Forwards Refined Safety Parameter Display Sys Implementation Plan & Description of Verification/Validation Program,Per NUREG-0737,Item I.D.2 Reaffirms Commitment to Implement Basic Safety Parameter Display Sys by 841231

ML20093A394
Person / Time
Site:	Crane
Issue date:	07/05/1984
From:	Hukill H GENERAL PUBLIC UTILITIES CORP.
To:	Stolz J Office of Nuclear Reactor Regulation
References
RTR-NUREG-0737, RTR-NUREG-737, TASK-1.D.2, TASK-TM 5211-84-2168, NUDOCS 8407100435
Download: ML20093A394 (18)
v • d • e

Text

-

9 e'

GPU Nuclear Corporation Nuclear

,orrs:r8o Middletown, Pennsylvania 17057 0191 717 944 7621 TELEX 84 2386 Writer's Direct Dial Number:

5211-84-2168 July 5, 1984 Office of Nuclear Peactor Regulations Attn: John F. Stolz, Olief Operating Pcactors Regulatory CmTnission Washington, D.C. 20555

Dear Mr. Stolz:

'Ihree Mile Island Nuclear Station, Unit I ('IMI-1)

Operating License No. DPR-50 Docket No. 50-289 TMI-l Safety Parameter Display System NUIEG-0737 (ITEM I.D.2)

In our letter to you on February 1,1984, we comnitted to provide the NRC Staff with a refined SPIE impimentation plan and a description of the verification /

validation program. This letter provides you with both of those items. Our comnitment rennins to implement the basic SPDS by the end of 1984. Inplementation of the ' final' SPDS remains dependent on the restart sdiedule, and subsequent outages.

Sincerely, I. D.

ukill, Director, 'IMI-l IIIII/ RAS /mle Attachment cc.

J. Van Vliet R. Conte kob O

F 3

__c__,..._,e,,..___..c___

L

i TMI-l SPDS IMPLEMENTATION PLAN l

1983 1984 1985 l

l J-A S-0 N-D J-F M-A M-J J-A S-0 N-D J-F M-A l l

I I

I I

I I

I l

l l Input Signal Hardware l

1 l

l l

l l

1 I

l I

I I

I l

l l

Issue Modification Package l

l 1

l l

l l

l l Order Long Lead Time Material l

l 1

l l

l l

l l

l l

l l

Install Hardware l

l l

l l

l l

l l

l l

l 1

I l

l I

I l

1 l

l l

l l

l 1

1 I

l l

l l

l l

l l

l 1 SPDS

]

l l

l l

l l

l l

l l

l 1

I l

l l

l l

l l

l l

l l

l Safety Analysis (Parameter Selection l

l l

l l

l l

l l

l l

l l

Study) l l

l l

l l

l l

1 l

l l

l User Guidelines (Preliminary / Final) l l

l l

l 1

1 I

l l

l l

l and Display Design l

l l

l l

l l

l l

l l

l l

System Requirements Documents l

l l

l l

l l

l l

l 1

l l

Software Design, Coding and Test l

l l

l l

l 1

l l

l l

l System Integration l

l l

l I

l 1

l l

l l

l l

l l

l l

l l

l l

l l

l 1

l l

l l

l 1

l l

l l

l l

l SPDS V&V Program l

l l

l l

l l

l 1

l l

l l

l l

l l

l V&V Plan I

l l

l l

l l

l l

l System Requirements Review I

l l

l l

l l

l l Software Design Review l

l l

l l

l 1

l 1 Validation Test Plan I

l l

l l

t l

l i

Valisation Test l

l l

1 l

1 l

1 l

1 l

l l

l l

l l

l Operator Training l

l l

l l

l l

l l

1 l

l l

l l

l l

l l

l Computer / SPDS Use Objectives l

l l

l l

I I

l l

l l

and Lesson Plans l

l l

l l

l l

l l

l l

l Operator Training

L b

b

. g.

VERIFICATION AND VALIDATION PLAN

~FOR TMI-l SAFETY PARAMETER DISPLAY SYSTEM (SPDS)

U i.

