ML24107B109

From kanterella
Jump to navigation Jump to search
NRC Staff Feedback on NEI 20-07 Draft Rev E -Revised Portion Markings (Non-Proprietary)
ML24107B109
Person / Time
Issue date: 02/29/2024
From:
Office of Nuclear Reactor Regulation
To:
Edwards T, NRR/DORL/LPL1
Shared Package
ML24107B108 List:
References
EPID L-2023-NFN-0012
Download: ML24107B109 (1)
v  d  e


Text

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 General or Overarchin comment

1.

The enclosure to SRM-SECY-22-0076

2.
3.

states: "The applicant must assess the defense in depth and diversity of the facility incorporating the proposed digital l&C system to demonstrate that vulnerabilities to digital CCFs have been adequately identified and addressed... "

NEI 20-07 Rev. E states: "This document provides a process for developing a new type of Diversity and Defense-in-Depth (D3) analysis. This document establishes a safety case using claims, arguments, and evidence to demonstrate that vulnerabilities to digital CCF have been adequately addressed. The safety case depends on outputs from EPRI engineering and diagnostic tools to provide evidence that supports claims and ar uments described in this document."

NEI 20-07 generally credits EPRI DEG, HAZCADS, DRAM and says the outputs provide the evidence but does not specifically state what parts of these processes or what evidence is necessary and sufficient.

Scoring of systematic control methods.

Section 4.1.2 states "Once a set of systematic Control Methods has been identified for a given Loss Scenario, each Control Method is individually scored to provide an objective comparison of the relative effectiveness of the Control Methods.

A scoring method is used as a tool to perform a qualitative assessment of the Control Method effectiveness. A scorin 1 of 18 Defense in depth has always been part of NPP facilities. The assessment of the facilities defense in depth is not clear from the content of NEI 20-07 Rev. E. Therefore, NEI 20-07 Rev. E does not address the entire SRM.

What are the acceptance criteria to determine whether the processes produces the desired result?

What evidence or process outputs, specifically.

should be examined?

)) Let alone which specific outputs are used or how the are used.

What is the technical basis for the validity of the scoring method?

Provide an example that illustrates the scoring method.

Generally, each different control method is good for addressing some specific source(s) of concern, but not others. The selection of control methods should, when taken together, broadly address all the sources of concerns. Please Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 method removes potential bias in the explain how this concept is addressed by the qualitative assessment. Each Control process in NEI 20-07 Rev. E.

Method is evaluated separately for its Control Method effectiveness and in combination when more than one Control Method is applied to an l&C element or relationship set of l&C elements."

4.

Various sections regarding guidance on non-NEI 20-07, applicable to both operating and new light-water reactors (non-LWRs) and new LWRs and non-LWRs, is written with more LWRs details or focus on operating LWRs. Additional enhancements or clarifications regarding guidance for non-LWRs are needed as discussed in comments below. Examples include the use of risk metrics, acceptability of the probabilistic risk assessment used, and other guidance on non-LWRs under the licensing modernization project (LMP). The NRC staff suggest a comprehensive evaluation of NEI 20-07 on this topic.

Most new LWRs have successfully employed the deterministic best-estimate coping analysis to address CCF concerns in accordance the Commission Policy in SRM-SECY-93-087 and may choose to follow the same deterministic approach for future LWR designs. NEI 20-07 should also address use of deterministic approach for addressing the digital l&C CCF concerns.

5.

Applicability of NEI 20-07, Rev E to The NRC staff notes that some of the advanced advanced reactors including microreactors reactors may not be vulnerable to potential Dl&C CCFs of concern. For example, the inherent safety and/or passive features may demonstrate that the designs are safe for the CCF scenarios using the LMP process in RG 1.233. Another example may be that there may not be any HSSSR Dl&C systems in some of these designs. The NRC staff suggests that NEI 20-07 consider this feedback and include any additional clarifications as necessary reaardina the use of its auidance for this area.

