ML18137A168

From kanterella
Jump to navigation Jump to search
ACRS Sub ISG-06 (Final) 5/17/18
ML18137A168
Person / Time
Issue date: 05/17/2018
From: Serita Sanders
Advisory Committee on Reactor Safeguards, NRC/NRR/DLP/PLPB
To:
Sanders S
Shared Package
ML18137A166 List:
References
Download: ML18137A168 (26)
v  d  e


Text

DIGITAL INSTRUMENTATION AND CONTROLS UPDATE Eric Benner, NRR/DE (Steering Committee Chair)

Serita Sanders, NRR/DLP (Project Manager)

Michael Waters, NRR/DE/EICB (Branch Chief)

Advisory Committee on Reactor Safeguards DI&C Subcommittee Briefing May 17, 2018

2 Agenda

  • Introductions
  • Integrated Action Plan
  • Draft DI&C ISG-06 Presentation
  • Common Cause Failure Status Update
  • Next Steps

3 Key Messages

  • Making progress on Integrated Action Plan (IAP) activities
  • Focused on regulatory products to support near-term upgrade needs identified by industry
  • First implementable result targets safety-related upgrades under 10 CFR 50.59 (i.e., RIS supplement)
  • Next priority is revised licensing process (ISG-06)
  • Staff will continue to pursue broader modernization efforts

4 Commission Direction on Digital I&C (SRM-SECY-15-0106 & SRM-SECY-16-0070)

  • Develop an integrated strategy to modernize the DI&C regulatory infrastructure
  • Engage stakeholders to identify common priorities, problems, and potential solutions to address them
  • Focus on acceptable approaches to comply with requirements
  • Technology neutral focus; Guidance can be tailored if necessary
  • Evaluate potential policy issues

IAP - Modernization Plans 5

Modernization Plan (MP) #1 - Protection against Common Cause Failure

- MP #1A - Regulatory Issue Summary (RIS) 2002-22, Supplement 1

- MP #1B - Review of NEI 16-16

- MP #1C - Implementing Commission Policy on Protection against CCF in DI&C Systems MP #2 - Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59 MP #3 - Acceptance of Digital Equipment (Commercial Grade Dedication)

MP #4 - Assessment for Modernization of the Instrumentation &

Controls Regulatory Infrastructure

- MP #4A - ISG-06 Revision

- MP #4B - Broader Modernization Activities

MP #4A-Draft ISG-06, Licensing Process Revision 2 Samir Darbali, NRR/DE/EICB Richard Stattel, NRR/DE/EICB Deanna Zhang, NRO/DEI/ICE Michael Waters, NRR/DE/EICB/Branch Chief Advisory Committee on Reactor Safeguards DI&C Subcommittee Briefing May 17, 2018

7 Agenda

  • ISG-06 Scope and Purpose
  • Digital I&C Integrated Action Plan
  • Background
  • ISG-06, Revision 2 (Draft)
  • Improved Review Process
  • New Alternate Review Process (for Approval at earlier development stage)
  • Next Steps

8 ISG-06 Purpose and Scope

  • Defines the licensing process used to support the review of LARs associated with safety-related DI&C equipment modifications in operating plants and in new plants once they become operational
  • Provides guidance for activities performed before LAR submittal and during LAR review. The NRC staff uses the process described in the ISG to evaluate compliance with NRC regulations

9 DI&C Integrated Action Plan

  • The IAP established the following ISG-06 revision goals:

o To reduce the scope of licensee document submittals o To provide an alternative for earlier approval, which would precede factory acceptance testing, for digital designs that are based on approved topical reports

  • The Modernization Plan #4A working group under the IAP worked with industry and internal stakeholders to improve the licensing process in ISG-06
  • ISG-06 revision results:

o The ISG-06 Rev. 1 Tier 1, 2, and 3 Review Process has been improved o A new Alternate Review Process has been introduced for earlier approval

10 Background

  • ISG-06 Rev. 1 Key Concepts
  • Tiers
  • Phases
  • ISG-06 Rev. 1 Lessons Learned and Industry Feedback

11 ISG-06 Rev. 1 - Key Concepts Tiers Tiers - a general guide for defining the scope or complexity of a review.

Tier 1 - license amendments proposing to reference a previously approved topical report.

