ML21113A169

From kanterella
Jump to navigation Jump to search
IP 52003 Digital Instrumentation and Control Modification Inspection
ML21113A169
Person / Time
Issue date: 07/09/2021
From: Douglas Bollock
NRC/NRR/DRO/IRIB
To:
Douglas Bollock, NRR/DRO/IRIB, 415-6609
Shared Package
ML21116A082, ML21158A122 List:
References
CN 21-023, DC 21-010
Download: ML21113A169 (16)


Text

NRC INSPECTION MANUAL EICB INSPECTION PROCEDURE 52003 DIGITAL INSTRUMENTATION AND CONTROL MODIFICATION INSPECTION Effective Date: 07/01/2021 PROGRAM APPLICABILITY: 2515C 52003-01 INSPECTION OBJECTIVES 01.01 [Alternate Review Process (ARP) only] To verify the licensee has performed enhanced vendor oversight activities as defined by the Vendor Oversight Plan (VOP) for designs licensed by NRC staff using the Digital Instrumentation and Control (I&C) Interim Staff Guidance (ISG)-

06 Revision 2, ARP.

01.02 To verify that the licensee has developed, implemented, tested, installed, operated, and maintained the design according to the license amendment, safety evaluation, and in accordance with the manufacturers recommendations (as appropriate), and licensee commitments, including the commitments provided in the licensees cyber security plan (CSP).

01.03 To confirm the licensees upgrade to the system design conforms to the plant specific licensing basis and satisfies applicable guidance.

52003-02 INSPECTION REQUIREMENTS As an Inspection Manual Chapter (IMC) 2515 Appendix C, Special and Infrequently Performed Inspections procedure, all of the requirements in this section are not needed to complete the inspection. Inspection completion is determined by the inspection team leader when they meet the applicable sections of this inspection procedure for the modification they are inspecting according to their inspection plan.

02.01 [ARP only] Licensees Vendor Oversight Plan

a. Verify that the licensee is performing vendor oversight in accordance with the VOP and procuring new equipment in accordance with the systems and services acquisition processes described in the licensees CSP.
b. Verify changes to the VOP are in accordance with the change control processes that govern the VOP as described in the license amendment and the quality assurance (QA) program.
c. Verify the licensees past performance of VOP activities through review of the licensees audit reports and other records documenting the licensee implementations of the VOP.

The areas of focus include oversight activities and design outputs for the following:

Issue Date: 07/09/21 1 52003

1. Requirements Phase:

(a) Verify the licensee performed oversight of the vendor for this phase in accordance with the VOP. This includes confirming the licensee verified that:

(1) key design characteristics as specified in the licensing basis, design basis, and license amendment, and key cyber security capabilities, as determined through the licensees CSP, have been included as system requirements; (2) forward and backward traceability exist between these documents to system requirements; (3) supply chain protection, trustworthiness, integration of security capabilities in accordance with the licensees CSP have been included as system requirements; (4) forward and backward traceability exist between the system requirements to the hardware and software requirements; and (5) testing and independent verification and validation (IV&V) requirements and security test requirements provided in the licensees CSP are included as design requirements.

(b) Verify that the licensee conducted acceptance reviews of the design outputs (e.g., system requirements specification, software requirements specification, hardware requirements specifications, IV&V reports) for this phase in accordance with the procedures identified in the VOP.

2. Design Phase:

(a) Verify the licensee performed oversight of the vendor for this phase in accordance with the VOP. This includes confirming the licensee verified that:

(1) the system, software, and hardware requirements have been translated into respective system, software, and hardware design elements; (2) forward and backward traceability exist between these design elements to the system, software, and hardware requirements.

(b) Verify that the licensee conducted acceptance reviews of the design outputs (e.g., system design specification, software design specification, hardware design specifications) for this phase in accordance with the licensees procedures identified in the VOP.

(c) Verify that the licensee conducted cyber security acceptance reviews of the design outputs for this phase in accordance with the licensees CSP.

(d) Verify that the licensee requires the vendor to create a security test and evaluation plan in accordance with the licensees CSP.