~

TABLE OF CONTENTS i

1.0 INTRODUCTION

AND SCOPE 2.0 OVERVIEW 0F V&V ACTIVITIES

(

AND DOCUMENTATION REQUIREMENTS i

i 3.0 SYSTEM REQUIREMENTS REVIEW ACTIVITIES l

4.0 HARDWARE CONFIGURATION DESIGN REVIEW ACTIVITIES e

5.0 SOFTWARE DESIGN REVIEW ACTIVITIES 6.0 VALIDATION TEST PLANNING AND PERFORMANCE ACTIVITIES 1

7.0 FIELD Vf0!FICATION TEST ACTIVITIES l

t

8.0 REFERENCES

t

~

1.0 INTRODUCTION

AND SCOPE The verification and validation (V&V) plan described herein will be applied to the Safety Parameter Display System (SPDS) for the Three Mile Island Nuclear Generating Station Unit 1 (TMI-1), which is owned and operated by GPU Nuclear Corporation (GPUNC).

The purpose of the SPDS V&V program is to assure that the SPDS as installed satisfies its functional requirements in accordance with all applicable standards and regulations. The requirements for the SPDS are documented in Reference 4, Supplement 1 to NUREG-0737, " Require-ments for Emergency Response Capability". The V&V plan presented here is intended to provide a V&V program that is generally in accord with Reference 1, NSAC/39, " Verification and Validation for Safety Parameter Display Systems".

The scope of the SPDS V&V program will include and be limited to the computer hardware and software that constitute the SPDS. The plant computer system on which the SPDS will be installed is excluded from the SPDS V&V program.

l

The scope of the SPDS V&V program will include both the " Basic SPDS" and the " Final SPDS". The Basic SPDS includes only those plant variables currently included in the plant computer system data base.

The Final SPDS will include other parameters that will be added to the e

plant computer system data base at a later date.

The scope of the V&V plan documented here includes only the Basic j

SPDS. The additions required to implement the Final SPDS will be included in the V&V program but will be administered separately.

i l

r I

i

'2.0 OVERVIEW 0F V&V ACTIVITIES AND DOCUMENTATION REQUIREMENTS Figure 1 diagrams the V&V related activities for the TMI-l SPDS program.

The five main V&V activities as illustrated in Figure 1 are:

o System Requirements Review; o

Hardware Configuration Design Review; o

Software Design Review; o

Validation Test Planning and Performance; and o

Field Verification Testing The intent of the verification / review activities is to provide a comprehensive evaluation of the system requirements to determine that the right problem is being solved; and to provide a phase-by-phase check to determine that each phase is a consistent, complete and correct translation of the previous phase. The intent of the validation activities is to test and evaluate the integrated hardware and software systen to determine compliance with the system requirements.

The people who perform the V&V activities of Figure 1 will not participate in the SPDS design or implementation.

s 1

i

\\

I S

i g

REQUIREENT5 00CUMENT t

'I I

CMATE U yy RE WN1?

N' MATftX (RTU)

'l.

l I

l HARDWARE DEVELOP CONFIGURATION M ARE TEST PLAN DE3GN MM AND PROCEDURE l

I I

I HAf0 NAM E

CONFIGURATION TEST PLAN ggq DESIGN REVIEW REV'EW AND ATM MWEW W RTM AND MATE UPDATE PREPARE ANr l ISSUE s

CODE. BUILO ANO

-g HARDWARE TEST SOFTWARE I

PROCUREMENe MODULES 0000 WENTS n

RECEIVE.

INSPECT.

lieSTALL ANO TEST HARDWARE mGRAroN AND TESTING 3

i n

)

t 8vR8004 K8v VAUDATION TEST

\\

(5

\\

i peoJacT Activity I

FELO t

INSMLLAD z M0 TEST C.

vev Arvivity I

(

i

' FTLD

g vtwiCan0N -

TEST r

l

?,

vAu0ATiON MPORT r

FIGURE 1: FLOW DIAGRAM OF TMI-1 SPDS V&V RELATED ACTIVITIES L

f e,

, -,,. ~ - - -., - - -,,,,

,m..,

The V&V documentation provides formal evidence that the system has been verified and validated. Table 1 lists the documentation that will be produced by the SPCS V&V program. Seven major reports in addition to the V&V plan documented here will be produced during the program. The documentation will provide an audit trail in that non-associated personnel will be able to reconstruct the program activities and the results of those activities from the documentation.

