Text

Non-Proprietary Slides for 12/12/24 Meeting with Constellation - ECCS Compensated Level System Replacement Project
	ML24366A050
Person / Time
Site:	Peach Bottom
Issue date:	12/12/2024
From:	; Constellation Energy Generation
To:	Robert Davis; NRC/NRR/DORL/LPMB
	Klett, AL
Shared Package
ML24366A054	List: ML24366A050; ML25014A055;
References
	EPID L-2024-LRM-0009
	Download: ML24366A050 (1)
	v • d • e

Peach Bottom Atomic Power Station ECCS Compensated Level System Replacement Project NRC Pre-submittal Meeting December 12, 2024

Constellation Energy

Pablo Guardado, Principal PM, PEA Project Management

Steve Flickinger, Sr. Reg. Specialist, Corporate Licensing Introductions - Project Team l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 1

Curtiss-Wright

Michael Kosman - Project Manager

Robert Ammon - Technical Director / Project Engineer

Dan Hunt - QA Manager Sargent & Lundy

Rick Paese - Digital I&C and HFE Consultant (Remote)

Introductions - Project Team l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 2

Clarify the consistency of the Curtiss-Wright platform (i.e., hardware and software) and application development methodology for installation of the RadICS system at PBAPS with the NRC-approved Topical Report (TR) platform hardware, software, and application development methodology/process.

Clarify how the project meets RadICS Platform Topical Report (TR) requirements.

Clarify the project outputs / deliverables that satisfy the Safety Evaluation Report (SER) requirements.

Clarify the consistency of the QA programs used by Curtiss-Wright and RPC Radics LLC and explain details of the Curtiss-Wright DSS QA Program.

Meeting Purpose l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 3

Introductions - Project Team

System Development Methodology Detailed Review

Topical Report Compliance Review

Safety Evaluation Report Compliance Review

QA Program Detailed Review Agenda l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 4

System Development Methodology Detailed Review l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 5

Key Takeaway: The Curtiss-Wright System Development Methodology is equivalent to the System Development Methodology approved by the NRC in the RadICS Platform Topical Report and meets all the NRC requirements for licensing the Peach Bottom ECCS CLS Replacement System.

RadICS Topical Report (TR) covers two system development methodologies

Platform Development Methodology

- Utilized by RPC Radiy / RPC Radics LLC to development RadICS components

- Reviewed and approved by the NRC as part of the RadICS TR

Application Development Methodology

- Defined by RPC Radiy / RPC Radics LLC to develop safety systems and application based upon the RadICS components

- Reviewed by the NRC as part of the RadICS TR

- Utilized by Curtiss-Wright to implement the ECCS CLS replacement system

- Defined in Chapters 7, 8, 9, 10 and 11 of the RadICS TR System Development Methodology Summary l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 6

Curtiss-Wright is using the same Application Development methodology, processes, and procedures approved in the RadICS TR

- One minor differences

Codes and Standards

- ((

))a,c,e System Development Methodology Comparison l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

7

Topical Report Coverage l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 8

Key Takeaway: The Curtiss-Wright System Development Methodology meets the requirements specified in the RadICS Platform Topical Report and meets all NRC requirements for licensing the Peach Bottom ECCS CLS Replacement System.

The following slides identify those sections of the RadICS Platform Topical Report that specify requirements for applications that utilize the RadICS Platform and define how the System and Application Development Methodology used for the Peach Bottom ECCS CLS Replacement Project complies with those requirements.

Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 9

Safety Evaluation Report Coverage l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 10

Key Takeaway: The Curtiss-Wright System Development Methodology meets the requirements specified in the RadICS Platform Topical Report Safety Evaluation and meets all the NRC requirements for licensing the Peach Bottom ECCS CLS Replacement System.

The following slides identify how the information required by the RadICS Platform Topical Report Safety Evaluation will be satisfied for the Peach Bottom ECCS CLS Replacement Project.

Safety Evaluation Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 11

QA Program Review l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 12

QA Program Summary Key Takeaway: The Curtiss-Wright QA Program is equivalent to the QA program approved by the NRC in the RadICS Platform Topical Report (e.g. RPC Radics LLC QA Program) and meets all the NRC requirements for licensing the Peach Bottom ECCS CLS Replacement System.

Curtiss-Wright implements a comprehensive QA program (10 CFR Part 50 Appendix B, 10 CFR Part 21 and NQA-1 compliant)

Curtiss-Wright is totally responsible for the development of the PB ECCS Compensated Level System (SPEC-200) Replacement System to CEG under their NQA-1 program.

The Curtiss-Wright Scientech Quality Assurance Manual (QAM) aligns with ASME NQA-1 and is the top-level QA document for Scientech.

The Curtiss-Wright Digital Safety Systems Quality Assurance Program Description (QAPD) implements the requirements from the QAM for Digital Safety Systems (DSS).

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 13

QA Program Background

The Curtiss-Wright QA program used for RadICS based Digital Safety Systems is a legacy QA program that has evolved over more than 20 years.

In order to understand the structure of the C-W QA program, its necessary to understand the evolution and the Curtiss-Wright organizational and business unit organization

The Curtiss-Wright Nuclear Division was built mostly through acquisition. The current organization is composed of multiple organizational units that were acquired by Curtiss-Wright.

At the time of the acquisition, each organizational unit has its own 10 CFR 50 Appendix B, NQA-1 QA Program.

Rather than integrate the QA program of each organizational unit into a single Curtiss-Wright Nucellar Division QA program, each organizational unit retained their original QA program and operates under a QA program that is unique to their unit.

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 14

Acronyms QAM: Quality Assurance Manual QAP: Quality Assurance Procedure SOP: Standard Operating Procedure QAPD: Quality Assurance Program Description QP: Quality Procedure WI: Work Instruction Curtiss-Wright Scientech Nuclear QA Document Hierarchy (DSS) 10 CFR Part 50 App. B and Part 21 ASME NQA-1 2008/2009 Addendum Scientech QAM/QAPs DSS QAPD QPs WIs 10 CFR Part 50 App.

B and Part 21 ASME NQA-1 2008/2009 Addendum Radics QAPD QPs WIs Radics Nuclear QA Document Hierarchy Procedures Applicable to all Scientech (PIMC & OFMS) Safety-Related Work l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 15 QA Document Comparison

DSS QA Program Implementing Procedures

QAPD-001 (same as Radics QAPD-001)

Quality Procedures (QPs)

- Identical

((

- ))a,c,e

- Equivalent

((

))a,c,e l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

16

((

))a,c,e Overview of Curtiss-Wright QAPD vs. Radics QAPD l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

17

Organization

Organizational attributes for both Organizations Include

Independence of QA function

Independence of V&V functions l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 18

((

))a,c,e Example of Curtiss-Wright QAPD vs. Radics QAPD: Requirement 5 l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

19

Equivalent vs. Identical

Equivalent: The procedure and the process may be different, but both procedures meet the same NQA-1 Requirements. ((

))a,c,e

Identical: Same procedure with the same process, minor editorial differences may exist. ((

))a,c,e l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

20

((

))a,c,e Quality Assurance Program Differences l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

21

((

))a,c,e Quality Assurance Program Differences l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

22

Curtiss-Wright / RPC Radics LLC Implementing Procedures

- ((

- ))a,c,e Quality Assurance Program Comparison l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

23

Curtiss-Wright / RPC Radics LLC Implementing Procedures

- ((

- ))a,c,e Quality Assurance Program Comparison l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

