ML12276A050: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(StriderTol Bot change)
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
| number = ML12276A050
| number = ML12276A050
| issue date = 10/10/2012
| issue date = 10/10/2012
| title = Regulatory Audit Plan for 11/13-16/2012 Audit at the Invensys Operations Management Facility in Lake Forest, CA, to Support Digital Replacement of Process Protection System License Amendment Request (TAC ME7522 and ME7523)
| title = Regulatory Audit Plan for 11/13-16/2012 Audit at the Invensys Operations Management Facility in Lake Forest, CA, to Support Digital Replacement of Process Protection System License Amendment Request
| author name = Sebrosky J M
| author name = Sebrosky J
| author affiliation = NRC/NRR/DORL/LPLIV
| author affiliation = NRC/NRR/DORL/LPLIV
| addressee name = Halpin E D
| addressee name = Halpin E
| addressee affiliation = Pacific Gas & Electric Co
| addressee affiliation = Pacific Gas & Electric Co
| docket = 05000275, 05000323
| docket = 05000275, 05000323
| license number = DPR-080, DPR-082
| license number = DPR-080, DPR-082
| contact person = Sebrosky J M
| contact person = Sebrosky J
| case reference number = TAC ME7522, TAC ME7523
| case reference number = TAC ME7522, TAC ME7523
| document type = Letter
| document type = Letter
Line 18: Line 18:


=Text=
=Text=
{{#Wiki_filter:UNITED NUCLEAR REGULATORY WASHINGTON, D.C. 20555-0001 October 10, 2012 Mr. Edward D. Halpin Senior Vice President and Chief Nuclear Officer Pacific Gas and Electric Company Diablo Canyon Power Plant P.O. Box 56, Mail Code 104/6 Avila Beach, CA 93424 DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 -REGULATORY AUDIT PLAN FOR NOVEMBER 13-16, 2012, AUDIT AT THE INVENSYS OPERATIONS MANAGEMENT FACILITY IN LAKE FOREST, CALIFORNIA, TO SUPPORT REVIEW OF DIGITAL INSTRUMENTATION AND CONTROL LICENSE AMENDMENT REQUEST (TAC NOS. ME7522 AND ME7523)  
{{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 October 10, 2012 Mr. Edward D. Halpin Senior Vice President and Chief Nuclear Officer Pacific Gas and Electric Company Diablo Canyon Power Plant P.O. Box 56, Mail Code 104/6 Avila Beach, CA 93424
 
==SUBJECT:==
DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 - REGULATORY AUDIT PLAN FOR NOVEMBER 13-16, 2012, AUDIT AT THE INVENSYS OPERATIONS MANAGEMENT FACILITY IN LAKE FOREST, CALIFORNIA, TO SUPPORT REVIEW OF DIGITAL INSTRUMENTATION AND CONTROL LICENSE AMENDMENT REQUEST (TAC NOS. ME7522 AND ME7523)


==Dear Mr. Halpin:==
==Dear Mr. Halpin:==
By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2, and September 11, 2012 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML 113070457, ML 113610541, ML 12094A072, ML 12131A513, ML 12170A837, ML 12222A094, and ML 12256A308, respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP. To support its safety evaluation, the NRC Instrumentation and Controls Branch will conduct an audit at the Invensys Operations Management facilities in Lake Forest California from November 13-16, 2012. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS for use at DCPP which will meet regulatory requirements.
 
This audit will provide information necessary to complete the NRC staff's evaluation of the proposed Tricon portion of the DCPP PPS. Enclosed is the plan to support this audit.
By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2, and September 11, 2012 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094, and ML12256A308, respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.
E. Halpin -If you have any questions, please contact me at 301-415-1132 or via e-mail at joseph.sebrosky@nrc.gov. Docket Nos. 50-275 and  
To support its safety evaluation, the NRC Instrumentation and Controls Branch will conduct an audit at the Invensys Operations Management facilities in Lake Forest California from November 13-16, 2012. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS for use at DCPP which will meet regulatory requirements. This audit will provide information necessary to complete the NRC staff's evaluation of the proposed Tricon portion of the DCPP PPS. Enclosed is the plan to support this audit.
 
E. Halpin                                   - 2 If you have any questions, please contact me at 301-415-1132 or via e-mail at joseph.sebrosky@nrc.gov.
Docket Nos. 50-275 and 50-323


==Enclosure:==
==Enclosure:==


As stated cc w/encl: Distribution via listserv NRC INSTRUMENTATION AND CONTROL DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 DIGITAL PROCESS PROTECTION SYSTEM REGULATORY AUDIT PLAN NOVEMBER 13-16,2012 LAKE FOREST, CALIFORNIA BACKGROUND The U.S. Nuclear Regulatory Commission (NRC) staff is currently engaged in a review of a digital safety system replacement for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). By letter dated October 26, 2011, Pacific Gas and Electric Company (PG&E) submitted a license amendment request (LAR) to replace the DCPP Eagle 21 Process Protection System (PPS) with a new digital PPS (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 113070457).
As stated cc w/encl: Distribution via listserv
The LAR requested NRC review and approval of the proposed design. REGULATORY AUDIT BASIS To support its safety evaluation, the NRC Instrumentation and Controls Branch (EICB) will conduct an audit at the Invensys Operations Management (10M) facilities in Lake Forest California.
 
