ML20148F199
| ML20148F199 | |
| Person / Time | |
|---|---|
| Issue date: | 05/28/1997 |
| From: | Advisory Committee on Reactor Safeguards |
| To: | |
| References | |
| ACRS-T-3000, NUDOCS 9706040171 | |
| Download: ML20148F199 (381) | |
Text
Official Transcript cf Proca2 dings O
NUCLEAR REGULATORY COMMISSION f CRST- =looo.
l
Title:
Advisory Committee on Reactor Safeguards l Instrumentation and Control Systems and Computers Subcommittee !
TRO4 (ACRS)
RETURN ORIGINAL TO BJWHITE 2E26 Docket Number: (not applicable) 7(S_ l THANKS! l 1
Location: Rockville, Maryland O l
. Date: Wednesday, May 28,1997 AD'3S Of 5ca Copy- Retal <3 fo~:Te _ fe of':he ComTUttee-i Work Order No.: NRC-1127 Pages 1-295 60 1 970528 T-3000 PDR NEAL R. GROSS AND CO., INC. _
Court Reporters and Transcribers 1323 Rhode Island Avenue, N.W.
q { p A1!i\ { {
ex iL*j 1 1.
g C
'~
ggj Washington, D.C. 20005 Le (202) 234-4433 l!ll!Oll!Oll:llJlillljlilLl!1li
- . J
_Y" i
_v .t /
\
^ "
g h v. - . ..
i O e " 7;.,. ?m OfficialTranscriptef Psoceedings !
% !_ (3 ;-_
77 C 4 NUCLEAR REGULATORY COMMISSION 1 n
Y .
f U T"~$O00 Y
.f Yf.' , lt t
~ .
. s # ..
7-[ h y
J w&M ' . .,tu A i, .
c, w% ' ; Advisory Committeein~ Reactor Safeguards na 'n1
Title:
- a ,
+w hir' mentatlon j
and Co,ntrol Systeins and
~ . .
fW > >
I. w i ,2 e .
. Computers Sub' committee ' -
j; i~ t .
/. 3[ .q, .. ..
&M M ', < ,y I: TRO4 (ACRS) " 1 n g" W RETURN ORIGINAL '
ih,? .
, << , ,;# 4
~). TO BJWHITE <
y 4mi }D6cketLNumber: Rnot applicable) c $$.$$52s
< r i
,o[ g" q:f C N 9y
, , TaAnxsi i i .,
i 4
,, ~
- /
v y
, uus a .. "
W, :,m"16 .
J cati.on:) lRoclwille, Maryland: .
j.
%) yf ,' , y
'y . ,
- 4
[t.k
[f .,t - g
.. g Lj
' ' N; r O,h& g.,c-z' + l48?'
,91
(,o-te 4 '
.h ,,..3 , ',[ .' .Id: ..1 - .. ~. ,. . .
, 1,
- ( '3'
- 7 R <Date:4 - Wednesd,ay, May 28,'71997:- , q s ' '
WJx'< ,4 '
lW ~ '" > <
u ,
_ _.p
~j itq ,i i <
MN . . . . . 9- !
m ,,
G, / i '
AMSOffice00pyde@ ,
t 4
- E; g' .t <: i k; r e d. itehttei
wm j
M ,.9>
K 6Woik Order No.. , ;NRC-1127 7 Pages 1-295 WW, 9706040171 970528 ,
t lM .. ' . ' , , T-3OOO PDR n ,< , .
xw ' s m -.NEAI) R. GROSS AND CO., INC.1 _
l' %
l Court Reporters and Transcribers : W} P q] s .
{- [-
M l1323 Rhode Island Avenue, N.W. ' i l 1 gd@K g q l. ,. ,W>e.@ sO n i-V {
1 washington, n.c.q. 20oos' !
, , H
. (202) 234-4433 1 K
$.:; ?P q' .. Wr, . , , , , . , , 1 r ,f -
- n r :
f l\_ )'
1 ,
m
_Q '
. . . . . . . o Q ., l, > ' Y , fi .
~~ .lj
- - ;:P ;.
g@MJ w. ag $;)k~* r .' -y . g.
i S r. +
3
l O
[
DISCLAIMER l
PUBLIC NOTICE BY THE UNITED STATES NUCLEAR REGULATORY COMMISSION'S ADVISORY COMMITTEE ON REACTOR SAFEGUARDS MAY 28, 1997 The contents of this transcript of the proceedings of the United States Nuclear Regulatory
/~'\ Commission's Advisory Committee on Reactor Safeguards on MAY l (_)
28, 1997, as reported herein, is a record of the discussions l
! recorded at the meeting held on the above date.
This transcript has not been reviewed, corrected and edited and it may contain inaccuracies.
J l I t
j I
l l l l l
l l
t L) l NEAL R. GROSS COURTREPORTERS ANDTRANSCRIBERS 1323 RilODEISLAND AVENUF,NW (202)234 443i WASi!!NOTON,D.C. 20005 (202)234 4433 Y
1 1 UNITED STATES OF AMERICA
- 2 NUCLEAR REGULATORY COMMISSION 3 + ++++
4 MEETING I 5 ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS) l 6 INSTRUMENTATION AND CONTROL SYSTEMS I l
7 AND COMPUTER SUBCOMMITTEE '
8 ++ + + +
l 9 WEDNESDAY l 10 MAY 28, 1997 11 + + +++
12 ROCKVILLE, MARYLAND 1 l
13
,e
'u/ 14 The Subcommittee met at the Nuclear Regulatory 15 Commission, Two White Flint North, Room T2B3, 11545 16 Rockville Pike, at 8:30 a.m., Don W. Miller, Chairman, 17 presiding.
18 19 COMMITTEE MEMBERS:
20 DON W. MILLER CHAIRMAN 21 GEORGE E. APOSTOLAKIS MEMBER 22 MARIO FONTANA MEMBER 23 ROBERT L. SEALE MEMBER 24 (f^')N 25 NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 J
1 2
1 ACRS STAFF PRESENT:
,7-2 JOHN T. LARKINS, EXEC. DIRECTOR t ;
3 SAM DURAISWAMY 1
4 RICHARD P. SAVIO 5 NOEL DUDLEY 6 MICHAEL T. MARKLEY 7 AMARJIT SINGH J 8
9 ACRS INVITED GUESTS PRESENT:
10 BOB UHRIG !
11 CHARLES MAYO 12 CHRISTINE MITCHELL 13 f
('Ti V 14 ACRS CONSULTANT PRESENT:
15 TED QUINN 16 17 ALSO PRESENT:
18 JERRY WERMIEL 19 MATTHEW CHIRAMAL 20 GARY JOHNSON 21 CLIFF DOUTT 22 JIM STEWART 23 JOHN GALLAGHER 24 fm,,
( ) 25 LJ NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W (202) 234 4433 WASHINGTON, D.C. 20005 3701 (202) 234-4433 s
3 1 A-G-E-N-D-A
,m 2 Acenda Item Pace i \
^'
3 ACRS Introduction 4 4 SRP Chapter 7 Update 5 Jerry Wermiel 7 6 Matt Chiramal 10 7 Reconciliation of Comments 15 8 Changes to SRP Chapter 7 based on 9 ACRS Comments and NAS/NRC 10 Phase 2 Study Report 88 11 Selected ACRS Subcommitte Issues in 12 NAS/NRC Phase 2 study 115 13 Reconciliation of Public Comments
- )
'N- / 14 Draft Software Regulatory 15 Guides and Specifically of 16 Guidance 222 17 18 19 20 21 22 23 24 I
'O 25 NEAL R. GROSS COURT REPC"TERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
4 1 P-R-0-C-E-E-D-I-N-G-S j 73 2 (8:39 a.m.)
('~' )
3 CHAIRMAN MILLER: I'd like to call this 4 meeting to order. This is the first day of the meeting of 5 the ACRS Subcommittee on Instrumentation Control Systems l l
l 6 and Computers. I am Don Miller. I'm the Chair of this 7 Subcommittee.
i 8 The ACRS memtars in attendance are George 9 Apostolakis, Mario Fontana, and Bob Seale. We also have l
10 in attendance, Bob Uhrig whose appointment to the ACRS is 11 in progress. Welcome, Bob.
l 12 MR. UHRIG: Thank you. I'm happy to be here. l l
13 CHAIRMAN MILLER: Also in attendance are Ted A
s 14 Quinn, who is an ACRS consultant on this subcommittee, ;
1 15 Christine Mitchell who's with the Research Committee --
I l
16 is Christine here? Not here. And Charles Mayo, who I 17 know is here. Both are members of the NRC Nuclear Safety 18 Research Review Committee.
19 The purpose of this meeting is to review the 20 proposed final Standard Review Plan Sections, Branch 21 Technical Positions, and Regulatory Guides related to 22 digital instrumentation and control systems, including the 23 proposed reconciliation of public comments on these 24 documents and the integration of insights from the
/~~'T t,
) 25 National Academy of Sciences / National Research Council NEAL R. GR.OSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344 433
5 1 Phase 2 Study Final Report on the topics of safety and g3 2 reliability issues for digital I&C systemc t t
's'./ '
3 The subcommittee will gather information, 4 analyze relevant issues and facts, and formulate proposed 5 positions and actions, as appropriate, for deliberation by 6 the full committee. Which by the way, will meet on June 7 10th through 15th, I believe.
8 Michael Markley is the Cognizant ACRS Staff 9 Engineer for this meeting. j 10 The rules for participation in today's meeting 11 have been announced as part of the notice for this meeting i
12 previously published in the Federal Register on May 9th, 13 1997.
- D
\/ 14 A transcript of the meeting is being kept and 15 will be made available as stated the Federal Register 16 Notice. It is requested that all speakers first identify 17 themselves and speak with sufficient clarity and volume so 18 that they can be readily heard.
19 We have received no written comments or 20 requests for time to make oral statements from members of 21 the public.
22 And before this, I will make a few comments 23 based on my review of the documentation we've received and 24 set the stage for what I think the staff should be
/~N l
() 25 directing some of their atter to.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
l 6 i l
1 We received I believe, two memos -- is that I 1
l
,-, 2 right, for me, Mike? One in which we were requested to )
3 identify specific recommendations -- in my case I even 4 added a few conclusions from the National Academy Study --
5 wanted the staff to direct specific attention to those )
6 items.
7 The second memo -- I received also a memo from 8 -- a couple af memos from Dana Powers, I believe, in my 9 mind, raises questions about the regulatory guides and the i
10 role they play in the standard review plan. So I think we 11 should be having significant dialogue with the ataff and I
12 their consultants on that issue. l l
13 For example, the issue of -- we've had )
/ 'N
.- 14 ongoing, from almost the time we started this review, was 15 the balance between guidance related to process of 16 developing software, versus the evaluation of the product.
17 We've looked at the issue of grading of the evaluations. .
18 I specifically have questions I've raised over 19 my review over the last few days, about several branch 20 technical positions, and I've -- has the staff received a 21 memo on that one?
22 MR. MARKLEY: No.
23 CHAIRMAN MILLER: Okay, I'll raise that issue.
24 I'll let them know right now, I have questions about BTP-rx
( ) 25 13, 17, and 2'. Those come from public comments.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C- 20005-3701 (202) 234 4433
7 1 I think that addresses most of the kind of the
,_s 2 key issues. I think the staff is going, at least through I )
3 example, to try to demonstrate how the Reg. Guides and the 4 Branch Technical Positions all fit together, and 5 specifically in the overall guidance provided by Chapter 6 7, specifically in 7.0-A, I believe it is.
7 Those are the kind of things we want to be 8 looking for before this meeting's over. I think at the 9 ond of the meeting tomorrow we should identify all those l
10 areas where we seem to agree with what's being put on our 11 table, and certainly those areas where you think the staff 12 should do more work, or we don't agree. That I think, 13 should be the goal of this meeting over the next two days.
,r7~~}
Tm/ 14 With that, if there's any -- are there any 15 comments by ACRS members at time? Otherwise, I'll turn 16 the meeting over to Jerry Wermiel from NRR, and Jay 17 Perinsky from Research. Comments by other members?
, 18 Okay, Jerry Wermiel, I'll turn it over to him 19 and he will forge ahead. And he has his complete staff 20 here, I assume?
21 MR. WERMIEL: Yes, yes.
22 CHAIRMAN MILLER: And you can take it from 23 here, Jerry.
24 MR. WERMIEL: Great. My name is Jerry
/\
t i 25 Wermiel. I'm Chief of the Instrumentation and Controls w/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
8 l
1 Branch in NRR, and I have a number of my staff with me )
2 here who will be making presentations and assisting in f,i
~'
3 answering any questions and any concerns that come up from 4 the committee.,
1 5 I only have very brief opening remarks by the l 1
l 6 way, I guess, of an overview of what we're going to be j 7 doing over the next couple of days. This is anticipated 8 to be the last in a series of meetings with the ACRS 9 Instrumentation and Controls and Computer Subcommittee.
10 We've been holding meetings with you now for I l
11 the last, approximately year-and-a-half, during which 12 we've been describing the proposed changes to update the 13 Standard Review Plan, Chapter 7, to incorporate review I
(m i V 14 guidance on digital systems.
15 As Dr. Miller mentioned, we've now completed 16 the final version of that update to Chapter 7. That ;
1 17 version now incorporates changes based on public comments, l
18 based on ACRS comments, over the last meetings that we've 19 had with the full committee and the subcommittee, and 20 changes based on the recommendations from the National 21 Academy of Sciences Phase 2 Study.
22 This is the version that was provided to you 23 several weeks ago. Today, my staff and I will discuss 24 these changes and we will also be discussing, with the i,q xs j 25 help of the Office of Research, the changes that were made NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
9 1 to the new Regulatory Guides on Software Quality.
i
,s 2 During those discussions we plan to address l
/ \
'~
3 concerns identified by the ACRS previously, including the 4 ones that Dr. Miller already mentioned regarding the 5 review of the software development process versus the 6 product that results from that process, and the level of 7 detail in the guidance that's been provided to the staff I l
8 in this SRP update.
9 Based on discussions with Dr. Miller over the 1
10 last couple of months, we are also going to be providing a 11 discussion on the second day, on several specific topics 12 that have been discussed at length during the l 13 subcommittees, but were felt to warrant further
, ~3 k -)
m 14 discussion.
15 And those include defense-in-depth and 16 diversity, how the staff reviewers will use the new Branch 17 Technical Position-14 when reviewing a digital system, and 18 we will be providing specific examples in a walkthrough of 19 that BTP during that discussion.
20 We recently completed evaluation of the EPRI 21 topical report on dedication of commercial off-the-shelf 22 software. We will be talking about the current state of 23 the practice on the use of formal methods in software !
+
24 development, and we'll also be discussing some of the
( )\ 25 software development tools that have been used in software ;
l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., NV'.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 i
10 1 development.
7-g 2 We will discuss on the second day, the staff's U 3 disposition of the recommendations of the National Academy 4 of Sciences Phase 2 Report, and in that discussion we hope 5 to be able to address the specific topics that Dr. Miller 6 mentioned that he provided to us in the May 22nd 7 memorandum to the subcommittee.
8 It's my hope that by the end of the meeting 9 the staff has described the SRP Chapter 7 update in 10 sufficient detail to address any remaining questions that 11 the ACRS has. We plan to publish the final update to 12 Chapter 7 by the end of July in order to meet the tracking 13 list -- the Chairman's tracking list schedule date.
I If there are no other questions, I would just
- 14 15 propose to have Matt Chiramal begin to walk you through 16 the latest changes to the SRP update.
17 MR. CHIRAMAL: Good morning. My name is Matt 18 Chiramal. I'm with the Instrumentation and Controls 19 Branch and with me up front is Gary Johnson of Lawrence 20 Livermore National Lab, who helped us in preparing the SRP 21 update.
22 Today we'll discuss actually, three aspects of 23 the SRP Chapter 7 update. One will be the overview of 24 Chapter 7, as we see it in the revision that we sent to p)
(, 25 you. The second part will be disposition of public NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-4433
11 1 comments and comments received on draft Chapter 7. And
- 2 later today, the office of Research will provide you the i )
~
3 resolution of comments received on the draft regulatory 4 guides on software quality.
5 And finally, we'll talk about the changes to 6 SRP Chapter 7 based on ACRS comments and disposition of
? some of the comments we received from the NAS final Phase 8 2 Report.
9 Overview of Chapter 7. Chapter 7 consists of 10 nine sections, and several appendices. There is a new 11 section, 7.0, that -- I mean, appendix 7.0-A that provides 12 an overview guidance to reviewers on what to do with 13 Chapter 7: how to apply it, how to plan for it, and how fN 5
) to review the design that will be submitted by the
\_/ 14 15 licensee or the applicant.
16 That more or less conforms to the outlines of 17 Chapter 7. Section 7.1 has the Introduction. That's an 18 existing section of SRP, and we have revised it to include 19 a new Appendix 7.1-C which is the conformance to IEEE 20 Standard 603.
21 The other two appendices were existing, but 22 have been modified to include the new regulatory guides l
23 and the new status that have evolved since 1981. And it 24 also includes the BTPs, the Branch Technical Positions (G) 25 that have been -- that are new and that which have been NEAL R. GROSS
, COURT REPORTERS AND TRANSCRIBERS I 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
12 1 revised since 1981.
2 Section 7.2 deals with Reactor Trip System; 7_
3 7.3 Engineered Safety Features; 7.4 Safe Shutdown Systems; 4 7.5 Information Systems; 7.6 Interlock Systems; and 7.7 l 5 Control Systems. These are revisions to the existing SRP 6 Chapter 7 sections. And then we have two new sections, j 7 7.8 which deals with Diverse I&C Systems, and 7.9, Data l 8 Communication Systems.
9 Appendix 7-A, which includes the Branch 10 Technical Position, is revised to include the new BTPs, 11 and Appet ix 7-B is General Agenda, and the -- floating in l 12 Appendix 7-C for Acronyms, Abbreviations, and Glossary.
13 And we have not decided yet as to what to do with it. We
,q
(.-) 14 may retain it as an Appendix 7-C.
15 SRP Chapter 7 was really revised mainly to 16 address digital I&C topics, although other I&C issues that 17 were raised between 1981 and 1993 have also been 18 incorporated. But prir.arily the changes to the SRP 19 Chapter 7 were to deal with digital issues.
20 And in that sense, revised Section 7.1 on 21 General Requirements and Guidance -- which is the main 22 section of Chapter 7 -- has added reference to new 23 regulatory guides which will be discussed later today, and 24 BTPs which we will discuss today, also.
13 It also highlichts review areas, acceptance
! ) 25 -
v NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
13 1 criteria and review process for digital systems based on 2 IEEE 7-4.3.2, which has been endorsed by the new Revision 73
( i
~
3 1 to Reg. Guide 1.152. As I mentioned earlier, we have a 4 new Section 7.0 and Appendix 7.0-A that describes the 5 overall review process for digital systems.
6 The Appendix 7.0-A is the one for digital 7 systems. The section 7.0 is an overview for the 8 reviewers. The new Appendix 7.1-C is provided for 9 guidance to review conformance to IEEE 603 which has been 10 endorsed by Reg. Guide 1.153, Revision 1.
11 In the Appendix 7.1-A which addresses 12 conformance and acceptance criteria, there are topics that 13 address the rule changes of Part 52 and revisions to Part C\
r i
's / 14 50 that have occurred since 1981. And it also includes 15 reference to the new regulatory guides.
16 The other sections, 7.2 through 7.9 that focus 17 on systems, have added references to digital systems that 18 take the reviewers back to Section 7.1, because that's the l
l l 19 primary section where all the acceptance criteria are 1
20 detained.
l 21 And Appendix 7-A contains the new BTPs as well 22 as the existing BTPs which have been renumbered. Other 23 than that, the old BTPs have not been changed.
24 The Draft SRP Chapter 7 was issued for public 4
()
p 25 comments back in December of 1996, and we received NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
14 1 primarily two sets oZ comments by the closure date of 2 January 31, 1997. And the two sets of comments were from
(#g) 3 Nuclear Energy Institute and Westinghouse Electric 4 Operations. And these comments have been just positioned i
5 in the revisions to the SRP.
6 We have since then, like last week received 7 some additional comments. These primarily again, I think 1
8 are covered by the changes we have made. We'll be looking 9 at those later, probably in the next revision release, so 10 it will be Chapter 7.
11 MR. QUINN: Matt --
12 MEMBER APOSTOLAKIS Yes, some of the letters I 13 saw here are dated October of '96, from Commonwealth CT I
b 14 Edison?
15 MR. CHIRAMAL: Those are comments to the 16 Regulatory Guide. That will be discussed --
17 MEMBER APOSTOLAKIS Oh, okay.
18 MR. CHIRAMAL. To the SRP Chapter 7 comments, 19 only two sets: one cas from Nuclear Energy Institute, and 20 one from Westinghouse.
21 MR. QUINN: Matt, are you going to go through 22 each of these comments? How is it going to be addressed 23 for concerns that we would want to address for specific 24 comments?
, Yes, we'11 be going through 25 MR. CHIRAMAL:
(
l NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE . N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
l 15 1 each of the comments.
~x 2 MR. QUINN: Okay.
< )
~
3 MR. CHIRAMAL: In fact, that's :he next 4 section: Disposition of Public Comments en the Draft SRP i 5 Chapter 7 Update. l 6 The comments by NEI primarily said -- well, we 7 take a pat on the back for this -- it says Chapter 7 was 8 well organized and clear, and it also says that SRP 9 Chapter 7 appropriately relies on references to standards 10 and do not detail the standards in the guidance itself.
11 And they suggested that SRP Chapter 7 be made 12 publicly available for an extended period of time for 13 trial use and public comment.
,s
( )
14 And this is how we disposed of those comments.
15 We maintained that the SRP will be a living document and 16 additional public comments and revisions of applicable 17 standards, any new standards that come out, and results of 18 new research studies or new studies that we do, will be 19 routinely incorporated into future revisions of the SRP 20 Chapter 7.
21 And we intend to, after the SRP Chapter is 22 finally issued this time, we will keep it on the Net as 23 long as we can.
24 MEMBER SEALE: Let me verify something. These p
( ,) 25 comments were based on a version of the document that
! NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS l
1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433 l
l
l 16 1 included the revised or the added Chapter 7.0?
, 2 MR. CHIRAMAL: Yes.
~
3 MEMBER SEALE: Okay.
l 4 MR. CHIRAMAL: Yes, this was the SRP Chapter 7 5 that you saw back in December -- October / November 6 timeframe.
7 MEMBER APOSTOLAKIS Did you have interactions 8 with NEI during the process of preparing the SRP?
9 MR. CHIRAMAL: No, not really 10 MEMBER APOSTOLAKIS So this is the first time 11 they saw it and they said it's great?
12 MR. CHIRAMAL: Yes. Well, they may have 13 attended some of the ACRS meetings, but other than that, o
I )
\-) 14 no. But we had interacted with them on other issues like 15 the COTS and some of the other issues earlier to that.
16 MR. WERMIEL: George, let's be a little more 17 specific. We did not have any direct interactions with 18 NEI on the development of the SRP update, but NEI clearly 19 knew what was coming down the road because we had 20 discussed with them during the preparation, for example, 21 of Generic Letter 95-02, what we were proposing to do with 22 regard to endorsement of the IEEE standards, with regard 23 to incorporation of reviewer guidance on review of digital 24 systems, this kind of thing.
(j 25 Most of that discussion was high-level and it NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433
17 1 was very general; it wasn't anything specific. The first
,s 2 time they saw the specific update, other than anything I' ) 3 that they might have accessed publicly, was when it went 4 out for public comment in December.
5 MR. QUINN: And Alex Marion attended, I think, 1
6 the November meeting with us --
7 MR. WERMIEL: Yes, I remember him there.
1 8 That's a good point.
l 9 MR. CHIRAMAL: The next set of comments were 10 received from Westinghouse and most of the comments from 11 Westinghouse really focused on two BTPs: BTP on setpoint 12 methodology and the BTP on RTD bypass manifold ,
?
13 calibration.
l
( i
~
k_ / 14 But they did provide some comments on the l
15 digital sections of the SRP, and the first one says that 1
16 there was a, in a sense, a contradiction in the definition l l
17 of deterministic as the way we had written up. And we 18 agreed with Westinghouse and we deleted the section that 19 contradicted itself in the definition of deterministic. I 20 So if you see the new revision we took out the 1
21 last sentence of that which was a cautionary statement to 22 the reviewers stating that although the design may be j
23 deterministic, there could be failures that could prevent 24 determinisms in the timings and the responses to the ym 25 input, (v)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433
18 1 Then the second comment says, "A sentence in w 2 Appendix 7.0-A, Section C.1, seems to indicate that the ;
I \
3 staff is willing to relax the acceptance criteria for 1
4 safety systems of lesser significance". l 5 That statement was really a guidance to the 6 reviewer, but it could have been interpreted as something j i
7 that the designer could use. l l
8 So we clarified the sentence to state that the 9 review guidance or the graded approach or the graded 10 review depth or scope of the review, is based on the ,
i 11 safety significance, but the acceptance criteria is not l
relaxing that by that sentence. l 12 13 And we also added a phrase and a footnote to I. Di the section 7.1 to clarify that.
\/ 14 15 MR. QUINN: I'd like to go over that footnote.
16 It's not clear to me how that helps us, and I think in the 17 comment response to one of the commentors to the Reg.
18 Guides it said in response, a new footnote helps clear it 19 up.
20 However, it is still a significant point of
! 21 confusion to me, as to what specific level of guidance is 22 being provided, other than 603 is here and it hasn't been 23 updated yet.
24 MEMBER APOSTOLAKIS: Can you read it, please?
I
/~N
( ) 25 How long is the footnote?
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 f
19 1 MR. QUINN: It's not a long --
2 MR. CHIRAMAL: Short - a couple of sentences. l
,y
- 1
'n_J 3 I can read it.
4 MR. QUINN: What page are you on?
5 MR. CHIRAMAL: The footnote says, "The staff 6 discussed the issues of classifications and requirements (
7 grading in SECY-91-292, digital computer systems for a 8 lightwater reactors and noted that" -- l l
MR. QUINN: What page is it on? j 9
10 MR. CHIRAMAL: Page 7.0-A-5. Got it?
11 MR. QUINN: Yes.
12 MR. CHIRAMAL: "-- and noted that a graded set 13 of requirements based on important safety of the functions
,r~g 4
i/ / 14 be performed with respect to reduction in the potential 15 for radiation exposure could be adopted.
16 "IEEE Standard 603 and IEEE Standard 7-4.3.2, 17 IEEE standards for digital computers and safety systems of 18 nuclear power generating stations endorsed by Reg. Guide 19 1.153 and 1.152 do not provide for declassification, 20 although the forward of IEEE Standard 7.4.3.2 recommends 21 that the addition at grading to future versions of IEEE 22 603.
23 "And the applicant or licensee may incorporate 24 grading based on some suitable classification scheme
( ) 25 provided that the announced regulations are met. However, NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
20 1 such approaches could not currently be supported by
,es s 2 consensus reflected in the key nuclear standard described
() 3 above".
4 Now, we have been told to delete the last 5 sentence and leave the footnote as waiting for IEEE 603 to 6 come up the graded approach.
1 7 MR. QUINN: To take out the last sentence?
8 MR. CHIRAMAL: Yes.
I l
9 MR. WERMIEL: Yes. The entire subject of the 10 graded approach to quality is under staff consideration i 11 now. What we are saying in our guidance, Ted, is the l 12 reviewer can make a judgment in accordance with Appendix B 13 right now, based on the words in there which talk about 14 the importance of the system -- or the systems safety 15 significance, I believe, is the term that's used in 16 Appendix B -- as to what level of documentation or 17 demonstration is needed to satisfy the qualification for 18 that particular system.
19 However, whatever is concluded, if the system 20 is to be safety-related, it still is a 1E system and still 21 meets Appendix B. There is no declacsification of a system 22 based on safety significance yet. That's something the 23 staff is considering now, in a larger sense.
24 MR. CHIRAMAL: And I believe that's what the
,7 (3,) 25 industry is considering at this time.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 2344433
21 l
1 MR. WERMIEL: Right. It's being worked as a
- 2 general subject, not just for I&C systems, q ,,
3 MR. QUINN: Right. The industry may be 4 considering that, but what we're looking at in the larger l 5 framework here, what we've built a structure here of, and 1 6 it's been commented a number of times that this is a much 7 more explicit way of doing business for the most 8 significant safety systems.
9 And unless the graded approach criteria is 10 explicit enough, then the people who are doing less 11 significant systems feel they're getting ratcheted, and if 12 we look at Dr. Miller, at an end user in this product, I 13 see this as not providing sufficient enough guidance to
,e w
! )
'm> 14 the end user --
15 MR. WERMIEL: This isn't the only place where 16 we discuss this. There's another section in here, Ted, I 17 think that addresses or provides, a better guidance to the 18 reviewer. Isn't there, Matt? I forget where it is.
19 MR. CHIRAMAL: When Jim Stewart discusses the 20 COTS document tomorrow.
21 MR. QUINN: In page 11 of your response to the 22 comments on the Reg. Guides -- and I know you're going to 23 cover this later --
24 MR. WERMIEL: Yes.
25 MR. QUINN: -- there's a very, very, long x-NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
22 1 technical response from the staff that notes, with great 2 detail, what the position is, but I feel fundamentally 73
( )
3 that we're not going far enough to provide sufficient 4 guidance right now.
5 We should be given better guidance. You've j l
6 got a Branch Technical Position 12 on setpoints that ]
7 provides, what I believe to be sufficient level of 8 guidance. That's not in here for digital system -- for -- 1
\
9 MR. CHIRAMAL: Well, there again, we --
10 MR. WERMIEL: I don't want to get out ahead of 11 what the staff is doing on this topic in our SRP chapter.
12 We don't have a position yet that I'm aware of as an i
13 Agency, on how we're going to treat this grading. It's j l
[~'N '
\_) 14 something that is still under consideration and I know 15 it's been of interest to the ACRS, and I know you've 16 talked about it --
17 MEMBER APOSTOLAKIS Are you referring to the 18 risk-informed guide?
19 MR. WERMIEL: Yes, exactly. I know the staff 20 is coming back to the committee on that, sometime in the l 21 fairly near future, I believe.
l l 22 MEMBER APOSTOLAKIS So you will be consistent 23 with that Guide?
24 MR. WERMIEL: Exactly, Whatever comes out of
<x
( ) 25 that, we intend to make sure that the I&C systems are NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
WASHINGTON, D.C. 20005-3701 (202) 234-4433 (202) 234-4433
23 1 treated exactly the same as any other system is in the
,- 2 plant with respect to --
\' '/
~
3 MEMBER APOSTOLAKIS So then after that you 4 will be able to call your Guides here, risk-informed?
5 MR. WERMIEL: If that's the way we go, yes. I 6 would say yes, absolutely. I think we've already done 7 that in a sense because -- particularly in the COTS area 8 as Matt mentioned -- we allow the reviewer some latitude 9 as to the level of demonstration that's needed for a so- i 10 called, less safety-significant class 1E system. That's 11 pretty clearly spelled out, I think.
12 MR. CHIRAMAL: Yes, there is -- I think Jim 13 will talk about --
t'D <
\
U/ 14 MR. WERMIEL: I know Jim's going to talk about 15 it.
16 MR. CHIrtAMAL: -- the examples, exactly how 17 the graded approach is used in that COTS doc. Tomorrow, 18 tomorrow morning I think.
19 MR. WERMIEL: Yes, that's tomorrow.
20 CHAIRMAN MILLER: So at this point in time the 21 amount of guidance on grading is pretty much captured in 22 this footnote?
23 MR. CHIRAMAL: Well, again --
24 CHAIRMAN MILLER: And some more detail, later?
O There is some more detail in i i 25 MR. WERMIEL:
td
< NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-4433
24 1 other places, Dr. Miller.
2 MR. CHIRAMAL: The grading here is basically 73 i.
'~'
}
3 the amount of the scope of review of the reviewer --
4 MR. WERMIEL: Right.
5 MR. CHIRAMAL: -- and not the designer.
6 CHAIRMAN MILLER: So it gives very little --
7 in a sense, it gives very little guidar.cc to the designer?
8 MR. CHIRAMAL: That is correct --
9 MR. WERMIEL: Exactly. His document --
10 CHAIRMAN MILLER: Here can kind of guess, 11 okay, which documents you may be reviewing, which you may 12 not be reviewing.
13 MR. WERMIEL: That's exactly right. It's not x- '
14 intended to do that because the staff position as we 15 understand it currently, is that if the system is to be 16 safety-related, it is to meet Appendix B and it is to be -
17 - if it's an electrical system, it is to meet the 1E 18 guidance -- until the staff decides that there is a scheme 19 that can be incorporated to downgrade certain systems 20 based on a risk-informed evaluation or some other method.
21 Which hasn't yet been established, that I'm aware of.
22 ,
CHAIRMAN MILLER: And once we come to 23 agreement on the graded quality assurance on the risk-24 informed GQA -- which as you well know, the ACRS has p
Q 25 serious concerns about --
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISt.AND AVE , N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
25 1 MR. WERMIEL: I know th&c.
- 2 CHAIRMAN MILLER: Then that will be part of
~
3 this living document and will be incorporated here.
4 MR. WERMIEL: Absolutely. We would propose 5 then to make a change to this document to be consistent 6 with whatever overall methodology the staff comes up with 7 in this area.
8 MR. QUINN: What is the format of the position 9 on grading that will come out, as part of risk-informed --
10 is it a Reg. Guide or is it a NUREG, or what is it?
11 MR. WERMIEL: The intent is to develop a Reg.
l 12 Guide, is my understanding. Eventually.
13 CHAIRMAN MILLER: There's a Reg. Guide -- it 1
,S x- 14 already is out for almost --
l 15 MEMBER APOSTOLAKIS: Have those Guides been I i f 16 released?
It's close to being out for !
17 CHAIRMAN MILLER:
i 18 public comment, right.
l 19 MEMBER APOSTOLAKIS: Oh, that was a month ago, 20 too.
f 21 MR. WERMIEL: Keep in mind -- it's interesting
! 22 in that, in a sense the review that we do is based on 23 somebody else's determination of what the classification 24 needs to be. In other words, the systems people, the
( ,)
25 systems branches, decide, based on a PRA or some other NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1r3 RHODE ISMND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
i 26 I
1 qualitative approach to safety significance, what the '
, -.y 2 contribution to risk or the contribution to safety of the i
3 system is, and then once they do that it's up to us to see 4 to it that the system meets that.
]
5 MEMBER APOSTOLAK1S: But the Guide though, 6 will relax the acceptance criteria for the low safety-7 significant category?
8 MR. WERMIEL: That's my understanding of what 9 the intent is, yes. l l
I 10 MEMBER APOSTOLAKIS: So now, I don't l l
11 understand this sentence, the penultimate sentence. It is 12 meant to provide guidance to the staff reviewer for level 13 of review effort, and not an indication of relaxation of
,y
(_-) 14 acceptance criteria. If you have a set of acceptance l
15 criteria, don't you always have to do what is appropriate 16 to decide whether they're met or not? I mean, I don't 17 understand how in one case you will do less with the same 18 set of criteria.
19 MR. CHIRAMAL: It's again, the review of the 20 documentation that will be provided by the licensee or the 21 applicant. And if it's a simple change, we'll say for 22 example, look at the test reports alone and not look at 23 the QA documentation perhaps. If it's a simple change.
24 MEMBER APOSTOLAKIS: But the licensee --
U) 25 MR. CHIRAMAL: But the licensee is expected --
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
i 27 1 Mi.MBER APOSTOLAKIS- -- will have to do l l
,- 2 everything? I
~
3 MR. CHIRAMAL: Ves. He had to meet the i
4 regulations. !
5 MR. WERMIEL: Yes. Until the system is say, 6 declassified, the licensee would still have to ensure that 7 they have the demonstration for a'1E system.
1 8 MEMBER APOSTOLAKIS: But -- well, I guess that i
9 comes to the other Regulatory Guide, but I mean if you 10 feel that you can relax the level of review effort in some I 11 cases, why don't you give some relief to the licensee, 1
12 too? i 13 MR. WERMIEL: I think we will, eventually.
(
kl m 14 It's just a matter of working that out. j 15 CHAIRMAN MILLER: As you well know, George, in 16 the Reg. Guide on GQA, we didn't see a whole lot of 17 relaxation potential there.
18 MEMBER APOSTOLAKIS: Yes.
19 MR. WERMIEL: You didn't?
20 MEMBER APOSTOLAKIS: No.
21 CHAIRMAN MILLER: Basically part of our 22 concern.
23 MR. WERMIEL: Oh, I thought that was the whole 24 idea, was to --
,/~5 25 MEMBER APOSTOLAKIS: That's the idea.
(v) i NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WA3HINGTON. D C. 20005-3701 (202) 234-4433
28 i
1 CHAIRMAN MILLER: That's the idea.
,_ .s 2 MR. WERMIEL: -- grade it down using a risk-l \
\ /
' ~ ' I 3 informed approach, I thought. ,
l 4 CHAIRMAN MILLER: I don't want to spend time 5 on risk-informed -- i 6 MR. WERMIEL: It's not really my area. It's 7 not our area, really.
l 8 CHAIRMAN MILLER: I think several members, j 9 maybe the entire committee, felt there was a -- all 10 categories, that it is a slippery slide downhill, as more l 11 and more Appendix B and not any -- very little 12 relaxations. So that's kind of our feeling, but I don't 13 want to get into that issue because we have to come to
/'"T
(_-) 14 grips on that with the risk-informed regulations.
15 MR. WERMIEL: It's interesting that you say 16 that, because Appendix B I think, says something to the l
l 17 effect that the classification of the system should be 18 commensurate with its safety significance, or something 19 like that.
20 CHAIRMAN MILLER: Well, I agree, but the GPA -
1 21 -
22 MR. WERMIEL: So it strikes me that Appendix B 23 already has that in it.
24 CHAIRMAN MILLER: True, but I didn't think the p
() 25 GQA really gave that kind of guidance. But that's another NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
29 1 issue.
,y 2 MEMBER APOSTOLAKIS: The question is, how you
('# )
3 do it? l 1
4 CHAIRMAN MILLER: That's another issue, right. !
5 Okay, let's move ahead. We want to keep this in mind, l l
6 though. !
l 7 MR. CHIRAMAL: The next comment from l i
8 Westinghouse was on the d4 /erse actuation systems. And 1 9 this was an error on our part. When we first titled the j 10 Section 7.9, we had it as " Diverse Actuation Systems" as a i
11 generic title. However, there is -- in AP600 design there 12 is a system called Diverse Actuation Systems, and so the 13 two got mixed up.
v) 14 So what we did was, we changed the title of
~., i 15 the Section 7.9 and all references to that section as l 16 Diverse Instrumentation Control Systems, which includes i
17 both the ATWS mitigation systems, the Diverse Actuation l l
18 System as the Westinghouse AP600 design calls for, and any l 19 other diverse systems like the manual systems and things 20 like that.
21 So we retitled the Section 7.9 to read as 22 Diverse Instrumentation Control Systems, and that should j 23 take care of the comment.
24 The next comment was focused on Appendix 7.1-O.,
u,. -
) 25 B, which is the Guidance to Review for Conformance to IEEE l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-4433
30 1 279. And there is a statement there which says that, "The i
l zs 2 criteria for IEEE 279 are applicable to any
/ \
v 3 instrumentation and control system and that the reviewer 4 may use the concept of the standard in the review of I&C !
1 5 systems that are not part of the protection systems". l 1
6 And Westinghouse suggested that examples and .I l
7 clarification be included in Appendix 7.1-B. And we did 1 8 that in the latest revision to the SRP -- I mean, to
)
9 Section 7.1-B -- Appendix 7.1-B. We suggested always put l
10 in a statement which says that I&C systems, other than 11 protection systems which are protection systems by i 1
1 12 definitions are in Section 7.2 and 7.3, and the guidance i l
13 of IEEE 279 as applicable to Section 7.2 through 7.9 is 5
%> 14 detailed in 7.3 through 7.9.
1 15 Primarily, the requirement of isolation i
16 between safety and non-safety is the one that's picked up 17 in the non-safety system sections of 7.2 to 7.9.
18 MEMBER APOSTOLAKIS: So Matt, I notice that 19 the reviewers refer to all these standards, matter-of-20 factly. That they do accept your approach of endorsing 21 these standards, right? Nobody questioned that?
22 MR. CHIRAMAL: That's correct. No.
23 CHAIRMAN MILLER: Now these are -- which 24 standards are you talking about?
()
/~s 25 MEMBER APOSTOLAKIS: Well, all these, IEEE, NEAL R. GROSS COUR7 REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234 4433 l
l 31 1 ANSI --
,- 2 CHAIRMAN MILLER: Yes, that's -- yes, that's l
3 true.
l 4 MR. CHIRAMAL: The next comment from '
5 Westinghouse was really a comment into the future, which 6 says that when we revise the Code of Federal Regulation 10 7 CFR 50.55a(h), which references IEEE 279, and when we go 8 with the proposed new rule to change that to IEEE 603, 9 Westinghouse suggests that we eliminate Appendix 7.1-B and 10 only use Appendix 7.1-C in the SRP Chapter 7.
11 But since Chapter 7 is planned to be used for 12 the review of future planned application as well as 13 license amendment applications, we intend to retain both
,a i 1
'N_/ 14 Appendix 7.1-B and 7.1-C.
15 CHAIRMAN MILLER: Even once we, in a sense, 16 make 279 kind of history, we're going to still keep --
17 MR. CHIRAMAL: Right, because the existing 18 design basis for the operating plans, all of them, are 19 279.
20 CHAIRMAN MILLER: I see, okay. Yes.
21 MEMBER SEALE: Yes, but it certainly should be 22 clear that it is an "or" rather than "both" requirement.
23 MR. CHIRAMAL: That is correct. And it is.
24 MEMBER SEALE: Yes, l
f~b
() 25 MR. CHIRAMAL: The next comment by l
~. 1 NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 J
32 1 Westinghouse was, there was a description of equipment I
f s.
2 diversity that wr.c in Section 7.8 that was not very clear, i' ),
i 1
3 and we got similar comments from the National Academy of l 4 Sciences, too. So we combined the disposition of both the 5 comments together, and added some clarification to that l
G statement in the Section 7.8 on diversity. )
1 7 CHAIRMAN MILLER: Could you point out where 8 that was made?
l 9 MR. CHIRAMAL: I'm sorry, the change we made I 10 was in HICB BTP-19.
11 MR. WERMIEL: BTP-19.
12 CHAIRMAN MILLER: Okay. Let's see where that 13 was made, then.
l
.r m
\.s'4 14 MR. CHIRAMAL: And it's on page 19-5. BTP 1
I 15 HICB 19-C.
16 MS. MITCHELL: I beg your pardon? What's the ,
l 17 letters?
l 18 MR. CHIRAMAL: The page number -- it's a BTP l i
19 HICB 19-5. l l
20 CHAIRMAN MILLER: Let me get there, first.
1 21 MR. CHIRAMAL: The BTPs are as part of the
)
22 Appendix, at the tail-end of the SRP.
23 CHAIRMAN MILLER: And what page did you say 24 that was on? Page 5?
Cx l (v ) 25 MEMBER SEALE: No, 19-5.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
33 i
1 MR. WERMIEL: Page BTP HICB-19-5.
,s 2 CHAIRMAN MILLER: Okay.
I \
3 MR. QUINN: What was changed?
4 MR. WERMIEL: Go ahead, Matt.
5 CHAIRMAN MILLER: I'm on 19-5 now.
6 MR. CHIRAMAL: Okay, 19-5, after position 4, 7 the next three paragraphs are new. Starting out with 8 saying, "The adequacy of diversity provided with respect 9 to the above criteria must be justified". And then it 10 goes on to say, "NUREG/CR-6303 Section 3.2 describe six 11 types of diversity". Do you see it?
12 CHAIRMAN MILLER: I see where you are.
13 MR. CHIRAMAL: And the two bullets following
,m
(/ _ 14 that are also new. Now, the reason you don't see a bar on 3c the side here is because the bars are based on the changes 16 made between the old SRP and the new SRP. And everything 17 here is new so we have all the BTPs entitled "new".
18 MR. QUINN: When you arrived at this comment, 19 attached itself to BTP-19, do you have a list of cross 20 reference of how you tie what comment went with what 21 correction? How did you do that?
22 MR. CHIRAMAL: Yes, we have that.
23 MR. QUINN: I don't think we do.
24 MR. CHIRAMAL: No, I didn't provide it this (3
i%_,,) 25 time because we just bring it together.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISt.AND AVE., N W.
(202) 234 4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
34 j 1 MR. QUINN: Do we get a copy of this?
l gy 2 MR. CHIRAMAL: Sure.
( ) i x' l 3 MR. QUINN: Okay. l 4 MR. WERMIEL: If you want it.
5 CHAIRMAN MILLER: So I may ask we revisit BTP- )
6 19 sometime before this subcommittee meeting's over.
7 MR. CHIRAMAL: Sure.
8 CHAIRMAN MILLER: Now I can understand what 9 you've done. Also, I have another comment, informal 10 albeit, but I want to go back and look at the two 11 together.
12 MR. CHIRAMAL: Okay.
13 MR. WERMIEL: Matt, you're going to touch on
, . ~
D' 14 this a little bit in your discussion of the --
15 MR CHIRAMAL: The National Academy of Science 16 Study --
17 MR. WERMIEL: Right. And also we are going to 18 talk briefly, again, about our diversity position. That 19 was one of the specific items that you asked that we talk 20 about.
21 CHAIRMAN MILLER: So in the context of that 22 overall discussion, we should get in a little more depth 23 here.
24 MR. WERMIEL: Yes.
! ) 25 MR. CHIRAMAL: Yes.
x_. -
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 <1HODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
35 1 MR. WERMIEL: I think it's best drawn out in 2 the disposition of the recommendation to the National i
LJ 3 Academy of Sciences. It's almost exactly the same 4 comment, and it was a valid comment.
5 CHAIRMAN MILLER: Okay.
6 MEMBER APOSTOLAKIS: By the way, in official 7 documents you should really refer to it as the National 8 Research Council.
9 MR. WERMIEL: Yes, that's true.
10 MR. CHIRAMAL: Yes.
11 MEMBER APOSTOLAKIS: It's not the Academy.
12 MR. WERMIEL: We started to use an acronym 13 once, NRC, and people didn't realize we were talking about
,m 1
\ )
U 14 another NRC.
15 MEMBER APOSTOLAKIS: Yes, so you become the 16 USNRC.
17 MR. WERMIEL: Right.
18 MEMBER APOSTOLAKIS: Obviously, they should 19 change their name, right?
20 MR. WERMIEL: I don't know which came first.
21 MR. CHIRAMAL: As I said, majority of the 22 comments we received from Westinghouse were focused on the 23 last bullet there which was on setpoint methodology and 24 cross-calibration of RTDs. And in setpoint methodology
/";
(,) 25 they were primarily pointing out to us that there was some NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
36 i
1 discrepancies between the BTP and the Reg. Guide on 1.108, 1
,_ 2 MR. QUINN: Five -- 1.105.
('-) 3 MR. CHIRAMAL. Sorry, 1.105. And what we have 1
1 4 done is, we have made both consistent. So the changes you 5 see to the HICB-12 will be based on how much less than the l 6 changes we're making to the Reg. Guide.
7 MR. QUINN: Did you already review the revised i I
8 Reg. Guide? l 9 MR. MARKLEY: The status right now is the --
10 it went out for public comment and so forth, and they have l
11 a proposed final, but it's been put on hold pending 12 resolution of some internal, different professional views.
13 So we're not expecting to see it again before later in the o b i
(_/ 14 year. Maybe September-ish or so.
15 MR. CHIRAMAL: Well, we tried to make them 16 both consistent.
17 MR. QUINN: Great idea. Wonderful. The first 18 one of which on allowable values is, I have a differing 19 professional opinion with the position of Westinghouse. I 20 have a --
21 MR. WERMIEL: So do we.
22 MR. QUINN: And I didn't know that, because I l l
l 23 haven't read your revised Reg. Guide. I'd like at some 24 point, Dr. Miller, to have -- there are seven points here.
n t
(J
~.
I 25 A couple of them are much more important than others.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
37 1 MR. WERMIEL: You'll see it eventually. The
- . committee is going to see the update to Reg. Guide 1.105
( ~' )
3 eventually, but Mike is correct. There is currently 4 ongoing an internal discussion based on a different 5 professional view, which is holding it up.
6 MR. QUINN: The committee may do that, but I 7 don't know that the subcommittee will necessarily see 8 this.
9 MR. WERMIEL: Oh. i 10 CHAIRMAN MILLER: Yes, well definitely the l 11 subcommittee is going to see Reg. Guide 105 -- sooner or l I
12 later.
13 MR. MARKLEY: For individual Reg Guides we !
/N ,
s 14 don't always have subcommittee meetings.
15 MR. QUINN: That'c the question. I'm asking 16 for your opinion, Dr. Miller. How would you like to 17 address this from technical viewpoint? I have comments on 18 these seven points. Would you like to do it now or defer 19 it to a later time?
20 CHAIRMAN MILLER: I guess we should look at 21 them; see how they resolved -- I didn't look in detail how 22 they resolved their seven points, so maybe we --
23 MR. QUINN: We don't have any --
24 MR. WERMIEL: Does -- does -- you know, Ted, I
(--
( ,) 25 believe, Ted, you are allowed I think, to provide us your NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
38 1 thoughts on the Reg. Guide at this point, and we can
-7s 2 consider them in the process of updating it, Ted. ;
1 ,
(
~'
) 1 3 MR. QUINN: Okay.
4 MR. WERMIEL: I don't see anything wrong with 5 that -- at least, not that I'm aware of. Why don't you 6 give us what you've got? !
7 MR. QUINN: Okay. I'll provide a set of 8 comments to you if that's okay?
9 MR. WERMIEL: I think that's okay. I don't 10 know. Is it not okay, John?
11 DR. LARKINS: I think it ought to go through 12 the committee first --
13 MR. WERMIEL: Okay. I e ~s '
i \
\I - 14 DR. LARKINS: -- the committee ought to look 15 at it, and then be transmitted to the staff.
16 MR. WERMIEL: Okay.
17 MR. MARKLEY: And I think we're treading on 18 some dangerous ground here, too, because if I'm not 19 mistaken Ted, weren't you in the ISA Standards Committee 20 for setpoints?
21 MR. QUINN: Yes.
22 MR. MARKLEY: Okay. So you can provide 23 factual information but opinions are kind of restricted.
24 MR. WERMIEL: Yes. Setpoint methodology has
(-
( ,) 25 been an ongoing topic of considerable debate between the NEAL R. GROSS COURT REPORTERS AND TRANSCR!BERS 1323 RHODE ISLAND AVE., N W (202) 2344433 WASHINGTON, D C. 20005 0701 (202) 234-4433
39 I
1 staff, some of our licensees, some of the owner's groups, p- 2 and some of the vendors, and individuals within the staff.
(j'~
3 You know, it's got some controversy involved. So we j 4 welcome and we would like to see anybody's thoughts or 5 comments on it. It has been somewhat controversial. l l
6 MR. QUINN: And I'm completely aware of the 7 docketed positions that have occurred, especially in the 1
8 past 12 months. The issue of the new Rev. 3 to the Reg.
9 Guide is very critical. There's an awful lot of good 10 things that I saw in Rev. 3.
11 MR. WERMIEL: We think so.
1 12 MR. QUINN: And I'm concerned about these l 13 comments, because I see a detraction from what I would ;
r~w\ 1 i
(' 14 consider more explicit guidance, better definition, that I l 15 would like to see stay.
16 MR. WERMIEL: And I can tell you we agree with 17 you, as a staff, at this point.
18 DR. LARKINS: As a matter of process, I think 19 it should come through the committee or subcommittee 20 chairman and he can review it, then the committee can 21 decide how they want to use the comments.
22 MR. WERMIEL: Okay.
23 MR. QUINN: The one comment from Westinghouse 24 that I did agree with that I thought were important, is
,-)
25 this EMI/RFI consideration, and the methodology needs --
(J NEAL R. GROSS i
, COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
40 1 you know, I don't think belongs there.
7~ 2 MR. WERMIEL: We agree with that --
%.)
3 MR. CHIRAMAL: And I think we took that out of 4 the --
5 MR. WERMIEL: We took that out.
6 MR. CHIRAMAL: We took it out of the DTP.
7 MR. QUINN: Okay.
8 MR. CHIRAMAL: The last set of comments from 9 Westinghouse was on the RTD -- cross-calibrations of RTDs 10 and the thrust they made of their comments, we may need to 11 eliminate the requirement to calibrate RTDs every 12 refueling outage. But we don't see a reason as to -- they 13 couldn't give us a technical rationale behind it, so we U 14 retained the existing BTPs as is.
15 We made some modification to provide for 16 alternate methods of cross-calibration, an alternate 17 method of calibration of the RTD in refueling outages.
18 CHAIRMAN MILLER: But you still require an 19 installed reference sensor?
20 MR. CHIRAMAL: Yes.
21 CHAIRMAN MILLER: What's the rationale for 22 that?
23 MR. CHIRAMAL: Because the -- Cliff Doutt of 24 the staff will give you a comment on that.
(y
/-
25 MR. DOUTT: This is Cliff Doutt with the
%)'
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
1 1
41 l
1 staff. On that BTP we kept the reference, and that's the I l
2 preferred method, but there is an option now if you should 7-~
1
.j t 3 come up with a, you know, whatever methodology you --
1 4 there's an option.
5 We had some comments, numerous directions 6 anyway, that an option should be provided, so that's what 7 we did. So there's our -- I'm not sure exactly when the 8 document is, but we did change it.
9 MR. QUINN: Is the option that you don't need 10 to replace it? You can do a surveillance -- just prior to 11 start-up that you can cross-channel calibrate --
12 MR. DOUTT: No, we left it open based on 13 licensee justification. You know, if you have an
[, ')
\/ 14 alternative, whatever that may be, we provide the option 15 and we would review that. If you would do what we've, 16 simple review, if you'd do something alternative, you 17 know, that's certainly a possibility. And we recognize 18 there are other options. l l
19 MR. CHIRAMAL- But the intent is to have a 20 reference RTD in place every refueling outage.
21 CHAIRMAN MILLER: Well, wait a minute. I'm l 22 now -- you say the intent is.
23 MR. CHIRAMAL: Well, I think some of the 24 proposals coming through are - I think the ASME is coming
() 25 up with a new standard which talks about using reactor NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433 w
1 l
42 '
1 steam there to pressurize the means of calibrating RTDs.
l
~~s 2 Or some other indirect means.
!('~')
3 CHAIRMAN MILLER: I was curious why reference 4 wasn't made to an EPRI report which was published in '94.
5 You referenced the one in '96, really which didn't have 6 as much specific reference to this issue as the one in
~
7 '94. I can't give you the one in '94 document number, but 8 there was one published in '94 which addressed this whole 9 issue in fairly depth.
10 MR. CHIRAMAL: Yes, we looked at two 11 documents: one is NUREG/CR-5560, and the EPRI Report TR-12 106453-3925. And they both contradict each other, so 13 there was no consensus in the industry as to whether you p\
/ '4
'N_) 14 have drifts that are primarily random or whether they 15 drift in one direction or not.
16 CHAIRMAN MILLER: But the EPRI report which
' 17 you don't reference, I believe concluded the drifts are j 18 random.
19 MR. CHIRAMAL: Right. l 20 CHAIRMAN MILLER: And aren't biased. That's i
21 the one you didn't refer to. l 22 MR. QUINN: I will concur, and that was input 23 to you on ISA Standard 6706, which now defines it as not a 24 drift value, but that is still a draft revision to the (7R.;) 25 standard.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
43 1 MR. CHIRAMAL: See the -- if there is random 2 drift then we do need to reference RTD.