EXECUTIVE

SUMMARY

AND TABLE OF CONTENTS

6. I "Historically, CCF has been addressed I Suggest deleting this sentence or modifying through the implementation of independent sentence to acknowledge other means of 2 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 and diverse Instrumentation and Control addressing CCF or add "some" after (l&C) systems."

"Historically".

7.

"To prove that vulnerabilities to CCF have The concept of "vulnerability to CCF" in SRM-been adequately addressed, the D3 analysis SECY-22-0076 was understood to mean a must be able to demonstrate that:

situation where a CCF would produce

1. Credible and likely sources of potential unacceptable results. This quotation, and others CCF have been identified and analyzed.

in this document change the focus to sources of

2. Each source of potential CCF has been CCF, but this document does not describe or reasonably prevented, mitigated, or define what sorts of things sources of CCF are adequately dispositioned."

(e.g., people, equipment, procedures).

There is an implication that not all sources of CCF can be identified, which is created by this document only addressing credible and likely sources of CCF.

Is it analogous to the distinction between failure mode (e.g., potential CCF) and failure mechanism (e.g., source of potential CCF)?

Does each potential CCF have many sources?

8.

"Credible and likely sources of potential CCF The enclosure to SRM-SECY-22-0076 states:

have been identified and analyzed."

"In performing the defense-in-depth and diversity assessment, the applicant must analyze each postulated CCF using either best-estimate methods or a risk-informed approach or both."

How does addressing the credible and likely sources meet this aspect of the policy?

9.

"This document provides the safety case This statement is misleading and should be which provides the details that demonstrates changed. This document provides a high-level the output of the EPRI Digital Engineering overarching approach, but it does not provide Guideline (DEG), Hazards and Consequence details.

Analysis in Digital Systems (HAZCADS), and Digital Reliability Analysis Methodology (DRAM) processes (References 13, 14, and

15) provide a D3 analysis addressing the SRM-SECY-22-0076 oolicv."
10.

"The use of independent and diverse l&C This needs further elaboration or a reference to systems may address some sources of CCF, where it is described which sources of CCF are but these systems do not sufficiently address addressed with independent and diverse other sources of CCF."

svstems, and which sources are not addressed 3 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 using independence and diversity. Also, it is not clear from the balance of this document whether all sources of CCF are really being addressed with the proposed methodology. An explanation is provided that seems to address control logic sources of CCF but no explanation is provided regarding common cause sources of hardware-related failures.

11.

"Independence and diversity are indeed It seems to imply that there may be other design useful design techniques; however, these techniques that do not need to be "supported by design techniques should be used when an engineering analysis." If engineering analysis supported by an engineering analysis."

is not being used for these other techniques, what proof is there to demonstrate that CCF has been sufficiently addressed?

12.

"This document provides the safety case In effect, this document does not provide an which provides the details that demonstrate evidentiary safety case-rather at best, it the output of the EPRI Digital Engineering attempts to describe a method one could use to Guideline (DEG), Hazards and Consequence develop a safety case.

Analysis in Digital Systems (HAZCADS), and Digital Reliability Analysis Methodology (DRAM) processes (References 13, 14, and

15) provide a D3 analysis addressing the SRM-SECY-22-0076 oolicv."
13.

"Tier 2 provides sub-claims and arguments It does not appear that such sub-claims and that demonstrate the efficacy of the EPRI arguments are conclusive (see NRC staff HAZCADS and DRAM processes to identify comments on Section 5.3).

and establish the criteria for each applicant to demonstrate they adequately executed these processes."

SECTION 1 INTRODUCTION

14.

"The use of independent and diverse l&C What sources of CCF do independent and systems may address some sources of CCF, diverse l&C systems not address, that the but these systems do not sufficiently address proposed methodology of NEI 20-07 does other sources of CCF."

addresses?

Explain or provide examples of which sources of CCF can be addressed via independence and diversity and which sources of CCF cannot but can be addressed by NEI 20-07.

4 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07

15.