The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS system for use at DCPP which will meet regulatory requirements.
NRC INSTRUMENTATION AND CONTROL BRANCH DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 DIGITAL PROCESS PROTECTION SYSTEM REGULATORY AUDIT PLAN NOVEMBER 13-16,2012 LAKE FOREST, CALIFORNIA BACKGROUND The U.S. Nuclear Regulatory Commission (NRC) staff is currently engaged in a review of a digital safety system replacement for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). By letter dated October 26, 2011, Pacific Gas and Electric Company (PG&E) submitted a license amendment request (LAR) to replace the DCPP Eagle 21 Process Protection System (PPS) with a new digital PPS (Agencywide Documents Access and Management System (ADAMS) Accession No. ML113070457). The LAR requested NRC review and approval of the proposed design.
This audit will provide information necessary to complete the NRC staff's evaluation of the proposed Tricon portion of the DCPP PPS. REGULATORY AUDIT SCOPE The objective of this audit is to verify via an independent evaluation, that the software products to be used at DCPP for the PPS system conform to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process. A review of activities associated with the licensee's cyber security plan will also be conducted.
REGULATORY AUDIT BASIS To support its safety evaluation, the NRC Instrumentation and Controls Branch (EICB) will conduct an audit at the Invensys Operations Management (10M) facilities in Lake Forest California. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS system for use at DCPP which will meet regulatory requirements. This audit will provide information necessary to complete the NRC staff's evaluation of the proposed Tricon portion of the DCPP PPS.
REGULATORY AUDIT SCOPE The objective of this audit is to verify via an independent evaluation, that the software products to be used at DCPP for the PPS system conform to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process. A review of activities associated with the licensee's cyber security plan will also be conducted.
The Tricon V10 platform was approved by NRC for referencing in LARs. The V1 0 platform was approved with version V10.5.1 software; however version 10.5.3 is planned to be installed at DCPP for the PPS system. Therefore, the NRC staff will audit the platform changes made for this Tricon V1 0 version to ensure it complies with the applicable regulations, standards, guidelines, plans, and procedures.
The Tricon V10 platform was approved by NRC for referencing in LARs. The V1 0 platform was approved with version V10.5.1 software; however version 10.5.3 is planned to be installed at DCPP for the PPS system. Therefore, the NRC staff will audit the platform changes made for this Tricon V1 0 version to ensure it complies with the applicable regulations, standards, guidelines, plans, and procedures.
AUDIT REQUIREMENTS Software Verification and Validation  
AUDIT REQUIREMENTS
-Verify that the DCPP PPS application software verification and validation (V&V) program meets the requirements of Institute of Electrical and Electronics Engineers (IEEE) Standard IEEE-1012, "Standard for Software Enclosure
* Software Verification and Validation - Verify that the DCPP PPS application software verification and validation (V&V) program meets the requirements of Institute of Electrical and Electronics Engineers (IEEE) Standard IEEE-1012, "Standard for Software Enclosure
-2 Verification and Validation," and that the V&V program is implemented in a manner which reliably verifies and validates the design outputs of each stage of the design process. Configuration Management
-Verify that the configuration management system has the appropriate hardware and software under configuration management, and that the configuration management system is effectively controlling the items under configuration management. Software Quality Assurance
-Verify that the Software Quality Assurance (SQA) program is effective in controlling the software development process to assure quality of the DCPP PPS application software. Software Safety -Verify that the software safety plans and the plans and procedures used during the software safety analysis activities were adequate to determine that the software is safe to be used in a safety related application at DCPP. Tricon V10 Platform Reference Design Changes -Verify the impact of changes between the NRC-approved Tricon version 10.5.1 and Tricon version 10.5.3. Tricon version 10.5.3 is intended to be utilized for the DCPP PPS replacement as stated in PG&E's letter dated August 2,2012 (ADAMS Accession No. ML 12256A308).
Verify the hardware and software changes for version 10.5.3 were developed and tested in accordance with the approved regulatory requirements for the V1 0 Tricon platform. Cyber Security -Review the activities associated with addressing system and services acquisition controls as set forth in the licensee's NRC-approved Cyber Security Plan, and in accordance with Section 73.54, "Protection of digital computer and communication systems and networks," of Title 10 of the Code of Federal Regulations (10 CFR), will be conducted.
INFORMATION NECESSARY FOR THE REGULATORY AUDIT Documentation and supporting materials will be required for performance of this audit. The following materials shall be available for review to the audit team upon arrival at the 10M facilities: Configuration diagrams for the Tricon portion of the DCPP PPS system. PPS architecture drawings as required to demonstrate required functionality. DCPP PPS Project Procedure Manual. DCPP PPS Project Instructions (PI) (e.g., PI 7.0, "Application Program Development for the PG&E DCPP PPS Replacement Project. 993754-1-951
"). 
-Technical Requirements List, 993754-1-808. Documentation associated with the how Invensys addressed system and services acquisition control requirements obtained from the licensee.
The audit staff also requires access to the current Requirements Traceability Matrix information in order to observe that applicable functional requirements are correctly implemented in the PPS. Furthermore, the licensee's and Invensys's documentation referenced below shall be available for review and use by the audit team. TEAM ASSIGNMENTS
/ RESOURCE ESTIMATES The resource estimate for this audit visit is approximately 160 hours of direct inspection effort. The following NRC staff performing this audit will be: NRC/NRR/DE/EICB: Richard Stattel (301) 415-8472 Bill Kemper (301) 415-0927 Rossnyev Alvarado (301) 415-6808 NRC/Region IV/DRS/EB2 Shiattin Makor (817) 200-1507 NRC/NSIR/ Darryl Parsons (301) 415-7751 George Simonds (301) 415-0722 This audit will be conducted at the 10M offices in Lake Forest, California.
The estimated length of the audit is 4 days. LOGISTICS The audit will take place at the 10M facilities in Lake Forest, California.
The audit will start on the morning of Tuesday, November 13, 2012, and conclude at the close of business on Friday, November 16, 2012. The tentative schedule for the audit is as follows: Tuesday, November 13,2012 (9:00 a.m. -5:30 p.m.) 9:00 a.m. -Entrance meeting (NRC staff -purpose of audit; 10M brief overview of PPS project and facility) 10:00 a.m. -Factory / training facility tour 1 :00 p.m. -Tentative plan is for audit team to jointly work on a requirements thread to see an overview of the entire software development process.
* Wednesday
-Thursday, November 14-15. 2012 (9:00 a.m. -5:30 p.m.> 9:00 a.m. -Morning meeting between NRC staff and 10M to discuss activities and logistics for the day 9:30 a.m. -Review of PPS documentation I Interviews with key 10M personnel.
NRC staff may work together or individually, as circumstances dictate. 4:30 p.m. -NRC staff internal meeting 5:00 p.m. (as needed) -NRC staff and 10M to discuss any observations from the day Friday. November 16, 2012 (9:00 a.m. -5:30 p.m.) 9:00 a.m. -NRC staff internal meeting -identification I resolution of any open items 2:00 p.m. -Exit meeting (NRC staff -general overview of observations and identification of any open items) As circumstances dictate, the above schedule can be modified.
DELIVERABLES At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope. The NRC regulatory audit report will be issued by December 14, 2012. A separate audit report for cyber security will be issued on the same date. REFERENCES Licenseellnvensys Documentation: Triconex-approved topical report 7286-545-1-A, Revision 4, Nuclear Qualification of V10 Tricon Triple Modular Redundant (TMR) PLC system; NRC-approved version (ADAMS Accession No. ML 12146A010). Diablo Canyon PPS License Amendment Request dated October 26, 2011 993754-1-909, Diablo Canyon Triconex PPS Software Configuration Management Plan 993754-1-801, Diablo Canyon Triconex PPS Software Quality Assurance Plan 993754-1-802, Diablo Canyon Triconex PPS Software V&V Plan 993754-1-900, Diablo Canyon Triconex PPS Project Quality Plan 993754-1-905, Diablo Canyon Triconex PPS Project management Plan 
-993754-1-906, Diablo Canyon Triconex PPS Software Development Plan 993754-1-915-P, Project Specific Design Phase Software Safety Analysis 99375-1-860, Requirements Phase Summary Report 993754-1-804, Project Traceability Matrix 993754-11-810,993754-12-810, 993754-13-810, 993754-14-810, Software Design Description 993754-1-916, V10 Tricon Reference Design Changes Analysis NTX-SER-09-21, Summary of the Invensys Project Procedures Manual for Safety-Related Work Project Discrepancy Report (DPR) IRTX#21105 and Technical Advisory Bulletin (TAB) 183 Tricon V10.5.2 V&V Test Report Software Release Definition (SRD) VI 0.5.2, 6200003-226 PDR IRTX#22481 Product Alert Notice (PAN) 25 9100428-001, Engineering Project Plan (EPP) Tricon PAN 25 Fix, 9100428-001 Tricon PAN25 Master Test Report 6200003-230, Software Release Definition (SRD) VI 0.5.3, 6200003-230 Product Alert Notice (PAN) 22 Product Alert Notice (PAN) 24 Technical Advisory Notice (TAB) 147 9100359-001, Engineering Project Plan (EPP) TriStation V4.9 & Safety View Apps, 9100359-001 TriStation 1131 V 4.9.0 Master Test Report 6200097-038, Software Release Definition (SRD) TriStation 1131 V4.9.0, 6200097 -038 NRC Guidance: NUREG-0800, "Review of Safety Analysis Reports for Nuclear Power Plants," Chapter 7, "Instrumentation and Controls" Regulatory Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants," July 2011 (ADAMS Accession No. ML 102870072). 
-6 Regulatory Guide 1.153, Revision 1, "Criteria for Safety Systems," June 1996 (ADAMS Accession No. ML003740022). Regulatory Guide 1.168, Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," February 2004 (ADAMS Accession No. ML040410189). Regulatory Guide 1.169, "Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," September 1997 (ADAMS Accession No. ML003740105). Regulatory Guide 1.173, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," September 1997 (ADAMS Accession No. ML003740101). Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities," January 2010 (ADAMS Accession No. ML090340159). NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," April 2010 (ADAMS Accession No. ML 101180437).
Industry Standards: IEEE Std 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations" IEEE Std 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations" IEEE Std 828-1990, "IEEE Standard for Software Configuration Management Plans" IEEE Std 829-1998, "IEEE Standard for Software Test Documentation" American National Standards Institute (ANSI)/IEEE Std 1008-1987, "IEEE Standard for Software Unit Testing" IEEE Std 1012-1998, "IEEE Standard for Software Verification and Validation" IEEE Std 1028-1997, "IEEE Standard for Software Reviews and Audits" ANSIIIEEE Std 1042-1987, "IEEE Guide to Software Configuration Management" IEEE Std 1074-1995, "IEEE Standard for Developing Software Life Cycle Processes" E. Halpin -2 If you have any questions, please contact me at 301-415-1132 or via e-mail at joseph. sebrosky@nrc.gov.
Docket Nos. 50-275 and 50-323


