Text

Presentation - April 4, 2023 Licensing Review Framework for Advanced Reactors I&C Workshop 2
	ML23094A056
Person / Time
Issue date:	04/04/2023
From:	; Office of Nuclear Reactor Regulation
To:	;
References
	Download: ML23094A056 (1)
	v • d • e

Licensing Review Framework for Advanced Reactors Instrumentation and Controls (I&C)

Workshop 2 April 4, 2023 1 of 54

Introduction and Requests for Workshops on I&C Licensing Framework for Advanced Reactors

Final I&C Design Review Guide (DRG) issued in February 2021 (ML21011A140) for I&C design reviews by NRC staff

NRC staff reviews / pre-application engagements underway for a variety of potential LWR and non-LWR I&C designs

NRC staff engaged by industry interested in the background and details on the DRGand relationship to NEI documents

No regulatory decisions will be made in these workshops 2 of 54

Workshop 2 Agenda

Overview of Workshop 1 and Follow-up Questions on Non-Safety-Related Special Treatment (NSRST) Structure, System, and Component (SSC) Classification

Discussion of Alternate Frameworks

NRC Staff Perspectives on Design Basis Accident (DBA)

Analysis Described in the Licensing Modernization Project (LMP) 3 of 54

Workshop #2 Advanced Reactor Digital I&C Licensing April 4, 2023 4 of 54

Follow-Up Question - Non-Safety-Related Special Treatment (NSRST)

Question 1: How does the NSRST categorization compare to previously used categorizations such as Regulatory Treatment of Non-Safety Systems (RTNSS) and Risk-Informed Safety Class 2 (RISC-2) which also describe supplemental requirements for non-safety-related SSCs that perform safety significant functions?

5 of 54

Alternate Frameworks 6 of 54

General Atomics Electromagnetic Systems An Introduction to the Functional Safety:

Application of Functional Safety (Risk-Informed Performance-Based 02/23/2023 Approach) in Advanced Nuclear Reactor ARC-20 FMR Presented to: NRC/NEI DI&C Industry Working Group Prepared By:

Mohammad Alavi, P.E., FS Eng (TÜV Rheinland)

Nuclear I&C and Functional Safety Lead Nuclear Reactor Design and Analysis GA-EMS NTM Division 1

7 of 54

Agenda

Generic Introduction to Functional Safety

Application of Functional Safety (RIPB Approach) in Nuclear

Example of Functional Safety Implementation in General Atomics ARC-20 FMR 2

8 of 54

Introduction

What is Functional Safety?

Definition of Safety: Freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment.

Functional Safety: FS is part of the overall safety of a system or piece of equipment that looks at the aspects of safety that relates to the function of a device or system and depends on automatic protection operating correctly and predictably in response to its inputs or failures.

In other word, Functional Safety is, Systems that lead to the freedom from unacceptable risk of physical injury or damage to the health of people either directly or indirectly by the proper implementation of one or more automatic protection functions (often called safety functions).

The automatic protection system must be able to properly handle likely human errors, systematic errors, hardware/software failures and operational/environmental stress.

3 9 of 54

Risk Reduction and Graded Approach

Functional Safety is a risk-informed and performance-

Risk Evaluation and Functional Safety based approach to address safety with implementation of automated protection functions. Probabilistic methods When it comes to the risk evaluation, functional are used in assessment, design, and evaluation. safety is all about risk reduction to a level lower than tolerable risk.

Probability of exposure to a So, risk assessment and hazard analysis is an essential situation where accident can potentially happen. part of functional safety life cycle.

Risk Reduction external to the system Functional Safety views on risks:

o Zero risk can never be reached, only probabilities can be reduced o Non-tolerable risks must be reduced (ALARA*)

o Optimal, cost-effective safety is achieved when addressed in the entire safety lifecycle

ALARA: As Low As Reasonably Achievable 4

10 of 54

Tolerable Risk Level

How to Achieve to Tolerable Risk Level o No defense layer is fault free no matter how high its reliability is. Tolerable Inherent Risk of Residual Risk Equipment Under Control o Credible and independent layers of Risk Level (Unacceptable Risk) protection are needed to overcome random failures, systematic failures, human errors, and common cause Necessary Risk Reduction Increasing Risk failures.

