ML21032A013
| ML21032A013 | |
| Person / Time | |
|---|---|
| Site: | Waterford  |
| Issue date: | 02/19/2021 |
| From: | Audrey Klett NRC/NRR/DORL/LPL4 |
| To: | |
| Klett A | |
| Shared Package | |
| ML21032A010 | List: |
| References | |
| EPID L-2020-LLA-0164 | |
| Download: ML21032A013 (40) | |
Text
OFFICIAL USE ONLY - PROPRIETARY INFORMATION OFFICIAL USE ONLY - PROPRIETARY INFORMATION February 19, 2021 LICENSEE:
Entergy Operations, Inc.
FACILITY:
Waterford Steam Electric Station, Unit 3
SUBJECT:
SUMMARY
OF JANUARY 6 AND 21, 2021, CATEGORY 1 PUBLIC MEETINGS WITH ENTERGY OPERATIONS, INC. REGARDING LICENSE AMENDMENT REQUEST TO INSTALL DIGITAL UPGRADE IN ACCORDANCE WITH DIGITAL INSTRUMENTATION AND CONTROL INTERIM STAFF GUIDANCE NO. 06, REVISION 2, LICENSING PROCESSES (EPID L-2020-LLA-0164)
On January 6 and 21, 2021, the U.S. Nuclear Regulatory Commission (NRC) staff held a virtual Category 1 public meeting with representatives from Entergy Operations, Inc. (the licensee) and the licensees contractors. The purpose of the meeting was to discuss the licensees amendment request dated July 23, 2020 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML20205L588), for the Waterford Steam Electric Station, Unit 3, regarding a replacement to an existing digital core protection calculator system. The upgrade, if approved, would replace the existing core protection calculator system with a Common Q-based system. The meetings notice and agenda, dated December 22, 2020, are available in ADAMS under Accession No. ML21036A265. A list of attendees is provided in for both meetings.
During the meetings, the NRC staff discussed its open items list, which is a list of NRC staff questions and informal licensee responses regarding the license amendment request for the NRC staff to track and eventually disposition as requests for additional information, requests for confirmation of information, audits, or as needing no additional action. The proprietary version of the open items list, which is being withheld from public disclosure, is in Enclosure 2. A redacted copy of the open items list is in Enclosure 3.
During the meeting on January 6, 2021, the NRC and licensee discussed Open Item Nos. 17, 25, and 34; the timing of a licensee supplement to its license amendment request that incorporates information discussed in the open items list; and closure of open items. During the meeting on January 21, 2021, the NRC and licensee discussed Open Item Nos. 24, 31, 32, 33, and 35 and the licensees planned supplement. During the closed portion of the meetings, the NRC staff and licensee discussed accessing an online audit portal and proprietary information associated with the open items.
to this letter contains proprietary information. When separated from, this document is DECONTROLLED.
OFFICIAL USE ONLY - PROPRIETARY INFORMATION OFFICIAL USE ONLY - PROPRIETARY INFORMATION The NRC staff has determined that the open items list contains proprietary information pursuant to Title 10 of the Code of Federal Regulations (10 CFR) Section 2.390, Public inspections, exemptions, requests for withholding. The proprietary information is indicated by bold text enclosed within ((double brackets)). The proprietary version of the Open items list is provided as Enclosure 2. Accordingly, the NRC staff has also prepared a non-proprietary version of the Open Items list which is provided as Enclosure 3.
The NRC staff did not make any regulatory decisions or commitments at the meeting. No members of the public identified themselves on the teleconference.
Please direct any inquiries to me at 301-415-0489 or by e-mail to Audrey.Klett@nrc.gov.
/RA/
Audrey L. Klett, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-382
Enclosures:
- 1. List of Attendees
- 2. Open Items List (Proprietary)
- 3. Open Items List (Non-proprietary) cc w/o Enclosure 2: Listserv
List of Attendees
LIST OF ATTENDEES JANUARY 6 AND 21, 2020, VIRTUAL PUBLIC MEETING WITH ENTERGY OPERATIONS, INC., ET AL.
WATERFORD STEAM ELECTRIC STATION, UNIT 3, LICENSE AMENDMENT REQUEST TO INSTALL DIGITAL UPGRADE Attendees at January 6, 2021, meeting:
U.S. Nuclear Regulatory Commission Entergy Operations, Inc.
Eric Benner, NRR1/DEX2 Jacob Champagne Samir Darbali, NRR/DEX/ELTB3 Remy DeVoe Jennifer Dixon-Herrity, NRR/DORL4/LPL45 Loren Miller Greg Galletti, NRR/DRO6/IQVB7 Roger Rucker DaBin Ki, NRR/DRO/IOLB8 John Schrage Audrey Klett, NRR/DORL/LPL4 Christopher Talazac Tarico Sweat, NRR/DSS9/STSB10 Mike Waters, NRR/DEX/EICB11 Jensen Hughes, Inc.
Deanna Zhang, NRR/DRO/IQVB Alan Harris John Dixon, RIV12/DRP13 Sam Graves, RIV/DRS14 Sargent and Lundy Phil McKenna, NRR/DORL Pareez Golub Wendell Morton, NRR/DEX/ELTB Dan Warner, NSIR15/DPCP16/CSB17 Westinghouse Electric Company, LLC Warren Odess-Gillett Members of the Public Matt Shakun None introduced John Wiesemann 1 Office of Nuclear Reactor Regulation 2 Division of Engineering and External Hazards 3 Long Term Operations and Modernization Branch 4 Division of Operating Reactor Licensing (DORL) 5 Plant Licensing Branch IV 6 Division of Reactor Oversight 7 Quality Assurance and Vendor Inspection Branch 8 Operator Licensing and Human Factors Branch 9 Division of Safety Systems 10 Technical Specifications Branch 11 Instrumentation and Controls Branch 12 Region IV 13 Division of Reactor Projects 14 Division of Reactor Safety 15 Office of Nuclear Security and Incident Response 16 Division of Physical and Cyber Security Policy 17 Cyber Security Branch
OFFICIAL USE ONLY - PROPRIETARY INFORMATION Attendees at January 21, 2021, meeting:
U.S. Nuclear Regulatory Commission Entergy Operations, Inc.
Odenayo Ayegbusi, NRR/DRA18/APLB19 Jacob Champagne Eric Benner, DEX Remy DeVoe Samir Darbali, NRR/DEX/ELTB Ron Gaston Greg Galletti, NRR/DRO/IQVB Loren Miller DaBin Ki, NRR/DRO/IOLB Dave Moody Audrey Klett, NRR/DORL/LPL4 Roger Rucker Mike Marshall, NRR/DORL/LPL120 John Schrage Richard Stattel, NRR/DEX/EICB William Truss Summer Sun, NRR/DSS/SNSB21 Mike Waters, NRR/DEX/EICB Jensen Hughes, Inc.
Deanna Zhang, NRR/DRO/IQVB Alan Harris Jack Zhao, NRR/DEX/EICB Dan Warner, NSIR/DPCP/CSB Westinghouse Electric Company, LLC Cale Young, RIV/DRS Warren Odess-Gillett Shiattin Makor, RIV/DRS John Wiesemann Members of the Public None introduced 18 Division of Risk Assessment 19 Probabilistic Risk Assessment Licensing Branch B 20 Plant Licensing Branch I 21 Nuclear Systems Performance Branch
(Non-proprietary)
Open Items List Proprietary information pursuant to Section 2.390 of Title 10 of the Code of Federal Regulations has been redacted from this document.
Redacted information is identified by blank space enclosed within ((double brackets)).
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
- 1.
IMS ID Topic &
(Reviewer)
LAR/LTR Section LAR/ LTR Page NRC Comment / Open Item Description Licensee Response Status Audit, RAI or RCI No.
Acronyms and abbreviations are defined on the last page of this document.
Certrec IMS Request ID Format (second column of this table)
A-Audit (Generic/Multiple Documents)
CCF-Common Cause Failure/D3 EQ-Equipment Qualification HFE - Human Factors Engineering PSAI-Plant Specific Action Items RC-Regulatory Commitments RT-Response Time SA-System Architecture SDOE-Secure Development and Operational Environment ST-Surveillance Testing/Self-Diagnostics/SR Elimination SDP-System Development Processes, including SPM PSAIs TS-Technical Specifications VOP-Vendor Oversight Plan Updated by Entergy on 10/19/20 Proprietary Documents will be uploaded to the Westinghouse Sharepoint site at the below address
((
))
1 ST-01 Self-Tests (Jack Zhao, Richard Stattel, Samir Darbali)
B.2.5 B-5 The BTP 7-17 Evaluation conclusion states that It is not possible to test self-diagnostics as part of surveillance testing because it would require creating destructive faults within the I&C system, such as Random-Access Memory (RAM) errors.
Though this is a quote out of the Vogtle LAR safety evaluation, it is a statement made by the licensee and not the NRC to address this criterion in BTP 7-17, self-test functions should be verified during periodic functional tests. The interpretation being made that the BTP criterion calls for complete functional testing of the self-diagnostic functions is incorrect. Instead, the BTP states that the licensee should confirm the execution of self-diagnostic tests during plant operation and the NRC staff believes that it is possible to do so by implementing the following necessary plant monitoring activities as already included in the Enclosure for this LAR.
The licensee (Waterford) has addressed this in the LAR as follows:
Post installation, CPCS operability will be verified using 1) the automated diagnostics credited in this LAR (i.e., as described in LTR Appendix B), 2) Technical Requirements Manual (TRM) 3/4.3.1, "Reactor Protective Instrumentation" and associated surveillance procedures; and 3)
Waterford TS 6.5.1.8, "Surveillance Frequency Control Program (SFCP). A failure of credited automated diagnostics to detect a fault will be either detected by other diagnostics in the system or by checker(s) of diagnostics. This condition will be alarmed and displayed on the main control room (MCR) operator modules (OM) and/or the main control room annunciators.
Upon receipt of an alarm or abnormal conditions, the station operating procedures will require the operators to perform system checks and verify operability of the CPCS deviation / function.
The procedure will direct the operator to dispatch a maintenance technician to determine the source of the alarm as needed.
(W3F1-2020-0038 Page 18 of 27)
(Entergy 11/3/20 Update)
The LAR Enclosure Section 2.3, Reason for the Proposed Changes, will be revised as follows:
Crediting Self-Diagnostics for TS Surveillance Requirement Elimination The Common Q design also provides additional reliability and operational margin via the self-diagnostics. These self-diagnostics are continually monitoring the health of the hardware and software. Appendix B to the Licensing Technical Report (LTR) (Attachment 4) and the Waterford System Engineer and Operations Actions Supporting TS SR Reduction (LAR Enclosure Section 3.4) provides the ustification to remove selected SRs.
Note: "and the Waterford System Engineer and Operations Actions Supporting TS SR Reduction (LAR Section 3.4) provides the justification to remove selected SRs is new nserted text.
