Summary of Meeting with Pacific Gas and Electric Company to Discuss Digital Replacement of Process Protection System at Diablo Canyon Power Plant, Units 1 and 2

ML14113A493
Person / Time
Site:	Diablo Canyon
Issue date:	05/06/2014
From:	Peter Bamford Plant Licensing Branch IV
To:	Pacific Gas & Electric Co
Bamford P
References
TAC ME7522, TAC ME7523
Download: ML14113A493 (35)
v • d • e

Text

LICENSEE: Pacific Gas and Electric Company FACILITY: Diablo Canyon Power Plant, Unit Nos. 1 and 2

SUBJECT:

SUMMARY

OF APRIL 16, 2014, TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY ON DIGITAL REPLACEMENT OF THE PROCESS PROTECTION SYSTEM PORTION OF THE REACTOR TRIP SYSTEM AND ENGINEERED SAFETY FEATURES ACTUATION SYSTEM AT DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 (TAC NOS. ME7522 AND ME7523)

On April16, 2014, a Category 1 teleconference public meeting was held between the U.S. Nuclear Regulatory Commission (NRC) and representatives of Pacific Gas and Electric Company (PG&E, the licensee) at NRC Headquarters, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. The purpose of the teleconference meeting was to discuss the license amendment request (LAR) submitted by PG&E on October 26, 2011, for the Digital Replacement of the Process Protection System Portion of the Reactor Trip System and Engineered Safety Features Actuation System at Diablo Canyon Power Plant, Unit Nos. 1 and 2 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML113070457). A list of attendees is provided in Enclosure 1.

The teleconference meeting is one in a series of publicly noticed meetings that is being held periodically to discuss issues associated with the NRC staff's LAR review. Selected open items that are being tracked for this review were discussed during the teleconference meeting. A complete list of the current open items is provided in Enclosure 2.

Highlights from this meeting on April 16, 2014, include the following:

• PG&E is in the process of developing responses to an NRC staff Request for Additional Information dated March 31, 2014 (ADAMS Accession No. ML14071A181). These responses are due on April30, 2014, and will address many of the open items in Enclosure 2.

• The project plan for the review of the LAR (Enclosure 3) was discussed and the major upcoming milestones were confirmed. PG&E is in the process of updating several milestones related to Westinghouse activities and will provide an update to the NRC staff when that information becomes available. The project plan will then be amended as appropriate and discussed at the next public meeting.

• A draft audit plan for an upcoming NRC audit at lnvensys was discussed (Enclosure 4). PG&E will provide comments for NRC staff consideration prior to issuance of the final version.

Two members of the public were in attendance for the teleconference meeting and no public meeting feedback forms were submitted.

Please direct any inquiries to me at 301-415-2833 or at Peter. Bamford@nrc.gov.

f!ttv Peter Bamford, Proj ct Manager Plant Licensing Branch IV-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosures:

1. List of Attendees

2. Open Items Listing

3. Project Plan

4. Draft lnvensys Audit Plan cc w/encls: Distribution via Listserv

LIST OF ATTENDEES APRIL 16, 2014, TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY DIGITAL UPGRADE FOR DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 DOCKET NOS. 50-275 AND 50-323 NAME ORGANIZATION Ken Schrader Pacific Gas and Electric Scott Patterson Pacific Gas and Electric John Hefler Altran Merlin Arabie Altran Warren Odess-Gillet Westinghouse Dan Head lnvensys Rich Stattel Nuclear Regulatory Commission (NRC)

Samir Darbali NRC Rossnyev Alvarado NRC Shiattin Maker NRC Peter Bamford NRC Jana Bergman Scientech Gordon Clefton Nuclear Energy Institute Enclosure 1

Enclosure 2 Open Item Summary Table

April21, 2014 DCPP PPS Open Item Summary Table Page 1 of 18 No Src/RI Issue Description P&GE response: Status RAJ No. RAJ Comments (Date Sent) Response (Due Date) 60 RJS Open RAI39 4/30/14 Awaiting RAI (STSB/ Technical Specifications: Response.

APLA)

In order for the staff to make a determination that the existing 2/5/14- RJS technical specifications and surveillance intervals remain acceptable Received feedback for the replacement PPS system, an evaluation to compare the from Karl. No ALSffricon PPS system reliability and performance characteristics further questions for licensee at this with those of the Eagle 21 system must be performed by PG&E.

time.

Please provide an evaluation summary report to support the 12/12/13- RJS application of existing technical specification and surveillance test sent draft intervals to the upgraded ALSffricon based PPS system. This evaluation write-up summary report is expected to include a quantitative analysis to to Karl for review.

demonstrate the new system's ability to perform its required safety functions between established surveillance test intervals. This report 10/24/13 - RJS should also include a qualitative (i.e., deterministic) analysis which Reviewed the describes the self diagnosis and fault detection features of the evaluation replacement PPS. In addition, this summary report should address document.

the staff's previous findings in Section 4.3, "Applicability of WCAPs to Carl Schulten is DCPP," of Amendment No. 179, dated January 31, 2005 taking over for (ML050330315). Christy.

Information sent to Karl. Awaiting PG&E Response: An evaluation summary report to support application of feedback.

the exiting TS and TS surveillance test intervals is contained in the Westinghouse Document, "Justification for the Application of Technical Specification Changes in WCAP-14333 and WCAP-15376 to the Tricon/ALS Process Protection System" that was submitted in Attachment 9 to the Enclosure of PG&E Letter DCL-13-016 dated March 7, 2013. The document provides a qualitative comparison of features important to the reliability of the Tricon and ALS subystems and the Eagle 21 system, evaluates the applicability of the WCAP-14333 P A, Revision 1, and WCAP-15376-P-A, Revision 1, analyses to the PPS replacement configuration, and evaluates the compliance with the staff conditions and limitations contained in the NRC safety evaluations for WCAP-14333 and WCAP 15376 and

April 21, 2014 DCPP PPS Open Item Summary Table Page 2 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)

Section 4.3 of the Amendments 179 and 181.

