ML17235A593

From kanterella
Revision as of 20:36, 29 October 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
Jump to navigation Jump to search
First Principles for Use in Developing Design Certification Tier 1 Information and Inspections, Tests, Analyses and Acceptance Criteria
ML17235A593
Person / Time
Site: Nuclear Energy Institute
Issue date: 06/30/2017
From:
Nuclear Energy Institute
To:
Office of New Reactors
Shared Package
ML17235A591 List:
References
Download: ML17235A593 (20)


Text

ATTACHMENT First Principles for Use in Developing Design Certification Tier 1 Information and Inspections, Tests, Analyses and Acceptance Criteria Nuclear Energy Institute White Paper June 2017

Table of Contents

1. Introduction .......................................................................................................................................... 1
2. Background ........................................................................................................................................... 1
3. First Principles for Tier 1 Design Descriptions and ITAAC ..................................................................... 2 3.1. Top-Level Design Features and Performance Characteristics ...................................................... 3 3.2. Graded Approach .......................................................................................................................... 4 3.3. Source for Tier 1 Design Descriptions and ITAAC ......................................................................... 6 3.4. Permanent Plant Features Installed Prior to Fuel Loading ........................................................... 6 3.5. Regulations Related to Design and Performance of Safety Functions ......................................... 7 3.6. Balance the Goal of Standardization with the Need for Flexibility ............................................... 8 3.7. ITAAC are a Focused Subset of Construction Verification Activities............................................. 9 Appendix A - Tier 1 and ITAAC Related NRC Policy Papers .......................................................................... 1 Appendix B - Definitions and Acronyms ....................................................................................................... 1
1. INTRODUCTION Design certification applications (DCAs) submitted pursuant to 10 CFR Part 52 contain two tiers of information, Tier 1 and Tier 2. Tier 1 contains information that is to be certified through rulemaking, and includes the inspections, tests, analyses, and acceptance criteria (ITAAC). Tier 2 contains more detailed information and is the source for information included in Tier 1.

Experience from the development of previous DCAs and the implementation of ITAAC by licensees has resulted in lessons learned on how to improve and standardize Tier 1 and ITAAC. For example, experience shows that the majority of ITAAC for previously certified light water reactor (LWR) designs are common to all LWR designs.

This document contains the First Principles to be used by design certification (DC) applicants to develop Tier 1 and ITAAC based upon NRC policy papers. These First Principles will be incorporated into NEI 15-02, Industry Guideline for the Development of Tier 1 and ITAAC Under 10 CFR Part 52, which provides guidance to applicants to standardize Tier 1 and ITAAC. Standardizing the format and content of Tier 1 and ITAAC to the extent practical will facilitate more efficient DCA development by DC applicants and review by the NRC.

2. BACKGROUND The NRC conducts its new reactor licensing activities through a combination of NRC regulations and regulatory guidance. 10 CFR Part 52 serves as an alternative process to reactor licensing under 10 CFR Part 50, and governs the issuance of early site permits, standard design certifications, combined licenses, standard design approvals, and manufacturing licenses for nuclear power facilities. The intent of 10 CFR Part 52 in providing for the review and licensing of standard designs is to effect early resolution of safety issues and to enhance the safety and reliability of nuclear power plants through standardization.

Regulations 10 CFR 52.17(b)(3), 10 CFR 52.47(b)(1), and 10 CFR 52.80(a) specify ITAAC requirements for early site permit (ESP), standard design certification, and combined license (COL) applications, respectively. In addition to the governing regulations, regulatory guidance is contained in regulatory guides, interim staff guidance, standard review plans, office instructions, and review standards.

The Commission established a two-tiered approach for DCAs in its SRM on SECY-90-377. Tier 1 of a DC contains the ITAAC and top-level design information and is referred to as certified design material (CDM). Tier 2 of a DC contains design information at a level of detail similar to post-1985 FSARs and is the source from which the information in Tier 1 is derived.

10 CFR 52.47(b)(1), requires that a DC application contain the proposed inspections, tests, analyses, and acceptance criteria, and states:

Page 1 of 9

The proposed inspections, tests, analyses, and acceptance criteria that are necessary and sufficient to provide reasonable assurance that, if the inspections, tests, and analyses are performed and the acceptance criteria met, a facility that incorporates the design certification has been constructed and will be operated in conformity with the design certification, the provisions of the Act, and the Commission's rules and regulations.

The NRC SRP, NUREG-0800, provides guidance to NRC staff responsible for reviewing DC applications under 10 CFR Part 52. SRP Section 14.3 contains guidance to NRC staff reviewing Tier 1, ITAAC and Tier 2 Section 14.3. NRCs Regulatory Guide 1.206 also contains guidance to Part 52 applicants and is currently in the process of being updated by the NRC staff.