The LAR Enclosure Section 2.4, Description of the Proposed TS Changes, for TS 3.3.1/Table 4.3-1, will be revised as follows:
For row TS 3.3.1/Table 4.3-1, the sentence "LTR Appendix B provides the detailed justification that demonstrates that the self-diagnostics meet the requirements of 10 CFR 50.36 for Closed (V)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION The NRC staff agrees with the licensees proposed actions in the LAR. So, for this LAR the licensee should cite both the credited self-diagnostic functions in Appendix B and proposed monitoring activities to justify the SR elimination in Section 2.2 of the LAR, not just the Appendix B. However, since Section 2.2 of the LAR cites Appendix B to WCAP-18464 as the sole justification for SR elimination (see Enclosure W3F1-2020-0038, Page 5 of 27) and Appendix B does not include any plant monitoring activity, it could lead to the misunderstanding that if the NRC accepts this LAR, it would also be accepting Appendix B as the only basis for the SR elimination. In addition, the LAR says on Page 18 of 27, in part, that while LTR Appendix B states that monitoring is not required in order to credit self-diagnostic features. The NRC staff does not agree with this statement to address the above criterion in BTP 7-17. Furthermore, Appendix B says to leverage the Vogtle LAR for the SR elimination.
But, the Vogtle LAR included plant monitoring activities as one of bases for the SR elimination.
Therefore, the SR Elimination basis in both Section 2.2 of this LAR and Appendix B will need to include the licensees commitment to perform self-diagnostic monitoring activities and the appendix B interpretations should be revised to establish consistency with the LAR.
the CPCS..."
with "LTR Appendix B along with the Waterford System Engineer and Operations Actions Supporting TS SR Reduction (LAR Enclosure Section 3.4), provides the detailed justification that demonstrates that the self-diagnostics meet the requirements of 10 CFR 50.36 for the CPCS..."
2 ST-02 Self-Tests (Jack Zhao, Richard Stattel, Samir Darbali)
B.2.5 B-6 The bullet item on this page states the following:
((
))
(Entergy 11/3/20 Update) PROPRIETARY RESPONSE A.
((
))
B.
((
))
Open This should be an RAI to get this respons e on to the docket.
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
((
))
3 ST-03 Self-Tests (Jack Zhao, Richard Stattel, Samir Darbali)
TS BASES mark-up 52/377 81/377 Insert C includes the following statement:
The performance of channel checks validates that the self-diagnostics are continuing to perform their self-checking functions.
It is not clear how a channel check can validate performance of self-diagnostics. Please provide clarification to allow the NRC staff to understand how channel checks can validate performance of self-diagnostics.
(Entergy 11/3/20 Update) PROPRIETARY RESPONSE The LTR Appendix B will be revised as follows:
((
))
A Channel Check to review that these screens contain no alarms verifies that the system is functioning correctly.
Closed (V) 4 ST-04 Self-Tests (Jack Zhao, Richard Stattel, Samir Darbali)
B.7.1 B-39 Appendix B of WCAP 18464 contains the following statement:
((
(Entergy 11/3/20 Update) PROPRIETARY RESPONSE This is correct. The sentence in the LTR will be revised as follows:
Closed (V)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
))
((
))
5 ST-05 Self-Tests (Jack Zhao, Richard Stattel, Samir Darbali)
B.3.2.1 B-10 The WCAP 18464 states: IEC 60880 is comparable to IEEE 7-4.3.2, and the staff has found IEC 880 to be an acceptable equivalent.
This was a statement in the NRC original safety evaluation of Common Q which has been superseded. The statement has been removed from the current Common Q platform TR safety evaluation report.
The NRC does not consider IEC 880 to be an equivalent to IEEE 7-4.3.2. As such, the NRC evaluates all digital systems to the criteria of IEEE 7-4.3.2.
Consistent with Westinghouse WCAP-18461, the following text will be deleted from the LTR (WCAP-18464):
"B.3.2.1 Common Q Topical Report - NRC Safety Evaluation The Common Q Platform diagnostics were developed under a robust process that was reviewed by the NRC. In 2000, the NRC issued a safety evaluation report (ML003740165, Bibliography 8) on the Common Q Topical Report (CENP-396-P, Rev. 01 which is the predecessor to WCAP-16097-P-A, Reference 4). In that report the NRC acknowledged receipt of Westinghouse document GKWF700777, "Design and Life Cycle Evaluation Report on Previously-Developed Software in ABB AC160, I/O Modules and Tool Software" (Bibliography 9) in support of the commercial dedication of the AC160.
The safety evaluation report states that the, AC160 PDS
[Previously Developed Software] is composed of the AC160 software, S600 I/O Module(s) software, and ABB Tool software. The evaluation is based on the requirements specified in International Electrotechnical Commission (IEC) standard IEC-60880, "Software for Computers in the Safety Systems of Nuclear Power Stations." IEC 60880 is referenced in IEEE 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations". IEC 60880 is comparable to IEEE 7-4.3.2-2003, and the staff has found standard IEC 880 to be an acceptable equivalent.
The Design and Lifecycle Evaluation (DLCE) applies to all aspects of the PDS including the system software that executes the nuclear application program and the diagnostics integrated with the system software. In other words, the same software quality approach applied to both aspects of the system software. The results of this report were discussed with the NRC staff during the licensing of the Common Q platform. The NRC also reviewed this document as part of their review of LAR 19-001 for Closed (V)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Vogtle 3&4 (Reference 42)."
6 SA-01 Sys. Req. Spec.
LAR 3.1 LTR 3 LTR 5 5-1 The licensee provided two CPCS System Requirements Specification (SyRS) documents: the reference CPCS design (Palo Verde) SyRS (00000-ICE-30158 (LAR Attachment 7 and LTR Reference 2)) and the WF3-specific delta SyRS (WNA-DS-04517-CWTR3 (LAR Attachment 8 and LTR Reference 21)).
The staff noticed that the SyRS for the reference CPCS design (00000-ICE-30158) revision is Revision 14. The SyRS that was reviewed as part of the Palo Verde CPCS upgrade is Revision 7.
The LAR and LTR make several inaccurate statements regarding which revision of 00000-ICE-30158 was previously reviewed by the NRC. For example:
LAR Section 3.1 states: The SyRS project document has a reference design document (Attachment 7), which has been previously reviewed by the NRC, and a delta document (Attachment 8) which describes differences for the Waterford project.
LTR Section 5, item b. states: The base system requirements for the WF3 CPCS is the CPCS System Requirements Specification (Reference 2), which have already been reviewed by the NRC as part of the Palo Verde CPCS replacement.
LTR Section 5.2.4 states As stated earlier, the reference design for the WF3 CPCS replacement is documented in Reference 2. These requirements and their traceability have already been reviewed and approved by the NRC as part of the Palo Verde CPCS replacement.
Again, these statements are inaccurate because the SyRS that was reviewed for the Palo Verde CPCS upgrade review is Revision 7 of 00000-ICE-30158. The staff has not reviewed nor performed traceability of requirements for 00000-ICE-30158 after Revision 7. Additionally, the licensee has not demonstrated in the LAR or LTR that they have performed these activities.
Clarification questions:
(a) Are the statements that the NRC staff had previously reviewed the SyRS (00000-ICE-30158) meant as background information, or for crediting the previous evaluation?
(b) Is the licensee performing independent design quality, traceability and other oversight activities for:
o 00000-ICE-30158 Revision 7?
o 00000-ICE-30158 Revisions 8 thru 14?
o or only for the WF3-specific delta SyRS (WNA-DS-04517-CWTR3)?
(c) Slide 37 of the March 19, 2020 pre-application meeting identified the SyRS as a living document, as defined in ISG-06 (i.e., a document that will be revised as system development activities progress). Please clarify if this statement refers to 00000-ICE-30158, WNA-DS-04517-CWTR3, or both documents.
10/28/2020 Update:
(a) As previously described to the NRC during the Acceptance Review discussions:
- The intent of the statements in the Enclosure and LTR, as well as the entire paragraph in the Enclosure, was to communicate that the NRC has reviewed the overall design of the replacement CPC system in a previous license amendment (i.e., PVNGS 1, 2, and 3, Amendment No. 150; ML033030363).
- It was not Entergy's intent to state, or even suggest, that the specific revision of the reference design document that was used for the Waterford CPC replacement (i.e.,
Revision 14) has been reviewed by the NRC, or that the NRC's review of the previous revision (i.e., Revision 7, submitted in ML032830027) could be used for the NRC's review of the Waterford project. However, Entergy understands how the wording of the statement is ambiguous in this respect.
(b) 00000-ICE-30158, Rev 14, System Requirements Specification for the Common Q Core Protection Calculator System, is the basis document for WNA-DS-04517-CWTR3, System Requirements Specification for the Core Protection Calculator System. WNA-DS-04517-CWTR3 is the WF3 delta document for WF3.
Requirements traceability is to WNA-DS-04517-CWTR3.
When WNA-DS-04517-CWTR3, Rev 0, was reviewed and approved for owners acceptance per procedure EN-DC-149, the applicable sections of 00000-ICE-30158, Rev 14, were reviewed. Based on the regression analysis for n-th of kind systems described in WCAP-16096-P, Software Program Manual for Common Q Systems," the only requirements traceability will be for the modified sections provided in WNA-DS-04517-CWTR3. There is a VOP audit action to compare the non-modified sections of 00000-ICE-30158, Rev 14, to the Requirements Traceability as part of the Requirements Traceability Matrix (RTM) VOP Audit.
A regression analysis of the software is at a lower level of review than doing a regression analysis of the System Requirements Specification, and WF3 considered this review to be of greater value that a document review since this include the complete implementation of any changes.
WF3 performed a regression analysis VOP audit of the current Palo Verde code (release 6.7), which was the base line for the WF3 project, to the Palo Verde initial code (release 5.0) to confirm the SPM was followed for design quality, requirements traceability, and IV&V including testing.
(a) Closed (a.1)
Closed (b)
Open (c)
Closed
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION (a.1) The last sentence of the response states that However, Entergy understands how the wording of the statement is ambiguous in this respect. Please explain if the LAR and LTR will be revised to address the ambiguous wording.
00000-ICE-30158, Rev 7 to Rev 13 were not specifically reviewed or audited, since these were not credited for any vendor oversight activity or project activity. The VOP audit of the regression analysis of the software was considered by WF3 to be the best method to access the difference from the Palo Verde software to be used as the baseline for the WF3 software.
(c) Slide 37 of the March 19, 2020 pre-application meeting identified the SyRS as a living document, as defined in ISG-06 (i.e., a document that will be revised as system development activities progress). This statement refers to only WNA-DS-04517-CWTR3 (a.1) Yes, the LAR Enclosure will be revised per the response to SA-01a.
