ML25015A128
| ML25015A128 | |
| Person / Time | |
|---|---|
| Site: | 99902100 |
| Issue date: | 03/07/2025 |
| From: | Brusselmans R NRC/NRR/DANU/UAL1 |
| To: | TerraPower |
| Roel Brusselmans, NRR/DANU | |
| Shared Package | |
| ML25015A124 | List: |
| References | |
| NAT-4950 | |
| Download: ML25015A128 (13) | |
Text
Enclosure TERRAPOWER, LLC. AUDIT
SUMMARY
REPORT, TOPICAL REPORT NAT-4950, INSTRUMENTATION & CONTROL ARCHITECTURE AND DESIGN BASIS TOPICAL REPORT, REVISION 1 Applicant:
TerraPower, LLC Applicant Address:
15800 Northup Way, Bellevue, WA 98008 Plant Name:
Natrium Project No.:
99902100
1.0 BACKGROUND
By letter dated March 7, 2024, TerraPower, LLC (TerraPower) submitted topical report (TR)
NAT-4950 Revision 1, Instrumentation & Control Architecture and Design Basis Topical Report (Agencywide Documents Access and Management System (ADAMS) Accession No. ML24068A186) to the U.S. Nuclear Regulatory Commission (NRC) staff. The TR describes TerraPowers overall architecture related to the instrumentation and control (I&C) design. It also addresses the associated design basis and the process for I&Cs relationship to lines of defense, structure, system, and component (SSC) classification, and I&C functions basis and allocation to individual systems. On April 15, 2024, the NRC staff found that the material presented in the TR provides technical information in sufficient detail to enable the NRC staff to conduct a detailed technical review (ML24101A204).
2.0 AUDIT REGULATORY BASES Under the provisions of Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, applicants for a construction permit (CP) and operating license must submit Principal Design Criteria (PDCs) for the proposed facility. PDCs establish the necessary design, fabrication, construction, testing, and performance design criteria for SSCs important to safety to provide reasonable assurance that a facility referencing this TR could be operated without undue risk to the health and safety of the public. Various PDCs are applicable to the subject TR and its audit.
10 CFR 50.55a(h), incorporates the 1991 version of Institute of Electrical and Electronics Engineers (IEEE) Std. 603, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, by reference, including the correction sheet dated January 30, 1995. IEEE Std. 603-1991 establishes minimum functional design criteria for the power, instrumentation, and control portions of nuclear power generating station safety systems.
10 CFR 73.54, Protection of Digital Computer and Communication Systems and Networks, requires, in part, that NRC licensees provide high assurance that digital computer and communication systems and networks are adequately protected against cyber-attacks.
10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, establishes quality assurance requirements for the design, manufacture, construction, and operation of those structures, systems, and components.
SRM-SECY-22-0076, Staff Requirement - SECY-22-0076 - Expansion of Current Policy on Potential Common-Cause Failures in Digital Instrumentation and Control Systems, (ML23145A181) dated May 25, 2023, approved the NRC staffs recommendation in SECY-22-0076, Expansion of Current Policy on Potential Common-Cause Failures in Digital Instrumentation and Control Systems (ML22193A290) with edits, and provided direction to the NRC staff.
3.0 AUDIT PURPOSE AND OBJECTIVES The purpose of the audit was for the NRC staff to gain a more detailed understanding of TerraPowers I&C architecture and design basis methodology presented in the TR. A secondary purpose of the audit was to identify any information that would require docketing to support the NRC staffs safety evaluation (SE).
4.0 SCOPE OF THE AUDIT AND AUDIT ACTIVITIES The audit followed the guidance in the Office of Nuclear Reactor Regulation Office Instruction LIC-111, Regulatory Audits, Revision 1, dated October 31, 2019 (ML19226A274). The NRC staff provided its audit plan for the subject TR to TerraPower on June 24, 2024 (ML24163A003).
The audit was conducted virtually from July 8, 2024, through September 30, 2024, using TerraPowers electronic reading room (ERR). Audit activities included virtual meetings to discuss questions, audit of submitted files, and code demonstrations via videoconference.
Members of the audit team included the NRC staff listed below.