( )
3 CHAIRMAN MIILER: Why? If there's random 4 drift --
5 MR. DOUTT: Again, you don't know whether that 6 drift actually --
7 MR. CHIRAMAL: Because we don't know, what is 8 the actual --
9 MR. DOUTT: -- dispersion --
10 MR. CHIRAMAL: -- what we're using the RTD is 11 to make an average value and check each RTD against the 12 calibrated RTD. So if they are drifting, including the 13 reference RTD, we don't know what the drift is unless you i i V 14 have a --
15 CHAIRMAN MILLER: With a random. If you're 16 calibrating --
17 MR. CHIRA!4AL : -- every once and awhile you 18 recalibrated -
19 CHAIRMAN MILLER: -- a random with a random.
20 But I guess I'm still curious why there wasn't at least 21 acknowledgement of the EPRI report of '94.
22 MR. WERMIEL: I think we looked at that.
23 MR. DOUTT: I think there's some - this is 24 Cliff -- there's some confusion here. Understand with
( ! 25 6706 being in draft form and there's some current debate
\s' NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON. D.C. 20005-3701 (202) 2344433 l i
l l
44 l
1 in that area. The second thing is, is there was a couple 1
l
,,_. 2 of our NUREGs, and we also looked at an EPRI document.
('~' ) I 3 That EPRI document that we have concerning
)
4 fossil and industrial, did not conclude that the drift was I 5 in fact, random. They in fact, identified systematic 6 drifts. The CR report that we have in general, indicates 7 that it's random; they found no indication that there was 1
l 8 a systematic bias.
1 9 CHAIRMAN MILLER: That's right. l l
10 MR. DOUTT: Based on that, I'd say that we're 11 even up. We need to come up with an option. In general, 12 we feel that there is advantages and disadvantages to 13 having a reference. Obviously, a reference involves
,r~]
\_) 14 exposure and the installation in an RTD disposition. It 15 also -- it has another disadvantage is that that reference 16 should be damaged or whatever, it could lead you.
17 On the other hand -- and that's where some of 18 the debate would be as to how many references or what 19 reference. Now, there's also some, you know, 20 considerations in our cross-cal -- and I hate to say 21 calibration of that -- that's a correlation method. And 22 consider Tave and its imports and flow and whatever, to 23 know that that's random and systematic, and that that 24 random and systematic dispersion doesn't increase with
(.
( j 25 time, whatever -- not just that it's random -- to me is NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 2344433
45 1 somewhat important.
2 So the BTP took a position that if you have an 7~ l
\'~'] 3 option, you know, we certainly can consider it. Preferred l
4 method right now, based on what we know, would be a i 5 reference.
6 CHAIRMAN MILLER: But again, I'm still coming l l
l
'7 back to, what happened to the report -- and I l 8 unfortunately can't give you the document number. The 9 report was published by EPRI in '94, and specifically I
10 addressed the issue of cross-calibration of RTDs. It l l
11 wasn't the fossil report which only obliquely addressed l
12 the problem. And that report was transmitted, I believe, i 13 to the staff, and we -- l
- l l
') l x/ 14 MR. CHIRAMAL. Yes, we referenced the '96 l l
15 report.
I 16 CHAIRMAN MILLER: But I'm saying, the report 17 in ' 94, which --
18 MR. DOUTT: Was that a draft in '94 or was 19 that the issue date?
20 CHAIRMAN MILLER: As far as I know it was '94.
21 I'm going to get a copy of it by tomorrow. I have it 22 being FedEx'd to me as we speak.
23 MR. WERMIEL: We'll take a look at it. If we ,
24 were aware of it. I don't even know if we were even aware (q) 25 of it.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 2344433
46 1 CHAIRMAN MILLER: Well, according to EPRI a g-\ 2 copy was transmitted to you.
i s V
3 MR. DOUTT: We requested a copy of an EPRI 4 report but its issue date final was '96.
5 MR. CHIRAMAL: Yes, '96.
6 CHAIRMAN MILLER: No, the '96 one came out of 7 the group, the generation group in EPRI. The '94 one came 8 out of the new --
l 9 MR. CHIRAMAL: The '96 -- l l
10 CHAIRMAN MILLER: -- group at EPRI. It l 11 specifically addressed the issues raised in cross- l l
12 calibration, and specifically analyzed the AMS report 13 which is 5560. It analyzed the data in that report.
- )
'd 14 MR. CHIRAMAL: And I think we're talking about l l
15 the same report, because the title of this report is, l 16 " Temperature Sensitive Evaluation".
17 MR. WERMIEL: We'll look at it --
18 MR. CHIRAMAL: We'll look at it --
19 CHAIRMAN MILLER: I'11 bring this back once I 20 get the report in my hand, because unfortunately I didn't 21 get this soon enough to figure out if we have two 3
22 different reports here.
23 MR .' QUINN: If we can ask maybe one more 24 question. Maybe Cliff, you can help us again. This is
,m, i \
() 25 part of a larger issue of online monitoring, and there's NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
47 1 guidance coming I believe, with regard to online f
,- 2 monitoring. So the definition of calibration is being 3 looked at. Where are we on that?
4 MR. WERMIEL: EPRI owes us some information.
5 They haven't been pursuing this, as far as we know, with 6 any great effort at this point. Have they, Cliff?
7 MR. DOUTT: They have our questions and now 8 we're expecting revision to their document.
9 MR. WERMIEL: Right. j 10 MR. DOUTT: And that is part of the issue as 11 to how to define calibration, that's correct.
4 l
12 CHAIRMAN MILLER: So the plan is to, on the i 13 online calibration, to eventually maybe get it as an SER
- f N/ 14 then?
1 15 MR. WERiiIEL- Exactly. What the intent was, 16 was for them to finalize the EPRI topical report and then l
17 we would prepare an SER on it. But that's been in the '
18 works for, boy, a long time now, hasn't it, Cliff?
19 MR. DOUTT: Yes, they currently were -- we had 20 a draft, we commented on the draft, we have not had an --
21 MR. WERMIEL: They haven't come back to us in 1
l 22 a while.
23 MR. DOUTT: -- official copy issued to us for 24 review yet.
t ) 25 CHAIRMAN MILLER: So the ball is in their v
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W (202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433 i
48 1 court right now?
7_ 2 MR. WERMIEL: It's been in their court for a
( )
x~ ~/
3 while now, Dr. Miller, yes.
4 MR. QUINN: That was because of the quality of 5 the comments. You had such a significant level of -- it 6 was good comments, they need to be resolved, the 7 definitions weren't clear --
8 MR. WERMIEL: Yes.
9 MR. QUINN: -- the guidance to licensees 10 wasn't clear. And needs to be.
11 MR. WERMIEL: I think that was -- one of our 12 key comments was that we didn't think licensees could 13 really take the document and use it as it was presented.
g i i
(_/ 14 CHAIRMAN MILLER: So Ted, your following 6706, 15 that will incorporate these things, too?
16 MR. QUINN: Right. But it's been held up.
17 CHAIRMAN MILLER: Why is it held up?
18 MR. QUINN: Because EPRI's been slow, and it's 19 -- I don't know if it's a funding issue, if it's -- there 20 was a focus from utilities. They looked at these comments 21 and they said, wow, this is a mountain; I don't know if we 22 can climb. It really was a significant level of -- they l 23 really needed to get consensus to a high degree to be able 24 to answer these questions.
(h t, j 25 MR. WERMIEL: Exactly. I'll make a point.
NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N W.
i (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
49 1 You know, the idea was basically, to re-think the entire 73 2 concept of calibration and instrument operability and 3 determination of operability. It's a pretty fundamental 4 change and it really -- based on our comments, it 5 warranted, we thought, a little more thought on their 6 part, before proceeding. And maybe that's what is holding 7 them up; I don't know.
8 MR. DOUTT: There's a second part to this 9 also, Ted, in that there's that topical report that you 10 mentioned. There's also an EPRI topical report simply for 11 calibration, a little extension-type work. We felt that 12 that document was, essentially, a basis for the other one.
13 So there's actually two reviews -- we have two t
k- 14 reviews going on in that subject area. One is to do the 15 first reports and lay the ground rules for an extension, 16 if you will, and then we would review that report on 17 online monitoring, the fundamentals of the first, if you I
18 will.
19 MR. QUINN: Yes. I think you understood the I 20 extension one real well. It was understood very well what 21 was needed in that area. Much less about changing to a 22 different whole mode of operation. There's some I&C 23 equipment out there that now does self-checking and all 24 kinds of things.
7
) 25 They want to change the definition of a NEAL R. GROSS COURT REPORTERS /ND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 2344433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
50 1 calibration, so that it isn't one week, three months, you 73 2 know, rotating cycle; it can be done online, and we need
( I 3 to take advantage of that I&C equipment, but the 4 definitions aren't clear.
5 CHAIRMAN MILLER: Let's go back to the 6 specific issue here. And again, I have never read that ,
)
7 final EPRI report but I do know a part of it. I believe 8 they concluded that the drifts were random, and the mean 1 1
9 of that drift would be less than the criteria required in i
10 a hot leg / cold leg measurement. Less than .3 degrees C, I l l
11 think it is.
12 If that's true, then I can't see the rationale l 13 for a reference detector then. But we have to get that
(~~\
t I N/ 14 report, I guess, 15 MR. WERMIEL: Yes. And I don't know that the 16 industry made any mention of it in the comments on this.
17 Did they, Cliff?
18 CHAIRMAN MILLER: No.
19 MR. WERMIEL: Which kind of surprises me.
20 CHAIRMAN MILLER: It surprised me too.
21 MR. WERMIEL: Surprises me.
22 MEMBER APOSTOLAKIS: What exactly does it mean 23 that the drifts are random?
24 CHAIRMAN MILLER: That means if you take a (o) xs 25 1000 RTD and you measure their drifts, they tend to go a NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.. N W.
(202) 234-4433 WASHINGTON, O C. 20005-3701 (202) 234-4433
51 1 little bit one way and a little bit the other way.
<~x 2 There's --
i
)
%)
3 MEMBER APOSTOLAKIS: But the mean --
4 CHAIRMAN MILLER: The histogram would give you 5 a fairly Gaussian --
6 MEMBER APOSTOLAKIS: So the mean is above 7 zero?
8 CHAIRMAN MILLER: The mean would be -- well, 9 my recollection for -- and maybe Cliff can get me on the 10 details -- for Westinghouse it needs to be .3 degrees C or 11 less. Is that right?
12 MR. WERMIEL: They don't remember.
13 CHAIRMAN MILLER: Anyhow, the mean would be 7
( )
'd 14 less than what's required for an RTD.
15 MEMBER APOSTOLAKIS: But the mean is positive?
16 CHAIRMAN MILLER: Oh, the mean would be -- I'm 17 sorry, I'm sorry. The variance would be less than the --
18 MEMBER APOSTOLAKIS: The mean --
e 19 CHAIRMAN MILLER: The mean would be zero. The 20 average would be zero.
21 MEMBER APOS' ;LAKIS : Zero. As a function of 22 time it's zero?
23 CHAIRMAN MILLER: Drift would be zero. But 24 the variance or the standard deviation would be .3 or
(_) 25 less, which is the requirement at Westinghouse.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISL AND AVE., N W.
l l (202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433 l
52 1 MEMBER APOSTOLAKIS: They did a statistical
, 2 analysis to show that?
\' -~')
3 CHAIRMAN MILLER: Again, until I have the 4 report in hand, I can't verify what the final report said, 5 but that's what I think it said.
6 MEMBER APOSTOLAKIS: And you guys claim that 7 that's not the case?
]
8 MR. CHIRAMAL: Well, we claim we don't have 9 the evidence to prove that.
10 MR. WERMIEL: Yes, we don't have that 11 evidence.
12 CHAIRMAN MILLER: Apparently they don't have i 13 that report.
i I V 14 MR. CHIRAMAL: We are being conservative 15 saying, we need calibration every refueling outage.
16 CHAIRMAN MILLER: There was a fairly l 17 substantial study that began in '91 which concluded, I l
18 thought, in '94, with this report that they apparently i
19 don't have.
20 MEMBER APOSTOLAKIS: Yes, I'd like to see that f
i 21 report myself.
22 CHAIRMAN MILLER: I'11 have it tomorrow.
23 MEMBER APOSTOLAKIS: So the mean is zero? I 24 mean, that's interesting.
~
/N V) 25 CHAIRMAN MILLER: That's the drift.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
53 1 MEMBER APOSTOLAKIS: Yes, it's very
,, 2 interesting, i
) 3 MEMBER SEALE: We're running a little ahead, 4 aren't we?
5 CHAIRMAN MILLER: We are. It's amazing.
6 ME'4BER APOSTOLAKIS : I never understood why 7 the first break has to be at 10:15. Is that part of the 8 regulations? And then we have just 45 minutes after that.
9 DR. LARKINS: That's the average; that's the 10 mean time.
11 MEMBER APOSTOLAKIS: That's the mean time?
12 And there is an EPRI report?
13 CHAIRMAN MILLER: It's been suggested by our -
7-k_) 14 - if Ted's prepared, we might want to go back to the 15 setpoint. Do you want to go through the detail of your 16 comments on those points? Since we are ahead of schedule, 17 here.
18 MR. QUINN: Is that okay?
19 CHAIRMAN MILLER: Something we'll do at this 20 point, or -- before moving to the National Academy Study?
21 MR. WERMIEL: It's okay with us.
22 MR. CHIRAMAL: Sure.
23 MR. WERMIEL: Go right ahead.
24 MEMBER SEALE: Since you guys are sitting here 7-25 (v) right now, it seems to me we've got the optimum set of i NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS I 1323 RHODE ISLAND AVE., N W, (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433
54 l l
l 1 resources.
.s 2 MR. WERMIEL: We have my staff expert on I I )
'~
3 setpoint methodology with us.
4 MR. QUINN: He's here.
5 MR. WERMIEL: Mr. Doutt; he's here.
6 CHAIRMAN MILLER: Let's see, we could even go 7 back -- for your comments, Ted, we'll need to go back to 8 the Westinghouse comments, right?
9 MR. QUINN: Yes, the Westinghouse comments 10 dated January 30th, '97. Starts on page 3. There are 11 seven separate comments that -- probably the easiest --
12 where is Cliff? Probably the easiest way, Cliff, is if --
13 each of these have a different basic subject, fundamental
,~
's 14 subject. The first one is on allowable value.
15 MR. DOUTT: Let me find the draft response 16 here, Ted, and then I'll --
17 MR. QUINN: Okay. You know, like RTDs, these 18 play into a larger role. These have a direct role in this 19 --
20 MEMBER APOSTOLAKIS: Wait, wait. Let's all I l
21 find the same --
l 22 MR. QUINN: Okay, well I was trying to give 1
1 23 come background, but in the very back of the white book --
24 close to the back -
p_
(J!
~
25 MEMBER SEALE: The comments start on page 8 of NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
55 1 the briefing material.
,s 2 MR. QUINN: Do you have them? There is a set
/ \
\'~~)
3 from NEl and then the set from Westinghouse.
4 MEMBER APOSTOLAKIS: Yes. How long does it 5 take you to respond to all these comments?
6 MR. WERMIEL: In this case I don't think it 7 took us that long, did it? To respond to the comments?
8 MR. DOUTT: No. A couple of weeks.
9 MR. WERMIEL: Incidentally George, the 10 comments from Westinghouse on setpoint methodology were 11 not entirely new to us. We've been dealing with 12 Westinghouse on this topic for a very tong time.
13 MEMBER APOSTOLAKIS: Okay.
i
.%> 14 MR. WERMIEL: So much of what they said here 15 was reiteration of -- that's right. I was also reminded 16 by Cliff that they had commented on the Reg. Guide, also.
17 MR. QUINN: They commented on the Reg. Guide 18 and they have a differing position in the proposed tech 19 specs, right?
20 MR. DOUTT: Well, the approved tech specs had 21 a different format for Westinghouse.
22 MR. QUINN: Different format for Westinghouse?
23 MR. DOUTT: Yes.
24 MR. QUINN: So there's some --
p (j 25 MR. WERMIEL: There's been a long dialogue on NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS i
1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
56 1 them --
l n 2 MR. QUINN: Right. The NUREG-1430 or 31,
'~'
3 whatever it is for Westinghouse, addresses a different 4 method of displaying the required information. I l
5 MR. DOUTT: Obviously, Ted, this could go on I l
l 6 for a long time if we get in that debate. I 1
7 MR. QUINN: Anyway, but it has a direct role, ;
1 8 if you can answer comment 1. It does address this i
9 particular point.
10 MR. DOUTT: What did we do here? Was that --
11 the initial comment was on --
12 MR. QUINN: Unallowable values.
13 MR. DOUTT: Okay. Depending on how you want
,-_3) 14 to look at allowable values -- we consider that the 15 operability, and you're right, there's a discrepancy in 16 the ISTS and whether LSS is assigned.
17 What we did here in the BTP is essentially, 18 deferred back to the Reg. Guide fix, but the allowable i
19 value is the operability call. And that's going to be our l l
\
20 -- that's the position we'd like to take. l l
21 We recognize the difference --- and it can 22 work, and there's that option -- but in general, from a i
23 guidance point of view, we have to look at the four l 24 vendors and the different methodologies and the approaches
.) 25 and be consistent.
l NE AL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
l 57 1 And to do that, essentially we took the l
,- 2 definitions of Part 1 and we have an exception in the --
l l I i
x' ~ '
3 well, however the Reg. Guide looks at this, there will be 4 a minor exception because how the LSSS is going to be 5 assigned. And that's in the Reg. Guide, not here.
6 The answer to your question is that the 7 allowable value -- is not what they've discussed here --
8 will be changed, and the Reg. Guide takes an exception.
9 MR. QUINN: And what will it say?
10 MR. DOUTT: Well, in the standard itself it 11 allows the LSS to be either the allowable value of the 1
12 setpoint or both. )
13 MR. QUINN: Right.
r^N ,
! ) i
\_ 14 MR. DOUTT: If we have some issues with having ;
15 it be in the setpoint, and we'll have to do a discussion )
i 1
16 of the Reg. Guide to describe where we are in that regard.
17 MR. QUINN: Okay. So for the benefit of the 18 rest of the committee, the setpoint is what the actual 19 unit trips at? The allowable value is this limiting value 20 that we can allow it to go to for what we could consider 21 observable parameters, that we can check at in the field, 22 not including harsh environment or other type things.
23 The use of the allowable values is real 24 important because it tells us if a licensee - it gives an r^
(N) 25 indication if the licensee is living within the bandwidth NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
58 l
1 of surveillance required. That is observable.
p_ 2 MR. DOUTT: Now, we changed that a little bit
(h 3 Ted, because we do discuss LSSS. You can assign that and 4 live with that number. Whether you call it -- what you 5 call it is up to you. We have a format, we have a tech 6 spec standard, and that would certainly be the way --
7 MR. WERMIEL: Did you say the reason for that?
8 MR. DOUTT: The reason for that Ted, is drawn 9 right out of 10 CFR 50.36, which calls for the limiting 10 safety system setting, the LSSS.
11 MR. QUINN: Right. I understand.
12 MR. DOUTT: So we're trying to -- the goal 13 he was to get some consistency meeting 50.36, the Reg.
k_) 14 Guide, the BTP --
15 MR. WERMIEL: Exactly, and the standards.
36 MR. DOUTT: Make them all read consistently.
17 MR. QUINN: The importance of keeping a hard )
i 18 line has to do equa.7.ly as much with, when somebody has to 19 make a definition of something that they have to live to, l
20 that's a quantitative value, it's beneficial to not have 21 this issue of, okay, if we exceed something that's not 22 defined I guess we can go study it for a year or two and 23 figure out if it's okay.
24 MR. WERMIEL: Right, great.
r~w t ( ) 25 MR. QUINN: The number is real clear to the v
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
59 1 technicians, it's real clear to the technician's
_ 2 supervisor -- how it should be handled -- and that's good.
- \
3 And I'm glad you're answering this in this way, I guess.
4 MR. DOUTT: Yes. I'm not sure if you have the 5 responses or not.
6 MR. QUINN: I don't have any responses, here.
7 MR. DOUTT: Okay. I guess you can do that 8 part.
9 MR. QUINN: Okay. Dr. Miller, do you have any 10 other question on allowable value? Is that --
11 CHAIRMAN MILLER: No.
12 MR. QUINN: Okay. The second one, how did you 13 answer that? This is the one, basically drift and it's 14 really Generic Letter 91-04 related, I think. Right?
15 CHAIRMAN MILLER: This is comment 2, 16 Westinghouse?
17 MR. QUINN: Comment 2, Westinghouse, right.
18 CHAIRMAN MILLER: On acceptance criteria?
19 MR. QUINN: Right.
20 MR. DOUTT: Yes, let me read to the Reg. Guide 21 instead. If my notes are right, comment 2 had to do with, 22 on underacceptance criteria, basically, we took the term 23 drift and used drift uncertainties, data supporting our 24 instrument drift uncer tair. ties and whatever. ~he idea was
-~s I
j 25 to pull drift out of that, l NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.. N W.
(202) 234 4433 WASHINGTON, D C 20005-3701 (202) 234-4433
60 1 MR. QUINN: So what did you do? Take out item 7 ~s 2 2, or bullet 27 Did you take out some of the bullets or i \
3 did you --
4 MR. DOUTT: Okay, on the sixth bullet down, I 5 interpreted that comment to be -- they were making 6 comments on Generic Letter 91-04 specifically, which is --
7 it is specific to that letter, not the BTP as far as drift 8 methodology goes. So what we did on bullet 4, as you'll 9 notice, the drift terms are removed. It just says, the 10 basis for assumptions are instrument uncertainties?
11 MR. QUINN: Yes.
12 MR. DOUTT: We made it more global.
13 MR. QUINN: Okay, the important element here
/ \
( /
'w '
14 is how people handle out of tolerance; that's what's 15 really critical.
l 16 MR. DOUTT: Right.
i 17 MR. QUINN: I don't care if they're going at l
l 18 24 months or 36 months. The way people handle out of l 19 tolerance is very critical, and what this does is it 20 addresses that, "as found" difference to "as left", needs I 21 to address the actual in-plant installation and how it's 22 handled.
23 MR. DOUTT: Yes, what's happened here again, 24 is the BTP will send you back to the draft Reg. Guide, and y ) 25 in the draft Reg. Guide what we did is -- again, it's NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
61 1 -
based on tech spec format and methodology format --
<3 2 whether you have allowable value only listed or trip i
v) 3 setpoint only listed, and how your action statements then 4 relate to that.
5 But basically, irregardless of how you did 6 that, we say that the setpoint to the allowable value 7 relationship should be defined and controlled.
8 MR. QUINN: Right.
9 MR. DOUTT: And how you do that based on 10 format -- there's options, but in the Reg. Guide we 11 basically say, that relationship must be controlled and 12 inspectable.
13 MR. QUINN: Okay. Comment 3, just quickly, I
/ I
/
14 guess you've taken this out. The EMI/RFI is gone?
15 MR. DOUTT: That was the intent.
16 MR. QUINN: Good. Great.
17 MR. DOUTT: In our response, however, we said 18 there may be some considerations where that actually is a 19 factor. I don't know where it would be, but we agreed 20 with the comment, and the removal is --
21 MR. QUINN: The removal is consistent with 22 other industry positions?
23 MR. DOUTT: I agree. And it's --
24 MR. QUINN: Comment 4?
,m
(,)'
i 25 MR. DOUTT: That was -- my understanding of NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005 3701 (202) 234-4433 l
62 1 the comment was, they wanted more definitive guidance. I
, .x 2 know what my markup is -- let me see what we did. Yes, we
- )
3 left it as " typically". And there's also a comment on 4 surveillance interval. We left it as " typically" because 5 generally that is what we do, but there are that 6 exceptions.
7 MR. QUINN: I think you should leave it the 8 way it is.
9 MR. DOUTT: And that we did. It says 10 typically. The other comment had to do with intervals and 11 we tied it with that and we made an argument that 12 essentially time dependence -- whether it's discovered or 13 not discovered or whatever, should be included. That's p
' s> 14 how the standards are based. !
l 15 The second thing is, if you're doing an l
16 extension, even if time dependency isn't noticed, we felt 17 that the -- at least in certainty, the prediction is l
i 18 increased, so time is still important. So we left it as 19 1s. !
20 Mr QUINN: The benefit to the industry of the i 21 number of r stensions that have occurred has never been l
l l
22 well documented, and it's tremendous what's occurred. And 23 the guidance that you provided in 91-04 and this is good.
24 This is -- 95-95 is a good level.
n 25 MR. DOUTT: Right. And again, 95-95 --
i]
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
i 63 )
- 1 MR. QUINN
- Yes, 95-95 automatically --
,.- 2 MR. DOUTT: -- is what we prefer to see, but (V) 3 there are exceptions based on -- methodologies, actually.
4 MR. QUINN: Okay. Item 4, I think. Item 5 is j 5 the most explicit graded approach criteria I've seen
(
- 6 anywhere.
l i
7 CHAIRMAN MILLER: Is that a plug for 6704?
l i
8 MR. QUINN: No, because this does not appear.
9 This -- so I won't take credit for -- this is what the 10 staff believes, and including -- I'm kind of proud that 11 you include engineering judgment.
I 12 MR. WERMIEL: We have to. There's a lot of 1
13 engineering judgment involved when you establish a p
b 14 setpoint methodology and particularly where you apply it 15 and to what level do you apply it, when you consider how 16 many thousands of setpoints there are in a nuclear power 17 plant.
l 18 MR. QUINN: Right. )
1 19 MR. DOUTT: I'll take the kudos but our )
i 20 resolution of the public comment was to remove the i
21 . Guidance. The reason we did that -- ,
I 22 MR. QUINN: No. The Guidance was put in there 1
i 23 --
l 24 MR. WERMIEL: As a strawman. I c\
(v ) 25 MR. DOUTT: -- to see what would happen in a l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 I
l
64 1 public comment. We did not get significant comment on it.
f 2 MR. QUINN: Other than this one?
- )
3 MR. DOUTT: Other than this significant 4 comment. And based on, you know, the standards work and 5 whatever, and the disagreement on grading, we have used 6 this method and this has been one approach. There are at 7 least - I don't know, based on 6704's appendix, at least i 8 eight or nine different versions of this, not counting 9 what the vendors may have done.
l 10 So what we felt we need to do was, remove 11 this, provide the option for the grading, and when we get 12 an industry consensus or some more specific guidance, l 13 we'll certainly endorse it. But right now we felt that
\
't) 14 this -- that we're in a position to do this.
15 MR. QUINN: And yet it is my understanding 16 that you have docketed responses to licensees that relate 17 to this exact guidance, and you're taking it out of the --
18 MR. DOUTT: Similar to this, yes, that's 19 correct.
20 MR. QUINN: Pretty similar.
21 MR. DOUTT: Very close.
l 22 CHAIRMAN MILLER: I thought 6704 had a grading 23 --
24 MR. DOUTT: It does not. It merely allows the p
) 25 concept.
7 NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
l (N2) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
! 65 1 MR. QUINN: Calls for grading.
f,g
. I i 2 CHAIRMAN MILLER: Wasn't there appendix -- and 1
\' ' 'l 3 I haven't followed that --
4 MR. DOUTT: Yes, there is an appendix on 5 grading but we did not endorse that and it has not been 6 approved by committee yet.
7 CHAIRMAN MILLER: Okay, so there's no 8 consencus on the appendix in 6704?
9 MR. QUINN: It gives a nu'Qer of different 10 ranges or examples -- about six or seven different types 11 of potential grading processes. But this one was closer l l
12 to a fundamental level, because it has to do with how you 13 would do a calculation.
I l
U'!
14 MR. DOUTT: Yes, this -- we've been trying to I l
15 look at different schemes of doing this. You do a systems i 16 look and then essentially grade the system and give --
17 what type of rigor would you like the setpoint to have --
18 and come up with a guidance dc ument that you would tack 19 onto your setpoint methodology for example, or do you do a 20 very -- since they're globally like this and they're 21 basically -- the calculation is based on 95-95 or 22 uncertainty calculations, why don't we just grade this to l
23 a measure of uncertainty.
24 MR. QUINN: Maybe I should ask the question
,q t,vj 25 different. Now that you're taking this out, is it clear NEAL R. GROSS COURT REPORTER 3 AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
66 1 to licensees what they should be following for different
, y 2 system level calculations?
'wE 3 MR. DOUTT: Right, it's no different than it 4 is today. We're still looking -- it's whatever's 5 essentially the situation is as it is now. And from a 6 grading point of view, it's as the standards are right 7 this moment. I agree that's --
8 MR. QUINN: In the last --
9 MR. DOUTT: -- defined methodology would be an 10 improvement.
11 MR. QUINN: In the last 12 to 18 months, I 12 believe you've docketed responses that have resulted in 13 other licensees, based on this docketed response. I've
( \
/
14 got to go change my process of going to 24 months.
15 MEMBER SEALE: You tell us that this is a 16 controversial area?
17 MR. DOUTT: Yes.
18 MEMBER SEALE: At the same time you tell us 19 that you were surprised that you got no response, adverse 20 or otherwise, from what was in this proposed document.
21 Isn't there a message there?
22 MR. DOUTT: I don't look at it as being l
l 23 surprised. We put this out to see what would happen.
24 We're also actively involved in the committee that does (O) 25 the grading approaches, and --
l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 kHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
/
67 1 MR. WERMIEL: I think the industry, Dr. Seale, 2 is allowing the committee to do its job and work with the e7_ a 3
/
3 various industry members and the staff, to develop 4 something. Which is perhaps why they didn't feel that 5 this was necessarily an appropriate place to provide a 6 comment. Since they knew this activity is ongoing anyway.
7 And it is.
8 MR. DOUTT: And actually to endorse this 9 comment would -- the fact would change --
10 MR. WERMIEL: Exactly. It would have 11 established a position that might have pre-empted as 12 something else that might turn out to have been better, 13 so. I don't know that we were surprised so much as, we (y 4 L
'/
'- 14 threw it out for the industry to think about as part of 15 the effort that was already ongoing with the Standards 16 Committee. I think we had already made them aware of it 17 essentially, anyway.
18 MR. QUINN: Isn't it true though, that we've 19 received -- that the staff has received less comments 20 overall than perhaps what you expected? Not just to this 21 particular section.
22 MR. WERMIEL: On this Reg. Guide you're 23 saying, Ted?
l 24 MR. QUINN: On all of the SRP responses.
(
(~
() 25 MR. WERMIEL: Oh, on the SRP. Yes, on the SRP NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005 3701 (202) 2344433
i 68 !
1 and on the standards, I would have thought we would have 1
1
,_ 2 gotten more ccmments from say, vendors -- from companies I
\
) \
3 that design and develop digital systems. I think the 4 answer is yes. Although we know that they knew about it, 5 because they told us they knew about it. But they felt, I 6 cr chose not to comment, for whatever reason.
7 We know some individuals had comments that 8 they wanted to provide, that subsequently have come in, 9 but that were originally not provided because of some i
10 internal concerns with their management, for example.
11 CHAIRMAN MILLER: Well, I know several who, 12 for other reasons, were -- at the time this was out -- l l
13 were quite busy on other issues. l
,e
_ 14 MR. WERMIEL: And that, too.
15 CHAIRMAN MILLER: As you well know, that time ;
1 1
16 period many plants were hit with other concerns that ;
1 17 overrode these. That may have determined some lack of 18 response for the plants at least; that is not necessarily 19 the reason for the lack of response by vendors. I 1
20 MR. WERMIEL: That's a fair comment. I think 21 in general, plants are being pulled in a number of i
i 22 different directions that may make this entire topic area I
i 23 -- digital systems and digital modifications -- lower in 1
24 their priority when compared to the other issues they're 1
7'N (s_- ) 25 now being faced with.
1
! NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLANO AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
69 1 MR. QUINN: I think the 50.54 (f) Guidance
,_s 2 that's being provided here is good, though. Because what
/ \
' /
'~'
3 happens is, when they get to look at the particular areas 4 they're going to say, what are the guidance provided?
5 Here's the guidance. And they're revisiting the issues 6 that they probably should have revisited a few years ago.
1 7 But a . . yway , that's -- l 8 CHAIRMAN MILLER: But of course the letter 9 requiring the 50. 54 (f) revisions or review, came at about l 10 the same type this document came out.
11 MR. QUINN: So they were busy, right.
12 CHAIRMAN MILLER: I've talked to several plant 13 people that said, gee, I was busy on that letter; I 1 i
K_/ 14 couldn't deal with this. That was priority.
15 MR. QUINN: That's a good point.
16 MR. WERMIEL: Well, that's another reason why 17 we're making sure we're going to leave this thing out 18 there for them to comment on at any time. We currently'--
19 even in the version that's out there, ask or solicit 20 comments at any time, on the document.
21 MR. QUINN: Okay. I think I understand that 22 one, Cliff. I can provide comments separate ly I guess, as
! 23 to my opinion. The next one is on "as found", "as left",
24 comment 6. I think it has to do with random drift.
/~m
( ) 25 MR. DOUTT: Right. And that was a bullet NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l
1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433
70l 1 under review procedures 6, I believe. What we did there 2 was added a sentence, essentially. Obviously, when you s
~'
)
3 have "as found" -- actually, I'm not so sure about the 4 random as we did it -- I think the comment may be have 5 been more during normal -- test of normality. I think 6 there may be a little bit of a mix there.
7 But what we did is added essentially saying, 8 evaluation results should reflect an appropriate and 9 uncertainty terms that are included in the methodology, 10 and leave it at that -- as an option.
11 MR. QUINN: Good. Excellent. Okay, item 7.
12 Item 7 is time dependence -- dri f t versus time dependence.
13 A good linear regression will do this, tell us what we f
i's' 14 need.
15 MR. DOUTT: We don't want to get into that 16 debate.
17 MR. QUINN: No, we don't, but what they're 18 saying here is that based on some experience, they don't 19 need to evaluate this. That's not really ' rue. It needa 20 to be evaluated every time.
21 MR. DOUTT: Again, I guess we agree. The --
22 lost as far as the permit and response goes, but basically 23 what we would do, anyway, is the time dependency over 18 24 months is fine, but we still feel there's uncertainty in a
!"\
( ,) 25 projection if you were doing a 30-month or whatever, or I NEAl. R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RilODE ISLAND AVE., N W (202) 234-4433 WASH!NGTON, D C. 20005-3701 (202) 234-4433
i l 71 i l
1 online. ,
,s 2 We think there's other issues involved there.
i \ \
3 There's reliability issues that may come into play. Also 4 from a 6-month term to an 18-month term, you may show 5 random, whatever, but again, I think the dispersion --
6 again, I think the uncertainty of the projection is 7 higher.
8 So essentially we disagree with that. The 9 standards are based on time, the methodology and the draft 10 practice are based on time, and at this point I didn't l 11 think the BTP was -- that's not a place to discuss it. We 12 left it as is.
1 13 MR. QUINN: Good. Great. Okay. Last j
\ -) '
14 question I would have is, when you mentioned you had I 15 differing professional opinions that relate to the issue 16 of -- i 17 MR. WERMIEL: Yes.
1 18 MR. QUINN: Well, maybe I should just look at I i
J 19 your comments. Is that the appropriate thing -- how you ;
20 responded to these comments? You have those --
21 MR. WERMIEL: No, wait a minute. Ted, are you 22 talking about the differing professional view that's 23 currently being considered within the staff now? There is 24 nothing out on that -- what's the best way to say it --
,q,
( ) 25 that is still under consideration internally by the staff.
NEAL R. GROSS COURT REPORTERS AND TRANSCRlBERS 1323 RHODE ISLAND AVE., N W (202) 234 4433 WASHINGTON D C. 20005-3701 (202) 234-4433
72 1 There's a very set procedure that we follow.
,73 2 MR. QUINN: I understand.
i
\'/
3 MR. WERMIEL: Now, the final disposition of l
4 that, I don't recall whether that even gets publicly 5 disseminated. I'm not sure that it does. I'd have to 6 look at the DPV procedure, Ted, to know.
7 MR. QUINN: But is it appropriate that we 1
8 could look at how you #ncorporated these comments, is that i
9 correct?
l 10 MR. MARKLEY: Ted, that's not going to be 11 available with the new stuff that is --
l 12 MR. WERMIEL: The answer is, if -- if in the l 13 resolution of the differing professional view there will
'.)
' 14 be changes to the Reg. Guide and/or the standard review 15 plan, you will certainly be aware of that; no question.
16 MR. DOUTT: Is your question, Ted, on these 17 comments from Westinghouse and the disposition here?
18 MR. QUINN: Yes.
19 MR. DOUTT: Yes. That's fine.
20 MR. WERMIEL: That's fine.
21 MR. QUINN: That's all I was --
22 MR. WERMIEL: This is not the differing 23 professional view, though.
24 MR. QUINN: Right, okay.
) 25 MR. WERMIEL: I was speaking of something very NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.., N.W.
(202) 234 4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
73 1 different.
,s 2 MR. QUINN: Oh, okay.
/
s T
~'
3 MR. WERMIEL: There's a staff person that's 4 currently raised issues regarding setpoint methodology 5 that he has identified as a DPV.
6 MR. QUINN: Okay, separately. I was --
7 MR. WERMIEL: Separate issue.
8 MR. QUINN: I thought it had to do with these I
l 9 __
10 MR. WERMIEL: No, no, no.
l 11 MR. QUINN: I can see these incorporations.,
12 comments, and I can provide my own separate set of 13 comments to these? If so --
.iq 1
\_/ 14 MR. WERMIEL: Yes, I hope so.
15 MR. QUINN: Great.
16 CHAIRMAN MILLER: What I would suggest is, if 17 you have or have not put it in writing, I would suggest 18 they be in writing -- the disposition of the comments on 19 SRP. The Westinghouse comments. Because that would make 20 it easier for us to follow what you've done here.
21 MR. QUINN: Similar to the way the Reg. Guides 22 --
23 CHAIRMAN MILLER: Provided or waived in the 24 Reg. Guides, r'N
() 25 MR. WERMIEL: Yes, we can provide those to NEAL R. GROSS COURT REPORTERS AND TRANSCalBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
74 1 you.
i l
7 2 CHAIRMAN MILLER: Are they already in writing? l l ?
3 MR. WERMIEL: Yes.
4 CHAIRMAN MILLER: Could you provide them to us 5 in the next -- today, sometime?
6 MR. QUINN: Today, so we can review them 7 overnight?
8 MR. WERMIEL: We can give them to you right l
I 9 now. Mike, do you want to make copies?
10 MR. QUINN: Now, is that just on BTP-12, or is 12 that on all the Westinghouse comments?
12 CHAIRMAN MILLER: All of the Westinghouse --
13 MR. WERMIEL: We've got them on BTP-12 and on l
,/ \
i 1
'\J 14 the Reg. Guide, right?
15 MR. DOUTT: Yes, it's on 12 and 13 --
16 MEMBER SEALE: Okay, fine.
17 MR. QUINN: Just before the end of the day, 18 right?
19 CHAIRMAN MILLER: Yes.
20 MR. QUINN: Just before the end of the day, 21 right?
22 MR. WERMIEL: Okay.
23 MR. QUINN: Thank you. I'd very much 24 appreciate the detail that you provided the responses.
A l 25 CHAIRMAN MILLER: Okay. I would suggest NEAL R. GROSS CCURT REPORTERS AND TP.ANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
75 1 following -- looking at the schedu3e we are substantially
,3- 2 ahead of time. Because Matt was ready to go into the l }
'~#
[
3 NAS/NRC study. And what I'd recommend we do is not go 4 into that study because I have questions about two of the l
5 BTPs -- 17 and 21.
6 MR. WERMIEL: Okay. Matt was only going to go 7 into the changes to the ERP that resulted from the NAS 8 study. That's all that slide was going to deal with. The 9 actual NAS study itself -- is that on the agenda for 10 tomorrow, Matt?
11 CHAIRMAN MILLER: It's really tomorrow.
12 MR. CHIRAMAL: Yes, that's tomorrow. l 13 MR. WERMIEL: Yes, that's on the agenda for j i
'/ 14 tomorrow and he's got a mountain of slides on that, 15 depending on, you know, how much you want to talk about 16 each and every one of the recommendations.
17 CHAIRMAN MILLER: So as we g' through that, 18 Matt, I assume that means changes in Chapter 7 as well as 19 the BTPs and so forth? Is that correct?
20 MR. CHIRAMAL: Yes.
21 MR. WERMIEL: That's correct.
22 CHAIRMAN MILLER: And I want to raise 23 questions on BTP-17 and 21 as we go through this. I 24 assume the NAS/NRC study did have comments related to at (v ) 25 least one of those, if not both.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
76 1 MR. CHIRAMAL: Was it 17?
s 2 CHAIRMAN MILLER: Yes, 17 and 21.
. i 3 MR. CHIRAMAL: Seventeen -- that's the one on 4 surveillance testing?
5 CHAIRMPR MILLER: Yes. Well no -- it had 6 nothing to do with that one. I have a question on --
l 7 MR. WERMIEL: I don't -- I l
8 CHAIRMAN MILLER: -- 21 was -- I have a l 9 question'on 17 and --
10 MR. WERMIEL: Why don't we do ahead with your 11 questions on -- l 12 CHAIRMAN MILLER: Well, I'm going to suggest 13 we take a break now, but I'm going to let you know what's !
bl 14 coming.
15 MR. WERMIEL: Okay.
16 CHAIRMAN MILLER: In addition, your 17 reconciliation, I have questions on 17 and 21.
l 18 MR. WERMIEL: I think we ought to do that 19 first.
l 20 CHAIRMAN MILLER: Okay, we're going to do that l
21 first. So I suggest we take a break until 10:25.
l 22 (Whereupon, the foregoing matter went off the 23 record at 10:14 a.m. and went back on the 24 record at 10:34 a . ra . )
A) 25 CHAIRMAN MILLER: I've been advised by the NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
77 1 Chair of this Committee, since I'm only a subcommittee
,~. 2 chair, that I need to be more diligent and keep getting
\
) 3 these back on track. Now, I'm now one minute late. So, 4 I'm being advised.
5 I guess the comment we should go to the 6 questions I have on the BTP 17 and 21. So let's turn to 7 those pages. And the first one --
8 MEMBER APOSTOLAKIS: So how can we find this?
9 MR. CHIRAMAL: Appendix 7A, it's on the back 10 of --
11 MR. WERMIEL: It starts with, at the bottom of 12 the page BTP HICB-17-some page number.
13 CHAIRMAN MILLER: Okay, if we look at pages --
d 14 let me pick one statement here, page 17-5, it's repeated 15 on 17-4, but it says here " hardware and software used to 16 perform periodic self testing should be an equivalent 17 safety classification and quality as the tested system."
18 Now, it then goes on to say it should develop -- everybody 19 find where we are on 17-20 MR. WERMIEL: One paragraph down.
21 CHAIRMAN MILLER: It's paragraph 3. It also 22 says it should maintain channel independence, system 23 integrity and single failure criteria. My question is, 24 why does it have to be of equivalent safety significance,
) 25 safety classification if it indeed has channel a
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
l
78 1 independence, integrity and safety single failure
_ 2 criteria? Does Reg Guide 118 require that? Reg Guide 3 1.118?
4 MR. STEWART: This is Jim Stewart, I'm on the I 5 I&C staff. The intent of what we were putting in there is 6 there has been several different methods proposed for 1
7 putting the self testing stuff in. Some people have 8 proposed putting in a non-safety software qualified to a 1
9 much lower standard, but within the same box and i 10 physically connected. We did not believe that that was 11 appropriate.
12 CHAIRMAN MILLER: Well, but would it still be I
13 independent? l
[h
\-) 14 MR. STEWART: Oh, no what this is --
15 CHAIRMAN MILLER: I would agree, if it is not 1
16 -- that it is not demonstrated independence --
4 17 MR. STEWART: Right. This is really meant for l 18 the self testing, the way most people do it, it's embedded 19 in the hardware and software of the system that's 20 performing the safety function. And it is not isolated or 21 separated from that function. Therefore we believe that 22 the self testing equipment needs to be qualified to the 23 same level so that it does not cause unnecessary 24 malfunctions of the safety equipment.
A) 4 x __-
25 CHAIRMAN MILLER: I would agree with you. But NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
79 1 the way I read this, it says if it's channel independence
,_s 2 is adhered to, if system integrity is adhered to and the
! 's
\ /
3 single failure criteria is adhered to, it still has to be 4 of the same classification.
5 MR. STEWART: Right. When we say maintain 6 channel independence, typically one of the self diagnostic )
7 functions is to send off the signal to an alarm station 8 someplace, which would typically be a non-safety function. j 9 So that would have to maintain the data and the electro 10 isolation.
11 CHAIRMAN MILLER: But it wouldn't be 12 independent then?
13 MR. STEWART: No, it's part of the safety r~x,
\ s')
~ 14 system. But it would have to maintain the electrical and 15 the data isolation from the enunciator system that it's 16 feeding. If that is a non-safety system.
17 MR. CHIRAMAL: Dr. Miller, normally left four 18 channels and each channel will have its own self testing 19 feature.
20 CHAIRMAN MILLER: Right.
21 MR. CHIRAMAL. And the channel independence is 22 within each channel they should be independent from each 23 other, plus from the non-safety side of it should be 24 isolated.
<x
( 25 CHAIRMAN MILLER: Well, this ia talking about NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 1
80 1 channel independence.
2 MR. CHIRAMAL: Yes. Channel independence self
/,,\
i 3 test feature.
4 CHAIRMAN MILLER: Oh, I see, so it's not 5 talking about independence of the self-testing feature 6 within the channel.
7 MR. CHIRAMAL: No, no, because it's part of 8 the -- reactor protection system or the engineered safety 9 features actuated system channel itself.
10 MR. STEWART: Most of self testing features 11 that we have seen are not independent of the safety 12 system. They are part of the safety system.
13 CHAIRMAN MILLER: Okay. So when you talk O.
V) t 14 about design, you are really talking about design of the 15 overall system and within that there could be a self 16 testing feature.
17 MR. WERMIEL: That's correct.
18 MEMBER SEALE: Including the integrated self 19 test --
20 MR. WERMIEL: That's right.
21 MR. STEWART: That sentence is meant just to 22 imply that you still have to meet the 603/279 type 23 criteria.
24 MR. WERMIEL: Exactly.
p (v) 25 CHAIRMAN MILLER: So my question revolved NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 2344433
81 1 around the fact that if you weren't doing self testing and em 2 you assigned a technician to do this testing, the i i
\~J 3 instrument he is carrying doesn't have to be safety
- 4 related.
5 MR. WERMIEL: No, it's only when the software 6 is totally embedded within the system.
7 MR. STEWART: That's correct.
8 CHAIRMAN MILLER: I think this is clearly l 9 spelled out to everybody and I just didn't see it. ;
i 10 MR. WERMIEL: I think you were talking about a 11 separate feature somehow that you are attaching or somehow l
12 --
13 CHAIRMAN MILLER: I was talking about if you
' )
14 could do a self testing where you could guarantee it would 15 be independent of the system you are testing.
16 MR. WERMIEL: If you could do that, if there 17 is a self test capability that could be isolated, then I 18 don't see why it would need to meet that safety 19 classification. But that's not generally the way they are 20 designed.
21 CHAIRMAN MILLER: It's a test cart.
22 MR. STEWART: That's correct. There are some 23 independent systems where they roll up a separate cart and 24 plug it in. Run your test with that equipment and bypass
) 25 off line.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
82 1 MR. WERMIEL: Exactly.
fs 2 MR. STEWART: But that's not what this is
/ \
~
3 intended to address.
4 CHAIRWJJ MILLER: But that's where you 5 physically keep it independent.
6 MR. WERMIEL: Correct, but it's a separate --
7 CHAIRMAN MILLER: But rarely is there -- you 8 never encountered one where the self testing feature was 9 embedded but still you could guarantee it's independent.
10 MR. STEWART: We've encountered self test 11 features which were in a physically separate box where the 12 data communication was one way broadcast, and that would 13 be allowed.
I
,m n
ks 14 CHAIRMAN MILLER: Okay, so by it's self 15 testing building so it was on, say a fiber optic data link 16 where you had one way communication, that you would --
17 that would not have to be safety related.
18 MR. STEWART: Correct.
19 CHAIRMAN MILLER: I guess that's basically my 20 concern. Okay, John, did you have further comments? Go 21 ahead John --
22 MR. GALLAGHER: I was just --
l 23 MR. WERMIEL: Introduce yourself.
24 MR. GALLAGHER: John Gallagher of the I&C 25 staff. Sizewell, for instance, has built into the channel
! )
l l NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE IS' AND AVE., N.W.
j (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
l 83 l
l l
1 a periodic self testing feature, as well as on line 1
I l s 2 continuous self testing. Now the periodic self testing
'I i s'"' s 3 features are built in, but they are functionally isolated 4 from the safety system so they are not in direct line of 5 the performance of the safety action. Like for instance, l
6 the watchdog timer would be. So one can have functional 7 isolation, but since it's still in the same safety 8 cabinet, it had to meet all the requirements of the safety 9 system. i 10 If it were to have been put on a cart where 11 you could only hit one and you plugged it in, then you !
12 would not have had to meet the Class 1E physical aspects )
13 of safety.
( ) l x/ 14 CHAIRMAN MILLER: So, I guess, is there any i 1
15 reason we should maybe clarify this, or maybe everybody 16 else understands and I didn't 17 MR. WERMIEL: If, if -- I think it might help ,
l 18 if we made the point that if a physical separation or )
l 19 isolation is provided for such features, than with proper 20 isolation, then it would not have to meet.
21 CHAIRMAN MILLER: So if it's physically 22 isolated --
23 MR. WERMIEL: We could say that. I think I
24 probably we should think about making a wording change to
/p
! ( ,) 25 make that point, to account for the separate box or the NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
84 1 cart that can be hooked up to do --
cx 2 CHAIRMAN MILLER: Well, -- you need to have a
! \
\'~) 3 fiber optic data link which would be physically isolated, 4 but still not isolated signal wise.
5 MR. WERMIEL: But that's correct. That's what 6 the words would have to make clear. We are talking about, 7 where it doesn't somehow interfere with the channel 8 function.
9 CHAIRMAN MILLER: Right.
10 MR. CHIRAMAL: But if it's doing a continuous 11 on line testing, then we will require to meet the safety 12 requirements as part of the --
13- MR. WERMIEL: Then it would be part of the
(-
14 channel.
15 MR. CHIRAMAL. Right.
16 MR. STEWART: Yes, we do have a reference in 17 here to 7432. And in 7432 there is an appendix that I've ;
1 1
18 been told people actually like, where it shows you can I
19 have the electrical independence at a physically different i
20 location than the data independence. And it also j i
21 specifies that the test tool would not need to be i
22 qualified unless it is embedded as part of the safety j l
23 product.
'l 24 MR. WERMIEL: I think we can put some wording j (n) w/
25 in.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-4433
85 l 1 CHAIRMAN MILLER: I always like to have
,- 2 requirements in a sense drive the technology.
I )
3 MR. GALLAGHER: I think one of the other 4 aspects, Dr. Miller, that you may have been thinking about 5 if it's periodic self testing, it injects a signal into l
6 the system. If it's built into the cabinet and sitting 7 there, one of the questions you have to ask is can this 8 thing, just on its own, start putting signals in? So, one l l
9 has to be very careful with respect to the isolation, of ,
1 10 that feature. And so it's a whole different animal than l I
11 the one you wheel up and plug in. Because that one you !
i Ii l 12 don' t have to worry about
! 13 CHAIRMAN MILLER: But if it's in the same ,
( /~'s I l !. l l \/ 14 cabinet, you have real challenges demonstrating l
15 independence.
l 16 MR. WERMIEL: That's right. I think we can 17 clarify the working.
l l 18 MR. CHIRAMAL: We can put some words in there, 19 a couple of sentences and clarify that.
20 CHAIRMAN MILLER: Let's see, going on to 21.
21 Let me find that one. Twenty one dash five. Let's see if 22 I can find it. Okay, it says, it's paragraph five, I 23 guess. It says "any non-deterministic delays should be 24 noted and a basis provided that such delays are not part
/n
(_,)' 25 of any safety functions. Nor can the delays impede any NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234 44S3
86 1 protective actions." Now, let's see what I have here.
j
,y- 2 It seemed to me that statement was overly l
\ }
3 restrictive. It would seem to me if the delays are random 4 and those random delays are stochastic and the probability ;
5 of delay was low, then you wouldn't have to worry about i
6 it. Does that make sense?
7 In other words, you are really saying any l
8 delays have to be deterministic, basically -- l 9 MR. STEWART: No, we're saying any non-10 deterministic delays have to be evaluated for their 11 impact. This is basically a requirement that you i
12 understand your system and you have no unintended 13 functions by design.
/ %
\ )
N/ 14 CHAIRMAN MILLER: Okay. ,
1 1
15 MR. STEWART: There are some non-deterministic l 16 delays that have to be built in. Primarily we want a 17 deterministic system, as much as possible. But to allow, ,
l 18 for example, an operator to place a system in bypass, 19 that's a non-deterministic delay, you know. But there 20 should be no planned non-deterministic delays that can 21 have any impact on the safety function.
22 There will, of course, be hardware failures, 23 perhaps software errors that can cause problems.
24 CHAIRMAN MILLER: So, if you have a non-g
( ,) 25 deterministic delay and you can prove that it does not NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, O C. 20005-3701 (202) 234-4433
87 1 impact the safety system, it's okay.
s 2 MR. WERMIEL: Yes, that would be okay. 1 t )
~
3 MR. STEWART: That would be okay.
4 MR. UHRIG: [Off mike.] What do you mean by a 5 non --
6 MR. STEWART: Yes, for example, a typical, )
7 like an Ethernet system, when it's trying to load onto the 8 system, if there is already a packet at the point where 9 it's trying to load, it will wait until the next available 10 sequence is available. That would be a non-deterministic 11 system. In a safety system we would rather it does the 12 same thing each time on a regular cycle.
13 CHAIRMAN MILLER: In that case it would be not ss 14 only non-deterministic, it would not be stochastic either.
15 That's probably the more obvious situation.
16 MR. ST.3 WART: Right, I think the primary point 17 though, is that we are not absolutely denying any possible 18 non-deterministic delay. There may be a situation where 19 it's warranted. But we believe it has to be very 20 specifically known, studied and understood.
21 CHAIRMAN MILLER: Okay, let's go ahead with 22 the, now you are going to go ahead with the National 23 Academy NRC study and how that impacts the standard --
24 And in this -- let's see, will these comments address the
((~\,) 25 questions we raised on this study? Or are they all going NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
88 1 to be addressed tomorrow?
,s 2 MR. CHIRAP AL: The changes made to the SRP --
( )
'~
3 MR. WEFAIEL: This is strictly -- let me 4 explain that. T1.is is strictly, from our reading of the 5 NAS study, wha _ changes, if any, did the SRP need to 6 undergo. And this is the only area where we found the 7 recommendations within the study itself implied that a 8 change should be made in our standard review plan. And we 9 agreed to do that.
10 The issues that you raised, Dr. Miller, on the 11 study in general, we were going to talk about tomorrow.
12 But we could do that anytime.
13 CHAIRMAN MILLER: No, I would expect maybe s- 14 some of these issues will be addressed even today. But 15 you probably already addressing them.
16 MR. CHIRAMAL: Some of it may be addressed 17 today. One of the comments we kept getting from the ACRS 18 was that particularly BTP-14, directed the reviewer to 19 several standards outside the document itself.
