Text

Dr. Gregory Piefer Chief Executive Officer SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546

SUBJECT:

SHINE TECHNOLOGIES, LLC REGULATORY REPORT ON THE AUDIT OF INSTRUMENTATION AND CONTROL SYSTEMS DESCRIBED IN OPERATING LICENSE APPLICATION, ALL SESSIONS (EPID NO. L-2019-NEW-0004)

Dear Dr. Piefer:

By letter dated July 17, 2019, (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), SHINE Medical Technologies, LLC (SHINE) submitted its application for an operating license.

Enclosed is a report on the regulatory audit conducted by staff of the U.S. Nuclear Regulatory Commission (NRC) in connection with its review of the application), in addition to chapter 7, Instrumentation and Control Systems, of the SHINE final safety analysis report and responses to requests for additional information. This regulatory audit was held to close technical gaps identified during the review of chapter 7, as communicated periodically to SHINE in a Chapter 7 status tracker.

The audit report does not make any licensing conclusions or findings, but it is part of the administrative record of the NRC staffs review of the application and may provide information supporting the NRC staffs safety evaluation. Unless otherwise noted in the enclosed report, the audit followed the plans provided by letters dated:

Session 1, February 15, 2022 (ADAMS Accession No. ML22042A018),

Session 2, March 23, 2022 (ADAMS Accession No. ML22075A331),

Session 3, April 6, 2022 (ADAMS Accession No. ML22095A067),

Session 4, April 18, 2022 (ADAMS Accession No. ML22101A116), and

Session 5, July 11, 2022 (ADAMS Accession No. ML22165A210).

The enclosed report constitutes the final report on the audit and provides a closure path for each of the identified open technical items.

January 4, 2023

G. Piefer If you have any questions, please contact me at (301) 415-1053, or by electronic mail at Holly.Cruz@nrc.gov.

Sincerely, Michael Balazik, Project Manager Non-Power Production and Utilization Facility Licensing Branch Division of Advanced Reactors and Non-Power Production and Utilization Facilities Office of Nuclear Reactor Regulation Docket No. 50-608 Construction Permit No. CPMIF-001

Enclosure:

As stated

Attachment:

Detailed Item Table cc: See next page Signed by Balazik, Michael on 01/04/23

SHINE Technologies, LLC Docket No. 50-608 cc:

Jeff Bartelme Licensing Manager SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546 Nathan Schleifer General Counsel SHINE Technologies, LLC 3400 Innovation Court Janesville, WI 53546 Christopher Landers Director, Office of Conversion National Nuclear Security Administration, NA 23 U.S. Department of Energy 1000 Independence Ave SW Washington, DC 20585 Mark Paulson, Supervisor Radiation Protection Section Wisconsin Department of Health Services P.O. Box 2659 Madison, WI 53701-2659 Shelley Warwick Environmental Analysis Specialist-South Team Wisconsin Department of Natural Resources 3911 Fish Hatchery Road Fitchburg, WI 53711 Test, Research and Training Reactor Newsletter Attention: Amber Johnson Dept of Materials Science and Engineering University of Maryland 4418 Stadium Drive College Park, MD 20742-2115 Mark Freitag City Manager P.O. Box 5005 Janesville, WI 53547-5005 Bill McCoy 1326 Putnam Avenue Janesville, WI 53546 Alfred Lembrich 541 Miller Avenue Janesville, WI 53548

ML22347A214 NRR-106 OFFICE NRR/DANU/PM NRR/DANU/BC NRR/DANU/PM NAME MBalazik JBorromeo MBalazik DATE 1/4/2023 1/4/2023 1/4/2023

Enclosure OFFICE OF NUCLEAR REACTOR REGULATION REGULATORY AUDIT REPORT REGARDING CHAPTER 7, INSTRUMENTATION AND CONTROL SYSTEMS OPERATING LICENSE APPLICATION SHINE MEDICAL TECHNOLOGIES, LLC DOCKET NO. 50-608 Location:

