• 3 re g:

-- ..n Gentlemen:

Q

Subject:

Comments on Proposed Generic Communication (PGC); Year 2000 '

Readiness of Computer Systems at Nuclear Power Plants w

h 63 Fed. Reg. 4498 (January 29,1998)

~

Notice of Opportumty for Public Comment These comments are submitted in response to the subject Federal Register notice soliciting comments on the proposed generic communication concerning year 2000 (Y2K) readiness of computer systems at nuclear power plants.

1. Throughout the proposed generic letter the phrase used repeatedly is that licensees must provide " .. written cenification that their facilities are Y2K ready an.ut(underline added) in compliance with the terms and conditions of their licenses and NRC regulations." This phrare should be modified to say:

" wntren cenification that their facilities are Y2K ready with recard to compliance with the terms and conditions of their licenses and NRC regulations.

The blanket statement that the facilities must be Y2K ready implies that evenj component at the facilities regardless ofits safety implication needs to be cenified. We do not believe that is the intent of the subject PGC.

2. The requirement of a written response, in which licensees must cenify their facilities, by no later than July 1,1999 is arbitrary. While it is clearly a licensee responsibility to assure that their facilities are Y2K ready, certain conditions such as plant outage schedule and/or resource limitation may not allow readiness certification by July 1,1999. Outages for some plants are scheduled to commence in the third or fourth quaner of 1999. It is expected that certain testing and /or modifications can only be performed during a plant outage.

---3 ? 030Qgiy if-/-----

e o .. s l Page 2

, 6700-98-027 3 GPU Nuclear intends to follow the NEI/NUSMG 97-07 guidance. However. it is our understanding that the plans and checklists provided in the appendices are for illustrative I

purpose and may be modified and/or improved to meet our specific needs and/or requirements.

We suggest the following changes to the last sentence of the fifth paragraph under " Discussion" on page 4500 (volume 63 of Federal Register):

I "NEl/NUSMG 97-07 also contains examples of vanous plans and checklists as appendices, which may be used or modified to meet licensee's specific needs and /or requirements" We appreciate the opportunity to provide these comments on the proposed generic communication. If you have any questions regarding our comments, please contact Yosh Nagai of our staff r.t (973) 316 - 7974. l Sincerelyyours.

1 Johr! omicola Dir ctor. Nuclear Safety Assessment i

i

m inJ gf99 A !' ] 9, // M

}' fb?/a'N' . -. ,m . : 9

& l [ksh<pw i c 1"ne2 F;l 3 07

/Y_

\

l l

l .. '"'j Tennessee Valley Authonty 1101 Market Street Chattanooga Tennessee 3}.302,$1.. j - J-6 i .n s February 25, 1998 Chief, Rules Review and Directives Branch DAS, Office of Administration U.S. Nuclear Regulatory Commission T6-D69 Washington, D.C. 20555-0001 Gentlemen:

NUCLEAR REGULATORY COMMISSION (NRC) - COMMENTS ON PROPOSED GENERIC LETTER (GL), " YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" On January 29, 1998, NRC published the subject proposed GL that will require all addressees provide certain information regarding their programs, planned or implemented, to address the Year 2000 problem in computer systems. TVA is involved with the Nuclear Energy Institute / Nuclear Utilities Software Management (NUSMG) and Nuclear Energy Research Institute efforts to address " Year 2000" problems. TVA has reviewed the draft GL and believes that utilities cannot categorically state that they will not experience a " Year 2000" problem.

TVA agrees that every reasonable effort should be made to identify and correct Year 2000 problems. However, there may be some software, especially in embedded systems, which cannot be tested or certified for compliance. Therefore, the GL should recognize contingency planning as acceptable remediation for some Year 2000 problems.

We appreciate the opportunity to comment on the proposed GL.

If you have questions regarding this response, please contact l R. M. Brown at (423) 751-7228.

Sincerely,  ;

l

• • nf f '

/96 . 1 p'La l

Mark .' urfy'nski  !

Manager Nuclear Licensing i

\

1 l cc: U.S. Nuclear Regulatory Commission l ATTN: Document Control Desk Washington, D.C. 20555-0001 l

l l 2) GLC&SUAL m m ,an .

- i., n 7 iio

%OllHI RN (. AlllORN14 $/7 ]f ((

~

EDl SON 21%.-,... .. '

w mu n n u n io.n o , ~ , . . . ,

y, y# g,,, /-

Il &f/cepn/ ]

February 26, 1998 Chief, Rules and Directives Branch Division of Administrative Services g 5 " J.

U.S. Nuclear Regulatory Commission R ,_

Washington, D.C. 20555-0001 92 . . .I e ...

O .k SouthernCaliforniaEdison(Edison)CommentsonProp$iIed 23 4

Subject:

Generic Letter; Year 2000 Readiness of Computer Systent at w Nuclear Power Plants (63FR4498 - January 29,1998) 'f a Gentlemen:

The subject Federal Register Notice issued a proposed Generic Letter regarding Year 2000 Readiness of computer systems and requested comments. This letter provides Edison's comments on the proposed Generic Letter.

Edison agrees that this issue needs to be addressed by the nuclear power industry and Edison has implemented a program to address this issue. We would prefer that a voluntary initiative to collect and submit the requested information be coordinated through NEI. If a Generic Letter is issued however, we believe the following clarification is required.

1. The Required Response section, paragraph 2, requires a response confirming that the facility is Y2K ready and in compliance with the Technical Specifications. Clarification is required stating that this applies only to the scope of NEI/NSMUG 97107, i.e., sof tware or software-based systems or interfaces, whose failure due to the Y2K problem would (1) prevent the performance of the safety function of a structure, system or component or (2) degrade, impair, or prevent operability of the nuclear facility. We believe remediation should only be required for equipment that. directly involves reactor safety or Technical Specification compliance equipment. All other identified equipment should be evaluated on an impact and cost effective remediation option basis.

2. We believe it may not be possible to identify every digital component or line of code that will be affected. Therefore, we believe the required

" readiness"responseatcompletionoftheproject,orbythe7/1/99due r

dan Onohe Nu lear Generaung Stanon

! P O lu i28 dan Clemenie t \ -)2c?44128 7l44ed.~402 f as "l 45ch.* i"i Ob A SSDbW

y _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - - _ _ _ _ _ _ _

l .4 .

i'

' Chief, Rules and Directives Branch  :

date, needs to be clarified to mean that utilities have followed a methodology endorsed by the NRC and that the utilities have exercised l due diligence in accordance with their plan. Furthermore, clarification i shouldbeaddedthat"Y2KReady"mayincludethedevelopmentand/or implementation of appropriate contingency plans to address items that arenotexpectedtoberemediatedpriortoJanuary1,2000,and/orto i address the possibility of unidentified items and their affect on plant l I

operation.  !

Should you have any questions, please contact me at 714-368-7492.

Sincerely, W h aEbk '

E. S. Medling Manager, Regulatory Projects cc: E. W. Herschoff, Regional Administrator, NRC Region IV i K. E. Perkir.5, Jr., Director, Walnut Creek Field Office, NRC Region IV L. L. Wheeler, NRC Project Manager, San Onofre Unit 1 l M. B. Fields, NRC Project Manager, San Onofre Units 2 and 3 D. B. Spitzberg, Regional Project Inspector, San Onofre Unit 1 J. A. Sloan, NRC Senior Resident Inspector, San Onofre Units 2 & 3 S. S. Bajwa, Section Chief, Deconaissioning Section l

I l

i l

L__-___-_-________-________ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ___

~ '

A9! Opx nir El

=~"' M Tx. .n nit

/7. (pinj s u c t i a e i N t a c v t N s 1i i t ggt!!!.?, -3 2 0: 52 I hq]' O/(k ..

RU m. s h; ,w.owa NuElofEE*oEo7" March 2,1998 Mr. David L. Meyer Chief, Rules and Directives Branch Division of Administrative Services Mail Stop T6-D69 U.S. Nuclear Regulatory Commission Washington, DC 20555

SUBJECT:

Proposed Generic Communication on Year 2000 Readiness of Computer Systems at Nuclear Power Plants PROJECT NUMBER: 669 On behalf of the nuclear power industry, Nuclear Energy Institute (NEI)1 submits the following comments in response to the Nuclear Regulatory Commission's request for comments on NRC Generic Letter No. 98 XX Year 2000 Readiness of Computer Systems at Nuclear Power Plants (63 Fed. Reg. 4498 - January 29,1998).

General Comments The NRC staff has determined that " turn of the century" computer issues will not generate a public health and safety issue in the operation of a nuclear power plant.

In consideration of the power plant operations, the industry is well into its program to reduce the year 2000 risk to the continuity of operations. The NRC staff has been involved, over the last year, in many industry activities that prepare for the turn of the century. Continuing these interactions will be more meaningful in understanding industry progress on year 2000 readiness over the next year than the proposed reports.

1 1

2 NEl is the organization responsible for establishing unified nuclear industry policy on matters affecting the nuclear energy industry, including regulatory aspects of generic operational and technical issues. NEI's Members include all utilities licensed to operate commercial nuclear power plants in the United States, nuclear plant designers, major architect /engineenng firms, fuel fabrication facilities, materials licensees, and other organizations and individuals involved in the nuclear energy issue.

-. ,. m . . , - ,,.. u- - - . .. -

L/ h m

~

.. a Mr. David L. Mzyer March 2,1998 Page 2 The NRC staff concluded that safety systenis would function as intended in SECY 97 213 of September 24,1997. Even with year 2000 failures, the SECY stated that operators would be able to maintain safe plant shutdown conditions.

Industry testing continues to support this conclusion. At a public meeting in October 1997 the staff and industry concluded that no new regulatory guidance was

• needed to address potential year 2000 issues. Current reporting criteria were also considered adequate for any problems identified.

The nuclear utility industry is well into a program that will reduce the risk of plant shutdown due from computer system failure at the turn of the century. This program, as described in NEI/NUSMUG 97 07, Nuclear Utility Year 2000 Readiness, evaluates potential risks to the entire plant, not just the nuclear systems. Although systems significant to safety receive top priority for testing and remediation, it is important to evaluate any risk to the continuity of plant operation.

An NEI survey of the nuclear utility industry shows progress on licensee year 2000 programs. For operational plants:

. All licensees have a year 2000 program; e All programs are, or will be, consistent with the guidance in NEI/NUSMG 97-07. Two sites are completing changes to programs that existed before the manual was issued. One site has not issued final program documents; and

. On average, the initial inventory is 67% complete for software and 50%

complete for embedded systems.

Over the last year, the industry has worked to share experience gained by individual plants. By July 1997 many plants had a mature, effective year 2000 program in place. A desire to share good practices led to development of NEI/NUSMG 97-07 which included detailed examples from successful, established programs. Workshops and training sessions have also been conducted over the last year, with broad industry attendance. A number of cooperative efforts are underway between individual utilities and within groups to share industry testing experience.

The NRC staff has participated in many of the industry meetings and workshops.

In October 1997 industry representatives met with the NRC staff, conducting a detailed review of NEI 97 07 prior to issue. Helpful suggestions made by the staff were included in the final document. We believe that a continued dialog between the industry and the staffis the best alternative to the proposed generic letter.

. .. t ,

l Mr. David L. Mey:r M rch 2,1998 Page 3 We believe that the proposed generic letter will do little to improve nuclear safety.

Licensees have programs that place priority on safety systems as well as ensuring continuity of operations needed to produce electric power through the turn of the century.

Specific Concerns Many licensees have objected to providing certification under 10 CFR 50.54(f) requirements for site program that extends well beyond the nuclear systems important to eafety or meeting regulatory commitments.

1 Some licensees feel that achieving year 2000 readiness by July 1,1999, creates an  ;

undue burden. Some facilities have already planned specific remediation to be l completed in outages after that date. Other programs had established program l readiness targets of September 1999. Accelerating these programs, with the added expense, is unwarranted. l If you have any questions or comments, please call me at 202 739-8105.

Sincerely, gh -

l James W. Davis l l

JWD/rs c: Lee Spessard (NRR/DRCH) l

I *f f7f$f dffd l}$$

. 7 Shpda h 2 9 / M l'

[ h fppg/ Winston & Strawn 1400 L Street, N.W.

g Washington, D.C. 20005-3509 (202) 558-5742

-, :5 March 3,1998 E' c3 1

$5 ?,

cv i

$1~ $

Mr. David L. Meyer Chief, Rules and Directives Branch

$ 0 {;t 3 Division of Administrative Services

-e c

w Mail Stop T6-D69 ~=

• l U.S. Nyclear Regulatory Commission Washington, D.C. 20555-0001 i

Attention: Rulemakings and Adjudications Staff l

l Re: Comments on Proposed NRC Generic Letter Regarding " Year 2000 Readiness of Computer Systems at Nuclear Power Plants" i

Dear Mr. Hoyle:

On behalf of the Nuclear Utility Backfitting and Reform Group (NUBARG),l' we are submitting these comments to address the proposed Generic Letter regarding " Year 2000 Readiness of Computer Systems at Nuclear Power Plants"(63 Fed. Reg. 4498, Jan. 29,1998). NUBARG l recognizes the importance of timely achievement of"Y2K readiness" and the NRC's desire for assurance that licensees are ready by a date certain (prior to the year 2000). We would hope, however, that the information already made available to licensees on this issue would make issuance of a Generic Letter on "Y2K readiness" unnecessary at this time.

