ML20205B582: Difference between revisions
StriderTol (talk | contribs) (StriderTol Bot insert) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
Line 17: | Line 17: | ||
=Text= | =Text= | ||
{{#Wiki_filter:}} | {{#Wiki_filter:_____ ____-- - - - - - - - - - - - -- | ||
U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION (NRR) | |||
{ AUDIT REPORT m ON lMPLEMENTATION OF GENERIC LETTER (GL) 98-01 | |||
" YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" | |||
\ Docket Nos: 50-338, 50-339 , | |||
Operating License: OL-FP License No: NPF-4, NPF-7 Licensee: Virginia Electric and Pcwer Company (VEPCO) | |||
Facility: North Anaa Nuclear Generating Station Units 1 and 2 Location: VEPCO innsbrook Training Center Glen Allen, Virginia Dates: January 26,1999 - January 28,1999 Audit Team Members: D. Spaulding E. Lee P. Fillion Approved by: Jerry Mauck, Acting Bran-h Chief instrumentation and Controls Branch Office of Nuclear Reactor Regulation i | |||
Enclosure 9903310292 990524 PDR ADOCK 05000330 P PDR E | |||
i __ | |||
~ | |||
- l EXECUTIVE | |||
==SUMMARY== | |||
From January 26 through January 28,1999, the NRC staff conducted an audit of the Year 2000 (Y2K) program at the North Anna Wuclear Generating Station in accordance with the established audit plan (< < http:#www.nrc. gov /NRC/Y2K/y2kaudit.html> >). The purpose of the audit was to (1) assess tha effectiveness of the Virginia Electric Power Company program for achieving Y2K readiness, including continued safe operation of the plant as well as comosance with applicable NRC regulations and license maditions with respect to the potential Y2K problems, (2) evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K readiness by July 1999, and (3) assess the licensee's contingency plans for addressing risks associated with potential events resulting from Y2K problems. The audit team reviewed selected licensee clocumentation regarding North Anna's Nuclear Business Unit Year 2000 Project plan (Y2K Plan) and conducted interviews with the cognizant , | |||
licensee pe onnel. The results of this audit and subsequent audits at other selected plants l will be useu oy the staff to determine the need for additional action, if any, o, Y2K readiness for nuclear power plants. | |||
Based on the audit team's assessment and evaluation of the North Anna Nuclear Generating Station Year 2000 Project plan, the following findings were made: | |||
: 1. The North Anna Year 2000 Project plan is considered to be a well-structured, well organized, and well implemented program. The strong senior management support for the Y2K readiness effort was clearly evident. | |||
: 2. Early on, the importance of the continuity of nuclear plant operations was recognized, and the necessary resources were committed to the readiness effort. | |||
: 3. The licensee's self-assessments were worth while and informative. Many of the observations that the NRC audit team broached for discussion with the licensee had already been pinpointed in their self assessments. | |||
: 4. The licensees contingency planning is in accordance with the recommendations n,ade in NEl/NUSMG 9E-07. | |||
E. The North Anna Year 2000 Project is on schedule, and will be comp!eted by July 1999, with the primary exception of items that can only be remediated during a.1 nut ge. The North Anna project is in the phases of detailed assessment, remediation, and contingency planning. | |||
: 6. North Anna was involved early on in addressing the Y2K issue and t ontinues participation in organi7ations which were instrumental in early definition and addressing the Y2K probiem at nt., _Jr plants. | |||
==1.0 INTRODUCTION== | |||
The objectives of the North Anna Nuclear Generating Station Y2K Program Audit were to: | |||
: 1. Assess the effectiveness of the Virginia Electric Power Company (the licensee) program for achieving Y2K readiness including continued safe operation of the plant as well as compliance with appl. cable NRC regulations and license conditions with respect to the potential Y2K problems. | |||
: 2. Evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K r3adiness by July 1,1999. | |||
: 3. Assess the licensee's contingency plans for addressing risks associated with potential events resulting from Y2K problems. | |||
The audit was conducted in accordance with the established audit plan | |||
(< <http://www.nrc. gov /NRC/Y2K/y2kaudit.html> >) which was based in part on the guidance and requiremer's contained in the following documents: | |||
- GL 98-01, " Year Readiness of Computer Systems at Nuclear Power Plants" l | |||
- Licensee Response (s) to GL-98-01 | |||
- Plant technical specifications and license terms and conditions | |||
- App!icable NRC regulations | |||
- NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness" At the beginning of the audit, the licensee provided a copy of the updated version of their Y2K readiness plan, " Nuclear Business Unit Year 2000 Project," (listed in Attachment 1). | |||
The readiness plan consists of several " volumes" titled: (1) " Project Management Plan," | |||
(2) " Project Manual," (3) " Contingency Planning," (4) " Reference Material," and , | |||
, (5) " Management Awareness Manual." l l I l The audit process began with an entrance meeting attended by the North Anna Y2K Sponsor, Y2K Project Manager, corporate and plant personnel, and members of the NRC audit team. Attachment 2 is a list of the attendees. Members of the North Anna Y2K organization described the project organization, the p@ct plan, implementation, and the current status. | |||
After the entrance meeting, the audit team reviewed the North Anna readiness plan, associated project documentation, and communicated with the North Anna personnel on an l on-going basis to resolve issues and answer' questions as they arose. The documents reviewed are listed in Attachment 1. | |||
J | |||
2.0 PROJECT DESCRIPTION 2.1 Project Oraanization The North Anna Year 2000 Project organization is comprised of the following personnel: (1) the Senior Vice President-Nuclear, who acts as the Executive Sponsor, (2) the Nuclear Information Technology (NIT) Manager, who acts as the Project Sponsor, (3) the Nuclear Business Unit Year 2000 Project Manager, who has overall authority and responsibility for Y2K project activities, and reports directly to the Project Sponsor, (4) the Project Lead for the Business Applications and Software Team, (5) the Project Lead for the Permanent Plant Equipment Team, and (6) the Psoject Lead for the Plant Support Team which includes Supply Management. | |||
Additional support and resources are obtained through the Director of Design Engineering, the Manager of Nuclear Materials and personnel from Nuclear Licensing j and Operations Support. | |||
I North Anna interfaces with industry organizations and engages in benchmarking in ! | |||
addressing the year 2000 problem. Benchmarking is a peer review process that the l licensee has participated in with Phillip Morns, USA, and Japan Atomic Power Company. | |||
North Anna interfaces with the following industry groups: the Nuclear Utility Software Management Group (NUSMG), the Westinghouse Owners Group (WOG), | |||
The Electric Power Research Institute (EPRI), the Nuclear Energy Institute (NEI) and l the North American Electric Reliability Council (NERC). Furthermore, North Anna is involved with the CDSV nuclear exchange program. The CDSV is the acronym l fc,rrned from the names of the participants; Carolina Power and Light, Duke Energy, i and South Carolina Electric and Gas, and Virginia Power. The CDSV uses a team approach to address the year 2000 problem by drawing on collective skills and resources. The CDSV endorsed a Year 2000 Focus Team in July 1997. The Year 2000 Focus Team has three primary objectives: (1) minimize the economic impact of the Year 2000 issue on nuclear operations, (2) establish regulatory confidence in the adequacy of Year 2000 act.ans, and (3) strengthen individual j utility Year 2000 efforts through collaboration and peer review. | |||
2.2 Proiect Plan The licensee's Y2K readiness plan, " Nuclear Business Unit Year 2000 Project," | |||
consists of several " volumes" titled: (1) " Project Management Plan," (2) " Project | |||
! Manual," (3) " Contingency Planning," (4) " Reference Material," and (5) " Management Awareness Manual." | |||
The objectives of the North Anna Y2K Project include but are not limited to the following: (1) demonstrate with reasonable assurance that the Year 2000 event will not adversely impact the design basis functions of the nuclear station i | |||
I structures, systems, or components; (2) identify and effectively manage project, regulatory, legal, and financial risks applicable to plant operation and project I execution; and (3) assure that the Year 2000 activities of other strategic business units that affect nuclear business unit nuclear facility operation are fully identified and monitored to completion. | |||
