Responds to to Chairman Jackson Requesting Info on Concerns Raised by Constitutent a Menninger,Re Seabrook Nuclear Power Station Y2K Readiness

ML20210K491
Person / Time
Site:	Seabrook
Issue date:	07/28/1999
From:	Travers W NRC OFFICE OF THE EXECUTIVE DIRECTOR FOR OPERATIONS (EDO)
To:	Beverly Smith SENATE
Shared Package
ML20210K495	List: ML20210K491 ML20210K497
References
GL-98-01, IEIN-96-070, NUDOCS 9908060142
Download: ML20210K491 (5)
v • d • e

Text

- -_ - _ _ -

a nc p

UNITED STATES s

j NUCLEAR REGULATORY COMMISSION t

WASHINGTON. D.C. 20555 4001

\\**,,,/

j July 28, 1999 The Honorable Bob Smith United States Senate Washington, DC 20510-2903

Dear Senator Smith:

I am responding to the letter you sent to Chairman Jackson of the U. S. Nuclear Regulatory Commission (NRC) on June 15,1999, in which you requested information on concerns raised by one of your constituents, Ms. Ann Menninger, regarding Seabrook Nuclear Power Station's year 2000 (Y2K) readiness.

By way of background information, I am pleased to tell you that over the past several years the NRC staff has been working with its licensees to ensure that potential Y2K issues have been identified and corrected in order for plants to function properly during the Y2K transition. The NRC has issued Information Notice (IN) 96-70, " Year 2000 Effect on Computer System Software," December 24,1996; Generic Letter (GL) 98-01, " Year 2000 Readiness of Computer Systems at Nuclear Power Plants," May 11,1998; and GL 98-01, Supplement 1, " Year 2000 Readiness of Computer Systems at Nuclear Power Plants," JLnuary 14,1999. IN 96-70 informed alllicensees of the potential problems that nuclear facility computer systems and software might encounter during the transition to the new century. In GL 98-01, reference is made to Nuclear Energy Institute / Nuclear Utilities Software Management Group (NEl/NUSMG) 97-07, " Nuclear Utility Year 2000 Readiness," which describes an approach that all licensees have agreed to utilize in addressing the Y2K issues at their facilities. This guidance document (NEl/NUSMG 97-07) came out of a joint effort between NEl and NUSMG. In GL 98-01 the NRC accepted the NEl/NUSMG 97-07 guidance as an appropriate program for nuclear power plant readiness and required that all operating U.S. nuclear power plant licensees submit written responses regarding their facility-specific Y2K readiness programs. Licensees were required to report their Y2K readiness status by July 1,1999. Licensees that were not ready were requested to provide their schedule for completing their Y2K activities. Supplement 1 to GL 98-01 expanded the scope of the reporting requirements to include the systems that are necessary for continued plant operation and that are not covered by the terms and conditions of the plant's license and NRO regulations. We believe your constituent's reference to July 1,1999, relates to the submittal of GL 98-01 responses.

The NRC has received reports that all 103 operating nuclear power plants (units) have no Y2K-related problems that directly affect the performance of safety systems. Licensees for 68 of these plants, one of which is Seabrook, indicated that all of their computer systems that support

\\,

plant operation are "Y2K ready." Licensees for the remaining 35 plants reported that they have additional work to complete on a few non-safety computer systems or devices to be fully Y2K ready and provided their schedules for completing the work. Of the 35 plants, about one third need work on systems required for power generation. Other plants need work on plant monitoring and administrative systems. None of the remaining work affects the ability of a plant

\\

to shut down safely, if necessary. Typically, the remaining Y2K work that is to be completed

/ h\\

after July 1,1999, is due to the need to wait for a plant outage scheduled in the fall in order to y perform the work or the necessity of waiting for delivery of a replacement component. North a

9908060142 990 2 DR ADOCK 05000443 PM l

I;

~

Honorable Bob Smith - I Atlantic Energy Service Corporation has determined that Seabrook has no Y2K issues that will affect the safe operation of the power plant and has reported facility readiness as outlined in GL 98-01. Copies of the Seabrook Y2K readiness report are enclosed.

One of a number of inklatives undertaken by the NRC staff to address the Y2K issue was the conduct of 12 sample audits of licensee Y2K readiness programs. The NRC staff determined l

that this approach wasan appropriate means of oversight,of licensee Y2K readiness efforts l

l because all licensees had committed to the nuclear power industry Y2K readiness guidance l

(NEl/NUSMG 97-07) in their first response to NRC GL 98-01 and because the NRC staff had not identified any Y2K problems in safety-related actuation systems. The sample of 12 licensees included large utilities such as Commonwealth Edison and Tennessee Valley Authority, as well as small single-unit licensees such as North Atlantic Energy (Seabrook) and Wolf Creek Nuclear i

Operating Corporation. Because licensee Y2K programs are corporate-wide, many of the NRC staff audits encompassed more than a single nuclear power plant site because many utilities 3

l own more than one nuclear power plant. In all,42 of 103 operating nuclear power plant units were associated with the Y2K readiness program audits of 12 utilities. The NRC staff selected a variety of types of plants of different ages and locations in this sample in order to obtain the l

necessary assurance that nuclear power industry Y2K readiness programs are being effectively L

implemented and that licensees would be on schedule to meet the readiness target date of July 1,1999, established in GL 98-01. In late January 1999, the NRC staff completed the 12 audits.- On the basis of the audit findings, the staff concluded that the audited licensees, I

' including Seabrook, were in the process of effectively addressing Y2K issues and were undertaking the actions necessary to achieve Y2K readiness in accordance with the GL 98-01 i

target date. At the time of the 12 audits, however, Seabrook and the other nuclear power plants were still at various stages of assessing and remediating Y2K problems.

The October 1998 NRC Seabrook audit (audit report enclosed) that is of particular concern to your constituent found "Seabrook's Y2K readiness program to be well-structured and readily useable." The extensive catalogue of 1,304 items that the licensee identified and evaluated for potential Y2K issuas is an indication that Seabrook's Y2K project team had developed a credible and comprehensive Y2K program. Moreover, of those items, only a few plant-related systems l

required minor modifications. Unfortunately, some portions of the NRC audit report have been misunderstood. Seabrook's entire Y2K inventory has been mischaracterized as "1,304 Y2K-related problems." In reality, the Seabrook catalog of Y2K items runs the range from thermostats in offices,to business software, to equipment used in the plant. More than half of the items were found to be fine as is - no modifications needed. Of those items remaining, most were business systems and business hardware, such as personal cornputers, word processors, and payrail and accounting systems. The remaining few items were plant equipment and systems that had undergone extensive testing, analysis, industry review, and minor modifications as needed. Specifically, Ms. Menninger expressed concern about the 13 t

items that could shut down the reactor (plant trip) and 12 items identified in the audit report as

" Safety implication." As previously stated, at the time of the audit, Seabrook had yet to complete L

l

~

Honorable Bob Smith' their remediation of Y2K problems. Remediation for all of these systems has now been

' successfully completed and all related Y2K issues are resolved. Therefore, Seabrook is Y2K ready well in advance of the Y2K transition.

Ms. Menninger requests that the General Accounting Office (GAO) perform an independent audit of Seabrook. Although the NRC is not responsible for determining whether or not GAO should perform an audt at Seabrook, we see no added safety benefit of such an audit. In addition to the NRC staff activities previously discussed herein, NRC inspectors have reviewed

' plant-specific Y2K program implementation activities at all 103 NRC-licensed commercial nuclear power plant facilities, including Seabrook. The inspectors used guidance prepared by the NRC Headquarters staff who conducted the 12 sample audits. The staff found that Seabrook has implemented their Y2K program in accordance with staff-approved industry guidelines. In short, the NRC has an appropriately aggressive regulatory framework for overseeing Y2K readiness efforts at all nuclear power plants, and we are not aware of any Seabrook Y2K problems that directly affect actuation of safety functions.

