Text

.t y !d"Pf Gk%Cp jb ' ' U

! f. Pi

.o Date Issued: 8/16/96 CERTIFIED BY:

'f D n Miller - 8/20/96 II

.f

, gg /

W fD$ 6lf7 ADVISORY COMMITTEE ON REACTOR SAFEGUARDS INSTRUMENTATION AND CONTROL SYSTEMS AND COMPUTERS SUBCOMMITTEE i

MEETING MINUTES MAY 22, 1996 ROCKVILLE, MARYLAND INTRODUCTION The ACRS Subcommittee on Instrumentation and Control Systems and Computers met on May 22, 1996, at 11545 Rockville Pike, Rockville, MD, in Room T-2B3, The purpose of this meeting was to review proposed updates to Standard Review Plan (SRP) Sections, i

Branch Technical Positions (BTPs), and Regulatory Guides related to instrumentation and control (I&C) systems.

The primary j

purpose of this SRP update is to codify current regulatory j

guidance related to digital I&C systems.

The entire meeting was open to the public.

Mr. Michael T. Markley was the cognizant ACRS staff engineer for this meeting.

The meeting was convened at 8:30 a.m. and adjourned at 4:30 p.m.

ATTENDEES ACRS i

D.

Miller, Chairman R.

St...e, Member 1

G. Apostolakis, Member W.

Shack, Member J.

Carroll, Member C. Wylie, Member M. Fontana, Member E. Quinn, ACRS Consultant T.

Kress, Member M. Markley, ACRS Staff l

Erincioal NRC Sceakers B.

Brill, RES G.

Johnson, LLNL*

M.

Chiramal, NRR D.

Lawrence, LLNL*

F.

Coffman, RES J.

Scott, LLNL*

J. Gallagher, NRR J.

Stewart, NRR J.

Kramer, RES Lawrence Livermore National Laboratory (LLNL) is the contractor for the NRC staff in this area.

I Industrv/Public Soeakers None A complete list of meeting attendees is in the ACRS Office File, and will be made available upon request.

The presentation slides and handouts used during the meeting are attached to the office copy of these minutes.

