ML22153A408

From kanterella
Jump to navigation Jump to search
Rev 0 Dedication of Commercial-Grade Digital Instrumentation and Controls Items for Use in Nuclear Power Plants
ML22153A408
Person / Time
Issue date: 10/25/2022
From: Dinesh Taneja
NRC/NRR/DEX
To:
Eudy M
Shared Package
ML21355A004 List:
References
DG-1402 RG 1.250, Rev 0
Download: ML22153A408 (13)
v  d  e


Text

U.S. NUCLEAR REGULATORY COMMISSION REGULATORY GUIDE RG 1.250, Revision 0 Issue Date: October 2022 Technical Lead: Dinesh Taneja DEDICATION OF COMMERCIAL-GRADE DIGITAL INSTRUMENTATION AND CONTROL ITEMS FOR USE IN NUCLEAR POWER PLANTS A. INTRODUCTION Purpose This regulatory guide (RG) describes an approach that is acceptable to the staff of the U.S. Nuclear Regulatory Commission (NRC) to meet, in part, regulatory requirements for the dedication of commercial-grade digital instrumentation and control (I&C) items for use in nuclear power plant safety applications. It endorses, with clarifications, Nuclear Energy Institute (NEI) 17-06, Guidance on Using IEC 61508 SIL Certification to Support the Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Related Applications, Revision 1, issued December 2021 (Ref. 1), to supplement existing guidance.

Applicability This RG applies to holders of, or applicants for, a power reactor operating license or construction permit under Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities (Ref. 2), as well as holders of, or applicants for, a power reactor combined license under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants (Ref. 3). Specifically, this RG applies to the use of commercial grade items as basic components under 10 CFR Part 21, Reporting of Defects and Noncompliance (Ref. 4).

Applicable Regulations

Written suggestions regarding this guide may be submitted through the NRCs public Web site in the NRC Library at https://nrcweb.nrc.gov/reading-rm/doc-collections/reg-guides/, under Document Collections, in Regulatory Guides, at https://nrcweb.nrc.gov/reading-rm/doc-collections/reg-guides/contactus.html, and will be considered in future updates and enhancements to the Regulatory Guide series. During the development process of new guides suggestions should be submitted within the comment period for immediate consideration. Suggestions received outside of the comment period will be considered if practical to do so or may be considered for future updates.

Electronic copies of this RG, previous versions of RGs, and other recently issued guides are also available through the NRCs public web site in the NRC Library at https://nrcweb.nrc.gov/reading-rm/doc-collections/reg-guides/, under Document Collections, in Regulatory Guides. This RG is also available through the NRCs Agencywide Documents Access and Management System (ADAMS) at http://www.nrc.gov/reading-rm/adams.html, under ADAMS Accession Number (No.) ML22153A408. The regulatory analysis is associated with a rulemaking and may be found in ADAMS under Accession No. ML22003A181. The associated draft guide DG-1402 may be found in ADAMS under Accession No. ML ML22003A180, and the staff responses to the public comments on DG-1402 may be found under ADAMS Accession No. ML22153A416.

