ML20196J517

From kanterella
Jump to navigation Jump to search
Audit Rept for Audit Conducted on 981027-29 on Implementation of GL-98-01, Year 2000 Readiness of Computer Sys at Npp
ML20196J517
Person / Time
Site: Davis Besse Cleveland Electric icon.png
Issue date: 12/01/1998
From:
NRC (Affiliation Not Assigned)
To:
Shared Package
ML20196J514 List:
References
GL-98-01, GL-98-1, NUDOCS 9812100113
Download: ML20196J517 (25)
v  d  e


Text

. . _ _ _ _

U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION AUDIT REPORT ON IMPLEMENTATION OF GENERIC LETTER (GL) 98-01

" YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR FOWER PLANTS" ,

t Docket Nos: 50-346 ,

License No: NPF-3 .

Licensee: Toledo Edison Company Centerior Service Company and  ;

Cleveland Electric illuminating Company ,

Facility: Davis-Besse Nuclear Power Station Location: Oak Harbor, Ohio 21 Miles ESE of Toledo, Ohio Datts: October 27,1998 - October 29,1998 Audit Team Members: Deirdre Spaulding, NRR  !

' W. Keith Mortensen, NRR t

Approved by: Jared S. Wermiel, Chief instrumentation and Controls Branch  ;

Office of Nuclear Reactor Regulation 1

i

' ENCLOSURE 9812100113 981201  :

PDR ADOCK 05000346 P PM l <

1

l

. s EXECUTIVE SUMMM From October 2 7 through October 29,1998, the NRC staff conducted an audit of the Year 2000 (Y2K) program at the Davis-Besse Nuclear Power Station. The purpose of the audit was to (1) assess the effectiveness of the licensee's programs for achieving Y2K readiness, including continued safe operation of the plant as well as compliance with applicable NRC regulations and license conditions with respect to the potential Y2K problems, (2) evaluate Y2K program implementation to assure that the licensee's schedute is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K readiness by July 1999, and (?) assess the licensee's contingency plans for addressing risks associated with potential events resulting from Y2K problems. The audit team reviewed selected licensee documentation regarding the Davis-Besse Year 2000 Project Plan (Davis-Besse Y2K readiness program) and conducted interviews with the cognizant licensee personnel. The results of this audit and subsequent audits at other selected plants will be used by the staff to determine the need for additional action, if any, on Y2K readiness for nuclear power plants.

Based on the audit team's assessment and evaluation of the Davis-Besse Y2K readiness program, the following findings were made:

1. The Y2K project team appears to have remained on schedule in spite of some new responsibilities required associated with the merger of the utility with another that took place in the Fall 1997.
2. The audit team reviewed several files pertaining to the software and firmware that have been identified by the licensee as part of the Y2K problem review. Only 14 firmware items still have Y2K susceptibility yet to be determined. These 14 items are in classifications ranked less mission critical and less important to the objectives of the Y2K project for achieving plant readiness. The team determined that this reflected favorably upon the work remaining to be done on the firmware items.
3. Davis-Besse is an older-vintage plant and, therefore, less of its controllogic is implemented in digital systems. This is especially true for the safety-related systems.

No Y2K problems were found in any of the limited amount of software classified as safety-related.

4. The Davis-Besse Y2K Project Plan follows the guidance provided in NEl/NUSMG 97-07.
5. Ths audit team was informed that Davis-Besse will not be Y2K ready by July 1,1999, due to the activities related to the Security Data Management System, which is currently scheduled for completion on July 30,1999. However, time is available to achieve readiness of this system and alternative access control measures will be provided should the system not be ready to support plant operation on January 1,2000.

a 6

6. Y2K awareness at Davis-Besse has been ongoing and the issue of the Y2K problem will be incorporated into operator training that will take place in 1999.
7. The audit team interfaced with Davis Besse Y2K project team personnel who were found to be very knowledgeable and aware of the Y2K activities of which they have ownership.
8. The audit team found that senior corporate management strongly supports Davis-Besse in thc;r efforts to address Y2K readiness.
9. The audit team believes that the licensee will meet their Y2K readiness date for Davis-Besse as planned.

1.0 INTRODUCTION

The objectives of the Davis-Besse Nuclear Power Station (Davis-Besse) Y2K program audit were to:

1. Assess the effectiveness of the licensee's program for achieving Y2K readiness including continued safe operation of the plant as well as compliance with applicable NRC regulations and license conditions with respect to potential Y2K problems.
2. Evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K readiness by July 1,1999.
3. Assess the licensee's contingency plans for addressing risks associated with potential events resulting from Y2K problems.

The audit was conducted in accordance with the established audit plan (http://www.ntc. gov /NRC/Y2K/y2kaudit.html) which was based in part on the guidance and requirements contained in the following documents:

GL 98-01, " Year 2000 Readiness of Computer Systems at Nuclear Power Plants" Licensee Response (s) to GL-98-01

- Plant technical specifications and license terms and conditions Applicable NRC regulations NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness" NEl/NUSMG 98-07, " Nuclear Utility Year 2000 Readiness Contingency Planning" Prior to the audit at the plant site, the audit team reviewed a version of the Davis-Besse Year 2000 Project Plan at the Framatome office located in Rockville, Maryland. Upon commencement of the audit, a copy of the Davis-Besse Year 2000 Project Plan (document 1 of Attachment 1) was made availe.ble by the licensee in their Davis-Besse Y2K Information binder dated October 27, 1998.

