprehensive modernization assessment and closely align with associated activities and outcomes of MPs #1-3.
The staff is updating the guidance in DI&C-ISG-06 Licensing Process as a specific tactical activity to streamline the efficiency and effectiveness of licensing reviews. The goals of this activity are to reduce scope of license document submittals; and provide an alternative for earlier approval, which would precede factory acceptance testing, for digital designs that are based on approved topical reports. This activity addresses item b) above and the tactical portion of Appendix A, item (i).
ML17277B643 IAP - Revision 2 As MPs #1-3 complete, the staff will identify, evaluate and add specific activities and milestones to the IAP within MP #4s scope for prioritized follow-on tactical efforts. These activities will maintain continuity with the objectives and outcomes with the associated MP(s) and strive to maintain a continuity of associated MP staff to the extent practical. These activities will generally address items a) and c) above as follow-up activities to MPs #1-3, and additional near-term activities that may be associated with other Appendix A items. All lessons-learned from the MP #4A tactical activities will inform the MP #4B strategic activities.
Completion of the tactical regulatory activities should result in common understanding with stakeholders with appropriate regulatory clarity and predictability, and supporting stakeholder confidence in NRCs performing regulatory review and oversight of new digital I&C modifications.
(B) Strategic. Broadly evaluate the current overall I&C regulatory infrastructure and the supporting technical bases and consider other important areas beyond those identified in the tactical activities, such as past review experiences, ongoing licensing review and research efforts, lessons learned from operating experience, insights from other safety-critical industries, and international perspectives to identify and prioritize the improvements to modernize the regulatory infrastructure over the longer term in light of evolving approaches to I&C. Success within this objective will be reflected by a simpler, streamlined, and agile I&C regulatory infrastructure that will effectively address small and large scale digital I&C facility upgrades and I&C designs for new and advanced reactors, as well as medical radioisotope production and irradiation facilities. In developing these longer-term improvement approaches, the staffs efforts will be coordinated with the industry and other stakeholders, including utilities, vendors, manufacturers, standards development organizations, other agencies, and members of the public. The staff will use the principles and attributes directed by the Commission and will consider those identified by the industry as success measures. The principles and attributes include (but are not limited to): safe, secure, performance-based, technology-neutral, efficient, effective, consistent, predictable, durable, simple, unambiguous, timely, scalable, and agile.
The outcome will also improve the clarity on the interrelationships between the regulatory issues, the priorities and sequencing of further improvements, and the supporting research that is needed to accomplish such improvements to meet both objectives. The staff will conduct confirmatory and anticipatory research as part of the development of technical bases for these activities as needed to support strategic modernization efforts. Completion of these modernization efforts will ensure safety and security, as well as result in greater regulatory efficiency and agility in addressing strategic digital I&C applications by the nuclear industry.
Actions Develop and evaluate options and sequence of activities for improving the digital I&C regulatory infrastructure, in concert with activities performed in MPs #1-3. Implement specific tactical activities. The following activities will be performed.
MP #4. Assessment for Modernization of the Instrument
& Control Regulatory Infrastructure Activity Schedule MP #4A: Evaluation and Identification of Tactical Activities
- 1. Conduct a series of public stakeholder meetings (e.g., public workshops) for additional feedback February 2017-March 2018
ML17277B643 IAP - Revision 2 MP #4. Assessment for Modernization of the Instrument
& Control Regulatory Infrastructure Activity Schedule
- 2. Update candidate list of modernization topics in Appendix A and begin assessment February 2018-July 2018
- 3. Identify, prioritize, and begin evaluation and implementation of additional regulatory improvements needed beyond those needed in MPs #1-3 to meet Objective 4A (i.e., tactical objectives)
June 2017-April 2018
- 4. Coordinate with stakeholders to identify potential regulatory gaps and potential options for improving the regulatory infrastructure for Objective 4B March-July 2018 Tactical Activity (i): Streamline the licensing process guidance - Update to DI&C-ISG-06
- 1. Identify vehicle, scope and milestone plan to address key significant issues with guidance for digital I&C license amendments (DI&C-ISG-06)
April-June 2017 (c)
- 2. Establish high priority plan to develop a draft revision to DI&C-ISG-06 that is suitable for use with targeted digital safety LARs February-July 2017 (c)
- 3. Obtain licensee confirmation that draft revision to DI&C-ISG-06 (to date) supports targeted license amendment request December 2017
- 4. Complete draft revision to DI&C-ISG-06 January 2018
- 5. Present DI&C-ISG-06 to ACRS Subcommittee May 2018
- 6. Present DI&C-ISG-06 to ACRS Full Committee June 2018
- 7. Issue final revision to DI&C-ISG-06 December 2018 Tactical Activity (ii): 50.59 Inspection Training and Guidance (Reserved)
MP #4B: Develop Strategic activities for long-term improvements to the regulatory infrastructure.
