ML12361A360: Difference between revisions
StriderTol (talk | contribs) (StriderTol Bot change) |
StriderTol (talk | contribs) (StriderTol Bot change) |
||
Line 2: | Line 2: | ||
| number = ML12361A360 | | number = ML12361A360 | ||
| issue date = 01/10/2013 | | issue date = 01/10/2013 | ||
| title = Summary of Meeting with Pacific Gas and Electric Company to Discuss Digital Replacement of Process Protection System at Diablo Canyon Power Plant, Units 1 and 2 | | title = Summary of Meeting with Pacific Gas and Electric Company to Discuss Digital Replacement of Process Protection System at Diablo Canyon Power Plant, Units 1 and 2 | ||
| author name = Sebrosky J | | author name = Sebrosky J | ||
| author affiliation = NRC/NRR/DORL/LPLIV | | author affiliation = NRC/NRR/DORL/LPLIV |
Latest revision as of 09:20, 20 March 2020
ML12361A360 | |
Person / Time | |
---|---|
Site: | Diablo Canyon |
Issue date: | 01/10/2013 |
From: | Joseph Sebrosky Plant Licensing Branch IV |
To: | |
Sebrosky J | |
References | |
TAC ME7522, TAC ME7523 | |
Download: ML12361A360 (57) | |
Text
t-p.n AEGlJ~ UNITED STATES
.:;;v' .qit
",iI!, 01'", NUCLEAR REGULATORY COMMISSION t:! () WASHINGTON, D.C. 20555*0001
<C 0 Ii; . :
~ cO V/. ~
'l-I) ****. ~o January 10, 2013 LICENSEE: Pacific Gas and Electric Company FACILITY: Diablo Canyon Power Plant, Unit Nos. 1 and 2
SUBJECT:
SUMMARY
OF DECEMBER 19, 2012, TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY ON DIGITAL REPLACEMENT OF THE PROCESS PROTECTION SYSTEM PORTION OF THE REACTOR TRIP SYSTEM AND ENGINEERED SAFETY FEATURES ACTUATION SYSTEM AT DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 (TAC NOS. ME7522 AND ME7523)
On December 19, 2012, a Category 1 teleconference public meeting was held between the U.S. Nuclear Regulatory Commission (NRC) and representatives of Pacific Gas and Electric Company (PG&E. the licensee) at NRC Headquarters, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. The purpose of the teleconference meeting was to discuss the license amendment request (LAR) submitted by PG&E on October 26, 2011, for the Digital Replacement of the Process Protection System (PPS) Portion of the Reactor Trip System and Engineered Safety Features Actuation System at Diablo Canyon Power Plant, Unit Nos. 1 and 2 (DCPP) (Agencywide Documents Access and Management System (ADAMS) Accession No. ML113070457). A list of attendees is provided in Enclosure 1.
The teleconference meeting is one in a series of publicly noticed teleconference meetings to be held periodically to discuss issues associated with the NRC staff's LAR review. Preliminary issues that the NRC staff identified during the initial review, and the licensee's responses to these preliminary issues, were discussed during the teleconference meeting. The list of preliminary issues is provided in Enclosure 2.
The NRC staff and licensee confirmed that the next meeting on this topic would be held on January 24, 2013. Highlights from the meeting on December 19, 2012, include the following:
- The NRC staff discussed the status of the audit reports associated with a November 13 -16,2012, audit at the Invensys Operations Management facility in Lake Forest, California. The audit plan dated October 10, 2012, associated with this audit is available in ADAMS at Accession No. ML12276A050. The staff noted that two following separate audit reports are being written: 1) a cyber security audit report, and 2) an audit report associated with the audit that was performed to verify that the software products to be used at DCPP for the PPS system conform to applicable standard, guidelines, plans, and procedures by
-2 assessing the implementation of the systems developmental life cycle process (life cycle audit). The staff and PG&E took the following actions associated with this November 13-16, 2012 audit:
The NRC staff will provide a copy of the life cycle audit report to PG&E for a review of proprietary information before the audit report is made publicly available. If proprietary information is identified, PG&E will identify this information to the staff using the 10 CFR 2.390 process.
Invensys will submit documentation identified by the staff in the life cycle audit report as needing to be placed on the DCPP Unit 1 and 2 dockets to the NRC in accordance with the established process.
The NRC staff will provide an updated status to PG&E regarding the cyber security audit report prior to the next public meeting.
- The project plan for the review of the LAR (Enclosure 3) was discussed. The NRC staff and PG&E confirmed that the audit trip to Westinghouse/CS Innovations facility (item 11.3 in the project plan) will be held the week of February 11-15, 2013.
The NRC staff took an action to provide PG&E an audit plan for this audit by the end of January 2013, so that PG&E and Westinghouse can prepare for the audit.
Both the NRC staff and PG&E agreed that the project plan will be updated prior to the next public meeting to reflect the date for the Westinghouse audit and to make other changes as appropriate to other milestones in the project plan to reflect the most current schedule. The updated project plan will be discussed at the next public meeting.
- The NRC staff stated that it would develop a second round of requests for additional information (RAls) in the January 2013 time frame based on those items identified in Enclosure 2 as needing RAls.
- PG&E and the NRC staff discussed recent interactions with industry associated with ensuring that seismic effects were properly accounted for in engineered safety features (ESF) setpoint calculations. PG&E indicated that changes to the ESF setpoints may be needed at DCPP to account for seismic effects on transmitters that are used to provide signals to the PPS. PG&E noted that the transmitters are outside the scope of the October 26, 2011, digital PPS LAR and that if ESF setpoint changes were needed to address seismic effects, PG&E would address this through a separate LAR. The staff indicated that this approach sounded reasonable and that it would check with other NRC staff and management and identify to PG&E in the next public meeting if there were any issues with PG&E's proposed approach.
-3 Please direct any inquiries to me at 301-415-1132 or a~t !:!:Jo:-t.:s;z:::e~~~~~~~~
Docket Nos. 50-275 and 50-323
Enclosures:
- 1. List of Attendees
- 2. Staff Identified Issues That are Open
- 3. Project Plan cc w/encls: Distribution via Listserv
LIST OF ATTENDEES DECEMBER 19, 2012, TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY REGARDING DIGITAL UPGRADE FOR DIABLO CANYON POWER PLANT, UNIT NOS. 1 AND 2 DOCKET NOS. 50-275 AND 50-323 NAME ORGANIZATION Ken Schrader Pacific Gas and Electric Scott Patterson Pacific Gas and Electric John Hefler Altran R. Lint Altran J. Basso Westinghouse W. Odess-Gi"et Westinghouse Roman Shaffer Invensys/Triconex Rich Stattel Nuclear Regulatory Commission (NRC)
Bill Kemper NRC Rossnyev Alvarado NRC Shiattin Makor NRC Joe Sebrosky NRC Steve Kane AREVA Gordon Clefton Nuclear Energy Institute Ken Thompson Avila Valley Advisory Council Enclosure 1
December 17, 2012 DCPP PPS Open Item Summary Table ---
Page 1 of 49 No SrclRI Issue Description P&GE response: Status RAI No. I RAI Comments (Dal e Sent) Response (Due I
Date) 21 RA Westinghouse/CSI document 6116-00005, "Diablo Canyon PPS System Open R) 110 10-17-12 update Test Plan," states that the ALS-102 FPGA design is changed for the DCPPS Nc used (Alvarado):
System. Further, Section 5.3.3 states: Test as many of the ALS-102 (Hold Westinghouse/ALS requirements as possible." un I will submit the re~ ponse documents by Please identify what document describes the design verification test for this is 10/31/2012.
board. reI eived) 9-19-12 update (Alvarado): Waiting c-PG&E response: The documents that describe the design verification tests for ALS document for the ALS-1 02 are 6116-70140, "Diablo Canyon PPS System Test Design to be submitted at Specification," submitted June 6,2012, and 6116-10216, "Diablo Canyon the end of PPS W Simulation Environment Specification" that will be placed on the September.
Sharepoint by December 31, 2012.
6-13-12 update (Kemper):
PG&E understands that they need to provide an update to this response. In the meantime, PG&E and ALS have provided 2 design specifications that will address this 01.
These documents are placed on the PG&E sharepoint website. Doc. No 6116-10740 was submitted on June 6, 2012, which describes ALS system test design soecification. Doc.
Enclosure 2
December 17,2012 DCPP PPS Open Item Summary Table --
Page 2 of 49
~~---.---~~
No SrclRI Issue Description P&GE response: Status RAI No. I RAI I Comments (Date Sent) Response
( Due
- - - - I I Date) r No 6116-00005 was also submitted on June 6, 2012, which describes ALS system test plan.
Doc. No. 6116 10216ALS W Simulation Environment Specification will be provided in the future.
3/21/12 update:
PG&E has created a share point website for NRC to review PPS design drawings that will address this issue.
NRC staff will determine if they are needed to be submitted on the docket. PG&E will ensure the website is information is only applicable to this licensing action.
NRC- the response provided does not address the uestion.
December 17, 2012 DCPP PPS Open Item Summary Table Page 30f49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
- I 7/13/12-rjs Deleted RAI 10 pending review of revised response.
Also decided to hold item open.
33 RJS (ALS SOAP) Software tools are used extensively during the FPGA Open Item initiated on development process. The staff therefore considers these tools to be a key (Hold) 6/5/12.
component to the assurance of quality in the ALS system development process. The ALS SOAP states that "no additional tools, techniques, or 6-13-12 update methodologies have been identified" for the ALS system. The staff (Kemper): W/ALS considers the development tools, as well as the techniques and agrees with NRC's methodologies used during system development to be relevant to the position on tools assurance of quality for the ALS system. Please provide information on the and will revise the tools, and methodologies used during system development to ensure quality document (Doc.
of the ALS system products. No. 6002-00001) accordingly to address this matter.
PG&E response: Westinghouse agrees that Section 8, Tools, Techniques, And Methodologies of the ALS OA Plan (6002-00001) should be revised to Placed this item on reference document 6002-00030, "ALS Design Tools." This document hold pending describes the tools used and how they are used in the design process. This review of revised document is also on the ALS docket. Westinghouse submitted a revision of OAplan.
the ALS QA Plan, Revision 9, on the ALS docket on October 31, 2012, that provides information on the tools and methodologies used.
December 17, 2012 DCPP PPS Open Item Summary Table Page 4 of 49
--:=-:-
No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) 35 RA Follow up of Item 21 - Software Test Plan Closed NEWRAI In the response provided for Item 21, PG&E explained that a new revision (Rev. 1) of ALS document No. 6116-00005 was provided. The scope of Revision 1 is slightly different from the scope described in Rev. O. For example, Section 1.2 in both revisions states that test coverage includes all ALS modules, backplane, license sense modules (LSM), and ALS service unit (ATU). However Section 2, Test Items, for these revisions are different.
Revision 1 only focuses on ALS-102 and backplane assemblies. This section does not include other ALS modules, LSM and ATU. Please explain why these other ALS modules are not included in section 2 of the new revision.
Further, Table 1-2 identifies "Diablo Canyon PPS Test Plan" as document No. 6116-00005, which is the same number than "Diablo Canyon PPS System Test Plan". Please clarify if this is referring to a different document.
PG&E Response: The scope of both revisions are the same. Revision 1 changes added more detail into the overall scope. The details are broken down into 2 main parts: 1- The individual components, 2 - The System components. Both parts equal the entire ALS based Diablo Canyon system which includes all ALS modules, Backplane, ASU (incorrectly stated as ATU in the open item), LSM, ALS-102A1B specific to Diablo and full ALS sub I
system test which includes the testing of ALS slave cards required by the DCPP configuration.
The entry in Table 1-2 for the Diablo Canyon PPS Test Plan, 6116-00005 is the same document as Diablo Canyon PPS System Test Plan 6116-00005. -- -- I 38 RA Software Management Plan Closed NEWRAI :
Section 2 of the PG&E "PPS Replacement Concept, Requirements, and Licensing Phase 1 Project Plan" does not describe the activities to be performed by the Engineering of Choice Design Change Package Team.
It is also not clear what the roles and responsibilities of this team are.
