Summary of 9/19/12 Meeting with Pacific Gas and Electric Company to Discuss Digital Replacement of Process Protection System at Diablo Canyon Power Plant, Units 1 and 2 (TAC Nos. ME7522 and ME7523)

ML12284A445
Person / Time
Site:	Diablo Canyon
Issue date:	10/16/2012
From:	Joseph Sebrosky Plant Licensing Branch IV
To:
Sebrosky J M
References
TAC ME7522, TAC ME7523
Download: ML12284A445 (70)
v • d • e

Text

REGU{ UNITED STATES -i ro.,. NUCLEAR REGULATORY COMMISSION g WASHINGTON, D.C. 20555-0001 of 0 : October 16, 2012"> ****i' Pacific Gas and Electric Company Diablo Canyon Power Plant, Unit Nos. 1 and 2

SUMMARY

OF SEPTEMBER 19, 2012, TELECONFERENCE MEETING WITH PACIFIC GAS AND ELECTRIC COMPANY ON DIGITAL REPLACEMENT OF THE PROCESS PROTECTION SYSTEM PORTION OF THE REACTOR TRIP SYSTEM AND ENGINEERED SAFETY FEATURES ACTUATION SYSTEM AT DIABLO CANYON POWER PLANT (TAC NOS. ME7522 AND ME7523) On September 19, 2012, a Category 1 teleconference public meeting was held between the U.S. Nuclear Regulatory Commission (NRC) and representatives of Pacific Gas and Electric Company (PG&E, the licensee) at NRC Headquarters, One White Flint North, 11555 Rockville, Maryland.

The purpose of the teleconference meeting was to discuss the license amendment request (LAR) submitted by PG&E on October 26, 2011, for the Digital Replacement of the Process Protection System (PPS) Portion of the Reactor Trip System and Engineered Safety Features Actuation System at Diablo Canyon Power Plant, Unit Nos. 1 and 2 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML 113070457).

A list of attendees is provided in Enclosure

1. The teleconference meeting is one in a series of publicly noticed teleconference meetings to be held periodically to discuss issues associated with the NRC staff's LAR review. Preliminary issues that the NRC staff identified during the initial review, and the licensee's responses to these preliminary issues, were discussed during the teleconference meeting. The list of preliminary issues is provided in Enclosure

2. The NRC staff and licensee confirmed that the next meeting on this topic would be held on October 17, 2012. Highlights from the meeting include the following: The NRC staff and PG&E discussed the cyber security review and question 52 of Enclosure

2. It was agreed that the response to question 52 would not be amended by PG&E and any follow-up concerns related to this question would be addressed during an audit. The audit plan, which the staff will issue publicly prior to conducting the audit, will reflect issues that the staff would like to discuss in this area. The NRC staff indicated that it was in the process of finalizing the audit plan for an audit of Invensys Operations Management facilities in Lake Forest, California.

The staff and PG&E indicated that the audit was tentatively scheduled for the November 2012 time frame. If the audit is to include cyber security discussion pursuant the discussion above, the audit plan will reflect this expectation.

-The NRC staff and PG&E discussed the information found in Enclosure 3, associated with Eagle 21 Technical Specification (TS) applicability to the replacement PPS. The issue is whether or not a justification for the applicability of the Eagle 21 TSs needs to be developed for the replacement PPS. There was agreement that such a justification is needed and that it will be reviewed by the staff as part of its review of the LAR. The staff took an action to add a new open item to the open item tracking table to track the issue. The NRC staff and PG&E discussed several of PG&E's proposed responses found in Enclosure

2. Based on interactions during the meeting, PG&E took an action to modify some of the responses to address issues that the staff identified.

PG&E will provide the revised response to the staff prior to the next meeting. The revised responses and any new issues identified by the staff will be updated in the master open item tracking table and will be discussed at the next public meeting tentatively scheduled for October 17, 2012. Please direct any inquiries to me at 301-415-1132 or Docket Nos. 50-275 and 50-323

Enclosures:

1. List of attendees

2. Staff identified issues 3. Information related to Eagle 21 TS Applicability cc w/encls: Distribution via Listserv LIST OF SEPTEMBER 19, 2012, TELECONFERENCE MEETING PACIFIC GAS AND ELECTRIC COMPANY DIABLO CANYON POWER PLANT DIGITAL DOCKET NOS. 50-275 AND NAME Michael Richardson George Hough John Prehn John Hefler J. Rengepis J. Basso W. Odess-Gillet G. Andre Roman Shaffer Rich Stattel Bill Kemper Rossnyev Alvarado Shiattin Makor Darryl Parsons George Simonds Tim Harris Michael Shinn Joe Sebrosky Cimberly Nickell Michael Snodderly Kristy Bucholtz Gordon Clefton Ken Thompson ORGANIZATION Pacific Gas and Electric Pacific Gas and Electric Pacific Gas and Electric Altran Altran Westinghouse Westinghouse Westinghouse I nvensyslTriconex U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission U.S. Nuclear Regulatory Commission Nuclear Energy Institute Avila Valley Advisory Council Enclosure 1

001 b. September 18, 2012 DCPP PPS Open Item Summary No I SrcJRI rlssue Description I P&GE response:

I Status I RAI (Date Sent) *lISG..

Deterministic Nature of Canyon

'should identify tneboard and provide analysis associated with digital response time

..... THis analysis should be of sufficient detail to the NRC staff tcjdeterminethat the logic-cycle; has been implemented,inconformance with the A4STopical Repo.rt design basis, is deterministic,and

.. .... .. . .. .... . the response plant safety

• errors that haye been As stated in response:{irne,performance wilt be .submitted as a.Phase2 document.

Please ensureJHis.matteris addressed accordingly. . P&GE response:

AlS ptablo,Canyon PPS

..00011 ... AlS$ysternC>Elsign Specification", .theAlS board and pr()viges an analysis .performJPce.

a. . .. The Diablo Canyon RP5 ALS system with the ofthe AlSplatform topical report, b, . The analysis in*.. OiaoJOeanypnPPS docu rn ent6t16..Q0011 , "ALS Design Specmcation".sedion 7,describe$a is detefministic;

.. ...........

.....*..*....... . .. ..* . ... .... .. .. ../ ..... . ... .. . c, ..

toconctitioned is secondsin..

.. 10ofthe "Diablo 1

{FRS)",

ofJtl:e LAR.

Plant llnits 1 & Proqess . Requirements Revisic)fl 8 oftheLAR, theOA09 secondsPPSprocessing.instrumentation respOnse I RAI Response Comments (Due Date) :""Staff on this is eQlTsCt

• 2012.*SfaffwiU

... .

turtherif needed at terecom,.*

Resp()nse waiting ..

the V10 TricOn'PPS arcnitei;t"e by April 16, 2fl1a. Enclosure 2 Page 1 of 64 September 18, 2012 DCPP PPS Open Item Summary Table No I SrclRI I Issue Description P&GE response:

I Status I RAI No.

the ALS and Jrioon. as follows:

processing ***

PPS processing instrgmentation value.is the Same as allocated to PPSprC>CeSSinsinstrumentation.

As PPS value is not the plant safElW FSAR Table IqreaT

"'n *.*.*

Low RT, andlO\lliLowSG second for Low'reactorcoOlant flowRT runction,25 J)Tf3ssurizer pressure, Highconlainment pressure,and*lpw Injection for Low lowgGwater initiation,

..

HjghHighcontaiflment flressure High High.contsinmentpressufestearntine wate"level

.. .isotation

• ..*andB line pressure steam lin&isolation. .

the FAT and the summary repmttobesubmitted by 12131/12.

Tricon . .'

on NRC. y'o-11..Q01, '201:*1. .of"tne V1Cflriconsafew evatU,tion ,

1, Maximum

..th6V10Iriconaualification 9600164-731

..'..i.*.*. **

time V10 . *ti,...resf:><lnse.f8ftUlationf"r the Irfea n F'PS

...... > Is.*su,bmiJteq on

fhe.

.

to the

...rt,of oftheV10Tricoh PPSReplacernent.

.. (Date Sent) RAI Response (Due Date) Page 2 of 64 Comments (ML 12 Calc:

I September 18,2012 DCPP PPS Open Item Summary Table Page 3 of 64 Comments Licensee that PG&E WlllpJDVidethe . Trlooril'ime in a supmittedon the 4/2312612

..... Staff his.oonfirmed.that of ttija:AI;,S SWPis for review RefJJ1lonse April 29, 2012: <Staff will if needed at meeting. ivedthe No I SrclRI I Issue Description P&GE response:

I Status I RAI No. RAI The will be the resurtswill be summary report tOQesiJPmltedby 12/31112, . ...... .... . ............*...

1,168, Revision.1, Reviews and Computer Software Used of Nuclear 2004 EnQineers) 1 01 and IEEE with the exceptions 1.168 describes a met,hod acceptabletothEt

.*

withpartsot*

..

.. de§ign Ta.ble.

7.1 1.168 as SRP .

for reactor. tripsystems'.{Atp)and forengineered§afefy features

[)jablo .*.

information deScribed inihe AtS ManagemenfPlan.{or the* generic system platform, (Date Sent) I Response (Due Date) .

411

.. ******'itable; the September 18, 2012 DCPP PPS Open Item Summary Table Page 4 of 64 No I SrclRI I Issue Description I P&GE response:

I Status I RAt No. I RAI 3 where the independent This is also inoonsistentwith,tpecriteria of RG 1,168 and wiUfleed to be reconcileddudog the tAR and AlSLTR reviews, P&GE ALS. " .ii ......... .

..

ALS Verification Validation a revisedV&V and ValidationPlan"-;R e visiorl5,.*on required

..

the

• . Qlablo'Canyon structure in of

• separate and PG&E;submitt,ed onAf)nl.2;2(l1'

' .." . . [lSG..06 V&VpJan the supplier is chart in lW manager ISG-6 Plan do not.Flf:0vide'tsUffjcientinformation dUring*

theAtS V&V' Plan*..

..

..determined CanYOr P?S "Aanagement*

Plan." However; OiabloCanyon PPS:ManagementPlan states: (Date Sent) Response (Due Date) Comments PP$:rylPOl1iAprjl' 2, 2012{;and will conSistency with RO.1.168.

Resmlnse

Aprif2, at

[Jleeting, I September 18, 2012 , No I SrclRJ I Issue Description P&GEresponse:

ALS V&V. , "See the ALS V&VPlan for nJofe>1nform$tioh.and team and thePPS The Triconex V& V plan states that soope for V&Vactivities.

As Tric6nex lepiis not listed in the ISG-6 matrix. . *i.' *ii These items will needfurther.cI9rificatiof) during to demonstrate compliance Valt<:Jtitti Ofl ,

forDigitalCornpyter SoftWare in Safety The Westingl10use o<<Ja n izatio na lrept1rting the scottsdale

............'. ..' .....

report to 9.lffere(lt I

bttviairtdependent dplio.n.of revised to add informationorrltreactivities' beihgperfo""edfor the that 0!lAPrif.i' '.. .... . *. ... .*...

..> .....** :the PrQ.anizatrona'. structure II'}

fwe a(lQrtlCihit<iining and for working with nuclear customers on safety-relatedV10 Tric;::oo DCPP PPS Open Item Summary Table P&GE response:

IStatus Page 5 of 64 I RAJ No. I RAJ Comments (Date Sent) suffiCient between the Nuclear Delivery (Design) Organization and the IV&V °rgtitnization, ofthePPS 22181) also. denotes the<;f OGPP PPS project: . organization, and. prq\lides betW:een the NO aftdf\l&V Organizations.