81 RJS Channel level Bypass Functionality RAI 054 4/30/14 Awaiting RAI Open Response The criteria in ISG-04 position 10 only allows for software configuration activities when the entire safety division, (i.e. all channels and functions) is 01/16/2014-inoperable. describe how PG&E will perform The Diablo Canyon PPS design however, allows channel or specific maintenance.

function level configurability while the remaining safety division functions remain operable. This design does not meet the criteria of ISG-04 8/28/13- RJS positions 10. The licensee will need to provide a justification for this as an PG&E has alternative means of meeting the regulatory requirements of IEEE 603- indicated that they 1991 clauses 5.7, 6.5, and 6.7 are OK with taking entire ALS PG&E Response: PG&E provided justification for an acceptable alternative subchannel OOS to ISG-04 Position 10 for the PPS replacement design in section 4.8.1 0 of while performing the LAR Supplement contained in PG&E Letter DCL-13-043 dated April 30, maintenance of 2013. surveillance testing.

No exception to ISG04will therefore be required for the ALS portion of PPS.

93 RJS (ALS Audit Item) Open 4/16/14 - Updated RTM to be made The RTM for the ALS subsystem was prepared using Westinghouse available prior to ALS audit.

document WNA-DS-02442 to trace PG&E requirements. The IV&V team found that Westinghouse document WNA-DS-02442 does not capture all 12/12/13- RJS PG&E requirements (see descriptions for Tickets #4787 and #4800). Current version of Please provide a description of how this issue is being resolved. 6116-00059 on sharepoint is "0."

This does not

April 21, 2014 DCPP PPS Open Item Summary Table Page 3 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)

PG&E Response: establish The 6116-00000 Diablo ALS Management Plan, revision 4, specifies an traceability to the updated document structure that has all PG&E Customer Requirements Core FPGA Design Specifications.

feeding directly into the 6116-00011, which will flow down into all ALS Diablo sub-ordinate requirement and design specifications. Westinghouse 10/16/13- RJS document WNA-DS-02442 has been removed from the document New RTM still does hierarchy. 6116-00000, revision 4, 6116-00011, revision 1, and the 6116- not establish 00059 RTM, revision 0, are all reflective of this new document structure. traceability to the Documents 6116-00011, revision 1, was submitted under PGE Letter DCL- 6116-10203, and 6116-10204 Core 13-087 dated September 17, 2013. The next revision of the 6116-00059 FPGA Design RTM, Revision 1, will include traceability to the Core FPGA Design Specifications.

Specifications, and is expected to be submitted in June 2014.

Also A new revision of 6116-00059 will need to be docketed due to the significance of changes made since the original document was submitted.

6116-00011, ALS SDS, revision 1 6116-00059 ALS RTM, revision 0 They are both available in the Sharepoint SDS Rev. 0 is already on docket.

April 21, 2014 DCPP PPS Open Item Summary Table Page 4 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)  !

[ML11277A152]

RTM to be submitted on Docket.

94 RJS The ALS Topical Report Plant Specific Action Items will be made available Open RAI59 4/30/14 4/16/14- RAI to Westinghouse. When these are available, PG&E should prepare a response will only document to identify how each applicable PSAI is being addressed for the be partial. 16 of 23 PSAI's will be PPS project. This document should include references to the LAR and addressed. 7 will supporting documents where PSAI's are addressed. be deferred by 90 days. Waiting for PG&E Response: input from WH on The response to the ALS ASAis requires input from Westinghouse and a additional testing.

contract has been created to supply the required information. The 12/12/13- RJS A response is expected to be submitted by 3/31/13.

version of the ALS TR/ SE is now available and being reviewed.

101 RJS Phase 2 Environmental Qualification Documentation: Open RAI61 4/30/14 12/11/13- RJS Seismic Reports Per ISG 6 Section D.5.1, the NRC staff needs to review the information posted on sharepoint. Further provided to determine if the PPS equipment has been demonstrated to be plant specific able to operate within the specified environment. In order to do this the information staff needs to have plant specific environmental data for the plant and including ping tests specifically for the cable spreading room. The ISG 6 matrix (item 2.12) of PPS cabinets is states that this information has been provided in the two vendor topical still needed for reports, however, these reports do not contain any plant specific data. evaluation.

11/1/13-RJS The NRC requires plant specific environmental condition data for normal Waiting for operating conditions and the worst conditions expected during abnormal additional testing to and accident conditions where the PPS equipment is expected to perform be completed.

its safety function.

PG&E to provide

April 21, 2014 DCPP PPS Open Item Summary Table Page 5 of 18 No Src/RI Issue Description P&GE response: Status RAJ No. RAJ Comments (Date Sent) Response (Due Date)

• Range of temperature and humidity conditions that are estimate of expected in the cable spreading room. completion for next call.

• Seismic data for the Diablo Canyon OBE and SSE earthquakes including frequencies and acceleration values. 6/26/2013: during

• EM I/ RFI data for areas where PPS equipment is to be this call the installed. following clarifications were The FRS section does specify the ranges of temp and humidity but for provided:

- Describe specific seismic environment, it refers to documents DCM C-17, DCM C-25, DCM conditions for the C-30, DCM C-28, and DCM T-10.

room where the system will be Note: The required information may also be contained in the UFSAR. The staff is installed.

reviewing design basis information in the UFSAR, however specific environmental - Is there any conditions applicable to the PPS equipment remain unclear to the staff. restrictive requirement for this 3/28/14 Update: room?

Integrated Equipment Response Spectra(IERS): In the seismic test report, -What is the it is stated the IERS spectra will change as a result of the equipment relationship between the modifications. So far, the evaluation is based on comparing the ALS and system Tricon test data (TRS) with the RRS derived from the 140' elevation specification spectra provided in DCM No. C-25. I think that these RRS spectra will be requirement and conservative in comparison to the IERS but I will need to confirm this once environmental I see the revised IERS. conditions?

See follow-up questions and answers in the PG&E response below.

PG&E Response: PG&E provided seismic information in the document titled "Westinghouse Seismic Test Report EQLR-2248, Rev. 1" on the Sharepoint on 12/3/13. Additional testing is required for the PPS cabinets to be used that is expected to be completed in May 2014.

3/28/14 Update:

April 21, 2014 DCPP PPS Open Item Summary Table Page 6 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)

Based on Patrick Huang's response:

1) IEEE 344-1975, Section 3.5.3, states that If equipment damping is not known, a value of 5 percent is recommended. Therefore use 5% damping.

