Text

E-mail from NEI Feedback on Di&C Iap Revision 3
	ML18241A297
Person / Time
Site:	Nuclear Energy Institute
Issue date:	08/07/2018
From:	Hanson J; Nuclear Energy Institute
To:	Jason Paige; NRC/NRR/DLP/PLPB
	Paige J
Shared Package
ML18204A313	List: ML18204A314; ML18204A315; ML18241A297;
References
	Download: ML18241A297 (62)
	v • d • e

From: HANSON, Jerud To: Paige, Jason Cc: Benner, Eric; Rahn, David; REMER, Jason; AUSTGEN, Kati; Neil Archambo; ZACHARIAH, Thomas; ODESS-GILLETT, Warren; ASSARD, Maria; HANSON, Jerud

Subject:

[External_Sender] NEI Feedback on DI&C IAP, Rev. 3 Date: Tuesday, August 07, 2018 1:46:44 PM Attachments: NRC Staff Presentation for July 25 2018 Public Meeting - NEI Comments.pptx IAP Revision 2 Draft 12 29 17 - NEI Comments on MP3 (only).docx

Jason, Provided in the attachments are NEIs comments on the revised draft NRC DI&C IAP. The current version of the IAP was used for MP3 comments only while the rest of us used the slides provided for the public meeting. One general comment is that each of these activities should have a target date for issue resolution/final documentation issuance. You will notice in the feedback that this didnt seem clear in a couple of places.

Thank you for the opportunity to provide feedback and let me know if you have any questions.

Jerud Jerud E. Hanson l Sr. Project Manager, Life Extension & New Technology 1201 F Street, NW, Suite 1100 l Washington, DC 20004 P: 202.739.8053 M: 202.497.2051 nei.org This electronic message transmission contains information from the Nuclear Energy Institute, Inc. The information is intended solely for the use of the addressee and its use by any other person is not authorized. If you are not the intended recipient, you have received this communication in error, and any review, use, disclosure, copying or distribution of the contents of this communication is strictly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by telephone or by electronic mail and permanently delete the original message. IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

Sent through www.intermedia.com

Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure Update: 1/31/2018 NUCLEAR REGULATORY COMMISSION ML17277B643 Enclosure IAP - Revision 2

Contents Summary ..................................................................................................................................... 5 1.0 Introduction ............................................................................................................................ 6 2.0 Background ........................................................................................................................... 6 3.0 Updating Processes for this Integrated Action Plan ............................................................... 7 4.0 Detailed Modernization Plans ................................................................................................ 8 MP #1. Protection against Common Cause Failure ................................................................10 Introduction..........................................................................................................................10 Background .........................................................................................................................10 Objectives............................................................................................................................12 Actions ................................................................................................................................13 Status ..................................................................................................................................15 Potential Regulatory Challenges and Policy Issues .............................................................16 Interactions with other Action Plan Items .............................................................................16 MP #2. Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59.....16 Introduction..........................................................................................................................16 Background .........................................................................................................................16 Objectives............................................................................................................................17 Actions ................................................................................................................................18 Status ..................................................................................................................................18 Potential Regulatory Challenges and Policy Issues .............................................................19 Interactions with Other Action Plan Items ............................................................................19 MP #3. Acceptance of Digital Equipment ...............................................................................19 Introduction..........................................................................................................................19 Background .........................................................................................................................20 Objectives............................................................................................................................21 Actions ................................................................................................................................21 Status ..................................................................................................................................22 Potential Regulatory Challenges and Policy Issues .............................................................23 Interactions with other Action Plan Items .............................................................................23 MP #4. Assessment for Modernization of the Instrumentation & Controls Regulatory Infrastructure.........................................................................................................................23 Introduction..........................................................................................................................23 ML17277B643 2 IAP - Revision 2

Background .........................................................................................................................24 Objectives............................................................................................................................24 Actions ................................................................................................................................25 Status ..................................................................................................................................27 Potential Regulatory Challenges and Policy Issues .............................................................27 Interactions with other Action Plan Items .............................................................................28 Appendix A .............................................................................................................................. 1 ML17277B643 3 IAP - Revision 2

Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure Concurrence ADAMS ACCESSION No: ML17277B643 *concurrence via e-mail OFFICE NRR/DLP/PLPB QTE* NRR/DLP/PLPB NRR/DE/EICB NRO/DEI/ICE NAME LWilkins DMorey MWaters IJung DATE OFFICE NRO/DCIP/CIPB RES/DE NRO/DEI NRR/DE NAME RJenkins BThomas RCaldwell EBenner DATE ML17277B643 4 IAP - Revision 2

Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure Summary As identified in SECY-16-0070 1, the U.S. Nuclear Regulatory Commission (NRC or the Commission) staff continues to update and modify the integrated action plan (IAP) as a living document. This revision to the IAP maintains Staff Requirements Memorandum (SRM) to SECY-15-0106 2, direction to develop an integrated strategy to modernize the NRC's digital instrumentation and control (l&C) regulatory infrastructure. Additionally, consistent with Commission direction, this revision updates the strategy for engaging external stakeholders to reach a common understanding of digital I&C regulatory challenges, priorities, and potential solutions to address them. The plan considers the broad context of digital l&C regulatory challenges and includes related activities being pursued by the staff. The plan has been revised using NRC staff and external stakeholder input. In resolving the regulatory challenges, the plan continues to provide for frequent public and stakeholder interactions. A senior management steering committee (SC) oversees the resolution of digital I&C regulatory challenges identified within the plan. As the IAP is implemented and the modernization plans are accomplished, the staff will submit any recommended changes to NRC policies to the Commission.

The staff, in coordination with stakeholders, continues to update key topics including (Protection Against Common Cause Failure, Digital I&C Upgrades and Replacements under Title 10 of the Code of Federal Regulations (10 CFR) Section 50.59, and Commercial Grade Dedication of Off-the-Shelf Digital Equipment for Safety Related Applications), and Licensing Process Improvements that have the greatest tactical impact, in the near-term, in addressing regulatory challenges and improving timeliness, efficiency, and effectiveness. These key topics have resulted in corresponding detailed modernization programs that are defined herein. The staff will prioritize and implement the regulatory activities, including building upon those in the first three key topics, needed to provide tactical regulatory clarity and support industry confidence to perform digital I&C upgrades.

The longer-term goal is to evaluate and strategically implement the follow-on steps for continued improvement of the NRCs digital I&C regulatory infrastructure. The infrastructure improvements will result in a state in which the nuclear power industry can perform digital upgrades under 10 CFR 50.59 licensing process or, where necessary, obtain regulatory approval to use digital technology that provides for adequate safety and security through processes that are efficient, minimize uncertainty, and can be consistently applied across different technologies. The staff will review and modify the current regulatory infrastructure to be more performance-based and flexible by using new methods in the most effective way and updating the regulatory infrastructure to acknowledge changes in the technology, the way it is developed, and how it is used. The staff will evaluate the results of implementation of the tactical activities and, with continued stakeholder interaction, will develop a performance-based, 1

SECY-16-0070, Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure (Agencywide Documents Access and Management System (ADAMS) Accession No. ML16126A140) 2 SRM-SECY-15-0106, Proposed Rule: Incorporation by Reference of Institute of Electrical and Electronics Engineers Standard 603-2009, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, (ADAMS Accession No. ML16056A614).

ML17277B643 5 IAP - Revision 2

technology-neutral regulatory infrastructure that will anticipate the evolution and future development of digital I&C technology as it is applied to nuclear technologies.

For the longer-term items (Modernization of the Digital I&C Regulatory Infrastructure), the staff will identify actions needed to implement a simpler, streamlined, scalable, and agile I&C regulatory infrastructure that will reduce the implementation risks by allowing NRC approval earlier in the process.

This effort will also improve the clarity of the priorities and sequencing of further improvements with consideration of the objectives of transparency, regulatory stability and predictability, effective consideration of the cumulative effects of regulation, and efficient and effective use of limited NRC resources.

The staff developed a strategy to modernize the NRCs regulatory infrastructure. This strategy will serve as a learning platform, to identify needs for future improvements in NRCs regulatory and guidance framework and acknowledge ongoing changes in the technology. The staff will engage the public and relevant stakeholders in the improvement of license reviews and other regulatory processes to develop a performance based, technology-neutral regulatory infrastructure.

The details of this updated plan continue to reflect the integrated strategy consistent with the Commission-directed attributes in SRM-SECY-15-0106 as listed in Section 2.0 of this document.

This IAP is a living document. It is updated based on progress made on related activities and modified, if necessary, based on Commission direction and new information.

1.0 Introduction This document provides the staffs IAP for modernizing the digital I&C regulatory infrastructure as approved by the Commission in SRM-SECY-16-0070. This IAP will ensure safety and security while improving the predictability and consistency of the agencys regulatory process for licensing and oversight of digital I&C systems. This plan builds upon ongoing regulatory activities, stakeholder feedback concerning the previous version of the action plan, and specific Commission direction in SRM-SECY-15-0106 to modernize the digital I&C regulatory infrastructure. The staff is working with industry to produce implementable guidance for use in January 2018.

2.0 Background

On February 25, 2016, the Commission issued SRM-SECY-15-0106, which disapproved the staff's recommendation to publish for comment in the Federal Register a proposed rule which would incorporate by reference into 10 CFR 50.55a the Institute of Electrical and Electronics Engineers (IEEE) Standard (Std.) 603-2009, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations. This proposed rule had included, along with the incorporation by reference of IEEE Std. 603-2009, additional conditions for addressing digital hazards analysis, independence, and digital communications.

In the SRM, the Commission directed the staff to develop an integrated strategy, with proposed implementation milestones, to modernize the NRC's digital I&C regulatory infrastructure. In developing an IAP, the Commission directed the staff to consider the broader context of digital ML17277B643 6 IAP - Revision 2

I&C regulatory challenges and include all related activities being pursued by the staff including incorporation by reference of IEEE Std. 603-2009, updates to the policy on common cause failure (CCF) in SRM-SECY-93-087, and development of guidance for 10 CFR 50.59 evaluations of digital I&C upgrades.

The Commission also directed the staff to engage in public workshops and meetings with the relevant IEEE standards setting committee, licensees, vendors, and other external stakeholders to reach a common understanding of the digital I&C regulatory challenges, priorities, and potential solutions to address them. The Commission also directed the development of the plan to be guided by the following principles:

The staff's plan should include the establishment of a senior management SC to oversee resolution of digital I&C regulatory challenges.

