Text

.

~

November 14, 1988 Dr. Robert C. Nelson, Lt. Col., USAF Chief, Nuclear Power & Sources Division Directorate of Nuclear Surety /SNR Kirtland Air Force Base, New Mexico 87117

Dear Lt. Col Nelson:

SUBJECT:

DIGITAL CONTROL CONSOL.

By letter dated April 8,1988, you requested that the staff of the Nuclear Regulatory Comission (NRC) review and coment upon draf t guidelines your staff had developed for providing safety and quality assurances for the acceptance and dedicated use of GA Technologies' digital instrumentation and control console in conjunction with U.S. Air Fo ce reactor facilities.

Our coments can be found in the enclosure to this letter. Our review was limited to the specific quest'ons that were asked and do not include an in-depth review of the new digital instrunentation and control console.

If you have any questions concerning this review, please contact me at (301) 492-1121 or FTS 492-1121.

i Sincerely,

/s/

Alexander Adams, Jr., Project Manager Standardization and Non-Power Reactor Project Directnrate

(

Division of Reactor Projects - III, IV, Y and Special Projects

[

Office of Nuclear Reactor Regulation

Enclosure:

As stated DISTRIBUTION 0.co. -. kit e :

1 s

NRC & Local'PDRs PDSNP R/F EHylton 1Michaels R D,d M 6 EJordan n

BGrimes (f f i

3

(

OGC-Roc kville ACRS(10)

Oh

', ^

c/' C I { O\\

LA; MNP PM:PDS)Q D:PDSNP

\\

Eh ton AAdamCM Chiller l'1

/08 11/ 9 /88 11////80 estro 70087 881114 Q

33 PROJ

arg g'o,,

UNITED STATES

+

l' NUCLEAR REGULATORY COMMISSION

~

o t

WASHING TON, D. C. 20555

/

November 14, 1988 4...+

Dr. Robert C. Nelson, Lt. Col., USAF Chief, Nuclear Power & Sources Division Directorate of Nuclear Surety /SNR s Kirtland Air Force Base, New Mexico. 87117

Dear Lt. Col. Nelson:

SUBJECT:

DIGITAL CONTROL CONSOLE By letter dated April 8,1988, you requested that the staff of the Nuclear Regulatory Comission (NRC) review and coment upon draf t guidelines your staff had developed for providing safety and quality assurances for the acceptance and dedicated use of GA Technologies' digital instrumentation and control console in conjunction with U.S. Air Force reactor facilities.

Our comments can be found in the enclosure to this letter. Our review was limited to the specific cuestions that were asked and do not include an in-depth review of the new digital instrumentation and control console.

If you have any questions concerning this review, please contact me at (301) 492-1121 or FTS 492-1121.

Sincerely, d$

W Alexander Adaes, f r., Pro t Manager Stsndardization at Non.P er Reactor Project ec' rate Division of Reactor r jects - III, IV, V ar.d Special Projects Office of Nuclear Reactor Regulation

Enclosure:

As stated k

.[

d

\\'

ESCLOSURE 1 COMMENTS ON GUIDE!.INES FOR

_PROVIDING SAFETY AND QUALITY ASSURANCES FOR THE ACCEPTANCE AND DEDICATED USE OF GA TECHNOLOGIES' OlGITAL IN"TRUMENTATION AND, CONTROL CONSOLE IN CONJUNCTION WITJ U.S. AIR FORCE REACTOR FACILITIES

1) Based on our review of the description of the GA Research Reactor Control System for the,AFRRI TRIGA Reactor and the generic GA description (INS-27, April 1987) the NRC concurs with your concern that adequately supported justification has not yet been provided to demonstrate that the new digital system does not present an unreviewed safety quest 19n when used as a dedicated safety channel. The inforniation that we have seen to date does not provide enough infomation for us to reach any conclusions. A NRC licensee would be i

requested to supply substantial additional infonnation including but not limited to: detailed logic and wiring otagrams, interaction between control and safety functions, specifics on sensors and transducers including ranges, accuracies and setpoints. We would also request information on Elil prevention, power supply (internal and external) configuration, alams, bypass capabilities, response times, testability, cperator actions and calibration procedures. The infomation we have seen allcws for various changes to the basic GA system to tailor the system to specific reactor ccrfigurations and uses. We would also request infomation defining the specific differences betwecn plant specific systems and the generic system.

In general we consider microprocessor based systems to be capable of providing an improved safety and control system if properly designed and irnplemented.

2) The NPC dces not require that new equipment such as the GA control console be derenstrated at a DOE, D00 or foreign retctor prior to use at a hRC licensed facility. We would however, in conjunction with the detailed design and operation related questions, request infomation perteining to reliability / availability, maintenance rcquirerents, accuracy / repeatability and testing that has been pertorried to dercr. strate the system capabilities. We it; serve the right to

-l 2

Witness or audit these tests. Experience data from plants not under NRC purview would definitely be considered in our review.

In general, if a specific piece of equipment or system has been approved for use at a NRC licensee, approval for use at other facilities would entail a much less detailed review with the focus I

on' applicability to the new facility and any changes made in the equipment since original acceptance.

3) Same level of review as (1) but with the emphasis on reviewing possible challenges of the safety system by the operational system. Comon use equiprent and interfaces between safety and operations need to be reviewed in detai'

4) Same corrents as (2) but again with the emphasis on assuring that the operational system does not prevent proper function of the sefety systems.

5) We concur with your concern regarding software. The NRC would request the software suppliers' verification and validation plan for review. An audit of the supplier may also be required to assure that all steps in the plan have been accomplisheo by qualified personnel. The NRC staff currently uses Regulatory Guide 1.152 "Criteria for Programable Digital Computer Software in Safety-Related Systems of Nuclear Power Plants" as a review guideline. We expect that non-pewer reactors will be reviewed to the same criteria. RG 1.152 endorses ANSI /IEEE 7-4.3.2-1982 "Application Criteria for Programable Digital Computer Systems in Safety Systems of Nuclear Power Generating Stations." We would reouest the licensee to provide a corparison between the IEEE standard and the V&V program used for their s(,ftware.

Lack of an "up front" V&V program would require the NRC to make an extremely in-depth review of the software. The licensee would also have to show how they would control any software changes after installation. An explanatien of sensor validatien and alam prioritizction would be requested as well as an explanation of any software features used to improve the fault-tolerance and graceful degradation of the system.

1

6) he concur that the console trust underge functional testing. Your description of the cencern is sinilar to the type of infontation he would request.