The comments that follow focus on issues raised in the current draft of the proposed L' NUBARG is a consortium of sixteen utilities which was formed in the early 1980s and actively participated in the development of the NRC's backfitting rule (10 C.F.R. Q50.109) in 1985. NUBARG has subsequently monitored the NRC's implementation of the backfitting rule.

M OSO50/Z Q

..,T Mr. John C. Hoyle March 3,1998 Page 2 Generic Letter that appear inconsistent with the stated goal of achieving appropriate assurance about "Y2K readiness," such as the creation of new reporting obligations related to "Y2K problems," and the possibility that the " Required Response" could be misread to require licensees commit to be "Y2K compliant," rather than "Y2K ready,"' Additionally, our comments reflect that we disagree with the NRC's use of the compliance backfit exception (10 C.F.R. 6 50.109(a)(4)(i)) where the NRC is seeking for licensees to be "Y2K compliant." NUBARG's specific comments are as follows:

L Clanfication is needed to ensure that the proposed Generic Letter does not create a new reporting obligationforproblems related to Y2K readiness.

Current Language Existing reporting requirements under 10 CFR Part 21,10 CFR 50.72, and 10 CFR 50.73 provide for notification to the NRC staff of deficiencies, non-conformance and failures, such as the Y2K problem in safety-related systems. (63 Fed. Reg. at 4499).

Specsfic Comment While the Y2K problem can result in failures that may be reportable  !

under 10 C.F.R. Part 21, or 10 C.F.R. {l 50.72 or 50.73, the Y2K problem in and ofitselfis not aper se reportable event absent a failure or other event resulting from the Y2K problem. NUBARG recommends that the Generic Letter state clearly that some Y2K problems could be reportable under existing reporting requirements, l such as 10 CFR Part 21,10 CFR 50.72 and 50.73.

l

2. The licensee's obligations in the proposed Generic Letter are not clearlyfocused on the obligationfor being Y2K ready, versus Y2K compliant.

Current Language 2. Upon completing your Y2K readiness program, or, in any event, no later than July 1,1999, submit a written response confirming that j your facility is Y2K ready and in comoliance with the terms and conditions of your license (s) and NRC regulations. (63 Fed. Reg. at

, 4500).

l L

Specific Comment The NRC suggests throughout the proposed Generic Letter (including in the " Description of Circumstances") that Y2K readiness is the level  !

of resolution of the Y2K problem that licensees must achieve for safety-related applications. At this level, licensees would be obliged i

I L _- --_-_ - _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

.;i Mr. John C. Hoyle March 3,1998 Page 3 to assure that computer sonware and hardware impacting safety-related systems is suitable for use or that necessary steps are taken to compensate for "Y2K" computer inadequacies that threaten the operation of safety-related systems. The " Description of Circumstances" Section of the proposed Generic Letter also defines "Y2K Compliant" as " computer systems or applications that accurately process date/ time data (including but not limited to, calculating, comparing, and sequencing) from, into and between the twentieth and twenty-first centuries, the years 1999 and 2000, and leap-year calculations." As currently draned, the " Required Response" could be read to demand that licensees describe how their facility is both "Y2K ready" and "Y2K compliant." Requiring "Y2K compliance" would create an obligation for licensees to resolve all problems preventing 100% accurate processing of dates and times by July 1,1999. A variety of exingencies beyond the control oflicensees, including hardware or sonware availability, may prevent full compliance under circumstances where a licensee can achieve Y2K readiness. This could impose a substantial hardship on plants that will complete the last outage of significant duration prior to receipt of hardware or sonware needed to achieve "Y2K compliance." Thus, the NRC Staff should make clear their expectation that licensees  ;

l achieve "Y2K readiness" and not "Y2K compliance."

l

3. The Generic Letter invokes the " compliance exception" to the backfitting rule without any substantive analysis of the backfitting implications of thisproposed Generic Letter.

Current Language This generic letter only requests information from addressees under  ;

the provisions of Section 182a of the Atomic Energy Act of 1954, as l amended, and 10 CFR 50.54(f). The requested information will enable the staff to verify that each nuclear power plant licensee is implementing an effective plan to address the Y2K problem and provide for safe operation of the facility before January 1,2000, and is in compliance with the terms and conditions of their license (s) and NRC regulations. (63 Fed. Reg. at 4500).

Specific Comment To the degree that the NRC Staffis requesting that licensees achieve Y2K compliance, invoking the " compliance exception" to the t-

. . . s Mr. John C. Hoyle March 3,1998 Page 4 backfitting rul::(10 C.F.R. 50,109(a)(4)(i)) is inconsistent with the ,

requirements of that rule. Since compliance (perfect processing of dates beyond the year 2,000)is not required by the NRC's regulations, including the Sections of 10 C.F.R. cited in the proposed Generic Letter, the "Backfit Discussion" in the proposed Generic Letter must provide an adequate systematic and documented analysis. If the NRC insists on full"Y2K compliance," we believe that would have to be justified with a backfitting analysis pursuant to 10 C.F.R. { 50.109(c).

NUBARG appreciates the NRC

ffort to keep licensees informed as their review ofissues related to the "Y2K problem" progress. We would hope that the collective efforts of the NRC to date, including the workshop with industry representatives, the NRC notices already issued (including Information Notices 96-70 and 97-61, SECY-97-213), and the section of the NRC's Webpage dedicated to the Year 2000 Issue, would ensure that licensees are adequately prepared to resolve Y2K problems and therefore make issuance of a new Generic Letter on the subject of the Year 2000 problem and a demand for information from licensees pursuant to 10 C.F.R. Q 50.54(f) unnecessary.

Very truly yours, l ..

/

- /r Daniel F. Stenger '

Robert K. Temple Counsel to the Nuclear Utility Backfitting and Reform Group l

(

~ l mi.it orano in ir e .. ...<. " = ~ ~ i-.*-

DSoci 0"*% g ," g ,,,,,,e. w n! cr '- &akn esa a

b4% E0c Wgde Project 40 Irwomess Center Pancwey RO.Bos1295 ,,

'pn.' ' , l l

g ,9 g q Birmingham, Alabame 35201 4 i W\ Tel 235 992.7122 Fax 205.992.0403

~'

bO l- 8llo- 6I 6l 2C5

• N

• ON3 i

Sr SOUTHERN d

,o a a 6 3 ra % cl6 COMPANY

]E :g 3cm Q Ct, g q gg ymp ,,sery,n.rmt -

p .'y .,<f2 l'; 9: 20 4 m n m $

5 E Docket Nos. 50-348 50-321 50-424 HL 5586 50-364 50-366 50-425 LCV-1186 Mr. John C. Hoyle, Secretary U. S. Nuclear Regulatory Commission ATTN: Rulemakings and Adjudication's Staff Washington, D. C. 20555 0001 Comments on Proposed Generic Letter l  ;

" Year 2000 Readiness of Computer Systems at Nuclear Power Plants" (63 Federal Register 4498 dated bunrv 29 1998)

Dear Sir:

Southern Nuclear Operating Company has reviewed the proposed sencric letter " Year 2000 Readiness of Computer Systems at Nuclear Power Plants," published in the Federal Register on January 29,1998. In accordance with request for comments, Southern Nuclear Operatmg Company (Southern Nuclear) is in total agreement with the NEI comments which are to be provided to the NRC.

Respectfully submined, C. K. McCoy CKM/JDB 1

l l

i

@ O d 2 / A /) M -r

• vv v<v~

PO L

UbOM T Shop 4Ker 63 FR qq

" " N *a l Tamanuj?9,iqfg From: "JoAnne Hodgkins" <joaubrey@worldnet.att. net >

To: WND2.WNP5(MXC) 0 Date: 2/16/98 9:43am

Subject:

Comment: Year 2000 Readiness " Proposed Letter

• I have only one comment.

Power is essential, are you ready yet?

JoAnne A. Hodgkins Computer Consultant 1

l l

1 1

l l

l l

1

> g L __ _ _ _ _ _ _ _ _ _ _ _ __ _ _ _ _ _ _ _ _ _ _ _ _ __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

OI Serial: PE& RAS-98-011 CP&L N"/"/" N /N R theure/ k p gr Carolino Power & Light Company PO Box 1551 .) j 411 Fayetteville Street Mall -//

Raleigh NC 27602 /

l March 2,1998 2 5 mr v:  ;

o c c.,

3 Chief, Rules and Directives Branch i>g 4 '

Division of Administrative Services. $3.1 -

O' 2! 'I U.S. Nuclear Regulatory Commission Mail Stop T6-D69 ,

w Washington, DC 20555-0001. -- -

Subject:

Request for Comments re: Proposed NRC Generic Letter 98 XX, Year 2000 Readiness of Computer Systems at Nuclear Power Plants

Dear Sir / Madam:

This letter is in response to the notice in the Federal Register (Volume 63. Number 19),

dated January 29,1998, requesting comments regarding the proposed NRC Generic Letter on year 2000 readiness. Attached please find Carolina Power & Light Company's (CP&L) response.

Please contact me at (919) 546-6901, or Mr. Eric Northeim, at (919)546-4080, should you have questions.

Sincerely, tyn %kiL D. B. Alexander Manager Performance Evaluation & Regulatory Affairs DMM Attachment

- } f 0 $!!0 'u t

. I o.

Serial: PE& RAS-98-011 Request for Comments re: Proposed NRC Generic Letter 98-XX, rear 2000 Readiness of Computer Systems at Nuclear Power Plants bc: Ms. D. B. Alexander Mr. W. R. Campbell Mr. H. K. Chernoff Mr. W. Dorman Mr. J. H. Eads Mr. K. R. Jury Mr. D. Keys Mr. R. M. Krich Mr. E. Northeim .

Mr. P. A. Opsal Mr. T. M. Wilkerson Mr. C. A. VanDenburgh File: X-X-1070

Serial: PE& RAS-98-011 Attachment 1 Request for Comments re: Proposed NRC Generic Letter 98 XX. Year 2000 Readiness of Computer Systems at Nuclear Power Plants l

CP&L Comments:

1. " Required Response" Section, paragraph 1 The NRC states: "Within 90 days... submit a written response indicating whether or not you have pursued and are continuing to pursue a Y2K readiness program ch outlined in NEl/NUSMG 97-07. If you are not conforminc.. "

Comment: NEl/NUSMG 97-07 recommends methods for Y2K program setup and examples of forms and checklists used by some utilities. The word " conforming" implies that the methods, forms and checklists are used verbatim. CP&L suggests the wording be changed to " . submit a written response indicating whether or not you have pursued and are continuing to pursue a Y2K readiness program similar to that outlined in NEl/NUSMG 97-07. Ifyourprogram sigmficantly differsfrom the NEl/NUSMG guidance.. "

2. " Required Response" Section, paragraph 2 The NRC states: "Upon completing your Y2K readiness program, or, in any event, no later than July 1,1999, submit a written response confirming that your facility is Y2K ready and in compliance with the terms and conditions of your license (s) and NRC regulations. In addition, the response should contain a status report of work remaining to be done to complete your Y2K program, including completion schedu!es."

Comment: Due to outage schedules and other priorities related to the Y2K issue, some work will not be completed prior to July 1,1999. Clarify this requirement to state,"No later than July 1,1999, submit a written response containing a status report, including completion schedules, of work remaining to be done to confirm yourfacility is/will be Y2K ready."

e

L.. .

1 United States Gen:ral Acc:nnting Ome

. Washington, D.C. 20548 Accounting and Information gp g gg g Management Division I bu/20kA luty 2 { //ff B-279244 gg g

.2.2 l March 6,1998 Mr. David Meyer, Chief

-c Rules and Directives Branch Division of Administrative Services h", [5 Nuclear Regulatory Commission 35 :O c- ce c

Subject:

Year 2000 Readiness: NRC's Pronosed Annroach Rec Nuclear Powemlants o n.  ; !E 3 E 9 O g -

i

~ "

Dear Mr. Meyer:

l We appreciate the opportunity to comment on the Nuclear Regulatory l

Commission's (NRC) January 29,1998, Federal Register notice, " Proposed

! Generic Communication; Year 2000 Readiness of Computer Systems at Nuclear l

Power Plants (MA0138)." We are providing this letter to document the

! substance of the oral comments we presented to NRC officials on February 27, 1998.

In order to gain assurance that nuclear powerplant licensees are effectively dealing with Year 2000 problems that could affect safety-related systems, NRC's l proposed generic letter requires licensees to submit (1) a brief description of l l

their Year 2000 programs, if they are not following Year 2000 guidance

! developed jointly by two industry organizations-the Nuclear Energy Institute l (NEI) and the Nuclear Utilities Software Management Group (NUSMG), (2) written confirmation thet they are implementing their programs, and (3) wTitten i certification that their faelities are " Year 2000 ready" and in compliance with the terms and conditions of their licenses and NRC regulations, together with a status report on any work remaining to be done to complete their Year 2000 programs.

'The NEl is a policy organization of the nuclear industry that fosters and encourages the safe utilization of nuclear energy. NUSMG is a nonprofit organization that provides a forum for nuclear utilities to obtain concensus on software control issues.

GAO/AIMD-08-90R Year 2000 Readiness at Nuclear Powerplants l 9 ?O ?!?A/Q

l . . .

1 B-279244 We commend NRC for acting on this issue. Although it is our understanding that, to date, no safety-related Year 2000 problems have come to NRC's l

attention, we agree that special steps are warranted to provide assurance of l

continued safety at nuclear facilities during the Year 2000 transition. Our I comments, therefore, are directed at clarifying and strengthening NRC's regulatory authority to address safety-related Year 2000 problems, particularly in these areas:

a specifying a more complete Year 2000 program for licensees, a monitoring licensees' progress on Year 2000 readiness,

• clarifying the " Year 2000 ready" certification, and

• addressing future Year 2000 maintenance requirements.

