Text

Presentation - April 4, 2023 Licensing Review Framework for Advanced Reactors I&C Workshop 2
	ML23094A056
Person / Time
Issue date:	04/04/2023
From:	; Office of Nuclear Reactor Regulation
To:	;
References
	Download: ML23094A056 (1)
	v • d • e

Licensing Review Framework for Advanced Reactors Instrumentation and Controls (I&C)

Workshop 2 April 4, 2023 1 of 54

Final I&C Design Review Guide (DRG) issued in February 2021 (ML21011A140) for I&C design reviews by NRC staff

NRC staff reviews / pre-application engagements underway for a variety of potential LWR and non-LWR I&C designs

NRC staff engaged by industry interested in the background and details on the DRGand relationship to NEI documents

No regulatory decisions will be made in these workshops Introduction and Requests for Workshops on I&C Licensing Framework for Advanced Reactors 2 of 54

Overview of Workshop 1 and Follow-up Questions on Non-Safety-Related Special Treatment (NSRST) Structure, System, and Component (SSC) Classification

Discussion of Alternate Frameworks

NRC Staff Perspectives on Design Basis Accident (DBA)

Analysis Described in the Licensing Modernization Project (LMP)

Workshop 2 Agenda 3 of 54

©2023 Nuclear Energy Institute 2 Question 1: How does the NSRST categorization compare to previously used categorizations such as Regulatory Treatment of Non-Safety Systems (RTNSS) and Risk-Informed Safety Class 2 (RISC-2) which also describe supplemental requirements for non-safety-related SSCs that perform safety significant functions?

Follow-Up Question - Non-Safety-Related Special Treatment (NSRST) 5 of 54

Alternate Frameworks 6 of 54

1 General Atomics Electromagnetic Systems An Introduction to the Functional Safety:

Application of Functional Safety (Risk-Informed Performance-Based Approach) in Advanced Nuclear Reactor ARC-20 FMR 02/23/2023 Prepared By:

Mohammad Alavi, P.E., FS Eng (TÜV Rheinland)

Nuclear I&C and Functional Safety Lead Nuclear Reactor Design and Analysis GA-EMS NTM Division Presented to: NRC/NEI DI&C Industry Working Group 7 of 54

2 Agenda Generic Introduction to Functional Safety Application of Functional Safety (RIPB Approach) in Nuclear Example of Functional Safety Implementation in General Atomics ARC-20 FMR 8 of 54

3 Introduction

What is Functional Safety?

Definition of Safety: Freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment.

Functional Safety: FS is part of the overall safety of a system or piece of equipment that looks at the aspects of safety that relates to the function of a device or system and depends on automatic protection operating correctly and predictably in response to its inputs or failures.

In other word, Functional Safety is, Systems that lead to the freedom from unacceptable risk of physical injury or damage to the health of people either directly or indirectly by the proper implementation of one or more automatic protection functions (often called safety functions).

The automatic protection system must be able to properly handle likely human errors, systematic errors, hardware/software failures and operational/environmental stress.

9 of 54

4 Risk Reduction and Graded Approach Risk Evaluation and Functional Safety When it comes to the risk evaluation, functional safety is all about risk reduction to a level lower than tolerable risk.

So, risk assessment and hazard analysis is an essential part of functional safety life cycle.

Functional Safety views on risks:

o Zero risk can never be reached, only probabilities can be reduced o

Non-tolerable risks must be reduced (ALARA*)

o Optimal, cost-effective safety is achieved when addressed in the entire safety lifecycle

ALARA: As Low As Reasonably Achievable Probability of exposure to a situation where accident can potentially happen.

Risk Reduction external to the system

Functional Safety is a risk-informed and performance-based approach to address safety with implementation of automated protection functions. Probabilistic methods are used in assessment, design, and evaluation.

10 of 54

5 Tolerable Risk Level

How to Achieve to Tolerable Risk Level o No defense layer is fault free no matter how high its reliability is.

o Credible and independent layers of protection are needed to overcome random failures, systematic failures, human errors, and common cause failures.

o Protection layers reduce the probability of incident, and/or reduce the severity of possible incident.

o Reliability of each protection layer is determined by probabilistic methods.