Based on the following criteria:

2) IEEE 344-1975, Section 6.6.3.1, states that the TRS envelops the RRS over a frequency range which includes all natural frequencies of the equipment up to 33 Hz. The guidance has been more specifically addressed in IEEE 344-1987 (Endorsed by NRC RG 1.100 Rev. 2),

Section 7.6.3.1.1 0 that it can be shown by a resonance search that no resonance response phenomena exist below 5Hz, it is required to envelop the RRS only down to 3.5 Hz. Excitation must continue to be maintained in the 1 Hz to 3.5 Hz range to the capability of the test facility.

3) According to Draft NTS Report No TR62987-07N-SEI, Revision 0 (Reference 8.9 of Draft TRIGON v1 0 Nuclear Qualification Project ,

Seismic Test Report 9600164-526, Date 04/13/07) Section 6.8, Resonance Survey Results shows that the ETP or Chassis has no resonance occurred below 40 Hz. The TRS did not envelop RRS below 3 Hz meet the above IEEE 344-1975 as well as IEEE 344-1987 criteria.

Therefore, Tricon seismic test response are acceptable.

Based on 2) and 3) above, it can be justified that the Tricon test report is acceptable for the qualification of PCS racks.

The PCS racks are identical to the PPS racks and are in the same location/elevation. Since there are no natural frequencies below 5Hz, you only need to envelop down to 3.5Hz. The resonance survey showed that the natural frequencies were all greater than 40Hz. So the TRS below 3.5Hz does not matter.

April 21, 2014 DCPP PPS Open Item Summary Table Page 7 of 18 No Src/RI Issue Description P&GE response: Status RAJ No. RAJ Comments (Date Sent) Response (Due Date)

Response to follow-up questions:

• Will you be submitting a revised EQLR-2248 with the new IERS or do you plan to submit the IERS information via some other document?

No, EQLR-2248 is Westinghouse proprietary. We cannot revise their report. We will generate IERS at ALS mounting location to compare with TRS from the EQLR-2248. The new IERS will be documented in the DCPP seismic calculation.

. Also, the EQLR-2248 document is specific to the ALS, so will there be a similar seismic test report for the Tricon?

Yes, Tricon has seismic test report for ETP and chassis per IEEE 344.

• Will there be a different set of IERS for ALS and Tricon or can the same set of spectra be applied to both subsystems?

Yes, the ALS and Tricon are mounted in the different PPS racks, the IERS are not the same. Since the ALS and Tricon have different seismic test reports, we will compare the TRS with the IERS separately.

108 RJS Phase 2 Document Status Assessment: Open NoRAI 4/16/14- NRC will provide update to The staff performed an assessment of the phase 2 document matrix and Phase 2 matrix status following the would like to discuss several items in the table. Please address comments next DCL submittal added to the phase 2 matrix by the NRC staff. of Tricon documents.

We recognize that some of these items will not be available until after the FAT is performed, however, there are several other phase 2 documents 12/11/13- RJS

April 21, 2014 DCPP PPS Open Item Summary Table Page 8 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) that should be available now. We have identified the following documents Tricon Reliability that should not require completion of the design or FAT that have not yet Analysis document been submitted. We will need a revised schedule for submittal of these is on sharepoint.

Schedule for documents in order for us to proceed with the safety evaluation.

submittal of all documents still WSR's for phases of development beyond Planning/Req. (Both Vendors) needs to be Tricon 993754-1-819, Reliability Analysis provided.

Tricon 993754-1-811, Project specific platform FMEA (IEEE 352)

PG&E System level FMEA Tricon 993754-1-812, Validation Test Specification (Integrated System)

Tricon 993754-1-868, Software Verification Test Plan Westinghouse 6116-10020 "ALS PPS Software Safety Plan" PG&E Response:

PG&E is working with each Vendor to determine the submittal dates for the remaining Phase 2 documents not related to FAT testing that still need to be submitted. The schedule for the outstanding lnvensys documents was provided on the Sharepoint on 12/17/13.

109 RJS Audit Preparation: Open NoRAI 4/16/14- PG&E agreed to add In preparation for the follow-up audits at lnvensys and at Westinghouse, current Tricon MCL to sharepoint to the staff would like to have access to the configuration status accounting support pre-audit documents. Can the following documents be put onto the share point site? activities. MCL will also be available

1. 6116-00050, Diablo Canyon PPS Configuration Status Accounting, during lnvensys

2. Triconex Master Configuration List audit.

April 21, 2014 DCPP PPS Open Item Summary Table Page 9 of 18 No Src/RI Issue Description P&GE response: Status RAJ No. RAJ Comments (Date Sent) Response (Due Date) 11/1/13- RJS 6116-00050 to be put on sharepoint.

Tricon doc will be PG&E Response: The 6116-00050, Diablo Canyon PPS Configuration made available Status Accounting was put on the Sharepoint on 12/3/13. prior to second audit.

110 RJS ALS Defined "Safe States" Open RAI64 4/30/14 Awaiting RAI

Response

Part a.

2/5/14- RJS Section 4.2.5.2 of the LAR (Page 64) states that "the redundancy checker Added PGE compares outputs and critical internal states from the two cores and will supplemental drive the board to a safe state if the outputs of the cores do not agree." response. Still need to discuss The staff reviewed the FRS and IRS documents to determine what the Part B response "safe state" is for any given ALS function, but was unable to identify referral to specifications that define what these safe states are. Please provide a list "unpredictable behavior."

of "Safe States" for each of the ALS functions below and describe how requirements for these states are established in the system design. If the 12/12/13- RJS system safe states are not defined by PG&E, then please explain the basis Need to establish used by the vendor to determine what the safe states are for each ALS whether fail safe function. status applies to channel level or to board level.

ALS Function:

• Low RCS Flow Reactor Trip - 11/1/13- RJS

• Pressurizer Pressure High Reactor Trip - Discussed during L____ -

Pressurizer Pressure Low Reactor Trip-Pressurizer Pressure Low-Low ESF -

Pressurizer Pressure Low P-11 ESF Block--

Containment Pressure High ESF -

-- 10/31 conference call. Asked licensee to reconsider the part

April 21, 2014 DCPP PPS Open Item Summary Table Page 10 of 18 No Src/RI Issue Description P&GE response: Status RA/No. RAI Comments (Date Sent) Response (Due Part b.