In the early 1990s, the NRC issued several SECYs and SRMs, which provided the NRC staff with policy guidance on a number of issues related to 10 CFR Part 52, including the scope of Tier 1 and ITAAC. As listed in Appendix A, several NRC SECY papers and associated SRMs have provided the regulatory basis associated with design certification.

3. FIRST PRINCIPLES FOR TIER 1 DESIGN DESCRIPTIONS AND ITAAC General criteria that provide clarity on the scope and level of detail of Tier 1 Design Descriptions and ITAAC have been expressed in several NRC policy papers and guidance documents, and have been used to develop Tier 1 Design Descriptions and ITAAC for DCAs to date. In this section, these criteria are consolidated and grouped into a set of First Principles.

First Principles are used as guidance for identifying Tier 1 Design Descriptions and ITAAC in DCAs that are necessary and sufficient to provide reasonable assurance that an as-built facility will operate in conformance with the NRC regulations and the license. These First Principles must be applied together in order to determine the appropriate content of Tier 1 Design Descriptions and ITAAC. Selective application or reliance on a single criterion, while ignoring other criteria, could result in inappropriate information being included in Tier 1.

First Principles for Tier 1 Design Descriptions and ITAAC

1. Tier 1 Design Descriptions describe the top-level design features and performance characteristics of the plant.
2. The amount of detail in Tier 1 Design Descriptions is proportional to the safety and risk significance of the top-level design feature or performance characteristic (i.e., a graded approach).

Page 2 of 9

3. Tier 1 Design Descriptions are derived solely from the Tier 2 design information, and ITAAC Design Commitments are derived solely from Tier 1 Design Descriptions.
4. Tier 1 Design Descriptions describe SSC for which construction or installation in the final location will be completed prior to fuel loading, and are expected to be in place for the lifetime of the plant.
5. ITAAC provide reasonable assurance that the constructed facility conforms with NRC regulations related to design and performance of safety functions.
6. The scope of Tier 1 Design Descriptions reflects the Commissions intent to balance the goal of standardization with the need to provide flexibility to applicants and licensees to make certain changes without prior NRC approval.
7. ITAAC are a focused subset of construction verification activities.

Each of the First Principles for determining the scope of Tier 1 Design Descriptions and ITAAC listed above is discussed further.

3.1. Top-Level Design Features and Performance Characteristics Top-level design features and performance characteristics are attributes, such as safety-related pump capacity, safety-related equipment qualification, and physical separation of Class 1E power circuits that are important to performing the safety-related and certain risk-significant functions of the plant. Top-level design features and performance characteristics can be grouped into the following design areas:

  • Containment Pressure Boundary
  • Seismic Category I Structures
  • Safety-Related Equipment Qualification
  • Safety-Related Mechanical Equipment
  • Class 1E Power for Safety-Related Equipment
  • New and Spent Fuel Storage
  • Non-safety-related SSC providing protection of safety-related SSC
  • Non-safety-related SSC providing radiation protection essential to prevent excessive exposure or release of radioactive material
  • Human Factors Engineering essential to shut down the reactor and maintain it in a safe shutdown condition
  • Physical Security
  • Certain risk-significant functions performed by non-safety-related SSC (as described in Section 6.2 on design-specific ITAAC)

The focus on top-level design features and performance characteristics is discussed in a number of SECYs, SRMs and guidance documents, including the SRP. The intent is that Tier 1 Design Descriptions Page 3 of 9

contain only the top-level design features and performance characteristics that are most significant to safety and necessary to provide reasonable assurance that the plant was built in accordance with the license and NRC requirements. Design information necessary to support required NRC safety findings is provided in Tier 2.

Examples of Top-Level Design Features and Performance Characteristics Examples of structures included in Tier 1 Design Descriptions are the Seismic Category I Reactor Building, fire barriers, flood barriers, radiation shields, and the new and spent fuel storage racks.

Examples of components included in Tier 1 Design Descriptions are safety-related valves, tanks, instruments, and piping systems.

Examples of physical attributes included in Tier 1 Design Descriptions are safety-related tank volume, safety-related equipment qualification, location of fire barriers, and thickness of radiation shields/walls.

Examples of performance characteristics included in Tier 1 Design Descriptions are building seismic performance, safety-related piping conformance to ASME Code Section III requirements, safety-related valve stroke time when a change in valve position is necessary to accomplish a safety-related function, and safety-related components automatic response to the Protection System.

3.2. Graded Approach The level of detail for Tier 1 Design Descriptions is based on a graded approach commensurate with the safety and risk significance of the top-level design feature or performance characteristic.