Any new or revised requirements addressed in the action plan should be performance-based rather than prescriptive.

Digital I&C safety requirements should be technology neutral, however, guidance should be tailored, if necessary.

The same requirements should apply to operating and new reactors.

The guidance should focus on acceptable approaches to complying with requirements and may include specific technology-focused provisions. If only one approach is acceptable to the staff to ensure safety based on current understanding, and this approach is appropriately technology neutral and performance-based, then it should be included in a requirement rather than in guidance.

The NRC requirements and guidance should not pose an unnecessary impediment to advancement in nuclear applications of digital technology.

On October 25, 2016, the Commission issued SRM-SECY-16-0070 3, which approved the implementation of the staffs IAP to modernize the NRCs digital instrumentation and control regulatory infrastructure. As identified in the above text, this plan includes continued engagement with stakeholders on the development of the 2018 version of IEEE Std. 603, in lieu of adopting the 2009 standard.

3.0 Updating Processes for this Integrated Action Plan The digital I&C SC was established to provide senior management oversight of the formulation of the strategy and execution of this action plan to modernize the digital I&C regulatory infrastructure.

The SC is comprised of division directors with management responsibility for I&C technology in the Office of Nuclear Reactor Regulation (Chairperson), Office of New Reactors, and the Office of Nuclear Regulatory Research. The SC is supplemented as needed with members from the Office of Nuclear Material Safety and Safeguards (NMSS) and the Office of Nuclear Security and Incident Response (NSIR). The SC ensures appropriate management focus on the resolution of regulatory issues and enhancement initiatives.

The SC will periodically assess the status and effectiveness of this IAP consistent with the Commission direction in SRM-SECY-15-0106, and evaluate the progress of meeting the overall objectives of the modernization of the NRCs I&C regulatory infrastructure. The SC will be 3

SRM-SECY-16-0070, Staff Requirements - SECY-16-0070 - Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure (ADAMS Accession No. ML16299A157)

ML17277B643 7 IAP - Revision 2

supported by managers and staff in the offices with expertise and shared responsibility in the field of digital I&C. This IAP will be implemented and updated by the respective NRC line organizations under the supervision of the SC. Ownership of each modernization plan will be assigned to appropriate NRC office leads. This IAP will be updated semi-annually to indicate progress made within each activity, so that the document can also be used as a reporting/briefing tool. Changes to the modernization plans that are identified during these periodic reviews shall be agreed upon by the SC.

4.0 Detailed Modernization Plans The following four Modernization Plans (MPs) will be used to resolve regulatory challenges, provide confidence to licensees, and modernize the I&C regulatory infrastructure. Detailed plans have been developed for each activity and updated for this revision based on lessons learned and interfaces between NRC Offices and industry stakeholders. These activities are inter-related and the NRC working groups will ensure integration and coordination on common issues.

1. Protection against Common Cause Failure. This modernization plan addresses developing guidance for using effective qualitative assessments of the likelihood of failures, along with coping and/or bounding analysis for addressing CCFs, use of defensive design measures for eliminating CCF from further consideration, and staff evaluation of the NRCs existing positions on defense against CCF. The NRCs current position on CCF is guided by SRM-SECY-93-087 and Standard Review Plan (SRP)

Branch Technical Position (BTP) 7-19. The NRCs current position allows the use of sufficient diversity and simple designs which provide for complete testability of components to eliminate the potential for software CCF from further consideration in a defense-in-depth and diversity analysis. However, the current guidance is not clear regarding the applicability of criteria for using coping analysis and other defensive measures for eliminating CCF from further consideration.

Based on continuous reevaluations of work scope and priorities, MP #1 has been divided into the following sub-sections to allow for focused product development:

A. Develop clarifying guidance for evaluating (using a qualitative assessment process) and documenting the proposed use of design attributes, and quality design processes to address CCF when replacing or modifying lower risk-significant safety system auxiliary and/or support digital I&C systems (e.g., chiller control systems) under 10 CFR 50.59.

B. Evaluate NEIs proposed guidance in NEI 16-16 for addressing CCF in digital I&C systems, based on the application of key design measures for preventing, limiting, or mitigating the effects of potential CCF that are to be incorporated during the development process.

C. Propose modifications to NRCs current position on protection of digital I&C systems and components against CCF. This modification will include: (1) a clarification of the scope of systems intended to be addressed under the position; and (2) examination of the technical acceptability for using a graded approach based on risk significance or safety significance.

ML17277B643 8 IAP - Revision 2

2. Considering Digital Instrumentation & Controls in accordance with 10 CFR 50.59.

This activity addresses the need for clarity of mutual industry and staff understanding that NRC guidance is being properly translated into industry actions for performing 10 CFR 50.59 evaluations of proposed digital I&C plant modifications. Under existing guidance for the 10 CFR 50.59 screening and evaluation of digital I&C systems, several licensees have improperly performed or documented the technical bases for 10 CFR 50.59 analyses for modifications of I&C systems using digital technologies. Industry stakeholders have stated they are hesitant to pursue the deployment of digital I&C upgrades through changes under the 10 CFR 50.59 process because of regulatory uncertainty. The objective of this effort is to ensure there is adequate guidance with sufficient clarity for staff and stakeholder understanding of how to adequately document the performance of 10 CFR 50.59 evaluations of digital I&C upgrades.

3. Acceptance of Digital Equipment. This activity will support improved guidance for acceptance of commercial grade digital equipment. Many digital I&C and other digital equipment that is readily available in the marketplace was not designed specifically for use in nuclear facilities and has not been designed, developed, and fabricated in accordance with NRC quality assurance criteria (as defined in Appendix B to 10 CFR Part 50).

This plan consists of activities intended to evaluate the suitability of additional guidance and industry standards to determine whether the NRC should accept third party certifications based on industry consensus standards to accept address the dependability critical characteristics aspects of commercial grade digital equipment for use in nuclear safety-related applications.

The staff recently endorsed guidance for the commercial grade dedication (CGD) acceptance method in RG 1.164, Dedication of Commercial-Grade Items for Use in Nuclear Power Plants (previously draft guide (DG)-1292), including specific reference to digital equipment. The staff will engage with stakeholders to better understand current challenges, potential benefits, and evaluate recommended solutions concerning acceptance of commercial grade digital equipment.

4. Modernization of the Instrumentation & Control Regulatory Infrastructure. The objective of this effort is to perform a comprehensive modernization assessment to identify further improvements to the regulatory infrastructure (regulations and guidance) and develop plans for accomplishing such improvements. The staff will assess progress on the first three MPs in the action plan and the list of topics provided in Appendix A of this plan to determine the appropriate sequencing of activities based on meeting the following key objectives:

A. Prioritize and implement the complete set of regulatory activities, including building upon those in the first three MPs, needed to provide tactical regulatory clarity and support industry confidence to perform digital I&C upgrades. These activities will include but may not be limited to: a) implementing an updated CCF position into technical guidance for use both in concert with endorsed 10 CFR 50.59 change authority guidance and additional licensing guidance improvements, b) improving licensing guidance through evaluating lessons learned from review of license applications, and reconsidering the need for inclusion of factory acceptance test results within the scope of supporting application material, and c) developing ML17277B643 9 IAP - Revision 2

inspection guidance for digital I&C upgrades performed under 10 CFR 50.59 and license application approvals.

The staff has initially identified these additional topic areas as being necessary to meet objective 4A and will seek stakeholder feedback in identifying the complete list of activities from its review of all activities listed in Appendix A. The staff will develop detailed schedules for additional, high-priority tactical topics during the comprehensive modernization assessment.

The staff will implement revised guidance to improve the efficiency of the license application review process. Also, the staff will work with industry stakeholders to identify efficiency metrics for new application reviews. The staff is updating the guidance in Digital I&C Interim Staff Guidance (DI&C-ISG)-06, Licensing Process as a specific tactical activity to streamline the efficiency and effectiveness of licensing reviews.

B. Identify actions needed to implement a simpler, streamlined, and agile I&C regulatory infrastructure that will ensure safety and security while effectively addressing larger scale digital I&C upgrades to operating reactors and the I&C designs for new and advanced reactors. The outcome will also improve clarity regarding the interrelationships between the regulatory issues, the priorities and sequencing of further improvements, and the supporting research that is needed to accomplish such improvements to meet both objectives.

Completion of the modernization efforts will ensure safety and security and result in greater regulatory efficiency, predictability, and agility in addressing strategic digital I&C applications by the nuclear industry. Both the tactical and strategic goals of the IAP involve the development of technical bases to support resolution of identified technical issues. The development of the technical basis to support the comprehensive modernization activities in MP #4B will likely require relatively greater research activities.

MP #1. Protection against Common Cause Failure Introduction This modernization plan describes the activities and schedule for addressing methods for evaluating the potential for a CCF, which could lead to safety-significant consequences. The occurrence of CCF can compromise functional independence across redundant channels or divisions, across echelons of defense, across operator displays and monitored elements, and other layers of defense. As part of modernizing the NRCs digital I&C regulatory infrastructure, the staff is evaluating the NRCs existing positions on acceptable defenses against CCF within digital I&C systems and measures that can be applied to prevent, or mitigate against postulated CCF events occurring within digital I&C safety and non-safety systems.

Background

The Commission provided its current direction to the staff regarding protection against CCF in Digital I&C systems in its Staff Requirements Memorandum SRM-SECY-93-087 item II.Q. The SRM provides specific acceptance criteria for the evaluation of CCF, which the staff implemented in SRP BTP 7-19. Item II.Q of the SRM includes the following position: The applicant shall assess the defense-in-depth and diversity of the proposed instrumentation and ML17277B643 10 IAP - Revision 2

control system to demonstrate that vulnerabilities to common mode failures have adequately been addressed. The intent behind the application of the defense-in-depth and diversity (D3) philosophy in digital I&C safety systems is to protect against residual unknowns (beyond design basis) such as latent engineering development (including software) deficiencies.

SRM-SECY-93-087 does not specify the criteria which must be evaluated to eliminate from further consideration the potential of a latent software deficiency in a defense-in-depth and diversity analysis. However, the staff review guidance in SRP BTP 7-19 includes two criteria, which, if satisfied, can be used to eliminate from further consideration the potential for software CCF, based on a demonstration that adequate internal diversity exists, or based on assurance that the systems are sufficiently simple that all possible logic failure paths can be tested for and shown to be non-existent. The staffs position was last communicated to the Commission in SECY-09-0061, Status of the Nuclear Regulatory Commission Staff Efforts to Improve the Predictability and Effectiveness of Digital Instrumentation and Control Reviews (ADAMS Accession No. ML090790409).

