ML19163A179

From kanterella
Jump to navigation Jump to search
BTP 7-19 and Strategic Barrier Public Meeting Summary_4-4-19
ML19163A179
Person / Time
Issue date: 07/02/2019
From: Tekia Govan
NRC/NRR/DIRS/IRGB
To: Ronaldo Jenkins, Nancy Salgado, Michael Waters
Division of Engineering, Division of Inspection and Regional Support, NRC/RES/DE
Govan T, 415-6197, NRR/DIRS
References
Download: ML19163A179 (9)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 July 2, 2019 MEMORANDUM TO: Nancy L. Salgado, Chief Instrumentation and Controls Branch (A)

Division of Engineering Office of Nuclear Reactor Regulation Michael D. Waters, Chief Instrumentation and Controls Branch (B)

Division of Engineering Office of Nuclear Reactor Regulation Ronaldo D. Jenkins, Chief Instrumentation, Controls and Electrical Engineering Branch Division of Engineering Office of Nuclear Regulatory Research FROM: Tekia V. Govan, Project Manager /RA/

ROP Support and Generic Communication Branch Division of Inspection and Regional Support Office of Nuclear Reactor Regulation

SUBJECT:

SUMMARY

OF THE INTEGRATED ACTION PLAN TO MODERNIZE INSTRUMENTATION AND CONTROLS REGULATORY INFRASTRUCTURE PUBLIC MEETING HELD ON APRIL 4, 2019 On April 4, 2019, the U.S. Nuclear Regulatory Commission (NRC) staff held a Category 2 public meeting with the Nuclear Energy Institute (NEI) to discuss (1) Modernization Plan (MP) #1D, to revise Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Diversity and Defense-In-Depth in Digital Computer-Based Instrumentation and Control Systems, Revision 7, issued August 2016, and (2) MP #4B, Strategic Assessment for Modernization of Digital Instrumentation and Controls Regulatory Infrastructure. Both topics are discussed in the NRCs Integrated Action Plan to Modernize Digital Instrumentation and Controls Regulatory Infrastructure, updated January 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19025A312).

The public meeting was transcribed to capture specific comments during the dialogue (ADAMS Accession No. ML19107A450). This meeting summary provides a high-level summary of the meeting for public record. The NRC staff made no decisions or took any agency positions during this meeting.

CONTACT: Tekia V. Govan, NRR/DIRS (301) 415-6197

N. Salgado, et al. Meeting Summary NRC and industry management made brief opening remarks, and all attendees introduced themselves.

MP #1D, Revision to BTP 7-19 The NRC staff began their presentation by describing the goal of the MP #1D effort, which is to complete the BTP 7-19 revision by 2020 to support new license applications and operating license amendment requests for digital modifications of instrumentation and control (I&C) systems. By using the guiding principles identified in SECY-18-0090, Plan for Addressing Potential Common Cause Failure in Digital Instrumentation and Controls, dated September 12, 2018 (ADAMS Accession No. ML18179A066 (package)), and working with the nuclear industry to understand its comments and concerns, the NRC staff stated that the current policy given in SECY-18-0090 is flexible enough to improve BTP 7-19 in support of near-term license applications and amendments.

Based on previous interactions with industry, the NRC staff provided specific responses to some key industry perceptions on NRCs guidance for addressing potential common cause failures (CCF) as shown on slides 6 and 7 of the NRC staffs presentation:

  • Industry Perception 1: BTP 7-19 was required to be implemented when performing a digital instrumentation and control (I&C) modifications under 10 CFR 50.59.

NRC Response: While guidance in BTP 7-19 can be used at the licensees discretion when performing a digital I&C modification under 10 CFR 50.59, its use is not required.

  • Industry Perception 2: A full diversity and defense-in-depth (D3) analysis of postulated failure concurrent with a design-basis event must be performed for all safety-significant systems.

NRC Response: A D3 analysis is not required for all safety-significant systems.

Regulatory Issue Summary (RIS) 2002-22, Supplement 1, Clarification on Endorsement of Nuclear Energy Institute Guidance in Designing Digital Upgrades in Instrumentation and Control Systems, dated May 31, 2018 (ADAMS Accession No. ML18143B633) provides criteria for addressing CCF of lower safety significance.

  • Industry Perception 3: A diverse system must be available to back up all digital I&C safety systems and that system must be analog.

NRC Response: A number of diverse means can be used to address a postulated CCF that disables a safety function in a digital I&C system. This includes use of existing systems, manual operator action, inherent diversity within the system design, etc.

  • Industry Perception 4: Applicants must perform 100-percent testing of the digital system to address common CCF.

NRC Response: 100-percent testing is one available means to eliminate a device from further CCF consideration; other means are available to address CCF.

