Summary of September 22, 2020, Meeting License Amendment Request to Install Digital Upgrade (EPID L-2020-LLA-0164) (Non-proprietary Version)

ML20288A742
Person / Time
Site:	Waterford
Issue date:	10/22/2020
From:	Audrey Klett Plant Licensing Branch IV
To:	Entergy Operations
Klett A
References
EPID L-2020-LLA-0164
Download: ML20288A742 (19)
v • d • e

Text

OFFICIAL USE ONLY - PROPRIETARY INFORMATION OFFICIAL USE ONLY - PROPRIETARY INFORMATION October 22, 2020 LICENSEE:

Entergy Operations, Inc.

FACILITY:

Waterford Steam Electric Station, Unit 3

SUBJECT:

SUMMARY

OF SEPTEMBER 22, 2020, CATEGORY 1 PUBLIC MEETING WITH ENTERGY OPERATIONS, INC. REGARDING LICENSE AMENDMENT REQUEST TO INSTALL DIGITAL UPGRADE IN ACCORDANCE WITH DIGITAL INSTRUMENTATION AND CONTROL INTERIM STAFF GUIDANCE NO. 06, REVISION 2, LICENSING PROCESSES (EPID L-2020-LLA-0164)

On September 22, 2020, the U.S. Nuclear Regulatory Commission (NRC) staff held a virtual Category 1 public meeting with representatives from Entergy Operations, Inc. (Entergy, the licensee) and Westinghouse Electric Company, LLC. The purpose of the meeting was to discuss Entergys license amendment request dated July 23, 2020 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML20205L587), for the Waterford Steam Electric Station, Unit 3, regarding a replacement to an existing digital core protection calculator system (CPCS). The upgrade, if approved, would replace the existing core protection calculator system with a Common Q-based system. The meeting notice and agenda, dated September 10, 2020, are available in ADAMS under Accession No. ML20254A133. A list of attendees (Enclosure 1) and the meeting summary (Enclosure 2) are enclosed.

During the meeting, the licensee provided a presentation (ADAMS Accession No. ML20288A729).

The NRC staff provided a description of the open items process (Enclosure 3), described the open items list that contains proprietary information (Enclosure 4), and provided a redacted copy of the open items list (Enclosure 5).

The NRC staff has determined Enclosure 4 contains proprietary information pursuant to Title 10 of the Code of Federal Regulations (10 CFR) Section 2.390, Public inspections, exemptions, requests for withholding. The proprietary information is indicated by bold text enclosed with

((double brackets)). Accordingly, the NRC staff has prepared a non-proprietary (redacted) version of the open items list.

to this letter contains proprietary information. When separated from, this document is DECONTROLLED.

OFFICIAL USE ONLY - PROPRIETARY INFORMATION OFFICIAL USE ONLY - PROPRIETARY INFORMATION The NRC staff did not make any regulatory decisions or commitments at the meeting. No members of the public identified themselves on the teleconference.

Please direct any inquiries to me at 301-415-0489 or by e-mail to Audrey.Klett@nrc.gov.

/RA/

Audrey L. Klett, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-382

Enclosure:

1. List of Attendees

2. Meeting Summary

3. Open Items Process Description

4. Open Items List (Proprietary)

5. Open Items List (Non-proprietary) cc: w/o Enclosure 4: Listserv

List of Attendees

LIST OF ATTENDEES SEPTEMBER 22, 2020, VIRTUAL PUBLIC MEETING WITH ENTERGY OPERATIONS, INC., ET AL.

WATERFORD STEAM ELECTRIC STATION, UNIT 3, LICENSE AMENDMENT REQUEST TO INSTALL DIGITAL UPGRADE U.S. Nuclear Regulatory Commission Entergy Operations, Inc.

Steven Arndt, NRR/DEX Jacob Champagne Odunayo Ayegbusi, NRR/DRA/APLB David Constance Eric Benner, NRR/DEX Ron Gaston Cecilia Carson, OGC Loren Miller Calvin Cheung, NRR/DEX/EICB Roger Rucker Samir Darbali, NRR/DEX/EICB John Schrage Jennifer Dixon-Herrity, NRR/DORL/LPL4 Christopher Talazac Greg Galletti, NRR/DRO/IQVB William Truss Jeanne Johnston, NRR/DEX/ELTB Maria Zamber DaBin Ki, NRR/DRO/IOLB Audrey Klett, NRR/DORL/LPL4 Mike Marshall, NRR/DORL/LPL1 Jensen Hughes, Inc.