o Protection layers reduce the Actual Risk Reduction by All Safeguards probability of incident, and/or reduce the severity of possible incident. Partial Risk Reduction Provided by Partial Risk Reduction by Partial Risk Reduction by NonInstrumented and Other o Reliability of each protection layer is Automated Instrumented Functions Inherent Safe Design SafetyRelated Methods determined by probabilistic methods. Risk Reduction Gap to be Filled Total Risk Reduction Achieved by All Independent SafetyRelated Systems and Defense Layers 5

11 of 54

Attributes of Risk Reduction Layers

Defense layers must have at least four key characteristics (S A I D) to be eligible and credible as a protection layer:

o Specific Protection layer must be designed solely to prevent or mitigate the consequences of one potentially hazardous event. Multiple causes may lead to the same hazardous event. The action of one protection layer is necessary.

o Auditable Protection layer must be designed in a way that to permit validation of function and probability of failure on demand (PFD), including drill for human error and systematic failure, in a regular periodic manner. This is the ability to inspect information, documents, procedures, etc. to demonstrate the adequacy of protection and adherence to the requirements.

o Independent The performance of protection layer should not be degraded or affected by the initiating cause of failure nor is it influenced by the failure of other protection layers. This is mainly for common cause failures.

o Dependable and Reliable This is the probability that the protection layer will operate accurately toward the intended event under stated conditions for a specific time period. The protection layer must be dependable and have a reliability higher than reliability target for preventing or mitigating the hazard scenario.

6 12 of 54

Regulatory Framework

Major Regulations and Codes Governing Functional Safety Military Aerospace Aviation

MILSTD882 - System Safety

DO178 - Software 10CFR50, 10CFR52 - Nuclear Regulatory Commission

DO254 - Hardware 29CFR1910 - OSHA Process Safety Management RG1.233 - Risk-Informed Performance-Based Methodology for Non-LWR NUREG/KM-0009 - Observation of Defense-in-Depth NRC DRG - I&C for Non-Light-Water Reactors (TBD)

NEI 18 Risk-Informed Performance-Based Guide for AR DOE-STD-1189 - Integration of Safety into Design Process DOE-STD-1195 - Safety Instrumented Systems DOE-STD-3009 - Safety Analysis DOE-STD-1628 - PRA for Nuclear Safety Applications IAEA SSR-2/1 - Safety of Nuclear Power Plants MIL-STD-882E - System Safety 7

13 of 54

Principles of Functional Safety

There are two fundamental principles:

o An engineering process called the Safety Lifecycle is defined to discover and eliminate design errors and omissions.

o A probabilistic failure approach to account for the safety impact of device failures.

The safety life cycle are divided and grouped into three categories:

o Phases to address analysis o Phases to address realization o Phases to address operation

Concepts of probabilistic risk for each safety function:

o The risk is a function of frequency (or likelihood) and consequence severity of each hazardous event.

o The risk is reduced to a tolerable level by applying protection functions.

8 14 of 54

Safety Life Cycle

Safety Lifecycle: Management Safety Hazard and Risk Assessment (Clause 8)

Verification of Functional Lifecycle of Each o Overall Process and Functional Safety Safety & Structure and Phase of Functional Planning Activity Management Safety Allocation of Safety Functions to Protection Layers (Clause 9) o Hardware Architecture and Design Assessment &

Auditing Functional Safety o Software Development Lifecycle Safety Requirement Assessment 1 Specification Design and (Clause 10) Development of Functional Functional Safety other Means of Safety Management Risk Reduction Assessment 2 System (Clause 9)

Design and Engineering (Clauses 11, 12) Functional Safety Assessment 3 Installation, Commissioning and Validation Project-specific (Clauses 13, 14, 15)

Functional Safety Functional Verification Plan with Safety Defined Role and Operation and Maintenance Assessment 4 Responsibilities (Clause 16)

Functional Modification Safety (Clause 17) Assessment 5 (Clauses 7, Decommissioning (Clause 5) (Clause 6.2) 12.5)

(Clause 18)

Software Systematic Development Lifecycle (V-Model) Overall Safety Lifecycle (ref. IEC 61508, 61511)

(ref. IEC 61508) 9 15 of 54

Nuclear Application

Nuclear Reference o NUREG/KM-0009, NEI 18-04

F-C Target o Decreasing risk significance to a margin below F-C curve

Defense-in-Depth Framework o Multiple layers of defense o Independent layers of defense o Physical and functional independence o Separation from initiating

Protective measures for each layer of defense to ensure its cause of incident functionality and reliability (examples):

o Number of defendant layers o Design, operational, and programmatic features based on the level of hazard o Redundancy, and diversity considerations and F-C target o Address common cause failure o Layer of defense to provide o Fail safe design prevention and mitigation o Single point of failure vulnerability criterion, etc.