Joe Ashcraft Electronics Engineer, Audit Lead Roel Brusselmans Project Manager, Audit Manager Calvin Cheung Electronics Engineer Ralph Costello Senior Security Specialist (Cyber)
Stephanie Devlin-Gill Senior Project Manager Ian Jung Senior Reliability and Risk Analyst Mallecia Sutton Senior Project Manager Dinesh Taneja Senior Electronics Engineer The participants from TerraPower for this audit include those listed below.
Brian Arnholt I&C System Design Engineer Patrick Donnelly Principal Engineer, Nuclear Licensing Mike Dunevant Principal Engineer, I&C Nick Garska Nuclear Licensing Engineer Jamie Getchius Principal Engineer, Nuclear Licensing Ian Gifford Senior Manager, Licensing Kevan Griffith Principal Engineer, Electrical Systems Bob Hirmanpour I&C System Design Engineer Chris Hope Senior Manager, I&C/Electrical Brian Johnson Manager, Risk Assessment/Lead Principal Engineer Steve Mikhail Electrical Design Engineer Jerry Mills Principal Engineer, System Design Brock Wilbanks Manager, Safety/I&C System Design The NRC staff did not acquire any documents during the audit. The NRC staff reviewed the following documents during the audit using TerraPowers ERR:
TerraPower Internal document, Comparison of the 1991 and 2018 Versions of IEEE Std 603, developed by NewClear Day, Inc.
NAT-4770 Revision 1, Natrium Demonstration DID [Defense-In-Depth] Evaluation Report NAT-7046 Revision 2, Natrium Demonstration Plant Level Safety Classification Report While the audit plan had stated an audit exit meeting date of August 12, 2024, due to ongoing discussions for audit questions, the audit exit meeting was held on September 30, 2024, where the NRC staff summarized the audit purpose, activities, and high-level results. On October 30, 2024, TerraPower submitted a revision to the subject TR, NAT-4950, Instrumentation & Control Architecture and Design Basis Topical Report, Revision 2 (ML24305A009), which is a result of the audit discussions between the NRC staff and TerraPower, as summarized below.
5.0
SUMMARY
OF OBSERVATIONS As indicated in the NRC staffs audit plan, the audit was focused on specific inquiries pertaining to the content of the TR. The NRC staff reviewed information through the TerraPower ERR and held discussions with the TerraPower staff to understand and resolve questions. The table below replicates the transmitted audit questions and summarizes the resolution of the questions. The resolution of the majority of the questions resulted in TerraPowers proposed markups in redline-strikethrough to the TR under review (Revision 1) that the NRC staff found to be reasonable.
After the audit, TerraPower formally submitted Instrumentation and Control Architecture and Design Basis Topical Report, Revision 2 (ML24305A008) for the NRC staff review. The NRC staff found Revision 2 of the TR is consistent with the proposed markups discussed during the audit.
Question number Question Comments 1
Explain how TerraPower plans to address preliminary information provided/discussed in the topical report.
Describe the scope of the TR in this context.
An example is contained within section 4.2, I&C Relationship to Plant-Level Lines of Defense, which states that This topical report provides preliminary list of functions assigned to the Reactor Protection TerraPower is seeking approval of the process instead of actual details of how I&C systems, such as the Reactor Protection System, work. Details will be provided in the Final Safety Evaluation Report (FSAR)
System (RPS) (see section 6.2). The licensee or applicant referencing this topical report will provide the list of functions, defense lines, classifications, and assignment to the I&C systems based on the DID analysis and [probabilistic risk assessment (PRA)]
process described in this section and section 4.3.
(operating license application). There will likely be a limitation and/or condition in the SE. There was a question about the design basis and whether it is finalized. The design basis that affects the architecture may not be all inclusive at this time and nor are the associated codes and standards. Currently, TerraPower does not have plans for revising the TR to finalize the preliminary information given the intended use of the preliminary information is only for the construction permit.