Ms. Menninger expressed concem that it would require several months before January 1, 2000, to power down a reactor safely. Under normal conditions, it takes several hours to safely shut

- down a nuclear power plant by reducing reactor power gradually. However, in an emergency, the reactor can be shut down safely within seconds, either automatically or manually.

Additionally, every nuclear power plant has redundant backup power sources on site to safely shut down the reactorand keep it in a safe condition in the unlikely event that all external power is lost as a result of the Y2K transition or any other reason. Generally, each plant has at least two diesel generators to provide this backup power to the plant safety systems. Specifically, Seabrook has two emergency diesel generators that are tested regularly, and each is required to have at least a 7-day supply of fuel oil on which to operate. By design, a single emergency diesel generator with its dedicated set of safety system equipment is capable of safely shutting down the reactor and maintaining it in a safe condition.

The NRC will continue to monitor progress at those plants that have remaining work to be

. performed and will independently verify completion of these items, including Y2K contingency

plans that specify procedures for dealing with unexpected events. The staff is deveioping

- guidance for appropriate regulatory actions to be taken for those facilities that were not Y2K ready by July 1,1999. As stated in the enclosed press release, by September 1999, we will determine the need for issuing orders to address Y2K readiness issues, including, if warranted, shutdown of a plant. At this time, we believe that all licensees will be able to operate their plants safely during the transition from 1999 to 2000 and beyond and do not believe that significant plant-specific action directed by the NRC to address possible Y2K problems is likely to be needed.

Additional Y2K information on all operating nuclear power plants, including the press release of

' July 7,1999, is available at NRC's Y2K Web site at http://www.nrc.aov/NRC/ NEWS /vear2000.html.

This Web site also identifies Y2K resources, notices, conferences, and other related information.

Honorable Bob Smith ' The NRC remains committed to its oversight of the nuclear power plant licensee Y2K-readiness efforts in order to ensure safe operation of these facilities throughout 1999,2000, and beyond.

Please contact me if you have any additional questions on this matter.

Sincerely, orisi s sisnod W y,.ogJ.utrastia William D. Travers Executive Director for Operations

Enclosures:

- 1. ' Seabrook Readiness Report

2. Seabrook Audit Report DISTRIBUTION: See next page i

l DisIUDOCUMENT NAME: G:WElBV1ARERABOBSMITHGT.WPD

• See previous concurrences v.

em ar x.casewe

. w. ca

= -

a w.% ee unw. eo coew

/DOh OFC EEIB ~

C:EElB DD:DE Tech Ed N

D:DE ADPT:NRR D:NRR l

NAME MGareri JACalvo RHWessman -

BCalure JRStrosnider BWSheron SJCollins (hh DATE

/

/99

'I

/99

/

/99 7/13/99*

/

/99

/

/99

/

/99j f y/99 OFFICIAL RECORD COPY DRathbun l.

'd/99 l

r I

DISTRIBUTION FOR GT # 19990330 DATED.

July 28, 1999 i

i-

SUBJECT:

SEABROOK NUCLEAR POWER STATION'S Y2K READINESS (STATE SENATOR BOB SMITH)'

MKnapp..............................................................O-16E 15 FMiraglia.............................................................O-16E 15 PNorry..... -..........................................................O-16 E 15 JBlaha...................................................,...........O-16E 15 FCongel.............................................................. T-4 D 18 TH iltz................................................................O-16 E 1 5 S B u rns............................................................... O-4 F2 0 RZimmerman............................................................ O-5 E7 SCollins ~................................................................O-5 E7 BShe ron...............................................................O-5 E7 RWessman.............................................................O-7 D26 JC alvo................................................................O-8 H 2 JM a uck.............................................................O-9 D4 M C hira m al.... ~........................................................O-9D4 SVAthavale.........................

..................................O-9D4 KM ortensen...........................................................O-9 D4 l

M Garerl.............................................................O-9D4 WKa ne................................................................O-5 E 7 R Blough, R1..................................................... Regio n I WLanning, RI.......................................................... Regio n i H JMiller, RI........................................................... R egion i 1.AReyes, Ril.......................................................... Regio n 11 LPlisco, Ril............................................................ Regio n 11 BMallet, Ril............................................................ Regio n 11 JGrobe, Rill.......................................................... Region lli GGrant, Rlli.......................................................... Region Ill JIDyer, Rlli............................................................ Region 111 l

AHowell, RIV......................................................... Region IV i

EWMerschoff, RIV..................................................... Region IV KBrockman, RIV...................................................... Region IV l

PLohaus, OS P........................................................O-3C 10 File Center /NUDOCS (w/ original incoming).................................... T-5C3 PUBLIC (w/ copy of incoming).............................................. T-5C3 SBozin (GT 19990330, DE #99-26).......................................... O-7 D26 JCrutchley (GT 19990330, ElB #99-14)....................................... O-8H2 E E l B R/F...............................................................O-8 H 2 NRR Mailroom (GT 199903 30).......................................... O-5 E7 EDO R/F (GT 19990 3 30)................................................ O-16 E 15

m e

(

\\h,,,

' North Nonh Adaddmg Smia Cogoradon P.O. Box 300 Atlantic seabrook, NH 03874 (603) 474-9521 The Northeast Utilities System June 23,1999 i

NYN-99060 Docket No. 50-443 AR#98009585 United States Nuclear Regulatory Commission Attention: DocumentControlDesk Washington, D.C. 20555 t

Seabrook Station Response to Generic Letter (GL) 98-01, Supplement 1,

" Year 2000 Readiness of Computer Systems at Nuclear Power Plants" The purpose of this letter is to respond to the Nuclear Regulatory Commission's request for information regarding Year 2000 readiness at nuclear power plants. Generic Letter 98-01 I

requested a response on the status of facility Y2K readiness by July 1,1999.

On January 14,1999, the Commission issued Supplement I to Generic Letter 98-01 to modify the request for information in the original generic letter. The Supplement stated:

"In responding to this supplement to GL 98-01, the addressee should confirm Y2K readiness of the facility with regard to those systems within the scope of the license and NRC regulations, and those systems required for continued operation of the facility after January 1,2000. For those systems which are not Y2K ready as of July 1,1999, the addressee should provide a status and completion schedule for achieving readiness by the year 2000."

In response, North Atlantic Energy Service Corporation (North Atlantic) is vol. Wly reporting facility readiness as outlined in Supplement I to Generic Letter 98-01. Enclosed is

- Year 2000 Readiness Disclosure for Seabrook Station, reporting the status of facility Y2K buliness.

This disclosure is submitted under the guidelines of the " Year 2000 Information and Readiness Disclosure Act"(Public Law 105-271).

i s

ENC 1.05URE 1 j

3 SNM h,pd

(I. ' '

United States Nuclear Regulatory Commission j;"

NYN-99060 / Pqe 2 r

..?,

1 Should you have any questions regarding this matter, please contact'Mr.. James M. Peschel, Regulatory Compliance Manager, at (603) 773-7194.

l l

Very truly yours,-

NORTH ATLANTIC ENERGY SERVICE CORP.

i

(

f s

ied C. Feigenbauin ['

Executive Vice President and ChiefNuclear Officer cc:

H. J. Miller, NRC Region I Administrator J. T. Harrison, NRC Pmject Manager, Project Directorate 1-2 R. K. Lorson, NRC Senior Resident Inspector Nuclear Energy Institute Attn.: Mr. Ralph E. Beedle Sr. Vice President & Chief Nuclear Officer Nuclear Generation 1776 I Street, NW, Suite 400 Washington, DC 20006-3708 i

~

ENCLOSURE TO NYN-99060 0

f i

i

)

3 NYN-99060 Year 2000 Readiness Disclosure for Seabrook Station This year 2000 readiness disclosure is made for Seabrook Station under the " Year 2000 Information and Readiness Disclosure Act"(Public Law 105-271).