10 16 of 54

ARC-20 FMR Layer of Defense Model

1st Group - Inherent Safety into Design: EMERGENCY RESPONSES o Negative Reactivity Temperature Coefficient (EXTERNAL EMERGENCY RESPONSE)

EMERGENCY RESPONSES o Passive Cooling System (RVCS) (PLANT EMERGENCY RESPONSE AND POST ACCIDENT MONITORING SYSTEM)

PHYSICAL BARRIER (CONTAINMENT SYSTEM)

2nd Group - Automated Systems: MITIGATION PHYSICAL BARRIER PASSIVE (PRESSURE VESSEL BOUNDARIES) o Nuclear and Plant Control (PCDIS) SAFEGUARDS PHYSICAL BARRIER (ATF FUEL CLADDING) SAFEGUARDS o Alarm System (Control Room and Operator Actions, PMS) MECHANICAL DEVICES (RELIEF VALVES TBD) o Instrumented Protection Systems (RPS, PPS) INSTRUMENTED PROTECTION SYSTEMS PREVENTIVE (RPS, PPS)

ALARMS ACTIVE (CONTROL ROOM MANUAL ACTIONS)

3rd Group - Mechanical Devices SAFEGUARDS NUCLEAR AND PLANT CONTROL SAFEGUARDS o Relief Valves (TBD) (PCDIS)

INHERENT SAFETY (PASSIVE COOLING RVCS)

4th Group - Physical Barriers INHERENT SAFETY (NEGATIVE TEMP COEFFICIENT) o ATF Cladding REACTOR SYSTEM o Vessel and Pressure Boundaries o Containment System DefenseinDepth Framework (Independent Layers of Defense**)

5 Group - Mitigation and Emergency Response th

- Only those defense layers can be credited for risk reduction that are independent o Post Accident Monitoring System (PAMS) from initiation cause of incident and other defense layers for that specific hazard o Emergency Response scenario.

11 17 of 54

BACK-UP SLIDES 12 18 of 54

Introduction

Why Is Functional Safety Important?

Complex technology is an integral part of our life, and day to day activities as well as industries. The all-encompassing objective of functional safety is to prevent risk to human lives caused either directly or indirectly from the operation of these systems. This includes preventing risk caused by damage to equipment, property, or the environment.

Functional safety is becoming more important as the types of controls and hardware being used are increasingly more complex. Software is also increasingly used in safety-critical applications and industrial plants including nuclear. Thus, these complex hardware and software need to be safe, secure, and reliable.

The critical factor at play is the appropriate and correct implementation of protection functions known as safety functions.

13 19 of 54

Functional Safety Scope

What Is Scope of Functional Safety The scope of functional safety is end-to-end, in that it must treat any function of a component or subsystem as part of the operation of the entire systems automatic protection function.

Thus, although the standards for functional safety are generally focus on electrical, electronics (hardware and software), and programmable systems, in practice functional safety methods must extend to the nonelectrical, nonelectronic, and non-programmable components of the entire system.

Functional Safety is a risk-informed and performance-based approach to address safety and implement the automated protection functions. Probabilistic methods are used in assessment, design, and evaluation.

14 20 of 54

When to Implement

When to Implement Functional Safety Plan It is best practice to plan and implement functional safety very early in design stages. This will allow the design teams to develop robust plans that include functional safety milestones - catching any failings as they occur in real-time will save time and money instead of retroactively addressing issues.

15 21 of 54

Regulatory Framework and Industry Standards 29CFR1910 10CFR50/52 OSHA NRC More requirements and less design Harmonization instruction as move IAEA RG DOE STD ISG NUREG SECY to upper levels.

NEI Less requirements and more design instructions as move down.

