Text

NUREG-1394, Rev 2, Emergency Response Data System
	ML22244A081
Person / Time
Issue date:	08/31/2022
From:	Bezakulu Alemu; Office of Nuclear Security and Incident Response
To:	;
	Malone, Tina
References
	NUREG-1394 R2
	Download: ML22244A081 (66)
	v • d • e

NUREG-1394, Rev. 2 Emergency Response Data System Office of Nuclear Security and Incident Response

AVAILABILITY OF REFERENCE MATERIALS IN NRC PUBLICATIONS NRC Reference Material Non-NRC Reference Material As of November 1999, you may electronically access Documents available from public and special technical NUREG-series publications and other NRC records at the libraries include all open literature items, such as books, NRCs Library at www.nrc.gov/reading-rm.html. Publicly journal articles, transactions, Federal Register notices, released records include, to name a few, NUREG-series Federal and State legislation, and congressional reports.

publications; Federal Register notices; applicant, licensee, Such documents as theses, dissertations, foreign reports and vendor documents and correspondence; NRC and translations, and non-NRC conference proceedings correspondence and internal memoranda; bulletins and may be purchased from their sponsoring organization.

information notices; inspection and investigative reports; licensee event reports; and Commission papers and their Copies of industry codes and standards used in a attachments. substantive manner in the NRC regulatory process are maintained at NRC publications in the NUREG series, NRC regulations, The NRC Technical Library and Title 10, Energy, in the Code of Federal Regulations Two White Flint North may also be purchased from one of these two sources: 11545 Rockville Pike Rockville, MD 20852-2738

1. The Superintendent of Documents U.S. Government Publishing Office These standards are available in the library for reference Washington, DC 20402-0001 use by the public. Codes and standards are usually Internet: www.bookstore.gpo.gov copyrighted and may be purchased from the originating Telephone: (202) 512-1800 organization or, if they are American National Standards, Fax: (202) 512-2104 from American National Standards Institute

2. The National Technical Information Service 11 West 42nd Street 5301 Shawnee Road New York, NY 10036-8002 Alexandria, VA 22312-0002 Internet: www.ansi.org Internet: www.ntis.gov (212) 642-4900 1-800-553-6847 or, locally, (703) 605-6000 Legally binding regulatory requirements are stated only in A single copy of each NRC draft report for comment is laws; NRC regulations; licenses, including technical available free, to the extent of supply, upon written specifications; or orders, not in NUREG-series publications.

The views expressed in contractor prepared publications in request as follows:

this series are not necessarily those of the NRC.

Address: U.S. Nuclear Regulatory Commission The NUREG series comprises (1) technical and Office of Administration administrative reports and books prepared by the staff (NUREG-XXXX) or agency contractors (NUREG/CR-XXXX),

Digital Communications and Administrative (2) proceedings of conferences (NUREG/CP-XXXX),

Services Branch (3) reports resulting from international agreements Washington, DC 20555-0001 (NUREG/IA-XXXX),(4) brochures (NUREG/BR-XXXX), and E-mail: Reproduction.Resource@nrc.gov (5) compilations of legal decisions and orders of the Facsimile: (301) 415-2289 Commission and the Atomic and Safety Licensing Boards and of Directors decisions under Section 2.206 of the NRCs regulations (NUREG-0750).

Some publications in the NUREG series that are posted at the NRCs Web site address www.nrc.gov/reading-rm/ DISCLAIMER: This report was prepared as an account doc-collections/nuregs are updated periodically and may of work sponsored by an agency of the U.S. Government.

differ from the last printed version. Although references to Neither the U.S. Government nor any agency thereof, nor any employee, makes any warranty, expressed or implied, material found on a Web site bear the date the material or assumes any legal liability or responsibility for any third was accessed, the material available on the date cited partys use, or the results of such use, of any information, may subsequently be removed from the site. apparatus, product, or process disclosed in this publication, or represents that its use by such third party would not infringe privately owned rights.

NUREG-1394, Rev. 2 Emergency Response Data System Manuscript Completed: July 2022 Date Published: August 2022 Bezakulu Alemu, NRC Project Manager Office of Nuclear Security and Incident Response

ABSTRACT During the 1990s, the U.S. Nuclear Regulatory Commission (NRC) implemented the Emergency Response Data System (ERDS) to upgrade its ability to acquire data from nuclear power plants in the event of an emergency at a plant. ERDS provides a direct real-time data transfer from licensee plant computers to the NRC Operations Center and regional incident response centers.

The system was designed to be activated by the licensee during an emergency that the licensee classifies at an Alert or higher level. The NRC portion of ERDS receives the data stream and sorts and files the data. The users of ERDS include the NRC Operations Center, the NRC regional incident response centers, and the State agencies of the affected plant, and, if requested, the States located within the 10-mile plume exposure pathway radius of the emergency planning zone of a plant located in another State. The emergency notification system supplements ERDS data.

This document provides guidance for the implementation and continued operation of ERDS at licensee sites.

This guidance document is not a substitute for the regulations, and compliance with it is not required. However, the staff will accept an approach or method different from that explained in this guidance only if the substitute approach or method provides a basis for determining that it meets the above-cited regulatory requirements.

iii

TABLE OF CONTENTS ABSTRACT ............................................................................................................................... iii LIST OF FIGURES ................................................................................................................... vii LIST OF TABLES ..................................................................................................................... vii ABBREVIATIONS ..................................................................................................................... ix 1 INTRODUCTION .................................................................................................................1-1 2 EMERGENCY RESPONSE DATA SYSTEM INFORMATION ............................................2-1 2.1 ERDS Design Concept .................................................................................................2-1 3 OPERATIONS.....................................................................................................................3-1 3.1 ERDS Operations Overview .........................................................................................3-1 3.2 ERDS Transmission and Reception Plan .....................................................................3-1 3.3 ERDS Communications Description .............................................................................3-1 3.4 Data Point Library .........................................................................................................3-1 3.5 System Isolation ...........................................................................................................3-1 3.6 Administrative Operations.............................................................................................3-2 3.7 Periodic Testing............................................................................................................3-2 3.8 ERDS Questions and Answers .....................................................................................3-2 3.9 ERDS Implementation and Operations Plan .................................................................3-2 3.10Point of Contact ............................................................................................................3-2 4 REFERENCES ....................................................................................................................4-1 APPENDIX A EMERGENCY RESPONSE DATA SYSTEM TRANSMISSION AND RECEPTION PLAN ......................................................................................... A-1 APPENDIX B EMERGENCY RESPONSE DATA SYSTEM COMMUNICATIONS DESCRIPTION ................................................................................................ B-1 APPENDIX C DATA POINT LIBRARY .................................................................................. C-1 APPENDIX D DATA POINT LIBRARY REFERENCE FILE DEFINITIONS ........................... D-1 APPENDIX E CRITICAL SAFETY FUNCTION PARAMETERS ............................................ E-1 APPENDIX F ENGINEERING UNITS CODING SCHEME ..................................................... F-1 APPENDIX G ZERO REFERENCE CODING SCHEME ........................................................ G-1 APPENDIX H CODING SCHEME FOR UNIT NAME AND UNIT ID ...................................... H-1 APPENDIX I COMPUTER POINT SELECTION .................................................................... I-1 APPENDIX J EMERGENCY RESPONSE DATA SYSTEM QUESTIONS AND ANSWERS .......................................................................................................J-1 APPENDIX K GUIDANCE FOR SETTING UP WORKSTATIONS TO INTERFACE WITH THE NRC'S EMERGENCY RESPONSE DATA SYSTEM..................... K-1 v

LIST OF FIGURES Figure B-1 ERDS Interface Design ....................................................................................... B-10 LIST OF TABLES Table 2-1 BWR Parameter List ...........................................................................................2-2 Table 2-2 PWR Parameter List ...........................................................................................2-3 Table 2-3 AP1000 PWR Parameter List .............................................................................2-4 Table B-1 Digital Quality States for Data Points ................................................................ B-7 Table C-1 BWR DPL Reference File ................................................................................. C-2 Table C-2 PWR DPL Reference File ................................................................................. C-3 Table C-3 AP1000 PWR DPL Reference File .................................................................... C-4 Table C-4 DPL Reference File Template ........................................................................... C-5 Table E-1 CSF ParametersBWR ................................................................................... E-1 Table E-2 CSF ParametersPWR ................................................................................... E-3 Table E-3 CSF ParametersAP1000 PWRs ................................................................... E-5 vii

ABBREVIATIONS ASA Adaptive Security Appliance ASCII American Standard Code for Information Interchange BWR boiling-water reactor CFR Code of Federal Regulations CVS chemical and volume control system DPL Data Point Library DST daylight savings time ERDS Emergency Response Data System FR Federal Register HPCI high-pressure coolant injection HPCS high-pressure core spray HQ headquarters ICU Interface Configuration Utility LPCI low-pressure coolant injection NI nuclear instruments NRC U.S. Nuclear Regulatory Commission PI Plant Information PWR pressurized-water reactor RCS reactor coolant system TCP/IP transmission control protocol/internet protocol VPN virtual private network ix

1 INTRODUCTION As a result of the accident at Three Mile Island Nuclear Station, Unit 2, on March 28, 1979, the U.S. Nuclear Regulatory Commission (NRC) and others recognized a need to substantially improve the agencys ability to acquire data on plant conditions during emergencies. Before designing a system to accomplish that task, the NRC first needed to resolve several background issues: (1) What is the appropriate role for the Commission during an accident? (2) What information does the Commission need to support this role? and (3) Are any changes necessary in Commission authority to enhance the agencys response to nuclear emergencies?

The Commission defined the NRCs role in the event of an emergency primarily as one of monitoring the licensee to ensure that appropriate recommendations are made with respect to offsite protective actions. Other aspects of the NRC role include supporting the licensee with technical analysis and logistic support, supporting offsite authorities (including confirming the licensees recommendations to offsite authorities), keeping other Federal agencies and entities informed of the status of the event, and keeping the media informed on the NRCs knowledge of the status of the event, including coordination with other public affairs groups.