Yes, the LTR Section 3.3.4, System Requirements Documentation (D.2.3.3 and D.2.3.3.1), will be revised as follows:
From: "Reference 2 is the CPCS System Requirements Document. It is the system requirements specification for the reference design for the Common Q CPCS. The reference design system requirements is based on two requirements documents that define the legacy CPCS functionality:
- Functional Design Requirements for a Core Protection Calculator (Reference 36) and
- Functional Design Requirements for a Control Element Assembly Calculator (Reference 37)
The Common Q CPCS reference design system requirements specification (Reference 2) was developed to migrate the functional requirements of References 36 and 37) to a Common Q CPCS architecture. The result was the Palo Verde CPCS implementation.
The existing Waterford CPCS is based on the same two functional design requirements documents (References 36 and 37). Therefore, the CPCS reference design is also applicable to the Waterford CPCS replacement plus additional changes to accommodate plant interface differences, requested licensee improvements, and changes in technology in the Common Q platform."
To: "Reference 2 is the CPCS System Requirements Document for the reference design for the Common Q CPCS. The reference design system requirements is based on two requirements documents that define the legacy CPCS functionality:
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
- Functional Design Requirements for a Core Protection Calculator (Reference 36) and
- Functional Design Requirements for a Control Element Assembly Calculator (Reference 37)
The Common Q CPCS reference design system requirements specification (Reference 2) was developed to migrate the functional requirements of References 36 and 37 to a Common Q CPCS architecture. The result was the Palo Verde CPCS implementation. Note that Revision 7 of Reference 2 (ML032830027) was reviewed by the NRC.
The existing Waterford CPCS is based on the same two functional design requirements documents (References 36 and 37). Therefore, the CPCS reference design is also applicable to the Waterford CPCS replacement plus additional changes to accommodate plant interface differences, requested licensee improvements, and changes in technology in the Common Q platform.
Reference 2 is the current revision of the CPCS System Requirements Document for the reference design.
7 SDP-01 SW Dev Plan (Deanna Zhang Samir Darbali)
LTR Section 5.1.1 This section of the LTR states, Any exceptions to the SPM would be documented in the WF3 CPCS Software Development Plan (Reference 25). The Software Development Plan also includes clarifications to particular items to make clear how certain aspects of the SPM are being fulfilled.
For the ARP, ISG-06, Rev 2 provides guidance on what should be submitted. This includes a summary of the application software planning and processes. The LTR does not provide sufficient information to summarize the differences between the SPM and the WF3 CPCS Software Development Plan in accordance with the guidance of ISG-06, Rev. 2.
Please summarize the differences between the SPM and the WF3 CPCS Software Development Plan.
Entergy Update 11/3/20 The LTR will be revised to include the following:
The WF3 CPCS Software Development Plan (WNA-PD-00594-CWTR3) documents the following alternatives to the Common Q SPM (WCAP-16096-P-A):
Section 5.6.1 of the SPM states:
- 1. IV&V phase summary reports: These reports are issued after each life cycle phase of the IV&V task to summarize the IV&V review. Phase summary reports may be consolidated into a single report if desired. These reports shall contain the following:
- a. Description of IV&V tasks performed
- b. Summary of task results
- c. Summary of discrepancies and their resolution
- d. Assessment of software quality
- e. Recommendations Alternative:
The IV&V activities will be performed at their respective phases per the Software V&V Plan (SVVP); however, the V&V team will not issue phase summary reports after each ife cycle phase. The results of individual tasks are documented, and anomalies are reported in the RITS system for their resolution. A final IV&V report will be issued encompassing all software development phases.
Plan
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Justification:
Due to the limited scope of the project, which is based on a previously completed reference design, the Concept, Requirements, Design, and Implementation phases are mpacted concurrently and iterated frequently. Therefore, having intermediate summary reports does not produce additional value to the stakeholders than what is already being provided through underlying task reports and RITS.
The Phase Summary Report (PSR) is not the only method of gatekeeper for design progression to the next phase.
The design can proceed based on the result of the ndividual tasks. Therefore, the PSR will be produced only once for this project, which will report on all activities, and will serve as the Final IV&V Report. This is an acceptable alternative to SPM Section 5.6.1, since the feedback to design team is provided timely based on formally issued anomalies and other underlying reports.
Section 6.3.2 of the SPM states:
Project-specific software goes to the Lead SW engineer for approval/rejection.
the Lead SW engineer determines the feasibility and appropriateness of project-specific software changes. They sign the form for approval / rejection.
Alternative:
All software modifications shall be documented with a Software Change Request (SCR) via Global nstrumentation and Control Issue Tracking System [RITS].
All functional deviations shall be documented with RITS.
Modifications can be initiated because of a change in functional requirements or because of a functional deviation from the intended functional requirements.
The RITS system does not include a method for the Lead SW engineer to approve a software change request; therefore, an alternative approach for approval by the Lead SW engineer or subsystem lead will be taken.
Justification:
RITS that are identified as functional RITS require approval by a software lead and/or subsystem lead for inclusion in a baseline. The initiator of the functional RITS shall:
- Require a detailed evaluation of the RITS.
- Route the RITS to the software lead or designated subsystem lead for formal approval of the RITS in a baseline through the detailed evaluation.
8 SDP-02 Common Q Changes (Deanna Zhang Samir Darbali)
LTR Section 5.1.6 LTR Section 5.1.6 states in part, Appendix 5 of the Common Q Topical Report (Reference 13) is the output document for the change process described in Reference 12. The document provides a summary of changes and then detailed recording of analysis and/or qualification documents, and a conclusion statement on the status of the change relative to the NRC safety conclusions. Reference 13 can be audited by the NRC staff...
The LTR Section 5.1.6 will be revised as follows:
There have been no changes to the SPM since its approval by the NRC. As a result, the Common Q Record of Changes document will not include any assessments of changes to the SPM.
Closed (V.)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION The response to SPM PSAI 6 refers to the Common Q PSAI regarding the record of changes, but it does not address the validity of the previously derived safety conclusions if changes have been made to the Common Q SPM. The response to SPM PSAI 1 refers to the WF3 CPCS Software Development Plan and does not identify if there are any exceptions to the SPM (see the previous open item).
LTR Section 6.2.2.16 provides a list of the current product revisions used for the WF3 CPCS project. However it does not describe whether the new revisions invalidate any of the safety conclusions in the safety evaluation of the Common Q platform. This section also states that WF3 will review the topical report record of changes document in Reference 13 for adequate qualification documentation that the changes do not invalidate safety conclusions in the safety evaluation of the Common Q platform.
It is not clear whether the WF3 review will verify that safety conclusions for the differences will only be on qualification or whether it would include other topics (e.g., software quality, etc.).
9 SDP-04 SW Requirements (Deanna Zhang Samir Darbali)
LTR Section 5.2.5 This section states in part, The allocation of CPCS reference design system requirements (Reference 2) to software have already been accomplished as part of the NRC-approved Palo Verde CPCS replacement. The WF3 delta requirement from the reference design are documented in Reference 21. These are allocated to software as described in Section 5, item c and documented in the SRS....Similar to the WF3 system requirements specification, the SRS is independently reviewed, approved and baselined as input to the ongoing life cycle activities. In addition the RTM is updated showing the tracing of software requirements to the WF3 system requirements specification (Reference 21).
(a) Based on this description, it is not clear whether the RTM only include requirements on the differences between the WF3 CPCS replacement system/corresponding software requirements and the system requirements/corresponding software requirements in Westinghouse Rev 14 baseline of the CPC system requirements specification or whether it includes all CPCS system requirements.
(b) Given that (1) the WF3 system requirements specification only includes deltas between the WF3 CPCS project and the referenced System Requirements Specification of the Common Q Core Protection Calculator System (0000-ICE-30158), Revision 14, and (2) the System Requirements Specification of the Common Q Core Protection Calculator System (0000-ICE-30158) version that was reviewed and approved during the referenced Palo Verde CPCS Digital Upgrade LAR is Revision 7, it is unclear what types of regression analysis have been performed between the Revision 7 and Revision 14 of the System Requirements Specification of the Common Q Core Protection Calculator System to use Revision 14 as the new baseline for the WF3 CPCS project?
(c) It is also not clear whether Entergy performed appropriate oversight on the activities related to addressing the differences between Revision 7 and Revision 14 of the System Requirements Specification of the Common Q Core Protection Calculator System.
(a) The RTM only includes requirements on the differences between the WF3 CPCS replacement system/corresponding software requirements and the system requirements/corresponding software requirements in the Westinghouse Rev 14 baseline of the CPCS requirements specification.
(b)
(Entergy 11/3/20 Update)
The following summarizes the revisions to 00000-ICE-30158 since Revision 7.
Revision 08 This revision was to change the state of the Operating Bypass Contact annunciator outputs as a result of field installation. Some additional typographical errors and inconsistencies were also corrected.
Change Summary:
Text Main Body Changes
- 1. Corrected Figure 2.1-1.
- 2. Section 2.2.1.5.2.2.1: Deleted "or CPP" from the third bullet.
- 3. Section 2.3.9.6.3: Revised discussion of Operating Bypass relays so that form A contacts are used on all outputs.
- 4. Table 3.1.1.1.7-1: Deleted CPC Trouble for CEAC processor global memory failure.
- 5. Section 3.5.3: Revised to define that an availability analysis shall be performed not a reliability analysis.
- 6. Added requirement for ANSIN45.2.2 Level B storage in new section 3.6.
Appendix Changes:
None Open
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Revision 09 This revision only changed page A121 in the Appendix.
The change was to clarify the calculation of the row index.
Revision 10 This revision incorporates changes to various display pages based on customer comments.
Change Summary:
Text Main Body Changes
- 1. Moved table of Contents prior to the Revision Abstract and increase number of entries.
- 2. Revision 09 was issued with various bookmarks printed as "Error! Reference source not found". Corrected these or removed the reference (pgs 23, 30, 103, 210).
- 3. Section 1.4.2: Removed revision level on CEAPD SysRS (Ref. 1.4.2.9) and added footnote.
- 4. Section 2.1: Reworded last bullet and removed Reference to CEAPD SysRS.
- 5. Section 2.1.1.4.3.4: Clarified and added reference to CEAPD data link section
- 6. Section 2.1.2.2.4.1: added CEA positions to items transmitted to CEAPD.
- 7. Section 2.1.2.2.4.3: Removed reference to CEAPD SysRS.
- 9. Section 2.2.1.4.6: added CRC value to Addressable Constants page.
- 10. Section 2.2.1.4.7: added CRC value to Change Addressable constants page.
- 11. Section 2.2.1.4.12: added missing colon for "Page 3".
- 12. Section 2.2.1.4.19: defined CEA inputs to be displayed as SUBGRPx on this page.
- 13. Section 2.2.1.4.20: Corrected spelling of capability.
- 14. Section 2.2.1.5.2.1.2: clarified trouble alarm occurs for loss of other display.
- 15. Section 2.2.1.5.2.2: Added alarm icon label to sentence.
- 17. Section 2.2.2.4: changed heading text and changed requirements for AI calibration testing for CPC, CPP1, and CPP2 functional tests.