Containment Pressure High High-High ESF -

PORV Actuation on High PZR Pressure - .. Date) b response. The NRC does not consider the fail safe states of analog signals to Please explain what the "safe states" are for the ALS analog output signals. be unpredictable If a redundancy checker detects a discrepancy between the two cores, since they are then do these analog outputs fail to some pre-determined value or do they defined in the fail as-is? The FRS or IRS documents do not seem to specify this level of FPGA specification.

system functionality.

See Audit Requirement 2.d.

• RCS Narrow Range Temperature Output-- I

• Pressurizer Vapor Space Temperature Output-- 10/24/13 - RJS I

• RCS Wide Range Temperature Output-- have determined that the fail safe states are defined PG&E Response:

in the FPGA specifications, Part A: Additional information is being provided in the Functional however, it is still Requirements Specification (Rev. 9), Sections 3.2.1.16.3 thru 3.2.1.16.6 not clear how these that provide the requirements. determinations For Deenergize to Trip comparator outputs (which includes all except were made if not Containment Pressure High-High ESF): derived from licensee input (i.e.

[3.2.1.16.3] Deenergize to Trip comparator outputs shall be designed such FRS and IRS).

that upon loss of electrical power, the resultant output is the tripped FRS 3.2.1.16 (deenergized) condition. defines Failure Mode

[3.2.1.16.5] Detectable failures that could result in loss of ability to perform Requirements.

a required safety function should result in affected Deenergize to Trip comparators being placed in the tripped (deenergized) condition. This requirement does not apply to functions that are out of service.

For the Energize to Trip Comparator Functions (Containment Pressure High-High ESF):

[3.2.1.16.4] Energize to Trip comparator outputs shall be designed such

April 21, 2014 DCPP PPS Open Item Summary Table Page 11 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) that upon loss of electrical power, the resultant output is the non-tripped (deenergized) condition.

[3.2.1.16.6] Detectable failures that could result in loss of ability to perform a required safety function should result in affected Energize to Trip comparators being placed in the non-tripped (deenergized) condition. This requirement does not apply to functions that are out of service.

Note that 3.2.1.16.5 and 3.2.1.16.6 are "should" and not "shall" since the type of failure is undefined. Some failures could result in the inability of the affected system to place the output in the desired mode.

Part 8: The Functional Requirements Specification does not specify any particular failure mode for analog outputs. If the failure is a loss of power, they will fail low. Other failures are unpredictable making it difficult to assign a fail state that would be applicable in all cases.

Supplemental Response 2/5/14:

The fail-safe status applies to both the channel and board levels.

Channel Level As documented in Section 3 of SDS, 6116-00011, draft Revision 2, the ALS-1 02 application logic is designed to set the associated partial trip digital output to the deenergized state (tripped for OTT functions [Rev 9 FRS 3.2.1.16.3 and 3.2.1.16.5] and non-tripped for ETT functions [Rev 9 FRS 3.2.1.16.4 and 3.2.1.16.6]) via the Digital Output Channel Health (DOCH) function upon a loss of power or upon detection of an ALS diagnostic fault that results in the loss of capability to actuate the partial trip output.

The ALS-102 application logic is designed to set any associated analog output to 0.0 rnA [Rev 9 IRS 1.5.5.1 0] via the Analog Output Channel

April 21, 2014 DCPP PPS Open Item Summary Table Page 12 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)

Health (AOCH) function upon a loss of power or upon detection of a diagnostic fault that results in the loss of capability to drive the analog output.

Board Level As documented in sections 3, 7, 8, 9, and 10 of 6116-00072, revision B, ALS NVM configuration specification, the ALS-102 Digital Output Channels, ALS-402 Digital Output Channels, and the ALS-421 Analog Output Channels "Fail As Defined" on a per channel bases upon detection of a diagnostic fault that results in the loss of capability to drive the associated digital output or analog output. However, in one case (Halt Mode), the boards simply stop processing, and all output channels fail AS-IS. The "Fail As Defined" state will be the fail-safe state specified in the FRS and IRS.

111 RJS ALS Manual Alarm Bypass Function - Open RAI65 4/30/14 Awaiting RAI

Response

In the FPGA Requirements Specification (page 4-14) R4082 states that the 2/5/14- RJS Bypass alarm logic will be bypassed when the channels logic enable is not Added PGE set. The rational provided is that the trip command is not being calculated Response. Will so there would presumably be no need to actuate the alarm. This follow-up during requirement seems to contradict requirement R4130 as well as Clause audit.

5.8.3 of IEEE 603.

12/13/13- RJS Please provide an explanation of the benefit of providing this means of Request PGE provide explanation defeating this alarm? The staff feels that operators should be aware of the of channel not in bypass status of each safety channel regardless of whether the safety use configuration.

function is operable or not. The staff is also concerned that situations This is Audit item g.

could exist when the operator could be misled into believing that a channel is not bypassed (because of the cleared alarm) when in fact the channel 11/1/13- RJS This

April 21, 2014 DCPP PPS Open Item Summary Table Page 13 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) bypass switch is in bypass. item was discussed at the 10/31 I conference call.

This will require an RAI in order to PG&E Response: The logic associated with a virtual channel may be provide clarification completely inhibited based on the state of the Logic Enable flag stored in to the rational for maintaining this the associated ALS-102 NVM. The Logic Enable flag is based on the bypass of bypass configuration of Protection Set which the ALS-1 02 is controlling. All four alarm function protection sets require a unique Logic Enable flag configuration for the when channel is ALS-102 board. (Refer to Table 3-5 of 6116-00072, revision B, ALS NVM not used. Also configuration specification for the Logic Enable flags utilized for each ALS- need clarification 102 board.) that bypass alarm will never be disabled for an An Enable Block as documented per the FPGA requirements specification, active channel and 6116-10201, Rev. 1, will enable/disable the logic contained within the will always provide block. Note that 6116-10201, Rev. 1, is currently being updated to ensure alarm when in that the Enable Block is enabled or disabled only via the Logic Enable flag bypass condition.

from the associated NVM. The Logic Enable flag can be changed only on the bench using the applicable programming tools and cannot be changed 10/28/13 - RJS -

This will be an dynamically while the ALS chassis is in service.