PartialRiskReductionby InherentSafeDesign PartialRiskReductionProvidedby AutomatedInstrumentedFunctions InherentRiskof EquipmentUnderControl (UnacceptableRisk)

ResidualRisk Tolerable RiskLevel NecessaryRiskReduction ActualRiskReductionbyAllSafeguards PartialRiskReductionby NonInstrumentedandOther SafetyRelatedMethods TotalRiskReductionAchievedbyAllIndependentSafetyRelatedSystemsandDefenseLayers Increasing Risk RiskReduction GaptobeFilled 11 of 54

6 Attributes of Risk Reduction Layers

Defense layers must have at least four key characteristics (S A I D) to be eligible and credible as a protection layer:

o Specific Protection layer must be designed solely to prevent or mitigate the consequences of one potentially hazardous event. Multiple causes may lead to the same hazardous event. The action of one protection layer is necessary.

o Auditable Protection layer must be designed in a way that to permit validation of function and probability of failure on demand (PFD), including drill for human error and systematic failure, in a regular periodic manner. This is the ability to inspect information, documents, procedures, etc. to demonstrate the adequacy of protection and adherence to the requirements.

o Independent The performance of protection layer should not be degraded or affected by the initiating cause of failure nor is it influenced by the failure of other protection layers. This is mainly for common cause failures.

o Dependable and Reliable This is the probability that the protection layer will operate accurately toward the intended event under stated conditions for a specific time period. The protection layer must be dependable and have a reliability higher than reliability target for preventing or mitigating the hazard scenario.

12 of 54

7 Regulatory Framework Aviation

DO178 - Software

DO254 - Hardware MilitaryAerospace

MILSTD882 - SystemSafety Major Regulations and Codes Governing Functional Safety 10CFR50, 10CFR52 - Nuclear Regulatory Commission 29CFR1910 - OSHA Process Safety Management RG1.233 - Risk-Informed Performance-Based Methodology for Non-LWR NUREG/KM-0009 - Observation of Defense-in-Depth NRC DRG - I&C for Non-Light-Water Reactors (TBD)

NEI 18 Risk-Informed Performance-Based Guide for AR DOE-STD-1189 - Integration of Safety into Design Process DOE-STD-1195 - Safety Instrumented Systems DOE-STD-3009 - Safety Analysis DOE-STD-1628 - PRA for Nuclear Safety Applications IAEA SSR-2/1 - Safety of Nuclear Power Plants MIL-STD-882E - System Safety 13 of 54

8 Principles of Functional Safety

There are two fundamental principles:

o An engineering process called the Safety Lifecycle is defined to discover and eliminate design errors and omissions.

o A probabilistic failure approach to account for the safety impact of device failures.

The safety life cycle are divided and grouped into three categories:

o Phases to address analysis o

Phases to address realization o

Phases to address operation

Concepts of probabilistic risk for each safety function:

o The risk is a function of frequency (or likelihood) and consequence severity of each hazardous event.

o The risk is reduced to a tolerable level by applying protection functions.

14 of 54

9 Safety Life Cycle Management of Functional Safety &

Functional Safety Assessment &

Auditing (Clause 5)

Management of Functional Safety &

Functional Safety Assessment &

Auditing (Clause 5)

Safety Lifecycle Structure and Planning (Clause 6.2)

Verification of Each Phase of Activity (Clauses 7, 12.5)

Allocation of Safety Functions to Protection Layers (Clause 9)

Safety Requirement Specification (Clause 10)

Design and Development of other Means of Risk Reduction (Clause 9)

Project-specific Functional Safety Verification Plan with Defined Role and Responsibilities Functional Safety Management System Hazard and Risk Assessment (Clause 8)

Hazard and Risk Assessment (Clause 8)

Design and Engineering (Clauses 11, 12)

Installation, Commissioning and Validation (Clauses 13, 14, 15)

Operation and Maintenance (Clause 16)

Modification (Clause 17)

Decommissioning (Clause 18)

Functional Safety Assessment 5 Functional Safety Assessment 1 Functional Safety Assessment 2 Functional Safety Assessment 3 Functional Safety Assessment 4 Overall Safety Lifecycle (ref. IEC 61508, 61511)

Software Systematic Development Lifecycle (V-Model)

(ref. IEC 61508)

Safety Lifecycle:

o Overall Process and Functional Safety Management o

Hardware Architecture and Design o

Software Development Lifecycle 15 of 54

10 Nuclear Application

Nuclear Reference o

NUREG/KM-0009, NEI 18-04

F-C Target o

Decreasing risk significance to a margin below F-C curve

Defense-in-Depth Framework o

Multiple layers of defense o

Independent layers of defense o

Physical and functional independence o

Separation from initiating cause of incident o

Number of defendant layers based on the level of hazard and F-C target o

Layer of defense to provide prevention and mitigation

Protective measures for each layer of defense to ensure its functionality and reliability (examples):

o Design, operational, and programmatic features o

Redundancy, and diversity considerations o

Address common cause failure o

Fail safe design o

Single point of failure vulnerability criterion, etc.