Singh Matharu, NRR/DEX/EEOB Alan Harris Angel Moreno, OCA Richard Stattel, NRR/DEX/EICB Gregory Suber, NRR/DORL Sargent and Lundy Summer Sun, NRR/DSS/SNSB Pareez Golub Tarico Sweat, NRR/DSS/STSB Shilp Vasavada, NRR/DRA/APLC Justin Vazquez, NRR/DRO/IOLB Westinghouse Electric Company, LLC Michael Waters, NRR/DEX/EICA Steven Merkiel Deanna Zhang, NRR/DRO/IQVB Warren Odess-Gillett Jack Zhao, NRR/DEX/EICA John Wiesemann Members of the Public None introduced

Meeting Summary

MEETING

SUMMARY

BY THE OFFICE OF NUCLEAR REACTOR REGULATION SEPTEMBER 22, 2020, VIRTUAL PUBLIC MEETING WITH ENTERGY OPERATIONS, INC., ET AL.

WATERFORD STEAM ELECTRIC STATION, UNIT 3 LICENSE AMENDMENT REQUEST TO INSTALL A DIGITAL SYSTEM DOCKET NO. 50-382 On September 22, 2020, the U.S. Nuclear Regulatory Commission (NRC) staff held a virtual Category 1 public meeting with representatives from Entergy Operations, Inc. (Entergy, the licensee) and Westinghouse Electric Company, LLC. The purpose of the meeting was to discuss Entergys license amendment request dated July 23, 2020 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML20205L588), for the Waterford Steam Electric Station, Unit 3, regarding a replacement to an existing digital core protection calculator system (CPCS). The upgrade, if approved, would replace the existing CPCS with a Common Q-based system. The meeting notice and agenda, dated September 10, 2020, are available in ADAMS under Accession No. ML20254A133.

During the meeting, the licensee provided a presentation (ADAMS Accession No. ML20288A729).

The licensee described its schedule for the CPCS development and its vendor oversight activities.

The NRC staff discussed a proposed process for open items (OIs). The OIs are NRC staff questions regarding the license amendment request for the staff to track and eventually disposition as requests for additional information, requests for confirmation of information, audits, or as needing no additional action. The OIs list is an informal tool for increasing the efficiency of the NRC review and promoting communication with the licensee. The NRC staff explained how it would process the OIs list. Any licensee-provided responses to the OIs in the OIs list would not be under oath and affirmation and, therefore, not relied upon in the NRCs safety evaluation. Any information the NRC staff needs for its safety evaluation would be requested by request for additional information. The NRC staff also intends to use the OIs list to transmit audit-related requests to the licensee. The NRC staff proposed holding periodic public meetings (e.g., biweekly) to discuss the OIs list with the licensee.

The NRC staff then introduced and discussed the OIs list with the licensee. The proprietary version of the OIs list, which is being withheld from public disclosure, is in Enclosure 3. A redacted copy of the OIs list is in Enclosure 4. The licensee asked clarifying questions about the OIs to better understand the information requested by the NRC.

The NRC staff determined that the reserved, closed portion of the meeting was not needed.

The NRC staff did not make any regulatory decisions or commitments at the meeting. No members of the public identified themselves on the teleconference.

Open Items Process Description

NRCs Open Item List Process for WF3 Digital Upgrade LAR What it is:

Word document containing a table/list of NRC questions re. the LAR for the NRC to track and eventually disposition as RAIs, RCIs, audits, or as needing no additional action.

Informal tool for promoting communication with the licensee.

It is not immediately known if new questions entered into the OI list will be put into the RAI, RCI, or audit processes or not require any additional follow-up.

Why it is used:

To increase efficiency of the review with respect to the RAI, RCI, and audit processes.

To promote open communications with licensee for complicated/complex reviews to help NRC bin questions into the RAI, RCI, and audit processes.

Where it is located:

Initially communicated via NRCs Box system/portal in case the questions or responses contain proprietary information. Licensee would respond via Box by filling out the Licensee Response column of the table.

NRC will make redacted versions of the OI list publicly available in preparation for public meetings and referenced in the public meeting summaries.

NRC Usage:

NRC will create and maintain the table in a word document.

NRC will denote OIs as needing RAI, RCI, Audit, or no follow-up. This designation can occur before or after a licensee responds to an OI.