51 2 960816 M

3014 PDR DEstanArga 033c3yg3;.

}QQQ93 Cws lllQlll!@lfl,lll)yey

~

ll-

~~~

I&'C Systems and Computers Subcte.

May 22, 1996 Page 2 Chairman's Ooenino Remarks Dr. Thomas S.

Kress convened the meeting as Acting Subcommittee Chairman.

He noted that the Subcommittee Chairman, Dr. Don W.

Miller would arrive late but would resume his duties as Chairman when he arrives.

Dr. Kress introduced the other Members of the Subcommittee and the ACRS Consultant, Mr. Edward L. Quinn.

He summarized the purpose of the meeting to review the proposed Standard Review Plan (SRP) Sections, Branch Technical Positions (BTPs), and associated Regulatory Guides.

NRC STAFF PRESENTATIONS NRR Presentation Mr. Matthew Chiramal, Senior Advisor, Instrumentation and Control Branch (HICB), NRR, introduced the NRC staff and led the discussion of proposed update to the SRP (BTPs and SRP Sections).

1 He discussed the " ground rules" for the SRP update, and an overview of the reactor trip system (SRP Section 7.2), data communications (SRP Section 7.9), and level of detail in design certification applications (BTP HICB-16).

He also presented the schedule for future SRP development and ACRS reviews.

Important points made during the discussion include:

Ground rules include maintaining existing regulatory bases, e

incorporating lessons learned from advanced light water reactor reviews, digital retrofits and industry operating experience, The SRP update will include criteria for both operating o

plants (modifications) and future reactor designs.

e Reviewers of license amendment applications will determine the scope and depth of each review based on the safety significance and complexity.of the proposed change.

e This guidance will benefit licensees in better understanding the NRC process for acceptance of modifications and will provide more information for 10 CFR 50.59 evaluations.

Defense-in-depth and diversity analysis is only applicable to reactor trip systems and engineered safety feature actuation systems.

i e

Reviews for SRP Section 7.2, Reactor Trip System, requires coordination with multiple NRC technical branches (i.e.,

broad organizational review and involvement).

j

l v

I&C Systems and Computers Subcte.

May 22, 1996 Page 3 e

SRP Section 7.9, Data Communications, covers systems other than point-to-point cables (e.g.,

multiplexed systems involving optical fiber and electric cable transmission).

Data communication systems support more than one I&C system.

Reviewers should pay special attention to the quality of components and modules, software quality, performance, and reliability.

l 8

HICB BTP-14, Level of Detail in Design Certification L

Applications, provides guidance to confirm that design certification applications contain sufficient information for the staff to perform safety determinations and to confirm that design details and commitments are classified according to importance.

Guidance does not require that i

applicants lock-in detailed designs RES/LLNL Presentation l

Mr. Joel J.-Kramer, Project Manager, RES, introduced the l

presenters, provided an overview of the regulatory guides for software standards, and summarized the schedule for development and review activities.

Mr. John A. Scott, LLNL, led the discussion for RES regarding development of RGs and endorsement of industry standards.

He summarized the initial ACRS meetings in March 1996 and detailed the actions taken as a result of that l

review.

l Mr. Scott described the draft regulatory guides and associated industrial standards for software test documentation (endorses IEEE 829-1983), software unit testing (endorses IEEE 1008-1987),

software requirements specifications (endorses IEEE 830-1993),

and software life-cycle processes (endorses IEEE 1074-1991).

For each regulatory guide, Mr. Scott described the NRC regulatory positions and regulatory approaches which differ from those l

described in the industrial standards.

He highlighted each exception, addition, and clarification to the industrial standards.

SUBCOMMITTEE DISCUSSION l

The Subcommittee and NRC staff discussed the extent to which a summary document was developed to ensure industry operating experience was incorporated into the SRP update.

Mr. Lindblad questioned whether there was a report documenting industry lessons learned.

The staff stated that a summary report was prepared for the advanced light water reactor (ALWR) reviews but noted that a similar report was not prepared for the SRP update.

Dr. Kress asked if the SRP update could be considered such a document.

The staff stated that the SRP was not designed in such a manner and that to do so would make the SRP very cumbersome to use.

~

W I&C Systems and Computers Subcte.

May 22, 1996 Page 4 The Subcommittee questioned the process for conducting reviews.

Drs. Apostolakis and Miller questioned who determines the depth of each review and how to ensure consistency.

The staff stated that the individual reviewer determines the depth of review in consultation with his/her supervisor.

The staff also stated that the SRP guides the reviewer through the evaluation process but emphasized that judgement is required at each step of the review.

The Subcommittee questioned the level of detail provided in the regulatory guides.

Dr. Apostolakis expressed the view that the documents were too general and lacked sufficient level of detail.