This disclosure addresses the Y2K readiness of the facility with regard to those systems within the scope of the license, NRC regulations, and other systems required for continued operation of the facility after January 1,2000. A facility that is "Y2K Ready" has followed a prescribed program to identify and resolve Y2K issues so the facility can operate reliably while meeting commitments.

North Atlantic has conducted a year 2000 readiness program similar to that outlined in Nuclear Utility Year 2000 Readiness, NEI/NUSMG 97-07. The program applies to software, hardware and firmware whose failure due to a Y2K problem would prevent the performance of the safety function of a structure, system or component. Additionally, the prograrn applies to any software, hardware, or firmware whose failure due to a Y2K problem would prevent continued operation of the nuclear facility well beyond December 31, 1999. The facility progr m also includes identifying and, where appropriate, remediating embedded systems. The program provided for risk management efforts and development of contingency plans for key rollover dates.

The Y2K readiness program has been completed for those systems required for operation of Seabrook Station. To the best of my knowledge and belief Seabrook Station is "Y2K Ready."

Further, contingency plans have been developed to mitigate the impact of Y2K-induced events at key rollover dates.

i

Y.-

l-November 6,1998 t;

F Mr.Ted C. Feigenbaum Executive Vice President and ChiefNuclear Officer North Atlantic Energy Service Corporation i

c/o Mr. Terry L. Harpster

. P.O. Box 300 4

Seabrook, NH 03874 SUBJECD AUDIT REPORT ON IMPLEMENTATION OF GENERIC LETTER 98-01, " YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" FOR SEABROOK STATION, UNIT NO. I (TAC NO. MA1887)

DearMr. Feigenbaum:

The enclosed report includes the results of the subject audit conducted by NRC staff at the Seabrook Station from September 29,1998, through October 1,1998. The purpose of the audit was to assess the l

effectiveness of the Year 2000 (Y2K) program at Seabrook, to evaluate the implementation schedule in accordance with Generic letter (GL) 98-01, and to assess the contingency plans that address potential Y2K problems.

The audit team found the Seabrook Millennium Project Plan, which addresses the Y2K readiness program, l

to be well-stmetured and readily useable. In addition, the test procedure developed by Seabrook for identifying and correcting potential Y2K problems appeared thorough. During the audit, the team l

identified an inconsistency in the application of certain classifications. However, your staff was already aware of the inconsistency and had already started to resolve the issue. The results of this audit and l

subsequent audits at other selected nuclear power plants will be used by the staff to determine the need for additional action, if any, on Y2K readiness for nuclear power plants.

In accordance with 10 CFR 2.790 of the NRC's " Rules of Practice," a copy of this letter and its enclosure will be placed in the NRC Public Document Rcom. If you have any questions regarding the attached report, please contact me at (301) 415-3199.

i l

Sincerely, John Harrison, Project Manager Project Directorate I-3 l

Division of Reactor Projects -1/II Office of Nuclear Reactor Regulation Docket No.: 50-443 l

Enclosure:

Y2K Audit Report

Attachment:

As stated I~

l ENCLOSURE 3.

f39 7/15/19999:37 AM o

Nh iMOl

/%

m

l Y2K Au&t Repon for Seabrook Umt i imps, w

• w.m.p.i.s m 4.u m.o.w qi o,,s.....

U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION (NRR)

AUDIT REPORT ON IMPLEMENTATION OF GENERIC LETTER (GL) 98-01

" YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" 4

Docket Nos:

50-443 License No:

NPF-86 Licensee:

North Atlantic Energy Services Corporation Facility:

Seabrook Unit 1 Imation:

Seabrook, NH 13 Miles South of Portsmouth, NH Dates:

September 27 - October 1,1998 Audit Team Members: Matthew Chiramal, NRR William Ruland, Region I Deirdre Spaulding, NRR Approved by:

Jared Wermiel, Chief Instmmentation and Controls Branch Office of Nuclear Reactor Regulation

)

• Executive Summary

• 1.0 Introduction 2.0 Seabrook Project Description 2.1 Proiect Organization o

o 2.2 Project Plan E 2.2.1 Awareness a 2.2.2 Initial Assessment u 2.2.3 Detailed Assessment a 2.2.4 Y2K Testine and Validation a 2.2.5 Remediation a 2.2.6. Regulatory Considerations a 2.2.7 Contineency Planning a 2.2.8. Y2K Program Management M 2.2.9 Electrical Grid Issues 3.0 Audit Team Observations e

Executive Summary From September 29 through October 1,1998, the NRC staff conducted an audit of the Year 2000 (Y2K) program at the Seabrook Nuclear Generating Station in accordance with the audit plan for this activity. The 7/15/19999:37 AM 2 of 19 M\\f

c, purpose of the audit was to (1) assess the effectiveness of the North Atlantic Energy Services Corporation -

(the licensee) programs for achieving Y2K readiness, including continued safe operation of the plant as well as compliance _with applicable NRC regulations and license conditions with respect to the potential Y2K problems, (2) evaluate Y2K program implementation to assure that the licensee's schedule is in accoid cc with NRC Generic letter (GL) 98-01 guidelines for achieving Y2K readiness by July 1999, and (3) assess the licensee's contingency plans for addressing risks associated with potential events usulting from Y2K problems. The audit team reviewed selected licensee documentation regarding Seabrook's Millennium Project Plan (Seabrook Y2K readiness program) and ' conducted interviews with the cognizant licensee personnel. The results of this audit and subsequent audits at other selected plants will be used by the staff to determine the need for additional action, if any, on Y2K readiness for nuclear power plants.

Based on the audit team's assessment and evaluation of the Seabrook Y2K readiness program, the following observations were made:

1. The Seabrook Millennium Project Plan, Revision 3.0, incorporates several items that reflect an

' increased understanding of Y2K issues that were identified through project self assessments, oversight, and audits since Revision 2 was issued in August 1998.

2. Tbc Seabmok Millennium Project Plan is based on the guidance of NEI/NUSMG 97-07 and NRC Generic letter 98-01 and is well-stmetured and readily useable.

3. The evaluation performed by the station project staffin completing the analysis ofitems is considered to be consistent with the Seabrook Millennium Project Plan. The Seabrook Millennium Project is planned to be completed by July 1999, with the primary exception of the modified Radiation Data Monitor System which is scheduled for installation in the 4th quarter of 1999. The licensee and audit team identified an inconsistency in classification of items in the plan which is being corrected.

4. The Seabrook project is in the remediation phase. The test procedure developed by Seabrook for identifying the Y2K problem and for verifying remediated software and embedded systems is a thorough, detailed procedure that would adequately identify Y2K problems and aid in identifying and correcting the root cause of the problem.

5. De Seabrook Millennium Project Plan Revision 3.0 includes the Contingency Plan based on the guidance in NEI/NUSMG 98-07. The implementation of the plan is scheduled to start in November i

1998.

6. The Seabrook Y2K plan is being coordinated with Independent System Operators New Er gland in order to address electric power supply system availability concerns.