A graded approach is discussed in a number of SECYs, SRMs, and guidance documents, which indicate that top-level design features and performance characteristics that are the most significant to safety are those to be included in Tier 1. Thus, the extent to which a particular system is to be described in Tier 1 depends upon the safety significance of the system. A graded approach should be used to determine the type of information and the level of detail in Tier 1 commensurate with the safety significance of the SSC for the design.

The graded approach to design certification is consistent with NRC guidance in NUREG-0800 and in Regulatory Guide (RG) 1.206. Specifically, SRP Section 14.3, page 14.3-16 states:

This graded approach recognizes that although many aspects of the design are important to safety, the level of design detail in Tier 1 and verification of the key design features and performance characteristics should be commensurate with the significance of the safety functions to be performed.

The graded approach reflects the wide variation in complexity and safety significance of top-level design features and performance characteristics. For example, more complex and safety-significant SSC may perform a variety of safety-related functions and are the subject of several Design Commitments to be verified by ITAAC. Fewer Design Commitments and ITAAC would be provided for SSC that perform less Page 4 of 9

complex safety functions (e.g., reactor coolant pressure boundary only) and for SSC that perform only non-safety-related, risk-significant functions (i.e., SSC that do not perform safety-related functions and are not required to meet the requirements of safety-related SSC). For non-safety-related SSC that are not important to a top-level design feature or performance characteristic there would be no Design Description, no Design Commitments, and no ITAAC.

The scope of Tier 1 and ITAAC consist of those components that are of primary importance to the top-level design feature or performance characteristic described in the Design Description. Therefore, Design Commitments for a system do not need to include every component that is related to a top-level design feature or performance characteristic.

This principle is discussed in SECY-91-178, p. 3, which states:

The staff expects that these [ITAAC] requirements will be general in nature and will address the design at a system functional performance level of detail.

The ITAAC portion of the design certification rule and combined license will specify the important design elements that are to be verified through inspections, tests, or analyses.

The following are examples of design features or performance characteristics of safety-related SSC that do not warrant ITAAC:

  • Safety-related piping pressure relief valves associated with thermal expansion and anticipated valve leakage
  • Safety-related pump run-out protection
  • Thermal overload protection for safety-related motor operated valves
  • Interlocks aimed specifically at equipment protection for safety-related components
  • Safety-related valves that have only a passive function (except to the extent that these are covered by ITAAC for the ASME Code)
  • Instrument lines, fill lines, and drains that are classified as safety-related solely because they are part of the reactor coolant pressure boundary, but do not have any active safety-related function (the reactor coolant pressure boundary function of these components is covered by ITAAC for the ASME Code)
  • Local controls for safety-related components
  • Rebar and concrete properties for Seismic Category I structures Dimensions are often not important to the function of SSC, and wide variations in dimensions can often be accommodated without adverse impact on the function. Similarly, wide variations in material properties are generally acceptable. Therefore, in general, dimensions and material properties typically are not addressed in ITAAC, because it would unnecessarily restrict changes that have no adverse impact on safety. Exceptions to this principle include specified dimensions of critical sections of Seismic Category I Structures and the reactor pressure vessel beltline Charpy upper-shelf energy, because these Page 5 of 9

attributes are essential to a top-level safety-related function. Where dimensions are important to the top-level design features or performance characteristics, they are verified by appropriate ITAAC.

3.3. Source for Tier 1 Design Descriptions and ITAAC Tier 1 Design Descriptions are derived solely from the Tier 2 design information. No new design information can be contained in Tier 1 that is not already in Tier 2.

ITAAC are derived solely from Tier 1 Design Commitments. ITAAC Design Commitments are verbatim with Tier 1 Design Commitments, unless grammatical changes are necessary to conform to the ITAAC formatting. This approach ensures that there are no ITAAC for aspects of the design not addressed in the Design Description. This is appropriate because the objective of the ITAAC entries is to verify that the as-built plant has the design features and performance characteristics defined in the Design Descriptions.

The NRC safety determination is based solely on the Tier 2 design information. Tier 1 and ITAAC are not relied upon for the NRC safety determination provided in a Safety Evaluation Report. However, the NRC staff does make a finding that the proposed ITAAC meet the necessary and sufficient standard in the applicable regulation.

3.4. Permanent Plant Features Installed Prior to Fuel Loading Tier 1 Design Descriptions and ITAAC are focused on verifying that the as-built facility will operate in conformance with NRC regulations and the license. 10 CFR Part 52 requires that the ITAAC be satisfied prior to fuel loading. As such, information should only be included in Tier 1 if it is related to SSC that are permanent features of the plant that are installed prior to fuel loading. Aspects of the design that cannot be verified until after fuel loading are not included in ITAAC.