Please clarify and provide the applicable PG&E control document that describes PG&E roles and responsibilities specificall}l' for the Eflgineering of
December 17,2012 DCPP PPS Open Item Summary Table Page 5 of 49 0 SrclRI Issue Description P&GE response: Status RA/ No. RA/ Comments (Date Sent) Response (Due Date)
Choice Design Change Package Team.
r---
PG&E Response: The activity performed by the Engineering of Choice Design Change Package Team is to support PG&E in development of the design change package for the PPS Replacement. PG&E has a contract with an engineering company, currently Enercon Services, Inc., to be the "engineer of choice" to provide nuclear engineering services to PG&E. For individual scopes of work, PG&E develops a purchase request for the scope of work and a purchase order is issued to the engineering company that is the engineer of choice. When the engineer of choice is performing a design change package for Diablo Canyon Power Plant, the engineer of choice uses the PG&E Design Change Procedure, CF3.1D9, "Design Change Development" and PG&E performs an owner acceptance of the work using PG&E Procedure CF3.ID17, "Design and Analysis Documents Prepared by I
External Contractors."
) RA Software Management Plan Closed NEWRAI Figure 2-1 of the PG&E "PPS Replacement Concept, Requirements, and Licensing Phase 1 Project Plan" and Figure 3-1 of the SyQAP identify Altran under the PG&E Project Engineering box. However, Figure 4-1 of the SyWP identifies PG&E project team under the PG&E Project Engineering box. Please explain the role and responsibilities for Altran during the PPS Replacement Project.
PG&E Response:
09/17/2012:
- 1. The PPS Organization Chart shown in SyWP Figure 4-1 is a simplified rendering of the organization charts in Project Plan Figure 2-1 and SyQAP Figure 3-1. The latter figures show an Altran Project Team under PG&E Project Engineering and a team of three PG&E individuals directly under PG&E Project Engineering.
The slight inconsistenc~ between S~WP Figure 4-1 and the other i
December 17,2012 DCPP PPS Open Item Summary Table Page 6 of 49
'--Nol SrclRI I Issue Description P&GE response: StatuSTRAI No. I RAI Comments (Date Sent) I Response (Due 1----- ~--1--- ---fig-U-r-e-s-m-a-y-;-be=--=:re::-::s:-:o:l."lv::e::idi4t:hh;:us~:_L-_--_-------r- -~------rl-Date)~_---4_ _
IPG&E Project l
II En gineering .
---r~
Project Team 1
---=-.I~
-1
_~ Allran l . PG&E
+
- 2. Altran is acting as a subcontractor providing engineering support to the PG&E Project Team as shown above in the revised figure.
Altran supported LAR preparation and is providing continuing support through the LAR review process. Altran's work is governed by the Altran Engineering Procedures Manual. Documents submitted to PG&E are prepared in accordance with A/tran EOP 3.3 (reports) and 5.4 (specifications). All A/tran documents are verified in accordance with Altran EOP 3.4. In addition, PG&E accepts Altran documents under PG&E CF3.1D17 as noted in the Altran Verification Report.
40 RA Software Tools 1OPEN 1 110/17/12 update:
Westinghouse/ALS In the ALS Progress Update 2012-08-01 provided to the staff, will submit the ALS Westinghouse/CSI described that they are replacing Automated Test Design Tools on Environment (ATE) from IW credited tools with a LabView based ALS 10/31/2012 Board Test System (ABTS). Also, in this presentation, Westinghouse/CSI
'-- I ~ noted that they are performing additionallV&V and equipment qualification
December 17, 2012 DCPP PPS Open Item Summary Table Page 7 of 49 No SrciR/ Issue Description P&GE response: Status RA/ No. RA/ Comments (Date Sent) Response (Due Date)
-- f--- -
tools.
Since this information needs to be reflected in the software planning documents, please identify how these items will affect Westinghouse/ALS documents related to PPS replacement project. Also, identify what document will be revised to include description of these modifications.
PG&E Response: The ALS Design Tool 6002-00030 requires revision to replace the ATE with the ABTS. The revised ALS Design Tool, Revision 9, document was submitted by Westinghouse on October 31 that addresses the tools used.
41 RA Software V&V and Test Plan Closed New RAI Westinghouse/ALS document 6116-0005, section 8.2 identifies the software tools to be used in the PPS replacement project. However, this list is not consistent with the list of IV&V tools identified in Section 3.6 of ALS W Plan 6002-00003. Specifically, the test tools identified in 6002-00003 are not listed in 6116-00005 and vice versa. For example, the W Plan (6002 00003) identifies ATE tool for IV&V, but this tool is not listed in 6116-0005 Rev. 1. Furthermore, the staff reviewed 6116-0005 Rev. 0, and found that the ATE tool was listed in this version. Please clarify what software tools will be used and what document describes them.
PG&E Response: A new revision of the ALS V&V Plan 6002-00003 identifies the ABTS and the ISE as the IV&V test tools. This new revision is being docketed the week of September 3 on the ALS platform docket. The ATE is removed from the set of IV&V test tools. The tools listed in document DCPP PPS Test Plan 6116-00005 section 8.2 and the tools listed in DCPP PPS W Simulation Environment Specification, 6116-10216, (to be released by 30 September 2012) encompass the IV&V test tools in the new revision of the ALS V&V Plan, 6002-00003.
42 RA Software V&V OPEN 9/17/12 update (Alvarado): during PG&E "PPS System Replacement System Verification and Validation Plan the conference call (SyWP)" does not describe the V&V activities to be performed durin9. the PG&E ex~lained
December 17,2012 DCPP PPS Open Item Summary Table Page 8 of 49 No SrclRI Issue Description P&GE response: Stat'Us I RAI No. I RAI Comments (Date Sent) Response (Due
_Dat~ . ~I~~__~~-.-~~
Operation Phase and Maintenance Phase. This document states that these that modifications activities are covered by approved DCPP procedures. Please identify these to the systems will DCPP procedures. be performed by the vendors.
PG&E Response: PG&E will provide Per the response to 01 #28, control of the software modifications to the additional Tricon and AlS platforms once the PPS replacement project is completed, information on their and the PPS is in the Operations and Maintenance phase, will be by the plan to perform Process Protection System Replacement Software Configuration modifications to the Management Plan, SCM 36-01, Revision 0, which was submitted as part of PPS system during the Phase 2 document submittal on June 6, 2012, in Attachment 4 to the operation and Enclosure of PG&E letter DCl-12-050. Modification to the PPS maintenance.
Replacement components produced by the vendors, CS Innovations and Invensys Operations Management, will be performed by the vendors and verification and validation will be controlled by the vendor verification and validation plans created for the Diablo Canyon PPS Replacement (6116 00003 for CS Innovations and 993754-1-860 for Invensys Operations M~nagement),
~.
RA Software V&V Clos ed I NEW PG&E "PPS System Replacement System Verification and Validation Plan (SyWP)", Section 5.1.1, explains that during the Concept Phase, PG&E will verify system requirements in accordance with PG&E procedure CF2.ID9, "Software Quality Assurance for Software Development." However, Procedure CF2.ID9 is for in-house development of software applications.
Please explain how this procedure is going to be used for the PPS replacement project.
Further, Section 5.1.2 of the CF2.ID9 states that and independent review of the functional requirements prepared during the concept phase would be performed. The PG&E SyWP does not identify this review, and thus there is no specific V&V product for this phase. Please identify who will perform this review and if this is considered a V& V product.
~-.- ........ -- ~-.- ........ - - . -... ~-- ....... ~-.- ....... ~-.- ....... -_ ......... - - -...... - .
December 17, 2012 DCPP PPS Open Item Summary Table Page 9 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
PG&E Response: I 09/17/2012: Altran developed the PPS Replacement FRS during the Concept phase in accordance with Altran EOP 5.4, and verified it in accordance with Altran EOP 3.4. Altran used PG&E procedure CF3.1D16 for additional guidance. PG&E accepted the FRS under CF3.ID17, which constituted verification of system requirements. This was a design activity rather than a V&V activity and there is no specific V&V product for this I
phase.
45 RA Follow up of item 18 - Software V&V OPEN 10/17/12 update:
Westinghouse/ALS RG 1.168 identifies five of the activities in IEEE Std.1012-1998, Annex G, will submit the I 'Optional V&V Tasks," as being considered by the NRC staff to be DCPP V&V plan on necessary components of acceptable methods for meeting the requirements 10/31/2012 of Appendices A and B to 10 CFR Part 50 as applied to software. These tasks are:
- 1. Audits
- 2. Regression Analysis and Testing
- 3. Security Assessment
- 4. Test Evaluation
- 5. Evaluation of User Documentation Westinghousel ALS Document No. 6002-00003, "ALS W Plan" describes the following techniques for V&V: reviews, testing, traceability analysis, inspection/analysis, and IV&V regression (change) analysis. This plan does ,
not include any of the optional V&V activities identified in IEEE Std.1012 1998, Annex G. Please explain if these activities are performed.
PG&E Response: The DCPP W Plan has been revised to include these optional V&V tasks required by RG 1.168 to align with the new ALS W Plan for the Optional Tasks. The Diablo Canyon W Plan, Revision 1, was placed on the Sharepoint on November 22 and was submitted by PG&E on December 5 in PG&E Letter DCL-12-121.
December 17,2012 DCPP PPS Open Item Summary Table Page 10 of 49 No SrclRI Issue Description lP&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) 46 RA Software V&V Closed NEWRAI Several sections in the Invensys Software Verification and Validation Plan (SWP) reference "applicable Project Procedure Manual (PPM)" to perform certain activities. The reference section in this plan identifies PPM (Reference 2.4.4). It is not clear if the PPM is constituted by several procedures or if it is only one procedure. For example, Section 1.1, states the SWP was prepared in accordance with PPM 7.0 (Ref. 2.4.4), and then Section 4 states that V&V activities will be planned and scheduled in accordance with the applicable PPM. Please describe what the PPM is, and explain how this is going to be used in the PPS replacement project.
rPG&E Response: The Project Procedures Manual (PPM) provides appropriate controls for project activities conducted at the Invensys Operations Management (Invensys) Lake Forest facility. These controls will ensure that all nuclear Class 1E projects (or non-1 E projects where the customer has specified certain 1E requirements) processes, project activities, and project documents will meet the requirements of 10 CFR 50, Appendix 8,10 CFR Part 21 and the Invensys Quality Management System. This procedures manual provides specific controls for NAO as well as other Invensys organizations that perform nuclear safety-related system integration project activities. The PPM is a collection of different procedures, including referenced Forms, and is a controlled document.
Each PPM procedure is intended to implement key areas of project activities. Each procedure within the PPM is aSSigned a unique document number and title.
V&V activities during the PPS Replacement Project will be governed by several procedures within the PPM as defined in the SWP document, Invensys document 993754-1-802. The SWP will be revised to add the title of each procedure within the PPM where referenced in the SWP. For example, in the SWP, Section 1.1, where it states that, "the SWP was prepared in accordance with PPM 7.0 (Ref. 2.4.4)," will be revised to state that "the SWP was prepared in accordance with PPM 7.0, Application Program Development." The revised SWP will be submitted by T80.
December 17,2012 DCPP PPS Open Item Summary Table Page 11 of 49
--~
~~RI No Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
~-
47 Software V&V Closed NEWRAI Invensys Document No. 993754-1-802, "Software Verification and Validation Plan" requires the use of V&V metrics to evaluate software development process and products, This section does not explain what methods and criteria will be used for software safety metrics. This information is required by section B.3.1 of BTP 7-14, RG 1.152, RG 1.173 and IEEE Stds. 1061 and 1074. Also BTP 7-14 Section B.3.1.1.2. Please provide this information.
PG&E Response: The V&V metrics are used during development of the PPS Replacement software that will reside/execute on the V1 0 Tricon portion. The V&V metrics measure the thoroughness of V&V reviews and testing efforts. These measurements yield data utilized to gain reasonable assurance that the design outputs are of high quality commensurate with the intended use in the PPS Replacement application. The V&V metrics methodology, utilizing a diversity of software measures, provides insight into the rigor of the PPS software development process. V&V uses three distinct metrics during PPS software development:
Software Quality Metrics The purpose of these metrics is to measure software quality by tracking the number of defects found in the design outputs (e.g., design documents, software).
The method is to count and categorize defects found during V&V review of design outputs.
The acceptance criterion is that no technical defects remain at the end of the current phase to receive V&V recommendation to proceed to the next project phase. Any defects that cause the non-compliance with customer requirements and/or non-compliance with NRC guidance are considered technical defects.
V&V Effectiveness Metrics
_L The Ql!rpQse of th~se m~trics i§ to m~a'§LJ@ th(3~ff~ctiveness otV&V
December 17,2012 DCPP PPS Open Item Summary Table Page 12 of 49 N,0 SrclRI Issue Description IP_&GE response: Status RAI No.