The scope of the licensee's readiness program encompasses items that are defined as, business applications and scNware, permanent plant equipment, and plant support and supply management. Business applications and software encompasses such items as commercial off the shelf software used on the local area network I servers, or stand alone workstations. Plant support equipment encompasses such l itemt as non-permanent plant equipment and associated software such as portable ! | |||
test equipment, training simulators including associated computer hardware and software and operating systems, corporate amergency response facility, and suppliers and vendors that provide products or services. Permanent plant equipment, encompasses permanently installed instrumentation and control devices or systems, process and effluent radiation monitors, plant process computer, and I plant communication systems, including telephone systems and paging equipment. l Embedded components are encompassed within permanent plant equipment. l The major tasks defined in their readiness program include awareness, initial assessment (initial planning, inventory development, impact screening and classification) detailed assessment (compliance assessment, readiness assessment), | |||
remediation and contingency planning. | |||
The audit team found that the North Anna Millennium Project Plan encompasses the guidance in the NEl/NUSMG 97-07, although some differences in activity names /termt exist. | |||
2.2.1 Awareness Awareness of the Year 2000 program began informally in 1996. Awareness activities beg::n with middle management discussing the need to address the Y2K issue with senior management at various meetings. Within North Anna's nuclear business unit (NBU), Y2K has been addressed via the NBU Year 2000 intranet site, technical staff training, and Year 2000 awareness posters. 1 Additionally, articles in the site-wide newsletter addressing the Y2K problem have 1 been made available to nll personnel, in 1997, the licensee began participating with other industry groups in meetings and I seminars addressing the Year 2000 issue. The licensee participates and interfaces I with industry groups such as the Nuclear Utility Software Management Group (NUSMG), Nuclear Energy Institute (NEI), and Electric Power Research Institute i (EPRI). | |||
The North Anna Y2K Readiness schedule is provided in Table 1. | |||
5- i | |||
. - - . - - - - - . - - - - - . - - _- . - ~ . . ..- - . - - . | |||
r 2.2.2 inlitial Assessment At North Anna, initial assessment ..duded the activities of inventory development, impact screening, and criticality determination. | |||
Specifically in the case of business applications and software, and in the case of plant support equipment, the inventory development is accomplished through user input and subject matter expert interviews. In the case of parmanent plant equipment, the inventory development is accomplished through equipment data system search, plant walk-downs, and subject matter expert interviews. | |||
Impact screening is performed to confirm whether the interims identified in the inventory have characteristics that are susceptible to the Y2K problem. Items are verified by one or combination of the following: walk-down, review of associated drawings, vendor manuals, other relevant documentation. Firmware and software associated with permanent plant equipment are assumed suspect until confirmed to be Y2K compliant or ready by performing an evaluation, testing, modification, or replacement. | |||
Inventory development is performed to identify all potentially affected items (business applications and software, permanent plant equipment, and plant support equipment). | |||
The inventory and assessment of items are depicted in Table 2 of this report. | |||
The permanent plant equipment that might be impacted by Y2K were identified by querying the equipment database. The query was performed using predetermined component codes. The query resulted in the identification of 15,600 permanent plant equipment items. The licensee also identified permanent plant equipment items by performing system walk-downs and by interviewing subject matter experts. | |||
Subsequent to the walk-downs and interview:,, 605 permanent plant equipment items were identified. The licensee indicated that the ide.1tification of these 605 permanent plant equipment items served to validate the effectiveness of their query of the equipment database. This was due to the fact that the 605 permanent plant equipment items identified, had already been identified from the equipment database query. | |||
Impact screening confirmed whether the items identified had characteristics that were susceptible to Y2K. To facilitate North Anna management in appropriate!y assigning resources to address readiness activities, the inventoried permanent plant equipment items were grouped based on the item's probability of being impacted by Y2K events. Specifically in the area of permanent plant equipment, all items were assigned to one of three groups based on the following criteria: | |||
Group 1 Items with a high probability of being impacted by the Year 2000 event derived frorr subject matter, expert interviews and field walk-downs. | |||
Group 2 Items not classified as Group 1 that were associated with PSA risk-significant systems (e.g., feed water, safety injection, etc.). | |||
Group 3 Items not classif;ed as Group 1 or 2 and expected, based on engineering judgment to have little or no probability of being impacted. | |||
The impact screening on the remaining Group 3 items is scheduled to be completed by April 30,1999. The licensee feels that the Group 3 items are not likely be impacted by Y2K. This belief is supported by the licensee's results of the impact screening performed on the selected Group 3 items. | |||
Criticality determination consisted of determining whether an item was mission critical, important, or non-essential. The criticality determination was accomplished using any one or combination of the following: ranking c~riteria, failure risk, item ) | |||
classification and expert panel. Specifically in the area of permanent plant l equipment, the licensee established an expert panel to pnoritize the 605 pern;alent j plant equipment items. The expert panel was chaired by the Y2K project team lead. i The areas of expertise that were represented included; Project Engineering, Nuclear Operation, Station Licensing, Station Planning, Station Chemistry, Health Physics, System Engineering, Station Maintenance, and Control Operations. | |||
Each identified item is designated as " mission critical," "important," or "non- l essential," based on the following criteria: | |||
Mission Critical: | |||
Components, systems, or groups of similar devices that, in the event of I failure, degradation, or other adverse impact due to Y2K, would sionificantly l challenge the ability of the nuclear business unit te-Operate in a safe manner (including nuclear and industrial safety considerations), | |||
Provide service to customers (electrical distribution), | |||
Generate revenue (power generation) or control costs, or Avoid adverse regulatory or legal exposure important: | |||
Components, systems, or groups of similar devices that, in the event of failure, degradation, or other adverse impact, would: | |||
- j Present unenticipated challenges to plant operators, Cause the NBU to incur remedy or recovery costs > $100,000 but I | |||
< $1,000,000, I Adversely impact compliance with regult. tory requirements or l commitments j | |||
) | |||
Non-Essential: | |||
Components or systems that provide a useful function but are not classified ) | |||
as either mission-critical or important. I The table below shows the results of the expert panel's review of the permanent plant equipment. | |||
l Priority # of items Mission Critical 103 l important 411 Non-Essential 93 l | |||
The licensee was aware of the fact that several of the 605 identified items were actually identical to each other. Thus, several items were the same based on such factors as manufacturer /model attributes. The effect of this duplication is realized in , | |||
the following table. I i | |||
l Priority # of groups /# items l Mission Critical 16 /103 Important 49 / 411 Non-Essential 25 / 93 Total 90 /605 The licensee used the term "resdiness assessment" to describe the process of prioritizing the items (based on their importance or criticality to related business processes, the operation of the facility, and their inherent functional characteristics). | |||
For each group of items, a " Readiness Assessment Report" was generated. | |||
As of January 26,1999, the licensee had completed readiness assessments on 562 of the 605 permanent plant equipment items. | |||
1 | |||
, -8 | |||