Representatives of the nuclear industry (hereinafter referred to as industry) have stated that the current digital I&C licensing and oversight process for power and non-power reactors is cumbersome, inefficient, and/or unpredictable. In particular, they have suggested the current guidance to perform digital I&C plant modifications is insufficiently detailed regarding: a) how to address the potential for introduction of new forms of CCF (e.g., potential plant vulnerabilities from having identical redundant digital I&C divisions, or mistakes made or errors introduced by processes for implementing configuration changes); b) how to acceptably analyze and document the safety impact of any new instances of potential CCF; and c) how conclusions from this analysis may be acceptably applied in licensing activities.

Further, licensees have stated that the current regulatory treatment and acceptance criteria dealing with the potential for CCF in the analysis of digital I&C systems has been problematic.

Specifically, they have stated that the proper application of the screening criteria for simple systems as identified in SRP BTP 7-19 regarding 100% testability, and the lack of a graded approach based on risk significance or safety significance, place a high burden for demonstrating that adequate digital I&C system development processes have been employed -

especially for systems containing local embedded digital I&C components. Therefore, the resolution of CCF concerns is the lead technical issue and a critical enabler for successfully addressing other issues related to digital I&C. Industry stakeholders are seeking clearer NRC staff guidance on methods for analysis of the potential for CCF of digital I&C systems. In addition, industry is seeking a more risk-informed, consequence-based regulatory infrastructure that removes uncertainty, ambiguity, and overlap in requirements and enables technical consistency.

In April 2016, industry submitted its comments to the draft digital I&C IAP which included recommendations to resolve CCF concerns. Industry agrees with the staff that review of the CCF concerns is a high-priority regulatory issue. In its recommendations, industry proposed use of and greater reliance upon development practices and deterministic defensive measures within digital I&C systems to minimize the impact of potential CCF. Specifically, they suggested the staff credit development practices and deterministic defensive measures within digital I&C systems that play a part in assuring that CCF will be unlikely.

The staff previously endorsed NEI-developed guidance (NEI 01-01, Guideline on Licensing Digital Upgrades: EPRI [Electric Power Research Institute] TR [Technical Report] -102348, Revision 1, NEI 01-01: A Revision of EPRI TR-102348 to Reflect Changes to the 10 CFR 50.59

[Code of Federal Regulations, Title 10, Section 50.59, Changes, tests and experiments]

ML17277B643 11 IAP - Revision 2

Rule.). This document provides guidance for designing, implementing, and licensing plant modifications that employ digital I&C components and systems. In its endorsement of the use of that guidance (Regulatory Issue Summary (RIS) 2002-22, ADAMS Accession No. ML023160044), the staff found the guidance to be acceptable for designing a digital replacement for equipment currently installed, and for determining whether the modification can be implemented under 10 CFR 50.59 without prior staff approval. However, during inspections of modification documentation prepared by some licensees, the staff has found inconsistencies in the evaluation of proposed modifications and inadequacies in the documentation of the technical bases for responses made to the 10 CFR 50.59 evaluation criteria. The staff plans to clarify its previous endorsement of the NEI 01-01 guidance by providing additional guidance for developing and documenting acceptable qualitative assessments of the characteristics of proposed designs that may be used, to credit proposed system critical design attributes, quality processes employed, inherent system level defense-in-depth, and available operating history when assessing the likelihood of failure of the proposed digital modification while performing evaluations of the proposed modification under 10 CFR 50.59. This clarification of the staffs previous endorsement of NEI 01-01 will appear in RIS 2002-22, Supplement 1, which is now under development. This document has been issued via the Federal Register for public comments. In all, 13 sets of public comments totaling more than 100 comments were received in response. The staff is currently updating this supplemental guidance to address the public and stakeholder comments.

The staff also plans to evaluate an industry-proposed guidance document outlining a technical basis for application of such development practices and defensive measures. The staff is attempting to ascertain how the effectiveness of applying such measures may be assessed, and whether the criteria and methodology for crediting them can be consistently applied. Also, industry representatives recommended the use of previous plant licensing basis analyses to demonstrate that the consequences of a potential CCF are bounded.

The staff will consider the recommendations proposed by industry as part of the broader effort to develop a technical basis evaluating the current NRC position and evaluation of the alternatives available to resolve CCF concerns.

Objectives The objectives of MP #1 are to:

A. Produce durable guidance for evaluating and documenting the proposed use of design attributes, quality design processes, operating history to address CCF when replacing or modifying lower risk-significant safety system auxiliary and/or support digital I&C systems (e.g., main control room chiller control systems), in the form of a supplement to RIS 2002-22, clarifying the staffs previous endorsement of NEI 01-01. This RIS supplement is aimed at supporting the upgrade of lower risk-significant digital upgrades under 10 CFR 50.59, and is not intended to address potential CCF evaluation issues associated with the implementation of protection systems or I&C-based engineered safety features initiation logic systems, which are addressed in SRP BTP 7-19 and NUREG/CR-6303, Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems. This guidance will identify clarifications to the staffs endorsement of currently used digital I&C CCF technical evaluation process guidance for use by NRC and licensees.

B. Evaluate NEIs proposed guidance in NEI 16-16 for addressing CCF in digital I&C ML17277B643 12 IAP - Revision 2

systems, based on the application of key design measures for preventing, limiting, or mitigating CCF that are incorporated during the development process. NRC staff will evaluate the industry proposal to use such defensive design measures, as described in NEI 16-16, to ascertain whether there is adequate technical justification to preclude the need for performance of a D3 analysis for lower risk and safety significant applications. The staff will evaluate the acceptability for use of a graded approach based on the risk significance of potential CCF. The staff will also evaluate the proposed guidance for assessing credible CCF malfunctions with coping and bounding assessments. If industrys proposal is deemed technically acceptable and provides reasonable assurance of adequate protection, the NRC staff will develop a document to convey its endorsement, in whole or in part, of the NEI 16-16 guidance.

C. Propose modifications to NRCs current position on protection of digital I&C systems and components against CCF. This modification will include: (1) a clarification of the scope of systems intended to be addressed under the position; and (2) examination of the technical acceptability for using a graded approach based on risk significance or safety significance. The results of activities completed while addressing MP #1 Objectives A and B will be included with the results of the staffs examination of the NRCs current position.

Actions The NRC staff will engage industry through workshops and public meetings to discuss its findings and refine the project plan as needed. As part of the activities below, the staff will take into consideration applicable information within NEI 16-16 in developing relevant guidance.

NEI 16-16 describes a set of methods to assess and address CCF concerns.

The industry acknowledges that the document may be segmented to allow agreement on certain topics (e.g., scope, coping analysis, and bounded results) in the near term while other topics (e.g., design measures that result in reasonable assurance of adequate protection against a potential CCF) may be evaluated over a longer term schedule. In addition, once finalized, NEI intends to submit NEI 16-16 for NRCs review and potential endorsement.

MP #1. Protection Against Common Cause Failure Activities for Each Objective Schedule A. Guidance for developing and documenting acceptable qualitative assessments crediting the proposed design attributes, quality measures, operating history in support of 10 CFR 50.59 evaluations of proposed digital I&C modifications A.1 Prepare preliminary drafts of RIS 2017-XX, clarifying the March 6-27, 2017 (c) staffs previous endorsement of NEI 01-01 A.2 Share preliminary drafts with NEI/Stakeholders/Public March 28, 2017 (c)

ADAMS ahead of 1st public meeting A.3 Discuss NRC strategy and concepts with NEI/industry March 30, 2017 (c) stakeholders at public meeting A.4 Issue subsequent drafts of RIS in support of next public April 5-18, 2017 (c) working-level meeting A.5 Hold public working-level meeting to discuss NEI/industry April 20, 2017 (c) stakeholder comments ML17277B643 13 IAP - Revision 2

MP #1. Protection Against Common Cause Failure Activities for Each Objective Schedule A.6 Address/Resolve NEI/industry comments, perform legal April 21 - July 1, 2017 reviews (c)

A.7 Federal Register Notice to issue proposed RIS for public July 3, 2017(c) comments A.8 Informational Brief to Advisor Committee on Reactor May 17, 2017 (c)

Safeguards (ACRS) on RIS A.9 Formal public comment period July 3 - August 16, 2017 (c)

A.10 Public Workshop to Work Through Examples of Qualitative August 2, 2017 (c)

Assessments A.11 Resolve public comments August 17 - September 30, 2017(c)

A.12 Public Comment Resolution Meeting October 2017 (c)

A.13 Develop final version of RIS October - November 2017 (c)

A.14 Issue final RIS version for use January 2018 4 B. Evaluation of NEI 16-16.

B.1 Begin staff evaluation of NEI 16-16 [Draft 1] received December 2016 (c) 12/22/2016 and develop staff comments/gap analysis.

B.2 Meeting to discuss NEIs plans for completion of CCF February 8-9 2017 (c) likelihood technical basis, associated defensive measures, Appendices, and the balance of NEI 16-16 content.

B.3 NRC to provide comments on NEI 16-16 [Draft 1] March 13, 2017 (c)

B.4 Meeting to discuss and clarify NRC comments on NEI 16- March 29, 2017 (c) 16 [Draft 1]

B.5 Meeting to preview Appendix A content to be included in April 11, 2017 (c)

Draft 2 of NEI 16-16.

B.6 NEI to deliver NEI 16-16 [Draft 2], including technical basis, May 12, 2017 (c) examples, and Appendices.

B.7 NRC staff to review and provide comment on NEI 16-16 July 14, 2017 (c)

[Draft 2].

B.8 Meeting to discuss NRC comments on NEI 16-16 [Draft 2] September 7, 2017 (c)

B.9 Meetings to discuss methodology, content, and technical November - January basis of NEI 16-16. 2017 B.10 Meeting to discuss NRC comments on NEI 16-16 [Draft 2] November 2, 2017 (c)

B.11 Teleconference Call/Webinar on NEI 16-16 [Draft 2] November 29, 2017 (c)

B.12 5 Public Meeting on NEI 16-16 [Draft 2] December 13, 2017 4 Issuance has been delayed from the original date of November 2017, in order to further improve clarity on the relationship of 50.59 criteria, supporting technical evaluations, and qualitative assessment documentation.