Issue Date: 07/09/21 2 52003

3. Implementation Phase:

(a) Verify the licensee performed oversight of the vendor for this phase in accordance with the VOP. This includes confirming the licensee verified that:

(1) software code or logic and security capabilities provided in Section E.11.4 Integration of Security Capabilities, of NEI 08-09, Revision 6, have been correctly implemented in accordance with the software design; (2) hardware has been correctly implemented and configured in accordance with the hardware design of the system development process; (3) forward and backward traceability exist between the software code or logic and hardware with the design elements.

(b) Verify that the licensee conducted acceptance reviews of the design outputs (e.g., software code listings, software logic, hardware, IV&V reports) for this phase in accordance with the licensees procedures identified in the VOP.

4. Integration Phase:

(a) Verify the licensee performed oversight of the vendor for this phase in the accordance with the VOP. This includes confirming the licensee verified that:

(1) the software code and software logic have been integrated onto the hardware; (2) equipment for individual channels/divisions are integrated into the complete system; (3) system configurations are completed in accordance with the design requirements.

(b) Verify that the licensee conducted acceptance reviews of the design outputs (e.g., system integration specification, IV&V reports) for this phase in accordance with the licensees procedures identified in the VOP.

(c) Verify that the licensee confirmed the vendor performed the system integration activities in accordance with the processes described in the license amendment.

d. Verify the licensees performance of VOP activities through direct observation of the licensee performing ongoing VOP activities. This applies at both the vendor facility and at the licensee site. Areas of focus include oversight of activities and design outputs for the following:

Issue Date: 07/09/21 3 52003

1. Factory Acceptance Test Phase: Verify the licensee performed oversight of the vendor for this phase in accordance with the VOP. This includes verifying that the licensee:

(a) Conducted acceptance reviews of the design outputs for this phase, including but not limited to the following: test plans, test procedures, IV&V reports, test records, test result reports, anomaly reports, regression analysis performed to identify additional or modified tests, etc., in accordance with the licensees procedures identified in the VOP; (b) Confirmed that the vendor performed the factory acceptance tests in accordance with the processes described in the license amendment.

2. Site Acceptance Test Phase: Verify the licensee performed oversight of the vendor for this phase if this phase is included in the vendor oversight activities within the VOP.
e. Verify the licensees corrective action program appropriately addresses any deficiencies identified during VOP activities.
f. Verify that the licensees procurement documents include applicable regulatory requirements and QA program attributes, in accordance with the VOP.
g. Verify that the licensees audits of vendor activities ensure establishment and implementation of each QA program attribute in accordance with the licensees NRC-approved QA program and the VOP.
h. Verify licensee auditors training and qualifications to perform audits/surveillances of vendor.
i. Verify that the licensee is performing the oversight activities in accordance with the procedures (e.g., engineering change process, design document review and acceptance) referenced in the VOP.

02.02 Design and Documentation Verification

a. Verify that the as-installed digital modification conforms to the license amendment, any licensing conditions, and/or licensee commitments, including commitments provided in the licensees CSP.
1. Verify whether any 10 CFR 50.59s that were performed on the modification had any effects on the design.
2. Verify the as-installed digital modification is in accordance with the license amendment, any licensing conditions and/or licensee commitments.
3. Verify any design changes throughout the development have been dispositioned and documented accordingly. Verify the changes still conform to the design requirements as defined by the license amendment and plants licensing basis.

Verify design changes are controlled through applicable licensee approved processes.