The NRC audit team selected 24 group item folders to review. From the audit team review of 24 group items, it was found that in a few instances, tha licensee made a decision to refer to a group item as "Y2K ready" even thc, ugh the group item could be designated as; "Y2K compliant," "Y2K ready," or "no-impact. Through discussion held on this matter, the licensee indicated that their self assessment process had already identified this term usage and that they are in the process of addressing this (for example, reviewing the readiness reports). | |||
2.2.0 Detailed Assessment At North Anna, the detailed assessment phase assess impacted items to determine their Year 2000 compliance status. A variety of assessment methods may be necessary depending on the nature of the item. Detailed assessments are performed using evaluation techniques such as physical inspection, document review, user inquiry, or scanning tools. Additionally, vendor certification review and/or assessment testing may be used. Specifically in the area of embedded components, a primary tool for determining chip-type and characteristics is the integrated circuit master manual and vend.or web sites. The licensee used a detailed process for evaluated their embedded systems which is illustrated in their embedded system evaluation process flow chart. Their embedded systems are addressed as part of the items reviewed by the permanent plant equipment team. | |||
The audit loca reviewed a sample of detailed assessment packages for items designateci as "important." The detai!ed assessments owned by the Permanent Plant Equipment Team which were reviewed were: Halon System, Sequence of events recorder, Fire Management System, Station Security System (which included eight subsystems), and Chemistry lab equipment. Discussions were held with licensee staff who compiled the detailed evaluation packages for the Halon System, Station Security System and chemistry lab equipment l The NRC Audit Team found that the detailed evaluations were performed in accordance with the guidance provided by the NEl/NUSMG 97-07 document, Attachment E. The equipment instruction manuals were reviewed, equipment manufacturers were sent letters requesting their statement concerning Y2K compliance of the equipment they furnished, and the manufacturers' responses were includcd in the detailed evaluation packages. The licensee confirmed that model numbers and other codes and designators matched the documentation that was provided. | |||
Testing was performed when it was deemed necessary to verify the evaluation conclusions. The sequence of events recorder, Station Security System and chemistry lab equipment were tested. The licensee's overall conclusion and basis for their conclusion were clearly stated in the packages. The Audit Team found that the engineers demonstrated that they are knowledgeable in the area of digital systems in general, and in particular, the details of the equipment they reviewed. | |||
l 9 | |||
t | |||
The Fcensee indicated that the assessment packages received an independent review. | |||
Early in the North Anna Y2K readiness program, some initial assessments packages actually contained detailed evaluations. Examples of this would be the assessment for the Reactor Protection System and the Feedwater System. This assessment was reviewed by the Audit Team, and found to be equal in documentation quality and technical quality to the detailed evaluation packages. | |||
In cases where the detailed evaluation packages concluded that remedial action was necessary, the Audit Team confirmed that the action items were being tracked in the manner specified in the licens1 's program. | |||
The Audit Team found that one detailed evaluation package prepared by the Plant . | |||
Support Team, for the check valve diagnostic equipment, did not have the same elements / characteristics which were found in the packages prepared by the ' | |||
Permanent Plant Equipment Team. For example, the initial conclusion was that this equipment was compliant based on the manufacturer's response letter without onsite testing. Later, the manufacturcr sent a letter stating the equipment was not compliant. The Audit Team learned that the licensee had previously conducted a i self assessment of their Y2K readiness program and had already concluded that l evaluations performed by the Plant Support Team would be reviewed. The licensee indicated that where necessary, additional testing and evaluations performed and additional documentation obtained so that those evaluation packages will have the same elements / characteristics as the packages prepared by the Permanent Plant Equipment Team. | |||
Table 2 provides the inventory and assessment of identified items. | |||
2.2.4 Y2K Tcstina and Validatioa Susceptibility testing was performed during detailed assessments. These tests were performed using procedures developed m accordance with the established guidelines for Y2K testing of permanent plant equipment. This Y2K test guideline provides specific gi ddance to Y2K team members on: conducting test planning, preparing the test procedures, obtaining and ensuring approval of test procedures, and carrying-out and performing the procedures. | |||
The audit team reviewed the licensee's test reports ac part of the readiness assessment. It was observed that not all of the Y2K ter dates, as identified in the guideline, were used when some of the permanent equipment was tested, during the " infant stages" of the licensees Y2K program. During discussion, the licensee indicated that their internal audit already identified this issue, and that they are in the process of addressing this issue. | |||
) - | |||
2.2.5 Remediation The purpose of remediation is to replace, fix, or eliminate items identified in the assessment. At North Anna, non-compliant items are remediated as required to achieve a compliant or ready status. Post remedietion testing is performed to confirm that remedies are effective. | |||
Any changes to systems / components during remediation will follow North Anna's existing change process and quality assurance control guidelines. The existing change process includes the requirement to specify new spare parts that will be required for the installation, testing, start-up and maintenance of the new equipment and to identify and remove obsolete spare parts. | |||
Of the 55 permanent plant equipment items that need remediation at North Anna, there are two items that are scheduled to be remediated during the Fall outage. The licensee indicated that they were exploring the possibility of performing remediation on these outage dependent items at an earlier time. ThL two permanent plant equipment items, are the Unit 2 High Capacity Steam Generator Blowdown Control System, and Radiation Monitors. Currently, the remediation completion date for these two items is October 29,1999. | |||
2.2.6. Reculatory Considerations North Anna makes use of existing programs and policies in addressing the year 2000 problem. 10CFR50.59 reviews, plant modifications and design changes, software quality assurance, and corrective actions, each have procedures that were already established. Guidelines have been developed as needed, to supplement existing procedures to provide specific direction. Testing and remediation activities are performed in accordance with approved procedures. The appropriate change control mechanism .s used for the type of remediation required. | |||
2.2.7 Continaency Plannina North Anna's contingency planning covers the aspects of internal f acility risks and external interface risks, and remediation risks. A contingency planning oversight team exists and is comprised of the vice president of nuclear operatior's, and key project personnel and management personnel. The contingency planning oversight team is responsible for determining associated risks, identifying individual contingency plan needs, and assigning the continger'.;y plan preparation to the appropriate group. An integrated contingency plan will be developed from and comprised of individual contingency plans. Individual contingency plans are prepared for items, systems, or events which have been determined to present a significant risk. | |||
11 | |||
. - - . .. -.- - - - - ~ - - - - - . - . - - . - - -. -. ~ - - | |||
An aspect of North Anna's contingency planning is to minimize its dependency on critical consumable usage and inventory items which are provided by external l suppliers. The licensee is determining which items need an alternate supply sources and /or increased inventory. l 1 | |||
I The NRC audit team found that the licensee's contingt,ncy plan is in accordance with the recommendations of the NEl/NUSMG 98-07. | |||
2.2.8. _Y2K Proaram Manaaement i | |||
The management plan establishes, organizes, manages, and integrates the diversity I | |||