(Date Sent)
RA/
Response
Comments (Due Date) reviews by measuring the percentage of design outputs which V&V reviews or tests. The method determines the percentage of design outputs actually reviewed by V&V (which is meaningful for in-process design changes necessitating a change impact analysis, revisions to released design outputs, and a regression analysis). The Acceptance Criterion is that 100 percent of comprehensive or delta change reviews is achieved in the current phase to receive V&V recommendation of proceeding to the next project phase.
Software Safety Metrics The purpose of these metrics is to assess whether software safety requirements are being met. Methods are to count software hazards found during V&V review or testing of design outputs and to confirm software hazard mitigation in each project phase, or, at a minimum, by the end of the project and approval at the completion of acceptance testing. The Acceptance Criterion is that all software hazards are mitigated by the end of the Test Phase to receive approval of the results of acceptance testing.
48 RA Software V&V OPEN 10/17/12 update:
- For item 2 - PG&E PG&E SyWP, Section 6, requires that anomalies detected are identified, will revise the documented, and resolved during the V&V activities. This section states SyWP and submit that anomaly reporting and resolution requirements are defined in the it on 11/30/2012 respective PG&E control procedures. Section 2 "Control Procedures does not include a reference for an anomaly reporting procedure. Please identify 9/17/12 update the PG&E control procedure used for anomaly reporting. (Alvarado): NRC staff received Further, Section 7 of the SyWP states that the PG&E authority responsible copies of OM7.ID1 for approving deviations from SyWP is the PG&E Project Manager, who will and XI1.ID2. This document his/her approval a Change Notice or equivalent formal PG&E addressed item 1 of document. Please identify where the responsible PG&E authority will this open item.
document its approval. - - ...... ~- ...... -- -- - - - -
...... .... ... - - - - '--- I
December 17, 2012 DCPP PPS Open Item Summary Table Page 13 of 49
-No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
PG&E Response:
- 1. The PG&E control procedure for anomaly reporting is OM7.ID1, "Problem Identification and Resolution." This procedure governs the PPS replacement after it has been turned over to PG&E by the suppliers. The suppliers' anomaly reporting procedures are applicable prior to this turnover.
r --
- 2. IN PROGRESS 49 RA Software V&V Closed NEWRAI Invensys Document No. 993754-1-802, "Software Verification and Validation Plan", Section 6.3 states that the Invensys personnel prepared System Deficiency Integration Report (SDIR) to document non-conformances and corrective actions during testing; the SDIR is prepared in accordance with PPM 10.0. Please explain what PPM this is.
Further, the Invensys "Validation Test Plan", Section 5.4.2 states that the Test Review Board and PG&E shall review SDIRs, but this is not indicated in the Invensys V&V plan. Please explain why this review activity is not identified as a V&V task in the V&V Plan ..
PG&E Response: The PPM 10.0 procedure defines the process to control nonconforming items and identify appropriate corrective action for aI/
nuclear application projects developed at the Invensys Operations Management (lnvensys) Lake Forest facility. This procedure is intended to provide controls for nonconforming items and corrective actions related to project activities. As used in this procedure, the term "nonconformance" describes deficiencies in parts and materials (items), documentation, and/or deviations from stated requirements. This procedure addresses the identification, documentation, evaluation, and disposition of nonconforming items. This procedure also describes the corrective action process to be used for project-related issues where corrective action is warranted.
SWP Section 5.2.2.2.1 4) stated that Nuclear IV&V shall generate and verify the system-level Validation Test Plan, 993754-1-813, in accordance with PPM 6.0 [Ref 2.4.4], in conjunction with IEEE 829-1983. The SWP
\I\Ias developed in accordance with PPM 6.0, Test Control. In PPM 6.0, Test
December 17,2012 DCPP PPS Open Item Summary Table Page 14 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
Control, it was stated that the Project Review Committee (PRC) shall review all test results for completeness, accuracy and acceptability. This review shall include all test documentation, e.g., the Test Procedures, the Test Logs, the System Integration Completion Checklist, the Test Report(s), and SIDRs.
50 RA Software V&V Closed NEWRAI The Invensys Validation test plan, Section 8.2, states that the Narrative Test Logs are used to document conduct of testing and any anomalies that occur. Please explain if this is only used during validation, and why this is not mentioned in the Invensys SWP. Further, please explain how is this used in conjunction with Document Review Comment Sheet (ORCS) and System Deficiency Integration Report (SDIR)?
PG&E Response: PPM 6.0, Test Control, defines the Test Logs. All test activities shall be recorded in a Test Log. The Test Log constitutes a continuous, hand-written journal of all test activities from the point of initial entry into the Test Procedure until the conclusion of all testing, including any required retesting. The Test Log shall include entries for sign-in and sign-out of all participating personnel, establishment of indicated prerequisites and initial conditions for testing, performance of testing and retesting, identification of problems, etc. The Test Log is intended to be a detailed journal of all testing activities sufficient to fully document the actual sequence of testing performed, the test results achieved and any problems that occurred, including their impact on test performance. The Test Log shall be reviewed by the PRC as part of its evaluation of the test results.
The Test Logs are independent and separate from the Document Review Comment Sheet (ORCS) and System Deficiency Integration Report (SIDR).
However, as a test narrative, the Test Log may identify the fact that a SIDR was generated as a result of test anomaly.
51.1.a RA Software Configuration Management Closed NEWRAI
- 1. Configuration Process a) In open item 4, the staff requested description of the software configuration management activities for configurable boards (e.g.,
- -_ ..... - ~ . . -
L. ~_ALS_FPGA-102 board). Since the AU~ F£GA:1~2J?~r~ i~~stomer__ _._ - - ... ... -_ ...... __ .... --.....
IDecember 17,2012 No- - SrclRI Issue Description DCPP PPS Open Item Summary Table P&GE response: Status RAI No.
(Date Sent)
Response
Page 15 of 49 Comments (Due Date) specific, its configuration management activities are not covered by "ALS Configuration Management Plan." Even though item 4 is closed, this request was not addressed in the response for item 4.
PG&E Response:
09/18/2012 ALS-102 Configuration The FPGA installed on the ALS-102 board and therefore the ALS-102 board itself is specific to the PPS Protection set and the ALS subsystem in which it is installed. PG&E will not have the capability to alter the FPGA. Any change to the FPGA must be made by CS Innovations. Therefore, ALS-102 FPGA configuration management activities are covered by the ALS Configuration Management Plan. PG&E capability to change ALS-102 configuration will be limited to board-level replacement.
51.1.b RA Software Configuration Management Closed NEWRAI
- 1. Configuration Process b) The PG&E SCM 36-01, item 1.2.8, states that ALS board has two sets of NVRAM. Further, it explains that the configuration of the NVRAM can be changed only by removing the subject board from the ALS chassis and inserting it into a special test fixture. It is not I clear who will control this process and configuration of the NVRAM.
Please explain.
PG&E Response:
09/18/2012 ALS 1/0 boards are generic; that is, each board is configured using its NVRAM for the specific function it is to perform. This activity is described in SCM 36-01 Section 1.2.8, which states that the configuration of the NVRAM is changed by removing the subject board from the ALS chassis and inserting it into a special test fixture. This would be performed as part of a maintenance activity, such as replacing a failed board. If the functionality of an I/O board required modification as a result of an application change, all required NVRAM configuration alterations would be performed by CS Innovations under their ALS Configuration Management Plan.
December 17,2012 DCPP PPS Open Item Summary Table Page 16 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
As with the AlS-102 FPGA discussed above, PG&E will not have the capability to alter the NVRAM configuration itself. PGE capability to change i
the NVRAM configuration for a specific 1/0 board will be limited to loading NVRAM images that are under CS Innovations configuration control and that have been previously verified and validated at the system level by CS Innovations.
Configuring the NVRAM in order to replace an I/O board will be performed by PG&E under an approved plant maintenance procedure.
51.1.c Software Configuration Management Closed NEWRAI
- 1. Configuration Process c) Section 1.2 of the Invensys Document No. 993754-1-909, "Software Configuration Management Plan," states that this plan controls operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purpose. However, the description provided throughout the plan only focuses on the configuration activities for the TSAP (e.g., Section 2.3 states that the i
SCM procedures are for the TSAP). Further, this same section (later I on) identifies the software configuration to be managed, and this list does not include operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purpose. Please clarify the scope of this plan.
PG&E Response:
09/18/2012 There was no intent for the SCMP to do more than track the revision of Commercial Off The Shelf (COTS) software. In this case "Control" is defined as tracking the revision levels such that they are recorded on the project Master Configuration list, Invensys project document 993754-1-803.
On page 7 of the SCMP, under "limitations," it states, in part, that the L_L revision levels of this type of software will be tracked.
December 17, 2012 DCPP PPS Open Item Summary Table Page 17 of 49 No . SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) 51.2 Software Configuration Management Open 10/17112 update:
- 2. Organization PG&E will revise The organization and responsibilities described in Section 4 of CF2.ID2 is the SCMP to not consistent with the information presented in Section 2 of SCMP 36-01. address several For example, Section 2 of SCMP 36-01 identifies system coordinator, open items application sponsor, and system team, who are not identified in Section 4 of Cf2.ID2. Further these descriptions are not identified in the project organization described in PG&E PPS Replacement Plan (Attachment 3 of the LAR). Please clarify the roles and responsibilities for SCM, and provide a cross reference of the PG&E organizations described in these documents.
PG&E Response 12/16/2012:
PG&E will revise the SCMP plan to be consistent with CF2.ID2 section 4 organization, ,including a description of additional roles and responsibilities not required by CF2.1D2.if needed.
51.3.a Software Configuration Management Open 10/17/12 update:
- 3. Changes and Problems Identification PG&E will revise a) PG&E SCMP36-01 states that software, hardware, and configuration the SCMP to problems are reported in accordance with PG&E OM7.ID1 and that address several software and/or configuration problems are reported via a PROG open items PDCM Notification. Please clarify when and how these are used. For example, for software problems does one have to report the problem using both PG&E OM7.1D1 and PROG PDCM Notification. Note that PG&E CF2.ID2 states that all problems associated with plant computer system should be reported and document per OM7.ID1 (See section 5.11 and 5.16.10 (b) of CF2.ID2)
Further, Section 3.2.1 states that all PPS modifications should be initiated and tracked per plant procedures or CF4.ID1. Section 3.2.2 states that the implementation of the change is documented in the associated Change Package and a SAP notification and order. And Section 3.2.10 states that all identified problems and corrective actions using a notification, which is not specified.
So should software modifications require reporting and tracking using OM7.ID1, CF4.ID1, PROG PDCM Notification, Change
December 17, 2012 DCPP PPS Open Item Summary Table Page 18 of 49 No SrclRI Issue Description I P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
Package, and SAP Order?
I Please explain PG&E procedures for different changes and the documenting and tracking system used for all types of modification r--
PG&E Response: [IN PROGRESS]
51.3.b Software Configuration Management OPEN
- 3. Changes and Problems Identification b) Please clarify the means to track changes. Section 3.2.4. 7 of the SCM 36-01 states that this is done using a SAP order, but Section 3.2.4.7 states that Change Package and SAP order are entered in the Record Management System, and Section 3.3 describes a Configuration Status Account, which is used to track changes of configuration items.
PG&E Response: The means to track changes is the SAP order. The Record Management System is the system used at Diablo Canyon to store and allow retrieval of documents to meet 10 CFR 50 Appendix B quality assurance requirements. Completed Change Packages and SAP orders are entered into the Record Management System for storage and to allow later retrieval.
51.4.a Software Configuration Management OPEN
- 4. Document Repository
- a. SCM 36-01, Section 2.3.3 identifies the Digital Systems Engineering SourceSafe as the repository, but Section 3.2.5.5 identifies htlp:lldcpp142/idmwslhome/asp, and Section 3.29 states that the files necessary for recovery of the baseline are maintained in the PPS database in SC-I-36M, Eagle 21 Tunable Constants." It is not clear if these two sections are referring to the same document repository or if it is the same. Please clarify.