10 Introduction De objectives of the Seabrook Nuclear Generating Station (Seabrook) Y2K Program Audit were to:

1. Assess the effectiveness of the North Atlantic Energy Services Corporation (the licensee) program for achieving Y2K readiness including continued safe operation of the plant as well as compliance with applicable NRC regulations and license conditions with respect to potential Y2K problems.

2. Evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter.(GL) 98-01 guidelines for achieving Y2K readiness by July 1,1999.

3. Assess the licensee's contingency plans for addressing risks associated with potentisl events resulting from Y2K problems.

De audit was conducted in accordance with the established audit plan which was based in part on the guidance and requirements contained in the following documents:

i

!Iof19 7/15/19999:37 AM

n....,~...........

e

- GL 98-01. " Year 2000 Readiness cf Computer Systems at Nuclear Power Plants" 1

- Licensee Response (s) to GL-98-01

- Plant technical specifications and license terms and conditions -

- Applicable NRC regulations

- NEI/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness" Prior to the audit at the plant site, the audit team reviewed the Seabrook Millennium Project Plan, Revision 2.0. Upon commencement of the audit, a copy of the Seabrook Millennium Project Plan Revision 3.0 was made available by the licensee for review during the audit. Attachment 1 is a list of documents reviewed by the audit team.

i The audit process started with an entrance meeting attended by the Seabrook Y2K Sponsor and Y2K Project Manager, other plant personnel, and members of the audit team. Attachment 2 is a list of the r.ttendees. Members of the Seabrook Y2K organization descrfoed the project organization, the project plan, implementation, and the current status.

Subsequent to the entrance meeting, the audit team reviewed the Seabrook Millennium Project Plan, associated project documentation, and communicated with the Seabrook Millennium personnel on an on-going basis to resolve questions as they arose.

2.0 Seabrook Project Description 2.1 Project Organization -

The Seabrook Millennium Project Plan organization consists of the following roles: (1) an Executive Sponsor, who is responsible for strategic project guidance, approval and executive support, (2) a Y2K Sponsor, who is responsible for providing overall guidance and approval on the budget, resources, progress and results, (3) a Y2K' Project Manager, who is responsible for the overall success of the project, including development of the implementation plan, supervising the project team and providing leadership on millennium issues to all station departments, (4) a Y2K project team consisting of the Seabrook Station personnel performing activities r lated to the millennium effort, (5) the software, hardware, and embedded system sponsors; who have primary responsibility for the operation of the item, typically the principal user of the item, and is held accountable for the performance of the item, (6) the software, hardware, embedded system maintainers who have primary responsibility for the maintenance of the item, and the completion of millennium-related tasks, including any remediation, testing and validation, and implementation, (7) the millennium project steering committee, (8) the joint owner audit committee, (9) a contingency plan coordinator who is assigned to facilitate and coordinate the millennium contingency planning effort, (10) 1 the contingency planning team, and (11) a contingency plan technical lead.

The Seabrook licensee participates in group activities related to the Y2K effort with other organizations as 1

follows: NUSMG and NEI, Northeast Energy Alliance (NEA), EPRI, Independent System Operators (ISO)

New England, Sorrento Owners Group, and Westinghouse Owners Group (WOG). The Seabrook licensee will use documentation and test plans from the WOG as they are made available to evaluate Y2K readiness or compliance of identified items within the WOG scope. Additionally, the licensee is engaged in bench-marking and peer review activities with other plants as the opportunity is available. The Seabrook licensee and Florida Power and Light (FP&L) engaged in a bench-marking and peer review activity in June 1998 and established an information exchange to explore the manner in which the Y2K problem was and is being addressed at their plant sites. This type of bench-marking and peer review interface will be scheduled with other utilities as the opportunity occurs.

7/15/1999 937 AM 4 of19

7,

[

.2.2 Projecf Plan The Seabrook Millennium Project Plan, Revision 3.0, dated September 25,1998 is the plant specific Y2K l

renEmans plan developed by the licensee. The goal of the Seabrook Millennium Project is to ensure that the 1

station is Y2K ready by July 1999. The Seabrook Millennium Project began in October 1996. Revision 0 y

cf the Project Plan was issued in the spring of 1997. The Seabrook plan is similar, to the NEI/NUSMG

)

97-07 Nuclear Utility Year 2000 Readiness guidance which was published in the Fall of 1997. The audit team's review found that the Seabrook Millennium Project Plan encompasses the guidance in the

.NEI/NUSMG 97-07, although some differences in activity names / terms exist.

The Implementation Plan of the Seabrook Millennium Project Plan includes the process for awareness,

)

inventory, assessment, remediation, testing, validation, documentation and signoff of items. The plan includes a change management process that allows new items to be added to the inventory, while existing items, plans, strategies and impacts can be re-evaluated and modified if necessary.

l 2.2.1 Awareness 1

The awareness activities are included in the section entitled " Communication Plan," in the Seabrook Millennium Project Plan. The formal Y2K awareness phase of the Y2K program at Seabrook began in 1997. The Y2K problem was brought to the attention of the entire plant via "Seabrook Today," a newsletter published by Nonh Atlantic Communications, and distributed October 23,1997.

Communication and awareness is maintained at all levels throughout the plant. The communication mode and information is tailored to the specific site audience. Seabrook's Millennium Communication Plan is intended to ensure that appropriate plant personnel are aware of the Y2K problem and take suitable action.

The Seabrook licensee uses " communication deliverables" to foster participation and awareness. The

)

following communication deliverables are tailored for their specific audience: project plan revisions,

. project status reports, miliennium item owners and maintainers communication, intemal millennium i

anicles, millennium posters and banners, awareness sessions / presentations, and one-on-one meetings. The audit team reviewed the Seabrook Millennium Communication Matrix which identifies the various audiences and the corresponding awareness communication (s).

'Ibe Seabrook Y2K Readiness schedule is provided in Table 1.

.2.2.2 Initial Assessment What the NEI/NUSMG 97-07 guidance indicates as initial assessment which includes the inventory,-

categorization, classification, prioritization, and analysis of the initial assessment, is described in Seabrook's readiness plan in Section 4.1 Inventory. In Seabrook's readiness plan, the inventory activities includeinventory scope, categorization, classification, and inventory signoff.

The inventory identifies all software items and embedded systems potentially affected by the Y2K L

_ problem. Additionally, because embedded systems are particularly difficult to inventory, the Seabrook project team took added care to ensure that all potentially affected embedded systems and firmware items were included in the inventory. The embedded system inventory was handled by the Seabrook Station Technical Support Department Engineers. Since most of the staff had been at Seabrook since the plant's design phase, there was a great deal of historical knowledge on station systems, procedures, programs, manuals and other documentation pertaining to embedded systems to draw upon. Identification of the embedded systems encompassed system reviews, EPRI database searches and vendor contacts, intemal and

~ external comparisons of inventory data, and knowledge: based decisions.

i 1

9 of 19 7/15/19999:37 AM 1

a aumepwow==== umu

.n....o,,......,............._.._.

The inventory phase ct Seabrook was completed in August 1998.

2.2.3 D.e nme Amanasement Detailed assessmen: re.ults are used to make decisions regarding activities required to ensure the continued operation of the software. Seabrook's readiness plan Section 4.2 Assessment, includes the analysis activity which encompass failure impact, Y2K status and strategy,'and the activities of plann and assessment phase signoff.

Y2K classification at Seabrook is based upon " failure impact" analysis. Failure impact classification is defined as follows:

• Safety Implication - Important to safety of personnel and the public, safety-related controls, performs design basis calculation on nuclear safety-related structures, systems and components, process monitoring used as the basis for operational actions which prevent the release of radioactive material to the environment, and safety-related direct impact.

e Plant Trip - Affects the plant's ability to stay on-line.