Virtual (audit activities of supporting documentation were also conducted via the electronic reading room)

Dates:

Session 1:

February 15, 2022, from 4:00pm to 5:00pm February 23, 2022, from 3:00pm to 3:30pm February 25, 2022, from 12:30pm to 1:30pm Session 2:

March 28, 2022, from 1:00pm to 3:00pm March 30, 2022, from 3:00pm to 5:00pm Session 3:

April 7, 2022, from 2:30pm to 4:30pm Session 4:

April 21, 2022, from 1:30pm to 2:30pm Session 5:

July 13, 2022, from 1:30pm to 2:30pm July 14, 2022, from 1:00pm to 2:00pm Audit Team Members:

Michael Balazik, U.S. Nuclear Regulatory Commission (NRC)

Duane Hardesty, NRC Dinesh Taneja, NRC Norbert Carte, NRC Michael Waters, NRC Jesse Seymour, NRC Elijah Dickson, NRC Licensee Representatives:

Jeff Bartelme, SHINE Medical Technologies, LLC (SHINE), et al

Background

By letter dated July 17, 2019, (Agencywide Documents Access and Management System (ADAMS) Accession No. ML19211C044), SHINE submitted its application for an operating license. This report summarizes the regulatory audit conducted by staff of the U.S. Nuclear Regulatory Commission (NRC) in multiple sessions from February through July 2022, and provides a closure path for each of the identified open technical items.

This audit was conducted in connection with the NRC staffs review of the application. The audit report does not make any licensing conclusions or findings, but it is part of the administrative record of the NRC staffs review of the application and may provide information supporting the NRC staffs safety evaluation. Unless otherwise noted in the enclosed report, the audit followed the plans provided by letters dated:

Session 1, February 15, 2022 (ADAMS Accession No. ML22042A018),

Session 2, March 23, 2022 (ADAMS Accession No. ML22075A331),

Session 3, April 6, 2022 (ADAMS Accession No. ML22095A067),

Session 4, April 18, 2022 (ADAMS Accession No. ML22101A116), and

Session 5, July 11, 2022 (ADAMS Accession No. ML22165A210).

Regulatory Bases for the Audit The purpose of the audit was to close technical gaps identified during the review of chapter 7, as communicated periodically to SHINE in a Chapter 7 status tracker. The licensees proposed instrumentation and control systems is being reviewed in accordance with the applicable regulatory requirements of Title 10 of the Code of Federal Regulations Part 50, Domestic Licensing of Production and Utilization Facilities, and applicable guidance provided in NUREG-1537, Guidelines for Preparing and Reviewing Applications for the Licensing of Non-Power Reactors, Part 1, Format and Content, and Part 2, Standard Review Plan and Acceptance Criteria (ADAMS Accession Nos. ML042430055 and ML042430048, respectively).

Audit Activities The following activities were performed during the audit:

1.

Entrance Meeting At the entrance meetings for each session, the NRC staff explained the scope and desired outcomes for the audit. The NRC staff stated that after completion of the audit, an audit report will be prepared and sent to SHINE.

2.

Review of Audit Topics and Questions This audit was held to: (1) gain a better understanding of information underlying the application in the area of instrumentation and control systems, (2) identify specific information that will require docketing to support the basis of the licensing or regulatory decision; and (3) close open technical items or identify a closure path in the Audit Topics and Questions section of the audit plans. Closure paths for the major Audit Topics and Questions provided in the audit plan are noted in the attachment of this enclosure for the target solution vessel reactivity protection system (TRPS), and engineered safety feature actuation system (ESFAS), and Audit Session 5 for the process integrated control system (PICS).

The audit addressed updates to the SHINE final safety analysis report (FSAR) and associated responses to requests for additional information (RAIs) on the highly integrated protection system (HIPS), TRPS, ESFAS, neutron flux detection system (NFDS), and the PICS. Consistent with the regulatory basis specified in the system RAIs, this information will supplement the licensing review to understand and confirm how the respective systems: (1) will perform its safety function including after a single failure and meeting requirements for environmental qualification, redundancy, diversity, and independence; (2) will have surveillance tests and intervals that give confidence that the equipment will reliably perform its safety function; and (3) has appropriate digital hardware and software verification and validation programs to provide confidence in design quality.