In general the results of each major V&V task of Figure 1 are documented in a separate report in accordance with Table 1.

4 L

TABLE'.1: TMI-l SPDS'V&V PROGRAM DOCUMENTATION

,,r r!

(.t s r DOCUMENT DISCUSSION Verification and Validation Plan The initial document System Requirements Review 6eport 4

Requirements Traceability Matrix (RTM)

The cross referencing document

'~

j for the entire SPDS V&V program Hardware Configuration Design Review Report Software Design Review Report Validation Test Plan and Report Field Verification Test Plan and Report SPDS V&V Program Final Report Summary of all previous activities with conclusions.

Closure of all open items. The

" Validation Report" of Figure 1.

l

)

f 1

3.0 SYSTEM REQUIREMENTS REVIEW ACTIVITIES The system requirements are the foundation on which the completed system is designed, built and accepted. The principal goal of the system requirements review is to independently determine if fulfilling the system requirements will result in an effective, functional 'iPDS that is in compliance with all the applicable standards and regulations.

The design basis for both the hardware configuration and software design shall be examined in the system requirements review. The major objective shall be tr determine whether the system requirements are consistent with the system purpose, correct, complete, understandable, feasible, testable, and traceable.

A key system requirements review activity will be the creation of a Requirements Traceability Matrix (RTM). The RTM for the SPDS will list every functional, performance and project requirement for the program in a tabular format. Each item in the RTM will be cross-referenced to the paragraphs in each of the other major program documents. Figure 2 illustrates one page from the RTM for a GPUNC plant computer system. A similar format will be used for the TMI-1 SPDS.

DEQUIPfefuis MATaft. CENf M L PUBLIC Uf'LITY NUCtfAR CORPOU TION (CPUN1 l

l l

l li l TECHNICAL SYSTEM SYSTEM i l.

15PECtrCAT0n5, nego:REMENT ARCHlIECTURf (

l i

l l

rtei 0 mat Ano PtaronnamC 1 1302-07-002, $PeCafrCAT 0ml Documeur l

l ltif9 at0UtaEMENTS latv 1 06/30/s3 302163-01000 1302163-0900a I

I l

l l

l l

l

.................................l l

g l

l l

l l...............................

l 1

l ll l

l l

l l"

al l

1 l

l l

l l

l l = OPERATING 5YSTEM $0rfWARE al l

l l

l l

ll la al l

l l

l l

g.................................l l

l l

l l

l 1.................................

l l

l l

l

.)

l l

l l

l 177 loperating system software will be l 5.2 15.1 l

l T

(

an esecutive-type standard l

l operating system with the l

(

l l

lfollowingcapablittles:

l l

l l

l l

1 li l a. Activate tasks l

l 10.2.3 l

l l

l l

l ll l b.

Suspend tasks l 15.1.1 l

l l

l l

l l

c.

Reswee tasks l 15.1.1 l

l l

l l

l l

. d.

0. tete tasks ll l 10.2.3 l

l l

l l

l l

l e. Welt l

l 15.1.1 l

l l

l l

I I f.

taable interrupts l

l 15.1.1 l

l l

l l

l g.

Initi.te laterrupts

,1 l 15.1.1 l

l l

l l

ll h.

Olsable laterrupts l 15.1.1 ll l

l l

l l

l l

l 1.

Schedule programs via j

l 10.1 i

i tlan-of-day or periodic l

l l

l

j. Control transfers between l

l 15.1.1 ll l

l l

1:

l mein and availlary namory l

l 1

(

l l

l l

l k.. Provide calendar functions l 11.3.1 ll l

l l

l 1.

Utillre all M/W features l' 15.1.2 l

l l

l l

m.

Most recently released 0/5 ll 15.1.1

(

l I

i (minimally MAX IV C.2 or l

1 l

MPI 1.2 version) ll

((

l l

' o.