• Generation Reduction -Impacts level of power generation.

• Regulatory Requirement - Required by regulators, pertains to a license commitment.

• Business Critical-Important to continuity of business, major impact on service to customers, could result in lost productivity'tc the majority of employees.

• Minimum Impact - Minimal impact to business, services not affected, loss of productivity to some employees.

• No impact - Non-essential, no impact to business operations, no lost productivity.

The Y2K status of systems is idemified as: non-compliant, compliant, in-process, validated, eliminated, or unknown. The plan notes that for vendor responses that indicate an application or device is Y2K ready or compliant, a decision on whether to perform validation testing is required. This decision may be based on failure impact, extent of documentation provided, confidence in the vendor, cnd Seabrook's knowledge a experience with the product.

Once Y2K status is determined, the strategies to achieve compliance or readiness is determined. Strategies identified in the Seabrook Millennium Project Plan are: eliminate, fix, replace, or accept as is. Table 2 provides the inventory ofitems. Of the 1304 items identified,' the Seabrook licensee identified 12 that we found to have safety implications,13 to have implications with respect to plant trip,160 were found to be required by regulations or license, and 800 were found to be significant to business. Table 3 provides th inventory assessment.

One item of the 12 classified as Safety Implication, the Reactor Vessel Ixvel Indication System (RVLIS),

is required by technical specifications (post accident monitoring) and performs high energy line break (HELB) isolation of auxiliary steam, steam blowdown and letdown upon detection of a high temperature condition in the auxiliary building. RVLIS has been identified as not Y2K compliant and is being remediated as part of the WOG Y2K effort. In addition to the testing done by Westinghouse, the licensee plans to do additional testing of the remediated RVLIS at the site.

The folders of items reviewed by the Audit Team are listed inTables 4,1,6, and 2. The team reviewed 10

- items that had safety implications,5 that impact generation reduction,9 that impact plant trip, and 10 that have regulatory impact. (Note: The classification in these tables is defined in Seabrook's North Atlantic Information Manual (N AIM). The NAIM, Revision 4 is effective October 1,1998. In this revision, the classification values (grading) change. All items added to the millennium inventory on or after 10/1/98 will 7/l$/19999:37 AM 6ofl9

~'

use the new software classification values. All items in the millennium database prior to 10/1/98 do not need to be reclassified in the mill:nnium database. Valid values prior to 10/1/98 are: safety critical, mission critical, and non-rated. Valid values 10/1/98 or later are: level A1, Level A2, Level B, level C, levelD).

2.2A Y2KTesting and Validation Testing and validation is performed by the maintainer to ensure that the item is either Y2K ready or compliant. Existing station programs are used for testing. For embedded systems, work requests are written to track and document all testing perfonned. If there are multiple occurrences of an item that is being testal, for example in spare parts, then these items are to be flagged and tracked for testing prior to anticipated failure dates. Depending on the item, Y2K testing may be performed at multiple levels: unit testing which focuses on functionality and compliance testing of a single item; interface testing to determine the ability to process Y2K data from one item to another; and integration testing of the platforms on which the item operates. Documentation requirements for testing / validation includes indication if testing was performed and if not, why. If testing is performed, the test plan checklist is used to ensure rppropriate testing is performed. The test plan checklist includes a review of the following tests: rollovers, high risk dates, leap year, sorting and comparisons, calculations, and interfaces. Testing should ensure that an item is Y2K ready and that no new problems are introduced. Testing is performed in accordance with a Technical Support Group Instruction (TSGI). The audit team reviewed TSGI-13 for general software testing and a draft version of TSGI-14 on embedded systems testing (documents 2 and 3 ofAttachment 1) and witnessed two bench tests of components that utilized TSGI-14 guidance.

2.2.5 Remediation The purpose of remediation is to replace, fix, or eliminate items identified in the assessment as non Y2K compliant. Remediation includes activities that make the item Y2K compliant or ready. Software-based system changes are made in accordance with the NAIM which defines the Software Quality Assurance Program. In the documentation of the remediation of an item, if the item interfaces with other systems, the maintainer identifies the system interfaces so that arrangements can be made for interface testing and scheAn h g, 2.2.6. Regulatory Considerations In implementing the Seabrook Millennium Project Plan the licensee makes use of existing programs and policies to ensure that appropriate reviews and evaluations are performed and documented for regulatory f

compliance. These reviews and evaluations encompass 10 CFR 50.59 reviews, reportability evaluations per 10 CFR 50.72,50.73 and 10 CFR Part 21, and operability determinations as required by technical specifications.

12.7 Contingency Planning j

i The Seabrook licensee's contingency plan addresses Y2K contingency planning management, contingency planning remediation risks, contingency planning internal facility risks, contingency planning external -

risks, and an integrated millennium contingency plan. The steps that Seabrook will take in contingency 9

plannmg include risk identification, event analysis, risk management, and verification.

Individual contingency plans are prepared for items, systems, or events as identified in the Seabrook guidance. Contingency planning remediation risks include risk identification (identified by the maintainer during the remediation and testing and validation phases of the project), event analysis (performed at the

)