'of activities required to address Y2K readiness. The Y2K readiness activities are covered in the three management areas of risk rnanagement, contingency planning, and project internal controls. Methods of oversight of the project include management reviews, self assessments and internal and external audits, l Several mecha 1 isms are used to communicate the status of Y2K readiness; a Year 2000 Compliance Report, a Project Task Schedule Update, and a Performance Indicator Status, produced monthly; Nuclear Business Unit Updates produced on a quarterly basis, and Manager - Nuclear information Technology Updates, produced on a bi-weekly basis. Additional management updates use the existing meeting forums; management review board meetings and management safety review committee meetings. - | |||
2.2.9 Electrical Grid.[ nip _ga The Nensee coordinated their discussion of grid issues with a presentation of their i system operations station. Additiona!Iy, discussions were held with the managers 1 responsible for the Transmission System and Distribution System (T&D) Y2K readiness programs. Through discussion, it was indicated that the T&D Y2K readiness program is similar to the Y2K readiness program for the nuclear plant. l Furthermore, it was indicated that the readiness program, implementation of remedial actions, development of contingency planning as well as precautionary planning, are on schedule. l I | |||
The licensee includes electric grid issues in its consideration of external events in 1 their contingency planning. Events such as loss of offsite power and load / demand | |||
- fluctuations are being taken into consideration. | |||
L i | |||
,.3 + ,-,, y ----- - . , , - - , --a w + | |||
3.0 AUDIT TEAM OBSERVATIONS | |||
: 1. The North Anna Year 2000 Project Plan is based on the guidance of NEl/NUSMG 97-07 and NRC Generic Letter 98-01. Based on the review and evaluation by the audit team of the plan and its implementation, the North Anna Year 2000 Project plan is considered to be a well-structured, well organized, and wellimplemented program. The strong senior management support for the Y2K readiness effort was clearly evident and demonstrated. | |||
: 2. The high level of dedication and expertise of the Y2K project team and staff, and the commitment of resources by senior management were apparent. | |||
Early on, the importance of the continuity of nuclear plant operations was recognized, and the necessary resources were committed to the readiness effort. The licensee was aware of the types of situations that could have occurred had they not implemented a readiness program. Personnelindicated examples such as; operators would have to take samples manually because the chemistry lab would not operate, the Heating, Ventilating and Air Conditioning System at the backup emergency response center / transmissions operations center would not operate, the Supervisory Control and Data Acquisition (SCADA) System on the Distribution System would not function. | |||
: 3. The licensee's self-assessments were meaningful and informative. North Anna had previously incorporated recommendations made into their readiness program in an effective manner. Several of the issues which the licensee's self- assessment identified were a reflection of tasks completed during the infancy stages of their Readiness program. Several tasks / activities had been completed prior to the issuance of guidance documents and information from industry and the NRC. The issues that the NRC audit team broached for discussion with the licensee had been pinpointed in their self assessments. | |||
: 4. The licensee's contingency planning is in accordance with the recommendations made in NEl/NUSidG 98-07. There is one individual who is assigned as the single point of contact for the con ^;ngency planning process, in keeping with the NEl/NUSMG recommendations, their contingency pmnning process continues throughout the Y2K readiness program. | |||
: 5. The North Anna Year 2000 Project is on schedule, ard will be completed by July 1999, with the primary exception of items that can only be remediated during an outage. The outage related remediation will be completed in October 1999. The North Anna project is in the phases of detailed assessment, remediation, and contingency planning. | |||
. t l | |||
l l | |||
6. | |||
North Anna has been involved in information sharing with their peer utilities and industry groups. North Anna was involved early on in addressing the I Y2K issue and continues participation in organizations which were instrumental in early definition and addressing the Y2K problem at nuclear plants, i | |||
i l | |||
1 i | |||
l l i l | |||
I l | |||
t l | |||
I I | |||
I | |||
) | |||
I i | |||
P 1 | |||
l | |||
) | |||
l l | |||
- - . . . . . - -~-. _ . . - _ . . . . . . - ~ _ . . - ~ . . - . . .. . -.-. | |||
Table 1 - North Anna Year 2000 Readiness Schedule Activity Startina Date Finishina Date Awareness 1996 Ongoing i | |||
Initial Assessment Inventory Development April 1997 December 1997 Impact Screening September 1997 April 1998 Readiness Assessment February 1998 January 1999 Detailed Assessment March 1999 ; | |||
l Remediation | |||
* March 1998 October 1999 j Contingency Planning Contingency Plan Development April 1998 June 1999 ' | |||
Contingency Plan Implementation July 1999 December 1999 | |||
* critical non-outage items will be remediated by June 30,1999, critical outage items will be remediated by October 29,1999 l | |||
l Table 2 -Inventory and Assessment Critical Impcrtant Non- Total Essential , | |||
1 Business Applications and Software I Total items 192 216 588 996 Readiness Asset ment in Process 26 64 588 678 l Assessment Report / Retire /No-impact 92 100 0 192 Remediation Required 64 41 0 105 l Remediation Corapiete 36 22 0 58 i | |||
Y2K Ready 10 11 0 21 | |||
% Complete" 53 % 51 % 0% 21 % | |||
% Complete (Excluding Non-essential 52 % ) | |||
items) ' | |||
l Permanent Plant Equipment I l | |||
Total ite.ms 103 411 91 605 ) | |||
Readiness Assessment In Process 0 29 42 71 Remediation Required 0 23 5 28 Remediation Complete 0 6 0 6 ) | |||
Y2K Ready 103 365 44 Si2 | |||
% Complete 100 % 89 % 48 % 85 % | |||
% Complete (Excluding Non-Essential 91'.i Items) i Plant Support Total items 70 325 0 395 Readiness Assessment in Process 70 137 0 207 Remediation Required 0 84 0 84 Remediation Complete 0 30 0 30 Y2K Ready 0 104 0 104 | |||
% Complete 0% 32 % 0% 26 % | |||
% Complete (Excluding Non-Essential 26 % | |||
Items) | |||
_.. . ._. _ - _ _ . . _ . . _ _ . _ . _ . - _ _ _ _ ._ ___ ~_. . _ _ . . _ _ _ _ _ _ __ | |||
TABLE 3 Permanent Plant Equipment 1 | |||
System / Device Group Priority Readiness Y2K Assessment Readiness AMSAC (Modicon 884 PLCs) Mission Completed Ready Critical l Charging System Flow Mission impact No-impact Transmitters (Foxboro Critical Screening E96P-1 A) only | |||
] | |||
Electro-Hydraulic Control Mission Completed Ready : | |||
System Cards Critical Generator Negative Sequence Mission impact No-impact Relays (GE 12SGC218) Critical Screening only Generator Over excitation Mission Completed Ready Relays (Beck with M0299) Critical Generator Sequential Tripping Mission Completed Ready Relays (Basler BE1-32R) Critical i l | |||
Inadequate Core Cooling Mission ompleted Ready (Westinghouse ICCM-86) Critical i L&N Recorders- Impacted Mission Completed Ready Critical ; | |||
L&N Recorders - Non-Impacted Mission impact No-impact Critical Screening ! | |||
only Radiation Monitors - Nib (MGP) Mission Completed Ready Critical i l | |||
Radiation Monitors (Kaman) Mission Completed Ready , | |||
Critical I l | |||
Radiation Monitors (NRC) Mission Completed Ready Critical l | |||
l 17 ' | |||
l l | |||
System / Device Group Priority Readiness Y2K i Assessment Readiness Station Blackout Control Mission Completed Ready System (GE-Fanue 90-30 PLC) Critical Station Blackout Protective Mission Completed Ready Relays (Baster BE1-51/27R) Critical Station Blackout Transmitters Mission Completed Ready | |||
!Rosemount 2088) u Critical i | |||
Validyne Sub-System (ICCM) Mission Completed Ready Critical High Capacity SG Blowdown Important Completed after Ready Control System - Unit 1 | |||
) | |||
Remediation (Intercolor/ABB) | |||
High Capacity SG Blowdown Important Requires Remediation Fall Outage Control System - Unit 2 (Intercolor/ABB) | |||
Nuclear Instrumentation Important impact Screening only No-impact (Gamma-Metrics) | |||
L&N Recorders - Non-Impacted important impact Screening only No impact l High Capacity SG Blowdown Important Completed Ready Valve Controllers (Fisher DVC-5010) | |||
High Capacity SG Blowdown important Completed Ready Transmitter (Kent-Tylor) | |||
EDG Monitoring and Analysis Non- Not Completed To Be System (IDX) Essential Determined Radiation Monitors - Service Non- Completed Compliant Water (Victoreen) Essential y v - | |||
-s - | |||
_. .._ __ _ . _ . . - . _ _ . . _ . . . , . . . . . - . _ . ~ . _ . - _ . _ . . _ _ _ _ _ _ . . _ _ _ . _ . _ .._. _ _.. _ .m _ | |||
Documents Reviewed - | |||
'1. -Virginia Power Nuclear Business Unit Year 2000 Project Plan, dated January 25, 1999, consisting of: | |||
Project Management Plan Reference Materials Manual Contingency Planning Manual Management Awareness Manual Project Manual ' | |||
: 2. Selected assessment and remediation folders. | |||
I l | |||
l ATTACHMENT 1 1 | |||
't | |||