To fulfill the NRCs role, the agency requires accurate, timely data on four types of parameters:

(1) core and coolant system conditions to assess the extent or likelihood of core damage, (2) conditions inside the containment building to assess the likelihood and consequence of its failure, (3) radioactivity release rates to assess the immediacy and degree of public danger, and (4) the data from the plants meteorological tower to assess the likely patterns of potential or actual impact on the public.

Experience with the voice-only emergency communications link used for data transmission at the time of the Three Mile Island Unit 2 accident demonstrated that excessive amounts of time were needed for the routine transmission of data and for verification or correction of data that appeared questionable. Error rates were too high, and there were problems in getting new data and frequent updates. In addition, that system created an excessive drain on the time of valuable experts. When errors occur, they create false issues that divert experts from the real problems for long periods of time. At worst, incorrect data may cause the NRC to respond to offsite officials with inaccurate or outdated advice, resulting in inappropriate actions.

The initial version of the Emergency Response Data System (ERDS) was designed and built to address these shortcomings by leveraging automation to facilitate better communications:

automatically extracting data would reduce the error rate during transmission of critical information. The latest version of ERDS retains this focus on improved communications and enhanced data gathering to continue to reduce errors. The increase in the reliability of the data improved the NRCs ability to accurately inform all parties in the event of an emergency while maintaining a more secure transmission of the data from the licensees to the NRC and the end users of ERDS.

1-1

2 EMERGENCY RESPONSE DATA SYSTEM INFORMATION 2.1 ERDS Design Concept The ERDS concept involves the direct electronic transmission of selected parameters from the electronic data systems that are currently installed at licensee facilities.Section VI.1 of Appendix E, Emergency Planning and Preparedness for Production and Utilization Facilities, to Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, defines the minimum set of data points to be transmitted from boiling-water reactors (BWRs) and pressurized-water reactors (PWRs). Table 2-1 and Table 2-2 of this document present these parameters for easy reference. Table 2-3 provides the equivalent set of data points for AP1000 PWRs.

The original system was implemented between 1991 and 1992. The NRC modernized ERDS in 2007 by replacing the original mainframe equipment with multiple commercial off-the-shelf server hardware, updated operating systems, client/server-based applications, and internet-based communications network delivery. System users include the NRC Operations Center in Rockville, Maryland; the NRC regional offices incident response centers; the NRC Technical Training Center; State agencies within the 10-mile radius of an emergency planning zone of the site, if requested; and other approved agencies.

ERDS is intended for use only during emergencies and will be activated by licensees during declared emergencies classified at the Alert or higher level to begin transmission to the NRC Operations Center. During an event, additional data received over voice transmission (phone) from a licensee can be manually entered into the ERDS database and made accessible to ERDS users. In addition, ERDS is also used for drills, exercises, and training sessions, with archived and simulated data.

2-1

Table 2-1 BWR Parameter List Reactor Coolant System Reactor Pressure Reactor Vessel Level Feedwater Flow Reactor Power Safety Injection Reactor Core Isolation Coolant Flow High-Pressure Coolant Injection/ High-Pressure Core Spray Flow Core Spray Flow Low-Pressure Coolant Injection Flow Condensate Storage Tank Level Containment Drywell Pressure Drywell Temperatures Drywell Sump Levels Hydrogen and Oxygen Concentrations Suppression Pool Temperature Suppression Pool Level Radiation Monitoring System Reactor Coolant Radioactivity Level Primary Containment Radiation Level Condenser Off-Gas Radiation Level Effluent Radiation Monitor Process Radiation Levels Meteorological Data Wind Speed Wind Direction Atmospheric Stability 2-2

Table 2-2 PWR Parameter List Primary Coolant System Pressure TemperaturesHot Leg TemperaturesCold Leg TemperaturesCore Exit Thermocouples Subcooling Margin Pressurizer Level Reactor Coolant System Charging/Makeup Flow Reactor Vessel Level (When Available)

Reactor Coolant Flow Reactor Power Secondary Coolant System Steam Generator Levels Steam Generator Pressures Main Feedwater Flows Auxiliary/Emergency Feedwater Flows Safety Injection High-Pressure Safety Injection Flows Low-Pressure Safety Injection Flows Safety Injection Flows (Westinghouse)

Borated Water Storage Tank Level Containment Containment Pressure Containment Temperatures Hydrogen Concentration Containment Sump Levels Radiation Monitoring System Reactor Coolant Radioactivity Containment Radiation Level Condenser Air Removal Radiation Level Effluent Radiation Monitors Process Radiation Monitor Levels Meteorological Data Wind Speed Wind Direction Atmospheric Stability 2-3

Table 2-3 AP1000 PWR Parameter List Primary Coolant System Pressure TemperatureHot Leg TemperatureCold Legs TemperatureCore Exit Reactor Coolant SystemSubcooling Pressurizer Level Reactor Vessel Level (Hot Leg)

Chemical and Volume Control System Makeup Flow Reactor Coolant System Flow Reactor Power Secondary Coolant System Steam Generator Levels Steam Generator Pressures Main Feedwater Flows Startup Feedwater Flow Safety Injection Passive Core Cooling System Levels Passive Core Cooling System Flows Passive Core Cooling System Temperatures Containment Containment Pressure Containment Temperature Containment Hydrogen Concentration Containment Sump Levels Radiation Monitoring System Reactor Coolant Radioactivity Containment Radiation Monitoring Condenser Air Removal Radiation Level Effluent Radiation Monitoring Process Radiation Monitoring Meteorological Data Wind Direction Wind Speed Air Stability 2-4

3 OPERATIONS 3.1 ERDS Operations Overview As an ERDS participant, a licensee must provide a real-time data stream of data point values from a licensee computer system to the NRC-provided equipment. Because ERDS treats each reactor unit as an individual plant, it requires a separate data stream for each reactor unit. The licensee should provide the software to extract the data point engineering values from its system, organize them into a standard sequence, and translate values from internal computer format into the American Standard Code for Information Interchange (ASCII). The transmission needs to include the data points noted in 10 CFR Part 50, Appendix E, Section VI. In addition to the data point identifiers and values, the transmission should include the quality (e.g., validated, questionable, bad) of the data point value. The licensee will transmit the data to the NRC using internet-based communications links. In addition to the computer-related aspects of ERDS implementation, the licensee must establish administrative and quality assurance and configuration controls. The sections below outline the steps necessary for a licensee to implement or operate the ERDS program.

3.2 ERDS Transmission and Reception Plan Appendix A to this document provides a procedure for licensees to follow in setting up the ERDS data transmission link to the NRC. It includes the hardware and software requirements and guidance for setting up the Data Point Library (DPL), data interface development, and testing.

3.3 ERDS Communications Description Appendix B contains the methodology used in setting up ERDS at each plant, including the hardware, communications, data points, and administrative information necessary to design a reactor units ERDS interface and database.

3.4 Data Point Library The DPL described in appendix C provides background information for each individual data point in the licensee data stream to better define the data point for the NRC technical teams.

This provision compensates for plant-to-plant differences in instrumentation. The data points outlined in 10 CFR Part 50, Appendix E, Section VI, are used to define generic displays for PWR, BWR, and AP1000 PWR units. Some licensees have demonstrated a desire to send parameters not included in the regulations. Plant-specific data points that a licensee considers valuable for assessing critical safety functions can be submitted for consideration and added to the DPL when appropriate. Any future plant implementations will follow this same guideline and ensure transmission of, at a minimum, the data points provided in 10 CFR Part 50, Appendix E, Section VI, for each plant type but will also allow for additions that are deemed appropriate.

Appendices D, E, F, G, H, and I provide amplifying information to aid in computer point selection and DPL completion.

3.5 System Isolation ERDS is not a safety system; however, it is conceivable that a licensees ERDS interface could communicate with a safety system. In such cases, under 10 CFR Part 50, Appendix E, 3-1

Section VI.2.a, licensees must put appropriate isolation devices at these interfaces to ensure adequate data source protection.

3.6 Administrative Operations The NRCs regulations in 10 CFR 50.72(a)(4) require licensees to activate ERDS as soon as possible following the declaration of an Alert or higher emergency classification but not more than 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months from the time of the declaration.

Configuration management is an integral part of assuring the quality of a data network like ERDS. The implementation plan for each licensee should include procedures to be followed to ensure the integrity of the ERDS hardware and software configuration at each reactor unit.

Under 10 CFR Part 50, Appendix E, Section VI.3, licensees must submit to the NRC proposed hardware and software modifications that could affect the data communication protocol at least 30 days in advance of these changes to ensure that they are compatible with ERDS. Licensees must submit DPL changes to the NRC through the docket using the Data Point Library Reference File Template from appendix C within 30 days after the change is made.

3.7 Periodic Testing To verify system connectivity, periodic tests of the ERDS data link are conducted with each licensee as required by 10 CFR Part 50, Appendix E, Section VI. The NRC coordinates the operational tests of the licensees ERDS data communications. Testing is currently initiated and completed quarterly for every operating plant.

3.8 ERDS Questions and Answers Appendix J provides answers to frequently asked questions concerning the ERDS implementation program and may also answer questions about ongoing ERDS operations.

3.9 ERDS Implementation and Operations Plan In submitting its implementation plan, a licensee should include a proposed schedule and address all items noted in the ERDS Transmission and Reception Plan (appendix A). The NRC will assume that, by receipt of this document, all licensees have received the requirements for ERDS activation needed to submit an implementation and operations plan (see appendices B through I). The operations plan must also address the administrative requirements for ERDS activation (section 3.6 ).

3.10 Point of Contact Licensees should refer any questions concerning the ERDS implementation and operation programs to the following point of contact:

Bezakulu Alemu ERDS Project Manager U.S. Nuclear Regulatory Commission 11555 Rockville Pike Mail stopT8B20 Rockville, Maryland 20852-2738 Tel: (301) 287.3731 3-2

4 REFERENCES

1. U.S. Nuclear Regulatory Commission (NRC), NUREG-0730, Report to Congress on the Acquisition of Reactor Data for the NRC Operations Center, September 1980, Agencywide Documents Access and Management System Accession No. ML090060035.