1 Our comments on each of these areas are discussed below, along with I suggestions for how NRC might improve its effectiveness in this important effort.

SPECIFYING A MORE COMPLETE l YEAR 2000 PROGRAM FOR LICENSEES l The proposed generic letter would require licensees to indicate whether they are pursuing a Year 2000 readiness program at their facilities. As a benchmark of program effectiveness, NRC is relying heavily on Year 2000 guidance developed jointly by NEI and NUSMG, entitled Nuclear Utility Year 2000 Readiness (NEI/NUSMG 97-07, October 1997). NRC's proposed generic letter states that NRC staff " believes that the guidance in NEI/NUSMG 97-07, when properly implemented, will present an appropriate approach for licer. sees to address the Y2K [ Year 2000] problem at nuclear power plant facilities."

Accordingly, the proposed generic letter would require licensees to state in writing whether they are pursuing a Year 2000 program as outlined in the NEI/NUSMG guidance.

We agree on the importance of requiring licensees to provide NRC with assurance that they are implementing a program that effectively addresses the Year 2000 issue. However, we believe that NRC should be aware that the NEI/NUSMG document has several significant shortcomings.

Shortcomings in the NEl/NUSMG Guidance

! The NEl/NUSMG Guidance does not include all the elements of a comprehensive Year 2000 program. In particular, the guidance does not deal adequately with risk management, business and contingency planning, or remediation of embedded systems.

2 GAO/AIMD-98-90R Year 2000 Readiness at Nuclear Powerplants

B-279244

• Risk Management: The NEl/NUSMG guidance does not include adequate r

discussion of risk management in Year 2000 programs. Risk management is

! an ongoing activity through which top management (1) identifies and tracks l

internal and external risks to the organization and outside parties resulting from Year 2000-related problems, (2) assesses Year 2000 project and program progress, and (3) develops contingency plans for mitigating the

impact of potential Year 2000-related failures.

l

• Business Continuity and Contingency Planning: The NEl/NUSMG l guidance does not cover business continuity and contingency planning in any l detail.2 Organizations need to have plans to ensure business continuity since computer failures may occur despite conscientiously implemented Year 2000 programs. Business continuity planning focuses on reducing the risk of Year 2000-induced business f;tilures and safeguarding an organization's ability to produce a minimum acceptable level of outputs and services in the ovent of failures with internal or external systems. It also links risk management and mitigation efforts to an organization's Year 2000 program.

• Embedded Systems: The stated scope of the NEI/NUSMG document

(" software, or software based system or interface") is too narrow, since date dependencies can also occur in computer hardware, firmware (software instructions stored in read-only memory), or data. While the NEI/NUSMG guidance mentions the importance of dealing with Year 2000 problems in embedded systems (e.g., in appendix F), it does not provide sufficient detail to nssist utilities. Referencing existing work by others could help provide this n.eded detail.3 Vendor Warranties Section C of the NEI/NUSMG guidance specifies that vendors should provide Year 2000 compliance warranties to licensees, even for work previously  ;

completed. This approach is premised on the assumption that vendors would (1) agree to amend existing contracts for hardware, software or firmware to 2

GAO's forthcoming exposure draft, Year 2000 Comnutinc Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19) provides a framework that can help the utilities develop these plans. This document builds on GAO's previous Year 2000 guidance, Year 2000 Comnutine Crisis: An Assessment Guide l (GAO/AIMD-10.1.14, September 1997), and draws on a variety of research and ,

publications of the Gartner Group, the Disaster Recovery Institute of Canada, l

l the Department of Information Resources for the State of Texas, and others.

l See, for example, Embedded Systems and the Year 2000 Problem: Guidance Notes (IEE Technical Guidelines 9:1997) by the Institution of Electrical l Engineers (IEE). Further information and guidance on embedded systems is available within IEE's web site at <http://www.iee.org.uk/2000 risk >.

3 GAO/AIMD-98-90R Year 2000 Readiness at Nuclear Powerplants

)

B-279244 warrant that the product is Year 2000 compliant, as defined in the " Technical Criteria for Year 2000 Compliance" in the NEl/NUSMG document, (2) agree to forgo existing provisions of valid contract or license agreements that limit the vendors' liability, and (3) accept without time limitation the liability for any-costs or damages incurred by the licensee that are caused by a breach of the warranty. NRC appears to endorse contract language included in the l NEI/NUSMG document as an effective approach to the Year 2000 problem. We suggest that NRC reconsider any apparent endorsement of contract language for use by private parties. l f Suggested Alternative l

As an alternative to relying on the NEI/NUSMG guidance, we suggest that NRC's l

generic letter specify the elements of an effective Year 2000 program, l

! particularly as they bear on safety concerns under NRC's regulatory authority.

One publication that can help NRC in this regard is our Year 2000 Comouting j Crisis An Assessment Guide (GAO/AIMD-10.1.14, September 1997). This guide l is a distillation of government and private sector best practices for dealing with

! the Year 2000 problem, and provides a useful overview of the elements of an.

l effective Year 2000 program.

! NRC could require licensees to address the elements of an effective Year 2000 program when they submit the "brief description" of their own programs, as called for in the proposed generic letter. This approach would provide NRC with a better basis for assessing the effectiveness of the licensees' Year 2000 programs in dealing with safety-related issues.

l l MONITORING THE PROGRESS OF

! THE LICENSEES' YEAR 2000 PROGRAMS The proposed generic letter requires the licensees to make only two reports on their Year 2000 programs. The first report, within 90 days of the generic letter's date, provides written confirmation that the licensees are implementing a Year 2000 program. The second report, to be filed upon completing their programs, or in any event no later than July 1,1999, provides written confirmation that the licensees' facilities are " Year 2000 ready" and in compliance with the terms and conditions of their licenses and NRC regulations. At that time, the licensees would also describe any work remammg to be done to complete their Year 2000 programs.

l To effectively monitor licensees' Year 2000 progress on systems under its regulatory authority, NRC will need more substantive and frequent progress reports. These reports should, at a minimum, require (1) a complete inventory of safety systems and other systems that will need to be certified as " Year 2000 ready" under the generic letter, (2) planned actions on these systems, including formulation and testing of contingency plans, and (3) periodic updates on the i

I 4

GAO/AIMD-98-90R Year 2000 Readiness at Nuclear Powerplants 1 1

i- B-279244 status of those actions. Waiting until July 1999 will not leave NRC much time to respond constructively to a licensee's unresolved Year 2000 problems.

CERTIFYING " YEAR 2000 READINESS" l FOR SAFETY SYSTEMS NRC's proposed generic letter requires each licensee to provide a written I response confirming that "your facility is Y2K ready and in compliance with the terms and conditions of your license (s) and NRC regulations." While the criteria for " Year 2000 compliance" are clear and amenable to objective testing, the same cannot be said for the term " Year 2000 ready." " Year 2000 ready" is defined in the generic letter as "a computer system or application that has been determined to be suitable for continued use into the year 2000 even though the computer system or application is not fully Y2K compliant." This determination involves making judgments about suitability. The proposed generic letter does not require the licensees to state how and why they determined that a non-compliant system would be suitable for continued use. For those critical safety systems under NRC's purview, we suggest that the generic letter include such a requirement.

It would also be useful if the generic letter included a discussion of how NRC's ongoing inspection activities will be used in the process of certifying Year 2000 readiness. For example, it is not clear whether the inspections will include checks to see if key Year 2000 issues are being addressed, whether key conversion activities are being carried out properly, or whether critical project milestones are being met.

INDEPENDENTLY VERIFYING AND VAUDATING SAFETY SYSTEMS The generic letter does not discuss the role of independent verification and validation (IV&V) in supporting the licensees' " Year 2000 ready" certifications.

We recognize that, under NRC regulations, modifications to certain systems at nuclear facilities must be verified or checked to ensure that the systems will continue to operate properly. However, the unusual challenges posed by the Year 2000 problem may warrant obtauung additional assurances. For example, the problem of an embedded system is not always an implicit or explicit date variable. The counters inside the system may reset themselves at the millennial change and work well, or not at all, or slowly degrade. The " testing" may require a line-by-line trace of the specification and design model (assuming they still exist).

Accordingly, we suggest that the generic letter require licensees to (1) describe their Year 2000 plans for IV&V of systems related to safety and (2) provide the results of IV&V with their written certification of Year 2000 readiness. The IV&V can be done using in-house resources or contractor resources, or both, as 5 GAO/AIMD-98-90R Year 2000 Readiness at Nuclear Powerplants

'~

• B-279244 long as the review team is technically qualified. It is, of course, particularly important that IV&V provide assurance that the powerplant's protection system maintains its design capabilities, as required by NRC regulations.

ADDRESSING FUTURE MAINTENANCE REQUIREMENTS OF " YEAR 2000 READY" SYSTEMS.

l As noted above, NRC's proposed generic letter requires only that computer systems and applications be " Year 2000 ready." However, there may be future maintenance requirements for " Year 2000 ready" systems under NRC's purview.

For example, some logic-based techniques used to make systems " Year 2000 ready" have a predetermined time period during which they can function without a date-related failure. The " fixed window" technique, for instance, involves setting date boundaries that can be correctly referenced by a two-digit year. However, these boundaries need to be manually readjusted as the dates being processed approach the boundary limits.

NRC's generic letter does not include a way to identify, track, and follow up on the future maintenance plans for any safety-related " Year 2000 ready" systems that could eventually fail without further modification or replacement.

Therefore, we suggest that the letter address the issue of future Year 2000 maintenance requirements. This issue could be made part of the aforementioned status report that licensees would be required to submit no later than July 1,1999, describing the work that remains to be done to complete their Year 2000 programs.

We are sending copies of this letter to representatives of the Nuclear Energy Institute and the Nuclear Utilities Software Management Group. We will also make copies available to other interested parties upon request. If you have questions or wish to discuss the issues raised in this letter, please contact me or Keith Rhodes, Technical Director. We can be reached at (202) 512-6412.

Sincerely yours, i.aD be o Dr. Rona B. Stillman Chief Scientist for Computers and Telecommunications (511642) 6 GAO/AIMD-98-90R Year 2000 Readiness at Nuclear Powerplants

Rope Ferry Rd. (Route 156), Waterford. Cr 06385 Northeast Nuclear Energy wiii.tooe u .ciear Po-er si=ooo n7C / C n Northeast Nuclear Energy Company 6U P.O. Bo.128 03d'7 G18 HAR -9 /N g l***".1791 )447 W $?$

"'""'~"

l .(byf8 0 RUS w . . . h M Of8 US 10 ~. . ^. * " ""' "" '""*

N [ k11Aut%l 2; FEB 2 61998 B17099 Chief, Rules and Directives Branch Division of Administrative Services U. S. Nuclear Regulatory Commission Mail Stop T6-D69 Washington, DC 20555-0001 Millstone Nuclear Power Station Comments on Proposed Generic Letter,

" Year 2000 Readiness of Computer Systems at Nuclear Power Plants" On January 29,1998, by notice in the Federal Register (Volume 63 Number 19, Pages 4498-4501), the NRC requested public comment related to a proposed generic letter on

" Year 2000 Readiness of Computer Systems at Nuclear Power Plants." Attachment 1 to this letter provides Northeast Nuclear Energy Company's (NNECO) comments to the proposed generic letter.

Should you have any questions regarding these comments, please contact Mr. Mario Robles, Jr. at (860) 447-1791, extension 0279.

Very truly yours, NORTHEAST NUCLEAR ENERGY COMPANY M. L. Bowling /

Recovery Officer - Millstone Unit No. 2 Attachment 063422 5 REY.12-95

- _ _ _ _ _ O

B17099 i

I f

l l

l l

l l

l i

l l

Attachment 1 Comments on:

Proposed Generic Letter

" Year 2000 Readiness of Computer Systems at Nuclear Power Plants" l

t February 1998 m

~

.l '  !

U.S. Nuclear Regulatory Commission B17099\ Attachment 1\Page 1 i RESPONSE TO FEDERAL REGISTER REQUEST FOR COMMENT ON PROPOSED GENERIC LETTER ON " YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" Comment 1 The " Purpose" r.ection statement that requires "... written certification that the facilities are Y2K [ Year 2000] ready and in compliance with the terms and conditions of their licenses and NRC regulations'should be removed or clarified to restrict the written certification of compliance to electronic digital computational systems or devices with time and date attributes that may impact the performance of safety-related structures, systems, and components (SSCs).

Comment 2 The first sentence of the third paragraph within the " Description of Circumstances' regarding the applicability of 10 CFR 21,10 CFR 50.72, and 10 CFR 50.73 deportability '

criteria to the Y2K problem raises significant regulatory enforcement issues. The matters surrounding the Y2K problem are not specifically described in the i aforementioned reporting criteria nor are they addressed in the NUREG 1022 reporting guidance document. The NRC staff should provide the commercial nuclear power industry guidance as to the deportability of Y2K issues to provide both a predictable regulatory environment and consistency in utility reporting on this matter.

Comment 3 The statement in the last paragraph within the " Description of Circumstances' regarding how the NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness,"

document "... ensures that (nuclear licensee's) facilities remain safe and continue to operate within the requirements of their license" is not accurate with respect to the purpose of the NEl/NUSMG document and should be removed. Specifically, Y2K readiness cannot in and of itself ensure the continued safe operation of a facility.