Gtose the Invensys .

response 4112112) on April 2.

September 18, 2012 DCPP PPS Open Item Summary Table Page 6 of 64 No I SrC/RI I Issue6escription I P&GEresponse:

IStatus I RAJ No. RAJ Comments (Date Sent) I Response (Due The PMP describes the PPS Replacement Project management activities O,\iem,ys lingitleeringdepartment procedures

1. Erigineerln'g whereas Nuclear Invensys Eng system but Nuclear Delivery may Engil"leeringon technicalJssuesrelated to the V10 TheNRGappliecj ISG-06 totheV1.0Triconsafety C¥tJIUtJt' pertaining to the design . asp'rooess support of the PG&E tAR for the DCPP PPS Replacement, Invensys Nuclear Delivery is required to submit the application design documents as defined in ISG-06. These project documents are preceded by document number 993754. The Phase 1 submittal under Invensys Project Letter 993754-026T, dated October 26, 2011, contained, in part, the following:

PPS Replacement Project Management Plan (PMP), 993754-1-905. "Project Management Plan" was used to more closely match BTP 7-14 with regard to "management plans"; and PPS Replacement Software Verification and Validation Plan (SWP), 993754-1-802.

within the Invensys scope of supply. The guidance documents BTP 7-14 and NUREG/CR-6101 were used as input during development of the PMP. With regard to compliance with RG 1.168, the PPS Replacement PMP and SWP both describe the organizational structure and interfaces of the PPS Replacement Project. The documents describe the Nuclear Delivery (NO) design team structure and responsibilities, the Nuclear Independent Verification and Validation (IV&V) team structure and responsibilities.

the I September 18,2012 DCPP PPS Open Item Summary Table No I Src/RJ I Issue Description P&GE response:

I Status 4 interfaces between NO and Nuclear IV&V, lines of reporting, and degree of independence between NO and Nuclear IV&V. In addition, the PMP describes organizational boundaries between Invensys and the other external entities involved in the PPS Replacement project: PG&E, Altran, Westinghouse, and Invensys suppliers.

The combination of the PMP and SWP demonstrate compliance of the I nvensys organization with RG 1.168. [ISG"'06 EnclostJre B,ltem1.10]

.... SOft\¥are Configuration PG&E

............* ..

...

Atts,.cflmflnt 12 only proyides a

.' .. '.. ..' .u.'\K.s.

it is unClerstood

.. > that the licensee will notperform PGE personnel will become responsible for over software upon delivery from the vendor. .

planto.be licensee for maintaining*.

evaluate.

against the .. .

..

ManagemeQt 9esign. act.ivities configllration the AlS. platformfortfleOiablo staff reql!ires management for in the *.DGPP pf()jectspecifjc plan. These itemS.YiillneedfOt:theT Clarification duftogthe review to demoO$trate with.BTP-14.

P&GEresponse:

SCMP after SCMPonJune(;, 2012,in Attachment 4<to the Ene1osureofP.Gil;*Letler 00:L-12-050.

Page 7 of 64 RAJ No. I RAJ Comments (Date Sent) Response (Due Date) N/A CI(J$8*ft)e Invensys ipart oft.heOL aradO (6/13/12):

.;..

36-01 The staff will review this information and JdeJ:1tify*questions, if I September 18, 2012 DCPP PPS Open Item Summary Table No I SrclRI I Issue Description I P&GE response:

I Status 5 Aft (RA) 1.11J V10 platform documents identified in JSG6 matrix:; sta!e the.NGJO Input Output) Care..

software will It is not Clear will be tested,and test is not partaf integration testing activities.

' . Further, Canyon Test,. Plan will not .I:)e'loadedpn the ,system; instead

.ltis

'7. .

iDiablo Canyon," PPS S¥t\tem, the l)\R BW"-t4;' Tricon

.... . . ... i.. , .... i . ... . . ....,. i.i

.. modules*

..

..

.,

on thesetw,b the NRC in V1 0 Tric(msafety

........ evaluation

• .

ft.,Jnctional is'performedwhen U,e ."Q the ill;

.

the maQUlehardware and embedded core firmwate.. are y.'ithifl\the

..

the firmware wiUnotbe projects. .

musfbeCJonewith?friStation 1131 (TS1131}.$uch as speCifying which l/Qmodule is installed in a particular N/A Page 8 of 64 I RAI No. I RAI Comments (Date Sent) Response (Due Date)

... rifneeded at used for I September 18, 2012 ocpp PPS Open Item Summary Table Page 9 of 64 Nol SrC/RI I Issue Description P&GE response:

r Status I RAI No. I RAI Comments (Date Sent) Response (Due Date) Invensysstate'd TheOfaD10 CalJyon Applica t t9ri"Wlllbe loaded onto plant systemflar"dware during FAT. Staffre.-examined tnvensysdoc. "Validation rest the thijfjardWare Valktatioo'Test activiti_and

.3;3' of the .. '... "'..'....',.'>.' ... ':.i.i;, .vu""an\il that fhe .

1) ... ils:wrtion . 'physical slot of the Triconchassis, a unique <hardware address in tne.system.Atsa,

.

program parameters (i.e.,

are a$sighed to a particular point ona items c('.)l"lfttl.uredin TS1131 willbe within the scope conQucted by Invensys Nuclear IV&V for integration projects.

The necessary coflateral(syst$t:li:builddopuments, r **90nfiQuration procedures, te$t to thesiaffstechnicat*

..tL ." ..... .TIle 1 dated contained.

in part, the Validat i 9!l l'eStPISI1,{VTP),

This document and the required for validation testing of .theVt9Tricon portion of thePPSReptacemel')t, *including:

for and validation

"';;"<r<>L.'

test tools. c:1ncfenvironment validation

..' .. '.' . '.' .'" /. ., ,iic;hedufif;l9. (and resource loading of the schedUle)

Se.*ction., 1..3;2* of theVT Pdescribes the Hardware Vatidatioll,,:(est a ctivities...... ..,', . ' ,-,n " )/ ".<<" c:1ndSectian 1.3.3 of the VTP TestaaMtI(!s-fdr the PPS . Details on the application.

and need fo,peprovided to the staff separately.

that ... ,..**,

September 18, 2012 DCPP PPS Open Item Summary Table Page 10 of 64 No I SrclRI I Issue Description I P&GE response:

I Status I RAI No. I RAI (Date Sent) Response 6 7 AR (SM) [tSG"OI3 E::nclosi.Jret3r Item1A4] . >,1 Closed I Develop<, Equipment

-

and t ..t.2 on.the plant

n,eTricon V10 Safety Items

• . licensee applications.

should address.eachofth$§e.fQrTclconportion of the Similar information for the.AlSS.pof'tionofthe PPS repiacement will also;be reguired.

ALB.. .. PG&E they are available: " ;---, Tricon

• • 'A.IIOf tl':)e Application Specific ActionltemswHl*be0;'

,201.2. AR I(BK) ...

the MaintenanceWdrkstation

• to*

..Tp,.;rriStati()o ytOplatformreliesonsoftwaretoeffect to modify thesafetys:i

..................... ..on in* the*

¥'0p1atformdoes not ....

..

,....

• .

Posit/ant, pqint..

..

compl,;with**tnisguidance{ (Due Date) Comments ii/Response reCeived April.2,*:;*

29;2012. Staff subsequent telecom meeting4{;

PG&E should this 01 matrix. (Kemper 12*12)... . RlQewed

.... r,Elvlewed

.and .stiU need a<jditional

....... <i.E'"

.... this..:item.The.

Wi'rpeed to revieW this item further September 18, DCPP PPS Open Item Summary Table No I SrclRl I Issue Description P&GE response:

l"order forfh£iNRC stafUo. accept this' an'acceptable deViation to this staff position, the PPS contrpl

..... ".; (),:>eration.pfthe sl!)ftware

..

and;:any With The ALS uncl$8fat tl'1is time and witl be resolved as the ALS LTR " .:::'/,I':'/!¥:',

..

in trip. As..

fl 'WhiJethe Tricof.lV10isoperatlQniiland .for.the and'thi$

.*

Qf not

..

..

..

of the or division..** These issues nlustbeaddressediAor.derfor<itbeNAC;.staff 7 to ti**... *.*...*****.. .**. .i." ". .'.: . ..' . ". .** .7 .... **.c*'>;>.:.i". . **.:ii.;:.<, .

PrQvidec!1in Staff Position 1 , Point 11.

the:ALSpf.orm.of'l this time.' . ............... " A.i * ....* .... ": .*. ....** .:.

.*

WRtTEcommancisfrOm

.*

'--_---'-__--', prb§ram..

cOmmandS fromTS 1131.* " '. I Status I RAI No. RAI (Date Sent) I Response (Due Date) Comments 121J12 update: it .

that d'>

theV10 portiol'lof

.' S ent to be :edto'NRC , . . iy 2012. Page 11 of 64 September 18,2012 DCPP PPS Open Item Summary Table Page 12 of 64 No I SrclRI I Issue Description I P&GE response:

I Status I RAI No. RAI Comments (Date Sent) Response (Due Date) .0 aPpropriate.

it. The keyswitcn three.ganged switch so that the three Proce.ssor the position of

..' I\tfP..

the position'oflhe

...The, ""P5 The voted position of

..

how is available as variable that can be ffl()nit()red by the tb$-MP3008N TSAP. This position When itis taken out,of the RUN and from theTricon/(Le., ETSX actually fOrmat. T81131

....

when in 'ams .controJ SlLad(Jress the anCt'apPEppriate

..

..in the 01. response .ofthe Update: keyswitch..

is received QyETS%.to download explain a new control cpntrol* pr9Qram,ETSX h9WJhis message'accepts or on the voted keyswitct:rposifion, If keyswitchis are rejected .. lUhe keyswitchis 'fOflTIaiworks to PROGRAM, oUt of service. and runs thropgh '.'

the. sequence the new or the Tristation .E \ . .. in RUN??

h;;iveJo oCCljron Tricon(in errors lnthe control and at order for the program to Therefore,tbereis no single wottldallow application asaresult unexpected operatklno.fthercbnnected compUter with TS1131 installed " '" '" The

Effects. Analysis, . an .,stj..ooPhase 2 in MeW Invensys will support the staffs review of the 8 September 18, 2012 DCPP PPS Open Item Summary Table Page 13 of 64 I No I SrclRI I Issue Description I P&GE response:

I Status RAI No. RAI Comments (Date Response (Due Date) and software a$sociate<iwiththe OMC keyswitdtiby"makrng data available for contains WRITE..after . However, tbe program prqgram can be. modifiedwitfirtne 9MC keyswitch fQtN.\tl\le conttl',)ls will to include in prQCequres in response.*.

.... . .... .is not used tochatlgesetpoints and proteption keyswitchis notinR\JN

.* plans.to.slbmit;

• .

493. The NRC future licensing action.

a summary of which AthAnQ used fordetermi

...Jnsas-found and as-left ... _".._ ..

forth. seetionD.9.4.3.8 of'FSTF I September 18,2012 DCPP PPS Open Item Summary Table Page 14 of 64 I SrclRI I Issue Description I P&GE response:

I Status I RAI No. I RAI Comments (Date Sent) I Response (Due Date) information and the uncertainties used in statisticaUysufficitent qusntijy RC staff has and analysis calculation have bound th(i) (to justify the <<fraffdfmce from Ipe transmitter before.