16 of 54

11 ARC-20 FMR Layer of Defense Model

1st Group - Inherent Safety into Design:

o Negative Reactivity Temperature Coefficient o

Passive Cooling System (RVCS)

2nd Group - Automated Systems:

o Nuclear and Plant Control (PCDIS) o Alarm System (Control Room and Operator Actions, PMS) o Instrumented Protection Systems (RPS, PPS)

3rd Group - Mechanical Devices o

Relief Valves (TBD)

4th Group - Physical Barriers o

ATF Cladding o

Vessel and Pressure Boundaries o

Containment System 5th Group - Mitigation and Emergency Response o

Post Accident Monitoring System (PAMS) o Emergency Response DefenseinDepthFramework(IndependentLayersofDefense**)

NUCLEARANDPLANTCONTROL (PCDIS)

ALARMS (CONTROLROOMMANUALACTIONS)

INSTRUMENTEDPROTECTIONSYSTEMS (RPS,PPS)

MECHANICALDEVICES (RELIEFVALVES TBD)

PHYSICALBARRIER (ATFFUELCLADDING)

PHYSICALBARRIER (PRESSUREVESSELBOUNDARIES)

PHYSICALBARRIER (CONTAINMENTSYSTEM)

EMERGENCYRESPONSES (PLANTEMERGENCYRESPONSEANDPOSTACCIDENTMONITORINGSYSTEM)

EMERGENCYRESPONSES (EXTERNALEMERGENCYRESPONSE)

REACTOR SYSTEM INHERENTSAFETY (NEGATIVETEMPCOEFFICIENT)

INHERENTSAFETY (PASSIVECOOLING RVCS)

ACTIVE SAFEGUARDS PASSIVE SAFEGUARDS MITIGATION SAFEGUARDS PREVENTIVE SAFEGUARDS

- Onlythosedefenselayerscanbecreditedforriskreductionthatareindependent frominitiationcauseofincidentandotherdefenselayersforthatspecifichazard scenario.

17 of 54

12 BACK-UP SLIDES 18 of 54

13 Introduction

Why Is Functional Safety Important?

Complex technology is an integral part of our life, and day to day activities as well as industries. The all-encompassing objective of functional safety is to prevent risk to human lives caused either directly or indirectly from the operation of these systems. This includes preventing risk caused by damage to equipment, property, or the environment.

Functional safety is becoming more important as the types of controls and hardware being used are increasingly more complex. Software is also increasingly used in safety-critical applications and industrial plants including nuclear. Thus, these complex hardware and software need to be safe, secure, and reliable.

The critical factor at play is the appropriate and correct implementation of protection functions known as safety functions.

19 of 54

14 Functional Safety Scope

What Is Scope of Functional Safety The scope of functional safety is end-to-end, in that it must treat any function of a component or subsystem as part of the operation of the entire systems automatic protection function.

Thus, although the standards for functional safety are generally focus on electrical, electronics (hardware and software), and programmable systems, in practice functional safety methods must extend to the nonelectrical, nonelectronic, and non-programmable components of the entire system.

Functional Safety is a risk-informed and performance-based approach to address safety and implement the automated protection functions. Probabilistic methods are used in assessment, design, and evaluation.

20 of 54

15 When to Implement

When to Implement Functional Safety Plan It is best practice to plan and implement functional safety very early in design stages. This will allow the design teams to develop robust plans that include functional safety milestones - catching any failings as they occur in real-time will save time and money instead of retroactively addressing issues.

21 of 54

16 Regulatory Framework and Industry Standards RG DOE STD NUREG ISG IAEA SECY 10CFR50/52 NRC NEI IEC*

ISA IEEE EPRI, ANS, and OTHERS 29CFR1910 OSHA More requirements and less design instruction as move to upper levels.