NRC will provide its proposed mark-up of proprietary information on the Box system via

((double bracketed and bolded text)).

Any requests for documents will become part of an audit (separate from the OI list), and the documents reviewed will be listed in the audit report.

Any in-depth interviews will become part of an audit, and the interview dates and topics will be listed in the audit report.

NRC will send any OI list questions denoted for RAIs or RCIs formally via the RAI/RCI process so that the licensee can respond formally on the docket and under oath &

affirmation.

Licensee Usage:

Licensee is not required to respond to the OI list. However, in past reviews, licensees have responded, which improved NRC review efficiency.

Licensee responses to the OI list, if provided, are not provided under oath & affirmation nor submitted formally on the docket; thus, they are not used or relied upon in NRCs SE.

NRC would request licensee to respond to OIs via the Box portal (and denote any proprietary material in the questions and responses with ((double brackets and bolded text))).

The licensee should not upload any documents requested in the OI List to the Box portal.

These documents will be reviewed in a Certrec Portal as part of an audit.

Use of the Cetrec Portal:

NRC is not requesting the licensee to maintain the OI List on its Certrec portal. If the licensee wishes to for its own purposes, then the NRC requests that the OI-related questions be kept in a Certrec folder or project separate from a licensing audit.

The NRC will request that the licensee maintain only the audit items (e.g., document requests or audit questions) on its Certrec portal.

(Non-proprietary)

Open Items List

No.

IMS ID Topic LAR/

LTR Secti on LAR/

LTR Page NRC Comment / Open Item Description Licensee Response Status

Audit, RAI or RCI No.

Certrec IMS Request ID Format (second column of this table)

A-Audit (Generic/Multiple Documents)

CCF-Common Cause Failure/D3 EQ-Equipment Qualification HFE - Human Factors Engineering PSAI-Plant Specific Action Items RC-Regulatory Commitments RT-Response Time SA-System Architecture SDOE-Secure Development and Operational Environment ST-Surveillance Testing/Self-Diagnostics/SR Elimination SDP-System Development Processes, including SPM PSAIs TS-Technical Specifications VOP-Vendor Oversight Plan 1

ST-01 Self-Tests B.2.5 B-5 The BTP 7-17 Evaluation conclusion states that It is not possible to test self-diagnostics as part of surveillance testing because it would require creating destructive faults within the I&C system, such as Random-Access Memory (RAM) errors.

Though this is a quote out of the Vogtle LAR safety evaluation, it is a statement made by the licensee and not the NRC to address this criterion in BTP 7-17, self-test functions should be verified during periodic functional tests. The interpretation being made that the BTP criterion calls for complete functional testing of the self-diagnostic functions is incorrect. Instead, the BTP states that the licensee should confirm the execution of self-diagnostic tests during plant operation and the NRC staff believes that it is possible to do so by implementing the following necessary plant monitoring activities as already included in the Enclosure for this LAR.

The licensee (Waterford) has addressed this in the LAR as follows:

Post installation, CPCS operability will be verified using 1) the automated diagnostics credited in this LAR (i.e., as described in LTR Appendix B), 2) Technical Requirements Manual (TRM) 3/4.3.1, "Reactor Protective Instrumentation" and associated surveillance procedures; and 3) Waterford TS 6.5.1.8, "Surveillance Frequency Control Program (SFCP). A failure of credited automated diagnostics to detect a fault will be either detected by other diagnostics in the system or by checker(s) of diagnostics. This condition will be alarmed and displayed on the main control room (MCR) operator modules (OM) and/or the main control room annunciators. Upon receipt of an alarm or abnormal conditions, the station operating procedures will require the operators to perform system checks and verify operability of the CPCS deviation / function. The procedure will direct the operator to dispatch a maintenance technician to determine the source of the alarm as needed.