The audit began with an entrance meeting attended by licensee representatives, the Davis-Besse Y2K Sponsor, the Y2K Project Manager, Davis-Besse Y2K Team members and other plant personnel, and members of the audit team. Attachment 2 is a list of the attendees. Members of the Davis-Besse Y2K organization described project organization, the project plan, implementation, and current status.

Subsequent to the entrance meeting, the audit team reviewed the Davis-Besse Y2K Project Plan, associated project documentation, and communicated with Davis-Besse personnel on an on-going basis to address questions as they arose. The documents reviewed are listed in Attachment 1.

2.0 DAVIS-BESSE PROJECT DESCRIPTION 2.1 Project Oraanization f The Davis-Besse Y2K Project Plan organization consists of the following roles:

4

(1) The Y2K Project Sponsor is the Director, Davis-Besse Engineering and Services.
l (2) The Project Manager is the Supervisor, Computer Engineering. The Y2K Project Manager is i responsible for overseeing all activities associated with the Y2K project through the

. implementation of a Y2K Team. The project manager ensures that all systems are classified and prioritized according to the established Y2K guidelines.

(3) The Y2K Team consists of a Senior Reactor Operator, technical specialists and support staff from each section. The project team incorporates the skills and experience of a cross-ssction of the organization. The system engineers, technicians, and subject matter experts serve as the process owners. Additionally,information technology, engineering, licensing, quality assurance, and procurement specialists are part of the Y2K Team. The Y2K Team members are responsible for coordinating information and i activities for the portions of the program for which they have ownership. The Y2K Team is also responsible for developing the tools needed to complete the associated activities.

Y2K Team members assist in the identification, classification, and prioritization of the Y2K program items / components.

(4) The Davis-Besse Y2K project plan has the approval of the Vice President Nuclear Davis-Besse, and Davis-Besse Directors.

The Davis-Besse licensee participates in information sharing activities related to the Y2K effort with other organizations. Davis-Besse is involved with the B&W owners group, NEl,  !

NUSMG, eel, EPRI, and NERC. Additionally, Davis-Besse personnel have been involved in peer l review activities with staff from the Perry Nuclear Plant. The licensee uses an energy  !

management system (EMS) which is a GE Harris product and participates in the GE Harris users I

group. The EMS is maintained at the corporate level. I f

e i

i

  • i i .
[

t j 2.2 Proinct Plan

{ In November 1997, a company merger took place resulting in FirstEnergy Corporation becoming  !

the owner of each licensee for Davis-Besse. As part of the merger process, many of the Davis-

, Besse computer systems were allocated funds for upgrading. These upgrades were specified and

confirmed to be Y2K compliant and are, therefore, not included in the Y2K readiness program. i

) Other Davis-Besse systems / components / equipment were allocated funds specifically for ,

j addressing the Y2K problem. ,

t The Davis-Besse Year 2000 Project Plan as described in the Y2K Information binder dated i j October 27,1998, is the plant specific Y2K readiness plan developed by the licensee. The implementation Plan includes: (1) initial assessment which encompasses the steps of

] inventory, classification, and prioritization, and (2) detailed assessment which encompasses '

, the steps of vendor evaluation, utility owned or supported software evaluation, Y2K j susceptibility testing, and readiness planning. Subsequent efforts include remediation, validation (testing)/ implementation and contingency planning.  ;

E The schedule of activities for Y2K reedhr es is shown in Table 1.

I 2.2.1 Awaranens i

The Davis-Besse licensee initiated Y2K awareness with a site-wide memorandum. A memorandum  !

! sent out early in the Davis-Besse readiness project initiated the identification and inven-l torying of all computers, software and embedded systems. Awareness at Davis-Besse is an on-  ;

4 going process. Several methods of communication are used to maintain Y2K awareness. The

! communicaticn methods include site-wide meetings, site-wide memoranda, corporate newsletters, l a Davis-Besse web site, training on embedded systems per the guidance in EPRI TR-11189, and

status updates for operations staff. According to Davis-Besse personnel, operator requali-J fication train ~ng to be held in 1999 will include Y2K issues.

i The Davis-Besse Y2K project planning began in early 1997 when plaat personnel began to provide

, FirstEnergy Corporation (Corporate) with a list of the Davis-Besse software inventory. This

, software inventory was needed as part of the transition process to support the company merger.  !

I This merger was completed in the fall of 1997.

i ltems or components that are purchased by the licensee (subsequent to the Y2K L inventory / assessment that has already been completed) are captured and assessed for Y2K

!_ . readiness at the procurement phase. There is a boilerplate questionnaire that goes to the l vendors which asks if the product is Y2K compliant / ready. The licensee uses a procedure for i software / hardware procurement which addresses Y2K concerns.