20 MR. WERMIEL: Matt, can I ask you to hold on 21 just a second? Was Dr. Apostolakis -- this is a 22 suggestion that he made that we believe was a good 23 suggestion. And we have made a change to accommodate it.
24 And I was just wondering if you wanted to hear this.
,r'
(\) 25 CHAIRMAN MILLER: Probably would, yes.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
89 1 MR. MARKLEY: If we could have a short recess I
- 2 while I go look for it, because you can't proceed without I (y j
< 1 i
3 me. l 1
4 MR. WERMIEL: Or what we could do is go to the l 1
l 5 NAS study recommendation and come back to this. Either l l
l 6 way.
l 7 CHAIRMAN MILLER: Let's see if we can keep )
l 8 moving ahead here with a brief recess.
1 9 MR. WERMIEL: Okay.
I 10 CHAIRMAN MILLER: You are right, this is a 11 good one.
12 MR. WERMIEL: This was a good comment, and we 13 made a change that we believe improved the BPT to 73
'v)
I 14 incorporate his comments.
15 MR. WERMIEL: So, Matt, would you refer us to 16 the page where you made the change here, as we go?
17 CHAIRMAN MILLER: Yes, please do, Matt. Tell 18 them exactly, give them examples, there is more than one 19 pages. It's a number of pages, and we will show you 20 examples, where we've done this.
21 (Whereupon, the foregoing matter went off the 22 record at 10:51 a.m. and went back on the 23 record at 10:52 a.m.)
24 MR. WERMIEL: Would you like us to go to some A
) 25 of the other areas. Maybe we can just skip over this page NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
1 90 1 and come back to it. l m 2 CHAIRMAN MILLER: That would be going to --
x '~~'
3 MR. WERMIEL: We can just skip over page 12 4 and just come --
5 MR. CHIRAMAL: Mike has taken a recess, but he l l
6 said he will be back. Okay.
7 CHAIRMAN MILLER: There he is.
l 8 MR. WERMIEL: There he is.
9 CHAIRMAN MILLER: We've been waiting. We are 10 addressing an issue that has had come minor concerns 11 raised by you George.
12 MEMBER APOSTOLAKIS: Which one is this? ACRS 13 comments?
\
w/ 14 MR. CHIRAMAL: The first one.
15 MR. WERMIEL: The first one. Page 12 of the 16 slide packet.
17 MR. CHIRAMAL: Yes, the issue has come and 18 basically we are saying that particularly in BTP14, the 19 guide has provided to the reviewer took him out of the 20 document many times and brought him in and out of the 21 place, so we took that to heart and went back and redid 22 the --
23 MEMBER APOSTOLAKIS: Which one is i;his?
24 MR. CHIRAMAL: HICB.
s
. ~ , .
) 25 MR. WERMIEL: That's the one on the software NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE , N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 2344433
91 1 development process review.
n 2 MR. CHIRAMItL: So we rewrote Section 3.1 and
( )
%.J 3 3.' and took the words out of the standard and put it in 4 the document itself. And reconfigured it to look more 5 like Section 3.3 where we allotted some characteristics to 6 each of these documents that we are reviewing in those 7 areas.
8 MEMBER APOSTOLAKIS: That's clearly a step 9 forward.
10 MR. CHIRAMAL: We should hope so.
11 MR. WERMIEL: We thought so.
12 MEMBER APOSTOLAKIS: I don't have any comment 13 at this time, but I'm happy that you guys did that.
/ 1 i
'v'/ 14 MR. WERMIEL: Yes, we think it did improve the 15 document.
16 MR. CHIRAMAL: Because now we tried to put 17 everything into one document. So 14 more or less stands 18 by itself --
19 MR. WERMIEL: Stands by itself. It's now 20 basically stand alone.
21 MEMBER APOSTOLAKIS: Yes.
22 MR. QUINN: It is hard to tell, though, how 23 you rewrote 3.1 and 3.2. I can't see whether it's inverse 24 text or some manner that I can see what's been changed.
! )
(,/ 25 MR. CHIRAMAL: Well, 3.1 and 3.2 is entirely NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 ,202) 234-4433
92 1 rewritten.
c.s 2 MR. WERMIEL: If you went to the old version,
('# )
3 you'd see a number of references to standards that are now 4 --
5 MR. CHIRAMAL: Reference to standard and 6 bulletized the input into that section. But we changed 7 that to read as text, and tied it down to characteristics 8 of the documentation that we are looking for.
9 CHAIRMAN MILLER: Okay, I see my error in 10 reviewing all this was I didn't realize we changed some --
11 BTP-14 had changed this dramatically.
12 MR. WERMIEL: Yes, we changed --
13 CHAIRMAN MILLER: I just, since I had done a
,/ h
> \
V 14 thorough review of the overage and I just kept looking it 15 in.
16 MEMBER APOSTOLAKIS: It's too long.
17 MR. CHIRAMAL: It expanded the text. I think 18 we had to expand it by --
19 MEMBER APOSTOLAKIS: Yes, I'm sure, I'm sure.
20 MR. CHIRAMAL: -- about 14 pages, I think.
21 MR. JOHNSON: Something like that.
22 MR. CHIRAMAL: Because we, what was in the 23 standards, we extracted and then put it in the text.
24 MEMBER APOSTOLAKIS: Now the next comment --
O 25 MR. QUINN: Maybe we could, George could we do ij NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
l 93 '
1 that then this evening? Take a look at this and talk
.~ 2 about it again tomorrow?
\ /
3 MR. CHIRAMAL: Tomorrow Jim will be walking i
4 you through BTP-14.
5 MEMBER APOSTOLAKIS: Good.
6 MR. WERMIEL: And you will have another l
7 opportunity to deal --
l 8 MR. CHIRAMAL: Another opportunity to deal l 9 wit h these words.
l 10 MR. WERMIEL: He'll be using this version of j 11 the text off the BTP.
12 MR. CHIRAMAL: The next comment that we got 13 from the ACRS was that BTP-14, the acceptance criteria for
\~J 14 process and products needed some clarification. And here i 15 again with the rewrite of Section 3.1 and 3.2. Three 16 point one is focused on acceptance criteria for the 17 software lifecycle processing planning, and 3.2 for the 18 process implementation. And 3.3 is where the document, 19 the products are, except as described here. And so now, 20 all three are in the same format so you should have a 21 better feel for what exactly is the -- where the focus is 22 on process and where the focus is on product.
23 l CHAIRMAN MILLER: They are all in the same 24 format as 3.3 was?
n 25 MR. CHIRAMAL: Yes.
w .- l s
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
94 I l
1 MR. WERMIEL: Yes.
,-.3 2 CHAIRMAN MILLER: We acknowledged that 3.3 was .
.' \ l L .)
'~
3 the strength of the whole version?
4 MR. CHIRAMAL: Right. We thought so too.
5 MEMBER APOSTOLAKIS: How, you remember one of '
l 6 my concerns was that I had the impression by reading the i I
7 earlier version that the acceptance criteria were not l
8 really acceptance criteria. That it said, you know, you 9 should have a plan. And, that's the one I remember. So l 10 that doesn't sound like an acceptance criteria to me. )
11 MR. WERMIEL: I think when we walk you through j 12 tomorrow, or even when you look at it today, you will see l l
13 that the characteristics for the plan are now right there
~x
( )
(/ 14 in the BTP. You don't have to go to a standard and get a 15 high level word -- do a high level word search any longer. l 16 It's now within the BTP.
17 MEMBER APOSTOLAKIS: Well, that would satisfy 18 my concern then.
19 CHAIRMAN MILLER: So it's no longer in the 20 standard, basically it's no longer in the Reg Guide.
21 MR. WERMIEL: The -- remember that the BTP is 22 an amplification of what is in the Reg Guide. The 23 designer and the licensee would still go to the Reg Guide 24 to get the very basic acceptance criteria, the high level
,m 25 (s) acceptance criteria for the particular aspect that we are l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D.C 20005-3701 (202) 234-4433
95 1 dealing with. The V&V Plan, the Configuration Management
,- 3 2 Plan, whatever it is. The reviewer is then within BTP-14 f ) i
\/
3 instructed upon how to do the review of that particular 4 document and what characteristics to look for when they 5 review that document. l l
6 So that's what Jim is going to walk you l l
7 through tomorrow. j 8 MEMBER APOSTOLAKIS: That's good. i l
1 9 MR. WERMIEL: Isn't that fair, Jim? l 10 CHAIRMAN MILLER: Then I'll ask a question 11 that will maybe be answered tomorrow and not necessarily 12 today. If the designer meets the acceptance criteria 13 specified in the BTP-14, it doesn't matter what reference t
f'x l i
U' 14 he looks at?
15 MR. WERMIEL: Basically that's true. The 16 reviewer is going to be focused on what's in the BTP.
17 CHAIRMAN MILLER: Right..
18 MR. WERMIEL: What's in the SRP. Remember 19 that the SRP is not intended as a design document, even l
20 though it's probably good for the designer to make sure l
21 that what is covered in the Branch Technical Position has l
22 been incorporated in his design, since that's what he will 23 be reviewed against.
24 MR. CHIRAMAL: For example, the B&P plan, the (u./ ) 25 acceptance criteria is here. But for the details of the NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHCDE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
96 1 plan itself, he's got to go to the Reg Guide.
rs 2 MR. WERMIEL: That right.
k~
3 CHAIRMAN MILLER: No, I'm asking does he have 4 to go to the Reg Guide or can he go to --
5 MR. WERMIEL: Well, I think you still need to 6 go to the Reg Guide because -- go ahead.
7 MR. GALLAGHER: I'm just reading one -- Jim 8 should be the one that answers. I'm just looking, for 9 instance, on page 14-11 --
10 CHAIRMAN MILLER: Fourteen eleven, okay.
11 MR. GALLAGHER: If you look under 12 organization, it says the lifecycle model should be i 13 documented in the plan, Reg Guide 1.173 which endorses,
~s 14 described acceptable methods of organizing. So, the !
1 15 criteria is here, guidance as to how one might meet the 16 criteria, he has to go to the Reg Guide.
17 MR. STEWART: You'll see, tomorrow when I walk 18 through it, that we believe that we have beefed up 3.1 and 19 3.2 substantially to bring the acceptance criteria forward 20 in the text of that document, but you cannot do these 21 reviews without knowing what's in the IEEE standards that 22 the Reg Guides are referencing. There is too much detail l 23 and we could not bring the thousands of pages into the 24 SRP.
/~'i 25 CHAIRMAN MILLER: That's what worries me when
(_,/
NEAL R. GROSS
( COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 2344 433 WASHINGTON, D C. 20005-3701 (202) 234-4433
97 1 you say thousands of pages.
s 2 MR. STEWART: You do need to have the detail 3 and the training in those IEEE standards to do these 4 reviews.
5 MR. WERMIEL: Yes, I don't know that it's 6 thousands of pages b ~ -- there are a substantial number 7 of pages within the standards.
8 MR. STEWART: I'm not exaggerating the number.
I 9 Reg Guide --
10 MR. CHIRAMAL: Some of the Reg Guide --
11 CHAIRMAN MILLER: Ten seventy four is not 12 thousands, but certainly --
13 MR. WERMIEL: Long, ten twelve is pretty long.
?
\~J 14 CHAIRMAN MILLER: You are saying the designer 15 could not have sufficient guidance out of 7-4.3.2 combined 16 with ASME to do this?
17 MR. STEWART: I believe not. I believe he 18 would be struggling if he did not have additional 19 background and knowledge of the industry.
20 MR. WERMIEL: Yes, I think 7.4.3.2. is a very 21 high level document for the most part.
22 MR. CHIRAMAL: Seven four three two, itself, 23 it references these same Reg Guides so establish that the 24 Reg Guides --
7.
( ) 25 CHAIRMAN MILLER: I heard 6101 is -- I agree NEAL R. GROSS COURT REPORTEflS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
l (202) 2344433 WASHINGTON. D C 20005-3701 (202) 234-4433
98 1 6101 provides a lot of guidance. Could you then do it c 2 with 6101 alone and not have the Reg Guide?
l )
3 MR. STEWART: Sixty one oh one, I believe, 4 gets you clcser, but I still do not believe it addresses 5 all the specifics of all the various topics you need to 6 address.
7 CHAIRMAN MILLER: Okay, well, I don't want to 8 sidetrack us too much today. I'll just give you hints of 9 the questions I may be asking tomorrow.
10 MR. WERMIEL: Okay.
11 MR. QUINN: Three questions in a row usually 12 points to a concern. Right? And that's -- that issue 13 relative to the importance of Reg Guides is the root 14 issue. Right? Can you do Has without them?
15 CHAIRMAN MILLER: Well, really the root issue 16 is the Reg Guides endorse standards 'which are very, could 17 be very valuable. The Reg Guides seem to me that 18 basically tell you what Appendix B says to change the 19 standards. Or to change the standard according to 20 Appendix 8.
21 My concern is, I think and also that somewhat 22 Dana Powers has given me a lot of comments, is do the Reg 23 Guides then tell you what does not have to be done, 24 according to Appendix B?
T 25 MR. CHIRAMAL: No.
]
l NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 132@ RHODE ISLAND AVE., N.W. l (202) 234-4433 WASHINGTON D C. 20005 3701 (202) 234-4433 l I
99 l
1 MR. WERMIEL: I think, correct me if I'm
,3 2 wrong, Matt, we would assume that the inverse would also
- (' j) 3 be the case. If you had a system that did not have to 4 meet Appendix B, then you are not directed to, or you 5 don't need to necessarily consider this guidance in this 6 way.
l 7 CHAIRMAN MILLER: What I'm really saying, that 8 the standards may include things that do not have to be 9 done according to Appendix B.
10 MR. STEWART: We specifically reviewed a few 11 particular standards that we were considering endorsing.
i 12 For example, IEEE standard on hazard analysis. And we l
13 specifically did not endorse that because we felt that the I
/~'N l k-) 14 benefit it returned was not worth the pain and cost 15 incurred to do that work. So we did a modified version of ,
1 16 it and put it in 7.4.3.2. So we have specifically not 17 endorsed any standard.
18 CHAIRMAN MILLER: The curious thing, the ones 19 we are recommending endorsement looked at closely and 20 there is very little in there that is not, that is in 21 there that is not required by Appendix B.
22 MR. WERMIEL: Well, if it wasn't we would have 23 taken an exception or made a clarification in the Reg 24 Guide.
(m) 25 MR. STEWART: Well, I'd clarify that a little NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
100 1 bit too. Those standards were not written for nuclear. l l
,7 si 2 CHAIRMAN MILLER: That's really the --
'~
3 MR. STEWART: So the exemptions, or the 1
4 clarifications that we put in the Reg Guides were for 5 things that the standards would allow relaxations where we 1
6 would not, for example, for a safety system. But the l l
7 standards are written with a lot -- when we write these 8 standards we are very careful about what get's labeled as 9 a "shall", what gets labelled as a "should" and what gets 10 labeled as a maybe " good additional guidance beyond that." i 1
11 So the shalls would be something that when we l l
12 were doing the review we would expect to see. The shoulds 13 would give a good indication that they know what they are c i
\~/ 14 doing. The mays, there is all kinds of different ways 15 they may implement that.
16 But the basic premise that I use is that GDC-1 17 says you shall use the appropriate codes and standards.
18 And those Reg Guides are our list of what we think that 19 appropriate set of codes and standards would be.
20 CHAIRMAN MILLER: Okay, well, we will have 21 lots of discussion probably tomorrow.
22 MR. WERMIEL: Probably.
23 MEMBER APOSTOLAKIS: Yes, one other, I mean 24 the case I used as an example when we were discussing this
/~%
i,% )' 25 issue of specificity, was V&V. And I tried to go Lack to NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISt.AND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l l
101 1 the standards that were cited in the earlier version. And s 2 it seemed to me that it was cyclical. That would take you
/ \
( "
/
3 back, you know, after you go through several pages, not 4 thousands, but a number of pages, then you realize that 5 they are sending you back to the beginning. Can we 6 discuss this tomorrow? I mean, can you guys --
7 MR. CHIRAMAL. Yes, we sure can.
8 MR. WERMIEL: Yes, we can.
9 CHAIRMAN MILLER: The objective tomorrow is to 10 walk us through to show that indeed your concern is 11 addressed by using this --
12 MEMBER APOSTOLAKIS: But I would like some 13 time to specifically spend on this issue.
/ \
U 14 MR. CHIRAMAL: Yes.
15 MR. WERMIEL: And we can specifically talk 16 about the V&V plan.
17 MEMBER APOSTOLAKIS: This is the beginning of 18 a beautiful friendship.
19 CHAIRMAN MILLER: Only those that have been 20 around awhile really appreciate George's comment.
21 MR. CHIRAMAL: Another ACRS comment was that 22 we should have a look at that draft Reg Guide by the 23 Canadian Atomic Energy Control Board on software 24 protection and protection of control systems, particularly A
( ) 25 in the use of formal notation of software requirements NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
102 1 specifications. And as part of the package that we sent
,- 2 to you, we had reviewed this document back in 1996 at the o s i /
3 request of the EDO.
4 And in general we had said that this, the 5 staff position taking in the draft SRP were very much in 6 line with the draft Reg Guide provided by the Canadians.
7 And as far as the formal notation goes, we have, in the 8 Appendix 7.0.A, provided additional guidance on formal 9 methods --
10 MEMBER APOSTOLAKIS: Let's find it.
11 MR. CHIRAMAL: Seven zero A seven.
l 12 MEMBER APOSTOLAKIS: I'm sorry. Say that 13 again?
I')
\m / 14 MR. CHIRAMAL: Seven zero A dash seven. ,
1 15 CHAIRMAN MILLER: So the only significant 16 thing you found out of that guide that needed effected a l
l 17 change was on formal method.
18 MR. QUINN: Well, your actual attachment, 19 Attachment 14 --
20 MR. CHIRAMAL: Yes, that's next to the last.
21 MR. QUINN: Attachment 14 to our package is 22 your formal review, and it's got a table that's very well 23 done in looking through. And I tPought the one, or one of 24 the comments was on COTS that you did know a change to r
(N) 25 Section 7 on recognizing the work that's been done on NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
103 1 COTS.
,-- 2 MR. CHIRAMAL: Yes, that's right. We did do l \
3 that.
4 MEMBER APOSTOLAKIS: So this is an addition 5 now. You added that?
6 MR. CHIRAMAL: Yes.
7 CHAIRMAN MILLER: So, it's on 70A-7.
8 MR. CHIRAMAL: Seven -- the second last on the 9 last paragraph and continues on to the next paragraph.
10 First paragraph in 70A-8.
11 CHAIRMAN MILLER: And we'11 have more detail 12 on this tomorrow.
13 MR. WERMIEL: Yes, we're going to talk about U 14 formal methods tomorrow. We can even, if you'd like, 15 bring you up to speed on the Canadian's approach for 16 example, currently with regard to formal methods. We just ,
17 had our four party meeting last week, and they informed us 18 about some definite problems that they are having with the 19 use of formal notation or formal methods.
20 MEMBER APOSTOLAKIS: Yes, but I might add we 21 never really urged you to use formal --
22 MR. WERMIEL: Oh, I understand that. But --
23 MEMBER APOSTOLAKIS: There is a difference.
24 MR. CHIRAMAL: And the phrasing here is --
(~%
) 25 MEMBER APOSTOLAKIS: I just read them quickly, NEAL R. GROSS COURT P.EPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
104 1 and it seems to me these are at the right level of
,_ 2 specificity. This, you don't want to lose the end --
1 i
\ /
' ~ '
3 MR. WERMIEL: No.
4 MEMBER APOSTOLAKIS: -- blessings by becoming 5 too specific.
6 CHAIRMAN MILLER: Yes, I want to concur. I 7 thought the review of this was well done and I also 8 thought that you really provided them good guidance on how 9 they might improve their guidelines. I thought it really l 10 overall, BTP-14 and other parts of our guidelines were i
- 11. somewhat superior to what they had, their draft.
l 12 MR. WERMIEL: They told us that last week. l l
13 That they thought in some respects, because the NRC, the
's-) 14 U.S. NRC is so used to developing guidance and criteria 15 where they are not, we have an advantage in that respect.
16 And they appreciated our comments, and they are still 17 struggling with that draft Reg Guide themselves. They 18 haven't progressed with it yet.
19 CHAIRMAN MILLER: I think overall 20 organizational wise and our approach and so forth, the 21 guidance we are providing is somewhat clearer. That 22 didn't mean the concept they had was necessarily inferior.
1
! 23 I thought the guidance was clearer that we provide.
24 MEMBER APOSTOLAKIS: I think you guys have (n)
\J 25 been very responsive. I mean, the stuff that you have on NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS i 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
I 1
1 105 l
1 page A-8 is exactly what I had in mind. I mean, you give I
, 2 some benefits, you list some benefits from using formal i s..
Y'~ )
3 methods, and then you say, but look, there are other .
1 4 things that these methods cannot do. And that's fine. ,
5 That's fine at this point. You don't have to solve the I
6 world's problems where.
i 7 MR. WERMIEL: We hope not. )
I 8 MEMBER APOSTOLAKIS: So I would say this is i
9 very responsive to my question. That's good. I thought, l l
10 at that time, though, you were more negative.
i 11 MR. CHIRAMAL: We were not negative. We 12 thought --
l 13 MR. WERMIEL: We didn't think we were
(~x (V )
14 negative. l 15 MR. CHIRAMAL: -- the completeness and 16 entirety can be flexible enough to accommodate formal 17 methods too. !
18 -
MEMBER APOSTOLAKIS: But you see, there is l 19 also another message you are sending here. That you are 20 open to these new ideas. And so that's very important.
21 So somebody now can try something and come to you and 22 argue with you. So this is real nice. I'm very pleased l
23 to see this.
24 MR. CHIRAMAL: There was one National Academy
(
25 of Science and -- you notice I use the word U.S. NRC here
()
- NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS j 1323 RHODE ISLAND AVE., N W.
! (202) 234-4433 WASHINGTON, D C. 2000S 3701 (202) 2344 433
106 1 because the National Research Council, NRC, as far as the l
,3 2 study goes. Where we thought we could, many of the 3 recommendations by the NAS study had already been I l
4 incorporated in the SRP, Chapter 7. But there was one l 1
5 area which we thought we could beef up more and that was 6 the area of guidance on diversity where the report j 7 suggested that should not base reliance on differing 8 programming language, differing design approaches, meeting l 9 safety requirements, our different design teams are using 10 different vendors as a means of saying that is sufficient 11 for diversity.
12 Rather the U.S. NRC should emphasize j l
13 potentially more robust techniques, such as the use of e,_s
( )
'-' 14 functional diversity, different hardware, different real 15 time operating systems. And in HICB-19 which is our BTP 16 on diversity on defense-in-depth, we have added words to l
17 make clear that we are looking at a combination of 18 diversity aspects to make up complete diversity of 19 product.
20 CHAIRMAN MILLER: And a major part of that 21 chang is on page 19-5 then?
22 MR. JOHNSON: Yes, that's right.
l 23 MR. CHIRAMAL: Yes, 19-5 page. Now there was 24 some other recommendations by the NAS like getting into
/~
(,,T) 25 early contact with the licensee on changes. In Section NEAL R. GROSS l
COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE , N W.
i (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
1 107 1 7.0A we already had words to that effect. We beefed it up
, 2 a little bit more.
\ }
3 MR. QUINN: This is part of a larger comment 4 that they provided, that they disagreed -- let's see, the 5 issue of different design teams following the same 6 software requirement spec can potentially come up with the 7 same errors.
I 8 MR. WERMIEL: That's correct. !
9 MR. QUINN: Did you agree with that I
10 conclusion? Or disagree with that conclusion? Did you i 11 leave it in that you can still --
12 MR. CHIRAMAL: In fact, one of the bullets on 13 page 19-5 addresses that. It says, for example, with Cx,
- 14 respect to software diversity, experience indicates that i
i 15 independence of failure modes may not be achieved in cases 16 where multiple versions of software are developed to the 17 same software requirements. Other consideraticas such as 18 functional or signal diversity that can lead to different 19 software requirements, form a strong basis for diversity.
l 20 MR. WERMIEL: That's not new, either, Matt.
21 That was always there, wasn't it?
l 22 MR. CHIRAMAL: That was there, we just 23 emphasized it a little bit more when we rewrote that 24 section of the BTP.
r"x
( ) 25 MR. QUINN: Okay.
s/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
108 1 MEMBER APOSTOLAKIS: I'll betray my ignorance
,_s 2 here. If I used different programming languages,
/ \
\ )
'~'
3 different design approaches, different design teams, 4 different vendor equipment, I'm not using different 5 hardware and different real time operators? l 6 MR. CHIRAMAL: You may not.
7 MEMBER APOSTOLAKIS: You may not.
8 IIR . CHIRAMAL: That was a point NAS NRC report 9 suggested. And that's all I have for the --
10 MEMBER SEALE: I notice you resisted the 11 temptation to use the phrase diverse diversity.
12 MR. WERMIEL: Boy, I wouldn't even know what 13 that meant.
\s/l 14 MEMBER SEALE: Oh, it's'very clear.
15 MR. CHIRAMAL I think the next point on the 16 agenda is the Office of Research --
17 MEMBER SEALE: So where are we?
18 MR. CHIRAMAL: -- of the Reg Guides.
19 MR. MARKLEY: You are at the end of the day's 20 agenda.
21 MR. CHIRAMAL: No, there is the Reg Guide.
22 MEMBER APOSTOLAKIS: So are we at 3:00 p.m.?
23 MEMBER SEALE: You had lunch and didn't know 24 it.
,a (w/ ) 25 MEMBER APOSTOLAKIS: Seriously, the bullets NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 2344433 l
109 1 are sort of difficult.
rs 2 MR. MARKLEY: Well, do the individual members
/ i s.
3 --
4 MEMBER APOSTOLAKIS: Reconciliation of public 5 comments, Regulatory Guides?
6 MR. WERMIEL: That's where we are.
7 MEMBER APOSTOLAKIS: Isn't that supposed to 8 start at 3:15?
9 MR. MARKLEY: That's right. That's where we 10 are George.
11 MEMBER APOSTOLAKIS: Isn't it the rule that 12 you have to wait until 3:15?
13 MR. MARKLEY: That's right, you are supposed
(~
i.s/ 14 to wait until 3:15. I would suggest we recess, and let me 15 consult with our management here to see if there is 16 something we can do. Because it makes no sense to wait 17 all day for something like this.
18 MEMBER APOSTOLAKIS: We certainly have other 19 things to do.
1 20 MR. QUINN: There is a lot of other things 21 that -- I think we deferred some of the review of public 22 comments because we haven't been given the written I
23 response to some of the public comments. Isn't that what 24 we talked about?
,. , l 25 MR. CHIRAMAL: Which public comments?
r (v) I i NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
110 1 MR. QUINN: It's on the draft SRP Chapter 7.
f- y 2 Is that not true?
( )
3 CHAIRMAN MILLER: Those are the only ones --
4 we have the detailed public -- 1 5 MR. CHIRAMAL: We have --
6 MR. WERMIEL: We have addressed every public 1 1
7 comment. ;
I 8 MR. CIIIRAMAL : Every public comment.
9 MR. WERMIEL: Okay, which one did we miss?
1 10 MR. QUINN: I haven't -- I guess -- ;
l 11 MR. CHIRAMAL: Oh, no, wait a minute, the 12 public comments on the Reg Guide, that's for 3:00. ;
1 13 MR. MARKLEY: What they are talking about is '
\
kj 14 the document that you had that matrix, the changes you 1
15 made within the context of the SRP rather than a general 16 discussion of it. Such that they can see it on paper.
17 MR. QUINN: Okay, when in this bullet that 18 says, well the selected ACRS Subcommittee issues in the 19 Phase II study, I only saw one of those. Are we going to 20 discuss any others?
21 MR. CHIRAMAL: Tomorrow, the NAS study will be 22 discussed tomorrow. The disposition of all the comments.
22 MR. QUINN: Well, then --
24 MR. CHIRAMAL: Today we focus on the SRP
,q s ) 25 Chapter 7 comments.
NEAL R. GROSS CoVRT REPORTERS AND TRANSCRIBERS l
1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
111 1
1 MR. QUINN: One of the issues I was going to j
,. m 2 ask Dr. Miller on is there is a memo in here on user needs j
! \ l
/
3 going to research, user needs on items that are important.
4 And I was going to ask if we could talk about that at some l 1
5 point. I don't know when is appropriate but --
1 6 CHAIRMAN MILLER: That's be in the context of 7 one of the National Academy --
8 MR. QUINN: Well, that was the ten or so items I
9 that, in one of our attachments here, maybe Attachment 15 l 10 -- ,
1 11 MR. STEWART: Yes, we sent a list of ten users 12 needs over to, from NRR over to the Office of Research. i l
13 They have since responded, and I'll get a copy of that ,
3 1
, i n/ 14 response to you at lunch. )
i 15 MR. QUINN: If this isn't an appropriate time, j 1
16 then I would ask for consideration of when is an )
i 17 appropriate time. But the discussion of these points is l
18 in my mind, extremely important. Because what it does is 19 it takes and puts in real time the issues of the National 20 Academy study and what things are critical.
21 MR. CHIRAMAL: We'11 be discussing the 22 National Academy of Science study tomorrow.
23 MR. QUINN: Maybe I'm concerned that tomorrow 24 is going to get so stacked up that -- we won't have, if we
.7
) 25 were going to move something up, I would sure like to NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINCTON, D C. 20005-3701 (202) 234-4433
112 1 spend some time on that particular subject.
2 MEMBER APOSTOLAKIS: Can we do that, Mike? l 7
k )
3 Can we move things from tomorrow to today?
4 CHAIRMAN MILLER: Wait, I'm confused now about 5 this --
6 MR. MARKLEY: Typically no. But if you 7 announce things at the beginning of a meeting, you can 8 change things on the agenda. Okay? So, considering how 9 few public participants we have here today, which is five, 10 maybe, maybe one or two. Again, I'll have to consult my 1
11 management. Typically we can't do that because of factor j 12 reasons. You've announced something, it's been published 13 in the Federal Reaister and people may be only planning to (o)
's / 14 attend and hear one session.
\
15 MEMBER APOSTOLAKIS: Yes.
16 MR. MARKLEY: So, all the more reason to build 1
17 a good concise agenda. But, nevertheless, that's where we l
18 are. I would suggest -- Dr. Miller provided a memo with l l
l 19 some issues. Now would be a good time to go through some 20 of the issues if you have them, in the SRP itself or in 21 the National Academy study related to the SRP. I mean, if 22 there are individual member issues that you want to 23 report. I mean, Dr. Miller provided a memo that detailed 24 some of those --
(y
) 25 CHAIRMAN MILLER: I thought that's what we NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C 20005-3701 (202) 2344433
113 1 were going to do next. Weren't we?
, 2 MR. MARKLEY: That's on the agenda, even i
i 3 though it's still on the agenda for after lunch.
4 MR. QUINN: Which attachment is that?
5 CHAIRMAN MILLER: It's a memo, the staff 6 requested that we identify issues in the National Academy 7 study -- the NRC study, I'm sorry, that we specifically 8 wanted to have detailed discussion on.
9 MEMBER APOSTOLAKIS: Well, shouldn't that be 10 combined with the discussion on the National Academy?
11 MR. CHIRAMAL: Yes, I was planning to do that, 12 when we discuss the National Academy of Science report 13 tomorrow, emphasize the points you raised. We would have 14 a discussion on that.
15 MR. WERMIEL: But it is an extension of the 16 agenda item --
17 MR. MARKLEY: Here today.
18 MR. QUINN: Don, that's your February 21st 19 memo?
20 CHAIRMAN MILLER: Right, no , no, it's the May l
21 22nd memo.
22 MEMBER APOSTOLAKIS: I think the real thing 23 now is for Mike to consult with management whether we can 24 move some of the items from tomorrow to today, Because I
) 25 also would like to leave a little early tomorrow. That is u
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 254-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
114 1 -- 1:30 --
l 7 .3 2 MR. MARKLEY: Looking at the way this is I i )
3 progressing, I don't see any reason why that won't happen.
4 MEMBER APOSTOLAKIS: So if we can do that. I i l
5 mean it's only 15 minutes to the scheduled lunch break, l
6 We are supposed to recess at 11:30. l 7 CHAIRMAN MILLER: Right. Why don't we have a 8 lunch recess until -- l l
9 MEMBER APOSTOLAKIS: Twelve thirty. I 10 CHAIRMAN MILLER: -- twelve thirty and at that ;
11 --
)
12 (Whereupon, the foregoing matter went off the l 13 record at 11:22 a.m. for a lunch break.) I r- g
s_dI 14 15 16 17 18 19 20 21 22 l 23 24 e's
(%,7 ) 25 NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N W.
! (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433
115 1 A-F-T-E-R-N-O-O-N P-R-O-C-E-E-D-I-N-G-S
,~\, 2 (12:41 p.m.)
! \
l CHAIRMAN MILLER:
~
3 I'd like to reconvene the 4 subcommittee meeting on instrumentation, controls and 5 computers in nuclear power plants. And we will proceed l 6 ahead with the next item on the agenda which is titled the 7 selected ACRS subcommittee issues related to the National 8 Academy slash National Research Council Study or Digital 9 INC.
10 I would encourage all to have raised issues if 11 they feel they should be raised, but to get things 12 started, I put together a memo which I hope all of you 13 have. I did have input on this memo and specific issues I q
(_) 14 felt should be addressed that came from this study. There 15 are issues that I as Chair had concern about, issues I 16 felt I anticipated others on the committee might have 17 concern about. So with that bit of background, these 18 issues are listed in the memo, just one by one, stepping 19 through each of the technical issues and each of the 20 issues under the strategic issues. So there's eight 21 issues. I also chose to go beyond recommendations. There 22 are several places where actually conclusions are almost l 23 like recommendations so I chose a few of those in addition 24 to the recommendations, so I hope the staff was able to p_)
i 25 deal with that okay, v
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W, (202) 234-4433 WASHINGTON, D C 20005-3701 (202) 234-4433 l
116 1 With that bit of background, I would say we f s., 2 should forge ahead and Jerry -- is Matthew going to take N] 3 this too?
4 MR. WERMIEL: Well, what I was going to ask 5 you what we had prepared for tomorrow and what we could do 6 is -- Matt can go through staff dispacition of the 7 specific topic area where you have shown interest and in 8 the course of going through that, if we don't address what 9 you've identified here, we can talk about it. Otherwise, j 10 what I think Matt had already planned to do was in his ;
I 11 comments he was going to try to address ut r reaction to 12 the specific things that you had identified here.
13 Is that fair, Matt? (
\~- 14 CHAIRMAN MILLER: Well, the idea was for us to 15 specify the key areas of interest. That doesn't 16 necessarily mean you would eliminate other things.
17 MR. WERMIEL: No.
18 CHAIRMAN MILLER: So you could focus your 19 attention maybe more on these issues.
20 MR. WERMIEL: In our discussion, we were 21 basically going to be paraphrasing the disposition that 22 you've seen in the specific memorandum, but we can, in our 23 discussion of th_', focus on what you're saying or what 24 you've highlighted here in your memo.
( ,)
25 CHAIRMAN MILLER: Of course, on the other NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C, 20005-3701 (202) 234-4433
117 1 hand, you may feel there are other issues you should focus c.s 2 on too.
(\ I 3 MR. Wh.RMIEL : I think we do in some cases and 4 I think that will be shown on the slides. What we have is 5 a slide that I think provides our disposition of each and 6 every one of the recommendations per se.
7 CHAIRMAN MILLER: So you're going to walk us 8 through the disposition?
9 MR. WERMIEL: Yes.
10 CHAIRMAN MILLER: With added verbal emphasis 11 on the issues that are raised in my memo?
12 MR. WERMIEL: Yes, and then we can discuss 13 anything that you think needs additional discussion based
,~~
kj 14 on either what we say or your reaction to the Phase 2 15 report.
16 CHAIRMAN MILLER: And I would certain 17 encourage all committee members as well as our guests to 18 not be reluctant to ask questions.
19 This is fairly informal.
20 MEMBER APOSTOLAKIS: Does Christine have a 21 conflict?
22 CHAIRMAN MILLER: Well, I think only in one 23 area.
24 MEMBER SEALE: On the other hand, she can be
() 25 very helpful to us if there are questions of factual l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433 l
i
i 118 l 1
1 1 nature that come up and I'm sure there will be. j l
,._s 2 CHAIRMAN MILLER: I think my interpretation of b l x
3 conflicts would only be of most concern if we were to 4 write a letter on all of this. If she were part of the i 1
5 letter writing group. Maybe Mike can clarify that. ;
1 6 MR. MARKLEY: The key point here is she's here 7 representing NSRRC. She did also serve on the NAS/NRC 8 Study. She does have a conflict of interest there. As 9 long as she does not participate in any consensus building 1 1
10 part of your deliberations, therc's no problem. She can )
11 , offer factual information. She cannot offer opinions and 12 that's where we are. That's the ground rule. I 13 MR. WERMIEL: Okay, i s l s- 14 CHAIRMAN MILLER: So I'd now encourage all of 15 you to --
16 MEMBER APOSTOLAKIS: What if we ask questions 17 though of clarification and so on?
18 MR. MARKLEY: Yes, certainly she can 19 participate and share information and insights, but she 20 has to recognize and demonstrate self-control in terms of 21 the resolution of things.
22 MR. WERMIEL: One thing also, in the package 23 that you're going to get of Matt's presentation which 1
24 dispositions the recommendations from the study, because
) 25 this branch focuses instrumentation and control systems, NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20035-3701 (202) 234-4433
119 1 we don't have a slide that goes to technical issue No. 5
.s 2 which talks about the human-machine interface.
3 I know you had a comment on one aspect of 4 that, I believe. If we want to talk in detail about the 5 human machine interface and any of the disposition of that 6 particular technical issue, our human factors people are 7 prepared to come over to support us in that.
8 CHAIRMAN MILLER: So basically today, we're 9 going to skip technical issue 5?
10 MR. WERMIEL: Yes. 1 11 CHAIRMAN MILLER: And I'll expect two Members 12 here might have more questions than I have.
13 MR.. WERMIEL: And if those come up, what we'll do is C\
\s l 14 we can call over to Cecil Thomas and have him come over 15 with his people.
16 CHAIRMAN MILLER: So at this point, I would 17 encourage everybody to find the staff -- the memo on staff 18 disposition of issues near the end of your large notebook 19 here. It's almost the last thing in the notebook, I 20 believe.
21 MR. WERMIEL: Yes.
22 CHAIRMAN MILLER: So that's what they're going 23 to walk us through.
24 MEMBER APOSTOLAKIS: So this is disposition of (n) 25 the academy's comments?
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE,, N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
I 120 1 MR. WERMlEL: Yes, this is the staff's l
<s 2 disposition of the staff's reaction to the recommendations j
[ I U'
3 --
4 MEMBER APOSTOLAKIS: The academy -- ,
l 5 MR. WERMIEL: In the NRC/NAS Phase 2 report.
i 6 MEMBER APOSTOLAKIS: Yes. i l
l 7 CHAIRMAN MILLER: You also have the memo that l
8 I put together which itemized those I felt we should have l l
9 most concern about. 4 10 Now you have three pieces of paper to keep 11 track of. But one of the key issues of being an ACS I 12 member, you have to at least keep track of 10 at once. ,
1 1
13 MR. QUINN: Can we go over what the three are !
l
['s-)T 14 again?
15 CHAIRMAN MILLER: Okay, the staff has what 16 they call staff disposition or recommendations in the NAS 17 study on digital INC.
18 MR. QUINN: Is that this one?
19 CHAIRMAN MILLER: Dated March 26, 1997.
20 That's almost the last thing in the book.
21 MEMBER APOSTOLAKIS: And there is a memo by 22 'Dr. Morrison.
23 CHAIRMAN MILLER: It's from Morrison to 24 Callan. And then I put together at the staff's request, I (y,,) 25 thought it was a good idea, those issues out of the study NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433 1
121 l 1 I felt this committee should have most interest in and
,y 2 concern with. That was based on our meetings with the t )
~
3 study panel and further conversation.
4 The third piece of paper is the overheads that 5 are going to be used for the presentation over the next 6 hour6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> or so. Okay?
7 Everybody got their papers in line now?
8 Tennessee, you're slow.
9 MR. WERMIEL: Yes. ,
1 10 CHAIRMAN MILLER: Is Matt going to take the 11 lead on this now?
12 MR. WERMIEL: Yes.
13 CHAIRMAN MILLER: Matt, your on the hot seat 14 again.
15 (Pause.)
16 MR. QUINN: In the human factors arena, 17 there's three different formats to this and I'm just 18 wondering, you focused on some of them, but not all of 19 them. Are you going to cover all of them?
20 MEMBER APOSTOLAKIS: Yes.
21 CHAIRMAN MILLER: No, they're going to skip 22 that one today.
23 MR. WERMIEL: What we were going to do with 24 the slide package you have is the disposition of all the ty i s,) 25 technical issues with the exception of technical issue 5 )
l NEAL R. GROSS COURT AEPORTERS AND TRANSCR!BERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
1
122 1 which deals with the human-machine interface. j l
.rm 2 That one, we were not going to address because i V 3 that really focuses on a different group of people in NRR, 4 but they are available if there are questions that come up j 5 on the disposition of that topic.
6 MR. QUINN: So you're going to use the slides i
1 7 to take us through this? '
8 MR. WERMIEL: Yes.
9 MR. QUINN: And Dr. Miller's memo and stuff )
10 will focus extra emphasis on particular areas, right? )
I 11 MR. WERMIEL: That's right. i l
l 12 CHAIRMAN MILLER: Now you've got to remember, 13 my memo reflected not only my interest area, desired focus l l
O('O 14 area, but reflected what I thought might be other 15 committee members. I encourage those members to intercede 16 as appropriate.
17 MR. CHIRAMAL: I was going to focus only on 18 Dr. Miller's memo and use the slides as a docking point.
19 CHAIRMAN MILLER: Good.
20 MR. CHIRAMAL: And tomorrow we'11 go through 21 the whole thing, except for the human factors.
22 CHAIRMAN MILLER: That might be the best bet, i
23 Matt, beside we'll get too bogged down otherwise.
24 MR. CHIRAMAL: Because we've got the same s
( 25 thing on the agenda for tomorrow.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433
123 l l
1 CHAIRMAN MILLER: WE can almost be done with l
-3 2 tomorrow today. i s ;
} i
~
3 MR. WERMIEL: I hope. l l
4 MEMBER APOSTOLAKIS: We did this, right? Did 5 we do this?
6 MR. WERMIEL: Where are you?
7 MEMBER APOSTOLAKIS: We did this.
8 CHAIRMAN MILLER: See, I've got to figure out 9 where you are here.
10 MR. CHIRAMAL: This is the technical issue 1 l
11 and you had conclusion 4.
12 CHAIRMAN MILLER: Right.
13 MR. CHIRAMAL: Existing regulatory guidance
, i
_' 14 lacks specificity and needs to be effective. We think we, 15 with the revised BTP-14, we have the required specificity 1
16 in most of the areas.
17 MR. WERMIEL: This doesn't get to that though. l l
l 18 CHAIRMAN MILLER: Well, you don't have a slide 1
l 19 on conclusions, right?
20 MR. CHIRAMAL: No, we did not test the 21 conclusions.
22 CHAIRMAN MILLER: So the first item, I picked 23 up, was not a recommendation. It was a conclusion.
24 MR. CHIRAMAL: It was conclusion 4, it says
) 25 regulatory guidance lacks specificity needed to be NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
124 1 effective.
,7~ 2 CHAIRMAN MILLER: Of course, that's an issue l
\ .I 3 we'd all commented on over the course of many meetings. ;
4 MR. WERMIEL: I hope that we'll get to that in 5 somewhat more detail when we go through the BTP 14 walk 6 though with Jim Stewart.
7 CHAIRMAN MILLER: Okay, I would concur that we 8 should definitely wait until tomorrow.
9 MR. WERMIEL: All right.
10 CHAIRMAN MILLER: Now we're going to move to 11 technical issue 2, right?
12 MR. CHIRAMAL: Technical issue 2, right.
13 CHAIRMAN MILLER: Any other recommendations K_j 14 under issue 1 that anybody wants to bring up? Okay.
15 (Pause.)
16 Again, I picked out two conclusions in 17 addition to the recommendation, so I'll assume you'll 18 speak to those?
19 MR. CHIRAMAL: These slides are not going to 20 be talking about the conclusions because we focus on the 21 recommendations because the recommendations come from the 22 conclusions, based on the --
23 CHAIRMAN MILLER: Well, in most cases, but not 24 always.
g
( ) 25 MR. WERMIEL: We didn't feel, Don, that it was NEAL R. GROSS COURT RFPORTERS AND TRANSCRIBERS 1327 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 2344433
125 1 necessarily appropriate for us to address or deal with the fs 2 conclusion. We felt that the conclusion was what the NRC, I 1
, 1 '
\~~)
3 the NAS study panel would draw from their own internal 4 interactions. What we felt was more appropriate was the 5 action that they would then take to address to the staff 6 and that's what we focused on. That's in the 7 recommendations. !
l l
8 CHAIRMAN MILLER: I would concur, except I l 9 felt in a couple of places that a conclusion or two 10 focused attention on issues this committee had brought up.
11 For example, conclusion 1, we've already even talked about ,
l 12 today and that's where it says procedures typically l
13 monitor process comp.iance rather than product quality. !
,/~T 4 i
's /
14 MR. WERMIPL: That is a recommendation. And j 15 that's obviously somebody's opinion and we recognize that 16 opinion. The com*.iittee has described that as a concern of 17 theirs in the past as well. That's why I put it down.
18 MR. CHIRAMAL: Here again, we think by 19 revising BPT-14 to be more to focus on product as well as 20 the process be about the approach.
21 CHAIRMAN MILLER: That's another issue that I 22 think you'll address tomorrow.
23 MR. WERMIEL: Yes,I believe so.
l 24 CHAIRMAN MILLER: Okay.
,r")
(v ) 25 MR. CHIRAMAL: Then you have conclusion 8, NEAL R. GROSS
< COURT REPORTERS AND TRANSCRIBERS I 1323 RHODE ISLAND AVE N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 I
126 1 software is not more testable simply because the design I ,,m s, 2 has been implemented on the chip.
i 4
,/
3 MEMBE'R APOSTOLAKIS: Did we do this?
4 MR. CHIRAMAL: No.
5 MR. WEkMIEL: He's just reading conclusion 8.
6 Just take it off. Let's not even bother with our slide 7 package.
8 MEMBER APOSTOLAKIS: Let's go with Dr. Miller.
9 MR. CHIRAMAL: Where it's appropriate, we'll 10 use slides.
11 MR. WERMIEL: But we don't have specific 12 slides that address your comment, Dr. Miller.
13 CHAIRMAN MILLER: I think that issue, that
', m,
'J~
14 conclusion, I would presume is addressed in your -- some l 15 place it should be addressed.
1 16 Aren't you developing a position ASICs?
l 17 MR. WERMIEL: Yes, we are. l 18 MR. CHIRAMAL: but it's not in the SRP.
19 CHAIRMAN MILLER: That's right. The reason I l
20 put it down there is just so you could say, okay, this ;
21 conclusion you agree with and address it, make certain the l
22 committee understands you're going to address it. .
l 23 MEMBER APOSTOLAKIS: Which one are you talking 24 about?
n I.
w/
I 25 CHAIRMAN MILLER: Conclusion 8.
t l NEAL R. GROSS
( COURT REPORTERS AND TRANSCRIBERS i
1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l
127 2 MR. WERMIEL: We are definitely wrestling with 7s 2 Westinghouse and the Westinghouse owners group on that
.' \
'~'
3 very issue right now.
4 MR. STEWART.: We have a draft branch technical 5 already on A-6.
6 CHAIRMAN MILLER: That's the reason I put it 7 down, to let the committee know the conclusion and not the 8 recommendation is being addressed.
9 Now you can move on to your slides.
10 MR. CHIRAMAL: I can use Recommendation 1 and 11 the recommendation 1 says currently the USNRC's path is to 12 develop reg. guides that endorse with possible exceptions 13 of a variety of industry standards. And the
's l 14 recommendation goes on to say that we should issue 15 something like the regulatory guide that Canada's Atomic 16 Energy Control Board had issued. And we discussed that 17 some more this morning.
18 We think that what we have in the SRP is very 19 much in line with the Canadian approach also and we have 20 both the BTPs that are from independently from references 21 we culled together and formed the BTP, plus we do have the 22 reg. guides that do endorse standards.
23 MR. WERMIEL: And once again, this will be 24 further amplified on tomorrow when wt walk through BTP-14, A
25 how the reviewer uses the regulatory guides and why we (R.s)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.. N.W.
(202) 234-4433 WASHINGTON D C. 20005 3701 (202) 234-4433
128 1 think they're important, something that Jim will be
( r~s 2 addressing tomorrow.
< 1
~
3 MR. QUINN: The National Academy and the 4 National Research Council and the maintaining 5 independents, I don't know that they were aware of all the 6 activities that the staff were doing. Were they?
l 7 MR. WERMIEL: Yes, they were. We told them in i
8 quite a lot of detail what was going on within the staff 9 at the time. l 10 MR. QUINN: Well, I don't agree with this 11 recommendation.
12 MR. WERMIEL: Well, we didn't either. That's 13 why we say we disagree.
\j 14 It's one of the few we disagreed with.
15 MR. QUINN: Whether it's comment time or 16 whatever, I think it's appropriate to -- I think they're 17 doing the -- the staff is doing the right thing in this 18 approach. I think the memo that was done that summarizes 19 the comments from, that they took out of and made some 20 corrections based on the Canadian study, I think that 21 they've done the right thing. I'd be interested in more 22 background as to why the research council felt they shouTO 23 go this way instead of -- I see three things here that 24 should include review process, should include (a) nuclear
'(/n) m.
25 industry; (b) other safety related critical industries, NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005 3701 (202) 234 4433
129 1 and (c) both commercial and academic software communities.
2 I thought we did that.
i.
' ~ '
)
3 To me, I thought we did. Maybe they didn't 4 understand that.
5 MR. WERMIEL: We made that point.
6 MEMBER APOSTOLAKIS: But they are talking 7 about the peer review. Right? That's what it says.
8 MR. WERMIEL: Yes.
9 MEMBER APOSTOLAKIS: That if they decide to 10 develop these guidelines, the acceptance criteria, then 11 those should be reviewed by these three communities.
12 That's what they're saying.
13 So the real question is whether there is a
) i J 14 need to develop these -- focus on acceptance criteria 15 other than prescriptive solutions.
16 What exactly does that mean? Acceptance 17 criteria?
l l 18 MR. WERMIEL: It was kind of internally t
l 19 inconsistent to us to some degree.
20 MEMBER APOSTOLAKIS: Christine, can you j 21 explain?
22 MS. MITCHELL: The National Academy committee 23 looked at a variety of software quality and software 24 engineering methods and I think it's fair to say that
,-m
) 25 there doesn't exist one industry standard. There are many NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
130 1 standards and there's no reason, in fact, there's every 2 reason to acknowledge that the standards are not mutually x~/
3 consistent and the concern that we heard over and over 4 again was in developing plans to insure software quality, 5 what standard should we follow.
6 In the discussion that preceded this 7 recommendation talked about the need for concise 8 consistent guidance that didn't say do this, this, this 9 and this which would be prescriptive solutions. You need 10 five comments for every line of source code, but rather 11 acceptance criteria where demonstration and adherence to a 12 particular method was on the part of the software 13 developer.
-s 14 MEMBER APOSTOLAKIS: So acceptance criteria 15 refers to the product?
16 MS. MITCHELL: No, it could refer to the 17 process also, but understanding that there are competing 18 processes all of which save their best for developing l
l 19 software.
20 MEMBER APOSTOLAKIS: I guess it's not clear to 21 me, if you give guidance that refers to the process, 22 aren't you automatically prescriptive because you're 23 telling them how to do it?
24 MS. MITCHELL: No. I mean so if you say you p
) 25 have to have documentation " & your specifications and NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
131 1 your requirements, and your source code library, it l
,o 2 doesn't tell you what language, what documentation tool,
( )
v 3 how much documentation, etcetera, etcetera. And again, I
4 there's very different flavors of how you would develop 5 and assure quality in software.
6 MEMBER APOSTOLAKIS: So it's prescriptive up 7 to a certain point because acceptance criteria in the l
8 strict sense, at least in my own mind demonstrates that l 9 the product meets these requirements. I
)
l 10 CHAIRMAN MILLER: There's intermediate I l
l 11 acceptance criteria so you have to demonstrate these 12 things in the plant. )
13 MEMBER APOSTOLAKIS: Yes, but the moment you i
V) 14 go to that, it seems to me it becomes prescriptive. Am I 15 confusing acceptance criteria with performance?
16 MS. MITCHELL: You are. So the process of 17 developing software you can say you have to have 1
18 documented requirements. You have to have a matrix that 19 links requirements and specifications. You have to link 20 specifications to source code. It doesn't say how you do l 21 that.
22 MEMBER APOSTOLAKIS: So this would be then l
l 23 what?
24 MS. MITCHELL: In order to have software
,a
(,) 25 accepted, this is the process. This characterizes the l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433 l
132 1 process that you would have to go to.
,s 2 MEMBER APOSTOLAKIS: And you would call that?
I )
'~#
3 MS. MITCHELL: That would be acceptance 4 criteria, so it's very consistent with the FAA's software 5 engineering acceptanct criteria for flight deck software, 6 for example.
7 MEMBER APOSTOLAKIS: But isn't that what 8 they're doing? i 9 CHAIRMAN MILLER: It's very consistent with 10 BTP-14, too.
11 MEMBER APOSTOLAKIS: Yes, that's what the NRC 12 is doing, is it not? In fact, that was our complaint that l 13 they were not specific enough.
(~h
'/
- 14 MS. MITCHELL: Our committee was faced with 15 the situation that I see here which is we were looking at 16 all the documented past history with the standard review 17 plan being revised as we met. And so --
18 MEMBER APOSTOLAKIS: I understand that, but I 19 mean, at this point in time now, would this recommendation 20 still be offered by the committee? Because it seems to me 21 that this is what the staff is doing. Because, in fact, I 22 was the one complaining that they were not specific enough 23 and you are telling me now they should not be because 24 that's too prescriptive.
7-(g) 25 MS. MITCHELL: I think there's a fine NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 i
133 l 1 distinction here between the -- good software practices
,s 2 and the characterization of software practices and as I
( )
x/ l 3 understand it, you're talking about product. J 1
4 MEMBER APOSTOLAKIS: No , no, no. When we l l
5 reviewed the earlier drafts of the BTP-14 and other l 1
6 documents, what we saw there was you must have a plan, you 7 must do V & V and some description of how to do that and 1
8 references to standards and the IEEE and so on. And that 9 is process oriented. I complained at the time that this 10 was not specific enough. But now that I look at these I
11 recommendations and after the explanation that Christine 12 gave us, it seems to me that the Academy is recommending 13 that you do what you did.
/^'% 4 V 14 CHAIRMAN MILLER: No.
15 MEMBER APOSTOLAKIS: No?
16 CHAIRMAN MILLER: Yes, in a sense --
17 MS. MITCHELL: I don't think --
18 MEMBER APOSTOLAKIS: Well, let me understand j 19 this. Because they are not telling you what the plan 20 should have in it. They're telling you you should have a 21 plan.
22 MR. WERMIEL: Right, which is essentially --
23 MEMBER APOSTOLAKIS: Isn't that what you just 24 said, Christine?
e
-(O)m 25 MS. MITCHELL: Uh-huh.
NEAL R. GROSS
, COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433 l
1
134 1 MEMBER APOSTOLAKIS: So they are doing it.
