Text

ALAN CAMPBELL Technical Advisor, Generation and Suppliers 1201 F Street, NW, Suite 1100 Washington, DC 20004 P: 202.739.8011 adc@nei.org nei.org August 13, 2021 Mr. Thomas Hipschman Chief, Reactor Inspection Branch Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission Washington, DC 20555-0001

Subject:

NEI Comments on Inspection Procedure (IP), IP 52003, Digital Instrumentation and Control Modification Inspection. [Accession Number: ML21113A169]

Project Number: 689

Dear Mr. Thomas Hipschman:

On behalf of the Nuclear Energy Institutes (NEI)1 members (hereinafter referred to as industry), we provide the attached comments on Inspection Procedure (IP), IP 52003, Digital Instrumentation and Control Modification Inspection. We appreciate the NRCs effort to incorporate lessons learned during previous NRC inspections of digital I&C systems and provide inspection criteria for licensees utilizing the Alternate Review Process (ARP) described in Digital Instrumentation and Controls Interim Staff Guidance, DI&C-ISG-06, Revision 2. The attachment provides our comments on the issued inspection procedure, and includes suggestions for enhancement. Noteworthy comments include, but are not limited to, the following:

IP 52003 lacks differentiation between inspection activities related to safety-related vs. non-safety-related modifications.

IP 52003 provides inspection criteria related to Vendor Oversight Plans (VOPs) for which no regulatory policy or guidance exists.

IP 52003 provides inspection criteria related to VOPs that may occur prior to the associated License Amendment Request (LAR) and VOP approval.

1 The Nuclear Energy Institute (NEI) is responsible for establishing unified policy on behalf of its members relating to matters affecting the nuclear energy industry, including the regulatory aspects of generic operational and technical issues. NEIs members include entities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect and engineering firms, fuel cycle facilities, nuclear materials licensees, and other organizations involved in the nuclear energy industry.

Mr. Thomas Hipschman August 13, 2021 Page 2 Based on the significance of the included comments, we request a public meeting to provide a platform to discuss the inspection procedure and industry comments. If you have questions on the content of this letter or the attached comments, please contact me at (202) 739-8011, adc@nei.org.

Sincerely, Alan Campbell Attachment c:

Mr. Doug Bollock, NRR/DRO/IRIB Ms. Jeanne Johnston, NRR/DEX/ELTB Mr. Michael Waters, NRR/DEX/EICB Mr. Eric Benner, NRR/DEX NRC Document Control Desk

IP 52003, Digital Instrumentation and Control Modification Inspection Industry Feedback Section Comment Recommendation 1

01.01 02.01.1 - 02.01.3 Applicability as described in the Inspection Objectives (01.01) is in the past tense ("for designs licensed"). This creates a conundrum in the form of inspection activities that are focused on activities that take place before the License Amendment Request (LAR),

and by extension the Vendor Oversight Plan (VOP), are approved.

For example, consider step 02.01.d which mandates "direct observations" at both the OEM and licensee facilities. The majority of activities outlined in section 02.01.1 through 02.01.3 would already have been completed if the intent of DI&C-ISG-06 ARP is being followed (LAR is issued in advance of completion of testing).

Consider the expected alignment of Alternate Review Process (ARP) activities as as described in DI&C-ISG-06, Section C.2 (and shown in Figure C-2) in conjunction with the inspections activities described in IP 52003.

2 02.02.a.11 and 02.02.b.8 These sections both verify the adequacy of the SDOE. Additionally, the wording in 02.02.b.8 is unclear as it ties the SDOE to cyber security requirements in lieu of software quality requirements.

Combine the two sections, preferably in Section 02.02.a.11 and clarify wording to reference software quality requirements.

3 02.02.d.3 This section has problematic wording. It reads:

Power Quality (voltage, frequency, harmonic distortion): Harmonic distortion of the normal electrical current and voltage waveform is generated by nonlinear loads such as switch-mode power supplies, variable speed motors and drives, battery chargers, inverters, unbalanced bus loading, switching surges etc. Verify if maximum harmonic distortion is measured on plant buses during varying plant loading conditions. Verify voltage/frequency fluctuations and total harmonic distortion against the manufacturer's specification. Verify if harmonic distortion is measured before and after installation to ensure this digital upgrade does not create additional problems.

Plants do not typically measure harmonic distortion, particularly "varying plant conditions." It would be more appropriate to tie this back to GDC-17 or an IEEE standard.

Consider removing as this criteria is not specific to Digital I&C modifications.

Alternatively, replace the requirement with a reference to GDC-17 or applicable IEEE standard.

4 02.02.e and 02.01.c Both of these sections deal with the VOP. There is a overlap between the sections that may lead to repeated inspection activities.

Consolidate VOP inspection criteria into a single section.

5 02.03.a.1 - 02.03.a.5 This section is written in future tense ("proposed", "will") which could effectively mean that the NRC is acting as an approver of the test plans. Furthermore, there is subjective wording in these steps ("sufficiently", "adequately") makes this less than definitive than would be desired.

Clarify wording and provide objective acceptance criteria.