tof19 7/15/1999 9:37 AM i

v r

' ww.m w a

~~~~..

initial remediation phase to understand the niture of the challenges to the selected remediation strategy),

risk analysis, and verification. The purpose of the intemal risk contingency is to anticipate and prepare for cvents that could occur due to system failures and reduce their impact on safe operations. Contingency planning external risks covers the means for mitigation of externt.1 millennium events that could compromise safety or continued operation of Seabrook station. One of the external risks to be considered is transmission / distribution system events. Concerns addressed include loss of off-site power, grid instability and voltage fluctuation, load fluctuations and loss of grid control systems. This contingency planning effort included information exchanges with the appropriate Independent System Operators (ISO) '

New England subcommittees with grid control responsibilities.

The contingency plan project organization at Seabrook includes a Contingency Plan Coordinator, and a cross-matrix Contingency Planning Team led by a Contingency Plan Technical Lead. The implementation of the plan is scheduled to start in the later part of 1998. The audit team met with the Technical Lead and members of the Contingency Planning Team and was given an outline of the contingency planning implementation process. The process would start with the systems, components and procedures for safe

- shutdown of the plant and expand to consider systems and procedures for safe continued oper,ation, and, finally include systems and interfaces beyond the station boundary.

2.2.8. Y2K Program Management The Seabrook Y2K program management plan establishes, organizes, manages, and integrates the diversity of activities required to address Y2K readiness. The Y2K readiness activities are covered in the three management areas of risk management, contingency planning, and project internal controls.

Project milestones completed include: development of the communications and awareness plan, the inventory (complete identification and analysis), schedule defined for implementation of corrective actions, and Seabrook Millennium Project Plan Revision 3. Key performance indicators (metrics that measure performance against established goals for each phase of the implementation plan) are used to measure project performance and serve as the basis for monthly reports and appropriate actions to be taken to ensure project schedules are met. To date the established schedules have been met.

The Y2K readiness project is planned to be completed by July 1999, with the primary exception of the Radiation. Data Monitor System testing (for either the replacement Y2K compliant system or the remediatfd system), and its interface testing with system components and the Mait ?lant Computer. This is scheduled for the fall of 1999.

Methods of oversight of the project include management reviews, self assessments and surveillances, and internal and external audits.

_ 2.2.9 Electrical Grid Issues ISO New England has a Year 2000 subcommittee and several subcommittees established to exchange Y2K information, create procedures for testing and remediation, and prepare compliaace assurance statements.

The ISO New England Coordinator in the Seabrook Millennium Project organization is the person responsible for monitoring the status of the ISO efforts through the Generation Subcommittee.

The audit team met with the ISO New England Coordinator assigned to the project. He described > Se activities that have been initiated and planned in the ISO New England organization regarding the Y2K problem as it affects the electric power supply system. The interchange of information between the Seabrook licensee and ISO New England has just begun.

7/15/19999:37 Ah 8 of19

Electrical grid issues are also being addressed in Seabrook's contingency planning for external risks. As indicated in the discussion above, issues pertaining to electric grid availability will be evaluated and p1-ed forin the Seabrook Y2K contingency plan.

3.0 Audit Team Observations hudit team developed the following observations:

L The Seabrook Millennium Project Plan, Revision 3.0, incorporates several items that were being used by the project team members but were not included in Revision 2.0 of the plan, such ras the project test plan checklist and project vendor readiness questionnaire. The changes were the msult ofitems identified through project self assessments, oversight and internal audits performed since Revision 2.0 was issued in August 1998. Revision 3.0 also contains the Contingency Plan.

Revision 3.0 includes a list of documents related to existing station programs and policies for performing the activities and QA measures related to the Y2K problem. The audit team pointed out to the project sponsor and project manager that the guidance on the use of existing station programs and policies appears to be very general and the appropriate use of the documents for specific activities (e.g., activities related to design changes to software, hardware, or embedded firmware) are left to the individual. The project sponsor stated that additional training has been provided to all station staff working on Y2K related activities on the use of existing procedures. Additionally, the majority of the staff at the Seabrook Station has been working in the same technical area since the startup of the station and are well-versed in applying existing procedures and policies to change processes and adverse condition report activities in their area of responsibility.

2. The Seabrook Millennium Project Plan is based on the guidance in NEI/NUSMG 97-07 and NRC Generic Ixtter 98-01. The method for classifying an item was simplified and failure impact is used to classify items in the inventory or analysis phase.

Based on the review and evaluation by the audit team of the plan and its implementation up to the analysis phase, the Seabrook Millennium Project Plan is considered to be well-structured and readily usable. The revisions to the plan are based on the lessons learned and feedback obtained in the use of the plan by the project team members and audit teams.

3. '.iased on the audit team's review and evaluation of the results of the Y2K readiness project to date, the audit team considers the evaluation done by the station project staff in completing the analysis ofite.nr a the inventory to be consistent with the Seabrook Millennium Project Plan. The Seabrook Millennium Project is planned to be completed by July 1999, with the primary exception of the Radiation Data Monitor System discussed in item 7 below.

The audit team identified an inconsistency in how the application of classification as defined in the plan was applied to certain items that were not susceptible to the Y2K problem. The use of failure impact in classifying an item is not dependent on whether an item is affected by the Y2K problem or not. The project manager and team were already aware of this inconsistency since it was identified by an earlier audit and the entire inventory was being re-classified to correct the errors in classification. Additionally, the project staff had been given additional training in this area.

4. The detailed assessment phase includes both analysis and planning. Analysh. includes of19 7/15/1999 9:37 AM L

n.

...y m...

~.

classification based on failure impact, mill nnium status and strategies to achieve Y2K radme<< or compliance. The millennium strategies are: eliminate, fix, replace or accept as is.

The Seabrook project is in the remediation phase and for those items that are in the "Fix"

. category, includes testing to identify the failure mode due to a Y2K problem, followed by

" corrective changes to make the item Y2K ready or compliant. The audit team witnessed bench tests of two components with firmware. These bench tests were based'on the test procedure developed for embedded systems. Based on the witnessing of the tests, the audit

' team considers that the test procedure is a thorough, detailed procedure that would adequately identify Y2K problems and aid in identifying and correcting the root cause of the problem.

5. The Seabrook Millennium Project Plan includes an outline of the Contingency Plan based on NEI/NUSMG 98-07 guidance. The Project Organization includes a Contingency Plan Coordinator, and a cross-matrix Contingency Planning Team led by a Contingency Plan

' Technical 1. cad. The implementation of the plan is scheduled to start in the later part of 1998. The audit team met with the Technical Lead and members of the Contingency Planning Team and was provided with an outline of the contingency planning process.

6. The audit team met with the ISO New England Coordinator assigned to the project, and

, as briefed on the activities that have been initiated and planned regarding the Y2K w

problem as it affects the electric power supply system availability. ISO New England has established sub-committees to exchange Y2K information, create procedures for testing

- and remediation, and prepare compliance' assurance statements.

7. The Seabrook licensee has identified a Y2K problem with the Radiation Data Monitor System (RDMS). The RDMS is a vendor package provide by Sorrento Electric which has been determined to be not Y2K compliant. The vendor has indicated that they have no plans to make this system Y2K compliant. The vendor has identified a work around to provide for RDMS operation if the licensee plans to keep the system. The licensee's strategy for attaining RDMS Y2K compliance / readiness was to investigate alternatives.