==Enclosure:==
                                                    -2 Verification and Validation," and that the V&V program is implemented in a manner which reliably verifies and validates the design outputs of each stage of the design process.
* Configuration Management - Verify that the configuration management system has the appropriate hardware and software under configuration management, and that the configuration management system is effectively controlling the items under configuration management.
* Software Quality Assurance - Verify that the Software Quality Assurance (SQA) program is effective in controlling the software development process to assure quality of the DCPP PPS application software.
* Software Safety - Verify that the software safety plans and the plans and procedures used during the software safety analysis activities were adequate to determine that the software is safe to be used in a safety related application at DCPP.
* Tricon V10 Platform Reference Design Changes - Verify the impact of changes between the NRC-approved Tricon version 10.5.1 and Tricon version 10.5.3. Tricon version 10.5.3 is intended to be utilized for the DCPP PPS replacement as stated in PG&E's letter dated August 2,2012 (ADAMS Accession No. ML12256A308). Verify the hardware and software changes for version 10.5.3 were developed and tested in accordance with the approved regulatory requirements for the V1 0 Tricon platform.
* Cyber Security - Review the activities associated with addressing system and services acquisition controls as set forth in the licensee's NRC-approved Cyber Security Plan, and in accordance with Section 73.54, "Protection of digital computer and communication systems and networks," of Title 10 of the Code of Federal Regulations (10 CFR), will be conducted.
INFORMATION NECESSARY FOR THE REGULATORY AUDIT Documentation and supporting materials will be required for performance of this audit. The following materials shall be available for review to the audit team upon arrival at the 10M facilities:
* Configuration diagrams for the Tricon portion of the DCPP PPS system.
* PPS architecture drawings as required to demonstrate required functionality.
* DCPP PPS Project Procedure Manual.
* DCPP PPS Project Instructions (PI) (e.g., PI 7.0, "Application Program Development for the PG&E DCPP PPS Replacement Project. 993754-1-951 ").
 