2. NRC, Generic Letter 1989-015, Emergency Response Data System, August 21, 1989, ML031140195.

3. NRC, NRC Enforcement Policy, https://www.nrc.gov/about-nrc/regulatory/enforcement/enforce-pol.html.

4. NRC, Nuclear Regulatory Commission Enforcement Manual, https://www.nrc.gov/about-nrc/regulatory/enforcement/guidance.html.

5. NRC, Management Directive 5.2, Cooperation with States at Commercial Nuclear Power Plants and Other Nuclear Production or Utilization Facilities, September 29, 2016, ML19018A114.

6. NRC, Management Directive 12.6, NRC Controlled Unclassified Information (CUI)

Program, December 3, 2021, ML21223A168.

7. Code of Federal Regulations, Title 10, Energy, Part 50, Domestic Licensing of Production and Utilization Facilities.

8. NRC, Cooperation With States at Commercial Nuclear Power Plants and Other Nuclear Production or Utilization Facilities; Policy Statement, Federal Register, Vol. 57, No. 37, pp. 6462-6467, February 25, 1992 (57 FR 6462).

9. Atomic Energy Act of 1954, as amended (42 U.S.C. 2011 et seq.).

4-1

APPENDIX A EMERGENCY RESPONSE DATA SYSTEM TRANSMISSION AND RECEPTION PLAN A.1 Introduction Appendix A describes the approach the U.S. Nuclear Regulatory Commission (NRC) used to establish an Emergency Response Data System (ERDS) transmission and reception link with a nuclear power plant.

A significant portion of the work scope for ERDS includes the development and maintenance of a communications link with nuclear power plants. This link establishes a means for licensees plant computers to automatically transmit predefined data points to the ERDS computer, as required by the NRC.

To perform this function, both the ERDS and plant computers must be software and hardware compatible.

A.2 Hardware and Software Requirements The computer hardware needed for ERDS consists of commercial off-the-shelf components.

The following components are used for the communications link between the NRC ERDS and the nuclear power plants data computer(s):

the OSIsoft PI [Plant Information] Server software suite located at the NRC data centers

the NRC ERDS software interface located at the NRC data centers

the site-to-site internet protocol security virtual private network (VPN) tunnel appliance equipment located at the nuclear power plant

- multiple feeder sites: plants with more than one reactor unit may use a centralized data center-installed appliance through which data from multiple reactors can be transmitted

the licensee computer equipment that captures and stores the plant data to transfer to the NRC

computer equipment to access ERDS data, as stated in appendix K A.3 Software Tasks ERDS communication between licensees and the NRC uses two separate interfaces (receiving and sending). The first is the interface used on the NRC ERDS computers for data reception from licensees. The second is the interface used by licensees to send data to the NRC.

Licensees use commercial off-the-shelf or customized code for their interface (similar to the version installed on NRC computers) to transmit data to the NRC. Licensees conduct transmissions using ethernet connection calls and routing through VPN site-to-site linking.

A-1

A.4 Source of Timestamps The header section of each data packet received from the nuclear power plant contains a local timestamp showing when the licensee recorded the associated values in the set. The time recorded at a nuclear power plant may vary from the time on the NRC servers receiving the data points due to differences in time zone or differences in observing daylight savings time.

Therefore, the timestamp received from the plant must be adjusted to the NRC facility time zone and then converted to Coordinated Universal Time before being stored in the PI system. To facilitate time conversion for individual plant locations, the interface install kit includes a Plants.def file and time zone (*.tz) files used to adjust plant times before storing data in the PI Data Archive historian database.

A.5 Establishing the Data Point Library and the Plant Attribute Library Since the focal point of ERDS is the Data Point Library (DPL), it is important to ensure that the DPL for each utility is accurate and that the software protocol for transferring these values is known to the ERDS software.

The ERDS database, or DPL, contains specific information about each data point (e.g., point identification, description, engineering units). Storing this information in ERDS eliminates the need to transmit the information with each data set.

The Plant Attribute Library contains the communications information necessary to communicate with each utility and remains on file within the system as a reference to establish the utilitys software protocol requirements that ERDS can expect to accommodate during data transmission.

A-2

APPENDIX B EMERGENCY RESPONSE DATA SYSTEM COMMUNICATIONS DESCRIPTION B.1 Introduction Appendix B lists the information that the U.S. Nuclear Regulatory Commission (NRC) needs from the licensee when preparing to set up the receiving end (e.g., database, screen design) of the Emergency Response Data System (ERDS) for a new plant. This information includes plant data points, software protocols, data formats, transmission frequencies, and other plant computer-specific information in the ERDS computer database files. In some cases, the data points come from different computers or are transmitted to a centralized data center for a licensee. Information related to this will help identify licensee multiple feeder sites. The appendix also includes descriptions and examples of data streams that the licensee should transmit to the NRC over the communication line.

The NRC will need the following information to build the profile of a plant in the ERDS database:

site contact personnel name, title, phone numbers

whether the data transmission will be direct from the plant to the NRC or through a central data center

software application used for licensee interface with NRC (PI, non-PI, or custom code)

the frequency of sending data packets to ERDS (refer to section B.3.2.2 d)

plant time zone used for transmission B.2 Contacts Maintaining an updated contact list of NRC ERDS support staff and licensee plant points of contact is important. It ensures a channel of communication to coordinate ERDS quarterly testing and share notices on system maintenance and upgrades. Licensees should notify the NRC ERDS team of any changes in contact information by sending an email to ERDS.Resource@nrc.gov.

B.3 ERDS Communications Description B.3.1 Communication Hardware The NRC ERDS computer system is operational at all times while waiting for the activation of a communication link, which is initiated from the nuclear power plants data computer. The licensee is responsible for activating a communication link to the NRC ERDS computer system.

The connection is established to the ERDS interface through a secure virtual private network (VPN) link through the transmission control protocol/internet protocol (TCP/IP).

Note: The NRC does not have the capability and will never initiate a link to the licensee. NRC ERDS only receives data or responds to incoming transmissions after verification of the data.

B-1

B.3.2 Communication Software B.3.2.1 ERDS Interface Software The OSIsoft PI NRC ERDS communication interface is designed to process a data update set received from nuclear power plant sites located throughout the United States. The PI NRC ERDS interface is considered a real-time-based interface because it processes and immediately makes available data received from the plant.

This section provides the technical information necessary to retrieve and store plant data from a participating nuclear power plant into the OSIsoft PI Data Archive historian database, which is used at the NRC ERDS data center to store the licensee-provided data.

The NRC ERDS interface is designed as an active listener to receive nuclear power plant update data sets. The interface receives unsolicited data from a connected plant. The received data are parsed, and then the information is stored in the PI Data Archive historian database.

The NRC ERDS interface outputs messages to the plant ERDS computer by sending link control messages that control data flow from the plant data systems to NRC ERDS. The NRC ERDS interface also stores all plant data received by the interface to log files on the ERDS interface server.

The ERDS interface has two operational modes: automatic and manual. The default mode is automatic. While in automatic mode, the interface needs no user interaction to respond to plant-initiated requests to send data to the NRC. The interface automatically responds to the plant with the appropriate responses notifying the plant to send an update data set to the NRC.

Alternatively, the manual mode of operation gives the NRC operator complete control to allow the connected plant to send an update data set to the NRC or deny the plant authorization to do so.

After connecting to the ERDS computer system, several responses will occur. Whether performed manually or by computer software, the procedures used to establish a communication link to ERDS need to take all possible responses into account and provide a suitable reaction for each:

The ERDS computer system could accept the TCP/IP connection from the plant. A connection indicates that the ERDS computer system is operational and ready to establish a communication link with the plant. The plants response should be to send a link request to ERDS.

The ERDS computer system does not accept the incoming TCP/IP connection from the plant. This indicates that the ERDS computer system is not operational. At this point, the plants response should be to verbally communicate with NRC personnel and report that the plant attempted to connect to ERDS, but it received no response from the NRC.

The ERDS design incorporates high availability, redundancy, and disaster recovery options to deliver synchronized database historians to two locations at all times. NRC Headquarters (HQ) is the primary data transmission delivery destination for the licensees when they transmit data. If the NRC HQ systems are not available, the VPN devices sending data perform automatic failover to the backup data center devices, as part of the system failover.

B-2

The backup ERDS site is always available and synchronized with the HQ servers. The automatic routing of the ethernet transmissions will redirect the traffic to servers at the backup data center location. Once HQ servers are available and stable, ERDS technicians can manually redirect the traffic back to the primary HQ location devices.

B.3.2.2 Data Transmission All transmissions from both the site and ERDS will be terminated with a carriage return (<CR>).

a. The site will initiate a link request in American Standard Code for Information Interchange (ASCII) using the following:

(1) the three-character site designator (2) the word LINK (3) local site time and date in the format MM/DD/YY/HH:MM:SS (4) a <CR>

If the site does not receive a response from ERDS within 1 minute, then it should send another link request message and continue sending them at 1-minute intervals. If more than 5 minutes elapse without a response, site personnel should notify the NRC before disconnecting transmission.

b. ERDS will respond in ASCII with the following:

(1) the three-character site designator (2) the word ACCEPTED or DENIED (3) a <CR>

If ERDS responds with the denied message, the site should wait 1 minute and then send a link request message and continue sending them at 1-minute intervals. If more than 5 minutes elapse without a response, site personnel should notify the NRC by contacting the ERDS Help Desk at ERDS.Resource@nrc.gov before disconnecting the line transmission.

c. When ERDS is ready to receive data, it will send a message in ASCII to initiate the transmission (i.e., an initiate message) using the following:

(1) the three-character site designator (2) the word INITIATE (3) a <CR>

If ERDS does not send an initiate message within 1 minute of the accept message, the site should send the link reconnect message (described in section B.3.2.2 f).

d. Upon receipt of the initiate message, the plant begins transmission of data at a 15-second rate. The data string consists of the following:

(1) a header containing the three-character site designator and date and time in the format MM/DD/YY/HH:MM:SS (2) the data packet sequenced with point identifier, value, and quality tag B-3

(3) a trailer containing the checksum value of the data packet and a <CR>

e. When the site or ERDS wishes to terminate the connection, an ASCII message will be sent containing the following:

(1) the three-character site designator (2) the word TERMINATE (3) a <CR>

f. If a site is inadvertently terminated (due to loss of communications or receipt of terminate message) and the event is still underway, the site should reconnect with ERDS by redialing and using the link reconnect message. The link reconnect message should be used any time the communication transmission is lost after the receipt of an accept message (described in section B.3.2.2 b). This message is in ASCII and will contain the following: *

(1) the three-character site designator (2) the word RECONNECT (3) local site time and date in the format MM/DD/YY/HH:MM:SS (4) a <CR>

Upon receipt of this message, ERDS will respond with the accept and initiate messages as described in sections B.3.2.2 b and B.3.2.2 c. If ERDS responds with a link deny message (described in section B.3.2.2 b), the site should stop trying to reconnect and send a link request message (described in section B.3.2.2 .a). If ERDS does not respond to the sites reconnect request within 1 minute, the site should send another reconnect request and continue sending reconnect requests once a minute. If more than 5 minutes elapse without a response, site personnel should notify the NRC by contacting the ERDS Help Desk at ERDS.Resource@nrc.gov before disconnecting the line. The site is responsible for monitoring the outgoing line for loss of communications.