"This process may be applied to operating The NEI 20-07 process primarily focuses on risk reactor licensees or new plant applicants."

metrics of CDF and LERF and corresponding thresholds for these risk metrics based on "Applicants using this guidance for new plant regulatory guidance for operating light-water applications using Regulatory Guide 1.233 reactors. Advanced light-water and non-light-can use this guidance to develop a D3 water reactors do not use the same risk metrics, assessment to demonstrate the adequacy of so it is not apparent that this process can be special treatments applied to address CCF."

applied to all new plant applicants without changes, which will need a detailed review.

There is a need to define the scope of NEI 20-

07.
16.

" Independence and diversity are indeed It seems to imply that there may be other design useful design techniques; however, these techniques that do not need to be "supported by design techniques should be used when an engineering analysis." If engineering analysis supported by an engineering analysis."

is not being used for these other techniques, what proof is there to demonstrate that CCF has been sufficiently addressed?

SECTION 2 DEFINITIONS

17.

NEI 20-07 defines a high-safety-significant Does NEI 20-07 intend to make a distinction safety-related as an SSC that has "one or between the definition of high-safety-significant more of the following... 3. Failure could lead safety-related in NEI 20-07 and BTP 7-19?

directly to accident conditions that have unacceptable consequences." This definition is broader than that in BTP 7-19, which uses the criterion, "their failure could lead directly to accident conditions that may have unacceptable consequences (e.g.,

exceeding siting dose guidelines for a DBE) if no other automatic systems are available to provide the safety function, or no preplanned manual operator actions have been validated to provide the safety function."

18.

HSSSR SSC definition For non-LWRs, the LMP in RG 1.233 classifies SSCs as safety-related, safety-related with special treatment, and non-safety-related with no special treatment based on a systematic risk-informed and performance-based aooroach. NEI 5 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 20-0?'s definition of HSSSR SSCs should include information on what SSCs are considered HSSSR under the LMP.

19.

NEI 20-07 defines a risk reduction target as Can SSCs that are not safety-related be the "risk reduction to be achieved by the [... ]

credited to reduce risk to achieve the risk safety-related systems and/or other risk reduction target?

reduction measures in order to ensure that How do the safety-related systems and/or other the tolerable risk is not exceeded."

risk reduction measures ensure that the tolerable risk is not exceeded? [emphasis addedl

20.

NEI 20-07 uses the term "Stakeholder Please provide a definition of "Stakeholder Losses" in several sections. It also uses the Losses" and provide examples that help the term "loss scenarios."

reader to understand the Stakeholder Loss concept to differentiate such losses from those regulatory safety concerns (e.g., design basis events") that could result from digital l&C failures to perform required safety functions.

Also, are both "Stakeholder Losses" and safety consequences of failures both considered "loss scenarios" described in Section 4.0? If not, please explain further.

21.

Section 4.1 discusses controller "beliefs" and Please define what is a controller "belief' and process model beliefs what is a process model "belief'?

SECTION 3 REGULATORY BASIS

22.

3.1 SRM-SECY-22-0076 The insertion of "in HSSSR" is inconsistent with "SRM-SECY-22-0076 provides NRC the policy. Therefore, this phrases is an incorrect direction regarding an expanded policy on characterization of the policy.

potential CCF in HSSSR Dl&C systems."

[emphasis added]

The SRM states "The Commission has approved the staff's recommendation to expand the existing policy for digital instrumentation and control (l&C) common-cause failures... "

Please remove the words "in HSSSR".

23.

3.1.2 SRM-SECY-22-0076 Point 4 Since NEI 20-07 was written in July 2023; it "BTP 7-19...,,

does not accurately reflect what is in the new version of BTP 7-19. Therefore, such wording must be checked after the final version 9 of BTP 7-19 is issued. See Section B.1.2 for critical safety function.

24.

3.1.2 SRM-SECY-22-0076 Point 4 Consider adding additional guidance for non "For applicants using Regulatory Guide LWR applicants on addressing Point 4 of SRM.

1.233, special treatment considerations and human factors engineering processes should 6 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07 indicate required monitoring parameters that support safety functions."

Question or Feedback Not clear how guidance in NEI 20-07 is applied to non-LWR applicants, because a lot of the guidance appear to be LWR specific.