PG&E Response: [IN PROGRESS]
i
December 17,2012 DCPP PPS Open Item Summary Table Page 19 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) 51.4 Software Configuration Management OPEN
- 4. Document Repository
- b. PG&E has implemented restrictions to access files and documents associated with PPS replacement project. Further, PG&E requires user authentication and access to edit configuration, software, and data. It is not clear if these restrictions apply for access to the Digital Systems Engineering SourceSafe or the repository in r~
httQ:lldcoo 142/idmws/home/aso PG&E Response: [IN PROGRESS]
52 RJS Security: OPEN NSIR PG&E stated in its letters DCL-11-123 and DCL-11-104 that the PPS replacement will be fully compliant with the 10 CFR 73.54 cyber security requirements, including RG 5.71, Revision 0, "Cyber Security Programs for Nuclear Facilities," dated January 2010, and is being reviewed to comply with 10 CFR 50.73, the DCPP Cyber Security Plan, and NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, dated April 2010.
The cyber security program that PG&E is implementing per its NRC approved cyber security plan includes provisions applicable to all phases of a systems' life cycle, including the digital upgrade or modification of critical digital assets.
Please explain how the provisions outlined in the PG&E's NRC-approved cyber security plan were considered, and/or implemented, as part of the PPS replacement. The provided explanations should include how all of the management, operational, and technical security controls contained within the plan, especially security controls associated with Configuration
~
Management and System and Service Acquisition, are being addressed.
The provided explanations should also include any issues associated with partial implementation of the PPS replacement and full implementation of
December 17,2012 DCPP PPS Open Item Summary Table Page 20 of49 No SrclRI Issue Description P&GE response: Status RA/ No. RA/ Comments (Date Sent) Response I (Due Date) I the cyber security plan for the site, and processes to identify and resolve any such issues.
PG&E Response:
The Cyber Security program manager and other members of the CSAT I (Cyber Security Assessment team) met with the Process Protection System (PPS) Upgrade design engineer beginning in 2011. Many options were discussed.
The Cyber Security program manager and project manager have met with the procurement group to discuss cyber security principles that should be written into the procurement procedures, and what steps will help to ensure a secure supply chain.
The Cyber Security Assessment Team (CSAT) was formed in accordance with section 3.1.2 of the cyber security plan, and Milestone a, on 10/31/2011. A list of critical digital systems and assets was created in accordance with section 3.1.3 of the cyber security plan and Milestone b on 10/31/2011. The CSAT looked at scheduled digital upgrades, and added the future equipment to the list of critical digital systems. The CSAT determined the PPS equipment will be a critical system, with several CDAs.
From July 9-122012, the cyber security project manager accompanied members of the Quality Verification group to examine the design and production facilities of Invensys, and examined the code production practices and the development environment, and determined that Invensys has an SDE, and ensures their employees are reliable and trustworthy.
Activities planned for the future.
December 17,2012 DCPP PPS Open Item Summary Table Page 21 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
In December of 2012, the network that the PPS will eventually reside on will be isolated from internet connected networks by a deterministic network device, per milestone c of the DCPP Cyber Security Plan. Thus many network attacks, including many that depend on a back door created by a vendor, will not be possible.
Also by December of 2012, DCPP will have taken steps to lessen the likelihood of an attack initiated by a portable electronic device, or portable media such as a thumb drive per Milestone d, and section D 1.19 of NEI 08
- 09. This will mitigate portable media based attacks that depend on a back door created by a vendor.
The DCPP Cyber Security Team will interface with NUPIC (Nuclear
, Procurement Issues Committee) and the NEIINITSL counterfeit parts task force to address digital equipment supply chain security.
The Cyber Security Implementation Project Manager has developed a detailed project plan, with several tasks and schedules. Several existing plant procedures will be revised. The PPS will inherit the controls implemented by these procedures. Many of the procedures will have been changed/created before the PPS is installed.
The CSAT is collecting design information as it becomes available. The collected design documentation is being reviewed as it is collected. The collected documentation will be reviewed in a formal desktop evaluation per the cyber security plan, section 3.1.5 prior to the PPS installation. The test set up in the offsite test lab near the plant will be visited on occasion by the CSAT, the system will be walked down repeatedly during installation, and the final walkdown will be performed when the system is ready to return to operations, per section 3.1.5 of the security plan.
The CSAT will make recommendations to enhance the cyber security
December 17, 2012 DCPP PPS Open Item Summary Table Page 22 of 49 No SrclRI Issue Description P&GE response: Status RAI No.
(Date Sent)
Response
Comments I (Due Date) r-posture of the PPS upgrade throughout the project, and will make their final recommendations after the system walkdown, per section 3.1.6 of the cyber security plan.
Disposition of all controls will be documented in the cyber security assessment tool, CyberWiz. Recommended mitigation will be documented I in CyberWiz, and the Corrective Action Program.
55 WEK PG&E Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR Closed NewRAI Acceptable Changes, FSAR Section 7.1.2.5, Conformance With Other Applicable response. Send Documents (page 7.1-13) does not indicate the NRC Safety Evaluation that this as an RAI so will be produced to approve the PPS. The staff's SER should become part that the issue does of the DCPP Unit 1&2 licensing basis once it is issued. How will this be not get lost.
documented within the FSAR??
PG&E Response: Reference to the staff SER will be included in FSAR Section 7.2.1.1.6 for the reactor trip portion of the process protection system and to Section 7.3.1.1.4.1 for the engineered safety features actuation system portion of the process protection system.
56 WEK PG&E Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR Closed NewRAI Acceptable Changes, FSAR Section x.x.x.x, (page 7.2-23) states that the evaluation for response. Send the common mode failure in the PPS is presented in References 37 [DCPP this as an RAI so PPS 03 LTR] and approved in Reference 38 [the staffs SER approving the that the issue does DCPP PPS 03 LTR1. However, it is noted that in the staff's SER it was not get lost.
stated in several sections that the 03 design features were approved based on " ... confirmation that the proposed built-in diversity of the ALS sub-system is found to be acceptable.>> This confirmation will be provided in the DCPP PPS SER, therefore, the staff's SER should also be referenced in this section.
PG&E Response: Reference to the staff SER for LAR 11-07 will be included in FSAR Section 7.2.2.1.2 in addition to the staff SER for the DCPP 03 LTR -
'57 WEK PG&E Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR Closed NewRAI Acceptable Changes, FSAR Section 7.2.2.9.2, IEEE 603-1991 Clause 5 , Clause 5.12 response. Send (page 12) states that" ... the communication path between the maintenance this as an RAI so
December 17,2012 DCPP PPS Open Item Summary Table Page 23 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) workstation and the ALS subsystem is normally disabled with a hardwired that the issue does
. switch ... " Also, Attachment 3, PG&E PPS Interface Requirements not get lost.
Specification (IRS), Rev.6 to PG&E Letter DCL-12-069 dated August 2, 2012 states in section 1.5.6 " ... TAB communications between the ALS and MWS takes place via RS-485 data link. The TAB is physically disconnected from the MWS when the TAB is not in use .... the TAB is open at a" times unless maintenance is being performed on the ALS ... " Please identify administrative controls and design features associated with the PPS that explains how the MWS is disconnected/disabled from the PPS (i.e., a means of physical cable disconnect, or a safety-qualified hardware switch that either physically opens the data transmission circuit or interrupts the connection by means of hardwired logic. "Hardwired logic" as used here refers to circuitry that physically interrupts the flow of information, such as an electronic AND gate circuit (that does not use software or firmware) with one input controlled by the hardware switch and the other connected to the I information source: the information appears at the output of the gate only when the switch is in a position that applies a "TRUE" or "1" at the input to which it is connected. Provisions that rely on software to effect the disconnection are not acceptable. It is noted that software may be used in the safety system or in the workstation to accommodate the effects of the open circuit or for status logging or other purposes) that demonstrate how this hardwired switch disconnects the ALS maintenance workstation from the ALS safety processor.
PG&E Response: For the ALS subsystem, instead of using a hardwire keyswitch, the ALS subsystem will be administratively controlled by physically disconnecting the communication link to the ALS MWS computer when the Test ALS Bus (TAB) is not being used for surveillance testing, maintenance, and trouble-shooting. This is a I PPS replacement design change described in the response to NRC request for additional information in PG&E Letter DCL-12-083 and will be included in a supplement to LAR 11-07.
~
RJS Close NewRAI 10/19/12: If I ALS FMEA - There are several failure modes identified in Table 4-4 of the understand the
December 17, 2012 DCPP PPS Open Item Summary Table Page 24 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
I FMEA where the System Effects entry provides a description of functions PG&E response that are not affected by the failure mode instead of stating what the effects correctly, these of the failure mode are. For example, the System Effects in the ETT failure system effects are in line 5b of table 4-4 are that the Alarm Function remains operational. being evaluated Though this may be the case, it does not state what the effects of the failure within the context mode are. Examples of this can be found in lines 5b, 6a, 6b, 7a, 9h, 9i, 11 b, of the local effects 11c, and 11d. that are also provided in the FMEA. Application specific r=-.:.
PG&E Response: compensating features that The System Effects entry does describe the functions that are affected by influence the the failure mode. This entry must be read in the context of the entire FMEA systematic effects table row. For example, the cited row for ETT failure in line 5b discusses the of these failure modes are thus effects of failures of the ALS-402-1 digital output board which sends Alarm accounted for Signals to other systems. In the case of Energize to Trip outputs (ETT) a within the analysis.
stuck open output channel will prevent the core A rack from being able to actuate the Alarm (in this case a specific instance of an ETT Alarm is cited, Agree to close but the "Containment Pressure in Test Alarm". However, due to the would like the PGE compensating features, which in this case is the redundant implementation response on of the function in the core B rack, the System Effect is that the Alarm record. Need RAI.
function remains operational. A similar reading applies to the other examples cited.
59 RJS Closed NIA 10/19/12 rjs:
ALS FMEA - Some of the identified failure modes of the ALS system are Response detectable only by operator observations, or by means that are not accepted.
necessarily performed during routine operation or during surveillance testing. See lines 10c, and 12a, What measures will be implemented to ensure that these failure modes would not occur and remain undetected for an indefinite period of time?
It is the staffs understanding that all failure modes which are not detectable
December 17, 2012 DCPP PPS Open Item Summary Table Page 25 of 49 NO SrclRI Issue Description P&GE response: Status RAI No. RAI Comments i through normal means such as surveillance tests or channel checks would need to be considered present for the purpose of satisfying single failure (Date Sent) Response (Due Date) criteria for the system.
PG&E Response:
Surveillance testing includes visual inspection of the equipment in addition to the specified test cases that demonstrate functionality. Therefore, those I failure modes that are detected by operator observations will be detected as part of the surveillance test. IEEE Std 379-2000 defines detectable failures as those failures that can be identified through periodic testing or that can be revealed by alarm or anomalous indication. Therefore, such failures do not need to be considered to be present for purposes of evaluating single failure criterion compliance.
The specific cases cited are clear examples. Line 10c discusses failures of the local partial trip indicators. Failures of the indicators do not affect the actual trip function. During the test the technician uses the indicators to confirm that the trip action occurs at the appropriate threshold. Thus the act of observation of the failure during surveillance testing is assured. Line 12a discusses failure of the serial link used for continuous monitoring of the ALS health. Failure of this link does not affect the safety functions of the rack, but would be immediately obvious at the workstation used to do the monitoring.
! I This workstation is used in surveillance testing.
60 RJS Open NewRAI Technical Specifications:
In order for the staff to make a determination that the existing technical specifications and surveillance intervals remain acceptable for the replacement PPS system, an evaluation to compare the ALSfTricon PPS system reliability and performance characteristics with those of the Eagle 21 system must be performed.
Pease provide an evaluation summary report to support the application of I
December 17,2012 DCPP PPS Open Item Summary Table Page 26 of 49
'No SrclRI Issue Description P&GE response: Status RAI No. I RAI Comments (Date Sent) Response (Due
-~
Date) existing technical specification and surveillance test intervals to the upgraded ALSfTricon based PPS system. This report is expected to include a quantitative analysis to demonstrate the new system's ability to perform its required safety functions between established surveillance intervals as well as a qualitative (i.e., deterministic) analysis which sites the self diagnosis and fault detection features of the replacement PPS. The report should address the staffs previous findings in Section 4.3, "Applicability of WCAPs to DCPP," of Amendment No. 179, dated January 31,2005 (ML050330315).
PG&E Response: An evaluation summary report to support application of the exiting TS and TS surveillance test intervals will be provided by January 31,2013.