24

Curtiss-Wright / RPC Radics LLC Implementing Procedures

- ((

- ))a,c,e Quality Assurance Program Comparison l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

25

Curtiss-Wright / RPC Radics LLC Implementing Procedures

- ((

- ))a,c,e Quality Assurance Program Comparison l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

26

Curtiss-Wright / RPC Radics LLC Implementing Procedures

- ((

- ))a,c,e Quality Assurance Program Comparison l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

27

AIM - Analog Inputs Module

AMS - Analysis and Measurement Services

AOM - Analog Outputs Module

ASL - Approved Supplier List

C-W - Curtiss-Wright

CEG - Constellation Energy Generation

CLS - Compensated Level System

DIM - Discrete Inputs Module

DOM - Discrete Outputs Module

DSS - Digital Safety System

ECCS - Emergency Core Cooling System

ED - Electronic Design

EMC - Elector-Magnetic Compatibility

HFE - Human Factors Engineering

IOPM - I/O Protection Module

LAR - License Amendment Request Acronyms l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 28

LTR - Licensing Technical Report

MATS - Monitoring and Tuning System

MCR - Main Control Room

NRC - Nuclear Regulatory Commission

PAMS - Post Accident Monitoring System

PBAPS - Peach Bottom Atomic Power Station

PPC - Plant Process Computer

PSAI - Plant Specific Action Item

QA - Quality Assurance

QAPD - Quality Assurance Program Description

QP - Quality Procedure

RTM - Requirements Traceability Matric

SME - Subject Matter Expert

TR - Topical Report

WI - Work Instruction

WAIM - Wide Range Analog Inputs Module

RPC Radiy - designer of the RadICS digital safety platform. Parent company of RPC Radics LLC

RPC Radics LLC - RadICS Topical Report Submitter

RadICS - digital safety system platform developed by RPC Radiy Definitions l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 29

Thank you!

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 30

System Development Methodology Review Reference Material l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 31

((

))a,c,e Application Development Methodology l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

32

((

))a,c,e System Development Methodology Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

33

((

- ))a,c,e System Development Methodology Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

34

((

))a,c,e Application Development Methodology l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

35

[

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

36

))a,c,e

((

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

37

))a,c,e

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

38

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

39

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

40

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

41

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

42

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

43

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

44

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

45

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

46

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

47

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

48

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

49

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

50

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

51

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

52

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

53

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

54

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

55

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

56

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

57

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

58

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

59

Topical Report Coverage Reference Material l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 60

TR 7.2 Standard Requirements in the RadICS Life Cycle

- Standardized Class 1E hardware Modules

- Standardized Class 1E EDs

- A Class 1E FBL including

The RadICS PFBL that includes functional blocks used for the ED of the RadICS Modules

The RadICS AFBL that includes functional blocks used in the Application ED

- A non-Class 1E set of tools integrated in a software development environment called RPCT

- ((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

61

TR 7.3.1 RadICS Safety Life Cycle

- ((

))a,c,e

TR 7.3.4 RadICS System Integration and Validation

- ((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

62

TR 7.3.5 Project Specific Application Process

- ((

))a,c,e

- Development of the Application ED by Curtiss-Wright conforms to the requirements specified in the TR, specifically:

((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

63

TR 7.4 RadICS Platform Verification and Validation

- The C-W implementation follows the requirements of this section

- ((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

64

TR 7.5 RadICS Configuration Management Process

- ((

- ))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

65

TR 7.6 Requirements for the RadICS Platform and Applications

- Requirements specified as defined in Figure 7-8 of this section of the TR.

TR 7.6.1 Allocation of Requirements

- ((

))a,c,e

TR 7.6.2 Documentation of Design Requirements

- ((

))a,c,e

TR 7.6.3 Maintainability and User Requirements

- Requirements define maintainability and user requirements in addition to functional and performance requirements.

- The criteria in Table 7.3 are addressed as applicable for the system being developed.

Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

66

TR 7.6.4 Requirements Tracing Tool

- Requirements are automatically traced using a tracing tool (Reqtracer) from

Higher-level requirements documents to the lower-level requirements documents

Requirements documents to design documents

Requirements documents to testing documents

- ((

))a,c,e

TR 7.8 Development Process Training

- ((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

67

Section 8 Electronic Design Development

8.4 Application Electronic Design

- RPCT tool is used to develop the Application Electronic Design.

- Utilizes the AFBL provided by the RPCT tool to develop the Application Electronic Design.

Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 68

Section 9 Equipment Qualification and Analysis

9.1 Equipment Qualification

- RadICS components qualified during TR

Generic environment

Generic environment verified as bounding for SER PSAIs

- Commercial components qualified as part of the ECCS CLS replacement

Seismic

EMC

Environmental Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 69

Section 10 Diversity and Defense-In-Depth

10.2 Digital Common Cause Failures

10.3 Defense Against Common Cause Failures

10.3.1 Electronic Design Development Process Quality

10.3.2 Hardware Independence Principles

10.3.3 RadICS Platform Diversity Assessment

10.3.4 Defense-in-Depth

10.4 RadICS Diversity Summary

- ((

))a,c,e

- LAR includes D3 Analysis that covers these sections of the TR Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

70

Section 11 Secure Development and Operational Environment

11.1 Development Environment Vulnerability Assessment

11.2 RadICS Secure Development Environment

11.3 Operating Environment Vulnerability Assessment

11.4 RadICS Platform Secure Operational Environment

11.5 Technology Advantages for FPGAs and CPLDs

11.6 Project-Specific Vulnerability Assessments

- ((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

71

Appendix A: RadICS Platform Application Guide

A.1.2 Response to Platform Failures

A.1.3 User Designed Response to Platform Failures

- As required in the TR, the C-W developed application logic shall detect and respond to the following platform failures:

1) Any failure of a field input signal,

2) Any failure of an individual I/O channel on a module,

3) Any complete failure of a module,

4) Any failure in a remote RadICS Chassis which has switched to the RUN (SAFE) mode and that communicates with the local chassis under consideration (the resulting stale data from such a remote chassis must be detected by Application Logic in the local chassis), and

5) EEPROM failure after STARTUP (Note: These EEPROMs are used only at power-up, so a detected failure occurring during operation is an early warning that the next power-up will not succeed).

Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 72

A.2 System Design Guidance

A.2.2 Power Supplies

- ((

))a,c,e

A.2.3 Environmental Conditions

- The RadICS component environmental conditions referenced in the RadICS TR will be verified as bounding for the PBAPS installed location.

- ((

))a,c,e

A.2.4 Inputs and Outputs

- The C-W implementation will only include I/O modules that were evaluated in the RadICS TR

LM, AIM, WAIM, AOM, DIM, and DOM Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

73

A.2.5 Operational Features

A.2.5.1 Safety Override Operation

- The replacement ECCS CLS does utilize the SOR function

- Consistent with the design of the existing ECCS CLS

A.2.5.2 Access Control Features

- (( ))a,c,e

A.2.6 Setpoint Accuracy Calculations

- The LAR will address 1.9 Setpoint Methodology and Calculations (D.7)

Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

74

A.2.7 Reliability Calculations

- The LAR will address SER PSAI 7.6 Application Specific System Reliability and 7.8 System Testing and Surveillance

A.2.8 Equipment Qualification Envelope

- The LAR will address PSAIs 7.4, 7.4.1, 7.4.2, 7.4.3 and 7.4.4

A.2.9 Application Logic Development

- The LAR submittal will include

1.1 Summary of Application Software Planning and Process (D.4)

SER PSAI 7.2 Application Logic Development Process Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 75

A.2.9 Application Logic Development (cont.)