As discussed in the audit plan, the NRC staff conducted document reviews using the electronic reading room as part of the audit. The NRC staff provided a list of the documents to be reviewed in its audit plans. The NRC staff did not review any additional documents in the electronic reading room beyond those listed.

3.

Key Technical Issues TRPS and ESFAS HIPS Design and Application Specific Action Items (ASAIs)

As outlined in the attachment, open technical items related to the HIPS design and disposition of the HIPS topical report (TR) ASAIs have been adequately addressed and applicable portions of the SHINE FSAR have been updated. Specifically, resolution of open technical items 7.2.5-01, HWM testing, 7.2.5-02, self-testing capabilities and limitations, 7.2.5-03, Active and Fault LED Colors," 7.2.5-04, admin controls in TS for 1oo2 voting functions, and 7.4.2-06, single failure criteria for 1oo1 logic functions resulted in updates to applicable portions of SHINE FSAR, SHINE Technical Specifications (TS), and docketed RAI responses.

Diversity and Independence For diversity design attributes of the HIPS platform that implements TRPS and ESFAS functions, the NRC staff audited SHINE technical report, TECRPT-2019-0041, Revision 3, Diversity and Defense-in-Depth Assessment of TRPS and ESFAS to evaluate performance of safety functions in the presence of a digital CCF. This technical report documents a diversity and defense-in-depth (D3) assessment of the TRPS and ESFAS to identify potential vulnerabilities to digital CCFs and provides basis for acceptability of the consequences of potential digital CCFs. Since the NRC staff relied on this SHINE technical report for the safety evaluation, SHINE was asked to docket this report.

In response to RAI 7-10, the applicant stated that the results of isolation testing of HIPS platform equipment, consistent with the guidelines of Regulatory Guide (RG )1.75, Rev. 3, Criteria for Independence of Electrical Safety Systems, is provided in the HIPS platform Electromagnetic Interference (EMI)/Radio Frequency Interference (RFI) and isolation test report request for confirmatory information (RCI) 942-1000-61001, Revision 0, EMC and Isolation Qualification Report for HIPS Platform EQTS. The NRC staff audited this test report and found in Section 4 of this report that isolation testing of the HIPS modules meets the requirements as specified in section 4.6.4 of Electric Power Research Institute TR-107330, Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants, dated December 1996, which in turns references Institute of Electrical and Electronics Engineers (IEEE) 384-1981, IEEE Standard Criteria for Independence of Class 1E Equipment and Circuits.

Analytical Limits and Setpoints The safety limits of the SHINE facility are documented in TS section 2.1, Safety Limits. The limiting safety system settings (LSSS) and lowest functional capability or performance levels of equipment are in the TS limiting conditions of operation (LCOs). The limiting process parameter value assumed in the analysis, where an automatic protective action is initiated, is generally called the Analytic Limit (AL). FSAR Chapter 13 analyses provide justification for the adequacy of the analytical limit (AL) for protecting the safety limit. SHINE FSAR setpoint chapters describe that the LSSS values in the TS LCO are chosen to be more conservative than the AL by at least the amount associated with uncertainties in the process measurements. Generally, SHINE FSAR section 7.4.4.1, Monitored Variables and Response, includes a subsection for each TRPS-variable monitored, and each of these subsections identifies the SHINE FSAR chapter 13 subsection(s) and scenario(s) that credit(s) that particular monitored variable for performing a target solution preparation system (TSPS) safety function. Furthermore, FSAR table 7.4-1 includes the analytical limit(s) for each variable monitored. Based on this description the NRC staff finds that the SHINE FSAR provides safety analytical limits for which the TRPS is designed to protect. The audit viewed a small subset of the underlying calculations to confirm consistency with the FSAR.