The following criteria are used to determine the appropriate Design Descriptions for SSC that are important to a top-level design feature or performance characteristic:

1. Design Descriptions only include SSC for which construction or installation will be completed prior to fuel loading and which are expected to be in place for the lifetime of the plant. For example, because fuel assemblies cannot be installed in the reactor until after completion of the ITAAC, and because the fuel will be periodically replaced, fuel design and related matters are not appropriate to include in Tier 1 Design Descriptions and ITAAC.
2. Design Descriptions describe the design features and performance characteristics of SSC after construction is completed. The Design Description does not describe the processes that are used for designing and constructing a plant.
3. Design Descriptions do not contain those aspects of the design that pertain to portable items, such as portable pumps and power sources, or consumables, such as charcoal absorption units and HEPA filters.
4. Those aspects of the design that pertain to operation (e.g., Appendix G to 10 CFR Part 50 prescribes requirements for temperature/pressure limits during operation) should not be Page 6 of 9

included in Tier 1. Since the ITAAC must be completed prior to fuel load per 10 CFR 52.103, such operational requirements cannot be the subject of ITAAC. SRP 14.3, p. 14.3-17 states that: ITAAC are limited to the design features and requirements that must be verified prior to fuel loading. Therefore, items like power ascension testing that are also described in the application will be covered by license conditions in the COL.

Matters related to fuel design, use of portable equipment and consumables, operational aspects and the like are described elsewhere in the application and are reviewed and inspected as appropriate by the NRC as a separate matter from ITAAC.

3.5. Regulations Related to Design and Performance of Safety Functions It is the purpose of ITAAC to provide reasonable assurance that the as-built facility conforms to NRC regulations and the license. However, not all NRC regulations need to be verified by ITAAC in order to meet ITAAC requirements (e.g., 10 CFR 52.47(b)(1) or 52.80(a)). For example, some regulations are purely administrative (e.g., 10 CFR 52.3 dealing with written communications with the NRC) and do not pertain to construction of a nuclear power and therefore have no relevance to the content of ITAAC. As general matter, ITAAC are provided in the design areas identified in Section 4.1 to provide reasonable assurance that the constructed facility conforms with NRC regulations related to design and performance of safety functions.

Due to the large number of design and performance requirements in the regulations, it is more efficient to list by exception those types of requirements that do not need to be verified by ITAAC. These include:

1. Provisions of Codes incorporated by reference in NRC regulations, such asSection III of the ASME Code, which is incorporated by reference in 10 CFR 50.55a. Instead of having an ITAAC for every provision in Section III of the ASME Code, Tier 1 Design Descriptions and ITAAC require ASME Code reports.
2. Regulations such as 10 CFR 20.1406 on minimization of contamination that do not specify requirements related to performance of safety-related or risk-significant functions.
3. Some NRC regulations pertain to design methodologies, rather than the as-built plant. For example, 10 CFR 50.46 and Appendix K to 10 CFR Part 50 specify various criteria for evaluation models to be used in designing an emergency core cooling system. Those evaluation models must be described in the application, are verified to be acceptable by the NRC staff during the licensing stage, and cannot be verified in the as-built plant itself.

Accordingly, they are not appropriate topics for ITAAC. Instead, the ITAAC should address the design features and performance characteristics that accomplish the design function that is the subject of the regulation (e.g., specify the flow rate of the emergency core cooling system pumps).

4. Some NRC regulations pertain to plant design features and performance characteristics that are not significant to the function or performance of a SSC, but instead relate to other purposes (e.g., design provisions for inspections and testing during operation). For example, Page 7 of 9

GDC 18, 32, 36, 39, 42, 45, 53, and 61 require a number of systems and components to be designed to permit appropriate periodic inspections or testing. Those provisions are not significant to any safety-related function. ITAAC are not needed for design provisions that allow access for performance of inspections and tests. Thus, ITAAC are not required for NRC regulations such as the GDC discussed above that pertain to plant design features and performance characteristics that are not significant to the function or performance of a SSC.

5. Some NRC regulations are addressed indirectly by ITAAC. For example, a number of GDC (e.g., GDC 17, 21, 34, 35, 38, 41, and 44) state that particular systems must be able to perform their safety-related functions assuming a single failure. However, implementation of the single failure criterion need not be directly verified by ITAAC. Instead, as stated in SRP 14.3, pp. 14.3-31: There will not be an ITAAC to verify that the system meets single failure, rather, the system attributes such as independence and physical separation which relate to the single failure criterion will be in ITAAC.
6. As discussed in the Commission SRM on SECY-02-0067, ITAAC are not required for NRC regulations that pertain to operational programs, such as the Setpoint Control Program, Appendix B to 10 CFR Part 50 quality assurance program, and 10 CFR 50.65 Maintenance Rule program. An exception is emergency preparedness, for which 10 CFR 52.80(a) requires that the Combined License Application (COLA) include ITAAC. 1 3.6. Balance the Goal of Standardization with the Need for Flexibility As discussed in the SRM on SECY 90-377, the Commission established the two-tier design certification structure to balance the goal of design standardization with the flexibility needed by licensees to procure equipment and construct the facility. The information included in Tier 1 is certified by rule and may be changed only through further rulemaking. Alternatively, licensees may request a license amendment and exemption to depart from Tier 1 requirements, including ITAAC. The high bar against changes or departures from Tier 1, including the need for prior NRC approval, is intended to preserve standardization and ensure that the NRC and public have the opportunity to review proposed changes to the top-level design features and performance characteristics in Tier 1.