- The C-W implementation will follow the Application Logic Development process defined by RPC Radics LLC for RadICS based digital safety systems and detect and respond to:.

Any failure of a field input signal

Any failure of an individual I/O channel on a Module

Any complete failure of a Module

Loss of communications between the LM and a DOM or AOM

EEPROM failure after STARTUP Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 76

A.2.9.1 Verification of Chassis Configuration

- The C-W implementation will include application logic to detect and respond to these conditions.

- ((

- ))a,c,e

A.2.9.2 Verification of I/O Module Status

- The C-W implementation will include application logic to detect and respond to these conditions

- ((

- ))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

77

A.2.9.3 Detection of Safety-Critical I/O Failures

- The C-W implementation will include application logic to detect and respond to these conditions

- ((

- ))a,c,e

A.2.9.4 Analog Input Signal Tolerance

- The C-W implementation will include application logic to incorporate these specific considerations

- ((

- ))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

78

A.2.9.7 Monitoring Module Temperature

- The C-W implementation will include application logic to detect and respond to these conditions

A.3.1 Physical Security

- ((

))a,c,e

A.3.2 Mounting

- The C-W implementation will meet the requirements specified by this section.

- ((

))a,c,e Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

79

A.4.1 Periodic Inspection

A.4.2 Periodic Testing

A.4.3 Periodic Calibration

- The ECCS CLS will continue to utilize the existing surveillance procedures which will be updated as needed for the specifics of the replacement system Topical Report Coverage / Compliance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 80

SER Coverage Reference Material l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 81

Plant specific FPGA logic is unique to each RadICS system LM. The plant specific FPGA logic is similar to system application software in a computer-based system in that it invokes platform logic functionality to accomplish system specific functions as defined by requirement specifications. No plant specific FPGA logic was available for this evaluation. Therefore, determining acceptability of application logic is an activity that must be performed as part of the application development process. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.3.2 Plant Specific User Application FPGA Logic )

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

82

Addressed in PSAI 7.2 and satisfied by:

- Project Implementation Deliverables

((

))a,c,e SER Coverage (3.3.2 Plant Specific User Application FPGA Logic )

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 83

Because the application logic and hardware configuration will be plant specific, the scope of the dedication activities is limited to the RadICS platform hardware, as well as platform Function Block Logic Library (FBL) and ED logic. Application hardware configuration and logic development will be performed by a licensee and Radics LLC under a 10 CFR Part 50, Appendix B compliant QA program. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.4.1 Regulatory Analysis of RadICS Commercial Grade Dedication) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

84

The NRC staff determined the RadICS integration plans provide an acceptably documented method for performing product integration activities needed for safety related digital I&C system development. The RadICS integration activities establish coordination with the RadICS test plans and address the use of tools, techniques, and methodologies needed to perform integration activities for RadICS platform components. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.1.4 Integration Plan) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

85

Operating procedures and retirement assessment activities are considered by the NRC staff to be plant specific activities. The NRC staff agrees that these activities can be performed as part of the application development. It is therefore acceptable for these activities to be addressed during application development and implementation. [SER]

Addressed in PSAI 7.2 and satisfied by:

- Licensing Topical Report

Operating procedures and retirement assessment will be performed by Constellation.

SER Coverage (3.5.1.6 Verification and Validation Planning) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

86

The NRC staff finds the RadICS platform V&V processes and identified alternative activities to be consistent with the criteria of IEEE Std. 1012-2004, IEEE Standard for Software Verification and Validation, as endorsed by RG 1.168. No evaluation of RadICS application ED development V&V processes could be performed because application logic development V&V plans were provided to the NRC for review and no plant specific application was available during this evaluation. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.1.6 Verification and Validation Planning) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

87

- Project Implementation Deliverables (cont.)

((

))a,c,e SER Coverage (3.5.1.6 Verification and Validation Planning) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

88

The NRC staff determined the RadICS platform test plans are sufficiently comprehensive to demonstrate that a RadICS platform-based safety system will perform its required safety functions in a satisfactory manner. This meets the criteria of BTP 7-14, Clause 3.1.12 and is, therefore, acceptable. Application logic test plans were not included in the RadICS TR submittal and were therefore not within the scope of the NRC staff SE. Application Test planning is therefore a PSAI and should be addressed by PSAI 7.2. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.1.8 Test Planning) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

89

The NRC staff determined that RadICS platform safety analysis activities are acceptable and are compliant with SRP BTP 7-14, Section B.3.2.1. Application level safety analysis tasks were not included in the RadICS TR submittal and were therefore not within the scope of the NRC staff SE. Application safety analysis activities are therefore a plant specific action item and should be addressed by PSAI 7.2. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.2.1 Safety Analysis) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

90

The NRC staff concludes that the development functional and process characteristics of the V&V effort are acceptable. V&V activities performed for the RadICS platform logic development are acceptable and are compliant with SRP BTP 7-14, Section B.3.2.2. See PSAI 7.2 for activities to be performed during application logic development. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.2.2 V&V Analysis and Reports) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

91

- Project Implementation Deliverables (cont.)

((

))a,c,e SER Coverage (3.5.2.2 V&V Analysis and Reports) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

92

The RadICS platform TR does not address testing activities associated with application specific logic. Therefore, plant application testing activities for RadICS platform-based safety systems must be performed during plant application development and thus could not be evaluated in this SE. See PSAI 7.2 for additional information on performing application development activities to be performed. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.2.4 Testing Activity) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

93

- Project Implementation Deliverables (cont.)

((

))a,c,e SER Coverage (3.5.2.4 Testing Activity) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

94

The RadICS platform TR does not address traceability activities associated with application specific logic. Therefore, plant application requirements traceability activities for RadICS platform-based safety systems must be performed during plant application development and thus could not be evaluated in this SE. See PSAI 7.2 for additional information on performing application development activities to be performed. [SER]

Addressed in PSAI 7.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.2.5 Requirements Traceability Evaluation) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

95

Based on the NRC staff review of the RadICS FSC FMEDA, there is reasonable assurance that credible RadICS FSC failure modes have been properly identified and evaluated. Therefore, the criteria of RG 1.53 pertaining to the RadICS FSC failure modes and effects are satisfied, however system level failure modes will need to be addressed during plant application development. PSAI 7.5 of this SE identifies additional FMEA actions, that are needed during specific plant application development. [SER]

Addressed in PSAI 7.5 and satisfied by:

- ((

))a,c,e SER Coverage (3.5.2.6 Failure Mode and Effect Analysis) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

96

The NRC staff determined the RadICS platform reliability analysis results of the FMEDA contain platform reliability information that can be used to demonstrate conformance to plant-specific reliability goals. Because plant-and system-specific reliability goals are not provided in the RadICS TR and instead must be established on a plant-specific basis, the NRC staff was unable to make a safety determination for this criterion. PSAI 7.6 of this SE identifies additional actions, which must be addressed during plant specific application development. [SER]

Addressed in PSAI 7.6 and satisfied by:

- Licensing Technical Report

- Project Implementation Deliverables

(( ))a,c,e SER Coverage (3.5.2.7 Reliability Analysis) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

97

Applicants using the RadICS platform are obligated to verify that the requirements of the application are bounded by the established qualification envelope. [SER]

Addressed in PSAI 7.4 and satisfied by:

- Licensing Technical Report SER Coverage (3.6 Equipment Qualification) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 98