Comment 4 The first sentence within item 2 of the " Required Response" section again speaks to the written certification confirming " compliance with the terms and conditions of [a I licensee's) license (s) and NRC regulations". As stated above in Comment 1, this statement should be removed or clarified to restrict the written certification of compliance to electronic digital information systems with time and date attributes that may impact the performance of safety-related structures, systems, and components (SSCs).

- U.S. Nuclear Regul: tory Commission B17099%tt:chment 1\Pcge 2 Comment 5 The second sentence within item 2 of the " Required Response" section regarding the inclusion of "...a status report of work remaining to be done to complete [the licensee's]

l Y2K program, including completion schedules

• should be removed. This statement is redundant to the first sentence of item 2 that states "...if [a licensee's) program is incomplete as of [ July 1,1999), indicate your schedule for attaining the status of Y2K ready."

Comment 6 ,

The proposed generic letter should reference and address the Executive Order issued on the Year 2000 Conversion problem by President Clinton on February 4,1998. It is suggested that information regarding how this Order impacts the implementation of the NRC's regulatory oversight of the commercial nuclear power industry be included in the proposed generic letter.

. ,. . t . _ , . . . . . . . . . . . _

05d? O A < W PS h 7 Sh y & n k .n er PECO NUCLEAR p. m.,,,,,/ .o n qO/{gsenesiererook ncoue.c -e, Bou6evarap A Unit of PECO Energy .Nayne PA 19087-5691 2j/

N I.'.IR -p g p, RULES 0 c.,t , :, ,. , March 3,1998 US NRC Mr. David L. Meyer, Chief Rules and Directives Branch Division of Administrative Sentices Office of Administration U.S. Nuclear Regulatory Commission l Washington, DC 20555-0001 l

Subject:

Comments Conceming NRC Generic Communication, Generic Letter 98-XX," Year 2000 Readiness of Computer Systems (

at Nuclear Power Plants"(63FR4498, JMuary 29,1998)

Dear Mr. Meyer:

This letter is being submitted in response to the NRC's request for comments conceming the proposed generic communication Generic Letter (GL) 98-XX," Year 2000 Readiness of Computer Systems at Nuclear Power Plants," which was published in the Federal Register (i.e.,63FR4498, dated January 29,1998). This proposed GL stipulates that all addressees provide the information regarding their programs, planned or implemented, to address the Year 2000 (Y2K) problem in computer systems at their facilities. Specifically, the NRC is requesting 1) written confirmation of implementation of the programs, and 2) written certification that the facilities are Y2K ready and in compliance with the terms and conditions of their licenses and NRC regulations.

PECO Energy appreciates the opportunity to provide comments on this proposed GL The nuclear industry has already embarked on extensive preparations for addressing Y2K concems.

The Nuclear Energy institute (NEI) issued (,uidance (i.e., NEl/NUSMG 97-07," Nuclear Utility Year 2000 Readiness") to facilitate the implementation of the industry's initiative. The industry will complete the Y2K activities in sufficient time to ensure that the required computer systems will be operational by the year 2000. As a result of the industry's plans and ongoing implementation efforts in response to the Y2K issue, PECO Energy does not believe that it is necessary to issue this proposed GL at this time, in addition, we offer the following specific comments regarding this l

proposed GL for consideration by the NRC.

l Comments

1. The implementation period specified in the proposed GL (i.e., July 1,1999) has effectively reduced the time allowed for utilities to become Y2K ready by six (6) months. The impact of reducing the time period is significant, since some licensees will be forced to plan for an additional outage for rem.ediation of components not accessible during power operations. Therefore, PECO Energy recommends that if the proposed GL is issued, that the second paragraph (i.e., item 2)in the " Required Response" section be revised to read as follows:

f2/ 0Ao1o 6 U J / c- m

.. L March 3,1998 Page 2

• By July 1,1999, submit a written response describing the extent of Y2K readiness and the status of woric remaining to be done to complete your Y2K program. A completion schedule should be includedin your response. Upon completing your Y2K readiness program, submit a written response confirming that your facility is Y2K ready and in compliance with the terms and conditions of your license (s) and NRC regulations.. ~

2. PECO Energy is requesting clarification with regard to the following statement contained in item (1) of the " Required Response" section:

" ..This response should address the program's scope, assessment process, and plans for corrective actions (including testing, and schedules)."

It is unclear if this statement pertains to those licensees that are pursuing a Y2K readiness program as outlined in NEl/NUSMG 97-07, or those licensees that are not conforming to the NEl/NUSMG 97-07 guidance. PECO Energy recommends the following clarification, as appropriate:

...For those licensees not conforming to the NEI/NUSMG 97-07 guidance, the response should addmss the program's scope, assessment process, and plans for corrective actions (including testing, and schedules)."

If you have any questions, please do not hesitate to contact us.

Very truly yours, I ,_

,_ h_ /

Garrett D. Edwards Director- Licensing

j

$ Ogpp,) AM  ?

~ "" * ] \ ? [, D

,, Northem' States Power Company e ' W) A A v e, ip, C) {j1 b 2 5 Monticello Nuclear Generating Plant g.,O pm /

2807 West Hwy 75 Monticello. Minnesota 55362 9637 nUG3 h Ui E March 2,1998 Mr. David L. Meyer Chief, Rules and Directives Branch Division of Administrative Services U. S. Nuclear Regulatory Commission Mail Stop T6-D69 Washington, DC 20555-0001 1

Reference:

Federal Register, January 29,1998, Volume 63, Number 19, Page 4498, " Notice of Opportunity for Public Comment" Thank you for this opportunity to comment on the proposed generic letter addressing the issue of Year 2000 (Y2K) readiness as published in the above-referenced Federal Register. The issue is certainly one of potentialimpact and worthy of addressing and resolving in a pro-active manner.

Like other licensees of nuclear power facilities, we have been aware of the generic and plant-specific implications of the Y2K issue and have taken steps to address it in a timely manner. Information Notice 96-70, which provided additionalinformation on the NRC's unique Y2K concerns related to nuclear power facilities, was factored into our program. We have followed the dialog between the Nuclear Energy Institute (NEl) and the Nuclear Regulatory Commission on this matter and are implementing the NEl program as defined in NEl/NUSMG 97-07.

In a letter dated March 2,1998 Mr. James W. Davis of NEl commented on the draft generic letter. We concur with the statements in that letter. In light of the significant activity in progress by the nuclear industry we believe that a generic letter would do little to improve nuclear safety. The reporting called for by the draft generic letter would require additional effort which would be of limited value relative to what NRC resident inspectors assigned to nuclear power facilities could ascertain. Finally, we find the July 1,1999 deadline to be arbitrary and premature. Therefore, we suggest that the draft letter not be issued.

Yours ve truly,

) ) 'r j

C- ~

(

Marcus H. Voth Project Manager, Monticello Plant Licensing

-94+3f30F3 .

$$ []N Wlh lp* *"'"' j Fl:rida P:w:r & Light C:mpany. P. O. B:x 14000. Juno Beach. FL 33408 0420 h' W /N$

@ I Ry,,p q Mn.f:pjED-MAR 0 31998 FF% G W -9 PH I: 2f RU23 ; . . ... L 98-69

}

Chief. Rules Review and Directives [jfl '

qnlF " I Division of Administrative Services U.S. Nuclear Regulatory Commission Mail Stop T6 D69 Washington, DC 20555-0001

Subject:

Proposed Generic Communication; Year 2000 Readiness of Computer Systems at Nuclear Power Plants (MA0138)

Notice of Onoonunity for Public Comment On January 29, 1998, the Nuclear Regulatory Commission published for public comment " Proposed Generic Communication: Year 2000 Readiness of Computer Systems at Nuclear Power Plants." The proposed generic letter requests addressecs to provide certain information regarding their pmgrams, planned or implemented, to address the Year 2000 (Y2K) problem in computer systems at their facilities.

These comments are submitted on behalf of Florida Power & Light (FPL), a licensed operator of two nuclear power plant units in Dade County, Florida and two units in St. Lucie County, Florida.

The Nuclear Energy Institute (NEI) is providing comments on the proposed generic letter (GL) on behalf of the industry. PPL endorses the NEl comments.

FPL recognizes the imponance of the Y2K issue and has established a Y2K readiness program consistent with NEI/NUSMG 97-07, Nuclear Utility Year 2000 Readiness." FPL agrees with the NRC that this program represents an appropriate approach for licensees to address the Y2K pmblem. Therefore, FPL believes that the NEI/NUSMG pmgram is a viable altemative to the proposed generic letter as a means of providing the necessary assurance to the NRC that licensees are effectively addressing the Y2K problem.

FPL has some specific concerns should the NRC elect to issue the pmposed generic letter. Specifically, the scope of the generic letter is not clearly defined. Emphasis should be limited to systems and related computer equipment that would prevent the performance of the safety function of a structure, system, or component, and not for the whole of plant facilities. These specific safety systems and related computer equipment should be identified and evaluated by each individual facility. Additionally, it may be appropriate for vendors of digital systems to take a larger role in identifying and notifying the NRC staff of deficiencies, non-conformances and failures, and other concems related to the Y2K issue.

FPL appreciates the opportunity to comment on the proposed GL.  !

l Very truly yours,

. . Ot v "no l

H. N. Paduano Manager, Nuclear Licensing and Special Pr'ograms an FPL Group company _$ @ O 3/blU_

g rf yyyg Joe 29 /?ffr y J.f#,u'ohn N nh At antic Energy Service Corporation

~

North L

h f AtIantic /' U? 'A"" I SeSbSooYEiim87427 (603)474 9521 The Northeast Utilities System March 5.1998 Docket No. 50-443 NYN 98031 l

AR#98002217 United States Nuclear Regulatory Commission m a Chief, Rules and Directives Branch G E 1 rr- -

Division of Administrative Services " r: I Office of Administration U [,' 7

.',} j Washington, DC 20555-0001  %

c. n U

Seabrook Station ,

h Comments on Proposed Generic Letter L co cm Year 2000 Readiness of Comnuter Systems at Nuclear Power Plants On January 9,1997, the NRC issued for comment, a proposed Generic Letter " Year 2000 Readiness of Computer Systems at Nuclear Power Plants." which would request licensees to provide certain information regarding programs, planned or implemented. to address the Year 2000 (Y2K) problem in computer systems.

North Atlantic Energy Service Corporation (North Atlantic), the operator of Seabrook Station.

has reviewed the material within the proposed Generic Letter. North Atlantic believes that sufficient guidance for addressing the Y2K issue has been provided by NEI/NUSMG. We believe that as a result of the industry's effons the proposed generic letter is unnecessary. The nuclear industry is already focused on this issue and further regulatory effort can be met through inspection versus placing additional burden on the licensee.

If you have questions regarding our comments, please contact Mr. Anthony M. Callendrello, Licensing Manager at (603) 773-7751.

Very truly yours, NORTH ATLANTIC ENERGY SERVICE CORP.

)

At9 .ch

.N C. Feife'nbaum /

Executive Vice Presi ent an Chief Nuclear Officer L__________________ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

A 8C+Sc3cr

4. s

- ' U.S. Nuctrar Regulitory Commission Division of Administrative Services NYN-98031/ Page 2 cc: Mr. James W. Davis Nuclear Energy Institute 17761 Street, NW Suite 400 Washington. DC 20006-3708 l

i l

6 t

l

u w v~ v-- -- - --

l p e r Jamee M. Levine TEL (602)393-5300 Malt Station 7602 -

Generating Station senior Vice President FAX (602)393-6077 P O. Box 52034 Nuclear Phoenix, AZ 85072 2034 t l

102-04086 -JMUSAB/RMW March 3,1998 Chief, Rules and Directives Branch Division of Administrative Services U. S. Nuclear Regulatory Commission Mail Stop TS-D69 l Washington, DC 20555-0001

Dear Sirs:

l

Subject:

Palo Verde Nuclear Generating Station (PVNGS) l Units 1,2, and 3 Docket Nos. STN 50-528/529/530 Comments on Proposed Generic Letter 98-XX: Year 2000 Readiness of l Computer Systems at Nuclear Power Plants.

Enclosure 1 provides Arizona Public Service Company's (APS) comments on Proposed Generic Letter 98-XX: Year 2000 Readiness of Computer Systems at Nuclear Power Plants. Please contact Mr. Scott Bauer at (602) 393-5978 if you have any questions or would like additional information regarding this matter. This letter does not make, or imply, any commitments to the NRC.

Sincerely, Wf M JMUSAB/RMW/rth cc: E. W. Merschoff J. W. Clifford J. H. Moorman K. E. Perkins WW$$$'7f-

. . = s v

l 1

l l

l l

i l

l ENCLOSURE 1 Comments on Proposed Generic Letter 98-XX: Year 2000 Readinets of Computer Systems at Nuclear Power Plants.

i l

i l

l l

APS provides the following comments regarding proposed Generic Letter 98-XX: Year 2000 Readiness of Computer Systems at Nuclear Power Plants:

1. The references to year 2000 readiness and compliance used throughout the proposed generic letter should be changed, as appropriate, to use the terminology that is evolving into the industry standard. These terms are: ,

+ "Y2K Compliant", meaning that the application or equipment will function with 4 digit years properly through the 21" century, including leap years.

+ "Y2K Ready", which means the application or equipment will work correctly using modified logic and two-digit date fields as it makes the transition into the year 2000. Although the applications or equipment may be expected to transition smoothly into the year 2000, they may fail due to a date-related problem at some knowa time beyond this date. The expected failure date will be highly unit and plant specific, and may be acceptable based on the projected future use of the affected application or equipment, or the remaining life, including life extensions, of the unit or plant under question.