Consistent with this principle, it is important that design information not be included in Tier 1 Design Descriptions and ITAAC that is not important to the top-level design features and performance characteristics and not necessary to provide reasonable assurance that the plant was built in accordance with the license (e.g., minor dimensional details and material properties). Such design information is subject to change in the course of construction and during the life of the plant and is appropriately controlled in Tier 2, which may be changed under a process similar to 10 CFR 50.59. Including 1

The Commission has also required design certification applications to include an ITAAC on the Design Reliability Assurance Program. Experience to date indicates that no ITAAC is needed on DRAP and none is included in the standardized ITAAC in Appendix C. The industry has requested the NRC to reconsider the requirement to include a DRAP ITAAC in future design certifications.

Page 8 of 9

unnecessary design information in Tier 1 creates undue burden by requiring licensees to seek prior NRC approval for departures when doing so may not be necessary. Conformance with Tier 2 design requirements is assured under the licensees Quality Assurance Program and overseen by the NRC.

3.7. ITAAC are a Focused Subset of Construction Verification Activities The purpose of ITAAC is to provide reasonable assurance that a constructed facility conforms to NRC regulations and its license. ITAAC are not meant to be a one-for-one check of detailed design and construction features and do not verify every design and construction feature included in the certified design. ITAAC are just one element of the licensees construction, testing, and quality programs, which include: the quality assurance program, quality control inspections, vendor surveillances and inspections, engineering design verifications, operational readiness reviews, and the preoperational test program.

The NRCs Construction Inspection Program provides oversight of all of these programs. Thus, not all construction related activities need to be verified by ITAAC. Inspections, tests, and analyses would be conducted under the quality programs even if no ITAAC existed; therefore, it is unnecessary to include in ITAAC inspections, tests, and analyses that do not meet First Principles and for which implementation is effectively assured via the quality assurance program or other programs.

The following are examples of SSC that are effectively assured by other inspection processes and do not warrant ITAAC:

  • SSC design features and performance characteristics that are not significant to the performance of safety-related or risk-significant functions, but are required for other purposes, such as design provisions for inspections and testing during operation
  • Electrical cable capacity
  • Breaker overcurrent protection
  • Cable tray routing Applying this principle allows the scope of ITAAC to be appropriately focused on top-level design features and performance characteristics.

Page 9 of 9

APPENDIX A - TIER 1 AND ITAAC RELATED NRC POLICY PAPERS SECY or SRM SECY Title / SECY Content Number SECY-90-016 Title: Evolutionary Light Water Reactor Certification Issues and Their Relationship to

& Current Regulatory Requirements SRM-90-016 Content: SECY-90-016 does not directly address ITAAC. However, it does provide policy decisions on 15 issues considered fundamental to agency decisions on the acceptability of evolutionary ALWR designs. The issues and policy contained in SECY-90-016 were summarized in Part I of the attachment to SECY-93-087.

SECY-90-241 Title: Level of Detail Required for Design Certification Under Part 52

& Content: SECY-90-241 presents present options for Commission consideration SRM-90-241 regarding the implementation of the provisions of 10 CFR Part 52 that address the level of design detail.

SECY-90-377 Title: Requirements for Design Certification Under 10 CFR Part 52

& Content: SECY-90-377 provides recommendations to the Commission regarding (1)

SRM-90-377 the level of detail required for an essentially complete nuclear power plant design in an application and available for audit for design certification, and for a combined license under 10 CFR Part 52, and (2) the use of the industry's proposed two-tier approach to design certification.

SECY-91-178 Title: Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) for Design

& Certifications and Combined Licenses SRM-91-178 Content: SECY-91-178 describes how the ITAAC for design certification, the ITAAC associated with site-specific design information, and certain Tier 2 information could constitute a verification program to be implemented by the combined license holder. The form and content of the ITAAC document is proposed with an example.

The SECY also describes how the successful completion of the ITAAC requirements and any other acceptance criteria in the combined license will constitute the basis for the NRC's determination to allow operation of the facility.