The NRC staff found that the RadICS platform equipment is therefore acceptable for installations where environmental conditions do not exceed the established qualification envelope. [SER]

Addressed in PSAI 7.4.1 and satisfied by:

- ((

))a,c,e SER Coverage (3.6.1 Atmospheric (Temperature and Humidity))

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

99

The NRC staff reviewed the qualification test summary report (Ref. 8) and determined that the RadICS platform met the criteria of IEEE Std. 384-1992 and Sections 4.6.4 and 6.3.6 of EPRI TR-107330. It is the responsibility of the license to verify that maximum test voltages cited in the equipment qualification summary report to which the RadICS equipment is qualified to operate are not exceeded for all RadICS 1E to Non-Class 1E interfaces (see PSAI 7.4.2). [SER]

Addressed in PSAI 7.4.2 and satisfied by:

- ((

))a,c,e SER Coverage (3.6.2 Class 1E to Non-1E Isolation) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

100

Before using the RadICS platform equipment in SR systems in NPP, licensees must determine that plant-specific EMI requirements do not exceed the capabilities of the Radics LLC system as approved in this SE. This determination and the suitability of the Radics LLC system for a particular plant and application are the responsibility of the licensee. [SER]

Addressed in PSAI 7.4.3 and satisfied by:

- ((

))a,c,e SER Coverage (3.6.3 Electromagnetic Interference / Radio Frequency Interference) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

101

A Plant using the RadICS platform is therefore required to establish plant specific seismic criteria for the system to be installed.

Licensees referencing this SE should ensure their plant-specific IERS are enveloped by the RadICS platform Test Response Spectrum qualification envelope. [SER]

Addressed in PSAI 7.4.4 and satisfied by:

- ((

))a,c,e SER Coverage (3.6.4 Seismic Qualification) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

102

Therefore, the licensees plant-specific safety function response time design bases should address these response time components separately from the response time performance requirements specified for the licensees RadICS platform-based system. Testing must also be performed to confirm RadICS system response time performance to assure that plant specific time response requirements are met. [SER]

Addressed in PSAI 7.3 and satisfied by:

- ((

))a,c,e SER Coverage (3.7.1 RadICS Platform Response Time) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

103

RadICS self-diagnostics test functions can be used to support compliance to GDC 21. However, determination of full compliance with this criterion is dependent on the specific safety system design as well as the plant specific safety functions performed by the system. Therefore, determination of GDC 21 compliance is a plant-specific evaluation item. [SER]

Addressed in PSAI 7.8 and 7.9.1 and satisfied by:

- Licensing Technical Report

Therefore, determination of IEEE Std. 603, Clause 5.7 compliance is a plant-specific evaluation item. [SER]

Addressed in PSAI 7.8 and satisfied by:

- Licensing Technical Report

- SRP, Chapter 7, Appendix 7.1-C, Section 5.7, Capability for Test and Calibration, includes criteria for test provisions of digital computer-based systems. It states that licensees should address the increased potential for system failures such as data errors and computer lockup.

Addressed in PSAI 7.7 and 7.9.1 and satisfied by:

- Licensing Technical Report SER Coverage (3.7.3 Self-Diagnostics / Test and Calibration Capabilities) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 104

Maintenance activities including periodic surveillance testing will be defined based on plant-specific application requirements. In addition, methods of failure management must be defined for a plant-specific application. [SER]

Addressed in 7.9.1 and satisfied by:

- Licensing Technical Report SER Coverage (3.7.3 Self-Diagnostics / Test and Calibration Capabilities) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 105

The NRC staff determined the methods outlined in the Radics LLC setpoint analysis support methodology to satisfy the criteria of RG 1.105. These methods therefore provide an acceptable process for determining setpoints to be used in a RadICS platform-based safety system. See PSAI 7.7 for licensee required actions for addressing system setpoints when using a RadICS platform-based system. [SER]

Addressed in 7.7 and satisfied by:

- Licensing Technical Report SER Coverage (3.8 Setpoint Determination Methodology) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 106

This Section describes and evaluates the diversity strategy used for the RadICS platform design. This includes an evaluation of the component designs and principles of operation for RadICS platform-based systems. This evaluation provides limited safety conclusions because the demonstration of adequate diversity and defense-in-depth (D3) requires the context of a specific nuclear power plants overall D3 analysis to address mitigation of vulnerabilities, which are inherently plant-specific. [SER]

Addressed in PSAI 7.9 and satisfied by:

- ((

))a,c,e

The RadICS TR does not include a plant specific application. Therefore, the effects of a CCF on plant operation or plant safety cannot be assessed as part of this SE and instead must be addressed by a licensee during application development. The RadICS platform does however contain design features described in Section 10 of the RadICS TR including protective measures for identifying and mitigating platform component CCFs. A licensee can credit these features in a plant specific D3 assessment to determine if common mode failures of the RadICS based system have been adequately addressed. [SER]

Addressed in PSAI 7.9 and satisfied by:

- ((

))a,c,e SER Coverage (3.9 Diversity and Defense-in-Depth.)

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

107

Because the RadICS TR does not include a plant specific application or plant specific accident analysis on which to base a D3 analysis, the NRC staff is unable to determine that a RadICS based safety system will meet the criteria of BTP 7-19 Point 2. However, it is evident that mitigation features of the RadICS design can be used by a licensee to support a subsequent plant specific D3 analysis to meet this requirement. Conformance with these criteria should therefore be addressed as part of PSAI 7.9. [SER]

Addressed in PSAI 7.9 and satisfied by:

- ((

))a,c,e

Indication to the operator of detected failures or initiation of fail-safe states must be defined and implemented during specific plant design development. [SER]

Addressed in PSAI 7.9 and satisfied by:

- ((

))a,c,e SER Coverage (3.9 Diversity and Defense-in-Depth.)

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

108

When manual operator actions are used to provide a backup for functions performed by a RadICS based safety system, these actions should use independent and diverse equipment that is not affected by postulated CCFs. Consistent with the requirements of IEEE Std. 603-1991, Clause 6.2, Manual Control, and applicable BTP 7-19 guidance, the point at which the manual controls are connected to safety equipment should be downstream of the plant's digital I&C safety system outputs and should achieve system-level actuation at the lowest possible level in the safety system architecture. The controls may be connected either to discrete hardwired components or to simple, dedicated, and diverse, digital equipment that performs the coordinated actuation logic.

Manual controls are not within the scope of this evaluation and must be addressed as a plant specific action. [SER]

Addressed in PSAI 7.9.3 and satisfied by:

- Licensing Technical Report

The applicants or licensees D3 analysis should either (1) demonstrate adequate diversity exists to mitigate plant vulnerabilities without the need for a diverse actuation system, or (2) determine the need for a diverse actuation system to provide adequate mitigation against plant vulnerabilities. [SER]

Addressed in PSAI 7.9 and satisfied by:

- ((

))a,c,e SER Coverage (3.9 Diversity and Defense-in-Depth.)