                                                  - 3
* Technical Requirements List, 993754-1-808.
* Documentation associated with the how Invensys addressed system and services acquisition control requirements obtained from the licensee.
The audit staff also requires access to the current Requirements Traceability Matrix information in order to observe that applicable functional requirements are correctly implemented in the PPS. Furthermore, the licensee's and Invensys's documentation referenced below shall be available for review and use by the audit team.
TEAM ASSIGNMENTS / RESOURCE ESTIMATES The resource estimate for this audit visit is approximately 160 hours of direct inspection effort.
The following NRC staff performing this audit will be:
NRC/NRR/DE/EICB:
* Richard Stattel (301) 415-8472
* Bill Kemper (301) 415-0927
* Rossnyev Alvarado (301) 415-6808 NRC/Region IV/DRS/EB2
* Shiattin Makor (817) 200-1507 NRC/NSIR/
* Darryl Parsons (301) 415-7751
* George Simonds (301) 415-0722 This audit will be conducted at the 10M offices in Lake Forest, California. The estimated length of the audit is 4 days.
LOGISTICS The audit will take place at the 10M facilities in Lake Forest, California. The audit will start on the morning of Tuesday, November 13, 2012, and conclude at the close of business on Friday, November 16, 2012.
The tentative schedule for the audit is as follows:
* Tuesday, November 13,2012 (9:00 a.m. - 5:30 p.m.)
9:00 a.m. - Entrance meeting (NRC staff - purpose of audit; 10M staff brief overview of PPS project and facility) 10:00 a.m. - Factory / training facility tour 1:00 p.m. - Tentative plan is for audit team to jointly work on a requirements thread to see an overview of the entire software development process.
 