(W3F1-2020-0038 Page 18 of 27)

The NRC staff agrees with the licensees proposed actions in the LAR. So, for this LAR the licensee should cite both the credited self-diagnostic functions in Appendix B and proposed monitoring activities to justify the SR elimination in Section 2.2 of the LAR, not just the Appendix B. However, since Section 2.2 of the LAR cites Appendix B to WCAP-18464 as the sole justification for SR elimination (see Enclosure W3F1-2020-0038, Page 5 of 27) and Appendix B does not include any plant monitoring activity, it could lead to the misunderstanding that if the NRC accepts this LAR, it would also be accepting Appendix B as the only basis for the SR elimination. In addition, the LAR says on Page 18 of 27, in part, that while LTR Appendix B states that monitoring is not required in order to credit self-diagnostic features. The NRC staff does not agree with this statement to address the above criterion in BTP 7-17. Furthermore, Open OFFICIAL USE ONLY - PROPRIETARY INFORMATION 1

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

Appendix B says to leverage the Vogtle LAR for the SR elimination. But, the Vogtle LAR included plant monitoring activities as one of bases for the SR elimination. Therefore, the SR Elimination basis in both Section 2.2 of this LAR and Appendix B will need to include the licensees commitment to perform self-diagnostic monitoring activities and the appendix B interpretations should be revised to establish consistency with the LAR.

2 ST-02 Self-Tests B.2.5 B-6 The bullet item on this page states the following:

Open 3

ST-03 Self-Tests TS BASE S

mark-up 52/377 81/377 Insert C includes the following statement:

The performance of channel checks validates that the self-diagnostics are continuing to perform their self-checking functions.

It is not clear how a channel check can validate performance of self-diagnostics. Please provide clarification to allow the NRC staff to understand how channel checks can validate performance of self-diagnostics.

Open 4

ST-04 Self-Tests B.7.1 B-39 Appendix B of WCAP 18464 contains the following statement:

Open 5

ST-05 Self-Tests B.3.2.

1 B-10 The WCAP 18464 states: IEC 60880 is comparable to IEEE 7-4.3.2, and the staff has found IEC 880 to be an acceptable equivalent.

This was a statement in the NRC original safety evaluation of Common Q which has been superseded.

The statement has been removed from the current Common Q platform TR safety evaluation report.

The NRC does not consider IEC 880 to be an equivalent to IEEE 7-4.3.2. As such, the NRC evaluates all digital systems to the criteria of IEEE 7-4.3.2.

Open REDACTED REDACTED OFFICIAL USE ONLY - PROPRIETARY INFORMATION 2

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

6 SA-01 Sys. Req.

Spec.

LAR 3.1 LTR 3 LTR 5 5-1 The licensee provided two CPCS System Requirements Specification (SyRS) documents: the reference CPCS design (Palo Verde) SyRS (00000-ICE-30158 (LAR Attachment 7 and LTR Reference 2)) and the WF3-specific delta SyRS (WNA-DS-04517-CWTR3 (LAR Attachment 8 and LTR Reference 21)).

The staff noticed that the SyRS for the reference CPCS design (00000-ICE-30158) revision is Revision

14. The SyRS that was reviewed as part of the Palo Verde CPCS upgrade is Revision 7.

The LAR and LTR make several inaccurate statements regarding which revision of 00000-ICE-30158 was previously reviewed by the NRC. For example:

LAR Section 3.1 states: The SyRS project document has a reference design document (Attachment 7), which has been previously reviewed by the NRC, and a delta document (Attachment 8) which describes differences for the Waterford project.

LTR Section 5, item b. states: The base system requirements for the WF3 CPCS is the CPCS System Requirements Specification (Reference 2), which have already been reviewed by the NRC as part of the Palo Verde CPCS replacement.

LTR Section 5.2.4 states As stated earlier, the reference design for the WF3 CPCS replacement is documented in Reference 2. These requirements and their traceability have already been reviewed and approved by the NRC as part of the Palo Verde CPCS replacement.

Again, these statements are inaccurate because the SyRS that was reviewed for the Palo Verde CPCS upgrade review is Revision 7 of 00000-ICE-30158. The staff has not reviewed nor performed traceability of requirements for 00000-ICE-30158 after Revision 7. Additionally, the licensee has not demonstrated in the LAR or LTR that they have performed these activities.

Clarification questions:

Are the statements that the NRC staff had previously reviewed the SyRS (00000-ICE-30158) meant as background information, of for crediting the previous evaluation?

Is the licensee performing independent design quality, traceability and other oversight activities for:

o 00000-ICE-30158 Revision 7?

o 00000-ICE-30158 Revisions 8 thru 14?

o or only for the WF3-specific delta SyRS (WNA-DS-04517-CWTR3)?

Slide 37 of the March 19, 2020 pre-application meeting identified the SyRS as a living document, as defined in ISG-06 (i.e., a document that will be revised as system development activities progress). Please clarify if this statement refers to 00000-ICE-30158, WNA-DS-04517-CWTR3, or both documents.