The staff described the review process and stated that the guidance provides a basic statement of what the reviewer should look for in conducting the review.

Dr. Apostolakis reiterated his concern regarding the staff's emphasis on process versus product.

The staff stated that the review should focus on requirements specification to reduce the reliance on finding problems during testing.

Mr. Quinn added that the quality of the test procedures ensures that it works.

Dr. Miller noted that the staff was using generally accepted U.S. Standards for software development.

The staff agreed to provide additional clarification and examples if desired by the Subcommittee.

The Subcommittee discussed the level of review for regulatory guides relative to that normally provided in SERs for industry sponsored topical reports.

The staff stated that a regulatory analysis was performed for each regulatory guide and indicated that a formal safety evaluation report (SER) was not completed.

Mr. Carroll and Dr. Miller question the level of rigor for each of these reviews.

Mr. Lindblad expressed the belief that a topical report gets more review via an SER than does a regulatory guide.

The staff stated that there is no difference in the rigor but that the documentation was different.

Messrs. Carroll and Quinn questioned the complexity of systems and how change control or configuration control would be maintained.

The staff stated that the adding features (i.e.

self-test, diagnostics, etc.) makes the systems more complex.

They stated that complexity was determined by the licensee or applicant and that the NRC review be tailored or customized to address the concerns in each submittal.

Subcommittee Comments and Concerns At the close of the meeting, Subcommittee Members provided their observations and concerns.

Many of these specific issues were carried forward from the March 1996 ACRS deliberations.

They include:

e The staff is using generally accepted U.S.

software engineering practices.

I I&C Systems and Computers Subcte.

May 22, 1996 Page 5 SRP Chapter 7 focuses heavily on software process control as e

opposed to product validation.

The linkage between SRP Chapter 7 and other SRP Chapters may require clarification.

Graded approaches based on importance to safety may also require clarification.

Several Members of the Subcommittee expressed the desire to consider digital system vulnerability to lightning at a future Subcommittee meeting.

Subcommittee Recommendations i

The I&C Systems and Computers Subcommittee recommended the NRC staff address the above noted observations and concerns during the full 431st meeting of the Advisory Committee on Reactor Safeguards, May 23-25, 1996.

The Subcommittee plans to draft a letter for the full ACRS regarding the regulatory guidance documents for digital I&C systems.

The ACRS plans to continue its review of the SRP Update.

Followun Actions The Subcommittee did not request the NRC staff to provide any followup documentation in support of these discussions.

Backcround Material Provided to the Committee for this Meetina e

Draft Version 6.0, Standard Review Plan, Section 7.2,

" Reactor Trip System," dated April 17, 1996 e

Draft Version 4.1, Standard Review Plan, Section 7.9, Data Communications," dated April 18, 1996 e

Proposed Version 7.0, Branch Technical Position HICB-16:

" Guidance on the Level of Detail Required for Design Certification Applications Under 10 CFR Part 52," dated April 12, 1996 Memorandum dated April 26, 1996, from W. Hodges, RES, to J.

Larkins, ACRS, Subj: " Drafts of New Regulatory Guides on Software Used in Safety Systems of Nuclear Power Plants for ACRS Review" Draft Regulatory Guide DG-XXXX, Version 2.0,

" Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants" Draft Regulatory Guide DG-XXXX, Version 2.0,

" Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants" Draft Regulatory Guide DG-XXXX, Version 2.0,

" Software Requirements Specifications for Digital Computer Software Used in Safety Systems of Nuclear Power Plants"

______~.__m

. _. _. _ _. -. ~ _.. _..

2 y

i 4

I&C Systems and Computers Subete.

May 22, 1996 Page 6 3

Draft Regulatory Guide DG-XXXX, Version 2.0,

" Software Test Documentation for Digital Computer Software in-4 Safety Systems of Nuclear Power Plants" j

ANSI /IEEE Std. 1008-1987, "IEEE Standard for Software

]

Unit Testing" 4

IEEE Std. 1074-1991, "IEEE Standard for. Developing Software Life Cycle Processes" IEEE Std. 830-1993, "IEEE Recommended Practice for Software Requirements Specification" 1

ANSI /IEEE Std. 829-1983, "IEEE Standard for Software Test Documentation"

[

Memorandum dated May 2, 1996, from D. Miller to ACRS Members, Subj:" Standard Review Plan Update: Chapter 7, Instrumentation and Control" t

Facsimile dated April 15, 1996, from D. Powers to ACRS Members, Subj: " Effects of Smoke on Digital Electronic 4

l Circuits" NUREG/CR-6082, " Data Communications," August 1993 4

NUREG/CR-6421, "A Proposed Acceptance Process for Commercial off-the-shelf Software in Reactor Applications," March 1996 eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee i

l NOTE:

Additional details of this meeting can be obtained from i

y transcript of this meeting available in the NRC 4

falic A>cument Room, 2120 L Street, N.W., Washington, D.C.

20006, (202) 634-3274, or can be purchased from j

Neal R. Gross & Co.,

Inc., Court reporters and i

' Transcribers, 1323 Rhode Island Avenue, N.W.,

j Washington, D.C.

20005, (202) 234-4433.

i i

l l

4

. - -. - -