  • 10 CFR 50.34(a)(7) and 10 CFR 50.34(b)(6)(ii) refer to Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, to 10 CFR Part 50, for the requirements for a quality assurance (QA) program for the design and construction of nuclear power plants licensed or approved under 10 CFR Part 50 or 10 CFR Part 52. These regulations require preliminary and final safety analysis reports to include discussion of how applicable requirements of Appendix B will be satisfied.
  • 10 CFR 50.54(a)(3)-(4) establishes conditions to be included in every nuclear power reactor operating license issued under 10 CFR Part 50 and every combined license issued under 10 CFR Part 52 regarding how licensees may make changes to their QA programs in.
  • 10 CFR Part 50, Appendix B, Criterion III, Design Control, includes provisions for QA and quality control that are applicable to the acceptance and dedication process for commercial-grade digital I&C items. Criterion III design control requires, in part, measures for the selection and review for suitability of application of materials, parts, equipment, and processes that are essential to the safety-related functions of the structures, systems, and components. These measures are applicable to a commercial-grade digital equipment for use as a basic component in a digital I&C system.
  • 10 CFR Part 50, Appendix B, Criterion VII, Control of Purchased Material, Equipment, and Services, requires that measures shall be established to assure that purchased material, equipment, and services, whether purchased directly or through contractors and subcontractors, conform to the procurement documents. These measures shall include provisions, as appropriate, for source evaluation and selection, objective evidence of quality furnished by the contractor or subcontractor, inspection at the contractor or subcontractor source, and examination of products upon delivery. Documentary evidence that material and equipment conform to the procurement requirements shall be available at the nuclear power plant or fuel reprocessing plant site prior to installation or use of such material and equipment. This documentary evidence shall be retained at the nuclear power plant or fuel reprocessing plant site and shall be sufficient to identify the specific requirements, such as codes, standards, or specifications, met by the purchased material and equipment. The effectiveness of the control of quality by contractors and subcontractors shall be assessed by the applicant or designee at intervals consistent with the importance, complexity, and quantity of the product or services.
  • 10 CFR 52.79(a)(25) requires applicants for combined licenses to include a description of the QA program, applied to the design, and to be applied to the fabrication, construction, and testing, of the structures, systems, and components of the facility. It notes that Appendix B to 10 CFR part 50 sets forth the requirements for QA programs for nuclear power plants. The description of the QA program for a nuclear power plant must include a discussion of how the applicable requirements of Appendix B to 10 CFR part 50 have been and will be satisfied, including a discussion of how the QA program will be implemented.

Related Guidance

  • Regulatory Guide 1.164, Dedication of Commercial-Grade Items for Use in Nuclear Power Plants (Ref. 5), describes methods that the NRC staff considers acceptable in meeting regulatory requirements for the dedication of commercial-grade items and services used in nuclear power plants.

RG 1.250, Rev. 0, Page 2

  • Electrical Power Research Institute (EPRI) TR-106439, Guidance on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Application, issued October 1996 (Ref. 6). As indicated in the NRC staffs safety evaluation report (Ref. 7), EPRI TR-106439 contains a method acceptable to the NRC staff for dedicating commercial-grade digital equipment for use in nuclear power plant safety applications and meets the requirements of 10 CFR Part 21.

Purpose of Regulatory Guides The NRC issues RGs to describe methods that are acceptable to the staff for implementing specific parts of the agencys regulations, to explain techniques that the staff uses in evaluating specific issues or postulated events, and to describe information that the staff needs in its review of applications for permits and licenses. Regulatory guides are not NRC regulations and compliance with them is not required. Methods and solutions that differ from those set forth in RGs are acceptable if supported by a basis for the issuance or continuance of a permit or license by the Commission.

Paperwork Reduction Act This RG provides voluntary guidance for implementing the mandatory information collections in 10 CFR Parts 21, 50, and 52 that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). These information collections were approved by the Office of Management and Budget (OMB),

under control numbers 3150-0035, 3150-0011, and 3150-0151, respectively. Send comments regarding this information collection to the FOIA, Library, and Information Collections Branch (T6-A10M),

U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by e-mail to Infocollects.Resource@nrc.gov, and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0035, 3150-0011, and 3150-0151), Office of Management and Budget, Washington, DC, 20503.

Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the document requesting or requiring the collection displays a currently valid OMB control number.

RG 1.250, Rev. 0, Page 3

B. DISCUSSION Reason for Issuance The NRC staff is issuing a new RG to endorse, with clarifications, NEI 17-06, which provides supplemental guidance on an approach for licensees and applicants to determine acceptability of the dependability critical characteristics of digital equipment during the dedicating process pursuant to 10 CFR Part 21. NEI 17-06 leverages an internationally recognized safety integrity level (SIL) certification process that relies on International Electrotechnical Commission (IEC) 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems, Edition 2.0, issued April 2010 (Ref. 8). Before this RG, there was no guidance available for accepting a third-party certification to support verifying critical characteristics of digital equipment. This RG provides guidance on an acceptable method to support verifying a digital I&C items dependability critical characteristics based on an accredited certification of compliance with an IEC 61508 SIL.

Background

The application of digital technology to the design and configuration of nuclear power plant safety systems requires careful consideration of NRC guidance pertaining to safety system architecture, failure modes and effects analysis, and the application of defense in depth principles. Prior to the selection of equipment to be used in accomplishing the required safety functions, a proposed digital safety system design should be completed, evaluated, and accepted to the extent that all required characteristics of the proposed digital safety system design have been identified and specified, and the dedication process only begins when the design is complete and accepted. The equipment that is selected to perform the required safety functions must be shown to meet applicable technical and quality requirements.