Open 7

SDP-01 SW Dev Plan LTR Section 5.1.1 This section of the LTR states, Any exceptions to the SPM would be documented in the WF3 CPCS Software Development Plan (Reference 25). The Software Development Plan also includes clarifications to particular items to make clear how certain aspects of the SPM are being fulfilled.

For the ARP, ISG-06, Rev 2 provides guidance on what should be submitted. This includes a summary of the application software planning and processes. The LTR does not provide sufficient information to summarize the differences between the SPM and the WF3 CPCS Software Development Plan in accordance with the guidance of ISG-06, Rev. 2.

Please summarize the differences between the SPM and the WF3 CPCS Software Development Plan.

Open RAI, Audit the SW Dev.

Plan 8

SDP-02 Common Q Changes LTR Section 5.1.6 LTR Section 5.1.6 states in part, Appendix 5 of the Common Q Topical Report (Reference 13) is the output document for the change process described in Reference 12. The document provides a summary of changes and then detailed recording of analysis and/or qualification documents, and a conclusion Open OFFICIAL USE ONLY - PROPRIETARY INFORMATION 3

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

statement on the status of the change relative to the NRC safety conclusions. Reference 13 can be audited by the NRC staff...

The response to SPM PSAI 6 refers to the Common Q PSAI regarding the record of changes, but it does not address the validity of the previously derived safety conclusions if changes have been made to the Common Q SPM. The response to SPM PSAI 1 refers to the WF3 CPCS Software Development Plan and does not identify if there are any exceptions to the SPM (see the previous open item).

LTR Section 6.2.2.16 provides a list of the current product revisions used for the WF3 CPCS project.

However it does not describe whether the new revisions invalidate any of the safety conclusions in the safety evaluation of the Common Q platform. This section also states that WF3 will review the topical report record of changes document in Reference 13 for adequate qualification documentation that the changes do not invalidate safety conclusions in the safety evaluation of the Common Q platform.

It is not clear whether the WF3 review will verify that safety conclusions for the differences will only be on qualification or whether it would include other topics (e.g., software quality, etc.).

9 SW Requirements LTR Section 5.2.5 This section states in part, The allocation of CPCS reference design system requirements (Reference 2) to software have already been accomplished as part of the NRC-approved Palo Verde CPCS replacement. The WF3 delta requirement from the reference design are documented in Reference 21.

These are allocated to software as described in Section 5, item c and documented in the SRS....Similar to the WF3 system requirements specification, the SRS is independently reviewed, approved and baselined as input to the ongoing life cycle activities. In addition the RTM is updated showing the tracing of software requirements to the WF3 system requirements specification (Reference 21).

Based on this description, it is not clear whether the RTM only include requirements on the differences between the WF3 CPCS replacement system/corresponding software requirements and the system requirements/corresponding software requirements in Westinghouse Rev 14 baseline of the CPC system requirements specification or whether it includes all CPCS system requirements. Given that (1) the WF3 system requirements specification only includes deltas between the WF3 CPCS project and the referenced System Requirements Specification of the Common Q Core Protection Calculator System (0000-ICE-30158), Revision 14, and (2) the System Requirements Specification of the Common Q Core Protection Calculator System (0000-ICE-30158) version that was reviewed and approved during the referenced Palo Verde CPCS Digital Upgrade LAR is Revision 7, it is unclear what types of regression analysis have been performed between the Revision 7 and Revision 14 of the System Requirements Specification of the Common Q Core Protection Calculator System to use Revision 14 as the new baseline for the WF3 CPCS project? It is also not clear whether Entergy performed appropriate oversight on the activities related to addressing the differences between Revision 7 and Revision 14 of the System Requirements Specification of the Common Q Core Protection Calculator System.

Open 10 SDP-03 SW Design LTR Section 5.2.8 This section states in part, System Validation Test - this is formal integration testing of the software and hardware performed by the independent test team. The System Validation Test traces the test cases to the WF3 CPCS replacement system requirements specification (Reference 21).

Please explain whether the system validation test only includes test cases for the WF3 CPCS replacement system requirements specification or if it also includes the CPCS reference system requirements specification (Rev. 14).