3flt12 Upd13te:

all setpoinl$

deterrTIini:Jtjons will be!.9, P

"\\. .....

..

a$ s>IS,TF-493 action. 3121112lJpc::t$:

..

tht=l' Wte.tlngh9 use

..

September 18,2012 DCPP PPS Open Item Summary Table Page 15 of 64 No SrclRJ I Jssue Description P&GE response:

Status I RAJ No. (Date Sent) I RAJ Response (Due Date) Comments tr,esetpoint calculations will be to be submitted on the per NRC 9 AR (BK)

C9nclusion Scope and Applicability -Manyjmportant sections of LARrefer the reader to,ttre ALSlicensiog topical report (LTR}to demoJlstrate compliance of with of IEEE 603':'1991,.

IEEE 7-4.3.2-203, However, many important sections "of the ALS L TR state that compliance with various of are application specific and refer the reader to license amendment submittal (i.e" the DCPP PPS LARin this The staff has not yethadlime LAR" iI11qff;nati<)O compare this

\iVjththatprovided in the no missing 'it;110rfhatJon.

HQ'fVever, and its contractors encouraged to review submittals that compliance with these IEEE Stdsand ISG-04 are within both licensing documents.

t Closed No speqfic RAt needed for this 01. RAI #4 addresse sthis item as noted below in 0115. complian ce"matrix for the ALS platform. (Kerr)per 4;'12-:.12)

.

April 2."' 129,2012.

The' PG&Ei response to address **the Of Close this " "'", '. :j 01. ..*.

P&GE respo(lse:

have reviewed the LAR 11-07 and the AL:StoPiealfeporttctverifyinformattoniscprovidecHo justify complfi:lngewithIEEE 603-1991, IEEE 7-4.3.2-2003, and ISG-04 in eithedheLAFfor the ALS topical report. Asa result of the review, it was identified that neither the LAR. nor the ALS topical report contain a matrix that documents compliance with ISG-04 Table 5-4 for the DCPPALS platform.

PG&E will submit a matrix that documents comp1iancewithISG-04 Table 5-4 for the DCPP ALS platform by May 31,2012.

September 18, 2012 DCPP PPS Open Item Summary Table Page 16 of 64 No I Src/RJ IUTssueDescripf;on P&GE response:

I Status I RAJ No. I RAJ (Date Sent) Response 10 RS Scope -In the LAR, section variables.are defined forRTSand section seven plant required for the ESFAS. Three plant variables in sectjQn 4.1 0.3.4. ',; . '\ >. ,'}fF Some vari,ables are not listed in as being PPS monitored plant parameters..

Itis therefore aS$umecUh$t these parameters are provided direct inputs to theSSPS anel thatthePPS is. not rel.ied upon for associated with parstfjeters and safety*

that the to reliably . . ....... The the ptant are generated.

tQthe.SSPSooiflCidC!l'lCe lOgic in the PPS or other, indePfllrldentsyst!ms,or in some cases, by discrete devices,

..

6 (RCPbus UF , UV, and breaker position, 8 p()f)ition}a,nd 9 (seismic by discrete devlce$Qutside the PPSand totheSSPS. . Section .1.4 itemS 6 .\"., .:'

<t M , '.<: . ..... ,.", '"V Radiation}.and7 (RT breaker position Permissive

'oUtSide thePPS contact inputs to the Ssg$,

the;.BP$.

adversely affeCt performance of'tIlEJsarety functions associated with these plant. (Due Date) RAI02 Comments Neutron Flux is an input to Tricen bulll is not listed in "ProcesS*

Variabl.e inputs to*;' Tricon" Signals not associateclwith PPS will b!9 designated as such in the SE and

September 18, 2012 DCPP PPS Open Item Summary Table Page 17 of 64 I No I SrclRI I Issue Description I P&GE response:

The three signals Range RCS T urbinelmpulse Chamber Pressure)*

not listed in are fT!Prlitored by thePPS per Section are used to in oCPP FSARSection

5. The PPS uses Chamber Pressuretq:senerateanjnitiation signal that coincidence Jogicto develop Permissive P ..13 as Neutrorl added to Section 4.2 TableA-I ' ... . . I Input toQve .1"emperatute( Input to.Ovei Temperatttre:;'c( I Status RAI No. RAI Comments (Date Sent) Response (Due Date) they.wi.llnot be described.lf'1Ge for September 18, 2012 DCPP PPS Open Item Summary Table Page 18 of 64 P&GE response:

I Status I RAI No. I RAI (Date Sent) Response No I SrC/RI I Issue Description performed by the PPS or if the be providing inputtoextemal systems that in tum perform the permissive logic described Qistablecomparators b1..the PPS .

functions are performed by is still unclear if throughout the LAR.iflt Pfeaseprovide additional to dearly define what the ReactorTrip Intermediate low Power LOIiSS ofFI.ow

..............

.****.***\.;.*. / ..... ;. e..

PqW$rLOW" P"11 LovlPreliSsurizer Pressurl P-13 Turbine Low Power,P .P'::14 Hi-Hi Steam Generator Level to Pressurizer Pressure:

it is also replacemel1t . '. reactor trip} * *jhe LAR states in fhePPS"; P&GE response: .

function within the existing PPS. will to be performed

..

Iisthatare . PP$ wi!' continue neratedindependently. . . , ... (Due Date) Comments September 18, 2012 DCPP PPS Open Item Summary Table Page 19 of 64 I Status I RAI No.1 RAI Comments (Date Sent) I Response (Due Date) N/A No uTSrclRTI/ssue Description I P&GE response:

13 RS

• Permissive P6 , P-8" P-9, and P¥l() initiation signals are c,omparl;ltoroutputs from to the . i.

with the PPS. .. issive initiation SSPScoincidence logic contacts in (R'TB). There is no interface wittrthe PPS.

• P-12, p-t$,andP-14 initiation

.*

.. .'. .the**SSPS.;

is 9,eneratedintgeSSPS'from 3 out tift ,¢hannels (from setpoint and impotse chamber pressure channels below setpoint (From if1itiatioh>sign.als

• .

monitored.

by appropriate No SSPs, PeIJ:1l issive or safety fun PPs ...

P-8, P..9, P-10, andP.:;,13 are functionally Permissives P-4, pooH, P-12, and P-14 are des.iedinFSAFfTable 7.3-3.

September 18, 2012 DCPP PPS Open Item Summary Table Page 20 of 64 -"-1 I No I SrC/RI 1 Issue Description IP&GEresponse:

I Status I RAI No. followino statement; --.", ,-,-

valves are not safety-related, with the P-12 from theSSPS. It' *... . Inccmjunctioriwith tr,e response to RAla,PI contradiction in section 4.1.20 oftheLAR.

cOfTIpaft:ltor outpijts the P-1:2 the SSPS detected.

The SSPS .......

P13 Turbine SSF?Sbased on ref)pgnse to als and logic 7.3;3 (ESFAS). and does not (Date Sent) I Response (Due Date)

September 18,2012 DCPP PPS Open Item Summary Table Page 21 of 64 No ISrdRi I Issue Description IP&GEuresponse:

I Status I RAJ No. I RAJ (Date Sent) Why would the'ppS status need to be transmitted to thePPS as sentence suggestsin,the last titled to the control board tf:>ScontlTIoI board means "PPS not Jdorm.instead thef$G::04

','C, //;>>" . _.

L TRior .' 'tne'LAR variou$ oonlOl,*port

... a99re9ator,..

Thtese are aU expects a to the C.*.* A ..... y.O**.*N.*..*.*p ........** ..*lAN.*.*T D.'.I&C.. I:S.l3.*.:.u.*

• . '4.... ***.*.C ONB .*. ....*MA.. **. N. CE.'R.E ..........*.......

N .* ....WE.R.*.....p... ........ ... ..*.:. .*. .. ..*.*..*.*.......*..*.......**..*

• *. ...*....*..............

• ...* ..a ....O R.*.* *PORT the docket, whiCh explains.how

• theALS portionof.tij,:,?p$

apptiOCition conforms with the guidance of IPG-04. Comments

<14/4/12 update: The araft ALS 18'&04 cOfl'\piiance matrix optne ALTRAN 'arepoiniwebsite

.not detailed the staff to use in approving portion of cOfJ'ltrlunications September 18, 2012 DCPP PPS Open Item Summary Table I No I SrclRI I Issue Description I P&GEresponse:

I Status I RAI No. I RAI (B'K) sdeveloping the ISG-04.cQmpliance matrixTabte for the AlS and PG&Ewi!l submittheTabte by July 31,2012. (Date Sent) Response (Due Page 22 of 64 Comments design.

PG&E review'the Invensys ISG..()4' Doc.DocumentNQ.

993754-1-912ker . ReVision 0, and provide guidance foranALS detail.

integration plans for PPS, .system.

papers were discussed at 411812011 ce. The staff agrees .i that the analog .... RTD signal loops ntay be te$ted separatelyatfl;'le.

Tricon FAT and at theAlSFAT to satisfy integrayon test some*CQncems over that "There is no ital data September 18, 2012 DCPP PPS Open Item Summary Table Page 23 of 64 I RAI No. RAI Comments (Date Sent) I Response (Due Date) No I SrC/RI I Issue Description

.'P&GE response:

I Status September

18. 2012 DCPP PPS Open Item Summary Table Page 24 of 64 Comments No I Srclk/TTssue Description I P&GE response:

I Status I RAJ No. I RAJ (Date Sent) Response (Due Date) Section'S.1A.3, Hardware Tests, (pg. 27/38) of document I CloseQ PPS Validation states that the ALSeql,l.Jpment wi" not be included in the Where, and what procedures Wiit.be.used to fully test the.lntegrated.PPS (both Tricon V10 together) be subjected to PG&E respomse:

aSllng: .... 'ormation on the PPStestingis provideg*to thes' .. 1 need to be.updatEld additionalinforrn t1'lhe updated \/TMwillbesuljJJ1itted be providedaftElI" lthe staff is received on the P&GE response:

I Status Closed September

18. 2012 DCPP PPS Open Item Summary Table Page 25 of 64 No I SrclRI I Issue Description Comments I RAI N o. RAI (Date Sent) I Response (Due Date)

September 18, 2012 DCPP PPS Open Item Summary Table Page 26 of 64 ::::------:-:-:----------.=-c:--=---=

response:

I Status I RAI No. I RAI No ... I SrelRl1 Issue Oesenpclon 1\) PG&E the .IEEE-1012 V&V in AppendixA Table ALSV&V plan document 6116-00003to i012;:inAttachment 7to the EnclQsure of'PG&E LetterPyL, ..***r15*ofthe' Design Basis

'Instead, theacqldScl"lt analysis in chapter 15 identifies FAULl'S OF MODERATE FREQUENCY CONOffiON III-INFREQUENT FAULTS (Date Sent) Closed Response (Due Date) Comments staff wo* thro.,.gh.

thisaslhe and appn:}val***elease document*dn**tbe will addresS tbis.*lsstJe as well as .0120 NRC,staff be submitted?onthe

'slie September 18, 2012 DCPP PPS Open Item Summary Table Page 27 of 64 I Status I RAt No. I RAt Comments (Date Sent) Response (Due Date) NOI u SrclRt I Issue Descnptlon

--:::::---::-:------------r'P&GE response:

CONDITION IV -LIMITING FAULTS As such, the statementthat AOO'sand the Conditlo.l'ls described in FSAR chapter 15 Operational Occurrences,and Design Basis Events describag:,iriWLAR.