61 RA Software V&V Plan: o[ 11-28-12 update:
The staff will review the V&V plan to ALS provided Revision 7 of its V&V plan (6002-00003). This revision determine if this provides a mapping and alignment with IEEE Std 1012-1998. This now item can be closed.
cause a misalignment with the DCPP V&V Plan, 6116-00003, Thus, the DCPP V&V Plan will need to be revised. Please identify when this new revision will be submitted.
r-PG&E Response: The DCPP V&V Plan, Revision 1 has been created to provide consistency with the ALV V&V Plan. The Diablo Canyon W Plan, I
I Revision 1, was placed on the Sharepoint on November 22 and was submitted on December 5 in PG&E Letter DCL-12-121.
62 RA Software Management Plan: Open 11-28-12 update:
The staff will review Revision 2 oftheALS "Diablo Canyon PPS Management Plan," 6116-0000, the PPS Section 2.1 and 2.2, defines the project organization. As described in Management Plan
___ I guidance documents BTP 7-14 and NUREG/CR-6101, licensees need to describe the management aspects of the software development process.
Please clarify the following:
and the W plan to determine if this item can be closed
_..... ~ ..... - -_..... _.... -_ ... ~- ..... -- ... --..... -_ __
December 17,2012 DCPP PPS Open Item Summary Table Page 27 of 49 r:
No Src/Rt Issue Description IP&GE response: Status RAt No.
(Date Sent)
Response
Comments (Due I Date) r
- 1. The description provided in this section does not align with the organization structure provided in Figure 2-1. The description provided is not clear. For example, the bulleted list identifies "Scottsdale Operations Director", but then the 15t paragraph refers to Scottsdale Operations Director and ALS Platform & System Director. It is not clear if this is the title for one person or for two. Further, Figure 2-1 does not identify the ALS Platform & System Director, if this role is performed by a separated individual. Please clarify this.
- 2. This section states that ALS V&V Plan provide information and the interface between the IV&V team and the PPS replacement project. It is not clear why the ALS V&V plan will provide this information, since the ALS V&V plan is for the generic platform. Please clarify what document contains this information.
- 3. This section states that the WEC Project Manager is responsible for the commercial process interface with PG&E. However, this role is not listed in the bulleted item list and not identified in Figure 2-1. Please clarify this role.
- 4. Figure 2-1 identifies a QA Manager, but this section only describes the QA Lead. Please describe the role and responsibility for the QA Manager.
- 5. Section 4.1, Planning Stage, mentions a "Project Leadership Team,"
which is not described in Section 2. Please explain the role and responsibilities for this team.
PG&E Response: To address item 1, the Diablo Canyon PPS Management Plan, Revision 3, clarifies in Section 3 the organization details. To address Item 2, the Diablo Canyon IW Plan, Revision 1, provides information on the interface between the IV&V team and the PPS replacement project. To address items 3 to 5, the Diablo Canyon PPS Management Plan, Revision 3, clarifies in Section 3 the WEC Customer Project Manager is responsible for the commercial process interface with PG&E, the roles and responsibilities of the QA Manager, and the roles and responsibilities of the Project Leadership Team. The Diablo Canyon PPS Management Plan, Revision 3, was placed on the Sharepoint on November 15 and was submitted on December 5 in PG&E Letter DCL-12-121. The Diablo Canyon W Plan, Revision 1, was placed on the Sharepoint on November 22 and
December 17, 2012 DCPP PPS Open Item Summary Table ~
Page 28 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
'was submitted on December 7 in PG&E Letter DCL-12-121.
63 RA Open Software Management Plan:
. Revision 2 oftheALS "Diablo Canyon PPS Management Plan," 6116-0000, Section 4.1, Planning Stage, identifies that deliverables from this phase are approved by the "Managerial Review Board." However, this document does not identify the role and responsibilities for this board. Furthermore, the ALS PPS V&V Plan, 6116-00003, Rev. 0 states that IV&V will review the planning stage documents. Please clarify the person/team responsible for this review and their role and responsibilities.
PG&E Response: The Managerial Review Board review and the IV&V reviews are two different reviews. The Managerial Review Board gives the final "exit criteria" approval for both the Planning and Development Stages; this Managerial Review Board approval is required for entrance into the next subsequent stage. Their role is clarified in the "exit criteria" details included in Section 4.1 's Planning Stage and Development Stage sub-sections. The IV&V team also reviews the planning stage documents according to the criteria in the V&V Plan. Additional details have been added to the Management Plan. The Diablo Canyon PPS Management Plan, Revision 3, was placed on the Sharepoint on November 15 and was submitted on December 5 in PG&E Letter DCL-12-121. -
64 RA Closed NewRAI Software Management Plan To close Items 27 and 29, PG&E issued the DCPPS Project Quality Assurance Plan to define the oversight activities to be performed during the PPS replacement project. Section 2 of this plan describes the L
responsibilities of those involved in oversight activities. However, it is not clear how these roles and responsibilities correlate to the project organization described in PG&E PPS Replacement Plan (Attachment 3 of the LAR} and PG&E PPS Reelacement System Quality Assurance Plan
December 17,2012 DCPP PPS Open Item Summary Table Page 29 of 49 No SrC/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
(Attachment 4 of the LAR). For example, the Project Quality Assurance Plan describes the responsibilities of the PPS replacement Project Manager, but this role is not described in other documents, Further, the responsibility described seems to align with the responsibility of the PG&E Project Manager. Please explain the relationship, if any, of the roles and responsibilities described in the DCPPS Project Quality Assurance Plan and those provided in other PG&E plans.
I PG&E Response: The "Quality Assurance Plan for Diablo Canyon Process Protection System Replacement" (referred to as the "Project Quality Plan" in response to Ols 27 and 29) was a project specific document created by the Quality Verification group (a Quality Assurance organization) to identify the Quality Assurance tasks to be performed by the Quality Verification group for the project. The "Quality Assurance Plan for Diablo Canyon Process Protection System Replacement" provides the specific plan to be used by the "Supervisor Project QA" identified in Section 3.5.1 (page 19) of the SyQAP and the "Project QA Engineer or Equivalent" identified in Section 3.5.8 of the SyOAP to provide PG&E quality oversight for the project which in part supports meeting 10 CFR 50 appendix B quality assurance requirements for the project.
The "Supervisor Project QA" is not identified in the PPS Replacement Project Plan Figure 2-1 (PPS Replacement Project Organization) because they are not part of the Project Organization, but instead provide independent quality assurance oversight of the Project Organization.
Section 6.1, "System Quality Assurance Plan (SyOAP), of the PPS Replacement Project Plan discusses the SyQAP, which in turn references the "Supervisor Project QA" in Section 3.5.1 (page 19) and the "Project QA Engineer or Equivalent" in Section 3.5.8 to provide PG&E quality oversight for the project.
65 RJS Open KVM Switch Questions:
December 17,2012 DCPP PPS Open Item Summary Table Page 30 of 49 r-No SrclRI Issue Description IP&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due I Date)
See Attachment 3 PG&E Response:
See Attachment 3 i
r 66 WEK Section 4.2.13.1 of the LAR (page 85) states; "... The NetOptics Model PA- Open New RAI 11-28-12 update:
Cu/PAD-CU 1 PA-CU port aggregator network tap was approved previously 11-28-12 update:
by NRC for a similar application in the Oconee RPS SER Section 3.1.1.4.3 See 11-28-2012
[18]. The NRC staff determined that due to the electrical isolation provided update question.
by use of fiber optic cables and the data isolation provided by the Port Tap and the Maintenance and Service Interface (MSI) in the Oconee RPS, there A new RAJ will be was reasonable assurance that a fault or failure within the Oconee Gateway added to clarify this computer or the Operator Aid Computer will not adversely affect the ability inconsistancy so it of the Oconee RPS to accomplish its safety functions." will be on the docket.
In section 3.1.1.5.2.1 of the Oconee SER, the staff approved The NetOptics aggregator Port Tap, Model 96443, No. PA-CU, as a device intended to allow monitoring of a full duplex 10/1 OOBaseT Ethernet communication link by copying the communications and sending that copied communications to a one-way simplex communications link. Due to the importance of this one-way communications path functioning properly, the NRC staff performed a detailed review of the design aspect of this one-way communications path. I Circuit diagrams on the device itself indicated that the communications using Port C (Port 1 in the case of DCPP PPS application) may be capable of two-way communications. Since the original review of Model 96443, part No. PAD-CU Port Tap required NRC staff examination of actual schematic drawings of the circuitry to determine that there was no inbound communications path associated with Port C (Port 1 for the PPS), a similar schematic review for any replacement ... ...
or updated model of the Port Tap
... - ~- - - - - - - -
December 17,2012 DCPP PPS Open Item Summary Table Page 31 of 49 No SrclRI Issue Description IP&GE response: Status RAI No.
(Date Sent)
Response
Comments (Due Date) must be evaluated in the same manner (by the licensee) to determine the manner in which it is being used and configured are acceptable, and that do not invalidate the conclusion of this SE that use of the Port Tap provides adequate data isolation between the Gateway computer and the digital RPS/ESPS.The Port Tap approved for Oconee was model 96443 PA-CU.
11-28-2012 Update:
The response below still needs further clarification: Section 3.7.2.1 (page
- 71) of the approved Tricon V10 LTR SER (ML12146A010) states: "The NetOptics Port aggregator Tap, Model 96443, No. PA-CU, or PAD-CU, is a device intended to allow monitoring of a 101100 BaseT Ethernet communication link by communications and sending that copied information to a separate one-way communications link. Port A of the Port Tap is connected to the TCM, and Port B is connected to the Maintenance Terminal (maintenance video display unit (MVDU))." Since the LAR references the Port Tap approved within the Tricon V10 SER, this model number 96443 may still be confusing to the reader.
Please provide the model number of the Port Tap being that PG&C will use in the DCPP PPS and provide an explanation of its equivalency to the Port Tap approved for the Oconee RPS/ESPS LAR.
Revised PG&E Response 12/17/2012:
The PPS Replacement application will use the NetOptics Model PA-CU network port aggregator tap to isolate the Tricon portion of the PPS replacement from the gateway computer.
NetOptics has confirmed via e-mail (Case# 205591) that part number "96443" is the same as PA-CU. It is the old SKU part number for the PA CU.
67 WEK Section 4.2.13.1 of the DCPP PPS LAR (pg. 85) states, "Port aggregator Closed NewRAI 11-28-12 update:
dual in-line package (DIP) switch positions will be controlled by DCPP Response is configuration management processes." acceptable.
December 17,2012 DCPP PPS Open Item Summary Table Page 32 of 49 No SrclRI Issue Description P&GE response: Status RAI No.
(Date Sent)
Response
Comments I (Due Date)
Please provide a documented basis (e.g., a plant procedure, or engineering r design package) that demonstrates how this will be controlled. I I
I PG&E Response: The Port aggregator DIP switch positions will be controlled by a plant procedure or plan. The plant procedure or plan will be developed as part of the design change for installation of the PPS replacement after NRC approval of the LAR.
68 WEK Please provide a detailed functional description of the DCPP PPS NSR Open 11-28-12 update:
Gateway Computer(s) system; including computers/processors, See 11-28-2012 communications protocols, and data isolation details, Or, please indicate follow up question.
where this information is explained within the LAR and supporting documents. Also, please provide a detailed explanation of the Gateway Switch discussed within the LAR;including its operating principal (hardware, I logic based, etc, ,data/electrical isolation design features, and any other pertinent information pertaining to its failure mechanisms.
11-28-2012 follow up question:
Figure 4-13 (Pg 87) of the LAR indicates that data communications is provided directly between the SR ALS "A" & ALS "B" Protection Sets I, II, III, I
I and IV, and the NSR Gateway Computers via RS-422 copper media (i.e.,
not through the Port Tap). Section 4.8.2 b) (page 110 of the LAR) states that " ... AII other communication to non-safety equipment, i.e., Plant Computer, is via continuous one-way communication channels on the ALS 102." Please describe how the 1Elnon-!E data communication and electrical isolation is implemented within the ALS for this configuration.
Also, explain how the ALS "A" & "B" inputs to the NSR Gateway Computers are isolated from each other, and data communication protocols associated with processing this data within the Gateway Computers.
PG&E Response: The DCPP Gateway computer and Gateway switch are -- - --
- ~ - L ... ... ..
December 17,2012 DCPP PPS Open Item Summary Table Page 33 of 49 No SrclRI Issue Description P&GE response: Status RA/ No. RA/ Comments (Date Sent) Response (Due Date) part of an existing system that was installed by a previous project, and therefore were not included in the scope of the changes requested for approval in the LAR.