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

109

A complete safety RadICS based system design will require further evaluation against this guidance. The following subsections provide an evaluation of each RadICS platform communication method against applicable DI&C-ISG-04 criteria. A plant-specific action item is included in this SE for licensees to fully address relative criteria of DI&C-ISG-04. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report SER Coverage (3.10 Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 110

The methods by which the RadICS platform either meets these points or provides an acceptable alternative method of complying with NRC regulations are discussed below. In several instances, satisfying the criteria in these points cannot be determined without a complete application system design. For those points, this evaluation will highlight features of the RadICS platform that would support the point and provide guidance for addressing specific items during subsequent application development. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report

[Staff Position 1, Point 1] The NRC staff recognizes that the RadICS platform provides allowances for implementation of system features that could comply with the guidance provided by Staff Position 1, Point 1. However, evaluation of this point will require plant-specific analysis to satisfy the criteria of this staff position. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 111

[Staff Position 1, Point 2] The NRC staff determined that RadICS safety system chassis can be protected from adverse influences caused by information or signals originating from the fiber optics RUP interfaces to the MATS. The NRC staff recognizes that the RadICS platform provides allowances for implementation of system features that could meet the guidance criteria provided by Staff Position 1, Point 2. However, evaluation of this point will require plant-specific analysis to satisfy the criteria of this staff position.

[SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report

[Staff Position 1, Point 3] In cases where cross divisional communications are used to support other safety system functionality, a plant-specific analysis will be required to satisfy the criteria of this staff position. Thus, without a specific system design, the NRC staff cannot reach a safety determination on criteria of this point. [SER]

Addressed in PSAI 7.10 and satisfied by:

- ((

))a,c,e SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

112

[Staff Position 1, Point 4] The NRC staff further determined plant-specific actions are necessary to ensure that plant specifications document the safety analysis that applies to its safety function determinism and that plant-specific implementation, V&V, and testing efforts demonstrate these safety functions will be performed within the established safety design bases timeframes, including any lack of access or delays related to the communication activities. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report

[Staff Position 1, Point 1] The NRC staff determined the RadICS platform communication components support the criteria of Point 5 because the RadICS platform supports [detection and alarm logic] in response to a system's failure to meet its plant-specific limiting cycle time. The NRC staff further determined plant-specific actions are necessary to ensure plant-specifications satisfies the criteria of Point 5 with respect to [detection of and initiation of an alarm for cycle time performance] in excess of the limiting cycle time.

[SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 113

[Staff Position 1, Point 7] The NRC staff determined the RadICS platform communication components support meeting the criteria of Point 7 because the RadICS platform supports plant-specific message formats, protocols, and transmission cycles that satisfy the criteria of Point 7. The NRC staff further determined plant-specific actions are necessary to ensure plant-specifications adequately define all message formats, protocols and transmission cycles (as applicable) to each use of these interfaces. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report

[Staff Position 1, Point 10] The NRC staff determined the criteria to physically restrict the capability of making tuning parameter changes to only one redundant safety division at a time are met by the design of the MATS interfaces, which does not support simultaneous connection of the MATS tuning PC to redundant safety divisions. The NRC staff further determined plant-specific actions should verify whether plant-specifications identify administrative controls and include additional design features (i.e., a safety-qualified hardware switch and detection and indication of bypass) to govern use of the MATS tuning PC. [SER]

Addressed in PSAI 7.10 and satisfied by:

- ((

))a,c,e SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

114

[Staff Position 1, Point 11] The NRC staff determined the RadICS platform's provisions for interdivisional communication satisfies the criteria of Point 11 because these provisions explicitly preclude any ability to change the safety division logic circuits, which is the FPGA equivalent to conventional processor software. Furthermore, the NRC staff determined available RadICS platform features can be used to ensure a RadICS platform-based instrument has been bypassed or is otherwise out-of-service when system tuning, or safety system logic reprogramming activities are performed. The NRC staff further determined plant-specific actions should verify whether plant-specifications include these additional design features (i.e., a qualified hardware switch and detection and indication of bypass) to govern use of the MATS interfaces, as applicable to plant-specific safety functions. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 115

[Staff Position 1, Point 17] The NRC staff determined that the RadICS platform meets the guidance provided by Staff Position 1, Point 17. However, as noted above, fiber optic cables used to connect fiber optic RPP and RUP interfaces for a safety system will require a plant-specific evaluation to verify these cables are qualified for the environment in which they will be used. Furthermore, safety applications using the RadICS platform will require plant-specific review to confirm that the plant-specific environment is consistent with the qualification envelope defined in the RadICS TR and in Section 3.6 of this SE. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report

- Project Implementation Deliverables

(( ))a,c,e SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

116

[Staff Position 1, Point 19] The NRC staff determined the RadICS platform supports meeting the criteria of Point 19. The NRC staff further determined plant-specific actions should verify Point 19 is met by performance of a plant-specific analysis to ensure that plant performance requirements are met. This PSAI should also ensure plant-specific V&V and factory and system acceptance testing confirm that plant-specific performance requirements, as defined in the plant design basis (e.g., UFSAR), dependent on data communications are met. [SER]

Addressed in PSAI 7.10 and satisfied by:

- Licensing Technical Report

[Staff Position 1, Point 19] The NRC staff determined the RadICS platform supports meeting the criteria of Staff Position 1, Point 20.

However, the plant-specific design must be evaluated for a plant-specific application because this time will depend on the system configuration, plant application logic, and communication interfaces used. When implementing a RadICS safety system the licensee must review the plant-specific timing analyses and validation tests for the RadICS system in order to verify that it satisfies plant-specific requirements for system response time presented in the accident analysis in the plants safety analysis report. [SER]

Addressed in PSAI 7.10 and satisfied by:

- ((

))a,c,e SER Coverage (3.10.1 DI&C-ISG-04, Staff Position 1 - Interdivisional Communications) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

117

The design of field device interfaces and the determination of means for command prioritization were not provided in the RadICS TR. If a RadICS platform-based design is used for the development of a command prioritization system, then an additional evaluation of that system against the criteria of DI&C-ISG-04 Section 2 should be performed by the licensee. Since the RadICS TR does not address a specific application involving command prioritization, no evaluation against this staff position could be performed. [SER]

Addressed in PSAI 7.10 and satisfied by:

- ((

))a,c,e SER Coverage (3.10.2 DI&C-ISG-04, Section 2 - Command Prioritization) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

118

Section 3 of DI&C-ISG-04 provides guidance concerning operator workstations used for the control of plant equipment in more than one safety division and for display of information from sources in more than one safety division, and applies to workstations that are used to program, modify, monitor, or maintain safety systems that are not in the same safety division as the workstation.

RadICS platform includes a MATS subsystem to perform monitoring tuning of the system. Control over how the MATS is used during operation is a PSAI. [SER]

Addressed in PSAIs 7.8 and 7.10 and satisfied by:

- Licensing Technical Report

[Staff Position 3.1-1] Interdivisional communications for the RadICS platform are conducted through the fiber optic RPP interfaces.