5 Activities beyond B.12 are subject to change. Activities beyond B.9 are dependent on the staff and NEI reaching alignment on key issues related to NEI 16-16 following the November 2, 2017 public meeting.

ML17277B643 14 IAP - Revision 2

MP #1. Protection Against Common Cause Failure Activities for Each Objective Schedule B.13 NRC to deliver final comments on NEI 16-16 [Draft 2], February 1, 2018 Appendix A B.14 Conference Call to clarify comments on Appendix A February 2018 B.15 NEI to deliver NEI 16-16 [Draft 3]. February 2018 B.16 NRC endorsement decision based on NEI 16-16 [Draft 3]. March 2018 B.17 NEI to submit NEI 16-16 Rev. 0 April 2018 B.18 Release NRC Regulatory Guide Draft for public comment March 2018 B.19 Present to ACRS Subcommittee and April 03, 2018 ACRS Committee May 3-4, 2018 B.20 Present to Commission (status of NEI 16-16 review June 2018 available to Commission because related to CCF policy development)

B.21 Adjustments of NEI 16-16 and Regulatory Guide draft post July-September 2018 Commission direction with regard?

B.22 Public Meetings (if needed) on Draft Regulatory Guide August - November 2018 B.23 Issuance of Regulatory Guide endorsing NEI 16-16. February 2019 C. Evaluate NRCs current position on defense against CCF in digital I&C systems and components C.1 Begin staff review to identify specific aspects of NRCs April - July 2017 (c) position on CCF and communicate any policy issues that need to be modified. Meet with DI&C Steering Committee and other stakeholders as needed.

C.2 Develop and finalize list of specific aspects of NRCs April - August 2017(c) position on CCF impacted by review of NEI 16-16 draft updates and alert Commission of policy issues that will require attention.

C.3 Begin development of SECY on recommendations September 2017 -

regarding NRC policy to protect digital I&C systems against October 2017 (c)

CCF concerns.

C.4 Produce SECY Draft December 15, 2017 C.5 Produce enclosure(s) to support NRCs policy November 2017 -

recommendations in SECY. January 2018 C.6 Engage outside peer reviewer to assess staffs findings. February - April 2018 C.7 Present to ACRS DI&C Subcommittee. April 3, 2018 Present to Full ACRS Committee. May 3 - 4, 2018 C.8 Submit SECY paper (with technical basis document) June 2018 identifying proposed position to address CCF concerns in digital systems to the Commission.

C.9 Implement resolution as determined by the Commission. June - September 2018 Note: (c) indicates completed activity.

Status (As of December 15, 2017)

ML17277B643 15 IAP - Revision 2

The staff continues to have public meetings with NEI and external stakeholders. The NRC and industry have agreed to establish a high priority to the completion of activities for Objective A, with the activities for Objectives B and C in parallel and completing as soon as practical thereafter.

Potential Regulatory Challenges and Policy Issues Any change or affirmation of the current NRC CCF position is considered to be a potential policy issue that is to be coordinated through the Commission. The staff will prepare a SECY paper describing staffs recommendation. The staff will also get direction from the Commission if any additional potential policy issues are identified when implementing this activity.

Potential actions for addressing CCF issues will have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.

Staff actions will be impacted if industry does not participate or is untimely with its deliverables as described in the above activities.

Interactions with other Action Plan Items CCF of digital I&C systems is an important aspect supporting the working group responsible for improving licensee guidance for replacing or modifying digital I&C using the 10 CFR 50.59 process (MP #2). In particular, the guidance being developed in activities for Objective (A) to address CCF in low significant digital auxiliary and support safety systems (e.g., chillers) or non-safety systems requires close coordination with MP #2.

Implementation of the resolution of CCF as identified in the SECY paper will be addressed in MP #4.

MP #2. Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59 Introduction This action plan describes the activities and schedule for improving guidance regarding digital I&C modifications using the 10 CFR 50.59 change process. These activities will address the need for mutual clarity between industry and NRC staff to ensure NRC guidance is being properly translated into industry actions while performing 10 CFR 50.59 screening and evaluations for potential digital I&C plant modifications.

This action plan applies to operating reactors, new reactors, non-power production, and utilization facilities (e.g., research and test reactors and medical isotope processing facilities).

Overall, the goal of these actions is to reduce licensing uncertainty and provide clarity on the regulatory process.

Background

Inadequate guidance for the 10 CFR 50.59 screening and evaluation of digital I&C systems has contributed to several licensees having improperly performed 10 CFR 50.59 evaluations for modifications of I&C systems using digital technologies. The current guidance addresses both ML17277B643 16 IAP - Revision 2

10 CFR 50.59 licensing positions and technical methodologies, which has resulted in ambiguity on key evaluation issues such as CCF in digital modifications. The staff held several public meetings with industry representatives on this subject, and indicated where the industry guidance should be improved. Industry representatives stated that they are hesitant to pursue the deployment of digital I&C upgrades through changes under the 10 CFR 50.59 process because of regulatory uncertainty and a lack of clarity in the regulatory process.

Regulatory Guide 1.187, Guidance for Implementation of 10 CFR 50.59, Changes, Tests, and Experiments, provides the staffs endorsement of industry guidance for evaluating the impact on plant safety analyses for plant modifications performed under 10 CFR 50.59. The objectives of 10 CFR 50.59 are to ensure that licensees: (1) evaluate proposed changes to their facilities for their effects on the licensing basis of the plant, as described in their updated final safety analysis report (UFSAR), and (2) obtain prior NRC approval for changes that meet specified criteria as having a potential impact upon the basis for issuance of the operating license.

Regulatory Guide 1.187 endorsed Revision 1 of NEI 96-07, Guidelines for 10 CFR 50.59 Evaluation, dated November 2000, which provides methods that are acceptable to the NRC staff for complying with the provisions of 10 CFR 50.59.

RIS 2002-22, Use of EPRI/NEI Joint Task Force Report, Guideline on Licensing Digital Upgrades: EPRI TR-102348, Revision 1, NEI 01-01: A Revision of EPRI TR-102348 to Reflect Changes to the 10 CFR 50.59 Rule, provides the NRC staffs endorsement for the use of NEI 01-016. However, experience with implementing digital I&C upgrades under 10 CFR 50.59 using NEI 01-01 at nuclear facilities has revealed several shortfalls in the screening of modifications, addressing the appropriate design criteria, and evaluating the impact of proposed digital I&C on established licensing bases. A key issue identified as a result of recent oversight experience has been licensee assessment of potential CCF and any potential new malfunctions, with respect to addressing the specific criteria in 10 CFR 50.59(c)(2).

In a November 2013 letter to NEI (ADAMS Accession No. ML13298A787), the staff summarized its concerns regarding licensee implementation of the current guidance in NEI 01-01.

In response, NEI formed a working group to update its guidance for implementing digital I&C modifications under 10 CFR 50.59. The NEI working group found that additional guidance was needed to support certain aspects of reviewing the impact of such modifications on design functions as described in licensees Updated Final Safety Analysis Reports.

In April 2016, NEI provided draft Appendix D to NEI 96-07 for digital modifications. NEI requested NRC endorsement of the Appendix through a new regulatory guide, separate of RG 1.187. NEI has stated that draft Appendix D is only focused on evaluating the specific licensing criteria in 10 CFR 50.59 for digital I&C, and not the supporting technical methodologies for addressing CCF and failure likelihoods. NRC endorsed technical methods and associated regulatory positions are addressed in other existing regulatory documents. NEI is therefore not providing or referencing any technical methodologies in Appendix D. NEI recognizes that the NRC position on CCF will be updated separately as part of MP #1 activities. Along with the requested endorsement of Appendix D, NEI will request removal of the NRCs endorsement of NEI 01-01 once Appendix D and related technical guidance under review by MP #1 activities receive endorsement by the agency.

Objectives 6

ADAMS Accession No. ML020860169 ML17277B643 17 IAP - Revision 2

The objective is to ensure there is adequate guidance for 10 CFR 50.59 evaluations of digital I&C upgrades in order to reduce licensing uncertainty and clarify the regulatory process. The NRC is evaluating draft Appendix D to NEI 96-07 for possible endorsement in NRC regulatory guidance to supersede its endorsement of NEI 01-01. Specifically, the goal is to address legacy issues identified with current guidance and provide additional licensing flexibilities to industry when considering CCF under 10 CFR 50.59 as well as evaluating what content in NEI 01-01 should be brought forward into draft Appendix D.

Actions MP #2. Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59 Activity Schedule

1. Receive NEI guidance document, Appendix D 96-07, Guidelines April 4, 2016 (c) for 10 CFR 50.59 Evaluations.

2. Conduct public meeting: NEI presented the guidance in Appendix April 28, 2016 (c)

D and engaged with NRC staff discussion.

3. Complete initial review of Appendix D and provide general August 2016 (c) comments to NEI.

4. Finalize Draft NEI 96-07 Appendix D, Definitions Section November 2016 (c)

5. Finalize Draft NEI 96-07 Appendix D, Introduction Section March 2017 (c)

6. Provide formal comments on Draft NEI 96-07 Appendix D, Screen March 17th, 2017 (c)

Guidance Section

7. Finalize Draft NEI 96-07 Appendix D Screen Guidance Section September 2017 (c)

8. Receive revised Draft NEI 96-07 Appendix D, Evaluation February 15, 2017 (c)

Guidance Section for review

9. Finalize Draft NEI 96-07 Appendix D, Section 4.0, Evaluation December 2017 Guidance Section

10. Finalize Draft NEI 96-07 Appendix D, Section 5.0, Examples March 2018 Section

11. Informational Briefing to ACRS on Draft NEI 96-07 Appendix D May 17, 2017 (c)

12. Conduct table top exercise with industry using the revised March 2018 Appendix D to verify the new guidance is clear and consistent.

13. Decide on appropriateness of issuing interim endorsement letter, July 2018 and issue letter, if appropriate.

14. NRC formally enters NEI 96-07 Appendix D into the Regulatory December 2018 Guide development process (if decision is made to endorse)

Note: (c) indicates completed activity.

Status (As of December 15, 2017)

The staff review of draft NEI 96-07, Revision 1, Appendix D is still ongoing. The staff and industry participated in public meetings throughout 2017, and starting in September 2017, began meeting on a monthly basis to quicken the pace of guidance development and review.