Once a physical connection has been established with the NRC, the site should not disconnect the transmission until a terminate message (described in section B.3.2.2 )

has been transmitted. If problems are encountered in the link request sequence, the site should not terminate the link but should proceed with the steps outlined above.

B.3.2.3 Transmission Status The NRC ERDS interface supports reporting the transmission status of a connected plant to the plants unique Plant Mode tag. The Plant Mode tag can report the states listed below. The Interface Configuration Utility (ICU) Control for the ERDS interface will create this digital state set. If for some reason the ICU is unavailable, the interface setup package also includes the DigitalSet_ERDS__TRANSMISSION_STATUS.csv file, which can be used to create the digital set using utilities.

The Plant Mode digital states of transmission are as follows:

NOT_SENDING_ERDS_DATAindicates there is no nuclear power plant actively sending data to this interface instance. In this state, the interface is waiting for a plant to make a connection.

PLANT_REQUEST_LINKindicates the plant is asking to send data to ERDS.

B-4

PLANT_RECONNECTindicates the plant is attempting to reestablish a communication link with ERDS in the event that the link previously established to ERDS is lost.

PLANT_DENIEDindicates ERDS is denying the plants request to establish or reestablish a communication link with ERDS. It is generated and transmitted in response to a link request or link reconnect message.

PLANT_ACCEPTEDERDS sends this message to the plant to accept establishment of a communication link to a plant. It is generated and transmitted in response to a link request or link reconnect message.

PLANT_INITIALIZINGERDS sends this message to the plant to begin the transmission of data from the plant data computer. It is generated and transmitted to the plant in response to a link request or a link reconnect message and is transmitted a minimum of 2 seconds after the link accept message.

PLANT_TRANSMITTNG_DATAindicates the interface is actively receiving plant data.

PLANT_TERMINATING_DATAthe plant sends this message to ERDS when there is no more data to send, and the communication link is no longer required.

ERDS_TERMINATING_DATAindicates ERDS has not received data from the plant due to a message timeout. ERDS will forcibly disconnect from the plant to allow other plants to connect to the interface.

ERDS_PLANT_COMM_ERRORindicates that there has been a communication link error between the interface and the nuclear power plant.

SUSPENDINGsent by ERDS to temporarily suspend the transmission of information between the plants data computer and ERDS. ERDS generates and transmits it in response to an ERDS system failover operation.

RESUMINGsent by ERDS to resume transmission of information between the plants data computer and ERDS after the transmission has been suspended. ERDS generates and transmits it after an ERDS system failover operation has been completed.

B.3.2.4 Data Format The following three delimiters have been identified:

(1) field delimiter (*)

(2) data set delimiter (\)

(3) carriage return (<CR>)

The length of the messages sent by ERDS (e.g., ACCEPTED, DENIED, INITIATE, TERMINATE) varies, and the NRC recommends that the site software use the data set delimiter as the message delimiter for messages received from ERDS.

a. Link requests will be in ASCII, as described in section B.3.2.2 a, with each field separated by a field delimiter and the request terminated with a data set delimiter; for example, PAl *LINK*01/12/89/11:48:50\ <CR>.

B-5

b. The ERDS response will be in ASCII, as described in section B.3.2.2 b, with each field separated by a field delimiter and the response terminated with a data set delimiter; for example, PAl*ACCEPTED\< CR>.

c. When ERDS is ready to receive data, it will respond in ASCII, as described in section B.3.2.2 c, with each field separated by a field delimiter and the response terminated with a data set delimiter; for example, PAl *INITIATE\< CR>.

d. Data streams will be in ASCII and will consist of three parts (header, data, and trailer) as described in section B.3.2.2 d, with each field separated by a field delimiter and each of the three parts separated by a data set delimiter; for example:

(1) Header: PAl*01/12/89/11:50:30\

(2) Data: B21CP004*-0.1234E+ 00*3*\... (for each parameter)

(3) Trailer: 0000056000\ < CR>

e. The point identifier may be up to 12 characters in length by default.

f. The value may be up to 20 characters in length.

g. Every data point that the nuclear power plant sends to the interface has an associated status relating to the current condition or quality of the data point. These quality values are stored in PI as Plant Quality tags. There can be only one quality tag defined per plant data point. The timestamp of this tag coincides with the timestamp received for the data point. The interface includes the digital set on the receiving PI server to give additional information about the quality of the values received from the plant. A quality value of zero indicates that the quality or current status of the data received is good.

However, any nonzero value indicates the data quality is in a questionable or error state.

The interface is capable of indicating that the data quality has entered one of the states shown in table B-1.

h. The checksum that accompanies each update set will be an integer value calculated by summing each of the bytes of the transmission, up to and including the dataset delimiter following the body of the update set (the body of the update set being the portion containing the parameter, value, and quality indications). This integer checksum value will then be encoded into the update set as a 10-digit value, left-padded with zeros as required to fill the 10-digit field.

i. The reconnect link request message will be in ASCII, as described in section B.3.2.2 f, with each field separated by a field delimiter and the request terminated with a data set delimiter; for example, PAl*RECONNECT*01/12/89/11:48:50\ <CR>.

B-6

Table B-1 Digital Quality States for Data Points State Tag Description Good = 0 The value of the plant data point is okay.

Off-Scan = 1 The plant data point has no associated value. This quality will result in No Sample being written to the PI point associated with the plant data point.

SUSPECT = 2 The value of the plant data point is suspect. This quality will have its questionable bit asserted.

Bad = 3 The value of the plant data point is bad. This quality will result in Bad Input being written to the PI point associated with the plant data point.

Unknown = 4 The value of the plant data point is unknown. This quality will have its questionable bit asserted.

Operator = 5 The value of the plant data point was entered by the operator.

Entered High Alarm = 6 The value of the plant data point is in a high alarm state.

Low Alarm = 7 The value of the plant data point is in a low alarm state.

Data = 8 The value of the plant data point could not be converted from Conversion the update set ASCII format to a float format. This quality will result in Bad Input being written to the PI point associated with the plant data point.

Quality = 9 The value of the quality data could not be converted from the Conversion update set ASCII format to an integer format. Therefore, the quality of the associated plant data point cannot be accurately determined. This quality will result in Bad Input being written to the PI point associated with the plant data point.

B.3.2.5 Plant Mode Control Tag The Plant Mode Control tag is a digital type PI point used to set the current operational state of the interface. The ICU Control for the ERDS interface will create this digital state set. If for some reason the ICU is unavailable, the interface includes the DigitalSet_ERDS_CONTROLLER.csv file, which can be used to create the digital set using PI System Management Tools.

The following describes each of the states:

ERDS_ACCEPTindicates that the plant link or reconnect request has been sent to ERDS, and the NRC operator has authorized the plant connection by setting the value of the ERDS Control tag to this state.

ERDS_DENYindicates the NRC operator has denied the link or reconnect request received from the plant.

ERDS_TERMINATEindicates the NRC operator is terminating the connection to the connected plant.

B-7

ERDS_SUSPENDindicates the NRC operator has asked the plant to suspend sending update sets to ERDS.

ERDS_RESUMEindicates the NRC operator has issued a request for the plant to resume sending update sets to ERDS.

B.3.2.6 Plant Transmission Mode Status Tag The Plant Transmission Mode Status tag is a digital type PI point used to display the current transmission state of the plant. The ICU Control for the ERDS interface will create this digital state set. If for some reason the ICU is unavailable, the interface setup package also includes the DigitalSet_ERDS_CONTROLLER.csv file, which can be used to create the digital set using PI System Management Tools.

The following describes each of the states:

ERDS_ACCEPTindicates the plant link or reconnect request to send data to ERDS has been accepted.

ERDS_INITIATEindicates the interface has sent the connected plant an initiate message so the plant may begin sending an update data set. The interface is responsible for updating the tag to this state.

ERDS_DENYindicates the link or reconnect request received from the plant has been denied.

ERDS_TERMINATEindicates the interface is terminating the connection to the connected plant.

ERDS_SUSPENDindicates the NRC operator has asked the plant to suspend sending update sets to ERDS. This state is only usable if the ERDS Mode is set to Manual.

ERDS_RESUMEindicates the NRC operator has asked the plant to resume sending update sets to ERDS. This state is only usable if the NRC ERDS Mode is set to Manual.

ERDS_PLANT_SUSPENDindicates the plant will suspend sending update sets to ERDS. The interface is responsible for updating the tag to this state when it receives a suspend request from the plant.

ERDS_PLANT_RESUMEindicates the plant will resume sending update sets to ERDS. The interface is responsible for updating the tag to this state when it receives a resume message from the plant.

ERDS_RECEIVEindicates the interface is receiving an update data set from the plant.

The interface is responsible for updating the tag to this state when it receives an update set from the plant.

B-8

B.3.2.7 Device Point Types The plant data received by the interface contains ASCII character strings that are converted to the appropriate float, integer, or digital value as required.

B.3.2.8 Protocol The communication link and protocol used between the licensee plants data computer and the ERDS servers are intended for the transmission of plant performance and environmental data to the NRC during an event or drill. ERDS is intended to be operational at all times, awaiting the activation of a communication link from the licensee.

