ML18198A442
| ML18198A442 | |
| Person / Time | |
|---|---|
| Issue date: | 07/18/2018 |
| From: | Michael Corradini Advisory Committee on Reactor Safeguards |
| To: | Margaret Doane NRC/EDO |
| Weaver K | |
| References | |
| I&C-ISG-06, Rev 2 | |
| Download: ML18198A442 (5) | |
Text
UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555 - 0001 July 18, 2018 Ms. Margaret M. Doane Executive Director for Operations U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
SUBJECT:
DRAFT DIGITAL INSTRUMENTATION & CONTROLS INTERIM STAFF GUIDANCE, DIGITAL I&C-ISG-06, LICENSING PROCESS, REVISION 2
Dear Ms. Doane:
During the 655th meeting of the Advisory Committee on Reactor Safeguards, July 11-13, 2018, we met with representatives of the NRC staff to review the draft Digital Instrumentation &
Controls (DI&C) Interim Staff Guidance (ISG) Digital I&C-ISG-06, Licensing Process, Revision
- 2. Our Digital I&C Systems Subcommittee reviewed draft Digital I&C-ISG-06, Revision 2, and the other referenced documents during meetings on May 17, 2018 and June 20, 2018.
CONCLUSION AND RECOMMENDATION
- 1. Draft Digital I&C-ISG-06, Licensing Process, Revision 2, should be issued for public comment.
- 2. The staff should provide the draft final Digital I&C-ISG-06, Revision 2, for our review following resolution of public comments and address the configuration management concern before final publication.
BACKGROUND Digital I&C-ISG-06 defines the licensing process used to support the review of license amendment requests (LARs) associated with safety-related DI&C equipment modifications in operating plants and in new plants once they become operational. The ISG also describes the information and documentation the NRC staff will need for its review of LARs for DI&C upgrades at operating plants and when the information should be provided. The initial version of Digital I&C-ISG-06, Revision 1, was issued in 2011.
Digital I&C-ISG-06, Revision 1, divided the licensing review process into four phases:
Phase 0 - Pre-Application Meetings Phase 1 - Initial Application Phase 2 - Continued Review and Audit, and Phase 3 - Implementation and Inspection Within this phase structure, the ISG lays out three tiers, each corresponding to an expected level of complexity and correspondingly higher level of review. Tier 1 applies to LARs using a previously approved system with no deviations. Tier 2 applies to LARs using a previously approved system with deviations to suit the plant-specific situation. Tier 3 applies to LARs using a totally new system with no generic approval. Subsequent to its issuance, Digital I&C-ISG-06, Revision 1, was used to review the Diablo Canyon Plant Protection System DI&C LAR, the Hope Creek Power Range Neutron Monitoring System LAR, and other DI&C topical report reviews.
DISCUSSION Revision 2 to Digital I&C-ISG-06 incorporates lessons learned from DI&C LAR reviews that used Revision 1 of this ISG. For example, the one-stop shop approach of Revision 1 created challenges such as:
Duplication of NUREG-0800, Chapter 7, IEEE Standard 603, and IEEE Standard 7-4.3.2 guidance References to regulatory guides and other documents became outdated Focusing more on specific documents, instead of the information needed to make the required regulatory findings Industry concerns with Digital I&C-ISG-06, Revision 1, were that it Requires significant resources for procuring, developing, and testing a full DI&C design before the license amendment is issued Contains review criteria topical areas that are repetitive As a result, Digital I&C-ISG-06, Revision 2, Section D, Review Areas for the License Amendment Process, was reorganized and rephrased to enhance clarity. It retains the same basic periods of the LAR review used with some rephrasing into three Phases and a Post-License Amendment Issuance period:
Phase 0 - Pre-Application Meetings Phase 1 - Initial Application Phase 2 - Continued Review, and Post-License Amendment Issuance period However, the Tier 1, 2, and 3 review processes have been streamlined to reduce the number of docketed materials, while increasing the focus on the information required to reach a safety determination. The Tier 1, 2, 3 definitions have been clarified as follows:
Tier 1 applies to LARs proposing to reference an NRC-approved topical report on a DI&C platform or component(s) including hardware, software, and developmental tools within the envelope of its generic approval as described in the topical report. A Tier 1 review would rely on previous review efforts. Those documents already reviewed and approved by the NRC staff are not included in the Enclosure B list of required documents for submittal and would not be reviewed again.
Tier 2 applies to LARs proposing to reference an NRC-approved topical report with deviations to suit the specific application. Deviations could include, for example, a revised software development process or new hardware. Documents detailing the evaluation of deviations from the approved topical report should be submitted as part of the LAR.
Tier 3 applies to LARs proposing to use a new DI&C platform or component(s) that the NRC has not previously approved. A Tier 3 review will necessitate a complete review of the DI&C platform concurrent with the LAR.
Revision 2 also provides an Alternate Review Process that may be used that results in NRC approval of the LAR before completion of detailed design, implementation, or factory acceptance testing. The Alternate Review Process provides a single-step license amendment submittal process for licensee use. Similar to Tiers 1 and 2, the Alternate Review Process is applicable to LARs proposing to reference an NRC-approved topical report.
