Text

February 15, 2022 Dr. Gregory Piefer, Chief Executive Officer SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545

SUBJECT:

SHINE MEDICAL TECHNOLOGIES, LLC REGULATORY AUDIT OF INSTRUMENTATION AND CONTROL SYSTEMS DESCRIBED IN OPERATING LICENSE APPLICATION (EPID NO. L-2019-NEW-0004)

Dear Dr. Piefer:

The NRC staff has prepared an audit plan related to the review of Chapter 7, Instrumentation and Control Systems, of the SHINE operating license application. The enclosed audit plan provides the regulatory basis for the audit, describes the scope of the audit, identifies the audit team, and provides a listing of audit questions.

The audit will be conducted virtually and is intended to close gaps identified during the technical review. As such, the audit will be held on February 15, 2022, from 4:00pm to 5:00pm.

Additional audit sessions may be scheduled to support the continued review of the operating license application.

Following completion of the audit, the NRC staff will provide an audit summary. The summary will include a description of any information identified during the audit that will need to be docketed to supplement the application and allow the NRC staff to continue its review.

If you have any questions, please contact me at (301) 415-1217, or by electronic mail at Joshua.Borromeo@nrc.gov.

Sincerely,

/RA Joshua Borromeo, Chief Non-Power Production and Utilization Facility Licensing Branch Division of Advanced Reactors and Non-Power Production and Utilization Facilities Office of Nuclear Reactor Regulation Docket No. 50-608 Construction Permit No. CPMIF-001

Enclosure:

Audit Plan cc: See next page

SHINE Medical Technologies, LLC Docket No. 50-608 cc:

Jeff Bartelme Licensing Manager SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545 Nathan Schleifer General Counsel SHINE Medical Technologies, LLC 101 East Milwaukee Street, Suite 600 Janesville, WI 53545 Christopher Landers Director, Office of Conversion National Nuclear Security Administration, NA 23 U.S. Department of Energy 1000 Independence Avenue, SW Washington, DC 20585 Mark Paulson Supervisor Radiation Protection Section Wisconsin Department of Health Services P.O. Box 2659 Madison, WI 53701-2659 Test, Research and Training Reactor Newsletter Attention: Amber Johnson Dept. of Materials Science and Engineering University of Maryland 4418 Stadium Drive College Park, MD 20742-2115 Mark Freitag City Manager P.O. Box 5005 Janesville, WI 53547-5005 Bill McCoy 1326 Putnam Avenue Janesville, WI 53546 Alfred Lembrich 541 Miller Avenue Janesville, WI 53548

ML22042A018 *electronic NRR-106 OFFICE NRR/DANU/PM NRR/DANU/BC NAME HCruz* JBorromeo*

DATE 2/3/2022 2/11/2022 OFFICE OF NUCLEAR REACTOR REGULATION REGULATORY AUDIT PLAN REGARDING CHAPTER 7, INSTRUMENTATION AND CONTROL SYSTEMS OPERATING LICENSE APPLICATION SHINE MEDICAL TECHNOLOGIES, LLC DOCKET NO. 50-608

Background

The U.S. Nuclear Regulatory Commission (NRC) staff is continuing its review of the SHINE Medical Technologies, LLC (SHINE) operating license application, submitted by letter dated July 17, 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), in addition to Chapter 7, Instrumentation and Control Systems, of the SHINE final safety analysis report (FSAR) and responses to requests for additional information (RAI). This regulatory audit is intended to close technical gaps identified during the review of Chapter 7, as communicated periodically to SHINE in a Chapter 7 status tracker and documented in this plan.

Regulatory Audit Bases The licensees proposed instrumentation and control systems is being reviewed in accordance with the applicable regulatory requirements of Title 10 of the Code of Federal Regulations Part 50, Domestic Licensing of Production and Utilization Facilities. and applicable guidance provided in NUREG-1537, Guidelines for Preparing and Reviewing Applications for the Licensing of Non-Power Reactors, Part 1, Format and Content, and Part 2, Standard Review Plan and Acceptance Criteria, (ADAMS Accession Nos. ML042430055 and ML042430048, respectively).