2 Sections 1.0 and 2.0, Purpose and Scope, state that this TR identifies I&C relationship to plant-level lines of defense, safety classification, and function allocation to I&C systems. Since plant-level lines of defense information has not yet been reviewed and approved by the NRC staff, the design basis for I&C systems cannot be finalized. Similar to question 1, discuss how TerraPower proposes to address impacts to the I&C system design basis while the plant-level design bases are undergoing the iterative design process.
Changes to the I&C design and associated impacts to design and licensing basis may continue to evolve. As stated in response to question number 1, any changes to the design and licensing basis will be addressed by the applicant referencing this TR. A limitation and/condition in the SE may be needed on this topic.
3 Section 3.0, Background, states: In recent years, the industry and the NRC started incorporating risk-based decision-making into plant process and programs (e.g., maintenance and fire protection).
The expression risk-based is not consistent with the NRCs approach, which is rather risk-informed. The Commission, in SRM-SECY-98-144, White Paper on Risk-Informed and Performance-Based Regulation, (ML003753601) states that the Commission does not endorse an approach that is risk-based; however, this does not invalidate the use of probabilistic calculations to demonstrate compliance with certain criteria, such as dose limits. Consistent with the Commission policy, the industry and the NRC have been increasingly developing and using the risk-informed (and performance-based) approaches to the regulation of nuclear reactors. This expression risk-TerraPower agreed to replace risk-based with risk-informed. TerraPower proposed markups to the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
based is repeated in the TR. Was the use of the term risk-based a typographical error?
4 Section 3.0, Background, states: The SRM-SECY-22-0076 approach is consistent with NEI 18-04.
As discussed in SECY-23-0092, Annual Update on Activities to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Controls Regulatory Infrastructure and License Amendment Requests, (ML23228A226) the Staff Requirements Manuals (SRM) language does not clearly connect to NEI 18-04 and the DRG: Instrumentation and Control for Non-LWR Reviews e.g., critical safety function.
Thus, the TRs statement above is not considered accurate and should be rephrased. One option is to use the following statement instead:
The SRM-SECY-22-0076 approach can be implemented using the NEI 18-04 methodology and the guidance in DRG.
TerraPower agreed to rephrase the statement consistent with the NRC staff proposal. TerraPower proposed markups to the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
5 Section 4, Instrumentation and Control Systems Overview, states on Page 9 of 43 that The preliminary outcome of the DID process (e.g., I&C functions list and DLs [Defense Lines]) is provided in this report to support overall understanding of the I&C architecture, systems, safety classification, and function allocation. The licensee or applicant referencing this topical report will provide the final version of the information noted as preliminary.
- a. Clarify the statement in section 4.0 which states that due to the RadICS platform, a diverse system is not needed to address Common Cause Failure (CCF). RadICS states that under Branch Technical Position (BTP) BTP 7-19, Guidance for Evaluation of Defense in Depth and Diversity to Address Common-Cause Failure Due to Latent Design Defects in Digital Safety Systems (ML20339A647) that a plant specific design (plant specific action item (PSAI) 7.9) should meet or support criteria of BTP 7-19. Section 7.4,
- a. TerraPower intends to meet PSAI 7.9 crediting RadICS internal diversity, but their design has not been fully developed; therefore, PSAI 7.9 will be completed at the operating license stage.
The NRC staff may discuss this topic in the SE of the TR, potentially by including a limitation or condition as part of the approval.
- b. and c. TerraPower will revise the TR regarding the description of the power supply and remove the expression 'highly reliable'.
Diversity of the TR also discusses that PSAI 7.9 should be performed at application development.
- b. Please provide additional information on how the power supply is highly reliable. Is the information supporting highly reliable demonstrated in this TR or elsewhere?
- c. Please explain the basis for stating the design meets required reliability: Redundancy of NIC
[Nuclear Island Control System] components and network, combined with special treatments, ensures the required reliability.
TerraPower proposed markups to the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
6 Section 4.1.1, Code of Federal Regulations, states that The Natrium I&C use IEEE Std 603-2018 instead of IEEE Std 603-1991 [11] cited in 10 CFR 50.55(a)(h). However, the RadICS platform used for the RPS conforms with IEEE Std 603-1991.