The process of dedication of commercial-grade equipment for use in safety-related applications may be applied to nuclear power plants. Dedication is an acceptance process to provide reasonable assurance that a commercial-grade item will perform its intended safety function and, in this respect, is deemed equivalent to an item designed and manufactured under a QA program under 10 CFR Part 50, Appendix B.

RG 1.164 describes methods that the NRC staff considers acceptable in meeting regulatory requirements for the dedication of commercial-grade items and services used in nuclear power plants.

RG 1.164 endorses, with exceptions or clarifications, EPRI 3002002982, Plant Engineering: Guideline for the Acceptance of Commercial-Grade Items in Nuclear Safety-Related Applications, Revision 1 to EPRI NP-5652 and TR-102260, issued September 2014 (Ref. 9). A history of commercial-grade dedication of items and services in the nuclear industry is documented in the background section of RG 1.164. In part, EPRI 3002002982 provides guidance for two methods: Method 2Commercial-Grade Survey, and Method 4Item/Supplier Performance Record. The use of an accredited SIL certification to IEC 61508 relates to these two methods. EPRI 3002002982, Section 14.1, Digital Equipment and Computer Programs Integral to Plant SSCs references TR-106439, which the NRC staff evaluated as documented in a safety evaluation report (Ref. 7). Where RG 1.164 and EPRI 3002002982 consider the broad scope of dedication of commercial-grade items, TR-106439 provides guidance specific to digital equipment.

In part, TR-106439 provides acceptance criteria and methods of verification for the critical characteristics of dependability. TR-106439 states that the verification of dependability characteristics typically involves a commercial-grade survey of the vendors processes (Method 2) and a review of the vendor performance record and product operating history (Method 4). The NRC staff safety evaluation RG 1.250, Rev. 0, Page 4

report (Ref. 7) highlights that TR-106439 proposes a combination of methods, including Methods 2 and 4, for digital I&C items. As documented in the NRC staff safety evaluation report for TR-106439, the NRC staff determined that TR-106439 contains an acceptable method for dedicating commercial-grade digital equipment for use in nuclear power plant safety applications and meets the requirements of 10 CFR Part 21. The NRC staff further concluded that when digital equipment is dedicated using the methods described in TR-106439, it may be considered equivalent to digital equipment designed and manufactured under a 10 CFR Part 50, Appendix B, QA program. The NRC staff noted that licensees referencing TR-106439 should document application-specific details about the dedication process and specific critical characteristics.

Section 4.2 of TR-106439 provides guidance for defining and verifying critical characteristics that will provide reasonable assurance that the item will perform its intended safety function. This guidance states:

a complete definition of requirements, including hardware, software, human-machine interface, quality, and reliability requirements, is an important prerequisite for dedication of a commercial-grade item. It is especially important for digital equipment, where experience has shown that many of the problems that occur are due to inadequate definition of requirements. For software-based equipment, in addition to design requirements for the intended functions and anticipated failure modes, it is particularly important to identify requirements related to unused, and unintended or prohibited functions.

The types of critical characteristics considered within TR-106439 for many types of devices include physical or performance characteristics. For digital equipment, however, a third type of characteristic, referred to as dependability, is identified as being important when dedicating digital equipment that includes software. Dependability characteristics address attributes that are difficult to verify through testing or inspection alone and are heavily influenced by the quality of the processes used to produce the device or software. High-quality software is typically achieved by building quality in, using a systematic life cycle development approach that includes validation and verification steps at each stage of the development life cycle. The degree of dependability of digital devices is also influenced by the incorporation of designed-in elements to provide a robust hardware and software architecture, self-checking features, hardware- or software-based watchdog timers, and controlled failure management, such as use of redundant processors with automatic fail-over capabilities.

An evaluation process that incorporates a critical examination of hardware and software development processes, design features (e.g., fault tolerance, diagnostic monitoring coverage, fail-safe design), and historical operating performance is used to assess the overall dependability of a digital device. TR-106439 refers to this assessment as a critical digital review (CDR). The CDR relies on an understanding of the specific programmable logic and hardware features embodied in the design, to verify that they are correct and appropriate considering the intended application.