Several of the plants that use this device, including Seabrook, have formed a Sorrento Owners Group to address and solve the Y2K problem with this device. The options to date are to either obtain a Y2K compliant replacement system (three vendors have been identified) or to implement the vendor identified work around as discussed below.

The vendor has indicated to their customers that the RDMS cannot properly function with a year identification that ends in 00 (every decade), but that when the year 2000 comes to an end, the system will be able to operate properly in the year 2001. An approach identified -

by the Seabrook licensee is to change the system date to some date in the past when Seabrook was' not tracking data; that is, the date will be setback 28 years. (Initial testing at the Seabrook test bed indicated the RMDS operated with the date of 1972 inserted, but did l

l not function correctly with "00.") Procedurally, the licensee could insert a " dummy" date of say 1978 for the year 2000, and then reset the date correctly to 2001 when that year arrives.

The present schedule calls for having either the RDMS replacement or work around option implemented by the fourth quarter of 1999. (The necessary Main Plant Computer System

' software change to " dummy" a date for the RDMS input is scheduled for November 1998 p

and planned for testing and actual use in the last quarter of 1999.)

i t

J h0 of19 7/15/19999:37 AV s

h

Tchle 1 - Se: brook Mill:nnium Proj:ct Pirn Schedule Activity Staning date Finishing Date Awareness 1997 On-going Initial Assessment May 1,1998 Detailed Assessment / analysis June 15,1998 Remediation November 1998 June 1999*

Contingency Planning i ovember 1998 N

• Except for RDMS which is scheduled for 4th quarter of 1999 Table 2 - Inventory l

Plant Trip /

Safety Generalton Reg.

Business Min. Impact /

Total Implication Reduction Reqmnts Critical No Impact Software items 745 7l 3/1 101 319l 159/155 Embedded items 559 5

10/4 58 298 89/95!

1. Iquipment, firmware, e-prom) l l_,

Table 3 -Inventory Assessmeni l

l IMPACT l

Accept Asis 1 Fix Replace Eliminate l Total l pafety implication l

7 4

1 12l l Plant Trip 13l 13l

' Generation 5

5

! Reduction Regulatory 72 72 11 4

159l

Requirement l

! usiness 322 142 111 42 617i B

Critical l

~

' Minimum 169 44 23 12 248' Impact No lmpact 202 16l 10 22 250' Total 772 296l 156 80 1304 The following systems that have safety implications were reviewed by the audit team.

11 cf 19 7/15/1999 9.37 AIV I

Teble 4 - Saf:ty Implic:ti:ns~

Millennium Item Classification Millennium l

Strategy Impact Status 1

PDS Safety Critical Compliant Accept As Is Safety PDSTRUDL Implication CBS Safety Critical Compliant Accept As Is Safety Containment Building Spray Implication DAPPER Safety Critical Compliant Accept As Is Safety Distribution Analysis For Implication Power Planing SFHX Safety Critical Compliant Accepted As Is Safety Spent Fuel Pool Cooling Heat Implication Exchanger ADL-SK Safety Critical Compliant Accepted As Is Safety Critical ADLPipe Seabrook RC Safety Critical Not Compliant lFix l Safety Ultrasonic Level Monitoring jRequiring Y2K l Implication i esting l

T System FH Safety Critical Not Compliant

[Fix l Safety Fuel Handling System

! Requiring Y2K ; Implication Testing l

t FH1 Safety Critical Not Compliant Fix

' Safety

!Im

, Fuel Handling Machine-MMI Requiring Y2K l plication Testing

[ Safety

RVLIS Safety Critical Not Compliant Fix l Implication.

Reactor Vessel LevelIndication Y2K testing System

, required FIREDET Non Rated Unknown

' Safety

! re Detection System l Replace Fi Implication PROTOFLO Non Rated

Safety Proto Power's Proto-Flo

' Implication Software GTS-GTSTRUDL Safety Critical Compliant Accept As Is Safety Implication SI Mission Critical Not Compliant

'Fix

' Minimum Impact Safety Injection Y2K testing

, required SSPS Non Rated Compliant l Accept As Is

!No Impact

• PDSTRUDL is a digital computer program used for analysis and design of complex structures. The vendor is Phi-Delta, Inc. The vendor certified that dates were not used in the processing of calculations but were used only as a display function on reports. Four digit dates are used.

• CBS - Containment Building Spray system has no date aware equipment.

• DAPPER is an electrical engineering / software tool manufactured by SKM Systems Analysis. Th.e vendor stated that there are no date related calculations and that there are no ku wn problems.

www.skm.com/ year 2000.html

• SFHX is an in-house software program that was developed to account for the available safety margin 7/15/1999 937 Ah 12 cf 19

r-with respect to the spent fuel pool heat exchang rs (performs thermal performance calculations to

/

determine heat removal rate capability.) There is no date in this program. The program language is C.

• ADL-SK ADLPipe is a pc-based digital computer program used for analysis and design of complex piping systems. According to the vendor lthe software is not dependent on calculation of date and/or time in any manner.

• RC-Ultasonic level measuring system is for indication of reactor coolant leyel during reactor coolant mid-loop (reduced inventory refueling) operation only. Initial Y2K testing is being performed by Westinghouse and will be verified by testing by the licensee. A system modification is in progress for installation of a new EPROM. Y2K testing will be integrated w~ith the re-test of the modification.

• FH-Fuel Handling System has the GE Fanuc Programmable Logic Controller (PLC). The GE automation system consists of a series 90-30/90-20 PLC microcontroller. The system is'date & time aware and will be fully tested. Testing will need to be performed during a refueling outage when there is no impact to the refueling schedule.

• FHI-Fuel Handling Machine - Wonderware MMI Software package. The man / machine interface (MMI) to the GE Fanuc PLC is a Wonderware Product which is date and time aware. It will be tested on the refueling machine prior to a refueling outage. The vendor is PAR Systems.

• RVLIS-Reactor Vessel Level Indication System - The RVLIS package will be test:d by Westinghouse and retested by the Seabrook licensee. RVLIS is required by post-accident monitoring technical

- specifications and initiates isolation functions upon indication of a high temperature condition in various locations in the auxiliary building.

• FIREDET-Fire Detection Systems - The licensee is determining whether the system is Y2K compliant.

• PROTOFLO-Proto Power's Proto-Flo Software is written in Visual Basic. According to the vendor, the software is Y2K compliant because dates were not used in processing of calculations but were used as a' display only function in reports.

• GTS-GTSRUDL is a digital computer program used for analysis and design of complex structures.

The vendor is Phi. Delta, Inc. The programming language used is Fortran. According to vendor, the software is Y2K compliant.

• SI-Safety Injection - The SI system flow transmitter is a non-safety related device that is used in the performance of certain inservice testing to quantify or detect leakage through various valves. The transmitter is essentially a stand alone device that performs an indication only function. Should the device fail, for any reason, alternative flow indication on the same test line is avaihble.

• SSPS - Solid State Protection System has no date aware equipment.

j The following table contains the systems that impact power generation reduction which were reviewed by 1

the audit team.

i 3ef19 7/15/19999:37 AM

w umaupmum - ou4

• c Tcble 5 - Generation Reduction Millennium Item Classification Millennium Strategy Impact Status FW Mission Critical Not Compliant Fix Generation Rosemount Smart Transmitter Y2K testing Reduction Field Programmable Device requiredi SY Mission Critical Not Compliant Fix Generation Sequence ofevents recorder Y2K testing Reduction

~

required SY1 Mission Critical Not Compliant Fix Generation Switchyard Digital Fault Y2K testing Reduction Recorder required AS Non Rated Not Compliant Fix Generation Controller for maintaining Y2Ktesting -

Reduction auxiliary boiler steam pressure required TGS Mission CriticalIn Process Fix-Generation Production Tagout System

• FW - The Rosemount Smart Transmitter field programmable device output feeds the calorimetric.

Failure could cause a reduction or increase in power generation and thus potentially violate technical specifications.

• SY Sequence of event recorder - records relay and breaker actuation in the switchyard. These recordings are used in post trip reviews. Without these recordings, a restart following a trip would be extended several days due to the additional trip analysis required. The recorder is date and time aware.

• SY1 Switchyard digital fault recorder-records voltage and current readings in the switchyard. The datt recorded is used for many purposes including post trip analysis. Without these readings, the post trip review could be extended for several days. This recorder also uses the Geographic Position System (GPS) satellite clock.

