ML22216A112
| ML22216A112 | |
| Person / Time | |
|---|---|
| Site: | SHINE Medical Technologies |
| Issue date: | 08/08/2022 |
| From: | Joshua Borromeo NRC/NRR/DANU/UNPL |
| To: | Piefer G SHINE Technologies |
| Cruz H | |
| References | |
| EPID L-2019-NEW-0004 | |
| Download: ML22216A112 (9) | |
Text
Dr. Gregory Piefer Chief Executive Officer SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546
SUBJECT:
SHINE TECHNOLOGIES, LLC REGULATORY AUDIT OF PROGRAMMABLE LOGIC LIFECYCLE IN OPERATING LICENSE APPLICATION (EPID NO. L-2019-NEW-0004)
Dear Dr. Piefer:
The U.S. Nuclear Regulatory Commission (NRC) staff has prepared an audit plan related to the review of the highly integrated protection system programmable logic lifecycle within chapter 7, Instrumentation and Control Systems, of the SHINE Medical Technologies, LLC operating license application. The enclosed audit plan provides the regulatory basis for the audit, describes the scope of the audit, identifies the audit team, and provides a listing of audit questions.
The audit will be conducted at the Rock Creek Innovations facility in New Strawn, Kansas, and is intended to close gaps identified during the technical review. As such, the audit will be held on August 9-11, 2022. Additional audit sessions may be scheduled to support the continued review of the operating license application.
Following completion of the audit, the NRC staff will provide an audit report. The summary will include a description of any information identified during the audit that will need to be docketed to supplement the application and allow the NRC staff to continue its review.
August 8, 2022
G. Piefer If you have any questions, please contact me at (301) 415-1217, or by electronic mail at Joshua.Borromeo@nrc.gov.
Sincerely, Joshua M. Borromeo, Chief Non-Power Production and Utilization Facility Licensing Branch Division of Advanced Reactors and Non-Power Production and Utilization Facilities Office of Nuclear Reactor Regulation Docket No. 50-608 Construction Permit No. CPMIF-001
Enclosure:
As stated cc: See next page Signed by Borromeo, Joshua on 08/08/22
SHINE Technologies, LLC Docket No. 50-608 cc:
Jeff Bartelme Licensing Manager SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546 Nathan Schleifer General Counsel SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546 Christopher Landers Director, Office of Conversion National Nuclear Security Administration, NA 23 U.S. Department of Energy 1000 Independence Ave SW Washington, DC 20585 Mark Paulson, Supervisor Radiation Protection Section Wisconsin Department of Health Services P.O. Box 2659 Madison, WI 53701-2659 Test, Research and Training Reactor Newsletter Attention: Amber Johnson Dept of Materials Science and Engineering University of Maryland 4418 Stadium Drive College Park, MD 20742-2115 Mark Freitag City Manager P.O. Box 5005 Janesville, WI 53547-5005 Bill McCoy 1326 Putnam Avenue Janesville, WI 53546 Alfred Lembrich 541 Miller Avenue Janesville, WI 53548
ML22216A112 NRR-106 OFFICE NRR/DANU/PM NRR/DANU/BC NAME HCruz JBorromeo DATE 8/4/2022 8/8/2022
Enclosure OFFICE OF NUCLEAR REACTOR REGULATION REGULATORY AUDIT PLAN REGARDING PROGRAMMABLE LOGIC LIFECYCLE OPERATING LICENSE APPLICATION SHINE TECHNOLOGIES, LLC DOCKET NO. 50-608
Background
The U.S. Nuclear Regulatory Commission (NRC) staff is continuing its review of the SHINE Technologies, LLC (SHINE) operating license application, submitted by letter dated July 17, 2019 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), in addition to the highly integrated protection system (HIPS) programmable logic lifecycle within chapter 7, Instrumentation and Control Systems, of the SHINE final safety analysis report (FSAR) and responses to requests for additional information. This regulatory audit is intended to close technical gaps identified during the review of chapter 7, and documented in this plan.