The NRC staff has neither endorsed IEEE Std 603-2018 nor incorporated by reference into 10 CFR 50.55(a)(h). The TR does not fully discuss the justification for its use instead of IEEE Std 603-2018.
TerraPower should discuss this approach further and explain why there is no need for an exemption request, or an alternative request under 10 CFR 50.55a(z).
TerraPower revised the TR to include a description of how the use of the 2018 version is used to meet the 1991 version, and a commitment for demonstrating compliance IEEE Std 603-1991 as incorporated by reference in 10 CFR 50.55a(h).
TerraPower has performed a comparison of the 1991 and 2018 versions of IEEE Std 603 and found that the latter meets or exceeds the requirements of the former incorporated into 10 CFR 50.55a(h). TerraPower placed the comparison document in the ERR.
TerraPower stated that they can adopt IEEE Std 603-2018 for use without the need for an exemption request under 10 CFR 50.12 or an alternative request under 10 CFR 50.55a(z).
TerraPower proposed markups to the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
7 For section 4.1.2, Regulatory Guidance, it appears that the overall architecture and design basis is informed by the risk-informed and performance-based process in NEI 18-04, as endorsed by RG 1.233. For example, the TR discusses the plant-level DID and layers of defense using the NEI 18-04 methodology that are closely related to the development of the I&C architecture and design basis. Should RG 1.233 be included in this section for completeness?
TerraPower agreed and has revised the TR to include RG 1.233 in section 4.1.2.
TerraPower proposed markups to the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
8 For section 4.1.2, Regulatory Guidance, with 10 CFR 73.54 listed under section 4.1.1, should Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, Revision 1 (ML22258A204) be listed in this section? Consistent with the security-by-design concept, the I&C architecture development should consider cyber security early and often.
TerraPower plans to implement cybersecurity early, and a separate cybersecurity plan will be submitted as part of the operating license application.
TerraPower is not planning to use RG 5.71. As stated in section 7.8.3 of the TR, Natrium will use NEI 08-09.
TerraPower will add NEI 08-09 to the appropriate section of the TR.
TerraPower proposed markups to the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
9 For section 4.1.2, Regulatory Guidance, it is not clear to the NRC staff what is the intended scope of the regulatory guidance documents listed in this section. Based on the title of the TR, which includes the I&C architecture and design basis, it can be interpreted that comprehensive regulatory guidance needs to be included for the I&C design in the TR.
There are several regulatory guidance documents that are not included in the TR that are expected to be part of the overall I&C design basis. Examples include those that are associated with environmental qualification of I&C equipment (e.g., RG 1.180, Guidelines for Evaluating Electromagnetic and TerraPower stated that the intent is to describe key regulatory guidance driving the architecture. The intent of the section was to only list the basis for the I&C architecture, not all the regulatory requirements, codes and standards that are applicable to I&C. That level of detail will be included in PSAR/FSAR.
Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems, Revision 2 (ML19175A044), the software life cycle development (e.g., RGs 1.169 - 1.173), and setpoints (i.e., RG 1.105, Setpoints for Safety Related Instrumentation, Revision 4 (ML20330A329)). Additional information or clarification is needed on the scope of the regulatory guidance listed in this section.
TerraPower proposed clarifying markups to section 4.1.2 of the TR in ERR and this question is resolved due to formal submittal of TR, Revision 2.
10 Section 4.1.3, Industry Codes and Standards, states that Natrium I&C uses highly reliable NSRST (Non-Safety Related with Special Treatment) power source (Type B, C, F variables requiring reliable power supply are NSRST) when discussing IEEE Std 497-2016, IEEE Standard Criteria for Accident Monitoring Instrumentation for Nuclear Power Generating Stations, endorsed by RG 1.97, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants, Revision 5 (ML18136A762). Type F has to do with indication of fuel damage and its effects.
Type F variables are those that provide primary information to accident management personnel to indicate fuel damage and the effects of fuel damage.
How does TerraPower define fuel damage and what are the possible parameters projected to be qualified as Type F variables?
TerraPower understands the NRC feedback on the description in the TR of the use of IEEE 497-2016, which is not technology inclusive.
TerraPower will revise the TR to incorporate this feedback and clarify the manner in which IEEE 497-2016 will be used. TerraPower stated that defining fuel damage is outside the scope of this TR.