- 18. Section 2.2.2.4: Removed requirement to enable the Exit Functional test icons only if the associated AI calibration is complete. This section was modified to reflect the as implemented software.
- 19. Section 2.2.2.4.6: added section to describe functional test interlock requirements.
- 20. Section 2.3: corrected CEAPD description and removed reference.
- 21. Section 2.3.4.1.3: added missing period to end of
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION sentence.
- 22. Section 2.3.4.4.3.2: corrected description since CEAPD does not use trip buffer data.
- 23. Section 3.1.1.1.6.3.1: added "minimum" to description.
- 24. Section 3.1.1.1.9.13: removed reference to CEAPD and added reference to applicable sections.
- 25. Section 3.1.1.1.9.13.1: Clarified data being sent to CEAPD.
- 26. Section 3.1.1.1.10.3: defined the CEA position data being sent to CEAPD and usage.
- 27. Section 3.1.1.1.10.8: added CEA positions to CEAPD cross channel comparison information.
Appendix Changes:
- 1. Corrected Table of contents to remove "symbol" link after Sec. 3.2.5.6.
- 2. Pg 116: Added IRPC decision statement to reflect text description.
- 3. Pg 217: Added definition of CEAIW.
- 4. Pg 217, 219: Moved all variable definitions to end of section 3.2.6.1.1
- 5. Pg 220: Clarified that CPOS(i,1) is the CEA position of the current execution cycle.
Revision 11 Change Summary:
Text Main Body Changes
- 1. Pg 59 clarified the conditions for taking the CEAC snapshot.
- 2. This revision incorporated changes to the Reactor Power Cutback detection algorithm in Appendix A.
Revision 12 Change Summary:
Appendix Changes
- 1. Pg A224, added footnote for starting the RPC timer.
Revision 13 Change Summary:
Text Main Body Changes
- 1. Page 150, incorporated CAPs Commitment 07-285-W006.02 for both CEACs inoperable.
Revision 14 Change Summary:
Text Main Body Changes
- 1. Re-numbered Sections to match Table of Contents per CAPAL 100074239.
Appendix Changes:
- 1. Correct QHOT definition in Sections 3.2.4.5 & 3.2.4.16 of Appendix A per CAPS #08-315-W001.
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION 11/16/20 Update:
Entergy did not perform a regression analysis between the 00000-ICE 30158 Revision 7 and 00000-ICE 30158 Revision 14 documents. Entergy performed a lower level regression analysis audit of the Palo Verde CPCS software changes between the initial release of the software that was approved by the NRC and the current baseline of the Palo Verde CPCS software. This VOP audit included all software change requests for the Palo Verde CPCS software. These software changes in some cases required a revision to the 00000-ICE 30158. This regression analysis audit is documented in an Entergy regression analysis audit report (AUD-WF3-2019-236-CA058).
There were no hardware design changes to the CPCS since NRC approval.
(c) Reference SA-01a and SA-01b 00000-ICE-30158, Rev 14, System Requirements Specification for the Common Q Core Protection Calculator System, is the basis document for WNA-DS-04517-CWTR3, System Requirements Specification for the Core Protection Calculator System. WNA-DS-04517-CWTR3 is the WF3 delta document for WF3.
Requirements traceability is to WNA-DS-04517-CWTR3.
When WNA-DS-04517-CWTR3, Rev 0, was reviewed and approved for owners acceptance per procedure EN-DC-149, the applicable sections of 00000-ICE-30158, Rev 14, were reviewed. Based on the regression analysis for n-th of kind systems described in WCAP-16096-P, Software Program Manual for Common Q Systems," the only requirements traceability will be for the modified sections provided in WNA-DS-04517-CWTR3. There is a VOP audit action to compare the non-modified sections of 00000-ICE-30158, Rev 14, to the Requirements Traceability as part of the Requirements Traceability Matrix (RTM) VOP Audit.
A regression analysis of the software is at a lower level of review than doing a regression analysis of the System Requirements Specification, and WF3 considered this review to be of greater value that a document review since this include the complete implementation of any changes.
WF3 performed a regression analysis VOP audit of the current Palo Verde code (release 6.7), which was the base line for the WF3 project, to the Palo Verde initial code (release 5.0) to confirm the SPM was followed for design quality, requirements traceability, and IV&V including testing.
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION 00000-ICE-30158, Rev 7 to Rev 13 were not specifically reviewed or audited, since these were not credited for any vendor oversight activity or project activity. The VOP audit of the regression analysis of the software was considered by WF3 to be the best method to access the difference from the Palo Verde software to be used as the baseline for the WF3 software 10 SDP-03 SW Design (Deanna Zhang Samir Darbali)
LTR Section 5.2.8 This section states in part, System Validation Test - this is formal integration testing of the software and hardware performed by the independent test team. The System Validation Test traces the test cases to the WF3 CPCS replacement system requirements specification (Reference 21).
Please explain whether the system validation test only includes test cases for the WF3 CPCS replacement system requirements specification or if it also includes the CPCS reference system requirements specification (Rev. 14).
The intention is to re-run the complete set of PVNGS system tests with the design changes made for the WF3 mplementation. Therefore, no credit is being taken for past system tests.
Closed 11 VOP-01 Critical Characteristics (Deanna Zhang Samir Darbali)
VOP Summary Table of Contents It appears that the VOP does not have complete identification of activities for providing oversight of the project and will only be a plan to develop or determine them while the expectation is to have the activities and associated acceptance criteria completed. Examples include:
- a. Section 6: Development and Assessment of Potential Project and Technical Risk Factors
- b. Section 7: Determine Performance Measures and Acceptance Criteria (Critical Characteristics/Design Artifacts)
(a) It is also not clear what oversight activities are associated with Section 7 of the VOP to verify the vendor has satisfied the critical characteristics.
(b) Section 2 of the VOP Summary states in part The level of vendor oversight follows a graded approach, based on project and technical risk factors, which are described in VOP Section 6. All levels of the graded approach will include specifically defined performance measures and acceptance criteria which are described in VOP Section 7. Based on this description, the project and technical risk factors and the performance measures and acceptance criteria for the critical characteristics and programmatic elements should already have been identified in the VOP. This does not appear to be consistent with the titles of Sections 6 and 7.
(c) It is also not clear based on the title of Section 8 in the Table of Contents for the VOP, what Implement Appropriate Oversight Methods will entail.
(a) Per VOP Section 7, "The scope of vendor oversight is expected to evolve during the project. Project-specific performance measures that warrant vendor oversight are updated as this list changes."
The performance measures are divided into three categories:
Critical Characteristics, Design Artifacts, and Programmatic Elements.
As listed in VOP Section 7, the following activities are used to provide oversight of the each category:
Critical Characteristics:
" Oversight of critical characteristics utilizes the following vendor oversight activities:
- Conducting vendor audits and quality surveillances
- Reviewing WEC design output documents
- Participating in Factory Acceptance Testing
- Conducting Site Acceptance Testing
- Conducting Post-Modification Testing
- Observing or witnessing specific vendor activities
- Capturing issues in WF3/WEC corrective action programs" Design Artifacts:
"Oversight of the design artifacts utilizes the following vendor oversight activities:
- Conducting vendor audits
- Reviewing WEC design output documents (e.g.,
specifications, drawings, analyses)
Open
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
- Providing input to and review/confirmation of specific vendor activities and related information items
- Coordinating multi-disciplined interactions between various stakeholders
- Capturing issues in WF3/WEC corrective action programs" Programmatic Elements:
"Conducting vendor audits
- Reviewing WEC design output documents
- Providing input to and review/confirmation of specific vendor activities and related information items
- Observing or witnessing specific vendor activities
- Participating directly in specific vendor activities
- Coordinating multi-disciplined interactions between various stakeholders
- Capturing issues in WF3/WEC corrective action programs" (b) The acceptance criteria and oversight activities have been identified in VOP Sections 6 and 7. The VOP is a plan and can be revised pending the design/project evolution. As the design/project progresses, it may be necessary to add more acceptance criteria or design artifacts to conduct adequate vendor oversight.
(c) Section 8 is intended to show escalation of oversight methods based on the risk factors. If the risk factors which are periodically evaluated indicate that risks are increasing, then supplemental oversight methods may need to be used.
12 VOP-02 CPP (Deanna Zhang Samir Darbali)
VOP Summary Section 2 This section of the VOP Summary, states in part, Monitoring, verification and acceptance phase activities are defined in the Critical Procurement Plan (CPP) during the Planning Phase.
Verification can be either through the normal Receipt Inspection process or other activities outlined in the CPP. The Critical Procurement Plan provides a summary of the requirements and necessary actions including on-site services (when required), to ensure that a critical procurement will meet Entergys expectations...The CPP credits the management of procurement risks based on the Westinghouse software verification and validation process, factory acceptance testing, performance of site acceptance testing, and rigorous software testing. QA surveillances will be performed to ensure the approved Westinghouse processes were followed.
Given that the VOP summary states that the CPP will be an input to the VOP, what is the relationship between the CPP and the VOP (e.g., the CPP will be referenced in the VOP or parts of the CPP will be incorporated into the VOP)?
As indicated in VOP Section 2, Vendor Oversight Plan (VOP) Scope, "The CPCS Replacement Project Critical Procurement Plan (CPP) (Reference 6), prepared under Entergy procedure EN-MP-100, Critical Procurements (Reference 13), is incorporated by reference into the VOP."
Open 13 VOP-03 Oversight of SPM project-VOP Summary Section 3 This section of the VOP Summary, states in part, Some of the SPM plans will have project-specific instances (i.e., SVVP, SCMP, and Software Test Plan). These project-specific plans will be evaluated to ensure they are developed in accordance with the SPM.
Vendor Oversight Plan Revision 2 was uploaded to Item A-01c for reference. VOP section 7 provides some details on how Entergy will review plans and what acceptance criteria Open
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION specific instances (Deanna Zhang Samir Darbali)
Please explain what specific activities will be performed by Entergy to review these plans and what the acceptance criteria are.
will be used. Specifically, subsection Software Verification and Validation describes acceptance criteria for software V&V detail.
The VOP Plan includes the use of other Entergy processes and procedures.
14 VOP-04 V&V (Deanna Zhang Samir Darbali)
VOP Summary Section 3 This section of the VOP Summary states that reviews will be performed of V&V for each applicable lifecycle phase for each plan through test.
- a. Please explain what these reviews will entail. For example, will all lifecycle phase design outputs be reviewed and will the review only cover the WF3 project specific application without including the baseline (e.g., Rev. 14 of the System Requirements Specification of the Common Q Core Protection Calculator System (0000-ICE-30158))?
- b. Will Entergy audit the design change packages performed between the previous versions of the System Requirements Specification of the Common Q Core Protection Calculator System (up to Revision 7) and corresponding design and implementation documentation between those versions?