SECY-91-210 Title: Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) Requirements for Design Review and Issuance of a Final Design Approval (FDA)

Content: SECY-91-210 requests Commission guidance on a policy matter related to an industry proposal that would allow the NRC staff to issue standardized plant final design approvals (FDAs) prior to final staff approval of the proposed ITAAC.

Page 1 of 4

SECY or SRM SECY Title / SECY Content Number SECY-92-053 Title: Use of Design Acceptance Criteria During 10 CFR Part 52 Design Certification Reviews Content: SECY-92-053 addresses design acceptance criteria (DAC) for pipe stress analyses, radiation shielding and airborne concentrations, instrumentation and control systems, and control room design details.

SECY-92-196 Title: Development of Design Acceptance Criteria (DAC) for the Advanced Boiling Water Reactor (ABWR)

Content: SECY-92-196 addresses the proposed use of DAC as an approach to the design review and resulting design certification for the GE ABWR to resolve the difficulties being experienced in obtaining detailed design information for selected areas of the plant.

Enclosure 1 is a draft of the staffs final Safety Evaluation Report on the radiation protection and airborne concentration DAC area.

Enclosure 2 is a draft of the staffs final Safety Evaluation Report of the piping design DAC area.

SECY-92-214 Title: Development of Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) for Design Certifications Content: SECY-92-214 addresses issues identified in SECY-91-178, "Inspections, Tests, Analyses, and Acceptance Criteria for Design Certifications and Combined Licenses," and SECY-91-210, "Inspections, Tests, Analyses, and Acceptance Criteria Requirements for Design Review and Issuance of a Final Design Approval."

SECY-92-287, Title: Form and Content for a Design Certification Rule SECY-92-287A Content: SECY-92-287 proposed a format for a design certification rule for

& standardized plant designs. The SECY proposed that Tier 1 is the portion of the SRM design-related information contained in the DCD that constitutes the certified 287/287A standard design.

SECY-92-287A addresses apparent inconsistencies between the staff's proposed change process for Tier 2 design information in SECY-92-287, and the Commission's SRM on SECY-90-377, "Requirements for Design Certification under 10 CFR Part 52.

Page 2 of 4

SECY or SRM SECY Title / SECY Content Number SECY-92-294 Title: Acceptance Review of the Westinghouse Electric Corporation's Application for Final Design Approval and Design Certification for the AP600 Design Content: SECY-92-294 addresses that in order for the NRC staff to complete its review of an application for an FDA/DC, a complete set of ITAAC must be submitted with the application.

SECY-92-299 Title: Development of Design Acceptance Criteria (DAC) for the Advanced Boiling Water Reactor (ABWR) in the Areas of Instrumentation and Controls (I&C) and Control Room Design Content: SECY-92-299 addresses Development of DAC for the ABWR in the areas of I&C and control room design.

SECY-92-327 Title: Reviews of Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) for the General Electric (GE) Advanced Boiling Water Reactor (ABWR)

Content: SECY-92-327 presents the results of the "Greybeard" Committee Review of the 10 CFR 52 licensing process for the GE ABWR. This review also provided comments relating to sufficient and appropriate scope and level of detail for the Tier 1 design certification process (Design Description and ITAAC).

SECY-93-087 Title: Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced

& Light-Water Reactor Designs SRM-93-087 Content: SECY-93-087 contains the NRC staff position on 42 technical and policy issues pertaining to either evolutionary LWRs, passive LWRs, or both. The Commissions SRM response enabled the NRC staff to proceed with the final design approval and the design certification review of the GE Advanced Boiling Water Reactor (ABWR) and ABB-CE System 80+ LWR designs. A cross reference between the 42 issues and associated commission papers is provided.

Section II.L of the SECY-93-087 directly addresses ITAAC by identifying seven SECYs issued in 1991 and 1992 related to ITAAC for the GE ABWR. SECY-93-087 also directly addresses ITAAC for leak-before-break analysis (LBB), control room habitability and the design reliability assurance program (D-RAP).

SECY-94-084 Title: Policy and Technical Issues Associated with the Regulatory Treatment of Non-

& Safety Systems in Passive Plant Designs SRM-94-084 Content: SECY-94-084 provided the NRC staff recommendations for eight issues pertaining to the regulatory treatment of non-safety systems in passive advanced light water designs. The SECY also addressed ITAAC for control room habitability and the design reliability assurance program (D-RAP).

Page 3 of 4

SECY or SRM SECY Title / SECY Content Number SECY-95-132 Title: Policy and Technical Issues Associated with Regulatory Treatment of Non-

& Safety Systems (RTNSS) in Passive Plant Designs (SECY-94-084)

SRM-95-132 Content: SECY-95-132 is a response to the Commissions SRM on SECY-94-084. SECY-95-132 provides certain guidance and positions for ensuring consistent and complete treatment of those systems that might be classified as non-safety-related by the designer or applicant but are important to safety or otherwise provide defense-in-depth functions. The SECY also addressed ITAAC for control room habitability and the design reliability assurance program (D-RAP).