AS - This is a digital controller for maintaining auxiliary boiler steam pressure by modulating steam flow to one of the feedwater heaters during feedwater prewarming for plant startup. The vendor is Fischer & Porter. The Fischer & Porter controllers will be tested via a blackbox approach. An identical spare will be used from the warehouse and tested in the technical support facility. When performing this testing, the tester will confirm that the controllers have the same chip # and the same version #.

• TGS - The Tagout System stores, manipulates and modifies data associated with the installation and removal of danger, caution, ground and extension control tags in the plant. The current Software Sense Tagout System does not pmperly recognize the year 2000. This software is a package that is written in DBASE and Clipper. Tests were performed to determine if minor changes to the Tagout System written in DB ASE could permit it to function in the year 2000. The tests were successful, therefore, the strategy for Tagout System compliance is to have the vendor make minor changes to the existing system software such that it recognizes and operates in the year 2000.

The following table lists the systems reviewed by the audit team that impact plant trip.

9 7/15/19999:37 Ah 14 of t9

Tchle 6 - Plant Trip Millennium Item Classification Millennium Status' Strategy l Impact j

SUPVSR Mission Critical Not Compliant Fix Plant trip Fischer & Porter Supervisor Y2K testing required DCS Mission Critical Not Compliant Fix' Plant trip

)

DCS Operating System Y2K testing required HD Mission Critical Not Compliant Fix Plant trip HDTC Heater Drain Tank Level Y2K testing Control required SA Mission Critical Not Compliant Fix Plant trip SA Intellisys Y2K testing i

required GSC-COND Mission Critical Unknown Fix

' Plant trip j

GSC Rosemount Conductivity Analyzer MSD Mission Critical Not Compliant

'Fix

' Plant trip Main Stream Drain Y2K testing

, required AR Mission Critical Not Compliant

'Fix

. Plant trip AR-DP Transmitter Y2K testing Pressure Indicators

, required l

IMission Control Not Compliant "Fix Plant trip MS MSRC Moisture Separator Reheater Y2K testing

Control

, required CO HOTWELL Mission Control Not Compliant Fix

' Plant trip i otwellLevelControl Y2K testing H

SUPVSR - The Fischer & Porter Supervisor uses 53SU5000 Supervisor PC equipment and controls each of the Fischer & Porter digital controllers in the plant. Y2K compliance must be verified.

DCS - DCS Operating System - The field installation and testing of the Y2K compliant software will be completed in the next refueling outage by Foxboro. The simulator software should be installed and tested in the last quarter of 1998.

HD HDTC Heater Drain Tank Level Control equipment is a Fischer & Porter 53MC5000 controller and will be tested by the licensee.

SA Intellisys - The Ingersoll-Rand rotary air compressor is a microprocessor control package which will be tested by the licensee.

GSC-COND - GSC Rosemount conductivity analyzer model 1054BLC-01 is under review by the licensee.

MSD - Main Steam Drain - The moisture separator reheater (MSR) drain tank level is controlled via Fischer & Porter 53MC5000 digital controllers. If the controller fails either the unit will trip on a high MSR shell side water level or a pipe break could occur in the MSR drain tank lines to the condenser. These controllers will be bench tested with identical spares and then field tested during a refueling outage.

15 of 19 7/15/19999:37 AM

.m,,.o..,-...

AR - AR-DP Transmitter - These Rosemount 1151 DP5 pressure transmitters auto-start the condens initiating valve opening. Failure could prevent the auto-start feature from operating. This pressure transmitter will be bench tested.

MS MSRC Moisture Separator Reheater Control - These Fischer & Porter 53MC5000 controllers will b bench tested for Y2K compliance followed by a field test during a refueling outage.

CO HOTWELL Hotwell level control - The Foxboro 1/A Series hotwell level program / function equipment will be included in the DCS operating system installation and testing.

The following table is a list of items which have a regulatory requirement impact which were reviewed the audit team.

l Table 7-Regulatory Requirenwnt Millennium Strategy Impact lStatas Millennium Item Classification Mission Critical Not Compliant Fix Regulatory jPAC Y2K testing Requirement

'Public Address System required SM Mission Critical Not Compliant Fix Y2K Seismic Monitoring testing Software required SFD Business Critical'Not Compliant Fix HG Hand Geometry Y2K testing required Mission Critical Not Compliant Fix lNI Y2K testing

Boron Dilution

[ Monitor required lFP COSENTRY Mission Critical Not Compliant Fix Carbon Monoxide Gas Y2K testing Monitoring System required FP Mission Critical Not Compliant Fix Fire Protection Y2K testing required LPMS Mission Critical Not Compliant Fix l Loose parts - Vibration Y2K test Monitor required RAW - RAW-AIX Safety Critical ' Compliant Accept as is Reactor Analysis

, Workstation RDMS Mission Critical Not Compliant Fix 3RDMS DEC PDP/l1 Software S3FINC Mission Critical Not Compliant Fix FixedIncore Analysis Y2K testing 7/15/19999:37 At 16 cf 19

f' l.'

l l

l l required l

l O

PAC - Public Address System - The PAC system is date/ time aware and will be remediated in the 3rd i

quarter of 1998..

SM Seismic Monitoring Software - The seismic monitor is a new hardware and software package, and will be fully tested. The software performs time / history updating. The vendor (Kinemetrics, Inc.) will be contacted in the last quarter of 1998.

SFD HG Hand Geometry - The hand geometty software package will be changed out. However, the present SFD system, including the hand geometry is being made Y2K compliant as a fallback position against unforeseen delays in delivery of the new system. The testing will be scheduled for the first half of 1999, when the new system is installed. Should the hand geometry software fail, all access to the unit would be via manual means.

NI Boron Dilution Monitor - The Gammametrics Shutdown Monitor RCS-30 does not appear to be date aware. However, several clock functions are used and due to its importance to the plant will be evaluated further.

FP COSENTRY - Carbon Monoxide Gas Monitoring System - The Sierra Monitor Corporation gas monitoring system, SPL5000-8R is date aware in that failure occurs with bad date input. The system will be tested and remediated accordingly.

FP Fire Protection - The Simplex 41000 Fire Protection System has been detennined by the vendor to be Y2K compliant. The licensee will verify this determination by testing, j

LPMS Loose Parts Vibration Monitoring - The licensee will replace the entire loose parts monitoring system with a pc-based Y2K compliant system. This is a technical specification required system and its j

inoperability impacts plant operation.

RAW Reactor Analysis Workstation RAW-AIX - The strategy for this item is to accept the statement from IBM that the software is compliant and provide further verification testing using the S3/FINC software to validate this assumption. The product name is AIX, version #4.2, operating system for RS/6000 workstations. (http://www.rs6000. ibm.com/ resource /results/ year.htm)

RDMS RDMS DEC PDP/l1 Software - The RDM3 system runs on a Sorrento Electronics DEC/PDP11 platform. The operating system is RSX-11 and the application is written in FORTRAN. This system is not

{

Y2K compliant. The vendor has indicated that they have no plans to make this system Y2K compliant but

{

has identified a work around if the licensee plans to keep the system. The vendor recommended work j

around is to insert a " dummy" date when data was not being tracked for the year 2000.

S3FINC Fixed Incore Analysis - A contractor has been obtained to perform Y2K testing and verify that the code is Y2K compliant.

Documents Reviewed 187 of 19 7/15/1999 9.37 AM j i

c.

)

1.

1. Seabrook Millennium Project Plan Revision 3.0, prepared 9/24/98, submitted 9/24/98, approved 9/24/98, effective 9/25/98

2. Technical Support Group Instructions, System Engineering Y2K Implementation Plan, TSGI-13 Rev.

00, prepared 9/23/98, approved 9/23/98

3. Technical Support Group Instructions, Y2K Generic Test Instruction For Embedded Equipment, TSGI-14 Rev. 00 Preliminary Draft, prepared 9/28/98

4. North Atlantic Information Manual (NAIM)

Entrance Meeting - September 29,1998 P. Prugnarola Y2K Sponsor - Information Resources Manager N. Durand Y2K Project Manager - Information Services Manager D. Spaulding Electronics Engineer - NRC/NRR/HICB M. Chiramal Senior Level Advisor-NRC/NRR/HICB W. A.DiProfio Station Director J. M. Brand NRC - Region I M. DeBay Assistant Operations Manager J.Linville Acting Chem /HP Manager P.Casey Senior Emergency Planning Coordinator B. Seymour Security & Safety Manager J. Sobotka Reg. Compliance Supervisor G. Mcdonald Nuclear Oversight Consultant T. Feigenbaum North Atlantic-CNO M. Ossing Senior Project Engineer-NAESCO G. Gram Director Support Services R. White Mechanical Engineering Manager J. Watts ~

Sr. Auditor-Audit & Evaluations B. Drawbridge Director of Services S. West Tech. Support, Systems Engineering - RM C. Howard Comp. Eng. Dept. Manager M. Mills Y2K Embedded Systems Coor.

Exit Meeting - October 1,1998 7/15/1999 9.37 AM 18cf19

cf M. Ossing North Atlantic W. A.DiProfio Nonh Atlantic S. Wooley Nonh Atlantic J. Sobotka Nonh Atlantic R. Larson NRC J. Watts Nonh Atlantic C. Howard NAESCO M. Mills NAESCO D. Spaulding NRC G. Gram Nonh Atlantic N. Durand Nonh Atlantic J. Grillo NAESCO M. Chiramal NRC

9 of 19 7/15/1999 9;37 AM i