The proposed generic letter must allow for the use of Y2K Ready systems and applications, since this method of resolving the Y2K problem is a highly viable and cost effective solution to this problem. The industry has recognized that most computer systems, applications and equipment used at each facility will function correctly, if modified to be Y2K Ready, for the remaining expected life of that computer system, application or equipment, or through the remaining life of the facility, without being fully Y2K Compliant.

APS strongly believes the distinction between the above two definitions needs to be captured in the proposed Generic Letter to allow more viable, cost-effective solutions to Y2K issues.

2. The sixth paragraph of " Description of Circumstances" states that "NEl was preparing a framework document with guidance for utility use in readying for the Year 2000". This sentence should be modified to read: "NEl presented a framework document that provides guidance for utilities to use in readying for the Year 2000".

1 l

l l

j

~ -- - _ _ _ _ _ -

3. The sixth paragraph of " Description of Circumstances" also states "The document recommends methods for nuclear utilities to attain Y2K readiness and thereby ensure that their facilities remain safe and continue to operate within the requirements of their license". While the NEl/NUSMG document provides guidance to utilities for addressing the Y2K problem, it does NOT ensure or imply that plants will " remain safe and continue to operate within the requirements of l their license". Therefore, this statement should be modified to eliminate the words "and thereby ensure that their facilities remain safe and continue to operate within the requirements of their license". l

4. Paragraph one of " Discussion", specifically item four of this paragraph, could be interpreted to mean that all codes in use today that have a date function should be evaluated to determine if any past or current output from those codes have been affected by the Y2K problem, i.e., all past engineering calculations should be evaluated to verify that the calculation is not affected. Although APS does not believe that this is the intent of this paragraph, further discussion should be provided to define what actions may be required to address the concerns of this paragraph. An example that would require further evaluation would be where a code is found to have a Y2K problem that occurs prior to the year 2000, or is forward looking such that the present output of the code is affected, and the code is used to support the licensing basis of the plant. In this situation, a review of the code output would be warranted.

5. The sixth paragraph of " Discussion" should be modified to read as follows: "The staff believes that the guidance in NEl/NUSMG 97-07, when property implemented, is an acceptable approach...". It should be noted that this guidance provides a framework only and must be modified to address the embedded systems, design features, policies and procedures, at a minimum, that are unique to each facility.

1

6. Required Response 1 implies that the guidance provided in NEl/NUSMG 97-07 has been endorsed by the NRC and that other Y2K programs would require further evaluation by the NRC. As described above, the NEl/NUSMG guidance  ;

provides a framework only and must be modified to more fully address l

embedded systems and design features, policies and procedures unique to each ,

facility. It should be made clear in the Generic Letter that such an adaptation of l the NEl/NUSMG guidance would meet NRC expectations. l l 7. Required Response 1 could be interpreted to mean that a description af a facility's complete Y2K Program should be provided to the NRC, including those applications and equipment that may not affect the operation of the facility, but ,

are important to the operation of ancillary systems or services of the facility.

Since correct operation of these ancillary systems and services have no impact 2

~-- -- -

on the operation of safety-related systems or systems that have been determined to be essential for power operations of the facility, information regarding these systems should not be required to be provided to the NRC.

Providing this information would greatly increase the burden placed on both the facility's and NRC staff, without providing any nuclear safety benefit. Therefore, Required Response 1 should be modified to provide clarification that the required response only applies to safety-related systems and systems that are essential for power operations of the facility.

8. Required Response 2 is confusing in that it is not clear as to what information should be provided by July 1,1999. If a facility is not Y2K Ready by this date, then the facility will not be able to confirm that it is Y2K Ready on this date. An assumption must be made that the intent of this statement is to provide a status and completion schedule for those major work activities that must still be completed if a facility is not Y2K Ready by July 1,1999 and confirm that this work will be completed prior to January 1,2000. In addition, as described in Comment 8 above, information regarding applications and equipment used in ancillary systems and services should not be provided in the facility's response to this item. Therefore, Required Response 2 should be re-worded as follows:

"No later than July 1,1999, submit a written response confirming that your facility is Y2K Ready for safety-related systems and systems that are essential for power operations, at a minimum. If your program io incomplete as of that date, provide your schedule of major work activities that must be completed and confirm that your facility will attain the status of Y2K Ready with respect to these systems prior to January 1,2000. The status of systems that are not safety-related and are not essential for power operations need not be reported."

The words "...and in compliance with the terms and conditions of your license (s) and NRC regulations" do not add any benefit to this required response. Current NRC regulations provide sufficient assurance that a facility will be in compliance with the terms and conditions of the facility's license (s) and NRC regulations upon completion of the facility's Y2K Program.

The definitions of Y2K Ready and Y2K Compliant should also be removed from this required response. These terms will be sufficiently defined in the body of the generic letter provided that Comment 2, above, is incorporated.

3

i

. I t

l ATTACHMENT 4

RESOLUTION OF PUBLIC COMMENTS ON PROPOSED DRAFT GENERIC LETTER ON YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS This report discusses the resolution of comments received on the draft generic letter, GL l No. 98-xxx: Year 2000 Readiness of Computer Systems at Nuclear Power Plants in response to the Notice of Opportunity for Public Comment in the federa/ Register, January 29,1998. The comments and corresponding staff response are provided below in the order the comments were received.

1. John Roberts Comment: Why not set up a process to check the Year 2000 (Y2K) problem by advancing computer clocks in the form of a surveillance test during the next refueling outage?

Resolution:

No changes to the GL are needed since as part of a utility specific program addressing the l Y2K problem, the NRC staff notes the assessment stage involves such testing activities to identify the effects of the Y2K problem on plant systems.

2. Snyder Gokey Comment: The blanket assertion made by the utilities... that Y2K "was not a problem" in safety related systems" is almost assuredly wrong. After the utilities do the work, if they find it to be true, they can make the statement.

Resolution:

No changes to the GL are needed since the statement in the GL is: "To date, the NRC staff has not identified or received notification from licensees or vendors of digital protection systems ... that a Y2K problem exists with safety-related initiation and actuation systems."

Moreover, as part of the Y2K readiness program that utilities are undertaking, review of safety-related systems for Y2K concerns would be assigned a top priority at the assessment stage.

3. Virgil C. Summer Nuclear Station Comments:

a. The nuclear industry has already begun extensive preparations for addressing the Y2K problem; further oversight would be an unnecessary burden, not commensurate with the safety significance of this issue.

b. The NRC in issuing the GL is effectively reducing the time allowed for utilities to become Y2K ready by 6 months. The financial impact to some licensees, forced to plan an additional outage for remediation of components not accessible during power operation, is not justified by the safety significance of the issue. The procurement process for some replacement components ... may prohibit some licensees from achieving Y2K readiness within the reduced time frame.

i l

2 l

c. In light of the industry guidance provided by NEl, the limited replacement and qualified personnel available, it is recommended that the proposed GL not be issued.

Resolution: I l

The generic letter acknowledges that many utilities have already embarked upon a program to address the Y2K computer system problem. In preparing the GL, the staff assumed that all utilities are aware of the problem based on issuance of IN 96-70 dated December 1996, and have programs in place to address the problem. The response required by the GL is confirmatory in nature to assure that all licensees of operating nuclear power plants are effectively addressing the Y2K problem.

The NRC staff does not plan to change the July 1,1999 date for certification of Y2K readiness. However, sufficient flexibility has been provided in the final GL to accommodate completion of some remediation and implementation activities at normally scheduled outages after July 1,1999. It is the NRC staff's belief that unless the majority of the Y2K program remediation, validation and implementation activities are completed by mid-1999, leaving only a few such activities scheduled for the Fall 1999 outage, the facility will not in all probability be Y2K ready by January 1, 2000. The GL will be revised to indicate that actual Y2K readiness after July 1,1999 is acceptable, however, certification that the facility will be Y2K ready will be required by July 1,1999. The NRC staff recognizes that Y2K readiness may include compensatory measures and contingency plans in cases where actual Y2K compliance for some computer systems can not be achieved.

4. John Roberts l Comment: Comment regarding identifying and testing time clorKs built into plant process computers. Comment is in a similar vein r.s Comment No.1.

Resoonse: See response to Commer't No.1.

5. BWX Technologies, Inc l

Comment: The GL identifies "Framatome/ Babcock & Wilcox" as a vendor - there is no "Framatome/ Babcock and Wilcox" organization.

Resolution: The erroneous name is deleted from the GL.

6. TU Electric / Comanche Peak Steam Electric Station Comments:

l

a. The nuclear industry has begun extensive preparations for the Y2K per the guidelines of NEl/NUSMG 97-07. NRC had already issued IN 96-70 on the subject of the Y2K problem. These and the provisions of existing reporting requirements under 10 CFR Part 21,10 CFR 50.72 and 10 CFR 50.73 make the proposed GL unnecessary. Similar reasons apply to the requirement for certification in the GL.

r e e 3

\

l b. The July 1,1999 date may not be a real date for Y2K readiness. Comanche Peak

{ Nuclear Station has two outages planned in 1909 - Unit 1 in Spring '99 and Unit 2 l in Fall '99. As part of our Y2K program, we are currently performing assessments on all digital technology based equipment to ensure that if problems are not fixed, I contingency plans are in place by December 15,1999, to address continued safe

! operation / availability of the affected systems, components and structures in accordance with rules and regulations governing our licenses.

c. In light of all this and since the nuclear utility group is addressing the issue, it is  ;

recommended that the proposed GL not be issued. l Resolution: See Comment No. 3 and associated resolution.

! 7. Richard Cowles Comments: The main comment was that the draft GL should be issued substantially in its present form and provided several reasons for the main comment. He emphasized " Continued safe operation of all nuclear facilities dictates the need for 100% completion of Y2K readiness programs, and executive level accountability for this readiness through the oath and affirmation process."

Since time is of the es:;ence, the NRC is urged to issue the GL as expeditiously as possible.

Resolution: As suggested, the GL will be issued substantially in its present form.

8. OMB Memorandum dated January 20,1998.

Comment: The OMB memorandum established a new target date of March 1999 for implementing fixes to all systems government-wide.

Resolution:

The NRC staff believes that for nuclear power plant facilities which generally follow spring l and fall refueling outages during which period the licensee implements many aspects of their Y2K program, the target date of July 1,1999, is appropriate rather than March 1999.

l 9. Consumers Energy - Palisades and Big Rock Point Nuclear Plants i

Comments:

a. Consumers Energy is willing to participate in a voluntary submission of project and schedule information to the NRC via NEl or individually. Consumers Energy does not believe that a GL is warranted. Because of the potentialimpact on safe plant operation and the potential financial impact, significant resources have been and will continue to be dedicated to resolve the Y2K computer issue prior to the end of 1999 whether or not a formal requirement exists in the form of a generic letter, i

l ._ _ _ _ . . . . _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ -

• . l l

4

b. In the event a voluntary submittal is unacceptable to the NRC, we request that the date for attesting to Year 2000 readiness be :: hanged from July 1,1999 to October 1,1999, to allow adequate time to accomplish the required actions.

Resolution:

1 In the Notice of Opportunity for Public Comment that was published in the FederalRegister: I January 29,1998 (Volume 63, Number 19) with the proposed GL on Year 2000 Readiness of Computer Systems at Nuclear Power Plants, the NRC encouraged the industry to propose a viable alternative to the GL as a means of providing the necessary assurance to the NRC staff that alllicenses are effectively addressing the Y2K problem in computer systems at their facilities. To date, Consumers Energy has been the only volunteer willing to provide the necessary information for two facilities. This does not constitute an industr" wide response. No industry group (like NEI) has volunteered. Therefore, the GL will be issued.

As regards changing the date for Y2K readiness certification from July 1,1999 to October 1,1999, the date will remain July 1,1999. However, as stated in the resolution to Comment No. 3 above, some flexibility has been provided in the GL to accommodate completion of certain activities in the Y2K readiness program after July 1,1999.

10. Roleigh Martin, M.A.

Comment: Basically, Mr. Martin endorsed the comments submitted by Rick Cowles (Comment No. 7 above) and provided some supporting information for his endorsement.

Resolution: See resolution of Comment No. 7 above.

11. Entergy Operations, Inc.

Comments:

a. Entergy believes the proposed GL is unnecessary because utilities are aware of the l Y2K problem and recognize the need to take steps to address the issue. l Additionally, licensees have a responsibility as well as an obligation to operate their plants per their licensing and design bases. l

b. Comments on Required Response (2):

l

1. Entergy believes the July 1,1999 due date is unreasonable based on the volume of work to be performed. This requirement effectively reduces the i time allowed licensees to become Y2K ready by 6 months. A more

, l l

l

5 reasonable date would be November 1,1999.

2. The draft GL definition of "Y2K Ready"is applicable to a single computer system or application. By applying "Y2K Ready" to As facility, it appears that NRC is expecting every computer system or application to be "Y2K Ready." This may not be the case since the licensee may take compensatory actions in lieu of ensuring a computer system or application is "Y2K Ready."

Required Response (2) should explicitly acknowledge that taking compensatory actions is acceptable if the licensee determines such actions are necessary to ensure continued, safe plant operation.

Resolution: See resolution of Comment No. 3 above.