The NRC staff agrees with the statement but provides the following additional information. For non-LWRs, the LMP in RG 1.233, safety functions are defined and discussed mainly in terms of Required Safety Functions (RSFs) and Probabilistic Risk Assessment Safety Functions (PSFs). The NRC staff relies on RG 1.233 and the Design Review Guide (DRG),

"Instrumentation and Controls for Non-LWRs Reviews" (ML21011A140) for non-LWR l&C reviews. The NRC staff will use pre-application engagement to discuss use of the expanded policy, including critical safety functions in Point 4 for non-LWRs with interested applicants to address any questions or concerns. A relevant discussion is in SECY-23-0092.

25.

"... the assumed definition of this term The NEI 20-07 process primarily focus on risk metrics of CDF and LERF and corresponding thresholds for these risk metrics based on regulatory guidance for operating light-water reactors. Advanced light-water do not use the same risk metrics, so it is not apparent that this process can be applied to all new plant applicants without changes, which will need a detailed review. There is a need to define the scope of NEI 20-07.

26.

[critical safety functions] only includes functions pertinent to existing light water reactor designs."

7 of 18 For non-LWRs, the LMP in RG 1.233 identifies technology-inclusive risk metrics for use, which is also discussed in ASME/ANS RA-S-1.4-2021,

endorsed in RG 1.247 with clarifications. The LMP also discusses the possibility of reactor-specific risk metrics by the designers as needed.

Including some of the relevant information from the LMP on risk metrics in an appropriate section should enhance NEI 20-07 for clarity and bein more technolo

-a nostic.

Please clarify what "sensitivity analysis" is being referred to here. [

Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07 SECTION 4 SYSTEM DIAGNOSTIC PROCESS

27.

"Section 4.1.1 EPRI HAZCADS Overview For example, a realistic break opening time should be used to determine the necessary response time to a Large Break Loss of Coolant Accident in lieu of an assumed double-ended uillotine break."

28.

[

29.
30.

"As the system design matures in detail, new hazards may be uncovered and the list of hazardous system states can be revisited and revised, as needed."

NEI 20-07 states, "A control structure model does not typically capture purely physical relationships like physical proximity between components or fire propagation."

Draft BTP 7-19, Revision 9, states, "the application should evaluate Dl&C system interconnectivity and address Dl&C system spatial separation that could significantly influence the risk due to fires, earthquakes, and other hazards."

8 of 18 Question or Feedback JI Please specify what would be the sensitivity analysis being referred to here. A postulated digital CCF either has an adverse risk impact or it doesn't. Alternatively, define the criteria that will be used to identify "significant risk impact" or "not a significant risk impact."

Provide a clarification or footnote indicating that this example would apply only to those piping subsystems for which the fracture mechanics have been analyzed and reviewed.

With the level of reliance placed on the execution of the EPRI HAZCADS and DRAM processes as part of the NEI 20-07 methodology, it appears that the NRC staff would need to review and endorse the HAZCADS and DRAM processes.

Does NEI intend to provide these documents on the docket and seek their review and endorsement b NRC staff?

What process is used to determine if the list of hazardous system states needs to be revisited and revised?

How often is this process performed?

Alternatively, describe how an iterative design process is used which continues to uncover new hazards as the design evolves.

How does the NEI 20-07 process address these spatial concerns?

Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07

31.

"Realistic times should be considered in lieu Does this statement apply to all CCFs or only of overly conservative estimates for those evaluated through the NEI 20-07 risk-improbable licensing basis events."

informed process?

How are "improbable" licensing basis events defined?

32.

"The RRT can be developed from one of five It would be beneficial to include additional different pathways based upon the scope of information on the five different pathways to the system under analysis, the stage of the develop the risk reduction targets.

design process, and whether the system(s) is modeled in the PRA."

33.

"The result may be a change in core damage For advanced light-water and non-light-water frequency (CDF) and large early release reactors, what industry accepted guidance frequency (LERF). Some reactor would be used to determine the risk reduction technologies may use different risk metrics target?

specific to the reactor design. For those reactor technologies, the RRT thresholds For advanced light-water and non-light-water should align with industry accepted reactors, what risk metrics and associated guidance."

criteria that would be used to determine the risk reduction target?