The plants data computer is responsible for activating a communication link to NRC ERDS by routing the traffic request from the licensee networks, using TCP/IP data packets, to the NRC owned and managed Adaptive Security Appliance (ASA) remotely installed device located at the licensee-designated location. This device will internally encrypt and route the traffic to the NRC HQ or failover location ASA VPN device over a site-to-site VPN tunnel.

The plant sites connect to NRC HQ and the failover site through the internet using a VPN and internet protocol security established connections. This connectivity will open and communicate over specific assigned ports for sending and receiving data to and from the ERDS servers.

The assigned ports numbers are defined in the firewall access control list rules established at the licensee and the NRC to ensure secure communication between the hosts.

With the integration of the VPN site-to-site connections, the following components are involved in the communications link between ERDS and the nuclear power plants data computer(s):

the licensee data computers with interface software to send the ERDS transmissions

the VPN equipment located at the licensee and the NRC data centers

the PI Application Programming Interface (API) Node (Interface) at the NRC

the OSIsoft PI Data Archive server architecture at the NRC The NRC-supplied equipment at the plant is typically installed in the demilitarized zone (DMZ) of the plants network, composed of an NRC-supplied and -managed ASA VPN that serves as the communication vehicle. Plants with more than one reactor unit may choose to establish a secondary data center that houses an additional ASA for redundancy and failover in their environment. Figure B-1 shows the components.

B-9

Figure B-1 ERDS Interface Design B.3.2.9 Data Flow to the Plant Information System A sequence of events takes place to get the data from the nuclear power plant into the PI system. Data from the power plant is sent to the interface as an unsolicited event. The ERDS interface parses and processes the incoming data and sends the results to the PI system on a real-time basis. There is no buffering of the data within the interface. However, the user may choose to use PI buffering to buffer data in the event the PI server connection fails between the interface and the PI server. In this case, data will be available upon reconnection of the Windows buffer service running on the PI server.

B.3.2.10 Log Files At interface startup, the interface creates a log directory, if one does not already exist, where the interface executable file resides. The interface will then generate a plant log file for each new plant connection received to write all data received from the plant connection. The naming convention of the log file is the plant name, followed by the date, followed by the time. For example, if the Green Valley Unit 1 plant with a plant identification of GV1 connects to the interface and sends a link request with a timestamp of 06/21/09/08:19:02, the log file for this connection and all data received from this connection will be written to a file named GV1_062109_081902.log.

If the initial data received on the connection cannot be identified as a valid plant, the received data will be written to an error (*.err) file. The error file naming convention is date and time B-10

message received. For example, an initial message received at 06/21/09/08:19:02 with an erroneous plant name would be written to error file 062109_081902.err.

If saving raw plant data is not desired, the user can disable the feature by defining the

/NoLogFile command line parameter.

B-11

APPENDIX C DATA POINT LIBRARY The Data Point Library (DPL) is a site-specific database residing in the Emergency Response Data System (ERDS) that expands upon the basic information in a typical data point dictionary.

The data displayed at the U.S. Nuclear Regulatory Commission (NRC) Operations Center for the ERDS parameter will be the same as the plants emergency response teams data. The data will have the same value and timestamp and be in the same engineering units. This requires that the NRC Operations Center personnel adjust their thinking to accommodate the plant, functioning in terms of the plants unique design and communicating with the plants response team in the latters unique engineering and operational language. To do this, the NRC Operations Center personnel need information that relates the data to both the plants design and the manner in which the plants team uses and reacts to the data.

The types of information contained in the DPL are the data point identifier, description, engineering units, range, alarms, technical specification limits, and engineering system data.

The plants DPL will have one record for each data point the plant will send to ERDS.

Because the points selected for transmission to ERDS are indicative of plant health and are associated with critical safety functions, they are the indicators the plants response team uses to determine the proper actions to take to mitigate an event. The DPL will present textual information to the NRC Operations Center user to provide information supplementing the points value that will be useful in understanding how the plant team interprets the data. For instance, the DPL associated with a transmitted data point representing the reactor vessel level should contain such data as the physical zero reference point, conversion factor for the height above the top of active fuel, type of detectors, effects of running reactor coolant pumps, effects of cold calibration, and effects of elevated containment temperature. Similarly, associated with a reactor water storage tank level transmitted as a percentage should be, for example, the capacity of that tank in gallons, number of reactor water storage tanks at the plant site, zero reference point, and conversion factor from percent to gallons.

The DPL is particularly useful to the NRC Operations Center user when evaluating the plants action in predicting offsite radioactive releases. Associated with an effluent gaseous release data point expressed in counts per minute, the DPL reference sheet should indicate the assumptions regarding isotopic mix, the current calibration factors of detectors, the discharge point or points for monitored releases, expected stack flow rates under various fan combinations, and any default values used by the plant team in its calculations.

Tables C-1, C-2, and C-3 include three examples of typical DPL entries. The first is an example of a boiling-water reactor (BWR), the second is an example of a pressurized-water reactor (PWR), and the third example is for the AP1000 PWR next-generation III+ plant types.

C-1

Table C-1 BWR DPL Reference File Date: 6/5/2019 Reactor Unit: XZ1 Data Feeder: N/A NRC ERDS Parameter: CST Level Point ID: C345Z04 Plant Spec Point Desc.: CS TNK IA LVL Generic/Cond Desc.: Condensate Storage Tank A Level Analog/Digital: A Engr Units/Dig States: %

Engr Units Conversion: Each 1% = 1,692 Gallons Minimum Instr Range: 0 Maximum Instr Range: 100 Zero Point

Reference:

SEALEV Reference Point Notes: At 0% 245,000 Gals Remain In Tank PROC or SENS*: P Number of Sensors: 2 How Processed: Average Sensor Locations: 245,000 Gal Above Tank Bottom Alarm/Trip Set Points: Low Level At 12%

NI** Detector Power Supply Cut-off Power Level: N/A NI Detector Power Supply Turn-on Power Level: N/A Instrument Failure Mode: Low Temperature Compensation for DP*** N/A Transmitters:

Level Reference Leg: N/A Unique System Desc.: This averaged sensor reading is for the normally used volume of the tank. The remaining 245,000 gallons are monitored by two discrete alarms at 150,000 and 50,000 gallons total remaining tank contents. Total tank volume is 414,200 gallons.

Process or Sensor

- Nuclear Instrument

- - Differential Pressure C-2

Table C-2 PWR DPL Reference File Date: 6/5/1989 Reactor Unit: XZ1 Data Feeder: ERIS NRC ERDS Parameter: AX FD FL 1/A Point ID: AF105A Plant Spec Point Desc.: AFW Flow SG 11 MTR Generic/Cond Desc.: AFW Flow SG 11 Frm Elec AFW Pump Analog/Digital: A Engr Units/Dig States: GPM Engr Units Conversion: N/A Minimum Instr Range: 0 Maximum Instr Range: 500 Zero Point

Reference:

N/A Reference Point Notes: N/A PROC or SENS: S Number of Sensors: 1 How Processed: N/A Sensor Locations: On Line To SG 11 Outside Containment Alarm/Trip Set Points: High Flow At 500 GPM NI Detector Power Supply Cut-off Power Level: N/A NI Detector Power Supply Turn-on Power Level: N/A Instrument Failure Mode: Low Temperature Compensation for DP Transmitters: N/A Level Reference Leg: N/A Unique System Desc.: There are one electric and two turbine driven auxiliary feedwater pumps. The electric pump has dedicated discharge lines to each steam generator. The flow element for this point represents the last sensor before the line entering containment. The two turbine-driven pumps use separate piping to the steam generators. Maximum rated flow for this pump is 450 gpm. Shutoff head is 1200 psig.

C-3

Table C-3 AP1000 PWR DPL Reference File Date: 10/16/2019 Reactor Unit: XZ1 Data Feeder: ERIS NRC ERDS Parameter: SGS-F055A Point ID: SGS055A Plant Spec Point Desc.: SG 1 Startup FW Flow SGS-F055A Generic/Cond Desc.: SG 1 Startup FW Flow Analog/Digital: D Engr Units/Dig States: GPM Engr Units Conversion: N/A Minimum Instr Range: 0 Maximum Instr Range: 1000 Zero Point

Reference:

N/A Reference Point Notes: N/A PROC or SENS: S Number of Sensors: 1 How Processed: N/A Sensor Locations: Online to SG 1 Outside Containment Alarm/Trip Set Points: Low Flow Alarm Below 200 GPM NI Detector Power Supply Cut-off Power Level: N/A NI Detector Power Supply Turn-on Power Level: N/A Instrument Failure Mode: Fails Closed Temperature Compensation for DP Transmitters: N/A Level Reference Leg: N/A Unique System Desc.: The startup feedwater system supplies feedwater to the steam generators during plant startup, hot standby, and shutdown conditions. It provides feedwater during transients in the event that the main feedwater system becomes unavailable.

C-4

Table C-4 DPL Reference File Template Date:

Reactor Unit:

Data Feeder:

NRC ERDS Parameter:

Point ID:

Plant Spec Point Desc.:

Generic/Cond. Desc.:

Analog/Digital:

Engr Units/Dig States:

Engr Units Conversion:

Minimum Instr. Range:

Maximum Instr. Range:

Zero Point

Reference:

Reference Point Notes:

PROC or SENS:

Number of Sensors:

How Processed:

Sensor Locations:

Alarm/Trip Set Points:

NI Detector Power Supply Cut-off Power Level:

NI Detector Power Supply Turn-on Power Level:

Instrument Failure Mode:

Temperature Compensation for DP Transmitters:

Level Reference Leg:

Unique System Desc.:

C-5

APPENDIX D DATA POINT LIBRARY REFERENCE FILE DEFINITIONS Enter the date that this form is filled out or modified (eight characters Date:

following the mm/dd/yyyy format).

Enter the nuclear power plant name and abbreviation (three Reactor Unit:

characters).

Enter the quantity of data feeders coming from the system. If there is more than one data feeder for your system, then enter the acronym Data Feeder:

for the data feeder from which the point comes. If there is only one data feeder, then enter N/A in this field (10 characters).