- 2 MS. MITCHELL: I haven't reviewed all these
','~')
3 branch technical positions. I mean this is the first time 4 I've seen any of this stuff, so I can't tell you whether 5 they did or they didn't. I can only explain the intent 6 which was to reflect some coherent guidance so that given 7 best effort there would be some assurance that this is the 8 kind of process and product that would be acceptable.
9 CHAIRMAN MILLER: You want to specify 10 acceptance criteria in each phase of the development.
11 That's really --
12 MEMBER APOSTOLAKIS: But that was my 13 complaint. Now you are telling me that I was wrong.
(3
'w Y 14 CHAIRMAN MILLER: Now wait a minute, no, no.
15 MEMBER APOSTOLAKIS: I was complaining that I i
16 couldn't see acceptcnce criteria, that if I do this and 17 this and this, somebody will say you are a nice boy.
l 18 CHAIRMAN MILLER: I think BTP-14 always had it l 19 there. I think they reconfigured it so it was easier to l
20 understand.
I 21 MR. QUINN: I think they spent a lot of effort l
l 22 to respond to your comment to go that way.
23 MEMBER APOSTOLAKIS: No, yes, I'm not talking 24 about that --
A
() 25 MR. WERMIEL: From before.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON. D C. 20005-3701 (202) 234 4433
135 1 CHAIRMAN MILLER: I thought the first version 7x 2 had all those things in. I think the second version N] '"
3 spells it out much more clearly, although I haven't had a 4 chance to look at it.
5 MEMBER APOSTOLAKIS: I'm utterly confused now.
6 CHAIRMAN MILLER: No.
7 MEMBER APOSTOLAKIS: The way I understood what 8 Christine said was that you should tell the licensee or 9 the developer that you should have a plan and I'm using 10 this as an example, but you should stop there. Is that 11 correct? If you go beyond that and actually give details 12 as to what the plan should contain then you are becoming 13 prescriptive.
CHAIRMAN MILLER:
\_ 14 No.
l 15 MEMBER APOSTOLAKIS: See, that's the thing.
16 yes, no. What is the difference?
l 17 CHAIRMAN MILLER: I think the criteria should
! 18 say have a plan, should have these attributes in the plan, 19 but shouldn't tell you necessarily how to do the plan.
i l 20 MS. MITCHELL: Right.
21 CHAIRMAN MILLER: And I think the first l
22 version did have that, but it was kind of hidden in parts.
23 MEMBER APOSTOLAKIS: And the attributes are 24 what you would call acceptance criteria?
,9
- t. 25 CHAIRMAN MILLER: Yes.
%s)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
136 l 1 MR. WERMIEL: That's what I would call them.
I e- 2 MS. MITCHELL: So George, it's like you and me
%.j' l 3 saying you have to have an introduction, a conclusion and ,
1 I
4 references. I don't tell you you have to have three type l
5 A references and three type B references. You know, so l
6 it's a structure that meets certain criteria without 7 filling in all the blanks.
i 8 MEMBER APOSTOLAKIS: So the acceptance then I 1
9 criterion is the mere existence of what I'm telling you 10 you should have?
11 CHAIRMAN MILLER: Intermediate-wise, now wait 12 a minute -- l 13 MEMBER APOSTOLAKIS: That's not good enough. i 1
i )
l 14 CHAIRMAN MILLER: Intermediate-wise, yes. Now 15 the final acceptance criteria which I think was very well 16 done in both versions tells you what the products should 17 have and how it should be tested and --
18 MEMBER APOSTOLAKIS: No, no. We're talking 19 about the process. Just the process. So the acceptance 20 criterion is that my thesis has an introduction and a 21 middle and conclusions and a set of references, that's 22 all.
23 MS. MITCHELL: But you have for example some 24 characteristics that I gave you characteristics of a plan.
( ) 25 You have to back off a little bit as to what we're -- you NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
l (202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
137 1 know, in a waterfall model of software engineering, there f- 2 are phases, there are standard design artifacts or
( )
3 documents or source code associated with that and so the l
1 4 desire was to characterize the types of documentation that 5 would suggest good quality without specifying the content 1
6 or the process by which you got that content. l 7 MEMBER APOSTOLAKIS: Okay, so the last 8 question. Is the current set of documents that the staff l
9 has produced conforming with these recommendations in your l 10 opinion, Don? ,
1 11 CHAIRMAN MILLER: You know, I have to say now I I 12 haven't looked at the version of BTP. I think it does with 13 the exception -- I now have concern about the reg. guides
% 14 being too prescriptive on how to do things and too l
15 prescriptive on telling you how to do things that may not 16 even be correct.
17 MEMBER APOSTOLAKIS: Okay, now it seems to me 18 though --
19 CHAIRMAN MILLER: I have an old adage of a 20 manager should tell somebody what to do, but not l 21 necessarily how to do it. I think that's where you got I
! 22 hung up.
23 MEMBER APOSTOLAKIS: I think these words how 24 and prescriptive and so on are interpreted in different g.
25 ways by people. It seems to me that what I'm telling you
!t -)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234 4 433
138 1 that you should -- your process should have these phases, 2 I am already prescriptive, but you don't want to call that 7s i i 3 prescriptive, because I am telling you already how to 4 approach it at some level.
5 MR. WERMIEL: Yes.
6 MEMBER APOSTOLAKIS: As opposed to performance 7 based and product oriented.
8 CHAIRMAN MILLER: But it's no different than 9 in designing a piece of hardware, except the different 10 phases may be slightly different.
11 MEMBER APOSTOLAKIS: No, I understand that, 12 but I mean the word prescriptive is not interpreted the 13 same way by all of us.
kl 14 CHAIRMAN MILLER: I guess we're being 15 prescriptive on the phases or we're not trying to be 16 prescriptive on how to accomplish each phase.
17 MEMBER APOSTOLAKIS: I think that's exactly j 18 what we mean by all this.
19 CHAIRMAN MILLER: I believe we've always been 20 there and I think the BTP-14 as now rewritten makes it 1
l 21 much clearer. So now I'm getting more concerned about the 22 reg. guides giving us guidance on how to get there on each 23 phase. Is that true? Don't the reg. guides give us 24 guidance on how to do things?
- r~N
( ) 25 MR. CHIRAMAL: One acceptance method.
'w '
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433
( 139 l
1 CRAIRMAN MILLER: One acceptance method.
l ,s 2 MR. CHIRAMAL: The reg. guides give you one
, { \
! /
3 acceptance method of doing things.
4 MEMBER APOSTOLAKIS: So given then the comment 5 we just got and I think you guys concurred, that what you 6 are doing now is really in accordance with the 7 recommendation. Why do you say you disagree?
8 MR. WERMIEL: Because the recommendation 9 starts off with the premise, George, that we need to 10 develop a stand alone document to accomplish that and what 11 we're saying is no, we think we can take advantage of the 12 consensus standard building process to incorporate the 13 knowledge of other industries, of the academic
! A K/ 14 community,of the commercial community, of a whole lot of 15 others that are faced with the same issues that we're 16 faced with, in our development of criteria.
17 MEMBER APOSTOLAKIS: So your disagreement 18 refers to the --
19 MR. WERMIEL: Refers to the front end of the 20 recommendation.
21 CHAIRMAN MILLER: Right.
22 MR. WERMIEL: Yes.
l 23 MEMBER APOSTOLAKIS: Maybe that should be made 24 clearer.
()
,/~,
25 MR. WERMIEL: And also, I guess, I think we i NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
140
- 1 read acceptance criteria rather than prescriptive l
l 7m 2 solutions a little differently than I'm hearing this l
' )
t QJ 3 discussion.
4 MEMBER APOSTOLAKIS: I'm glad to hear that.
5 MR. WERMIEL: I'll be honest with you. We 6 were a little, we thought it was a little internally 7 inconsistent because on the one hand, it seemed to be 8 recommending that we focus on acceptance criteria which we 9 think to some degree has to be prescriptive. I think you 10 pointed that out in no uncertain terms in the course of 11 our meetings with you,but then on the other hand it says 12 don't be prescriptive, so we thought it was a little 13 inconsistent and we -- so we -- since the basic premise we
('v) 14 disagreed with, we just said we think we're on the right 15 track with what we're doing. That's how we got to where 16 we got.
17 MEMBER APOSTOLAKIS: It comes down to the 18 interpretation of the word prescriptive --
19 MR. WERMIEL: Yes.
20 MEMBER APOSTOLAKIS: And I think we mean 21 prescriptive of the phase level, but not the law.
22 MR. WERMIEL: Yes.
23 MEMBER APOSTOLAKIS: Well, if we agree, that's 24 fine.
(%J ) 25 CHAIRMAI MILLER: Each phase is a task.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON. D.C. 20005-3701 (202) 2344433
l 141 l l
l 1 MR. WERMIEL: I think -- I was just talking to I l
,-~
< 2 Gary, I think you're correct, Don, in that certainly the l
\J 3 IEEE standards have some level of a quote prescription on 4 how to do something. But I heard somebody say that we 5 felt that that level of information was useful as guidance 6 for the designer. Remember that the reg. guide is more j 7 geered to an external source than the SRP is and it's one l l
8 way, it's always been intended in the front -- right in 9 the front end of each reg. guide it says this is a way of 10 accomplishing what the staff believes is appropriate for 11 that particular issue. It's not the only way because it's 12 just guidance and the staff will accept something else, 13 but it's just a way and more than that, it's a way that
/ \
5/ -
14 the staff believes that if you embark on, you'll be 15 successful.
16 CHAIRMAN MILLER: Yes, I understand the 17 purpose of the reg. guide. I think it's two differences 18 we're dealing with. Number one, at least in I &C 19 historically all reg. guides have endorsed standards and 20 specifically developed to address a particular issue or 21 issues.
22 MR. WERMIEL: Correct.
23 CHAIRMAN MILLER: In this case ve're endorsing 24 standards that were not at all designed to address nuclear l
((~h) 25 regulatory issues.
HEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
1s' 2 1 MR. WERMIEL: That's correct.
j.
2 CHAIRMAN MILLER: So I think --
(' ')
3 MR. WERMIEL: Because there were none that we 4 felt were appropriate for that purpose.
5 CHAIRMAN MILLER: So I think we may be in a I
6 little bit of a position of I call it a 12 in 1 too].
7 We've got a 12 in 1 tool and we kind of use it for one I
8 purpose. !
9 MR. WERMIEL: Just a second, Don. We hoped, 10 in large measure, to have also addressed some of that concern, the concern of another -- the standard that's I 11 12 being written for others, not necessarily for the l 13 regulators for the clarifications and some of the 1
- i
(~h i
x/ 14 exceptions taken in the reg. guide itself.
l 15 CHAIRMAN MILLER: I understood that purpose.
l 16 Then I looked through the comments and maybe this will 17 come out when we go through the comments. Some of the 18 comments gave me the view that the commenters felt that l
l l 19 there were things being required in the reg. guides, not l 20 required, but at least advised that weren't necessary or 21 rarely necessary.
I i
l 22 MR. WERMIEL: When we get into the reg. guide 23 discussion I think we can talk about those an again we 24 can explain why we did what we did.
,.m,
( ) 25 John, did you have something to add?
\_/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISMND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
143 1 MR. GALLAGHER: I just wanted to point out,
,_ 2 this is Ed Gallagher. I just wanted to point out that by, 3 in the reg. guides, endorsing the standards that were 4 picked, we're, in essence, meeting a lot of what was asked 5 for in the last sentence of the first paragraph. You see, 6 these represent safety critical industries. They represent 7 commercial and academic because many people work on these 8 documents. )
9 If you look at the list of the people who are 10 active in writing these documents it's one page long. So 11 I think by doing that we are saying acceptable to us with 12 the following provisions recognizing that these were not
^
13 written for safety systems which we enumerated and an l fh l
)
\_/ 14 acceptable way is to use what's in this standard that you 15 have already agreed upon.
16 MS. MITCHELL: Don, maybe if I -- I think 17 probably it certainly is not inconsistent with other NRC 18 practices to go to the industry and other industries and 19 commercial and academic software communities. I think 20 that we're mixing up apples and oranges in terms of what 21 the committee's intent was.
22 The discussion that preceded these conclusions l
23 and recommendation actually cited numerous analyses of 24 existing reg. guides, including IEEE, brand new citations
[%j
) 25 as of 1996, software engineering is moving so quickly that NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
! (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l
144 1 just endorsing existing standardc. there's no reason to 7- 2 expect that those standards in software engineering are,
(' ~ ' '!
3 in fact, what is to say, the criticism is ad hoc and 4 unintegrated. And so the concern that we were trying to 5 address is if what you're doing is endorsing other 6 people's standards in software engineering, you're not 7 necessarily going to get a coherent set of criteria, 8 either prescriptive or acceptance criteria to which you 9 can respond.
10 MR. QUINN: If you did that as a default 11 mechanism, then I could understand and looked at it as 12 okay, I'm doing this because I don't have a better process 13 that I could apply, but I -- and again, I'm concerned that g
s 4 k/ 14 maybe the National Academy didn't know all the good 1
15 things. The study that was done by the staff to evaluate 16 all the standards that were out there, and correct me if 17 I'm wrong, something like 1,000 standards that addressed 18 instrumentation related or software related issues from 19 all different industries and picked the different types, 20 the staff is very knowledgeable and didn't just take and 21 pick a standard, but in fact, carefully and really molded 22 the standard into a reg. guide that picked how we're going 23 to, how the staff would build this thing, meets all the 24 criteria that I think we looked at would say the staff
,a
- ) 25 should be smarter than the industry in how to make this
%)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
l 145 1 thing work and at least I've heard that comment some 7- 2 place. They should be part of the consensus and they i s 3 should be aware of everything that's going on and I've 4 seen this and I don't know if the National Academy was 5 aware of all the different things that did occur.
l 6 MEMBER APOSTOLAKIS: Are these responses to I 7 the recommendation now final?
8 MR. CHIRAMAL: Yes.
l 9 MEMBER APOSTOLAKIS: Because I think you ;
10 should clarify this one. If it's fine --
11 MEMBER FONTANA: because you just disagree 12 with sentence 2 --
13 MEMBER APOSTOLAKIS: You disagree with the k- - 14 development of your guidelines.
15 MR. CHIRAMAL: Well, as Christine was saying, 16 there are many points in that particular recommendation.
17 We picked up on the first group.
18 CHAIRMAN MILLER: Okay, I think we can move 19 ahead. I have another question, but I think it will come 20 up later.
21 MEMBER APOSTOLAKIS: Okay.
22 MR. CHIRAMAL: We had recommendation 2, the 23 same technical issue.
24 MR. WERMIEL: Wrong one. That's
/ h
(\ ) 25 recommendation 3. You skipped over one. There you go.
NEAL R. GROSS l
. COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
146 1 MR. CHIRAMAL: This one talks about the y 2 systems requirement should be written in language with
( )
%j 3 the precise meaning so that the general properties like 4 consistency and completeness as well as application 5 specific properties can be analyzed. Personnel such as 6 plan engineers, regulator system architects and software 7 developers should be able to understand the language.
8 I guess we have that in the BTPs.
9 CHAIRMAN MILLER: I only put that one down so 10 you can once again reiterate. You did it in the BTPs.
11 MR. CHIRAMAL: Yes.
12 CHAIRMAN MILLER: A question came up in 13 previo"s committee meetings and I felt clearly that you
\ >
'-' 14 certainly have addressed that one in your BTPs.
15 MR. CHIRAMAL: Yes.
16 MEMBER APOSTOLAKIS: So what you're saying 17 here is that you will do further research to see whether 18 you can be more specific than you are now?
19 MR. CHIRAMAL: Yes, especially the use of 20 tools and things like that.
21 MR. WERMIEL: Yes.
22 MEMBER APOSTOLAKIS: Now this further q 23 research, I mean I have seen the Office of Research, are 24 we going to discuss this at all at some point?
\
( ,) 25 MR, WERMIEL: We certainly can. It wasn't on NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l l
147-1 the agenda per se, but we can discuss it at any time.
, 2 MEMBER APOSTOLAKIS: I don't know. I mean I i
() 3 would like to understand a bit better why you are asking 4 the Office of Research to undertake certain projects and 5 what do you plan to get out of them. How are you going to 6 use the results. What is the time frame. I mean --
7 MR. WERMIEL: Well, we can do that.
8 MR. QUINN: We've asked to make this an agenda 9 item, right?
10 MEMBER APOSTOLAKIS: When?
11 MR. MARKLEY: Well, it's not a specific agenda 12 item, but it certainly relates to the top is you're 13 discussing here. That user need request relates to the
,m (i)
L 14 standards and how they relate to the standard review plan, 15 so it's within the context.
16 MR. QUINN: Is that this afternoon or 17 tomorrow?
18 MR. WERMIEL: We can even do it now, if you 19 want.
20 CHAIRMAN MILLER: Would it be appropriate to 21 do it now?
22 MR. WERMIEL: It's okay with us, let's go 23 ahead.
i l 24 CHAIRMAN MILLER: Are we going to go through
/3 ) 25 the --
<J NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
.(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
148 1 MEMBER APOSTOLAKIS: How are we going to do 2 it? I mean do we have that --
i l
3 MR. WERMIEL: What I would assume is that --
4 CHAIRMAN MILLER: Now you're going to go 5 through the user needs --
6 MR. WERMIEL: What I would recommend is that 7 that the subcommittee just ask any questions they have on 8 either the user need memo itself or on the reply from 9 research.
10 CHAIRMAN MILLER: the reply we don't have. l l
11 MEMBER APOSTOLAKIS: One of the -- l 12 MR. CHIRAMAL: You just got the reply.
13 CHAIRMAN MILLER: Oh we got that.
g b 14 MR. WERMIEL: In response to our request for l 15 research initiatives, Dave Morrison, the Director of 16 Research sent a reply memo back to us saying this is ':liat 17 I plan to do to address your requests for research.
18 MEMBER APOSTOLAKIS: And we have that too?
19 MR. WERMIEL: Yes, you do.
20 MEMBER FONTANA: Before we move on, we've 21 talked a lot about acceptance criteria processes. In 22 here, you said you had something here for acceptance 1
23 criteria product also.
24 MR. CHIRAMAI. : Yes, the --
(n LJ I 25 MEMBER FONTANA: Where are they?
! NEAL R. GROSS
! COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
l I
(202) 234 4433 WASHINGTON, D.C. 20005 3701 (202) 234-4433 i
149 1 MR. CHIRAMAL: The BTP-14 is in three sections
, _s 2 really, 3.1 and 3.2 are for the process part of the --
/ \
'.'~') 3 BTP-14, 3.1 and 3.2.
4 MR. WERMIEL: That's process.
5 MR. CHIRAMAL: That's process, and 3.3 is the 6 design output.
7 MR. WERMIEL: Because originally it looked 8 kind of weak there.
9 MR. QUINN: Can I ask an agenda question? Are 10 we interrupting the review of your --
11 CHAIRMAN MILLER: That's what the committee 12 feels we should do.
13 MR. QUINN: I would have disagreed with that.
~s I i'
\~/ 14 I thought we should had gone through and finished your 15 comments because going through these comments will give 16 every -- will give the committee members a focus on the 17 issues that are outstanding from the report review that 18 would support recommendations for research issues and 19 unless they've already focused on all of those I thought 20 the process that you clearly outlined was a good way to 21 give people c basis for how to get to the next step. So I 22 would reconimend you reconsider going right to the research 23 stuff and continue with conclusions.
24 MEMBER APOSTOLAKIS: Actually, we should do it 25 after we have a discussion of the Academy's
()
I
- MEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1373 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
150 1 recommendations tomorrow.
, ~1 2 CHAIRMAN MILLER: Let's continue on with this l l x' "/
3 memo.
4 MR. WERMIEL: Just continue with Dr. Miller's 5 memo then.
6 CHAIRMAN MILLER: Yes, I agree. l l
7 MEMBER APOSTOLAKIS: In anticipation of this 8 meeting and this discussion tomorrow, it would be nice to 9 see or to have you guys tell us what the high level 10 thinking was behind the identification of these specific l 11 research projects because you can't really tell from i 1
12 reading -- i l
l 13 MR. WERMIEL: Yes, we could definitely do that
!,,- m\
\v' 14 as a matter of fact, we sort of laid the framework of that 15 in our transmittal memo. We gave a basis for them and why 16 we developed a prioritization the way we did.
17 MEMBER APOSTOLAKIS: Okay, so let's go back to 18 what we were doing.
19 CHAIRMAN MILLER: Okay, I agree. Let's move 20 on now.
21 MR. CHIRAMAL: Recommendation 3 of Technical 22 Issue 2.
23 CHAIRMAN MILLER: Again, I put this one on so l
24 you could once again iterate how you used the Appendix
( '3 25 V 7.08.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
I 151 l
1 MR. CHIRAMAL: Yes --
i 7~ ,
2 CHAIRMAN MILLER: That's to deal with this '
'~
3 question. ,
l 4 MR. CHIRAMAL.: Right, that's exactly what we j 5 did.
6 MEMBER APOSTOLAKIS: Fine.
l 7 MR. CHIRAMAL: Recommendation 4, we should be 8 using the similar QA process for ASICs, PLCs and other 9 similar technologies and we have done that and we intend 10 to do thac as we get new products in for review.
11 CHAIRMAN MILLER: Now you already have a -- on 12 PLCs, you've already done that, right?
13 MR. CHIRAMAL: We have an EPRI project in the i i
\v' 14 review stage.
15 MR. WERMIEL: It's still in the review stage.
16 MR. CHIRAMAL: We will be writing an SER some 17 time this year.
18 CHAIRMAN MILLER: So the SER and PLC and ASICs 19 wi:1 come about the same time, then?
20 MR. CHIRAMAL: ASICs?
21 MR. STEWART: The SER on ASICs probably won't 22 happen until January of next year because we won't have a 23 finished design until then.
24 MR. WERMIEL: PLC one should be some time this
(
) 25 summer.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
152 1 MR. STEWART: The PLC EPRI reports already is
,~x 2 out, is it not?
! \ l
'. /
'~# l 3 MR. WERMIEL: Yes, it is. But SER is still l
l 4 being written and still under review.
1 5 MR. STEWART: But I think we cen say there's j 6 nothing in that EPRI report that's going to change the 7 basic philosophy that a PLC, the computer needs to follow 8 the process that we've laid out.
9 MR. QUINN: Did you se a lot of synergy l
10 between the PLC effort and the COTS effort?
11 MR. STEWART: Well, there was definitely some.
12 MR. WERMIEL: Py design there was some because 13 clearly the imitative for PLCs t.as to be able to utilize a
\_/
] 14 commercial product in safety related application and 15 that's exactly what the COTS document addresses.
16 MR. STEWART: And my management specifically 1
17 had me participate to make sure there was no conflicts 18 between the two.
19 MR. WERMIEL: I ask that there be cross 20 fertilization between the two initiatives since I thought 21 at first there might be some differences in the two 22 groups, but I wanted to be sure that the PLC people knew l 23 what EPRI was recommending in the COTS area, so that there 24 wouldn't be a conflict underway.
(g) 25 MR. CHIRAMAL: The next item on Dr. Miller's l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS
' 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
153 1
l 1 memo is the technical issue 3, common mode software
,_s 2 potential and product conclusion 3 (c) .
( I 3 It states the committee does not agree that 4 use of different programming languages and different 5 design approaches meeting the same functional requirements 6 and different design phase of different vendor's equipment 7 has to perform the same function that is likely to be 8 effective in achieving diversity.
l 9 I think this flowed into our recommendation 2.
10 And we discussed it a little bit this morning on how we 11 had beefed up the BTP-19 to add clarification on what is 12 acceptable diversity.
13 MR. WERMIEL: I think recommendation remand on n
- 14 technical issue 3, that's probably the one that goes to 15 it, if you want to put that slide up.
16 MR. CHIRAMAL: Yes, before I get --
17 CHAIRMAN MILLER: All three -- why don't you 18 put them all up. Yo might address where you say in each 19 one you've done it. Could you say where you've done it 20 besides BTP-19 or is that the primary place?
.11 MR. CHIRAMAL: On diversity, that's BTP-19.
22 CHAIRMAN MILLER: How about common model 13 failure?
24 MR. WERMIEL: The only change was made to BTP-( ~..
(%j ) 25 19.
NEAL R. GROSS COURT REPOHERS AND TRANSCRIBERS 1323 RHODE SLAN D AVE., N W.
(202) 234 4433 WASHINGTON, AC 20005-3701 (202) 234-4433 j
154 1 MR. CHIRAMAL: Right.
,_s 2 CHAIRMAN MILLER: That issue is addressed in
/
\
3 other issues places besides BTP-19, right?
4 MR. CHIRAMAL: Well, what we have done is we 5 have pointers -- any time we talk about common mode 6 failure and its discussion of defense-in-depth and 7 diversity points to BTP-19.
8 MEMBER APOSTOLAKIS: Are you talking about 9 common cause failures?
10 MR. WERMIEL: Yes, same thing.
11 MR. CHIRAMAL: Common cause failures.
12 MR. QUINN: On recommendation 1, Dr. Mil? r 13 has additional comments here and this goes to your summary
,9 U' 14 search effort. In the needs survey, was there a request 15 for research to address quantitative methods in this and I 16 had a discussion with Christine with lunch time. As I i
17 understand it, this was a matter of significant contention 18 with the Academy work whether this is possible or not.
19 I think we can probably revisit this during 20 the research --
21 MR. CHIRAMAL: Yes, or when we touch upon 22 technical issue 4.
l 23 MR. QUINN: Okay.
24 MR. CHIRAMAL: And then recommendation 3 is --
(m)w-25 MEMBER APOSTOLAKIS: We did this one.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W-(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
155 l
1 MR. WERMIEL: Yes, we did this one, 73 2 MR. CHIRAMAL: This is the same one we did
! \
V 3 this morning.
4 MR. WERMIEL: Just go ahead. )
5 MR. CHIRAMAL: Next item on Dr. Miller's memo ;
I 6 is safety -- item 4, safety and reliability assessment i 1
7 methods, conclusions 2, 3 and 4 which talk about software )
8 failure probability and the performance of PRA.
9 MR. WERMIEL: Recommendations 1 and 2.
10 MR. CHIRAMAL: Recommendations 1 and 2 are l
I 11 focused on the use of the PRA.
12 MR. QUINN: So high on the priority list for .
I i
13 research is that activity? l
[ 'N
- 14 MR. WERMIEL: That's one of the areas that we 15 flagged as something we are going to continue to follow 16 and we'd ask research's help and that is to stay abreast 17 of efforts that are being taken in a number of areas that 18 we know of to come up with techniques to effectively 19 quantify reliability of software based systems.
l t
20 MR. QUINN: Right, even though it's -- George 21 may be interested, there was some elements of the l
l 22 committee that believed that that was not possible.
l 23 MEMBER APOSTOLAKIS: Yes, we disposed of that.
24 I interpreted Professor Leveson's intent last time and she
(,-) 25 sent an e-mail back and said I agree with George.
x/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433
156 1 MEMBER FONTANA: What was it that you said?
2 MEMBER APOSTOLAKIS: I said --
I \
\ ,I
~
3 MEMBER FONTANA: I have a short memory.
4 MEMBER APOSTCaAKIS: I said that it is 5 meaningless to ask the question whether a piece of 6 software is safe or to ask what is the probability that it 7 will do what -- something.
8 The proper way to ask that question is within 9 the system context. In other words, you have an embedded 10 program that controls something. Then you ask whether 11 that something performs its function or fails to perform 12 its function and then when do you the analysis, for 13 example, let's say you do a fault tree. I don't know
/,_,\
's- 14 whether you're going to do that, but you don't just stop 15 at the usual level of hardware and human error and so on.
16 Now you have to worry also about what the software is 17 going to do in that context. Okay? In the context of the 18 system.
19 So in that sense, 4 t makes sense.
20 CHAIRMAN MILLER: But the --
21 MEMBER FONTANA: Let's presume that a piece of 22 software has a bug in it and it e either there or it isn't 23 there. Now what you're saying is that whatever it gets l
24 exposed to may trigger that bug or it may not. So in the fx ,) 25 systems concept you can make a probability argument.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433 l
i 157 I l
1 MEMBER APOSTOLAKIS: Yes, exactly.
I I
2 MEMBER FONTANA: If you're looking at that 7~
- (# i I 3 alone, it's either in it or it isn't.
l 4 MEMBER APOSTOLAKIS: Exactly. But I still ;
l l
5 have to see the impact of -- presumably I have to {
6 understand whether there is a triggering mechanism that
)
7 will make that bug do something and that comes from the i 8 rest of the system and then if it does do something what )
9 does -- does it affect the system function. That's really 10 what you're interested in, not the software. Software is i 1
1 11 only part of the system. I think that's what Leveson said 1
12 and that's what I said she read the transcript and she l 13 said --
(~T i
~s/ 14 CHAIRMAN MILLER: Well, the entire study said 15 that in several places. l 16 MEMBER APOSTOLAKIS: Then why did she 17 disagree? If the study said that, I don't think the study 18 went into such detail. That's why she disagreed.
19 CHAIRMAN MILLER: I don't think it went into 20 that kind of a detail either. It didn't exactly say how 21 or in what manner the system should be modeled or even if 22 it is a system that's modeled. I don't think it said 23 that.
24 MS. MITCHELL: In fact, we were very careful j%,
l 1 25 in the statement Dr. Leveson disagreed with was the N_/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
158 1 following: bounding estimates for software estimate
_ 2 failure probabilities can be obtained by processes that
' ') 3 include valid random testing and expert judgment.
4 MEMBER APOSTOLAKIS: Yes.
5 MS. MITCHELL: She doesn't believe you can get 6 bounded estimates for software failure probability, 7 period.
8 MEMBER APOSTOLAKIS: And that's what I said, l
9 that you cannot talk about probabilities for software, 10 period, whether upper bound, lower bound, medium. You i 1
11 just can't do that. You have to take the software and 12 embed it in the system that uses that software. Then you 13 can talk about the probability of failure in the
./ ~n
( )
\_/ 14 upperbound or whatever of the system, part of which is 15 software.
16 MR. UHRIG: Well, is that this so-called 17 minority position here that's in a book?
18 MEMBER APOSTOLAKIS: Minority position? I l
l 19 don't know what that is.
20 MS. MITCHELL: Where are you, Bob?
21 MEMBER APOSTOLAKIS: Oh no. This is something I 22 else that is going on at Livermore. This is something 23 else.
24 MR. UHRIG: It essentially has the same tone ;
(N t i 25 to it?
~/
NEAL R. GROSS ;
COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE , N.W.
I (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 i
i 159 l
1 MEMBER APOSTOLAKIS: Yes, they are probably
_ 2 safety guides too. Safety people think that way. I don't
- '-/
3 think we would disagree with Nancy. ,
l 4 MS. MITCHELL: And I actually think Nancy was l 5 perfectly willing to say for the purposes of reliability i l l 6 assessment, you could treat software very much as we've l l
7 treated human operatorr which is to estimate a reliability 8 number, use that in the model desensitivity analyses. The l l
9 concern is there is a group of software engineers who l
10 believe that if you follow these processes you can come up ,
I
- 11 with a reliability number of 10 to the minus 7 and there 12 is what seems to be a larger number of software people who l 13 are very articulate that you can't even estimate the
/T 1 I
l \> 14 denominator in the equation so it's any number has to be a l l
15 hypothetical number.
16 MEMBER APOSTOLAKIS: Well, again, the reason 17 why we can do that with human actions is because we 18 isolate them and again we don't do it, nobody will tell 19 you that human error of commission is this. They will 20 tell you that, but nobody will believe it.
21 You have to look at the context within which 22 the operator is functioning which means what information .
23 is that person receiving from the hardware and so on. And 24 what does it do to the system.
o
() 25 The problem with software is that you cannot NEAL R. GROSS
- COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
160 1 isolate it that way. Its impact on the system is much 2 more pervasive. So it will be very hard to do this, to do 7~
( i 3 similar analysis -- we are now way ahead of the state of :
l 4 the art now.
5 MR. WERMIEL: I like to know how you will do 6 it. )
7 MEMBER APOSTOLAKIS: Not the state of the 8 practice, the state of the art.
9 MR. WERMIEL: I like that. ,
10 MEMBER APOSTOLAKIS: I don't think people are 11 doing this yet. I haven't seen a study where they 12 actually look at -- the notion of embedded systems and all l 13 that. And the reason is that people don't talk to each
,a
( l
'/ 14 other. The people who understand how to do their failure 15 areas of the system, usually keep up when they come to the 16 software.
17 CHAIRMAN MILLER: You're saying the concept of 18 software embedded systems is not looked at from a 39 reliability viewpoint?
20 MEMBER APOSTOLAKIS: No. In terms of a 21 rigorous analytical approach no.
22 CHAIRMAN MILLER: I bumped into one of our CIS 23 people at Ohio State Computer Science people and talked 24 about, oh yes, that's the way to do it. Embedded within
( " '\ 25
() systems.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
1 161 l l
l 1 MEMBER APOSTOLAKIS: Yes, everybody thinks i
g- 2 that l \ !
L/
3 --
4 CHAIRMAN MILLER: Very debatable, I agree, and 5 Christine carefully said it. If you talk to software 6 engineers you can get some to say put a reliability number 7 on software and many won't -- but in a system I think we 8 all agree that you can put a reliability number on it.
9 MR. QUINN: I know of a textbook, George, that 10 lab has done a lot of work in that area.
11 CHAIRMAN MILLER: And in Leveson's own book 12 which was written two or three years ago says very 13 clearly, she goes into that.
7-
, )
\/ 14 MEMBER APOSTOLAKIS: No one has done it.
15 MR. QUINN: Nobody has done it yet?
16 MEMBER APOSTOLAKIS: There are attempts.
17 CHAIRMAN MILLER: Reliability of a system with 18 embedded software.
19 MEMBER APOSTOLAKIS: I don't think anyone has 20 done this in a way that is acceptable?
21 MR. WERMIEL: We know people have tried.
22 MEMBER APOSTOLAKIS: Yes, I agree.
l 23 MS. MITCHELL: I mean, George, what do you 24 think that the FAA did with respect to the Boeing 777?
n
( ,) 25 MEMBER APOSTOLAKIS: Yes, what did they do?
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE,, N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-4433
162 1 (Laughter.)
)
es 2 MS. MITCHELL: I instruct you too George, to 1
/ \ i
'~
3 answer the question. !
4 (Laughter.)
5 MEMBER APOSTOLAKIS: I have yet to see a 6 distribution of an unreliability of a system that includes i
7 software. Okay? i 8 MR. WERMIEL: Okay.
9 MEMBER APOSTOLAKIS: That no one has done.
10 They have used formal methods to study this and then say 11 gee, we couldn't find any failure modes so it much be 12 safe. They have used testing and this and that, but a 13 systematic approach that says here is from A to Z and
, ^s.
I k k-) 14 this, the result of this is this frequency which has this 15 distribution, no one has done.
16 Nobody knows what --
17 MR. QUINN: George, would you agree that this 18 is a good area to do research on?
19 MEMBER APOSTOLAKIS: Yes. The way that --
20 CHAIRMAN MILLER: Did any of the staff have 21 comments on this?
22 MR. WERMIEL: Jim is somewhat familiar with 23 some of the activities that have been going on.
24 MR. STEWART: I just spent a week with George 7~N.
t ) 25 Stark who did the NASA reliability studies. And yeah, l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
l j (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
163 !
I 1 they believed that they had a prediction that has a l
7x 2 certain uncertainty to it, that they are not sure how much N'~~ '] 3 that uncertainty is.
l 1
4 CHAIRMAN MILLER: What PRA doesn't have that? l 5 MR. STEWART: But there's very definitely 6 large numbers of people that are trying to develop methods ,
1 7 to predict reliability. ,
l 8 MEMBER APOSTOLAKIS: But to this day there is 9 no --
10 MR. STEWART: There's definitely no consensus.
11 MEMBER APOSTOLAKIS: But the moment they tell 12 me this piece of software fails with this failure rate or 13 that the number of errors follows the distribution, i n
- 14 close my eyes and go to sleep because this is an abuse of 15 the reliability theory. It's a shameless abuse.
16 MR. STEWART: The NASA project tried to 17 benchmark them against what actually showed up.
18 MR. WERMIEL: Everybody has their way of doing 19 it. Siemens has a development tool that they use for 20 taking the specification, working it through to the coding 21 and then doing the V & V. They've been able to, according 22 to them, take the tool and the resulting code that they 23 create, insert an error into the C.gorithm and for every 1 24 million lines of code, they will gu.irantee that that one
,-)
t 25 error will surface so they can detect one error in 1 NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
164 1 million lines of code.
fs 2 Now does that give them a 10 to the minus 6
' ~' )
3 failure rate?
4 MEMBER APOSTOLAKIS: No, it does not.
5 MR. STEWART: No, it does not.
6 MEMBER APOSTOLAKIS: But that's a very good I i
7 idea.
8 MR. STEWART: It's one way of trying to 9 develop a quantification.
l 10 MR. GALLAGHER: But in the end, their claim is ,
1 11 at the system level.
12 MR. WERMIEL: Right. l 13 MR. GALLAGHER: 10 to the minus 4, at the
'r ~'s t i kJ 14 system level. I 15 MR. WERMIEL: At the system level.
16 MR. GALLAGHER: Which I think is the same 17 thing you were saying, they say the software is embedded 18 into the hardware. This is the probability.
19 MR. WERMIEL: Yes, again, it's a technique.
20 MEMBER APOSTOLAKIS: Oh , I'm sure. It's like 21 the PRA when you do the hardware stuff. Why have 22 consensus --
23 MR. STEWART: The staff had an option of 24 trying to pick a metric, say McCabe's complexity metric or
.rs,
( ) 25 something like that and for many of the reasons that NEAL R. GROSS COURT REPORTERS AND"%NSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
165 1 you've been talking about here and were identified in the
,7 3 2 NAS report, we did not feel that any of them were good
/ \
l
'}
3 enough.
4 MEMBER APOSTOLAKIS: I was going to comment 5 about that now. We are in a situation where you guys are 6 arguing that there are methods out there that are 7 acceptable and I'm saying no. Up until now --
8 MR. STEWART: I don't think we really are. I 9 think we recognize that there are people that are working 10 in this area trying to make use of techniques that can 11 satisfy a rigorous peer review, but I think we agree with 12 you, they're not there yet.
- 13. MEMBER APOSTOLAKIS: The analysis so far is I \
s s' 14 primarily structural analysis. Put a bug in there and see 15 if you can catch it. Or you try to find failure modes, 16 but there is a major step from that to a probablistic 17 state, a probability state.
18 MR. WERMIEL: This second recommendation on 19 that same one goes to this very thing where it talks about 20 something again that we're all aware that's on-going in 21 this area and we're going to follow it.
22 MR. CHIRAMAL: We will t ouch upon the issue l
23 tomorrow when the human factors people are here.
24 MEMBER APOSTOLAKIS: Which people?
I, / 25 MR. CHIRAMAL: Human factors --
w/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433 l
! 166 l 1 MR. WERMIEL: Human factors branch. We have
~3 2 our own human factors branch and I will prefer not to put i 4
)
l x/ I'll let them speak to the -- since 3 words in their mouth.
4 they were a party to the input of the disposition, I'd 5 rather that they --
6 MEMBER APOSTOLAKIS: Which technical issue?
7 MR. WERMIEL: The technical issue 5 tnat deals 8 with the human-machine interface and human factors issues.
9 CHAIRMAN MILLER: So we're down to technical 10 issue 4 now?
11 MR. WERMIEL: I bel.4 eve so.
12 MEMBER APOSTOLAKIS: Incidentally, speaking of 13 reliability, I read a little bit the stuff you gave us.
t b 14 You're going back to the single failure criteria, aren't 15 you?
16 MR. WERMIEL: Well, we haven't discarded it.
17 MEMBER APOSTOLAKIS: You never left it.
18 MR. WERMIEL: No, we never discarded the 19 single failure criteria. It's always been there.
20 MEMBER APC._10LAKIS : Because as long as you 21 don't find a single element of failure in failure 22 software, you're saying the reliability requirement is
! 23 satisfied? Is that correct?
24 MR. WERMIEL: Well, with software it's 7-difficult to talk about single failure. If you're
() 25 l
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
i 167 I speaking of an error in software we view that as a common
,, 2 cause fault, not as a single failure because redundant I 1
! )
3 channels or multiple algorithms of the same software will )
1 4 have that same embedded error and the failure will occur l 5 at the same time. ,
1 6 MEMBER APOSTOLAKIS: But I mean that's how you l
7 interpret the reliability.
8 MR. CHIRAMAI.: Yes.
1 l
9 MR. WERMIEL: That's exactly right.
i 10 MEMBER APOSTOLAKIS: Which is the st, ate of the l 11 art, is not unreasonable.
12 MR. WERMIEL: It's all we have now. I 1
13 CHAIRMAN MILLER: On Issue 6 I felt you would g3 ;
i )
V 14 really cover all these when we covered the COTS. j 1
15 MR. WERMIEL: We will, Don, as a matter of 16 fact, we're relying heavily on the EPRI document and our l i
17 endorsement of it to address the issues that the NAS 18 identified. j 19 CHAIRMAN MILLER: I put it on the -- when is 20 it going to go on the agenda?
21 MR. WERMIEL: It's on the agenda for tomorrow 22 also.
1 l
23 MR. CHIRAMAL: We may not want to spend time 24 on this now.
(
) 25 MR. WERMIEL: The author of the SER is Jim I
l NEAL R. GROSS
! COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 2344433 l
168 1 Stewart.
2 MR. CHIRAMAL: Unless others on the committee 7
('~' )
3 feel they want to go through these. I just put these down 4 with the idea that you definitely cover these issuee when 5 you cover the COTS stuff.
6 MR. QUINN: I just thought that Recommendation 7 1 was a good summary of --
8 MEMBER APOSTOLAKIS: Which one?
9 MR. QUINN: Recommendation 1 on technical 10 issue 6,was a good endorsement of the role of the staff in 11 working with the consensus building groups. You do have a 12 slide on that. I thought that was -- thet's not covered 13 in ones that Don had listed, but I think it was a real --
'n )
\_) 14 CHAIRMAN MILLER: Yes, that's true, but it's 15 consistent with how things are worked with, this one and 16 also the Generic Letter 95-02 --
17 MR. QUINN: Right.
18 CHAIRMAN MILLER: And the SER and the EMI/RFI.
19 MR. QUINN: It goes back to a people and 20 management issue. That focus needs to stay there and I 21 certainly hope it does.
22 MR. WERMIEL: Oh yes.
23 MR. CHIRAMAL: Yes, then we come to the I
24 strategic issue 1, case by case last in process. And you
,a 25 picked up on the two conclusions, conclusion 2 says the (v)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
169 1 uncertainty and result of instrument cost has been a major
,_ 2 contributor to the reluctance on the part of the user with
( /
'~~'
3 proceeding with digital upgrades. This has to do with the 4 retrofits of 10 CFR 50.59 issue.
5 MR. WERMIEL: Yes. That conclusion kind of 6 goes to direction 1 that talks about the need to place a 7 high priority on the development of this framework in 8 order to deal with this uncertainty that the Academy 9 seemed to think was pervasive among our licensees. And I 10 think what we're trying to say is the whole point of 11 getting the SRP out there is to deal with that issue of 12 uncertainty because now we'll be telling our licensees 13 what our footprint is, what are we looking for and here it 4
(d 14 is.
15 CHAIRMAN MILLER: And several -- I agree it's 16 a limited number of comments, but there were comments that 17 if you issue these regulatory guides it will further ,
i 18 inhibit the OIC and not facilitate it. Isn't that what l l
19 the comment said? I 20 MR. WERMIEL: I don't recall. Bob, do you 21 have comments to that effect, I don't remember.
22 MR. STEWART: There was one comment to that 23 effect.
24 MR. WERMIEL: Only one.
,x,
) 25 MR. STEWART: That individual also had the NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS
! 1323 RHODE ISLAND AVE.. N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433 l
170 1 same comment from mostly other IEEE committees I'm
,y 2 fami'> r with I i LJ 3 __
4 CHAIRMAN MILLER: That came from one company, 5 right?
6 MR. WERMIZ: Yes. Our objective here is to l 7 make certain that this overall SRP helps the situation and 8 not hinders it.
9 CHAIRMAN MILLER: Yes. And I was speaking not i
10 so much to that individual as to the NAS recommendation. I ;
11 thought they were concerned that because there wasn't 12 something out there that the industry could focus on or 13 shoot at, there was this aura 3f uncertainty and that's l 79 l
\
'v' 14 what I hope we've alleviated with our work on the SRP 15 update.
16 MR. WERMIEL: Well, of course, later on maybe l
17 they will address this later on when they focus on Generic l 18 Letter 95-02.
19 CHAIRMAN MILLER: Yes.
20 MR. WERMIEL: Which you and I have had 21 extensive discussion just recently.
22 CHAIRMAN MILLER: Yes we have. I thought 23 Generic Letter 95-02 also went a long way toward --
24 MR. QUINN: That's going to be in conclusion t'3 i, 25 6, we're going to address that.
- x. ji NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
171 l
1 MR. CHIRAMAL: Yes, it's the next slide, i
l y3 2 recommendation 6. l l Nd 3 MR. WERMIEL: Recommendation 6 gets to that l
l l 4 one, l
5 MR. CHIRAMAL. Strategic Issue 1 6 recommendation 6 says the USNRC should revisit the systems I i
l 7 level issue in Generic Letter 95-02 and the EPRI report l l
8 TR-102348.
l 9 The committee strongly endorses maintaining i lo and formalizing the distinction between major and minor l 11 system upgrades containing digital technology. j 12 We did go back and look at those NRC-wide l 13 effort looking at the rule of 10 CFR 50.59 and they came i 'l
'd '
14 back to the same conclusion that system level defined in 15 GL 95-02 remains unchanged.
16 MR. QUINN: So are you saying that the 17 position is you're intending not to change 95-02?
18 MR. WERMIEL: That's correct.
19 MR. CHIRAMAL: That's correct.
20 MR. WERMIEL: At least not at this time.
21 CHAIRMAN MILLER: Which at least one ACRS 22 member doesn't agree with.
l 23 MR. QUINN: I disagree with that completely.
24 I disagree with the process that's going on with 50.59,
()
,c,.
25 the feedback that I Jook at and I believe that your staff l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.. N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l
172 1 is caught in the web of a much larger --
, ~s 2 MR. WERMIEL: We are. I don't think there's
)
~'
3 any question, Ted, that we are caught within the entire 4 program that this now being undertaken to reconsider 5 50.59.
6 MEMBER SEALE: And the ACRS has written its 7 comments of 50.59.
I believe the committee I 8 MR. WERMIEL: Oh yes.
9 recommended that the guidance that the staff developed in l l
10 its SECY not be published, but the Commission decided to 11 publish it anyway.
12 MEMBER SEALE: Yes. l l
13 MR. WERMIEL: That's going to be an on-going 14 battle -- l I
15 MEMBER SEALE: I'm sure we'll be back there i
16 again.
17 MR. WERMIEL: It's going to be a battle with 18 the industry for years to come.
19 What we were trying to say here was for the 20 time being, we went back to our legal staff, we went to 21 others. We asked them if what they thought was in the 22 Generic Letter was a correct interpretation and they said 23 yes, we see no reason to change that at this time.
24 MR. QUINN: And in my opinion it needs to be
) 25 changed. It needs to have more definitive criteria NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l
1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C 20005-3701 (202) 234-4433 1
l
173 1 provided and it's going to prevent people from doing x 2 upgrades. In fact, it's doing that today.
. i 3 MR. WERMIEL: That could be. I hadn't heard 4 that feedback directly from anybody, but we think and 5 we're hopeful and confident that with the approval of the 6 COTS document and the PLC document and the ASICS document 7 that the industry will feel much less uncomfortable going 8 forward because we're not only going to set forward 9 approval technically of these different platforms, but 10 we're also working with the industry to identify a 11 regulatory way of implementing them with what we consider 12 to be, I think, little resistance on the part of our 13 regulation.
l i
\/ 14 MR. QUINN: I think you're doing some great 15 things and I see if you build this framework that is the 16 previous one was a framework, the COTS is excellent. The 17 issues where the MIR modify the issues the standard review 18 plan update and the guidelines, but the great majority of 19 the organizations look at, my humble opinion, is they're 20 going to look directly at 95-02 and the position of that, 21 what does it state.
22 MR. WERMIEL: We want them to. We think l
23 there's enough flexibility in the EPRI document that's 24 endorsed in 95-02 and in the 95-02 guidance so that a rs
- ) 25 number of what I'll call smaller or less complex digital w/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
17d 1 modifications to safety systems can go forward under 50.59 f~ 2 despite 50.59s current wording without our review.
{ t 3 On the other hand, there may be people out 4 there in the industry that think virtually any digital !
5 modification they want to make ought to proceed without 6 staff review and I don't believe that's going to be the 7 case and unfortunately if they view it, a review by the 8 NRC as an impediment to their going forward, I think 9 that's very sad.
10 I don't think that that ought to be their 11 concern. I think there ought to be more concern, Ted, 12 with designing it right and building it right and doing it 13 right than the fact that the NRC may have to look at it.
/
, t i/ 14 CHAIRMAN MILLER: Let's go back to Ted's 15 concern. I have the same concern.
16 First of all, you did indicate and I'll wait 17 and see, on the difference between simple and complex 18 system. You felt that that was going to be fairly well 19 clarified with the SER and PLC, right?
20 MR. WERMIEL: I think there will be something 21 in the PLC guidance that goes to that, Don. There already 22 is guidance in TR102348 already on that. There are 23 examples in TR102348 on simple systems that likely could 24 be implemented under 50.59. These are safety related mods n
25 without staff review. That's already been done.
()
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND *WE., N W.
- (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l
175 1 So the issue there of major versus a minor 2 system upgrade has been addressed and has been out there 7s
- )
3 since 1995.
4 CHAIRMAN MILLER: Some of this is somewhat 5 perception versus reality too.
6 MR. WERMIEL: I think that's true.
7 CHAIRMAN MILLER: Like the system level. I 8 still think -- and I think we need to continue to work on 9 it. Maybe it's better wording or whatever it is.
10 MR. WERMIEL: We did not identify the wording 11 system level. That was in the EPRI document. That's not 12 in 50.59 incidentally.
13 CHAIRMAN MILLER: Well, you and I actually
/~~N l i I
~> 14 discussed some -- we reduced to a very simplistic 15 situation.
16 MR. WERMIEL: I tried to -- 50.59 has some 17 what I'll call -- I'll use my own words. I don't think 18 the wording of 50.59 is very clear. It's very unclear.
19 We tried to deal with the word, the legalistic wording in 20 50.59 in a technical document and we thought we did the 21 best we could. We had to again go to our legal staff to 22 make sure they agree to our technical interpretation, but 23 the words in 50.59 are somewhat cumbersome and I'll be the 24 first to admit. They do hinder licensees in what they can
,~s
( ,) 25 do. I think it's pretty straight forward that the wording NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433
176 1 in 50.59 rightly or wrongly does not allow certain things, em 2 given the words that are there. '
( )
v Are supposed to be up to 3 MEMBER APOSTOLAKIS:
4 date with all this? What is the concern? I'm sorry, but 5 95-02. Do you know what that is? I don't know what that 6 is.
7 MR. WERMIEL: Old Generic Letter.
8 MR. QUINN: 95-02 is on your desk. I think.
9 They handed out to us --
10 MEMBER APOSTOLAKIS: Yes, but the history.
11 Obviously, you are concerned about something.
12 MR. WERMIEL: This predates you, George, I 13 think.
c s 14 CHAIRMAN MILLER: Actually, it was approved 15 the month before you and I joined the committee.
16 MR. WERMIEL: We've had -- excuse me, Ted, I'm 17 sorry, We've had discussions with the ACRS on that l
l 18 Generic Letter in 1994 and 1995 before it went out.
i l 19 MR. QUINN: There's a paper in the book that's 1
i 20 by Larry Damon that gives a very excellent summary of the
! 21 history of the licensing basis and what the history was, I 22 guess there was some upgrade that was done and they didn't 23 talk to the staff.
24 CHAIRMAN MILLER: It was Zion.
g
\ ) 25 MR. QUINN: At Zion.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
177 1 MR. WERMIEL: No, Haddam Neck mod.
,~ 2 MR. QUINN: And at an early stage and I think
! }
3 it's quoted in the National Academy, I couldn't quite 4 understand why, at an early stage in the process, the 5 staff came out and said there are no upgrades that can be 6 done without --
7 MR. WERMIEL: We're going to revisit all this, 8 huh?
9 MEMBER APOSTOLAKIS: So the question is 10 whether some software of the system upgrades fell under 11 50.59? Is that the question?
12 MR. WERMIEL: Let me -- yes, exactly. The 13 question all along from the industry was the staff K) 14 originally took a position that it certainly backed down 15 from and didn't think was correct. Originally we said 16 because software based systems include the potential for 17 failure modes that had not been analyzed before, any 18 software based system modification was an unreviewed 19 safety question and needed to be approved prior to l 20 implementation.
I 21 After that went out, we thought that and we l
l 22 agreed, we said that's just way too cumbersome. It isn't 23 even technically correct. There needs to be a middle 24 ground and we need to come to agreement with that, so we
! ) 25 spent several years negotiating with EPRI and with NEI on NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
178 1 that guidance document, TR102348, to try to establish what
~,, 2 was originally called a threshold above which the staff
\
'# 3 would have to do the review because you had an unreviewed 4 safety question but below which you could go forward under 5 50.59 without prior approssl.
6 MEMBER APOSTOLAKIS: Okay.
7 MR. WERMIEL: It was impossible to come up 8 with a concrete threshold given the variations and 9 licensing bases, given the variations in types of system 10 modificat 4 ons we were talking about, given the broad range 11 of factors that went into digital mods. We couldn't come 12 up with a dark line. What we came up with, we hoped, was 13 a shade of gray with some examples in the document that we ks) 14 felt would allow licensees to take their licensing basis, 15 the modification that they proposed and make their best 16 determination since it's their responsibility anyway,
- 17. about whether or not what they were proposing to do really l
18 did present an unreviewed safety question or didn't. And l l
19 that's what is described in TR102348 and what the staff 20 endorsed through its Generic Letter, Generic Letter 95-02.
21 MR. STEWART: I think there's something else 22 we should point out, too, especially referring to Mr.
23 Damon's letter. I did the review on that mod. They 24 replaced the bulk of the reactor protection system.
n 25 MR. WERMIEL: If you want to talk Haddam Neck i j NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.. N W (202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
179 1 --
,_s 2 MR. STEWART: It was significantly above what I )
\'"/
3 any kind of threshold you have now.
4 MR. WERMIEL: Even the people in the industry 5 today would say they would not have gone forward under 6 50.59 with the type of modification Haddam Neck was 7 proposing.
8 MR. QUINN: I wouldn't have done it either.
9 MEMBER APOSTOLAKIS: Let's not talk about 10 Haddam Neck. What is the committee's recommendation?
11 What Jerry described makes sense to me.
12 So the committee is saying keep doing that?
13 MR. WERMIEL: I hope I didn't say anything 73 V 14 that the committee thinks they hadn't heard or those that 15 were here, at least --
16 MS. MITCHELL: Which committee?
17 MR. WERMIEL: The ACO --
18 MEMBER APOSTOLAKIS: No, no, the NAS 19 committee.
20 MR. WERMIEL: Well, we described this to the 21 NAS too.
22 MEMBER APOSTOLAKIS: No, I mean what did they 23 recommend here? Should revisit, for what purpose?
24 MS. MITCHELL: I think again not looking at
,-)
25 the conclusions and only looking at the recommendations 1
x_
f NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE isl>ND AVE., N W.