The NEI 20-07 process primarily focuses on risk metrics of CDF and LERF and corresponding thresholds for these risk metrics based on regulatory guidance for operating light-water reactors. Advanced light-water and non-light-water reactors do not use the same risk metrics, so it is not apparent that this process can be applied to all new plant applicants without changes, which will need a detailed review.

There is a need to define the scope of NEI 20-

07.
34.

"For the purposes of this document, only loss Are loss scenarios that do not result in core scenarios associated with regulatory safety damage or radiological release but affect other factors (e.g., core damage or radiological regulatory programs such as MSPI and the release) should be considered."

maintenance rule considered?

35.

"A set of pre-scored systematic control What process is used to provide scores to the methods are established to mitigate the loss control methods?

scenarios of an inadequate control algorithm."

Additional details and justification of the scoring process are necessary, including examples demonstrating how the scoring process is performed. The justification needs to explain how the scoring process is objective, structured, and consensus-based.

9 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07

36.

"Refer to EPRI DRAM for details regarding the CME scoring methodology."

37.

4.2.1 EPRI HAZCADS Clarifications [-

38.

See the previous item.

39.

4.2.1 EPRI HAZCADS Clarifications Question or Feedback Does NEI intend for the NRC staff to review and endorse the DRAM process?

Does NEI intend to provide this document on the docket?

What requirements, if any, are provided for the technical acceptability of a PRA model?

SECY-22-0076 provides guiding principles that the staff will follow, one of which is that "the underlying PRAs used for the bounding assessment as part of risk-informed approaches will be technically acceptable and will be supported by an effective PRA configuration control and feedback mechanism." To use the NEI 20-07 process for a risk-informed application, the applicants PRA models will need to be demonstrated to be technically acceptable.

For non-LWRs, RG 1.247 (For Trial Use),

"Acceptability of Probabilistic Risk Assessment Results for Non-Light-Water Reactor Risk-informed Activities," provides guidance on the subject. Additional guidance on technical acceptability of a PRA such as a discussion on RG 1.247 related to non-LWRs should enhance NEI 20-07 for clarit.

This description is solely applicable to LWRs with the "shall" language. It should be revised to be technology-agnostic or additional clarification should be made on guidance for non-LWRs.

10 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E I

Excerpt or Section Number from NEI 20-07

40.

4.2.2 EPRI DRAM Clarifications SECTION 5 SAFETY CASE DEVELOPMENT 41.

5 SAFETY CASE DEVELOPMENT "The safety case structure provided in this section was adopted from ISO/IEC/IEEE 15026-2:2022.

42.

5 SAFETY CASE DEVELOPMENT "The safety case is constructed by connecting key elements, which include:

- Claims which are assertions about a property of the system. Claims that are asserted as true without justification become assumptions and claims supporting the argument are called sub-claims.

- Arguments which link the evidence to the claim, which can be deterministic, probabilistic or qualitative.

- Evidence which supplies the basis for the justification of the claim. Some sources of evidence may include the design, the development process, testing, and inspections."

Question or Feedback The expression ((

)) is not clear and should be clarified.

NEI does not explain what was changed or what was adopted from the identified standards or what was changed; therefore, it is not clear what NEI understands to be a "safet case."

In short, a safety case is built on three things:

Claims, Reasoning, & Evidence. The reasoning explains how or why the evidence supports the claim.

The reasoning part of the safety case in NEI 20-07 is missing. In some cases, the "reasons" provided are just unsupported claims. For example How is this argument/reason !!21 just a restatement of the claim?

The argument/reason does not explain why the evidence listed below it supports the claim. It is obvious that the EPRI processes identify some losses and hazards, but what makes us believe that they identify enough? Why?

The same problem exists with the other Tier 2 claims and Tier 3 Arguments.

11 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07

43.

5.1 Safety Case Structure

44.