TerraPower proposed markups to section 4.1.3 of the TR in ERR. Resolved pending formal submittal of TR Revision 2.
11 It is not clear to the NRC staff what the intended scope of the industry codes and standards listed in section 4.1.3, Industry Codes and Standards.
Depending on the scope, the list of industry codes and standards may need to be adjusted.
This question is related to Question 9 above.
TerraPower proposed clarifying markups to section 4.1.3 of the TR in ERR that is consistent with their response to Question 9. Resolved pending formal submittal of TR Revision 2.
12 Section 4.1.3, Industry Codes and Standards, does not include the industry documents that are discussed within the TR. Examples include NEI 18-04, which is extensively used, and NEI 08-09, Cyber Security Plan for Nuclear Power Reactors, Revision 6 (ML101180437). Should these be listed in this section for clarity and completeness?
TerraPower proposed markups for a new section (i.e., section 4.1.4) of the TR for other guidance in ERR.
This question is resolved due to formal submittal of TR Revision 2.
13 In section 4.1, I&C Architecture Design Bases, the TR does not list SRM-SECY-22-0076 although it is mentioned under section 4.1.2 as part of the 10 CFR 50.55a, Codes and Standards related discussion. It should add clarity to list this Commission policy separately (e.g., under new section 4.1.4) because it pertains to the I&C architecture design bases and is a unique category different from regulations and regulatory guidance such as RGs.
TerraPowers proposed section 4.1.4 of the TR includes SRM-SECY-22-0076 in the ERR. This question is resolved due to formal submittal of TR Revision 2.
14 Section 4.2, I&C Relationship to Plant-Level Lines of Defense, states that For the Natrium power plant the above layers are expanded on in detail to include the following:
The five DLs for the design provide protection against unacceptable releases of radiation. The DLs include programmatic elements, design features, and design functions. The first and fifth DLs include programmatic elements and design features, while the second, third, and fourth DLs include design functions The second, third, and fourth DLs (DL2, DL3, and DL4) include the design functions necessary to ensure performance of the fundamental safety functions, and therefore prevent PIEs [postulated initiating event]
from leading to unacceptable radioactive releases. A DL function of I&C includes both sensing of a signal to determine the need for the function (i.e., indication), if required, and actuation to complete the function.
It is not clear to the NRC staff what include the design functions intends to convey regarding DL2, DL3, and DL4. Typically, design functions are accomplished by design features and programmatic elements. The TR states that the first and fifth DLs include programmatic elements and design features.
Can TerraPower explain or elaborate the design functions included in DL2, DL3, and DL4?
TerraPower shared additional clarifications, and the NRC staff suggested adding the clarifications in the TR.
TerraPower included the clarifications in the proposed markups in section 4.2 of the TR. This question is resolved due to formal submittal of TR Revision 2.
15 The TR states that no single layer, function, or feature is specifically relied upon to mitigate the postulated initiating event (PIE) and uses the following expressions are used: Abnormal Operating Occurrence (AOO) PIE, Design Basis Event (DBE)
PIE, and Beyond Design Basis Event (BDBE) PIE.
NEI 18-04 uses the expression initiating event (IE) not PIE. Is a PIE in this TR the same as an IE in NEI 18-04?
In NEI 18-04, LBEs, consisting of AOOs, DBEs, BDBEs, and Design Basis Accidents, are defined in terms of event sequences comprised of an IE, the plant response to the IE (which includes a sequence TerraPower provided clarifications which included that, for the Natrium project, a PIE is defined as an event capable of leading to AOOs and accident conditions and that, within the TR, AOO, DBE and BDBEs are used to refer to the frequency of the PIE regardless of whether or not it actually causes a reactor trip.
of successes and failures of mitigating systems) and a well-defined end state. The TR states that The DID evaluations utilize the layers list above in addition to utilizing the guidance listed in NEI 18-04 Tables 5-2 to 5-4. Tables 5-2 to 5-4 of NEI 18-04 use the IE terminology. Does an AOO PIE, a DBE PIE, and a BDBE PIE represent an IE corresponding to the specific event sequences of an AOO, DBE, or DBDE?