Table 4-1 in TR-106439 summarizes a set of attributes associated with dependability critical characteristics for digital equipment. This table provides acceptance criteria, methods of verification, and remarks on the application of those methods of verification. Table 4-2 in TR-106439 identifies examples of design factors that can be evaluated in assessing digital item quality. However, TR-106439 states, The dedicator must determine which activities are appropriate for each application. In general, the choice and extent of activities undertaken to verify adequate quality, and the specific criteria applied in making the assessment, depend on the safety significance and complexity of the device. Ultimately, this process necessitates a high level of engineering judgment and can result in variability among reviewers. Further, RG 1.250, Rev. 0, Page 5

the CDR relies on a survey team that includes specialists who understand the device design, programmable logic, and system in which it will be applied, in addition to QA and programmatic issues.

IEC 61508 is an international, performance-based standard for the functional safety of electrical, electronics, and programmable electronic equipment that addresses standardization issues raised by the use of programmable electronic systems. IEC 61508 defines standards for manufacturers to follow during product development to ensure that their products will have a predictably high level of resistance to random hardware and systematic design failures. Nuclear industry studies conducted within the past few years indicate that devices certified to conform to the provisions of the standard can be expected to experience a low probability of failure on demand and to be relatively free from design flaws leading to systematic failures.

The IEC 61508 standard is composed of seven parts:

(1) Part 1: General requirements (2) Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems (3) Part 3: Software requirements (4) Part 4: Definitions and abbreviations (5) Part 5: Examples of methods for the determination of safety integrity levels (6) Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 (i.e., Parts 2 and 3)

(7) Part 7: Overview of techniques and measures The goal of IEC 61508, and of functional safety in general, is for the automatic safety functions to perform their intended functions correctly or for the system to fail in a safe and predictable manner.

The standard focuses attention on risk-based safety-related system design and ensures the attention to detail that is vital to safe system design.

Manufacturers of electronic and programmable electronic equipment for safety applications seek independent third-party certification to ensure functional safety in accordance with IEC 61508. This certification verifies key criteria within IEC 61508 to demonstrate the reliability goals and the systematic capability specifications for a targeted SIL. Compliance is evaluated by accredited third-party certifying bodies that assess and certify that a product has been designed and developed in accordance with the standard. The certifying bodies follow a rigorous process that verifies that a products hardware and software design as well as its manufacturing and quality control procedures satisfy the IEC 61508 standards established for the products SIL claim. The certifying bodies also verify the products built-in fault detection capabilities in addition to performing a failure modes, effects, and diagnostics analysis to ascertain failure rate data needed for use in verifying the SIL. The certifying bodies also analyze a devices failure data in actual field experience (historical use). Upon completion of the verification and analysis process, the certifying bodies will provide a certificate of compliance to IEC 61508 criteria and document the results of their analysis in the form of a certification report. The product safety manual describes the conditions of use under which the product has been found to meet the predicted failure rate and that must be maintained by the user to ensure the device will continue to comply with the failure rate provisions of the IEC 61508 standard.

To be established as a credible entity, the certifying body is accredited by the national accrediting body. The accrediting body ensures that a certifying body is competent to perform the necessary evaluations of the manufacturers products. In the United States, the currently recognized accrediting body is the American National Standards Institute National Accrediting Board (ANAB). Accrediting bodies around the world are linked under the International Accreditation Forum Multilateral Recognition Arrangement.

RG 1.250, Rev. 0, Page 6

Since early 2016, external nuclear power industry stakeholders have engaged the NRC staff about SIL certification, the certification process, and the accreditation process. From this engagement, the NEI produced NEI 17-06, which provides guidance for the use of an accredited SIL certification to IEC 61508 within a digital I&C items dedication for its critical characteristics of dependability. This topic has been part of related agency activities to modernize the NRC regulatory infrastructure to enable the expanded safe use of digital I&C (Ref 10).

Under NEI 17-06, the critical characteristic of dependability described in TR-106439 for commercial grade dedication of electronic and programmable electronic equipment is verified if the equipment is manufactured to an appropriate SIL level in conformance with IEC 61508. The dedicating entity verifies the dependability critical characteristics, i.e., that the equipment is manufactured to the appropriate SIL through inspections, tests, or analyses supplemented by a commercial grade survey.