                                                  -4
* Wednesday - Thursday, November 14-15. 2012 (9:00 a.m. - 5:30 p.m.>
9:00 a.m. - Morning meeting between NRC staff and 10M to discuss activities and logistics for the day 9:30 a.m. - Review of PPS documentation I Interviews with key 10M personnel. NRC staff may work together or individually, as circumstances dictate.
4:30 p.m. - NRC staff internal meeting 5:00 p.m. (as needed) - NRC staff and 10M to discuss any observations from the day
* Friday. November 16, 2012 (9:00 a.m. - 5:30 p.m.)
9:00 a.m. - NRC staff internal meeting - identification I resolution of any open items 2:00 p.m. - Exit meeting (NRC staff - general overview of observations and identification of any open items)
As circumstances dictate, the above schedule can be modified.
DELIVERABLES At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope.
The NRC regulatory audit report will be issued by December 14, 2012. A separate audit report for cyber security will be issued on the same date.
REFERENCES Licenseellnvensys Documentation:
* Triconex-approved topical report 7286-545-1-A, Revision 4, Nuclear Qualification of V10 Tricon Triple Modular Redundant (TMR) PLC system; NRC-approved version (ADAMS Accession No. ML12146A010).
* Diablo Canyon PPS License Amendment Request dated October 26, 2011
* 993754-1-909, Diablo Canyon Triconex PPS Software Configuration Management Plan
* 993754-1-801, Diablo Canyon Triconex PPS Software Quality Assurance Plan
* 993754-1-802, Diablo Canyon Triconex PPS Software V&V Plan
* 993754-1-900, Diablo Canyon Triconex PPS Project Quality Plan
* 993754-1-905, Diablo Canyon Triconex PPS Project management Plan
 
                                          - 5
* 993754-1-906, Diablo Canyon Triconex PPS Software Development Plan
* 993754-1-915-P, Project Specific Design Phase Software Safety Analysis
* 99375-1-860, Requirements Phase Summary Report
* 993754-1-804, Project Traceability Matrix
* 993754-11-810,993754-12-810, 993754-13-810, 993754-14-810, Software Design Description
* 993754-1-916, V10 Tricon Reference Design Changes Analysis
* NTX-SER-09-21, Summary of the Invensys Project Procedures Manual for Safety-Related Work
* Project Discrepancy Report (DPR) IRTX#21105 and Technical Advisory Bulletin (TAB) 183
* Tricon V10.5.2 V&V Test Report
* Software Release Definition (SRD) VI 0.5.2, 6200003-226
* PDR IRTX#22481
* Product Alert Notice (PAN) 25
* 9100428-001, Engineering Project Plan (EPP) Tricon PAN 25 Fix, 9100428-001
* Tricon PAN25 Master Test Report
* 6200003-230, Software Release Definition (SRD) VI 0.5.3, 6200003-230
* Product Alert Notice (PAN) 22
* Product Alert Notice (PAN) 24
* Technical Advisory Notice (TAB) 147
* 9100359-001, Engineering Project Plan (EPP) TriStation V4.9 & Safety View Apps, 9100359-001
* TriStation 1131 V 4.9.0 Master Test Report
* 6200097-038, Software Release Definition (SRD) TriStation 1131 V4.9.0, 6200097 -038 NRC Guidance:
* NUREG-0800, "Review of Safety Analysis Reports for Nuclear Power Plants,"
Chapter 7, "Instrumentation and Controls"
* Regulatory Guide 1.152, Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants," July 2011 (ADAMS Accession No. ML102870072).
 
                                            -6
* Regulatory Guide 1.153, Revision 1, "Criteria for Safety Systems," June 1996 (ADAMS Accession No. ML003740022).
* Regulatory Guide 1.168, Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," February 2004 (ADAMS Accession No. ML040410189).
* Regulatory Guide 1.169, "Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," September 1997 (ADAMS Accession No. ML003740105).
* Regulatory Guide 1.173, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants,"
September 1997 (ADAMS Accession No. ML003740101).
* Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities,"
January 2010 (ADAMS Accession No. ML090340159).
* NEI 08-09, Revision 6, "Cyber Security Plan for Nuclear Power Reactors," April 2010 (ADAMS Accession No. ML101180437).
Industry Standards:
* IEEE Std 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations"
* IEEE Std 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations"
* IEEE Std 828-1990, "IEEE Standard for Software Configuration Management Plans"
* IEEE Std 829-1998, "IEEE Standard for Software Test Documentation"
* American National Standards Institute (ANSI)/IEEE Std 1008-1987, "IEEE Standard for Software Unit Testing"
* IEEE Std 1012-1998, "IEEE Standard for Software Verification and Validation"
* IEEE Std 1028-1997, "IEEE Standard for Software Reviews and Audits"
* ANSIIIEEE Std 1042-1987, "IEEE Guide to Software Configuration Management"
* IEEE Std 1074-1995, "IEEE Standard for Developing Software Life Cycle Processes"