.TJ;Je AC!0'S8tereferred I w_perationaITransients" in FSAR Chapter 15.1. The Condition II "faults of moderatefreque,ncy,':

and ANS Condition IV "limiting faults" Chapter 15.2, 15.4 respectively.

20 September 18, 2012 DCPP PPS Open Item Summary Table Page 28 of 64 RAI No I SrclRI I issue Description I P&GE response:

I Status I RAI No. Comments (Date Sent) I Response (Due Date) RS N/A (12.update:

ir ated for NRC to afJdfStJSthis issue.

\'(ill tc;)tre fotthlsitem.

7/02112 -

nemi.. 'Llnformatlon

'.,

'OrmedtRyother pro1ectiYtsvstems>at DCPP in.al.. . *In

"? eJ(planatiOf:l of, .' ....

is;there a garifj" 'desQribedJunotions are performed by the PPS . Jircludes "functions tothePPS 'stem is of whether the As.'o a bypassfuncti0l11o'support channel description oUhis fUl0lctlQll aoes not feature is being within the orinthe.SGFI.

',' ' .",,',,, "'0';"'"'

'" Iffrieeds

.

of the system .being ..

QrQeft9maf(e its

..

to helpthe'slaff

.other eXtemal .. '..

SUC11'8S*peS function PPSf'unctJonsfromfuntttons Closed .

isil'lf!fuafKjois ol'lly,applicable to thj$'licensing action, \,,:::-< " ectt6at60 s.is to dt!ierminePPS functionality.

September 18, 2012 DCPP PPS Open Item Summary Table No I SrclRI 17ssue Jescription iP&GEreSPOnse 21 RA Westi Test P Syste requirl Ighouse/CSI document 6116-00005, "Diablo Canyon PPS System lan," states that the ALS-1 02 FPGA design is changed for the DCPPS n. Further, Section 5.3.3 states: "Test as many of the ALS-102 !ments as possible." Pleas board ! identify what document describes the design verification test for this PG&E for the Speci PPSW Septe The documents that describe the design verification tests LS-102 are 6116-70140, "Diablo Canyon PPS System Test Design 3tion," submitted June 6,2012, and 6116-10216, "Diablo Canyon Simulation Environment Specification" that will be submitted by )er 30, 2012. Status Open (Hold) RA/ No. (Date Sent) RAI10 Not used RA/ Response (Due Date) Page 29 of 64 Comments 6-13-12 update (Kemper):

PG&E understands that they need to provide an update to this response.

In the meantime, PG&E andALS have provided 2 design specifications that will address this 01. These documents are placed on the PG&E sharepoint website. Doc. No 6116-10740 was submitted on June 6,2012, which describes ALS system test design specification.

Doc. No 6116-00005 was also submitted on June 6,2012, which describes ALS system test plan. Doc. No. 10216ALS W Simulation Environment Specification will be provided in the future. 3/21/12 update:

---September 18, 2012 DCPP PPS Open Item Summary Table Page 30 of 64 No SrclRI Issue Description P&GE response:

Status RAI No. (Date Sent) RAi-Response (Due Date) Comments PG&E has created a share point website for NRC to review PPS design drawings that will address this issue. NRC staff will determine if they are needed to be submitted on the docket. PG&E will ensure the website is information is only applicable to this licensing action. NRC-the response provided does not address the question.

7/13/12 rjs Deleted RAI 10 pending review of revised response.

Also decided to hold item open.

22 BK Tricon VtO;sm:t .AL$platforiJls together) besubjeetijd't9;fAT.

September 18,2012 DCPP PPS Open Item Summary Table Page 31 of 64 No I SrclRJ I Issue Description I P&GE response:

I Status I RAJ No. I RAJ Comments (Date Sent) Response (Due Date) ClesU\j"RAI Section 1);:1;(pg , 12138} states "The including media .Network Aggregatofl"tJP,qflcfgateway hub, and the MWS will. nQtbe withiFJ;,lhe test scope of tliisl';UP Delivery rqup'yViUcoordinCitewith Pacific fQrsystem staging .(am.over to Nuclear IV&V. The will confirm before addre$sed lnthis VTP." When, Where;: and what the.

AlsQ,

4,(3)HardWare Validation Tests that the ALS equlpn:tef*Wilf:l1ot .*'

the. FAT When, and PPSsystem (both I FQllov.'ongl#5 question pertaining PP$ VTF\i the

.. VTPwHt.need'to be updated based on the additional*

information.

A thatthe Vl"P will be provided after feedback the Staff additional information on the PPS September 18, 2012 DCPP PPS Open Item Summary Table Page 32 of -NO! Src/RI ! Issue Description I P&GE response:

I Status I RAI No. RAJ 23 BK !Se<?1lPn 1.2.13, 101 4-13 . Tt'!;MinStalled in the Tricon 7L), the PPS ilize twoTCM cards \n (Slots 7L and

..... ..... .... etwo the

,?PCGfJlteway Computer from. eaCf{*Proteption.Set to ensure PQ{1lO'lunicationsifa single TCMi'sils,.

.... . ..i**t" PA-CUlPAD-gU 1.PA-CU .port NRCforasimilarapplication in theOcpnee.".

1.1.4.3 determined iscnafion and the

.. ' .

the and *.'..

the or Comp,.rter!'iUnotadversely

.. ffeptthetlf:jjlity oUhe Oconee RPS,cs"':

'.. .

.$etcommunicat{t;)'

t:i,:1n!F.igqre 4-13 inbound COO'lJ'n ........ </

Port 1. That fr()tl)P9.

rt'.1.tgeltherthe TeM on . otlP9rtB ()ftheport network tap are not

• flfft.Jistest will be documeptEldin'final System

.. *.PQrt

..linepackage (DIP) onswfllbe controfled by management

,',':' ",:,. '\'.,',','

..,: '..< lnofderfortheStaff to approv*3 configuration of

.9f thePPSequif;lrtlenpoDCPPsite, paUls will. re<:iuiretestingonorbefontfAT, . and before comptet4og;ofthe SER will the SAT ..

..... . prov,idea test*

aU regulatory prior to*prouring the FA 1:

will theSAT,as stated scheduJeJortl1lS

'.'

so the NRC Review Plan accordingly. (Date Sent) I Response (Due Date) RAl11 Comments 1 The NetOptics Model PAD-CU has two one-way output ports but is otherwise identical in function to the PA-CU.

September 18, 2012 DCPP PPS Open Item Summary Table Page 33 of 64 P&GE response:

I Status I RAI No. RAI Comments No I SrclRI I Issue Description 4.1.17 paragraph associated with HiQh -High discussion it is stated that the SI funclions (Turbine Trip and section 4.

by initiationd Tfiis same section also IEEE " systemls not being Instead,tEEE B(}3..1991 is contained in section 5.2 of JEEe'E understand lhatthe criteria Trip can be initiated pf'ijtiPlion function OR by $ectIon 4.1.1'l describes the functionP-14.

the.PPSgenerqtes an initiation trip signal and of 2 of 33 high-hi9tl

isdetected. , :<<,.;

1.9 describes Safety of 4 Pressurizer detected.

The 81 actuatiol v'

Feedwater

.. Steam Generator levell-hnn_Hlmn The'P-14 (Date Sent) I Response (Due forAlS is \I'm ation will be is received on the functions or P-14. In this atesme same two however, there is of the P-14 by either Higll' ,steamgeneratorlevel, generate.s when insnY stearogenerator 25 September 18, 2012 DCPP PPS Open Item Summary Table Page 34 of 64 No I SrclRJ I issue Description I P&GE response:

I Status I RAJ No. RAJ Comments (Date Sent) I Response (Due level High--High.

Through the SSPS, P-:14 will trip the turbine actuale.A,uxiUary Feedwater.

A SI .signalwill also actuate Feedwater, amongqtheractions.

do not. initiate P'-14 and Steam Generator Aigh-HigbE@-14 does not initiate SI. b. ...,..

when 2 of 4 channels are above Ois combined with Permissive P-13 tufbint;toadlto provide inp.IJf to ItatJows blocking severanowP9 wer

-...

P:tOis the "Power

-

..9Isthe Power Range at Power-High" permissive.

response to 01 #12, September 18, 2012 DCPP PPS Open Item Summary Table Page 35 of 64 No I SrclRI I Issue Description I P&GE response:

I Status I RAI Comments Response (Due Date) SyOAP defines Supplier $oftWare quality fofeachOfthe following Planning ConceptucU*De,slgn Requirements Design Test phases phases

• .Pftflis;/itis 0.1 task

...

...

• .',: ," .'::' ,>,"',;-",-';; .but.. defines the as; Manufacturimg, System yvouldlt

.. prQvidea

......

Phases proces.s so.that the staff can .correctly identify I I RAI No. (Date Sent) 26 RJS The ., of -.--' .. . .. ' ... . *Iterr'f lij!iiaf&<.fon 4125/2Q"fl for this item.'

thiswiJl,oean RAI.

September 18, 2012 DCPP PPS Open Item Summary Table Page 36 of 64 No I SrciRI I Issue Description I P&GE response:

I Status I RAI No. RAI j... . *...* ......;::';.

of Phases to the Phases of the development

.. JhedetermInation of theJopationof.tpemapping information

...submittedis IN . PROGRESS.

r-l.,ntr-P;;QclJrement*PrOQramand associated f'ollowlno ofthe pap audits,audit reports Will be created AudjtSummarvReDort will be created. PG&Ewillsubmit the the staff at the time the vendor hardware is (Date Sent) I Response (Due RAI13 Comments 28 29 3,

isresponsitlJefor.the

.. . . **.. ..

• . .. states

..... .... *....... >... . jlions..*p!eas.e..

.....

ALSplatformscmce>¥GFS

'.' oompteteq.

'.' . '.; ". ..(\tta.cnrnent Project Manager will share the goals and for .' imPlemef'ltii:1gtl:le software quality management throughout the project responsibilities are (J0ingto be shared and 9Ringto be perf,ormed, . .' September 18, 2012 DCPP PPS Open Item Summary Table Page 37 of 64 No I SrclRJ I issue Description I P&GE response:

I Status Comments __-+1-*-.-.' '. . '.'

toPG&E. The vendor tlardWare de1JveredtoPG&E in Spring reports wiJI not be sOb'nlitted but willbe llJadeavaUable the NRC staff for review. . RA Software Management Plan Closed I RAJ No. RAJ (Date Sent) I Response (Due Date) I N/A RAI13 September 18, 2012 DCPP PPS Open Item Summary Table Page 38 of 64 fJOIuSrclRI I Issue Description I P&GE response:

PG&E response:

The<PG&EProject Managerwitlshare responsibifityformeeting the . sot'tWarequalitygoals with the PG&E quality Verification organization person net ac:iivities,the<PG&E QuaUty Verification Pial) (PQP) that wiUdefine the oversigHt activities technical audits, cyber . security audits, ..and sof'tWarequalftyassuranceaydits.

I Status I RAI No. I RAi Comments (Date Sent) I Response (Due Date) I Open I RAI (Hold) Not 7/13/12 -rjs: . Decided to not use the RAI and hold this item open pending review of updated phase 2 submittals.

30 RA Software Development Plan Section 7 of the Invensys Nuclear System Integration Program Manual (NSIPM) requires that non-conforming procedures shall be used to control parts. components, or systems which do not conform to requirements.