Open 11 VOP-01 Critical Characteristic s

VOP Sum mary Table of Conten ts It appears that the VOP does not have complete identification of activities for providing oversight of the project and will only be a plan to develop or determine them while the expectation is to have the activities and associated acceptance criteria completed. Examples include:

a. Section 6: Development and Assessment of Potential Project and Technical Risk Factors

b. Section 7: Determine Performance Measures and Acceptance Criteria (Critical Characteristics/Design Artifacts)

Open OFFICIAL USE ONLY - PROPRIETARY INFORMATION 4

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

It is also not clear what oversight activities are associated with Section 7 of the VOP to verify the vendor has satisfied the critical characteristics.

Section 2 of the VOP Summary states in part The level of vendor oversight follows a graded approach, based on project and technical risk factors, which are described in VOP Section 6. All levels of the graded approach will include specifically defined performance measures and acceptance criteria which are described in VOP Section 7. Based on this description, the project and technical risk factors and the performance measures and acceptance criteria for the critical characteristics and programmatic elements should already have been identified in the VOP. This does not appear to be consistent with the titles of Sections 6 and 7.

It is also not clear based on the title of Section 8 in the Table of Contents for the VOP, what Implement Appropriate Oversight Methods will entail.

12 VOP-02 CPP VOP Sum mary Section 2

This section of the VOP Summary, states in part, Monitoring, verification and acceptance phase activities are defined in the Critical Procurement Plan (CPP) during the Planning Phase. Verification can be either through the normal Receipt Inspection process or other activities outlined in the CPP. The Critical Procurement Plan provides a summary of the requirements and necessary actions including on-site services (when required), to ensure that a critical procurement will meet Entergys expectations...The CPP credits the management of procurement risks based on the Westinghouse software verification and validation process, factory acceptance testing, performance of site acceptance testing, and rigorous software testing. QA surveillances will be performed to ensure the approved Westinghouse processes were followed.

Given that the VOP summary states that the CPP will be an input to the VOP, what is the relationship between the CPP and the VOP (e.g., the CPP will be referenced in the VOP or parts of the CPP will be incorporated into the VOP)?

Open 13 VOP-03 Oversight of SPM project-specific instances VOP Sum mary Section 3

This section of the VOP Summary, states in part, Some of the SPM plans will have project-specific instances (i.e., SVVP, SCMP, and Software Test Plan). These project-specific plans will be evaluated to ensure they are developed in accordance with the SPM.

Please explain what specific activities will be performed by Entergy to review these plans and what the acceptance criteria are.

Open 14 VOP-04 V&V VOP Sum mary Section 3

This section of the VOP Summary states that reviews will be performed of V&V for each applicable lifecycle phase for each plan through test.

Please explain what these reviews will entail. For example, will all lifecycle phase design outputs be reviewed and will the review only cover the WF3 project specific application without including the baseline (e.g., Rev. 14 of the System Requirements Specification of the Common Q Core Protection Calculator System (0000-ICE-30158))?

Will Entergy audit the design change packages performed between the previous versions of the System Requirements Specification of the Common Q Core Protection Calculator System (up to Revision 7) and corresponding design and implementation documentation between those versions?

Open 15 VOP-05 Vendor oversight activities VOP Sum mary Section 3

This section lists a number of vendor oversight activities that will be applied to the programmatic elements.

Please explain how the vendor oversight activities correspond to specific programmatic elements.

Open 16 VOP-06 Criterion VII of Appendix B to 10 CFR Part 50 VOP Sum mary

All, Section 8

The VOP Summary does not address Appendix B, Criterion VII, Control of Purchased Items and Services and the VOP Summary language is inconsistent with Criterion VII. Please explain:

Open OFFICIAL USE ONLY - PROPRIETARY INFORMATION 5

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

a. whether the surveillances planned are consistent with source verification. Source verification needs to be performed at intervals consistent with the importance and complexity of the item or service, and shall include monitoring, witnessing, or observing selected activities.

b. how the VOP addresses Control of Suppliers Nonconformances including evaluation of nonconforming items, review of nonconformances to procurement requirements or purchaser-approved documents (e.g., technical or material requirement violated, requirement in supplier documents, which has been approved by the Purchaser, is violated, purchaser disposition of supplier recommendation, verification of the implementation of the disposition).

c. how supplier evaluation and selection, acceptance of items or services, supplier non conformances, including their evaluation and disposition will be documented. Section 8 of the VOP Summary, Documentation, is not clear on this.