12. Omaha Public Power District (OPPD)

Comments:

a. OPPD would prefer to participate in a voluntary initiative coordinated by NEl and NUSMG.

b. Recognizing that the NRC may decide to issue a GL, OPPD provided a revised version of the proposed GL. The revised GL by OPPD had several editorial comments. The Required Response (2) in the GL was modified to delete the phrase "and in compliance with the terms and conditions of your license (s) and NRC regulations. The Required Response was reworded to read "No later than July 1, 1999, submit a written response confirming that your facility is Y2K ready, or if your program is incomplete as of that date, indicate your schedule for attaining the status of Y2K Ready."

Resoonse:

Neither NEl nor NUSMG has volunteered to coordinate utility responses, therefore, the GL will be issued.

The editorial comments are addressed in the final version of the GL As stated in response to Comment No. 3, the firial GL allows certain flexibility to accommodate plant specific schedules for completion of some Y2K readiness program activities. The date for Required Response (2) will remain July 1,1999.

13. GPU Nuclear Comments:

a. Throughout the proposed GL the phrase used repeatedly is that licensees must provide "... written certification that their facilities are Y2K ready and (underline added) in compliance with the terms and conditions of their licenses and NRC regulations." This phrase should be modified to say: "... written certification that their facilities are Y2K ready with reaard to compliance with the terms and conditions of their licenses and NRC regulations." The blanket statement that the

6 facilities must be Y2K ready implies that every component at the facilities regardless of its safety implication need to be certified. We do not believe that this is the intent of the subject proposed generic communication.

b. The requirement of a written response, in which licensees must certify their facilities, by no later than July 1,1999 is arbitrary. While it is clearly a licensee respons;bility to assure that their facilities are Y2K ready, certain conditions such as plant outage schedule and/or resource limitation may not allow readiness certification by July 1,1999. Outages for some plants are scheduled to commence in the third or fourth quarter of 1999. It is expected that certain testing and/or modifications can only be performed during a plant outage.

c. GPU Nuclear intends to follow the NEl/NUSMG guidance. However, it is our understanding that the plans and checklists provided in the appendices are for illustrative purpose and may be modified ad/or improved to meet our specific needs and/or requirements. We suggest the following changes to the last sentence of the fifth paragraph under " Discussion."

"NEl/NUSMG 97-07 also contain examples of various plans and checklists as appendices, which may be used or modified to meet licensee's specific needs and/or requirements."

Resolution:

The NRC staff agrees with comments a. and c. above, and the final GL has been revised to reflect this. As regards the comment b. above, see the response to Comment No. 3.

14. TVA Comment: TVA believes that utilities cannot categorically state that they will not experience a Y2K problem. TVA agrees that every reasonable effort should be made to identify and ccrrect Y2K problem. However, there may be some software, especially in embedded systems, which cannot be tested or certified for compliance. Therefore, the GL should recognize contingency planning as acceptable remediation for some Y2K problems.

Resolution:

The NRC staff agrees with the comment. The final GL willinclude a discussion on the need for contingency planning.

i 15. Southern California Edison l

Comments:

a. The Required Response paragraph 2 requires a response confirming that the facility is Y2K ready and in compliance with the Technical Specifications. Clarification is l required stating that this applies only to the scope of NEl/NUSMG 97-07.... We believe remediation should only be required for equipment that directly involves l

l l

l

(

7 \

reactor safety or technical specification compliance equipment. All other identified equipment should be evaluated on an impact and cost effective remediation option i basis.

l l b. We believe it may not be possible to identify every digital component or line of code l that will be affected. Therefore, we believe the required readiness response at the l completion of the project, or by the 7/1/99 due date, needs to be clarified to mean that utilities have followed a methodology endorsed by the NRC and that utilities have exercised due diligence in accordance with their plan. Furthermore, clarification should be added that "Y2K Ready" may include the development and/or implementation of appropriate contingency plans to address items that are not j l

expected to be remedied prior to January 1,2000, and/or to address the possibility of unidentified items and their effect on plant operation.

l Besonse:

The required responses of the GL are simply seeking confirmation of activities the licensees are already performing in addressing the Y2K problem at their facilities in accordance with l a plant specific program. The scoping and related licensee activities are being conducted according to that program. The staff's understanding is that these plant specific programs i

are based on a framework such as the one outlined in NEl/NUSMG 97-07.

l The NRC staff agrees with the comment that it may not be possible to identify every digital component or software that will be affected and that, therefore, continency plans should be considered. The revised GL discusses contingency plans as a viable temporary alternate, till the program is completed as planned. See response to Comment 3 above.

16. Florida Power & Light Company Comments:

a. The Nuclear Energy Institute (NEI) is providing comments on the proposed GL on behalf of the industry. FPL endorses the NEl comments. (NEl comments are indicated here as Comment No.17.)

b. FPL has some specific concerns should the NRC elect to issue the GL. Specifically, the scope of the letter is not clearly defined. Emphasis should be limited to systems

and related computer equipment that would prevent the performance of a safety-l related structure, system, or component, and not for the whole of plant facilities.

These specific safety systems and related computer equipment should be identified and evaluated by each individual facility. Additionally, it may be appropriate for i vendors of digital systems to take a larger role in identifying and notifying the NRC staff of deficiencies, non-conformance and failures, and other concerns related to the Y2K issue.

Resoonse:

(

8 For the r6sponse to NEl comments, see Comment No.17 below. As stated earlier, the GL is simply requesting confirmation of activities already ongoing at nuclear plant facilities in accordance with plant specific Y2K readiness programs. The scope, priorities and emphasis on identification and evaluation of systems, structures and components are determined as part of the initial assessment activities of that program.

l The NRC staff agrees with the comment that vendors of digital systems provide feedback to NRC staff of Y2K problem related failures and deficiencies. The NRC staff would l disseminate such generic and significant data to licensees via NRC generic

communications. Vendors are obligated to report nonconformances in safety-related l systems in accordance with the requirements of 10 CFR Part 21.

l l

17. Nuclear Energy institute (NEI)

Comments:

a. NEl believes that the proposed generic letter will do little to improve nuclear safety.

l Licensees have programs that place priority on safety systems as well as ensuring l continuity of operations needed to produce electric power through the turn of the  ;

i century. This comment is based on the following reasons:  ;

1 l The NRC staff as been involved, over the last year, in many industrial activities that prepare for the turn of the century. Continuing these interactions will be more meaningful in understanding industry progress on j Year 2000 readiness over the next year than the proposed reports. NEl l believes that a continued dialog between the industry and the staff is the l best alternative to the proposed generic letter.

l l The NRC staff concluoed that safety systems would function as intended in

! SECY 97-213 of September 24,1997. Even with Year 2000 failures, the SECY stated that operators would be able to maintain safe plant shutdown conditions. Industry testing continues to support these conclusion... Current l reporting criteria were also considered adequate for any problems identified.

l l The nuclear industry is well into a program that will reduce the risk of plant

! shutdown due from computer system failures at the turn of the century.

l This program, as described in NEl/NUSMG 97-07, evaluates potential risks to the entire plant, not just the nuclear systems.

An NEl survey of nuclear utility industry shows progress on licensee Year 2000 programs. For operational plants, all licensees have a Year 2000 program; all programs are, or will be, consistent with the guidance of NEl/NUSMG 97 07; and on average the initial inventory is 67% complete for 1

l 9

software and 50% complete for embedded systems.

l l Over the last year, the industry has worked to share experience gained by individual plants. Workshops and training sessions have also been conducted over the last year, with broad industry attendance.

l b. NEl also expressed the following specific concerns:

Many licensees have objected to providing certification under 10 CFR 50.54(f) requirements for site program that extends well beyond the nuclear systems important to safety or meeting regulatory commitments.

Some licensees feel that achieving Year 2000 readiness by July 1,1999, creates an undue burden. Some facilities have already planned specific remediation to be completed in outages after that date. Other programs had established program readiness targets of September 1999. Accelerating these programs, with the added expense, is unwarranted.

Resoonse: i l

The NRC staff has participated in many of the industry meetings and workshops related to the Y2K problem. The impression the NRC staff has is that although all nuclear plant licensees are aware of the problem and its implications and many may have initiated a readiness program, the level of effort and progress towards resolution varies substantially.

The purpose of the generic letter is to gain the necessary assurance that alllicensees are effectively addressing the Y2K problem with regard to compliance with the terms and conditions of their licenses and NRC regulations.

As regards the specific comments, the Required Response (2) has been modified to clarify that the certification of Y2K readiness apply only to those systems required to meet the terms and conditions of the facility license and NRC regulations. Further, allowance has been provided for those facilities whose Y2K program is incomplete as of July 1,1999.

See response to Comment 3 above.

18. Winston & Strawn (on behalf of the Nuclear Utility Back fitting and Reform Group (NUBARG))

Comments:

a. Clarification is needed to ensure that the proposed generic letter does not create a new reporting obligation for problems related to Y2K problem. While the Y2K problem can result in f ailures that may be reportable under 10 CFR part 21, or 10

]

CFR 50.72 or 10 CFR 50.73, the Y2K problem in and of itself is not a per se ,

reportable event absent a failure or other event resulting from the Y2K problem.

NUBARG recommend that the GL state clearly that some Y2K problems could be reportable under existing reporting requirements.

l

10

b. The licensee's obligations in the proposed Generic Letter are not clearly focused on the obligation for being Y2K ready versus Y2K compliant.

c. The Generic Letter invokes " compliance exception" to the back fitting rule without any substantive analysis of the backfittirig implications of this proposed Generic Letter.

Resoonse:

a. The NRC staff agrees with the first point above. A Y2K problem in a safety-related system by itself may not be a event, unless it results in a deficiency, non-conformance or failure that is required to be reported under the regulations cited.

The GL has been revised to clarify that only some of the deficiencies, non-i conformance and failures resulting from the Y2K problem in safety-related systems I

are reportable under 10 CFR Part 21,10 CFR 50.72 and 10 CFR 50.73.

b. The generic letter is only requesting confirmation and information on the status of l ongoing licensee programs that address the Y2K problem at their facilities. The l program objectiyes of tyhich system or application is to be Y2K compliant, and l which is to be retired, replaced or modified, is part of the ongoing program and the responsibility of the licensee. See response to Comment 3 above.

l

c. The generic letter is requiring actions by licensees to confirm the facility is in l

compliance with the terms and conditions of its license and NRC regulations given the recognized Y2K problem in computer systems. This is, therefore, a compliance issue and not a backfit.

19. Southern Nuclear Operating Company l

Comment: Southern Nuclear Operating Company is in total agreement with NEl l comments.

l Resoonse: NEl comments and their resolution are provided in Comment No.17 above.

l

20. JoAnne Hodgkins l

Comment: Power is essential, are you ready?

l Resoonse: This comment is assumed to endorse the proposed generic letter.

21. Carolina Power & Light Company Comments:

a. " Required Response" Section, paragraph 1

11 The NRC states: "within 90 days... submit a written response indicating whether or not you have pursued ...a Y2K readiness program as outlined in NEl/NUSMG 97-07.

If you are not conformina...."

Comment: NEl/NUSMG 97-07 recommends methods for Y2K program setup and

examples of forms and checklists used by some utilities. The word " conforming" l implies that the methods, forms and checklists are used verbatim. CP&L suggests j the wording be changed to ".... submit a written response .... a Y2K readiness l

program similar to that outlined in NEl/NUSMG 97-07. If yourprogram significantly di//ers from the NEl/NUSMG guidance..."

l

b. " Required Response" Section, paragraph 2 The NRC states: "Upon completing your Y2K readiness program, or, in any event, no later than July 1,1999, submit a written response confirming that your facility is Y2K ready and in compliance with the terms.....in addition, the response should contain a status report of work remaining to e done to complete your Y2K program, including completion schedules."

Comment: Due to outage schedules and other priorities related to the Y2K issue, some work will not be completed prior to July 1,1999. Clarify this requirement to state, "No later than July 1,1999, submit a written response containing a status report, including completion schedules, of work remaining to be done to confirm your facility is/will be Y2K ready."

Resoonse:

a. The NRC staff agrees with this comment. Required Response (1) is revised as suggested by CP&L. Additionally, the " Discussion" section of the generic letter has been changed to emphasize that NEl/NUSMG 97 07 is only a guidance document which provides an example of an appropriate Y2K program, and that plant specific Y2K programs are needed to effectively address the Y2K problem.

b. The NRC staff agrees with this comment. Required Response (2) has been revised to consider actions by licensees who may not have completed the facility Y2K program by July 1,1999 due to work scheduled during plant outages in the third and fourth quarter of 1999. See response to Comment 3, above.

22. U.S. General Accounting Office (GAO)

Comments:

l GAO comments are directed at clarifying and strengthening NRC's regulatory authority to l address safety-related Year 2000 problems, particularly in these areas:

I

• Specifying a more complete Year 2000 program for licensees

12

. Monitoring licensees' progress on Year 2000 readiness

. Clarifying the " Year 2000 ready" certification

. Addressing future Year 2000 maintenance requirements Soecifvina a more comotete Year 2000 oroaram for licensees The proposed generic letter would require licensees to indicate whether they are pursuing a Year 2000 readiness program at their facilities. As a benchmark of program effectiveness, NRC is relying heavily on Year 2000 guidance developed jointly by NEl and NUSMG, NEl/NUSMG 97-07. We agree on the importance of requiring licensees to provide NRC with assurance that they are implementing a program that effectively addresses the Year  !

2000 issue. However, we believe that NRC should be aware that the NEl/NUSMG I document has several significant shortcomings. The NEl/NUSMG guidance does not l include all the elements of a comprehensive Year 2000 program. In particular the guidance does not deal adequately with risk management, business continuity and contingency planning, or remediation of embedded systems.