5.1.1 Safety Case Description "The technical process described in EPRI HAZCADS and DRAM produces a diversity and defense-in-depth analysis that demonstrates vulnerabilities to digital CCF have been adequately identified and addressed."

45.

5.1.1 Safety Case Description Item # 1

[

46.
47.
48.

5.1.2 Safety Case Uncertainty

[

Question or Feedback The last sentence appears to indicate that the Tier 3 evidence will not be in the licensing application but will be available for audit or inspection by the NRC staff. At a minimum, a summary of the Tier 3 evidence to support the corresponding argument should be included in the licensing application with the detailed documentation being available for a regulatory audit or inspection.

This is an unsupported claim. How do we know it is true?

How does this compare with BTP 7-19 Section B.3.4?

How is the output of the [I used?

This description is more applicable to LWRs regarding the use of Core Damage and Large Early Release. It should be revised to be technology-agnostic or additional clarification should be made on uidance for non-LWRs.

The technology of establishing risk effectiveness scores and applying them to individual control measure has not yet been demonstrated to be adequate for regulatory purposes.

Please describe how this adequacy will be demonstrated.

Traditionally (or historically), one did not try to determine the source of the CCF, but rather just postulated the CCF and determined whether the results were acceptable or not.

The US NRC (called AEC at the time) described the reasoning behind this traditional approach for example, in the Chapter 12 of the AEC HB on l&C Part 2 TID-25952-P2.

12 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07 Question or Feedback How is the implementation of the term

)) risk

49.

5.2 Tier 1 Claim, Argument and Sub-Claims he text in Figure [

. There is a very big

50.
51.
52.

[

5.3.1 EPRI HAZCADS and DRAM Efficacy "The graded approach is consistent with the acceptance guidelines for changes to Core Damage Frequency and Large Early Release Frequency described in RG 1.17 4 Section 2.4. Aspects of the proposed modification that result in changes to CDF or LERF that map to Region 1 in RG 1.17 4 Figures 4 and 5 apply the most rigorous approach; whereas those that map to Region 3apply the least rigor while maintaining the design basis commitments and consistency with the facility's defense-in-depth hiloso h and safe mar ins."

5.3.1 EPRI HAZCADS and DRAM Efficacy "This process provides the system designers with greater insights to potential sources of failure and provides insights to the most risk-significant vulnerabilities that need to be addressed."

5.3.1 EPRI HAZCADS and DRAM Efficacy "RG 1.233 provides the scope of functions under control and reliability targets for a safety-related Dl&C system via the Licensing Basis Event selection and SSC classification includin defense-in-de th functions. These difference in the wording.

Please ensure consistent wording throughout.

Since there is an inconsistency in the description, it is not clear which one (or neither) you are proposing.

Furthermore, there are other inconsistencies between the figure and the textual description of it.

It would be helpful if the claims, arguments, &

evidence in the figure were labeled the same as those in the text.

This is another example where the description is more applicable to LWRs regarding the use of Core Damage and Large Early Release.

Additional clarification should be made on guidance for non-LWRs.

For "the most risk-significant vulnerabilities,"

should it be "risk-significant vulnerabilities"? It is not clear why it is focused on the most risk-significant item only.

RG 1.233 covers all safety-significant SSCs including both safety-related and non-safety-related with special treatment (NSRST) SSCs.

The NRC staff suggest using "safety-significant" instead of "safety-related" in the statement.

13 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

53.
54.
55.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07 criteria are inputs to the initial/conceptual desi n hase."

" EPRI HAZCADS and DRAM have been proven effective in identifying and addressing hazards and sources of failure in Dl&C systems.... NRC has conducted its own research on the efficacy of hazards analysis and STPA. TLR-RES/DE-2022-006, "Hazard Analysis: An Outline of Technical Bases for the Evaluation of Criteria, Methodology, and Results," documents an evaluation of the need "to develop criteria for technical bases supporting the evaluation of the criteria and methodology for, and of the results from, [... ]

hazards anal sis."

Risk Informed Principles subsection: "2.