Title: Consolidation of SECY-94-084 and SECY-95-132, Memo from Crutchfield to NRC N/A Docket File, dated July 24, 1995 Content: This memorandum completes the action directed by SRM-95-132 and consolidates the approved RTNSS policy and technical positions into one, versus three, documents for convenience of reference.

SECY-02-0059 Title: Use of Design Acceptance Criteria for the AP1000 Standard Plant Design Content: SECY-02-0059 addressees design acceptance criteria (DAC) used in the AP1000 standard plant design.

SECY-02-0067 Title: Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) for Operational

& Programs (Programmatic ITAAC)

SRM-02-0067 Content: SECY-02-0067 recommended ITAAC for operational programs required by regulations such as training In its SRM, the Commission disapproved programmatic ITAAC (with the exception of ITAAC required on emergency planning).

SECY-05-0197 Title: Review of Operational Programs in a Combined License Application and

& Generic Emergency Planning Inspections, Tests, Analyses, and Acceptance Criteria SRM-05-0197 Content: SECY-05-0197 allows the use of the generic emergency planning ITAAC as described in Attachment 2 of SECY-05-0197.

Page 4 of 4

APPENDIX B - DEFINITIONS AND ACRONYMS Definitions Acceptance Criteria refers to the performance, physical condition, or analysis result for a structure, system, or component (SSC), or program which demonstrates that the Design Commitment is met. [NEI 08-01]

Analysis means a calculation, mathematical computation, or engineering/technical evaluation. [NEI 08-01] Engineering or technical evaluations could include, but are not limited to, comparisons with operating experience or design of similar SSC.

As-built means the physical properties of a SSC following the completion of its installation or construction activities at its final location at the plant site. In cases where it is technically justifiable, determination of physical properties of the as-built SSC may be based on measurements, inspections, or tests that occur prior to installation, provided that subsequent fabrication, handling, installation, and testing do not alter the properties. [NEI 08-01]

ASME Code meansSection III of the American Society of Mechanical Engineers (ASME) Boiler and Pressure Vessel Code, unless a different Section of the ASME Code is specifically referenced.

ASME Code Data Report means a document which certifies that a component or system was constructed in accordance with the requirements of the ASME Code. This data shall be recorded on a form approved by the ASME.

Certified Design Material means the document that provides the principal design bases and design features that are certified by the 10 CFR Part 52 rulemaking process and included in the design certification rule.

Combined License (COL) means a combined construction permit and operating license with conditions for a nuclear power plant, issued under 10 CFR Part 52. See 10 CFR 52.1(a). [NEI 08-01]

Component, as used for reference to ASME Code components, means a vessel, concrete containment, pump, pressure relief valve, line valve, storage tank, piping system, or core support structure that is designed, constructed, and stamped in accordance with the rules of the ASME Code. It should be noted that ASME Code Section III classifies a metal containment as a vessel.

Design Acceptance Criteria (DAC) are a set of prescribed limits, parameters, procedures, and attributes upon which the NRC relies, in a limited number of technical areas, in making a final safety determination to support a design certification [NEI 08-01] because they are either areas of rapidly changing technology where it is unwise to prematurely freeze the design, or because the information is dependent on as-built or as-procured information. See SECY-92-053, page 3.

Design Commitment means that portion of the Design Description that is verified by ITAAC. [NEI 08-01]

Page 1 of 5

Design Description means that portion of the design that is certified. [NEI 08-01] Design Descriptions consist of a System Description, System Description Tables, System Description Figures, and Design Commitments. System Description Tables and System Description Figures are only used when appropriate. The System Description is not verified by ITAAC, only the Design Commitments are verified by ITAAC. System Description Tables and System Description Figures are only verified by ITAAC if they are referenced in the ITAAC table.

Division (for electrical systems or equipment) means the designation applied to a given safety-related system or set of components which are physically, electrically, and functionally independent from other redundant sets of components. [NUREG-0800; 4.1.A.viii]

Division (for mechanical systems or equipment) means the designation applied to a specific set of safety-related components within a system. [NUREG-0800; 4.1.A.ix]

Equipment Identifier means the equipment designation in a System Description Table or on a System Description Figure. This number may not be representative of an actual equipment number or tag number.

First Principles are the general criteria, derived from NRC policy papers and guidance documents, which provide clarity on the scope and level of detail of Tier 1 Design Descriptions and ITAAC.