' At Davis-Besse, each systems engineer compiled the embedded system invenwry for those systems for which they had ownership. The " system expert"is the system engineer. System engineers

. identified their systems that contained microprocessors. Davis-Besse still has many of the i original analog-based systems in place. No Y2K problems have been identified in safety-

related systems at Davis-Besse.

i

) The security data management system (SDMS) at Davis-Besse is being replaced with a Y2K

. compliant system. The project scope includes two dual redundant DEC Alpha CPUs, new i

I

7_____._

r i *

} (

intelligent multiplexers which will replace the current Sygnetron security system. The j project was approved in 1995, and completion is scheduled for July 30,1999. An alternative i j access control system is being planned in the event the replacement security computer is not  !

ready in time to support plant operation on January 1,2000.

l The Davis-Besse Y2K Readiness schedule is provided in Table 1. l

{. 2.2.2 initial Assenan ent l

The initial Y2K assessment consisted of several steps including inventory, classification of the inventory, and prioritization of the identified items. All software items and embedded systems that are in use at Davis-Besse were identified and input to a database for which Davis-Besse generates, a " Software Classification Report," " Software Status Report," "Firmware l

! Classification Report," and "Firmware Status Report." i

An inventory was performed of all potentially affected items. A memorandum was issued to all l l supervisors to provide them with guidelines for obtaining input to the database from all areas '

! of the plant. System engineers were requested to complete a system review for all Davis-Besse

! systems. This review documented whether the systems do or do not cont A software, firmware,

[ or microprocessors. The Davis-Besse Y2K Team developed forms that were used to facilitate and '

standardize the collection of data. The information collected included software or device i name, version or model number, description and use, vendor or manufacturer, Davis-Besse owner l or support group. The forms also f athered information regarding the item's importance to
safety, plant operability, regulatory commitments, and business considerations. The data

] collected were used to make initial decisions on classification and prioritization. The data j were also used to determine budget and resource estimates for the detailed assessment phase.

1
The licensee classified the Davis-Besse inventoried items into seven categories by rank of j importance to the objectives of the Y2K project as follows

}

l. 1. Safety-Related "O" per Davis-Besse Configuration Equipment System and performs a safety function i

1 2. Important to Operation - The date dependency impacts systems important to plant operation i

l

3. Reg red by Re atory Commitments - The date dependency impacts a system that implements
4. Important to Personnel Safety - The date dependency impacts systems important to safety of plant personnel 1
5. Required to Support Business (High Priority) - The date dependency could cause substantial financial / business impact
6. Required to Support Business (Low Priority)- The date dependency can cause some financial / business impact

i

' f 4

7. Desirable (but not required) -The date dependency can cause minor financial / business impact, but is not a priority l J

Prioritization was the process of reviewing all items within the inventory after

-classification and assigning an order to the performance of the detailed assessment. The licensee assigned priorities according to the following criteria

i

1. Needs to be evaluated / tested in refueling outage (RFO) number 11 (RFO11 was in the spring ,

] of 1998)

2. Needs budget / expenditures authorization

.. -3. Analyze for Use-As-Is  !

1 1

4. Standard Testing - work under Maintenance Work Order or Request For Computer Assistance ,

4~ .

The team finds that the licensee's initial assessment, which was completed on June 30,1998,  :

encompassed the criteria described in NEl/NUSMG 97-07.

}

2.2.3 Detailed Assessment .

! The purpose of Davis-Besse's detailed assessment phase is to obtain sufficient information about each inventoried item to determine its expected performance beyond December 31,1999.  ;

Written checklists are used to capture the detailed assessment process and provide for j documentation and quality assurance of the work performed. Assessment results are used to

make decisions regarding actions required to ensure the continued operation of the software or i l equipment. The following activities occur during the detailed assessment phase
vendor j evaluation, utility owned or supported software evaluation, Y2K susceptibility testing, and j readiness planning.

The detailed assessment is scheduled for completion on April 20,1999.

The Davis-Besse Y2K Team developed a Vendor Assessment questionnaire and a cover letter that has been sent to all vendors of software, firmware, and equipment with an embedded

! microprocessor. The vendor correspondence is being tracked, along with other steps of the Y2K L -readinest, plan, on a database maintained by Computer Engineering. The readiness plan states l' that for vendor responses that indicate an application or device is Y2K ready or compliant, a l decision on whether to perform validation testing is required. This decision may be based on failure impact, extent of documentation provided, confidence in the vendor, and the licensee's knowledge and experience with the product.

The licensee scheduled some items for replacement irrespective of the year 2000 issue (for example some items / systems were obsolete). The replacements will be Y2K compliant. In some

~

instances the replacement schedule was accelerated in order to meet the needs of the Y2K schedule. The replaced items will require no further testing or evaluation. Procurement Engineering at Davis-Besse has developed a statement for Year 2000 compliance to be included

. in each purchase order from this time forward.

' /

l

7-The licensee is performing an assessment of the Corporate or Computer Engineering supported applications and devices using the same checklists as stated above. The licensee's methods for determining Y2K readiness of applications and devices include knowledge-based decisions, scanning of code (used for mainframe and some large client server applications), and testing.

The licensee has assessed the Y2K readiness status of the inventory of firmware and software items as shown in Tables 2 and 3. The column headings are: (1) "Remediation Not Required," (2)

"Remediation Scheduled, or (3) "Y2K Impact To Be Determined." The items in Tables 2 and 3 are further divided into the seven classifications by rank of importance to the objectives of the Y2K project. Table 2, "Firmware inventory and Inventory Assessment," shows the Y2K readiness status of the 106 firmware items that were identified. Table 3, " Software inventory and inventory Assessment," shows the Y2K readiness status of the 285 software items that were identified.