Key assumptions and sources of uncertainty in the PRA models that can impact the assessment are addressed by assuming everything in the HSSSR system fails. By assuming the CCF occurs, uncertainty associated with the HSSSR Dl&C system is a negligible factor since this process provides a bounding assessment of the failure of the HSSSR Dl&C system.

Because this process requires the use of a high-fidelity PRA model, other sources of uncertainty (e.g., parameter uncertainty) are unaffected by the sensitivity analysis performed by this process."

5.4.1 Resolution of Tier 2, Sub-Claim 1

[

Question or Feedback The staff can recognize how the processes described can provide insights toward attaining a degree of reliability of operations as a complement to existing regulatory activities.

However, it is not clear whether these processes alone, without the complementary regulatory activities are effective at identifying and eliminating all sources of CCF, which is the purpose of this document.

Do the high-fidelity aspects of the PRA model extend to the modeling of the operator's response-e.g., including recognizing that a complete or partial failure of the HSSR has occurred, and then taking appropriate manual actions to identify process trends and then correctly address the symptoms of the event?

Doesn't the operator response portion of the PRA rely on rule of thumb assumptions regarding successful correct and timely operator actions? One reason it is assumed that failure of the HSSSR Dl&C system results in a negligible change in risk factor, is that these operator action success assumptions are overly optimistic.

The use of the term "argument" here in the first sentence is understood to be used in the sense of "claims, reasoning & evidence" and not simply a statement to include the bolded text in the application. Consider using the term "claims, reasoning & evidence" instead of "argument" in all such cases. Otherwise, it is confusing with respect to the use of the term "argument" in the figures.

This [I

)) does not contain reasoning about why the evidence supports the claim. But rather is just an unsupported claim.

14 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07 Question or Feedback

56.

5.4.1 Resolution of Tier 2, Sub-Claim 1

)) states that something is [

)) but not of how or why the information to be provided or made available explains why it is true or how it was determined to be true.

[

57.
58.
59.

If the various methodologies referenced in [-

11l are acceptable, there is still the concern of whether those methodologies were adequately implemented by the applicant and that these methods were followed on the application.

The NEI 20-07 process primarily focuses on risk metrics of CDF and LERF and corresponding thresholds for these risk metrics based on regulatory guidance for operating light-water reactors. Advanced light-water reactors do not use the same risk metrics, so it is not apparent that this process can be applied to all new plant applicants without changes, which will need a detailed review. There is a need to define the sco e of NEI 20-07.

60.

5.4.1 Resolution of Tier 2, Sub-Claim 1 This description is more applicable to LWRs regarding the use of core damage and large early release. It should be revised to be

[

15 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

61.

62.
63.
64.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from NEI 20-07 NEI 20-07 lists the following EPRI reports as available evidence: EPRI 3002004995, EPRI 3002004997, and EPRI 3002000509.

"A combined control method effectiveness score provides a geometrically weighted value."

Question or Feedback technology-agnostic or additional clarification should be made on guidance for non-LWRs.

Relevant PRA information including credited external design features (e.g., manual operator actions, passive design features) need to be of a sufficient high fidelity to provide an accurate picture as to the likelihood of success of each operator response action in the event of a common cause failure of the HSSSS. It should not rely on handbook-based canned assumptions, without formal validation.

Does NEI intend to provide these reports document on the docket?

Is the phrase "geometrically weighted value" intended to represent a weighted geometric mean or a different mathematical value?

Additional details and justification of the geometrically weighted combined control method effectiveness score calculation are necessary, including examples demonstrating how the combined control method effectiveness score is calculated. The justification needs to explain how the calculation is objective, structured, and consensus based.

16 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 SECTION 6 CONCLUSION

65.

"UCAs that are present in multiple This definition of CCF is not consistent with the redundancies of a Dl&C system and impact NRC understanding of the term. Using different core damage or large early releases are definitions for terms than the NRC uses only considered CCF."

creates regulatory uncertainty.

Maybe it is better to say "considered risk/safety significant CCFs" and that control measures are aoolied to these CCFs.

66.