- a. VOP Revision 2 was uploaded to item A-01c for reference. Section 2 discusses the overall review process, ncluding the relationship to risk ranking and how items are reviewed. Section 7 (specifically Design Artifacts and Programmatic Elements subsections) discusses the reviews throughout the life cycle development.
n summary, the VOP, when executed by WF3, does ensure that Westinghouse executes the CPCS system and software lifecycle development consistent with the LAR.
The execution of the VOP includes other processes, and procedure EN-DC-149 is used for owner acceptance of design artifacts.
EN-DC-149 Rev 15 "Acceptance of Vendor Documents" attached in IMS
- b. This question is similar to the question asked in item SA-01b and SDP-04c. These responses to those items describe how the SyRS was reviewed and how previous revisions were handled.
Additionally, there was discussion on this topic during the VOP audit meeting on 11/19/2020 Open 15 VOP-05 Vendor oversight activities (Deanna Zhang Samir Darbali)
VOP Summary Section 3 This section lists a number of vendor oversight activities that will be applied to the programmatic elements.
Please explain how the vendor oversight activities correspond to specific programmatic elements.
VOP Revision 2 has been attached to item A-01c for reference. Section 7 (specifically, Programmatic Elements and Quality Assurance subsections) discuss in detail how vendor oversight activities correspond to specific programmatic elements.
Open 16 VOP-06 Criterion VII of Appendix B to 10 CFR Part 50 (Deanna Zhang Samir Darbali)
VOP Summary
- All, Section 8 The VOP Summary does not address Appendix B, Criterion VII, Control of Purchased Items and Services and the VOP Summary language is inconsistent with Criterion VII. Please explain:
- a. whether the surveillances planned are consistent with source verification. Source verification needs to be performed at intervals consistent with the importance and complexity of the item or service, and shall include monitoring, witnessing, or observing selected activities.
- b. how the VOP addresses Control of Suppliers Nonconformances including evaluation of nonconforming items, review of nonconformances to procurement requirements or purchaser-approved documents (e.g., technical or material requirement violated, requirement in supplier documents, which has been approved by the Purchaser, is violated, purchaser disposition of supplier recommendation, verification of the implementation of the disposition).
- a. VOP Audits and WF3 Quality Assurance (QA) surveillances (EN-QV-108, QA Surveillance Process) are used in conjunction with the CPCS Replacement Project Critical Procurement Plan (CPP), CPP-WF3-2019-002, to provide adequate vendor oversight as defined in the Vendor Oversight Plan.
Per EN-QV-108, a surveillance is "a process of reviewing or observing an activity, process, or end product to verify that certain actions have been or are being accomplished to obtain desired results. This includes the terms Monitoring, Observations, Walk-downs, Site Vendor Audit, and Source Verification. A surveillance activity is normally documented as a surveillance report." In addition, "Surveillances may not be used in lieu of a required audit."
Open
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
- c. how supplier evaluation and selection, acceptance of items or services, supplier non conformances, including their evaluation and disposition will be documented. Section 8 of the VOP Summary, Documentation, is not clear on this.
- b. The VOP incorporates the Critical Procurement Plan (CPP-WF3-2019-002) and specific existing Entergy QA procedures by reference, including EN-QV-108 (QA Surveillance Process). The CPP ensures adequate and timely Supplier QA involvement. Additionally, Work Tracking items (within Entergy's PCRS program) track development of QA surveillances. Procedure EN-LI-102 controls the Entergy Corrective Action Program.
- c. As discussed in VOP-06b, the Critical Procurement Plan (CPP) is incorporated by reference in the Vendor Oversight Plan (VOP). The CPP provides details Entergy's Supplier QA involvement. Additionally, within the CPP, an evaluation template is used to evaluate the different categories in the project to discrete criteria. If that criteria is not currently available, a tracking action is created to ensure the criteria s evaluated and accepted. The CPP is controlled by Entergy procedure EN-MP-100.
17 RT-01 Response Time (Summer Sun, Samir Darbali)
LTR 3.2.6 Effect of the CPC Response Time on Thermal Margin Degradation Section 3.2.6 of Attachment 4 in the LAR describes the estimated impact of the CPCS delay time on thermal margin degradation. It indicates that the basis of the estimate is the CEA rod drop time LAR submitted in 2015 that increased the CEA rod drop time in the safety analysis an additional 200 ms due to a hold coil delay that needed to be accounted for. The method used for the CPCS delay time estimate on thermal margin results is to take the thermal margin degradation of the CEA rod drop 200 ms delay and then extrapolate for the increase in CPCS response times.
(1) Discuss acceptability of the extrapolation method used to estimate the effect of the CPCS delay time on thermal margin degradation.
(2) Identify and justify the values of the CPCS delay times used in the thermal margin estimate for each of the applicable transients and accidents listed in Table 3.2.6-1 of Attachment 4.
(3) Discuss what will be done to assure that the values of the CPCS delay time used in the thermal margin estimate are the limiting values applicable to Waterford 3 when the CPCS is installed for operation.
(4) Discuss and justify what will be done to assure that the thermal margin estimate for the pre-installed CPCS condition is acceptable, if the values of the CPCS delay time used in thermal margin estimate are not limiting values.
10/15/2020 Update:
(1.1)
Follow-up question to OI 17(1): The last paragraph of the response states that In addition, the reload analyses will incorporate the new CPC response times Please clarify the methods that will be used for performing the reload analysis.
(3.1) Follow-up question to OI 17(3): The first sentence of the response states that The response times calculated in WNA-CN-00572-CWTR3 for the CPCS are bounded by the current response time requirements specified in the reference design (00000-ICE-30158).
Please clarify the adequacy of the response time requirements specified in the reference design in terms of the thermal limits (i.e., DNBR and LHGR) calculation.
(1) Waterford 3 letters W3F1-2015-0040 [Reference 1]
and W3F1-2015-0061 [Reference 2] submitted a control element assembly drop time increase request to the NRC. This request was approved under Waterford 3 license amendment 246 [Reference 3].
Letter W3F1-2015-0061 provided the limiting events results with a control element assembly drop time increase of 200 milliseconds. The W3F1-2015-0040 and W3F1-2015-0061 results can be used to extrapolate the new CPC time impacts on the analysis results. The letter W3F1-2015-0061 showed small changes for the 200 milliseconds and within the acceptance limits. It is reasonable to use the same extrapolation to judge that the analysis results will remain within the acceptance limits (i.e., the largest delay is 53.5 msec). In addition, the reload analyses will incorporate the new CPC response times to ensure the accident analyses thermal margin requirements cover any analysis impacts.
References
- 1. W3F1-2015-0040, License Amendment Request to Revise Control Element Assembly Drop Times, July 2, 2015 [ADAMS Accession Number ML15197A106].
- 2. W3F1-2015-0061, Supplement to Revise Control Element Assembly Drop Times Associated with Technical Specification 3.1.3.4, August 13, 2015
[ADAMS Accession Number ML15226A346].
- 3. NRC License Amendment 246, Control Element Assembly Drop Times, November 13, 2015 [ADAMS Accession Number ML15289A143].
(1.1) The actual WF3 CPCS calculated response times will be used as input for the reload analysis.
Open
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION (2) The identification and justification for the CPCS delay time values in the thermal margin estimate for each applicable transient and accident listed in Table 3.2.6-1 is documented in Westinghouse document LTR-GIC-20-003, Waterford 3 CPCS Response Time Information for FSAR and Technical Specification. A 2nd document, WNA-CN-00572-CWTR3, Core Protection Calculator System Response Time Calculation provides the response time calculation for the WF3 CPCS. Both of these can be submitted to the NRC.
WNA-CN-00572-CWTR3, Core Protection Calculator System Response Time Calculation was attached to the LAR. LTR-GIC-20-003, Waterford 3 CPCS Response Time Information for FSAR and Technical Specification is on the Westinghouse document portal.
See OI 26 (h)
(3) The response times calculated in WNA-CN-00572-CWTR3 for the CPCS are bounded by the current response time requirements specified in the reference design (00000-ICE-30158). The response time testing conducted during FAT and post installation testing will confirm that the system meets these response time criteria.
(3.1) It is LTR-GIC-20-003 that correlates the response time calculated in WNA-CN-00572-CWTR3 to the various CPCS trips. LTR-GIC-20-003 describes the adequacy of the new response time requirements. After further investigation, it was determined that the revised calculated response times are not bounded by the reference design, and the WF 3 SyRS, WNA-DS-04517-CWTR3, needs to specify these new response time requirements. A Westinghouse Corrective Action Issue Report (IR-2020-11971) was issued accordingly. A new revision 5 of WNA-DS-04517-CWTR3 with the new response time requirements is now issued.
The Licensing Technical Report is not impacted by this revision because the LTR only referred to the Palo Verde response times and stating that WF3 specific response times would be calculated.
Resolution. WNA-DS-04517-CWTR3, Revision 5 will be docketed by 12/31/2020.
(4) LTR Section 3.2.6 states, As part of the normal fuel reload process, Waterford runs the safety analysis of
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION record with the WF3 CPCS calculated response times to validate that acceptable margin is maintained. It is the fuel reload process performed under 10 CFR 50.59 that evaluates the results of the rerun of the safety analysis prior to core reload. If the results become more limiting, the analyses results will be evaluated against the 10CFR50.59 criteria. If the 10CFR50.59 criteria requires NRC approval, then a new submittal will be generated. Based upon previous analysis impacts, it is expected that the response time changes will be covered in the reload under 50.59.
In addition, Waterford 3 letter W3F1-2015-0062
[Reference 1] NRC request for additional information question #8 describes the Westinghouse reload process.
Reference
- 1. W3F1-2015-0062, Control Element Assembly Drop Times Submittal Request for Additional Information, September 23, 2015 [ADAMS Accession Number ML15268A019].
18 CCF-01 CCF (Summer Sun, Samir Darbali, Richard Stattel, Jack Zhao)
LTR 3.2.18 Common Cause Failure Analysis (updated 10/05/2020)
Section 3.2.18 of Attachment 4 in the LAR discusses the common cause failure (CCF) analysis and indicates that the original licensing basis for WF3 assumes a potential CCF of the CPCS and that the replacements of the current digital CPCS with the Common Q platform does not change the WF3 licensing basis for defense in depth and diversity (D3) (see LTR page 3-60).
In support of the D3 CCF analysis for WF3 CPC updates, the licensee quoted the NRC safety evaluation (SE) approving the CCF analysis for the Arkansas Nuclear One, Unit 2 ANO-2 original CPC design and Palo Verde Nuclear Generating Station (PVNGS) CPC replacements (see LTR pages 3-61 and 3-62).
LAR Section 2. Licensing Technical Report (LTR), paragraphs 3 - 8 credit the WF3 Anticipated Transients Without Scram (ATWS) Mitigation Systems described in FSAR Chapter 7.8. These paragraphs were added after the draft LAR review pre-application meeting discussions regarding LTR Section 3.2.18.