Under NEI 17-06, the commercial grade survey takes the form of certification under IEC 61508 (which uses ISO/IEC 17065, Conformity assessment Requirements for bodies certifying products, processes and services, (Ref 11) for the certification process) by an accredited certifying body. The dedicating entity, in accordance with NEI 17-06, dedicates the certification as a commercial grade service provided by the certifying body. Therefore, the NRC staff considers SIL certification as described in NEI 17-06 to be a commercial grade survey for the purposes of 10 CFR Part 21. Verification of acceptability of the certifying bodys commercial grade surveys is supplemented by the dedicating entitys own commercial grade survey, either through observation of the accreditation of the certifying body or observation of a certification using the checklist provided in NEI 17-06, Appendix D. Thus, a dedicating entity need only dedicate the services of the certifying body on a periodic basis.

The NRC staff has reviewed IEC 61508, 2.0 Edition and ISO/IEC 17065:2012 for use as described in NEI 17-06 and observed the accreditation of exida.com LLC by ANAB in 2021. The NRC staffs review and observation show that IEC 61508 process has many parallels to the requirements of 10 CFR Part 50, Appendix B and, therefore, the staff concludes that SIL certification by exida.com LLC or other ANAB accredited certifying bodies is a reliable method for verifying acceptability of the dependability critical characteristics of electronic and programmable electronic equipment, if dedicated in conformance with the staff positions described in section C below.

Consideration of International Standards The International Atomic Energy Agency (IAEA) works with member states and other partners to promote the safe, secure, and peaceful use of nuclear technologies. The IAEA develops Safety Requirements and Safety Guides for protecting people and the environment from harmful effects of ionizing radiation. This system of safety fundamentals, safety requirements, safety guides, and other relevant reports, reflects an international perspective on what constitutes a high level of safety. To inform its development of this RG, the NRC staff considered IAEA Safety Requirements and Safety Guides pursuant to the Commissions International Policy Statement (Ref. 12) and Management Directive and Handbook 6.6, Regulatory Guides (Ref. 13).

The NRC staff did not identify any IAEA Safety Requirements or Guides with information related to the topic of this RG.

Documents Discussed in Staff Regulatory Guidance This RG endorses, in part, the use of one or more codes or standards developed by external organizations, and other third-party guidance documents. These codes, standards, and third-party guidance documents may contain references to other codes, standards or third-party guidance documents (secondary references). If a secondary reference has itself been incorporated by reference into NRC RG 1.250, Rev. 0, Page 7

regulations as a requirement, then licensees and applicants must comply with that standard as set forth in the regulation. If the secondary reference has been endorsed in a RG as an acceptable approach for meeting an NRC requirement, then the standard constitutes a method acceptable to the NRC staff for meeting that regulatory requirement as described in the specific RG. If the secondary reference has neither been incorporated by reference into NRC regulations nor endorsed in a RG, then the secondary reference is neither a legally-binding requirement nor a generic NRC approved acceptable approach for meeting an NRC requirement. However, licensees and applicants may consider and use the information in the secondary reference, if appropriately justified, consistent with current regulatory practice, and consistent with applicable NRC requirements.

RG 1.250, Rev. 0, Page 8

C. STAFF REGULATORY GUIDANCE

1. The NRC staff endorses, with the following clarifications, NEI 17-06, Revision 1, as a method acceptable to the staff on using IEC 61508 SIL certification to support the acceptance of commercial-grade digital equipment that is dedicated as a basic component in accordance with EPRI TR-106439.
a. NEI 17-06 states that it describes a method for using the accredited SIL certification process in lieu of a commercial grade survey as a dedication acceptance method to provide reasonable assurance that the dependability critical characteristics of digital devices are adequately controlled. The NRC staff considers SIL certification to be a commercial grade survey for the purposes of 10 CFR Part 21 and understands that NEI means the SIL certification process is in lieu of the commercial grade survey method described in EPRI 3002002982. Thus, the NRC staff considers dedication of the certifying bodys services and verification of certification to the appropriate SIL to be adequate to verify dependability critical characteristics for use in the method described in EPRI TR 106439.
b. NEI 17-06 states, among other things, that the certifying bodys services should be dedicated by