(202) 234 4433 WASHINGTON. O C. 20005-3701 (202) 234-4433 l
l
180 1 takes some of this out of context.
, 2 Our recommendation was to -- the concern was
! i 3 that the NRC endorsed the EPRI report wita two exceptions 4 and one was at the level of digital system versus system 5 as a whole, so it touches on software embedded in the 6 larger system.
7 So there were two reservations, as I 8 understand it, that the Generic Letter stipulated to the 9 broader EPRI report and our committee suggested that 10 particularly between major and minor safety sy.cem 11 upgrades and new and different malfunctions with respect 12 to 10 CFR 50.59 reviews that the NRC, that the staff will 13 look again at that because we were not comfortable with t's
( )
's /
14 those reservations.
15 MEMBER APOSTOLAKIS: So the point is this --
16 MS. MITCHELL: So I guess I don't understand 17 why it says we agree because it seems --
18 MEMBER APOSTOLAKIS: Let me understand what 19 that means.
20 MR. WERMIEL: No, we agreed to revisit the 21 issue. That's what the recommendation said to do.
22 MS. MITCHELL: So Commissioner Curtis' very 23 diplomatic wording --
24 MEMBER APOSTOLAKIS: It says you are --
p) 25 MS. MITCHELL: You agreed to revisit, but you NEAL R. GROSS i
COURT REPORTERS AND TRANSCRIBERS j 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
181 1 -- right, right.
s 2 MR. WERMIEL: Exactly, Christine. WE took the
\
N_/
3 recommendation as it was presented and did exactly what it 4 said.
5 MEMBER APOSTOLAKIS: And you concluded --
6 MR. WERMIEL: Yes, let me explain to you what 7 the issue was --
8 MEMBER SEALE: Could I ask, let's have a 9 little bit of mercy on our recorder.
10 MR. VERMIEL: Good point. The issue 1
11 specifically, George, was how do you interpret the words 12 system level in the EPRI document in the conte).", of 50.59 13 which doesn't use that language. l l
.s',,T,
/ 14 CHAIRMAN MIlaLER: Could you give an example of 15 --
16 MR. WERMIEL: I sure will, Let me tell you 17 what the issue is and I'll try to give you an example.
18 What the staff felt the words system level 19 meant was when you make a modification to an I & C system, 20 the modification is a portion of that system and it's that 21 system upon which you make the judgment with regard to 22 unreviewed safety questions. What the EPRI document 23 seemed to be saying at first was and even now I guess, you 24 don't have to do that. The I & C is a support system to
,/
( ,
) 25 the fluid system. So all you need to really look at is NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
182 l l
l 1 whether or not the fluid system suffers frotr. a new or 2 different type of failure. In other words, does the valve 7
! ) 1 3 still open or close? Does the pump still come on or off?
4 And if the answer to that is still yes or no, and you've 5 analyzed that and the no is correct or the yes is correct, 6 then you are okay.
7 We said now wait a minute, now. The failures 8 within a software based system, a computerized system are 9 different than the analog hardware system. So you can't ;
)
10 ignore the failure mode that may result from -- I use the j 11 example with what Dr. Miller -- the computer could lock up l
\ l l
12 in a way that you don't even know the software based )
i 13 system has failed. So that when you demand the fluid )
n i
(_)
3 14 system to take its action, the I & C support system won't is even work and you won't know it necessarily. So you have l
16 to look at that level and to us because we've actually 17 seen such failures occur, the lockup of the annunciator 18 system at Salem was a classic example where the computer 19 failed, but the annunciators stayed in the same mode they 20 were in and the poor operator sitting there didn't know 21 that that he war. no longer getting an update to his 22 annunciators.
23 MEMBER APOSTOLAKIS: That reminds me of 24 something. I found and maybe it's because obviously I o) 25 don't have the experience you have, I found very hard to NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l
183 1 really appreciate what you guys are trying to do because I
,_ 2 have not seen analysis and descriptions of past failures.
3 If you guys have --
4 MR. WERMIEL: We could give you that.
5 MEMBER APOSTOLAKIS: Oh, okay, great. I would 6 appreciate that.
7 MR. WERMIEL: What we do --
8 MEMBER APOSTOLAKIS: Because then I think a 9 lot of the stuff that you have in here will make more 10 sense.
11 MR. WERMIEL: What we've been doing on a l 12 quarterly basis, George, is gathering information from our 13 regional offices and from our reading of LERs and daily l
(O_) 14 reports and we've assembled a data base of digital system l
15 failures both safety related and nonsafety related and I 16 can give you that kind of information.
l 17 MEMBER APOSTOLAKIS: You have some kind of 18 conclusions that you drew from each incident or is it just l
i j 19 a description of what happened?
20 MR. WERMIEL: Basically, is it just pretty l
21 much a description? Although I take that back. In the 22 transmittal cover memo because we've been providing 23 quarterly reports to my boss, we do provide a kind of 24 break out or assessment of it.
A 25 MR. STEWART: It's type of categories, I think
!v)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
184 1 it's a software. It's an environmental type.
2 MEMBER APOS*0LAKIS: But is there such a thing 3 as a root cause analysis of these things?
4 MR. WERMIEL: Oh yes. That's irrespective of 5 software based system or fluid system or piping system.
6 They always are required to do root cause analysis.
7 That's irrespective of --
8 MR. MARKLEY: It's required by the LER.
9 MEMBER APOSTOLAKIS: So I will see that in the 10 incidents you will send me?
11 MR. WERMIEL: We probably identify what the 12 licensee said, but not in all cases, no. You probably 13 would have to go back to the reference material to get
.s
- i
'w) 14 that kind of detail.
l 1
15 MEMBER APOSTOLAKIS: Now there is also 16 reference somewhere I saw in the documents to the LER 17 incident. Do you have anything that's not too long that 18 you can give me so I can understand better? I've seen 19 stuff in the LER. Not a huge report. I know that that 20 was --
21 MR. STEWART: Yes, there's a synopsis in 22 magazines and I've got their final published report.
23 MEMBER APOSTOLAKIS: How long is the final 24 published report?
ry
( ) 25 MR. STEWART: I don't know. I have it in .
%j NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
185 1 software. It's probably 20 pages.
,- 2 MEMBER APGSTOLAKIS: Twenty pages I can read.
("' )
3 MR. WERMIEL: Do you want us to get you that 4 too?
5 MEMBER APOSTOLAKIS: If possible.
6 MR. WERMIEL: That's no problem.
7 MEMBER APOSTOLAKIS: I think that would -- l 8 MR. QUINN: I would like to see that too.
9 MR. WERMIEL: That was a classic example of 10 requirements failure.
11 MEMBER APOSTOLAKIS: Because it didn't use 12 formal methods. i 13 MR. WERMIEL: No.
f) j 14 CHAIRMAN MILLER: They didn't use a lot of 15 things.
16 MR. WERMIEL: They didn't use a lot of things 17 in the establishment of the requirements that I think in 18 hindsight -- we cut some corners.
19 MEMBER APOSTOLAKIS: The other thing that's of 20 interest is to what extent these failures that have 21 occurred in other industries tell us something about our 22 own industry?
l 23 MR. STEWART: A lot.
24 MR. WERMIEL: I can tell you from what little r
(h) 25 I know, for example, I'll use another example. Nancy l NEAL R. GRG50 COURT REPORTERS AND TRANSCRIBERS
( 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
186 1 Leveson did a detailed and in-depth study of the Theric-25
,- 2 failure and you probably heard about.
6
'w) 3 MEMBER APOSTOLAKIS: Yes.
4 MR. WERMIEL: I'll admit that that certainly -
5 - that's software. For that particular devise certainly 6 didn't receive much in the way of a rigorous systematic 7 review, but clearly the function of the devise is such 8 that it should have and the basic bottom line, I think l 9 Nancy concludes is you shouldn't be relying on -- this is 10 my own words -- shouldn't necessarily be relying on 11 software as a crutch for accomplishing what you can 12 accomplish in other ways much more successfully and I 13 think we agree with that to some extent.
,y I( -'
)
14 MEMBER APOSTOLAKIS: Would you say that the 15 Ariane system was as complex or mere complex or less 16 complex than our system?
17 MR. WERMIEL: I think it's more complex.
l 18 MR. STEWART: In some aspects it's more i
19 complex, but if you look at the aggregate of something l
20 like what WNP 2 did where they replaced entire recirc and 21 feedwater systems, pure lines of code, they're comparable, 22 but the important thing on the Ariane is to take note of 23 what happened, could have happened on a PLC.
24 When they did the mod from 4 to 5, and they
,o
(_) 25 used some of the stuff about testing it or revalidating NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISt.AND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
1 187 l l
1 it, that's the lesson that we learned and I've seen that ;
1
,_s 2 on TLCs. So it's not the complexity so much as it is that c ;
' \J 3 specific event.
l 4 MEMBER APOSTOLAKIS: I see. No, that's good.
I 5 MS. MITCHELL: Don, I guess before we leave l
6 this, it probably is important to note that this 1
1 7 particular issue as summarized here and in the Academy's 8 report as I understand the history of this with respect to 9 the ACRS was a prime motivator for convening the National l
10 Academy Committee in the first place.
11 CHAIRMAN MILLER: Yes, the issuance of the i i
12 draft Generic Letter in 1992 certainly, my understanding i I
13 was a stimulus for this study and most others. I r~'s, c
'w ) 14 I wasn't around so maybe others should 15 comment. j 16 MEMBER SEALE: That's true.
17 MR. WERMIEL: Yes, I think Dr. Lewis' primary 18 hangup, I don't know whether it was in this area so much 19 as it was with the original position we took on diversity 20 and how that evolved over time because he had problems 21 with that.
22 MEMBER SEALE: A little of both, I think.
23 MS. MITCHELL: But I believe that the 24 committee had the same concern expressed by Mr. Quinn that
) 25 the perception from these letters and the state of NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., MW.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
188 l
1 practice was very much uncertainty and reluctance to move
. _s 2 forward with digital applications and I guess maybe I
/ i
\
)
3 can't say any more as to how agreeing to revisit it and 4 agreeing to disagree makes me feel.
5 CHAIRMAN MILLER: I'd just give you a little 6 anecdote. I was in conversation just a few weeks ago with 7 somebody, a major vendor, who had a very good idea on an 8 upgrade but was having difficulty convincing utilities 9 because they keep bringing up, oh, we don't want to 10 revisit issues that happened at Zion or Diablo Canyon or 11 Haddam Neck. I think we've gone far beyond that.
12 MR. WERMIEL: That bothers me.
13 CHAIRMAN MILLER: It bothered me too.
g .
(_)
1 14 MS. MITCHELL: Then it's a public relations 15 problem because we talked to a lot of people and our 16 committee has only been disbanded about four months and we 17 talked to industry, we talked to EPRI, we talked to a lot 18 of people and there is a very consistent perception there 19 that we were concerned about.
20 MR. WERMIEL: I'll make a point. It is not 21 the NRC's mission to promote utilization of digital 22 technology. However, through all our interactions with 23 the industry we thought we had overcome in large measure 24 those kind of reservations, Don.
) 25 CHAIRMAN MILLER: I agree with you, not NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
189 1 necessarily to promote. We certainly cannot be in the 7 _.s 2 business of inhibiting though.
k
)
3 MR. WERMIEL: Yes, and boy, we think through 4 these interactions, once again we've gone out of our way 5 to avoid inhibiting them.
6 MR. QUINN: I think you have too. You've done 7 a lot, but again you're caught up in a larger picture --
8 MR. WERMIEL: Yes.
9 MR. QUINN: Now this is in the licensing and 10 if you're going to do a digital upgrade and say a licensee 11 is applying $1 million to the digital upgrade portion and l
12 say well I have to apply $500,000 to the licensing portion 13 of the digital upgrade, is that cost beneficial and r~~N 4 I
I )
\_/ 14 there's a concern there, I think, among a number of I l
15 licensees that I think is of issue with you, but you're l 16 caught in a bigger scheme. The 50.59 issue right now is 17 so significant.
18 MR. WERMIEL: It goes well beyond this.
19 MEMBER APOSTOLAKIS: I'm trying to understand 20 what's happening there because I think there's a whole 21 story behind the words.
22 Is the Academy asking you to go back or to 23 reconsider your interpretation and you agree with them and 24 then you do it and then you dismiss it? Essentially, you g3
( ,) 25 disagree? Okay.
NiAL R. GROSS COURT MEPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
190 1 MR. WERMIEL: We dismissed it after
,m., 2 considerable internal discussion.
)
3 MEMBER APOSTOLAKIS: Okay, but in essence your 4 answer to the recommendation is no.
5 MR. WERMIEL: Yes, that's correct. Yes, it is 6 no.
7 (Laughter.)
8 MR. WERMIEL: Yes, the answer is no. Unless 9 and until and if perhaps 50.59 is revised or our guidance 10 changes down the road, who knows.
11 MEMBER APOSTOLAKIS: It is an informed no.
12 MR. WERMIEL: We think it is.
13 MEMBER APOSTOLAKIS: Okay, I understand now.
( i
(_) 14 MR. QUINN: Are we done with that, or --
15 CHAIRMAN MILLER: Well, I think probably --
16 since 95-02 doesn't really directly involve the SRP --
17 MEMBER APOSTOLAKIS: That's interesting.
18 CHAIRMAN MILLER: -- we probably are done.
19 But I don't think -- I'm not going to let the issue die, 20 that's for sure. But I did want to bring it up, because 21 it was part of the National Academy study. But it is not 22 a part that is going to affect the standard review plan.
23 MR. WERMIEL: Nc.
24 MEMBER SEALE: Well, and again, the 50.59 2
n) 25 thing is out for comment.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
191 l l
1 MR. WERMIEL: Yes. !
l
,\ 2 MEMBER SEALE: But there's going to be i d 3 comment. And I think the issue is on the back burner j l
4 awaiting that comment. But at some point it is going to l l
5 be back on the table and just as ugly as ever.
6 CHAIRMAN MILLER: Well, the 50.59 issue -- I 7 have to say I studied primarily the document that dealt J 8 with digital I&C, but I think really the bottom line just i
l 9 parroted 95-92. So I don't see necessarily any change in l 10 digital I&C out of that issue. l 11 MR. WERMIEL: No. No, but I think what Dr.
12 Seale said is right, Don. That is likely to be an area j i
13 that gets commented on, because that is out for public
,m.
i
\~/
) It's in the document that's out for public 14 comment.
15 comment right now, so that is likely to get commented on. l 16 CHAIRMAN MILLER: And I'm certain that 17 comments won't necessarily be any different than what 18 we're hearing today, 19 MR. WERMIEL: No. If what I'm hearing is the 20 industry's belief still, then this is something that I 21 guess they'll comment on, and then it will be still l 22 subject to negotiation.
I 23 CHAIRMAN MILLER: Maybe sending it out for 24 comment rather than digital I&C could be -- I mean, it
/-
() 25 looks at --
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l
i 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
192 l
1 MR. WERMIEL: Yes.
2 CHAIRMAN MILLER: Maybe somebody will come up f3
( '
)
3 with a good recommendation how you could change this 4 thing.
5 MR. WERMIEL: What I think ought to be done is 6 if this is to be changed, I think you need to do something 7 to 50.59 itself, as I've talked to you about. I think the 8 rule itself is a problem, if we are to proceed with an 9 interpretation that's different.
10 CHAIRMAN MILLER: Back to my anecdote, by the 11 way, my first recommendation was if you've got a good 12 idea, go meet with various staff members here in 13 headquarters and get some feedback. And I guess that's
,m i \
\w/ 14 what is going to happen, right?
15 MR. WERMIEL: Yes.
16 CHAIRMAN MILLER: And maybe allay some of 17 those fears.
18 See, the problem is it's a matter of 19 perception of management versus what the engineers see as 20 reality. If they go to management trying to sell an idea, 1 21 management says, "Well, I don't want to go through with 22 that million dollar or half a million dollar licensing )
23 problem. Go away." And that's where they get stopped.
24 So we, as a processor of regulatory issues, t's (v ) 25 have to make certain everybody understands what reality is i l
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
193 1 the best we can.
2 MR. WERMIEL: Well, as an agency, maybe 7._
!'~'1 3 Christine Mitchell is right, we maybe need to do some PR 4 or something like that to --
5 CHAIRMAN MILLER: I think you've done a good 6 job in PR. We just have to keep working at it.
7 MR. WERMIEL: Keep at it maybe.
8 CHAIRMAN MILLER: I'm just saying reality and 9 perception are still different.
10 MR. WERMIEL: Oh, yes. I would remind you, 11 just because a modification gets implemented under 50.59 12 without our review doesn't mean it is any less well 13 designed or well built. It ought to be exactly the same
(%
( i
~-
/ 14 whether we approved it or not.
15 MR. CHIRAMAL: Yes, it's designed to the same 16 criteria.
17 MR. WERMIEL: Same guidance and same criteria.
18 It has to meet the same criteria.
19 CHAIRMAN MILLER: Any other -- Ted, do you 20 want to bring up any more on this issue?
21 MR. QUINN: I could go into other examples and 22 stuff I guess. Fundamentally, I support the National 23 Academy position. I think it ought to be revisited, if 24 it's in wording, in workshops, in whatever you think is
,, m_
q ) 25 appropriate, so that everybody in this room feels l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
)
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
194 1 comfortable at the end of the time that there is nobody 2 who misunderstands, misinterprets, shies away from what
'~' could be done if, in fact, that is what they need to go do 3
4 to replace obsolete equipment. I think they ought to have 5 that.
6 I think the work that has been done is 7 tremendous. It might just be PR. But I think the words 8 could be worked on.
9 MR. CHIRAMAL: The last two items are on 10 strategic issue number 2, adequacy of technical 11 infrastructure. And Dr. Miller's first one is 12 recommendation 2, to do with training of people, training 13 of NRC staff. And we do have programs in place and will
() 14 be having additional programs for improved training of the 15 staff.
16 CHAIRMAN MILLER: Yes. The only question -- l 17 not quA.stion -- but the reason I brought that up is to j l
18 remind people that you are addressing that, number 1.
1 19 Number 2, to remind us, are we executing it? Do we have a !
20 plan? Are we executing it appropriately and -- !
i 21 MR. WERMIEL: Yes, we think we are. We've 22 held two workshops for our staff, including our regional 23 personrel. We have continued to provide external training 24 for staff members. Unfortunately, those that have been n
25 taking college courses and getting advanced degrees leave.
(O)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE , N W.
(202) 234 4433 WTSHINGTON, D C. 20005-3701 (202) 234-4433
i 195 1 I've lost two of my staff who have received MBAs -- pardon 73 2 me, master's of computer science recently. ,
i I f V 3 So in a way, it has been kind of a down side.
4 You know, we've encouraged them to pursue this kind of 5 thing, but then we lose them because they find better work 6 elsewhere.
7 CHAIRMAN MILLER: Those are headquarters 8 people. I'm more interested in how many in the regions 9 are -- l l
10 MR. WERMIEL: Yes. l 11 CHAIRMAN MILLER: Did you say -- let's say two 12 years ago versus todr.y, how many in the regions would you i l
13 say are really qualified to do a digital -- inspection of l i
(/~~j%
N- 14 a digital upgrade? i 15 MR. WERMIEL: There are a couple of people in 16 our region. There are a few in our regions that are l 17 qualified to do this.
18 CHAIRMAN MILLER: I know there's a few. But 19 how many more today versus two years ago?
20 MR. WERMIEL: Oh. Well, yes, a couple more 21 today than a few years ago. But as I was telling you 22 before, and maybe the whole committee hasn't heard this, 23 much of the responsibility for inspection, particularly in 24 this area, is not falling on the regions but is falling on
(~
( )) 25 headquarters, on my staff. And I believe that is going to NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
196 1 be the way it will De in the future, f3 2 The regions are -- their resources are being 3 severely taxed these days, and much of the inspection 4 initiatives, particularly for these kinds of special 5 inspections, are being transferred to headquarters for the j 6 future. So it will be largely my staff that will be j 7 involved in digital system inspections in the future.
8 CHAIRMAN MILLER: Now you've already told me i
9 your staff is declining because of resignations. Is it l
1 10 also increasing because you're hiricig people?
l 11 MR. WERMIEL: Well, I am picking up one of the l 12 interns, a young woman from one of the intern programs.
So that is helping me. I also hope to be able to pick up I 13
/
\
\
l N '/ 14 somebody down the road. Again, that will depend on 15 priorities in other areas, but I'd like to pick up another 1
16 person, because within the next few months John Gallagher 17 will also be retiring. )
18 CHAIRMAN MILLER: So you've just said we've l
19 lost three and gained one. l i 20 MR. WERMIEL: Well, I'm going to have -- I'm 21 down two for sure. I'm gaining one, but losing a third i 22 pretty soon, and I hope to hire at least one more.
23 MR. QUINN: I thought John was more of an 24 institution than --
()
( ,/ 25 (Laughter.)
1 l
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE, N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
197 1 MR. WERMIEL: Yes, he is. I say one. It 2 won't be another John Gallagher, that's for sure.
g V 3 MEMBER SEALE: But he makes so much money you 4 ought to be able to hire three. l 1
1 5 (Laughter.)
6 CHAIRMAN MILLER: I didn't want to say you had 7 to hire three, but -- might misinterpret that.
8 MR. WERMIEL: Yes.
He might want to stay on I 9 CHAIRMAN MILLER:
10 because you've only been paying three times his salary.
11 MR. QUINN: Can I --
MR. WERMIEL: If I had money, I'd bring him I 12 1
13 back as a consultant.
irm i )
V 14 MR. QUINN: Can I understand about this part 15 of the certification part? What did the National Academy i 16 mean --
17 MR. CHIRAMAL: I guess it was a suggestion in 18 the recommendations that you may wish to consider 19 certification.
20 MR. QUINN: I'm not aware of any other 21 industries that -- you know, in non-nuclear that do cert.,
22 or do they?
l 23 MR. CHIRAMAL: Well, I guess it's like a 24 professional enaineering --
,\
25 MP. WERMIEL: Ted, I don't know if you know, (v)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433 l
I
198 1 there is a software -- is it software engineering
,, 2 certification program now? Software QA certification now.
/ \
3 Yes, there is.
4 MR. QUINN: IEEE, is it?
5 MS. MITCHELL: Carnegie-Mellon, right?
6 MR. WERMIEL: Is that who does it?
7 MS. MITCHELL: The Software Engineering 8 Institute?
9 MR. WERMIEL: I don't know who does it.
10 MS. MITCHELL: Software Engineering Institute.
11 MR. WERMIEL: The person to talk to about it 12 is Steve Arndt. Steve Arndt at the TTD is certified as a 13 software quality engineer, or whatever they call it. He
,rh t i C/ 14 went through that program, 15 CHAIRMAN MILLER: Steve and Steve. There is 16 two Steves down there who wrote the NUREG, I believe.
17 MR. WERMIEL: Yes. Yes. Steve Arndt was one 18 of the authors of NUREG/BR -- and Steve Casselney was the 19 other one. Yes.
20 CHAIRMAN MILLER: So it might be useful some 21 time, Ted, for you and I to go down there and see what i
22 they're doing.
23 MR. QUINN: Yes.
24 CHAIRMAN MILLER: Because I was down there a
,r3 25 year - two years ago I guess.
6]
NEAL R. GROSS COURT REPORTERS AND TRA.NSCRIBERS 1323 RHODE ISLAND AVE., N W.
(?O2) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
199 1 MR. CHIRAMAL: Then the last item in Dr.
q 2 Miller's memo is recommendation 3.
I i t /
' This goes to the research, 3 CHAIRMAN MILLER:
4 yes.
5 MR. CHIRAMAL: Strategic plan for research 6 program conducted by Research and -- strategic plan.
7 MEMBER SEALE: Is there any connection between 8 that response and the memorandum cn user needs that was 9 recently sent from NRR to Research?
10 MR. WERMIEL: Yes, to some extent. We were 11 not party to the overall strategic assessment or the 12 strategic plan. Maybe Research can speak better to it.
13 My understanding is they have developed for themselves fx
! \
l Cl 14 kind of an umbrella of how they are going to -- would like 15 to see digital system research proceed for the future.
16 We fit within that umbrella with our user 17 needs. While the two are not directly related, in other 18 words, they are certainly a part of each other.
19 MEMBER SEALE: Yes. But presumably, this user l
20 need document out of NRR reflects your position.
21 MR. WERMIEL: Correct. And that position was i 22 derived in part from the National Academy of Sciences 23 study.
24 MEMBER SEALE: Yes. But to the extent that 25 part of it wasn't, do you have any reassurance that they (V)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
WASHINGTON, D C. 20005-3701 (202) 234-4433 (202) 234 4433
200 1 are also going to look at that part of the need?
zs 2 MR. WERMIEL: They are. John Calvert prepared
('~')
3 the response back to us.
4 MR. CALVERT: I'm John Calvert. I'm the new 5 team leader for digital systems and research. And 6 concerning the strategic plan, we are really in the 7 formative stages. And we plan to bring in NRR when we 8 have a little more to go on, and we certainly want them in 9 on this. But it is going to be a while before we get it l 1
10 really going.
11 We have a map, if you will, about what we 12 should do and may do, and we have to bring that into focus )
13 with our own management first.
/^N
)
k/ - 14 MEMBER SEALE: Well, let me just say, I hope 15 that you go from the -- to the stage where you can begin 16 to inform us on what your program --
17 MR. CALVERT: Definitely.
18 MEMBER SEALE: -- that instead of being 19 formative we want to be informative here pretty quick.
20 MR. CALVERT: Yes.
21 CHAIRMAN MILLER: We're going to do that now, 22 right now.
23 MEMBER SEALE: Yes.
24 CHAIRMAN MILLER: I prooose we do that right (O) 25 now. We go through this document and at . east -- I think NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
1 201 1 we have a little bit of time to do that.
,- 2 MR. WERMIEL: Yes.
V 3 CHAIRMAN MILLER: Are we done here, Matt?
4 MR. CHIRAMAL: Yes.
5 MR. WERMIEL: Yes, we are. Use the new 6 document, sure.
7 CHAIRMAN MILLER: We almost strayed into that 8 earlier. Why don't we by deliberate intent?
9 MR. CALVERT: Let me just say one thing here, 10 Dr. Miller, and that is that the user needs are part of 11 our system of working --
12 CHAIRMAN MILLER: Sure.
13 MR. CALVERT: -- that we're trying to do a
,s
\
\2
~
14 little more research initiative. We're trying to i
15 incorporate some things into the strategic plan. But l
16 before we go forward with it, first of all, we have to ,
17 formulate them, and then talk with NRR to make sure it l l
18 really makes sense. And so we're trying - the strategic 19 plan hopes to bring in user needs and where some of the 20 initiatives should go. l 21 CHAIRMAN MILLER: So can we go to the user 22 need document now? That might -- that actually addresses 23 some of the loose ends we've got. That would be --
24 MEMBER SEALE: To Morrison from Collins.
,e tj 25 CHAIRMAN MILLER: And we've got the response.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 2000S-3701 (202) 234-4433
202 1 MR. QUINN: And we're going to compare this 2 with the May 13th memo, which is the response, right?
7~ l
) l 3 MR. WERMIEL: Yes. l 4 MR. QUINN: Good. Now, just as a little 5 background, you had talked to us in the past I think that l
6 there was a review of the Mitre report that was being done 7 to define those research activities that were going to 8 come out of that. And I think when you had talked to us 9 the last time I was here, your belief was you were going 1
1 10 to wait for the National Academy report to complete this.
l 11 And this is what this does.
l 12 MR. WERMIEL: That's right. Let me tell you l l
13 the genesis of the user need memorandum from NRR to t ).
\_/ 14 Research. For a long period of time, and poor John ,
1 15 Gallagher can attest to the amount of effort I spent 16 beating on him for this, I asked he and a number of my 1 1
17 staff -- but John in particular, because he was the 18 primary reviewer of the Mitre report -- to come up with 4 1
19 the areas where we believe, based on any input whatsoever, j 20 we ought to be pursuing future research in the area of
! 21 digital technology.
22 And what you have there is the accumulation of 23 inputs from a number of my staff based on their reviews of 24 the Mitre report, the National Academy of Sciences study, 7
i, ) 25 initiatives with the industry, a number of interactions NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
203 1 with other groups such as our foreign counterparts, and it
- 2 all resulted in these requests for areas that we believe 3 we need to pursue for the future.
4 And what we did was we prioritized those 5 requests based on what we felt our immediate activities 6 were, and those activities that we felt we could spend 7 some time studying on a longer schedule and defer. So 8 internally we agreed on a prioritization scheme, and not 9 everybody thought it was correct. Some of the people on 10 my staff thought some of the priorities ought to be 11 shifted around a little bit, but we eventually came to a 12 consene and that's what you have there.
13 MR. QUINN: The evolution of the responses
- 14 that will occur in each case -- if I was doing it, I would 15 be writing a program plan which would provide a response 16 of how we'd do it, and it would be a cost estimate, and 17 this is how much it's going to run to go -- in our 18 opinion, to get to a level of detail that the staff 19 believes is appropriate for this particular item. Was 20 that done?
l 21 MR. CALVERT: The first step in response to 22 user needs is to give an overall idea of what we plan to 23 do. The second phase is after that is proved and agreed.
24 Then we go after the statement of work, which is just what 7-( ) 25 you said.
\_/
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
204 1 MEMBER SEALE: Well, in this letter from 2 Research back in response, I notice the comment is that 73 3 you're going to initiate 1, 2, 4, and 5 in '97. And then 4 there are -- but then in '98, there are currently no funds 5 for new user need initiation. But because of the priority 6 numbers, you're going to go to the controller to get some 7 supplemental funds, hopefully to initiate some of these 8 items. Is that --
9 MR. CALVERT: Yes, sir.
10 MEMBER SEALE: And do you consider the 11 comments that were raised in the National Academy report 12 to be supportive of those priority levels that you're 13 hoping will give you the basis for supplemental funding?
!n)
\~ / 14 MR. CALVERT: Yes. What you mean is we're 15 going to use what the --
16 MEMBER SEALE: Well, it's a stick or a club.
i 17 It's a club you're going to use to try to beat the money 18 out of somebody.
1 l
19 MR. CALVERT: Yes, that will be one of the l
l 20 justifications.
I
- 21 MEMBER SEALE
- Okay. And hopefully anything l t
! 22 we might say could perhaps make a contribution to that as 23 well.
24 MR. CALVERT: Right.
,/ \
( ,) 25 MEMBER SEALE: Okay. I'm trying to line these NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005 3701 (202) 234-4433
205 1 guys up, you understand.
gy 2 (Laughter.)
(,)
3 MR. CALVERT: The budget process seems to lag 4 the need. And one of the things that we're going to try 5 and do is get a rolling user need, so that when it comes 6 time to do the budget we have, you kr.aw, agreement between 7 NRR and ourselves and we can put it out right away, rather 8 than the way we do now, apparently, is wait for a user 9 need. We have some discussion, but the user need pops 10 out, and then we act on it. And it doesn't seem to be 11 very efficient.
12 CHAIRMAN MILLER: So how are we going to cover 13 this today? What are we going to do today? Had you had
+ )
's / 14 any -- I know you had a plan.
15 MR. WERMIEL: We hadn't planned to discuss the 16 user needs. But if you have any questions or anything 17 you'd like clarified, we can address it.
18 CHAIRMAN MILLER: Well, since we just received 19 your response --
20 MR. MARKLEY: Well, I can comment on the first 21 one. We got that yesterday from Research -- the proposed 22 rulemaking. So that's in process -- to allow for IEEE 23 603.
24 CHAIRMAN MILLER: Item 1 is basically done, A
25 right?
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
206 1 MR. WERMIEL: No, no.
l lg3 2 MR. MARKLEY: It's in process.
- n\,s'i 3 MR. WERMIEL: Wait a minute now. What is in 4 process right now is rulemaking to incorporate IEEE 603 5 into the 50.54a(h). However, the version that is being 6 incorporated is 1991.
7 What the user need talks about is the version 8 that we really want in the regulation, and that's the 1997 9 or '96 version, whichever it will be, the much improved ]
1 l
l 10 version of IEEE 603. So -- l 11 CHAIRMAN MILLER: There we're depending on the 12 standards group, in part, right? l 13 MR. WERMIEL: Exactly, because that has not
,/
\'
14 yet been approved. It is close, as I understand it, but 15 not yet.
16 MEMBER FONTANA: This doesn't appear to be a 17 Research job.
18 MR. WERMIEL: It is only because Research 19 generates our rules. I don't know if the committee knows 20 that, but --
21 MEMBER SEALE: Is there reassignment going on 22 on some of that?
23 MR. WERMIEL: That's something that is -- one 24 of the _crategic initiatives that came out of the
(_,) 25 Chairman's strategic assessment was perhaps the program NEAL R. GROTS COURT REPORTERS AND TRAi, 'CRif IRS 1323 RHODE ISLAND AVE.,i W WASHINGTON, D.C 20005-3L , (202) 234-4433 (202) 234 4 433
207 1 officers should take on that responsibility. But this 7- .
2 particular -- the current version of the rulemaking got i/
3 caught up in the current approach to rulemaking, which is 4 still in the Office of Research. But that may change for 5 the future.
6 MEMBER SEALE: So one of the things we want to 7 be sure of is that in making that administrative 8 transition that these needs don't get lost in the j l
9 paperwork.
10 MR. WERMIEL: We're not going to let this one 11 get lost. l l
12 MEMBER SEALE: Okay. Well, we don't want to j 13 either.
~
/ '%
e
(_)i 14 MR. WERMIEL: No way.
15 MEMBER SEALE: Okay.
i 16 MR. WERMIEL: That is a very high priority 17 user need, you may note.
18 MEMBER SEALE: Okay. Yes.
19 Okay. What about ISO 9000?
20 MR. STEWART: I guess I put that one on there.
21 We're seeing more and more products that are being 22 developed under ISO 9000 programs, simply because they 23 didn't have to do that to sell in the European market.
24 MEMBER SEALE: Sure. !
i (3 25 MR. STEWART: And one of the things that I
)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISI.AND AVE., N W.
l (202) 234 4433 WASHINGTON D C. 20005-3701 (202) 234 4433
208 1 found on my inspections is that the quality of the product
- 2 doesn't appear to be related to whether they use ISO 9000
.)
3 or not. So we have seen garbage programs come out of ISO 4 9000 plants, and we have seen good quality programs come 5 out of plants that don't follow ISO 9000.
6 So what we're looking to do is get a little 7 more of a database of experience, you know, other than 8 just the handful that ve've seen, and see if there is some 9 correlation between ISO 9000 and the quality of the 10 product, and see if we can take some benefit from that.
11 If there is a correlation between ISO 9000 and the 12 quality, we may be able to theoretically shorten our 13 reviews. That is one possible concept.
\
(_,/ 14 The other part that we're looking at on the l 15 ISO 9000, and especially the 9003, which is the software 16 part, is to see if there is anything in their documents 17 that maybe we should include in ours. It's the more 18 thorough review of those. We have read them. We have 19 studied them. But do a little more detailed review of 20 them and make sure we haven't missed something.
21 MEMBER SEALE: Well, there's a down side 22 there, too, isn't there, also? And the down side is that 23 earlier in the reference material you include -- or maybe 24 it's later. Now I'm confused as to where I saw things in
,m
(/)w 25 here. But you include a copy of the public law that NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005 3701 (202) 234 4433 l
t
209 1 dictates -- or, pardon me, directs that you make full use 7s 2 of existing industry standards, and so forth.
- \
'~'
3 MR. STEWART: Right.
4 MEMBER SEALE: The ISO 9000 is a -- I guess 5 it's not quite under that umbrella yet, but it could be 6 shortly.
7 MR. STEWART: We are studying the possibility 8 of it. As it stands right now, I don't think it is good 9 enough.
10 MEMBER SEALE: Well, that's the point. If it 11 is not --
12 MR. WERMIEL: We want --
13 MEMBER SEALE: -- you have to be able to argue
~x i )
(../ 14 the point that you're being suckered, if you're being hung 15 with a set of so-called standards that aren't.
16 MR. STEWART: We don't have enough current 17 experience from direct inspections for us to defend not l
18 using it.
19 MEMBER SEALE: And this is hopefully what this
- 20 will do for it.
l l
l 21 ,
MR. STEWART: Exactly.
22 MR. WERMIEL: I think that's where I wanted to 23 get to was we don't know enough about ISO 9000, 24 particularly 9003, to know what it can tell us when we see n
() 25 something that has been built to it. And what is more, we NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE isl>ND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
210 1 have already been -- I was informed by the QA branch chief
,s, 2 that she is very interested in this activity, because the t :
qj 3 whole ISO 9000 umbrella covers QA in general, which is her 4 responsibility. And they don't know what ISO 9000 means, 5 and there are not only software-based products that are 6 under the ISO 9000 umbrella, but other equipment as well.
7 MEMBER SEALE: Sure.
l 8 MR. WERMIEL: And again, they are sort of in a 9 bit of a quandary as to what it means when something is l
10 identified as having been qualified to ISO 9000.
11 MR. UHRIG: A couple of questions here. One, 12 if examples -- l 13 MEMBER SEALE: You have to have eye contact l
14 with that microphone.
15 MR. UHRIG: Okay. Is it primarily U.S.
16 industry examples?
17 MR. STEWART: The ones that I have seen were 18 built ir, the United States. Some of those companies are 19 foreign owned.
20 MR. UHRIG: How about European experience?
l 21 MR. STEWART: I have not seen any directly.
22 MR. WERMIEL: I can speak to what we just 23 heard, for example, at our four-party meeting from the 24 French. They had some questions about some ISO 9000
(~~N i
) 25 qualified equipment in some French plants.
l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS i 1323 RHODE ISLAND AVE., N.W.
(W) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
211 1 MR. UHRIG: A question to Christine. Did the
- -~x 2 Academy study look at ISO 9000 at all, 9003 particularly?
i Vl 3 MS. MITCHELL: No.
4 MR. UHRIG: It did not.
5 MEMBER SEALE: So there are some real issues 6 there, then --
7 MR. WERMIEL: We think so.
8 MEMBER SEALE: -- in that one. Okay.
9 The next one that was in this list you're 10 going to do is 4. Let's see, where is 4? Oh, okay.
11 It's --
12 CHAIRMAN MILLER: You already started.
13 MEMBER SEALE: --
quantitative assessment of q
l i
\/ 14 digital system reliability.
15 CHAIRMAN MILLER: You already started this 16 one, right?
17 MR. STEWART: Yes. I think we already had 38 this discussion.
19 MEMBER SEALE: Okay. Fine. Okay. We've been 20 chewing on that one, too, huh?
21 And 5 is IEEE Standard 1498 review.
22 MR. STEWART: Yes. 1498 is being pushed in 23 the industry as one of the dominant standards. And what 24 that came out of was the old Mil. Spec. 2167, and there
,r
(_,h) 25 was a DOD Directive to get rid of Mil. Specs. as much as NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4 433
212 1 you could and go to civilian standards. And this is the l
,s 2 -- what is getting towards the end result of that, and it 3 should be on the street and starting to get used soon.
4 And because we think it's going to be a dominant standard, 5 we need to understand exactly everything that is in it and 6 start getting some experience as to how well it is being 7 used.
8 MEMBER SEALE: Okay. And then the ones that 9 are in your supplemental fund request are covered by it, lo hopefully. Or 3 and 6, is it? Yes. 3 is domain 11 engineering guidance. Tell me what that is.
1 12 MR. WERMIEL: Does John want to -- John, I'd I 13 appreciate it if you would speak to this.
r~'s>
\m / 14 It's a topic that is near and dear to Mr.
15 Gallagher's heart.
16 (Laughter.)
17 MEMBER SEALE: Well, then it ought to be near 18 and dear to ours.
19 MR. WERMIEL: Oh, yes.
20 MR. GALLAGHER: If you look at the 21 recommendations that Mitre had, need for research that was 22 almost directly related to the regulatory aspects, 23 although there were a few I think, they were both from the 24 industry and the regulations. They identified the aspect
()
/ \
25 of systems engineering where systems engineering helped NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
6 213 1
1 one understand the level of quality that one was asking
/
, . ~
\
2 from the software in order to be commensurate with the v I 3 risk associated with the functioning of the system.
4 If you think about this, it allows you -- if 5 you say not only is this applicable in the nuclear 6 industry but also applicable in the petrochemical i l
7 industry, aircraft, planes, trains, automobiles, and 8 nuclear plants, then you can see that if one had a good 9 model of the systems that were high risk or safety 10 critical, then one could have a much broader base for 11 experience, or it could have a much better grasp on where i
12 you went to look for certain COTS products, where these l 13 products would have followed a process similar to the one r~s 14 that we've asked for.
15 So there has been a lot of attention to the 16 idea of domain engineering. The Army has a big effort to 17 reuse. The Navy has a big effort that is partially reuse, 18 partially in the area of off-the-shelf items.
19 So what we've asked Research to do is to come 20 up with -- basically, with a model of the domain that we 21 work in for the application of safety-critical, digital-22 based systems, and then have that model in a way that we 23 can compare it to other models and help us decide where 24 there are systems that are similar to outo, (m) a 25 And we suggested that they might look at IEC NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
214 1 1508, which is a more general standard, which is getting a 7- 2 lot of ink not only in Europe but also more in the U.S
('~') 3 There are people who are reasonably expert in 4 domain engineering. We have been dealing with one of them 5 over here in Reston. The Software Productivity Consortium 6 has put a lot of effort into this area. And we view it as 7 a way of helping us get more effective use of what other 8 people are doing in an area very similar to the area that 9 we work with.
10 CHAIRMAN MILLER: That should be very valuable 11 for future applications.
12 MR. WERMIEL: That's what we think, is that 13 when we were faced with a future application, particularly
/
(-)
^t 14 a generic approach, a generic platform, we might be able 15 to take this domain engineering approach, apply it to it 16 and understand how much of a review should we apply to it, 17 what is the purpose of the platform, what domains does it f 18 purport to encompass within the nuclear plan.
19 CHAIRMAN MILLER: It gives us a foundation, so 9
20 we've coming on the reactive mode and we have new 21 technology.
22 MR. WERMIEL: Yes. !
Y l
23 MEMBER SEALE: Well, as you go along in this, l i
24 I think it would be something the committee would be j (v ) 25 interested in getting an update on.
NEAL R. GROSS 1 COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
215 1 CHhlxMAN MILLER: I'm sure Bob Uhrig.would be 7- 2 interested.
( )
3 MEMBER SEALE: Yes.
4 MR. WERMIEL: As we get into it.
5 CHAIRMAM MILLER: Because I think once we get 6 the standard review plan behind us, so to speak, we need 7 to look at new technology coming down the road.
8 MR. WERMIEL: Oh, yes.
9 CHAIRMAN MILLER: I almost believe that - - - I 10 know we shouldn't promote. We should facilitate and not 11 inhibit.
12 MR. WERMIEL: Yes.
13 CHAIRMAN MILLER: If they come to us as a fm 14 neural network system, we're ready to talk about it.
15 (Laughter.)
16 MEMBER SEALE: If I may express an opinion --
17 CHAIRMAN MILLER: Some time in the future say 18 that, not today.
19 MR. WERMIEL: Okay.
20 MEMBER SEALE: If I may express an opinion on 21 this subject, Don. I think the issue here is not 22 promoting digital anything. The issue is nuclear safety.
23 MR. WERMIEL: Yes.
24 CHAIRMAN MILLER: Yes.
,en
) 25 MEMBER SEALE: And there is no question but NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 200 5 3701 (202) 234 4433
216 1 what the inherent characteristics of digital systema are 2 such that with the appropriate investment of engineering 7-N.) 3 competence into the application of the digital equipment, 4 you're ahead en safety. And I don't think you have to 5 apologize for that position one iota.
6 CHAIRMAN MILLER: Taking that as the model, 7 you're right. Five years ago, we were kind of behind 8 things, and now I think we're catching up.
9 MR. GALLAGHER: I think if you remember one of 10 the overheads that Matt had up towards the end, it talked 11 about the Esprit DVAL program. And the Esprit DVAL 12 program is an effort to try to apply Bayesian technologies 13 to get credit for the processes that were used to develop (3
s 14 the software.
15 And, therefore, one can say if I can 16 hypothesize that I test at 10'3, maybe it's good to 10-5 17 And people are working on this, George, and I'm not saying 18 that they're all right or not. But this is a big effort 19 that is going on in Europe, and, of course, one of the 20 bases is, how do you get a long enough base of experience 21 to have an effective Bayesian database.
22 And, again, domain engineering would allow you 23 to broaden your database much beyond what we could ever 24 hope to have from nuclear, so that we could get some
,n
( ,) 25 effective answers.
HEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 123 RHODE ISMND AW.. N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
217 1 MEMBER APOSTOLAKIS: Do you have any documents
,- 2 on this project?
i 3 MR. GALLAGHER: Yes. I have a copy of the 4 DVAL work. It is on the Internet. But I could give you 5 -- I could make available -- mine is about almost a year 6 old now. But it does explain what the overall program is 7 and what work package 5 is.
8 MEMBER APOSTOLAKIS: Yes, I'd appreciate a 9 copy.
10 MEMBER SEALE: The last one here is the formal 11 methods item on this list of needs. And I guess you're 12 trying to geu the money to work on that, too.
13 MR. STEWART: Yes. The formal methods we put
'v) 14 on there because we have seen some promise with it. But 15 again, it is one of those items -- it's in a state of the i
16 art rather than state of the practice. And we weren't 17 ready to endorse the mandatory use of it.
18 MR. GALLAGHER: I'm scheduled to give a 19 discussion on the state of the practice on this tomorrow, 20 and one of the things I want to emphasize is some of the 21 things I picked up at the meeting in January here in 22 Annapolis on requirements engineering. There were two of 23 the most prominent members of the formal methods 24 practicing community -- Anthony Hall from Praxis and John (n)-
25 Rushby who has been doing a lot of work with NASA in NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE,, N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
218 i I formal methods. i
, 2 And both of these men, five years ago when you j
(')
3 heard informal methods, was going to do everything. They 4 have tried that. It did not do everything. So now they .
1 5 are down to where one has to be very selective as to where 6 you apply formal methods. And as John Rushby said, tiers 7 are not the most important thing for formal methods.
8 They're the only important thing for formal methods. l l
9 And so what we want to do is start looking at 10 some of the tools people are using to help them in the 11 areas of completeness, consistency, things like that. l 12 MEMBER APOSTOLAKIS: Very good.
13 MR. UHRIG: John, have you kept up with the j
[~D )
(/ 14 Canadian experience on this with Darlington? I have sort l
l 15 of lost track of that. l 16 MR. GALLAGHER: Not as much as Jerry has.
17 MR. WERMIEL: Yes. Matt and I heard about it, 18 to some extent, just last week. They are totally redoing 19 the Darlington software-based systems. They are backing 20 off on the use of the formal proof or formal methods, as I 21 understood it, simply because they are finding it 22 extremely difficult to take the translation of the 23 requirements and actually apply it to the software coding.
24 Their experience has not been very successful
!v) 25 at that, and for that reason --
NEAL R. GROSS COURT REPORTERS AND TRANSCR!BERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
219 1 MR. GALLAGHER: Parnesse has publicly admitted
- 7. 2 another code last year in the April issue of Software, I
'~'
)
3 where they got together a roundtable of people to talk 4 about formal methods. And his method of notation was very 5 awkward and did not really achieve what he was hoping for.
6 MR. UHRIG: Thank you.
7 MEMBER APOSTOLAKIS: Have you guys in -- this 8 testing, can one, in your opinion, get an estimate of the 9 reliability of testing the thing around different inputs?
10 Like the Canadians did. That's why I remember it. I 11 mean, it's not a completely --
12 MR. WERMIEL: The British I guess are the best 13 example. Matt will help me here. They developed what
'w s'I 14 they called a dynamic simulation of one of the channels of 15 the Sizewell software-based protection system, primary 16 protection system. And they subjected it to many 17 thousands of what they felt were random inputs with the --
18 u1 order to measure the anticipated output in an effort to 19 attempt to quantify, over what they felt was a fairly 20 appropriate distribution, to obtain a failure rate. How 21 many failures per input test occurred?
22 They were not real successful at it initially 23 for a number of reasons, but the primary reason was the 24 test oracle that they were using to confirm or validate q
25 the test inputs had some flaws in it. And the flaws were
( ]
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C 20005-3701 (202) 234-4433
i 220 1 based on a misunderstanding of some of the actual s 2 engineering aspects of the digital system itself, the
> )
3 digital system responses.
4 Others are trying to do this kind of thing.
1 5 There are people that believe you can conduct random tests 6 on a digital system over some test envelope in order to l 1
7 establish a failure rate based on supposed outputs.
8 There are a number of questions on whether or 9 not it is really random, whether or not the simulated 10 system that you are testing is really the system that is 11 in the plant, because when you start to put these digital 12 systems in a plant where it has to interface with an 13 existing power supply or other environmental stressors, em i !
N/ 14 and things of that sort, it may not respond the way it did 15 under the dynamic testing that you subjected it to. So 16 there are all kinds of variables that need to be 17 considered.
18 I don't believe we, yet, have heard of anybody 19 that is confident that they can do this in a way that they l 20 can say categorically, "I have now established a numerical i
! 21 value, a numerical failure rate, for the system."
i 22 MR. GALLAGHER: Well, the IBM space -- well, 23 it used to be IBM. I don't know who it is now. Ted 24 Keller and those people out at the Johnson Space Center (y
(
) 25 have put a lot of emphasis on testing, not so much to come NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
221 1 up with a number but to come up with a feeling that it is f3 2 fit for duty for that mission.
( )
s/
3 And there has been a lot of argument by some 4 of the people who reviewed this in the National Research 5 Council, things they found. If you go back and look at 6 most of their findings, they found problems with the 7 software that were not critical to that particular 8 mission. And so they have been making effective use.
9 And there is another group down here in 10 Virginia, Jeffrey Voss, who wrote a book with some other 11 person, and his idea is to take the inverse of the 12 operational profile. The argument is you know a lot about 13 where this stuff normally works. You don't know much
- y x/ 14 about it in the regions where it hardly ever works.
15 And so rather than just take the normal 16 operational profile with randomness to that, he and some 17 other people are talking about taking the inverse of the 18 operational profile, looking at it in those extreme areas 19 and see how things work. And from that, maybe they can 20 come up with a number because of some statistical 21 mathematics I guess they can go through without, you know, 22 their hands falling off.
23 MEMBER APOSTOLAKIS: I think there is a 24 fundamental problem with the approach. I have seen the g
( ,) 25 Darlington work where they had 7,800 I think tests.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
222 i l
1 MR. WERMIEL: Yes. l
,_s 2 MEMBER APOSTCLAKIS: And they concluded that
( )
~'
3 their probability was -- I think there is a fundamental 4 problem with that, a fundamental flaw, because the inputs 5 really are not random.
6 MR. WERMIEL: That is something that has been 7 questioned consistently.
8 MEMBER APOSTOLAKIS: It is really a major 9 problem. l 10 MR. WERMIEL: The British subjected the l
11 Sizewell channel that I spoke of to over 55,000 tests.
12 And there was still aome question, first of all, of the 1
13 randomness. But then over half of those tests turned out l
- 14 to be invalid because of the problem with the test oracle.
l 15 MEMBER APOSTOLAKIS: Yes.
l 16 CHAIRMAN MILLER: Okay. I would suggest, if 17 we're kind of at a breaking point, we are scheduled for a 18 break. We an> basically back on schedule. I would like 19 to take a break until 3:25.
20 (Whereupon, the proceedings in the foregoing 21 matter went off the record at 3:05 p.m. and 22 went back on the record at 3:32 p.m.)
23 MEMBER SEALE: Okay, gentlemen, Dr. Miller, it 24 turns out, is tied up on the phone and he suggested that
,/ -
( ,) 25 we might want to go ahead and get started. You guys are NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
223 1 going to talk about reg. guide, I assume?
. 2 MR. KRAMER: We're going to do a little bit of 3 reg. guides.
4 MEMBER SEALE: Okay, sir; you want to go ahead 5 and give us the word then, Joel?
6 MR. KRAMER: Yeah, I'm Joel Kramer from the 7 Control Instrumentation & Human Factors Branch in the 8 Office of Research. To my left is John Scott, our 9 consultant from Lawrence Livermore National Lab, and some 10 other of the folk -- Bob Brill at the table and John 11 Calvert, who you already know.
12 The title is Reconciliation of the Public 13 Comments on the Draft Software Reg. Guides 1054 through
?
/ )
(_/ 14 1059. Actually, three elements to the purpose. I want to 15 really just highlight -- discuss the proposed changes to 16 the draft software reg. guides as a function of the public 17 comments that we had received.
18 These guides endorse, with clarification and 19 exception, eight IEEE standards. More detailed review 20 guidance and acceptance criteria are contained in the SRP 21 and BTP-14. And we had some discussion of this morning; 22 and I believe tomorrow, at some point in time, Jim Stewart 1
i 23 from NRR will be actually walking folks through the 24 application of the SRP's and BTP's -- in this case, BTP-7--
) 25 14, and at least one or more of these reg. guides to show
.o I NEAL R. GROSS
! COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
224 l
1 you. l 73 2 We received actually six sources of public
- - )
3 comment: Westinghouse, Commonwealth Edison, Nebraska 4 Public Power District for Cooper Nuclear Station, Capri 5 Technology, a member of the NRC's Atomic Safety Licensing 6 Board, and actually, in parentheses, I put (Nuclear )
l 7 Utilities Software Management Group). I 8 Actually, the public comment period closed in 9 October, and just last week we got a set of comments from l l
10 NUSMG. We will be further evaluating them to see if we're 1
11 going to make any other changes. As I scan through their 12 comments, I saw a lot of, you know, one for one verbatim l 13 wording of other comments that we had received from other :
,e
\_) 14 sources, and I didn't really see anything new in those 15 comments.
16 I took the liberty, even though one can look 17 at the reconciliation of the comments and maybe say, you 18 know, there's a bit more heartburn out there than we might 19 have reflected in terms of how we responded to certain 20 comments and what we did in terms of proposed changes.
21 I think these six bullets, as I look back at 22 it, are my way of kind of like summarizing the tone and 23 tenor of the public comments. I think generally they 24 supported the use of the software reg. guides kind of like n
() 25 as a first step.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
225 1 That's to say that, you know, we don't go back g 2 to square one. We start with them, but we need to further
(
) !
3 improve our technical basis for regulation in digital I&C 4 in the future. Some of the people and organizations 5 indicated that some of the standards may be too j 6 prescriptive.
7 We had discussion on being prescriptive 8 before. A couple of examples in the standard for V&V 9 1012, and also 1074, Software Life cycle Processes.
10 Several of the commenters thought that they were, you i
11 know, too burdensome, too much, you know, for them to 12 swallow. I 13 There were several comments on the wording l l i
\' - 14 that we had on the requirement for independence. That i 1
15 again was viewed as a bit too much. And there were a !
1 16 number of suggestions made for rewording which I'll get 17 into later, and I thought that that was a worthwhile 18 source of comment.
19 Another pervading theme, I think, was the 20 notion that, as you looked across some of the reg. guides l 21 and therefore the IEEE standards, one got the impr,ession -
22 - or people got the impression in reading them that we ,
1 23 were, you know, restricting or forbidding the use of 24 commercial off-the-shelf software.
! ) 25 And that's certainly not true. And we have a
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBE.RS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
226 1 proposed revisions to a number of the reg. guides in that s 2 vein. There were a number of other worthwhile, t
)
3 constructive suggestions for improved wording and 4 clarification.