Issue Date: 07/09/21 4 52003

4. Verify that applicable 10 CFR Part 21 Notifications, Bulletins, Generic Letters, and Information Notices were correctly applied to the system.
5. Verify the effectiveness of the licensee and vendor interface during system development, system installation, start-up, and system modification (i.e. active, no real interface, black box, etc.).
6. Verify that the environmental/seismic/ electromagnetic interference/radio frequency interference conditions are consistent with those stated in the equipment qualification testing reports, the license amendment, and applicable industry standards under all conditions (including testing).
7. Verify that the cable routing scheme (how cables are mixed, how cables are run, bus terminations, separation criteria, etc.) is consistent with the license amendment, plants licensing basis, and applicable industry standards that the licensee is committed to.
8. Verify that software/hardware used for cross-divisional and/or safety to non-safety communication for individual devices within the system have been properly implemented consistent with the license amendment and applicable industry standards.
9. Verify that system interface requirements (e.g. signal isolation, communication interfaces to plant computer) have been properly implemented.
10. Verify the digital modification has been evaluated before implementation for applicability of 10 CFR 73.54 requirements to ensure that the cyber security performance objectives of 10 CFR 73.54(a)(1) are maintained and that digital modifications have cyber security requirements developed to achieve the licensees CSP objectives.
11. Verify all access to the digital I&C system is in accordance with the secure development and operational environment (SDOE) assessment. Verify that result of the SDOE assessment is used to establish requirements (for both hardware and software) to establish a secure operational environment and protective measures to maintain it (RG 1.152, Rev. 3 provides the SDOE guidance).
b. Verify that surveillance, abnormal operating, emergency operating, and annunciator response procedures have been updated, and correctly reflect the new system attributes.
1. Verify that the licensee updated affected procedures. Review how the licensee ensures that all affected procedures have been correctly updated.
2. Verify the analysis of the sampling rate and processor execution time show that there is sufficient margin, such that accident analysis requirements are still met.
3. Verify that calibration procedures meet the technical specifications, applicable licensee procedures.

Issue Date: 07/09/21 5 52003

4. Verify that the calibration and surveillance procedures, and the required tools needed to perform the surveillance listed in the procedures provide complete loop testing, or that there is adequate overlap of the separate sections to ensure complete testing of the function or system.
5. Verify that surveillance procedures have instructions for returning the system to normal if conditions require terminating the surveillance prior to completion.
6. Verify that electro-static discharge (ESD) and electromagnetic interference/radio frequency interference (EMI/RFI) precautions and considerations have been incorporated into relevant procedures and are followed.
7. Verify that procedures are in place to confirm the execution of the credited automatic self-tests and self-diagnostics during plant operations of the digital I&C system.
8. Verify that the digital I&C system is developed in a secure environment commensurate with the security environment of the digital I&C system to ensure that the system is free from known cyber security vulnerabilities as well as unauthorized and undocumented functionality and features.
c. Verify that plant drawings, the Updated Final Safety Analysis Report (UFSAR), and other relevant documentation have been updated to reflect the replacement system. In those cases where the update to the UFSAR and other relevant documentation has not been completed, verify that the process is underway, and is properly planned and proceeding in a timely manner.
d. Verify that the shielding and grounding scheme is consistent with the license amendment, licensing basis, and applicable industry standards.
1. Grounding: Verify that the licensee has performed grounding and bonding reviews for any special grounding/bonding requirements from the vendor or due to plant conditions (i.e. age, potential of ground, floating versus non-floating).
2. Power Requirements: Verify if the licensee considered battery loading profiles, maximum inverter loads, ensuring inverters maintain sufficient fault current long enough for the downstream devices to clear the fault, and inrush currents. If the plant design has capability to bypass the inverter (e.g., maintenance switch),

verify if the non-inverter power source voltage and frequency variations, switching surges, etc. have been considered for impact on the digital system.

3. Power Quality (voltage, frequency, harmonic distortion): Harmonic distortion of the normal electrical current and voltage waveform is generated by nonlinear loads such as switch-mode power supplies, variable speed motors and drives, battery chargers, inverters, unbalanced bus loading, switching surges etc. Verify if maximum harmonic distortion is measured on plant buses during varying plant loading conditions. Verify voltage/frequency fluctuations and total harmonic distortion against the manufacturer's specification. Verify if harmonic distortion is measured before and after installation to ensure this digital upgrade does not create additional problems.

Issue Date: 07/09/21 6 52003

4. Power Quality Impact of the Digital System: Verify if the post-installation effects of the digital system were considered for their effects on other instrumentation powered from the same source, and vice versa (e.g., clocks and switching circuits can create their own harmonics).
e. [ARP only] Verify that the licensee has documented the performance of vendor oversight in accordance with the VOP.
1. Verify that documentary evidence exists to ensure that the procured system conforms to procurement requirements.
2. Verify that the licensee has documented its audits performed on vendor activities in accordance with the audit activities and applicable procedures specified in the VOP.
3. Verify that the licensee has documented reviews of vendor design artifacts in accordance with the VOP.