[a] U.S. NRC licensee, their designee, or the dedicating entity. To be clear, each dedicating entity should dedicate the services of each certifying body whose certificates the dedicating entity wishes to rely on, and should not rely on dedication by, e.g., another NRC licensee. Accreditation activity observations performed in accordance with NEI 17-06 Section 5.3 may be performed by a U.S. NRC licensee, their designee, or the dedicating entity. If more than one licensee or dedicating entity intends to use SIL certification from a single certifying body, a licensee or dedicating entity may either perform commercial grade dedication of the certifying body or arrange for commercial grade dedication of the certifying body on behalf of itself and other licensees or dedicating entities to reduce the number of commercial grade dedications of the certifying body. The scope of this commercial grade dedication should address the needs of all the purchasers, and all the purchasers for whom the commercial grade dedication was conducted should receive the relevant records. Each of the licensees or dedicating entities relying on the results of a commercial grade dedication performed on behalf of licensees or dedicating entities remains individually responsible for the adequacy of the commercial grade dedication.

c. Section 7.3 of NEI 17-06 states, [t]he U.S. nuclear industry observations will be performed initially on a three (3) year frequency with the possibility of re-evaluating the frequency based on the results of the observations. To be consistent with NRC staff-accepted practices, the certifying bodies IEC 61508 SIL certification process should be observed every 3 years.
d. Section 1.4 of NEI 17-06 states, [a] commercial grade item is an item that is not a basic component. This would not be a correct definition for compliance with NRC requirements. To clarify, 10 CFR 21.3 defines a basic component to include a commercial grade item that has completed the dedication process. Thus, when the NRC uses the term basic component, that term includes dedicated commercial grade items. As stated in 10 CFR 21.3, [w]hen applied to nuclear power plants licensed pursuant to 10 CFR Part 50, commercial grade item means a structure, system, or component, or part thereof that affects its safety function, that was not designed and manufactured as a basic component.
e. Section 6.3 of NEI 17-06 provides guidance to verify certificates with the issuing certifying body to ensure the certificate is not expired or otherwise invalidated. Dedicating entities should RG 1.250, Rev. 0, Page 9

implement that guidance for all certificates to avoid acceptance of counterfeit or fraudulent certificates.

2. The NRC staff endorses, with the following clarifications, the use of IEC 61508, Edition 2.0 as described in NEI 17-06.
a. The NRC staff is aware that unaccredited certifying bodies exist that claim to provide SIL certification under IEC 61508. However, NEI 17-06 reiterates that certifying bodies be accredited by signatories to the International Accreditation Forum Multilateral Recognition Arrangement.

The NRC staff has not reviewed and is not endorsing the use of SIL certification by certifying bodies that have not been accredited in conformance with the mutual recognition arrangement as described in NEI 17-06. Therefore, dedicating entities should verify the certifying bodys accreditation consistent with the guidance in section 6.3 of NEI 17-06.

b. The NRC staff recognize that manufacturers and certifying bodies may use later editions of IEC 61508, and that NEI 17-06 does not appear to limit itself to the use of Edition 2.0, but the NRC staff can only endorse editions of standards that the NRC staff have specifically reviewed. In the event that dedicating entity wishes to dedicate an item manufactured and certified under a later edition of IEC 61508, the dedicating entity should verify that the substantive standards of the later edition related to the dependability characteristic remain unchanged from the 2.0 Edition the NRC staff is endorsing in this RG. Note, however, that dedicating entities relying on certification under a later edition than endorsed by this RG will be responsible for ensuring that the item meets the requirements of 10 CFR Part 21 and Appendix B to Part 50.
3. The NRC staff endorses the use of ISO/IEC 17065:2012 for use by certifying bodies to perform commercial grade surveys as described in NEI 17-06.

RG 1.250, Rev. 0, Page 10

D. IMPLEMENTATION The NRC staff may use this RG as a reference in its regulatory processes, such as licensing, inspection, or enforcement. However, the NRC staff does not intend to use the guidance in this RG to support NRC staff actions in a manner that would constitute backfitting as that term is defined in 10 CFR 50.109, Backfitting, and as described in NRC Management Directive 8.4, Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests (Ref. 14), nor does the NRC staff intend to use the guidance to affect the issue finality of an approval under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants. The staff also does not intend to use the guidance to support NRC staff actions in a manner that constitutes forward fitting as that term is defined and described in Management Directive 8.4. If a licensee believes that the NRC is using this regulatory guide in a manner inconsistent with the discussion in this Implementation section, then the licensee may file a backfitting or forward fitting appeal with the NRC in accordance with the process in Management Directive 8.4.