5 There is also kind of like -- I would call it, 6 if I 1o04 at all the sources of response comment-wise, you 7 kind of like have sort of a minority view that I think is 8 an important minority view in the sense of we got these 9 things as a first step and you need to go further.
1 10 And I think it was best reflected from Capri l l
11 Technology where the basic nature of the comment was there l l
12 was a need for a software safety system model to provide 13 further assurance of the adequacy of software products. I
. i
'- 14 think that's further oriented. I think we agree with 15 that.
16 That's part of what the research that you 17 heard a little bit about earlier is about. And I think 18 that was a good comment even though we couldn't be, you 19 know, more responcive in terms of exactly saying what we 20 were going to c'.o; but I think we supported the notion in 21 our response to Capri Technology that we need to do better 22 in terms of developing the technical basis.
23 MEMBER APOSTOLAKIS: Can you tell us who Capri 24 Technology is?
,\
() 25 MR. KRAMER: As far as I know, it's a one NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
227 1 person organization.
2 And Jim Stewart, you can back me up or further 3 clarify it.
4 I think the individual who owns and runs it, 5 sole employee lock, stock, and barrel, is Bill Petrick.
6 Jim knows him better than I do.
7 MR. STEWART: That's correct, it is Bill 8 Petrick. I'm not sure if he has any other associates 9 working with him right now or not. He's been coming to 10 the PLC groups and the COTS working groups, so he's pretty 11 familiar with what we're doing. We tend to disagree 12 sometimes.
13 MEMBER APOSTOLA'(IS : He's here, an EPRI
, )
(d 14 contractor, or -- who supports his vork, the industry?
15 MR. STEWART: He contracts to the industry.
16 MR. UHRIG: The comment about the COTS, was 17 there any elaboration on it?
18 MR. KRA.MER : Yes, I'11 get into that shortly 19 in terms of what the comment was. You all do have the 20 detailed actual comments side by side with our responses
! 21 and the resolutions, and I'll get into that shortly.
I 22 To anchor us a little bit with respect to the 23 numbering system, these are the proposed changes to Draft 24 Guide 1054 that was out for public comment. Our proposed
( ) 25 final Reg. Guide 1.168, which is in parentheses, is what NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4 4 3
228 1 you know have in the -- in your package.
_ 2 And what I'm attempting to do is to just 4
\
3 summarize the changes that are in there per what we said 4 in the resolution of the comments. On position three, 5 which was again this issue of the independence of software 6 V&V, there were two aspects associatai with -- in terms of 7 the comments, the proficiency of the independent verifiers 8 and kind of like the responsibility for the adequacy of 9 the V&V in terms of the independence of the organization.
10 What we decided to do was to replace the 11 wording that was in the proposed final reg. guide, and 1
12 I'll just highlight what that was. The independent 1 13 verifiers must also be as proficient in software t
/~Ni l
(_/ '
14 engineering as the software developer with the following: )
1 15 The independent verifiers must be sufficiently 16 competent in software engineering to ensure that software 17 V&V is adequately implemented. We had also had the words 1
18 in there as a concluding sentence "this implies 19 capabilities to those -- comparable to those of the 20 developer."
21 If you look at the original comment and the 22 wording that we had, it seemed to me -- and what I'm 23 alerting you to is that we've made a further change since 24 your package. We've taken out the last sentence that said n
(<j ) 25 "this implies capabilities comparable to those of the NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON D C. 20005-3701 (202) 234-4433
229 1 developer."
,_ 2 So basically what we're saying is -- we're not
( ~' /
3 saying as proficient in the strict sense; we're saying the 4 independent verifiers must be sufficiently competent in 5 software engineering to ensure that the software V&V is 6 adequately implemented.
7 Now, the second part of the independence thing 8 concerns who in the organization and what level of 9 independence is there to conduct the independent V&V.
10 And what we are insert ing af ter the sentence in the reg.
11 guide that says, "Thatefore, independence is an additional 12 requirement for software V&V applying to personnel 13 performing software V&V and software design so that those q
i ?
K' 14 who perform software V&V must be different from those who 15 design or code the software."
16 Adding a sentence that says, " Approaches to 17 performing independent software V&V are described in Reg.
18 Guide 1.152, Rev. 1, regardless of the approach selected 19 for a given V&V task responsibility" -- and I think this 20 is the key part -- "the responsibility for the adequacy of 21 V&V lies with the organization responsible for the 22 independent V&V."
23 MEMBER SEALE: I'm intrigued by your syntax 24 there. You say the individuals must be different. That's
,m 25 (v) not the same thing exactly as saying different NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
230 1 individuals. And I think you really mean different s 2 individuals, don't you?
(
'~
)
3 MR. KRAMER: Yes.
4 MEMBER FONTANA: Could you say that again, 5 please?
6 MR. KRAMER: The responsibility -- approaches 7 to performing independent software V&V are described in 8 the reg. guide, regardless of the approach selected for a 9 given V&V task, the responsibility for the adequacy of V&V 10 lies with the organization responsible for the independent 11 V&V.
12 MR. UHRIG: But the original organization 13 still has some responsibility to make sure that that group
,ry 14 is capable, i i
15 MR. KRAMER: Yes.
16 MEMBER FONTANA: The question arises who's 17 responsible for the goodness of the product, V&V guys or 18 the guys who wrote it to start with?
19 MR. KRAMER: Both.
20 MEMBER FONTANA: That's why I asked the 21 question.
22 MR. UHRIG: That's not clear. Your last 23 statement just emphatically said it's -- the viewing group 24 has the responsibility for the review.
,m j 25 MR. SCOTT: Yes, not for the overall quality NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
231 1 of the software. That's the overall development effort.
fx 2 MR. UHRIG: But who has the responsibility of
( )
('~'/ 3 overall quality of the software, the original --
4 MR. SCOTT: The original.
5 MR. UHRIG: -- original people.
6 MR. SCOTT: Yes. This question came up as a 7 result of the commenter pointing out that 7-4.3.2 permits 8 independent V&V -- an independent V&V organization to ,
l 9 either perform tasks -- V&V tasks independently or to 10 witness what the developer is doing or to review what the l l 11 developer did. l l
12 The way the commenter phrased one of the 13 responses was taat it was okay for the independent V&V
/ 8 L i
\/ 14 activity to merely review what the developer did. And 15 what the response was, was it, according to 7-4.3.2, is !
l 16 fine for the organization to review that, but that this 17 was a reminder to the independent V&V organization that 18 they had responsibility for the adequacy of the 19 independent V&V they were performing even if they only 20 chose to review someone else's activity.
21 MR. QUINN: Wouldn't you consider this r,imilar 22 to the independent reviewer we used for calculations? You 23 know, what you talked about seemed to be what's the level 24 of responsibility w. h regard to individual ownership of
/ \
() 25 the issue --
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 HHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
232 1 MR. SCOTT: Yes.
, .s 2 MR. QUINN: -- of the review -- of the
- \
( /
3 quality. Well, on a calculaticm, the quality owner, the 4 person that generates it is the owner of quality, but the 5 verifier we hold equally as accountable --
6 MR. SCOTT: Yes.
7 MR. QUINN: -- for ensuring that the product 8 is -- and the blame is equally shared if there's a 9 mistake.
10 MR. SCOTT: Yes.
11 MR. STEWART: Joel, maybe I can help on this.
12 MR. KRAMER: Yes, Jim.
13 MR. STEWART: When we wrote that in 7-4.3.2, r~N i
' l
/ 14 specifically what we had in mind was software testing. So 15 if you have a situation where you have, like you heard 16 previously, 55,000 tests at Sizewell, the independent 17 verifier can review the results of those tests and can 18 assess the quality of the tests, but he does not 19 necessarily have to repeat the test.
l 20 And that's really what that part of 7-4.3.2 is ;
I 21 aimed at. ,
1 22 MR. KRAMER: Okay.
l 23 MEMBER SEALE: But are we then reading more l I
24 freedom into that part of 7-4.3.2 than was originally l t
j 25 intended by the authors? I mean, if you're talking about (Nv) l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS i 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 2000 5 3701 (202) 234-4433
233 1 the review authority going to the adequacy of tests,
,s 2 that's a much narrower constraint than saying they have I
s
)
3 the authority, if those so choose, to just review 4 everything.
5 MR. STEWART: To a large extent, the 6 verification activities really are just reviewing 7 everything. When you're doing a code walk through or any 8 of those activities, that really is just a --
9 MEMBER SEALE: I was afraid you were going to 10 say that.
11 MR. STEWART: Unfortunately that is how a lot 12 of the verification activities get done.
13 MEMBER SEALE: Yes.
m
! \
's / 14 MR. KRAMER: Okay, moving on, if we could, to 15 --
16 MR. QUINN: I hope it was covered, but the 17 public comment, the way I took the interpretation, was 18 that the originator -- that the reviewer needed to be more 19 qualified than the originator, and that you modified the 20 text so that -- you did make a change here.
21 MR. KRAMER: We did the change on the 22 proficiency end, yes.
23 MR. QUINN: Right.
24 MR. STEWART: Yes, the commenter had the
()
/m. l 25 perception that we had tighter requirements on the NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
234 1 verifier than we did on the designer, --
,, 2 MR. QUINN: Right.
\
s /
' ~ '
3 MR. STEWART: -- and that wasn't our 4 intention.
5 MEMBER FONTANA: You said the best guy 6 couldn't do the work I think is what you ended up saying.
7 MR. QUINN: Right, right.
8 MEMBER FONTANA: So my question was whether 9 the V&v guy was letting the original developers off the i 10 hook.
1 11 MR. QUINN: Right.
12 MR. KRAMER: In position five for 1054, which 13 was titled Conformance of Materials, this was the -- kind l
'b 14 of like one of the first instances of the question being 15 raised about well, gee whiz, seems as though you're 16 forbidding the use of COTS.
17 And what we did at the end of the current 18 position five was simply add in Reg. Guide 1.152, Rev. 1, 19 provides information on the acceptance of preexisting
! 20 software. Additional detailed information on acceptance i
21 processes in available in EPRI TR-106439, which we've l
22 heard a little bit about today; and tomorrow you'll hear 23 about the draft SER, I guess, that endorses that.
24 In Section B, which is the discussion section f' ~%,
( ) 25 of that particular reg. guide, there were a number of NEAL R. GROSS COURT REPORTERS Ar4D TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344 433
235 1 concerns related to -- and we talked about this a little 2 bit this morning as well, and we'll hear more tomorrow as 7~
(
'~
3 Jim walks us through it. But we heard in that footnote in 4 the SRP section the wording there with respect to grading 5 and importance and safety.
6 And so basically you have classification of 7 safety system software based on importance to safety and 8 flexibility of implementation. And what we propose doing 9 in the revision that you have before you in the Reg. Guide 10 is adding in, at the end of Section B, a paragraph that 11 reads as follows: l l
12 "IEEE Standard 603-1991" -- it's kind of like j 13 similar to what you heard this morning. "IEEE Standard 7-g's
)
\/ 14 4.3.2-1993 endorsed by Reg. Guide 1.153, Rev. 1, and Reg.
15 Paide 1.52, Rev. 1, respectively, do not provide for 16 classification through the forward -- do' provide -- do not 17 provide, although the forward to IPEEE Standard 7-4.3.2-18 1993 recommends the addition of grading to future versions 19 of IEEE Standard 603.
20 "The Reg. Guide is based on current standards 21 and describes methods acceptable for any safety system 22 software. Within the framework of the acceptable method 23 described by this regulatory guide, certain V&V activities 24 are required.
() 25 "For smaller, Jess complex systems or NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
236 l
1 componer.s, these activities should require less effort. l 2 Additionally, the applicant or licensee will determine how )
-73 t I k/ ;
3 the required activities will be implemented commensurate i 1
4 with the item's important to safety.
5 "This has the benefit of ensuring that I
6 concepts addressed in the standard are applied within the 7 context of safety system development while providing the 8 applicant or licensee with flexibility and 9 implementation."
10 We need to -- you'll see that there were other 11 words in here which we are proposing to delete as a 12 function of the discussion we had this morning where we
,_ 13 don't basically want to get out in front on this grade QA
! )
14 rick informed reg. guide kind of approach at this point in ;
15 time and make it appear that, you know, we want another, 16 you know, pilot project otherwise known as digital I&C 17 for, you know, a graded QA kind of thing.
18 So what we have here is consistent with what 19 you heard for the standard review plan.
20 MR. QUINN: So after this word implementation, 21 the rest of the paragraph is being deleted?
22 MR. KRAMER: Yes.
23 MR. QUINN: I like those words that were in 24 the rest of the paragraph.
\,) 25 MR. KRAMER: Yes; the problem is, I think the NEAL R. GROSS I
COURT REPORTERG AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
]
(202) 2344433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
237 1 -- check me if I'm wrong, Jerry, but you know, the
,~. 2 Commission has sort of stated where things are with the t :
~#
3 graded QA risk informed reg. guide. You know, -re just, at 4 least at this point in time, need to take those words out.
5 That's not to say that they, you know, 6 couldn't wind up back in. But we don't want to get out in 7 front of what's going on in the other area.
8 MR. WERMIEL: That's right, Joel. That's what 9 we talked about this morning.
10 MEMBER SEALE: But on the other hand, the 11 Commission has indicated willingness to entertain other 12 pilot proposals.
13 MR. WERMIEL: Absolutely. My understanding is
,a
'\_/) 14 there are a number of proposals already that were -- that 15 the right people on the NRC staff are wrestling with right 16 now.
17 MEMBER SEALE: Okay.
18 MR. WERMIEL: I hope they can come to a l 19 reasonable resolution relatively soon because I think you I
i
'O can see we already thought that what we had provided here 21 was consistent with Appendix B and made sense. But we're 22 now being a little more cautious because of the somewhat 23 controversy in this area of graded approach.
24 MR. QUINN: I guess, Mr. Chairman, we are
,-m 25 looking for more explicit guidelines here. We seem to be wi')
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON D.C. 20005-3701 (202) 234 4 433
238 1 losing even the minimal explicit guidelines we've had.
,_s 2 MR. MARKLEY: But in defense of the overall
',' l
"' 3 program and what they're trying to do, I&C could fit 4 another application just like 1ST and the others. And it 5 would fit the context of the larger body of documents in 6 risk-informed.
7 MR. KRAMER: And I guess if the licensee were 9 to propose a modification and wanted to go through an 9 argument or rationale since the reg. guide is only, you 10 know, one method endorsing, you know, a standard, just the 11 same as with an SRP, I'm sure that NRR would evaluate what 12 they were proposing accordingly.
13 You know, you wouldn't be denying them to do i
V 14 that.
15 MEMBER APOSTOLAKIS: Do you think it would be 16 a good idea for us to recommend that I&C be the pilot?
17 MR. MARKLEY: The only down side, George, is 18 it's somewhat customer driven in that a licensee really 19 determines the need for a pilot.
20 MEMBER APOSTOLAKIS: Y 2a . Well, we can 21 express a wish. Yeah, you're right.
22 MR. KRAMER: Okay, those were the proposed 23 changes to 1054.
24 MR. QUINN: Is that the last time we talk
()
25 about graded approach?
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASH!NGTON, D.C. 20005-3701 (202) 234-4433
239 l l
1 MR. KRAMER: Well, no, because there were l
7-- 2 comments along the same lines in some of the other reg.
\
)
3 guides.
4 MR. QUINN: Well, okay.
5 MR. KRAMER: And I will basically go back to 6 what I've just said, but then perhaps I think tomorrow you !
7 may want to talk more about the graded approach.
8 MR. MARKLEY: We have a session.
9 MR. KRAMER: There's a discussion session.
10 The position six modifications are kind of 11 like minor rewording. I don't view them as being 12 significant.
13 But just to refresh you a little bit, the last pq 1
k/ -
14 sentence of the first paragraph in position six that deals 15 with documentation will be changed to "This draft 16 regulatory guide applies to all aspects of the software 17 life cycle within the system life cycle context."
18 "Therefore, for safety system software 19 configuration items or control documents should include 20 the following:" And the following -- the list that's in 21 the reg. guide in the position six. And then there's a 22 subelement of position six that we're rewording per 23 comment that changes from requirements, designs, and codes 24 to software requirements, designs, and codes.
A
! ) 25 The next bullet as well. There's a subelement O
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE. N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
240 1 that's going to be reworded. " Exact versions of support
,, 2 software used in development" will be changed to " software
! \
~
' 'J 3 support used in development (exact versions) . " It's kind 4 of like minor wording clarifications.
5 And then following the sentence "Other items 6 that may not change but are necessary to ensure correct 7 software production such as compilers should also be 8 configuration items," we're adding in the sentence that ;
9 says "This helps to ensure that all factors contributing" j 10 -- and one of the factors obviously was the "such as l l
11 compilers."
12 "All factors contributing to the executable 13 software understood and has benefits in areas such as i r )
L/ 14 maintenance, future software development, and tracing the 15 impact of reported bugs." I guess the more significant 16 change as associated in that reg. guide is associated with 17 position 12, which is kind of like a backfit 18 clarification.
19 So we added a new position 12 saying that 20 backfittig is not intended. In Section 1.1 of IEEE 21 Standard 828-1990, the following statement is made. It 22 also applies to non-critical software and to software 23 already developed. Such statements in the standard should 24 not be interpreted as a requirement for backfit.
4
! 25 And then a reference to the implementation v
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 2344433 WASHINGTON, D C. 20005-3701 (202) 234-44: .
241 1 section of the draft reg. guide for its intended use in
.y 2 the implementation section didn't change from what it was i )
"~
3 before. ;
4 There were no proposed changes to software 5 test documentation, Draft Guide 1056.
6 Two positions were changed for Draft Guide 7 1057, Software Unit Testing. In position four, replace j i
8 the current -- or the position four that was in Draft 9 Guide 1057 with " criterion three design control imposes an 10 independence requirement for the verification and checking 11 of the adequacy of the design requiring those who verify 12 and check be different from those who accomplish the 13 design."
! )
N/ 14 It's kind of like essentially the same 15 position as we talked about before for 1054. Therefore, 16 independence is an additional requirement for software 17 unit testing. Either those who establish the requirements 18 based on elements for software unit test must be different 19 from those who designed it or coded the software.
20 Or there must be independent review of the 21 establishment of the requirements based on elements. The 22 guidance in Section A-7 of Appendix 8, the IEEE Standard 23 1008-1987 provides acceptable ways to meet this 24 requirement for software unit testing.
,rh
(_,) 25 These independent persons shall be NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
1 242 1 1 sufficiently competent in software engineering to ensure 2 the software unit testing is adequately implemented. And l ~, ,
, 1 3 we're taking out what we had as the last sentence as with 4 1054. This applies capabilities comparable to those of 5 the developer.
6 CHAIRMAN MILLER: So you're removing that
~' statement?
8 MR. KRAMER: Pardon?
9 CHAIRMAN MILLER: Remove that statement?
10 MR. KRAMER: That last sentence.
11 In Reg. Guide 1058 for Software Requirements 12 Specification, position 6.3 which happens to be titled 13 Robustness because it's one of the terms used in the :
m
)
'/ - 14 position, we decided that we needed to replace the wording 15 which was " software requirements for handling both i
16 hardware and software failures should be provided, l
17 including requirements for analysis of and recovery from 18 computer system failures." )
19 Replace that with -- and again, it's only a 20 minor wording change -- " Software requirements for 21 responding to both hardware and software failures should 22 be provided, including requirements for analysis of and 23 recovery from computer system failures."
24 The difference being handling versus
()
,~
25 responding to. Also, in position 6.3, we had a statement NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
243 1 that said requirements for fault tolerance and failure 7- 2 modes should be specified for each operating mode.
- \
3 We want to change that to " software 4 requirements for fault tolerance and failure modes derived 5 from either consideration of system level hazard analysis 6 or from consideration of software internals should be 7 specified for each operating mode" to be fully responsive 8 to the comment that you made.
9 So those -- so that's that one. Okay, we have 10 one last proposed -- two changes for Software Life Cycle 11 Processes. And essentially the position 1.3 on commercial 12 software is the same wording that we ta]xed about for 13 Draft Guide 1054. I don' t have to repe at that. You can
,m b i x- '
14 see that there. !
l 15 And in position 1.4, previously there were a 16 whole bunch of definitions of terms for not only accident 17 and hazard but some other terms as well, and we agree with 18 the commenter, it was very confusing. So we're just 19 sticking with accident and hazard defined as indicated.
20 Run through that quickly. " Accident is an 21 unplanned event or series of events that result in death, 22 injury, illness, environmental damage, or damage to or 23 loss of equipment or property. Hazard is a condition as a 24 prerequisite to an accident."
,m 25 I think that simplifies it and eliminates the
()
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234 4433 1
i L
244 1 confusion. That's what we propose to change. As I
,~s 2 indicated, I think, at the outset -- Don, you weren't here
- L l
~~' 3 when we started, but you can see the initial overheads --
4 I tried to -- I think we all tried to, Livermore, 5 ourselves in research, with help from NRR, we tried to 6 look at those comments very carefully because, while they 7 are a subset of the universe, you know, we don't really 8 know how strong they are.
9 But they can be interpreted many ways in terms 10 of the tone of the comments. They could be interpreted 11 as, you know, the standards are too onerous and 12 burdensome, too prescriptive. You know, why do we need 13 this, you're layin.g a whole bunch on.
5
> 14 And I think to get to your key question, Dr.
15 Miller, on necessary, I guess, useful, confusing --
16 CHAIRMAN MILLER: Necessary, helpful, or 17 confusing.
18 MR. KRAMER: Yes, sir; helpful or confusing.
19 I think with what you've heard this morning and probably 20 what will hear tomorrow, our feeling in research is yes, 21 they are necessary as a first step, but much more needs to 22 be done. And we're hopeful that, you know, through 23 research and other efforts that are ongoing in standards 24 development, that we could do that.
( ) 25 We believe that they're useful. We also hope NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
245 1 that we'me attempted to eliminate some of the confusion.
2 And I think the restructuring of BTP-14 helps doing that.
'mI 3 CHAIRMAN MILLER: Right.
4 MR. KRAMER: And I think maybe the remaining 5 question is for the subcommittee and following the full 6 committee to have confidence when you go through this walk 7 through to see that -- how it's actually applied. You 8 know, that it will hopefully work.
9 CHAIRMAN MILLER: Well, I raised that question i l
l 10 in the context of especially the walk through. And I i 1
11 guess I'm from Missouri and you can show me. But now are 12 we going to go through the -- now you've gone through the 13 comments and showed me the changes.
'J 14 Are we going to go back through the comments? l 15 MR. KRAMER: I was not planning, but John 16 Scott is, you know, prepared if you had any particular 17 concerns with comments that were made and responses that 18 we made to the comments in terms of whether you, you know, 19 agree or disagree with the responses.
20 I think John's prepared to help us with that a 21 little bit. But I had not planned to do that.
22 CHAIRMAN MILLER: Okay.
23 MEMBER SEALE: Could I raise one question 24 before we go to that? Back earlier when you got -- you l
I
) 25 were summarizing the public comments, you certainly gave NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
246 1 us reason to believe that you were intrigued by this
, -) 2 suggestion of a software " systems safety model" to provide
'~
3 further assurance of adequacy to software products.
4 And I kept waiting to hear more about that in 5 your comments. I got the words safety systems model 6 later, but that's an inverted order from the way it was in 1
7 the quote. And I was just wondering if you could give us 8 a little bit more about what the nature of that proposal 9 was.
10 MR. KRAMER: Unfortunately, I think if you 11 look at the source of the comment and you look at the 12 words that were used, the commenter didn't really offer up 13 any, you know, specific ideas for what was meant by that
/, _ . .
i )
V/ 14 and how that might be achieved. To maybe better answer 15 your question, --
16 MEMBER SEALE: So it's just intrigued words, 17 right?
18 MR. KRAMER: Well, it's intriguing from that 19 standpoint, but you heard a little bit from John Calvert 20 in response to user need discussions and responses back.
21 MEMBER SEALE: Yes.
22 MR. KRAMER: In terms of a strategic plan, I 23 think there's merit in pursuing that comment in the sense 24 of attempting to do that from a research perspective. But r's.
( ,)
?
25 since we haven't developed that plan -- and when we do NEAL R. GROSS COURT REPORTERS AND TrdNSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
247 1 we're going to be getting back with you folks on that.
, 2 You heard some words about domain engineering
~~
3 from John Gallagher.
4 MEMBER SEALE: Yes.
5 MR. KRAMER: You know, when we get further 6 along, we can do that.
7 MR. GALLAGHER: Yes, excuse me. I think this 8 is -- basically what he's asking for in his own words is 9 something like the domain engineering models we were 10 talking about for software.
11 MEMBER SEALE: Yes.
12 MR. KRAMER: Yes, that is one possibility.
13 MEMBER SEALE: Yes, okay.
,O
v' i 14 MR. KRAMER: We do have some research going on 15 currently on total system framework requirement 16 specification that I think may address that as well when l
17 coupled with domain engineering.
l 18 CHAIRMAN MILLER: So basically the commenter 19 alluded to a model which then he didn't describe?
20 MR. KRAMER: Yes.
l 21 CHAIRMAN MILLER: And our response is we don't 22 have a model either. Is that what we're saying? But we 23 are going to develop one.
24 MR. KRAMER: We're going to try.
rm
( ) 25 MR. QUINN: I had a -- in your list of nJ NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
248 1 commenters, NUSMG was listed, and I didn't see any
- 2 comments from --
i
~
3 MR. KRAMER: Oh, okay; I think you might have 4 come in at sort of the tail end. We got those set of 5 comments just last week.
6 MR. QUINN: Okay.
7 MR. KRAMER: And it was like seven months 8 after the public comment period.
9 MR. QUINN: All right.
10 MR. KRAMER: But I did look at them. And I do 11 see a number of them that are word for word recitations of 12 what we got from the other sources.
13 MR. QUINN: Oh, okay, s,
. 14 MR. KRAMER: And so I didn't see anything new 15 there. But we'll take another look at it. And since, you 16 know, we're not publishing the final reg. guides yet, you 17 know, there's still the potential for doing something 18 further.
19 MR. QUINN- Okay.
20 MR. KRAMER: But I had some discussion with 21 some of the people from NUSMG about a month before they 22 finally sent those comments in, and I know that Dr. Miller 23 was out at the NUSMG meeting -- I guess it was last month.
24 And you know, I think the practitioners there, you know,
[ 25 do express a concern about, you know, the whole framework, NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE , N W. l (202) 234-4 9.3 WASHINGTON, D C. 20005-3701 (202) 234-4433 l l
J
249 1 the standards and the reg. guides, you know, from the 1 l
7-2 standpoint of as being maybe too much to take kind of
('~# )
3 thing.
4 CHAIRMAN MILLER: Let me give you a little 5 anecdote. And I've talked to the people from NUSMG, as 6 you're well aware, and I've talked to a vendor. I said ,
1 i
7 why didn't you comment on this update? And he said well, j l
8 it looked pretty good to us. We saw no big problems. And j 9 this is a vendor going through the certification program.
10 Of course, these are pretty much I guess 11 geared to what when in the certification program. So this 12 particular. person had been through it, all the standards 13 and so forth, and adhered to most of this material. But l
/T l k_) 14 the NUSMG people are out in the plants, and they feel 15 overwhelmed by this amount of information.
16 They say you mean I'm going to have to agree 17 to all that just to do an upgrade, which is not an upgrade 18 beyond 50.59? And they're just -- you know, they haven't 19 gone through -- they don't have the time to deal with how 20 ever many thousands of pages of standards we're dealing 21 with here. And that's for the --
22 MR. KRAMER: Well, I think 1008 on software 23 unit testing, or is it -- no, it's 1074, I guess, that's 24 about 100 pages. But I think that's more in the sphere of
,~
) 25 a question for NRR on the regulatory side in terms of, you NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
250 1 know, there's a whole package that's out there.
,m 2 And I think to some extent Jerry and others t i 3 have addressed that this morning and will continue to 4 address that later on.
5 MEMBER SEALE: Yeah, but if you send it out, 6 they can't pull it back.
7 CHAIRMAN MILLER: See, I know --
8 MEMBER SEALE: I mean, once you build the 9 flood, then it takes a real -- I should say you build the 10 dam of paper, it takes a real flood to wash it away. And 11 so it's a real problem.
12 MR. KRAMER: I understand.
13 CHAIRMAN MILLER: We all recognize that reg.
, ; 1 V 14 guides are guidance only. But de facto, they become --
1 1
15 this is the guidance; if you want to deviate, you better ;
16 have a good reason to.
l 17 MR. KRAMER: And so will the standard review j t
18 plan and the BTP's.
19 CHAIRMAN MILLER: Right. So I think the reg. j 20 guides are giving the commenters the most problem, NUSMG 21 and others.
l 22 MR. WERMIEL: Don?
l 23 CHAIRMAN MILLER: Not the standard review plan 24 as a whole.
,r3 ty 25 MR. WERMIEL: The comments that you got, were NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433
251 1 these NUSMG people dealing with safety critical software, 2 process control software, or were they the ones that are 3 dealing more with the data base and analytical software 4 usage at the plant?
5 NUSMG doesn't, in general, deal with the 6 safety related systems and the engineering of safety 7 systems.
8 CHAIRMAN MILLER: They deal with everything.
9 MR. WERMIEL: Well, most of the people we've 10 dealt with at NUSMG are more concerned with analytical 11 software that does accident analysis.
12 CHAIRMAN MILLER: Well, that's true. And they 13 also -- they gave me another number that I was surprised.
(' ')
~-
14 They said the amount of software no matter what is going 15 to be -- the safety critical is very, very small compared 1G to the overall sof*. ware in a plant.
17 MR. WERMIEL: Okay, I think I would agree with 18 that.
19 CHAIRMAN MILLER: In a sense though, if you 20 take the software group in a plant, 95% of the things 21 they're dealing with are non-safety related.
22 MR. WERMIEL: Okay.
23 CHAIRMAN MILLER: At least about 95%.
24 MR. WERMIEL: Well, the only reason I --
n
() 25 CHAIRMAN MILLER: Now they're going to have to l NEAL R. GROSS l
COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
l (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
252 1 come back and deal with safety related.
l
,_s 2 MR. WERMIEL: Yes.
I \
U CHAIRMAN MILLER:
3 And then they're going to 4 have to come back and deal with this pound of paper in 5 giving their view.
I 6 MR. WERMIEL: The reason I asked is because l l
7 I'm a little surprised. The designs that we have seen for 8 the modifications that we reviewed all reference these I
9 particular standards as part of the effort that went into 10 their development. So it struck as, ar.d it- still strikes 11 us, that these are the ones our industry is telling us are i
12 appropriate for their use.
13 I'm sure that they take exceptions to various
/-
\-) 14 aspects of the standards depending on the particular j 15 application they're talking about. And I think I would be 16 surprised if they didn't. And I'd expect to see that.
17 But I, and I think my staff, are under the impression --
18 and they can correct me if I'm wrong -- that in general, 19 cur industry is pretty familiar with these IEEE standards 1
20 and believes they are appropriate for the kind of safety i 21 applications that they intend for the future.
22 CHAIRMAN MILLER: I suppose the bottom 23 question would be what would happen if you didn't endorse l
24 them as reg. guides and just said replace the reference to (n) v 25 reg. guides with reference to the particular standard.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234 4433 l
l
253 1 How would that change things?
7 2 MR. WERMIEL: I don't know that it would
( )
I 3 change things much. The only reason -- maybe that's a 4 process questian for us. The reason we went through the ,
i 5 reg. guide approach with these standards is because we 6 felt that was the most regulatorily acceptable way. They 7 understand what a reg. guide is.
8 And it's easy for the staff to explain its 9 position on the use of a standard through a reg- guide 10 because that's the vehicle we are used to using. There l
11 could have been other ways though. I don't deny that. ;
12 MR. KRAMER: We did take the clarifications I 1
13 and exceptions --
O ksI m 14 MR. WERMIEL: Exactly.
15 MR. KRAMER: -- and positions to tailor it to 16 nuclear. Now having said that, I don't know what the 17 impact would be if one took those clarifications and 18 exceptions and somehow built them into BTP-14 as a 19 standard. I don't know.
20 MR. WERMIEL: I could see perhaps the industry 21 proposing an EPRI topical report as an alternative to the 22 use of these standards on software quality. That would 23 have been a possibility, I guess.
24 CHAIRMAN MILLER: Or a topical report that (o)
LJ 25 would lead them through like a road map.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005 3701 (202) 234-4433 l
254 1 MR. WERMIEL: Yes, that's certainly something
,, 2 that hadn't occurred to me, but that would have been an
/ \
\ /
3 alternative approach. We only took this route, I think, 4 because we had seen these standards referenced so often in 5 the mods that we reviewed.
6 And it seemed, based on our review of all the 7 standards that we undertook, that these are the 8 appropriate ones to provide the stability in the review 9 that the industry might have been looking for.
10 CHAIRMAN MILLER: I'm not debating about these 11 are the appropriate ones. If you're going to pick 12 standards to endorse or to refer to these particular steps 13 in your development, these are probably the most
,/ h
( 14 appropriate ones, 15 MR. WERMIEL: You know, the --
16 CHAIRMAN MILLER: And I still have a problem 17 with IEEE 1074, but --
18 MR. WERMIEL: Okay, --
19 CHAIRMAN MILLER: -- I would say yes.
20 MR. WERMIEL: Okay, the onus was -- Joel was 21 right; the onus was really on NRR because we're the ones 22 that asked research to do a user need to develop the reg.
23 guides to support us or support our reviews.
24 MR. KRAMER: There are two other points
. :A U) 25 though. Not only is there an OMB circular, right, there NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASH lNGTON. D C. 20005-3701 (202) 234-4433
l 255 1
1 now is, last year, a public law; and more recently, in 1
2 March of this year, the Commission put out its final i i :
's /
l 3 guidance on DSI-15, I believe, role of the industry, with l
' \
1 4 rather strong words about, you know, encouraging -- you '
5 know, doing more of this, doing it quicker, faster, you l 1
1 6 know, when in the judgement of the staff that it's l l
l 7 appropriate. l 1
8 So there are these other driving forces, for 9 what they're worth.
10 MEMBER SEALE: You know, I'm ready to argue 11 with you guys about something.
12 CHAIRMAN MILLER: Uh, oh.
13 MEMBER SEALE: I've been sitting here thinking j i
C/ 14 about this, and it's the comment about the popsibility of 15 a pilot project for graded QA in I&C. It strikes me that 16 this is an area where there's a high reliance on existing 17 nuclear and other industry standards.
18 MR. WERMIEL: Yes.
19 MEMBER SEALE: And if there was ever an area 20 where the integration of those standards into a graded QA 21 process could have a pay off, this is it.
22 MR. WERMIEL: I'm not -- I wouldn't argue with 23 that.
24 MEMBER SEALE: And it just strikes me that --
,73 (jI
~.
25 MR. WERMIEL: We thought we had done that NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON. D.C. 20005-3701 (202) 234-4433
l 256 l 1 before, but now we've been told to back off.
i l
fs 2 MEMBER SEALE: I think we're missing the boat.
t )
3 I really do.
4 MR. WERMIEL: Well, the point that my staff 5 raises is a good one. We don't --
l \
l 6 MEMBER SEALE: -- don't do it, it's got --
l 7 MR. WERMIEL: Well, also, we don't decide, -- l j 8 MEMBER SEALE: I understand. ,
l 9 MR. WERMIEL: -- based on the PRA, what the l i
10 importance to safety or risk is of the particular system.
11 MR. GALLAGHER: I'm not so sure how willing 12 the industry is to pick up on this. I had an assignment 13 given to me by NPEC, IEEE NPEC, in the early 80's to look
< t 4
' '# 14 into a classification standard because we were also 15 working on, in Europe, the IEC.
l 16 And we -- the people from industry, TVA and a 17 bunch of other people, we met down in the -- across the 18 road at the old research building in the basement two 19 weeks in August for two different years And if you want 20 to see people who really want to get something done, you 21 hava to meet down there at the basement.
l i
l 22 After we got it all done and brought it up to 1
23 the NPEC Ad Comm, it was killed by all of the utility 24 members of Ad Comm because they said that they viewed this
/'"s
. ,) 25 as another way of expanding the Q list and they didn't
! NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
257 1 want to do it. Now the vendors liked it. And I worked 7_ 2 for a vendor then. And to us, it made a lot of sense.
/
r I
3 But to the operating people, they jumped right 4 on it. Now it was picked up in Europe, and there is an 5 IEC 1226, a classification document. And the Germans and 6 the French are very much into using that. They have what 7 they call a 2E system that is of high quality, but not as 8 high as, say -- they realize it has to meet more than just 9 your normal requirements.
10 MEMBER SEALE: Well, you know, and I 11 understand what you're driving at. And that's very true.
12 On the other hand, this whole pilot plant activity has 13 been unique in the role that the risk takers have taken in i,fm)
\_/ 14 pushing the pilot studies. And you may not have a " group 15 of utilities." l l
16 You may not even have an owners group who 17 would come forth with that. But there may be a couple of 18 ranegades, if you will, the risk takers, who might. And 19 it's not farfetched.
20 MR. WERMIEL: I clearly see that once we do 21 come to grips with how we are going to grade quality with 22 this regulatory guidance, that certainly the I&C systems 23 would fall within that scope and can be applied. I don't 24 see any reason why that won't happen. As a matter of
( ,) 25 fact, it should happen.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
l 258 1 We will do it, as a matter of fact. But I 7._
2 think it remains to be seen how the industry wants that to
/ I 3 be applied.
4 MR. QUINN: To support this comment though, 5 IEEE 1012 is currently being revised, in fact, to reflect 6 a very expanded role of, right, the classification.
l 7 MR. WERMIEL: And it's something for us to '
l 8 consider when it comes out. But certainly whatever 9 classification comes out of that or any other grading 10 process has to meet the staff position on what's j 11 acceptable under Appendix B for a graded classification.
12 CHAIRMAN MILLER: So if 1012's revised and you l
13 have to reendorse it with a reg. guide, you might hit a g]
s_- 14 lot more exceptions to it then.
15 MR. WERMIEL: We might.
16 CHAIRMAN MILLER: We haven't come to --
17 MR. WERMIEL: Remember that these reg. guides 18 and the SRP are living documents, and we will continue to 19 stay abreast of what the industry is doing. As new 20 revisions come out, we'll be looking at them and we'll be 21 deciding what to do with them.
22 MR. QUINN: To support this recommendation, I 23 think that there are a number of examples that might be 24 different than what John Gallagher might have seen in the
,c3
() 25 past. It's true -- probably that was true. But I think NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
259 1 today there is a look-see as to cost benefit eersus
_, 2 importance to safety that needs to be looked at.
(
)
3 MR. WERMIEL: I think you're right, Ted. But 4 John is also making the point, and I think it's still the 5 same point, that the licensees do not want to see the Q 6 list expanded unnecessarily.
7 MEMBER SEALE: That's right.
8 MR. WERMIEL: And if that's where this grading 9 is going to lead, they're not going to buy into it.
10 MEMBER SEALE: And how better to influence 11 where it goes than to do a pilot study which makes the l l
12 point that it doesn't expand the Q list.
i 13 CHAIRMAN MILLER: I have somebody behind --
~x i I $ i
'w > 14 MR. WERMIEL: I hope I'm not speaking out of !
15 turn, but I can't --
16 CHAIRMAN MILLER: Gary Johnson would like to 17 say a few words.
18 MR. JOHNSON: I was kind of waiting for the --
19 my name's Gary Johnson. I'm with Lawrence Livermore 20 Laboratory. I thought maybe that the conversation would 21 come back to where it was when I stood up.
22 (Laughter.)
23 And that is I don't quite understand why the 24 need to understand the software engineering standards is 25 considered so onerous. If a modification or a system (w_)
I i
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234 4433
260 1 design required some discipline, say piping engineering,
- ~s 2 and you found that the organization responsible for doing
, ( )
'~
3 that design was not familiar with the fundamental l
4 standards that were part of that discipline, say the ASME l 5 code, would you conclude that that organization was l 6 technically qualified to do that work?
7 And if you -- I personally would not reach 8 that conclusion. And I would think that the bigge issue 9 there would not be to become familiar with the standards, 10 but to build the level of technical competence necessary l
11 to build the safety system itself.
12 MEMBER SEALE: We don't do it with soda l 13 straws, and so we recognize we have to do it with iron --
i i 4> 14 steel pipes, and we do it. We can do it with analog, and 15 so we're afraid to learn what it takes to do it with 16 digital.
17 MR. JOHNSON: Well, I think that's part of it.
18 And I think also there is some belief amongst some people 19 that -- because we have all hacked together software, that 20 it is not an engineering discipline unto itself.
21 MEMBER SEALE: Yes.
22 MR. KRAMER: Okay, thank you.
23 CHAIRMAN MILLER: Do we want to go through the 24 -- do we want to have questions on the comments? Is that
() 25 -- I thought Dennis was here to respond to those.
NEAL R. GROSS l
COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON. D C. 20005-3701 (202) 234-4433
I 261 1 MR. KRAMER: John is here if you want to do
,cy 2 that.
L)4 3 CHAIRMAN MILLER: Oh, John? Okay.
4 MEMBER SEALE: Well, my impression of the 5 words on V&V was that they were different. But I'm not 6 sure they still get me out of the woods. You might want 7 to think about it a little more.
l 8 MR. KRAMER: You mean the definitions of 9 verification and validation?
10 MEMBER SEALE: Well, yeah; and the relative 11 role of the original software developer and the V&V --
12 MR. KRAMER: Okay.
13 MEMBER SEALE: -- people.
\' -) 14 MR. QUINN: Can I ask on the comments, do 15 these go back to the originator in a formal process?
16 MR. KRAMER: Yes. When the final reg. guides 17 are issued, there's a notice of availability and release 18 of reg. guides that goes in the Federal Register, and as 19 well the response to the comments --
20 MR. QUINN: Okay.
21 MR. KRAMER: -- becomes public at that point 22 in time.
l l 23 MR. QUINN: So it's not -- there is no inner -
24 - there is no exchange, you know, where you -- do you f")
() 25 agree with the disposition or that doesn't occur? This is l
NEAL R. GROSS i COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHIN3TGN, D C. 20005-3701 (202) 234-4433 l
l
262 1 a process --
, 2 MR. KRAMER: No; they're perfectly free, as 3 Jerry indicated on all of this, to provide comments at any 4 point in time. These are living documents. So I think i
5 they could feel free, if they weren't satisfied with the '
6 response, to inquire. I think that's fair game.
7 MR. QUINN: We did get these ahead of time and 8 did get a chance to go over all of them. And I didn't --
9 the ones on the SRP I just got today from Gary, and I'd 10 like to go over those tonight. These looked lik it took 11 a lot of work to go through this process.
1 12 ^nd it seemed to me that you weren't
- 13. condescending in any way in responding. It seemed to me (m.
- I
'J
~ 14 that you were approaching this at a recognition of the 15 comment. You took peers -- number cases. Took a lot of 16 time and did some examples.
17 The one comment that interested me a lot was 18 the request for a safety model and modification of the 19 safety model. I thought the comment was well done in 20 looking -- or the response to the comment in building the 21 response. I don't know if you'd want to talk about it at 22 all, but it seemed to me you approached it in a lot more 23 detail than even the question asked.
24 CHAIRMAN MILLER: Which comment are you (y
() 25 talking about now?
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
263 1 MR. QUINN: This is the very first one.
- 2 CHAIRMAN MILLER: First one?
i 4 3 MR. QUINN: Yes.
~
4 MR. SCOTT: I don't have a lot specific to say 5 to that except that the situation that he's talking about 6 basically is that there has been an evolving safety model ;
7 that has worked its way into the regulation practices over 8 the years that was based on analog technologies.
9 And that's at a system level. And basically 10 what -- there's the path that we're following here is 11 saying when you break it down into various structures, 12 systems, and components, you eventually get to something 13 that contains some software and that the system level
's
/ 14 guidance in the safety model that has evolved over the 15 years is essentially the same, but that there are new 16 considerations at the software component level.
17 The point that is being raised here is gee, 18 maybe if you start from square one with a brand new mocel 19 development, you might find that since there is software 20 involved, that maybe some new considerations will creep in 21 at the system level.
22 And that's entirely possible, but 23 unfortunately where this is coming from is basically from 24 a stage where people are thinking through ideas and it 25 would be years before there would be a chance to analyze NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
264 1 this, investigate it, and discover whether any of those
,-s, 2 things actually exist.
- \
L) 3 And so what tried to put in the response was 4 that's entirely possible. We recognize that that's a 5 possibility. And as that research evolves, it something 6 does come out of it, that the staff is going to be looking 7 at that. And in addition, if they wanted to -- if the 8 commenter wanted to propose research in that area, he's 9 welcome to do that just as anyone else in the nuclear 10 area.
11 MR. QUINN: Yes, the research is -- it's not 12 digital. This is a bigger model, yes.
13 MEMBER APOSTOLAKIS: But I must say I don't
\l ~ 14 understand this idea of a new safety model. I mean, if my 15 safety model right now is the PRA, would I need a new 16 model? I mean, I still have initiating events, I still 17 have event trees. The fact that you are using digital 18 technology somewhere down there does not change the basic 19 safety model.
20 MR. SCOTT: That's essentially the path that 21 we're on here. However, when this poinC is raised, it's 22 hard to say without seeing what research this individual 23 is thinking about that gee, there's no chance he might 24 come up with something different. But we have to deal 77 i
) 25 with this now.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
265 1 MEMBER APOSTOLAKIS: Yes. Maybe he means the
- 2 safety model, the current regulatory structure, which is
( i 3 not really risk informed. That's probably what he means.
4 Because I didn't --
5 MR. SCOTT: He didn't elaborate.
6 MEMBER APOSTOLAKIS: Yeah, I don't see how the 7 PRA model can change. But the current approach might 8 change because it's so deterministic and prescriptive. I 9 thought the comments from this gentleman were very good.
10 It was very good.
11 CHAIRM-4 MILLER: The one comment -- I'm 12 looking at your response to the comments on page five.
13 And I guess it's item I. I'm just trying to figure our uj 14 your numbering scheme here.
15 MR. SCOTT: The roman numerals just indicate 16 the commenter.
17 CHAIRMAN MILLER: Yeah, Roman numeral I, so I 18 guess that's a commenter. So he's commenting on paragraph
'r four, which is basically asking what the basis for 20 choosing these standards. That leads to the role of ASME 21 into a 2.7 and so forth. Could you maybe discuss your 22 response to that comment?
23 MR. SCOTT: Okay. The --
24 CHAIRMAN MILLER: Over and above what's
( 25 written in this.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 2344433
i 266 (
1 MR. SCOTT: The essence of the difference --
2 when I gave a presentation to the committee last year, we l 7 -)
1 3 talked -- all right, I talked in detail about standards 4 framework and how various standards fit together. We see 5 Part 2.7 at a fairly high level providing very brief 6 guidance. l 7 And that the fundamental difference here is 8 that the IEEE standards provide more information at a 9 level that would help an implementer actually put a 10 process in place. They were also reasonably consistent 11 because each standard is so focused on a particular area.
12 In other words, there was some concerns in the 13 comments about maybe they're not consistent. Our initial
/ \
(/ 14 review of all of those standards are that yeah, there 15 might be minor areas where there's some inconsistencies.
16 But essentially they fit together pretty well. And then 17 the Jast thing -- well, there were several things.
18 They're mature standards, they're maintained 19 on a regular basis, they represent consensus on the 20 software industry, and I guess the last thing is that 21 there really wasn't that much difficulty in making these -
22 - the specific general software industry standards that 23 were picked in making those compatible with Appendix B.
24 So for a variety of different reasons, we
(,f' 25 ended up with the IEEE standards. As Jerry Wermiel NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 l
267 1 mentioned, they were also standards that were listed in
,.- 2 the previous work that was going on in the nuclear i 4
\
/
3 industry.
4 CHAIRMAN MILLER: Which was -- that was 5 primarily the certification program, is that not right, 6 the ALWR program?
7 MR. KRAMER: Yeah, I think so. What I don't 8 know for sure is whether there were any modifications, 9 digital mods, that would also -- made reference to the j 10 standards. I believe that's true.
11 CHAIRMAN MILLER: I assume Eagle --
12 MR. WERMIEL: Yes, Eagle referenced 1 think 13 these very IEEE standards, as I recall.
I 14 CHAIRMAN MILLER: In the final rule?
15 MR. WERMIEL: The Foxborough -- Jim would 16 know. Jim, did Foxborough apply these standards in the 17 development of the spec. micro?
18 CHAIRMAN MILLER: Those were the only two 19 major safety system upgrades, right?
20 MR. WERMIEL: Those are two major ones, yes.
21 STAR referenced these, Don. The advanced reactor designs, 22 certainly incorporated these, the certification of those.
23 MR. STEWART: The Foxborough spec. 200 micro 24 software was written before most of these standards
( ,) 25 existed. Their process, however, was fairly mature and NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISL AND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
268 1 had most of the characteristics that these reg. guides
,_ 2 would have us look at.
t 4 3 CHAIRMAN MILLER: Yes, you did analysis, you 4 know, in this report, you and others did, Lawrence 5 Livermore. Of course, the thing that was not in the 6 report was the fact that the branch technical positions 7 had been developed at that time which -- I kind of look at 8 it as providing the ultimate goal, so to speak, as to what 9 as to be done.
10 These analyses, how they fit together and how 11 they addressed each phase of the life cycling, which the 12 argument was the standards are necessary for added depth.
13 And the ASME provided a high level view.
g
(_) 14 MR. KRAMER: Yes. 1 1
15 MR. QUINN: We've already covered this graded 16 approach many times.
l 17 CHAIRMAN MILLER: I don't think we've got any I
j 18 changes here right away.
19 MR. QUINN: I don't think we are so far.
20 CHAIRMAN MILLER: I think they're correct, l
l 21 we've got to wait for the other one to --
I i 22 MR. QUINN: Dr. Seale's comment though is well 23 taken. He felt pretty strongly about -- I think that's an 24 excellent process that we could reinforce.
r~
25 CHAIRMAN MILLER: Do you think a plant would (v%)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4 433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
269 j 1 be willing to do that?
2 MR. QUINN: Sure.
[sl
- l l
3 MEMBER SEALE: We can't tell. But, you know, 4 if there's somebody that's willing to be the fellow on the !
5 frontier that exposes himself to all those arrows, why let 6 him go.
7 MR. QUINN: Well, it might just be the person j 8 who wants to implement a system that has less safety 9 significance and is willing to push it through.
10 CHAIRMAN MILLER: Okay, I'm looking at now 11 response 15 on page six. But I guess once you make 12 certain you read this report, suppose that more or less 13 answers it. I'm guess I'm going back to what Gary is
(-
i
(_)
14 saying. He's say that they do a competent job at the 15 plant level.
16 We need to be aware of all these standards and 17 basically answer all the questions and do the level of 18 analysis you did in this report by a competent software 19 team. Is that what we're saying here? Maybe I should ask 20 Gary to respond to that question.
21 Is that what we're saying, Gary? If you have 22 a staff at a plant to do a complicated system upgrade, 23 which would be of course the staff and the vendor 24 together, they'd have to have the confidence that you
, ~\
() 25 would demonstrate or at least read this report to NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS I 1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433 I
270 1 understand how they all fit together.
2 MR. JOHNSON: I guess I would put it 7s
( l 3 differently, that if you're entering into that kind of 4 modification, you should have people who are operating in 5 their professional area; and people who are operating in 6 their professional area who are developing software will 7 be familiar with these things.
8 And I've done a lot of -- I've done a lot of 9 plumbing myself, but I don't think I'd be putting my PE 10 stamp on any B31 code drawing -- or piping drawings.
11 CHAIRMAN MILLER: Let me ask one other --
12 another question. The aviation which has similar 13 problems, we already talked about for power industry, it
,c3 Y -} 14 apparently does not use these standards. Is that true or i 15 not true? l 16 MR. BRILL: Yes, that's true, Don.
17 CHAIRMAN MILLER: They do not?
18 MR. BRILL: No, they came up with their own 19 industry standard, RT --
20 MR. SCOTT: 178-B.
21 CHAIRMAN MILLER: That's the one that's 22 referred to. I've not seen that one, but --
23 MR. BRILL: It basically -- what they did is 24 there was an industry and FAA cowork. FAA sat on the in
() ,
25 boards when they were working on it to develop it. And NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE , N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
271 l
i 1 it's very aircraft oriented. ;
l
, -ms
, 2 MEMBER FONTANA: That's for commercial --
(
x ,,-
)
3 MR. BRILL: For commercial aircraft, that's l l
4 correct.
5 CHAIRMAN MILLER: Is that what tr_f use for l
6 military or no?
7 MR. BRILL: No, they use that on the 777.
l l
8 CHAIRMAN MILLER: Is that used for 777? I 9 MR. BRILL: That's what they use --
10 CHAIRMAN MILLER: That's what they use for the i 11 National Academy. l l
12 MR. STEWART: That's what they use for their I 13 classifications. They do use the IEEE standards in the
\
14 development process. As a matter of fact, the chairman of 15 the computer society is Leonard Trip from Boeing.
16 MR. QUINN: The IEEE software computer 17 society?
18 MR. STEWART: Yes, the IEEE software computer 19 society that's in charge of all these set of documents is 20 Mr. Leonard Trip from Boeing.
21 MEMBER FONTANA: Of course they're about the 22 only people left selling airplanes, I think, after this 23 merger they're going to have. They can write their own 24 standards.
f
) 25 CHAIRMAN MILLER: They've got Airbus 320. But HEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS i 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
l 272 1 I rode the Airbus 320. The guy was an expert on software.
s 2 Unfortunately it was only an hour trip. I couldn't plug I l ) l
i 3 his brain too much. '
4 MEMBER FONTANA: They don't follow the same l
5 standards, do they? l 6 CHAIRMAN MILLER: No, they do a different 7 standard.
8 MEMBER FONTANA: Okay.
9 CHAIRMAN MILLER: Of course they're -- now l 10 does that guideline 178, is that similar to, say, our 7-11 4.3.2 or something? Is that right? How does that 12 compare, Jim? I haven't seen that guideline. Is it much 13 more detailed?
t 1 ') 14 MR. STEWART: No, it's basically a different l 15 topic area. Gary just reminded me that in DO-178B, they 16 tell you to use the appropriate codes and standards. It's 17 more of a classification document similar to IEC 1508.
18 They are using it. I'm on a -- what they call the high 19 reliability guideline group where we're trying to develop c
20
- a safe set of AIDA 95 software -- subset.
21 And we're using DO-178B there are our 22 classification scheme.
23 CHAIRMAN MILLER: Does that mean they then 24 direct you to certain standards, primary standards?
p)
( 25 MR. STEWART: DO-178B doesn't direct you to NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 2344 433 WASHINGTON, D C. 20005-3701 (202) 234-4433
273 1 any particular standard. It just says use the appropriate 2 ones. Sort of like our GDC-1, use the appropriate codes
.~
L 1
'~'
3 and standards.
i 4 CHAIRMAN MILLER: Now why wouldn'" we take the !
5 same approach? ,
l 6 MR. STEWART: Well, we did. GDC-1 --
7 CHAIRMAN MILLER: Oh, GDC-1, okay.
8 MR. STEWART: Yeah, GDC-1 says use the 9 appropriate codes and standards, and we said that reg.
10 guides are our list of which ones we think are 1
11 appropriate.
12 CHAIRMAN MILLER: I'm still -- as you can see, 13 I'm still questioning -- use reg, guides or just say these (m / 14 are the standards we think are appropriate, and not do the 15 reg. guides. I know it's going to be the reg. guides --
16 MR. WERMIEL: Just goes back to our past 17 practice, Don.
18 CHAIRMAN MILLER: Right.
19 MR. WERMIEL: The reg. guides amplify on the 20 GDC, and it just -- we felt, in order to stabilize the 21 licensing approach, this was the best way to go.