The staff is working with industry to develop content to be entered into Appendix D based on still relevant guidance and legacy concerns contained in NEI 01-01, as well as provide licensees more flexibility when considering CCF under 10 CFR 50.59 to reduce licensing uncertainly and clarify the 50.59 change process. Progress is slower than expected as the NRC staff and industry are continually working toward alignment and updating the draft guidance, section by section.

ML17277B643 18 IAP - Revision 2

Draft NEI 96-07, Revision 1, Appendix D, Section 1, Introduction - complete.

Draft NEI 96-07, Revision 1, Appendix D, Section 2, Definitions - complete.

Draft NEI 96-07, Revision 1, Appendix D, Section 3, Screen Guidance - complete.

Draft NEI 96-07, Revision 1, Appendix D, Section 4, Evaluation Guidance - review currently underway Draft NEI 96-07, Revision 1, Appendix D, Section 5, Examples - Review commences after Section 4 completion and staff receiving of revised version of this section.

Potential Regulatory Challenges and Policy Issues The staff does not expect any policy issues resulting from this guidance document. However, if any are identified, the staff will present to the Commission any potential policy issues in implementing this activity.

Industry has preferred to maintain separation between technical and licensing content from 50.59 discussions held to date. Licensing decisions based upon guidance in current draft Appendix D will necessarily need a technical basis, which is not provided in Appendix D, and a separation of this conversation requires deliberate coordination to ensure alignment with ultimate resolution of technical guidance. Technical guidance in support of draft Appendix D is being developed and reviewed separately as part of the MP #1 activities.

Though not currently identified, any potential actions for modifying the current 10 CFR 50.59 change process would have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.

Interactions with Other Action Plan Items Ongoing coordination with MP #1 activities is necessary to ensure alignment with NRC regulatory guidance and NRC policy for addressing CCF. Future updates of the IAP will capture any specific changes in strategy for MP #2 based on coordination with MP #1 activities.

This activity will also be coordinated within the context of the assessment activities as part of MP #4 to modernize the regulatory infrastructure.

MP #3. Acceptance of Digital Equipment Introduction The staff is currently updating generic agency guidance in support of CGD processes, including specific reference to digital equipment. The staff has also identified activities to: a) engage with stakeholders; b) further evaluate domestic and international standards; and c) continue to improve NRC regulatory infrastructure and guidance for acceptance of digital equipment. The staff will engage with stakeholders to better understand current challenges and evaluate recommended solutions. In addition to the guidance, challenges include taking credit for third party certification (i.e., International Electrotechnical Commission (IEC) 61508, Functional ML17277B643 19 IAP - Revision 2

Safety, Safety Integrity Level (SIL) certification). Although existing guidance documents provide insights in this area, some have not been fully evaluated by the staff. Once the staff has reviewed this guidance, the agency will be able to identify how to best improve the regulatory infrastructure.

Background

Many I&C and other digital equipment readily available in the marketplace is not designed specifically for use in nuclear facilities and have not been subject to NRC quality assurance criteria (as defined in Appendix B to 10 CFR Part 50). In order for this equipment to be used in safety-related and important-to-safety digital equipment (those whose adverse performance could challenge the assumptions in safety analyses) in nuclear facilities, they must undergo CGD under 10 CFR Part 21. For the purposes of this discussion, we will refer to this equipment as commercial grade items (CGIs).

In order for CGIs to be properly dedicated, critical characteristics (important design, material, performance, and dependability 7 characteristics) must be defined and verified for the CGIs to provide reasonable assurance that the equipment will perform its intended safety function. The verification step is critical and must be performed by a dedicating entity (equipment manufacturer, NRC licensee, or an independent third-party dedicator). Increasing the industrys ability to utilize readily available marketplace CGIs which can be dedicated could help streamline the procurement process and reduce the licensing burden for nuclear facilities.

Industry guidance has been developed to clarify what steps are needed when evaluating and accepting CGIs for use in safety-related applications. Regulatory Guide 1.164 provides guidance and endorses in part, EPRI 3002002982, Revision 1. Specifically, EPRI NP-5652 and TR-102260, Guideline for the Acceptance of Commercial-Grade Items in Nuclear Safety-Related Applications, Section 14.1 on digital equipment and computer programs integral to plant safety systems includes references to two technical reports which have been reviewed and endorsed by the NRC:

EPRI TR-106439, Guideline on Evaluation and Acceptance of Commercial-Grade Digital Equipment for Nuclear Safety Applications, and

EPRI TR-107330, Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants.

This plan provides activities intended to evaluate the suitability of additional guidance and standards and determine if the NRC should endorse them for the purpose of defining critical characteristics of digital equipment and the mechanism by which they are verified.

Digital equipment is sometimes embedded within other components used in nuclear facilities.

As noted, this equipment is not specifically designed for nuclear applications. However, there may be advantages to using this third party certified digital equipment, such as the large amount of operating experience generated from use in non-nuclear applications.

In addition to commercially dedicating digital devices and I&C components, establishing improved guidelines for acceptance will also be applicable to embedded digital devices 7

The dependability critical characteristic is unique to digital I&C as explained in EPRI TR-106439, Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications.

ML17277B643 20 IAP - Revision 2

(EDDs). As equipment is replaced within licensee facilities, new safety-related components may contain EDDs. The staff issued RIS 2016-05, Embedded Digital Devices in Safety-Related Systems, to alert industry for the need to control implementation of these devices.

Certain forms of CCF and other new vulnerabilities can result from the introduction of EDDs.

Industry has stated that NRC licensing burden and licensee regulatory risk could be reduced by leveraging certification of commercially available digital hardware and software by independent third parties with demonstrated expertise and experience for part or all of the acceptance process. This independent, third-party certification has been effective in some other industries. These certifications, including certification to IEC 61508 are used to demonstrate that a high quality process was used to develop digital hardware and software equipment. The use of this process in conjunction with the CGD process could reduce the scope of digital systems reviews that the staff needs to complete. The staff will need to evaluate this concept and any policy implications that it may have.

Objectives The objectives of MP #3 are to:

A. Evaluate if previously performed SIL certification constitutes an alternate approach for acceptable demonstration of commercially available digital hardware and software basic quality. In other words, the specification of SIL certified equipment can be accepted as fact, and as-verification of certain dependability critical characteristics per NRC endorsed EPRI TR-106439 (Guideline on Evaluation and Acceptance of Commercial-Grade Digital Equipment for Nuclear Safety Applications). This acceptance would include the elements within the scope of an independent third-party SIL certification, and it would exclude those elements not within such scope (e.g.,

application specific functionality and performance critical characteristics such as electro-magnetic compatibility which is addressed in evaluation guidancerequirements).

A.B. The goal of this activity is to Iidentify needed improvements to the regulatory infrastructure. The objective of any regulatory improvements is to ensure that the implementation of digital devices (including EDDs) is being appropriately evaluated by licensees, applicants, and suppliers; and in compliance with regulations and policy.

Actions MP #3. Acceptance of Digital Equipment Activity Schedule

1. Public Meeting to discuss resolution of RIS 2016-05 public April 06, 2016 (c) comments.

2. Issue RIS 2016-05. April 29, 2016 (c)

3. Obtain public comments on DG-1292. September 2016 (c)

4. Stakeholder interaction to discuss proposed use of November 03, 2016 (c) standards and third party process certifiers.

ML17277B643 21 IAP - Revision 2

MP #3. Acceptance of Digital Equipment Activity Schedule

5. NEI provide a revision to the Digital Device Procurement February 16, 2017 (c) white paper (Appendix C from the April 22, 2016 NEI submittal) to further clarify objectives, terminology and incorporate discussion points from the November 3, 2016 public meeting.

6. Assess results of stakeholder information gathering and February 16, 2017 (c) examine potential approaches for reviewing and endorsing additional EPRI guidance related to CGD.

7. EPRI to confirm and communicate scope and schedule for February 16, 2017 (c)

EPRI research. NRC and industry reach mutual agreement on acceptability and sufficiency for this purpose. EPRI research begins.

8. NRC/stakeholder regular interactions to discuss progress December 2017 and course adjustments as necessary.

9. Issue RG 1.164 (DG-1292), Dedication of Commercial- June 2017 (c)

Grade Items for Use in Nuclear Power Plants.

10. NRC will monitor EPRIs investigative and research activities December 2017 to evaluate third party process certification for digital equipment.

11. EPRI publishes research results March November 2018

12. NEI Submits NEI 17-06 for NRC Review June March 20198

13. NRC makes decision on technical adequacy of NEI 17-06 September 2018

14. NRC staff performs audits of SIL certification organizations September 2018 -

and accrediting entities November 2019

15. NRC formally enters NEI 17-06 into the Regulatory Guide December 2019 development process (if decision is made to endorse)

Note: (c) indicates completed activity.

Status (As of December 15, 2017)

On November 3, 2016, the NRC staff met with representatives from NEI and industry as part of activity 4 above. This resulted in an NRC request to NEI/Industry for suggested additions to the action table which were previously provided but also reflected above. On February 16, 2017, during the second meeting between the staff and NEI, the discussion focused on activities 5 through 7. The NEI clarified the proposed use of third party certification based on IEC 61508 for acceptance of digital I&C equipment in conjunction with the commercial dedication process, and the NRC provided the regulatory prospective on the CGD and acceptance process.

On June 8, 2017, during the third meeting between NRC staff and NEI, the discussions focused on scope clarification, the proposed NEI 17-06 content and timeline, an update on the EPRI research and key action items. During the fourth public meeting on October 12, 2017, NEI shared a draft outline of NEI 17-06 and a proposed schedule for its issuance based on a similar ML17277B643 22 IAP - Revision 2

set of activities performed for issuance of NEI 14-05, Guidelines for the Use of Accreditation in Lieu of Commercial Grade Surveys for Procurement of Laboratory Calibration and Test Services. NRC pointed out additional activities related to NEI 14-05, which predated NEIs involvements. As a result, NEI will reassess the NEI 17-06 development schedule.

In December 15, 2017 planning call, NEI informed the NRC that work on NEI 17-06 is being put on hold until completion of the EPRI research activities, which is still expected to be completed by the end of March 2018. NEI also instructed the NRC not to independently engage any SIL certification organizations in order not to impede EPRIs research. This essentially puts MP #3 tasks on hold for the time being. NRC is scheduled to have next public meeting planning call with NEI by the end of January 2018.