RG 1.250, Rev. 0, Page 11

REFERENCES 1

1. Nuclear Energy Institute, NEI 17-06, Guidance on Using IEC 61508 SIL Certification to Support the Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Related Applications, Revision 1, Washington, DC, December 2021 (Agencywide Documents and Management System (ADAMS) Accession No. ML21337A380).2
2. U.S. Code of Federal Regulations (CFR), Domestic Licensing of Production and Utilization Facilities, Part 50, Chapter 1, Title 10, Energy.
3. CFR, Licenses, Certifications, and Approvals for Nuclear Power Plants, Part 52, Chapter 1, Title 10, Energy.
4. CFR, Reporting of Defects and Noncompliance, Part 21, Chapter 1, Title 10, Energy.
5. U.S. Nuclear Regulatory Commission (NRC), Regulatory Guide (RG) 1.164, Dedication of Commercial-Grade Items for Use in Nuclear Power Plants, Washington, DC.
6. Electric Power Research Institute (EPRI), TR-106439, Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications, Palo Alto, CA, October 1996.3
7. NRC, Safety Evaluation by the Office of Nuclear Reactor Regulation Electric Power Research Institute Topical Report, TR-106439, Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications, July 17, 1997 (ADAMS Accession No. ML12205A284).
8. International Electrotechnical Commission (IEC), IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems, Edition 2.0, Geneva, Switzerland, April 2010.4
9. EPRI, 3002002982, Plant Engineering: Guideline for the Acceptance of Commercial-Grade Items in Nuclear Safety-Related Applications, Revision 1 to EPRI NP-5652 and TR-102260, Palo Alto, CA, September 2014 (ADAMS Accession No. ML18199A161).

1 Publicly available NRC published documents are available electronically through the NRC Library on the NRCs public Web site at http://www.nrc.gov/reading-rm/doc-collections/ and through the NRCs Agencywide Documents Access and Management System (ADAMS) at http://www.nrc.gov/reading-rm/adams.html. The documents can also be viewed online or printed for a fee in the NRCs Public Document Room (PDR) at 11555 Rockville Pike, Rockville, MD. For problems with ADAMS, contact the PDR staff at 301-415-4737 or (800) 397-4209; fax (301) 415-3548; or e-mail pdr.resource@nrc.gov.

2 Publications from the Nuclear Energy Institute (NEI) are available at their Web site: http://www.nei.org/ or by contacting the headquarters at Nuclear Energy Institute, 1776 I Street NW, Washington DC 20006-3708, Phone: 202-739-800, Fax 202-785-4019.

3 Copies of Electric Power Research Institute documents may be obtained through their website https://www.epri.com/research/products/; by writing the Electric Power Research Institute, 3420 Hillview Avenue, Palo Alto, CA 94304; by telephone (800) 313-3774; or by e-mail askepri@epri.com.

4 Copies of International Electrotechnical Commission (IEC) documents may be obtained through their website http://www.iec.ch/; by writing the IEC Central Office, 3 rue de Varembé, P.O. Box 131, 1211 Geneva 20, Switzerland; or by telephone + 41 22 919 0211.

RG 1.250, Rev. 0, Page 12

10. NRC, SECY-21-0091, Annual Update on Activities to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Controls Regulatory Infrastructure, Washington, DC, October 25, 2021 (ML21253A212).
11. ISO/IEC 17065, Conformity assessment Requirements for bodies certifying products, processes and services, First Edition, Geneva, Switzerland, September 20125
12. NRC, Nuclear Regulatory Commission International Policy Statement, Federal Register, Vol. 79, No. 132, pp. 39415-39418 (79 FR 39415), Washington, DC, July 10, 2014.
13. NRC, Management Directive (MD) 6.6, Regulatory Guides, Washington, DC.
14. NRC, MD 8.4. Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests.

5 Copies of International Organization for Standardization (ISO) documents may be obtained through their website http://www.iso.org; by writing the ISO copyright office, Post Office Box 56, 1211 Geneva 20, Switzerland; or by telephone + 41 22 749 01 11.

RG 1.250, Rev. 0, Page 13

Retrieved from "https://kanterella.com/w/index.php?title=ML22153A408&oldid=3519227"