22 CHAIRMAN MILLER: But again, I say past 23 practice of reg. guides, at least in I&C, has been --
24 they've endorsed standards that have been primarily c,
i (Jw I
25 designed for the particular issue at hand, not endorse
! NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C, 20005-3701 (202) 234-4433
274 1 standards generic. l l
-~s 2 MR. WERMIEL: There were no standards for the
(
I 3 issue at hand in the nuclear industry, so we had to go 4 this way. But it has always been practice in I&C and 5 other areas within the staff to endorse standards that l 6 were appropriate to a particular aspect of an I&C system.
7 In this case, the I&C systems we're talking about were 8 digital.
9 These were aspects of digital systems that we i
10 felt were appropriate for endorsement.
11 MR. JOHNSON: And I think if you look, you 12 will find that there are a number of reg. guides out there l
13 that endorse non-nuclear power standards as appropriate, g
\~l 14 for example, the reg. guides on battery installation and 15 testing, the reg. guides on HEPA filters, you know, 16 endorse standards that are not specific to nuclear power 17 industry.
18 In fact, one of them even goes so far as to 19 cite a MIL standard as an acceptable practice.
20 CHAIRMAN MILLER: So they take the same 21 approach, that they basically endorse the standard, and 22 took exceptions as they needed to to make it comply with 23 Appendix B then?
24 MR. WERMIEL: Exactly, that's what's in the
,e m
( ) 25 reg. guide.
\s NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 13M RHODE ISU ND AVE.. N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
275 1 MR. MARKLEY: This is really not unique to I&C
,e 3 2 at all. It's a foundation practice of how the NRC P
)
~~
3 establishes regulatory positions and publishes them for 4 the use of the industry. Whether it's an ANSI standard on 5 training qualifications or otherwise, they state what ,
6 industry standard exists, and that's one means acceptable.
l 7 It's not the only one, but it's one that they I l
8 consider to be acceptable.
9 MR. WERMIEL: I think though I would agree i
10 with Don. If there had been a nuclear industry standard j I
11 in this area, we would have preferred to use it.
12 CHAIRMAN MILLER: I'm saying the ones I'm 13 familiar with in I&C, and of course then you've got the YY 14 ASME codes, are primarily or almost all of them I can 15 think that were developed -- standards were developed with 16 a particular regulatory issue in mind.
17 MR. WERMIEL: Yes. And I think, for the most 18 part, you'll find the vast majority of the reg. guides are 19 an endorsement of a standard for a particular regulatory 20 issue. But not all, as Mike was pointing out.
21 MR. KRAMER: I believe about three or four 22 years ago we approached Nupsco of ANS, you know, knowing 23 strengths and limitations of the IEEE standards and said 24 hey, you know, there's an area that's prime for an ANS
, !.s _j 25 activity. You know, give us a top level system standard l NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON. D.C. 20005 3701 (202) 234-4433 1
I
276 1 and other sorts of things.
,w 2 And it was I guess zero or less than zero k
v/
3 interest on the part of ANS at the time to do that.
4 CHAIRMAN MILLER: Of course, ANS --
5 MR. KRAMER: 7-4.3.2.
6 CHAIRMAN MILLER: I understand that.
7 MR. QUINN: You had two issues. One issue was 8 the applicability of the reg. guides or do we need the 9 standards. The second was do you need the reg. guides to 10 endorse the standards, or you can go straight from the 11 standard to the branch technical position. Wasn't that 12 what you --
13 CHAIRMAN MILLER: Well, I guess I could
' 14 picture the model of -- you like to look at models of 15 having recurrently a different kind of model, okay. It's 16 a system model.
17 (Laughter.)
18 Let's take the system model of naving 7-4.3.2 19 as kind of the base one which is, of course, based on 603.
20 Then you have the branch technical positions which clearly 21 define acceptance criteria. At least I think they do.
22 And then you have the ASME that kind of gives you the high 23 level.
24 You then need the reg. guides to endorse the iQ
(_j 25 standards. Or you can just say in the branch technical NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISt.AND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234 4433
l 277 1 positions refer to standard IEEE 30 or whatever it is and
,-~ 2 not have the reg. guide.
( )
s~'/
3 MR. WERMIEL: I think we could have done that 4 as long as the clarifications that are in the reg. guide i 1
5 and the exceptions were also flagged in the SRP or 6 somewhere. But that model, if that's the right word, is ,
l 7 something that I guess could have been done. l 8 CHAIRMAN MILLER: Would that make it simpler?
9 MR. WERMIEL: I don't know that it would have 10 made any difference because the basic criteria that you're l 11 talking about would have been the same, Don. l 12 CHAIRMAN MILLER: Oh, I'm not changing the --
13 I don't want to change the criteria.
's/ 14 MR. WERMIEL: I don't see that use of the reg.
15 guides as all that cumbersome the way we've improved, we 16 think, the path through the review both in Section 7.0 and 17 in the BTP itself. I think. And I'm hoping that Jim's 18 presentation tomorrow shows --
19 CHAIRMAN MILLER: Yes, I understand. I should 20 wait.
21 MR. WERMIEL: I don't know if you should wait 22 or not, but I'm hoping --
23 CHAIRMAN MILLER: I want to give Jim the time 24 to sleep on these things.
,m 25 (Laughter.)
NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE.. N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
l
278 1 MR. WERMIEL: See, we knew -- I had already 1
,m 2 prepared Jim for this. He knew what this walk through
( )
3 meant because this issue has come up from several members 4 of the subcommittee over the year.
5 CHAIRMAN MILLER: I mean, George has raised it i 6 on the -- going one direction. Dana raised it --
7 MR. WERMIEL: Yes.
8 CHAIRMAN MILLER: -- from a global viewpoint ,
l 9 MR. WERMIEL: Exactly.
10 CHAIRMAN MILLER: Why do we endorse standards 11 at all.
l 12 MR. QUINN: Exactly. ;
13 CHAIRMAN MILLER: And so I'm raising it, do we w.. 14 need the reg. guides to endorse standards?
15 MR. WERMIEL: Go ahead, Jim.
16 MR. STEWART: Yes, it sounds like I need to 17 wear a flak jacket tomorrow.
18 CHAIRMAN MILLER: No, we're not going to shoot 19 at you.
20 MR. STEWART: My answer is yes, and you 21 alluded to it earlier, that the reg. guides take on a high 22 level of significance. You know, they are just guides; 23 but if they don't follow them, the burden is on them to
?4 show us why not. 30 for that purpose, we endorse the reg.
(u, ) 25 guides.
l NEAL R. GROSS COURT REPORTERS AND TRANSCR'BERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 2344 433
279 1 The SRP is just a NUREG. It carries no 7- 2 regulatory weight to speak of, not as much.
'~'
3 MR. WERMIEL: They're for different purposes, 4 as we've said.
5 MR. STEWART: But if you look in there, there 6 are additional IEEE standards and references to other 7 documents that don't have the reg. guides because we 8 didn't want to raise them to that level of importance.
i 9 CHAIRMAN MILLER: In actuality, I went through ,
i 10 and counted the times you referenced things. You 11 reference NUREG-6101 more than anything else, I believe.
12 I believe that's true.
13 MEMBER APOSTOLAKIS: That's the one -- l
?x i
kj 14 MR. WERMIEL: Are we going to fix that too, 15 Joe? )
16 MR. JOYCE: I'm Joe Joyce with Instrumentation 17 Branch. When we looked at that, I also went through, 18 based on the last ACRS meeting, and looked at some of the 19 external references and how we're going to handle that.
20 6101, granted, is the most referenced NUREG.
21 CHAIRMAN MILLER: Right.
l 22 MR. JOYCE: But when you look at it, it's part l
23 of the baseline in terms of where BTP-14 came about and 24 BTP-19 and many of the others. So if there is a Bible or
(- a cornerstone document, that's it.
( ,
) 25 NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
l (202) 234-4433 WASHINGTON D C. 20005 3701 (202) 234-4433
l 280 i
1 CHAIRMAN MILLER: And it's a very good
. i I S 2 document.
! () 3 MR. JOYCE: Yes. And that was the -- we 4 wanted to send them back. We sent that document to get l
5 refreshed or recalibrated, if I may. So that's why it was 6 referenced so many times.
7 MR. WERMIEL: It may be, Joe, do we need as 8 many refreshing references back to it?
9 MR. JOYCE: Well, where we took it out, we had 10 to put words in.
11 MR. WERMIEL: Oh, okay.
12 MR. JOYCE: And that was a problem. It was 13 called document growth. And it kept getting bigger and
/, i.
k/ 14 bigger.
15 MR. WERMIEL: I know we faced that issue when 16 we addressed Dr. Apostolakis' issue. You know, how many 17 of these references can we deal with and provide stand l 18 alone words versus do we still need the reference. And we 19 thought we reached a balance. But I guess -- but with 20 this one, it was harder is what you're saying, Joe.
21 MR. JOYCE: We had to add more words into it 22 and just kept --
l 23 MR. WERMIEL: Okay.
24 CHAIRMAN MILLER: I wasn't complaining you
(_,) 25 reference too much. I was just saying that you referenced NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE.. N W.
l (202) 234-4433 WASHINGTON. D.C. 20005 3701 (202) 234 4 433 1
l 281 1 that more than you did the reg. guide.
I <3 2 MR. WERMIEL: I was complaining, i ( )
3 MR. STEWART: There was a definite reason for I
i 4 that, though. The 6101 covered a broad spectrum of i
5 topics.
6 CHAIRMAN MILLER: Yeah, true.
7 MR. STEWART: When we oot into the reg. guides 8 and we got to a place where we said do configuration 9 management, we only had to point to the reg, guide once.
10 CHAIRMAN MILLER: Let's go back to Jim was 11 talking about reg. guides. Would we be better off having 12 the licensee use the reg. guides then come to the staff 13 and say okay, I didn't do steps X through Y because I
( 'n C' 14 didn't think I needed to; versus having no reg, guide and I I
15 saying here's -- I developed my process, and the staff has l 1
1 16 to see where the process has been developed to meet the i 17 acceptance criteria. l 18 But I did use these standards throughout the 19 process. And that's a little bit more burden on the staff 20 to improve the process versus the licensee to say I didn't 21 use your process.
! 22 MR. WERMIEL: No, but wa would turn that l 23 burden right around on the licensee. One way or another, 24 whatever the licensee has done, if the reviewer comes
,a i 1
() 25 along and says this is what I'm supposed to look for and I NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005 3701 (202) 234-4433 I
282 1 don't see it, then the reviewer is going to go to the 2 licensee and ask for a justification for it.
/
r.
3 CHAIRMAN MILLER: But the licensee would ;
4 hopefully do everything the acceptance criteria told him l 5 to do. !
6 MR. WERMIEL: Hopefully. But once again, 7 there has to be the demonstration that he did. And that's l 8 what the reviewer is going to look for. If the l 9 demonstration's not there one way or another, he's going l
10 to go back to the licensee and say tell me why.
11 CHAIRMAN MILLER: I understand.
12 MR. WERMIEL: Okay?
13 CHAIRMAN MILLER: I'm just saying which way is
, ~ .
I x_' 14 easier for everybody?
15 MR. WERMIEL: It seems easier from -- again, 16 from my perspective, and I'm hoping from the licensee's 17 perspective, it's easier to have in target to shoot at and i 18 then say why I didn't hit that target with some 19 justification than to leave it open and then have the ,
20 reviewer come along and demand that there be some 21 explanation for not having even had a target.
I 22 MR. GALLAGHER: Don, there is sort of a model 23 for what you're talking about, and that was the approach 24 that NII used on Sizewell where they told them you bring
! 25 to us --
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
l 283 i
! 1 MR. WERMIEL: A rock.
1 i
,. 2 MR. GALLAGHER: -- what you think is right, l
/
~'
3 and we'll look at it. But the thing that they found out 4 was that the burden of them going into an examination to 5 see if the product at the end was indeed fit for duty, 6 they had to go into a tremendous IV&V program. And by 7 IV&V, I mean completely separate organizations.
8 Tney spent 300 man years doing that. And one 9 of their -- I've spent a lot of time recently with people 10 from NII talking about this. He need an IV&V program like ;
1 11 they have. And I think the answer is that we put enough i 1
12 effort into what we want to see as answering the issues l 1
13 that we feel have to be dealt with that we can review that l I
('s
(-) 14 and say yes, this is adequate versus having somebody bring 15 something in and they said we felt this is what we ought 16 to do, here it is, is it adequate.
17 MR. WERMIEL: Yes, I don't think Don was 18 implying it would be quite that open-ended though.
19 Because you're still -- you still have, I guess, the real 20 hig target is still having the standards there.
21 CHAIRMAN MILLER: Well, you'd have the 22 standards, and then of course the acceptance criteria.
23 MR. WERMIEL: Right. But John -- what John is 24 saying is -- right, ' chat John is saying is well, you know (o) n./
25 -- he an correct me if I'm wrong, but what happened was NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433 l
284 1 Westinghouse said oh, we meet these standards.
.f 2 And then NII said for the sizewell software.
, )
3 Then NII said well, okay, now bring me the demonstration, 4 the so-called safety case for them. So the Nuclear 5 Electric brought their rock. And NII said well, this 6 isn't the right rock; it's the wrong color; I need a green 7 rock.
8 CHAIRMAN MILLER: But NII, had they provided 9 any guidance on the standards issue, do you know?
10 MR. WERMIEL: No, not initially.
11 CHAIRMAN MILLER: Well, this SRP would supply 12 a lot of guidance on standards.
13 MR. WERMIEL: It would. And I guess --
p a
w) 14 CHAIRMAN MILLER: My only debate is whether we 15 have reg. guides endorsing standards or just refer to the 16 standards. That's where the debate is.
17 MR. WERMIEL: Yes, I understand.
18 MR. JOHNSON: Can I make a couple of comments 19 on the use of reg. guides? One is, is before I went to 20 the laboratory, I was ten years building and modifying 21 plants. And maybe I was more naive than today's engineer, 22 but I was only vaguely aware of the standard review plan.
23 To me, it was sort of a licensing document that more the 24 licensing department dealt with.
(y
( ) 25 But if I wanted to know -- what I really v
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
285 1 wanted to know was not so much what was the staff's l l
7s 2 acceptance criteria. Generally their acceptance criteria l l )
' /
3 were the same as my internal ones, that I build a system l 4 that I could believe in.
5 My question -- the one question that I really I l
1 6 wanted to have an answer to is are there practices that l
7 the staff has already accepted and endorsed and has l 1
8 reviewcd? And if I use that, my job becomes a lot easier. l 9 And where do I go to find those?
10 I go to the reg. guides to find those. I 11 don't go to the SRP to find those, 12 CHAIRMAN MILLER: I think in this case you 13 better go to the SRP because I don't think the reg guide
,m N- 14 will provide enough acceptance criteria -- provide a solid 15 enough target.
l l 16 MR. WERMIEL. And I think I would agree with l 17 you. Because in the ERP, we identify for the reviewer a l 18 set of attributes and an approach toward confirming those l
l l 19 attributes that would probably be very useful to the 20 licensee. So that when the inspector or the NRC staff 21 person shows up, they can demonstrate those attributes and 22 those -- and that approach has been implemented.
23 But I think Gary is right. There are 24 specifics for a designer that are not in the acceptance 7~
25 criteria for the staff. And the staff would only go to
()
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W (202) 234 4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
286 1 the reg. guide if that was an area that they chose to j 2 audit as part of their review of the -- and their fS V 3 acceptance of the particular design that they're raving.
4 MR. JOHNSON: And I think it's a great 5 advantage to me as a -- would be a great advantage to me !
6 as a designer to have documents such as this that say if l l
7 you do a faithful implementation of the recommendations of 8 the standards, you will -- we expect you will meet our ]
9 acceptance criteria, and it's very nice to have both. j 10 But as a person trying to implement the i 11 system, I think the reg. guides are much more useful to me 12 than the SRP acceptance criteria. The SRP acceptance 13 criteria are good, supplemental information, good things I l t ;
14 should be aware of.
15 Now you say that you need to be aware of the 16 SRP as well. I think that's true. And generally, I think 17 that is because we don't have really a complete suite of 18 IEEE standards that we can -- think we can depend upon to 19 address all of the topics that we think need to be 20 addressed.
21 But if you take che topics where we do have 22 standards that we have endorsed by reg. guides, I believe 23 that if you do a good, professional, thorough job of 24 implementing the standards that are endorsed by those reg.
,,- ~ ~ . ,
Iq,) 25 guides and the positions in those reg. guides, that you NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D.C 20005-3701 (202) 234-4433
287 1 will meet the acceptance criteria of the SRP.
7s 2 MR. QUINN: I would concur, Don. I've heard 3 you now and I think I can count six times you've asked the l 4 same question in a different manner.
5 (Laughter.)
6 So that could be construed as pointing to 7 something for Jim's benefit maybe for tomorrow. My I 8 background says the same thing. When you had a design, it 9 was based on -- the reg. guides are really an upfront 10 document. And I'm still reading this Commonwealth Edison 11 comment that says if they're issued in their current 12 format, digital retrofits in a cost effective manner will 13 be impacted.
7
' I just come
> 14 I think your questions are right.
15 from the background that says this is the right way to do 16 it. You do it with a reg. guide. You do it with a 17 standard. And I don't see how in a - because it's a non-18 nuclear standard, you could do it without a reg. guide to 19 endorse it, to take exception, to provide clarifications.
20 And I know your questions come from a concern.
t 21 I don't know a way around it. I think the answer is this
! 22 is the way to do it.
23 CHAIRMAN MILLER: We have one public commenter 24 who'd like to make comments. And I'd like to bring this 25 day to a close since it's been a long day. Even though we (t-)
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234 4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
1 288 1 thought we were ahead of schedule at 1:00, --
-s
\
2 MR. WERM1EL: We were at one time.
/
' ]
3 CHAIRMAN MILLER: So I think it's been a 4 helpful discussion. And I know I've asked the same 5 question a few different ways, but I've gotten good 6 answers each time and somewhat satisfying answers most of 7 the time. Same answers more or less but from different 8 people.
9 Any other questions on the reg. guides that 1
10 need to be identified now?
l 11 MR. QUINN: This refers to an attachment which l l
12 I didn't see the e-mail attachment, which is -- it says l 13 it's a John Scott e-mail attachment on something here, a i
,"'N i i \
\
m/
14 minority position on something. I don't think I got that, j 15 MR. SCOTT: That was an attachment to the 16 letter that Mr. Petrick sent from Capri Technology.
17 MR. QUINN: Oh, okay.
18 MR. SCOTT: He sent the body of a letter and 19 he said for additional information, he's the e-mail that I 20 sent to the IEEE group.
21 MR. KRAMER: But the attachment should be in 22 the actual comments from Capri. It should be attached at 23 the end of that --
24 MR. UHRIG: Called minority positions?
,y
( ) 25 MR. SCOTT: Yes.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
289 1 MR. QUINN: Okay, thanks.
7_s 2 CHAIRMAN MILLER: Yes, Bill Sun has requested
.' i
^^'
3 to make a comment. Really -- well, I'll let him make the 4 comment. It's directed toward the overall high level use 5 of the SRP.
6 MR SUN: Yeah, my name is Bill Sun of Sunutac 7 Incorporated. Five years ago, I was in charge of EPRI's 8 I&C program. I'd just like to bring to your attention two 9 monumental licensing activities being carried out by 10 Taiwan's Atomic Energy Council on an international scale.
11 One is very much related to our discussion 12 today. One is not. I'll just use one sentence to mention 13 the one which is not. And that is, Taiwan's Atomic Energy
,m
! )
x_/ 14 Council is preparing to review for first time an 15 international transboundary shipment of low level waste 16 from Taiwan to North Korea.
17 Okay, I think it's a monumental scale. The 18 second one is, you know, we talk quite a bit about a trial 19 run of this -- I would think it's an excellent document -- j 20 NRC put out this SRP document. You have one right there, ,
21 Jerry.
)
22 Taiwan Atomic Energy Council is using this to 23 review their $6 billion dollar advanced BWR. ,
ll I
24 MR. WERMIEL: We heard that.
i r~'s j
( ) 25 MR SUN: Yes. Okay, yeah, it is -- the 0 Rj NEAL R. GROSS l COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) E4-4433 WASHINGTON, D C. 20005 3701 (202) 234-4433
290 l
l 1 significance of that is the $6 billion dollar plant is l
, ~s 2 designed by American vendor, GE. Will be worked on by
(\ \
/
3 American architect engineers, Stone & Webster. And the 4 I&C equipment will be supplied by I&C supplier in the 5 United States called Foxborough.
6 And in addition, Taiwan's government, as well i
7 as their power company, Tai Power, is using the U.S.
8 licensing approach. That is your standard review plan.
i 9 And in doing this in the next seven years. So I think i 10 that, you know, to my knowledge, NRC -- Dr. Shirley l 11 Jackson visit Taiwan last year.
1 12 Dr. Don Miller visit Taiwan last year. You do ;
1 13 have a bilateral agreement with Taiwan's government. And
,r~\
v
's ') 14 with some extension of your Lawrence Livermore Laboratory l 15 contract work, you could capture the feedback as a full 16 sized advanced BWR. It's different from Kajawasaki 17 because GE decided to use the first kind of engineering 18 approach that carried out by U.S. utility and DOE.
19 So you have a full size trial run there.
20 Somebody is doing that for you. Okay, --
21 MR. KRAMER: Wait back and get the data.
22 CHAIRMAN MILLER: I figured at least Bill l
l 23 would end up with a very positive comment on this whole 24 thing.
(%/ ) 25 MR SUN: And I'm personally the vice chairman NEAL R. GROSS i COURT REPORTERS AND TRANSCRIBERS l 1323 RHODE ISLAND AVE., N.W.
(202) 234-4433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
291 1 of their ACRS, so I have very good contact. Except they fy 2 call it ACNS and they use the word nuclear instead of
- i
'~
3 reactor. I know the direct regulation extremely well. So 4 Jerry, you want a contact? I'll be happy to help you.
l 5 Okay, so --
l 6 MR. WERMIEL: We may have to work something 7 out together with you guys.
8 MR SUN: Yeah, it's very worthwhile. I'm sure ,
l l
9 Dr. Shirley Jackson would be happy to work with them -- !
i l
10 say give me your feedback.
11 MR. QUINN: Do you know what level are these l 12 standards they're looking at? Are they looking at the 1
l 13 same -- the draft revision that --
\ ') 14 MR SUN: The latest they have is your last I I
I 15 draft, which is, I believe, the December issue.
l 16 MR. WERMIEL: December issue?
l 17 MR SUN: It's the December issue.
18 MR. WERMIEL: We got -- we knew that you had 19 that and were going to use it. How far along are you with 20 the review?
21 MR SUN: Well, they couldn't use the U.S. or 22 the one step licensing approach. They used a U.S. utility 23 requirement document, but turned out using that as the bid 24 bases, the accident technical basis, but commercially not
) 25 viable because the U.S. vendor asked for too much.
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
)
292 1 So they used the two step licensing approach.
, .s 2 And next October they will coraplet a review of this so-
~'
)
3 called construction permit, the PSAR's, so now they are 4 beginning to using that. It's a very major, you know,
)
5 effort over there.
6 MR. WERMIEL: We'll need to get some feedback.
i 7 MR SUN: Yes, yes; okay. I think you have a 8 way to get there. I think you are friends of them. Okay.
9 MS. MITCHELL: You know, I might point out 10 that the National Academy Committee also suggested that as 11 these guidelines emerged -- and I guess I don't think it's 12 so clear cut as you would have us believe that it's just a 13 matter of adhering to well defined, clear practices.
e
\ - >) 14 The state of software is certainly not that t
15 clear. But our consistent view was that the NRC, 16 particularly the staff, ought to carefully monitor how 17 effective these guidelines were in particular potentially 18 outside of the U.S. for advanced plants. So I think that 19 would -- I think we hoped that the NRC would do more than 20 juct keep track, but it would be a more formal assessment 21 of how well it worked and to feed those results back. i i
1 22 MR SUN: Yes, I would encourage so. Because - .
I 23 - l 24 MS. MITCHELL: I could find that reference in p
! ! 25 the report.
J NEAL R. GROSS l I
COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
293 l
1 MR SUN: It is a specification in fully
,_ 2 digitized instrumentation control and protection plant i 1 3 with a full digital control room. It's a U.S. design.
4 MR. WERMIEL: Yes, it's basically the ABWR, as 5 I understand it.
7 MR. QUINN: What's the difference between that 8 and Kajawasaki?
9 MR SUN: Well, Kajawasaki, even though, 10 started with a GE concept. But largely done by 11 Hitachi/Toshiba. Especially they supplied the software 12 and hardware. But in Taiwan's deal, GE won the bid, $1.9 13 billion dollars for NSSS nuclear island. But GE,
~'
/ ;
(_ / 14 interesting enough, they didn't picture Japanese as their 15 partner because of cost.
16 Today U.S. vendor cost less than a Japanese 17 vendor, believe it or not.
18 MR. QUINN: Wow. So the Foxborough, it's 19 going to be an integrated --
i 20 MR SUN: Yeah, Foxborough was supplied --
22 MR SUN: I believe so. No, not protection 23 system. GE going to supply some on their own. But Tai 24 Power holding GE responsible for the design for the V&V, 25 for the independent V&V also. In term. GE -- Tai Power
()
HEAL R. GROSS l
COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W. i (202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
294 1 hired Stone &. Webster to do another level of independent
-~ 2 V&V t
CHAIRMAN MILLER:
3 Okay, Bill, thank you very 4 much.
5 MR SUN: Okay, thank you.
6 CHAIRMAN MILLER: And I'd say to kind of wrap 7 things up and set the stage so Jim does sleep a little bit 8 tonight, I think today's meeting was quite valuable.
9 Answered a lot of my questions. I think the overall 10 chapter seven had come a long way since even December.
11 And I think that we'll see how it can be used tomorrow.
12 And I think the staff's been very responsive 13 to all the -- unfortunately not that many comments, but I i- 14 think very good comments. And at least we've made a lot 15 of improvements. So tomorrow should be a good day of 16 showing how we're going to use this plan and go forward.
17 And at the end of the say, I say we'd still 18 like to identify any topics that need to be addressed in 19 the main meeting in June. And also any areas where we, as 20 a committee, might recommend disagreement with what is 21 happening, as well as those items of agreement.
22 I'd like to wrap this meeting up tomorrow for 23 George's reason and my reason, somewhere around 2:00 or 24 before.
) 25 George, what time do you have to leave NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE , N W.
(202) 2344 433 WASHINGTON, D.C. 20005-3701 (202) 234-4433
295 1 tomorrow?
- g. 2 MEMBER APOSTOLAKIS: I'11 try to catch a t j x'~' -
3 flight at 3:00. I need to leave here about 1:30.
4 CHAIRMAN MILLER: We can wrap it up at 1:30 5 maybe.
l 6 MEMBER APOSTOLAKIS: I'll have to wait until !
1 1
7 9:00, 8 MR. WERMIEL: We should be able to do that, 9 Don, because I think a lot of what's on the agenda we've 10 already covered today. l 11 CHAIRMAN MILLER: Okay, so this meeting is now l 12 recessed until tomorrow morning.
13 (Whereupon, the proceedings were adjourned at i n 1 1 i
V 14 5:09 p.m.)
15 16 17 18 19 20 21 22 23 24
,-~
( / 25 w./
NEAL R. GROSS COURT REPORTERS AND TRANSCRIBERS 1323 RHODE ISLAND AVE., N W.
(202) 234-4433 WASHINGTON, D C. 20005-3701 (202) 234-4433
.. ___ _ _ _ _ _ = . _ . _ _ _._
_ . . _ ._ _ . - _ _ ~ - . . _ _ . _ . .
i l bq l
CERTIFICATE This is to certify that the attached l 1
proceedings before the United States Nuclear Regulatory Commission in the matter of:
Name of Proceeding: ACRS SUBCOMMITTEE ON INSTRUMENTATION
- AND CONTROL SYSTEMS AND COMPUTERS SUBCOMMITTEE I l
Docket Number: N/A
- Place of Proceeding
- ROCKVILLE, MARYLAND l
l were held as herein appears, and that this is the original l
transcript thereof for the file of the United States Nuclear
( Regulatory Commission taken by me and, thereafter reduced to I typewriting by me or under the direction of the court reporting company, and that the transcript is a true and i
accurate record of the foregoing proceedings.
Y- IMA b6RBETT RI ER official Reporter Neal R. Gross and Co., Inc.
l l
l J I
t l
A LO ;
NEAL R. GROSS COURT REPORTERS ANDTRANSCRIBERS 1323 RIIODE ISLAND AVENLT, NW (202)234 4433 WAS!!!NGTON,D.C. 2000$ (202)234 4433
d/s-INTRODUCTORY STATEMENT BY THE CHAIRMAN OF THE
(~ I&C SYSTEMS AND COMPUTERS SUBCOMMITTEE
(,T ! 11545 ROCKVILLE PIKE, ROOM T-2B3 ROCKVILLE, MARYLAND May 28-29, 1997 The meeting will now com- o order. This is first day of the meeting of the ACRS Subc('4:ttee on Instrumentation and Control Systems and Computers. I<1 Don Miller Subcommittee Chairman.
ACRS Members in attendance are: George Apostolakis, Mario Fontana, and Robert Seale. We also have in attendance Bob Uhrig whose appointment to the ACRS is in progress.
Also in attendance are Ted Quinn, an ACRS Consultant, and Christine Mitchell and Charles Mayo, both are Members of the NRC Nuclear Safety Research Review Committee (NSRRC).
The purpose of this meeting is to review the proposed final Standard Review Plan Sections, Branch Technical Positions (BTPs),
and Regulatory Guides related to digital instrumentation and control (I&C) systems, including the proposed reconciliation of public comments on these documents and the integration of insights from the National Academy of Sciences / National Research Council Phase 2 Study Final Report on safety and reliability issues for digital I&C systems. The Subcommittee will gather information, analyze relevant issues and facts, and formulate r~s proposed positions and actions, as appropriate, for deliberation i ) by the full Committee.
Michael T. Markley is the Cognizant ACRS Staff Engineer for this meeting.
The rules for participation in today's meeting have been announced as part of the notice for this meeting previously published in the Federal Register on May 9, 1996.
A transcript of the meeting is being kept and will be made available as stated in the Federal Register Notice. It is requested that speakers first identify themselves and speak with sufficient clarity and volume so that they can be readily heard.
We have received no written comments or requests for time to make oral statements from members of the public.
(Chairman's Comments-if any)
We will proceed with the meeting and I call upon Mr. Jerry Wermici of NRR and Mr. Jay Persensky of RES to begin, f3 L)
O O Ci'*;
. UPDATE OF STANDARD REVIEW PLAN CHAPTER 7 INSTRUMENTATION AND CONTROLS i
Presented to:
Advisory Committee on Reactor Safeguards Instrumentation and Control Systems and Computers Subcommittee Matthew Chiramal instrumentation and Controls Branch Division of Reactor Controls and Human Factors Office of Nuclear Reactor Regulation Phone No: 301-415-2845; E-mail: mxc@nrc. gov May 28 & 29,1997 1
- W,e . m ae . A4 h w s, .AA64E -
.a , a-a, m e iJ ht aM %J L.nh 6 a 4ma y h.ah.3. 4a,_tra 4 4 4 m a.m. m M me Ja.E. AM.a%he SA .44,43.hg.4 da w A. m ik 4p,4... 4A.4sA2uA m_4se m-umm( hAA_._m..a _m., A
.a,h
= a ,
)
t s
OVERVIEW OF SRP CHAPTER 7 UPDATE i
I t
i t
E t
I
?
I f
t n
I r
L I
t tt t
4 s
k i
h e
l s
t s
t
]
e 2 ;
e 4 g I
i.
l'
gline of Chapter 7 O O
- 7.0 instrumentation and Controls - Overview of Review Process Appendix 7.0-A Review Process for Digital I&C '
- 7.1 i Introduction Appendix 7.1-A Acceptance Criteria and Guidelines !
Appendix 7.1-B Conformance to IEEE Std 279 Appendix 7.1-C Conformance to IEEE Std 603
- 7.2 Reactor Trip System i l
- 7.3 Engineered Safety Features Systems '
- 7.4 Safe Shutdown Systems .
- 7.5 Information Systems important to Safety i
- 7.6 Interlock Systems important to Safety !
i
- 7.7 Control Systems i i
- 7.8 Diverse I&C Systems I I
- 7.9 Data Communication Systems '
1 i
- Appendix 7-A Branch Technical Positions
- Appendix 7-B . General Agenda, Station Site Visits :
Appendix 7-C Acronyms, Abbreviations, and Glossary '
i t
3 i
SRP Chapter 7 revised to address digital l&C topics
- Revised Section 7.1 on general requirements and guidance Add references to new regulatory guides (RGs) and branch technical positions (BTPs) on special digital system issues Highlight review areas, acceptance criteria, and review process for digital systems based on IEEE Std 7-4.3.2 (RG 1.152) e New Section 7.0 and Appendix 7.0-A describe the overall review i process for digital systems e New Appendix 7.1-C gives guidance with respect to review according to IEEE Std. 603 (RG 1.153) e Revised Appendix 7.1-A addresses rule changes (Part 52 and revisions i to Part 50), and new regulatory guides e Revised Sections 7.2 through 7.9, which focus on systems, to add reference to digital system guidance in Section 7.1 1 i
e Revised Appendix 7-A includes new BTPs l
I 4
t
7.
Draft SRP Chaptar 7 was issued for Public Comments i .
lssued for Public Comments on December 5,1996 Two sets of comments received:
- Nuclear Energy Institute
- Westinghouse Electric Corporation b
i 5
.____....__.m......__..
O O O ,
t I
b i
I i
i f
t i
t i
f I
DISPOSITION OF PUBLIC COMMENTS ON DRAFT SRP CHAPTER 7 UPDATE t
i 6
I r
6 i
6 i
O O O 4
Public Comments and their Disposition i
NEI Comments: t i
SRP Chapter 7 well organized and clear SRP Chapter 7 appropriately relies largely on references to standards i
rather than including detailed review guidance '
SRP Chapter 7 should be publically available for extended period of
- trial use and public comment Disposition
- i~
SRP is maintained as a "living document;" additional pubhc comments, revisions of applicable standards, new standards, and results of new studies will be regularly incorporated into future revisions of SRP Chapter 7; final SRP Chapter 7 will be available l' indefinitely on the internet -
i i
i 7 ;
t
O O O Public Comments and their Disposition (Continued)
Westinghouse Comments / Disposition:
Comment - Definitions of terms " Deterministic" and " Deterministic Timing" in Appendix 7.0-A and BTP HICB-14 contain contradictory statements.
o Disposition - The definitions were revised.
Comment - A sentence in Appendix 7.0-A, Section C.1, seems to indicate that the staff is willing to relax the acceptance criteria for safety systems of lesser significance. .
l o
Disposition - The wording of the sentence is "The Staff's review emphasis should be commensurate with the safety significance of the given system or aspect of a system's design under review." It is i
meant to provide guidance to the staff reviewer for level of review effort and not an indication of relaxation of acceptance criteria for the design. A phrase and footnote were added to clarify this point.
t t
l I
i 1 ;
l 8 i
Westinghousa Commants/ Disposition (continued)-
Comment - In Section 7.1.1, item 7, " Diverse actuation systems" should read " Diverse Actuation Systems MAY include the Anticipated ;
Transient Without Scram (ATWS) ...." !
o Disposition: The title of this section (and Section 7.8) was changed to " Diverse instrumentation and control systems" as opposed to !
"Divc:se actuation systems," since it provides guidance for any diverse I&C system. ATWS Mitigation System and Diverse Actuation System are examples of diverse I&C~ systems. ~
Comment - The first paragraph of Appendix 7.1-B states that although required by NRC regulations only for protection systems, the i criteria of ANSI /IEEE Std 279 are applicable to any instrumentation j and control system, and that the reviewer may use the concepts of the standard in the review of l&C systems that are not part of the protection system. Examples ant? ciarification should be included in Append;x 7.1-B.
o Disposition: A clarification was provided that IEEE Std 279 is useful guidance for I&C systems other than protection systems and noting that use of this guidance is described in Sections 7.2 through 7.9.
L 9 l
r i
o yestinghouso Comments / Disposition (continued):
O Comment - After 10 CFR 50.55a(h) is revised from IEEE 279 to IEEE i 603, Appendix 7.1-B should be eliminated and only Appendix 7.1-C i be used.
o f
! Disposition: SRP Chapter 7 is planned to be used for review of future
- plant applications as well as license amendment applications. Thus,
- SRP Chapter 7 retains both Appendix 7.1-B and 7.1-C since current operating plant licensing bases incorporate IEEE Std 279. ;
Comment - The statement in Section 7.8 that equipment diversity should be provided to the extent reasonable and practicable is vague i and subjective - examples of diversity should be included.
t o
Disposition: Additional clarification on equipment diversity is included in BTP HICB-19 in response to this comment and a similar '
1 recommendation by the NAS study.
Several Comments on BTP HICB-12 on instrument Setpoints and on BTP HICB-13 on Cross-Calibration of RTDs are addressed in the i' revisions of these BTPs. ,
i 10 i
_4b .m a ER.hhA_.EMhhh.4..bk4.b.,6N .e44A G4hamh,W A h6+.66.a.abe.=bw4.hwahhh-44.n.h -M&sh.a.s._e4,Am,.masA. Aw,4MA b
i O O O .
- 2. :
i i
i CHANGES BASED ON ACRS COMMENTS AND NAS/NRC STUDY 11 i
-______-_____m.__ _ _ _ _ _ _ . . - _ _ . . _ _ _ _ . _ _ . _ _ __ - __ _ _ __ - ___ _ ____. _- _ _____- s --_ -_-_
O O O Changes based on ACRS Comments and NAS/NRC Study Recommendations ACRS Comment:
In using BTP HICB-14 for guidance the reviewer is directed to additional guidance and acceptance criteria in standards and other references. It would be preferable to include the acceptance criteria and guidance from the standards in the BTP itself.
o Disposition:
in the revised SRP Chapter 7, where possible, particularly in BTP HICB-14, the required guidance and acceptance criteria were extracted from the referenced standards and documents and included directly in the SRP section and associated BTP. j 12
o o ACRS Comment: 0 -
0 In BTP HICB-14 the acceptance criteria for process and products need clarification i
o Disposition:
'Section 3.1, Acceptance Criteria for Software Life Cycle Process Planning, and Section 3.2, Acceptance Criteria for Software Life Cycle Process implementation, have been revised to incorporate acceptance :
criteria extracted from referenced standards and formatted to be consistent with the product acceptance criteria in Section 3.3, Acceptance Criteria for Software Lifecycle Process Design Outputs ;
b l
I i
13 i
o ACRS Comment: i Staff should review the Atomic Energy Control Board (AECB) Draft Reg.
Guide C-138, " Software in Protection and Control Systems," particularly the use of formal notation in the Software Requirements Specification ;
o Such a review was performed by the staff, in 1996, at the request of the Director General, AECB. By letter dated June 7,1996, the NRC !
Executive Director for Operations stated that the contents of C-138 were consistent with the staff positions and acceptance criteria on software related issues incorporated in the update of SRP Chapter 7 and-the new regulatory guides on software quality.
Appendix 7.0-A has been revised to provide additional guidance on the use of formal methods in software development 14
c__
l o O O NAS Recommendation:
3 The [US]NRC should revisit its guidelines on assessing whether adequate diversity exists. The [US]NRC should not place reliance on different programming languages, different design approaches meeting '
the same functional requirements, different design teams, or using different vendors' equipment (" nameplate" diversity). Rather,the
[US]NRC should emphasize potentially more robust techniques such as the use of functional diversity, different hardware, and different real-time operating systems.
y o Disposition:
in the revised BTP HICB-19 addditional clarification on acceptable diversity for digital system has been included. Specifically, BTP HICB-19 calls for a diversity demonstration based on an appropriate combination different types of diversity including functional diversity and different hardware.
J 15
o
~
o o -l Disposition of National Research Council / National Academy of Sciences Final Report on Diaital I&C Systems in Nuclear Power Plants Technical Issue 1 - Systems Aspect of Digital I&C Technology Recommendation 1 The [US]NRC should make a trial application of the proposed regulatory guidance documents on system aspects to foreign nuclear plant digital ,
systems, both existing and in progress.
Comment: We disagree that an independent trial application by the USNRC on a foreign reactor is possible. This could only be accomplished with the permission and participation of the host country's regulatory body and the utility. Further, the recommended trial application may not necessarily provide a meaningful assessment of the staff's guidance due to differences in requirements for digital systems in foreign nuclear plants.
I
. .i O O O Technical issue 1, Recommendation 1 - Comment (Continued)
Nevertheless, there are a few examples of foreign interaction which may satisfy the intent of the recommendation: :
i The Czech Republic Regulatory Agency (SUJB) is using the guidance in SRP Chapter 7 to review the Westinghouse-designed i digital I&C system for Temelin. The staff is following SUJB's activities and continues to interact with them on the results of their review.
l.
The Korean Nuclear Regulatory Agency (KINS) is interested in adopting SRP Chapter 7 and the Korean Atomic Energy Research Institute (KAERI) j is using the SRP as a starting point for developing national guidelines for !
computer-based system design.
NUREG-0700, Rev.1, Human-System Interface Design Review Guideline, is planned for trial use in evaluating the human factors !
aspects of the French N4 control room. !
t i
I i
1 O O O Technical Issue 1 - Recommendation 2 The [US]NRC should identify and review system aspects guidance documents provided in other industries, such as chemical processing and aerospace, where large-scale digital l&C systems are used. The focus of this review should be to compare these other guidance documents with those being developed by the [US]NRC, paying attention to common problems and application-specific differences.
Comment: Agree. Such tasks are routinely done during preparation and updating of standards, staff studies, and contractor efforts. In the course of developing the update to SRP Chapter 7, the NRC staff conducted workshops with industry experts to obtain information which was subsequently considered in staff guidance. Such activities by the NRC staff and contractor staff will continue. Examples include information gathered from the Boeing Corporation and Software Productivity Consortium (SPC) activities and documents, and consideration of IEC, ISO, IEEE, and other standards for reference in staff regulatory guidance. The staff plans several activities for the future that will involve investigation of digital system applications in other industries and their relationship to NRC guidance.
i
Technical issue 1 - Recommendation 3 To obtain practical experience, the [US]NRC should loan staff personnel, '
perhaps on a reciprocal basis, to other agencies involved in regulating or overseeing large, safety-critical digital I&C systems.
I Comment: Disagree. The staff does not have sufficient resources to implement the recommended rotation. We believe that sufficient interactions with other industry regulatory agencies are already taking place i through specific interagency meetings, the SPC, conferences, meetings, and
, other interactions which provide the opportunity to exchange information.
i r
i i
--- - _ --- --_-- ----- ---- - - - - - - - - - _ - _ - - _ - -----------------------_----------J
O O O
~
'i Technical issue 1 - Recommendation 4 ;
The [US]NRC should require continuing professional training for appropriate staff in technologies particularly germane to system aspects, such as fault- i tolerant, distributed systems. ;
Comment: Agree. The NRC staff has participated in many hours of training in the various aspects of digital technology including systems aspects.
Ongoing internal staff training activities will continue to address this aspect of digital systems. Additionally, the NRC has developed a guidance document, NUREG/BR-0227, " Guidance for Professional Development of
, NRC Staff in Digital Instrumentation and Controls," for its regional and headquarters staff to develop and maintain adequate skills in digital system issues. The NRC staff has participated in specific programs to enhance individual expertise in digital systems, like the Senior Fellowship Program and the NRC Graduate Fellowship Program.
i l
i
r .
a Technical issue 2 - Software Quality Assurance e O Recommendation 1 Currently, the [US]NRC's path is to develop regulatory guides to endorse 1 (with' possible exceptions) a variety of industry standards. The [US]NRC
, should develop its own guidelines for software quality assurance that focus on acceptance criteria rather than prescriptive solutions. The draft regulatory guide' " Software in Protection and Control Systems" by Canada's Atomic Energy Control Board is an example of this type of approach. The
[US]NRC guidelines should be subjected to a broad based, external peer review process including a) the nuclear industry, b) other safety-critical industries, and c) both the commercial and academic software communities.
Comment: Disagree. Consistent with-OMB Circular A-119, Federal Participation in the Development and Use of Voluntary Standards, and long- 1
- standing NRC practice, the staff believes it is more appropriate and efficient to continue use of applicable industry standards as endorsed, with possible exceptions and clarifications through regulatory guides, and augmented, where necessary, by guidance developed by the staff (e.g., branch technical positions) than to develop its own stand-alone guidance. Such a practice takes advantage of the consensus process which involves input from vendors, licensees and academia as well as regulators.
e e TTchnical issue 2, Recommendation F- Comment (Continued)
O t
Regulatory guides generally do not contain prescriptive solutions or requirements; they describe methods acceptable to the staff for complying with the Commission's regulations. Before the NRC issues a final version of a regulatory guide or other guidance document like the SRP, it undergoes internal staff and management reviews, and reviews by committees such as the CRGR and ACRS. There is also a mandatory public comment period during which members of the public, including the industry and academia, can comment on the documents. These comments must be considered and dispositioned by the staff prior to issue of the final version of the document.
With regard to the draft Canadian regulatory guide on software, in 1996, at the request of the Director General, Directorate of Analysis and Assessment, Atomic Energy Control Board (AECB), Canada, the NRC staff reviewed Draft 5 of AECB Regulatory Guide C-138, " Software in Protection and Control Systems." By letter dated June 7,1996, from the NRC to AECB, the EDO stated that the contents of C-138 were consistent with the staff positions and acceptance criteria on software related issues incorporated in the update of SRP Chapter 7 and new regulatory guides on software.
O Technical Issue 2 - Recommendation 2 9 O :
System requirements should be written in a language with a precise meaning so that general properties like consistency and completeness, as well as '
application-specific properties can be analyzed. Cognizant personnel such as ,
plant engineers, regulators, system architects, and software developers should be able to understand the language. ;
i Comment: Agree. The NRC staff believes that a clearly written systems specification is vital to development of safety-critical software. The staff does not mandate how the specification should be written. However, !
attributes such as consistency, completeness, understandability and clarity in the specification are-included in the staff criteria. Specific guidance and acceptance criteria for the review of software quality is provided in BTP HICB-14 and in the staff inspection assistar.ce tool . Additionally, this issue will be investigated further in a research project on a requirements specification framework.
i
echnical issue 2 - Recommendation :
t
[US]NRC research in software quality assurance area should be balanced in emphasis between early phases of the software life cycle and code-level !
issues. Experience shows that the early phases contribute more frequently to the generation of software errors.
Comment: Agree. In the overall review of digital I&C systems, the staff provides emphasis on the early stages of design development - specifically in
- Appendix 7.0-A of SRP Chapter 7. Additionally, as noted above, a research project was initiated to investigate a requirements specification framework.
The goal of the research project is to develop review guidance to assure that steps are taken to minimize software errors resulting from activities during the early phases of a project. r f
i i
, t I
t
[
T hnical issue 2'- Recommendation The [US]NRC should require a commensurate quality assurance process for ASICs, PLCs, and other similar technologies.
Comment: Agree. The staff is conducting its review of PLCs and ASICs in :
a similar manner to that of other computer-based systems, and will continue its assurance activities by providing guidance and audits at a level of quality comparable to those provided on other digital I&C systems.
. _ .. . _ . _ _ _ . _ . _ . _ _ . _ _ _ . _ _ .__ _ .. _ .. _ _ 7 . .
hnical issue 3 - Common-Mode So ware Failure Potential Recommendation 1 The [US]NRC should retain its position of assuming that common-mode software failure is credible. ,
Comment: Agree. This has been done in the update to SRP Chapter 7.
i Recommendation 2 i
The [US]NRC should maintain its basic position regarding the need for
- diversity in digital I&C systems as stated in the draft branch technical 4
position "Digita! Instrumentation and Control Systems in Advanced Plants" !
(see Chapter 5) and its counterpart for existing plants. i i
Comment: Agree. This has been done in the update to SRP Chapter 7. ;
I t
oTechnical issue 3 - Recommendationo3 o
'l The [US]NRC should revisit its guidelines on assessing whether adequate diversity exists. The [US]NRC should not place reliance on different programming languages, different design approaches meeting the same functional requirements, different design teams, or using different vendors' equipment (" nameplate" diversity). Rather, the [US]NRC should emphasize potentially more robust techniques such as the use of functional diversity, different hardware, and different real-time operating systems.
Comment: Agree. Diversity is not assessed solely on the basis of one of ,
the indicated factors. It is assessed on a combination of factors that include functional diversity, hardware diversity, and system diversity. The updated
- SRP Chapter 7 will be revised to provide clarification on acceptable diversity considering nameplate, design diversity and functional diversity to address this recommendation.
l f
chnical issue' 3 - Recommendation i
The [US]NRC should reconsider the use of research funding to try to establish diversity between two pieces of software performing the same i function. This does not appear to be possible. Specifically, it appears the 1
[US]NRC funding of the Unravel tool is based on the use of this tool for this purpose and, as such, is unlikely to be useful. ,
Comment: Agree. Note, however, that Unravel is not a tool for assessing digital system functional diversity. Unravel is only one of many tools that could be used by the staff in assessing quality of software. The prime purpose of Unravel is to assist a staff reviewer when performing a string check of a software code in order to look for errors. By combining strings through a code, Unravel can identify common coding instructions that could become potential common-mode failure sites.
i l
f i
i
O O Technical issue 4 - Safety and Reliability Assessment Methods O
' Recommendation 1 The [US]NRC should require that the relative influence of software failure on system reliability be included in PRAs for systems that include digital ,
components.
Comment: Agree. Probabilistic Risk Assessments (PRAs) for proposed
. advanced reactor designs utilizing digital systems model them in their risk-assessments as they would an analog system. Although failure rate data for digital systems is limited, and potentially important failure modes are different (inherent design errors vs. random failure over time) when compared to analog systems, PRAs incorpo.ating digital systems can provide '
insights into digital system risk contribution by evaluating their importance through uncertainty analyses. This is being done, for example, in the review of the Westinghouse AP600 PRA. As reliability requirements become more stringent, the confidence in the assessment decreases, because of the lack of data. For example, there is little data on design errors affecting rare events. Note, however, the staff does not rely solely on numerical reliability criteria when making judgements on the acceptability of digital I&C systems.
chnical issue 4 - Recommendatio i
i The [US]NRC should strive to develop methods for estimating the failure probabilities of digital systems, including commercial-off-the-shelf (COTS),
for use in probabilistic risk assessment. The methods should include acceptance criteria, guidelines, and limitations for use, and any need for '
rationale and justification.
Comment: Agree. The staff continues to follow the work being performed by others in the area of digital system risk assessment. The staff is supporting a proposal by the Nuclear Energy Agency / Committee on the. ,
Safety of Nuclear Installations (NEA/CSNI) to establish a data base of operational experience with nuclear p'ower plant computer systems and risk analysis methods. The final report of the organizing committee on special computer system issues recommends that CSNI follow ongoing work (e.g., i European Special Projects for Research in Information Technology Design for ;
Validation (ESPRIT DEVAL Workpackage 5) which has the goal of developing methods for evaluating software and digital system reliability. A research project now under development will assess the current state-of-the-practice j for measuring software reliability.
i
O O O Technical Issue 4 - Recommendation 3 The [US]NRC and industry should evaluate their capabilities and develop a sufficient level of expertise to understand the requirements for gaining confidence in digital implementations of system functions and limitations of quantitative assessment.
Comment: Agree. The staff and industry are working to improve expertise in order to be more confident that digital system implementation is accomplished effectively. An example of this is the staff and industry interactions in the COTS, PLC, and ASICs development programs. As for the limitations of quantitative assessments, since the domestic nuclear industry is not a dominant user of process-computers, the staff believes it is appropriate to continue to follow the activities of others involved in studying digital system reliability quantification such as the NEA/CSNI activity
^
mentioned above.
Efforts are underway to further develop the NRC staff's expertise in the quantitative assessment of digital implementations. Specifically, the NRC staff is participating in seminars and studying the literature on. state-of-the-practice quantitative assessment methods.
i
chnical issue 4 - Recommendation r
The [US]NRC should consider support of programs that are aimed at i developing advanced techniques for analysis of digital systems that might be used to increase confidence and reduce uncertainty in quantitative ;
assessments.
1 Comment: Agree. See above responses.
I t
t i
i
~
I-O O O ~!
Technical issue 6 - Dedication of Commercial Off-the-Shelf Hardware and Software Recommendation 1 The [US]NRC staff should assure that their involvement in the Electric Power Research Institute (EPRI), Nuclear Utilities Software Management Group (NUSMG), IEEE, and the Instrument Society of America (ISA) working groups means that [US]NRC concerns and positions are being addressed so that any standards or guidelines developed by these groups can be quickly accepted and endorsed by the [US]NRC.
Comment: Agree. This is being accomplished through the staff's continuing participation in meetings and other interactions with industry groups on COTS. Because of these interactions, the staff expects to promptly endorse the EPRI COTS guidance document, EPRI TR-106439, " Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Application."
T chnical issue 6 - Rscommendation The [US]NRC should establish what research is needed to support [US]NRC acceptance of COTS in safety applications in nuclear plants. This research should then be incorporated into the overall research plan.
Comment: Agree. The NRC staff is considering development of a research program to support the acceptance of COTS hardware and software in NPPs. .
Recommendation 3 The [US]NRC regulatory guidance on the use of COTS should recognize and i be based on the principle that criteria and verification activities are to be commensurate with the safety significance and complexity of the specific !
application.
Commenti Agree. The EPRI document (EPRI TR-106439) on commercial dedication of COTS, which is being endorsed by the staff, recognizes these l considerations. The revised SRP Chapter 7 references this EPRI document.
I
ategic issua 1 - Case-by-Case Lica ing Process ,
Recommendation 1 The [US]NRC should place a high priority on its effort to develop a generically applicable framework for the review and evaluation of digital I&C upgrades for operating reactors.
Comment: Agree. The revised SRP Chapter 7 establishes such a framework and guidance for review and evaluation of digital I&C upgrades for operating reactors. This activity has received a high priority by the staff from the '
outset.
i i
f f
i i
!!lll ! i!j(!l :! l !! ! !li! ! ; !! : !
s e
w i tod
. r s e n e t sn n
b yna uo
_ ai l ef dt i
dt s sa bo anc l
- u enr l t gi ook l i snl r ht at te waiaegct e
sd x r ri n
_ sek re hc bet i i
. st e ao s iamrcd h y e - n
- cd opei wer waf ya t
- r p
u mts t st oet n f n
_ s au a a e s.e aik rd f troisi n eoesmi mts arepr r u t gwhl o a c nehlos t
c olaht t o evdu l
o nmai eti t dp nden
. gf f i h ahr i nd cf e
r t c-ey i nae vtsisda c as n d
t yr t i t r l r ue l a ec n a s t
2 aosf a ha r adeni t t n n
o ia gl e s i sTppat l r
i u oe r 7 .
er ts n i
t a d f e gT h . r yh a u d or t e ea rt e no c l
.ol tpsounr sf c i
n n es b e oht na a e noeh m i t
t nir ess i h ct e i t
t Cea o tatpo m
o l
uo amee h picd P nt s si c vt ocy t Rsa eit ei cn i e eelr e ah l S
R dt hlpr s
- dpse i u v rpig 'e .e t da pa p at r a ean g p r endts h 1
s t r e wei rdain g e u eo b pss ut n i s ht e ne w Aut a n s t d hi e : y ne yit ou i
c f ef ohot t er v tl namgn l
oo c i
g st n e c pl cs wlis mdo onsi i
t t
e eba ol uc i l
a r
iaevt r cb mivoehi r
o ee ec yi t
h t S
t I
n sbcu eaap C pd t b w
Strategic issue 1 - Recommendation 3 T'e [US]NRC should consider additional ways in which the guideline development process can be accelerated and streamlined. For example, consideration could be'given to establishing chartered task groups involving ,
representatives from the [US]NRC, the industry, and academia. These groups would be tasked and managed on a project basis to investigate and I resolve unreviewed matters of possible safety significance that arise in the development and use of digital systems.