N. Salgado, et al. The NRC staff identified potential topics it may update in the next revision of BTP 7-19. These topics included revising the scope of applicability for D3 assessment, defining a graded approach, clarifying design attributes in Section 1.9, and clarifying acceptance criteria in Section 3. Furthermore, the NRC staff discussed the potential to use licensing basis (e.g.

operator reactor versus new reactor) to determine applicability of the D3 assessment for addressing CCF. To aid this discussion the NRC staff developed a D3 comparison table that illustrated examples of NRC-approved methods licensees and applicants utilized to successfully address digital CCF among operating plants and new/advanced reactor licensing activities (ADAMS Accession No. ML19092A403). The NRC staff concluded its technical discussion by identifying BTP 7-19 topics that needed additional feedback from the industry to ensure understanding before finalizing the next revision of the document. The staff also discussed the schedule for finalizing the revised BTP 7-19. The NRC staffs presentation on MP #1D from this meeting can be found under ADAMS Accession No. ML19092A396.

During the industrys presentation, NEI provided high-level comments on the current version of BTP 7-19 (ADAMS Accession No. ML19087A026). The comments provided in NEIs presentation are summarized below:

  • NEI observed that the scope of BTP 7-19 has expanded to include auxiliary supporting features, and validated operator actions were eliminated from the document.
  • BTP 7-19 should be arranged to discuss diversity after D3 to deemphasize diversity and emphasize D3. The NRC should rename the section that covers this Evaluation of Digital Reliability.
  • BTP 7-19, Section 1.4, should be revised to reflect risk-informed coping mechanisms for a large-break loss-of-coolant accident and main steam line break.
  • BTP 7-19, Section 1.6, should include more flexibility to use other design-basis strategies and methods.
  • BTP 7-19, Section 1.7, should indicate that control of equipment outside the main control room should be acceptable for the mitigation of CCF, which is a beyond-design-basis event.
  • BTP 7-19, Section 1.8, should be limited to failures to actuate. The introduction of spurious actuation CCF modes has the real potential to lead to a seemingly endless what if analysis.
  • BTP 7-19, Section 1.9, should consider defensive measures.
  • BTP 7-19, Section 3.1, Point 9, demonstrates the added complexity that can force an I&C architecture to add a diverse actuation system. Adding such a system can increase the overall plant risk because of added complexity.
  • BTP 7-19, Section 4.7, removes guidance from previous versions that allowed a risk-informed, graded approach when performing a CCF coping analysis.

The NRC did not take a position on any specific NEI comment and discussed additional industry recommendations, comments, and action items after NEIs presentation:

N. Salgado, et al.

  • The NRC staff should consider converting BTP 7-19 to a regulatory guide to improve regulatory certainty.
  • BTP 7-19, Section 1.9, should focus on highly testable concepts like those described in RIS 2002-22, Supplement 1. In addition, the industry recommended using the concept of testability described in Institute of Electrical and Electronics Engineers (IEEE)

Standard 7-4.3.2-2016, IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations.

  • The industry expressed concern that a need to evaluate spurious actuation for operating plants could result in a need to assess a potentially large number of possible scenarios (what if questions). The NRC staff acknowledged the industrys concern on this topic and will review the guidance regarding spurious actuation to determine whether to make further refinements.
  • The NEI requested an additional public interaction with the NRC staff before the staff finalizes the draft BTP and before the public comment period commences. The NRC staff agreed to try to accommodate this request.
  • The industry agreed to provide specific feedback on the inclusion of non-protection systems in the upcoming revision (e.g., non-A1 systems in accordance with the graded approach proposed in the staffs presentation). The industry committed to provide this feedback as part of a larger set of additional comments and feedback from this meeting before the next public meeting, scheduled for June 26, 2019.

In preparation for this meeting, the NRC staff received two sets of comments from members of the public (ADAMS Accession Nos. ML19087A081 and ML19092A232). The staff noted that they would consider these comments during the development of BTP 7-19.

MP #4B, Strategic Assessment and Barriers The purpose of this portion of the meeting was to discuss real-world examples from NEI regarding four barriers to digital I&C and that were previously identified in a public meeting on January 31, 2019. The NRC staff noted that they seek a detailed understanding of why these barriers are delaying the efficient use of digital technology in nuclear power plants.

The NEI identified four barriers to the efficient use of digital I&C technology in nuclear power plants (ADAMS Accession No. ML19025A307) include addressing:

(1) CCF, including concerns with the guidance in BTP 7-19 and Item II.Q of the staff requirements memorandum to SECY-93-087, Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, dated July 21, 1993 (2) software development standards and guidance, including concerns with international guidance and with BTP 7-14, which the NEI believes does not follow a graded and risk-informed approach that is flexible (i.e., not constrained to prescriptive adherence)

N. Salgado, et al. (3) I&C system architecture development guidance, specifically what the NEI believes is fragmented and incomplete review guidance in NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 7, Instrumentation and Controls (4) insufficient guidance on limited-functionality I&C devices During this meeting, the NRC staff provided a brief overview of the objectives of Integrated Action Plan MP #4B. As part of completing these objectives, the staff discussed its research results for strategic assessment and barriers. The NRC staff presented several challenges that may affect the efficient use of digital I&C technology (ADAMS Accession No. ML19092A419).

The NEI informed the NRC staff that they have started to gather real-world examples for digital I&C barriers but were not ready to provide a presentation for this meeting. The NEI was able to discuss the feedback it has received from the nuclear industry on the various digital I&C barriers.