, - - , , - - . .- , , - - ...n- c ,a -- v - - e.-- | |||
ATTENDANCE LIST NRC YEAR 2000. IT ENTRANCE MEETING Janum y 26,1999 Name Oraanization Paul Fillion USNRC R!ll Deirdre Spaulding USNRC HICB 1 Eric Lee USNRC HICB Vincent West VA Power David Simmers VA Power Page Kemp VA Power Billy Warf VA Power John Connally VA Power Hami Paras VA Power David Christian VA Power Melanie Matthews VA Power Gerald Pedersen VA Power Melissa Brown VA Power Marc Gaudette VA Power l | |||
ATTACHMENT 2 | |||
-1 | |||
= - . - _ . - - . . . - . - - _. . . . . - _. . | |||
e. | |||
ATTENDANCE LIST NRC YEAR 2000 AUDIT ENTRANCE MEETING January 28,1999 Name Oraanization Marc Gaudette VA Power W. S. Miser VA Power Vincent West VA Power L. McDermid VA Power Jerry M. Williams VA Power L. N. Hartz VA Power Melissa Brown VA Power J. H. McCarthy VA Power j A. W. Farmer VA Power ' | |||
Gerald Pedersen VA Power Billy Warf VA Power l Bruce Leonard VA Power j Eric Lee USNRC HICB Deidre Spaulding USNRC HICB Paul Fillion U S N R C Rlli Michael Beers VA Power B. T. Duke Duke Energy David Christian VA Power Deborah Corbet-Cooper VA Power | |||
.. - - _}} |
Latest revision as of 06:11, 30 December 2020
ML20205B582 | |
Person / Time | |
---|---|
Site: | North Anna |
Issue date: | 01/26/1999 |
From: | NRC (Affiliation Not Assigned) |
To: | |
Shared Package | |
ML20205B566 | List: |
References | |
GL-98-01, GL-98-1, NUDOCS 9903310292 | |
Download: ML20205B582 (21) | |
Text
_____ ____-- - - - - - - - - - - - --
U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REACTOR REGULATION (NRR)
{ AUDIT REPORT m ON lMPLEMENTATION OF GENERIC LETTER (GL) 98-01
" YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS"
\ Docket Nos: 50-338, 50-339 ,
Operating License: OL-FP License No: NPF-4, NPF-7 Licensee: Virginia Electric and Pcwer Company (VEPCO)
Facility: North Anaa Nuclear Generating Station Units 1 and 2 Location: VEPCO innsbrook Training Center Glen Allen, Virginia Dates: January 26,1999 - January 28,1999 Audit Team Members: D. Spaulding E. Lee P. Fillion Approved by: Jerry Mauck, Acting Bran-h Chief instrumentation and Controls Branch Office of Nuclear Reactor Regulation i
Enclosure 9903310292 990524 PDR ADOCK 05000330 P PDR E
i __
~
- l EXECUTIVE
SUMMARY
From January 26 through January 28,1999, the NRC staff conducted an audit of the Year 2000 (Y2K) program at the North Anna Wuclear Generating Station in accordance with the established audit plan (< < http:#www.nrc. gov /NRC/Y2K/y2kaudit.html> >). The purpose of the audit was to (1) assess tha effectiveness of the Virginia Electric Power Company program for achieving Y2K readiness, including continued safe operation of the plant as well as comosance with applicable NRC regulations and license maditions with respect to the potential Y2K problems, (2) evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K readiness by July 1999, and (3) assess the licensee's contingency plans for addressing risks associated with potential events resulting from Y2K problems. The audit team reviewed selected licensee clocumentation regarding North Anna's Nuclear Business Unit Year 2000 Project plan (Y2K Plan) and conducted interviews with the cognizant ,
licensee pe onnel. The results of this audit and subsequent audits at other selected plants l will be useu oy the staff to determine the need for additional action, if any, o, Y2K readiness for nuclear power plants.
Based on the audit team's assessment and evaluation of the North Anna Nuclear Generating Station Year 2000 Project plan, the following findings were made:
- 1. The North Anna Year 2000 Project plan is considered to be a well-structured, well organized, and well implemented program. The strong senior management support for the Y2K readiness effort was clearly evident.
- 2. Early on, the importance of the continuity of nuclear plant operations was recognized, and the necessary resources were committed to the readiness effort.
- 3. The licensee's self-assessments were worth while and informative. Many of the observations that the NRC audit team broached for discussion with the licensee had already been pinpointed in their self assessments.
- 4. The licensees contingency planning is in accordance with the recommendations n,ade in NEl/NUSMG 9E-07.
E. The North Anna Year 2000 Project is on schedule, and will be comp!eted by July 1999, with the primary exception of items that can only be remediated during a.1 nut ge. The North Anna project is in the phases of detailed assessment, remediation, and contingency planning.
- 6. North Anna was involved early on in addressing the Y2K issue and t ontinues participation in organi7ations which were instrumental in early definition and addressing the Y2K probiem at nt., _Jr plants.
1.0 INTRODUCTION
The objectives of the North Anna Nuclear Generating Station Y2K Program Audit were to:
- 1. Assess the effectiveness of the Virginia Electric Power Company (the licensee) program for achieving Y2K readiness including continued safe operation of the plant as well as compliance with appl. cable NRC regulations and license conditions with respect to the potential Y2K problems.
- 2. Evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K r3adiness by July 1,1999.
- 3. Assess the licensee's contingency plans for addressing risks associated with potential events resulting from Y2K problems.
The audit was conducted in accordance with the established audit plan
(< <http://www.nrc. gov /NRC/Y2K/y2kaudit.html> >) which was based in part on the guidance and requiremer's contained in the following documents:
- GL 98-01, " Year Readiness of Computer Systems at Nuclear Power Plants" l
- Licensee Response (s) to GL-98-01
- Plant technical specifications and license terms and conditions
- App!icable NRC regulations
- NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness" At the beginning of the audit, the licensee provided a copy of the updated version of their Y2K readiness plan, " Nuclear Business Unit Year 2000 Project," (listed in Attachment 1).
The readiness plan consists of several " volumes" titled: (1) " Project Management Plan,"
(2) " Project Manual," (3) " Contingency Planning," (4) " Reference Material," and ,
, (5) " Management Awareness Manual." l l I l The audit process began with an entrance meeting attended by the North Anna Y2K Sponsor, Y2K Project Manager, corporate and plant personnel, and members of the NRC audit team. Attachment 2 is a list of the attendees. Members of the North Anna Y2K organization described the project organization, the p@ct plan, implementation, and the current status.
After the entrance meeting, the audit team reviewed the North Anna readiness plan, associated project documentation, and communicated with the North Anna personnel on an l on-going basis to resolve issues and answer' questions as they arose. The documents reviewed are listed in Attachment 1.
J
2.0 PROJECT DESCRIPTION 2.1 Project Oraanization The North Anna Year 2000 Project organization is comprised of the following personnel: (1) the Senior Vice President-Nuclear, who acts as the Executive Sponsor, (2) the Nuclear Information Technology (NIT) Manager, who acts as the Project Sponsor, (3) the Nuclear Business Unit Year 2000 Project Manager, who has overall authority and responsibility for Y2K project activities, and reports directly to the Project Sponsor, (4) the Project Lead for the Business Applications and Software Team, (5) the Project Lead for the Permanent Plant Equipment Team, and (6) the Psoject Lead for the Plant Support Team which includes Supply Management.
Additional support and resources are obtained through the Director of Design Engineering, the Manager of Nuclear Materials and personnel from Nuclear Licensing j and Operations Support.
I North Anna interfaces with industry organizations and engages in benchmarking in !
addressing the year 2000 problem. Benchmarking is a peer review process that the l licensee has participated in with Phillip Morns, USA, and Japan Atomic Power Company.
North Anna interfaces with the following industry groups: the Nuclear Utility Software Management Group (NUSMG), the Westinghouse Owners Group (WOG),
The Electric Power Research Institute (EPRI), the Nuclear Energy Institute (NEI) and l the North American Electric Reliability Council (NERC). Furthermore, North Anna is involved with the CDSV nuclear exchange program. The CDSV is the acronym l fc,rrned from the names of the participants; Carolina Power and Light, Duke Energy, i and South Carolina Electric and Gas, and Virginia Power. The CDSV uses a team approach to address the year 2000 problem by drawing on collective skills and resources. The CDSV endorsed a Year 2000 Focus Team in July 1997. The Year 2000 Focus Team has three primary objectives: (1) minimize the economic impact of the Year 2000 issue on nuclear operations, (2) establish regulatory confidence in the adequacy of Year 2000 act.ans, and (3) strengthen individual j utility Year 2000 efforts through collaboration and peer review.