Audit Item. See Audit Requirement The use of a Logic Enable Flag allows for one FPGA design to be used 2.g.

across protection sets with different logic configurations.

For example there are a total of 18 virtual channels programmed on the ALS-1 02 FPGA, but none of the protection sets utilizes all 18 virtual channels. They all utilize a different subset of the 18 virtual channels. Those that are not utilized are disabled by setting the Enable Block bit to 0 in the associated NVM.

~--

April 21, 2014 DCPP PPS Open Item Summary Table Page 14 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) 112 so PG&E staff had discussed having the option of connecting a thumb drive to Open RA168 4/30/14 01/08/2014: Please the MWS, in addition to connecting a printer, in order to allow technicians address updated to print-to-file. Please clarify if a thumb drive will be connected to the question.

MWS, and if so, what procedures will be implemented to maintain a secure the thumb drive.

PG&E staff also discussed the possibility of having only one printer connected to all MWSs (one printer connected to four Tricon MWSs and I

four ALS MWSs), instead of one printer per protection set (one printer connected to one Tricon MWS and one ALS MWS). Please explain if the design for connecting a printer to the MWSs will change from what is in the LAR, so that only one printer for all protection sets is used.

01/08/2014 Update PG&E clarified that one printer will be implemented per division and it will be connected to the USB-2 KVM switch port in the respective division. The USB-1 KVM switch port will be used for the Touchscreen interface in the respective division.

Please clarify if a thumb drive will be connected to the KVM switch to print-to-file information from the MWS. If that is the case, please explain what USB port will be used to connect the thumb drive.

In addition, please explain if the USB ports in the MWS will be disabled.

PG&E Response: In progress

-- ~- -

April 21, 2014 DCPP PPS Open Item Summary Table Page 15 of 18 No Src/RI Issue Description P&GE response: Status RAI No. RAI Comments I (Date Sent) Response (Due Date) 113 RA Operation and configuration of the KVM Switch Open RA169 4/30/14 Awaiting RAI

Response

Please respond to the following questions:

a) Open item #70, RAI 48, asked how the KVM switching function would be controlled. In the response provided, PG&E only addressed control of the USB ports.

The KVM user guide states control of the switch can be performed using external switching control (RC4 remote, RS-232 or input lines) through the options port. The IRS Rev. 9, item 2.3.7.1 item (1) does not identify that the KVM switch can be controlled remotely. The LAR states that a custom serial cable is required to use the options port.

Please confirm if PG&E expect to use the options port to control the KVM switch.

b) The KVM user guide states the KVM switch can be locked with a password to restrict access to the MWS connected. Please clarify if PG&E will use this feature.

c) The KVM switch includes an autoscan mode switch, which allows the KVM to cycle through the MWS during a defined period. Please clarify if PG&E will use this feature.

PG&E Response:

April 21, 2014 DCPP PPS Open Item Summary Table Page 16 of 18 No Src/RI Issue Description P&GE response: Status RAJ No. RAI Comments (Date Sent) Response (Due Date) 114 RA Operation Mode of the Tricon System - STOP mode Open RAI70 4/30/14 The LAR, Section 4.8.1 0, noted that for the DCPP PPS replacement when the Tricon keyswitch is in the STOP mode, the application program will not halt. It is not clear why this setting was selected, when the safety evaluation for the Tricon V1 0 requires the keyswitch to be in the STOP position to remove a module and perform maintenance or firmware upgrade, as well as imposing administrative controls to perform such functions.

Please explain the reasoning for not using the STOP mode in the keyswitch. Also, how will PG&E halt operation of the main chassis before being removed for maintenance or firmware upgrade?

PG&E Response:

- - - L__

April 21, 2014 DCPP PPS Open Item Summary Table Page 17 of 18 No Src/RI Issue Description P&GE response: Status RAJ No. RAJ Comments (Date Sent) Response (Due Date) 115 RJS Electro Magnetic Compatibility (Tricon): New RAI 4/16/14 - RAI will be required.

Section 4.14- ASAI-6 of the LAR states that the equipment vendors are required to confirm equipment compliance with physical requirements in the DCPP FRS. These requirements include the EMC requirements from Section 3.1.6 of the FRS which states: "the PPS shall be qualified by test, analysis, or a combination thereof, to function without fault or error in an electromagnetic environment in accordance with the guidance of Regulatory Guide 1.180."

In contrast to this, the Tricon V10 safety evaluation determined that the Tricon V10 PLC system did not fully meet the guidance of RG 1.180, Revision 1, for conducted or radiated emissions or susceptibility. As a result, the SE states: "before using the Tricon V1 0 system equipment in SR systems in a nuclear power plant, licensees must determine that the plant-specific EMI requirements are enveloped by the capabilities of the Tricon V10 system as approved in this SE."

To complete its safety evaluation, the NRC requires the licensee to provide documentation to show the DCPP specific EMI requirements to be enveloped by the Tricon V1 0 test levels achieved and documented in the Tricon V10 safety evaluation.

- - ~---------

April 21, 2014 DCPP PPS Open Item Summary Table Page 18 of 18 No Src!RI Issue Description P&GE response: Status RAt No. RAt Comments (Date Sent) Response (Due Date)

PG&E Response:

Project Plan

Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 18)

Step Planned Task Actual Date Date 1 Oct. 26, PG&E LAR Submittal for NRC approval. Submittal includes all Oct. 26, 2011 Phase 1 documents needed to be docketed prior to acceptance 2011 for review per ISG-06, "Digital Licensing."

2 Jan. 12, Acceptance Review complete. LAR accepted for detailed Jan. 12, 2012 technical review. Several issues identified that could present 2012 challenges for the staff to complete its review. Scheduled public meeting with PG&E to discuss the results of the acceptance review.

