Text

U.S. Nuclear Regulatory Commission Staff Comments on NEI 17-06, Guidance on Using IEC 61508 SIL Certification to Support the Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Related ApplicationsRevision B

1.

Second sentence in paragraph 2 of Page 1 states Purchasers are able to rely on the third party SIL certification process in lieu of conducting a commercial grade survey (including a critical design review) to provide reasonable assurance that critical characteristics, and in particular dependability critical characteristics described in EPRI Technical Report 106439, Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications are adequately controlled. I dont think that the are adequately controlled is accurate because CBs certify the equipment for more applications than nuclear power plants, and nuclear power plants have requirements such as radiation résistance which may not be examined by CBs. A better language is used in the first paragraph of Section 1.3 which states The approach used to develop this guidance was to compare the third party SIL certification process with the EPRI TR-106439 dependability critical characteristics to evaluate their similarity and determine whether any additional actions are necessary to address differences.

2.

The last sentence of Section 1.2 states This supplemental guidance document describes a method for using the accredited SIL certification process in lieu of a commercial grade survey as a dedication acceptance method to provide reasonable assurance that critical characteristics of digital devices, and in particular dependability characteristics, are adequately controlled. Again, the staff believes that without evaluating differences between critical characteristics considered by the CB and critical characteristics for the application and determining whether any additional actions are necessary to address differences, one cannot declare adequately controlled.

3.

The error in the last paragraph of Section 2 on page 12 should be fixed.

4.

In the first sentence of the second paragraph, EPRI explained that the motivation of this work comes from the desire of the nuclear industry to utilize the existing ecosystem of SIL certified electrical, electronic, and programmable electronic (E/E/PE) equipment.

The highlighted this should be its as this work means NEI 17-06.

5.

The last sentence of the second bullet on Page 19 claims in no cases did they result from software faults (i.e., no instances of software CCF). NRC/RES staff indicated to the NEI staff that this claim is not firmly supported from EPRIs report (again a searchable e-document may be helpful).

6.

Figure 4.2 may be misleading. The two blocks Review of SIL Certification may not be equivalent to the corresponding blocks on the left because CBs certification may not consider nuclear specific requirements such as radiation resistance.

7.

Section 4.2, which documents the technical evaluation and acceptance method, includes statements such as the following regarding "reliability" under the SIL Certification Process Method of Verification: "See p3-7 through p3-13 of Reference 8 for details",

where reference 8 is the EPRI research report. If such information is needed to complete the technical evaluation then, it should be included in NEI 17-06 in order to make it a standalone document.

8.

Instead of providing information to address topics such as the one discussed above, Section 3, which discusses the EPRI research of the SIL certification process, includes information such as opinions from individuals involved with the research effort. Such information does not seem useful for the purpose of performing the technical evaluation discussed in section 4.2. Section 3 should be scrubbed to ensure that it focuses on providing the necessary information from the EPRI report to complete the technical evaluation in Section 4 of NEI 17-06.