Tables 4 and 5 list the items that were reviewed in detail by the Audit Team. The team reviewed the folders for 44 firmware items and 19 software items. The tables provide the classification and the licensee's recommended remediation for each of the folders reviewed.

Below is a brief discussion of the fcliowing firmware/ software items reviewed by the audit team:

Dixson digital indicators are used in 62 plant locations. They have no time-dependent operations and do not interface with other equipment or systems. Therefore, they are Y2K compliant. The vendor stated that they are Y2K ready.

Framatome Saturation Meter (TSAT) is used to determine the subcooling margin. It interf aces with other instruments end equipment. It performs no time-dependent calculations or operations. It does not use batteries for retention of default or setup information and it has no form of date input or date check. Therefore, it is Y2K compliant. The vendor stated that it is Y2K ready.

The audit team found the response from Amalgamated Services incorporated (ASI/Kaman) concerning their microprocessor-based radiation monitoring systems to provide a useful and accurate status of the vendor's 1 evaluation and testing of their products. These systems are used at I Davis-Besse to monitor releases to the public and to isolate control room normal ventilation to prevent potential radiation exposure to control room personnel. The vendor's response includes a discussion of the circuit boards and system components and provides the vendor's bases for concluding that the system is Year 2000 ready.

The Spec 200 Micro microprocessor-based display and analog-based control system by Foxboro is used in the auxiliary feedwater system. The vendor response indicates that the equipment has no date sensitivity and is, therefore, Y2K ready.

An Allen Bradley SLC500 programmable logic controller (PLC) is used in the moisture separator, reheater and demineralizer system. It is not date sensitive and the vendor stated that it is Y2K ready. It will be used as is.

The Computer Board Octagon system SYS-3Z (SASS) has no real-time clock and no date or time is used in the SASS program. It is, therefore, Y2K ready.

The Framatome Diamond Power Intel 710127-1042 CRD Programmable Controller programmer model 469A has no real-time clock and no date or time is used in the program. It is, therefore Y2K ready.

The MODCOMP CL lil/95, plant process computer system, has an upgrade scheduled for December 1998. There are no date/ time dependencies, and a 4 digit year is used in the upgrade software. All MODCOMP developed software is Y2K compliant.

The Orion Research incorporated 811 pH meter is Y2K ready according to the vendor. This meter is used to perform pH measurement of various plant fluid systems. Data obtained from these meters may be used as a basis for chemisiry control decisions of these systems.

The Rosemount Low Conductivity Microprocessor Analyzer and 3051P Smart Transmitter have no date sensitivity and each is Y2K ready.

The Simplex 4100 Fire Panel Programming Software and the Simplex 4190 Color Graphic Unit (operator's display) have not yet been fully tested by the licensee, and testing must be complete before the licensee can determine the dispia 's Y2K readiness. The Color Graphic Unit provides the operator with a display for generalinterface to the fire system. It also provides an online test of the pre-fire plans. The 4100 Software is required to program the Simplex fire panel display. The Audit team observed a portion of the testing of this display.

According to the vendor, the Eagle Signal Controis CX302A6 and CX312A6 Timer /Ceunter have no date sensitivity and are Y2K ready.

Tri-Carb A2100TR has a vendor scheduled release date of their Y2K ready product of February 1,1999. The vendor intends to make available software upgrades for as many of its instruments as possible. Software updates will use the fixed window technique. The licensee willinstall the upgraded software at Davis-Besse.

i

l l

The AVVU calculates doses for gaseous releases from non-routine release points such as the atmospheric vent valves and auxiliary steam reliefs.

This device is being retired and the functions will be included as a part of other systems. '

Auto Ion 300 is software that operates the Dionex Online lon Chromatographs. This software will be upgraded to be Y2K compliant.

The BCT 2000 software used for battery capacity testing, per vendor letteris not' year 2000 compliant, however, new software will be available before April 1,1999.

The CDM Calibrator Software provided by Merlin-Gerin is currently not  ;

year 2000 compliant and is under revision. Y2K compliance has been '

specified in the software requirement specification for the product. )

The updated software was released in the 3rd quarter of 1998.  ;

l The Chemistry Data Act,uisition and Management System handles secondary data acquisition and reporting. .This product is not Year 2000 ready and will be replaced. i The RMAS, reactivity analysis and measurement system, automates most of I the calculations performed during zero power physics testing. This {

product is not Y2K ready, however, the vendor has developed a solution that is to be available in the 4th quarter of 1998. ,

VOTES for DOS is a valve operation and testing software for motor operated valves. A new version of software is being developed by the vendor.

The DynaTech Frontier System 1000/2000 is software used for whole body radioanalysis. The original vendor is no longer in business, and thus, this system is being replaced.

  • HIS 20 provides radiologically restricted area access control, monitoring, and reporting. A Y2K compliant version will be provided by the vendor.
  • The MSHIELD, calculates radiation shielding effectiveness. Version 3.09 is not Y2K ready, however the most recent version is Y2K compliant.