I I Communications from the Gateway Switch to the Tricon are functionally isolated by the Triconex Communication Module (TCM) and NetOptics Model PA-CU Network Port Aggregator Tap discussed in Tricon V10 SER Section 3.7.2.1. A fiberoptic data link provides electrical isolation.
The NetOptics PA-CU Network Port Aggregator Tap was approved for this use in the Oconee RPS SER. The PA-CU prevents inbound communications from external devices or systems connected to Port 1 of the Port Aggregator from being sent to interactive Ports A and B. The Oconee SER described the methods they used to verify that Aggregator Port 1 provides one way outbound communications only. As a transmit only device, it does not listen to and is not affected by the communications protocol (or lack thereof) of the external device or system to which it is connected.
The ability of the Port Aggregator Tap to prevent inbound communications to the Tricon from its Port 1 will be verified at the Tricon V10 FAT and the SAT as previously stated in PG&E Letter DCL-12-083 dated September 11, 2012.
Updated PG&E Response 12112/2013:
The response to 01 #73, discusses Transmit Bus TxB2 data communication path from the ALS-102 Core Logic Board to the ALS MWS. Transmit Bus TxB1 transmits data from the ALS-102 CLB to the Gateway Computer.
Both TxB1 and TxB2 are EIA-422 communication links in which Receive capability is physically disabled by hardware as described in the ALS-1 02 Design Specification, 6002-102002. The receiver is configured such that the transmit data is looped back for channel integrity testing. The ALS-102 is physically and electrically incapable of receiving information from outside the ALS-102 via the Transmit Busses TxB1 and TxB2. Therefore, messages are not disregarded or rejected by the ALS-1 02. This is better
~-
than a "broken wire." The wire just isn't there, and there is no place to
December 17,2012 DCPP PPS Open Item Summary Table Page 34 of 49 C-No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments I (Date Sent) Response (Due Date) I I
connect a wire if someone wanted to do so.
Updated WEC Response 12/17/2013:
I The 1E/non-1 E data communication is described in the ALS Topical Report, Sections 2.2.1.3 and 5.3.2; and in 6116-00054, "Diablo Canyon PPS ISG04 Matrix", Position 2. The electrical isolation qualification of the 1E/non-1 E data communication is not part of the ALS Platform review project, and will I be qualified with an isolation fault test that will be conducted 1st quarter 2013 per IEEE Std 384-1992, "IEEE Standard Criteria for Independence of Class 1E Equipment and Circuits" and Regulatory Guide 1.75, "Criteria for Independence of Electrical Safety Systems." A supplemental test report will be issued 2nd quarter 2013.
69 WEK Please provide a detailed explanation of the application programs contained Open 11-28-12 update:
within the Tricon and ALS MWS computers; including how they will be used Additional to supports or enhances the performance of the PPS safety function ! clarification was enhanGe the performance of the PPS safety systems, provide required provided, so the maintenance, surveillance, etc. Or, please indicate where this information is question was explained within the LAR and supporting documents. rephrased.
PG&E Response December 17,2012:
The ALS MWS will utilize Microsoft Windows ' based Westinghouse/CSI ALS Service Unit (ASU) software that is described in the ALS Topical Report Section 2.6.3. The DCPP PPS Replacement MWS will be mounted permanently in the PPS rack containing the PPS in a manner similar to ALS Topical Report Figure 2-25; however, interactive Test ALS Bus (TAB) communications will be enabled only when the TAB is physically connected to the ALS MWS by qualified personnel under administrative controls such LJ r
that the TAB is enabled only on one ALS "An or "B" subsystem at a time.
The ability to use the TAB to communicate with the ALS is essential to maintain the ALS safety function. The ASU communicates with the ALS via the TAB only when required to calibrate the ALS, normalize RCS flow coefficients, perform surveillances in accordance with Technical
December 17,2012 DCPP PPS Open Item Summary Table Page 35 of 49 No I Src/RI Issue Description I P&GE response: I Status RAI No. RAI Comments I (Date Sent) Response (Due Date)
Specifications, as well as to troubleshoot and otherwise maintain the ALS.
TAB communications are disabled at all other times by physically disconnecting the TAB from the MWS. The diverse ALS subsystem whose TAB has not been enabled will continue to perform its safety function without impact. TAB communications are described in ALS Topical Report Section 5.2.
The ALS MWS will also display parameters transmitted to it online by the one-way TxB2 transmit bus described in ALS Topical Report Section 2.2.1.3. Interdivisional communications between the MWS and the ALS are described in ALS Topical Report section 5.3.
The Tricon MWS will implement five Microsoft Windows ' -based application programs: (1) Invensys WonderWare' InTouch' PPS application; (2) TriLogger; (3) Tricon Diagnostic Monitor; (4) Triconex Dynamic Data Exchange (DOE) Server; and (5) T riStation 1131 (TS 1131 )
Developers Workbench Version 4.9.0.
- 1. WonderWare' InTouch'PPS Application The WonderWare InTouch application provides online display of selected PPS internal parameters and trouble alarm details. The WonderWare InTouch application also is used for maintenance of individual PPS instrument channels in conjunction with the hardwired OOS switches that have been discussed in the response to other Open Items. The MWS WonderWare InTouch application will be the tool normally used to determine the specific cause of an alarm. The Main Annunciator System only displays system level alarms. The MWS InTouch application contains an alarm monitor, which is a troubleshooting aid that provides a detailed, specific display of the alarms generated by the Tricon PPS application.
- 2. Triconex TriLogger The TriLogger software provides the ability to record, display, play back and analyze data from the Tricon system. Data can be viewed in real-time on the -MWS. The TriLogger is designed to provide real-time data__trending and l
-_... ..... ~- .. -- - --
... ..... ... ~- ..... - ..... -- -- -- -- -- - - -- - - - -- - --.-- -
... ..... - - ... -- - - L .
December 17,2012 DCPP PPS Open Item Summary Table* Page 36 of 49 r No SrclR/ Issue Description P&GE response: Status RAI No. RA/ Comments (Date Sent) Response (Due Date) I analysis capabilities and can be configured to trigger on specific events to log detailed data to aid technicians in isolating, diagnosing, and
! troubleshooting problems. The TriLogger may not identify transient events that occur while it is off-line.
- 3. Tricon Diagnostic Monitor Utility The Tricon Diagnostic Monitor utility displays Tricon system and module status by mimicking the actual Tricon chassis and slots, so that the user can find the exact location (chassis number and slot number) of a module that may be experiencing a fault or other problem. The Tricon Diagnostic Monitor Utility improves reliability by aiding rapid troubleshooting and fault location at the Tricon system level.
- 4. Triconex Dynamic Data Exchange (DOE) Server Triconex DOE Server utility enables the DOE-compliant WonderWare Intouch client to request data from the Tricon and, when allowed during maintenance of PPS instrument channels in conjunction with the hardwired OOS switches, to change data (e.g., setpoints and tunable parameters) in I the Tricon application program.
- 5. TriStation 1131 (TS1131) Developers Workbench TriStation 1131 is a PC-based application development workstation that provides a comprehensive set of development, test, monitor, validation and diagnostic tools for Tricon Programmable Logic Controllers (PLC). The TS 1131 program is utilized to maintain the PPS application program and I may also be used for monitoring and troubleshooting purposes. The TS1131 program is described in the Tricon V10 SER Section 3.1.3.2.
The TS1131 tool will be installed on the MWS. However, the TS1131 tool will not normally be running while the Tricon is performing its safety function L
[Tricon V10 SER Section 3.10.2.9]. If the TS1131 workstation is connected during online safety operation for maintenance or troubleshooting purposes, its use will be controlled via administrative controls and qualified
December 17, 2012 DCPP PPS Open Item Summary Table Page 37 of 49 No SrC/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response maintenance personnel.
(Due Date) I Access to the operating Tricon is governed by the controller keyswitch.
With the keyswitch in the RUN position, use of the TS1131 program is limited to read only access to the Tricon. Parameters may be examined, I
and application program logic operation may be observed in real time, but changes are not permitted. The TS1131 program can only write to the Tricon when the controller keyswitch is in the PROGRAM position. With the I keyswitch not in RUN, the PPS application will initiate an alarm on the Main I Annunciator system and the affected PPS set will be declared inoperable with respect to its safety function.
Regardless of whether the keyswitch has been deliberately manipulated or whether the condition is the result of Tricon hardware or software failure, the Tricon diagnostics will detect a "keyswitch not in RUN" condition and the !
PPS application program will initiate a PPS Trouble alarm on the Main Annunciator System. When the "keyswitch not in RUN" condition exists, the affected Tricon is considered to be INOPERABLE with respect to its safety function. A Technical Specification LCO would be entered upon operator determination that the PPS trouble alarm was caused by the "keyswitch not in RUN" condition.
The condition could be active in multiple Tricon protection sets because it I I could occur as a result of common cause software failure. Even in the condition with multiple "keyswitch not in RUN" conditions, negative impact of the condition in multiple protection sets is limited because on-line r maintenance will normally be performed in one protection set at a time, and each Tricon protection set has its own dedicated, independent MWS. It is not possible for a single MWS to be connected to other than its own Tricon.
Therefore, only one Tricon protection set at a time would be configured physically to allow software changes. Given the PPS trouble alarms that would be active in all affected protection sets. it is highly unlikely that unintended changes could occur.
.. ... - ... - --~
~ ... --.-- .. ~ ... - .... ~ .... -- .. -- .. ~ .. ~ ... - .. --~---- .. - - - -- -- - - _ __ __
... .... ... .. .. ... .... .... .. ... - - - - .... --.--.--- -_.. -_... - - _ ... - ... --.--..-- L ... _ _ _ _ _. _
December 17,2012 DCPP PPS Open Item Summary Table Page 38 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
I If a PPS Trouble alarm were to occur on the Main Annunciator System due to the "keyswitch not in RUN" condition, regardless of the cause, the operator would notify DCPP Maintenance. In the absence of the detailed alarm monitoring provided by an on-line MWS, the maintenance technicians would be required to obtain work orders, gain access to the affected protection set, connect and boot the MWS, and only then could begin to determine the cause of the alarm. The alarm information would not be available if the alarm were due to a transient condition that cleared between the time the condition initiated and when the MWS was operational.
Diagnosis of the condition could be delayed for several hours. With the on line MWS and the alarm monitor function, the condition - whether caused by intentional manipulation of the Tricon controller keyswitch or by a hardware or software failure involving the keyswitch- would be identified immediately.
As with the ALS, the on-line Tricon MWS is essential to performing required maintenance of the Tricon, including surveillance testing per the Technical Specifications and is equivalent to the existing, approved Eagle 21 Test in Bypass capability. The MWS is required to bypass channels for testing.
Removing a Tricon from service during such routine maintenance would require tripping all the channels in that protection set, which would make up one channel in the coincidence logic for all channels in the protection set.
This condition increases the risk of challenging plant safety systems should another channel trip inadvertently with the protection set out of service.
Without the data links from the Tricon and ALS to the MWS (which makes data available to the Plant Process Computer/Plant Data Network) only the control board indicators and recorders will be available to provide a "window" on the PPS. The Tricon will continue to perform its safety function. System trouble alarms will still be generated by the PPS on the Main Annunciator System, but without the alarm monitor and other data display capabilities provided by the MWS, there is no direct means to determine the specific cause of the alarm. The network switch between the
...... ~ ...... ...... ...
December 17,2012 DCPP PPS Open Item Summary Table Page 39 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response r
(Due I
Port Aggregator tap and the MWS ensures continued Tricon data Date) I transmission on loss of the Tricon MWS. The network switches are redundant to ensure continued data transfer from the Tricon to the MWS on I II failure of a single Tricon network link.
Conclusion:
IThe non-safety communications between the PPS controllers and their respective, dedicated MWS units enhance and support the PPS safety function through improving maintainability and thus reliability, and enabling on-line surveillance testing, calibration, and maintenance. Risk of challenging plant safety systems is reduced through the ability to test in bypass rather than requiring test in trip. Further, the MWS units provide essential support for surveillance testing and maintenance functions.
Without the online non-safety communications capability, neither Tricon nor ALS real-time data and status information will be available on the Plant I Process Computer or in the Control Room on other than dedicated control board indicators and recorders. Lack of access to real-time, continuous, on line PPS status data and diagnostic information introduces delay into PPS trouble identification and resolution, and substantially degrades the maintenance effectiveness and timeliness enabled by the diagnostic features built into the platform s and the application programs. The ability to make online use of the information provided by redundant, real-time data communications to the MWS and to the plant process computer improves PPS reliability and thus supports and enhances safety by providing timely diagnostic information and status details that assist performance of required I
trouble-shooting, maintenance, and surveillance activities.