02.03 Review of Testing, Operations, and Training

a. Verify that test plans are sufficiently detailed to perform site acceptance tests (SAT),

installation tests, and startup tests for the proposed digital system.

1. Verify the SAT plan will adequately test the licensees as installed system specification, and that the test procedures are sufficiently detailed, clear, and unambiguous to allow site personnel to perform this test. Additionally, verify that acceptance criteria are clearly defined in the test plan to demonstrate requirements are met.
2. Verify the installation test plan will adequately demonstrate that the system, as installed, will meet all system requirements, and all plant specific requirements listed in the license amendment; and that the test procedures are sufficiently detailed, clear, and unambiguous to allow site personnel to perform this test.

Additionally, verify that acceptance criteria are clearly defined in the test plan to demonstrate requirements are met.

3. Verify the startup test plan will demonstrate that the system will meet all operational requirements, and that the test procedures are sufficiently detailed, clear, and unambiguous to allow site personnel to perform this test. Additionally, verify that acceptance criteria are clearly defined in the test plan to demonstrate requirements are met.
4. Verify appropriate levels of V&V have been applied to these test plans and procedures.
5. Verify that the SAT includes validation of the cyber security CDAs assessment.
b. Verify the operation manuals are sufficiently detailed, clear, and unambiguous to allow site operational and maintenance personnel to understand and operate the software and the system.

Issue Date: 07/09/21 7 52003

c. Verify the software training plan provides adequate software training, appropriate for the level of operations and maintenance being planned for licensee personnel. Verify if the software manuals are sufficiently detailed and understandable to provide training of operations and maintenance personnel, based upon the level of maintenance planned for site staff.
d. Verify, by witnessing and/or reviewing the results for the site acceptance tests, installation tests, and startup tests, that the results provide objective evidence that the proposed digital system will perform as designed.
1. Verify the testing results are accurate, complete, and valid and have been properly reviewed and accepted. Additionally, verify that all acceptance criteria are met, and if not, verify that adequate justification is provided.
2. Verify that all acceptance criteria are met, and if not, verify that adequate justification is provided. Verify that test anomalies are adequately dispositioned and addressed.
3. Verify that changes or additional requirements, have been through the complete lifecycle process, if required, and still meet the requirements of the license amendment.
4. Verify any hardware, software or interface failures that have occurred were properly resolved.
e. Verify that the operators, technicians, and system engineers have been adequately trained, and have an understanding of the system commensurate with their responsibilities. If the licensee intends to use vendor support to maintain the system, verify vendor staff has training commensurate with their tasks and verify what controls the licensee exercises over the vendor with respect to design control, access, and software configuration.
f. Verify that the licensee-specified environmental/seismic/EMI/RFI parameters accurately reflect the installation location.
g. Verify that setpoints and related uncertainty terms have been adequately evaluated and revised to reflect the new system and have been accurately installed in the software.
h. Verify that proper indication and/or annunciation for system bypass and failure is functional during installation or startup.

02.04 Review of Plans for Maintenance and Repair

a. Verify maintenance and repair procedures have been updated, and correctly reflect the new system attributes.
1. If the licensee will be performing board repair activities, verify that the vendor manuals and drawings contain adequate details and that maintenance personnel involve in board repair have been trained and certified. If the licensee will be using vendor repair activities, verify that an adequate supply of spare boards is Issue Date: 07/09/21 8 52003

available on site, and verify any boards held in storage are stored in accordance with the vendors recommendations or acceptable site processes.

2. Verify that Electrostatic Discharge (ESD) precautions and considerations have been incorporated into relevant procedures and are followed.
3. Verify that cabinet ventilation devices are properly maintained.
b. Verify if the licensee implemented any special procedures for ensuring that stored parts will be correctly handled (such as ensuring stored chips with embedded software are the correct revision).