Safety Actuation and Response Times The implementation of a safety function requires that certain protective actions are achieved within a particular time period. To support this need, certain response times should be included in the SHINE FSAR. The audit of the calculations supporting Chapter 13 allowed the NRC staff to conclude the overall response time is adequate to ensure target solution limits are not exceeded as a result of transients and accidents.

Equipment Qualification The HIPS TR does not include environmental qualification of the HIPS platform. SHINE Design Criterion 16 states, in part, the protection systems are designed to ensure that the effects of natural phenomena, and of normal operating, maintenance, testing, and postulated accident conditions on redundant channels, do not result in loss of the protection function or are demonstrated to be acceptable on some other defined basis. To comply with the SHINE Design Criterion 16, the HIPS equipment for the TRPS and ESFAS is required to be qualified for the postulated environmental conditions. In response to RAI 7-16 (ML21239A049), the applicant provided additional information on HIPS equipment qualification and proposed changes to SHINE FSAR sections 7.4.2.2.11, 7.4.3.5, 7.4.3.6, 7.5.2.2.11, 7.5.3.4, and 7.5.3.5. The specific qualification reports supporting these FSAR statement were placed in the electronic reading room and were sampled as part of the audit.

PICS Based on a review of the FSAR, the NRC staff concludes that: (1) PICS does not include functions intended to prevent accidents, (2) PICS cannot prevent the proper operation of the TRPS and ESFAS, and (3) PICS does not control or mitigate the consequences of accidents.

The audit of PICS was focused on the topics listed below and confirming the applicant addressed in the conceptual design of PICS.

The NRC also discussed the flowing topics.

(a) Considerations of Process Hazards Analysis (PHA) and SHINE Safety Analysis (SSA) and Impacts on the ESFAS and TRPS The NRC staff understands the information provided in the electronic reading room related to the method of considering failures in the PICS system and how they were considered in the safety of the facility. Please provide the following additional information to support the NRC staffs review of the PICS system and its impact on the safety analyses and safety systems:

The NRC staff understands that the PHA methods ignore the cause of the process deviations and primarily focus on the consequences and detection of those deviations.

The NRC staff also understands that a PICS failure that causes a single process deviation could be accounted for in the PHA. Describe if a PICS failure could cause multiple process deviations and, if so, how they were addressed or dispositioned in the PHA methods.

The NRC staff understands the assessment SHINE is using to determine whether PICS could indirectly affect the ability of TRPS and ESFAS to perform safety functions, as described in the electronic reading room information. To ensure the PICS is designed to achieve the requirements resulting from the assessment, describe the architecture, key design features, and attributes of the PICS system controls and communication interfaces with vendor-provided control systems to reasonably prevent multiple PICS-controlled component failure or PICS failures modes and challenge a safety system.

Clarify how the safe state for loss power is assessed and identified for the PICS controlled components, as described FSAR section 7.3.2.2.3.

Specify, if any PICS interlocks or permissives are assumed or relied upon in the PHA and SSA to prevent or reduce the consequences of the event. If so, describe if they can be bypassed and under what conditions so the NRC staff can confirm a bypass condition does not need to be considered in the analyses.

(b) Architectural Design Information/Features/Attributes Section 7.3 describes what the PICS monitors and controls; however, the NRC staff could not identify information on the electronic components/software, design features, and configurations (e.g., network and communication features) in enough detail to make finding for SHINE Design Criterion 13. Specifically, the NRC staff needs information to show how PICS monitors and integrates various process variables and system statuses, and how PICS integrates multiple systems controls to routinely maintain the plant within credited normal operating conditions in the FSAR.

Provide a summary of the high-level PICS electronic architecture that shows how the PICS provides appropriate controls to maintain variables and systems within prescribed operating ranges as described in SHINE Design Criterion 13.

This description may be able to rely upon functional design requirements and high-level summary of the configuration and potential design attributes/features (e.g., redundant servers, network segmentation, and communication with skid-mounted control systems) that contribute to normal condition function of providing appropriate controls.