(a) Please explain if the intent of the new paragraphs in LAR Section 2 is to credit the WF3 ATWS instead of the ANO-2 and PVNGS SEs (LTR pages 3-61 and 3-62).
In a public meeting held September 22, 2020, the licensee discussed open item 18, Common Cause Failure Analysis, and indicated that it would rely on the information related to the ATWS mitigation systems in FSAR Section 7.8 to address the open item 18 for the CCF analysis.
(a) The intent of the new paragraphs in Enclosure to Entergy letter number W3F1-2020-0038, dated July 23, 2020, Section 3, Technical Evaluation, sub-section 2, Licensing Technical Report (LTR) is to credit the WF3 ATWS instead of the ANO-2 and PVNGS SEs described in Attachment 4 of the Enclosure to Entergy letter number W3F1-2020-0038 (WCAP-18484-P, Licensing Technical Report for the Waterford Steam Electric Station Unit 3 Common Q Core Protection Calculator System"). The W3F1-2020-0038 Enclosure Section 3, Technical Evaluation, sub-section 2, provides the justification of the acceptability of crediting ATWS for CPCS failure to trip due to a CCF.
(b) Background.
- 1. The of the ANO-2 CPCS to perform its normal function was considered by the NRC and documented in NUREG 0308 Supplement 1, "Safety Evaluation Report related to the operation of Arkansas Nuclear One, Unit 2, dated June 1978. Supplement No. 1 to Appendix D of the Safety Evaluation Report documents the basis for the NRCs approval. In summary, analog backup trips exist for five (5) of the six (6) credited events, as well as 5 other events.
The CEA misoperation event does not have a backup Open
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION (b) Since the licensee is crediting ATWS, please describe how the ATWS analysis is sufficient to address a CCF failure of the replacement CPCS for the events which credit the CPCS.
(c) Please discuss the current technical and licensing basis for the current digital CPCS and whether the Common Q platform maintains this technical and licensing basis for defense in depth and diversity (D3).
(d) Please address inconsistencies in the LAR and Section 3.2.18 of the LAR Attachment 4 to reflect the information used for supporting the D3 discussion related to CCF of the CPCS.
10/28/2020 Update:
(d.1) The second paragraph in LAR Section 3, sub-section 2, Licensing Technical Report (LTR), refers to LTR Section 3.2.18 and the ANO-2 and PVNGS evaluations. Please explain if this paragraph will also be revised.
11/10/2020 Update:
(c.1) The response to item (c) suggests that conformance with BTP 7-19 is not required.
However, LAR Section 4.1 Applicable Regulatory Requirements/Criteria lists BTP 7-19. LTR Section 3.2.18 also identifies BTP 7-19. Please clarify if the LAR and LTR will be revised to remove references to BTP 7-19?
analog reactor trip. Automatic reactor trips have not been provided in previous Combustion Engineering protection system designs for this event. In the unlikely event that a CEA deviation event, which required a reactor trip, occurred without a CPC trip, the operator would get alarms from COLSS on CEA position and flux tilt similar to the non-CPCS plants. Operators could then initiate a manual trip. The conclusion documented in Appendix D of Supplement 1, Section D.2 is that the backups to the CPCS failure to trip at ANO-2 are acceptable.
- 2. In NUREG 787, "Safety Evaluation Report related to the operation of Waterford Steam Electric Statipn, Unit No. 3,"
dated July, 1981, Section 7.2.3, the NRC wrote:
The CPCs were not reviewed, per se, at Waterford 3. The staff has taken the operating experience of ANO-2, the previous review, and acceptance of the ANO-2 CPCs, and the similarity of the Waterford 3 and ANO-2 CPCs, into account in reaching this decision.
- 3. In NUREG 0787 Supplement 5, Section 4.4.2 dated June 1983, the NRC indicated that the CPCS/CEACs are essentially the same as the ANO-2 Cycle-2 CPCs and since the ANO-2 CPC/CEAC were approved by the NRC staff (July 21, 1981 Memorandum), the review of the Waterford 3 CPC/CEAC concentrated on the software modifications and its implementation. Because there is no additional documentation in any of the subsequent supplements, the implicit conclusion is that the acceptability of the CPCs failing to meet design function at ANO-2 also applies to Waterford 3.
- 4. FSAR Section 7.2.1 describes the Reactor Protection System (RPS). FSAR Section 7.2.1.1.8 describes how the system is designed to eliminate credible multiple channel failures originating from a common cause. This section applies to all of the RPS, which includes CPCs. This section is unchanged since Revision 0 of the FSAR (circa 1985)
Discussion The CPC digital upgrade project does not alter how the diversity within the RPS is achieved, as described in the FSAR 7.2.1.1.8. However, industry and regulatory developments over the past 35 years have provided further improvements to address reactor protection systems common cause failures. The most noteworthy is the Anticipated Transient Without Scram (ATWS) rule (i.e.,
10 CFR 50.62). Implementation of the ATWS Mitigation System is described in FSAR section 7.8. The system is designed to mitigate the consequences of Anticipated
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION Operational Occurrences (AOOs) coupled with a failure of the RPS to trip the reactor. The Diverse Reactor Trip System (DRTS) provides an independent means of sensing a high pressurizer pressure and then de-energizing the MG set output contactor coils that provide the power to the Control Element Drive Mechanisms, and subsequently trip the reactor.
The NRC provided the acceptance for the Waterford 3 ATWS mitigating systems design in the Safety Evaluation dated September 8, 1989 (ML8909180108). The NRC inspection of Compliance with the 10 CFR 50.62 (ATWS Rule) is documented in Inspection Report 89-39 dated December 5, 1989 (ML8912110063). There were no violations or deviations noted in the report concerning the implementation of the ATWS system at Waterford 3.
The ATWS system at Waterford 3 is a more rigorous backup to a postulated common cause failure of the CPCS relative to reliance on the NRC's evaluation of a similar system at ANO-2. The ATWS system at Waterford 3 is plant specific, incorporated in the design basis, and is continually evaluated as the overall plant design evolves.
Both the extended power uprate and replacement steam generator projects resulted in evaluations of the ATWS mitigating systems to ensure the major plant changes did not negatively impact the ATWS systems (SGT-LTR-TDA-09-20, Evaluation of Anticipated Transients Without Scram (ATWS) Rule Compliance for Waterford 3 with RSGs and a Full Core of NGF Fuel Conclusion The function of the CPCS to calculate and provide LPD and DNBR trip signals to the RPS to prevent fuel damage during AOOs is unchanged. The features of the RPS which provide analog trips as a backup to failure of the CPCS to cause trips is unchanged as a result of the CPCS digital upgrade project. However, since initial startup of Waterford 3, the implementation of the ATWS rule provides complete protection of the fuel for AOOs that should result in the RPS tripping the reactor. The ATWS systems are independent from the RPS, have been inspected by the NRC and continually evaluated for impacts as the plant design evolves.
(c) Entergy Update 11/3/20 The technical and licensing basis for the existing CPCS are the following sections of the WF3 UFSAR:
- Chapter 7.2 (Since the CPCS is an integral part of the Reactor Protective System, the CPCS basis is described throughout the section. Note Section 7.2.1.1.8 establishes
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION the licensing basis for diversity against a predictable common failure mode)
- Appendix 4.3A.5.2 & 4.3A.5.3 To summarize what is described in UFSAR Chapter 7.2.1.1.2.5, the basic architecture for the CPCS is a four channel computer system (i.e., Core Protection Calculator
[CPC]) that calculates these parameters and initiates reactor trip signals to the analog reactor protection system. This basic architecture also includes two computers (CEAC 1 and CEAC 2) that calculate a CEA position penalty factor used by all four CPC computers.
The WF3 I&C architecture mirrors the echelons of defense described in NUREG 6303, Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems, to protect the health and safety of the public. The first echelon is the non-safety control systems which controls the nuclear plant process within its technical specification limits. The second echelon of defense is the plant protection system to automatically shutdown reactivity and provide heat removal in case of an accident. And the third echelon of defense is the manual indications and controls to allow operators to manually control the plant. In addition to these echelons of defense, there is an ATWS system to protect the health and safety of the public should an anticipated transient occur without a scram.
This plant modification only impacts the second echelon of defense, the plant protection system, and in particular the reactor protection system. The WF3 operating license allows for a computerized digital system to calculate and initiate a reactor trip on low DNBR and High LPD in support of the WF3 accident analysis, as described in the WF3 UFSAR Chapter 7.2.1.1.2.5. As summarized above and described in detail in WF3 UFSAR Chapter 7.2.1.1.2.5, the basic architecture for this aspect of the reactor protection system is a four channel computer system (i.e., CPC) that calculates these parameters and initiates reactor trip signals to the analog reactor protection system. This basic architecture also includes two computers (CEAC 1 and CEAC 2) that calculate a CEA position penalty factor used by all four CPC computers. This plant modification does not invalidate the diversity claims in UFSAR Section 7.2.1.1.8.
The Common Q CPCS upgrade preserves this basic architecture but improves upon it by multiplying the number of CEAC computers from two to eight (2 in each channel) to improve system reliability. There are still four
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION independent CPC channels calculating DNBR and LPD as in the existing architecture. Therefore the D3 strategy for WF3 is not impacted by this plant modification.
There are no plans at this time to replace any of the non-safety plant control systems with the Common Q platform which could potentially impact the WF3 D3 strategy.
Should the PPS be replaced with a digital system, then compliance to BTP 7-19 would be required.
(d) Attachment 4 of the Enclosure to Entergy letter number W3F1-2020-0038 (WCAP-18484-P, Licensing Technical Report for the Waterford Steam Electric Station Unit 3 Common Q Core Protection Calculator System"), Section 3.2.18 will be revised to delete reference to the ANO-2 diversity analysis and refer to the LAR for the D3 assessment for the Common Q CPCS.
(d.1) Yes, LAR Enclosure Section 3.2, Licensing Technical Report (LTR) will be revised as part of a LAR Supplement. The following paragraph will be deleted:
"LTR Section 3.2.18 describes the NRC evaluation of the first CPCS at Arkansas Nuclear One, Unit 2 (ANO-2) in NUREG-0308, "Safety Evaluation Report Related to the Operation of Arkansas Nuclear One, Unit 2," Supplement 1 (i.e., the ANO-2 NRC SER) in regards to CPCS Common Cause Failure (CCF). This was also the evaluation the NRC staff referred to in their PVNGS safety evaluation for the Common Q CPCS upgrade license amendment (Reference 6.10, Section 3.4.6.11). The NRC cited the ANO-2 evaluation to conclude, in part, that CCF is adequately addressed for the Common Q CPCS replacement for PVNGS. The Waterford LTR included this as part of the reference design licensing precedence."
(c.1) In LAR Section 4.1, "Applicable Regulatory Requirements/Criteria", under the bullet, "The applicable portions of the following branch technical positions within NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition" (SRP), Chapter 7, "Instrumentation and Controls,"
as follows:"; the sub-bullet "Branch Technical Position 7-19, "Guidance for Evaluation of Diversity and Defense-In-Depth in Digital Computer-Based Instrumentation and Control Systems", will be removed.