Invensys documents 993754-1-906, Software Development Plan, and 993754-1-905, PPS Replacement DCPP Project Management Plan, do not identify non-confirming procedures to be followed when deviations are identified and how deviations should be corrected.

Please provide this information.

PG&E response:

The Project Management Plan (PMP), 993754-1-905, is the overarching project management document for the Invensys scope of the PPS Replacement Project. It references other Invensys planning documents that discuss procedures to follow when deviations are identified and how they are corrected.

The Software Development Plan, 993754-1-906, describes the software development process for the Invensys scope of the PPS Replacement Project. 993754-1-906, has been revised to Revision 1, to include new Section 3.2.6 that discusses problem reporting and corrective action. 993754-1-906, Revision 1, was submitted by PG&E on August 2, 2012.

I 31 Page 39 of 64 September 18, 2012 DCPP PPS Open Item Summary Table No I Sfc}RI I Issue Description I P&GE response:

I Status In addition, the Invensys Software Quality Assurance Plan, 993754-1-900, Section 8, and the Invensys Software Configuration Management Plan, 993754-1-909.

Section 3.2, both provide reference to procedures to follow when deviations are identified and how deviations are corrected.

RJS l§offware Quality Assurance Plan: I Closed 2002stipu1atesin 4 that "The SOAP<shall be approved by .in the ifi'>.*1f)ePGE

.*.PPS there are

..Themanagers.ofthes.e

..

.... o.*.rgani:z:atio PGe Project Engineering Team ltlTes.6ftMtarequslity assl;Jrance.

FlJ,anwas 4.11.A .1.1 of whiehdi.d not commit to I BEE 730"2002:miteriain devetoping the:

7-4.3.2-2003

[76] qau$e IEEE Std does not require ittoberriet . hOW to address all organizations oontajpedh'lthe SyQAP as reque$ted by thestaffin.thEt5l16 meeting. '.

..The within Seemon 3,-4 of.the SYI ;< ...I*..

....**.e .. sbywb.lch the .. nshave ooFh..*......*......

a!l';regulrementsstated In the SYQAP.

• Managers Team *QAOrganization

.. .

• Testing and Integration Team

• V&V Organization RAI No. I RAt (Date Sent) I Response (Due Date) I RAt 15 Comments *the.5/t6 , the staff inad that PGE Jlye have Irrthe T6isoould haclivities ventior 32 September 18,2012 DCPP PPS Open Item Summary Page 40 of 64 Comments 0 '1 Src/RI I Issue I P&GE response:

I Status RAI No. RAI (Date Sent) Response , (Due Date) 4.2.7 "Power Supply"oftheLAR power is supplied to I CiosedtRAI16 RJS PGE thePPS, *'n this description,the480VAG vilal supply is* described in the foiloWing ways. First it is described*

C()Olrnon bus to the 120", distribution

• • • 2 Rectifier.. outputis*fed,t6 to 12QVAC. '::.,::.("'):/f:':C-

'-" :,-"",' ,"_:.::",';<>'>;:/:':::<>-£<Y:"'-:,;,:;;'{<,,,',, '"

.,-_ _, /',,' ," _" ",_,' Safety related vitafOC .*

as.

supply,

..

safety.,retateq, 125

• outputthe $tatic sWitchwiflselec:t . , trarl$former input .

may be tranSfer busses; the

'jhealt 7n1!tesUppIY circuit breaker open to prevent inferconnectiotrofredundantpower supplies due pallels. We cannot lhf01J9h a transformer,or*ifthis refers to.the alternate .It described tQ.anlnverter.

• It is. then described assuppfY!Qthe battery charger instrument AC pOwer supply to controJ is fed _u 4 5 33 September 18, 2012 DCPP PPS Open Item Summary Table Page 41 of 64 No SrclRITTssue Description Ip&GE response:

I Status RAI No. I RAI Comments I (Date Sent) I Response (Due Date) switch.

sw.itchmay not be used uoder load.

the attached block diagram for additional detail. Open Item initiated on development process. The staff therefore considers these tools to be a key (ALS SOAP) Software tools are used extensively during the FPGA (Hold) 6/5/12. component to the assurance of quality in the ALS system development process. The ALS SOAP states that "no additional tools, techniques, or 6-13-12 update methodologies have been identified" for the ALS system. The staff (Kemper):

W/ALS considers the development tools, as well as the techniques and agrees with NRC's methodologies used during system development to be relevant to the position on tools assurance of quality for the ALS system. Please provide information on the and will revise the tools, and methodologies used during system development to ensure quality document (Doc. of the ALS system products.

No. 6002-00001) accordingly to address this matter. PG&E response:

Westinghouse agrees that Section 8, Tools, Techniques, And Methodologies of the ALS OA Plan (6002-00001) should be revised to Placed this item on reference document 6002-00030, "ALS Design Tools." This document hold pending describes the tools used and how they are used in the design process. This review of revised document is also on the ALS docket. Westinghouse will submit a revision of OA plan. the ALS OA Plan on the ALS docket.by October 30,2012. 34 RJS Plans)The integration pla[lningdocumentation . I Closed I R A.20 notineJude (ALS Triooo). The ..*

perfOrmed ***(jocketed asinte@ration planp!119 neetltocomeJo thE) to be accomplished prior to Issuance . (l(e tTI Pef}zll1 iS dltplicate Of J6 &23. RJS

September 18, 2012 DCPP PPS Open Item Summary Table Page 42 of -::--:-:-:----------,-,-:=P:-:::&-=GE response:

I Status I RAI No. IComments (Date Sent) No I siriiRil Issue DescrIptIon Response (Due Date) PG&E response: I N PROGRESS 1 ..;7102/12 .... RJ§;Th1s isrelateg to0!QI'16 and 23, . this speclf"teaflr addresses tm; softwareinte,gration planning documents assessed.

1Qe current so !,'fI$CUSseg;ir hii};* segiion 4.5.{of the LARandtne documents

• referenced from . i. here*do/not ..adequately address thisaspeCtpf system.ir:tf$gration.

<;:<;' A$such 7 Die *'qfegrafior\PlanWiIl lobe.reVised.

Justincludtog integration in the FAT.Will not resolve .i ...........

.. ipattJ:tl:tat a er)taf ,.....

tQbEnwbmftfed in September 18, 2012 DCPP PPS Open Item Summary Table Page 43 of 64 No SrclR! Issue Description P&GE response:

Status RA! No. (Date Sent) RA! Response (Due Date) Comments .... . i I , QrQfJr for to . re$Oh/fJtfils .

and 01.*dIOsed. ... '. 35 RA Follow up of Item 21 -Software Test Plan In the response provided for Item 21, PG&E explained that a new revision (Rev. 1) of ALS document No. 6116-00005 was provided.

The scope of Revision 1 is slightly different from the scope described in Rev. O. For example, Section 1.2 in both revisions states that test coverage includes all ALS modules, backplane, license sense modules (LSM), and ALS service unit (A TU). However Section 2, Test Items, for these revisions are different.

Revision 1 only focuses on ALS-1 02 and backplane assemblies.

This section does not include other ALS modules, LSM and ATU. Please explain why these other ALS modules are not included in section 2 of the new revision.

Further, Table 1-2 identifies "Diablo Canyon PPS Test Plan" as document No. 6116-00005, which is the same number than "Diablo Canyon PPS System Test Plan". Please clarify if this is referring to a different document.

OPEN PG&E Response:

The scope of both revisions are the same. Revision 1 changes added more detail into the overall scope. The details are broken down into 2 main parts: 1-The individual components, 2 -The System components.

Both parts equal the entire ALS based Diablo Canyon system which includes all ALS modules, Backplane, ASU (incorrectly stated as ATU in the open item), LSM, ALS-102A1B specific to Diablo and full ALS system test which includes the testing of ALS slave cards required by the DCPP configuration.

The entry in Table 1-2 for the Diablo Canyon PPS Test Plan, 6116-00005 is the same document as Diablo Canyon PPS System Test Plan 6116-00005.

September 18, 2012 DCPP PPS Open Item Summary Table Issue Description No SrclRI I P&GE response:

36 Software Test Plan RA Section 5.3.6 of ALS Document No. 6116-00005 refers to a "Test Team" to perform system level testing. However, the "Test Team" is not defined in ALS Document No. 6116-00000, "Diablo Canyon PPS Management Plan," which defines roles and responsibilities for the PPS Replacement Project. Please clarify who is the Test Team and where their roles and responsibilities are defined. PG&E Response:

The Test team and its responsibilities are described in the ALS Test Plan, 6116-00005 . The management plan describes the role of the IW manager. The test team falls under the responsibility of the IW manager. The DCPP PPS V&V Plan, 6116-00003 will be revised to explain that the test team is part of the IV&V team reporting to the IW manager. This plan will be released by 30 September 2012. Software Management Plan 37 RA PG&E "PPS Replacement Concept, Requirements, and Licensing Phase 1 Project Plan" does not address reporting mechanisms and controlling changes to the system. The only reference is that PG&E states that they will follow the activities describe before for software modifications.

After reviewing the of PG&E's SyWP, we found that Section 6 states that Anomaly Resolution and Reporting shall be performed per the respective PG&E and 1 OCFR 50 Appendix 8 supplier control procedures.

However, this statement does not identify the document to follow to report anomalies.

Please identify and describe the process that PG&E will follow for reporting mechanisms.

PG&E Response:

PG&E administrative procedure OM7.ID1, "Problem Identification and Resolution," provides guidance for identification and resolution of both equipment and non-equipment problems, including vendor software problems.

The OM7.ID1 procedure provides the process for documenting, reporting, evaluating, trending, and tracking the resolution of problems at DCPP. PG&E administrative procedure X11.ID2, "Regulatory Reporting Requirements and Reporting Process," provides the instructions Status OPEN RA/ No. (Date Sent) Page 44 of 64 RA/ Comments Response (Due Date)

--Septe mber 18, 2012 DCPP PPS Open Item Summary Table Page 45 of 64 No SrclRI Issue Description P&GE response: -Status RAI No. RAI Comments for reporting facility events and conditions to the NRC. This procedure applies to plant problems, including software anomalies, and provides a list of regulatory reporting requirements applicable to the DCPP, including those contained in the NRC regulations (including 10 CFR), the plant operating license (including associated Technical Specifications), license amendments, and regulatory correspondence.

The procedure summarizes the types of reporting requirements and references the source of the requirement, time-frame for reporting, reporting method, lead responsible organization, primary regulatory agency recipient, and implementing procedures. (Date Sent)

-Response (Due Date) -38 RA Software Management Plan OPEN Section 2 of the PG&E "PPS Replacement Concept, Requirements, and Licensing Phase 1 Project Plan" does not describe the activities to be performed by the Engineering of Choice Design Change Package Team. It is also not clear what the roles and responsibilities of this team are. Please clarify and provide the applicable PG&E control document that describes PG&E roles and responsibilities specifically for the Engineering of Choice Design Change Package Team. PG&E Response:

IN PROGRESS -39 RA Software Management Plan Figure 2-1 of the PG&E "PPS Replacement Concept, Requirements, and Licensing Phase 1 Project Plan" and Figure 3-1 of the SyQAP identify Altran under the PG&E Project Engineering box. However. Figure 4-1 of the SyWP identifies PG&E project team under the PG&E Project Engineering box. Please explain the role and responsibilities for Altran during the PPS Replacement Project. OPEN

I September 18, DCPP PPS Open Item Summary Table No ---SrclRI Issue Description I P&GE response:

PG&E Response:

09/17/2012: The PPS Organization Chart shown in SyWP Figure 4-1 is a simplified rendering of the organization charts in Project Plan Figure 2-1 and SyQAP Figure 3-1. The latter figures show an Altran Project Team under PG&E Project Engineering and a team of three PG&E individuals directly under PG&E Project Engineering.