Enclosure B of Digital I&C-ISG-06, Revision 2, provides a table that delineates the review areas and documents needed for review for each of the four review processes as identified in Section D, Review Areas for the License Amendment Process.
While the ISG emphasizes software development and configuration management, it is largely silent on hardware configuration control and management. There is also a need for the licensee to take ownership of the system changes during the approval process to ensure that appropriate technical specification changes, maintenance, and operating procedures are put in place.
Unless the licensee takes ownership throughout the process, the gap can begin to widen between what the functional performance requirements document specifies, what the vendor is going to provide, and the impact on current plant processes and practice. The staff stated that they are evaluating how to address this configuration management concern.
The staff has ensured that four of the five fundamental digital design principles are addressed in the ISG. However, we remain concerned that the fifth critical fundamental design principle for the architecture design of DI&C applications, Control of Access, is not included. In addition to using design approaches and administrative controls to restrict internal plant access to systems, Control of Access also means preventing remote electronic access to in-plant systems and networks from sources external to the plant. Plant and system data transmission should be configured to be one-way from in-plant to external recipients using only hardware-based processes, which neither use nor are configured by software. This is a continuing concern. We urge the staff to formally incorporate this principle into the licensing design evaluation process.
SUMMARY
Draft Digital I&C-ISG-06, Licensing Process, Revision 2 should be issued for public comment.
The staff should provide the draft final Digital I&C-ISG-06, Revision 2, for our review following resolution of public comments and address the configuration management concern before final publication.
Sincerely,
/RA/
Michael Corradini Chairman REFERENCES
- 1. U.S. Nuclear Regulatory Commission, Draft Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 2, April 24, 2018 (ML18114A383).
- 2. U.S. Nuclear Regulatory Commission, Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 1, January 19, 2011 (ML110140103).
- 3. U.S. Nuclear Regulatory Commission, Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure, Revision 2, January 31, 2018 (ML17277B643).
- 4. U.S. Nuclear Regulatory Commission, NUREG-0800, Chapter 7, Branch Technical Position 7-19, Guidance for Evaluation of Diversity and Defense-in-Depth in Digital Computer-Based Instrumentation and Control Systems, Revision 7, August 2016 (ML16019A344).
- 5. Advisory Committee on Reactor Safeguards, Draft Final Digital Instrumentation &
Control Interim Staff Guidance-06: Licensing Process, October 20, 2010 (ML102850357).
- 6. U.S. Nuclear Regulatory Commission, Regulatory Issue Summary 2002-22, Supplement 1, Clarification on Endorsement of Nuclear Energy Institute Guidance in Designing Digital Upgrades in Instrumentation and Control Systems, May 31, 2018 (ML18143B633).
- 7. U.S. Nuclear Regulatory Commission, Regulatory Issue Summary 2016-05, Embedded Digital Devices in Safety-Related Systems, April 29, 2016 (ML15118A015).
SUMMARY
Draft Digital I&C-ISG-06, Licensing Process, Revision 2 should be issued for public comment.
The staff should provide the draft final Digital I&C-ISG-06, Revision 2, for our review following resolution of public comments and address the configuration management concern before final publication.
Sincerely,
/RA/
Michael Corradini Chairman REFERENCES
- 1. U.S. Nuclear Regulatory Commission, Draft Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 2, April 24, 2018 (ML18114A383).
- 2. U.S. Nuclear Regulatory Commission, Interim Staff Guidance DI&C-ISG-06, Licensing Process, Revision 1, January 19, 2011 (ML110140103).
- 3. U.S. Nuclear Regulatory Commission, Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure, Revision 2, January 31, 2018 (ML17277B643).
- 4. U.S. Nuclear Regulatory Commission, NUREG-0800, Chapter 7, Branch Technical Position 7-19, Guidance for Evaluation of Diversity and Defense-in-Depth in Digital Computer-Based Instrumentation and Control Systems, Revision 7, August 2016 (ML16019A344).
- 5. Advisory Committee on Reactor Safeguards, Draft Final Digital Instrumentation &
Control Interim Staff Guidance-06: Licensing Process, October 20, 2010 (ML102850357).
- 6. U.S. Nuclear Regulatory Commission, Regulatory Issue Summary 2002-22, Supplement 1, Clarification on Endorsement of Nuclear Energy Institute Guidance in Designing Digital Upgrades in Instrumentation and Control Systems, May 31, 2018 (ML18143B633).
- 7. U.S. Nuclear Regulatory Commission, Regulatory Issue Summary 2016-05, Embedded Digital Devices in Safety-Related Systems, April 29, 2016 (ML15118A015).
Accession No: ML18198A442 Publicly Available Y Sensitive N Viewing Rights:
NRC Users or ACRS Only or See Restricted distribution *via email OFFICE ACRS/TSB SUNSI Review ACRS/TSB ACRS ACRS NAME KWeaver*
KWeaver MBanks*
AVeil*
MCorradini (AVeil for)*
DATE 7/18/18 7/18/18 7/18/18 7/18/18 7/18/18 OFFICIAL RECORD COPY