- 1. NRC begins effort to develop strategic plan to modernize overall regulatory infrastructure October 2017 (c)
- 2. Consider evaluation of lessons learned from MPs #1-4A progress April 2018
- 3. Coordinate with stake holders to identify potential regulatory gaps and potential options for improving the regulatory infrastructure June 2018
- 4. Develop additional detailed modernization plan for implementing strategic improvements to the regulatory infrastructure August 2018 Note: (c) indicates completed activity.
Status (As of December 15, 2017)
A working group was established in late 2016, and modernization activities were adjusted to accommodate progress with MPs #1-3.
ML17277B643 IAP - Revision 2 The NRC held the first public meeting in February 2017, at which industry stakeholders expressed a need for a higher priority to address key significant issues with the licensing guidance currently provided within DI&C-ISG-06, Licensing Process. This and subsequent stakeholder comments to the IAP are addressed in the revised plan.
The NRC has since held numerous public meetings to develop and refine planned activities to produce revised license amendment guidance for digital safety systems that will support targeted LARs. In August 2017, staff began holding monthly public meetings and biweekly public teleconferences. These meetings have discussed, produced, and reviewed draft sections for inclusion in a draft revision to DI&C-ISG-06.
For digital safety equipment modifications that require license amendments and are based on a previously approved platform topical report, industrys proposal would add an alternative licensing review approach that eliminates review activities (e.g., detailed design below the system level, implementation, and test) that are currently identified within the SRP to be part of DI&C licensing reviews. Under the alternative, the processes and procedures for, and results of, these activities would become inspection items falling under the overall licensing QA program (i.e., an obligation through a licensing basis document). Additionally, industrys proposed alternative would provide sufficient information at the time of the LAR to allow the staffs reasonable assurance of safety conclusion to be reached. Industry is proposing information that focuses on system level, architectural attributes and key safety principles to demonstrate regulatory compliance. Under this alternative, the system level design would be complete and there would be no subsequent phased submittals during development. When using industrys proposed alternative, industry would request the staff to produce a license amendment within a year of the request.
Activities are proceeding as planned to produce a draft revision to DI&C-ISG-06 in January 2018. This summer, NRC expects to engage a lead plant in pre-application meetings to use the revised ISG-06. The pre-application meeting would support a late 2018 lead-plant license amendment request that would use the draft ISG-06, Rev 2 which will be issued via Federal Register Notice in July.
Because of the priority applied to this activity, limited progress has occurred on other MP #4 activities. Therefore, a separate working group has been established to facilitate progress on the MP #4B activities.
Potential Regulatory Challenges and Policy Issues The staff will present to the Commission any potential policy issues which are identified in implementing this activity.
The resource requirements will be periodically assessed and those actions that provide the most significant improvements will be addressed using the current Planning Budgeting and Performance Management process.
The broad scope of the assessment and its resultant approaches may require additional resources to achieve the goal of modernizing the digital I&C regulatory infrastructure. In addition, modernization will have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.
ML17277B643 IAP - Revision 2 A key regulatory challenge is understanding the relationships and key dependencies between current efforts to update the regulatory infrastructure (MPs #1-3) and the various items for potential improvement that will subsequently be addressed under MP #4B.
Interactions with other Action Plan Items This activity will take into account the results and lessons learned from MPs #1-4A.
ML17277B643 Appendix-A IAP - Revision 2 Appendix A Ongoing and future Regulatory Infrastructure Modernization Activities (As of December 2017)
The following are additional topics for ongoing and future modernization efforts.
(i) Improved Licensing Review Guidance for Digital I&C Systems Industry stakeholders believe that the level of technical detail submitted in license applications, license amendments, and licensing topical reports, as well as the timing and sequence of the technical information expected to be submitted for NRC evaluation during the review cycle should be reassessed and improved. Key issues that will be considered in future modernization activities for licensing review guidance include (but are not limited to) the concept of evaluating and approving new digital I&C prior to the factory acceptance test, and the timing and sequence of providing supporting documentation during the licensing review period. The NRC will also consider developing guidance on voluntary, applicant-proposed cybersecurity evaluations in design reviews. This activity is marginally incorporated in MP #4A.
(ii) Improvement in Regulatory Consistency from Licensing to Inspection Industry stakeholders believe that upfront agreement and communication on generic digital I&C technical matters between licensing staff and the regional office inspection staff is required to increase predictability. Key issues that will be considered in future modernization activities may include improved mechanisms for sharing information and feedback from licensing to inspection activities, and inspection experience back to future licensing activities.
(iii) Incorporation by Reference (IBR) of IEEE Standard 603-2018 into 10 CFR 50.55(a).