The slight inconsistency between SyWP Figure 4-1 and the other figures may be resolved thus: l PG&E Projed Engineering _-1 I LAHran+ I [-

___ .-t=I] J QUinnll I Gregg u__ Altran is acting as a subcontractor providing engineering support to the PG&E Project Team as shown above in the revised figure. Altran supported LAR preparation and is providing continuing support through the LAR review process. Altran's work is governed by the Altran Engineering Procedures Manual. Documents submitted to PG&E are prepared in accordance with Altran EOP 3.3 (reports) and 5.4 (specifications).

All Altran documents are verified in accordance with Altran EOP 3.4. In addition, PG&E accepts Altran documents under PG&E CF3.ID17 as noted in the Altran Report. RAI No. Status (Date Sent) '---Page 46 of 64 RA/ Comments Response (Due Date) -

September 18, 2012 DCPP PPS Open Item Summary Table Page 47 of 64 No SrC/RI Issue Description P&GE response: Status RAI No. (Date Sent) RAI Response (Due Date) Comments 40 RA Software Tools OPEN I In the ALS Progress Update 2012-08-01 provided to the staff, Westinghouse/CSI described that they are replacing Automated Test Environment (ATE) from IW credited tools with a LabView based ALS Board Test System (ABTS). Also, in this presentation, Westinghouse/CSI noted that they are performing additionallV&V and equipment qualification tools. Since this information needs to be reflected in the software planning documents, please identify how these items will affect Westinghouse/ALS documents related to PPS replacement project. Also, identify what document will be revised to include description of these modifications.

PG&E Response:

The ALS Design Tools 6002-00030 requires revision to replace the ATE with the ABTS. The date for the release of this revision will be provided by September 7,2012. 41 RA 09/17/2012:

Forecast release date 9/14112 for the ALS Design Tools 00030. Software V&V and Test Plan OPEN Westinghouse/ALS document 6116-0005, section 8.2 identifies the software tools to be used in the PPS replacement project. However, this list is not consistent with the list of IV&V tools identified in Section 3.6 of ALS W Plan 6002-00003.

Specifically, the test tools identified in 6002-00003 are not listed in 6116-00005 and vice versa. For example, the W Plan 00003) identifies ATE tool for IV&V, but this tool is not listed in 6116-0005 Rev. 1. Furthermore, the staff reviewed 6116-0005 Rev. 0, and found that the ATE tool was listed in this version. Please clarify what software tools will be used and what document describes them.

---September 18, 2012 DCPP PPS Open Item Summary Table --Page 48 of 64 No SrciR/ RA 43 RA Issue Description P&GE response:

PG&E Response:

A new revision of the ALS V&V Plan identifies the ABTS and the ISE as the IV&V test tools. This new revision being docketed the week of September 3 on the ALS platform docket. ATE is removed from the set of IV&V test tools. The tools listed document DCPP PPS Test Plan 6116-00005 section 8.2 and the tools in DCPP PPS W Simulation Environment Specification, 6116-10216, (to released by 30 September 2012) encompass the IV&V test tools in the revision of the ALS V&V Plan, Software PG&E "PPS System Replacement System Verification and Validation (SyWP)" does not describe the V&V activities to be performed during Operation Phase and Maintenance Phase. This document states that activities are covered by approved DCPP procedures.

Please identify DCPP PG&E 09/17/2012:

PG&E procedure CF2.ID2 is applicable to the Operations Maintenance Phase per Section Software PG&E "PPS System Replacement System Verification and Validation (SyWP)", Section 5.1.1, explains that during the Concept Phase, PG&E verify system requirements in accordance with PG&E procedure "Software Quality Assurance for Software Development."

Procedure CF2.ID9 is for in-house development of software Please explain how this procedure is going to be used for the replacement Further, Section 5.1.2 of the CF2.1D9 states that and independent review the functional requirements prepared during the concept phase would performed.

The PG&E SyWP does not identify this review, and thus is no specific V&V product for this phase. Please identify who will this review and if this is considered a V&V Status OPEN OPEN RA/ No. (Date Sent) RA/ Comments Response (Due Date)

I September 18,2012 DCPP PPS Open Item Summary Table Page 49 of 64 No SrciR/ Issue Description P&GE response:

Status RA/ No. (Date Sent) RA/ Response (Due Date) Comments PG&E Response:

09/17/2012:

Altran developed the PPS Replacement FRS during the Concept phase in accordance with Altran EOP 5.4, and verified it in accordance with Altran EOP 3.4. Altran used PG&E procedure CF3.ID16 for additional guidance.

PG&E accepted the FRS under CF3.ID17, which constituted verification of system requirements.

This was a design activity rather than a V&V activity and there is no specific V&V product for this phase. 44 RA Software V&V Invensys prepared Document No. 993754-1-813, "DCPP PPS Validation Test Plan". It states that the Test Review Board and PG&E will review all validation testing documents.

Please describe the composition of the Test Review Board, since its role/responsibility is not described in the Invensys V&V Plan or in the Validation Test Plan (Section 4.4) OPEN PG&E Response:

IN PROGRESS 45 RA Follow up of item 18 -Software V&V RG 1.168 identifies five of the activities in IEEE Std.1012-1998, Annex G, "Optional V&V Tasks," as being considered by the NRC staff to be necessary components of acceptable methods for meeting the requirements of Appendices A and B to 10 CFR Part 50 as applied to software.

These tasks are: 1. Audits 2. Regression Analysis and Testing 3. Security Assessment

4. Test Evaluation

5. Evaluation of User Documentation Westinghouse/

ALS Document No. 6002-00003, "ALS W Plan" describes the following techniques for V&V: reviews, testing, traceability analysis, inspection/analysis, and IV&V regression (change) analysis.

This plan does not include any of the optional V&V activities identified in IEEE Std.1 OPEN I September 18, 2012 DCPP PPS Open Item Summary Table Page 50 of 64 No SrclRI Issue Description P&GE response:

Status RAI No. (Date Sent) RAI Response (Due Date) Comments 1998, Annex G. Please explain if these activities are performed.

PG&E Response:

The DCPP W Plan will be revised to include these optional V&V tasks required by RG 1.168 by September 30, 2012 to align with the new ALS W Plan for the Optional Tasks. 46 RA Software V&V OPEN Several sections in the Invensys Software Verification and Validation Plan (SWP) reference "applicable Project Procedure Manual (PPM)" to perform certain activities.

The reference section in this plan identifies PPM (Reference 2.4.4). It is not clear if the PPM is constituted by several procedures or if it is only one procedure.

For example, Section 1.1, states the SWP was prepared in accordance with PPM 7.0 (Ref. 2.4.4), and then Section 4 states that V&V activities will be planned and scheduled in accordance with the applicable PPM. Please describe what the PPM is, and explain how this is going to be used in the PPS replacement project. PG&E Response:

IN PROGRESS 47 RA Software V&V OPEN Invensys Document No. 993754-1-802, "Software Verification and Validation Plan" requires the use ofV&V metrics to evaluate software development process and products.

This section does not explain what methods and criteria will be used for software safety metrics. This information is required by section B.3.1 of BTP 7-14, RG 1.152, RG 1.173 and IEEE Stds. 1061 and 1074. Also BTP 7-14 Section B.3.1.1.2.

Please provide this information.

September 18, 2012 DCPP PPS Open Item Summary Table Page 51 of 64 RAt No. RA/ Comments (Date Sent) Response (Due Date) No SrC/Rt Issue Description response:

Status PG&E Response:

IN PROGESS 48 RA Software V& V PG&E SyWP, Section 6, requires that anomalies detected are identified, documented, and resolved during the V&V activities.

This section states that anomaly reporting and resolution requirements are defined in the respective PG&E control procedures.

Section 2 "Control Procedures does not include a reference for an anomaly reporting procedure.

Please identify the PG&E control procedure used for anomaly reporting.

Further, Section 7 of the SyWP states that the PG&E authority responsible for approving deviations from SyWP is the PG&E Project Manager, who will document his/her approval a Change Notice or equivalent formal PG&E document.

Please identify where the responsible PG&E authority will its approval.

PG&E Response:

1. The PG&E control procedure for anomaly reporting is OM7.ID1, "Problem Identification and Resolution." This procedure governs the PPS replacement after it has been turned over to PG&E by the suppliers.

The suppliers' anomaly reporting procedures are applicable prior to this turnover.

2. IN PROGRESS OPEN 49 RA Software V&V OPEN Invensys Document No. 993754-1-802, "Software Verification and Validation Plan", Section 6.3 states that the Invensys personnel prepared System Deficiency Integration Report (SDIR) to document non-conformances and corrective actions during testing; the SDIR is prepared in accordance with PPM 10.0. Please explain what PPM this is. Further, the Invensys "Validation Test Plan", Section 5.4.2 states that the Test Review Board and PG&E shall review SDIRs, but this is not indicated in the Invensys V&V plan. Please explain why this review activity is not identified as a V&V task in the V&V Plan ..

September 18, 2012 DCPP PPS Open Item Summary Table Page 52 of 64 '-. No SrclRI Issue Description P&GE response:

Status RAI No. RAI Comments , (Date Sent) Response (Due -Date) , PG&E Response:

IN PROGRESS * , 50 RA Software V& V OPEN The Invensys Validation test plan, Section 8.2, states that the Narrative Test Logs are used to document conduct of testing and any anomalies that occur. Please explain if this is only used during validation, and why this is not mentioned in the Invensys SWP. Further, please explain how is this used in conjunction with Document Review Comment Sheet (ORCS) and System Deficiency Integration Report (SDIR)? PG&E Response:

IN PROGRESS 51 RA Software Configuration Management See Attachment

2. OPEN PG&E Response:

09/18/2012:

1. Configuration Process a. ALS-102 Configuration The FPGA installed on the ALS-1 02 board and therefore the 102 board itself is specific to the PPS Protection set and the ALS subsystem in which it is installed.

PG&E will not have the capability to alter the FPGA. Any change to the FPGA must be made by CS Innovations under their V&V program. Therefore, ALS-102 FPGA configuration management activities are covered by the ALS Configuration Management Plan. PG&E capability to change 102 configuration will be limited to board-level replacement.

September 18,2012 DCPP PPS Open Item Summary Page 53 of 64 No I SrclRI I Is sue Description IP&GE response:

Status RAI No. 'RA/ Comments (Date Sent) Response (Due Date) NVRAM ALS 110 boards are generic; that is, each board is configured its NVRAM for the specific function it is to perform. This activity described in SCM 36-01 Section 1.2.8, which states that configuration of the NVRAM is changed by removing the board from the ALS chassis and inserting it into a special fixture. This would be performed as part of a maintenance such as replacing a failed board. If the functionality of an 110 required modification as a result of an application change, required NVRAM configuration alterations would be performed CS Innovations under their ALS Configuration Management As with the ALS-102 FPGA discussed above, PG&E will not have the capability to alter the NVRAM configuration itself. PGE capability to change the NVRAM configuration for a specific 110 board will be limited to loading NVRAM images that are under CS Innovations configuration control and that have been previously verified and validated at the system level by CS Innovations.