Tier 2 - license amendments proposing to reference a previously approved topical report with deviations to suit the plant specific application.

Tier 3 - license amendments proposing to use a new digital I&C platform or component(s) not previously approved by an NRC topical report review.

12 ISG-06 Rev. 1 - Key Concepts Phases Phases - a general guide for defining the NRC staff activities to be performed during the review.

  • Phase 1 - Initial Application (LAR)
  • Phase 2 - Continued Review and Audit (Supplemental Information)
  • Phase 3 - Implementation and Inspection

13

  • ISG-06, Rev. 1 has been used to review the Diablo Canyon Plant Protection System DI&C LAR (ADAMS Accession No. ML16139A008), the Hope Creek Power Range Neutron Monitoring System LAR (ADAMS Accession No. ML17216A022), and DI&C topical report reviews
  • The concepts of tier labels and review phases are useful
  • The one-stop shop approach of Revision 1 created challenges:

o Duplication of SRP Chapter 7, IEEE Std 603 and IEEE Std 7-4.3.2 guidance o References to Regulatory Guides and other documents became outdated o Revision 1 focused more on specific documents, instead of the information needed to make the required regulatory findings ISG-06 Rev. 1 - Lessons Learned and Industry Feedback

14

  • The Tier 1, 2 and 3 Review Process could be further improved/streamlined
  • Industry has expressed concerns with ISG-06, Rev. 1:

o Significant resources are required for procuring, developing, and testing a full digital I&C design before the license amendment is issued

  • Staff lessons learned, and industry feedback on Revision 1 informed the development of ISG-06, Revision 2 ISG-06 Rev. 1 - Lessons Learned and Industry Feedback (Cont.)

15 15 Application Software Design, Implementation and Test Plans and Processes are Acceptable Application Specific System Design meets Regulatory Requirements Application System Development and Testing produced Acceptable Outputs ISG-06, Rev. 1 (current)

Tier 1, 2, and 3 Review Process ISG-06 Review Process Focus ISG-06, Rev. 2 Tier 1, 2, and 3 Review Process ISG-06, Rev. 2 Alternate Review Process Approved Platform Topical Report (Previously Approved)

Approved Platform Topical Report (Previously Approved for Tier 1 and 2)

(Concurrent Review for Tier 3)

Application Specific System Design meets Regulatory Requirements Application System Development and Testing produced Acceptable Outputs Approved Platform Topical Report (Previously Approved for Tier 1 and 2)

(Concurrent Review for Tier 3)

Application Software Design, Implementation and Test Plans and Processes are Acceptable Application Specific System Design meets Regulatory Requirements

16 NRC: Optional Regional Inspections of Site Activities Modification Concept and Phase 0 Meeting(s)

Implementation and Test Activities, including FAT Report NRC: LAR (Phase 1) and Phase 2 Review, and Regulatory Audit(s)

LAR Submitted Phase 1 Information Available Post FAT Licensee Activities, SAT LAR Submitted All Information to meet Regulatory Requirements Available NRC: LAR Review and Regulatory Audit(s)

Detailed HW & SW Design and Fabrication NRC: Optional Vendor Inspections of Implementation & Test Activities per License Conditions Comparison of Licensing and Oversight Activities Timeline High Level System Design, Planning Tier 1, 2, and 3 Review Process (Rev. 1 and 2)

Alternate Review Process (Rev. 2)

Licensee Activities

NRC: Optional Regional Inspections of Site Activities

LA Issued LA Issued Tier 1, 2, and 3 Licensee Activity:

Producing and Submitting Phase 2 Supplement Info (Not applicable to the Alternate Review Process)