52003-03 INSPECTION GUIDANCE 03.01 Inspection Implementation Inspectors should develop a site-specific inspection plan to select and review the activities associated with the major phases of the digital I&C modification. The site-specific inspection plan should take into account activities outlined below. The emphasis on inspection activities should be based on the overall scope, the safety and/or risk significance of the activities, the licensee's historical performance in that area, and industry experience. Additional emphasis may be considered for those licensee activities that include new or different management controls or are being managed/controlled in a different manner or implemented with new techniques.

The ARP sections of this inspection is of licensee oversight of vendor (VOP) and licensee performance and therefore an NRC region led inspection. Communication with the HQ digital I&C technical staff that conducted the license amendment review and HQ vendor and quality assurance inspectors whove conducted inspections of the vendor throughout the development of the modification is paramount. Implementation of the ARP portions of this inspection should be conducted during the factor acceptance testing (at the vendor facility) and site acceptance testing of the modification. It is highly recommended to utilize HQ digital I&C and vendor inspector support during the ARP portion of this inspection. The vendor inspectors unique experience and expertise with inspecting oversight of suppliers and sub-suppliers would be extremely helpful while inspecting the ARP portion of this inspection since the ARP portions focus is of the licensees oversight of their vendor.

Digital I&C modification inspections involve four major areas of effort:

a. Developing an understanding of the modification design
b. Documentation verification
c. Review of testing, operations, and training
d. A review of plans for maintenance and repair efforts The Office of Nuclear Reactor Regulation (NRR) conducts an evaluation of the proposed license amendment as part of the normal review process. This will include a review of the design and capabilities of the modification. Regional inspectors will perform documentation and functionality reviews after the system leaves the vendor. Regional inspectors should review specific documentation to gain familiarity with the system.

Issue Date: 07/09/21 9 52003

[ARP only] Under the ISG-06, Revision 2, ARP, the licensee is required to perform vendor oversight activities defined by the VOP. The Headquarters Quality Assurance and Vendor Inspection Branch (IQVB) may select the digital I&C vendor as part of the Vendor Inspection Program and regional inspectors should review relevant past inspections of the digital I&C vendor.

Any operating experience related to similar digital I&C modifications is an excellent resource for assistance in development of the inspection plan and should be reviewed in order to provide insight into previously identified issues. HQ digital I&C technical staff that conducted the license amendment review should be contacted to gain additional insight in a particular inspection area that may be similar to past reviews/inspections.

In preparation for the inspection, inspectors should be familiar with the licensees administrative programs for designing, installing, testing, and maintaining modifications. The following documents may be reviewed throughout the course of the inspection if available. Many are likely to be reviewed during review of the amendment request and may be discussed in the NRC staffs Safety Evaluation Report (SER); but knowledge of these documents may be beneficial to conduct the inspection:

a. SER
b. Updated Final Safety Analysis Report (UFSAR).
c. Technical Specifications (TS).
d. The licensees Quality Assurance Program (for both hardware and software).
e. [ARP only] Licensees Vendor Oversight Plan (VOP)
f. Vendor Inspection Reports of the I&C System vendor
g. Software Development Capability Maturity Model (or equivalent) Certification Reports and Procedures.
h. Software Design Requirements Traceability Database (RTD).
i. Software Requirements Specification (SRS)
j. Software Test Plan (STP).
k. Software and Hardware Configuration Management (CM) Document.
l. Software Design Documents (SDD).
m. System/Subsystem Design Documents.
n. Completed Test Procedures.
o. Installation Test reports.
p. Final Installation Report.

Issue Date: 07/09/21 10 52003

q. Final Test Reports.
r. Site Acceptance Test (SAT) Plans and Reports.
s. Summary of SAT and Acceptance Test Results.
t. Site Installation Documentation.
u. Verification and Validation (V&V) Problem Reports.
v. V&V Report on Test Plans and Procedures.
w. V&V Report on Installation Test.
x. Recommended Inspection Items identified by the HQ technical staff that reviewed and audited the license amendment.
y. CSP.

03.02 [ARP only] Licensees Vendor Oversight Under the ISG-06 Revision 2 ARP, the digital I&C modification design is based on an NRC approved platform and an approved license amendment is typical prior to implementing the modification. A summary of the VOP is submitted as part of the license amendment request, and the complete VOP is available for audit by NRC technical staff during the licensing review.