I 70 ! WEK KVM Switch Question 1: Open 11-28-12 update:
,__ L Response Okay.
If the Enumerated USB switching function is used, will you be able to Leave open until use the Keyboard hotkeys and mouse buttons to perform switching? the KVM Switch
-~-- -
December 17,2012 DCPP PPS Open Item Summary Table Page 40 of 49 F SrclRI Issue Description P&GE response: Status RAI No.
(Date Sent)
Response
(Due Date)
Comments The brochure seems to indicate on page 3 that the Enumeration information is switching process will not enable control switching using the USB provided within the LAR revision.
keyboard or mouse. However, it further says that Emulation USB switching was developed to support these enhanced monitor switching functions/devices (keyboard hotkeys or mouse buttons) ....
Albeit, other USB devices (e.g., printer) do not need to use the Emulated USB switching function. Could you please clarify this point.
PG&E Response:
The USB1 and USB2 ports, which use enumerated switching, pass data straight through the KVM switch without interpretation. Therefore, you cannot connect a keyboard to USB1 or USB2 and use the hotkeys to perform switching, and USB1 and USB2 traffic cannot cause an inadvertent switch. The block diagram shows the output of the emulated portion of the switch and the enumerated portion going to a USB hub before being sent to the computer. The keyboard and mouse will use the emulated switching function, not the enumerated switching function; only the keyboard and mouse can control the switch.
71 WEK KVM Switch Question 2: Open 11-28-12 update:
ALS ISG-04 Will the KVM switch will be on-line 24-7 monitoring data from either compliance was the Tricon or the ALS platform? If so, what can we say about the submitted, and failure modes of the KVA switch? Can it fail in such a manner so as Westinghouse to inject faults into the MWS computers, and hence into the Tricon or thinks that this will
. ALS safety system processors? If not, why? If so, what can be done answer this to circumvent this problem, and show conformance with ISG-04, question.
Points 10 & 11? We will need to cover this matter in the SER. PG&E needs to respond to 10-17 10-17-12 Update: Response below did not answer the question 12 update in the regarding failure modes of the KVM switch ... agree that it is Okay to description j lose the Tricon but I do not see how the ALS is protected due to its
December 17, 2012 DCPP PPS Open Item Summary Table Page 41 of 49 No [ SrclRI Issue Description P&GE response: Status RAI No.
(Date Sent)
Response
I Comments I (Due Date)
"inherent 1-way communications" design. Please explain this further. section.
Leave open until the KVM Switch PG&E Response: information is provided within The KVM switch will be on-line 24-7 for monitoring data from either the the LAR revision.
Tricon or ALS platform via the respective MWS computers. There is additional isolation because the ALS communicates strictly one way to its 10-17-12 Update:
MWS except when TAB communications are enabled by connecting the Note: "IRS" is the TAB cable. Connection of the TAB is performed as directed by trained technician using an approved procedure Therefore, if the KVM switch failed Interface in some way to connect the two MWS together, the ALS would not be Requirements affected. The Tricon might be affected, but the D3 analysis allows the Specification Tricon to fail due to CCF. (Attachment 8 of the LAR).
The following paragraphs have been added to the IRS Section 2.3.7:
b, The KVM switch shall permit only connections between a single computer and the selected video display and HMI interface devices.
Connection between the computers shall not be permitted.
- g. The AV4PRO-VGA KVM switch shall utilize the default switching mode, in which the video display, keyboard and mouse and the enumerated USB ports are all switched simultaneously.
Paragraph g was necessary to prevent the enumerated ports from being switched separately from the KVM.
Added PG&E Response 12116/2012:
During normal, non-maintenance operation, the ALS communicates one-way to its dedicated MWS computer via Transmit Bus TxB2 as discussed in the response to 01 #73. Inter-divisional safety to non-safety communications are addressed in ALS Topical Report Section 5.2.3. The TxB2 data communication paths from the ALS-102 Core Logic Board to the
December 17, 2012 DCPP PPS Open Item Summary Table Page 42 of 49
,0 SrclRI Issue Description P&GE response: Status 'RAI No.
. (Date Sent)
Response
(Due Comments Date) I ALS MWS computer is a EIA-422 communication link in which Receive I capability is physically disabled by hardware as described in 6002-102002, the ALS-1 02 Design Specification. The receiver is configured such that the I
transmit data is looped back for channel integrity testing. The ALS-1 02 is physically and electrically incapable of receiving information from outside the ALS-102. Therefore, the ALS cannot be affected by a malfunction in the dedicated, MWS computer associated with an ALS protection set regardless I of whether the malfunction is caused by KVM switch malfunction or by malfunction of the MWS computer itself.
I I
I WEC Response 12/17/2012:
The 1E/non-1 E data communication is described in the ALS Topical Report, Sections 2.2.1.3 and 5.3.2; and in 6116-00054, "Diablo Canyon PPS ISG04 Matrix", Position 2. The electrical isolation qualification of the 1E/non-1 E data communication is not part of the ALS Platform review project, and will be qualified with an isolation fault test that will be conducted 1st quarter 2013 per IEEE Std 384-1992, "IEEE Standard Criteria for Independence of Class 1E Equipment and Circuits" and Regulatory Guide 1.75, "Criteria for Independence of Electrical Safety Systems." A supplemental test report will be issued 2nd quarter 2013.
n WEK KVM Switch Question 3: Open 11-28-12 update:
PG&E needs to Also, you will likely need to address how you will disable the features respond to 10-17 you are not using such as the audio interface, unused USB ports, 12 update in the remote control/channel switching by external control from and SDOE description perspective-and probably a cyber security perspective later on (after section.
SER). Leave open until 10-17-12 Update: The methods used to block Ports in the KVM the KVM Switch Switch must be addressed in the LAR revision. Block all unused information is Ports and keep any that may need to be reopened under design or provided within the configuration control. LAR revision.
December 17,2012 DCPP PPS Open Item Summary Table Page 43 of 49
!No SrclRI Issue Description P&GE response: Status RAI No.
(Date Sent)
Response
Comments I (Due I Date)
Again, we need a detailed explanation of how this 1-way design feature will prevent the KVM switch failures from affecting the ALS system.
PG&E Response:
Specific answers to these questions depend on the detailed design. Ports can be physically blocked, which might be appropriate for unused computer ports and the audio ports. It might not be appropriate for the unused USB port (which may be needed for a future printer) and the options port (which may be needed for firmware updates). Remote control switching or firmware update requires a custom serial cable. The firmware update requires specialized software on the computer being used to perform the update. Firmware update will be done by procedure. The MWS will be inside a locked cabinet inside a vital area inside the protected area.
Inadvertent actions, while not impossible, will not be easy. If the switch is somehow manipulated, the ALS will not be affected even if the KVM switch fails because the ALS communicates only one-way with the MWS except for short periods when the TAB is enabled.
Revised PG&E Response 12/16/2012:
PG&E will physically block the audio port, USB Port 2 and unused computer ports. Physical blocks will be verified at SAT and controlled thereafter by the SCMP. PG&E considers that opening any of the unused ports for use after the SAT is a modification of the physical plant configuration that will require an engineering design change.
73 WEK KVM Switch Question 4: Open 11-28-2012 update:
If the KVM switch does fail in some manner allowing data flows PG&E needs to between the two platforms, then the ALS system would not be respond to 11-28 affected because the ALS platform will only transmit data in one 12 ul2date in the direction to its MWS (with the TAB cable disconnected of course). description This is good, however, the LAR (or attachments) need to explain how section. PG&E
~.
the engineering design principals of the ALS platform physically
December 17, 2012 DCPP PPS Open Item Summary Table Page 44 of 49 No I Sric/RI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) prevent bad/erroneous data from corrupting the ALS platform. In needs to respond other words, explain how these messages emanating from the MWS to 10-17-12 (regardless of origin) will be disregarded/rejected by the ALS platform update in the thus allowing only one direction of data flow. description section.
10-17-12 Update: 10-17-12 Update:
The ALS-1 02 Design Specification document 6002-10202 has not yet there is a typo in section 2.4.13.5 on been submitted to the NRC. When will it be submitted?? Will this page 90 of the EIA-422 (or is it RS-422 per Fig. 4-13 in the LAR) communication link LAR. The first (twisted pair copper wire) also serve as the 1Elnon 1E isolation paragraph devices as required by IEEE 603, Clause 5.6.3 and IEEE 7-4.3.2, references ALS Clause 5.6?? Please clarify. doc. 6002-61202 (typo) as the 11-28-2012 Update: document that Still need more information re:1E1non-1 E isolation of the ALS-102 explains how the board. EIA-422 communication I channels on the IPG&E Response: ALS-102 are electrica"y isolated Revised PG&E Response 12/16/2012: and inherently 1 The design of the TxB1 and TxB2 data communication paths from the ALS- way 102 Core Logic Board and the Gateway Computer and MWS, respectively, communications are EIA-422 communication links in which Receive capability is physically capability only.
disabled by hardware as described in 6002-102002, the ALS-102 Design The document Specification. The receiver is configured such that the transmit data is 6002-10202, in looped back for channel integrity testing. The ALS-1 02 is physically and reference 94 is the electrica"y incapable of receiving information from outside the ALS-1 02. correct document.
Therefore, messages are not disregarded or rejected by the ALS-102. This is better than a "broken wire." The wire just isn't there, and there is no place to connect a wire if someone wanted to do so.
Updated PG&E Response 12116/2012:
Per the 10/17/2012 update, NRC is correct regarding the typographical error
_ in Section 2.4.13.5 on page 90 of the LAR. The correct ALS-1 02 Design_1- _l- -_ ..... __ ..... -
December 17,2012 DCPP PPS Open Item Summary Table Page 45 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) 1---.-
Specification. document number per LAR Reference 94 is 6002-10202.
Per the 11/28/2012 update, RS-422 is the common short form title of American National Standards Institute (ANSI) standard ANSIITIAIEIA-422-B Electrical Characteristics of Balanced Voltage Differential Interface Circuits.
This technical standard specifies the electrical characteristics of the balanced voltage digital interface circuit. For the purposes of the LAR, the two designations are equivalent and may be used interchangeably.
Westinghouse to address ALS-1 02 board 1E/non-1 E electrical isolation.
74 WEK KVM Switch Question 5: Open 11-28-12 update:
Leave open until Please explain in detail how "Connection between the computers the KVM Switch shall not be permitted." Will this be handled via a configuration information is control process, administrative controls, or a physical means of provided within the preventing connection between computers? LAR revision.
10-17-12 Update:
Response is Okay, PG&E Response:
but the LAR revision will need to This section was intended to be a functional requirement for the KVM expand further on switch. Administrative and configuration controls will prevent inadvertent loading of an EPROM image that could corrupt operation of the KVM this matter to explain how these switch. If the KVM switch fails and connects the ALS and Tricon MWS controls will provide together, the above-described physical and electrical restrictions of the KVM this protection.
switch will prevent the ALS from being corrupted by its MWS computer.
75 RJSI ALS Security Plan Document 6002-00006 references the CS Innovations Open Note: RJS - We NSIR Cyber security plan document (Reference 7) which is not docketed. Without need to resolve if having access to this referenced document, the staff is unable to confirm document needs to
December 17, 2012 -----
DCPP PPS Open Item Summary Table ----------
Page 46 of 49 No I SrclRI I Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date) im )Iementation of the system security requirements. We need to discuss if be docketed now th ; document can be made available on the share point or if it can be made that we have av Iilable during the audit. reviewed it during audit.
In iddition CS-00013-GEN, Development Environment Evaluation Report-CS Innovations Isolated Development Infrastructure might be another do ~ument of interest to the staff. It seems that this document would pr, vide evidence that the actual development environment was in fact se ;ure. This document was not docketed.
PG&E Response: Westinghouse can make available during the audit both CS I document 9000-00360, "CS Innovations Cyber Security Plan" and W IA-CS-00013-GEN, "Development Environment Evaluation Report - CS In ovations Isolated Development Infrastructure."
76 I WEK I Th ~ documents listed below are necessary for the staff to complete its Closed NewRAI Invensys Audit Item as iessment of the Tricon V10 platform changes/software revisions 11-28-112 update:
th t have occurred since the platform was approved generically, and Response w' be applied to the DCPP PPS. Acceptable. We will also need this
- 1. ~eference Design Change Analysis (RDCA), 993754-1-916 information submitted on the
~uclear Qualified Equipment List (NQEL), 9100150-001, I docket.