Regulatory Audit Bases The licensees proposed instrumentation and control systems is being reviewed in accordance with the applicable regulatory requirements of Title 10 of the Code of Federal Regulations Part 50, Domestic Licensing of Production and Utilization Facilities, and applicable guidance provided in NUREG-1537, Guidelines for Preparing and Reviewing Applications for the Licensing of Non-Power Reactors, Part 1, Format and Content, and Part 2, Standard Review Plan and Acceptance Criteria (ML042430055 and ML042430048, respectively).
Regulatory Scope The scope of this audit addresses updates to the SHINE FSAR in the area of the HIPS programmable logic lifecycle, provided in chapter 7. The audit may also address additional information and FSAR revisions provided for other systems. Therefore, any additional information identified from the audit that is needed to address a regulatory finding may also be documented in the audit report. The following topics as described in FSAR Sections 7.4.2.2.2, 7.4.5.4, and 7.5.2.2.2 will be addressed in the audit:
Software Verification and Validation (V&V) - Verify the programable logic V&V program meets the requirements of IEEE Std. 1012, IEEE Standard for Software Verification and Validation, and the V&V program is implemented in a manner which reliably verifies and validates the design outputs at each stage of the programmable lifecycle development process.
Configuration Management - Verify the configuration management system has the appropriate hardware and software under configuration management, and the configuration management system is effectively controlling the items under configuration.
Quality Assurance - Verify that the Quality Assurance (QA) program used for highly integrated protection system (HIPS) core logic implementation is effective in controlling the development process to assure quality of the SHINE target solution vessel reactivity protection system (TRPS) and engineered safety features actuation system (ESFAS) applications.
Software Safety - Verify that software safety plans and procedures used for safety analysis activities are adequate to determine that HIPS programable logic is safe to be used for safety related applications.
Secure Development Environment - Verify the HIPS systems development environment.
The results of this audit activity will be used to determine conformance to the secure development environment and access control criteria.
Desired Outcomes for the Audit The desired outcomes of the audit are to: (1) gain a better understanding of information underlying the application in the area of the HIPS programmable logic lifecycle within chapter 7, Instrumentation and Control Systems, (2) identify specific information that will require docketing to support the basis of the licensing or regulatory decision; and (3) close open technical items or identify a closure path in the Audit Topics and Questions section of this audit plan.
Information and Material necessary for the Regulatory Audit If it would benefit the resolution of any of the items, the NRC staff is aware of documents that may address some issues based on the title/description. The NRC staff also notes that information that could support the information requests may be found in other SHINE internal documentation.
Plans related to Software Verification and Validation (V&V), Configuration Management, Quality Assurance, Software Safety, Secure Development Environment,
Any completed reports and documents, which resulted from following the plans (e.g.,
V&V Phase summary report, requirements specification),
All Rock Creek process and procedures (in electronic form) that were used or followed, and
All SHINE documents considered as design input.
The audit team also requires access to the current Project Traceability Matrix in order to observe that applicable functional requirements are correctly implemented in the HIPS system.
Audit Team The NRC staff participating in this audit will be:
Dinesh Taneja (NRR/DEX) - Audit Team Leader
Norbert Carte (NRR/DEX) - Technical Reviewer, virtual
Michael Waters (NRR/DEX) - Observer
Steve Ruffin (NRR/DEX) - Observer
Michael Balazik (NRR/DANU) - Observer, virtual Audit Team Logistics The audit will be held on August 9-10, 2022, from 8:00am to 5:30pm and on August 11, 2022, from 8:00am to 11:00pm central time. The audit will be conducted virtually and in-person at Rock Creeks facilities in New Strawn, Kansas. This audit session will address the topics and questions as identified below. Should an additional audit session be needed, it will be scheduled accordingly. Additional audit sessions may be planned in advance, as new open technical items are identified, to support the understanding of information necessary to facilitate the continued review of the operating license application. Our tentative schedule for the HIPS Core Logic audit is as follows:
HIPS Core Logic Tuesday, August 9 (8:00 am - 5:30 pm Central Time)
(8:00 am) Entrance meeting - NRC staff: Review purpose of audit, goals, and good communication practices (virtual)
(Approximately 8:30 am) Rock Creek provide an overview of the HIPS core logic development process and how current lifecycle process documents fit together (virtual)
Rock Creek provide an overview of the current project status o
Overview of Self-diagnostic features of each module
Misbehaviors and response
Establish Documentation Flow processes and review requirements traceability matrix.
