Text

Updates to the Digital I&C Integrated Action Plan The digital instrumentation and control (I&C) integrated action plan (IAP) and associated modernization plans (MPs) are being updated, in coordination with interested stakeholders, to reflect changes and completed actions to date towards the digital I&C modernization effort and will continue to be reviewed and updated at least annually with approval of the Digital I&C Steering Committee. Revision 3 to the IAP is expected to be issued by November 2018.

MP 1: Protection Against Common Cause Failure MP 1 addresses developing guidance for using effective qualitative assessments of the likelihood of failures, along with coping and/or bounding analysis for addressing common cause failures (CCFs), use of defensive design measures for eliminating CCF from further consideration, and staff evaluation of the U.S. Nuclear Regulatory Commissions (NRC) existing positions on defense against CCF. MP 1 is currently divided into three subsections to allow for focused product development: (1A) development of near-term clarifying guidance for modifying lower risk-significant safety system auxiliary and/or support digital I&C systems under Title 10 of the Code of Federal Regulations (10 CFR) 50.59, Changes, tests, and experiments, (1B) evaluation of Nuclear Energy Institutes (NEIs) proposed guidance in NEI 16-161 for assessing CCF in digital I&C systems; and (1C) evaluation of the NRCs current position on protection of digital I&C systems and components against CCF.

For MP 1A, the staff issued a supplement to regulatory issue summary (RIS) 2002-222 in May 2018. This supplement clarified the staffs endorsement of industry guidance for preparing and documenting qualitative assessments that can be used to evaluate the likelihood of failure of a proposed digital modification, including the likelihood of failure due to a CCF.

Licensees can use these qualitative assessments to support a conclusion that a proposed digital I&C modification has a sufficiently low3 likelihood of failure when addressing the eight criteria in 10 CFR 50.59. Also, this supplement clarified industry guidance for determining under 10 CFR 50.59 whether a change requires a license amendment. SECY-17-00964 was provided to the Commission to provide an overview of the supplement to RIS 2002-22. The staff has received feedback from external stakeholders that industry is now implementing upgrades using this guidance. NEI is conducting industry workshops on using RIS 2002-22, Supplement 1. The staff has observed these workshops to gain additional insights to incorporate into its own separate training for inspectors, scheduled to begin in late 2018. To ensure all interested stakeholders (e.g., Entergy and NextEra) have the opportunity to engage the NRC on the implementation of RIS 2002-22, Supplement 1, the staff will also hold a public meeting to discuss and incorporate the lessons-learned from the NRC inspector training and NEI workshops. The staff will track the development of NRC inspector training under a new 1 NEI 16-16 [Draft 2], Guidance for Addressing Digital Common Cause Failure, dated May 2017 (Agencywide Documents Access and Management Systems (ADAMS) Accession No. ML17135A253).

2 RIS 2002-22, Supplement 1, Use of EPRI [Electric Power Research Institute]/NEI Joint Task Force Report, Guideline on Licensing Digital Upgrades: EPRI TR-102348, Revision 1, NEI 01 01: A Revision of EPRI TR-102348 to Reflect Changes to the 10 CFR 50.59 Rule, dated May 31, 2018 (ADAMS Accession No. ML18143B633).

3 Sufficiently low means much lower than the likelihood of failures that are considered in the updated final safety analysis report (UFSAR) (e.g., single failures) and comparable to other CCFs that are not considered in the UFSAR (e.g., design flaws, maintenance errors, calibration errors).

4 SECY-17-0096, Status of Guidance Development for Digital Instrumentation and Control Upgrades under Title 10 of the Code of Federal Regulations, Section 50.59, Changes, Tests and Experiments, dated September 21, 2017 (ADAMS Accession No. ML17213A774).

Enclosure 1

subactivity in MP 2 in IAP Revision 3. The staff will designate MP 1A as complete.

For MP 1B, the staff will review NEIs revised guidance in NEI 16-16 for addressing CCF.