2.2 Proiect Plan The licensee's Y2K readiness plan, " Nuclear Business Unit Year 2000 Project,"
consists of several " volumes" titled: (1) " Project Management Plan," (2) " Project
! Manual," (3) " Contingency Planning," (4) " Reference Material," and (5) " Management Awareness Manual."
The objectives of the North Anna Y2K Project include but are not limited to the following: (1) demonstrate with reasonable assurance that the Year 2000 event will not adversely impact the design basis functions of the nuclear station i
I structures, systems, or components; (2) identify and effectively manage project, regulatory, legal, and financial risks applicable to plant operation and project I execution; and (3) assure that the Year 2000 activities of other strategic business units that affect nuclear business unit nuclear facility operation are fully identified and monitored to completion.
The scope of the licensee's readiness program encompasses items that are defined as, business applications and scNware, permanent plant equipment, and plant support and supply management. Business applications and software encompasses such items as commercial off the shelf software used on the local area network I servers, or stand alone workstations. Plant support equipment encompasses such l itemt as non-permanent plant equipment and associated software such as portable !
test equipment, training simulators including associated computer hardware and software and operating systems, corporate amergency response facility, and suppliers and vendors that provide products or services. Permanent plant equipment, encompasses permanently installed instrumentation and control devices or systems, process and effluent radiation monitors, plant process computer, and I plant communication systems, including telephone systems and paging equipment. l Embedded components are encompassed within permanent plant equipment. l The major tasks defined in their readiness program include awareness, initial assessment (initial planning, inventory development, impact screening and classification) detailed assessment (compliance assessment, readiness assessment),
remediation and contingency planning.
The audit team found that the North Anna Millennium Project Plan encompasses the guidance in the NEl/NUSMG 97-07, although some differences in activity names /termt exist.
2.2.1 Awareness Awareness of the Year 2000 program began informally in 1996. Awareness activities beg::n with middle management discussing the need to address the Y2K issue with senior management at various meetings. Within North Anna's nuclear business unit (NBU), Y2K has been addressed via the NBU Year 2000 intranet site, technical staff training, and Year 2000 awareness posters. 1 Additionally, articles in the site-wide newsletter addressing the Y2K problem have 1 been made available to nll personnel, in 1997, the licensee began participating with other industry groups in meetings and I seminars addressing the Year 2000 issue. The licensee participates and interfaces I with industry groups such as the Nuclear Utility Software Management Group (NUSMG), Nuclear Energy Institute (NEI), and Electric Power Research Institute i (EPRI).
The North Anna Y2K Readiness schedule is provided in Table 1.
5- i
. - - . - - - - - . - - - - - . - - _- . - ~ . . ..- - . - - .
r 2.2.2 inlitial Assessment At North Anna, initial assessment ..duded the activities of inventory development, impact screening, and criticality determination.
Specifically in the case of business applications and software, and in the case of plant support equipment, the inventory development is accomplished through user input and subject matter expert interviews. In the case of parmanent plant equipment, the inventory development is accomplished through equipment data system search, plant walk-downs, and subject matter expert interviews.
Impact screening is performed to confirm whether the interims identified in the inventory have characteristics that are susceptible to the Y2K problem. Items are verified by one or combination of the following: walk-down, review of associated drawings, vendor manuals, other relevant documentation. Firmware and software associated with permanent plant equipment are assumed suspect until confirmed to be Y2K compliant or ready by performing an evaluation, testing, modification, or replacement.
Inventory development is performed to identify all potentially affected items (business applications and software, permanent plant equipment, and plant support equipment).
The inventory and assessment of items are depicted in Table 2 of this report.
The permanent plant equipment that might be impacted by Y2K were identified by querying the equipment database. The query was performed using predetermined component codes. The query resulted in the identification of 15,600 permanent plant equipment items. The licensee also identified permanent plant equipment items by performing system walk-downs and by interviewing subject matter experts.
Subsequent to the walk-downs and interview:,, 605 permanent plant equipment items were identified. The licensee indicated that the ide.1tification of these 605 permanent plant equipment items served to validate the effectiveness of their query of the equipment database. This was due to the fact that the 605 permanent plant equipment items identified, had already been identified from the equipment database query.
Impact screening confirmed whether the items identified had characteristics that were susceptible to Y2K. To facilitate North Anna management in appropriate!y assigning resources to address readiness activities, the inventoried permanent plant equipment items were grouped based on the item's probability of being impacted by Y2K events. Specifically in the area of permanent plant equipment, all items were assigned to one of three groups based on the following criteria:
Group 1 Items with a high probability of being impacted by the Year 2000 event derived frorr subject matter, expert interviews and field walk-downs.
Group 2 Items not classified as Group 1 that were associated with PSA risk-significant systems (e.g., feed water, safety injection, etc.).
Group 3 Items not classif;ed as Group 1 or 2 and expected, based on engineering judgment to have little or no probability of being impacted.
The impact screening on the remaining Group 3 items is scheduled to be completed by April 30,1999. The licensee feels that the Group 3 items are not likely be impacted by Y2K. This belief is supported by the licensee's results of the impact screening performed on the selected Group 3 items.
Criticality determination consisted of determining whether an item was mission critical, important, or non-essential. The criticality determination was accomplished using any one or combination of the following: ranking c~riteria, failure risk, item )
classification and expert panel. Specifically in the area of permanent plant l equipment, the licensee established an expert panel to pnoritize the 605 pern;alent j plant equipment items. The expert panel was chaired by the Y2K project team lead. i The areas of expertise that were represented included; Project Engineering, Nuclear Operation, Station Licensing, Station Planning, Station Chemistry, Health Physics, System Engineering, Station Maintenance, and Control Operations.
Each identified item is designated as " mission critical," "important," or "non- l essential," based on the following criteria:
Mission Critical:
Components, systems, or groups of similar devices that, in the event of I failure, degradation, or other adverse impact due to Y2K, would sionificantly l challenge the ability of the nuclear business unit te-Operate in a safe manner (including nuclear and industrial safety considerations),
Provide service to customers (electrical distribution),
Generate revenue (power generation) or control costs, or Avoid adverse regulatory or legal exposure important:
Components, systems, or groups of similar devices that, in the event of failure, degradation, or other adverse impact, would:
- j Present unenticipated challenges to plant operators, Cause the NBU to incur remedy or recovery costs > $100,000 but I
< $1,000,000, I Adversely impact compliance with regult. tory requirements or l commitments j
)
Non-Essential:
Components or systems that provide a useful function but are not classified )
as either mission-critical or important. I The table below shows the results of the expert panel's review of the permanent plant equipment.
l Priority # of items Mission Critical 103 l important 411 Non-Essential 93 l
The licensee was aware of the fact that several of the 605 identified items were actually identical to each other. Thus, several items were the same based on such factors as manufacturer /model attributes. The effect of this duplication is realized in ,
the following table. I i
l Priority # of groups /# items l Mission Critical 16 /103 Important 49 / 411 Non-Essential 25 / 93 Total 90 /605 The licensee used the term "resdiness assessment" to describe the process of prioritizing the items (based on their importance or criticality to related business processes, the operation of the facility, and their inherent functional characteristics).
For each group of items, a " Readiness Assessment Report" was generated.
As of January 26,1999, the licensee had completed readiness assessments on 562 of the 605 permanent plant equipment items.
1
, -8
The NRC audit team selected 24 group item folders to review. From the audit team review of 24 group items, it was found that in a few instances, tha licensee made a decision to refer to a group item as "Y2K ready" even thc, ugh the group item could be designated as; "Y2K compliant," "Y2K ready," or "no-impact. Through discussion held on this matter, the licensee indicated that their self assessment process had already identified this term usage and that they are in the process of addressing this (for example, reviewing the readiness reports).
2.2.0 Detailed Assessment At North Anna, the detailed assessment phase assess impacted items to determine their Year 2000 compliance status. A variety of assessment methods may be necessary depending on the nature of the item. Detailed assessments are performed using evaluation techniques such as physical inspection, document review, user inquiry, or scanning tools. Additionally, vendor certification review and/or assessment testing may be used. Specifically in the area of embedded components, a primary tool for determining chip-type and characteristics is the integrated circuit master manual and vend.or web sites. The licensee used a detailed process for evaluated their embedded systems which is illustrated in their embedded system evaluation process flow chart. Their embedded systems are addressed as part of the items reviewed by the permanent plant equipment team.