2.2.4 Y2K Testing and Validation Y2K testing is performed to determine whether the software (including systems with embedded software /firmware) is subject to the Y2K problem, and this testing is performed during the detailed assessment. Y2K testing performed subsequent to remediation verifies whether the

i remediation efforts have eliminated the Y2K problem and confirms that no unintended functions are introduced in the modified system.

The Davis-Besse licensee uses existing procedures to perform and document the Y2K i susceptibility and remediation testing. Any testing that is performed outside the scope of the Maintenance Work Order process is to be completed and documented using the Request for Computer Assistance.

The Audit Team observed the Y2K susceptibility testing of the fire protection panel. The team )

observed the tests for the critical dates pertaining to the transition from 12/31/1999 to ,

1/1/2000 and from 2/29/2000 to 3/1/2000. For these two transitions, the system operated successfully.

I 2.2.5 Remediation The purpose of remediation is to replace, fix, or eliminate items identified in the assessment. Remediation includes activities that make the item Y2K compliant or ready. At Davis-Besse, remediation is the process of replacing or modify:ng software or devices that are to be retained in service, but have been determined to be susceptible to the Y2K problem.  ;

Existing Davis-Besse software quality assurance and configuration management procedures are .

applied tu iemediated systems.

Remediation is scheduled for 26 firmware items, and 59 software items. Remediation is not i required for 66 firmware items and 101 software items.

2.2.6. Reaulatorv Considerations l In implementing the Davis-Besse Y2K Project Plan, the licensee makes use of existing programs and policies to ensure that appropriate regulatory reviews and evaluations are performed and i documented. These reviews include 10 CFR 50.59 reviews for any modifications; reportability l evaluations per 10 CFR 50.72,50.73 and 10 CFR Part 21, and operability determinations as '

required by technical specification.;.

- 2.2.7 Continoencv Plannina i

Davis-Besse's contingency planning began on June 30,1998, and is scheduled to be completed i June 1,1999. A complete integrated contingency plan will result from two main tasks,1) establishing the readiness checklist for individual contingencies, and 2) initiating the risk i management matrix.

The contingency plan addresses three areas of potential risk; internal facility risks, interfacing risks, and external risks. At Davis-Besse each component that is important to i reactor safety has preplanned strategies for addressing potential failures. These strategies are described in the station offnormal and abnormal procedures. The goal of the Y2K  !

contingency plan is to use the existing procedures / tools as the bases of the contingency planning effort. Mitigation strategies will be developed for each failure that is

_ characterized as being significant to risk and uninterrupted station operations. The licensee i

i

.----.r--- *

,_- - , , - - - - - w -

av,- -- - - - , , - -,-,,,

1 1

, . l will pay particular attention to those Y2K problem failure scenarios that are not currently addressed by an existing emergency procedure. i in accordance with the guidance in NEl/NUSMG 98-07, there is one single point of contact for the contingency planning process. Additionally, the overall contingency planning effort includes a cross section of Davis-Besse personnel as well as corporate involvement. Corporate levelinput addresses major risks to company operations as a result of postulated Y2K failures at Davis-Besse. In addition to the use of existing emergency off normal and abnormal station procedures, the licensee uses the Davis-Besse radiological emergency plan, and the emergency operating plan as the basis for response to Y2K contingencies. Furthermore, lessons-learned from the experience of the June 24,1998, alert when a tornado struck the Davis-Besse station and surrounding community, are being used in the Y2K contingency planning. The June 24,1998, tornado caused a loss of offsite power for 23 hours2.662037e-4 days <br />0.00639 hours <br />3.80291e-5 weeks <br />8.7515e-6 months <br />, loss of offsite communications, a reactor trip, loss of station switchyard, and damage to several station structures.

2.2.8. Y2K Proaram Mansaement The Davis-Besse Y2K readiness project requires the commitment of senior management and their organizations. Furthermore, the commitment of Davis-Besse personnel who are knowledgeable of the systems and areas that they have ownership is evident. At present, the licensee is on schedule to achieve Y2K readiness for Davis-Besse by July 30,1999.

Team members observed that quality assurance (OA) measures and oversight applied to the Y2K project is performed in accordance with the licensee's existing procedures and that these measures ensure that the level of oversight is appropriate. The responsibility for the implementation of the OA measures remains with the Y2K project team. Oversight in the form of QA audits is provided by individuals or groups who are not directly involved in the management or performance of Y2K project activities. Additionally, the NRC senior resident inspector at Davis-Besse is included on the distribution of the reports of any independent GA audits including those of the Y2K readiness program.

The audit team found that program management measures conform to the guidance of NEl/

NUSMG 97-07 and are adequate. The licensee is planning an independent QA sudit of the Y2K readiness program by the first quarter of 1999.

2.2.9 Electrical Grid Issues FirstEnergy Corporation is involved in an on-going interface at the regional, interregional and nationallevels to ensure grid stability for the Y2K problem The solid state relays used in the substation controls and to provide power system protection will perform their critical function because they are electromechanical devices (not software) and are not date sensitive.

