Text

From:

VAUGHN, Stephen To:

Morton, Wendell Cc:

Govan, Tekia; Alvarado, Rossnyev

Subject:

[External_Sender] NEI Proposed Guidance for Section 1.8 of BTP 7-19 ISO Public Teleconference on DI&C August 1st, 2019 Date:

Thursday, July 25, 2019 12:48:57 PM Attachments:

Suggested Revision to Section 1.8 of BTP 7 Spurious Actuations - Revision 4.docx

Wendell,

Attached is NEIs suggested wording for Section 1.8 of BTP 7-19 in support of the public teleconference scheduled for August 1st, 2019. In the interim, please let me know if you have any questions or concerns.

Regards,

Steve

STEPHEN J. VAUGHNlSENIOR PROJECT MANAGER, ENGINEERING AND RISK 1201 F Street, NW, Suite 1100 l Washington, DC 20004 P: 202.739.8163 M: 202.256.5393 sjv@nei.org

This electronic message transmission contains information from the Nuclear Energy Institute, Inc. The information is intended solely for the use of the addressee and its use by any other person is not authorized. If you are not the intended recipient, you have received this communication in error, and any review, use, disclosure, copying or distribution of the contents of this communication is strictly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by telephone or by electronic mail and permanently delete the original message. IRS Circular 230 disclosure: To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

Sent through www.intermedia.com

Suggested Revision to Section 1.8 of BTP 7-19:

1.8 CCF and Consideration of Spurious Actuations For safety-related systems, spurious actuations are analyzed under the single-failure criterion in accordance with IEEE Std 379 Clause 5.5. Spurious actuations due to a CCF involving design deficiencies (e.g., software errors) are outside the domain of IEEE Std 379. To address this potential case, the first barrier of defense is the quality of the design process, and in particular, the software development process. The NRC staff in Branch Technical Position (BTP) 7-14, Guidance on Software Reviews for Digital Computer-based I&C Systems, states that software quality is an important element in preventing the propagation of common-cause failures.

For A1 systems, the reviewer should compare the applicants software design and development process to the review guidance in BTP 7-14 to reach the conclusion that the software design and development process is of sufficient quality. In addition, the reviewer should assess the defensive measures relied upon to prevent a spurious actuation of the A1 system in reaching the conclusion that there is reasonable assurance that a spurious actuation caused by a CCF is not expected to occur.

For B1, A2, and B2 systems, as part of the applicants qualitative assessment1 for the system, the reviewer should evaluate that the qualitative assessment supports a conclusion that a proposed digital I&C modification has a sufficiently low2 likelihood of a spurious actuation.

1 For guidance on a qualitative assessment see Regulatory Issue Summary, CLARIFICATION ON ENDORSEMENT OF NUCLEAR ENERGY INSTITUTE GUIDANCE IN DESIGNING DIGITAL UPGRADES IN INSTRUMENTATION AND CONTROL SYSTEMS, ML18143B633) 2 Sufficiently low means much lower than the likelihood of failures that are considered in the updated final safety analysis report (UFSAR) (e.g., single failures) and comparable to other CCFs that are not considered in the UFSAR (e.g., design flaws, maintenance errors, calibration errors).