Regulatory Scope The scope of this audit addresses updates to the SHINE FSAR and associated responses to RAIs on the Highly Integrated Protection System (HIPS), Target Solution Vessel (TSV)

Reactivity Protection System (TRPS), Engineered Safety Feature Actuation System (ESFAS).

Consistent with the regulatory basis specified in the system RAIs, this information will supplement the licensing review to understand and confirm how TRPS and ESFAS: (1) will perform its safety function including after a single failure and meeting requirements for environmental qualification, redundancy, diversity, and independence; (2) will have surveillance tests and intervals that give confidence that the equipment will reliably perform its safety function; and (3) has appropriate digital hardware and software verification and validation programs to provide confidence in design quality. The audit may also address additional information and FSAR revisions provided for other systems, such as the Process Integrated Control System (PICS). Therefore, any additional information identified from the audit that is needed to address a regulatory finding may also be documented in the audit report.

Desired Outcomes for the Audit The desired outcomes of the audit are to: (1) gain a better understanding of information underlying the application in the area of instrumentation and control systems, (2) identify specific information that will require docketing to support the basis of the licensing or regulatory decision; and (3) close open technical items or identify a closure path in the Audit Topics and Questions section of this audit plan.

Information and Material necessary for the Regulatory Audit SHINE will need to provide design documentation, as noted below, in the electronic reading room to support the audit, to resolve open technical items. The staff anticipates SHINE identifying additional documents that may address open technical items.

• ESFAS and TRPS Design Documents (e.g., as referenced in response to RAI 7-10)

Audit Team The NRC staff participating in this audit will be:

• Dinesh Taneja (NRR/DEX) - HIPS and ESFAS Lead, Audit Team Leader

• Norbert Carte (NRR/DEX) -TRPS Lead

• Michael Waters (NRR/DEX)

• Michael Balazik (NRR/DANU)

• Duane Hardesty (NRR/DANU)

• Jesse Seymour (NRR/DRO) - Human Factors Audit Team Logistics The virtual audit will be held on February 15, 2022, from 4:00pm to 5:00pm. This audit session will address the topics and questions as identified below. Should an additional audit session be needed, it will be scheduled accordingly. Additional audit sessions may be planned in advance, as new open technical items are identified, to support the understanding of information necessary to facilitate the continued review of the operating license application.

Deliverables At the completion of the regulatory audit, NRC staff will prepare a regulatory audit report, which will be issued within 60 days after the audit. New audit plans (including distinct entrance and exit discussions) will be issued as new open technical items are identified. Closure paths for each item will be captured in the Audit Topics and Questions section of this audit plan.

Audit Session: February 15, 2022, from 4:00pm to 5:00pm.

SECTION Open Items Closure Path & Information Needs (RCI Response, Supplement, Updated FSAR, etc.)

7.2 Design of Instrumentation and Control Systems 7.2.5 HIPS Design 7.2.5.1 HIPS Description

- Hard-Wired Module Open Technical Item 7.2.5-01 (HWM)

FSAR states, All TRPS components have self-testing capabilities, except the discrete APL of EIM which is functionally tested. Where in the FSAR or TS is periodic testing of HWMs discussed?

Please point where this is described in FSAR, or otherwise supplement the FSAR and TS to accurately reflect HWM testing (RAI).

- Equipment Interface Open Technical Item 7.2.5-02 Module (EIM)

FSAR, TRPS SSD, and ESFAS SSD state, All TRPS components have self-testing capabilities, except the discrete APL of EIM which is functionally tested. Figure 4-2, Overlap of Testing for the TRPS Platform and Figure 4-3, Overlap of Testing for the ESFAS Platform both show EIM High Drive Output being self-tested. These documents are inconsistent with the response to RAI 7-10.