~ev 16 Rev 11: Tricon V10.5.2 Invensys Audit Item Rev 13: TriStation V4.9.0 Note: rjs - Bill is Rev 14: Tricon V10.5.3 asking for all of these documents to iricon NGIO Software SRS, 6200155-001 be docketed and iricon V10.5 Verification and Validation Report (19 Sept, 2012) PG&E has only committed to
December 17,2012 DCPP PPS Open Item Summary Table Page 47 of 49 No I src/Rillssue Description P&GE response: Status RA/ No. RA/ Comments (Date Sent) Response (Due Date)
V10.5.2 Documents putting them on the sharepoint. We need to resolve a) PDR (lRTX) 21105 this!
b) Technical Advisory Bulletin (TAB) 183 c) Engineering Project Plan (EPP) Tricon V1 0.5.2, 9100346-001 d) V10.5.2 V&V Test Report e) Software Release Definition (SRD), V10.5.2, 6200003-226 V10.5.3 Documents a) PDR (IRTX) 22481 b) Product Alert Notice (PAN) 25 c) Engineering Project Plan (EPP) Tricon V10.5.3, 9100428-001 d) Tricon PAN 25 Master Test Report e) Software Release Definition (SRD), V10.5.3, 6200003-230 f) NGDO SRS 6200170-001 Tristation V4.9.0 documents a) Product Alert Notice (PAN) 22 b) Product Alert Notice (PAN) 24 c) Technical Advisory Bulletin (TAB) 147 d) Engineering Project Plan (EPP) Tristation V4.9, 9100359-001 e) Tristation V4.9.0 Master Test Report f) Software Release Def. (SRD), Tristation V4.9.0, 6200097-038 g) Spec. Software Design - Tristation 1131 SDS, 6002168-002 (Section Applicable to V4.9.0 Change) h) TriStation 1131 V4.9 V&V Plan, 9600442-002 i) TriStation 1131 V&V Summary Report (26 Oct. 2012) -
December 17,2012 DCPP PPS Open Item Summary Table Page 48 of 49 No SrciR/ Issue Description P&GE response: Status RA/ No. RA/ Comments (Date Sent) Response (Due Date) r-~~~~
PG&E Response: Invensys will place the requested documents on the Invensys SharePoint by December 3,2012, for access by the NRC. The documents will be marked in accordance with 10 CFR 2.390 prior to placing them on the SharePoint.
77 RJS The staff requests that the Purchase Order Compliance Matrices (Multiple Invensys Audit Item Documents) be placed on the SharePoint site to support verification of requirements traceability determinations. RJS -I do not believe that the PG&E Response: Invensys will place the requested documents on the POCM's will need Invensys SharePoint by December 7,2012, for access by the NRC. The to be docketed.
documents will be marked in accordance with 10 CFR 2.390 prior to placing them on the SharePoint.
78 RA The staff requests that the Invensys Project Procedures Manual and Project Instructions (Multiple Documents) be placed on the SharePoint site to support review of Invensys process to design, develop and test the Tricon
!;ystem.
PG&E Response: Invensys will place the requested documents on the Invensys SharePoint by December 14,2012, for access by the NRC. The documents will be marked in accordance with 10 CFR 2.390 prior to placing them on the SharePoint.
79 RA Invensys to confirm that the following terms are not used, and that they will be removed from their plans and replaced with the correct terms.
- Test Review Board
- Test Case Incident Report
- Master Configuration Checklist
- Configurationpatabase PG&E Response: The following Invensys documents will be revised to reflect correct terminology and placed on the Invensys SharePoint by December 21, 2012:
- 1) 993754-1-905, Project Management Plan
- 2) 993754-1-906, Software Development Plan
~)9~3754.-1 ..~99, Software Configuration Management Plan -------
December 17, 2012 DCPP PPS Open Item Summary Table Page 49 of 49 No SrclRI Issue Description P&GE response: Status RAI No. RAI Comments (Date Sent) Response (Due Date)
- 4) 993754-1-813, Validation Test Plan The revised documents will be marked in accordance with 10 CFR 2.390 prior to placing them on the SharePoint.
80 RA Invensys to revise its plans to reflect the current project organization.
PG&E Response: The Invensys Project Management Plan (PMP), 993754 1-905, will be revised to reflect the current project organization and placed on the Invensys SharePoint by December 21,2012. The revised PMP will be marked in accordance with 10 CFR 2.390.
Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 7)
Step Planned Task Actual I Date Date 1 Oct. PG&E LAR Submittal for NRC approval. Submittal includes all Oct. 26, 26,2011 Phase 1 documents needed to be docketed prior to acceptance for 2011 review per ISG-06, "Digital Licensing."
I 2 Jan. 12, Acceptance Review complete. LAR accepted for detailed technical Jan. 12, 2012 review. Several issues identified that could present challenges for 2012 the staff to complete its review. Scheduled public meeting with I
- PG&E to discuss the results of the acceptance review.
3 Jan. 13, I Acceptance letter sent to licensee. Jan. 13, 2012 I 2012 4 Jan. 18, i Conduct Public Meeting to discuss staffs findings during the LAR Jan. 18, I 2012 acceptance review. Staff proceeds with LAR technical review. 2012 5 March 18, PG&E provides information requested in acceptance letter. Initiate April 2, I 2012 bi-weekly telecoms with PG&E and its contractors to discuss 2012 potential RAI issues. Open Items spreadsheet will be maintained b~ NRC to document staff issues and !2Ianned licensee responses.
6 May 30, PG&E provides partial set of Phase 2 documentation per June 6, 2012 commitments made in LAR. 2012*
- PG&E provided a subset of the Phase 2 documents on June 6th and committed to send the rest by July 31, 2012.
7 July First RAI sent to PG&E on Phase 1 documentation (e.g., August 07, 2012 specifications, plans, and equipment qualification). Continue 2012 review of the application. Request 45 day response.
I (ML12208A3641 8
! June SER for Tricon V10 Platform issued final. This platform becomes a May 15, I 2012 Tier 1 review of the LAR. (ML12146A010) 8.1 II March 2013 SER for Westinghouse ALS Platform issued final. This platform 2012
,I i
- becomes a Tier 1 review of the LAR.
I 9 I September I Receive answers to first RAI. (ML12256A308) Sept. 11, I
2012 I 2012 10 November Audit trip to Invensys facility for thread audit; audit the life cycle Nov. 13 2012 planning documents and outputs, with particular emphases on 16, 2012 verification and validation, configuration management, quality Assurance, software safety, the Invensys application software
- development procedures, and application software program deSign. I 11 December Audit report provided to PG&E and its contractor.
2012 I I 11.1 TBD LAR rev~sion and all s~pporting docume.ntation .associated with the I I
, change In ALS and Tncon V10 workstation deSigns for the PPS
- are submitted.
11.2 TBD Follow-up audit trip to Invensys facility for thread audit; audit the life cycle planning documents and outputs, with particular emphases on verification and validation, configuration management, quality assurance, software safety, the Invensys application software development procedures, and application
- software ro ram desi n.
Enclosure 3 Page 1 of 3
Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 7) 11.3 February Audit trip to Westinghouse/CSI facility for thread audit; audit the life 2012 cycle planning documents and outputs, with particular emphases I
on verification and validation, configuration management, quality Assurance, software safety, the W/ALS application software development procedures, and PPS ALS application software I program design .
12 March 2013 PG&E provides remaining set of Phase 2 documentation per commitments made in LAR.
12.1 March 2013 All Documentation for DCPP W/CSI ALS and IOMlTriconex V1 0 processors applicable to the DCPP PPS LAR are submitted.
13 April 2013 Second RAI to PG&E on Phase 2 documentation (e.g., FEMA, safety analysis, RTM, EQ Tests results, setpoint calcs, SW Tool analysis reports, and any incomplete or un-satisfactory response to i first RAI. Continue review - hardware and program design and V&Vactivities 14 May Receive answers to second RAI.
2013 Continue review - V&V program, security requirements (RG 1.152, Rev.2) 15 March Audit trip to W/ALS facilities for additional thread audit items; audit 2013 hardware and software installation plans, configuration management reports, detailed system and hardware design, completed test procedures, V&V activities, summary test results (including FAT) and incident reports, and application code listings.
15.1 April Audit trip to Invensys facilities for additional thread audit items; 2013 audit hardware and software installation plans, configuration i
management reports, detailed system and hardware design, completed test procedures, V&V activities, summary test results (including FAT) and incident reports, and application code listings.
~ +a{;) jA.wsi~ tFiJil i8 QG~~ hil8~ J8liliti88 feli il~sitieFled U'lFesilI swsit i~8Fl'l8; swillit RSFS"'"SF8 sFlill 88ft¥ISF8 iR8tsIIsti8Fl ji)lsR8, EU)Flfi!iJwFsli8R I Fl'lSFlS!iJeFl'l8Flt FeJil8RS, setsiles sY8teFl'l SRilI RSFS'l:'SFe ilI88i!iJFl, 88Fl'lJilletes test ji)F88eSWFe8, v,&lJ. Slti¥ities, 8WFl'lFl'lSFY test Fe8wlts
,; i,..,., t: J\ T\ ...",,..,( . .............,..,(,.. I, I , ....."',..,(
16 May Audit reports provided to PG&E and its contractors.
I 2013 I
17 i November Presentation to ACRS Subcommittee/Full ACRS Committee on 2013 DCPP PPS LAR Safety Evaluation.
18 November Complete draft technical SER for management review and 2013 approval.
19 December I Issue completed draft technical SER to DORL 2013 20 December
- Draft SER sent it to PG&E, Invensys, and W/CSI to perform 2013 technical review and ensure no proprietary information was i
included.
I 21 January Receive comments from PG&E and its contractors on draft SER 2014 proprietary review.
22 -March Approved License Amendment issued to PG&E 2014 Page 2 of 3
Project Plan for Diablo Canyon Replacement of Digital RPS and ESFAS (PPS) - LAR Review (Rev. 7) 23 -September Inspection trip to DCPP for PPS Site Acceptance Testing (SAT),
I 2014 training and other preparation for installing the new system. To be (tentative) coordinated with regional visit. Date based on receipt of new PPS system at the site in preparation for September 2015 Unit 1
- Refueling Outage (1 R19).
I 24 -September Inspection trip to DCPP for PPS installation tests, training and 2015 other system installation activities for the new system. To be coordinated with regional visit. Date based on September 2015 Unit 1 Refueling Outage (1R19).
Page 3 of 3
- 3 Please direct any inquiries to me at 301-415-1132 or at Joseph.Sebrosky@nrc.gov.
IRA!
Joseph M. Sebrosky, Senior Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323
Enclosures:
- 1. List of Attendees
- 2. Staff Identified Issues That are Open
- 3. Project Plan cc w/encls: Distribution via Listserv DISTRIBUTION:
PUBLIC WKemper, NRRlDE/EICB LPLIV Reading RStattel, NRR/DE/EICB RidsAcrsAcnw_MailCTR Resource RAlvarado, NRRIDE/EICB RidsNrrDeEicb Resource WMaier, RIV RidsNrrDorl Resource SMakor, RIV/DRS/EB2 RidsNrrDorlLpl4 Resource SAchen, RIV/DRS/EB2 RidsNrrDraApla Resource ELee, NSIR/DSP/CSIRB RidsNrrDssStsb Resource DParsons, NSIR/DSP/CSIRB RidsNrrLAJBurkhardt Resource GSimonds, NSIRIDSP/CSIRB RidsNrrPMDiabloCanyon Resource THarris, NSIR/DSP/FCTSB RidsNsirDsp Resource MShinn, NRC/CSO RidsOgcRp Resource CNickell, NRR/DLR/RAPB RidsRgn4MailCenter Resource MSnodderly, NRRlDRAIAPLA CSantos, EDO RIV KBucholtz, NRR/DSS/STSB TWertz, NRR ADAMS Accession Nos. Meeting Notice ML12338A093 , Meetmg S ummary ML12361A360 OFFICE NRR/DORULPL4/PM NRR/DORULPL4/LA NRRIDE/EICB NRR/DORULPL4/BC NRR/DORULPL4/PM NAME JSebrosky .IBurkhardt RStattel MMarkley JSebrosky DATE 1/8/13 1/4/13 1/9/13 1110/13 1/10/13 OFFICIAL RECORD COpy