3 Jan. 13, Acceptance letter sent to licensee. Jan. 13, 2012 2012 4 Jan. 18, Conduct Public Meeting to discuss staff's findings during the LAR Jan. 18, 2012 acceptance review. Staff proceeds with LAR technical review. 2012 5 March 18, PG&E provides information requested in acceptance letter. April2, 2012 Initiate bi-weekly telecoms with PG&E and its contractors to 2012 discuss potential RAI issues. Open Items spreadsheet will be maintained by NRC to document staff issues and planned licensee res_2_onses.

6 May 30, PG&E provides partial set of Phase 2 documentation per June 6, 2012 commitments made in LAR. 2012*

• PG&E provided a subset of the Phase 2 documents on June 61h See step 14 which is a milestone for submittal of all remaining Phase 2 documents.

7 July First RAI sent to PG&E on Phase 1 documentation (e.g., August 07, 2012 specifications, plans, and equipment qualification). Continue 2012 review of the application. Request 45 day response.

(ML12208A364) 8 June SER for Tricon V1 0 Platform issued final. This platform becomes May 15, 2012 a Tier 1 review of the LAR. (ML12146A010) 2012 8.1 June SER for Westinghouse ALS Platform issued final. This platform 2013 becomes a Tier 1 review of the LAR.

9 September Receive answers to first RAI. (ML12256A308) Sept. 11, 2012 2012 10 November Audit trip to lnvensys facility for thread audit; audit the life cycle Nov. 13-16, 2012 planning documents and outputs, with particular emphases on 2012 verification and validation, configuration management, quality Assurance, software safety, the lnvensys application software development procedures, and application software program design.

10.1 December Audit report provided to PG&E. February 2012 21,2013 11 February Audit trip to Westinghouse/CSI facility for thread audit; audit the February 2013 life cycle planning documents and outputs, with particular 21,2013 emphases on verification and validation, configuration management, quality Assurance, software safety, the W/ALS Page 1 of 3

Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 18) application software development procedures, and PPS ALS application software program design.

11.1 April Audit report provided to PG&E and its contractor. April11, 2013 2013 12 March Second RAI Letter to PG&E on Phase 1 documentation March 20, 2013 2013 12.1 April Receive responses to Second set of RAI's May 9, 2013 2013 13 April LAR revision and all supporting documentation associated with April30, 2013 the change in ALS and Tricon V1 0 workstation designs for the 2013 PPS are submitted.

14 August NSIR Cyber Security audit at Diablo Canyon site. August 8 2013 2013 14.1 February Cyber Security Audit Report provided to licensee 2014 EICB Letter sent to PM 9/2/13 - ML13242A078 NSIR Report-15 See Revised PG&E provides remaining set of Phase 2 documentation per Document commitments made in LAR. To include ALS PSAI related Submittal documents. See step 6 for initial submittal of Phase 2 Schedules documents.

16 See Revised All Documentation for DCPP W/CSI ALS and IOM!Triconex V1 0 Document processors applicable to the DCPP PPS LAR are submitted.

Submittal Schedules 17 June 2014 Follow-up audit trip to lnvensys facility for thread audit; audit the life cycle planning documents and outputs, with particular emphases on verification and validation, configuration management, quality assurance, software safety, the lnvensys application software development procedures, and application software program design.

17.1 July 2014 Second lnvensys audit report provided to PG&E.

18 February Third RAI Letter to PG&E on Phase 2 documentation February 27 2014 (e.g., FMEA, safety analysis, RTM, EQ test results, setpoint 2014 calculations.) ML14055A058 18.1 April Receive responses to third set of RAI's.

2014 19 September Audit trip to W/ALS facilities for additional thread audit items; 2014 audit hardware and software installation plans, configuration Page 2 of 3

Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 18) management reports, detailed system and hardware design, completed test procedures, V&V activities, summary test results (including FAT) and incident reports, and application code listings.

19.1 October Audit report provided to PG&E.

2014 20 TBD Deleted 21 TBD Deleted February 18 I February 18 22 Presentation to ACRS Subcommittee/Full ACRS Committee on March March 6 2014 DCPP PPS LAR Safety Evaluation.

23 October Complete draft technical SER for management review and 2014 approval.

24 November Issue completed draft technical SER to DORL 2014 25 December Draft SER sent it to PG&E, lnvensys, and W/CSI to perform 2014 technical review and ensure no proprietary information was included.

26 January Receive comments from PG&E and its contractors on draft SER 2015 proprietary review.

27 May 2015 Approved License Amendment issued to PG&E 28 -June 2015 Inspection trip to DCPP for PPS Site Acceptance Testing (SAT),

(tentative) training and other preparation for installing the new system. To be coordinated with regional visit. Date based on receipt of new PPS system at the site in preparation for September 2015 Unit 1 Refueling Outage (1 R19).

29 TBD Inspection trip to DCPP for PPS installation tests, training and other system installation activities for the new system. To be coordinated with regional visit. Date based on September 2015 Unit 1 Refueling Outage (1R19).

Page 3 of 3

Enclosure 4 Draft lnvensys Audit Plan

NRC INSTRUMENTATION AND CONTROL BRANCH DIABLO CANYON DIGITAL PROCESS PROTECTION SYSTEM REGULATORY AUDIT PLAN FOR INVENSYS TRICON SUBSYSTEM JUNE 03-05, 2014, LAKE FOREST, CALIFORNIA

Background

The U.S. Nuclear Regulatory Commission (NRC) staff is currently engaged in a review of a digital safety system replacement for the Diablo Canyon nuclear power plants. By letter dated October 26, 2011, PG&E submitted a license amendment request (LAR) to replace the Diablo Canyon Nuclear Power Plant Eagle 21 Process Protection System (PPS) with a new digital PPS (ML11307A332). The LAR requested NRC review and approval of the proposed design. As part of this review, the NRC staff is conducting a regulatory audit of the Tricon portion of the Diablo Canyon PPS replacement system.

In November of 2012, the staff conducted the first audit of the Tricon system at the lnvensys Operations Management (10M) facilities in Lake Forest, California (ADAMS Accession Number ML13018A149). During that audit, the NRC staff was unable to observe how the design phase outputs are subject to the Verification and Validation processes. The staff also identified several open items and noted that a follow-up audit would be required to evaluate resolution activities for each of these Open Items.