As stated cc w/encl: Distribution via Listserv DISTRIBUTION:
ML12276A050 OFFICE NRR/LPL4/PM         NRR/LPL4/LA   NRR/DE/EICB/BC       NRR/LPL4/BC   NRR/LPL4/PM NAME     JSebrosky         JBurkhardt     JThorp (NCarte for) MMarkley       JSebrosky DATE     10/9/12           10/5/12       10/10/12             10/10/12       10/10/12}}
PUBLIC LPL4 R/F RidsAcrsAcnw
_MaiICTR Resource RidsNrrDeEicb Resource RidsNrrDorlLpl4 Resource RidsNrrLAJBurkhardt Resource RidsNrrPMDiabloCanyon Resource RidsOgcRp Resource RidsRgn4MailCenter Resource WKemper, NRRIDE/EICB RStattel, NRRIDE/EICB RAlvarado, NRR/DE/EICB SMakor, RIV/DRS/EB2 Sincerely, IRA! Joseph M. Sebrosky, Senior Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation ADAMS Accession No.: ML 12276A050 OFFICE NRR/LPL4/PM NRR/LPL4/LA NRR/DE/EICB/BC NRR/LPL4/BC NRR/LPL4/PM NAME JSebrosky JBurkhardt JThorp (NCarte for) MMarkley JSebrosky DATE 10/9/12 10/5/12 10/10/12 10/10/12 10/10/12 OFFICIAL RECORD}}

Latest revision as of 12:18, 20 March 2020

Regulatory Audit Plan for 11/13-16/2012 Audit at the Invensys Operations Management Facility in Lake Forest, CA, to Support Digital Replacement of Process Protection System License Amendment Request
ML12276A050
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 10/10/2012
From: Joseph Sebrosky
Plant Licensing Branch IV
To: Halpin E
Pacific Gas & Electric Co
Sebrosky J
References
TAC ME7522, TAC ME7523
Download: ML12276A050 (9)


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 October 10, 2012 Mr. Edward D. Halpin Senior Vice President and Chief Nuclear Officer Pacific Gas and Electric Company Diablo Canyon Power Plant P.O. Box 56, Mail Code 104/6 Avila Beach, CA 93424

SUBJECT:

DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 - REGULATORY AUDIT PLAN FOR NOVEMBER 13-16, 2012, AUDIT AT THE INVENSYS OPERATIONS MANAGEMENT FACILITY IN LAKE FOREST, CALIFORNIA, TO SUPPORT REVIEW OF DIGITAL INSTRUMENTATION AND CONTROL LICENSE AMENDMENT REQUEST (TAC NOS. ME7522 AND ME7523)

Dear Mr. Halpin:

By letter dated October 26, 2011, as supplemented by letters dated December 20, 2011, and April 2, April 30, June 6, August 2, and September 11, 2012 (Agencywide Documents Access and Management System (ADAMS) Accession Nos. ML113070457, ML113610541, ML12094A072, ML12131A513, ML12170A837, ML12222A094, and ML12256A308, respectively), Pacific Gas and Electric (PG&E, the licensee), requested the U.S. Nuclear Regulatory Commission (NRC) staff's approval of an amendment for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). The proposed license amendment request would provide a digital replacement of the Process Protection System (PPS) portion of the Reactor Trip System and Engineered Safety Features Actuation System at DCPP.

To support its safety evaluation, the NRC Instrumentation and Controls Branch will conduct an audit at the Invensys Operations Management facilities in Lake Forest California from November 13-16, 2012. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS for use at DCPP which will meet regulatory requirements. This audit will provide information necessary to complete the NRC staff's evaluation of the proposed Tricon portion of the DCPP PPS. Enclosed is the plan to support this audit.

E. Halpin - 2 If you have any questions, please contact me at 301-415-1132 or via e-mail at joseph.sebrosky@nrc.gov.

Docket Nos. 50-275 and 50-323

Enclosure:

As stated cc w/encl: Distribution via listserv

NRC INSTRUMENTATION AND CONTROL BRANCH DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 DIGITAL PROCESS PROTECTION SYSTEM REGULATORY AUDIT PLAN NOVEMBER 13-16,2012 LAKE FOREST, CALIFORNIA BACKGROUND The U.S. Nuclear Regulatory Commission (NRC) staff is currently engaged in a review of a digital safety system replacement for the Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP). By letter dated October 26, 2011, Pacific Gas and Electric Company (PG&E) submitted a license amendment request (LAR) to replace the DCPP Eagle 21 Process Protection System (PPS) with a new digital PPS (Agencywide Documents Access and Management System (ADAMS) Accession No. ML113070457). The LAR requested NRC review and approval of the proposed design.