Section C of the NEl/NUSMG guidance specifies that vendors should provide Year 2000 l compliance warranties to licensees, even for work previously completed. NRC appears to I endorse contract language included in the NEl/NUSMG document. We suggest that NRC reconsider any apparent endorsement of contract language for use by private parties.

As an alternative to relying on the NEl/NUSMG guidance, we suggest that NRC's generic letter specify the elements of an effective Year 2000 program, particularly as they bear on safety concerns under NRC's regulatory authority. One publication that can help NRC in this regard is our Year 2000 Comoutina Crisis: An Assessment Guide (GAO/AIMD-10.1.14, September 1997). This guide is a distillation of government and private sector best I

practices for dealing with the Year 2000 problem, and provides a useful overview of the elements of an effective Year 2000 program. ,

l NRC could require licensees to address the elements of an effective Year 2000 program when they submit the "brief description" of their own program, as called for in the l proposed generic letter. This approach would provide NRC with a better basis for l assessing the effectiveness of the licensees' Year 2000 program dealing with safety-related issues.

l Monitorina the oroaress of licensees' Year 2000 oroarams 1

The proposed generic letter requires the licensees to make only two reports on their Year 2000 programs. To effectively monitor licensees' Year 2000 progress on systems under its regulatory authority, NRC will need more substantive and frequent progress reports.

l These reports should, at a minimum, require (1) a complete inventory of safety systems l l and other systems that will need to be certified as " Year 2000 ready" under the generic letter, (2) planned actions on these systems, including formulation and testing of contingency plans, and (3) periodic updates on the status of these actions. Waiting until July 1999 will not leave NRC much time to respond constructively to a licensee's unresolved Year 2000 problems.

I 13 Certifvina " Year 2000 Readiness" for Safety Systems NRC's proposed generic letter requires each licensee to provide written response confirming l that "your facility is Y2K ready and in compliance with the terms and conditions of your l license (s) and NRC regulations." While the criteria for " Year 2000 compliance" are clear and amenable to objective testing, the same cannot be said for the term " Year 2000 ready." The determination of being " Year 2000 ready" does not require the licensees to state how and why they determined that a non-compliant system would be suitable for continued use. For those critical safety systems under NRC's purview, we suggest that l the generic letter include such a requirement. It would also be usefulif the generic letter included a discussion of how NRC's ongoing inspection activities will be used in the i process of certifying Year 2000 readiness. For example, it is not clear whether the '

inspections will include checks to see if key Year 2000 issues are being addressed, whether key conversion activities are being carried out properly, or whether critical project milestones are being met.

Indeoendentiv venfvina and validatina safetv systems ,

The generic letter does not discuss the role of independent verification and validation (IV&V) in supporting the licensees' " Year 2000 ready" certifications. We recognize that, under NRC regulations, modifications to certain systems at nuclear facilities must be verified or checked to ensure that the systems will continue to operate properly. However, the unusual challenges posed by the Year 2000 problem may warrant additional assurances.... Accordingly, we suggest that the generic letter require licensees to (1) describe their Year 2000 plans for IV&V of systems related to safety and (2) provide the results of IV&V with their written certification of Year 2000 readiness.

Addressina future maintenance requirements of " Year 2000 readv" systems NRC's proposed generic letter requires only that computer systems and applications be

" Year 2000 ready." However, there may be future maintenance requirements for " Year 2000 ready" systems under NRC's purview. NRC's generic letter does not include a way to identify, track, and follow up on the future maintenance plans for any safety-related

" Year 2000 ready" systems that could eventually fail without further modification or replacement. Therefore, we suggest that the letter address the issue of future Year 2000 maintenance requirements.

Resoonse:

Soecifvina a more comolete Year 2000 orocram for licensees The NRC staff agrees with this comment. The GL has been revised to note that the NEl/NUSMG guidance document provides a framework and an example of a Y2K program, only and that the Y2K program for each nuclear facility must be tailored to meet the specific needs and requirements of the facility. The GL was further revised to note that augmented guidance beyond that in NEl/NUSMG 97-07 may be needed by licensees in the

14 area of risk management, business continuity and contingency planning, and remediation of embedded systems. The GL has been revised to point out that NEl/NUSMG 97-07 contains examples of various plans and checklists as appendices, which may be used or modified to meet a licensee's specific needs and/or requirements.

The GL was also revised to identify the general elements of a Y2K program and to refer to j GAO/AIMD-10.1.14, September 1997, as another document that provides useful overview I of the elements of an effective Year 2000 program.

Monitorina the oroaress of licensees' Year 2000 oroarams The NRC staff has identified an alternative means to periodic reports for monitoring licensee progress on the Y2K problem. Monitoring of the progress of implementation of nuclear facility Y2K programs will be done by the NRC staff via sample onsite reviews at nuclear facilities. The onsite reviews are planned to be done during the latter half of 1998 and into 1999. The generic letter will not be modified to include the need for frequent progress reports.

Certifvina " Year 2000 Readiness" for Safety Systems The NRC staff agrees with this comment. The GL has been modified to clarify that

" readiness" and completion of a Y2K program means the attainment of the Y2K program objectives which would be defined as part of the program during the assessment and remediation planning stages. The evaluation performed at these stages as part of the program, would document the bases of the decisions made regarding the use of compliant and non compliant systems. The review of such documents would be part of the NRC staff's sample onsite review of a nuclear facility's Y2K program implementation. Also refer to the response to Comment 3, above.

Indeoendentiv verifvino and validatina (IV&V) safety systems The NRC staff agrees with the need for V&V in certain circumstances regarding the Y2.K problem. The NRC staff's sample onsite follow up review of licensee's Y2K program activities, provides, in a sense, an " independent" review of the overall Y2K program implementation. It should be noted that IV&V of specific safety system software is an activity required as part of compliance with existing NRC guidelines. This applies to safety-related software modifications needed to address Y2K problems. The NRC staff follow-up reviews will confirm that IV&V of safety system software has been conducted where necessary after completion of Y2K changes Addressina future maintenance requirements of " Year 2000 readv" systems l

The NRC staff agrees with this comment. The GL has been modified to address the need

( to consider future mair.tenance activities as part of completing the Y2K program.

}

23. Northeast Nuclear Energy / Millstone Nuclear Power Station

f 15 4

I Comments:

]

a. The " Purpose" section statement that requires ".. written certification that the facilities are Y2K ready and in compliance with the terms and condition of their licenses and NRC regulations" should be removed or clarified to restrict the written certification of compliance to electronic digital computational systems or devices with time and date attributes that may impact the performance of safety-related structures, systems and components (SSCs).

b. The first sentence of the third paragraph within the " Description of Circumstances" regarding applicability of 10 CFR 21,10 CFR 50.72, and 10 CFR 50.73 report ability criteria to the Y2K problem raises significant regulatory enforcement issues.

l The NRC staff should provide the commercial nuclear power industry guidance as to the deportability of Y2K issues to provide both a predictable regulatory environment and consistency in utility reporting in this matter.

l c. The statement in the last paragraph in the " Description of Circumstances" regarding ,

how NEl/NUSMG 97-07. .." ensures that [ nuclear licensee's) facilities remain safe j and continue to operate within the requirements of the license" is not accurate with '

respect to the purpose of the NEl/NUSMG document and should be removed....

d. The first sentence within item 2 of the " Required Response" section again speaks to the written certification....See comment a. above.

e. The second sentence within item 2 of the " Required Response" section regarding the inclusion of "...a status of work remaining to be done..." should be removed.

This statement is redundant to the first sentence of item 2.

f. The proposed generic letter should reference and address the Executive Order issued on the Year 2000 Conversion problem by President Clinton on February 4,1998. It is suggested that information regarding how this order impacts the implementation of the NRC's oversight of the commercial nuclear power industry be included in the j l proposed generic letter.

Resoonse:

a. The NRC staff agrees with this comment. The particular sentence in the " Purpose" section and in the " Required Response" Item 2 has been revised to limit the scope of certification to systems, software and applications necessary to satisfy license conditions, technical specifications, and NRC regulations.

b. The NRC staff does not agree with this comment. Matters surrounding the Y2K problem are not specifically mentioned in the existing reporting requirements nor are any number of other specific reasons that may result in conditions that would lead to deficiencies, non-conformance, failures, and events that are deemed reportable

l 16 l

l under the existing reporting requirements. Licensees are to determine deportability based on the nonconformance identified.

c. The statement is extracted directly from the " Purpose and Scope" section of NEl/NUSMG 97-07. It will, therefore, not be deleted from the GL.

- d. See Response a. above.

e. The NRC staff agrees, and the particular sentence is deleted in the final GL.

f. The NRC staff does not agree that the GL should refereace the Executive Order on the Year 2000 Conversion. NRC oversight of nuclear facilities is indicated in other authorizing law. Nevertheless, it is noted that in referencing NEl/NUSMG 97-07 in the GL as an example of a possible approach fer licensees when addressing the Y2K problem at their facilities, the staff is consistent with the policy of the executive order which encourages joint government / private sector cooperation on the Y2K problem. Further, in responding to the GL a licensee simply confirms the existence l of an ongoing Year 2000 program and that the facility will be in compliance with its l

license and NRC regulations consistent with the NRC oversight responsibility.

24. PECO Nuclear Comments:

a. The implementation period specified in the proposed GL (i.e., July 1,1999) has effectively reduced the time allowed for utilities to become Y2K ready by 6 months.

Therefore, PECO Energy recommends that if the proposed GL is issued, that the second paragraph (i.e., item 2) section be revised....(PECO comment included some suggested changes.)

b. PECO Energy is requesting clarification with regard to the following statement in item 1 of the " Required Response" section:

"...This response should address the program's scope, assessment process, and plans for corrective actions....."

l It is unclear if this statement pertains to those licensees that are pursuing a Y2K l readiness program as outlined in NEl/NUSMG 97-07 guidance or those licensees that l' are not ....

Resolution:

The GL has been modified to reflect these comments. See also the response to Comment 3 above. i l

25. Northern States Power Company (NSP) l l

l l

1

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . - - _ _ _ - - ---_--- _--__- - ----. - - - - - - - - - - - - - - - J

17 Comment: NSP concurs with the NEl comments (Comment No.17 above).

Reso;ution: See the response to Comment No.17 above.

26. Arizona Public Service Company (APS) l Comments: I l

a. The reference to Year 2000 " readiness" and " compliance" throughout the proposed letter should be changed, as appropriate, to use the terminology that is evolving l into the industry standard. APS provided the definitions for these terms.

b. The sixth paragraph of" Descriptions of Circumstances" states that "NEl was preparing a framework document with guidance for utility use ....." This sentence should be modified to read: "NEl presented a framework document that provides guidance for utilities to use ......"

c. The sixth paragraph also states "The document recommends methods for nuclear utilities to attain Y2K readiness and thereby ensure that their facilities remain safe and continue to operate within the requirements of their license." While the NEl/NUSMG document provides guidance to utilities for addressing the Y2K problem, it does NOT ensure or imply that plants will remain " safe and continue to operate within the requirements of their license." Therefore, this statement should be modified....

d. Paragraph one cf " Discussion", specifically item four, could be interpreted to mean ,

that all codes in use today that have a date function should be evaluated to determine if any past or current output from these codes have been affected by the Y2K problem.... Although APS does not believe that this is the intent of this paragraph, further discussion should be provided to define what actions may be required to address the concern of this paragraph...

e. The sixth paragraph of " Discussion" should be modified to read as follows: "The staff believes that the guidance in NEl/NUSMG 97-07, when properly implemented, is an acceptable approach ......" It should be noted that this guidance provides a framework only and must be modified to address the embeoded systems, design features, policies and procedures, at a minimum, that are unique to each facility.

f. Required Response 1 implies that the guidance provided in NEl/NUSMG 97-07 has been endorsed by the NRC and that other Y2K programs would require further evaluation by NRC. As described above, the NEl/NUSMG guidance provides a framework only and must be modified ... It should be made clear in the GL that such an adaptation of NEl/NUSMG guidance would meet NRC expectations.

g. Required Response 1 could be interpreted to mean that a description of a facility's

c__________--_---__

g 4 g 18 complete Y2K program should be provided to the NRC, including those applications j and equipment that may not affect the operation of the facility,... Therefore, Required Response 1 should be modified to provide clarification that the required response only applies to safety-related systems and systems that are essential for power operations of the facility.

h. Required Response 2 is confusing in that it is not clear as to what information should be provided by July 1,1999....

The words "... in compliance with the terms and conditions of your license (s) and NRC regulations" do not add any benefit to this required response.

The definitions of Y2K Ready and Y2K Compliant should also be removed l from the required response.

l Resoonse: i l

l a. The definitions of the terms " readiness" and " compliance" in the draft GL are extracted from NEl/NUSMG 97-07 and will be retained in the final GL.

l b. Th6 suggested changes have been made to the final GL. )

\  :

i l

l c. The statement is extracted from the " Purpose" section of NEl/NUSMG 97-07 and will, therefore, not be changed in the GL.

l d. Paragraph one of the " Discussion" in the GL has been revised to focus on the l concerns associated with the Y2K problem and not their detailed implications.