In SECY-15-0106, the staff proposed to the Commission to incorporate by reference IEEE Std. 603-2009 with certain licensing and technical conditions into 10 CFR 50.55a. The Commission did not approve publishing the proposed rule. Key issues that will be considered in future modernization activities will include NRC participation in the consensus standard development process for IEEE Std. 603 and potential incorporation of a subsequent IEEE Std. 603standard into regulation. This activity will rely upon rather than include normal NRC participation with the IEEE standards body in support of the normal rulemaking process.
(iv) Approval of Endorsement of IEEE Standard 7-4.3.2 into an RG In SECY-15-0106, the staff proposed to the Commission to IBR IEEE Std. 603-2009 with certain conditions into 10 CFR 50.55a. Although not approved by the Commission, some of the proposed, digital-specific conditions in SECY-15-0106 are more closely aligned with the scope and purpose of IEEE Std. 7-4.3.2. Key activities to be considered in future modernization efforts may include; engaging the consensus standard development organization to evaluate technical guidance in IEEE Std. 7-4.3.2; NRC participation in the consensus standard development process for IEEE Std. 7-4.3.2, and potential endorsement of the standard in an RG. This activity will rely upon, rather than include, normal NRC participation with the IEEE standards body in support of the normal RG review and update process.
IAP - Revision 2 (v) Embedded Digital Devices (EDDs)
The NRC issued RIS 2016-05 to heighten awareness of current regulatory requirements and technical positions for EDDs. The staff intends to further assess the introduction of EDDs into nuclear facility equipment used by licensees and applicants for systems considered important to safety. Key issues that will be considered in future modernization activities may include evaluation of the degree to which licensees are installing EDDs in their facilities and additional regulatory issues related to MPs #1-3.
(vi) Holistic Review of the Regulatory Infrastructure A holistic regulatory view and approach could be developed that is guided by required fundamental safety principles that would be performance-based, technology neutral, and risk-informed. It would include evaluation of international practices (e.g., standards, guidance, safety cases), evaluation of critical digital I&C application approaches in other non-nuclear industries, applicability of a design specific review standard-like approach (e.g., such as proposed for small modular reactors), advanced reactors activities, and methods of performing hazard analysis.
(vii) Improved Guidance for Evaluation of Highly-Integrated Digital Technologies Proposed new reactor I&C designs with advanced and highly integrated digital technologies are more challenging for staff to evaluate under current review standards. In general, the current assessment approach does not credit the safety benefits offered by new design approaches and technology, nor does it adequately identify methods to apply for evaluating whether the hazards have been minimized. Key issues that will be considered in future modernization activities will be to improve regulatory guidance for licensees that may address topics such as effective hazards analysis and fundamental safety design principles of independence, defense-in-depth, redundancy, and deterministic performance.
(viii) Consistency and Integration of Multiple Regulatory Guidance Documents Industry stakeholders believe that a full assessment of the SRP content and organization related to digital I&C, and the multiple associated digital I&C-related regulatory guidance documents needs to be performed because the current approach is overly complex and difficult for industry to navigate. Key issues that will be considered in future modernization activities for regulatory guidance include possible methods for consolidating and organizing new and operating reactor RGs, Branch Technical Positions, interim staff guidance, and standard review plans.
(ix) Improved Guidance for Evaluation of Proposed Alternatives to Regulatory Guides and Standards The staff may benefit from improved guidance to address evaluation of licensee-submitted proposed alternatives to the criteria in regulatory guidance and endorsed codes and standards, applicable to the licensing of digital I&C systems and components. Key issues that will be considered in this modernization activity include identifying gaps in current guidance that create a consistency challenge for technical reviewers of proposed alternative solutions.
IAP - Revision 2 (x) Improved Process for Digital I&C Topical Report Evaluations The expenditure of NRC staff resources for the review of digital I&C platform topical reports has not gained the efficiencies in performing licensing evaluations as was originally envisioned. A process is needed to effectively and efficiently address updates to topical reports. Industry wishes the NRC to recognize that a vendor can use a screening and evaluation procedure to document the assessment to changes in a platform to maintain its original topical report qualification. The key issues that may be considered in this modernization activity include engaging vendor and licensee stakeholders to identify topical report challenges and establish a process for maintaining topics for frequent reference in future license applications.
(xi) Improvements to SRP BTP 7-19 During MP #1 activities industry identified specific clarity and applicability issues affecting regulatory certainty in its use of SRP BTP 7-19. Industry wishes the NRC to improve SRP BTP 7-19s clarity including applicability of SRP BTP 7-19s acceptance criteria and acceptable methods to satisfy them. Applicability of individual acceptance criteria may include, for example, safety-related independent redundancies that include software, protection/safety systems that perform protective functions, safety-related actuated devices, and safety support and auxiliary systems. The acceptable methods to satisfy criteria may include, for example, NUREG/CR-6303 and other future alternatives like NEI 16-16. The improvements to SRP BTP 7-19 need to be consistent with the outcomes of MP #1 and MP #2, along with the development of corresponding inspection guidance.