Comment: Agree. This topic was mentioned at the January 22,1997, Commission meeting on codes and standards. The direction given by the !
Commission to the staff was to look into ways to acceleme and streamline ;
the standards endorsement process. The staff is pursuing this action.
i i
i As regards use of advisory groups involving the industry and academia to address unreviewed matters of possible safety significance, note that there are currently mvo such advisory groups (ACRS and the Nuclear Safety Research Review Committee (NSRRC)) in the NRC to review nuclear power plant safety significant issues and research plans. The staff believes that this oversight in conjunction with the public comment process is sufficient to provide for efficient guidance development. In addition, as noted above, when major issues of specific concern to the industry arise, working groups I of NRC staff and industry representatives have been formed to develop ;
acceptable guidance and approaches. '
Strategic issue 1 - Recommendation 4 ln developing its regulatory requirements, the [US]NRC shorid ensure that !
where issues arise that are unique to digital systems, they are treated appropriately. On the other hand, where issues arise with regard to digital
.upgrados that are no different from issues posed for analog systems, such issues should be treated consistently. The opportunity (or obligation) for the j
[US]NRC to review and approve digital upgrades should not be seen as an opportunity to impose new requirement; on individual licensees unless the issue is unique to the application proposed.
t
[
Comment: Agree. The staff believes that issuance of the update to SRP Chapter 7 and the digital system inspection guidance in IP 52001 and t 52002 will assist in ensuring consistency in staff review of digital modifications. ;
i The imposition of new requirements resulting from new or amended provisions in the Commission rules, or the imposition of a regulatory staff j
- position interpreting the rules that is either new or different from a i previously applicable staff position is governed by 10 CFR 50.109, the "backfitting" rule which requires cost / benefit analyses as justification before imposition of the new porstion. ;
l l
i 4
Strategic issue 1 - Recommendation 5 In view of the substantial benefits of early interaction with individual utilities considering digital upgrades, as well as the benefit of working closely with industry groups and other interested members of the public in the development of standards and guidelines, the [US]NRC should undertake proactive efforts to interact early and frequently with individual utilities and with industry groups and other interested members of the public. In i addition, it would be of benefit for the [US]NRC to be familiar with the broader evolving applications of digital l&C systems in both nuclear and non-nuclear applications. This, in turn, will provide a foundation for a cooperative working relationship.
! Comment: Agree. As mentioned above, this is being done through the EPRl/ industry working groups on various topics. In many forums, the NRC staff has announced to the licensees its willingness to discuss proposed modifications as early as possible. However, from a practical standpoint, it is not always possible for the staff to interact with each individual licensee based on the staff and licensee resource limitations, nor are licensees obligated to discuss their plans with the staff. Interaction is only required when a license amendment (per 10 CFR 50.90) is needed for a proposed modification.
Strategic issue 1 - Recommendation 6 -
The [US]NRC should revisit the system level issue addressed in Generic Letter 95-02 and EPRI Report TR-102348 to ensure that this position is consistent with the historical interpretation of 10CFR50.59. The committee strongly endorses maintaining and formalizing the distinction between major and minor safety system upgrades containing digital technology.
Comment: Agree. The staff's position on " system level" as stated in GL
& '2 has been reconsidered by the technical and legal staff at NRC as part
- ~ i '. e overall program to review 10 CFR 50.59. It was determined that the GL 95-02 interpretation as it relates to a new or different malfunction is correct and as such it will not be changed.
O O O
, j Strategic issue 1 - Recommendation 7 The [US]NRC chould establish a process for cataloguing 50.59 evaluations of digital upgrades in some centralized fashion, so that individual utilities considering such upgrades can review and consider past 50.59 determinations regarding when a particular modification has been found to result in an unreviewed safety question.
Comment: Disagree. Evaluations under 10 CFR 50.59 are performed by i
licensees, and the licensees are not required to submit them to the NRC.
Licensees are required to provide an annual report summarizing the 50.59 evaluations. The NRC staff reviews this report and'when digital modifications are identified, the staff will consider the need for an j inspection of the modification. Reviews of individual plant licensing bases for the determination of an unreviewed safety question when implementing digital upgrades is a plant specific effort because of the differences in the licensing bases for individual plants. Therefore, the staff does not believe the resources involved in cataloging 50.59 evaluations will provide significant benefit generically to licensees. However, the nuclear industry itself could take on the task of cataloging 50.59 evaluations for digital modifications for the purpose of providing guidance to licensees when determining the existence of an unreviewed safety question for proposed digital upgrades. We note that digital retrofits requiring staff review are approved in safety evaluations which are publicly available. '
b i i
Strategic issue 2 - Adequacy of Technical infrastructure Recommendation 1 Despite difficulties posed by declining budgets and staffing levels in the face of rapidly moving technology and a stagnating nuclear industry, the [US]NRC must explore ways to improve efficiency of the review procens with existing staff and resources.
Comment: Agree. The staff efforts to update SRP Chapter 7 and its !
interactions with the industry on several programs are examples of efforts to !
achieve such a goal.
. k i
i i
i Strategic issue 2 - Recommendation 2 The [US]NRC should define a set of minimal and continuing training needs i for existing and recruited staff. Particular asention should be paid to software quality assurance expertise. Once defined, the [US]NRC training program should be subjected to appropriate external review. Certification of ,
[US]NRC expertise levels is one possibility the [US]NRC may wish to consider.
Comment: Agree on training program. An interoffice training advisory group provides guidance on the training and education of staff involved in the inspection of digital system retrofits. NUREG/DR-0227 documents specific formal training courses available to staff digital system reviewers.
Such training is supplemented by a digital system workshop held approximately annually to provide inspectors with updated guidance on digital system issues and activities of interest. Certification of digital I&C reviewers / inspectors to specific expertise levels is not a practical option at this time since no recognized standard of knowledge for certification has been established in the computer system discipline.
'~
O O O l
! Strategic issue 2 - Recommendation 3
! Consistent with. Conclusion 5 above, the [US]NRC should develop a strategic .
i plan for the research program conducted by the RES and NRR offices. The plan should emphasize balancing short-term regulatory needs and long-term, i
anticipatory research needs and should incorporate means of leveraging l available resources to accomplish both sets of research objectives. It should also reach out more effectively to relevant technical communities (e.g., by the establishment of research simulators for human factors research), to the i Electric Power Research Institute, to the Department of Energy, to foreign nuclear organizations, and to other safety-critical industries dealing with '
digital l&C issues. In making this recommendation, the committee recognizes the Halden Reactor Project provides an example of such cooperative research; but much of the Halden work cannot be published !
widely and, therefore, lacks the benefit of rigorous peer scrutiny.
Comment: Agree. In partial response to the current agency-wide strategic planning and rebaselining effort, a strategic plan that would address the needs of this recommendation for future digital system research will be developed. The strategic plan will address issues such as the balance between regulatory product development and exploratory research, relationships with other organizations and the coordination of a human factors / digital I&C research facility.
o r
o o
Strategic issue 2 - Recommendation 4 l Because research in the digital I&C area may require a longer time frame than that of single fiscal years, the [US]NRC should give consideration to planning and arranging funding on a multi year basis.
l l Comment: Agree. The NRC enters into agreements to fund projects on a multi-year basis (e.g., the Halden Reactor Project has 3-year agreements, subject to availability of funds), however, Congress approves the NRC budget on a yearly basis. Research programs for specific tasks are almost always planned over multiple years.
l Recommendation 5 Consistent.with Conclusion 4 above, the [US]NRC should consider ways to accelerate preparation and updating of needed standards and guidance documents. In particular, the [US]NRC should consider using chartered task groups (see Recommendation 3 pertaining to the case-by-case hcensing l
process).
l
- Comment
- Agree. See comments on Strategic issue 1, Recommendation 3, above.
';.* l 1
O --
STAFF RESPONSES TO PUBLIC i CO M MENTS OX DRAFT
! CHAPTER 7 l l, INSTRUMENTATION AXD l
CONTROLi OF THE STANDARD
\
REVIEW PLAN j
1 i
O ver8ioa i o Prepared by Gary Johnson May 28,1997 Prepared for U.S. Nuclear Regulatory Commission B* Fission Energy and Systems Sa Lawrence Livermore National Laboratory O
C Disclaimer O This document was prepared as an account of work sponsored by an agency of the United U States Government. Neither the United States Government nor the University of California, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately ow ied rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Gavernment or the University of California The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California and shall not be used for advertising or I product endorsement purposes. l l
1 l
l O ,
b '
l l
l i
l t
i This work was supported by the United States Nuclear Regulatory commission under a Memorandum of Understanding with the United States Department of Energy, and Ov performed under the auspices of the U.S. Department of Energy by Lawrence 1 ivermore National Laboratory under Contract W-7405-Eng-48.
l l
l p Table of Contents t >
StafiResponses to Public Comments on Draft Chapter 7 (Instrumentation and Control) of the Standard Resiew Plan l
l A. Introduction 4 1
B. Responses to General Comments 5 l Submitted Comments 5 l Proposed Revisions 6 =
C. Responses to Comments on Section 7.0-A," Review Process for Digital Instrumentation and l Control S3stems" 6 Submitted Comments 6 I Proposed Revisions 7 l D. Responses to Comments on Section 7.1," Acceptance Criteria for Instrumentation and Control Systems Important to Safet3" 8 j Submitted Comments 8 Proposed Revisions 9 E. Responses to Comments on Table 7-1," Acceptance Criteria for Instrumentation and Control S3 stems Important to Safet)" 9 I
Submitted Comments 9 Proposed Resisions 10 F. Responses to Comments on Appendix 7.1-A," Acceptance Criteria for instrumentation and l Control Systems important to Safety" 11 Submitted Comments 11 .
g 11 I Proposed Revisions G. Responses to Comments on Section 7.1-B " Guidelines for Evaluation of Conformance to ANSI /IEEE Std 279" 11 Submitted Comments 11 Proposed Revisions 12
- 11. Responses to Comments on Appendix 7.1-C," Guidelines for Evaluation of Conformance to ANSI /IEEE Std 603" 13 Submitted Comments 13 Proposed Revisions 13 1
l 1. Responses to Comments on Section 7.5,"Information S 3 stems Important to Safet)"
13 Submitted Comments 13 Proposed Revisions 14 J. Responses to Comments on Section 7.8 "Diserse Instrumentation and Control Sy stems" 14 Submitted Comments 14 Proposed Revisions 15 l
l K. Responses to Comments on Ilranch Technical Position (BTP) IIICil-12. " Guidance for i Establishing and Maintaining lustrument Setpoints" 16
! Submitted Conunents 16 Proposed Revisions 20 L. Responses to Comments on Branch Technical Position (BTP) IIICD-13," Guidance for Cross-Calibration of Protection System Resistance Temperature Detectors" 21 Submitted Commenu 21 f~h rg Proposed Revisions 23
-. .- .. --. -. . . ~-. . -. .
Staff Responses to Public Comments on Draft Chapter 7 Q (Instrumentation and Control) of the Standard Review Plan A. Introduction The drail instrumentation and control chapter (Chapter 7) of NUREG-0800, 7he i StandardReview Plan, issued for public comment as announced in the Federal Register.
Coiaments were received from the following sources:
ID Company Name f
I Nuclear Energy Institute 11 Westinghouse Electric Corporation Nuclear Services Division Responses have been arranged by the section to which the comment refers. Responses applicable to general comments regarding Chapter 7 are presented first. Specific Comments were received on the following Sections of Chapter 7.
Appendix 7.0-A," Review Process for Digital Instrumentation and Control Systems" O Sectioe 7.i. inetrementetiee end Coetrois -intredection" Table 7-1, " Acceptance Criteria for Instrumentation and Control Systems important to Safety" Appendix 7.1-A," Acceptance Criteria for Instrumentation and Control Systems important to Safety" Appendix 7.1-B," Guidelines for Evaluation of Conformance to ANSI /IEEE Std 279" Appendix 7.1-C," Guidelines for Evaluation of Conformance to ANSI /IEEE Std 603" l l
Section 7.5,"Information Systems important to Safety" ,
[
Section 7.8," Diverse Instrumentation and Control Systems" i l Branch Technical Position (BTP) HICB-12, " Guidance for Establishing and l l Maintaining Instmment Setpoints" ;
Branch Technical Position (BTP) HlCB-13," Guidance for Cross-Calibration of j l Protection System Resistance Temperature Detectors" l
in the following pages, the response to each comment consists of three parts. First the l comment is presented. Each comment is identified by a roman numeral which designates
[
the comment source and the correspondent. The comment identifier used by the correspondent is provided and each comment is reproduced verbatim from the letters submitted. Since they have not been edited in tone, substance, or in any other way the comments are presented in quotation marks. A number ofinserts were placed in the comments by the staff reviewers and are enclosed in < pointed brackets > . These inserts O reflect a unique number, assigned across the entire set of responses, to better link the stafT V
1
J responses to different elements of a comment. Second, the stafTtechnical response to the O c mment is presented. Finally, the proposed revision to a draft Standard Review Plan (SRP) section, if any, which was developed in response to the comment, is presented. i l
A note to the reader is warranted. This report is not a stand-alone document. A copy of the draft SRP is needed to fully understand both the comments and the staff responses.
For example, a comment may cite a page number or guideline and provide a comment on the material without specifically repeating the material to which it is directed. Such comments are not always intelligible. In such cases, reference to the draft SRP, and possibly material cited by the SRP, usually provides the appropriate context. :
B. Responses to General Comments l Submitted Comments I. "The purp'ose of our review was to answer the questions noted in the Federal Register notice. They are: (1) is the text an accurate reflection of NRC staff ,
positions that have evolved, and (2) is the level of detail appropriate? Our gene.ral conclusion is yes to both questions.
"The draft USRP spans several hundred pages and is the result of an extensive effort to integrate NRC stafTpositions derived from digital I&C retrofits at operating ,
nuclear power plants and reviews of advanced light water reactor designs. Several new sections and appendices have been added in this proposed revision. With
\ support from the Electric Power Research Institute, our review focused on these new sections and sectionsjudged to have the greatest potentialimpact. Lack of l specific industry comments on a particular element in the USRP should not be .
construed to indicate industry review and agreement.
"The proposed document is well organized and clear. Section 7.0 and Appendix j 7.0-A are particularly helpful in identifying to an applicant the intended NRC stafT i review process. The same is true of 7.1-A,7.1-B, and 7.1-C, which provide {
guidance for evaluation of conformance with IEEE Standards 279 and 603. These l standards are particularly important, because they deal with protection, safety, and !
important-to-safety systems.
"While the USRP chapter does not directly provide detailed guidance, it does appear to integrate by reference the applicable guidance. Given that detailed NRC review of ALWR I&C designs will occur at a later time (based on design processes specified in the design certifications), we find it appropriate that Chapter 7 relies
! largely on references to that information rather than including detailed review l 4
guidance.
"The volurne of material in Chapter 7 in combination with the large number of
< references indicate that a full 1&C review is a major endeavor for the NRC and the applicant. To date, NRC and industry experience with 1&C reviews conducted in h accordance with the reference guidance is limited. We recommend, as we did for i I
! the other USRP chapters in our letter of December 31,1996, that Chapter 7 be )
] published for an extended period of trial use and public comment."<!>
Technical Respons3
<l> The stafTplans to use the revised SRP Chapter 7 for all upcoming reviews. The SRP is a "living document" and lessons learned from these reviews as well as material from revisions of applicable standards, new standards, and the results of
' new studies will be incorporated into future revisions. The stafris open to future industry and public comments on the SRP. As noted on the first page of every j section " Comments and suggestions for improvement will be considered and should be sent to the U.S. Nuclear Regulatory Commission Office of Nuclear Reactor Regulation, Washington, D.C. 20555." Additionally, the staffintends to post the I final version of Chapter 7 on the NRC home page, www.nrc. gov. The SRP Chapter 7 pages of this web site include features that allow comments to be directly submitted over the internet. ,
Proposed Revisions
<l> - No revisions are planned to address this comment.
C. Responses to Comments on Section 7.0-A, " Review Process for Digital Instrumentation and Control Systems" O s a-ittea ce--e es II. p. 7.0-A-2 "On page SRP 7.0-A-2 (and page BTP HICB-14-12), the second sentence in the definitions for ' Deterministic' and ' Deterministic timing' reads: 'No system is deterministic under all conditions, and unpredictable delays will be incurred for at least some errors and failures.'<2>
"This statement contradicts the first sentence in the definitions which discusses a time response having a " guaranteed maximum and minimum " Computer based instrumentation and control equipment is currently available which has guaranteed maximum and minimum time delays under all conditions. The methods of software j design to accomplish this for numerous platforms have been thoroughly described 1 and have implemented for simple systems beginning in the 1970's. Operating system software capable of real time operation, also termed " bounded dispatch latency" is presently available for computer systems of all complexities. Use of
" deadman timers" is another method available to assure a predetermined time delay for various error and failures. If a time delay has guaranteed maximum and minimum values, then it cannot be termed " unpredictable," and this statement is incorrect and should be omitted."<3>
l I
Technical Risponse V <2> lt is always possible to postulate failures which can cause non-deterministic behavior in a system otherwise designed to have deterministic timing. The intent of this sentence was to remind the reviewer that it is not necessary for an applicant to demonstrate deterministic timing in the presence of every conceivable failure.
<3> The stafragrees that the statement is confusing and it will be omitted.
II. p. 7.0-A-4, Section C. I "On page SRP 7.0-A-4, Section C.1" Summary" (under "C. Review Procesc") the current wording is "The Staffs review emphasis should be commensurate with the safety significance of the given system or aspect of a system's design under review."
"This sentence indicates that the Staffis willing to relax the acceptance criteria for safety systems oflesser significance.<4> Additicaal guidance must be provided to the industry so that consistent and logical decisions can be made with respect to the Staff s grading of safety systems. The levels of safety systems should be categorized and the acceptance criteria associated with each category must be identified. IEC 1226 provides guidance on the classification ofinstrumentation and control systems important to safety for nuclear power plants."<5>
Technical Response p <4> The wording of the referenced sentence is "The StatTs review emphasis should be C) commensurate with the safety significance of the given system or aspect of a system's design under review." It is meant to provide guidance to the stafTreviewer for level of review effort and not an indication of relaxation of acceptance criteria for the design. The wording will be revised to clarify this potential misconception.
<5> A graded approach to acceptance criteria based upon safety importance classification may be possible. One approach to classification is discussed in IEC 1226. " Nuclear power plants - Instrumentation and control systems important for safety - Classification." However, this is not currently supported by lEEE Std. 279 or IEEE Std. 603 which form the fundamental basis for the NRC acceptance criteria as discussed in 10 CFR 50.55a(h). The foreword to IEEE 7-4.3.2-1993 recommends the addition of grading to future versions ofIEEE 603.
Proposed Revisions
<2> Delete the last sentence of the definition in both Appendix 7.0-A and BTP HICB-14.
<4> Change the cited sentence to read:
The scope of the review process is the same for any 1&C safety function; however, the effort requiced to implement the review will be considerably less for a system that implements only a few safety requirements than it will be for a complex system such as a O)
V complete, integrated, digital safety system design.
1 ,
. l 1 .
<5> Add a footnote to the discussion of review emphasis stating: i
-O The Steff discee,ed ihe issee, ef cie,,if.cetien eed sredins in SECY--91-292, " Digital Computer Systems for Advanced Light-3 l
Water Reactors," and noted that, "A graded set of requirements based on the importance to safety of the being performed with )
l respect to reduction in the potential for radiation exposure could be
, adopted. IEEE Std 603 and IEEE Std 7-4.3.2, "lEEE Standard for Digital Computers in Safety Systems of Nuclear Power Generating ;
Stations," endorsed by Reg. Guide 1.153 and Reg. Guide 1.152, l
" Criteria for Digital Computers in Safety Systems of Nuclear Power I Plants," do not provide for classification, although the foreword to i j IEEE Std 7-4.3.2 recommends the addition of grading to future l I
versions oflEEE Std 603. The applicant or licensee may incorporate grading based on some suitable classification scheme,
< provided that the NRC's regulations are met; however, such j approaches would not currently be supported by consensus reflected in the key nuclear standards described above.
D. Responses to Comments on Section 7.1, " Acceptance Criteria for Instrumentation and Control Systems important to Safety" ;
1 1
Submitted Comments j
- 11. p. 7.1-2, item 7 "On page SRP 7.l-2, item 7 ' Diverse actuation systems' under 'l. Areas of Review' should read' Diverse Actuation Systems hLA_Y include the Anticipated Transient Without Scram (ATWS).. '
"There is no requirement that the ATWS mitigation system be included in the Diverse Actuation System;it may remain a separate system. This choice should remain with the plant designer.." <6>
Technical Response
<6> The referenced statement was intended to indicate that ATWS mitigation systems are reviewed as part of the category " diverse actuation systems" described in the SRP. It is not intended that ATWS mitigation must be part of a specific system.
This is further clarified in the Areas of Review discussion in Section 7.8.
The choice of how to incorporate ATWS mitigation and diverse actuation into the overall 1&C system architecture does remain with the plant designer. To avoid confusion the discussion of the relationship between Diverse I&C Systems, Diverse Actuation Systems, and ATWS Mitigation Systems will be improved.
8-
. l II. p. 7.1-5' Item b -
" Change ' pre-existing sonwarepProducts (PESP)' to ' pre-existing sonware products (PESP).'"<7>
Technical Relponse
<7> The term pre-existing sonware products will be changed to pre-developed soRware (PDS) throughout Chapter 7 to establish consistency with the terminology currently proposed for Supplement I to IEC Std 880.
Proposed Revisions
<6> Revise the discussion of Diverse Actuation Systems in Section 7.1, subsection I to read as follows.
Diverse instrumentation and control.gstems are those systems provided expressly for diverse backup of the reactor protection system and engineered safety features actuation systems Diverse )
i I&C systems account for the possibility of common-mode failures in the protection systems The diverse I&C systems category includes the anticipated transient without scram (ATWS) mitigation system as required by 10 CFR 50.62. For plants with digital computer-based instrumentation 'and controls, diverse I&C systems may also include hardwired manual controls, diverse displays, and any diverse actuation systems'specidcally installed to meet the guidance of the StafTRequirements Memorandum (SRM) on SECY-93-087, " Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR)
Designs." This SRM describes the NRC position on defense-in-depth and diversity. Diverse 1&C systems are discussed in Section 7.8 of the S AR.
Throughout the SRP ensure use of the terms Diverse Instrumentation and Control Systems and Diverse Actuation Systems are used consistent with this discussion.
<7> Throughout the SRP change references to pre-existing sonware products to use the term predeveloped sonware.
E. Responses to Comments on Table 7-1," Acceptance Criteria for instrumentation and Control Systems important to Safety" !
i Submitted Comments II. p. T7.1-1/ para 3
" Change 'are imposed by 10 CFR 34(f)' to 'are imposed by 10 CFR 50.34(f).'"<8>
O l
1, .
Technical Response
<8> This error will be corrected.
II. p. T7.1-2/ footnote l " Change are used as guidnance' to 'are used as guidance."'<9>
i Technical Response l
<9) This error will be corrected. I II. p. T7.1-6/ item 1 l "This table refers to BTP HICB-13, as ' Replacement of Reactor Coolant RTD l Bypass Manifold Temperature Instruments,' rather than ' Guidance for Cross- j Calibration of Protection System Resistance Temperature Detectors. "<10>
Technical Response
)
<10> This error will be corrected.
II. p. T7.1-6/ item 1 l "Under BTP HICB-13 " Replacement of Reactor Coolant RTD Bypass Manifold Temperature Instruments," a note states that the BTP is applicable only to Westinghouse PWR designs. It should be noted that cross calibration testing and l p issues related to the installation of reference RTDs are generic in nature and apply to f (> both Westinghouse and non-Westinghouse designs, and are independent of whether bypass manifolds are used."<l l>
Technical Response l <1l> The stafragrees with Westinghouse that the cross calibration testing and issues related to the installation of reference RTDs being generic in nature, apply to both Westinghouse and non-Westinghouse designs, and are independent of whether bypass manifolds are used. The note of the SRP Table 7-1 is in error and will be l
corrected.
Proposed Revisions
<8> On page T7.1-1, paragraph 3, change 10 CFR 34 to 10 CFR 50 34.
<9) In the footnote on page T7.1-2, change guidnance to guidance.
<10> Change the title of BTP HICB-13 in Table 7-1, in the introduction of Appendix 7-A, i
and in the BTP itself to read:
Guidance on Cross-Calibration of Protection System Resistance Temperature Detectors.
<ll> Delete the note in the Table 7-1 entry for BTP HICB-13.
('N
, G 8
F. Responses to Comments on Appendix 7.1-A," Acceptance Criteria for O ia trumeat tioa aa coatrei sveteme import at to serety" Submitted Comments 1
II. p. 7.1-A-2/ item c ]
" Change ' bypassed and operable status' to ' bypassed and inoperable status."'<l2>
Technical Resoonse 1
<l2> This error will be corrected.
Proposed Revisions
<12> In item c on page 7.1-A-2, change operable to inoperable.
G. Responses to Comments on Section 7.1-B," Guidelines for Evaluation of Conformance to ANSI /IEEE Std 279" Submitted Comments i II. General Comment .
"After 10CFR50.55a(h)is revised from IEEE-279 to IEEE-603, Appendix 7.1-B,
' Guidance for Evaluation of Conformance to ANSI /IEEE Std 279'should be eliminated and the SRP be revised to reflect only the use of Appendix 7.1-C, 1
' Guidance for Evaluation of conformance to IEEE Std 603.'"<l3>
Technical Response
<13> SRP Chapter 7.will be used to guide the review oflice 1se amendment applications j in addition to future plant applications. Since most cperating plants are commined i to compliance with IEEE Std 279, not IEEE Std 601, the guidance for review with respect to IEEE Std 279 needs to be retained. Therefore, SRP Chapter 7 will retain both appendix 7.1-B and 7.1-C.
II. p. 7.1-B-1 "On page 7.1-B-1 in the first paragraph, is a sentence that reads: ' Although required by NRC regulations only for protection systems, the criteria of ANSI /IEEE Std 279 are applicable to any instrumentation and control (l&C) system.' The paragraph then goes on to advise the reviewer to use the ' Concepts of ANSl/IEEE Std 279' to review 'l&C systems not a part of the protection system, but having a high degree ofimportance to safety.'<l4>
"The first sentence of ANSI /IEEE Std 279 reads: 'These criteria establish minimum requirements for the safety-related functional performance and reliability of protection systems for stationary, land-based nuclear reactors producing steam for
%./ electric power generation.' Nothing in section I (scope) of ANSl/IEEE std 279 states that it applies to 1&C systems other than safety-related protection
()
systems <l5> Examples / clarifications should be included in this section for reviewer guidance as to how to apply ANSI /IEEE Std 279 to non-safety related systems "<! 6>
Technical Response
<l4> The intent of the cited paragraph is that same as that provided in the footnote of Table 7.1 which says,"The ANSI /IEEE Std 279 requirement to provide adequate separation between protection ar.d control function (item 4.7.2) applies to all instrumentation systems. Although not required by NRC regulations, the other criteria of ANSI /IEEE Std 279 address considerations such as design bases, redundancy, independence, single failures, qualification, bypasses, status indication, and testing that are used as guidance, where appropriate, for systems addressed in these sections of the SRP."
<l5> The statement in Appendix 7.1-B will be revised to better reflect the spirit of the footnote in Table 7-1.
<l6> Sections 7.2-7.9 discusses the use ofIEEE Std 279 and IEEE Std 603 as review guidance for these systems.
1 Proposed Revisions n <l5> In Appcridix 7.1-B change the discussion of the use oflEEE Std 279 in the review U' of systems other than protection systems to read as follows.
This appendix discusses the requirements of ANSl/IEEE Std 279, Sections 3 and 4, as they are used in the review of the reactor trip systems (RTS) and engineered safety features actuation systems (ESFAS) to determine that these systems meet the NRC regulations. Although required by NRC regulations only for protection systems, the criteria of ANSl/IEEE Std 279 address considerations such as design bases, redundancy, independence, single failures, qualification, bypasses, status indication, and testing that may be used as review guidance, where appropriate, for any instrumentation and control (l&C) system, as elaborated in Sections 7.2 through 7.9. Thecefore, for 1&C systems not a part of the protection system, but having a high degree ofimportance to safety, the reviewer may use the concepts of ANSI /IEEE Std 279 as a starting point for the review of these systems.
In Appendix 7.1-C revise the discussion of the use of IEEE Std 603 in the review of systems other than safety systems to read as follows.
i Although required by NRC regulations only for protection systems, the criteria of ANSI /IEEE Std 279 address considerations such as design bases, redundancy, independence, single failures, O,
u.
qualification, bypasses, status indication, and test may be used as review guidance, where appropriate, for any instrumentation and O- c ntrol(I&C) system, as elab rated in Secti ns 7.2 through 7.9.
IEEE Std 603, " Criteria for Safety Systems for Nuclear Power Generating Stations," has since superseded A.NSI/IEEE Std 279.
The guidance in IEEE Std 603, as endorsed by Reg. Guide 1.153,
" Criteria for Power, instrumentation, and Control Ponions of Safety Systems," incorporates the guidance of ANSI /IEEE Std 279, and includes all I&C safety systems within its scope. The guidance described in IEEE Std 603 may be used by the NRC staffin its evaluation ofl&C safety systems. The reviewer may also use the concepts oflEEE Std 603 as a starting point for the review of other I&C systems.
H. Responses to Comments on Appendix 7.1-C," Guidelines for Evaluation of Conformance to ANSl/IEEE Std 603" Submitted Comments II. p. 7.1-C-14 i
" Regulatory Guide 1.153, change date from 1985 to 1996. Also check the entire SRP for consistency."<l7>
Technical Resoonse O~ <l7> This error will be corrected. An additional consistence review of all references will 1 also be conducted.
Proposed Revisions
<l7> On page 7.1-C-14, change the cited date for Reg. Guide 1.153 from 1985 to 1996.
- l. Responses to Comments on Section 7.5, "Information Systems important )
to Safety" l Submitted Comments l 1
- 11. p. 7.5-6/ item 2 "Under item 2, change ' As a minimum BISI sould be provided' to 'as a minimum BISI should be provided.'"<18>
Technical Response
<!8> This error will be corrected. l II. p. 7.5-7/ Redundancy
" Change ' redundant systems should be equivallent to' to ' redundant systems should be equivalent to.'"<l9)
__ _ . _ _ . _ _ _ _ . . . _ _ _ _ ____ _ -. m .. . . _ ._
g Technical Response
<l9) This error will be corrected.
Ii. p. 7.5-8/ para 5
' " Change 'for which no automatic sontrol is provided' to 'for which no automatic control is provided.'"<20>
Technical Response
<20> This error will be corrected.
Proposed Revisions
<18> In item 2 on page 7.5-6, change sould to should.
<l9> In the discussion of redundancy on pager 7.5-7, change equivalient to equivalent.
<20> In paragraph 5 ~of page 7.5-8, change sontrol to control.
i l
J. Responses to Comments on Section 7.8, " Diverse Instrumentation and Control Systems" )
l Submitted Comments II. p. 7.8-6' ;
"On page SRP 7.8-6, the statement ' Equipment diversity should be provided to the extent reasonable and practicable to minimize the potential for common-mode failure ' This statement is vague and subject to reviewer interpretation. Examples of diversity should be included in this section for reviewer guidance as to how to apply equipment diversity to minimize the potential for common-mode failure."
<21>-
Technical Resnonse
<21> The referenced sentence refers to diversity between ATWS and Reactor Trip Systems. This guidance is consistent with the existing guidance provided in Federal Register Notice 49 FR 26042," Statement of Considerations for the ATWS Rule."
This existing guidance has been used successfully. Therefore, the review guidance of the SRP will not be changed.
Independently of this comment the statTidentified the need to improve the discussion of diversity in Branch Technical Position (BTP) HILB-19 to include more information on diversity from NUREG/CR-6303,"Methc,d for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems." Although ,
neither the BTP nor the NUREG/CR are intended to be directly applied to ATWS mitigation systems, the material in these documents may be useful to reviewers in understanding the degree of diversity between equipment in RTS and ATWS
-' mitigation systems.
Proposed Revisions .
~
<21> In Section 7,8, subsection 111," Review Procedures," set-off the discussion of ATWS diversity to better indicate the scope of the discussion. .
In BTP. HICB-19, add the following to the discussion of ATWS mitigation system diversity in section A," Introduction."
l This analysis should include differences such as manufacturing
! division (within a corporate entity), sonware (including irnplementation language), equipment (' including CPU architecture),
function, people (design and verification / validation team), and initiating events.
l Also in BTP HICB-19, add the following discussion of diversity to the discussion of i acceptance criteria in subsection B.3..
i The adequacy of the diversity provided with respect to the above I criteria must bejustified. NUREG/CR-6303, in Section 3.2, l describes six types of diversity and describes how instances of different types of diversity might be combined into an overall case
! for the su0iciency of the diversity provided. Typically, several types of diversity should exist, some of which should exhibit one or more of the stronger attributes listed in NUREG/CR-6303 for the l diversity type. Functional diversity and signal diversity are j considered to be particularly effectue. The following cautions j should be noted where applicable: ;
- The justification for equipment diversity, or for the diversity of related system sonware such as a real- time operating system, i l
must extend to the equipment's components to ensure that -
actual diversity exists. For example, different manufacturers might use the same processor or license the same operating' ;
system, thereby incorporating common failure modes. Claims
. for diversity based just on ditTerence in manufacturer name are insunicient without consideration of the above.
- With respect to software diversity, experience indicates that independence of failure modes may not be achieved in cases where multiple versions of sonware are developed to the same sonware requirements, Other considerations, such as functional and signal diversity, that lead to different sonware requirements form a stronger basis for diversity.
[
l l !
2 l
LO j-
- 15 _-
.p--- - -% .. .
K. Responses to Comments on Branch Technical Position (BTP) HICB-12, (j " Guidance for Establishing and Maintaining Instrument Setpoints" Submitted Ccmments II. General Comment
" Note that Westinghouse has previously reviewed proposed draft Regulatmy Guide DG-1045 (RG 1.105 Rev. 3). A comparison of BTP HICB-12 and DG-1045 provides some contrasting potential interpretations.
"For example, DG-1045 explicitly notes that only the Allowable Value parameter will satisfy the requirements of 10CFR 50.36(c)(1)(ii)(A), see Regulatory Position 3, while BTP HIC 3-12 notes the acceptability of Section 3 (Definitions ) and Figure 1 oflSA-S67.04 Part I for definitions and relationships (including limiting safety
. system setting, LSSS). Figure 1 oflSA-S67.04 Part 1 is based on section 4.3 which notes the following: 'The LSSS is derived from the analytical limit in a manner '
determined by the setpoint calculation methodatogy. Depending on the methodology, the LSSS may be the allowable value, the trip setpoint, or both. The LSSS is maintained by either the technical specifications or the plant-operating procedures. Figure 1 illustrates the relationships between an analytical limit and an LSSS.' The pertinent point being that there is a fundamental and conceptual difference between what the two NRC documents theoretically accept as the A definition of an LSSS. While Westinghouse strongly disagrees with the NRC U position stated in DG-1045, see comment 6.6, it is suggested that if the Regulatory Position of DG-1045 remains unchanged, then BTP HICB-12 should not find all of the definitions oflSA-S67.04 Pnn I to be acceptable, i.e., the trir setpoint would not be considered a valid definition of an LSSS. This presents a problem as Westinghouse is in complete agreement with the definition of an LSSS as noted in A.I. Regulatory Basis , of BTP HICB-12 (page 1)." <22>
Technical Response
<22> The definitions as referenced in Section 3 ofIS A S67.04 Part I as accepted by the BTP do present differences as compared to the exceptions taken by the RG. The BTP reference to the definitions m ISA S67.04 will be revised to note the RG discussion and exceptions noted in Draft DG-1045. In addition the Draft RG regulatory position 3 will be modified to clarify the stafTposition concerning LSSS.
II. Section B.3, Acceptance Criteria.
"BTP HICB-12 notes four new criteria: The basis for calibration intervals, Data supporting instrument drift uncertainties and a discussion of the drifl determination methodology, Description of Control of measurement and test equipment and Description of an instrument drift monitoring and trend program.
" Westinghouse has no specific disagreements with any of these documentation
( requirements. However,it should be noted that the second and fourth are only l
~_ _ _. _ _ _
explicitly required in Generic Letter 91-04 and are currently applicable only to !
h, surveillance intervals of 24 months. It is suggested that if these documentation requirements are to be applicable for all current of future setpoint submittals, that should be noted with an effectively date and cross-linked to an equivalent I requirement in DG-1045. This was noted as comment (1)in our letter on DG-1045. (
The third item above was also noted in DG-1045 as a shortcoming oflSA-S67.04 i Part 1. Ar comment (5), Westinghouse requested fbrther clarification of this issue.
With respect to BTP lilCB-12, it is suggested that further guidance in these areas is in order. If this information is not required, but desired for ease of review, then that aspect should be identified. It should be noted that many licensees would state that there are no current requirements to perform explicit drift evaluation studies or l
maintain drift monitonng and trend programs for surveillance intervals ofless than 24 months and therefore may not have such programs in place to gather the needed 3 data. Thus the need for clarity and specificity on the psrt of the NRC."<23>
Technical RespAns_q l
<23> IEEE STD 338-1987 as endorsed by RG 1.118 considers initial test intervals and l ISA S67.04-1994 Part I states that periodic channel test shall be performed at an l appropriate test interval to ensure that the instrument channel is functioning in !
compliance with the safety analysis and to verify that trip setpoints remain within there established limits during operation.10 CFR 50 Appendix A, General Design J
Criterion (GDC) 13, " Instrumentation and Control," which says, among other things that instrumentation be provided to monitor variables and systems, and that controls I
be provided to maintain these variables and systems within prescribed operating ranges.10 CFR 50 Appendix B. Criterion XI, " Test Control," and Xil, " Control of Measuring and Test Equipment" provided requirements for tests and test equipment used in maintaining instrument setpoints. Based on the above, the stalTfmds the inclusion of the above items 1,2,3, and 4 as acceptance criteria to be consistent with the standard, regulatory requirements and guidance. However, the classification of the items 2 and 4 'to drift terms by the staffis limiting. The stalTwill revise the BTP to provide a more generic application ofitems 2 and 4.
11 B.3, Acceptance Criteria "It is noted that the description of assumptions required by ISA-S67.04 should l include environmental allowances, specifically electromagnetic interference (EMI).
This topic was discussed as part of the 567.04 committee review. Westinghouse
- n. responded to a 1993, S67.04 committee survey request noting that as part of the Westinghouse design / verification and installation process, sensitivity to EMI/RFI is determined. However, such sensitivity is considered a fault as opposed to an error that should be accounted for in the determination of a setpoint. EfTorts are then made to reduce the sensitivity, e g., shielding or administrative control to prevent radio transmissions in the vicinity such that the effects are negligible. Therefore, i while some electronic modules demonstrate some sensitivity to these effects, it is not
- considered appropriate to include them in an uncertainty calculation. Rather, it is believed to be more appropriate to minimize them or exclude them by various l -
control mechanisms. Consistent with the above, Westinghouse would then note that O the listing of EMI in BTP IllCB-12 would not be appropriate."<24>
Iechnical Respong
<24> The stafragrees with the comment and will revise the BTP to delete EMI as specific acceptance criteria. However, should environmental conditions warrant, an allowance for EMI may in fact be appropriate.
! II. Statistical Guidelines for Instrument Uncertainty "It is noted that, 'the NRC Staff typically uses 95/95 tolerance limits as an acceptable criterion.' There is considerable confusion within the industry as to what minimum probability / confidence level the NRC requires for instniment uncertainty calculations. Inconclusive wording, like that noted above, does not provide the clarity and explicitness the industry needs. It is suggested that the NRC staff determine what minimum probability / confidence levels for reactor trip and engineered safety features actuation trip setpoints are required and then clearly identify them. This is equivalent to our comment (6) on DG-1045."<25>
Technical Response
<25> The guideline for instrument uncertainty will be revised to indicate that a 95/95 tolerance limit is an acceptable criterion for uncertainties.
II. Guidelines for Graded Approach "It is noted that the grading technique 'should consider all known applicable uncertainties regardless of setpoint application.' Then there is a discussion of a graded approach with four categories, !
Group A - 95/95 (All uncertainty terms including drifl) ,
Group B - 95/95 (95/75 for drifi uncertainty terms) i Group C - 95/95 (75/75 for drift uncenainty terms) ;
Group D - Engineering Judgment.
" Westinghouse concurs with the NRC position that all know applicable uncertainties j should be considered for an uncertainty calculation. It is ditricult to justify ignoring !
an effect under the guise ofless rigor. With respect to the groupings, Westinghouse has the following comments: Concur with Group A. Disagree with Group B in that ;
the overall probability / confidence level of 95/95 can not be met with a drift of 95/75 without some increase in the probability / confidence level in one or more other parameters in the calculation. This does not make physical sense and thus must be ;
construed as an error However, to allow only a decrease in confidence level on one parameter is not a significant change. If this is truly the position of the staff, it is suggested that this category be combined with Group A. Westinghouse believes ;
i that a Group B Calculation could be performed at an overall 75/75 level (all parameters) and still provide adequate margin to perform the required function.
l l Same comment as with Group B on the overall probability / confidence level it is O suggested that a Group C calculation could be pertbrmed based on Engineering ;
l
Judgment, this should be the equivalent of 50/50 or better if plant specific drin and calibrati n data are scanned. B sed n the above, Westinghouse would suggest that O there is no need for a Category D Any functions that fit this category could be moved to Group C <26>
"The above comments are consistent with our commen,(3) on DG-1045."
Technical Res_ponse
<26> The staff has found that there exists significant industry, standard and regulatory disagreement as to the criteria a setpoint grading program should incorporate. At this time limited guidance on setpoint grading exists within standards or replations.
Based on the above, the staff will revise the grading methodology in the BTP to be generalin nature consistent with the standard and the Drafl RG. The staff feels that additional industry, standard and regulatory input is needed before specific setpoint grading guidance can be included in the BTP II. Review Procedures "The last factor noted for as found and as left data is "each instrument should be demonstrated to have random drift by empirical and field data." Westinghouse believes this statement is incomplete, i e., what does the applicant do if the data is not completely random? Westinghouse has performed many drift evaluations on process rack channels and sensor transmitters as part of 24 month surveillance extensions and other work. In some cases, the data evaluation clearly notes a O sisnificee nen-zere meee tedicetive ef a eee-directien biee. with a tcve-direc random component about it. Thus,it would not be appropriate to treat the sum of the two components as a single random term. It would be more appropriate to treat the mean as a bias and the random component as a separate term. Therefore, it is suggested that the text on as found and as left data be modified to require the evaluation of as found and as left data with the results appropriately reflected in the uncertainty algorithm."<27>
Technical. Response
<27> The stafTagrees with the comment and will modify the statement to accommodate an alternative result. l II. p. BTP 111CB-12-4, Statistical Guidelines for Instrument Uncertainty P. BTP HICB-12-5, Guidelines for Graded Approach "It should be noted that Westinghouse drift evaluations have not demonstrated ,
j significant time dependence. Therefore, the probability and conGdence level for instrument drift is not dependent on the surveillance intervallength. In addition, any statistical evaluation of other instrument parameters, e.g., calibration or temperature o
effects, would not be dependent on the surveillance interval. It is therefore suggested that discussions of probability and confidence level should not have to be i linked to surveillance intervals."<28>
- O l
l b
l Technical Rmponse
<28> The staff disagrees with the comment. Surveillance interval data may indicate limited j time dependence based on the analysis employed, and the surveillance interval of the data under evaluation. However, for a surveillance interval prediction where incomplete data exists for the interval under consideration the stairfeels that the l prediction model employed should not only include the analysis results over the l known interval but that the model should account for the increased uncertainty associated with the projection of a surveillance interval beyond that of the data collected. The stafTtherefore disagrees with the comment and feels that a surveillance interval is an integral part of the instrument uncertainty evaluation process.
Proposed Revisions
<22> Change the definition section of BTP HICB-12 to read as follows-Section 3 and Figure I oflSA-S67.04, Part I, provide acceptable l definitions (except as noted by Dran Reg Guide DG-1045) of I setpoint terminology and relationships between trip setpoint, allowable value, analytical limit, limiting safety system setting (LSSS) and safety limit.
<23>,<24> Revise the acceptance criteria for setpoint documentation to read as J
(o L'
follows.
The following information on the licensee / applicant's setpoint program should be provided for review.
- The facility setpoint list identifying safety and non-safety setpoints.
A description of the setpoint methodology and procedures used in determining setpoints, including information sources, scope, assumptions, interface reviews, and statistical methods used
- Terminology used to describe limits, allowances, tolerances, and environmental or other efTects used to support setpoint calculations.
The technical specifications and the basis for limiting safety system settings (LSSS).
- The basis for calibration intervals
- The basis for assumptions regarding instrument uncertainties and a discussion of the method used to determine uncertainty values.
' - A description of the provisions for control of measuring and test equipment used for calibration of the instrument.
I l
- A description of the program and methodology used to monitor O
V and manage instrument uncertainties, including drift l
t l
i l
A documented basis for safety system setpoint should be available '
l for StafTreview. Documentation should conform with the guidance.
l] of Draft Reg. Guide DG-1045.
<25> Revise discussion of Statistical Guidelines for Instrument Uncertainty to read as follows.
In the review of uncertainties in determining a trip setpoint and its allowable values, the NRC .stafTtypically uses 95/95 tolerance limits as an acceptable criterion. That is. there is a 95% probability that the constructed limits contain 95% of the population ofinterest for the surveillance interval selected. j l
<26> Delete the specific guidance for graded acceptance criteria and revise the discussion of this topic to read as follows.
Section 4 oflSA-S67.04 Part I states that the safety significance of various types of setpoints important to safety may differ, and thus one may apply a less rigorous setpoint determination method for certain functional units and limiting conditions of operation The use of a graded approach allows a less-rigorous setpoint determination method based on the safety significance of the instrument function. However, the grading technique chosen by the applicant / licensee should be consistent with the standard and should consider all known applicable uncertainties regardless of setpoint O applicati n. Additi nally, the application of the standard, using a
" graded" approach, is also appropriate for non-safety system instrumentation maintaining design limits in the technical specifications 1
<27> Revise the discussion of review of calibration data to read as follows.
Instrument test, calibration or vendor data, as-found and as-leth each instrument should be demonstrated to have random drift by empirical and field data. Evaluation results should be reflected appropriately in the uncenainty terms, including the setpoint methodology.
L. Responses to Comments on Branch Technical Position (BTP) HICB-13,
" Guidance for Cross-Calibration of Protection System Resistance !
Temperature Detectors" i i
Submitted Comments II. General Comment "The primary Westinghouse comment deals with the BTP recommendation that a reference RTD be installed at each refueling outage for cross-correlation with the existing RTDs. It has been Westinghouse experience, based on evaluation of cross ;
Os calibration test data involving partial RTD changeouts for a variety of utilities, that d
protection system RTDs do not exhibit systematic drift This experience is O s"evo"ed by NuRuG,CR.5560, which states on page 144 that RTD drin is random and that cross calibration is viable without the use of reference RTDs. Therefore, based on the absence of systematic drin, Westinghouse does not recommend the j installation of reference RTDs."<29>
TechnicaLEejponse ,
d d
<29) The stafTnotes the experience of Westinghouse supports the statement, on page 144 of the NUREG/CR-5560," Aging of Nuclear Plant Resistance Temperature Detectors," which reads: "However, the fact that the drill of RTDs is usually
} random rather than systematic as shown by the results of this project, . " In I contrast, report TR-106453-3925," Temperature Sensor Evaluation," states, "There appears to be a bias in calibration drill of the RTDs at all temperature ranges. Most 1 sensors tend to drift in a positive, non-random sense, mereasmg m resistance at a !
given temperature." I Since the two studies provide contradictory results, no definitive assessment has been established as whether RTDs drin is indeed random or systematic.
Additionally, since cross calibration can not by itself, identify common mode drin or systematic calibration problems unless one or more newly calibrated RTDs are included as a reference, the stafTstrongly believes that newly calibrated RTDs should be installed as a reference for each cross calibration test.
- 11. General Comment "In addition to not recommending the installation of reference RTDs, Westinghouse has the following concern associated with this practice. The purpose of cross l calibration testing is to verify installed RTD accuracy and to identify any l
" installation effects" (RTD characteristic shins) due to handling, installation, etc. If :
a single reference RTD is installed, it s susceptible to such installation efTects. <30> l Thus, if there is disagreement between a reference RTD and the average of the existing RTDs, it is dinicult to identify which measurement is more accurate. In this situation, it would be risky to recalibrate or trend drin for the existing RTDs against a single questionable reference measurement. In fact, based on the belief that RTD drin is random, Westinghouse would tend to recommend recalibration of the new RTD to the average of the numerous existing RTDs, on the premise that the new RTD is exhibiting an installation etTect. In order to address this concern over the reliance on a single reference RTD, several reference RTDs (perhaps one per loop) would need to be installed to provide a greater number of reference measurements, which would allow a more refined evaluation of potential installation efTects.
However, this alternate approach is considered to represent an undue expense and burden to utilities, especially considering that systematic RTD drin has not been proven to exist."<31>
O
- - - - .- - - _~ . - . - -
Technical Respmg
<30> The stafragrees with the Westinghouse concern that a newly calibrated RTD is susceptible to installation effects and a comparison to other RTDs to this reference RTD may not fulfill the test objectives of a cross calibration test. However, the staff l believes that installation effects can be minimized to a negligible value using approved quality control methods during installation.
<31> Should a licensee decide not to install a newly calibrated reference RTD for a cross l calibration test, a justification or basis for such a decision should be documented.
However, should a licensee propose an alternate means of pro"iding a calibrated reference for cross calibration, then the elimination of a freshly calibrated RTD for each cross calibration test may be appropriate.
II. Loop Current Step Response Testing "A final minor comment is the BTP reference to verification of RTD response time through creualibration testing. Response time is typically serified through LCSR (loop cunem step response) testing, which is independent of the cross calibration t est ."<3 2 >
Technical Rc_sponse
<32> The stafragrees with the above Westinghouse comment. The response time testing reference will be corrected.
Proposed Revisions
<29> Add to section C, " References"- ,
l EPRI Report, TR-106453-3925," Temperature Sensor Evaluation," I dated June 1996.
<31> Add the following new paragraph to the end of section B," Branch Technical Position," subsection 1," Introduction, and to the discussion of acceptable methods ofin-situ testing in paragraph of section B, subsection 3, " Acceptance Criteria,"-
Other methods such as using a diverse parameter to provide a ,
cross-correlation reference can be used if adequate justification is l provided.
l O
G l
t l.
(q> <32> Add the following paragraph to the discussion of response time testing in section B, subsection 3:
Even though response time testing is independent from the cross
! calibration test,it should be performed for the existing and newly installed reference sensors to account for installation effects and to identify degradation.
l The resulting test data and analysis should support correlation of l each of the existing sensors in the common flow path to its laborr.ory response time test. data and also, to the laboratory resp;nse time test data for the reference sensor. Correlation be. ween LCSR test results for the existing sensors and LCSR test
,esults for the reference sensor may be used to establish the ;
correlation inth the reference RTD laboratory test data. l l !
i l-l O l
l l
l 1
i O
O O O',
m RECONCILIATION of PUBLlC COMMENTS Draft Software Regulatory Guides LE-1054-1059 i
i Presentation to the ACRS Subcommittee on Instrumentation and Control Systems and Computers Joel J. Kramer Control Instrumentation, and Human Factors Branch Division of Systems Technology Office of Nuclear . Regulatory Research May 28, 1997
_____.._7.________._._. ,
O O O PlRPOSE i
4
- Discuss Proposed Changes to Draft Software Regulatory Guides t
- These guides endorse, with clarification and exception. IEEE l standards i
- More detailed review guidance and acceptance criteria are contained in SRP and BTP-14 :
i l
[
I t
l 4
2 i I
_ _.._____-_._._.___..--_m______ ,___________.___________m - - - - - - - -w-.m- .,-y ,--wn,--,n~m , ,---.-m.-+-e.- w
.O O O t
i PUBLIC CO M NT SOURCES i
?
- Westinghouse
- Commonwealth Edison 1
- liebreska Public Power District (Cooper Nuclear Station) l
- Capri Technology I
- A member of the Atomic Safety and Licensing Board (ASLB)
I
- (Nuclear Utilities Software Management Group)
L 3 5 i<
. O O O 5
b St# MARY OF PUBLIC COMENTS .
- Generally supported use of Software Regulatory Guides as a first step
- Some standards may be too prescriptive
- NRC r equirement for " independence"
- Rest. icting use of Commercial Off-the-Shelf (C0TS) Software 1
- Wort.shile, constructive suggestions for improved wording and clari fication ,
i
- Need for a software " systems safety model" to provide further ;
assurance of adequacy of software products !
l t
b 4 ;
. O O O j
-i PROPOSED CHANGES TO DG-1054 (REGULATORY GUIDE 1.168)
Software Verification and Validation
- Position 3 Independence of Software V+V Proficiency of independent verifiers Responsibility for the adequacy of V+V
- Position 5 Conformance of Materials Acceptance of pre-existing software Regulatory Guide 1.152 Rev.1, and EPRI T-106439
- Section B Discussion Classification of safety systems software Importance to safety Flexibility in implementation 5
.i
. O O O PROPOSED CHANGES TO DG-1055 (REGULATORY GUIDE 1.169)
Software Configuration Management Position 6 Documentation Applicability of guide Software requirements, designs, and code Support software used in development (exact versions)
Ensuring that all factors contributing to executable software are understood Posi+ ion 12 Backfit clarification (New Position)
Some statements on Section 1.1 of IEEE Std 828-1990 should not he interpreted as a requirement for backfit Section D Implementation contains staff's position PROPOSED CHANGES TO DG-1056 (REGULATORY GUIDE 1.170)
Software Test Documentation
- NONE -
6
i PROPOSED CHANGES TO DG-1057 (REGULATORY GUIDE 1.171)
Software Unit Testing
. Position 4 Independence in Software Verification .
Essentially same as with Position 3 for DG-1054 (RG 1.171) i t
f PROPOSED CHANGES TO DG-1058 (REGULATORY GUIDE 1.172 Software Requirements Specification
- Position 6.3 Robustness Responding to both hardware and software failures vs.
handling both Software requirements for fault tolerance and failure modes be specified for each. failure mode Based on system level hazards analysis or consideration of software internals 7
_.7. ... . _
PROPOSED CHANGES TO DG-1059 (REGULATORY GUIDE 1.173)
Software Life Cycle Processes I
Position 1.3 Commercial Software Essentially same as Position 5 for DG-1054 (RG 1.168)
Posi ion 1.4 Definitions Only definitions for accident and hazard ,
Y I
i l
i 8
t
, _ - - __ - . . _ . - . . . _ - . - . . _ . - - -