The licensee may modify the VOP in accordance with the change management process documented in the license amendment. The inspection requirement is to verify the licensee is adequately performing vendor oversight in accordance with the VOP and applicable criteria in Appendix B to 10 CFR Part 50. The following are major areas that should be considered for review by the inspector(s):

a. The entire VOP to identify areas to perform independent confirmation of the licensees vendor oversight activities. This can include activities at the vendor facility and the licensee site.
b. Any VOP audit and vendor inspection reports for the digital I&C system approved in the license amendment (including vendor inspection reports involving production or testing of similar digital components to those in the amendment).

NOTE: Audits may have been performed during the license amendment request review to verify the implementation of certain oversight activities identified in the VOP. It is likely that the scope of these audits would be limited to the earlier phases of the system development. Vendor inspections may have been performed on the system development activities in accordance with the purchase order and procurement specifications for the system approved in the license amendment to verify compliance to quality assurance requirements in Appendix B to 10 CFR Part 50 and 10 CFR Part 21.

Issue Date: 07/09/21 11 52003

c. Implementation of applicable procedures used to perform oversight activities. The VOP identifies applicable licensee procedures that apply to certain oversight activities, such as:
1. Procedures for review and approval of design artifacts (e.g., software requirements specifications, hardware design descriptions, test plans) for licensee acceptance
2. Surveillance and audit procedures, audit plans, and other similar documents demonstrating performance of audits of vendor activities
3. Engineering change control procedures for oversight of vendors performing design changes that occur during the development process
4. Corrective action procedures for addressing anomalies and issues identified
d. Implementation of oversight activities that verify the vendor performed the development activities in accordance with the system, software, hardware development descriptions identified in the license amendment. The system, software, and hardware development descriptions may be documented in an NRC-approved Software Program Manual topical report or other development description documents referenced in the license amendment. These descriptions should address topics such as development lifecycle processes, design outputs produced in each phase of the lifecycle, and IV&V activities for each phase of the lifecycle.

03.03 Design and Documentation Verification Inspectors should review the documentation related to the upgrade, both as designed and as altered via the change process, required to gain a working knowledge of the digital I&C modification. The intent is for inspectors to be familiar with the system; not to duplicate previous NRR review efforts. Inspectors may need to coordinate with NRR for human factors engineering (HFE) and the Office of Nuclear Incident and Security Response (NSIR) for cyber security. The following are major areas that should be considered for review by the inspector(s):

a. Necessary documentation to determine the full scope of the digital I&C upgrade. This review should include the NRC staffs safety evaluation, any licensing commitment documents concerning the modification, manufacturer literature on the hardware and software being installed, and applicable drawings and schematics. To facilitate developing a familiarity with the modification, regional management may authorize inspection visits to vendor facilities.
1. Project scope including architecture, input consolidations, whether multiple trains are affected, whether the system supplies or receives inputs from other systems, isolation and interface devices, affected indicators, and the credited function of the system.
2. Design specification details on architecture, inputs, process, timing, and outputs for the system. The timing should include an analysis of the sampling rate and processor execution time to show that digital control systems requirements are met.

Issue Date: 07/09/21 12 52003

3. Process used to minimize the probability of incorrect translation of the system basis to hardware and software requirements.
b. Licensees proposed schedule for implementation, and shutdown risk analysis for conducting the modification. Inspectors should review the licensees plan, to include whether the modification will be implemented in conjunction with a complete core offload.
c. Changes to the human-system interface design reflects current human factors principles including compatibility with the remainder of the control room or local control stations.

03.04 Review of Testing, Operations, and Training Inspectors should become familiar with the license amendment, V&V plans and final report, RTD, STP, SDD, all Requests for Additional Information, the NRC safety evaluation, software test plan in accordance with BTP 7-14, Section B.3.1.12, procedures for the SAT, installation test, and start-up tests, final V&V reports, Operations Manuals in accordance with BTP 7-14, Section B.3.3.7, Software Training Plan in accordance with BTP 7-14, Section B.3.1.7, Software Training Manuals in accordance with BTP 7-14, Section B.3.3.9, and sample licensee event reports (LERs) and/or surveillance and/or repair orders related to the system.