Timeline

17 Characteristics of a LAR using the Alternate Review Process

  • The LAR would provide the necessary and sufficient design information to demonstrate regulatory compliance
  • The LAR would describe the licensees Vendor Oversight Plan that ensures the vendor executes the project consistent with the LAR and the requirements of the 2015 version of NQA 1, Part II Subpart 2.7 on Quality Assurance Requirements for Computer Software for Nuclear Facility Applications
  • The LAR would include appropriate commitments to complete plant specific actions that are included in the referenced topical report
  • The LAR would include appropriate commitments to complete lifecycle activities under the licensees QA program

18 Alternate Review Process:

Licensee Committments and License Conditions

  • The Alternate Review Process relies on the LARs containing licensing information and additional regulatory commitments to implement remaining development phases by the licensees QA program, after the license amendment is issued
  • The NRC staff may likely translate some of the regulatory-significant commitments into license conditions, as part of the approval (e.g., factory acceptance testing)

Section C.2 refers to the review guidance described in Sections D.1 through D.8 19 ISG-06 Rev. 2 Structure Section C Digital I&C Review Process Section D.1 Plant System Description Section D.2 System Architecture Section D.3 Hardware Equipment Qualification Section D.4 I&C System Development Processes Section D.5 Applying a Referenced TR Safety Evaluation Section D.6 Compliance Matrix for IEEE Stds 603 and 7 4.3.2 Section D.7 Technical Specifications Section D.8 Secure Development and Operational Environment Section C.2 Alternate Review Process Overview Section C.1 Tier 1, 2, and 3 Process Overview Section C.1 refers to the review guidance described in Sections D.1, and D.5 through D.9 Section A - Introduction Section B - Purpose Section D.1 Plant System Description Section D.5 Applying a Referenced TR Safety Evaluation Section D.6 Compliance Matrix for IEEE Stds 603 and 7 4.3.2 Section D.7 Technical Specifications Section D.8 Secure Development and Operational Environment Section D.9 Sections Applicable to Tier 1, 2, and 3 Reviews

20 ISG-06, Rev 2, Enclosure B Tables Tier Plant-Specific Information Submitted with License Amendment Request (Phase 1 for Tier 1, Tier 2, Tier 3)

AR 1

2 3

1.1 X

System Architecture (D.2) 1.2 X

(Summary of) Application Software Planning and Processes (D.4) 1.3 X

(Summary of) Hardware Equipment Qualification (D.3) 1.4 X

X X

Approved Topical Report Safety Evaluation (D.5) 1.5 X

X X

X System Description (D.1) 1.6 X

X X

X (Unified Compliance Matrix for) IEEE Stds 603 and 7-4.3.2 (D.6) 1.7 X

X X

X (Changes to) Technical Specifications (D.7) 1.8 X

X X

X Setpoint Methodology and Calculations (D.7) 1.9 X

X X

X Secure Development and Operational Environment (D.8) 1.10 X

X X

Software Requirements Specification (D.9.1) 1.11 X

X X

Software Design Specification (D.9.2) 1.12 X

X X

Design Analysis Reports for Platform Changes (D.9.3) 1.13 X

X X

System Response Time Analysis Report (D.9.7) 1.14 X

X Design Report on Computer Integrity, Test and Calibration, and Fault Detection (D.9.7) 1.15 X

Commercial-Grade Dedication Plan (D.9.10) 1.16 X

Quality Assurance Plan for Hardware (D.9.11) 1.17 X

Equipment Qualification Testing Plans (Including EMI, Temp., Humidity, and Seismic) (D.9.9) 1.18 X

(Summary of) Hardware Development Process (D.9.11)

Tier Phase 2 - Submitted before Requested Approval (Tier 1, Tier 2, Tier 3 only)

Note: This table does not apply to Alternate Review Process applications.