17 RT-01

Response

Time LTR 3.2.6 Effect of the CPC Response Time on Thermal Margin Degradation Section 3.2.6 of Attachment 4 in the LAR describes the estimated impact of the CPCS delay time on thermal margin degradation. It indicates that the basis of the estimate is the CEA rod drop time LAR submitted in 2015 that increased the CEA rod drop time in the safety analysis an additional 200 ms due to a hold coil delay that needed to be accounted for. The method used for the CPCS delay time estimate on thermal margin results is to take the thermal margin degradation of the CEA rod drop 200 ms delay and then extrapolate for the increase in CPCS response times.

(1) Discuss acceptability of the extrapolation method used to estimate the effect of the CPCS delay time on thermal margin degradation.

(2) Identify and justify the values of the CPCS delay times used in the thermal margin estimate for each of the applicable transients and accidents listed in Table 3.2.6-1 of Attachment 4.

(3) Discuss what will be done to assure that the values of the CPCS delay time used in the thermal margin estimate are the limiting values applicable to Waterford 3 when the CPCS is installed for operation. Discuss and justify what will be done to assure that the thermal margin estimate for the pre-installed CPCS condition is acceptable, if the values of the CPCS delay time used in thermal margin estimate are not limiting values.

Open 18 CCF-01 CCF LTR 3.2.18 Common Cause Failure Analysis Section 3.2.18 of Attachment 4 in the LAR discusses the common cause failure (CCF) analysis and indicates that the original licensing basis for WF3 assumes a potential CCF of the CPCS and that the replacements of the current digital CPCS with the Common Q platform does not change the WF3 licensing basis for defense in depth and diversity (D3) (see LTR page 3-60). In support of the D3 CCF analysis for WF3 CPC updates, the licensee quoted the NRC safety evaluation (SE) approving the CCF analysis for the Arkansas Nuclear One, Unit 2 ANO-2 original CPC design and Palo Verde Nuclear Generating Station (PVNGS) CPC replacements (see LTR pages 3-61 and 3-62).

LAR Section 2. Licensing Technical Report (LTR), paragraphs 3 - 8 credit the WF3 Anticipated Trip Without Scram (ATWS) Mitigation Systems described in FSAR Chapter 7.8. These paragraphs were added after the draft LAR review pre-application meeting discussions regarding LTR Section 3.2.18.

Please explain if the intent of the new paragraphs in LAR Section 2 is to credit the WF3 ATWS instead of the ANO-2 and PVNGS SEs (LTR pages 3-61 and 3-62), and justify the acceptability.

If the intent is to take credit for the ANO-2 and PVNGS SEs:

(1) Discuss the relevance of the ANO-2 and PVNGS information provided in Attachment 4, Section 3.2.18 of the LAR to WF3 in meeting the requirements of diversity and defense-in depth.

(2) Provide a discussion of why information related to the analog reactor protection system at ANO-2, and the ANO-2 Chapter 15 analysis that credited the backup analog reactor protection system (assuming inoperable CPCS channels) are applicable to Waterford 3.

(3) Reference the NRC SE that approved the D3 CCF analysis for the WF3 original CPC design.

If the requested NRC SE information is not available, justify why it is not available.

Open OFFICIAL USE ONLY - PROPRIETARY INFORMATION 6

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

19 TS-01 Clean TS pages

Encl, Att 2 Cover page Clean TS Pages cover page lists 3/4 2-6a as a clean TS page; however, the mark-up and submitted clean page is numbered 3/4 2-6, not 3/4 2-6a.

Confirm that this was a typo and that the Attachment 2 list entry should be 3/4 2-6 and not 3/4 2-6a.

Open RCI 20 TS-02 Marked up and Clean TS pages

Encl, Att 1

Encl, Att 2 Cover pages Marked up and Clean TS Pages The cover page of Attachment 1 lists page 3/4 10-2 as having mark-ups; however, the marked up version of this page is not provided in the LAR. The cover page of Attachment 2 lists page 3/4 10-2, however, a clean version of this page is not included in Attachment 2 (assuming that the licensee intended to provide a mark-up of page 3/4 10-2).

NRC staff requests the licensee to confirm whether it intended to propose changes to this TS page and, if so, to provide the proposed marked up and clean TS pages.

Open RAI 21 EQ-01 Oversight of EQ VOP Sum mary In the earlier pre-submittal meetings, the licensee stated that it would include the equipment qualification (EQ) for some unqualified items as a licensee commitment. But, in the final pre-submittal meeting, the licensee did not include the commitment and stated that EQ would be performed as part of the VOP.