"UCAs that are present in multiple This description is more applicable to LWRs redundancies of a Dl&C system and impact regarding the use of core damage and large core damage or large early releases are early release. It should be revised to be considered CCF."

technology-agnostic or additional clarification should be made on guidance for non-LWRs.

67.

"This process is effective at identifying the The NRC is also concerned about CCFs that are most likely and credible CCFs at a nuclear unlikely.

power plant."

This conclusion should probably be a bit more precise in terms of Modes, causes, mechanisms, or sources of CCF.

SECTION 7 REFERENCES

68.

The document text often does not identify the specific reference. Please ensure all references are used refer to the reference number in the bodv of the document.

APPENDIX A. RELEVANT NRC REGULTORAY FRAMEWORK

69.

Appendix A Conceptually, NEI 20-07 is proposed to be used "This Appendix describes the relationship as an alternative way to meet the Commission between the process described in this policy on CCF; therefore, this appendix should document and the NRC regulatory explicitly include the NRC regulatory framework framework."

applicable to the Commission policy on CCF. It appears that this appendix is incomplete in that "Note that the regulations listed below may respect. For example, it does not include the not necessarily apply to all applicants and SRM.

licensees. The applicability of the regulatory requirements is determined by the plant-The NRC regulatory framework includes more specific licensing basis and any proposed than just regulatory requirements.

changes to the licensing basis associated with the proposed Dl&C system under evaluation."

70.

Appendix A, Section A 1 states "A.1. 10 CFR 10 CFR 50.55a(h) also incorporates by 50.54Uj), 10 CFR 50.55a(h) IEEE 603-1991 reference IEEE 279-1968; therefore, please or IEEE 279 -1971 as incorporated by add this regulatory requirement to this section.

reference requires, in part, that components 17 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

February 29, 2024*

Offioial Use ORiy Preprietary IRferFRatieR.

NRC Staff Questions and Feedback on NEI 20-07 Draft Rev E Excerpt or Section Number from Question or Feedback NEI 20-07 and modules shall be designed, Please add GDC 1 and 10 CFR50.55(i) to this manufactured, inspected, installed, tested, section.

operated, and maintained in accordance with a prescribed quality assurance program."

The requirement that an NPP is constructed and operated in accordance with a quality assurance program is not imposed by GDC1, 10 CFR 50.55a(h), 10 CFR 50.54.Uj), or 10 CFR 50.55(i)

- as this section states. The QA program is imposed by other regulatory requirements.

GDC 1, 10 CFR 50.54.Uj), and 10 CFR 50.55(i) impose the requirement to do things in accordance with established standards. A 10 CFR Appendix B compliant QA program ensures the standards are achieved. The establishment of standards to ensure equipment meets its obligations in the FSAR is a technical matter and not a programmatic QA matter. The quotation seems to confuse these issues and thereby create regulatory uncertainty. For example, RG 1.75 establishes standards for separation, and if committed to, the QA program ensures the standards established are conformed to.

71.

Appendix A, Section A.1 The term "quality standards" is used in several places in the regulations and guidance - e.g.,

GDC 1, 10 CFR 50.54(jj), 10 CFR 50.55(i), AEC l&C Handbook Volumes 1 & 2, RG 1.26 Rev. 5, SECY-03-0117, GL 84-01. This appendix should use the term "quality standards" in a manner consistent with how the NRC uses the term.

72.

Appendix A, Section A.2.1 Doing a part of a standard is not the same as "Pre-scored Systematic Control Methods are following the standard. These use of these techniques and measures that may, methods in this document differs from how they synthesized from the industry standard IEC are used in the standard.

61508 Part 3, normative Annex A which is a recognized safety standard in the petrochemical industrv."

  • The portion markings on this document was changed on March 26, 2024 to reflect the redactions in NEI 20-07, Draft Revision E that was attached to NEl's letter dated March 14, 2024 (M L2407 4A459). No other changes were made to this document.

18 of 18 Offioial Use ORiy Preprietary IRferFRatieR.

Retrieved from "https://kanterella.com/w/index.php?title=ML24107B109&oldid=3759154"