These interfaces are described in Section 3.2.3.2.2 of this SE. The NRC staff evaluated the RadICS fiber optic RPP communications features and determined them to satisfy the criteria for interdivisional communications, however, some aspects of interdivisional communications are plant-specific and therefore must be evaluated when a RadICS based plant system is developed. [SER]

Addressed in PSAI 7.10 and satisfied by:

- ((

))a,c,e SER Coverage (3.10.3 DI&C-ISG-04, Section 3 - Multidivisional Control and Display Stations )

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

119

The establishment of safety groups that can accomplish a given safety function is a plant-specific activity and the topical report scope does not include specific applications. Therefore, the following evaluations against the requirements of IEEE Std. 603-1991 Section 5 are limited to assessing capabilities and characteristics of the RadICS platform that are relevant to satisfy each requirement. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5, Safety System Criteria) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 120

The following clauses were not evaluated because addressing compliance with this guidance is a plant-specific activity that depends on the system design

- Clause 5.2, Completion of Protective Action

- Clause 5.8, Information Displays

- Clause 5.11, Identification

- Clause 5.12, Auxiliary Features

- Clause, 5.13, Multi-Unit Stations

- Clause 5.14, Human Factors Considerations. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 121

Since the RadICS TR does not address a specific application for approval, the evaluation against this requirement is limited to consideration of the means provided within the RadICS platform to address failures. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.1, Single Failure Criterion) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 122

[Radics LLC QA Program] The Radics LLC 10 CFR Part 50, Appendix B based QA policy is established in the RadICS QAPD (QAPD-001),

which was reviewed by the NRC staff during the regulatory audit in Toronto (Ref. 9). The NRC staff confirmed that the RadICS platform is maintained under the Radics LLC, Appendix B based QAPD, which is intended to satisfy the requirements of Appendix B during all phases of the product life cycle. The Radics LLC Appendix B based QAPD assigns major functional responsibilities for activities and key processes related to the design, procurement, manufacturing, testing, inspection, modification, shipment and other related product realization activities for DI&C systems and components. However, Application Logic and implementation of its specific life cycle processes are outside the scope of this review and should be addressed in plant-specific reviews. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report

[Radics LLC QA Program] Assuring supplier quality during application development is the responsibility of the licensee. Thus, a licensee must assure that supplier quality is in accordance with the licensees Appendix B program. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.3, Quality) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 123

The specific redundancy needed for a RadICS platform-based safety system is intended to be defined at the system level during the application development. Therefore, the determination of independence is a plant-specific activity that requires an assessment of a full system design. A platform-level assessment can only address those characteristics of the RadICS platform that can support fulfillment of this requirement by a system design based on the platform. The platforms evaluation against this requirement is limited to consideration of the digital communications for the system, which are described in Section 3.2.3 and evaluated in Section 3.10 this SE. Because the RadICS TR does not address a specific application or establish a definitive safety system design. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report

[Radics LLC QA Program] Assuring supplier quality during application development is the responsibility of the licensee. Thus, a licensee must assure that supplier quality is in accordance with the licensees Appendix B program. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.6, Independence) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 124

A referencing applicant or licensee must address the plant-specific actions associated with confirming the application and installation have been bounded by the RadICS platform EQ including each boundary/interface condition. Compliance to this clause can only be demonstrated by application design that assures that redundant equipment are not susceptible to the effects of a design basis event. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.6.2, Between Safety Systems and Effects of Design Basis Event) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 125

The RadICS platform design can support use of interconnected equipment. However, because the RadICS TR does not include plant specific information on external systems, the NRC staff is unable to evaluate the effects of connected system on RadICS system operation. Therefore, adequate independence between RadICS systems and external systems should be established during plant-specific application development. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.6.3, Between Safety Systems and Other Systems) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 126

Since the RadICS TR does not address a specific application or establish a definitive safety system design, the evaluation against this requirement is limited to consideration of the means provided within the platform to enable testing and calibration of redundant portions of a safety system. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.7, Compatibility for Testing and Calibration) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 127

The RadICS platform design includes provisions for controlling access to RadICS equipment while in service. Section 3.13 of this SE includes an evaluation of these provisions. These provisions include physical access controls to Radiy modules, logic access controls and software access controls of the MATS system. Use of these provisions can be administratively controlled by the system operators. Implementation of administrative controls is an application specific activity which must be performed during plant application development. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.9, Control of Access) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 128

The NRC staff determined the RadICS platform design is generally capable of supporting timely recognition, location, replacement, repair, and adjustment of malfunctioning equipment. However, some aspects of a system repair capabilities must be determined during application development and therefore compliance with this position should be confirmed during plant application development. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.10, Repair) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 129

The evaluation against this requirement is limited to consideration of the reliability characteristics of the platform and its components. The NRC staffs review of RadICS platform reliability is further addressed Section 3.5.2.7 of this SE. This review identifies an activity to be performed as part of the plant-specific application of the RadICS platform. Because plant and system specific reliability goals are not provided in the RadICS TR and instead must be established on a plant-specific basis, the NRC staff was unable to make a safety determination for this criterion. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.2 IEEE Std. 603-1991, Clause 5.15, Reliability) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 130

Since the RadICS TR does not address a specific application of the platform, include the sensors, nor provide a specific safety system design, the functional and design requirements for a safety system are not available for review and no evaluation of the RadICS platform against these regulatory requirements could be performed. Specifically, the following requirements were not evaluated:

Clause 6.1, Automatic Control

Clause 6.2, Manual Control

Clause 6.3, Interaction between Sense and Command Features and other Systems

Clause 6.4, Deviation of System Inputs

Clause 6.6, Operating Bypass

Clause 6.7, Maintenance Bypass. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.3 IEEE Std. 603-1991, Clause 6, Sense and Command Features - Functional and Design Requirements) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 131

The NRC staffs review of the RadICS self-diagnostics, test and calibration capabilities is provided in Section 3.7.3 of this SE. Because determination of specific input sense and command requirements are plant-specific, the NRC staff considers this criterion to be a plant specific action. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.3 IEEE Std. 603-1991, Clause 6.5, Capability for Testing and Calibration) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 132

Because determination of setpoints is not performed at the generic platform level, compliance with this criterion to determine adequacy of established setpoints remains a plant-specific activity, which must be performed during system development. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.3 IEEE Std. 603-1991, Clause 6.8, Setpoints) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 133

Since the RadICS TR does not address a specific application of the platform, include the sensors, nor provide a specific safety system design, the functional and design requirements for a safety system are not available for review and no evaluation of the RadICS platform against these regulatory requirements could be performed. Specifically, the following requirements were not evaluated:

Clause 7.1, Automatic Control

Clause 7.2, Manual Control

Clause 7.3, Completion of Protective Action

Clause 7.4, Operating Bypass

Clause 7.5, Maintenance Bypass. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.3 IEEE Std. 603-1991, Clause 7, Execute features -

functional and design requirements) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 134

However, determination of the power sources external to the RadICS equipment to be provided to a RadICS platform-based safety system (i.e., 24 VDC power supplies, or 120 VAC power to the 24 VDC power supplies) is a plant-specific activity and will need to be addressed during plant system development. [SER]

Addressed in PSAI 7.11 and satisfied by:

- Licensing Technical Report SER Coverage (3.11.3 IEEE Std. 603-1991, Clause 8, Power Source Requirements) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 135

Activities for development of RadICS platform-based I&C systems for US NPPs will be performed under the 10 CFR Part 50, Appendix B-compliant QAP. However, evaluation of development process implementation including system integration activities used for plant application software must be evaluated for conformance with Clause 5.3 criteria during plant application development.. [SER]

Addressed in PSAI 7.12 and satisfied by:

- ((

))a,c,e SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3, Quality) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

136

The RadICS logic development processes are evaluated in Section 3.5 of this SE. The RadICS CGD process is conducted in accordance with 10 CFR Part 21 to ensure the RadICS platform has the technical critical characteristics and level of quality consistent with a product developed under a 10 CFR Part 50, Appendix B compliant program. Logic implementation quality planning for the RadICS EDs is evaluated in Section 3.5.1.3 of this SE. The NRC staff found it to be acceptable for use in nuclear safety applications. Plant application logic QA planning activities must be performed in conjunction with application development activities. [SER]

Addressed in PSAI 7.12 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3.1, Software Development) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 137

The NRC staff could not evaluate the use of software tools for plant application logic development during this SE because no safety application was provided. The use and control of development tools for plant specific logic designs must be addressed during safety system application development. [SER]