Less requirements and more design instructions as move down.

Harmonization 22 of 54

17 IEC 61508 - Global Industry Standard

IEC 61508 is a basic functional safety standard as a global standard applicable to all industries.

The concept and framework is flow down to a lower-level standards specific to each industry.

System safety principles underpinning functional safety were initially developed in the military, nuclear and aerospace industries, and then taken up by rail transport, process and control industries developing sector specific standards.

History of evolving functional safety concept:

Aviation

DO178 - Software

DO254 - Hardware MilitaryAerospace

MILSTD882 - SystemSafety 1969 1980 1996 1998 1969 1980 1996 1998 MIL-STD-882 Military IEEE 603 Nuclear ISA 84 Process IEC 61508 Global for all Automated Protection Systems 23 of 54

18 Principles of Functional Safety

Functional safety standards are applied across all industry sectors dealing with safety critical requirements and are especially applicable anytime software commands and/or E/EE/PES controls or monitors a safety function.

Functional safety standards consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems.

The Functional safety focus is on ensuring safety critical functions and functional threads in the system, subsystem and software are analyzed and verified for correct behavior per safety requirements, including functional failure conditions, faults, and appropriate mitigation in the design.

Functional safety is becoming the normal focused approach on complex software intensive systems and highly integrated systems with safety consequences.

The fundamental concept is that any safety-related system must work correctly or fail in a predictable (safe) way.

24 of 54

19 Nuclear Application (ARC-20 FMR)

Nuclear Safety Defense-in-Depth Principle o

Combination of physical barriers and functional barriers o

Active safeguards for prevention o

Passive safeguards for mitigation o

Instrumented and non-instrumented layers o

Five groups of independent layers of defense

Automated Layers of Defense:

o Nuclear plant control o

Alarm systems and operator actions o

Instrumented protection systems

Non-Instrumented Layers of Defense o

Inherent safe design, and passive cooling system o

Physical barriers 25 of 54

20 FMR Pre-Application Regulatory Engagement Plan Conceptual Design of GA-EMS FMR GA-EMS FMR Licensing Strategy Principal Design Criteria Fuel Qualification Plan QA program 2022/Q1 2023/Q1 Source Term Calculation PRA Strategy Safety Classification NRC Feedback/

Document Revision LBE/ Safety Analysis Plan 2023/Q2 2023/Q4 2024/Q2

Reference:

C. Fu, H. Choi, and J. Bolin, The Fast Modular Reactor (FMR) Pre-application Regulatory Engagement Plan, Tran. Am. Nucl. Soc. 125, 794-796 (2021 ANS Winter Meeting).

Functional Safety Engagement Functional Safety Engagement

Digital I&C licensing pre-application is not specifically planned as part of FMR phase 1 activities; however, DI&C and functional safety engagement with overall FMR pre-application process will begin mid 2023.

26 of 54

2 BWRX-300 Topics for Discussion Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved Licensing Modernization Process NEI 18-04 Risk-Informed Performance-Based Methodology (Event Selection, Classification, and Defense-in-Depth)

I&C Design Architecture Functions Special Treatment NEI 21-07 Safety Analysis Report Content NRC Design Review Guide I&C Reviews Safety Strategy Deterministic Methodology with Risk Insights (Defense Lines, Classification, Event Identification, and Analysis Methods I&C Design Architecture Functions Design Rules Safety Analysis Report Optimized Alternative Format NRC Design Review Guide I&C Reviews BWRX-300 28 of 54

3 BWRX-300 Safety Strategy - Lines of Defense Defense Lines from BWRX-300 Safety Strategy form basis for I&C architecture and PSAR Content Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 29 of 54

4 BWRX-300 Safety Strategy - Classification for I&C

Defense Line 3 primary safety functions are implemented in Safety Class 1 equipment

Defense Line 4a primary safety functions are implemented in at least Safety Class 2 equipment

Defense Line 2 primary safety function are implemented in at least Safety Class 3 equipment

5 BWRX-300 Safety Strategy - Analysis Methodology

Perform hazard evaluation to define initiating events

Determine limiting sequences

Categorize events based on probability (risk insights)