PLCs used in some power distribution functions are still being assessed for Y2K problem susceptibility. The microwave and fiber optic systems used for wide area communication are not Y2K impacted, however, additional verification of this determination is being obtained.

l

3.0 AUDIT TEAM OBSERVATIONS

1. Davis Besse was merged into FirstEnergy Corporation in November of 1997. The audit team observed that the Y2K project team has remained on schedule in spite of the uncertainty and new responsibilities that often accompany such a significant change in corporate organization.
2. The audit team reviewed several files pertaining to the software and firmware that have been identified by the licensee. Of the 106 firmware items,66 items require no remediation. Most of these 66 are not date sensitive and will be used as is. An additional 26 of the 40 remaining items are scheduled for replacement. These 26 require no further study. Only 14 firmware items still have Y2K susceptibility yet to be determined. These 14 items are in classifications 5,6, or 7, that is, the classifications ranked less mission critical and less important to the objectives of the Y2K project for achieving plant readiness. The team viewed this status favorably since no significant effort remains for the firmware inventory.
3. Davis-Besse is an older-vintage plant and, therefore, there is limited use of digital systems in mission critical application. This is especially true for safety-related systems. No Y2K problems were found in any of the limited smount of software classified as safety-related.
4. The Davis-Besse Y2K Project Plan follows the guidance provided in NEl/NUSMG 97-07 for Y2K readiness. The Davis-Besse Y2K planning and organization includes the integration of a cross-section of plant personnel. The areas of contingency planning and quality assurance are being effectively addressed by the licensee.
5. The audit team notes that Davis-Besse will not be ready by July 1,1999, as prescribed in GL 98-01, due to the activities related to the Security Data Management System, which is currently scheduled for completion on July 30,1999. However, the audit team determined that sufficient time is available to achieve plant Y2K readiness to operate on January 1, 2000, and in the event the security computer upgrade is not completed, an alternative means for access control has been developed.
6. Y2K awareness at Davis-Besse has been ongoing and the issue of the Y2K problem will be incorporated into the operator training that will take place in 1999. The licensee has been engaged in exchange of information on the Y2K problem through interaction with other plants and industry groups. The audit team believes that the on-going awareness at the site and exchange of information among other organizations has and will positively contribute to the licensee achieving Y2K readiness for operation on January 1,2000.
7. The audit team interfaced with Davis-Besse Y2K project team personnel who were found to be very knowledgeable and aware of the Y2K activities for which they have ownership.

Additionally, the audit team witnessed a demonstration of the use of the Y2K susceptibility test procedure which demonstrated that key rollover dates are effectively tested.

v .

I

- 13 -  !

8. The audit team found that senior corporate management (FirstEnergy Corporation) strongly [

supports the Davis-Besse plant Y2K team in their efforts to achieve Y2K readiness. The '

needed resources have been made available and will continue to made available to }

Davis-Besse so that Y2K readiness will be achieved as planned.  !

t

9. Based on the above observations, the audit team believes that the licensee will meet  !

their.Y2K readiness date for Davis-Besse as planned. 1 k

i t

t l

4 l

4 1

i i

i i

h i

r I

i s . . .. _ . ,.

l w .

Table 1 - Davis-Besse Y2K Project Plan Schedule l Activity Starting Date Finishing Date Communication Awareness September 1997 1st quarter 1999 i Y2K Readiness Project Plan 1st quarter 1997 June 1998 inventory September 1997 June 1998 Detailed Assessment / Testing April 1998 April 1999 l 1

Remediation September 1997 July 1999 l Validation / implementation February 1999 July 1999 Contingency Planning June 1998 June 1999 l

l l

I l

i I

I 4

i

Table 2 FIRMWARE INVENTORY AND INVENTORY ASSESSMENT i

Remediation Remediation Y2K Impact To Be

! Classification Not Required Scheduled Determined Total I Safety Related 9 0 0 9 q Important to Operation 18 12 0 30 Required by Regulatory 5 4 0 9 Commitments j

important to Personnel O O O O Safety Required to Support Business 3 1 4 8 (High Priority)

Required to Support Business 27 8 9 44 i (Low Priority) j Desirable (but not required) 4 1 1 6 Firmware Total 66 26 14 106 4 ,

1 i

l 1

I i

TABLE 3 SOFTWARE INVENTORY AND INVENTORY ASSESSMENT l

l Remediation Not Remediation Y2K Impact To Be Classification Required Scheduled Determined Total Safety Related 3 0 0 3 Important to Operation 15 6 15 36 i

Required by Regulatory 16 14 34 64 l Commitments important to Personnel 0 0 1 1 Safety .

l Required to Support 12 14 17 43 l Business (High Priority) l Required to Support 24 11 31 66 l Business (Low Priority)

Desirable (but not 31 14 27 72 I required)  !

Software Total 101 59 125 285 l

l l

l l

1 l

Table 4 SOFTWARE The following software items were reviewed by the audit team.'

Classification item Name - Description Date Status -

Sensitive Replacement Plan Safety Related Auxiliary Feedwater S/G Level Control No close out - Y2K ready Foxboro Spec 200 Micro-measures input variables and provides signal to valves for S/G level control Kaman Radiation Monitoring 451145-001D- No close out - Y2K ready monitors station vent and containment atmosphere for gaseous particulate and iodine activity during normal and post accident conditions.

Kaman Radiation Monitoring 451146-001 No close out - Y2K ready important to Operation Chemistry Data Acquisition and Management Yes replace System - a series of programs for secondary water chemistry data acquisition and reporting.

