ML20235L769

From kanterella
Jump to navigation Jump to search
Forwards J Frawley Rept Re Audit of Plant Safety Monitoring Sys Conducted at Westinghouse on 870629-30.Concurrence W/ Findings of Rept Given
ML20235L769
Person / Time
Site: Vogtle  Southern Nuclear icon.png
Issue date: 07/07/1987
From: Hecht H
SOHAR, INC.
To: Beltracchi L
NRC
References
L87-168, NUDOCS 8707160819
Download: ML20235L769 (4)
v  d  e


Text

r l sofar l Incorporated H. Hecht, President 7 July 1987 L87-168 l

Mr. Leo Beltracchi Nuclear Regulatory Commission 7920 Norfolk Ave.

Bethesda MD 20014

Subject:

Audit of Vogtle Plant Safety Monitoring System

Dear Leo:

Enclosea please find the report prepared by Ms. Joanna Frawley on the audit of >

the Vogtie Plant Safety Monitoring System (PSMS) which was conducted at Westinghouse, Pittsburgh PA, on June 29 and 30. I have reviewed the report and concur in its findings.

Sincerely yours,

/VY4f HH:1J Q

Enci.: Audit Report cc: Joanna Frawley 8707160819 870707 PDR ADOCK 05000424 .

P PDR 0g 0

1040 South La Jolla Avenue

  • Telephone (213) 935-7039 S

Other Locations' 8500 Wilshire Bl., #1027, Beverly Hills, CA 90211

  • 5225 Pooks Kill Rd., #1513S, Bethesda, MD 20814 g

REPORT ON THE AUDIT OF THE PLANT MONITORING SAFETY SYSTEM (PSMS)

FOR PLANT VOGTLE WESTINGHOUSE, MONROEVILLE, PA 6/29/87-6/30/87 INTRODUCTION The Vogtle nuclear power station is a new facility which has a Plant safety Monitoring System (PSMS) which is functionally very similar to i that developed by Westinghouse for Houston Light and Power (HL&P) as i part of the Qualified Display Processing System (QDPS). The development of the PSMS occurred after the completion of the QDPS in order that all common software units could be used without repeating the entire verification and validation process on those units.

SCOPE OF THE AUDIT The audit was limited to the verification and validation program for the PSMS computer system and the display of Regulatory Guide 1.97 Class 1E variables.

SCOPE OF THIS REPORT This report summarizes the material presented at the audit, observations based on that material, and conclusions.

SUMMARY

AND OBSERVATIONS ON AUDIT PRESENTATIONS PSMS-HL&P DIFFERENCES

  • HARDWARE In the hardware area, the significant differences are a plant specific display selection keyboard, and one output display per train as opposed to six for HL&P.
  • SOFTWARE The Vogtle PSMS is functionally very similar to the PSMS portion of the South Texas QDPS. The major differences are the plant specific sensor inputs and variables, the output display formats, and the addition of Reactor Vessel Water Level Indication System (RVLIS) to the displays. Vogtle PSMS has a total of 1018 software units of which 136 are not common with HL&P.
  • FUNCTIONAL REQUIREMENTS Plant specific functional requirements documents available at the audit were Post Accident Monitoring System

a Functional Requirements, Reactor Water Vessel Level Indication System Functional Requirements, and Man-Machine i Interface Design Basis and Functional Requirements. These l docun ents and 'the associated functional decomposition

! (requirements matrix) and validation test documents were thoroughly reviewed by the audit team and were judged to be adequate.

VERIFICATION AND VALIDATION PHILOSOPHY

  • V&V PLAN The V&V Plan for Vogtle was- identical to that used for HL&P.
  • INDEPENDENCE The organizational structure and the level of independence of the V&V team was identical to that of HL&P and was judged to be adequate.
  • VERIFICATION PROCESS All new (136) units required for Vogtle were subjected to the same exhaustive verification procedures which were used for HL&P. In addition, all units developed under QDPS which did not yield a one-to-one correspondence were also re-verified.
  • VALIDATION PROCESS Validation procedures were identical to those used for HL&P and included the validation of all plant specific functional requirements, testing for abnormal conditions such as data out of range,.and a prudency review for sound design practices.

Validation testing concentrated on the differences between Vogtle and South Texas with thorough testing to validate that each sensor input mapped properly to each display and that the functional requirements for all new algorithms had been met. In ' the case of algorithms common with HL&P, validation testing was performed to demonstrate that all algorithms were properly installed. This was accomplished by performing a selected subset of the HL&P tests using Vogtle plant specific sensor inputs and variables.

REVIEW OF V&V DOCUMENTATION Two thread paths (following a signal from sensor to display) were examined in detail by the audit team. The first was Auxiliary Feedwater Flow and the second was TCOLD. These

signals were chosen because the functional requirements and the majority of the software units are identical to those used in QDPS so that the audit team would have a basis for determining whether the level of V&V performed was adequate. It was determined that the integrity of all sensor data from input signal to display output was thoroughly validated and the level of validation on all common units was judged to be adequate.

An examination of all V&V trouble and clarification reports revealed no generic problems and no instance where the HL&P V&V should have detected the problem.

PHYSICAL SECURITY, MAINTENANCE,AND CODE MODIFICATIONS The physical cocurity, maintenance, and modification procedures for Vogtle are essentially identical to those for HL&P. These include the following:

No data input devices are connected to the system in normal operation.

  • The input keyboard used to change setpoints and limits is physically removed, requiring keys, passwords, and authorization prior to use.

All maintenance and code modifications will be performed by Westinghouse to the same standards of V&V.

CONCLUSIONS The verification and validation of the Vogtle PSMS system shares the deficiencies noted in the audits of the HL&P QDPS, in particular the absence of verification of the software design to the functional requirements. On the other hand,it also shares with HL&P a VAV process on the software code performed with a high degree rf '. independence of the V&V team from the design team and highly aet> muted and thorough V&V procedures. Following so closely the QDPS effort, the V&V for Vogtle benefitted from the in-place procedures and trained personnel. The V&V of the Vogtle PSMS was judged to be adequate and acceptable.

-3 -

_ ___ _ _ _ _ _- _ _ _ _ - _ _ _ _ . -

Retrieved from "https://kanterella.com/w/index.php?title=ML20235L769&oldid=3189443"