During each public meeting, and during monthly discussions with NRCs Office of Nuclear Regulatory Research (under the NRC / EPRI Memorandum of Understanding), the EPRI provided an overview of their research being undertaken to evaluate the rigor and quality of technical efforts employed in certification of digital I&C equipment based on IEC 61508.

It is anticipated that the plan will continue to evolve. Stakeholder interaction is expected to generate discussion and agreement on necessary details to further clarify the objectives and expand the plan appropriately. In the spirit of an integrated effort, it is likely that activities will continue to be added that reflect both NRC and industry responsibilities.

Potential Regulatory Challenges and Policy Issues The staff evaluation may identify potential policy issues arising from analysis and recommendations related to third party process certification. The staff will present to the Commission any potential policy issues identified in implementing this activity.

Potential actions for addressing acceptance involving third party process certification will have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.

Interactions with other Action Plan Items This activity will take into account the results from activities relating to CCF (MP #1) and 10 CFR 50.59 (MP #2). To provide the broadest possible agency alignment, this plan will also be coordinated with staff supporting fuel-cycle facilities (NMSS), identification of critical digital assets (NSIR), vendor inspections, and identification of counterfeit or fraudulent parts.

MP #4. Assessment for Modernization of the Instrumentation & Controls Regulatory Infrastructure Introduction Although activities in MP #1-3 above are considered by staff and industry to be important in the near-term, MP #4 focuses on: identifying and implementing the complete set of activities needed to provide regulatory clarity and achieve stakeholder confidence in how the NRC will review digital I&C upgrades and ensure nuclear safety and security; and, identifying additional efficiencies and effectiveness improvements to modernize the regulatory infrastructure in support of the strategic goal. This activity entails a broad look at the current I&C regulatory ML17277B643 23 IAP - Revision 2

infrastructure (regulations and guidance), supporting technical basis for safety and security decisions, experiences from past licensing/inspection (operating experience), and stakeholder suggestions and priorities. This activity and the continuing work on the previous three activities will be executed in a coordinated and integrated manner.

Background

MPs #1-3 of this plan identify specific activities in which significant work will be accomplished in 2018. The staff has identified other issues and areas for potential improvement to the regulatory infrastructure, many which may be dependent on outcomes of MPs #1-3. Some potential improvement items are broad-scoped in nature and others are focused on more specific regulatory challenges. Therefore, it was prudent to begin work on these activities after sufficient progress is made on MPs #1-3. Since the initial development of the plan, the staff has identified a specific activity in streamlining the guidance for licensing process (tracked under MP

4A).

A list of modernization topics is provided in Appendix A. This list is based on stakeholder feedback and experience from staff across multiple NRC Offices. The staffs broad assessment will include evaluation of the list as part of the scope of the action plan. The staff will explore new high-level performance-based requirements or expectations, simplification of the regulatory infrastructure, to allow for future designs and technologies, and the concept of other innovative processes such as third-party assessment or certification in support of NRC reviews of proposed digital I&C upgrades.

Objectives The objective of this effort is to perform a comprehensive modernization assessment to identify further improvements to the regulatory infrastructure and develop plans for accomplishing such improvements. The staff recognizes that some additional modernization topics will be strategic in nature, while others can also support more tactical digital I&C regulatory improvements. The staff will update and consider the list of topics in Appendix A to determine the appropriate sequence of activities. There are two key objectives with the assessment:

(A) Tactical. Prioritize and implement the complete set of regulatory activities, including building upon those in the first three MPs, needed to provide tactical regulatory clarity and support stakeholder confidence in NRC reviews of digital I&C upgrades. These activities will include but may not be limited to: a) implementing an updated CCF position into technical guidance for use both in concert with endorsed 10 CFR 50.59 guidance and additional licensing guidance improvements, b) improving licensing guidance in DI&C-ISG-06 including evaluating lessons learned from review of license applications, including factory acceptance testing and scope of supporting application material, and c) developing inspection guidance for digital I&C upgrades performed under 10 CFR 50.59 and license approvals.

The staff has initially identified these additional topic areas as being necessary to meet objective A and will seek stakeholder feedback in identifying the complete list of activities based on the activities listed in Appendix A. The staff will develop detailed schedules for additional, high-priority tactical topics during the comprehensive modernization assessment and closely align with associated activities and outcomes of MPs #1-3.

The staff is updating the guidance in DI&C-ISG-06 Licensing Process as a specific tactical activity to streamline the efficiency and effectiveness of licensing reviews. The goals of this ML17277B643 24 IAP - Revision 2

activity are to reduce scope of license document submittals; and provide an alternative for earlier approval, which would precede factory acceptance testing, for digital designs that are based on approved topical reports. This activity addresses item b) above and the tactical portion of Appendix A, item (i).

As MPs #1-3 complete, the staff will identify, evaluate and add specific activities and milestones to the IAP within MP #4s scope for prioritized follow-on tactical efforts. These activities will maintain continuity with the objectives and outcomes with the associated MP(s) and strive to maintain a continuity of associated MP staff to the extent practical. These activities will generally address items a) and c) above as follow-up activities to MPs #1-3, and additional near-term activities that may be associated with other Appendix A items. All lessons-learned from the MP #4A tactical activities will inform the MP #4B strategic activities.

Completion of the tactical regulatory activities should result in common understanding with stakeholders with appropriate regulatory clarity and predictability, and supporting stakeholder confidence in NRCs performing regulatory review and oversight of new digital I&C modifications.

(B) Strategic. Broadly evaluate the current overall I&C regulatory infrastructure and the supporting technical bases and consider other important areas beyond those identified in the tactical activities, such as past review experiences, ongoing licensing review and research efforts, lessons learned from operating experience, insights from other safety-critical industries, and international perspectives to identify and prioritize the improvements to modernize the regulatory infrastructure over the longer term in light of evolving approaches to I&C. Success within this objective will be reflected by a simpler, streamlined, and agile I&C regulatory infrastructure that will effectively address small and large scale digital I&C facility upgrades and I&C designs for new and advanced reactors, as well as medical radioisotope production and irradiation facilities. In developing these longer-term improvement approaches, the staffs efforts will be coordinated with the industry and other stakeholders, including utilities, vendors, manufacturers, standards development organizations, other agencies, and members of the public. The staff will use the principles and attributes directed by the Commission and will consider those identified by the industry as success measures. The principles and attributes include (but are not limited to): safe, secure, performance-based, technology-neutral, efficient, effective, consistent, predictable, durable, simple, unambiguous, timely, scalable, and agile.

The outcome will also improve the clarity on the interrelationships between the regulatory issues, the priorities and sequencing of further improvements, and the supporting research that is needed to accomplish such improvements to meet both objectives. The staff will conduct confirmatory and anticipatory research as part of the development of technical bases for these activities as needed to support strategic modernization efforts. Completion of these modernization efforts will ensure safety and security, as well as result in greater regulatory efficiency and agility in addressing strategic digital I&C applications by the nuclear industry.

Actions Develop and evaluate options and sequence of activities for improving the digital I&C regulatory infrastructure, in concert with activities performed in MPs #1-3. Implement specific tactical activities. The following activities will be performed.

ML17277B643 25 IAP - Revision 2

MP #4. Assessment for Modernization of the Instrument

& Control Regulatory Infrastructure Activity Schedule MP #4A: Evaluation and Identification of Tactical Activities

1. Conduct a series of public stakeholder meetings (e.g., public February 2017- March workshops) for additional feedback. 2018

2. Update candidate list of modernization topics in Appendix A and February 2018 - July begin assessment. 2018

3. Identify, prioritize, and begin evaluation and implementation of June 2017- April 2018 additional regulatory improvements needed beyond those needed in MPs #1-3 to meet Objective 4A (i.e., tactical objectives).

4. Coordinate with stakeholders to identify potential regulatory gaps and March - July 2018 potential options for improving the regulatory infrastructure for Objective 4B.

Tactical Activity (i): Streamline the licensing process guidance - Update to DI&C-ISG-06

1. Identify vehicle, scope and milestone plan to address key significant April - June 2017 (c) issues with guidance for digital I&C license amendments (DI&C-ISG-06)

2. Establish high priority plan to develop a draft revision to DI&C-ISG-06 February - July 2017 that is suitable for use with targeted digital safety LARs (c)

3. Obtain licensee confirmation that draft revision to DI&C-ISG-06 (to December 2017 date) supports targeted license amendment request

4. Complete draft revision to DI&C-ISG-06 January 2018

5. Present DI&C-ISG-06 to ACRS Subcommittee March 2018

6. Present DI&C-ISG-06 to ACRS Full Committee May 2018

7. Issue final revision to DI&C-ISG-06 December 2018 Tactical Activity (ii): 50.59 Inspection Training and Guidance (Reserved)

MP #4B: Develop Strategic activities for long-term improvements to the regulatory infrastructure.

1. NRC begins effort to develop strategic plan to modernize overall October 2017 (c) regulatory infrastructure

2. Consider evaluation of lessons learned from MPs #1-4A progress April 2018

3. Coordinate with stake holders to identify potential regulatory gaps and June 2018 potential options for improving the regulatory infrastructure

4. Develop additional detailed modernization plan for implementing August 2018 strategic improvements to the regulatory infrastructure Note: (c) indicates completed activity.

ML17277B643 26 IAP - Revision 2

Status (As of December 15, 2017)

A working group was established in late 2016, and modernization activities were adjusted to accommodate progress with MPs #1-3.

The NRC held the first public meeting in February 2017, at which industry stakeholders expressed a need for a higher priority to address key significant issues with the licensing guidance currently provided within DI&C-ISG-06, Licensing Process. This and subsequent stakeholder comments to the IAP are addressed in the revised plan.

The NRC has since held numerous public meetings to develop and refine planned activities to produce revised license amendment guidance for digital safety systems that will support targeted LARs. In August 2017, staff began holding monthly public meetings and biweekly public teleconferences. These meetings have discussed, produced, and reviewed draft sections for inclusion in a draft revision to DI&C-ISG-06.