Enter the associated U.S. Nuclear Regulatory Commission (NRC) parameter used for a value. Choose one of the parameters from the boiling-water reactor (BWR), pressurized-water reactor (PWR), or NRC ERDS Parameter:

AP1000 PWR parameter list provided in appendix E. Transmit a single value for each parameter for each loop. If not on the list, insert Not Listed or NL (12 characters).

Enter the plant-associated alphanumeric point description used to Point ID: label the point during transmission (12 characters by default but can contain up to 20 characters if needed).

Plant-Specific Point Enter the licensee computer point description for the transmitted point

==

Description:==

(up to 40 characters).

Enter the parameter description from the enclosed list of points for a Generic or Condensed BWR, PWR, or AP1000 PWR provided in appendix E. If not on the

==

Description:==

list, then condense the plant-specific point description (32 characters).

Enter an A or D character: A if the signal is analog or numerical or Analog/Digital:

D if the signal is off/on as a digital signal (one character).

Enter the engineering units used by the licensee for display on licensee output devices. Use the engineering units abbreviations provided in appendix F when possible. When specifying pressure, Engineering Units or Digital use PSIA [pound-force per square inch] or PSIG [pound per States:

square inch (gauge)], rather than PSI [pound per square inch]. For digital signals, give the OFF and ON state descriptors (12 characters).

Engineering Units Enter the value notes about any special features of the A/D Conversion: [analog/digital] conversion and scaling (40 characters).

Minimum Instrument Enter the engineering units value below which data cannot go Range: (bottom-of-scale value) (10 characters).

D-1

Maximum Instrument Enter the engineering units value above which data cannot go Range: (top-of-scale value) (10 characters).

Enter the zero point of engineering units scale, used primarily for Zero Reference Point levels or heights. Use the zero reference point abbreviations provided in appendix G when possible (six characters).

Enter any notes about the reference point or other important and Reference Point Notes:

special features of the parameter (40 characters).

Enter how a point is sourced. Is the point formed by processing more PROC or SENS: than one signal, or is the source a single sensor (P or S) (one character)?

Enter the number of signals processed in a full calculation, assuming Number of Sensors:

no bypassed or inoperative sensors (three characters).

Enter the processing algorithm used for the point values (sum, How Processed: average, weighted average, highest, lowest, or a short description)

(40 characters).

Enter the description of the location(s) of the instrument(s) used Sensor Locations:

(40 characters).

Enter any critical information that shows the most important setpoints Alarm or Trip Setpoints: for the parameter. State whether the limit is high or low (40 characters).

NI Detector Power Supply Enter the power level at which the power supply for the nuclear Cut-off Power Level: instrument (NI) detector switches off (15 characters).

NI Detector Power Supply Enter the power level at which the power supply for the NI detector Turn-on Power Level: switches on (15 characters).

Enter the mode in which this instrument fails. Possible answers are Instrument Failure Mode: HIGH, MEDIUM, or LOW. If available, provide the numeric value at which the instrument fails (30 characters).

Enter if differential pressure (DP) transmitters are used for Temperature Compensation compensation. Possible answers are YES or NO (Y or N). If the for DP Transmitters:

answer is NO, attach a copy of the correction curve (one character).

Enter the type of level measurement (dry or wet) used on the level Level Reference Leg:

reference leg (three characters).

Enter any additional important information that will assist the NRC Unique System

Description:

Operations Center personnel in understanding how the plant team interprets the data (600 characters).

D-2

APPENDIX E CRITICAL SAFETY FUNCTION PARAMETERS Nuclear power plant critical safety functions (CSFs) are designed to protect against core melt, preserve containment integrity, prevent indirect release of radioactivity, and maintain vital auxiliaries needed to support the other safety functions. The tables below are a direct correlation among the plant parameters specified in Appendix E, Emergency Planning and Preparedness for Production and Utilization Facilities, to Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, the CSF, and the Emergency Response Data System. Licensees should include these data points in their transmission.

Table E-1 includes CSF parameters for boiling-water reactors (BWRs).

Table E-1 CSF ParametersBWR Reactivity Control Parameter Description Typical Units NI POWER RNG Nuclear Instruments, Power Range %

NI INTER RNG Nuclear Instruments, Intermediate Range AMP NI SOURC RNG Nuclear Instruments, Source Range C/SEC CORE COOLING REAC VES LEV Reactor Vessel Water Level IN MAIN FD FLOW Feedwater Flow into the Reactor System %

RCIC FLOW Reactor Core Isolation Cooling Flow GPM RCS INTEGRITY RCS PRESSURE Reactor Coolant System Pressure PSIG HPCI FLOW High Pressure Coolant Injection Flow GPM LPCI FLOW Low Pressure Coolant Injection Flow GPM CR SPRAY FL Core Spray Cooling System Flow GPM DW FD SMP LV Drywell Floor Drain Sump Level IN RADIOACTMTY CONTROL EFF GAS RAD Radioactivity of Released Gases MCI/HR EFF LIQ RAD Radioactivity of Released Liquids MCI/HR CND A/E RAD Condenser Air Ejector Radioactivity C/MIN DW RAD Radiation Level in the Drywell R/HR MN STEAM RAD Radiation Level of the Main Steam Line MR/HR CONTAINMENT CONDITIONS DW PRESS Drywell Pressure PSIG DW TEMP Drywell Temperature °F SP TEMP Suppression Pool Temperature °F SP LEVEL Suppression Pool Water Level IN H2 CONC Drywell or Torus Hydrogen Concentration %

O2 CONC Drywell or Torus Oxygen Concentration %

MISCELLANEOUS PARAMETERS CST LEVEL Condensate Storage Tank Level %

E-1

Table E-1 CSF ParametersBWR (Continued)

Reactivity Control Parameter Description Typical Units WIND SPEED Wind Speed at the Reactor Site MPH WIND DIR Wind Direction at the Reactor Site DEG STAB CLASS Air Stability at the Reactor Site A-G E-2

Table E-2 contains CSF parameters for pressurized-water reactors (PWRs).

Table E-2 CSF ParametersPWR Typical Reactivity Control Parameter Description Units NI POWER RNG Nuclear Instruments, Power Range %

NI INTER RNG Nuclear Instruments, Intermediate Range AMP NI SOURC RNG Nuclear Instruments, Source Range C/SEC CORE COOLING REAC VES LEV Reactor Vessel Water Level IN TEMP CORE EX Highest Temperature at the Core Exit °F SUB MARGIN Saturation TemperatureHighest Core Exit Thermocouple °F CORE FLOW Total Reactor Coolant Flow MLB/HR STEAM GENERATORS SG LEVEL 1/A Steam Generator 1 (or A) Water Level %

SGLEVEL2/B Steam Generator 2 (or B) Water Level %

SGLEVEL3/C Steam Generator 3 (or C) Water Level %

SGLEVEL4/D Steam Generator 4 (or D) Water Level %

SG PRESS 1/A Steam Generator 1 (or A) Pressure PSIG SG PRESS 2/B Steam Generator 2 (or B) Pressure PSIG SG PRESS 3/C Steam Generator 3 (or C) Pressure PSIG SG PRESS 4/D Steam Generator 4 (or D) Pressure PSIG MNFD FL 1/A Stm Gen 1 (or A) Main Feedwater Flow LBM/HR MNFD FL2/B Stm Gen 2 (or B) Main Feedwater Flow LBM/HR MNFD FL3/C Stm Gen 3 (or C) Main Feedwater Flow LBM/HR MNFD FL4/D Stm Gen 4 (or D) Main Feedwater Flow LBM/HR STEAM GENERATORS Cont.

AX FD FL 1/A Stm Gen 1 (or A) Auxiliary FW Flow GPM AXFD FL2/B Stm Gen 2 (or B) Auxiliary FW Flow GPM AXFD FL3/C Stm Gen 3 (or C) Auxiliary FW Flow GPM AXFD FL4/D Stm Gen 4 (or D) Auxiliary FW Flow GPM HL TEMP 1/A Stm Gen 1 (or A) Inlet Temperature °F HL TEMP 2/B Stm Gen 2 (or B) Inlet Temperature °F HL TEMP 3/C Stm Gen 3 (or C) Inlet Temperature °F HLTEMP4/D Stm Gen 4 (or D) Inlet Temperature °F CL TEMP 1/A Stm Gen 1 (or A) Outlet Temperature °F CL TEMP 2/B Stm Gen 2 (or B) Outlet Temperature °F CL TEMP 3/C Stm Gen 3 (or C) Outlet Temperature °F CL TEMP 4/D Stm Gen 4 (or D) Outlet Temperature °F RCS INTEGRITY RCS PRESSURE Reactor Coolant System Pressure PSIG PRZR LEVEL Primary System Pressurizer Level %

RCS CHG/MU Primary System Charging or Makeup Flow GPM HP SI FLOW High-Pressure Safety Injection Flow GPM LP SI FLOW Low-Pressure Safety Injection Flow GPM E-3

Table E-2 CSF ParametersPWR (Continued)

Typical Reactivity Control Parameter Description Units CTMNT SMP NR Containment Sump Narrow Range Level IN CTMNT SMP WR Containment Sump Wide Range Level IN RADIOACTIVITY CONTROL EFF GAS RAD Radioactivity of Released Gases MCI/HR EFF LIQ RAD Radioactivity of Released Liquids MCI/HR COND A/E RAD Condenser Air Ejector Radioactivity C/MIN CNTMNT RAD Radiation Level in the Containment R/HR RCS LTDN RAD Rad Level of the Reactor Coolant System Letdown Line C/SEC MAIN SL1/A Stm Gen 1 (or A) Steam Line Rad Level MR/HR MAIN SL2/B Stm Gen 2 (or B) Steam Line Rad Level MR/HR MAIN SL3/C Stm Gen 3 (or C) Steam Line Rad Level MR/HR MAIN SL4/D Stm Gen 4 (or D) Steam Line Rad Level MR/HR SG BD RAD 1A Stm Gen 1 (or A) Blowdown Rad Level MR/HR SG BD RAD 2B Stm Gen 2 (or B) Blowdown Rad Level MR/HR SG BD RAD 3C Stm Gen 3 (or C) Blowdown Rad Level MR/HR SG BD RAD 4D Stm Gen 4 (or D) Blowdown Rad Level MR/HR CONTAINMENT CONDITIONS CTMNTPRESS Containment Pressure PSIG CTMNTTEMP Containment Temperature °F H2CONC Containment Hydrogen Concentration %

MISCELLANEOUS PARAMETERS BWST LEVEL Borated Water Storage Tank Level %

WIND SPEED Wind Speed at the Reactor Site MPH WIND DIR Wind Direction at the Reactor Site DEG STAB CLASS Air Stability at the Reactor Site A-G E-4

Table E-3 shows the CSF parameters for AP1000 PWRs.