Regulatory audit basis To support its safety evaluation, the NRC Instrumentation and Controls Branch (EICB) will conduct a second audit at the lnvensys Operations Management (10M) facilities in Lake Forest California. The purpose of this confirmatory audit is to determine if the life cycle processes used, and the outputs of those processes have resulted in a PPS system for use at Diablo Canyon which will meet regulatory requirements. This audit will provide information necessary to complete the staff's evaluation of the proposed Tricon portion of the Diablo Canyon PPS.

Regulatory audit scope The objective of this audit is to verify via an independent evaluation, that the Tricon subsystem of the PPS to be used at Diablo Canyon nuclear power plant conforms to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process.

Audit requirements

1. Threads reviewed during first audit -

Several requirement threads were reviewed through the requirements phase during the first audit (Reference lnvensys Tricon Audit Report, ADAMS Accession Number ML13018A149). The team will select from this list to perform follow-up reviews through the design and implementation phases of PPS system development. The team intends to trace system requirements to specific test cases to be performed during the Factory Acceptance Test (FAT).

2. Maintenance Workstation- SE Section 3.10.1.7 -IEEE 7-4.3.21dentification- Observe how MWS Tristation 1131 is used to verify that correct software is installed into the DCPP system hardware. Determine if this verification activity can be done with system operable and if surveillance tests will be performed to periodically verify that software is correct.

3. Additional topic areas to be covered during second audit:

a. Time Response -The NRC will review the relation between the specified time response requirements for PPS and the safety analysis response time assumptions listed in the UFSAR Table 15.1-2. The objective of this audit activity is to understand and confirm how the PPS component of the overall safety system response time assumptions is derived.

b. Software V&V- Review the lnvensys V&V program and the Diablo Canyon specific V&V plan.

i. Perform follow-up thread audit of selected requirements, during which lnvensys staff will be asked to track the implementation of those various system and software requirements through each phase of the design process using the requirements traceability matrix, and to show how the design phase outputs were subject to the V&V process activities.

ii. Evaluate the effectiveness of the Software V&V plans for each phase of the software life cycle for establishing an implementation of V&V activities in the design and design acceptance process and determine if the V&V team was sufficiently independent in terms of cost, schedule and management. The V&V Summary reports will be used as a guide for this activity.

c. Configuration Management - Review the configuration management system used for the Diablo Canyon PPS software development and interview lnvensys personnel responsible for performing configuration management activities.

i. Postulate a change in controlled document (at least one procedure, and one design output). lnvensys personnel will be asked to generate the paperwork, and walk through the processes for managing such a change.

ii. The NRC staff will ask for an example of an actual problem which occurred during the process of developing the Diablo Canyon PPS application. The audit team will review the resulting paperwork and determine if the process for resolution of the identified problem was successful in achieving a satisfactory result.

iii. The audit team will discuss the processes used to control software configuration if two or more people check out a particular version of a controlled item. The team will also access how the resulting changes are controlled.

d. Software Quality Assurance -The audit team will review the QA processes with the lnvensys Quality Assurance manager responsible for Software QA to determine that the program is effective in assuring quality of the Diablo Canyon PPS application software.

i. Postulate a problem with SQA. Ask the SQA manager to generate the paperwork, and walk through the way it would be processed if this were a real problem. This should include the entire process through to final approvals and changes.

ii. The audit team will ask for an example of an actual problem which occurred during the process of developing the Diablo Canyon application.

The team will review the resulting paperwork and determine if the resolution to the problems was satisfactory.

e. Software Safety - The audit team will review the software safety processes with representatives of the QA and IW organizations. The team will determine if the software safety plans and the procedures used during the software safety analysis activities were adequate to assure the software was acceptable to be used in the safety related application at Diablo Canyon. The audit team will review the Diablo Canyon PPS Safety Analysis, and determine the effectiveness of this analysis in identification and mitigation of software hazards.

f. Tricon Alternative to ISG-04, position 10 - The audit team will review the function blocks in the application program associated with operation of the key switch (i.e.,

voting of the keyswitch position) and required actions to be performed on a change of keyswitch position. In addition, the audit team will review the function (i.e., gated access) that enables the maintenance workstation to write to internal tag names when the keyswitch is in the RUN position. w

g. Secure Development Environment -The audit team will verify that the development environment established for the Diablo Canyon PPS system development effort conforms to the requirements of RG 1.152, Revision 3.

Information Necessary for the Regulatory Audit The following documentation and supporting materials will be required for performance of this audit. The NRC requests that hard copies of these documents be available to the audit team upon arrival at the lnvensys facilities.

• Configuration Diagrams for the Tricon portion of the Diablo Canyon PPS system.

• PPS Architecture drawings as required to demonstrate required functionality.

• Diablo Canyon PPS Project Procedure Manual

• Diablo Canyon PPS Project Instructions (PI) (e.g., PI 7.0 "Application Program Development for the PG&E DCPP PPS Replacement Project, 993754-1-951 ")

• Technical Requirements List, 993754-1-808

• DCPP PPS Secure Development Environment Vulnerability Assessment The audit staff also requires access to the current Requirements Traceability Matrix information in order to observe that applicable functional requirements are correctly implemented in the PPS. Furthermore, the Licensee and lnvensys Documentation referenced below shall be available for review and use by the audit team.

Team Assignments I Resource Estimates The resource estimate for this audit visit is approximately 200 hours0.00231 days <br />0.0556 hours <br />3.306878e-4 weeks <br />7.61e-5 months <br /> of direct inspection effort.

The NRC staff performing this audit will be:

NRC/NRR/DE/EICB

• Richard Stattel (301 )415-8472

• Rossnyev Alvarado (301)415-6808

• Samir Darbali (301 )415-1360 NRC/Region IV/DRS/EB2

• Shiattin Maker (817)200-1507 NRC/Region II

• Representative TBD This Audit will be conducted at the lnvensys Operations Management offices in Lake Forest California. The Estimated length of the audit is three days.

Logistics The audit will start on the morning of June 3, 2014 (Tuesday) and conclude at the close of business June 5, 2014 (Thursday).