The audit loca reviewed a sample of detailed assessment packages for items designateci as "important." The detai!ed assessments owned by the Permanent Plant Equipment Team which were reviewed were: Halon System, Sequence of events recorder, Fire Management System, Station Security System (which included eight subsystems), and Chemistry lab equipment. Discussions were held with licensee staff who compiled the detailed evaluation packages for the Halon System, Station Security System and chemistry lab equipment l The NRC Audit Team found that the detailed evaluations were performed in accordance with the guidance provided by the NEl/NUSMG 97-07 document, Attachment E. The equipment instruction manuals were reviewed, equipment manufacturers were sent letters requesting their statement concerning Y2K compliance of the equipment they furnished, and the manufacturers' responses were includcd in the detailed evaluation packages. The licensee confirmed that model numbers and other codes and designators matched the documentation that was provided.
Testing was performed when it was deemed necessary to verify the evaluation conclusions. The sequence of events recorder, Station Security System and chemistry lab equipment were tested. The licensee's overall conclusion and basis for their conclusion were clearly stated in the packages. The Audit Team found that the engineers demonstrated that they are knowledgeable in the area of digital systems in general, and in particular, the details of the equipment they reviewed.
l 9
t
The Fcensee indicated that the assessment packages received an independent review.
Early in the North Anna Y2K readiness program, some initial assessments packages actually contained detailed evaluations. Examples of this would be the assessment for the Reactor Protection System and the Feedwater System. This assessment was reviewed by the Audit Team, and found to be equal in documentation quality and technical quality to the detailed evaluation packages.
In cases where the detailed evaluation packages concluded that remedial action was necessary, the Audit Team confirmed that the action items were being tracked in the manner specified in the licens1 's program.
The Audit Team found that one detailed evaluation package prepared by the Plant .
Support Team, for the check valve diagnostic equipment, did not have the same elements / characteristics which were found in the packages prepared by the '
Permanent Plant Equipment Team. For example, the initial conclusion was that this equipment was compliant based on the manufacturer's response letter without onsite testing. Later, the manufacturcr sent a letter stating the equipment was not compliant. The Audit Team learned that the licensee had previously conducted a i self assessment of their Y2K readiness program and had already concluded that l evaluations performed by the Plant Support Team would be reviewed. The licensee indicated that where necessary, additional testing and evaluations performed and additional documentation obtained so that those evaluation packages will have the same elements / characteristics as the packages prepared by the Permanent Plant Equipment Team.
Table 2 provides the inventory and assessment of identified items.
2.2.4 Y2K Tcstina and Validatioa Susceptibility testing was performed during detailed assessments. These tests were performed using procedures developed m accordance with the established guidelines for Y2K testing of permanent plant equipment. This Y2K test guideline provides specific gi ddance to Y2K team members on: conducting test planning, preparing the test procedures, obtaining and ensuring approval of test procedures, and carrying-out and performing the procedures.
The audit team reviewed the licensee's test reports ac part of the readiness assessment. It was observed that not all of the Y2K ter dates, as identified in the guideline, were used when some of the permanent equipment was tested, during the " infant stages" of the licensees Y2K program. During discussion, the licensee indicated that their internal audit already identified this issue, and that they are in the process of addressing this issue.
) -
2.2.5 Remediation The purpose of remediation is to replace, fix, or eliminate items identified in the assessment. At North Anna, non-compliant items are remediated as required to achieve a compliant or ready status. Post remedietion testing is performed to confirm that remedies are effective.
Any changes to systems / components during remediation will follow North Anna's existing change process and quality assurance control guidelines. The existing change process includes the requirement to specify new spare parts that will be required for the installation, testing, start-up and maintenance of the new equipment and to identify and remove obsolete spare parts.
Of the 55 permanent plant equipment items that need remediation at North Anna, there are two items that are scheduled to be remediated during the Fall outage. The licensee indicated that they were exploring the possibility of performing remediation on these outage dependent items at an earlier time. ThL two permanent plant equipment items, are the Unit 2 High Capacity Steam Generator Blowdown Control System, and Radiation Monitors. Currently, the remediation completion date for these two items is October 29,1999.
2.2.6. Reculatory Considerations North Anna makes use of existing programs and policies in addressing the year 2000 problem. 10CFR50.59 reviews, plant modifications and design changes, software quality assurance, and corrective actions, each have procedures that were already established. Guidelines have been developed as needed, to supplement existing procedures to provide specific direction. Testing and remediation activities are performed in accordance with approved procedures. The appropriate change control mechanism .s used for the type of remediation required.
2.2.7 Continaency Plannina North Anna's contingency planning covers the aspects of internal f acility risks and external interface risks, and remediation risks. A contingency planning oversight team exists and is comprised of the vice president of nuclear operatior's, and key project personnel and management personnel. The contingency planning oversight team is responsible for determining associated risks, identifying individual contingency plan needs, and assigning the continger'.;y plan preparation to the appropriate group. An integrated contingency plan will be developed from and comprised of individual contingency plans. Individual contingency plans are prepared for items, systems, or events which have been determined to present a significant risk.
11
. - - . .. -.- - - - - ~ - - - - - . - . - - . - - -. -. ~ - -
An aspect of North Anna's contingency planning is to minimize its dependency on critical consumable usage and inventory items which are provided by external l suppliers. The licensee is determining which items need an alternate supply sources and /or increased inventory. l 1
I The NRC audit team found that the licensee's contingt,ncy plan is in accordance with the recommendations of the NEl/NUSMG 98-07.
2.2.8. _Y2K Proaram Manaaement i
The management plan establishes, organizes, manages, and integrates the diversity I
'of activities required to address Y2K readiness. The Y2K readiness activities are covered in the three management areas of risk rnanagement, contingency planning, and project internal controls. Methods of oversight of the project include management reviews, self assessments and internal and external audits, l Several mecha 1 isms are used to communicate the status of Y2K readiness; a Year 2000 Compliance Report, a Project Task Schedule Update, and a Performance Indicator Status, produced monthly; Nuclear Business Unit Updates produced on a quarterly basis, and Manager - Nuclear information Technology Updates, produced on a bi-weekly basis. Additional management updates use the existing meeting forums; management review board meetings and management safety review committee meetings. -
2.2.9 Electrical Grid.[ nip _ga The Nensee coordinated their discussion of grid issues with a presentation of their i system operations station. Additiona!Iy, discussions were held with the managers 1 responsible for the Transmission System and Distribution System (T&D) Y2K readiness programs. Through discussion, it was indicated that the T&D Y2K readiness program is similar to the Y2K readiness program for the nuclear plant. l Furthermore, it was indicated that the readiness program, implementation of remedial actions, development of contingency planning as well as precautionary planning, are on schedule. l I
The licensee includes electric grid issues in its consideration of external events in 1 their contingency planning. Events such as loss of offsite power and load / demand
- fluctuations are being taken into consideration.
L i
,.3 + ,-,, y ----- - . , , - - , --a w +
3.0 AUDIT TEAM OBSERVATIONS
- 1. The North Anna Year 2000 Project Plan is based on the guidance of NEl/NUSMG 97-07 and NRC Generic Letter 98-01. Based on the review and evaluation by the audit team of the plan and its implementation, the North Anna Year 2000 Project plan is considered to be a well-structured, well organized, and wellimplemented program. The strong senior management support for the Y2K readiness effort was clearly evident and demonstrated.
- 2. The high level of dedication and expertise of the Y2K project team and staff, and the commitment of resources by senior management were apparent.