Configuring the NVRAM in order to replace an 110 board will be performed by PG&E under an approved plant maintenance procedure. Invensys [IN Organization SCMP Inconsistent with [IN Changes and Problem Identification PROG POCM Notification [IN

-_ ......

September 18,2012 DCPP PPS Open Item Summary Table Page 54 of 64 No SrclRI Issue Description P&GE response:

Status RAI No. (Date Sent) RAI Response (Due Date) Comments b. Tracking changes in SAP [IN PROGRESS]

4. Document Repository

a. SourceSafe vs. SC-I-36-M

[IN PROGRESS]

b. Control of Access to PPS Replacement Documentation

[IN PRGOGRESS]

52 RJS NSIR Security:

PG&E stated in its letters DCL-11-123 and DCL-11-1 04 that the PPS replacement will be fully compliant with the 10 CFR 73.54 cyber security requirements, including RG 5.71, Revision 0, "Cyber Security Programs for Nuclear Facilities," dated January 2010, and is being reviewed to comply with 10 CFR 50.73, the DCPP Cyber Security Plan, and NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6, dated April 2010. The cyber security program that PG&E is implementing per its NRC approved cyber security plan includes provisions applicable to all phases of a systems' life cycle, including the digital upgrade or modification of critical digital assets. Please explain how the provisions outlined in the PG&E's NRC-approved cyber security plan were considered, and/or implemented, as part of the PPS replacement.

The provided explanations should include how all of the management, operational, and technical security controls contained within the plan. especially security controls associated with Configuration Management and System and Service Acquisition, are being addressed.

The provided explanations should also include any issues associated with partial implementation of the PPS replacement and full implementation of the cyber security plan for the site, and processes to identify and resolve Open -......-.-.......

September 18, 2012 DCPP PPS Open Item Summary Table Page 55 of 64 No SrclR/ -Issue Description P&GE response:

Status RA/ No. (Date Sent) RA/ Response (Due Date) I Comments , any such issues. I PG&E Response:

The Gyber Security program manager and other members of the GSA T (Gyber Security Assessment team) met with the Process Protection System (PPS) Upgrade design engineer beginning in 2011. Many options were discussed.

The Gyber Security program manager and project manager have met with the procurement group to discuss cyber security principles that should be written into the procurement procedures, and what steps will help to ensure a secure supply chain. The Gyber Security Assessment Team (GSAT) was formed in accordance with section 3.1.2 of the cyber security plan, and Milestone a, on 10/31/2011.

A list of critical digital systems and assets was created in accordance with section 3.1.3 of the cyber security plan and Milestone b on 10/31/2011.

The GSAT looked at scheduled digital upgrades, and added the future to the list of critical digital systems. The GSAT determined the PPS equipment will be a critical system, with several GDAs. From July 9-12 2012, the cyber security project manager accompanied members of the Quality Verification group to examine the design and production facilities of Invensys, and examined the code production practices and the development environment, and determined that Invensys has an SDE, and ensures their employees are reliable and trustworthy.

Activities planned for the future. In December of 2012, the network that the PPS will eventually reside on will September 18, 2012 DCPP PPS Open Item Summary Table Page 56 of 64 No Src/RI Issue Description P&GE response:

Status RAI No. (Date Sent) RAI Response (Due Date) Comments -be isolated from internet connected networks by a deterministic network device, per milestone c of the DCPP Cyber Security Plan. Thus many network attacks, including many that depend on a back door created by a vendor, will not be possible.

Also by December of 2012, DCPP will have taken steps to lessen the likelihood of an attack initiated by a portable electronic device, or portable media such as a thumb drive per Milestone d, and section D 1.19 of NEI 09. This will mitigate portable media based attacks that depend on a back door created by a vendor. The DCPP Cyber Security Team will interface with NUPIC (Nuclear Procurement Issues Committee) and the NEIINITSL counterfeit parts task force to address digital equipment supply chain security.

The Cyber Security Implementation Project Manager has developed a detailed project plan, with several tasks and schedules.

Several existing plant procedures will be revised. The PPS will inherit the controls implemented by these procedures.

Many of the procedures will have been changed/created before the PPS is installed.

The CSA T is collecting design information as it becomes available.

The collected design documentation is being reviewed as it is collected.

The collected documentation will be reviewed in a formal desktop evaluation per the cyber security plan, section 3.1.5 prior to the PPS installation.

The test set up in the offsite test lab near the plant will be visited on occasion by the CSAT, the system will be walked down repeatedly during installation, and the final walkdown will be performed when the system is ready to return to operations, per section 3.1.5 of the security plan. The CSA T will make recommendations to enhance the cyber security posture of the PPS upgrade throughout the project, and will make their final _ ..... _ ......... .... _-...._._....._ ... _.. _ .. _.. -

53 54 September 18,2012 DCPP PPS Open Item Summary Table Page 57 of 64 No Status RAt No. RAt SrC/RI Comments (Date Sent) Issu e Description I P&GE response:

Response (Due Date) reci m mendations after the system walkdown, per section 3.1.6 of the sec ty Disl o ;ition of all controls will be documented in the cyber security ass ,ment tool, CyberWiz.

Recommended mitigation will be documented in C y erWiz, and the Corrective Action Program. , RJS WEK Sec m 4.10.2.6.3 of LAR: Ate c 1 specification change resulting from the recent Eagle 21 failure that affe C' ed the operability of the AFW control system is being reviewed by the staf As part of this review PG&E has stated that the Independence !en safety systems and other systems clause is not being met for all con tions of operation.

If this is the case, then why does the PPS LAR not ider t fy any exceptions to IEEE 603 clause 5.6.3? Even if the replacement joes not have an equivalent failure mode to the Eagle 21 system, the TS lange would still apply after the upgrade is completed.

The staff will nee d to confirm that the potential for this failure mode has been eliminated in tt e new design or that the criteria of IEEE 603 is otherwise beeing sati ed. PG4 :: Response:

None Required PG4 :: Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR Ch;: n ges, Insert 1 for FSAR Section 3.10.2.1.3 states that "The Pro iSS Protection System Trieon subsystem has been seismically qualified by I rensys Operations Management (see Reference

40) in accordance with equirements from Reference 44 that is endorsed by Reference 33." Wh, t is reference 44 and where is this documented in the FSAR? PGc :: Response:

Reference 44 IEEE 344-1987, the current Reference 44 in it e FSAR. See FSAR page 3.10-40 that was included in the FSAR cha les in PG&E Letter DCL-12-050, Phase 2 Documents, Attachment

2. Closed 9/11/12 -Per CC with PG&E, the position on compliance with IEEE 603 5.6.3 is being revised and there is no plan to take exception with this or any other criteria of IEEE 603. OPEN New September 18,2012 DCPP PPS Open Item Summary Table Page 58 of 64 No SrciR/ / ssue Description P&GE response:

Status RA/ No. RA/ Comments (Date Sent) Response (Due i--. 55 WEK PG&E Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR OPEN Date) Changes, FSAR Section 7.1.2.5, Conformance With Other Applicable New Documents (page 7.1-13) does not indicate the NRC Safety Evaluation that will be produced to approve the PPS. The staff's SER should become part of the DCPP Unit 1&2 licensing basis once it is issued. How will this be documented within the FSAR?? PG&E Response:

Reference to the staff SER will be included in FSAR Section 7.2.1.1.6 for the reactor trip portion of the process protection system and to Section 7.3.1.1.4.1 for the engineered safety features actuation system portion of the process protection system. 56 WEK PG&E Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR OPEN Changes, FSAR Section x.x.x.x, (page 7.2-23) states that the evaluation for New the common mode failure in the PPS is pre.sented in References 37 [DCPP PPS D3 L TR] and approved in Reference 38 [the staff's SER approving the DCPP PPS D3 L TR]. However, it is noted that in the staff's SER it was stated in several sections that the D3 design features were approved based on " ... confirmation that the proposed built-in diversity of the ALS sub-system is found to be acceptable." This confirmation will be provided in the DCPP PPS SER, therefore, the staff's SER should also be referenced in this section. Response:

Reference to the staff SER for LAR 11-07 will be included in FSAR Section 7.2.2.1.2 in addition to the staff SER for the DCPP D3 LTR. 57 WEK PG&E Letter DCL-12-050, Phase 2 Documents, Attachment 2 FSAR OPEN Changes, FSAR Section 7.2.2.9.2, IEEE 603-1991 Clause 5 , Clause 5.12 New (page 12) states that"... the communication path between the maintenance workstation and the ALS subsystem is normally disabled with a hardwired switch ... " Also, Attachment 3, PG&E PPS Interface Requirements Specification (IRS), Rev.6 to PG&E Letter DCL-12-069 dated August 2, 2012 states in section 1.5.6 " ... TAB communications between the ALS and MWS takes place via RS-485 data link. The TAB is physically disconnected from the MWS when the TAB is not in use .... the TAB is open at all times unless maintenance is being performed on the ALS ... " Please identify administrative controls and design features associated with the PPS that explains how the MWS is disconnected/disabled from the PPS (Le., a _. means of physical disconnect, or a safety-qualified hardware switch

58 September 18,2012 DCPP PPS Open Item Summary Table Page 59 of 64 No Issue Description P&GE response:

SrclRI that either physically opens the data transmission circuit or interrupts the connection by means of hardwired logic. "Hardwired logic" as used here refers to circuitry that physically interrupts the flow of information, such as an electronic AND gate circuit (that does not use software or firmware) with one input controlled by the hardware switch and the other connected to the information source: the information appears at the output of the gate only when the switch is in a position that applies a TRUE or "1" at the input to which it is connected.

Provisions that rely on software to effect the disconnection are not acceptable.

It is noted that software may be used in the safety system or in the workstation to accommodate the effects of the open circuit or for status logging or other purposes) that demonstrate how this hardwired switch disconnects the ALS maintenance workstation from the ALS safety processor.

r-pG&E Response:

For the ALS subsystem, instead of using a hardwire keyswitch, the ALS subsystem will be administratively controlled by physically disconnecting the communication link to the ALS MWS computer when the Test ALS Bus (TAB) is not being used for surveillance testing, maintenance, and trouble-shooting.

This is a PPS replacement design change described in the response to NRC request for additional information in PG&E Letter DCL-12-083 and will be included in a to LAR 11-07. RJS ALS FMEA -There are several failure modes identified in Table 4-4 of the FMEA where the System Effects entry provides a description of functions that are not affected by the failure mode instead of stating what the effects of the failure mode are. For example, the System Effects in the ETT failure in line 5b of table 4-4 are that the Alarm Function remains operational.

Though this may be the case, it does not state what the effects of the failure mode are. Examples of this can be found in lines 5b, 6a, 6b, 7a, 9h, 9i, 11 b, 11c, and 11d. Status RAI No. (Date Sent) RA/ Comments Response (Due Date) PG&E Response:

09/17/2012:

ALS response forecast 09/30/2012

-

September 18, 2012 DCPP PPS Open Item Summary Table Page 60 of 64 No Src/RI Issue Description P&GE response:

Status RA/ No. RA/ Comments (Date Sent) Response (Due Date) 59 RJS Open ALS FMEA Some of the identified failure modes of the ALS system are New detectable only by operator observations, or by means that are not necessarily performed during routine operation or during surveillance I testing. See lines 10c, and 12a, What measures will be implemented to ensure that these failure modes would not occur and remain undetected for an indefinite period of time? It is the staffs understanding that all failure modes which are not detectable through normal means such as surveillance tests or channel checks would need to be considered present for the purpose of satisfying single failure criteria for the system. PG&E Response:

ALS response forecast 09/30/2012 PG&E Response: PG&E Response: PG&E Response: PG&E Response:

September 18, 2012 DCPP PPS Open Item Summary Table Page 61 of 64 No SrclRI Issue Description P&GE response:

Status RAI No. (Date Sent) RAI Respofl'se (Due Date) Comments PG&E Response: -PG&E Response:

September 18, 2012 DCPP PPS Open Item Summary Table Page 62 of 64 Attachment 1 Figure 1 DCPP 120 Volt Vital Instrument AC System (Simplified) 5D11 (21) AC DC DC AC .. j .... ..s

..//!