TerraPower included clarifications in the proposed markups in section 4.2 of the TR. This question is resolved due to formal submittal of TR, Revision 2.
16 Table 4-2, Instrumentation and Control System Classification, has the following note regarding the Anticipatory Automatic Seismic Trip System (AST):
- The licensee or applicant referencing this topical report will provide the AST architecture including interface with RTBs.
Can TerraPower provide more detail on this statement?
TerraPower stated that AST is a new system that will be addressed by the licensing applicant outside of the TR.
The NRC staff noted that the AST architecture is outside the scope of the TR. This question was resolved and closed with no further action required.
17 Section 4.4, Function Allocation to I&C Systems, states that The plant and I&C functions are determined using the plant risk and DID analysis based on NEI 18-04. The process is iterative. During the preliminary design and requirements phase of the project, a baseline is established. The plant DID analysis and safety classification are updated based on design considerations through the design development process. The list of functions and classification of the SSCs will be finalized at the end of the design phase using the NEI 18-04 process and subject to the change control process.
The NRC staffs review of this TR is based on the preliminary design and requirements phase of the Natrium project. What is the change control process in the last sentence referring to?
TerraPower stated that the design control and change process is referring to that of the Quality Assurance Program Description TR (TP-QA-PD-0001).
TerraPower proposed markups in the TR clarifying the design control and change process. This question is resolved due to formal submittal of TR, Revision 2.
The NRC staff noted that the NEI 18-04 process to be implemented iteratively in the future as the design matures may be identified as a limitation or condition in the SE.
18 Section 7.4, Diversity states that The RadICS PSAI 7.9 is addressed by the Natrium I&C design, allocation of functions, safety classification and diversity and defense in-depth based on PRA and the plant DID analysis. These analyses are consistent with the SRM-SECY-22-0076 methodology. The analysis requires implementation of diverse Non-Safety Related with No Treatment (NST) and Non-Safety Related with Special Treatment (NSRST) functions at DL4 including diverse Primary Sodium Pump and Intermediate Sodium Pump shutdown and trip. In addition, the RPS design implements the RadICS fail safe modes as indicated in PSAI 7.9.
Are there additional details (e.g., supporting documents) available for regulatory audit regarding the PRA and the plant DID analysis to address the RadICS PSAI 7.9? For example, is there a document on the plant-level DID analysis? The additional details may be needed for the NRC staff to conclude that this TR adequately addresses PSAI 7.9 of the RadICS TR.
TerraPower uploaded NAT-4770 Revision 1, Natrium Demonstration DID Evaluation Report, in ERR.
As discussed in Question 5, TerraPower stated that PSAI 7.9 will be completed at the operating license stage. This question is resolved and closed.
19 Section 7.4.1, SECY-22-0076, states that The following addresses the SRM-SECY-22-0076 that approved the NRC staff recommendation with some changes:
- 1. The applicant must assess the defense-in-depth and diversity of the facility incorporating the proposed digital I&C system to demonstrate that vulnerabilities to digital CCFs have been adequately identified and addressed. The defense-in-depth and diversity assessment must be commensurate with the risk significance of the proposed digital I&C system.
Natrium I&C implementation: An assessment of the defense-in-depth and diversity is performed consistent with NEI 18-04. The assessment considers risk significance of the RPS. The SSC safety classification concluded that RPS is SR [Safety Related].
The NRC staff understands the NEI 18-04s plant-level assessment of the defense-in-depth adequacy encompasses the I&C systems. However, the last two sentences are focused on the RPS only. Does Natriums defense-in-depth and diversity assessment include other digital I&C systems listed in table 4-2, Instrumentation and Control System Classification, based on their risk significance?
TerraPower has updated the TR to reflect how other I&C systems are included in the defense-in-depth and diversity assessment.
TerraPower uploaded NAT-7046 Revision 2, Natrium Demonstration Plant Level Safety Classification Report, in ERR and referred to NAT-4770 Revision 1, discussed under Question 18 and uploaded in ERR, for additional information.