This guidance is based on applying defensive design measures and determining CCF likelihood. The results of the proposed approach could, in part, dictate the scope of further defense-in-depth and diversity (D3) assessments of potential CCFs. The staff provided comments on NEI 16-16 [Draft 2] on July 14, 20175, and held follow-up public meetings with NEI through December 2017. A status on progress made towards resolving the comments was sent to NEI via email on February 6, 20186. To support the issuance of RIS 2022-22, Supplement 1, the staff and industry mutually delayed the activities for NEI 16-16. NEI plans to revise and submit NEI 16-16 by the first quarter of 2019.

For MP 1C, the staff evaluated the NRCs current position on the protection of digital I&C systems and components against CCFs, including the scope and applicability of D3 analysis for safety-related systems. The staff provided SECY-18-00907 in September 2018. The plan discusses consistent application of the NRCs position on defense against CCF in current and future digital I&C system designs, and, intent to update and clarify licensing guidance by using five guiding principles. The staff will designate MP 1C as complete.

The staff plans to update branch technical position (BTP) 7-198, Guidance for Evaluation of Diversity and Defense-In-Depth in Digital Computer-Based Instrumentation and Control Systems. BTP 7-19 provides the staff guidance for evaluating a licensees defense-in-depth and diversity (D3) assessment and the design of manual controls and displays. Specifically, BTP 7-19 is used to confirm that vulnerabilities to CCF have been addressed by the licensee.

The staff will update BTP 7-19 to address the five guiding principles outlined in SECY-18-0090.

The staff will commence the BTP 7-19 activities in 2019 and track it as a new sub-activity in MP 1.

MP 2: Considering Digital I&C in Accordance with 10 CFR 50.59 MP 2 addresses the need for clarity regarding 10 CFR 50.59 evaluations of proposed digital I&C plant modifications. In April 2016 NEI prepared its initial draft of NEI 96-07, Appendix D9, Supplemental Guidance for Application of 10 CFR 50.59 to Digital Modifications, which contains screening and evaluation guidance on the specific licensing criteria in 10 CFR 50.59 for all types of digital upgrades. Throughout 2017, the staff and industry engaged in several public meetings to resolve NRCs early concerns with the working draft of NEI 96-07, Appendix D. In December 2017, NEI and the NRC staff mutually agreed to prioritize the development and issuance of RIS 2002-22, Supplement 1, over further development of NEI 96-07, Appendix D.

Since the issuance of RIS 2002-22, Supplement 1, in May 2018, NEI and the staff have reengaged on the development of NEI 96-07, Appendix D, which as of July 2018 was at its sixth working version. The staff continues to engage with NEI in public interactions in order to 5

Email, Staff Comments on NEI 16-16, dated July 14, 2017 (ADAMS Accession No. ML17195A282).

6 Email, Staff Comments Update on NEI 16-16 [Draft 2], dated February 6, 2018 (ADAMS Accession No. ML18037A917).

7 SECY-18-0090, Plan for Addressing Potential Common Cause Failure in Digital Instrumentation and Controls, dated September 12, 2018 (ADAMS Package Accession No. ML18179A066).

8 Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Diversity and Defense-In-Depth in Digital Computer-Based Instrumentation and Control Systems, Revision 7, dated August 2016 (ADAMS Accession No. ML16019A344).

9 Draft NEI 96-07, Appendix D, Guidelines for 10 CFR 50.59 Evaluations, Appendix D, Supplemental Guidance for Application of 10 CFR 50.59 to Digital Modifications, dated July 17, 2017 (ADAMS Accession No. ML18199A647).

support NEIs schedule for formal submittal of NEI 96-07, Appendix D, by the end of December 2018, for NRCs endorsement by regulatory guide (RG), which is planned for June 2019.

To ensure common understanding of the use, interpretation, and application of 10 CFR 50.59 guidance for digital I&C, the NRC staff is observing industry-led workshops on RIS 2002-22, Supplement 1 to inform and prepare its own training for inspectors. The objective of this effort is to ensure continuity from the development of 10 CFR 50.59 guidance in both Supplement 1 to RIS-2002-22 and potential future endorsement of Appendix D. The staff will track this as a new subactivity under MP 2.