Table E-3 CSF ParametersAP1000 PWRs Typical Reactivity Control Parameter Description Units NI PR PWR Nuclear Instruments, Power Range %

NI IR PWR Nuclear Instruments, Intermediate Range %

NI SR PWR Nuclear Instruments, Source Range CPS CORE COOLING 5TH HIGHEST CET Highest Temperature at the Core Exit °F RCS SUBCOOLING Reactor Coolant System Subcooling +

RCS TOTAL FLOW Reactor Coolant Total Flow GPM RCS HL LEV Reactor Coolant System Hot Leg Level % SPAN STEAM GENERATORS SG 1 PRESSURE Steam Generator 1 Pressure PSIG SG 2 PRESSURE Steam Generator 2 Pressure PSIG SG 1 FEED FW Steam Gen 1 Main Feedwater Flow LBM/HR SG 2 FEED FW Steam Gen 2 Main Feedwater Flow LBM/HR SG 1 SU FW FL Steam Gen 1 Startup Feedwater Flow GPM SG 2 SU FW FL Steam Gen 2 Startup Feedwater Flow GPM SG 1 LEVEL Steam Generator Water Level %

SG 2 LEVEL Steam Generator Water Level %

RCS HL 1 TEMP RCS Hot Leg 1 Temperature °F RCS HL 2 TEMP RCS Hot Leg 2 Temperature °F RCS CL 1A TEMP RCS Cold Leg 1A Temperature °F RCS CL 1B TEMP RCS Cold Leg 1B Temperature °F RCS CL 2A TEMP RCS Cold Leg 2A Temperature °F RCS CL 2B TEMP RCS Cold Leg 2B Temperature °F RCS INTEGRITY RCS PRESSURE Reactor Coolant System Pressure PSIG RCS PZR LEVEL Reactor Coolant System Pressurizer Level %

RCS ACC LEV Reactor Coolant System Accumulator Level %

CMT LEV Core Makeup Tank Level %

ADS ACTUATION Automatic Depressurization System ON/OFF CVS MU FLOW HR Chemical and Volume Control System Makeup Flow GPM PRHR HX FLOW Passive Residual Heat Removal Heat Exchanger Flow GPM IRWST LEVEL In-Containment Refueling Water Storage Tank Level %

CNMT SUMP LVL Containment Sump Level IN CTMNT FLDUP LEVEL Containment Flood-Up Level %

RADIOACTIVITY CONTROL EFF GAS RAD Radioactivity of Released Gases µCI/CC E-5

Table E-3 CSF ParametersAP1000 PWRs (Continued)

Typical Reactivity Control Parameter Description Units EFF LIQ RAD Radioactivity of Released Liquids µCI/CC COND AIR REMOVAL RAD Condenser Air Removal Radiation Level µCI/CC SG 1 MAIN STEAM LINE RAD Steam Generator 1 Main Steam Line Radiation µCI/CC SG 2 MAIN STEAM LINE RAD Steam Generator 2 Main Steam Line Radiation µCI/CC SG BLOWDOWN RAD Steam Generator Blowdown Radiation µCI/CC CONTAINMENT RAD Containment Radiation R/HR CONTAINMENT CONDITIONS CNMT PRESS Containment Pressure PSIG CNMT TEMP Containment Temperature °F CNMT H2 CONC Containment Hydrogen Concentration %

PASSIVE CNMT COOLING Passive Containment Cooling System Temperatures °F PASSIVE CNMT COOLING Passive Containment Cooling System Levels %

MISC PARAMETERS BA TANK LEVEL Boric Acid Storage Tank Level %

WIND SPEED Wind Speed at the Reactor Site MPH WIND DIR Wind Direction at the Reactor Site DEG STAB CLASS Air Stability at the Reactor Site A-G E-6

APPENDIX F ENGINEERING UNITS CODING SCHEME PSIG = Pounds per square inch, gauge PSIA = Pounds per square inch, absolute INH2 O = Inches of water pressure

% = Percent IN = Inches FT = Feet FT&IN = Feet and inches FTDEC = Feet and decimal feet GAL = Gallons LB = Pounds or pounds mass GPM = Gallons per minute KGPM = Thousands of gallons per minute LBM/HR = Pounds mass per hour KLB/HR = Thousands of pounds per hour MLB/HR = Millions of pounds per hour CPM = Counts per minute CPS = Counts per second AMPS = Ampere MAMPS = Milliamps

µAMPS = Microamps DEGF = Degrees Fahrenheit DEGC = Degrees Centigrade MR/HR = Millirem per hour R/HR = Rem per hour CI/CC = Curies per cubic centimeter CI/ML = Curies per milliliter

µCI/CC = Microcuries per cubic centimeter F-1

µCI/ML = Microcuries per milliliter CI/S = Curies per second

µCI/S = Microcuries per second DEGFR = Degrees true (for wind direction from)

DEGTO = Degrees true (for wind direction to)

DF/FT = Degrees Fahrenheit per foot DC/M = Degrees Centigrade per meter DC/HM = Degrees Centigrade per 100 meters DF/HFT = Degrees Fahrenheit per 100 feet STABA = Stability class in form of A - G STABI = Stability class in form of integer, where A = 1, B = 2 MPH = Miles per hour MPS = Meters per second VDC = Volts direct current SCFM = Standard cubic feet per minute F-2

APPENDIX G ZERO REFERENCE CODING SCHEME The zero reference point field applies to levels and heights only. Leave it blank for temperatures, pressure, and flows. Give the physical point represented by the number zero for the parameter from the choices below.

TAF = Top of active fuel UPHEAD = Upper head LWHEAD = Lower head MSSKRT = Moisture separator skirt TOPHTR = Top of pressurizer heater bank SURGE = Surge line penetration SPRAY = At the spray nozzle UTUBES = Top of steam generator U tubes TUBSHT = At steam generator tube sheet Bottom of tank sump (e.g., condensate storage TNKBOT =

tank)

COMPLX = Reference too complex for database entry CNTFLR = Containment floor SEALEV = Mean sea level G-1

APPENDIX H CODING SCHEME FOR UNIT NAME AND UNIT ID Arkansas Nuclear One-1 AN1 Ginna GI1 Prairie Island-2 PI2 Arkansas Nuclear One-2 AN2 Grand Gulf-1 GG1 Quad Cities-1 QC1 Beaver Valley-1 BV1 Harris (Shearon) HR1 Quad Cities-2 QC2 Beaver Valley-2 BV2 Hatch-1 HT1 River Bend-1 RB1 Braidwood-1 BR1 Hatch-2 HT2 Robinson-2 RO2 Braidwood-2 BR2 Hope Creek HC1 Salem-1 SA1 Browns Ferry-1 BF1 James A. FitzPatrick FZ1 Salem-2 SA2 Browns Ferry-2 BF2 Lasalle County-1 LS1 Seabrook-1 SB1 Browns Ferry-3 BF3 Lasalle County-2 LS2 Sequoyah-1 SE1 Brunswick-1 BK1 Limerick-1 LM1 Sequoyah-2 SE2 Brunswick-2 BK2 Limerick-2 LM2 South Texas Project-1 ST1 Byron-1 BY1 McGuire-1 MC1 South Texas Project-2 ST2 Byron-2 BY2 McGuire-2 MC2 St. Lucie-1 SL1 Callaway-1 CW1 Millstone-2 MS2 St. Lucie-2 SL2 Calvert Cliffs-1 CC1 Millstone-3 MS3 Surry-1 SU1 Calvert Cliffs-2 CC2 Monticello MO1 Surry-2 SU2 Catawba-1 CT1 Nine Mile Point-1 NM1 Susquehanna-1 SQ1 Catawba-2 CT2 Nine Mile Point-2 NM2 Susquehanna-2 SQ2 Clinton-1 CL1 North Anna-1 NA1 Turkey Point-3 TP3 Columbia Generating CG1 North Anna-2 NA2 Turkey Point-4 TP4 Comanche Peak-1 CP1 Oconee-1 OC1 V. C. Summer VS1 Comanche Peak-2 CP2 Oconee-2 OC2 Vogtle-1 VO1 Cook-1 CK1 Oconee-3 OC3 Vogtle-2 VO2 Cook-2 CK2 Palo Verde-1 PV1 Vogtle-3 VO3 Cooper CO1 Palo Verde-2 PV2 Vogtle-4 VO4 Davis Besse-1 DB1 Palo Verde-3 PV3 Waterford-3 WF3 Diablo Canyon-1 DC1 Peach Bottom-2 PE2 Watts Bar-1 WB1 Diablo Canyon-2 DC2 Peach Bottom-3 PE3 Watts Bar-2 WB2 Dresden-2 DN2 Perry-1 PY1 Wolf Creek WC1 Dresden-3 DN3 Point Beach-1 PB1 Farley-1 FA1 Point Beach-2 PB2 Farley-2 FA2 Prairie Island-1 PI1 Fermi-2 FE2 H-1

APPENDIX I COMPUTER POINT SELECTION Appendix I provides guidance on the process of selecting data points. The main theme of the computer point selection process is to identify the minimum set of computer points available on the fewest (preferably one) number of feeders from a site, which fully describe each of the parameters on the Emergency Response Data System (ERDS) Parameter List.

When multiple computer points exist to describe a certain parameter, there is usually one point or a small subset of points that meet the following desirability criteria:

For fluids systems (e.g., high-pressure coolant injection, building ventilation, main feedwater), the points representing the farthest location downstream in the system are most desirable. For example

- If the ventilation system exhausts from all buildings in the powerblock converge and ascend up a single plant vent stack, then only the effluent process radiation monitors on the plant stack should be described under gaseous effluent versus describing the individual effluent monitors that may exist for each of the exhaust lines that converge.