Interviews with licensee personnel may be conducted to ensure they have an understanding of the system commensurate with their responsibilities.

Review of the installation environment should consider:

a. Did the licensee specify the environmental qualification parameters (i.e. temperature, humidity, radiation, seismic, surge withstand, and EMI/RFI) when purchasing the system?
b. Did the licensee credit previous operating history for the digital equipment under review? Did the licensee consider commercial or nuclear experience? Were the applications similar? Was documentation available to confirm acceptable equipment performance?
c. If vendor testing was performed to verify the resulting qualification, did the licensee specifically review and verify test results for applicability to the installation environments?
d. Did the licensee review testing anomalies, testing configuration, and test results? Is appropriate supporting documentation, and level of licensee involvement with the testing demonstrated?
e. Are the environmental parameters consistent with the licensing bases?

Inspectors should consider requesting the licensee to download the current system setpoints and coefficients to a selected sample and compare these to the system requirements documentation.

Issue Date: 07/09/21 13 52003

52003-04 RESOURCE ESTIMATE The inspection should be conducted by inspector(s) who are knowledgeable in the areas of digital I&C and operations. It may be appropriate to include/consult headquarters technical expert(s) and vendor inspector(s) knowledgeable in these areas. Specific technical support should be coordinated in accordance with IMC 2515 Section 11.10.

04.01 The resource estimate for inspectors is 120 hours0.00139 days <br />0.0333 hours <br />1.984127e-4 weeks <br />4.566e-5 months <br /> of onsite activities, in order to complete the required inspections. Onsite inspection activities will likely need to be scheduled to coincide with plant milestones, which may occur over a several week period.

04.02 [ARP only] When using the ARP an additional resource of 120 direct inspection hours is anticipated to be needed. The additional inspection resources are expected to be primarily conducted while observing licensee activities at the vendor facility.

52003-05 PROCEDURE COMPLETION This inspection procedure shall be conducted to demonstrate that the modification is implemented in a safe manner. Satisfactory reviews of documentation verification; testing, operations, and training; and plans for maintenance and repair in accordance with the inspection plan will constitute completion of this procedure in the Reactor Program System.

This procedure may be conducted over several inspections.

52003-06 REFERENCES References for this inspection procedure are extensive and are listed in Appendix A.

END Appendices:

A List of References B Revision History for IP 52003 Issue Date: 07/09/21 14 52003

APPENDIX A LIST OF REFERENCES References that an inspector should be familiar with:

Regulatory Guide 1.152, "Criteria for Use of Computers in Safety-Related Systems of Nuclear Power Plants" Regulatory Guide 1.168, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Regulatory Guide 1.169, Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Regulatory Guide 1.170, Test Documentation for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Regulatory Guide 1.171, Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Regulatory Guide 1.172, Software Requirement Specifications for Digital Computer Software and Complex Electronics Used in Safety Systems of Nuclear Power Plants Regulatory Guide 1.173, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants" Digital Instrumentation and Controls (DI&C) Interim Staff Guidance (ISG), DI&C-ISG-06, Revision 2, Licensing Process IEEE Std. 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations" IEEE Std. 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Institute of Electrical and Electronic Engineers" Issue Date: 07/09/21 AppA-1 52003

Attachment 1: Revision History for IP 52003 Commitment Accession Description of Change Description of Comment Resolution Tracking Number Training Required and Closed Feedback Number Issue Date and Completion Form Accession Change Notice Date Number (Pre-Decisional, Non-Public Information)

N/A ML080800048 Conducted 4 year commitment search and N/A ML082200119 10/31/08 found none.

CN 08-031 New inspection procedure (IP) which combines the previous IP 52001, Digital Retrofits Receiving Prior Approval and IP 52002, Digital Retrofits Not Receiving Prior Approval.

N/A ML21113A169 Major revisions made: 1) address use of N/A ML21111A111 07/09/21 mandatory and discretionary language CN 21-023 concerns and recommendations found in OIG-16-A-12 (ML16097A515), 2) conform to new IP format requirements found in IMC 0040, and 3) allow for NRC oversight of licensees oversight of vendor activities.

Issue Date: 07/09/21 Att1-1 52003