In regards to the LTR, Section 3.2.18, "Common Cause Failure (CCF)", the 1st paragraph in that section will be deleted removing the citation to BTP 7-19.
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION 22 EQ-02 GDC 4 (Jack Zhao, Samir Darbali)
LAR Section 4 Please clarify why the applicable GDC 4 was not addressed and evaluated in Section 4 of the LAR.
A LAR Supplement will contain a revision to LAR Section 4, Regulatory Evaluation. This revision will include the following:
"10 CFR 50, Appendix A, GDC 4 requires that the core protection calculator system (CPCS) be designed and qualified to operate under the environmental conditions associated with normal operation, maintenance, testing, and postulated accidents, including loss-of-coolant accidents. The protection system shall also be appropriately protected against dynamic effects. The CPCS equipment qualification is contained in the Equipment Qualification Summary Report (EQSR) which is referenced n the LTR (Reference 35)."
Closed (V) 23 EQ-03 CPCS components Not Listed in Table 2.1-1 (Jack Zhao, Samir Darbali)
Attachme nt 11, Section 2.1 In Section 2.1 it says that the CPCS primary digital components identified in Table 2.1-1 are addressed. Please list the components which are not addressed in Attachment 11.
The following components are covered by the subsequent EQSR:
((
))
Closed 24 EQ-04 EQ assessments (Jack Zhao, Samir Darbali)
Attachme nt 11, Section 3 In Section 3 it says that an assessment was performed for seismic, environmental, and EMC qualification in Reference 10 and 11 of Attachment. But, except the conclusion statement in 1, no summary of these assessments is provided.
Please place on the portal either References 10 and 11 or their assessment summaries for the staffs evaluation.
(Depending on the information contained in these references, either excerpts or the entire of documents mentioned in the response may need to be docketed.)
References 10 and 11 will are now in the Westinghouse ERR.
(PDF files CN-EQT-19-11_Revision_0.pdf and CN-EQT 12_Revision_0.pdf are in the Westinghouse ERR under the folder "Open Item 24 (EQ-04)".)
Open This should be an RAI to get this respons e on to the docket 25 EQ-05 Licensees EQ Summary Report for CPCS (Jack Zhao, Samir Darbali)
Attachme nt 11 In Attachment 11, it says a few times that the qualification of all components used in the final CPCS design will be addressed in the CPCS equipment qualification summary report for Waterford Unit 3 and will not be addressed in this report (i.e., Attachment 11). However, according to Section D.3 of ISG-06, which says that The NRC staff should verify that the licensee has demonstrated that the system will perform its safety functions under the design-basis conditions at the location in which the equipment will be installed. This information should be found in equipment qualification test plans, methodologies, and test reports.
(a) The LTR, Section 4, states, Further equipment qualification testing and/or analysis of lower level CPCS equipment such as HSL modems, power supply assembly, interposing relays is required after the detailed hardware design is complete.
Closed (V)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION (a) Please explain the difference between Attachment 11 (Qualification Summary Report for Waterford Unit 3) and the CPCS equipment qualification summary report for Waterford Unit 3 being referred to.
(b) Please explain when the licensees CPCS equipment qualification summary report will be submitted for evaluation.
(The EQ Summary report for additional items, EQ-QR-412-CWTR3, Revision 0 mentioned in the response may need to be docketed.)
1 summarizes the generic qualification performed on the Common Q platform to demonstrate that the platform can meet site environmental requirements. The subsequent EQSR is to summarize the EQ for the detailed design implementation of the CPCS. (See the response to OI #23)
(b) The EQ Summary report referenced in the LTR, EQ-QR-400-CWTR3, Rev 0, "Core Protection Calculator System Primary Digital Components Qualification Summary Report for Waterford Unit 3" was attached to the LAR.
The EQ Summary report for additional items, EQ-QR-412-CWTR3, Revision 0, "Core Protection Calculator System Upgrade Project Equipment Qualification Summary Report for Waterford Unit 3" is now available and is in the Westinghouse ERR per request A-01 n.
UPDATE: EQ-QR-412-CWTR3, Revision 1 will be docketed by 12/31/2020.
26 A-01 Audit Documents Everyone Audit Documents #1: Please have the following information readily available and accessible for the NRC staffs review via an internet-based portal:
- a. Licensee documentation of Common Q platform changes assessment activities performed in accordance with PSAI 6.17 response. (See WCAP-18484 LTR Section 6.2.2.16)
- b. Common Q Record of Changes document - Updated version of Reference 19 to the Common Q platform safety evaluation, (ADAMS accession No. ML20020A003)
(Reference 13 of LAR).
- c. The VOP and other documents that are referenced in the VOP that encompass the licensees plan for performing oversight of the vendor for the development of the CPCS.
These documents should demonstrate how the licensee will perform vendor oversight in relation to the following system and lifecycle development activities:
o Review of the current Common Q Record of Changes o Verification that Westinghouse complies with the requirements in the SPM for a secure development environment o Equipment Qualification o Verify that Westinghouse properly propagates the response time requirements through the design, implementation, and test of the replacement CPCS
- d. Software Development Plan for the Core Protection Calculator System Upgrade, WNA-PD-00594-CWTR3
- e. Configuration Management Plan for the Core Protection Calculator System Upgrade Project, WNA-PC-00069-CWTR3
- f. Westinghouse organization chart, as referenced in LTR Section 5.2.12, Software V&V Processes
- g. Control Panel 7 & 2 Cyber Security Door Lock Plan, ENT-WF3-CPC-115 New for 9/30/2020 Comments from the licensee or staff on each portal document.
- a.
Provided in the WEC SharePoint
- b.
Waterford 3's Vendor Oversight Plan (VOP-WF3-2019-00236) Revision 2 has been uploaded to this response. Of particular note, VOP section 7 discusses how WF3 will review the Common Q record of changes (Physical Critical Characteristics subsection), how WF3 will verify Westinghouse complies with requirements in the SPM (Design Artifacts and Secure Development Environment subsections), and documents that the response time will be confirmed to meet the SyRS (Performance Critical Characteristics subsection).
- c.
Located in WEC SharePoint
- d.
Located in WEC SharePoint
- e.
See Attachment 1 of the VOP and WEC SharePoint Entergy Uploaded Organization chart to IMS (11/3/20 Update)
- f.
Entergy Uploaded to IMS (11/3/20 Update)
- g.
Provided in response to OI 17.2, WEC Uploaded to SharePoint (11/3/20 Update)
- h.
There is not a WF3 CPC project-specific Software Safety Plan, Section 3, Software Safety Plan, of the Common Q Software Program Manual is followed.
WCAP-16096-P R5 is the SPM used for the CPC project.
Entergy upload to IMS 10/19/20
- j.
Located in WEC SharePoint
- k.
Provided in the WEC SharePoint Open Audit
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
- h. Document that identifies and justifies the values of the CPCS delay times used in the thermal margin estimate for each of the applicable transients and accidents listed in Table 3.2.6-1 of Attachment 4.
- i.
N/A Software Safety Plan for the Core Protection Calculator System Upgrade
- j.
SPEC-10-00001-MULTI, 73.55 Fleet Strategy Implementation - Fiber Optic Cable Common-Procurement Specification (Reference 40 of the LTR)
- k. AC160 CPU Loading Restrictions, Document Number AN03007Sp (SyRS Reference 1.4.2.12)
New for 10/15/2020
- l.
Project Management Plan for the Waterford 3 Core Protection Calculator Upgrade, GPEP-PMP-2019-000020, Revision 1
- m. WF3 Project Quality Plan New for 10/28/2020
- n. Subsequent EQSR (see open item 23)
- o. Waterford Unit 3 Common Q Implementation - Non-LOCA Evaluation of Updated CPCS Response Times, LTR-TA-20-4, Revision 0 (LTR Reference 24)
- p. PO 10587546 - CPC, CEAC, CEAPDS Single Channel and Four Channel Components
- q. PO 10591996 - Input / Output (I/O) Simulator Components
- r. SPEC-18-00005-W, Rev 0
- s. CPCS Replacement Project Critical Procurement Project (CPP), CPP-WF3-2019-002 (WTWF3-2019-00236)
- t. EN-MP-100, Critical Procurements
- u. EN-DC-115, Engineering Change Process
- v. EN-IT-104, Software Quality Assurance Program
- w. 00000-ICE-36369, Rev. 02, CPC Timing Analysis for the Common Q Core Protection Calculator System New for 11/10/2020
- x. EN-DC-149, Acceptance of Vendor Documents
- y. Waterford 3 Core Protection Calculator System Safety Function Table, LTR-TA 154, Revision 0
- z. Entergy Quality Assurance Program Manual New for 12/07/2020 aa. Entergy Specification SPEC-18-00005-W, Revision 0, Core Protection Calculator Purchase Specification, April 2, 2019.
bb. Westinghouse Letter CWTR3-19-21, Revision 2, Transmittal of Westinghouse Final Compliance Matrix for SPEC-18-00005-W, June 28, 2019.
cc. Westinghouse Calculation Note CN-EQT-19-6, Revision 0, Determination of In-Equipment Response Spectra for Waterford Unit 3 Core Protection Calculator System, August 12, 2019.
- l.
WEC Uploaded to SharePoint (11/3/20 Update)
- m. Provided in the WEC SharePoint
- n.
Provided in the WEC SharePoint
- o.
Entergy Uploaded to IMS (11/3/20 Update)
- p.
Entergy Uploaded to IMS (11/3/20 Update)
- q.
Entergy Uploaded to IMS (11/3/20 Update)
- r.
Entergy Uploaded to IMS (11/3/20 Update)
- s.
Entergy Uploaded to IMS (11/3/20 Update)
- t.
Entergy Uploaded to IMS (11/3/20 Update)
- u.
Entergy Uploaded to IMS (11/3/20 Update)
- v.
WEC Uploaded to SharePoint (11/3/20 Update)
- w. Located in IMS
- x.
Located in WEC SharePoint
- y.
Requested and received during the 11/19/20 VOP Audit
- z.
Located in IMS aa.
bb. Located in WEC SharePoint cc. Located in WEC SharePoint dd. Located in WEC SharePoint ee. Located in WEC SharePoint ff.
Located in WEC SharePoint gg. Located in WEC SharePoint hh. Located in WEC SharePoint ii.
Located in WEC SharePoint jj.
Located in WEC SharePoint kk. Located in WEC SharePoint ll.
Located in WEC SharePoint mm. Located in WEC SharePoint nn. Located in WEC SharePoint oo. Located in WEC SharePoint pp.
qq. Located in WEC SharePoint rr.
Located in IMS ss. Located in IMS tt.
Located in IMS uu. Located in IMS vv. Located in IMS ww. Located in IMS xx. Located in IMS yy. Located in IMS zz. Located in IMS aaa.