Our tentative schedule for the audit is as follows:

Tuesday, June 3 (9:00am-5:30pm) o 9 am - Entrance meeting (NRC staff- purpose of audit) o 10 am - 11 am - Tricon documentation status review and discussion o 11 am - Noon - Review Results of first audit o 1 pm- Tentative plan is for audit team to jointly work on a requirements thread to see an overview of the entire software development process.

Wednesday- June 4 (9:00 am - 5:30 pm) o 9 am - Morning meeting between NRC staff and IOM to discuss activities and logistics for the day o 9:30am- Review of PPS documentation I Interviews with key 10M personnel- staff may work together or individually, as circumstances dictate o 2 pm - 4 pm - Discuss Preliminary Inspection Items List with Licensee o 4:30pm- NRC staff internal meeting o 5 pm (as needed)- NRC staff and 10M discuss any observations from the day Thursday, June 5 (9:00 am - 5:30 pm) o 9 am- Morning meeting between NRC staff and lnvensys to discuss activities and logistics for the day o 3 pm - NRC staff internal meeting ~ identification I resolution of any open items o 4 pm- Exit meeting (NRC staff- general overview of observations & identification of any open items)

Deliverables At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope.

The NRC Regulatory Audit Report will be issued by July 25, 2014.

References Licensee and lnvensys Documentation:

• Triconex approved topical report 7286-545-1-a revision 4, Nuclear Qualification of V1 0 Tricon Triple Modular Redundant (TMR) PLC system. NRC approved version (ML12146a010)

• Diablo Canyon PPS License Amendment Request ML113070457

• 993754-1-909 Diablo Canyon Triconex PPS Software Configuration Management Plan

• 993754-1-801 Diablo Canyon Triconex PPS Software Quality Assurance Plan

• 993754-1-802 Diablo Canyon Triconex PPS Software V&V Plan

• 993754-1-900, Diablo Canyon Triconex PPS Project Quality Plan

• 993754-1-905, Diablo Canyon Triconex PPS Project management Plan

• 993754-1-906, Diablo Canyon Triconex PPS Software Development Plan

• 993754-1-915-P, Project Specific Design Phase Software Safety Analysis

• 99375-1-860, Requirements Phase Summary Report

• 993754-1-804, Project Traceability Matrix

• 993754-11-810, 993754-12-810, 993754-13-810, 993754-14-810, Software Design Description

• 993754-1-916, V10 Tricon Reference Design Changes Analysis

• NTX-SER-09-21, Summary of the lnvensys Project Procedures Manual for Safety-Related Work

• Project Discrepancy Report (DPR) IRTX#21105 and Technical Advisory Bulletin (TAB) 183

• Tricon VI0.5.2 V&V Test Report

• Software Release Definition (SRD) VI 0.5.2, 6200003-226

• PDR IRTX#22481

• Product Alert Notice (PAN) 25

• 9100428-001, Engineering Project Plan (EPP) Tricon PAN 25 Fix, 9100428-001

• Tricon PAN25 Master Test Report

• 6200003-230, Software Release Definition (SRD) VI 0.5.3, 6200003-230

• Product Alert Notice (PAN) 22

• Product Alert Notice (PAN) 24

• Technical Advisory Notice (TAB) 147

• 9100359-001, Engineering Project Plan (EPP) TriStation V4.9 & Safety View Apps, 9100359-001

• TriStation 1131 V 4.9.0 Master Test Report

• 6200097-038, Software Release Definition (SRD) TriStation 1131 V4.9.0, 6200097-038 NRC Guidance:

• Standard Review Plan (NUREG-0800), Chapter 7, "Instrumentation and Controls"

• Regulatory Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants"

• Regulatory Guide 1.153, Revision 1, "Criteria for Safety Systems"

• Regulatory Guide 1.168, Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants"

• Regulatory Guide 1.169, "Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants"

• Regulatory Guide 1.173, dated September 1997, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants"

• Regulatory Guide 5. 71, dated January 2010, "Cyber Security Programs for Nuclear Facilities"

• NEI 08-09, dated April 2010, "Cyber Security Plan for Nuclear Power Reactors,"

Revision 2 Industry Standards:

• IEEE Std 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations"

• IEEE Std 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations"

• IEEE Std 828-1990, "IEEE Standard for Software Configuration Management Plans"

• IEEE Std 829-1998, "IEEE Standard for Software Test Documentation"

• ANSI/IEEE Std 1008-1987, "IEEE Standard for Software Unit Testing"

• IEEE Std 1012-1998, "IEEE Standard for Software Verification and Validation"

• IEEE Std 1028-1997, "IEEE Standard for Software Reviews and Audits"

• ANSI/IEEE Std 1042-1987, "IEEE Guide to Software Configuration Management"

• IEEE Std 1074-1995, "IEEE Standard for Developing Software Life Cycle Processes" Two members of the public were in attendance for the teleconference meeting and no public meeting feedback forms were submitted.

Please direct any inquiries to me at 301-415-2833 or at Peter.Bamford@nrc.gov.

IRA/

Peter Bamford, Project Manager Plant Licensing Branch IV-1 Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosures:

1. List of Attendees

2. Open Items Listing

3. Project Plan

4. Draft lnvensys Audit Plan cc w/encls: Distribution via Listserv DISTRIBUTION:

PUBLIC RidsNrrLAJBurkhardt Resource RStattel, NRR/DE/EICB LPL4-1 Reading RidsNrrPMDiabloCanyon Resource RAivarado, NRR/DE/EICB RidsAcrsAcnw_MaiiCTR Resource RidsNsirDsp Resource WMaier, RIV RidsNrrDeEicb Resource RidsRgn4MaiiCenter Resource SMakor, RIV/DRS/EB2 RidsNrrDorl Resource JNick, EDO RIV RidsNrrDorllpl4-1 Resource TWertz, NRR ADAMS A ccess1on NOS. Meetmg NOICe f ML14085A118 Meef mg S ummary ML14113A493 OFFICE NRRIDORULPL4-1/PM NRRIDORULPL4-2/LA NRRIDE/EICB NRRIDORULPL4-1/BC NRR/DORULPL4-1/PM NAME PBamford JBurkhardt RStattel MMarkley PBamford DATE 5/2/14 5/1/14 5/2/14 5/6/14 5/6/14 OFFICIAL RECORD COPY