TerraPower included the clarifications in the proposed markups in section 7.4 of the TR. This question is resolved due to formal submittal of TR, Revision 2.
20 Section 7.4.1, SECY-22-0076, states that, for Point 2 of the SRM, Natrium I&C implementation: The DID assessment is consistent with RG 1.233. The assessment includes both risk-informed and best-estimate analysis. The DID assessment is consistent with RG 1.233. The assessment includes both risk-informed and best-estimate analysis.
Based on the last sentence, does TerraPower perform its DID assessment using both deterministic and risk-informed options? For the former, each event evaluated in the accident analysis section of the safety analysis report is postulated to have occurred along with a concurrent digital I&C CCF, which is thus deterministic. For the latter, a risk-informed approach such as NEI 18-04 is used considering the risks associated with selected LBEs that are event sequence families.
TerraPower stated that it performed the DID assessment using risk-informed options and would revise the TR to remove reference to best-estimate analysis.
TerraPower included the clarification in the proposed markups in section 7.4.1 of the TR. This question is resolved due to formal submittal of TR, Revision 2.
21 Section 7.4.1, SECY-22-0076, states that, for Point 3 of the SRM, Natrium I&C implementation: The DID assessment establishes the defense lines and shows that design features are adequate to address CCF.
The PRA DID analysis shows the RPS, with inherent internal diversity, sufficiently decreases the CCF risk beyond the high consequence BDBE region, such that the RPS CCF event can be further mitigated through DL4 functions.
The expression sufficiently decreases the CCF risk beyond the high consequence BDBE region is not clear. Explain this expression further. Regarding,
such that the RPS CCF event can be further mitigated through DL4 functions, is the RPS CCF event the only event of concern?
TerraPower stated that the consideration of CCF in the PRA shows that no PIE with RPS failure is greater than 1E-4 per year in frequency and thus wouldn't require another safety-related system. Other CCFs are considered but are also not in the 1E-4 per year or higher region of the frequency-consequence curve to cause the need for another safety-related system. The RPS CCF event is the major event of concern. CCFs of other digital I&C systems are mitigated through actuation of the RPS.
TerraPower agreed to and has revised the TR for clarification. TerraPower included the clarification in the proposed markups in section 7.4.1 of the TR. This question is resolved due to formal submittal of TR, Revision 2.
22 SRM-SECY-22-0076 Point 4 states that:
- 4. Main control room displays and controls that are independent and diverse from the proposed digital TerraPower stated that the risk-informed critical safety functions and monitoring of parameters that support the I&C system (i.e., unlikely to be subject to the same CCF) must be provided for manual, system level actuation of risk-informed critical safety functions and monitoring of parameters that support the safety functions.
What are the risk-informed critical safety functions for the TerraPower design?
safety functions are identified through the application of NEI 18-04. The critical safety functions are the Required Safety Functions, as defined in NEI 18-04.
TerraPower has revised the TR for clarification.
TerraPower included the clarification in the proposed markups in section 7.4.1 of the TR. This question is resolved due to formal submittal of TR, Revision 2.
23 Section 7.4.1, SECY-22-0076, states that, for Point 4 of the SRM, Natrium I&C implementation: The DL4 functions provide defense-in-depth and diversity to address the low risk/consequence BDBEs, including RPS CCF.
How is addressing the low risk/consequence BDBEs consistent with Point 4 of the SRM or the RG 1.233 process? If a BDBE is low risk or low consequence, does it need to be addressed from the DID adequacy perspective?
TerraPower stated that there have been no high consequence BDBEs identified in the Natrium design to date, and its plan is to eliminate any that are identified. TerraPower agreed to revise the TR for clarification.
TerraPower included the clarification in the proposed markups in Section 7.4.1 of the TR. This question is resolved due to formal submittal of TR, Revision 2.
6.0 REQUESTS FOR ADDITIONAL INFORMATION RESULTING FROM AUDIT As a result of the audit, the NRC staff did not identify any requests for additional information related to this TR. However, as noted, TerraPower submitted an update to its TR as a result of the audit.
7.0 OPEN ITEMS AND PROPOSED CLOSURE PATHS There are no open items resulting from this audit.