Reactivity Analysis and Measurement Systerr - Yes replace -

used by Reactor Engineering during zero vendor to provide power physics testing upgrade The licensee used the term "close" to refer to reviews which were completed and all review approved signatures obtained. The licensee used the term " closeout" to refer to reviews which were completed but still needed review approval signatures.

l i

i

4 4

Table 4 continued SOFTWARE

?.

! Required by AVVU - calculates non-routine gaseous Yes replace (product Regulatory releases from points such as the atmospheric retired)

Commitments vent valves (AVV's) and auxiliary steam

, reliefs

Auto Ion 300 - software to operate Dionex Yes replace Online Chromatographs i

Required by BCT-2000 - Battery capacity test system Yes replace  ;

Regulatory software for performance discharge and  ;

[ Commitments service testing of alllarge batteries by controlling a discharge load bank.

VOTES for DOS - Motor operated valve Yes replace -

diagnostic and evaluation system vendor providing new i

! version of software s

Dionex Al-450 - software to operate Dionex Yes replace .

ion Chromatographs  !

HIS radiologically restricted area Yes replace - ,

access control, monitoring and reporting vendor to provide i l upgrade l

' PROTEST 111 - integrated software system Yes replace with' vendor  !

used in testing, calibrating and maintaining provided compliant j 1

protective relay devices version l

Tri-Carb A2100TR - software to update Yes closed -

Liquid Scintillation Analyzer vendor provided upgrade l

4 1.

k l 1

d 4

l

- .,_ _ , ~ - . _ _ -

Table 4 continued

, SOFTWARE E

l Required to Support Data Manager - mass storage software for Yes replace Business (High VOTES for DOS

, Priority) l Valve Vision - measures valve packing load Yes replace

Required to Support CDM Calibrator Software (Merlin-Gerlin)- Yes replace with vendor

. Business (Low calibrates and checks operation of provided revision Priority) electronic alarming dosimeters. This

, software is part of a vendor supplied calibration system.

1 Required to Support Dyna Tech Frontier System 1000/2000 Yes replace j Business (Low quantitative fit test booth, fit test for j Priority) respiratory equipment, whole body radio j analysis software MSHIELD (microshield) version 3.09 Yes replace -

! calculates radiation shielding must upgrade to more

, effectiveness) recent version (MSHIELD 5.09)

! Doric Digitrend - records heat trace Yes closed l temperature r

Table 5 FIRMWARE The following firmware items were reviewed by the Audit Team.

Classification Instrument Name (Vendor) Date Recommended Sensitive Remediation .

1 - Safety Related Digital Indicators - 62 locations - (Ametek/Dixson) No None required 1 Saturation Meter - TSAT - (Framatome) No None required 1 Digital Display - TSAT - (Newport Electronics) No None required 1 Flow Monitoring System (Technology for Energy No None required Corp) 1 Microprocessor - Radiation monitoring - (AS!/Kaman) No None required 1 Microprocessor Display and Analog Control System No None required (Foxboro) 2 - Important to Microprocessor-based Underfrequency Relays (ABB No None required Operation Service Inc.)

2 SLC500 PLC (Allen Bradley) No None required 2 Model 21X Data Loggers (Campbell Scientific Inc.) Yes None required 2 Series 35 PLUS/FASTSCAN for HPGe (Canberra Yes Replace Industries) 2 Micro processor SAC 2 control (Cooper Turbo Yes None-required Compressor) 2 SPDS Terminals (Cutler-Hammer) unknown Replace 2 Micro Vax 11 (Digital Equipment Corp.) Yes Replace 2 NAS Server (Digital Equipment Corp.) Yes Replace 2 Alpha 4000-710 (Digital Equipment Corp.) Yes Replace 2 Alpha 3300LX (Digital Equipment Corp.) Yes Replace 2 8800 MX MODACS Cards (Electronic Visions, Inc.) Unknown Replace l 2 Computer board OCTAGON (Framatome) No None required 2 Computer board OCTAGON EPROM (Framatome) No None required )

2 CRD Programmer Controller (Framatome) No None required 2 CL 111 \ 95 (MODCOMP) Yes Replace 2 811 PH Meter (Orion Research, Inc.) No None required 2 Low Conductivity Microproc. Analyzer (Rosemount) No None required

1

, Classification Instrumant Nama (Vandor) Data R:commsnd:d Sensitive Remediation 2 3051P Smart Transmitter (Rosemount) No None required 2 Security Sys. - SDMS (SAIC) Yes Replace ,

2 4100 Fire Panel Programming Software (Simplex) Yes TBD 2 HD310 System with time Code Generator TG319 Yes Replace (Validyne) 3 - Required by BCT-2000 Battery Load Bank (Alber Corp.) Yes Replace Regulatory Commitments

3 8100 On-line Chromatograph (Dionex Corp.) Unknown Replace 3 Respirator Fit Booth (Dyna Tech Frontier) Unknown Replace

! 3 CX302A6 and CX312A6 Timer / Counter (Eagle No None required j Signal Controls) 3 Model 3400 Printer (Intermec) No None required 3 Hand-held units for data loggers (Intermec) Yes TBD i 3 Breath Alcohol Tester (Midwest Instruments) Unknown TBD 3

3 Liquid Scintillation Analyzer (Packard Instrument No None required j Co.)

5 - Required to Reactor Cooling Pump Monitor (Framatome) Yes Replace

. Support Business

! (High Priority) l l

5 Ultrapure Water Monitor (Martek Instruments, Inc.) No None required 5 Conductivity /pH Monitor (Martek Instruments, Inc.) No None Required e

6 - Required to Whole Body Counter (Canberra) Yes Replace ,

Support Business  !