For digital safety equipment modifications that require license amendments and are based on a previously approved platform topical report, industrys proposal would add an alternative licensing review approach that eliminates review activities (e.g., detailed design below the system level, implementation, and test) that are currently identified within the SRP to be part of DI&C licensing reviews. Under the alternative, the processes and procedures for, and results of, these activities would become inspection items falling under the overall licensing QA program (i.e., an obligation through a licensing basis document). Additionally, industrys proposed alternative would provide sufficient information at the time of the LAR to allow the staffs reasonable assurance of safety conclusion to be reached. Industry is proposing information that focuses on system level, architectural attributes and key safety principles to demonstrate regulatory compliance. Under this alternative, the system level design would be complete and there would be no subsequent phased submittals during development. When using industrys proposed alternative, industry would request the staff to produce a license amendment within a year of the request.

Activities are proceeding as planned to produce a draft revision to DI&C-ISG-06 in January 2018.

Because of the priority applied to this activity, limited progress has occurred on other MP #4 activities. Therefore, a separate working group has been established to facilitate progress on the MP #4B activities.

Potential Regulatory Challenges and Policy Issues The staff will present to the Commission any potential policy issues which are identified in implementing this activity.

The resource requirements will be periodically assessed and those actions that provide the most significant improvements will be addressed using the current Planning Budgeting and Performance Management process.

The broad scope of the assessment and its resultant approaches may require additional resources to achieve the goal of modernizing the digital I&C regulatory infrastructure. In ML17277B643 27 IAP - Revision 2

addition, modernization will have to be informed by consideration of backfitting, regulatory analysis, and cumulative effects of regulation.

A key regulatory challenge is understanding the relationships and key dependencies between current efforts to update the regulatory infrastructure (MPs #1-3) and the various items for potential improvement that will subsequently be addressed under MP #4B.

Interactions with other Action Plan Items This activity will take into account the results and lessons learned from MPs #1-4A.

ML17277B643 28 IAP - Revision 2

Appendix A Ongoing and future Regulatory Infrastructure Modernization Activities (As of December 2017)

The following are additional topics for ongoing and future modernization efforts.

(i) Improved Licensing Review Guidance for Digital I&C Systems Industry stakeholders believe that the level of technical detail submitted in license applications, license amendments, and licensing topical reports, as well as the timing and sequence of the technical information expected to be submitted for NRC evaluation during the review cycle should be reassessed and improved. Key issues that will be considered in future modernization activities for licensing review guidance include (but are not limited to) the concept of evaluating and approving new digital I&C prior to the factory acceptance test, and the timing and sequence of providing supporting documentation during the licensing review period. The NRC will also consider developing guidance on voluntary, applicant-proposed cybersecurity evaluations in design reviews. This activity is marginally incorporated in MP #4A.

(ii) Improvement in Regulatory Consistency from Licensing to Inspection Industry stakeholders believe that upfront agreement and communication on generic digital I&C technical matters between licensing staff and the regional office inspection staff is required to increase predictability. Key issues that will be considered in future modernization activities may include improved mechanisms for sharing information and feedback from licensing to inspection activities, and inspection experience back to future licensing activities.

(iii) Incorporation by Reference (IBR) of IEEE Standard 603-2018 into 10 CFR 50.55(a).

In SECY-15-0106, the staff proposed to the Commission to incorporate by reference IEEE Std. 603-2009 with certain licensing and technical conditions into 10 CFR 50.55a. The Commission did not approve publishing the proposed rule. Key issues that will be considered in future modernization activities will include NRC participation in the consensus standard development process for IEEE Std. 603 and potential incorporation of a subsequent IEEE Std. 603 standard into regulation. This activity will rely upon rather than include normal NRC participation with the IEEE standards body in support of the normal rulemaking process.

(iv) Approval of Endorsement of IEEE Standard 7-4.3.2 into an RG In SECY-15-0106, the NRC staff proposed to the Commission to IBR IEEE Std. 603-2009 with certain conditions into 10 CFR 50.55a. Although not approved by the Commission, some of the proposed, digital-specific conditions in SECY-15-0106 are more closely aligned with the scope and purpose of IEEE Std. 7-4.3.2. Key activities to be considered in future modernization efforts may include; engaging the consensus standard development organization to evaluate technical guidance in IEEE Std. 7-4.3.2; NRC participation in the consensus standard development process for IEEE Std. 7-4.3.2, and potential endorsement of the standard in an RG. This activity will rely upon rather than include normal NRC participation with the IEEE standards body in support of the normal RG review and update process.

ML17277B643 B-1 IAP - Revision 2

(v) Embedded Digital Devices (EDDs)

The NRC issued RIS 2016-05 to heighten awareness of current regulatory requirements and technical positions for EDDs. The staff intends to further assess the introduction of EDDs into nuclear facility equipment used by licensees and applicants for systems considered important to safety. Key issues that will be considered in future modernization activities may include evaluation of the degree to which licensees are installing EDDs in their facilities and additional regulatory issues related to MPs #1-3.

(vi) Holistic Review of the Regulatory Infrastructure A holistic regulatory view and approach could be developed that is guided by required fundamental safety principles that would be performance-based, technology neutral, and risk-informed. It would include evaluation of international practices (e.g., standards, guidance, safety cases), evaluation of critical digital I&C application approaches in other non-nuclear industries, applicability of a design specific review standard-like approach (e.g., such as proposed for small modular reactors), advanced reactors activities, and methods of performing hazard analysis.

(vii) Improved Guidance for Evaluation of Highly-Integrated Digital Technologies Proposed new reactor I&C designs with advanced and highly integrated digital technologies are more challenging for staff to evaluate under current review standards. In general, the current assessment approach does not credit the safety benefits offered by new design approaches and technology, nor does it adequately identify methods to apply for evaluating whether the hazards have been minimized. Key issues that will be considered in future modernization activities will be to improve regulatory guidance for licensees that may address topics such as effective hazards analysis and fundamental safety design principles of independence, defense-in-depth, redundancy, and deterministic performance.

(viii) Consistency and Integration of Multiple Regulatory Guidance Documents Industry stakeholders believe that a full assessment of the SRP content and organization related to digital I&C, and the multiple associated digital I&C-related regulatory guidance documents needs to be performed because the current approach is overly complex and difficult for industry to navigate. Key issues that will be considered in future modernization activities for regulatory guidance include possible methods for consolidating and organizing new and operating reactor RGs, Branch Technical Positions, interim staff guidance, and standard review plans.

(ix) Improved Guidance for Evaluation of Proposed Alternatives to Regulatory Guides and Standards The NRC staff may benefit from improved guidance to address evaluation of licensee-submitted proposed alternatives to the criteria in regulatory guidance and endorsed codes and standards, applicable to the licensing of digital I&C systems and components. Key issues that will be considered in this modernization activity include identifying gaps in current guidance that create a consistency challenge for technical reviewers of proposed alternative solutions.

ML17277B643 2 IAP - Revision 2

(x) Improved Process for Digital I&C Topical Report Evaluations The expenditure of NRC staff resources for the review of digital I&C platform topical reports has not gained the efficiencies in performing licensing evaluations as was originally envisioned. A process is needed to effectively and efficiently address updates to topical reports. Industry wishes the NRC to recognize that a vendor can use a screening and evaluation procedure to document the assessment to changes in a platform to maintain its original topical report qualification. The key issues that may be considered in this modernization activity include engaging vendor and licensee stakeholders to identify topical report challenges and establish a process for maintaining topics for frequent reference in future license applications.

(xi) Improvements to SRP BTP 7-19 During MP #1 activities industry identified specific clarity and applicability issues affecting regulatory certainty in its use of SRP BTP 7-19. Industry wishes the NRC to improve SRP BTP 7-19s clarity including applicability of SRP BTP 7-19s acceptance criteria and acceptable methods to satisfy them. Applicability of individual acceptance criteria may include, for example, safety-related independent redundancies that include software, protection/safety systems that perform protective functions, safety-related actuated devices, and safety support and auxiliary systems. The acceptable methods to satisfy criteria may include, for example, NUREG/CR-6303 and other future alternatives like NEI 16-16. The improvements to SRP BTP 7-19 need to be consistent with the outcomes of MP #1 and MP #2, along with the development of corresponding inspection guidance.

ML17277B643 3 IAP - Revision 2

Digital I&C Integrated Action Plan Revision 3 Status & Update Plans David Rahn, NRR/DE/EICB Luis Betancourt, NRO/DEI/ICE IAP Public Meeting July 25, 2018

Agenda

Introductions/Opening

Status & Proposed Updates to Integrated Action Plan (IAP) Modernization Plans (MPs) #1 - #4A

NRC Staff Considerations for Possible Broader Modernization Efforts under MP #4B

Input from Stakeholders on Needs and Priorities

Comments from the Public

Action Item Summary/Next Steps 2

Commission Direction Informing the IAP (From Staff Requirements Memoranda [SRM] for SECY-15-0106 & SECY-16-0070)

Develop an integrated strategy under the oversight of a senior management steering committee to modernize the DI&C regulatory infrastructure

Engage stakeholders to identify common priorities, problems, and potential solutions to address them

New or revised requirements should be performance-based, rather than prescriptive

Focus on acceptable approaches to comply with the requirements

Requirements should be technology-neutral; Guidance for specific technologies should be tailored if necessary

Same requirements should apply for operating and new reactors

Evaluate potential policy issues; present any issues that are ripe for consideration to Commission prior to any rulemaking 3

Premise for NRC Digital I&C Activities In general, implementation of digital I&C technology can provide dependability and safety benefits.

Notably, digital technology can be designed to provide continuous diagnostic information to plant operators on the integrity of its internal systems operation and its availability. However, implementation of digital I&C technology may introduce potential hazards such as software common cause failure (CCF) or failures introduced as result of interconnectivity.

4

NRC Focus

Issuance of regulatory products which support near-term upgrade and initial licensing needs identified by industry:

- Clear expectations for regulatory acceptability of modifications performed under 10 CFR 50.59

- Clear guidance and expedited approval of license amendment requests

- Clear expectations for applicants for new reactor licenses and new digital I&C platforms 5

Status & Plans for IAP Revision 3 MP Status Path Forward to be documented in IAP Rev. 3 Staff will continue to support workshops and MP#1A develop training materials for inspection staff RIS issued on (RIS 2002-22, (See MP#1D below). MP#1A will be relocated into May 31, 2018.

Supplement 1) a new Appendix in the IAP titled, "Completed Work.

Awaiting industry submittal of revised NEI 16-16 regarding design attributes for addressing CCF, MP#1B This activity is expected late Fall or Winter, 2018. This guidance (NEI 16-16) ongoing. is an NRC priority and NRC may initiate its own guidance if revised NEI 16-16 is not timely submitted.