EPRI, ANS, IEC* IEEE ISA and OTHERS 16 22 of 54

IEC 61508 - Global Industry Standard

IEC 61508 is a basic functional safety standard as a global standard applicable to all industries.

Military Aerospace Aviation

The concept and framework is flow down to a

MILSTD882 - System Safety

DO178 - Software

DO254 - Hardware lower-level standards specific to each industry.

System safety principles underpinning functional safety were initially developed in the military, nuclear and aerospace industries, and then taken up by rail transport, process and control industries developing sector specific standards.

History of evolving functional safety concept:

1969 1980 1996 1998 MIL-STD-882 IEEE 603 ISA 84 IEC 61508 Military Nuclear Process Global for all Automated Protection Systems 17 23 of 54

Principles of Functional Safety

Functional safety standards are applied across all industry sectors dealing with safety critical requirements and are especially applicable anytime software commands and/or E/EE/PES controls or monitors a safety function.

Functional safety standards consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems.

The Functional safety focus is on ensuring safety critical functions and functional threads in the system, subsystem and software are analyzed and verified for correct behavior per safety requirements, including functional failure conditions, faults, and appropriate mitigation in the design.

Functional safety is becoming the normal focused approach on complex software intensive systems and highly integrated systems with safety consequences.

The fundamental concept is that any safety-related system must work correctly or fail in a predictable (safe) way.

18 24 of 54

Nuclear Application (ARC-20 FMR)

Nuclear Safety Defense-in-Depth Principle o Combination of physical barriers and functional barriers o Active safeguards for prevention o Passive safeguards for mitigation o Instrumented and non-instrumented layers o Five groups of independent layers of defense

Automated Layers of Defense:

o Nuclear plant control o Alarm systems and operator actions o Instrumented protection systems

Non-Instrumented Layers of Defense o Inherent safe design, and passive cooling system o Physical barriers 19 25 of 54

FMR Pre-Application Regulatory Engagement Plan

Digital I&C licensing pre-application is not specifically planned as part of FMR phase 1 activities; however, DI&C and functional safety engagement with overall FMR pre-application process will begin mid 2023.

2022/Q1 2023/Q1 GA-EMS FMR Principal Fuel Conceptual Design Licensing QA Qualification of GA-EMS FMR Design Strategy Criteria program Plan 2023/Q2 2023/Q4 2024/Q2 NRC Feedback/

Source Term LBE/ Safety Safety PRA Strategy Document Calculation Analysis Plan Classification Revision Functional Safety Engagement

Reference:

C. Fu, H. Choi, and J. Bolin, The Fast Modular Reactor (FMR) Pre-application Regulatory Engagement Plan, Tran. Am. Nucl. Soc. 125, 794-796 (2021 ANS Winter Meeting).

20 26 of 54

BWRX-300 Topics for Discussion Licensing Modernization Process NEI 18-04 I&C Design Risk-Informed Performance- NEI 21-07 NRC Design Review Architecture Based Methodology Functions Safety Analysis Report Guide (Event Selection, Classification, Content I&C Reviews Special Treatment and Defense-in-Depth)

Safety Strategy Deterministic Methodology I&C Design NRC Design Review Architecture Safety Analysis Report with Risk Insights Guide Functions Optimized Alternative (Defense Lines, Classification, Event Identification, and Design Rules Format I&C Reviews Analysis Methods BWRX-300 28 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 2

BWRX-300 Safety Strategy - Lines of Defense Defense Lines from BWRX-300 Safety Strategy form basis for I&C architecture and PSAR Content 29 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 3

BWRX-300 Safety Strategy - Classification for I&C

Defense Line 3 primary safety functions are implemented in Safety Class 1 equipment

Defense Line 4a primary safety functions are implemented in at least Safety Class 2 equipment

Defense Line 2 primary safety function are implemented in at least Safety Class 3 equipment

Defense Line 4b function are implemented in Safety Class 3 equipment 30 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 4

BWRX-300 Safety Strategy - Analysis Methodology Hazard Evaluations

Perform hazard evaluation Functional Failure Hazard Evaluation External Hazard Evaluation Internal Hazard Evaluation Human Operation Hazard Evaluation to define initiating events

Determine limiting sequences Fault Evaluation Severe Probabilistic Safety Analyses Complex