Perform deterministic analyses

Define Defense Line Functions Baseline Deterministic Safety Analysis Hazard Evaluations External Hazard Evaluation Internal Hazard Evaluation Human Operation Hazard Evaluation Functional Failure Hazard Evaluation Fault Evaluation Level 1 PSA Level 2 PSA Severe Accident Analysis PIE List for BL-DBA PIE and Sequence List for CN-DBA PIE and Sequence List for EX-DBA Plant Damage States List for SAA Deterministic PIE Selection Complex Sequence Selection Severe Accident Sequence Selection Probabilistic Safety Analyses Deterministic Safety Analyses Conservative Deterministic Safety Analysis Extended Deterministic Safety Analysis Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 31 of 54

8

DRG was well received by ACRS, and they commented it had a more universal applicability for I&C system reviews than the limitation to non-LWR reviews

DRG allows use of either domestic standards (e.g., IEEE) or international standards (e.g., IEC)

DRG framework aligns with BWRX-300 design philosophy for plant safety based on IAEA lines of defense and use of international standards for I&C systems NRC I&C Design Review Guide Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 34 of 54

9 Alternate SAR Format and Content Optimized to Address Design Review Guide Flow and Topics NRC I&C Design Review Guide Alignment with SAR Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 35 of 54

10 Insights

IEC standards used, as allowed by the DRG, and directly align with BWRX-300 defense line classifications

IEC standards support I&C architecture and system development process in an integrated manner that also aligns with DRG information flow

Alternate SAR Format is used to align with DRG information flow and content

BWRX-300 Safety Strategy framework requires some alternative Preliminary Design Criteria to align with BWRX-300 Defense Lines Copyright 2023 GE-Hitachi Nuclear Energy Americas, LLC, All Rights Reserved 36 of 54

©2023 Nuclear Energy Institute 4 Some advanced reactor vendors are planning on using alternate frameworks for licensing basis event selection and SSC classification The following presentations are intended to communicate examples of how these processes impact digital I&C Any discussion of the use of alternate frameworks is intended to address generic issues on the impact of alternate frameworks on digital I&C licensing decisions Alternate Framework Discussions 38 of 54

The reviewer ensures that the application lists the settings of all the protection and safety systems functions that are used (i.e., credited) in the safety evaluation. Typical protection and safety systems functions include reactor trips, isolation valve closures, ECCS initiation and ECCS. In evaluations of AOOs and postulated accidents, the performance of each credited protection or safety system is required to include the effects of the most limiting single active failure. [emphasis added]

NEI 18-04 Table 3-1 states:

AOOs take into account the expected response of all SSCs within the plant, regardless of safety classification. [emphasis added]

Questions - Alternative Frameworks 39 of 54

©2023 Nuclear Energy Institute 6 Historically, there has been a perception that an applicant needs a safety-related system, instead of a set of anticipatory and/or non-safety SSCs, in order to meet AOO acceptance criteria.

Question 1: If a vendor proposes to use an alternative framework, can that vendor credit the expected response of all SSCs within the plant (e.g., other than safety-related instrumentation and controls), regardless of safety classification?

Questions - Alternative Frameworks 40 of 54

©2023 Nuclear Energy Institute 7 Question 2: If the vendor is able to credit the expected response of all SSCs within the plant, this will impact the selection and wording of Principal Design Criteria. Are there any specific considerations that vendors should be aware of when applying this concept?

For example, 10 CFR 50, Appendix A GDC 20 states:

Protection system functions. The protection system shall be designed (1) to initiate automatically the operation of appropriate systems including the reactivity control systems, to assure that specified acceptable fuel design limits are not exceeded as a result of anticipated operational occurrences and (2) to sense accident conditions and to initiate the operation of systems and components important to safety.

The highlighted words may be defined and executed differently in different frameworks.

Questions - Alternative Frameworks 41 of 54

Open Discussion 42 of 54

Perspectives on Design Basis Accident (DBA)

Analysis Described in the Licensing Modernization Project (LMP) 1 43 of 54

LMP: EVENT SELECTION; F-C CURVE LBEs are defined by event sequence families from design specific Probabilistic Risk Assessment (PRA)

Purpose is to evaluate risk significance of individual LBEs and SSCs and to help define the required safety functions (RSFs); not a regulatory acceptance criterion Derived from the NGNP F-C Target and frequency bins for event categories F-C Target anchor points based on:

- 10 CFR 20 annual dose limits used to define iso-risk contour in AOO region

- Avoidance of offsite protective actions for lower frequency AOOs

- 10 CFR 50.34 dose limit for lowest frequency DBEs

- Consequences based on 30day TEDE dose at EAB

- EAB dose target for BDBEs related to NRC safety goal for limiting possibility of prompt fatality 2

44 of 54

LMP: EVENT SELECTION & ANALYSIS Anticipated Operational Occurrences (AOOs)

Anticipated event sequences expected to occur one or more times during the life of a nuclear power plant, which may include one or more reactor modules. Event sequences with mean frequencies of 1x10-2/plant-year and greater are classified as AOOs. AOOs take into account the expected response of all SSCs within the plant, regardless of safety classification.