Early on, the importance of the continuity of nuclear plant operations was recognized, and the necessary resources were committed to the readiness effort. The licensee was aware of the types of situations that could have occurred had they not implemented a readiness program. Personnelindicated examples such as; operators would have to take samples manually because the chemistry lab would not operate, the Heating, Ventilating and Air Conditioning System at the backup emergency response center / transmissions operations center would not operate, the Supervisory Control and Data Acquisition (SCADA) System on the Distribution System would not function.
- 3. The licensee's self-assessments were meaningful and informative. North Anna had previously incorporated recommendations made into their readiness program in an effective manner. Several of the issues which the licensee's self- assessment identified were a reflection of tasks completed during the infancy stages of their Readiness program. Several tasks / activities had been completed prior to the issuance of guidance documents and information from industry and the NRC. The issues that the NRC audit team broached for discussion with the licensee had been pinpointed in their self assessments.
- 4. The licensee's contingency planning is in accordance with the recommendations made in NEl/NUSidG 98-07. There is one individual who is assigned as the single point of contact for the con ^;ngency planning process, in keeping with the NEl/NUSMG recommendations, their contingency pmnning process continues throughout the Y2K readiness program.
- 5. The North Anna Year 2000 Project is on schedule, ard will be completed by July 1999, with the primary exception of items that can only be remediated during an outage. The outage related remediation will be completed in October 1999. The North Anna project is in the phases of detailed assessment, remediation, and contingency planning.
. t l
l l
6.
North Anna has been involved in information sharing with their peer utilities and industry groups. North Anna was involved early on in addressing the I Y2K issue and continues participation in organizations which were instrumental in early definition and addressing the Y2K problem at nuclear plants, i
i l
1 i
l l i l
I l
t l
I I
I
)
I i
P 1
l
)
l l
- - . . . . . - -~-. _ . . - _ . . . . . . - ~ _ . . - ~ . . - . . .. . -.-.
Table 1 - North Anna Year 2000 Readiness Schedule Activity Startina Date Finishina Date Awareness 1996 Ongoing i
Initial Assessment Inventory Development April 1997 December 1997 Impact Screening September 1997 April 1998 Readiness Assessment February 1998 January 1999 Detailed Assessment March 1999 ;
l Remediation
- March 1998 October 1999 j Contingency Planning Contingency Plan Development April 1998 June 1999 '
Contingency Plan Implementation July 1999 December 1999
- critical non-outage items will be remediated by June 30,1999, critical outage items will be remediated by October 29,1999 l
l Table 2 -Inventory and Assessment Critical Impcrtant Non- Total Essential ,
1 Business Applications and Software I Total items 192 216 588 996 Readiness Asset ment in Process 26 64 588 678 l Assessment Report / Retire /No-impact 92 100 0 192 Remediation Required 64 41 0 105 l Remediation Corapiete 36 22 0 58 i
Y2K Ready 10 11 0 21
% Complete" 53 % 51 % 0% 21 %
% Complete (Excluding Non-essential 52 % )
items) '
l Permanent Plant Equipment I l
Total ite.ms 103 411 91 605 )
Readiness Assessment In Process 0 29 42 71 Remediation Required 0 23 5 28 Remediation Complete 0 6 0 6 )
Y2K Ready 103 365 44 Si2
% Complete 100 % 89 % 48 % 85 %
% Complete (Excluding Non-Essential 91'.i Items) i Plant Support Total items 70 325 0 395 Readiness Assessment in Process 70 137 0 207 Remediation Required 0 84 0 84 Remediation Complete 0 30 0 30 Y2K Ready 0 104 0 104
% Complete 0% 32 % 0% 26 %
% Complete (Excluding Non-Essential 26 %
Items)
_.. . ._. _ - _ _ . . _ . . _ _ . _ . _ . - _ _ _ _ ._ ___ ~_. . _ _ . . _ _ _ _ _ _ __
TABLE 3 Permanent Plant Equipment 1
System / Device Group Priority Readiness Y2K Assessment Readiness AMSAC (Modicon 884 PLCs) Mission Completed Ready Critical l Charging System Flow Mission impact No-impact Transmitters (Foxboro Critical Screening E96P-1 A) only
]
Electro-Hydraulic Control Mission Completed Ready :
System Cards Critical Generator Negative Sequence Mission impact No-impact Relays (GE 12SGC218) Critical Screening only Generator Over excitation Mission Completed Ready Relays (Beck with M0299) Critical Generator Sequential Tripping Mission Completed Ready Relays (Basler BE1-32R) Critical i l
Inadequate Core Cooling Mission ompleted Ready (Westinghouse ICCM-86) Critical i L&N Recorders- Impacted Mission Completed Ready Critical ;
L&N Recorders - Non-Impacted Mission impact No-impact Critical Screening !
only Radiation Monitors - Nib (MGP) Mission Completed Ready Critical i l
Radiation Monitors (Kaman) Mission Completed Ready ,
Critical I l
Radiation Monitors (NRC) Mission Completed Ready Critical l
l 17 '
l l
System / Device Group Priority Readiness Y2K i Assessment Readiness Station Blackout Control Mission Completed Ready System (GE-Fanue 90-30 PLC) Critical Station Blackout Protective Mission Completed Ready Relays (Baster BE1-51/27R) Critical Station Blackout Transmitters Mission Completed Ready
!Rosemount 2088) u Critical i
Validyne Sub-System (ICCM) Mission Completed Ready Critical High Capacity SG Blowdown Important Completed after Ready Control System - Unit 1
)
Remediation (Intercolor/ABB)
High Capacity SG Blowdown Important Requires Remediation Fall Outage Control System - Unit 2 (Intercolor/ABB)
Nuclear Instrumentation Important impact Screening only No-impact (Gamma-Metrics)
L&N Recorders - Non-Impacted important impact Screening only No impact l High Capacity SG Blowdown Important Completed Ready Valve Controllers (Fisher DVC-5010)
High Capacity SG Blowdown important Completed Ready Transmitter (Kent-Tylor)
EDG Monitoring and Analysis Non- Not Completed To Be System (IDX) Essential Determined Radiation Monitors - Service Non- Completed Compliant Water (Victoreen) Essential y v -
-s -
_. .._ __ _ . _ . . - . _ _ . . _ . . . , . . . . . - . _ . ~ . _ . - _ . _ . . _ _ _ _ _ _ . . _ _ _ . _ . _ .._. _ _.. _ .m _
Documents Reviewed -
'1. -Virginia Power Nuclear Business Unit Year 2000 Project Plan, dated January 25, 1999, consisting of:
Project Management Plan Reference Materials Manual Contingency Planning Manual Management Awareness Manual Project Manual '
- 2. Selected assessment and remediation folders.
I l
l ATTACHMENT 1 1
't
, - - , , - - . .- , , - - ...n- c ,a -- v - - e.--
ATTENDANCE LIST NRC YEAR 2000. IT ENTRANCE MEETING Janum y 26,1999 Name Oraanization Paul Fillion USNRC R!ll Deirdre Spaulding USNRC HICB 1 Eric Lee USNRC HICB Vincent West VA Power David Simmers VA Power Page Kemp VA Power Billy Warf VA Power John Connally VA Power Hami Paras VA Power David Christian VA Power Melanie Matthews VA Power Gerald Pedersen VA Power Melissa Brown VA Power Marc Gaudette VA Power l
ATTACHMENT 2
-1
= - . - _ . - - . . . - . - - _. . . . . - _. .
e.
ATTENDANCE LIST NRC YEAR 2000 AUDIT ENTRANCE MEETING January 28,1999 Name Oraanization Marc Gaudette VA Power W. S. Miser VA Power Vincent West VA Power L. McDermid VA Power Jerry M. Williams VA Power L. N. Hartz VA Power Melissa Brown VA Power J. H. McCarthy VA Power j A. W. Farmer VA Power '
Gerald Pedersen VA Power Billy Warf VA Power l Bruce Leonard VA Power j Eric Lee USNRC HICB Deidre Spaulding USNRC HICB Paul Fillion U S N R C Rlli Michael Beers VA Power B. T. Duke Duke Energy David Christian VA Power Deborah Corbet-Cooper VA Power
.. - - _