Provide Ito services for

,1 10.4 l

l l

l l

all devices l

l l

l l

l l

l l

l l

l l

l FIGURE 2: SAMPLE PAGE FROM A GPUNC PLANT COMPUTER SYSTEM REC.UIREMENTS TRACEABILITY MATRIX (R'iM)

t 4.0 HARDWARE CONFIGURATION DESIGN REVIEW ACTIVITIES

~

The hardware configuration design review will trace the design to the system-requirements and SPDS design basis documents. The review will ensure that the design documents are complete, detailed and unambiguous.

h 6

-The RTM will be updated as part of the review, i.e. columns will be added to Figure 2 as necessary to cover the design configuration documents and the tabulated items will be cross-referenced to paragraphs in the documents.

t e

l r

5

-,, + -, - -, - - - - -,

i 5.0 SOFTWARE DESIGN REVIEW ACTIVITIES A software design review will be conducted on the entire SPDS software system. The review will trace the design to the system requirements and design basis documents. Criteria that will be used for the software design review will include completenass, consistency and testability.

The software design review activity will assure that the software design documentation is complete, understandable, and unambiguous. Furthermore, i

the verification activity will assure that the design documentation fully describes the relationship of SPDS functions with the other plant computer functions.

The RTM will be updated as part of the software design review, i.e.

columns will be added to Figure 2 as necessary to cover the software design documents, and the tabulated items will be cross-referenced to paragraphs in the documents.

t

--v

m 6.0 VALIDATION TEST PLANNING AND PERFORMANCE ACTIVITIES i

6.1 General The validation tests are intended to confirm by demonstration that the SPDS hardware and software meet the system requirements. The tests are initially planned based on the system requirements, but may be modified based on the results of the hardware and software design reviews.

6.2 Test Plan The test plan shall establish the detailed requirements for testing the hardware and software functionality of the overall system. The test plan shall fulfill all the testing requirements specified in the SPDS system requirements document. Furthermore, it shall incorporate the results of the hardware configuration and software design specification reviews. Specific test plan items shall be cross-referenced in the RTM to the system requirements that they address.

- The test plan shall include startup,' shutdown, initiation, display selection, data archive, and test feature tests as applicable in addition to the operational tests. The degree of isolation between SPOS operation and other functions that are performed on the same computer system shall be demonstrated by tests described in the test plan.

The test plan shall include all the forms that will be completed during the tests.

6.3 Validation ~ Test The validation test will demonstrate the proper performance of each function-and the fulfillment of the design requirements for the overall system. The validation test shall implement the requirements of the test plan and-shall be witnessed by the Project Manager and V&V personnel. All successes and problems identified during the tests shall be documented during the test program.

t y

n

=,,,,

-r-

t I

r.

7.0 FIELD VERIFICATION TEST ACTIVITIES I

The purpose of the field verification test is to verify that the validated system is properly installed. Since the plant computer system t-(PCS) will have been installed previously and since there will be no i

movement of the SPDS hardware or software following the completion of the i

-validation tests, the field verification will be concerned with those aspects of " going live" that were not present during the validation test.

In particular, it will be necessary to check input signal levels, and it may be appropriate to monitor the on-line performance for some reasonable period of time immediately after going live.

i l

4

)

l I

5 h

a S

,w-,

m_,,

y f-.-.--

y

-,,_-y-

f 4

8.0 REFERENCES

l The following references are some of the applicable standards and 7

regulations for the SPDS.

i t

1.

Verification and Validation for Safety Parameter Display Systems.

NSAC/39. December 1982.

l

. 2.

Human Factors Review Guidelines for the Safety Parameter Display System. NUREG-0835 (Draft).. June 1982.

j i

3.

Guidelines for Control Room Design Review. NUREG-0700.

September 1981.

i

- 4.

Supplement-1 to NUREG-0737 - Requirements for Emergency Response Capability (Generic Letter No. 82-33). December 1982.

5..

Functional Criteria for. Emergency Response Facilities - Final Report.: UUREG-0696. February 1981.

[

t

5. '

a J

t

~cr

.e,---y-

,--,-----vwp-

,-w w, -,

e v-,

,7

,,-,,,w g-,m-..

s

,,