- If an injection or feedwater system has a set of points available that includes flows measured at the pump discharges, at a combined header, and at the point in the system just before injection into the loops or steam generators, then the points that should be selected as potential ERDS feeds are the furthest downstream points (flow measured just before injection into loops or steam generators).

Computer points that have undergone the maximum amount of range checking and other data point validation schemes should be selected.

Computer points representing the widest expected range of the parameter should be selected. For example, if there is a choice of computer points for Containment Pressure, with one representing the range -5 to +5 pounds per square inch, gauge (PSIG) and another representing the range -5 to +100 PSIG, the wide-range -5 to +100 PSIG computer point should be selected, even though its accuracy may not be as great near the normally expected pressure of -1 to +1 PSIG. The point composed of the maximum number of inputs should be used. The desirable point may be composed (processed) within the feeder computer or may be composed by a separate microprocessor outside the feeder, as in the case of pressurized-water reactor (PWR) reactor vessel level indication, subcooling margin monitors, and meteorological tower systems. The philosophy of selecting the most composed points should not be applied in the case of parameters associated with PWR coolant loops (e.g., T-hot, T-cold, steam generator pressure, steam generator level, main feedwater flow) to the extent of selecting points such as Average T-hot, because loop-specific parameters are preferable for use in coolant-loop-specific accidents such as steam generator tube breaks. Composed points such as Average T-hot Loop 1, and Average T-hot Loop 2, should be selected.

I-1

APPENDIX J EMERGENCY RESPONSE DATA SYSTEM QUESTIONS AND ANSWERS

1. Was the original data list expanded?

No. The issue has been well studied since the Nuclear Data Link was originally proposed after the accident at Three Mile Island Nuclear Station, Unit 2. The development of the data list followed the determination by the U.S. Nuclear Regulatory Commission (NRC) of its role in an emergency. The data list provides the information the NRC needs to perform that role. The data list is intended to be generic in nature.

Originally, there was a space limitation in each units database to accommodate plant-specific data points that are not on the required data list but are considered useful in assessing plant conditions. Newer technology innovations in the Emergency Response Data System (ERDS) software have removed the space limitation.

Experience from program implementation to date indicates that there are parameters that licensees would like to send as a part of the ERDS data stream. The NRC will consider licensee recommendations for adding data points to individual unit databases.

2. Must ERDS be used to transmit drill data?

Transmitting drill data was not an ERDS design requirement. For those system configurations that only allow the transmission of real data, no modification was needed.

However, if the licensee system is set up to transmit drill data, the licensee should use that capability to enhance the NRCs drill participation.

The modernized ERDS includes the capability for a licensee to provide simulated or drill data to a separate ERDS server, so production data can be sent in parallel without the possibility of the data becoming mixed with the production transmissions.

3. How soon after an Alert declaration must the system be initiated?

The NRCs regulations in Title 10 of the Code of Federal Regulations (10 CFR) 50.72(a)(4) require a licensee to activate ERDS as soon as possible following the declaration of an Alert or higher emergency classification but no more than 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months from the time of the declaration.

4. Is the transmission of data point values for times before the time of ERDS activation required?

No. Only the data values from the time of the link initiation are required to be transmitted over ERDS. Information on initiating conditions and plant status will be provided over the verbal communication line, as necessary.

However, plants are encouraged to take advantage of transmitting data 24x7x365 to alleviate the need to manually initiate ERDS for an actual event.

5. With the implementation of ERDS, will continuous staffing of the Emergency Notification System (ENS) (Red Phone) still be required?

J-1

Yes. The NRCs regulations in 10 CFR 50.72(a)(1) require licensees to use the ENS.

ERDS will not eliminate the need for verbal transmission of information such as licensee actions, recommended protective actions, and supplemental event-specific data not provided by ERDS.

6. Are the ERDS data provided to State authorities?

Although the NRC is not soliciting or recommending State participation in the ERDS program, the system design includes a web portal for States within a plants 10-mile plume exposure pathway emergency planning zone to view ERDS data. This provision was made to reduce the likelihood of different data being provided to the NRC and a State because of differing data sets where the State has decided to collect data. This provision does not affect States that already have a data collection system. If a State expresses a desire to participate in the ERDS program, the NRC will provide ERDS data to that State under a specific memorandum of understanding. This memorandum of understanding aims to specify communication protocols for clarification of ERDS data and data security requirements. The NRC provides those States with a website link and digital certificate to install on a securely located workstation. Appendix K provides the specifications for an ERDS workstation. These provisions ensure that all parties involved use the same database for their analysis.

7. Does the NRC require a periodic test of ERDS, and how frequently?

The NRC does perform periodic testing to ensure system operability. Currently, that testing is done quarterly. Should system reliability permit, the frequency of testing may be reduced. The NRC conducts the testing of a State link portion of the system.

Therefore, no licensee participation is required for this test. The NRC sets and transmits the test schedule to all licensees before the new calendar year begins.

8. Is participation in the ERDS program voluntary?

No. At the inception of ERDS, the program was voluntary, as documented in NUREG-1394, Revision 1, Energy Response Data System (ERDS) Implementation, issued June 1991. Now, under 10 CFR Part 50, Domestic Licensing of Production and Utilization Facilities, Appendix E, Emergency Planning and Preparedness for Production and Utilization Facilities,Section VI, the NRC requires the implementation of ERDS at all operating nuclear power plants.

9. What is the boundary of system maintenance responsibility?

The NRC is responsible for maintaining all parts of ERDS installed starting at the NRC-provided ERDS-specific piece of hardware used for secure data transmission (e.g., Adaptive Security Appliance virtual private network) located at the licensee site.

10. Did the NRC develop a generic ERDS interface for use by licensees?

No, the NRC does not provide a generic ERDS interface. However, the ERDS software vendor, OSIsoft, has created an interface that most licensees use. A few licensees have opted to use interfaces developed by other vendors, while others have built their own using customized code.

J-2

APPENDIX K GUIDANCE FOR SETTING UP WORKSTATIONS TO INTERFACE WITH THE NRC'S EMERGENCY RESPONSE DATA SYSTEM K.1 Workstation Configuration and Security Requirements The Emergency Response Data System (ERDS) application can run on various computers and devices, including workstations, laptops, and tablets (together referred to as workstations) running Windows operating systems. Workstations used to access ERDS data will need to meet minimum hardware and software requirements. The ERDS software provides the connectivity to the captured event data on ERDS, displays the data, and performs other functions.

ERDS applications can be delivered by either a client-based application (PI ProcessBook) or through a web-based portal interface using any internet browser.

The following software applications are required for a standard minimum build of an ERDS workstation. This list is subject to change depending on platform vendors technology enhancements and upgrades to improve reliability, function, or design:

Microsoft Windows operating system

Microsoft Office 2010 or newer supported application suite

Antivirus software

Internet Explorer 11.x or other supported browsers

OSIsoft PI ProcessBook 2015 or newer or PI Vision web portal 2017 or newer (optional)

K.2 OSIsoft PI Vision for Web Portal Clients The ERDS website is built using OSIsofts PI Vision software. Most current browsers support PI Vision on various computers and devices, including tablets and phones running iOS or Android operating systems. PI Vision was tested with and is compatible with the following browsers:

on Windows with Microsoft Internet Explorer version 11 and current versions of Microsoft

Edge, Mozilla Firefox, Google Chrome current versions or later

on Apple Macintosh with a current version of Safari

on the iPad and iPhone with iOS version 7 or later

on Android devices with version Android 4 or later K.3 Security and User Authentication The ERDS application uses the capabilities of the PI server to create and manage system roles, responsibilities, and groups. System authentication uses the U.S. Nuclear Regulatory Commissions (NRCs) implementation of Microsoft Active Directory.

The ERDS application also ensures that State users can only see data from within their respective emergency planning zone.

The ERDS software provides security through user accounts. This security model is used to control and audit the actions ERDS users are allowed to perform and the data they are allowed K-1

to view. In addition to the workstation security, the PI application has its own security system that is used to control access to the application servers and databases.

The ERDS user accounts have a password expiration feature and will block login attempts if too many incorrect passwords are entered sequentially. The ERDS Help Desk generates user passwords renewed every 90 days. Users who do not connect to ERDS within 90 days will have their accounts disabled and have to call the ERDS Help Desk to have the account reenabled.

Web Portal services include security validation settings to determine how long user credentials persist. The effect of this setting is that a user is prompted to renew login credentials after a webpage has been idle for a set period of time. Currently, sessions are set to expire after 15 minutes of inactivity.

K-2

NUREG-1394, Rev. 2 Emergency Response Data System August 2022 J.R. Jolicoeur Technical B. Alemu Office of Nuclear Security and Incident ResponseHQ Division of Preparedness and Response U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 Same as above Technical Updates - Project Performance Corporation, ERDS O&M Contractor The U.S. Nuclear Regulatory Commission (NRC) has implemented the Emergency Response Data System (ERDS) to upgrade its ability to acquire data from nuclear power plants in the event of an emergency at the plant. ERDS provides a transfer of data from licensee plant computers to the NRC Operations Center. The system has been designed to be activated by the licensee during an emergency that has been classified at an Alert or higher level. The NRC portion of ERDS will receive the data stream and sort and file the data. The users will include the NRC Operations Center, the NRC regional office of the affected plant, and, if requested, the States that are within the 10-mile emergency planning zone of the site. The currently installed Emergency Notification System will be used to supplement ERDS data.

This report provides guidance for the implementation or continued operation of ERDS at licensee sites. It is intended to be used for new and existing implementations under the ERDS program as well as for providing standards for supporting the ERDS rule.

Emergency Response Data System (ERDS)

NRC Operations Center Emergency Response Emergency Accident OSIsoft PI

NUREG-1394, Rev. 2 Emergency Response Data System August 2022

NUREG-1394, Rev 2, Emergency Response Data System

Contents

Text

Reference:

Reference:

Reference:

Reference:

Description:

Navigation menu

NUREG-1394, Rev 2, Emergency Response Data System

Text

Reference:

Reference:

Reference:

Reference:

Description:

Navigation menu

Search