REGULATORY AUDIT BASIS To support its safety evaluation, the NRC Instrumentation and Controls Branch (EICB) will conduct an audit at the Invensys Operations Management (10M) facilities in Lake Forest California. The purpose of this audit is to determine if the life cycle processes used, and the outputs of those processes, will result in a PPS system for use at DCPP which will meet regulatory requirements. This audit will provide information necessary to complete the NRC staff's evaluation of the proposed Tricon portion of the DCPP PPS.

REGULATORY AUDIT SCOPE The objective of this audit is to verify via an independent evaluation, that the software products to be used at DCPP for the PPS system conform to applicable regulations, standards, guidelines, plans, and procedures by assessing the implementation of the systems developmental life cycle process. A review of activities associated with the licensee's cyber security plan will also be conducted.

The Tricon V10 platform was approved by NRC for referencing in LARs. The V1 0 platform was approved with version V10.5.1 software; however version 10.5.3 is planned to be installed at DCPP for the PPS system. Therefore, the NRC staff will audit the platform changes made for this Tricon V1 0 version to ensure it complies with the applicable regulations, standards, guidelines, plans, and procedures.

AUDIT REQUIREMENTS

  • Software Verification and Validation - Verify that the DCPP PPS application software verification and validation (V&V) program meets the requirements of Institute of Electrical and Electronics Engineers (IEEE) Standard IEEE-1012, "Standard for Software Enclosure

-2 Verification and Validation," and that the V&V program is implemented in a manner which reliably verifies and validates the design outputs of each stage of the design process.

  • Configuration Management - Verify that the configuration management system has the appropriate hardware and software under configuration management, and that the configuration management system is effectively controlling the items under configuration management.
  • Software Quality Assurance - Verify that the Software Quality Assurance (SQA) program is effective in controlling the software development process to assure quality of the DCPP PPS application software.
  • Software Safety - Verify that the software safety plans and the plans and procedures used during the software safety analysis activities were adequate to determine that the software is safe to be used in a safety related application at DCPP.
  • Tricon V10 Platform Reference Design Changes - Verify the impact of changes between the NRC-approved Tricon version 10.5.1 and Tricon version 10.5.3. Tricon version 10.5.3 is intended to be utilized for the DCPP PPS replacement as stated in PG&E's letter dated August 2,2012 (ADAMS Accession No. ML12256A308). Verify the hardware and software changes for version 10.5.3 were developed and tested in accordance with the approved regulatory requirements for the V1 0 Tricon platform.
  • Cyber Security - Review the activities associated with addressing system and services acquisition controls as set forth in the licensee's NRC-approved Cyber Security Plan, and in accordance with Section 73.54, "Protection of digital computer and communication systems and networks," of Title 10 of the Code of Federal Regulations (10 CFR), will be conducted.

INFORMATION NECESSARY FOR THE REGULATORY AUDIT Documentation and supporting materials will be required for performance of this audit. The following materials shall be available for review to the audit team upon arrival at the 10M facilities:

  • Configuration diagrams for the Tricon portion of the DCPP PPS system.
  • PPS architecture drawings as required to demonstrate required functionality.
  • DCPP PPS Project Instructions (PI) (e.g., PI 7.0, "Application Program Development for the PG&E DCPP PPS Replacement Project. 993754-1-951 ").

- 3

  • Technical Requirements List, 993754-1-808.
  • Documentation associated with the how Invensys addressed system and services acquisition control requirements obtained from the licensee.

The audit staff also requires access to the current Requirements Traceability Matrix information in order to observe that applicable functional requirements are correctly implemented in the PPS. Furthermore, the licensee's and Invensys's documentation referenced below shall be available for review and use by the audit team.

TEAM ASSIGNMENTS / RESOURCE ESTIMATES The resource estimate for this audit visit is approximately 160 hours0.00185 days <br />0.0444 hours <br />2.645503e-4 weeks <br />6.088e-5 months <br /> of direct inspection effort.

The following NRC staff performing this audit will be:

NRC/NRR/DE/EICB:

  • Bill Kemper (301) 415-0927
  • George Simonds (301) 415-0722 This audit will be conducted at the 10M offices in Lake Forest, California. The estimated length of the audit is 4 days.

LOGISTICS The audit will take place at the 10M facilities in Lake Forest, California. The audit will start on the morning of Tuesday, November 13, 2012, and conclude at the close of business on Friday, November 16, 2012.

The tentative schedule for the audit is as follows:

  • Tuesday, November 13,2012 (9:00 a.m. - 5:30 p.m.)