3 45 of 54

LMP: EVENT SELECTION & ANALYSIS Design Basis Events (DBEs)

Infrequent event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactor modules, but are less likely than AOOs. Event sequences with mean frequencies of 1x10-4/plant-year to 1x10-2/plant-year are classified as DBEs. DBEs take into account the expected response of all SSCs within the plant regardless of safety classification.

4 46 of 54

LMP: EVENT SELECTION & ANALYSIS Beyond Design Basis Events (BDBEs)

Rare event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactor modules, but are less likely than a DBE. Event sequences with mean frequencies of 5x10-7/plant-year to 1x10-4/plant-year are classified as BDBEs. BDBEs take into account the expected response of all SSCs within the plant regardless of safety classification.

5 47 of 54

LMP: REQUIRED SAFETY FUNCTIONS (RSF)

Required Safety Function: A PRA Safety Function that is required to be fulfilled to maintain the consequence of one or more DBEs or the frequency of one or more high-consequence BDBEs inside the F-C Target Provides connection to Safety-Related Classification 6

48 of 54

LMP: SAFETY-RELATED SSCS o

SSCs selected by the designer from the SSCs that are available to perform the RSFs to mitigate the consequences of DBEs to within the LBE F-C Target, and to mitigate DBAs that only rely on the SR SSCs to meet the dose limits of 10 CFR 50.34 using conservative assumptions o

SSCs selected by the designer and relied on to perform RSFs to prevent the frequency of BDBE with consequences greater than the 10 CFR 50.34 dose limits from increasing into the DBE region and beyond the F-C Target 7

49 of 54

LMP: DESIGN BASIS ACCIDENTS Design Basis Accidents (DBAs)

Postulated event sequences that are used to set design criteria and performance objectives for the design of Safety-Related SSCs. DBAs are derived from DBEs based on the capabilities and reliabilities of Safety-Related SSCs needed to mitigate and prevent event sequences, respectively. DBAs are derived from the DBEs by prescriptively assuming that only Safety-Related SSCs are available to mitigate postulated event sequence consequences to within the 10 CFR 50.34 dose limits.

8 50 of 54

LMP: DESIGN BASIS ACCIDENTS A DBA is associated with each DBE that includes the required safety function (RSF) challenges.

DBAs selected based on prescriptive rules and analyzed using conservative assumptions.

In DBA analysis, RSFs are performed by Safety-Related SSCs only.

The selection of conservative assumptions to be used in the DBA analysis will be informed by the quantitative uncertainty analysis of consequences performed for the corresponding DBEs.

The application of a single failure criterion is deemed unnecessary. Replaced with reliability criterion.

Based primarily on integrated LMP methodology. Alternate approaches would need to maintain or justify not applying single failure criterion for DBAs.

NRC Regulatory Guide 1.203, Transient and Accident Analysis Methods Additional discussion of developing appropriate evaluation models for analyzing DBAs.

9 51 of 54

Follow-on Questions / Discussion related to the LMP DBA Analysis

Codes and Standards

- How performance-based concepts can be applied to prescriptive requirements of endorsed codes and standards

- Applicability of IEEE 603 and related standards

- Use of international codes and standards Future Workshop Topics 52 of 54

NRC staff review expectations

- I&C-specific Principal Design Criteria

- Fundamental I&C design principles

- I&C architecture and safety classification of I&C platforms

Content of Applications

- Clarity on applicability of Part 50/52 requirements

- Expectation for construction permit applications

- Non-power vs. power reactor applications

Use of NUREG-1537; Path forward for future power reactors Future Workshop Topics 53 of 54

Questions?

For more information, contact:

Jordan.Hoellman2@nrc.gov 54 of 54

ML23094A056

Text

Reference:

Navigation menu

Search