1 2

3 2.1 X

X X

Safety Analysis (D.9.4) 2.2 X

X X

As-Manufactured, System Configuration Documentation (D.9.5) 2.3 X

X X

Summary Test Reports (Including Test Results up to FAT) (D.9.6) 2.4 X

X X

System Response Time Confirmation Report (D.9.7) 2.5 X

X X

Reliability Analysis (D.9.7) 2.6 X

X X

System-Level Failure Modes and Effects Analysis (D.9.8) 2.7 X

X X

Qualification Test Methodologies (D.9.9) 2.8 X

X Platform-Level Failure Modes and Effects Analysis (D.9.8) 2.9 X

X (Summary of) EMI, Temp., Humidity, and Seismic Testing Results (D.9.9) 2.10 X

Commercial-Grade Dedication Report(s) (D.9.10)

21 Alternate Review Process:

System Architecture - Fundamental Design Principles

  • Four fundamental design principles integrated into Alternate Review Process

- Verify the design applies sufficient redundancy in the new architecture (ISG-06 Rev. 2, Section D.2.6.2.1)

- Verify the design demonstrate physical, electrical, data communications and functional independence in the new architecture (D.2.2, D.2.5, D.2.6.2.2)

- Verify design exhibits deterministic behavior (D.2.2.1, D.2.6.2.3)

- Verify the design has sufficient diversity and defense-in-depth in the new architecture to ensure safety is maintained in the event of a postulated common cause failure (D.2.6.2.4)

22 Alternate Review Process:

System Architecture - Simplicity

  • Simplicity in design included in Alternate Review Process (D.2.6.2.5)

- Application of simplicity in the new architecture (or lack thereof) and affect on four fundamental design principles.

- If design decisions result in added complexity, balance with benefits obtained.

23 Tier 1, 2, and 3 Review Process Alternate Review Process Document Submittals 2 Submittals (LAR - Phase 1) (Supplement - Phase 2) 1 Submittal (LAR)

Design Changes After LAR Submittal Design changes submitted during the Phase 2 review (before FAT) can be reviewed as part of the LAR review Design changes during Implementation and Testing phases will need to be performed under 10 CFR 50.59, or new LAR approval License Conditions None (Typically)

Potentially:

  • Implementation of high quality software development process (e.g., NQA-1-2015)
  • Vendor oversight
  • Resolution of plant specific action items identified in the topical report
  • Implementation and Test activities (e.g., FAT)

Inspection Scope

  • Regional Inspection of Post FAT Licensee Activities (e.g., Installation, Maintenance, Training, Operations, Plans, SAT)
  • Vendor Inspection of Implementation, Integration, and Test Activities (e.g. FAT)
  • Regional Inspection of Post FAT Licensee Activities (e.g., Installation, Maintenance, Training, Operations, Plans, SAT)

Licensing and Oversight Comparison Summary

24 Next Steps

  • ACRS Full Committee Briefing on June 6, 2018
  • Table top exercise with industry on June 13-14, 2018
  • Issue the draft ISG for formal public comment in July 2018

- LAR submittal from lead-plant using the alternate review process is expected in 2019

- Additional LAR submittals expected beyond 2019

  • Exercise ISG and incorporate into Standard Review Plan

25 Questions?

26 Acronyms ACRS - Advisory Commission on Reactor Safeguards ADAMS - Agencywide Document Access and Management System CCF - Common Cause Failure CFR - Code of Federal Regulations DI&C - Digital Instrumentation and Control EMI - Electromagnetic Interference FAT - Factory Acceptance Test IAP - Integrated Action Plan IEEE - Institute of Electrical and Electronics Engineers ISG - Interim Staff Guidance I&C - Instrumentation and Control LAR - License Amendment Request MP - Modernization Plan NEI - Nuclear Energy Institute NQA - Nuclear Quality Assurance NRC - Nuclear Regulatory Commission QA - Quality Assurance SAT - Site Acceptance Test SRM - Staff Requirements Memoranda SRP - Standard Review Plan SSC - Structures, systems, and components TR - Topical Report

Retrieved from "https://kanterella.com/w/index.php?title=ML18137A168&oldid=4993572"