Inspect or Inspection means visual observations, physical examinations, or reviews of records based on visual observation or physical examination that compare a) the SSC condition to one or more Design Commitments or b) the program implementation elements to one or more program commitments, as applicable. Examples include walk downs, configuration checks, measurements of dimensions, or nondestructive examinations. The terms, inspect and inspection, also apply to the review of Emergency Planning ITAAC requirements to determine whether ITAAC acceptance criteria are met. [NEI 08-01]

Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) are those inspections, tests, analyses, and acceptance criteria identified in the combined license that if met by the licensee are necessary and sufficient to provide reasonable assurance that the facility has been constructed and will be operated in conformity with the license, the provisions of the Atomic Energy Act, as amended, and the Commissions rules and regulations. [NEI 08-01]

Reconciliation or Reconciled means the identification, assessment, and disposition of differences between the approved design feature and the as-built plant design feature. For ASME Code piping systems, it is the reconciliation of differences between the approved design and the as-built piping system. For structural features, it is the reconciliation of differences between approved design and the as-built structural feature.

Report, as used in the ITAAC table Acceptance Criteria column, means a document that verifies that the acceptance criteria of the subject ITAAC have been met and references the supporting documentation.

The report may be a simple form that consolidates all of the necessary information related to the closure package for supporting successful completion of the ITAAC.

Page 2 of 5

Safety analyses are analyses performed pursuant to NRC requirements to demonstrate the integrity of the reactor coolant pressure boundary, the capability to shut down the reactor and maintain it in a safe shutdown condition, or the capability to prevent or mitigate the consequences of accidents that could result in potential offsite exposures comparable to the guidelines in 10 CFR 50.34(a)(1) or 10 CFR 100.11.

[NEI 96-07] Safety analyses are required to be presented in the Updated FSAR per 10 CFR 50.34(b) and 10 CFR 50.71(e) and include, but are not limited to, the accident analyses typically presented in Chapter 15 of the Updated FSAR.

Shared ITAAC means ITAAC that are associated with common or shared SSC and activities that support operation of multiple reactor units. This includes 1) SSC that are common or shared by multiple units, and for which the interface and functional performance requirements between the common or shared SSC and each unit are identical, or 2) analyses or other generic design and qualification activities which are identical for each unit (e.g., environmental qualification of equipment). For a multi-unit plant, satisfactory completion of a Shared ITAAC for the lead unit shall constitute satisfactory completion of the Shared ITAAC for associated units.

System Description (Tier 1) includes:

  • A concise description of the systems or structures safety-related functions, non-safety-related functions that support safety-related functions, and certain non-safety risk-significant functions.
  • A listing of components required to perform those functions.
  • Identification of the systems safety classification.
  • The systems components general location(s).

The System Description may include System Description Tables and Figures.

Test means actuation or operation, or establishment, of specified conditions to evaluate the performance or integrity of as-built SSC, unless explicitly stated otherwise, to determine whether an ITAAC acceptance criterion is met. [NEI 08-01]

Tier 1 means the portion of the design-related information contained in the DCD that is approved and certified by the design certification rule (Tier 1). The Design Descriptions, Interface Requirements, and Site Parameters are derived from Tier 2 information. Tier 1 includes:

i. Definitions and general provisions.

ii. Design Descriptions.

iii. Inspections, tests, analyses, and acceptance criteria (ITAAC).

iv. Significant Site Parameters.

v. Significant Interface Requirements.

Type Test means a test on one or more sample components of the same type and manufacturer to qualify other components of the same type and manufacturer. A type test is not necessarily a test of an as-built SSC. [NEI 08-01]

Page 3 of 5

Top-Level Design Features and Performance Characteristics are attributes that are important to performing the safety-related and certain risk-significant functions of the plant. (see Section 4.1).

Unit-Specific ITAAC means ITAAC that are associated with SSC that are specific to and support operation of a single reactor unit. Unit-specific ITAAC shall be satisfactorily completed for each unit in a multi-unit plant.

Acronyms ALWR - Advanced Light Water Reactor AC - Acceptance Criteria CDM - certified design material CFR - Code of Federal Regulations COL - combined license COLA - combined license application DAC - design acceptance criteria DBA - design basis accident DC - design certification DCA - design certification application DCD - design control document ESP - early site permit FDA - final design approval FSAR - final safety analysis report GDC - General Design Criteria I&C - instrumentation and control ITA - inspection, test, analysis ITAAC - inspections, tests, analyses, and acceptance criteria LWR -light water reactor NRC - Nuclear Regulatory Commission Page 4 of 5

RTNSS - Regulatory Treatment of Non-Safety Systems SECY - Nuclear Regulatory Commission Paper SMR - small modular reactor SRM - Staff Requirements Memorandum SRP - Standard Review Plan SSC - structures, systems, and components Page 5 of 5