Categorize events based on Accident Deterministic PIE Selection Sequence Sequence Level 1 PSA Selection Selection probability (risk insights) Level 2 PSA

Perform deterministic PIE and Plant PIE and Severe PIE List for Sequence Damage Sequence List Accident BL-DBA List for States List for EX-DBA Analysis CN-DBA analyses for SAA

Define Defense Line Baseline Conservative Extended Functions Deterministic Safety Analysis Deterministic Safety Analysis Deterministic Safety Analysis Deterministic Safety Analyses 31 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 5

NRC I&C Design Review Guide

DRG was well received by ACRS, and they commented it had a more universal applicability for I&C system reviews than the limitation to non-LWR reviews

DRG allows use of either domestic standards (e.g., IEEE) or international standards (e.g., IEC)

DRG framework aligns with BWRX-300 design philosophy for plant safety based on IAEA lines of defense and use of international standards for I&C systems 34 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 8

NRC I&C Design Review Guide Alignment with SAR Alternate SAR Format and Content Optimized to Address Design Review Guide Flow and Topics 35 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 9

Insights

IEC standards used, as allowed by the DRG, and directly align with BWRX-300 defense line classifications

IEC standards support I&C architecture and system development process in an integrated manner that also aligns with DRG information flow

Alternate SAR Format is used to align with DRG information flow and content

BWRX-300 Safety Strategy framework requires some alternative Preliminary Design Criteria to align with BWRX-300 Defense Lines 36 of 54 Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 10

Alternate Framework Discussions Some advanced reactor vendors are planning on using alternate frameworks for licensing basis event selection and SSC classification The following presentations are intended to communicate examples of how these processes impact digital I&C Any discussion of the use of alternate frameworks is intended to address generic issues on the impact of alternate frameworks on digital I&C licensing decisions 38 of 54

Questions - Alternative Frameworks In determining I&C design criteria required to prevent or mitigate the effects of Anticipated Operational Occurrences, SRP Chapter 15 Section I.4 states:

The reviewer ensures that the application lists the settings of all the protection and safety systems functions that are used (i.e., credited) in the safety evaluation. Typical protection and safety systems functions include reactor trips, isolation valve closures, ECCS initiation and ECCS. In evaluations of AOOs and postulated accidents, the performance of each credited protection or safety system is required to include the effects of the most limiting single active failure. [emphasis added]

NEI 18-04 Table 3-1 states:

AOOs take into account the expected response of all SSCs within the plant, regardless of safety classification. [emphasis added]

39 of 54

Questions - Alternative Frameworks Historically, there has been a perception that an applicant needs a safety-related system, instead of a set of anticipatory and/or non-safety SSCs, in order to meet AOO acceptance criteria.

Question 1: If a vendor proposes to use an alternative framework, can that vendor credit the expected response of all SSCs within the plant (e.g., other than safety-related instrumentation and controls), regardless of safety classification?

40 of 54

Questions - Alternative Frameworks Question 2: If the vendor is able to credit the expected response of all SSCs within the plant, this will impact the selection and wording of Principal Design Criteria. Are there any specific considerations that vendors should be aware of when applying this concept?

For example, 10 CFR 50, Appendix A GDC 20 states:

Protection system functions. The protection system shall be designed (1) to initiate automatically the operation of appropriate systems including the reactivity control systems, to assure that specified acceptable fuel design limits are not exceeded as a result of anticipated operational occurrences and (2) to sense accident conditions and to initiate the operation of systems and components important to safety.

The highlighted words may be defined and executed differently in different frameworks.

41 of 54

Open Discussion 42 of 54

Perspectives on Design Basis Accident (DBA)

Analysis Described in the Licensing Modernization Project (LMP) 1 43 of 54

LMP: EVENT SELECTION; F-C CURVE

LBEs are defined by event sequence families from design specific Probabilistic Risk Assessment (PRA)

Purpose is to evaluate risk significance of individual LBEs and SSCs and to help define the required safety functions (RSFs); not a regulatory acceptance criterion

Derived from the NGNP F-C Target and frequency bins for event categories

F-C Target anchor points based on:

- 10 CFR 20 annual dose limits used to define iso-risk contour in AOO region

- Avoidance of offsite protective actions for lower frequency AOOs

- 10 CFR 50.34 dose limit for lowest frequency DBEs

- Consequences based on 30day TEDE dose at EAB

- EAB dose target for BDBEs related to NRC safety goal for limiting possibility of 2 prompt fatality 44 of 54

LMP: EVENT SELECTION & ANALYSIS Anticipated Operational Occurrences (AOOs)

Anticipated event sequences expected to occur one or more times during the life of a nuclear power plant, which may include one or more reactor modules. Event sequences with mean frequencies of 1x10-2/plant-year and greater are classified as AOOs. AOOs take into account the expected response of all SSCs within the plant, regardless of safety classification.