6 03.01 The intent of the DI&C-ISG-6 Alternate Review Path (ARP) was (in-part) to disconnect the LAR approval from completion of the Factory Acceptance Testing (FAT). To a degree the IP reconnects the FAT and the modification with the following verbiage:

Implementation of the ARP portions of this inspection should be conducted during the factor acceptance testing (at the vendor facility) and site acceptance testing of the modification. It is highly recommended to utilize HQ digital I&C and vendor inspector support during the ARP portion of this inspection.

Refer to Comment 1 recommendation.

7 03.01.g Software Development CMM is a rarity in the US. What happens if this does not exist?

What is the intended purpose for the inspection team?

Clarify the intent of this document within the context of IP 52003.

1 of 3

IP 52003, Digital Instrumentation and Control Modification Inspection Industry Feedback Section Comment Recommendation 8

03.03.b It's not a common practice for the NRC to insert itself into implementation planning. The language in this section (pasted below) effectvely does exactly that.

Licensees proposed schedule for implementation, and shutdown risk analysis for conducting the modification. Inspectors should review the licensees plan, to include whether the modification will be implemented in conjunction with a complete core offload.

Remove implementation schedule review.

9 03.03.c While Appendix A does not include it, "current human factors principles" are captured in NUREG 0700 and 0711. This is an example of the risk of commingling NSR / SR / LAR /

50.59. NUREG 0700 and NUREG 0711 are not "one size fits all" particularly with regard to NSR systems.

This section reads as follows:

Changes to the human-system interface design reflects current human factors principles including compatibility with the remainder of the control room or local control stations.

Refer to Comment 11.

10 General Observation There is confusion between "verify" and "inspect". The ARP should mostly be "inspect" after the concept phase. However, this document is confusing when it attempts to combine the 3 original DI&C-ISG-06 processes with ARP. ARP should be provided separately, to avoid arguments about inspection versus verification scope.

For example, if Section 02.03.a is an ARP activity, then this is an Inspect, not a Review activity. If this is for the other three tiers in DI&C-ISG-06, then this is correct.

Further, if Section 02.02.e is for the ARP, use of the word "verify" is inappropriate, as this should be an "inspection" activity.

Clarify language to ensure ARP activities are appropriately describing the inspection activity.

11 General Observation The structure of IP 52003 combines IP 52001 (digital modifications that require a LAR) and IP 52002 (digital modifications that do not require a LAR) into a single procedure.

Since this IP does not differentiate between Safety-Related (SR) and Non-Safety-Related (NSR), nor does it differentiate between modifications that require a LAR vs those performed under 50.59, the artifacts to be inspected / verified may or may not be applicable. The documents captured in Section 03.01 and Appendix A are good examples of invoking standards that may not apply. The concern is that a licensee may find themselves having to justify why a "Final Installation Report" for a NSR modification is not required.

Separate general, safety-related, and non-safety-related inspection criteria.

Additionally, specify which criteria apply to modifications that require a license amendment as opposed to 50.59.

2 of 3

IP 52003, Digital Instrumentation and Control Modification Inspection Industry Feedback Section Comment Recommendation 12 General Observation Revision 2 of DI&C-ISG-6 provides limited guidance on what constitutes an acceptable Vendor Oversight Plan (VOP). As a representative example, DI&C-ISG-06 Rev 2 reads:

The NRC staff should verify that the life cycle development process, as described in the LAR, will result in outputs that meet the requirements of each life cycle phase. The licensee verifies the vendors adherence to the life cycle development process. As such, the LAR should describe the licensees Vendor Oversight Plan. The plan, when executed, can be used to ensure that the vendor executes the project consistent with the LAR. The Vendor Oversight Plan, when executed, can also be used to ensure that the vendor uses an adequate software QA program; for example, the NRC-endorsed 2015 version of the American Society of Mechanical Engineers Nuclear Quality Assurance (NQA)-1, Part II, Quality Assurance Requirements for Nuclear Facility Applications, Subpart 2.7, Quality Assurance Requirements for Computer Software for Nuclear Facility Applications.

The IP effectively establishes what the VOP content must contain and acceptance criteria.

Provide regulatory guidance on the expected content and acceptance criteria for a VOP.

13 General Observation IP52003 provides numerous specific Cyber Security criteria to be inspected throughout the document. We need to reach alignment regarding the scope of Cyber inspections for ARP to avoid duplicate inspection activities for cyber security.

Provide clarity regarding scope of cyber security inspections when utilizing ARP.

14 General Observation The IP invokes a substantial number subjective words. Examples include "effective",

"properly" and "correctly". This opens up an inspection risk of interpretation and personal beliefs. What is "effective" to one inspection team may not be to the next. This is an example of the need for objective criteria and linkage to correct codes and standards.

Provide, or reference, objective acceptance criteria to eliminate inspection subjectivity.

15 General Observation The IP will be executed by Regional Staff who had very little involvement in the development of DI&C-ISG-6 Revision 2. This creates an interpretation vulnerability.

The structure of the IP lends itself to becoming a verbatim checklist rather than objective criteria.

Consider providing training to regional inspection teams on the intent of the ARP and intended use of the IP.

3 of 3