6

Status & Plans for IAP Revision 3 MP Status Path Forward to be documented in IAP Rev. 3 Staff work is nearing completion on SECY CCF Info SECY Paper to paper for ensuring consistent application of MP#1C be issued by policy in SRM/SECY 93-087. MP#1C will be September 2018 relocated into a new Appendix in the IAP titled, "Completed Work" Follow-up activities Relocate the workshop and training activities from the issuance of MP#1D from MP#1A into a new sub-MP titled, RIS-2002-22, MP#1D: RIS Workshops Supplement 1 NRC Staff and NEI have resumed work after MP#2 issuance of RIS 2002-22 Supp. 1. Concepts (NEI 96-07 This activity is ongoing.

from the RIS to be incorporated and other Appendix D) issues addressed.

7

Status & Plans for IAP Revision 3 MP Status Path Forward to be documented in IAP Rev. 3 Staff/NEI/EPRI work to continue work to This activity is MP#3 identify appropriate, effective, and consistent ongoing.

certification process.

Draft ISG Rev 2 to be issued by July 31, 2018, MP#4A-1 This activity is and targeted for issuance as final at end of (ISG-06) ongoing.

2018.

Add new sub-MP under MP#4A. The activities MP#4A-2 (BTP 7-19 Not Started of BTP 7-19 (same as Appendix A, Item (xi))

Update) (New) will be transitioned here.

MP#4A-3 (50.59 Not Started Add new sub-MP under MP#4A. This activity Inspection Training will be started after the completion of MP#2.

and Guidance) (New) 8

Status & Plans for IAP Revision 3 MP Status Path Forward to be documented in IAP Rev. 3 Divide MP#4B into three new sub-MPs:

Licensing (MP#4B-1),

Inspection, (MP#4B-2)

This activity

Research (MP#4B-3)

MP#4B is ongoing Appendix A Items (i), and (iii)-(ix) will be incorporated into the scope of MP#4B1 through MP#4B3.

9

MP#4B IAP Description Summary Identify actions needed to implement a streamlined, and agile I&C regulatory infrastructure that will ensure safety and security while effectively addressing larger scale digital I&C upgrades to operating reactors and the I&C designs for new and advanced reactors. The outcome will also improve clarity regarding the interrelationships between the regulatory issues, the priorities and sequencing of further improvements, and the supporting research that is needed to accomplish such improvements to meet both objectives.

10

Objectives of MP#4B An improved regulatory infrastructure that integrates performance-based and technology-neutral safety engineering concepts, to assist stakeholders in demonstrating the safety and security of I&C systems, and to assist the NRC staff in performing regulatory reviews and I&C system inspections in an efficient, effective, consistent, and risk-informed manner.

11

Starting Point:

Baseline Regulatory Framework 12

Planned Scope of MP#4B Assessment

Three standards IBR in 10 CFR

NuScale DSRS Chapter 7

55. a(h): 19 RGs in DSRS Chapter 7 that IEEE Std 279-1968, IEEE Std 279- endorses 17 standards 1971, and IEEE Std 603-1991 3 Generic Communications referenced in DSRS Chapter 7

SRP Chapter 7 7 NUREGs referenced in DSRS 27 RGs referenced in SRP Chapter 7 Chapter 7 that endorses 32 standards 17 BTPs referenced in SRP Chapter 7

Other Relevant Documents 7 ISGs (most of them superseded) 3 Generic Communications 27 NUREGs referenced in SRP Chapter 7 11 SECY Papers 14 NUREGs referenced in SRP 14 Topical Reports Chapter 7 3 RILs 52 other documents referenced in SRP Chapter 7 (e.g., EPRI Reports, IEEE, and ISO stds not endorsed) 13

Previously Proposed IAP Appendix A Items for Longer-term Modernization Add/Drop/

App. A Item Path Forward Relocate Drop: This tactical activity was addressed by MP#4A-1 (i.e. ISG-06, Rev 2). The strategic portion for how ISG-06 will be transitioned to durable guidance would be Item (i): Improved Drop part/ covered under MP#4B-1.

Licensing Review Guidance Relocate for Digital I&C Systems part Relocate: The Cyber Security Evaluation in Design Reviews, will be relocated to a new activity under MP#4B titled, Guidance on Architecture Measures 14

Previously Proposed IAP Appendix A Items for Longer-term Modernization Add/Drop App. A Item Path Forward

/Relocate Item (ii): Improvement in Regulatory Consistency Relocate this item into new MP#4A-3, "50.59 Relocate from Licensing to Inspection Training and Guidance."

Inspection Pending the outcome of SRM to SECY Item (iii): IBR of IEEE Std Relocate 0060 (Transformation Team Paper) 603-2018 Relocate this item into MP#4B-1.

Item (iv): Approval of Endorsement of IEEE Relocate this item into MP#4B-3. This item Relocate Standard 7-4.3.2 into an will be led by RESs Regulatory Guide Branch.

RG 15

Previously Proposed IAP Appendix A Items for Longer-term Modernization Add/Drop/

App. A Item Path Forward Relocate This item will be transitioned into MP#4B-3.

Item (v): Embedded Relocate This item was started by a UNR on EDDs.

Digital Devices (EDDs)

(See Slide 20 below)

Item (vi): Holistic Review This item will be transitioned into MP#4B1-of the Regulatory Relocate MP#4B-3.

Infrastructure Item (vii): Improved Guidance for Evaluation of This item will be transitioned into MP#4B-1 Relocate Highly-Integrated Digital and MP#4B-3.

Technologies 16

Previously Proposed IAP Appendix A Items for Longer-term Modernization App. A Item Add/Drop/Relocate Path Forward Item (viii): Consistency and Integration of Multiple This item will be transitioned into Relocate Regulatory Guidance MP#4B-1.

Documents Item (ix): Improved Guidance for Evaluation of This item will be transitioned into Proposed Alternatives to Relocate MP#4B-1.

Regulatory Guides and Standards Item (x): Improved Process This item will be dropped from for Digital I&C Topical Drop the IAP.

Report Evaluations 17

Previously Proposed IAP Appendix A Items for Longer-term Modernization App. A Item Add/Drop/Relocate Path Forward Item (xi): Improvements to This activity will be transitioned Relocate SRP BTP 7-19 into MP#4A-3 18

New Research Activities Item Description Path Forward The objective of this research is to provide support in developing the technical basis for This activity will be incorporated Risk-Informed integrating risk insights into into MP#4B-3. A UNR was Reviews of I&C the regulatory framework created to initiate this effort.

for I&C systems and components.

The objective of this research is to develop a This activity will be incorporated Technical Basis and technical basis for into MP#4B-3. A UNR was Recommendations acceptance criteria for created to initiate this effort.

to Address CCF evaluating the CCFs in DI&C systems and components.

19

New Research Activities Item Description Path Forward The objective of this Embedded Digital research is to develop a This activity will be incorporated Devices and technical basis to support into MP#4B-3. A UNR was Emerging guidance to review (and/or created to initiate this effort.

Technology dedicate) EDDs and emerging technologies 20

Proposed New Activity to be Considered Item Description Path Forward Develop guidance that includes review areas at the This activity will be incorporated overall I&C architecture into MP#4B-3. The Cyber Guidance on level, and leverage MDEP Security Evaluation in Design Architecture DICWG-09, Common Reviews, from IAP Appendix A Measures Position on Safety Design Item (i) will be relocated into this Principles and Supporting activity.

information for the Overall I&C Architecture.

21

NRC Transformation Team Maintain an Awareness of SECY 18-0060 Recommendations

Rulemaking: High-level performance-based I&C safety design principles

Address future versions of IEEE Std. 603 into regulatory guidance

Development Processes reviewed under Quality Assurance Program 22

IAP Schedule

Issue Revision 3 to IAP: October 2018

Annual Commission Paper: October 2018

Commission Meeting: October 2018 23

Questions?

24

Input from Stakeholders on Needs and Priorities 25

Backup Slides 26

Status Summary

Making progress on Integrated Action Plan (IAP) activities

Focused so far on developing regulatory products to support near-term upgrade needs identified by industry

First implementable result targets lower safety-significant safety-related upgrades under 10 CFR 50.59 (i.e., RIS supplement) and work on NEI 96-07, Appendix D

Next priorities - revise licensing process (ISG-06, Rev. 2) and issuance CCF Info SECY Paper

Continue work on CCF Guidance and Digital Equipment Acceptance to support CGD process

Staff is increasing its efforts under MP#4B to identify and pursue broader modernization of the regulatory infrastructure (initiated in October 2017) 27

MP#1C Implementing Commission Policy on CCF in DI&C

Staff will update guidance documents to ensure the Commission policy in SRM to SECY-93-087 continues to be consistently applied and address evolving DI&C technologies by better articulating the following principles:

- Licensees and applicants should continue to address CCFs due to software

- A D3 analysis for RTS and ESFAS to address CCF concerns continues to be required. This analysis can be either a best estimate (i.e., using realistic assumptions) or a design basis analysis

- Clarify the use of a graded approach for a D3 analysis for less safety critical systems

- Clarify the use of alternate means to address CCF concerns

- Clarify the use of certain design attributes to address CCF concerns 28

Acronyms ACRS: Advisory Committee on Reactor EDD: embedded digital device Safeguards ET: emerging technology APR1400: Advanced Power Reactor EPRI: Electric Power Research Institute 1400 ESFAS: engineered safety features ARS: advanced review standard actuation system BTP: branch technical position FAT: factory acceptance test CCF: common cause failure GDC: general design criteria CGD: commercial grade dedication HW: hardware DI&C: digital instrumentation and IAP: integrated action plan control I&C: instrumentation and control DRS: design review standard IBR: incorporated by reference DSRS: design-specific review standard IEEE: Institute of Electrical and IEC: International Electrotechnical Electronics Engineers Commission 29

Acronyms ISG: interim staff guidance RIL: research information letter ISO: International Organization For RIS: Regulatory Information Standardization Summary LAR: licensee amendment request RPS: reactor protection system MP: modernization plan SAT: site acceptance test NEI: Nuclear Energy Institute SIL: safety integrity level NRC: U.S. Nuclear Regulatory SRM: Staff Requirements Commission Memorandum QA: quality assurance Std: standard RG: regulatory guides SW: software TR: technical report 30

ML18241A297

Text

Subject:

2.0 Background

Background

Background

Background

Background

Navigation menu

Search