3 45 of 54

LMP: EVENT SELECTION & ANALYSIS Design Basis Events (DBEs)

Infrequent event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactor modules, but are less likely than AOOs. Event sequences with mean frequencies of 1x10-4/plant-year to 1x10-2/plant-year are classified as DBEs. DBEs take into account the expected response of all SSCs within the plant regardless of safety classification. 4 46 of 54

LMP: EVENT SELECTION & ANALYSIS Beyond Design Basis Events (BDBEs)

Rare event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactor modules, but are less likely than a DBE. Event sequences with mean frequencies of 5x10-7/plant-year to 1x10-4/plant-year are classified as BDBEs. BDBEs take into account the expected response of all SSCs within the plant regardless of safety classification. 5 47 of 54

LMP: REQUIRED SAFETY FUNCTIONS (RSF)

Required Safety Function: A PRA Safety Function that is required to be fulfilled to maintain the consequence of one or more DBEs or the frequency of one or more high-consequence BDBEs inside the F-C Target Provides connection to Safety-Related Classification 6

48 of 54

LMP: SAFETY-RELATED SSCS o SSCs selected by the designer from the SSCs that are available to perform the RSFs to mitigate the consequences of DBEs to within the LBE F-C Target, and to mitigate DBAs that only rely on the SR SSCs to meet the dose limits of 10 CFR 50.34 using conservative assumptions o SSCs selected by the designer and relied on to perform RSFs to prevent the frequency of BDBE with consequences greater than the 10 CFR 50.34 dose limits from increasing into the DBE region and beyond the F-C Target 7

49 of 54

LMP: DESIGN BASIS ACCIDENTS Design Basis Accidents (DBAs)

Postulated event sequences that are used to set design criteria and performance objectives for the design of Safety-Related SSCs. DBAs are derived from DBEs based on the capabilities and reliabilities of Safety-Related SSCs needed to mitigate and prevent event sequences, respectively. DBAs are derived from the DBEs by prescriptively assuming that only Safety-Related SSCs are available to mitigate postulated event sequence consequences to within the 10 CFR 50.34 dose limits.

8 50 of 54

LMP: DESIGN BASIS ACCIDENTS

A DBA is associated with each DBE that includes the required safety function (RSF) challenges.

DBAs selected based on prescriptive rules and analyzed using conservative assumptions.

In DBA analysis, RSFs are performed by Safety-Related SSCs only.

The selection of conservative assumptions to be used in the DBA analysis will be informed by the quantitative uncertainty analysis of consequences performed for the corresponding DBEs.

The application of a single failure criterion is deemed unnecessary. Replaced with reliability criterion.

Based primarily on integrated LMP methodology. Alternate approaches would need to maintain or justify not applying single failure criterion for DBAs.

NRC Regulatory Guide 1.203, Transient and Accident Analysis Methods

Additional discussion of developing appropriate evaluation models for analyzing DBAs.

9 51 of 54

Future Workshop Topics

Follow-on Questions / Discussion related to the LMP DBA Analysis

Codes and Standards

- How performance-based concepts can be applied to prescriptive requirements of endorsed codes and standards

- Applicability of IEEE 603 and related standards

- Use of international codes and standards 52 of 54

Future Workshop Topics

NRC staff review expectations

- I&C-specific Principal Design Criteria

- Fundamental I&C design principles

- I&C architecture and safety classification of I&C platforms

Content of Applications

- Clarity on applicability of Part 50/52 requirements

- Expectation for construction permit applications

- Non-power vs. power reactor applications

Use of NUREG-1537; Path forward for future power reactors 53 of 54

Questions?

For more information, contact:

Jordan.Hoellman2@nrc.gov 54 of 54

ML23094A056

Text

Reference:

Navigation menu

Search