9:00 a.m. - Entrance meeting (NRC staff - purpose of audit; 10M staff brief overview of PPS project and facility) 10:00 a.m. - Factory / training facility tour 1:00 p.m. - Tentative plan is for audit team to jointly work on a requirements thread to see an overview of the entire software development process.

-4

  • Wednesday - Thursday, November 14-15. 2012 (9:00 a.m. - 5:30 p.m.>

9:00 a.m. - Morning meeting between NRC staff and 10M to discuss activities and logistics for the day 9:30 a.m. - Review of PPS documentation I Interviews with key 10M personnel. NRC staff may work together or individually, as circumstances dictate.

4:30 p.m. - NRC staff internal meeting 5:00 p.m. (as needed) - NRC staff and 10M to discuss any observations from the day

  • Friday. November 16, 2012 (9:00 a.m. - 5:30 p.m.)

9:00 a.m. - NRC staff internal meeting - identification I resolution of any open items 2:00 p.m. - Exit meeting (NRC staff - general overview of observations and identification of any open items)

As circumstances dictate, the above schedule can be modified.

DELIVERABLES At the conclusion of the audit, the NRC staff will conduct an exit briefing and will provide a summary of audit results in each subject area defined in the audit scope.

The NRC regulatory audit report will be issued by December 14, 2012. A separate audit report for cyber security will be issued on the same date.

REFERENCES Licenseellnvensys Documentation:

  • Triconex-approved topical report 7286-545-1-A, Revision 4, Nuclear Qualification of V10 Tricon Triple Modular Redundant (TMR) PLC system; NRC-approved version (ADAMS Accession No. ML12146A010).
  • Diablo Canyon PPS License Amendment Request dated October 26, 2011
  • 993754-1-909, Diablo Canyon Triconex PPS Software Configuration Management Plan
  • 993754-1-801, Diablo Canyon Triconex PPS Software Quality Assurance Plan
  • 993754-1-802, Diablo Canyon Triconex PPS Software V&V Plan
  • 993754-1-900, Diablo Canyon Triconex PPS Project Quality Plan
  • 993754-1-905, Diablo Canyon Triconex PPS Project management Plan

- 5

  • 993754-1-906, Diablo Canyon Triconex PPS Software Development Plan
  • 993754-1-915-P, Project Specific Design Phase Software Safety Analysis
  • 99375-1-860, Requirements Phase Summary Report
  • 993754-1-804, Project Traceability Matrix
  • 993754-11-810,993754-12-810, 993754-13-810, 993754-14-810, Software Design Description
  • 993754-1-916, V10 Tricon Reference Design Changes Analysis
  • NTX-SER-09-21, Summary of the Invensys Project Procedures Manual for Safety-Related Work
  • Project Discrepancy Report (DPR) IRTX#21105 and Technical Advisory Bulletin (TAB) 183
  • Tricon V10.5.2 V&V Test Report
  • Software Release Definition (SRD) VI 0.5.2, 6200003-226
  • Product Alert Notice (PAN) 25
  • 9100428-001, Engineering Project Plan (EPP) Tricon PAN 25 Fix, 9100428-001
  • Tricon PAN25 Master Test Report
  • 6200003-230, Software Release Definition (SRD) VI 0.5.3, 6200003-230
  • Product Alert Notice (PAN) 22
  • Product Alert Notice (PAN) 24
  • Technical Advisory Notice (TAB) 147
  • 9100359-001, Engineering Project Plan (EPP) TriStation V4.9 & Safety View Apps, 9100359-001
  • TriStation 1131 V 4.9.0 Master Test Report
  • 6200097-038, Software Release Definition (SRD) TriStation 1131 V4.9.0, 6200097 -038 NRC Guidance:
  • NUREG-0800, "Review of Safety Analysis Reports for Nuclear Power Plants,"

Chapter 7, "Instrumentation and Controls"

-6

  • Regulatory Guide 1.168, Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," February 2004 (ADAMS Accession No. ML040410189).
  • Regulatory Guide 1.173, "Developing Software Life Cycle Processes for Digital Computer Software Used in Safety Systems of Nuclear Power Plants,"

September 1997 (ADAMS Accession No. ML003740101).

January 2010 (ADAMS Accession No. ML090340159).

Industry Standards:

  • IEEE Std 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations"
  • IEEE Std 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations"
  • American National Standards Institute (ANSI)/IEEE Std 1008-1987, "IEEE Standard for Software Unit Testing"
  • ANSIIIEEE Std 1042-1987, "IEEE Guide to Software Configuration Management"

ML12276A050 OFFICE NRR/LPL4/PM NRR/LPL4/LA NRR/DE/EICB/BC NRR/LPL4/BC NRR/LPL4/PM NAME JSebrosky JBurkhardt JThorp (NCarte for) MMarkley JSebrosky DATE 10/9/12 10/5/12 10/10/12 10/10/12 10/10/12