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION dd. Westinghouse Document WCAP-16166-P Supplement 1-E09, Revision 1, Equipment Qualification Report for AC160 Platform - AI687 and AI688 Modules and Supporting Components for Use in Common Qualified (Common Q) Post Accident Monitoring System.
ee. Westinghouse Document WCAP-16166-P Supplement 1-E05, Revision 5, Equipment Qualification Report for AC160 Platform - PC Node Box / Flat Panel Display System Components.
ff. Westinghouse Document 00000-ICE-37778, Revision 0, Qualification Summary Report for the PVNGS Common Q Based CPCS.
gg. Westinghouse Document 00000-ICE-37764, Revision 4, Summary Qualification Report of Hardware Testing for Common Q Applications.
hh. Westinghouse Document 00000-ICE-37773, Revision 0, Supplemental Qualification Test Report for Common Q Applications.
ii. Westinghouse Document CN-EQT-20-7, Revision 0, Seismic Evaluation of Waterford Unit 3 Auxiliary Protection Cabinet, May 11, 2020.
jj. Westinghouse Document CN-EQT-20-5, Revision 1, Qualification Evaluation of Core Protection Calculator System Equipment for Waterford Unit 3 Main Control Room, August 27, 2020.
kk. Westinghouse Test Report, EQLR-463, Revision 0, Electromagnetic Compatibility Report for the Waterford 3 Core Protection Calculator Upgrade Equipment, August 2020.
ll. Westinghouse Document EQLR-470, Revision 0, Mild Environment Test Report for the Core Protection Calculator System Equipment, September 2020.
mm. Westinghouse Document EQ-TP-496-CWTR3, Revision 0, Environmental Test Procedure for the Core Protection Calculator System Equipment, June 2020.
nn. Westinghouse Document EQLR-475, Revision 0, Seismic Qualification Test Report for the Core Protection Calculator System Equipment, September 2020.
oo. Westinghouse Document EQ-TP-499-CWTR3, Revision 0, Seismic Test Procedure for the Core Protection Calculator System Equipment, July 2020.
pp. CN-EQT-20-2 (see OI#32)
New for 12/##/2020:
qq. Human Factors Engineering Guideline for the Common Q Display System, WNA-IG-00871-GEN, Westinghouse Electric Company LLC (HFE) rr. NMM Procedure EN-DC-163, Human Factors Evaluation (HFE)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION ss. NMM Procedure EN-TQ-212, Conduct of Training and Qualification (HFE) tt. NMM Procedure EN-AD-101, NMM Procedure Process (HFE) uu. NMM Procedure EN-TQ-201, Systematic Approach to Training Process (HFE) vv. NMM Procedure EN-DC-115, Engineering Change Process (HFE) ww. LO-HQNLO-2018-00081, CPCS Benchmarking Report (HFE) xx. LO-HQNLO-2019-00086, CPCS Benchmarking Report (HFE) yy. NMM Procedure EN-PL-101, Entergy Nuclear Organization and Functional Structure (HFE) zz. NUREG 0787 27 A-02 Audit Activities Everyone
- 1. Requirements Traceability Demonstration - show how requirements from the reference CPCS design (Palo Verde) SyRS (00000-ICE-30158) and the WF3-specific delta SyRS (WNA-DS-04517-CWTR3 are traced all the way through testing.
Audit 28 A-03 VOP Audit Activities (Deanna Zhang Samir Darbali)
VOP Audit Discussion Requests:
- 2. Discuss responsibilities of Entergy CPCS Project Digital or I&C Engineer in Section 5
- 3. Discuss risks identified in Table 5-1; specifically the risk associated with Hazards
- 4. Walk through of Section 7 and discuss performance measures, acceptance criteria and their relationships to specific oversight activities (Entergy 11/3/20 Update)
- 1. The acronym FME is Foreign Material Exclusion. The Critical Procurement Plan describes project considerations in accordance with Waterford's FME program.
The acronym DWGS is for drawings.
See VOP Audit Questions Document Audit 29 SA-02 CPU Load Limit (Samir Darbali)
LTR 3.2.7.2.7 3-34, 3-35
((
))
((
))
The LTR, Section 3.2.7.2.7 will be updated with the following additional items:
((
))
Closed (V)
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
((
))
30 SA-03 CPU Load Limit /
VOP (Samir Darbali, Deanna Zhang)
((
))
12/10/2020 Update:
30.1 Please explain if implementation of all system requirements defined in 00000-ICE-30158 (applicable to Waterford 3 CPCS as identified in WNA-DS-04517-CWTR3) will be ensured via the RTM.
((
))
((
))
Open RAI Audit 31 EQ-06 Two Open Items Unresolved in the New EQ Summary Report (Jack Zhao)
EQ-QR-412-
- CWTR3, Rev. 0 The new EQ Summary Report, EQ-QR-412-CWTR3, Rev. 0 contains two open items which have not been resolved in the report. Whats the schedule to resolve these two open items and to then revise this new EQ Summary Report accordingly?
Open 32 EQ-07 Reference containing the assessment of existing seismic, environmental, and EMC testing (Jack Zhao)
EQ-QR-412-
- CWTR3, Rev. 0 Section 3.1 In Section 3.1 it says that an assessment was performed for existing seismic, environmental, and EMC testing in Reference 11 (CN-EQT-20-2), but only conclusion statements are included in this new EQ Summary Report without adequate supporting information. (To be added to OI
- 26: Please place Reference 11 in the portal.)
Westinghouse Document CN-EQT-20-2, Revision 2, Qualification Evaluation of Core Protection Calculator System Equipment for Waterford Unit 3 Auxiliary Protection
- Cabinet, October 22, 2020 is now in the WEC ERR.
Open This should be an to get RAI this requeste d
docume nt on to the docket 33 EQ-08 Different Equipment Under Test (EUT)
EQ-QR-412-
- CWTR3, Rev. 0 Sections 4.1, 4.2, and 4.3 The Equipment Under Test (EUT) contains different items for the EMC, environmental, and seismic testing. Please clarify why the EUT is different for the three types of EQ testing.
Open 34 SA-04 CPP Processor (Samir Darbali) 3.2.2 CEAC AC160 Controller 3-17 LTR Section 3.2.2 describes the CEAC AC160 controller modules and states in page 3-17:
- Two PM646A CPP processor module 34.1 Please confirm that the Two is a typo and that the correct subsection title is One PM646A CPP processor module.
34.2 Please confirm if this typo will be corrected in a future LTR revision.
Open RCI
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION 35 CCF-02 CCF (Summer Sun, Samir Darbali)
LTR-TA-19-154, Waterford 3 Core Protection Calculator System Safety Function Table (item A-01y on the Certrec portal), Table A-1, identifies fifteen Chapter 15 events that credit the WF3 CPCS.
(1) Please confirm that the events that credit the CPCS trips in the FSAR analysis are limited to those events listed in LTR-TA-19-154, Table A-1.
(2) Please identify the backup safety-related analog trip for each of the events that credit the CPCS. If a backup analog trip does not exist for a specific event, please identify if an alarm is provided so that manual action can be taken.
(3) Please reference the sources of information for items (1) and (2) above.
Open RAI 36
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION More audit activities may be added to OI 26 28 A-03 VOP Audit activities. These are being tracked in a separate file.
29 SA-02 Closed (V)
No RAI needed if LTR is updated The LTR, Section 3.2.7.2.7 will be updated.
30 SA-03 Open 31 EQ-06 Open 32 EQ-07 Open RAI RAI will be issued to get the requested document on to the docket 33 EQ-08 Open 34 SA-04 Open RCI 35 CCF-02 Open RAI 36 37 Note: Closed (V) indicates that NRC will need to verify changes to the specified documents after a supplement is received from the licensee.
ACRONYMS/ABBREVIATIONS ACRONYM/
ABBREVIATION DEFINITION ACRONYM/
ABBREVIATION DEFINITION A
Audit (only used for identification of open items in IMS)
MCR Main Control Room ANO Arkansas Nuclear One NRC U.S. Nuclear Regulatory Commission ARP Alternate Review Process OI Open Item Att.
Attachment OM Operator Modure ATWS Anticipated Transient Without a Scram PSAI Plant Specific Action Items BTP Branch Technical Position PVNGS Palo Verde Nuclear Generation Station CCF Common Cause Failure/D3 RAI Request for Additional Information CEA Control Element Assembly RC Regulatory Commitments CPP Critical Procurement Plan RCI Request for Confirmation of Information CFR Code of Federal Regulations RT Response Time CPCS Core Protection Calculator System RTM Requirements Traceability Matrix CPU Central Processing Unit SA System Architecture (only used for identification of open items in IMS)
D3 Defense in Depth and Diversity SDOE Secure Development and Operational Environment DNBR Departure from Nucleate Boiling Ratio SDP Software Development Plan; System Development Processes, including SPM PSAIs (only used for identification of open items in IMS)
DWGS Drawings SE Safety Evaluation Encl.
Enclosure SFCP Surveillance Frequency Control Program EQ Environmental Qualification SPM Software Program Manual EQSR Equipment Qualification Summary Report SR Surveillance Requirement FAT Factory Acceptance Testing SRS Software Requirements Specification FME Foreign Material Exclusion ST Surveillance Testing/Self-Diagnostics/SR Elimination (only used for identification of open items in IMS)
FSAR Final Safety Analysis Report SVVP Software Verification and Validation Plan GDC General Design Criterion (or Criteria)
SW. Dev. Plan Software Development Plan HFE Human Factors Engineering SyRS or Sys.
Req. Spec.
System Requirements Specifications I&C Instrumentation and Control TR Topical Report ID Identification TRM Technical Requirements Manual IEC International Electrotechnical Commission TS Technical Specifications IEEE Institute of Electronic and Electrical Engineering V&V Validation and Verification ISG Interim Staff Guidance VOP Vendor Oversight Plan
OFFICIAL USE ONLY PROPRIETARY INFORMATION OFFICIAL USE ONLY PROPRIETARY INFORMATION
[CERTREC] IMS Inspection Management System WF3 or W3 Waterford Steam Electric Station, Unit 3 LAR License Amendment Request WCAP Westinghouse document LHGR Linear Heat Generation Rate WEC Westinghouse Electric Corporation LTR Licensing Technical Report WWDT Window Watchdog Timer
ML21032A011 (Proprietary)
ML21032A013 (Non-Proprietary)
ML21032A010 (Package)
OFFICE NRR/DORL/LPL4/PM NRR/DORL/LPL4/LA NRR/DSS/SNSB/BC NRR/DRO/IQVB/BC NAME AKlett PBlechman SKrepel KKavanagh DATE 2/18/2021 2/9/2021 2/5/2021 2/5/2021 OFFICE NRR/DEX/EICB/BC NRR/DORL/LPL4/BC NRR/DORL/LPL4/PM NAME MWaters JDixon-Herrity AKlett DATE 2/5/2021 2/19/2021 2/19/2021