Please explain this apparent inconsistency to staff and then update the FSAR to accurately reflect the use and crediting of self-testing capabilities (RAI).

- HIPS Module LEDs Open Technical Item 7.2.5-03 In response to the following statements:

• The ACTIVE LED will turn Red on a vital fault or when the module has one latch open

• The FAULT LED will never flash and not turn Red

• The FAULT LED will turn Yellow for any fault (non-vital or vital)

What color are these ACTIVE and FAULT LEDs during normal operations with no fault present? Please provide revised Tables 8-3 and 8-4 of the HIPS TR based on the SHINE design (RCI/RAI).

SECTION Open Items Closure Path & Information Needs (RCI Response, Supplement, Updated FSAR, etc.)

7.4 Target Solution Vessel Reactivity Protection System 7.4.2 TRPS Design Criteria 7.4.2.1.3 Protection System Open Technical Item 7.4.2-06 Reliability and Testability It is not clear how the 1/1 logic in Table 7.4.-1 meets the stated criteria above (i.e., no single failure results in loss of the protection function,).

Audit discussion on the trip logic of this function and how it addresses single failure.

Open Technical Item 7.4.2-07 The IF and TRPS has different operating modes and HIPS provides two modes in which an instrument channel can be removed from service: (1) it can be placed in trip, or (2) it can be placed in bypass (i.e., not tripped). It is not clear how the trip logic described in Table 7.4-1 meets single failure during operations concurrent with the instrument channel being removed from service during operation as inferred by the Technical Specifications and some narratives.

Staff is evaluating Single Failure analysis in electronic reading room.

Audit discussion to walk staff through Table 7.4-1 to explain how single failure is maintained with respect to stated trip logic when a channel is removed from service in bypass mode.

Open Technical Item Figure 7.4-1, TRPS Logic Diagrams (Sheet 7 of 14), indicates that in some cases both instrument channels and both actuation divisions A & B must be operable for the depicted functions to be performed. However, this contradicts NRC conventional definition of single failure, as provided in SDC15 (failure of one channel and ability to continue to provide intended monitoring and actuation functions).

Audit discussion to walk staff through Sheet 7 of 14 to explain operation of these channels and how single failure is achieved.

SECTION Open Items Closure Path & Information Needs (RCI Response, Supplement, Updated FSAR, etc.)

Open Technical Item 7.4.2-09 SHINE design criterion 15 requires inservice testability. The SE on the HIPS topical report states: The self-test capability of the discrete input circuit switch is evaluated by performing an open contact test and a closed contact test. In the TRPS some discrete inputs from the process (i.e., not just the trip/bypass switched) come into the system via the HWM and not the SFM. It is not clear how these inputs are readily testable Describe how these circuits are readily testable.

7.4.2.1.4 Protection System Open Technical Item 7.4.2-10 Independence FSAR Section 7.4.2.1.4 was revised to no longer credit manual means as the diverse method for actuation of the safety functions - therefore, the NRC no longer need to understand what process variables are used by the operators to decide when to initiate the safety functions by manual means.

It appears automatic diversity of the system will be solely credited in the FSAR. However, FSAR Section 7.4.5.2.4, Diversity was simultaneously revised to state: in each instance where a potential digital CCF could cause a failure to initiate protective actions, there exists either an alternate automatic means of mitigating events or an alternate means for the operator to identify, initiate, and assess protective actions. The FSAR contains an apparent contradiction of how the system partially addresses the fundamental design principle of diversity.

The staff accepts and prefers the use of manual diversity (that can be reasonably accomplished in needed timeframes) to address any limitation in design or functional diversity. However, such credit needs to be supported by a methodical assessment (e.g., D3 assessment).

Explain whether this is a contradiction in the FSAR and whether the existing D3 assessment credits manual operator action.