Transfer Switch DC DC Transfer 5D13 (23) To Protection Set IV BUS 1H (2H) SWItch T

.. DC I r Transfer SwitCh To Protection Set I To ProteCtiOn Set 11 To Protection Set III Legend: IY: UPS and DC-AC Inverter PY: 120 VAC Distribution Panel SD: 125 VDC Distribution Panel TRY: 480 VACI120 VAC Transformer and Regulator Normal Power Flow Bypass (120 VAC)/Backup (125 VDC) Power Alternate Bypass Power Flow Unit 1 Component ID's are shown; Unit 2 Component ID's are in parentheses.

For example, PY11 is Unit 1 Vital Instrument AC Distribution Panel 1; PY21 is Unit 2 Vital Instrument AC Distribution Panel 1.

September 18, 2012 DCPP PPS Open Item Summary Table Attachment 2 Open Items Related to Software Configuration Management Plan 1) Configuration process In open item 4, the staff requested description of the software configuration management activities for configurable boards (e.g., ALS FPGA-102 board). Since the ALS FPGA-102 board is customer specific, its configuration management activities are not covered by "ALS Configuration Management Plan." Even though item 4 is closed, this request was not addressed in the response for item 4. The PG&E SCM 36-01, item 1.2.8, states that ALS board has two sets of NVRAM. Further, it explains that the configuration of the NVRAM can be changed only by removing the subject board from the ALS chassis and inserting it into a special test fixture. It is not clear who will control this process and configuration of the NVRAM. Please explain. Section 1.2 of the Invensys Document No. 993754-1-909, "Software Configuration Management Plan," states that this plan controls operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purpose. However, the description provided throughout the plan only focuses on the configuration activities for the TSAP (e.g., Section 2.3 states that the SCM procedures are for the TSAP). Further, this same section (later on) identifies the software configuration to be managed, and this list does not include operating system of the computers used to run TriStation 1131 and the signal simulation software used for testing purpose. Please clarify the scope of this plan. 2) Organization a) The organization and responsibilities described in Section 4 of CF2.ID2 is not consistent with the information presented in Section 2 of SCMP 36-01. For example, Section 2 of SCMP 36-01 identifies system coordinator, application sponsor, and system team, who are not identified in Section 4 of Cf2.ID2. Further these descriptions are not identified in the project organization described in PG&E PPS Replacement Plan (Attachment 3 of the LAR). Please clarify the roles and responsibilities for SCM, and provide a cross reference of the PG&E organizations described in these documents.

3) Changes and Problems Identification a) PG&E SCMP36-01 states that software, hardware, and configuration problems are reported in accordance with PG&E OM7.ID1 and that software and/or configuration problems are reported via a PROG PDCM Notification.

Please clarify when and how these are used. For example, for software problems does one have to report the problem using both PG&E OM7.ID1 and PROG PDCM Notification.

Note that PG&E CF2.ID2 states that all problems associated with plant computer system should be reported and document per OM7.ID1 (See section 5.11 and 5.16.10 (b) of CF2.ID2) Further, Section 3.2.1 states that all PPS modifications should be initiated and tracked per plant procedures or CF4.ID1. Section 3.2.2 states that the implementation of the change is documented in the associated Change Package and a SAP notification and order. And Section 3.2.10 states that all identified problems and corrective actions using a notification, which is not specified.

So should .software modifications require reporting and tracking using OM7.ID1, CF4.ID1, PROG PDCM Notification, Change Package, and SAP Order? Please explain PG&E procedures for different changes and the documenting and tracking system used for all types of modification.

b) Please clarify the means to track changes. Section 3.2.4.7 of the SCM 36-01 states that this is done using a SAP order, but Section 3.2.4.7 states that Change Package and SAP order are entered in the September 18, 2012 DCPP PPS Open Item Summary Table Record Management System, and Section 3.3 describes a Configuration Status Account I which is used to track changes of configuration items. 4) Document Repository a) SCM 36-01, Section 2.3.3 identifies the Digital Systems Engineering SourceSafe as the repository, but Section 3.2.5.5 identifies http://dcpp142Iidmws/home/asp, and Section 3.29 states that the files necessary for recovery of the baseline are maintained in the PPS database in SC-I-36M, Eagle 21 Tunable Constants." It is not clear if these two sections are referring to the same document reporsitory or if it is the same. Please clarify b) PG&E has implemented restrictions to access files and documents associated with PPS replacement project. Further, PG&E requires user authentication and access to edit configuration, software, and data. It is not clear if these restrictions apply for access to the Digital Systems Engineering SourceSafe or the repository in http://dcpp142/idmws/home/asp.

Approach to Justify the Applicability of WCAP-14333 and WCAP-15376 Technical Specification Changes to the Triconex/AlS System at Diablo Canyon Issue: The Technical Specification changes to the process protection system justified in WCAP-14333 and WCAP-15376, and approved by the NRC, apply only to currently operating process protection systems (7100, 7300, Eagle 21). A justification for the applicability of these changes to the Triconex/ALS system needs to be developed.

Background:

WCAP-10271-P-A; WCAP-10271, Supplement 1-P-A; WCAP-10271-P-A, Supplement 2, Rev. 1; WCAP-14333-P-A, Rev. 1; and WCAP-15376-P-A, Rev. 1 (References 1-5) provide the justification for extending completion times, bypass test times, and surveillance test intervals for components in the reactor protection system. The reactor protection system components include the analog channels, logic cabinets, master and slave relays, and reactor trip breakers.

The analysis supporting these changes is based on the Westinghouse 7300 process protection system. A justification was previously developed that extended the applicability of these changes to the Westinghouse Eagle 21 Process Protection System. The NRC's Safety Evaluation associated with WCAP-15376 specifically stated "For future digital upgrades with increased scope, integration and architectural differences beyond that of Eagle 21, the staff finds the generic applicability of WCAP-15376-P, Rev. 0 to future digital systems not clear and should be considered on a plant-specific basis." Based on this statement, it is concluded that the applicability of the TS changes justified in WCAP-15376-P-A, Rev. 1 to digital systems other than Eagle 21 needs to be justified.

Similar statements are not included in the NRC's Safety Evaluations for WCAP-10271-P-A with Supplements 1 and 2 or for WCAP-14333-P-A, Rev. 1, but it would be prudent to provide such a justification to cover all the changes justified in these WCAPs. Approach to Justification:

A qualitative approach will be used to assess the applicability of the WCAP changes to the Triconex/ALS system. This assessment will involve a comparison of the Triconex/ALS system to the Eagle 21 system. The idea is to demonstrate qualitatively, based on system design, signal development, backup systems, etc., that the Triconex/ALS system is equal to or better than Eagle 21 with regard to the reliability of protection signal development.

Since the WCAP changes are applicable to the Eagle 21 system, and if the Triconex/ALS system is equivalent to or better than the Eagle 21 system, then the WCAP changes should be applicable.

This assessment will include a detailed review of the Triconex/ALS and Eagle 21 system designs with regard to structure and architectural differences, protection signals, common cause failures, and self-check features, and will include, as necessary, available failure modes and effects analyses and reliability assessments.

References "Evaluation of Surveillance Frequencies and Out of Service Times for the Reactor Protection Instrumentation System," WCAP-10271-P-A, May 1986. "Evaluation of Surveillance Frequencies and Out of Service Times for the Reactor Protection Instrumentation System, Supplement 1," WCAP-10271, Supplement 1-P-A, May 1986. Enclosure 3

"Evaluation of Surveillance Frequencies and Out of Service Times for the Reactor Protection Instrumentation System," WCAP-10271-P-A, Supplement 2, Revision 1, May 1989. "Probabilistic Risk Analysis of the RPS and ESFAS Test Times and Completion Times," WCAP-14333-P-A, Revision 1, October 1998. "Risk-Informed Assessment of the RTS and ESFAS Surveillance Test Intervals and Reactor Trip Breaker Test and Completion Times," WCAP-15376-P-A, Revision 1, March 2003.

-The NRC staff and PG&E discussed the information found in Enclosure 3, associated with Eagle 21 Technical Specification (TS) applicability to the replacement PPS. The issue is whether or not a justification for the applicability of the Eagle 21 TSs needs to be developed for the replacement PPS. There was agreement that such a justification is needed and that it will be reviewed by the staff as part of its review of the LAR. The staff took an action to add a new open item to the open item tracking table to track the issue. The NRC staff and PG&E discussed several of PG&E's proposed responses found in Enclosure

2. Based on interactions during the meeting, PG&E took an action to modify some of the responses to address issues that the staff identified.

PG&E will provide the revised response to the staff prior to the next meeting. The revised responses and any new issues identified by the staff will be updated in the master open item tracking table and will be discussed at the next public meeting tentatively scheduled for October 17, 2012. Please direct any inquiries to me at 301-415-1132 or at Joseph.Sebrosky@nrc.gov.

IRA! Joseph M. Sebrosky, Senior Project Manager Plant licensing Branch IV Division of Operating Reactor licensing Office of Nuclear Reactor Regulation Docket Nos. 50-275 and 50-323

Enclosures:

1. List of attendees

2. Staff identified issues 3. Information related to Eagle 21 TS Applicability cc w/encls: Distribution via Listserv DISTRIBUTION:

PUBLIC RidsNsirDsp Resource SAchen, RIVlDRS/EB2 LPLIV Reading RidsOgcRp Resource ELee, NSIRIDSP/CSIRB RidsAcrsAcnw

_MailCTR Resource RidsRgn4MailCenter Resource DParsons, NSIR/DSP/CSIRB RidsNrrDeEicb Resource SKennedy, EDO RIV GSimonds, NSIR/DSP/CSIRB RidsNrrDorl Resource TWertz, NRR THarris, NSIRIDSP/FCTSB RidsNrrDorlLpl4 Resource WKemper, NRR/DE/EICB MShinn, NRC/CSO RidsNrrDraApla Resource RStattel, NRR/DE/EICB CNickell, NRR/DLR/RAPB RidsNrrDssStsb Resource RAlvarado, NRR/DE/EICB MSnodderly, NRR/DRAIAPLA RidsNrrLAJBurkhardt Resource WMaier, RIV KBucholtz, NRR/DSS/STSB RidsNrrPMDiabloCanyon Resource SMakor, RIV/DRS/EB2 ADAMS Accession Nos. Meeting Notice ML 12240A075; Meeting Summary ML 12284A445

• via email OFFICE NRRlDORULPL4/PM NRRlDORULPL4/LA NRRlDE/EICB NSIRIDSP/CSIRB NRRlDORULPL4/BC NRR/DORULPL4/PM NAME JSebrosky JBurkhardt*

RStattel DParsons*

MMarkley JSebrosky DATE 10/15/12 10111112 10/12112 10/15/12 10/15/12 10/16/12 OFFICIAL RECORD COpy