(Low Priority) 6 Auxiliary Boiler Flame Controller (Fireye, Inc.) No None Required 6 DMC90 Digital Alarming Dosimetry (MGP Unknown TBD

Instruments)

, 6 E-PROMS in Perimeter Detection Equipment (NSSC) Unknown IBD i

6 1151S Smart Pressure Transmitter (Rosemount) No None Required 7 - Desirable (but 275 Hart Handheld Communicator (Rosemount) Unknown Replace not required) i 1

e 4

-e_. iN

" e o

DOCUMENTS REVIEWED l

1. Davis-Besse Year 2000 Project Plan as provided in the Davis-Besse Y2K Information- Year 2000 Project Davis-Besse Nuclear Power Station- NRC Audit October 27,1998.
2. Davis-Besse NPS Y2K Contingency Plan Revision 0 as provided in the Davis-Besse Y2K Information- Year 2000 Project Davis-Besse Nuclear Power Station- NRC Audit October 27, 1998.
3. Selected Portions of Davis-Besse Nuclear Quality Assurance Manual, Rev. 46, dated 10/20/98 i
4. Selected Portions of Nuclear Group Procedure," Audits and Surveillances," dated 4/27/98 t

ATTACHMENT 1 l

ENTRANCE MEETING ATTENDEES NAME TITLE DEPT./ ORGANIZATION  !

John K. Wood VP VP Bob Dennellon Dir-Eng-SER Eng & SERV Frank Swanger Mgr DB Eng Eng & SERV <

Greg Hayes Supv. Comp. Engrg. Eng & SERV j Bob Horland Senior Engineer Eng & SERV  !

i Matthew Selmeir I&C Technicial Maint/l&C Skip Cope Senior EP Sepc. EP 4

Karen Dunn Y2K Project Coord. Computer Engineer David A. Richards rAanager internal Auditing Dept.

Connie J. Moore Dir, NEl IS John G. Waddell Sup - Security Shift Nuclear Security i

l Jim Wilson ISO Y2K Proj. ISO - Akron Deirdre Spaulding Electronics Engineer NRC/NRR/HICB d

David Lockwood Supervisor Reg. Aff airs Brad Demaison Supervisor - NT Training Dale R. Wuokko Supervisor-ILicensing Regulatory Affairs Frank Kennedy Sr. Licensing Specialist Regulatory Affairs Michael K. Leisure Sr. Engineer - Licensing Regulatory Affairs Robert W. Schlingman Co-op Student Regulatory Affairs

Vince Capozziello Supervisor - Chemistry Chemistry Al Schumaker Supv. - Security Support Nuclear Security Steve Campbell SRI NRC Jim Lash Plant Manager Plant OPS Keith Mortensen I&C Engineer NRC/NRR/HICB Jim Freels Manager Regulatory Affairs Gary Skeel Manager Security Ted Meyers liirector Nuc. Sup. Services Henry Stevens Manager NSI - NA Lonnie Worley Director Nuc. Assurance Preston Hess Manager Supply Clark Price Manager Bus. Serv.

Mary Beier Manager QA Lucas Ring Scheduler OPS Joe Rogers Manager PE ATTACHMENT 2

l

- o

, e 4

EXIT MEETING ATTENDEES 3

NAME TITLE DEPT./ ORGANIZATION Frank Swanger DBE MGR E&S 1 Marty Beier MGR Q*1A Nuc. Assurance J. Rogers MGR - PE Plant Engineer Daniel Jobsky Sr. Design Eng. Adv. Proc. Eng.

4 Kirk Richmond Cost Eng. Business Sycs.

l Jim Freed Mgr. Regulatory Affairs David Lockwood Supervisor Reg. Affairs

)

Clark Price Mgr. Bus. Serv. I t

i

, Henry Stevens M gr. NSI- Nuc. Assurance 1 4

John K. Wood VP VP i

'. Jim Lash Plant Manager Plant Operations Steve Coe Utility Supervisor PUCO Gary Viginto Secretary /Dir, of Y2K Team PUCO Y2K Deirdre Spaulding Elec. Engineer NRC/NRR/HICB Keith Mortensen I&C Engineer NRC/NRR/HICB Peter M. Bingham Auditor - Nuclear Nuclear Assurance John G. Waddell Supervisor - Sev. Nuclear Security Bruce W. Cope Sec. Ep Sepc. Emer. Prep.

1 Richard Wilkins Commercial Attorney Commercial Attorney Wayne Glidden Comp. App. Assur. Coord. Duquesne Light Beaver Valley Karen Dunn Computer Analyst Computer Engineer Matthew Selmek l&C Technician I&C Maint.

Bob Horland Senior Eng. Engineering Greg Hayes Supv. Comp. Engineering Eng. Services Jerry lagulli Client Services Supv. FEIS I

i l

I

Retrieved from "https://kanterella.com/w/index.php?title=ML20196J517&oldid=3038996"