Addressed in PSAI 7.12 and satisfied by:

- Licensing Technical Report

- Project Implementation Deliverables

((

))a,c,e SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3.2, Software Tools) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

138

The RadICS logic development processes are evaluated in Section 3.5 of this SE. The RadICS CGD process is conducted in accordance with 10 CFR Part 21 to ensure the RadICS platform has the technical critical characteristics and level of quality consistent with a product developed under a 10 CFR Part 50, Appendix B compliant program. Logic implementation quality planning for the RadICS EDs is evaluated in Section 3.5.1.3 of this SE. The NRC staff found it to be acceptable for use in nuclear safety applications. Plant application logic QA planning activities must be performed in conjunction with application development activities. [SER]

Addressed in PSAI 7.12 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3.3, Verification and Validation) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 139

Clause 5.3.4 of IEEE Std. 7-4.3.2-2003 defines the levels of independence required for the V&V effort, in terms of technical independence, managerial independence, and financial independence. This clause also requires development activities to be verified and validated by individuals or groups with appropriate technical competence who are also different than the individuals or groups who performed the development activities. [SER]

Addressed in PSAIs 7.2 and 7.12 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3.4, Independent V&V Requirements) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 140

The NRC evaluated the Radics LLC configuration management program, described in Section 7.5 of the RadICS TR, and determined it to be compliant with the criteria of IEEE Std. 828-2005 as endorsed by RG 1.169. Details of this evaluation are provided in Section 3.5.1.7 of this SE. The NRC staff also confirmed that Radics LLC Configuration Management program includes all of the minimum required activities listed in Clause 5.3.5 of IEEE Std. 7-4.3.2-2003. [SER]

Addressed in PSAI 7.12 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3.5, Software Configuration Management) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 141

The NRC staff determined that risk management has been adequately implemented within the RadICS safety life cycle as a tool for problem prevention. Risk Management is performed at all levels of the Radics LLC system project development process and the risk management processes provide adequate coverage for potential RadICS platform problem areas. RadICS project risks include technical, schedule, and resource related risks that could compromise quality goals, or affect the ability of the RadICS safety system to perform safety-related functions. RadICS Risk management processes therefore meet the criteria of IEEE Std. 7-4.3.2-2003, Clause 5.3.6. [SER]

Addressed in PSAI 7.12 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.3.6, Software Project Risk Management) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 142

Based on the evaluation in Section 3.6 of this SE and review of the RadICS equipment qualification test summary report (Ref. 8), the NRC staff concludes that the Radics LLC qualification program met the requirement for computer testing of the RadICS platform, subject to satisfactory resolution of the plant-specific action items in Section 3.4 of this SE. [SER]

Addressed in PSAI 7.12 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.4.1, Computer System Testing) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 143

The NRC staff determined that fault detection and mitigation design features provided for the RadICS platform can be used to facilitate performance of safety functions in a reliable manner. Determination of compliance with the criterion of IEEE Std. 7-4.3.2, Clause 5.5.1 requires a plant-specific action item to address system integrity for a plant-specific application (see Section 7.12). Plant specific system requirements must be established to identify safety system preferred failure modes for each safety function performed. [SER]

Addressed in PSAI 7.8 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.5.1, Design for Computer Integrity) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 144

Maintenance activities performed on a RadICS based safety system, including periodic surveillance testing, will be defined based on the plant-specific system requirements. Determination of test and calibration requirements and establishment of surveillance tests necessary to ensure that the identifiable single failures are detected are plant-specific activities. [SER]

Addressed in PSAI 7.8 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.5.2, Design for Test and Calibration) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 145

Hardware and software based diagnostic features of the RadICS platform provide an acceptable method of detecting and reporting computer system faults and failures in a timely manner. The RadICS platform is therefore acceptable for providing fault detection in support of safety-related applications. However, because Radics LLC did not define the actions to be taken when Type III faults are detected and did not identify specific self-tests or periodic surveillance testing necessary to detect and address the effects of system failures on plant safety, there may be additional fault-detection and diagnostic function requirements to provide more comprehensive coverage of identified system failures. Therefore, determination of IEEE Std. 7-4.3.2, Clause 5.5.3 compliance is a plant-specific evaluation item. [SER]

Addressed in PSAIs 7.8 and 7.12 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.5.3, Fault Detection and Self-Diagnostics) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 146

The NRC staff finds that the communications capabilities of the RadICS platform provide acceptable design features to enable communications independence when appropriately configured. However, the specific interconnections defined for an application must be determined and addressed during plant application development. [SER]

Addressed in PSAI 7.8 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.6, Independence) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 147

The level of complexity introduced to the RadICS system by the diagnostic features described in Section 6.4 of the RadICS TR was determined to be commensurate with the safety functions to be performed and the benefits provided by these features justify their inclusion into the RadICS platform design. The NRC staff finds that the RadICS platform complies with the criteria of IEEE Std. 7-4.3.2-2016, Clause 5.7. A plant specific activity to establish conformance with criteria of IEEE Std. 7-4.3.2-2016, Clause 5.7 for diagnostic functions included in plant application logic will need to be performed. [SER]

Addressed in PSAI 7.12 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.7, Capability for Test and Calibration) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 148

Based on the processes reviewed and observed during the regulatory audit for RadICS logic identification, the NRC staff determined the RadICS platform complies with the guidance of IEEE Std. 7-4.3.2-2003, Clause 5.11 for its platform logic. However, assurance that proper hardware and plant application logic configuration is established and maintained is an activity that must be performed during plant application development and implementation. [SER]

Addressed in PSAI 7.12 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.11, Identification) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 149

Section 3.5.2.7 of this SE includes the NRC staff assessment and evaluation of RadICS Reliability characteristics. While the evaluation indicates the platform satisfies this requirement, a plant-specific evaluation of RadICS system reliability against specific plant system reliability requirements is necessary to establish full conformance with Clause 5.15. [SER]

Addressed in PSAI 7.12 and satisfied by:

- Licensing Technical Report SER Coverage (3.12.1 IEEE Std. 7-4.3.2-2003 Clause 5.15, Reliability) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 150

[Assessment of Potential Susceptibilities] This RPC Radiy FSC development environment vulnerability assessment includes assessments of: hardware, software and logic, configuration, and network vulnerabilities. The NRC staff concludes that these vulnerability assessments can be used to show conformance with the criteria of RG 1.152, Position 2.1; however, the establishment of a secure environment for application logic development remains a plant specific action. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report

- Project Implementation Deliverables (non-RadICS Components)

((

))a,c,e SER Coverage (3.13 RG 1.152, Revision 3, Regulatory Position 2.1, Concepts Phase) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

151

[Remote Access] Evaluation of a safety system against this part of the regulatory position is a plant-specific activity that requires an assessment of a completed system design. The RadICS platform design partially addresses this part of the regulatory position by incorporating design features that limit connectivity between RadICS safety systems and other external systems. Section 3.2.3.2 of this SE describes external communications interfaces of the RadICS platform and Section 3.10 of the SE evaluates these interfaces for regulatory compliance. These interfaces include features that can be credited to restrict remote accessibility for RadICS systems.

[SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report SER Coverage (3.13 Secure Development and Operational Environment) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 152

[Definition of Secure Operational Environment Functional Requirements] The design feature requirements intended to maintain a secure operating environment and ensure reliable system operation should be part of the overall system requirements. The conformance of a safety system with this part of the regulatory position was not evaluated because defining and establishing requirements for external communication interfaces is a plant-specific activity that requires an assessment of the safety system design. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report

[Verification of SDOE Requirements] Application specific SDOE features may also be identified during system requirements development activities. Such features would need to be included as application design requirements and would need to be incorporated into the application logic during the application development process. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report

- Project Implementation Deliverables (non-RadICS Components)

((

))a,c,e SER Coverage (3.13 RG 1.152, Revision 3, Regulatory Position 2.2, Requirements Phase) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

153

[Use of Predeveloped Software (Logic) and Systems] Application ED logic will be developed by Radiy LLC under its QA program and in accordance with a licensees 10 CFR Part 50, Appendix B QA processes. See PSAI 7.2 for more information on vendor oversight activities to be performed during application development. The NRC staff concludes that the Radiy LLC CGD processes can be used show conformance with the criteria of RG 1.152 Position 2.2; however, reliability requirements are plant specific and therefore must be verified during application logic development. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report

[Prevention of the Introduction of Unnecessary Requirements] The NRC staff concludes that these secure operational environment features can be used show compliance with the criteria of RG 1.152 Position 2.2; however, the additional plant specific actions must be taken to ensure that unnecessary requirements are not included in the application logic. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report SER Coverage (3.13 RG 1.152, Revision 3, Regulatory Position 2.2, Requirements Phase) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 154

[Physical and Logical Access Controls] The NRC staff finds that the RadICS platform contains secure operational environment features that can be used to support the plant specific safety applications. Because determination of a secure operational environment is a plant specific activity, the NRC staff considers this criterion to be a plant specific action. [SER]

Addressed in PSAI 7.13 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report

[Prevention of the Introduction of Unnecessary Design Features] The NRC staff finds that RadICS processes for verifying the translation of SDOE design features is acceptable and can be used to support the plant specific application of the RadICS platform.

Because determination of a secure operational environment is a plant specific activity, the NRC staff considers this criterion to be a plant specific action. [SER]

Addressed in PSAI 7.13 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.13 3.12.3 RG 1.152, Revision 3, Regulatory Position 2.3, Design Phase) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 155

[Transformation from System Design Specification to Design Configuration Items] The NRC staff finds that RadICS processes for verifying the translation of SDOE design specifications is acceptable and can be used to support the plant specific application of the RadICS platform. Because determination of a secure operational environment is a plant specific activity, the NRC staff considers these criteria to be a plant specific action. [SER]

Addressed in PSAI 7.13 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report

[Implementation of Secure Development Environment Procedures and Standards] The NRC staff finds that RPC Radiy secure platform development environment controls and procedures meet the criterion of regulatory position 2.4 and are, therefore, acceptable. Establishment of a secure development environment for application logic development remains a plant specific activity which must be performed during application logic development. [SER]

Addressed in PSAI 7.13 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.13 RG 1.152, Revision 3, Regulatory Position 2.4, Implementation Phase) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 156

[Accounting for Hidden Functions in the Code] The NRC staff finds that Radics LLC processes for detecting and addressing errors in the platform and logic implementation are acceptable and can be used to support the plant specific application of the RadICS platform. Because determination of a secure operational environment is a plant specific activity, the NRC staff considers this criterion to be a plant specific action. [SER]

Addressed in PSAI 7.13 and satisfied by:

- NRC Reviews

Methodology review of QAPD-001 by NRC as part of the TR (see previous slide)

- Licensing Technical Report SER Coverage (3.13 RG 1.152, Revision 3, Regulatory Position 2.4, Implementation Phase) l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 157

[Validation of Secure Operational Environment Design Configuration Items] The conformance of a safety system with this part of the regulatory position was not evaluated because it is an activity that requires an assessment of the plant-specific safety system design. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report

[Configuration of Secure Operational Environment Design Features] The conformance of a safety system with this part of the regulatory position was not evaluated because it is an activity that requires an assessment of the plant-specific safety system design. [SER]

Addressed in PSAI 7.13 and satisfied by:

- Licensing Technical Report SER Coverage (3.13 RG 1.152, Revision 3, Regulatory Position 2.5, Test Phase )

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 158

((

))a,c,e System Design and Implementation Stages l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

159

QA Program Review Reference Material l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 160

Curtiss-Wright Nuclear Division Organization

Curtiss-Wright Nuclear Division organizational / business units that provide safety-related products and services that are licensed by the NRC (not exhaustive, only an example)

Curtiss-Wright Nuclear Division Enertech Scientech OFMS PIMC I&C DSS IS PPD Qualtech NP

l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 161 Business unit providing the Peach Bottom ECCS CLS to Constellation

Curtiss-Wright Scientech PIMC Business Units PIMC Plant Instrumentation and Control DSS Digital Safety Systems I & C Instrumentation and Control IS Information Solutions PPD Plant Performance Division Scientech PIMC has four business units and one Quality Assurance Manual (QAM) that provides control of activities affecting the quality of items and services.

The Quality Assurance Program Description (QAPD) applies to activities affecting the quality and performance of Digital Safety Systems The QAPD describes the specific procedures to be used for activities specific to Digital Safety Systems and complies with the QAM.

QAM QAPD l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 162

Overview Curtiss-Wright Scientech provides 4 groups of Safety-Related products and services that potentially fall under NRC regulations:

-1) Analog Safety Products (I&C)

Hardware only, no digital or software content

Discrete hardware components

System composed of integrated hardware components

QA Program

-Scientech QAM

PIMC SOPs

I&C SOPs

-2) Digital Safety Systems (DSS)

Integrated Systems (hardware and software)

RadICS based systems

QA Program

-Scientech QAM

DSS QPs (SOPs)

QPs are the controlling documents but may reference other SOPs l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 163

Overview Curtiss-Wright Scientech provides 4 groups of Safety-Related products and services that potentially fall under NRC regulations:

-3) Safety-Related Software Applications (IS)

Software only, not hardware

Discrete software applications

QA Program

-Scientech QAM

PIMC SOPs

IS SOPs

-4) Process Monitoring and Control Systems (PPD)

Integrated Systems (hardware and software)

Non-RadICS based systems

QA Program

-Scientech QAM

PIMC SOPs

PPD SOPs l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT 164

Curtiss-Wright DSS Organizational Chart l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

165

((

))a,c,e

((

))a,c,e Example of C-W QAPD vs. Radics QAPD: Requirement 1 l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

166

((

))a,c,e Curtiss-Wright QAPD vs. Radics QAPD: Requirement 5 l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

167

((

))a,c,e Quality Assurance Program Maintenance l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

168

Work Performed by Others

Curtiss-Wright may subcontract safety-related work (products and services) to others as needed during project implementation

((

- ))a,c,e l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

169

Work Performed by Others

- QA Program of Curtiss-Wright

((

- ))a,c,e l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

170

Curtiss-Wright QA Program Digital Safety System (DSS) Quality Procedures (QPs)

- ((

))a,c,e C-W Quality Assurance Program Background l PBAPS ECCS COMPENSATED LEVEL SYSTEM REPLACEMENT PROJECT.

171

v t e Letter Sequence Meeting
EPID:L-2024-LRM-0009, Constellations Pre-Submittal Meeting Presentation About Peach Bottom ECCS Compensated Level System Replacement Project - July 22, 2024 (Open)
Initiation Request, Request, Request Acceptance... Administration Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting, Meeting Questions Answers Results Approval Other: ML24131A128, ML24134A203
MONTHYEAR2024-07-22 [Table View]

ML24366A050

Text

Navigation menu

Search