Audit team to jointly work on selected requirements threads to evaluate effectiveness of HIPS core logic development processes.
o Trace Self diagnostics feature from sensor input to HIPS through equipment interface module (EIM) output
Identification of work remaining for the application development phase (e.g., TRPS, ESFAS & process integrated control system [PICS] interface specific programming or configuration) o Trace Self diagnostics associated with digital inputs to the hardwire module (HWM)
(4:00 pm) Daily Debrief - meeting with Rock Creek/SHINE to discuss status of audit, outstanding requests or documents, issues or concerns, audit items for Wednesday (virtual).
Wednesday, August 10 (8:00 am - 5:30 pm)
(8:00 am) Meeting between NRC staff and Rock Creek to discuss activities and logistics for the day (virtual)
Equipment demonstration
Review of HIPS documentation / Continue Thread reviews.
(NRC Staff determine time) NRC staff internal meeting (private space need) - Discuss audit observations, need for additional information or additional audit activities (virtual)
Provide follow-up questions to Rock Creek.
(4:00 pm) Daily Debrief - meeting with Rock Creek/SHINE to discuss status of audit, outstanding requests or documents, issues or concerns, audit items for Thursday (virtual)
Thursday, August 11 (8:00 am - 11:00 am)
(8:00 am) Review meeting to discuss any open items regarding core logic V&V (virtual).
(10:00 am) NRC staff internal meeting (10:00 AM) - Identification / resolution of any open items (virtual)
(10:30 am) Exit meeting - NRC staff/SHINE/Rock Creek - general overview of observations & identification of any open items (virtual)
TRPS and ESFAS This audit will be conducted virtually or at the Rock Creeks facilities New Strawn, Kansas. The audit is scheduled for October 2022, based on projected Requirements Development Schedule.
Electronic access to all Rock Creek documentation of processes and procedures used in HIPS development Deliverables At the completion of the regulatory audit, the NRC staff will prepare a regulatory audit report, which will be issued within 60 days after the audit. New audit plans (including distinct entrance and exit discussions) will be issued as new open technical items are identified. Closure paths for each item will be captured in the audit topics and questions section of this audit plan.
Audit Topics and Questions:
1.
Provide an overview of the V&V development process.
2.
In what phase of the lifecycle is the HIPS core logic development?
3.
Are the HIPS core logic development activities specific to the SHINE application or generically applicable to any other applications of the HIPS platform?
4.
What tool-based reports become part of the official record?
5.
Why is there adequate confidence in these tools?
6.
Quality assurance requirements imposed on HIPS hardware and core logic development 7.
Self-testing of input signals, mA, RTD, VDC, Thermocouple (mV) 8.
Any self-testing capabilities for discrete inputs to SFM and/or HWM 9.
Simulation of internal board failures
- 10. Simulation of fault (degraded condition) in redundant 5VDC power supply to HIPS modules
- 11. Self-testing safety data bus communications (HIPS-DR0305, DR0073, DR0074, DR0075, etc.)
- 12. Chassis slot ID read and latch design that allows only the designated FPGA type modules
- 13. Independence of safety and non-safety data buses
- 14. Is HIPS platform intended to undergo SIL certification to IEC 61508, if yes, then to what SIL level?
- 15. HIPS module cycle timing and clock domain
- 16. HIPS TMR Cores independence, timing, fault detection, integrity verification, etc. (HIPS-DR0211)
- 17. RCI-990-9200-7100 Programmable Logic Modeling Procedure and industry standards
- 18. Integrity of NVM - CRC check
- 19. Hot swap capabilities and behaviors of HIPS modules upon power up
- 20. Is EPRI Topical Report 107330, Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants used only for seismic qualification requirements?
- 21. Other requirements specifications? Such as, programmable logic requirements, hardware requirements.
- 22. Requirements traceability matrix
- 23. Requirements Phase Summary Report
- 24. HIPS Library PLDP examples, Built-In-Self-Test logic, NVM interface logic, SDB interface logic
- 25. Documentation, PL Test Spec (PLTS), PL Test Result reports (PLTR), PL Test Coverage reports (PLTC)