The NEI described the following feedback as obtained from the nuclear industry:

  • uncertainty of approval time, cost, and schedule for the licensees and vendors of digital I&C platforms and modifications because of D3/CCF regulatory approval concerns
  • the need to comply with regulatory guidance for software development (such as BTP 7-14, Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems, Revision 6, August 2016, and associated software development regulatory guides endorsed by IEEE digital software development standards) containing prescriptive clauses that may not directly relate to the demonstration that an applicants safety-related software development process is acceptable
  • time required for licensees and vendors to demonstrate compliance to the endorsed IEEE software development standards for digital I&C platforms and applications that were developed and approved using international standards (i.e., International Electrotechnical Commission (IEC))
  • the use of the regulatory guide endorsing the American Society of Mechanical Engineers Nuclear Quality Assurance-1 (for software development) as a sole means to demonstrate regulatory compliance for software development as an alternative to IEEE standards The NEI also noted that NRC endorsement of specific IEC standards (i.e., IEC 61513/62566) would be helpful with regard to the four barriers.

The NEI did not receive any feedback from the nuclear industry regarding the fourth barrier (i.e., insufficient guidance on limited-functionality I&C devices). It also stated that the revision to NRCs RIS 2002-22, Supplement 1, helps to address many of the issues related to the fourth barrier. Therefore, both industry and NRC staff agreed to remove the fourth barrier from the NEIs list of barriers.

As a result of this meetings discussion, the NRC staff and the NEI were able to finalize the list of digital I&C barriers as noted in the table below.

N. Salgado, et al. List of Remaining Digital I&C Regulatory Challenges ID Regulatory Challenge 1 *Efficiency of guidance for consideration of the implications of potential CCF 2 *Efficiency and flexibility of applying software development guidance and BTP 7-14 3 *Efficiency of guidance concerning digital I&C architectural considerations 4 Efficiency of guidance for risk-informing digital I&C review 5 Efficiency of a simple method for navigating the digital I&C regulatory infrastructure 6 Efficiency and flexibility of the utilization of alternative standards for digital I&C safety and conformance demonstrations 7 Efficiency of guidance for hardware description language programmable devices and similar hardware/firmware

  • Submitted by the NEI at the MP #4B public meeting on January 31, 2019 Before the meeting concluded, members of the public had the opportunity to ask questions of or provide comments to the NRC staff.

The enclosure to this meeting summary provides the meeting attendance list.

Conclusion At the end of the meeting, the NRC and industry management gave closing remarks.

This summary documents actions from the meeting and agreements on the digital I&C barriers related to software development. The NRC will hold a public meeting on June 26, 2019, to discuss the NEIs comment on the current version of BTP 7-19.

Enclosure:

As stated

ML19163A179 * = Via email OFFICE NRR/DIRS/IRGB/PM NRR/DE/EICA/TR RES/DE/ICEEB/TR QTE NRR/DIRS/IRGB/OLA NAME TGovan WMorton* KMott* JDougherty* IBetts*

DATE 06/12/2019 06/12/2019 06/12/2019 06/18/2019 06/24/2019 OFFICE NRR/DE/EICA/TR NRR/DE/EICB/TR RES/DE/ICEEB/BC NAME NSalgado* for DZhang MWaters* RJenkins* for PRebstock DATE 06/27/2019 06/28/2019 07/02/2019 LIST OF ATTENDEES INTEGRATED ACTION PLAN TO MODERNIZE INSTRUMENTATION AND CONTROLS REGULATORY INFRASTRUCTURE April 4, 2019, 9:00 AM to 5:00 PM NRC One White Flint North 11555 Rockville Pike O-16D03 Rockville, MD Name ORGANIZATION

1. John Schrage Entergy
2. Rossnyev Alvarado NRC
3. David Rahn NRC
4. Paul Rebstock NRC
5. George Hughes Framatome
6. Deanna Zhang NRC
7. Michael Waters NRC
8. Jason Paige NRC
9. Thomas Koshy NRC
10. Eric Bowman NRC
11. Robert Beaton NRC
12. Khadijah West NRC
13. David Herrell MPR Associates
14. Huda Akhavannik NRC
15. Eric Benner NRC
16. Dave Beaulieu NRC
17. Wendell Morton NRC
18. Tekia Govan NRC
19. Ho Nieh NRC
20. Steve Vaughn NEI
21. Steve Grier NEI
22. Warren Odess-Gillett Westinghouse
23. Raymond Herb Southern Nuclear
24. John Connelly Exelon
25. Paul Phelps Dominion Energy
26. Mark Burzynski Rolls Royce
27. Pareez Golub Excel Services Participated via conference line
28. Norbert Carte NRC
29. John Boska NRC
30. Eric Martinez NRC
31. Ronaldo Jenkins NRC
32. Bob Hirmanpour Southern Nuclear
33. Gordon Clefton Idaho National Laboratory
34. Ron Jarrett Tennessee Valley Authority
35. Ismael Garcia NRC Enclosure

2

36. Claude Whittle Southern Nuclear
37. Rob Burg EPM Inc.
38. Wesley Frewin NextEra Energy
Retrieved from "https://kanterella.com/w/index.php?title=ML19163A179&oldid=2393511"