MP 3: Acceptance of Digital Equipment MP 3 is aimed at improving guidance for the acceptance of commercial grade digital equipment for safety-related applications. The staff issued RIS 2016-0510 to address embedded digital devices, and issued draft RG 1.16411 to address dedication of commercial grade items. The third-party Safety Integrity Level (SIL) certification12 process for acceptance of industrial digital equipment to be used in safety applications is currently being independently evaluated by EPRI as agreed to by staff and industry. Results of the EPRI evaluation are expected to be published in November 2018. The staff anticipates that NEI will submit a proposal for industry oversight of the SIL certification process leveraging the EPRI results in lieu of NRC audits and observations during implementation. The staff, NEI, and EPRI are continuing to work together to identify an appropriate and effective use of the SIL certification process in acceptance of the industrial digital equipment for safety-related applications.

MP 4: Assessment for Modernization of the I&C Regulatory Infrastructure The objective of MP 4 is to perform a comprehensive modernization assessment to identify further improvements to the regulatory infrastructure and develop associated implementation plans. MP 4 is divided into two subsections. MP 4A included tactical activities to support improvements to the regulatory infrastructure that will benefit near-term licensing activities and MP 4B includes broader strategic activities to address longer-term improvements.

For MP 4A, the staff is revising interim staff guidance (ISG) DI&C-ISG-0613, Licensing Process, which is used to review reactor license amendment requests associated with safety-related digital I&C equipment modifications. The proposed revisions allow reducing the scope of licensee document submittals and provide an alternative for earlier approval, which would precede factory acceptance testing, for digital designs that are based on approved topical reports. The draft revision considered stakeholder views, including those from NEI, other industry stakeholders, and the Advisory Committee on Reactor Safeguards (ACRS). The staff provided the final draft revision to industry in July 2018 and issued a Federal Register14 Notice in August 2018 for a 30-day public comment period. Once the comments are dispositioned, the staff will provide a copy to the ACRS for their review. The staff is targeting an issuance date of the final DI&C-ISG-06 by December 2018.

10 NRC Regulatory Issue Summary 2016-05, Embedded Digital Devices in Safety-Related Systems, dated April 29, 2016 (ADAMS Accession No. ML15118A015).

11 RG 1.164, Revision 0, Dedication of Commercial-Grade Items for use in Nuclear Power Plants dated June 2017 (ADAMS Accession No. ML17041A206).

12 International Electrotechnical Commission 61508, Functional Safety, SIL certification 13 Digital I&C ISG-06, Licensing Process, dated July 31, 2018 (ADAMS Accession No. ML18123A118).

14 Federal Register Notice, Draft Interim Staff Guidance DI&C-ISG-06 for Public Comment, 83 FR 38731, Pages 38731-38732, dated August 8, 2018.

The industry has indicated that a lead utility plans to use the revised draft guidance and submit license amendment requests in the future. The staff will apply lessons-learned from this lead plant application before updating the permanent guidance in NUREG-0800, Standard Review Plan [(SRP)] for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, and retiring DI&C-ISG-06.

For MP 4B, the strategy is to evaluate and strategically implement broader improvements of the NRCs digital I&C regulatory infrastructure. The revised plan will list potential improvement activities that will be assessed, and are categorized based on the type of regulatory improvement and benefit in addressing Commission direction. These areas include: (1) identification and implementation of significant structural changes to the regulations or major RGs to reduce complexity, and focus on the fundamental safety principles that are appropriate for all designs; (2) improvement to NRC review efficiency and enhancement of existing guidance to be more performance-based, and risk-informed; and (3) development of guidance to provide enhanced predictability of reviews and ensure that no unnecessary impediment exist in the review of digital technologies. Revision 3 to the IAP will include additional details, which will include plans to complete a strategic assessment and conduct supporting research.