The VOP Summary does not describe how the VOP will cover the equipment qualification for the unqualified items. Please clarify which VOP Summary section includes the oversight of EQ.

Open Audit the EQ part of the VOP 22 EQ-02 GDC 4 LAR Section 4

Please clarify why the applicable GDC 4 was not addressed and evaluated in Section 4 of the LAR.

Open 23 EQ-03 CPCS components Not Listed in Table 2.1-1 Attach ment 11 Section 2.1 In Section 2.1 it says that the CPCS primary digital components identified in Table 2.1-1 are addressed.

Please list the components which are not addressed in Attachment 11.

Open 24 EQ-04 EQ assessments Attach ment 11 Section 3

In Section 3 it says that an assessment was performed for seismic, environmental, and EMC qualification in Reference 10 and 11 of Attachment. But, except the conclusion statement in Attachment 11, no summary of these assessments is provided.

Please submit on the docket either References 10 and 11 or their assessment summaries for the staffs evaluation.

Open 25 EQ-05 Licensees EQ Summary Report for CPCS Attach ment 11 Attach ment 11 In Attachment 11, it says a few times that the qualification of all components used in the final CPCS design will be addressed in the CPCS equipment qualification summary report for Waterford Unit 3 and will not be addressed in this report (i.e., Attachment 11). However, according to Section D.3 of ISG-06, which says that The NRC staff should verify that the licensee has demonstrated that the system will perform its safety functions under the design-basis conditions at the location in which the equipment will be installed. This information should be found in equipment qualification test plans, methodologies, and test reports.

Please explain the difference between Attachment 11 (Qualification Summary Report for Waterford Unit

3) and the CPCS equipment qualification summary report for Waterford Unit 3 being referred to.

Please explain when the licensees CPCS equipment qualification summary report will be submitted for evaluation.

Open 26 A-01 Audit Documents Audit Documents #1: Please have the following information readily available and accessible for the NRC staffs review via an internet-based portal:

a. Licensee documentation of Common Q platform changes assessment activities performed in accordance with PSAI 6.17 response. (See WCAP-18484 LTR Section 6.2.2.16)

Open Audit OFFICIAL USE ONLY - PROPRIETARY INFORMATION 7

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

b. Common Q Record of Changes document - Updated version of Reference 19 to the Common Q platform safety evaluation, (ADAMS accession No. ML20020A003).

c. The VOP and other documents that are referenced in the VOP that encompass the licensees plan for performing oversight of the vendor for the development of the CPCS. These documents should demonstrate how the licensee will perform vendor oversight in relation to the following system and lifecycle development activities:

o Review of the current Common Q Record of Changes o Verification that Westinghouse complies with the requirements in the SPM for a secure development environment o Equipment Qualification o Verify that Westinghouse properly propagates the response time requirements through the design, implementation, and test of the replacement CPCS

d. Software Development Plan for the Core Protection Calculator System Upgrade, WNA-PD-00594-CWTR3

e. Configuration Management Plan for the Core Protection Calculator System Upgrade Project, WNA-PC-00069-CWTR3

f. Westinghouse organization chart, as referenced in LTR Section 5.2.12, Software V&V Processes

g. Control Panel 7 & 2 Cyber Security Door Lock Plan, ENT-WF3-CPC-115 OFFICIAL USE ONLY - PROPRIETARY INFORMATION 8

OFFICIAL USE ONLY - PROPRIETARY INFORMATION

ML20288A698 (Proprietary) ML20288A742 (Non-Proprietary)

ML20289A267 (Package)

• by e-mail OFFICE NRR/DORL/LPL4/PM* NRR/DORL/LPL4/LA* NRR/DEX/ELTB/BC* NRR/DEX/EICB/BC*

NAME AKlett PBlechman (LRonewicz for)

JJohnston MWaters DATE 10/21/2020 10/20/2020 10/14/2020 10/21/2020 OFFICE NRR/DRO/IQVB/BC*

NRR/DRO/IOLB/TL*

NRR/DSS/STSB/BC* NRR/DSS/SNSB/BC*

NAME KKavanagh CCowdrey VCusumano SKrepel DATE 10/14/2020 10/14/2020 10/21/2020 10/14/2020 OFFICE NRR/DORL/LPL4/BC* NRR/DORL/LPL4/PM NAME JDixon-Herrity AKlett DATE 10/22/2020 10/22/2020