Describe how PICS maintains key processes and variables within the prescribed operating ranges when PICS operation is to transfer control among the PICS workstations, the supervisor workstation, and PICS local control stations.

(c) PICS Design Development Section 7.3.2.2 of the FSAR states that PICS is developed under a structured process commensurate with the risk associated with its failure or malfunction, as described in Section 7.3.3.4. Section 7.3.3.3 of the FSAR does not describe the risk associated with the failure of a PICS controlled component.

Provide a summary of how SHINE ensures design iterations of PICS remains bounded by the events described in FSAR Chapter 13, Accident Analysis.

4.

Exit Briefing Exit briefings were held at the conclusion of each session. During these exit briefings, the audit team restated the purpose of the meeting, summarized the open technical items, recapped the closure paths of the audit items, and highlighted areas where additional information may be warranted. It was noted that during the audit, SHINE had stated that it would provide supplemental information on the docket to address additional information needs identified by the NRC staff.

The NRC staff stated that based on SHINE providing this supplemental information to address information needs identified by the NRC staff, the NRC staff considers the open technical items provided in the audit plan closed. However, the NRC staff noted that it is still continuing its review of the SHINE operating license application, including the supplemental information, and that additional audits may be necessary. No disagreements with the audit summary were noted by the licensee during the exit briefing.

REFERENCES During the regulatory audit of chapter 7, Instrumentation and Control Systems, the following vendor documents were audited for addressing the audit topics:

Document Number Title DCD-ESFAS-0001 Engineered Safety Features Actuation System (SHINE Company Confidential)

TECRPT-2018-0035 Engineered Safety Features Actuation System Functional Requirement Specification (ECI and SHINE Company Confidential)

TECRPT-2020-0002 Engineered Safety Features Actuation System Design Description (ECI)

SMT-016-1000-10010 TRPS and ESFAS System Requirement Specification (Rock Creek Confidential/Proprietary)

SMT-016-1000-10021 ESFAS System Design Specification (Rock Creek Confidential/Proprietary)

DCD-TRPS-0001 Target Solution Vessel Reactivity Protection System Design Criteria Document (SHINE Company Confidential)

TECRPT-2018-0034 Target Solution Vessel Reactivity Protection System Functional Requirements (ECI and SHINE Company Confidential)

TECRPT-2019-0048 TRPS System Design Description (ECI)

TECRPT-2019-0041 Diversity and Defense-in-Depth Assessment of TRPS and ESFAS SMT-016-1000-10010 TRPS and ESFAS System Requirement Specification (Rock Creek Confidential/Proprietary)

SMT-016-1000-10020 TRPS System Design Specification (Rock Creek Confidential/Proprietary)

SMT20A-FS-001 Rev. 0 System Architecture Functional Specification SHINE Process Integrated Control System TECRPT-2022-0033 Rev.0 Evaluation of Indirect Safety Impacts of Multiple PICS Failures CALC-2019-0004 Instrument Uncertainty Calculation - TSV Off Gas System Flow CALC-2014-0022 Peak Hydrogen Concentration Following TOGS Blower Failure CALC-2020-0010 Instrument Uncertainty Calculation - NFDS Power Range CALC-2018-0035 Target Solution Vessel Fill System Design CALC-2018-0046 Target Solution Vessel (TSV) Thermal Hydraulics CALC-2019-0045 Instrument Uncertainty Calculation - MEPS Heating Loop Extraction Area A/B/C Radiation Monitoring DWG ESFAS 0002 Engineered Safety Features Actuation System Logic Diagrams DWG TRPS 0002 Target Solution Vessel Reactivity Protection System Logic Diagrams RCI-942-1000-61001 EMC and Isolation Qualification Report for HIPS Platform EQTS SHINE Response Notes to PICS Audit Questions (July 13 and 14, 2022 Audit Interactions)

Summary of PICS Failure Considerations on Safety Systems