Those are part of the plant specific program's assessment activities which are to be l addressed by the licensee.

e. The sixth paragraph of the " Discussion" in the GL has been modified per the comment.

f. Additional paragraphs are included under the " Discussion" in the GL to reflect the need for plant specific Y2K programs and recognize that NEl/NUSMG 97-07 l provides an example of an acceptable Y2K program framework. Required Response 1 is also revised accordingly.

g. Required Response 1 simply confirms the existence of a facility specific Y2K program. If the program significantly differs from that which is outlined in NEl/NUSMG 97-07, a description of the program is required. As stated in the introductory paragraph of " Required Response," the intent of the requested responses is to assure that licensees are effectively addressing the Y2K problem with regard to compliance with the terms and conditions of the facility license and NRC regulations, i.e., the focus of the requirement is on systems, software and

4 19 applications required to meet the facility license and NRC regulations, it is noted that most facilities have only a single Y2K program that addresses all affected systems in the facility. Thus, when providing a description of the Y2K program, the licensee may need to describe the activities beyond the scope of the concerns indicated in the GL.

h. Required Response 2 has been modified to address this comment.

27. North Atlantic /Seabrook Station Comment:

North Atlantic believes that sufficient guidance for addressing the Y2K issue has been provided by NEl/NUSMG. We believe that as a result of the industry's efforts the proposed generic letter is unnecessary. The nuclear industry is already focused on this issue and further regulatory effort can be met through inspection versus placing additional burden on the licensee.

Resoonse:

See response to Comment No. 17. Since the nuclear industry is already addressing the Y2K problem, the staff believes the burden imposed by the generic letter is minimal since a licensee's response simply confirms the existence of a Y2K program, and that the program will provide assurance that the facility is in compliance with its license and NRC regulations.

• a l

l l

l l

ATTACHMENT 5

,. s CRGR REVIEW PACKAGE 1

i PROPOSED ACTION: Issue a generic letter on the Year 2000 (Y2K) problem which has the potential to interfere with the proper operation of computer systems, hardware that is microprocessor-based (embedded software), and

)

software and data base relied upon at nuclear power plants. Request .

addressees to provide information regarding their programs planned or implemented to address the Y2K problem in software based systems at i their facilities. Following endorsement by CRGR, the proposed generic letter will be issued and published in the Federal Register.

CATEGORY: 2 RESPONSE TO REQUIREMENTS FOR CONTENT OF PACKAGE SUBMITTED FOR CRGR REVIEW Question (1):

The proposed generic requirement or staff position as it is proposed to be sent out to licensees.

Where the objective or intended result of a proposed generic requirement or staff position can l be achieved by setting a readily quantifiable standard that has an unambiguous relationship to I a readily measurable quantity and is enforceable, the proposed requirement should merely l specify the objective or result to be attained, rather than prescribing to the licensee how the l

objective or result is to be attained.

i Response: l l

The generic letter requests information from addressees on programs that are already planned or being implemented to address the Y2K problem in computer and other softwere based systems at their facilities.

In order to alert nuclear power plant licensees to the Y2K problem, the NRC issued Information Notice (IN) 96-70, " Year 2000 Effect on Computer System Software," in December 1996. IN 96-70 described the potential problems nuclear power plant computer systems and software may encounter as a result of the change to the new century and how the Y2K issue may affect NRC licensees. IN 96-70 encouraged licensees to examine their uses of computer systems and software well before the turn of the century and suggested that licensees consider actions appropriate to examine and evaluate their computer systems for Y2K vulnerabilities. The NRC l staff also incorporated recognition of the Y2K concem in the updated Standard Review Plan (SRP), NUREG-0800, Chapter 7, Instrumentation and Control, dated August 1997 which contains guidance for staff review of computer-based instrumentation and control systems.

At the Nuclear Utilities Software Management Group (NUSMG) Year 2000 Workshop, an industry workshop held in July 1997, nuclear power plant licensee participants described their Y2K programs, and provided examples of areas where they have addressed Y2K issues in order to ensure the safety and operability of their plants on January 1,2000. Some of the issues discussed included the (1) evaluation of the impact of the Y2K problem on plant equipment, (2) assessment process involved in the identification of Y2K affected components, t

t l :

1

, vendors, and interfaces, (3) development of Y2K testing strategies, and (4) identification of budget needs to address the Y2K problem.

The Nuclear Energy Institute (NEI) met with NUSMG and nuclear plant utility representatives in August 1997 to formulate an industry-wide plan to address the Year 2000 issue. On October 7, 1997, representatives of NEl and NUSMG met with the NRC staff to discuss actions NEl was taking to help utilities to make their plants " Year 2000 ready". The actions included the preparation of a framework document with guidance for utility use in approaching their Y2K readiness efforts. NEl/NUSMG issued the framework document NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness' to all licensees in November 1997. The stated purpose of NEl/NUSMG 97-07 is to recommend methods for nuclear utilities to attain Y2K readiness and thereby ensure that their facilities remain safe and continue to operate within the requirements of their license. The scope of NEl/NUSMG 97-07 includes software, or software based systems or interfaces, whose failure due to the Y2K problem would (1) prevent the performance of the safety function of a structure, system or component, and (2) degrade, impair, or prevent operability of the nuclear facility.

All addressees are requested to submit:

(1) Within 90 days of the date of this generic letter, submit a written response indicating whether or not you have pursued and are continuing to pursue a Y2K program similar to that outlined in NEl/NUSMG 97-07 augmented appropriately in the areas of risk management, contingency planning, and remediation of embedded systems. If your program significantly differs from the NEl/NUSMG guidance, present a brief description of the program (s) that have already been completed, are being conducted, or are l planned to ensure Y2K readiness of the computer systems at your facility (ies). This response should address the program's scope, assessment process, plans for corrective actions (including testing and schedules), quality assurance measures, contingency plans, and regulatory complirnce.

(2) Upon completing your Y2K program, or, in any event, no later than July 1,1999,  ;

submit a written response confirming that your facility is Y2K ready or will be Y2K j ready with regard to compliance with the terms and conditions of your license (s) and  :

NRC regulations. If your program is incomplete as of that date, your response should l contain a status report, including completion schedules, of work remaining to be done to confirm your facility is/will be Y2K ready.

{"Y2K Ready" is defined as a computer system or application that has been determined to be suitable for continued use into the year 2000 even though the computer system or application is not fully Y2K Compliant. "Y2K Compliant" is defined as computer systems or applications that accurately process date/ time data (including but not limited to, calculating, comparing, and sequencing) from, into and between the twentieth and twenty-first centuries, the years 1999 and 2000, and leap-year ca!culations.}

Question (ii):

Draft staff papers or other underlying staff documents supporting the requirements or staff E

t positions. (A copy of all materials referenced in the document shall be made available upon request to the CRGR staff. Any Committee member may request the CRGR staff to obtain a copy of any reference material for his or her use.)

Response

The generic letter requests certain information on current actions being planned or irnplemented by licensees to address the Y2K problem at their facilities. The information is needed in order to obtain the necessary assurance that licensees are effectively addressing the Y2K problem l with regard to compliance with the terms and conditions of their licenses and NRC regulations.

The staff believes that the guidance provided in NEl/NUSMG 97-07, when properly augmented and implemented, presents an example of one possible approach for licensees when addressing the Y2K problem at nuclear power plant facilities. Licensees may opt for a Y2K readiness and compliance program other than the one outlined in NEl/NUSMG 97-07.

Question (iii):

l Each proposed requirement or staff position shall contain the sponsoring office's position as to whether the proposal would increase requirements or staff positions, implement existing requirements or staff positions, or would relax or reduce existing requirements or staff positions.

Response

Complying with the requested responses in the proposed generic letter does not represent a I new staff position. The letter is requesting certain information on current actions being planned or ;mplemented by licensees to address the Y2K problem at their facilities in order to ensure the staff that they are in compliance with all license provisions and NRC regulations.

The Y2K problem applies to any software based system, interface, software, and data base at nuclear power plants. The problem could adversely affect the performance of the safety l function of a system, structure, or component, and could degrade, impair, or prevent operability j of the nuclear power facility.

The NRC regulations that provide a basis for this request include:

. 10 CFR 50.36, " Technical Specifications," paragraph (C)(3), " Surveillance requirements,"

and paragraph (C) (5), " Administrative controls." These relate, respectively, to requirements relating to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained, and to provisions relating to management, procedures, record l keeping, review and audit necessary to assure operation of the facility in a safe manner.

. 10 CFR 50.47, "Emergancy plans," paragraph (b)(8), which relates to the provision and maintenance of adequate emergency facilities and equiptrent to support the emergency responses. i

- Appendix A to 10 CFR 50, General Design Criterion (GDC) 13, " Instrumentation and control," which address the provision of appropriate instrumentation and controls to monitor and control systems and variables during normal operation, anticipated operational occurrences, and accident conditions as appropriate to assure adequate safety.

- Appendix A to 10 CFR 50, GDC 19, " Control room," which requires the provision of a control room from which actions can be taken to operate the nuclear plant safely.

. Appendix A to 10 CFR 50, GDC 23, " Protection system failure modes," which requires that the protection system shall be designed to fail into a safe state or into a state demonstrated to be acceptable on some other defined basis.

- Appendix B to 10 CFR 50, Criterion 111, " Design Control," requires that design control measures shall provi .'s for verifying or checking the adequacy of design, such as by the performance of design reviews, by the use of attemate or simplified calculational methods, or by the perfcfmance of a suitable testing program.

- Appendix B to 10 CFR 50, Criterion XVil, " Quality Assurance Records," requires that sufficient records shall be maintained to fumish evidence of activities affecting quality. The records are to include, among others, operating logs and results of reviews.

Question (iv):

The proposed method of implementation with the concurrence (and any comments) of the Office of the General Counsel (OGC) on the method proposed. The concurrence of affected program offices or an explanation of any nonconcurrence.

Response

OGC reviewed the proposed generic letter and has no legal objection.

Question (v):

Regulatory analyses conforming to the directives and guidance of NUREG/BR-0058 and NUREG/CR-3568. (This does not apply for backfits that ensure compliance or ensure, define, or redefine adequate protection. In these cases a documented evaluation is required as discussed in IV.B.(ix)).

Response

A formal regulatory analyses is not required because the generic letter is requesting certain information on ongoing actions being planned or implemented by licensees to address the Y2K problem at their facilities in order to provide assurance to the staff of compliance with all license provisions.

Question (vi):

identifiestion of the category of reactor plants to which the generic requirement or staff position is to apply (that is, whether it is to apply to new plants only, new OLs only, OLs after a certain date, OLs before a certain date, all Ols, all plants under construction, all plants, all water reactors, all PWRs only, some vendor types, some vintage types such as BWRs 6 and 4, jet pump and nonjet pump plants, etc.).

. e

Response

The proposed generic letter would apply to all plants.

Question (vil):

For backfits other than compliance or adequate protection backfits, a backfit analysis as denned in 10 CFR 50.109. The backfit analysis shallinclude, for each category of reactor plant, an evaluation that demonstrates how the action should be prioritized and scheduled in light of other ongoing regulatory activities. The backfit analysis shall document for consideration information available conceming any of the following factors as may be appropriate and any other information relevant and material to the proposed action:

(a) Statement of the specific objectives that the proposed action is designed to achieve; (b) General description of the activity that would be required by the licensee or applicant in order to complete the action; (c) Potential change in the risk to the public from the accidental release of radioactive material; (d) Potential impact on radiological exposure of facility employees and other one,ite workers; (e) installation and continuing costs associated with the action, including the cost of facility downtime or the cost of construction delay; (f) The potential safety impact of changes in plant or operational complexity, including the relationship of proposed and existing regulatory requirements and staff positions; (g) The estimated resource burden on the NRC associated with the proposed action and the availability of resources; (h) The potential impact of differences in facility type, design, or age on the relevancy and practicality of the proposed action; (1) Whether the proposed action is interim or final, and if interim, the justification for imposing the proposed action on an interim basis; (j) How the action should be prioritized and scheduled in light of other ongoing regulatory activities. The following information may be appropriate in this regard:

1. The proposed priority or schedule,

2. A summary of the current backlog of existing requirements awaiting implementatioil,

I., s I

- l

3. An assessment of whether implementation of existing requirements should be de' erred as a result, and

4. Any other information that may be considered appropriate with regard to priority, schedule, or cumulative impact. For example, could implementation be delayed pending public comment? '

Response

1 This item is not applicable.

1 I

I Question (viii):

For each backfit analyzed pursuant to 10 CFR 50.109(a)(2) (i.e., not adequate protection i backfits and not compliance backfits), the proposing Office Director's determination, together I with the rationale for the determination based on the consideration of paragraph (1) and (vii) above, that: l (a) There is a substantial increase in the overall protection of public health and safety or the common defense and security to be derived from the proposal, and (b) The direct and indirect costs of implementation, for the facilities affected, are justified in view of this increased protection.

Response

1 This item is not applicable. ,

1 Question (ix):

i' For adequate protection or compliance backfits evaluated pursuant to 10 CFR 50.109(a)(4)

(a) A documented evaluation consisting of:

1. the objectives of the modification;

2. the reasons for the modification;

3. the basis for invoking the compliance or adequate protection exemption.

(b) In addition, for actions that were immediately effective (and therefore issued without prior ,

CRGR review as discussed in Ill.C) the evaluation shall document the safety significance l and appropriateness of the action taken and (if applicable) consideration of how costs contributed to selecting the solution among various acceptable altematives.

4 l

_ _ . _ _ _ . . _ - _ - . . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _______a

.. s 7

Response

This item is not applicable.

Question (x):

For each evaluation conducted for proposed relaxations or decreases in current requirements or staff positions, the proposing Office Director's determination, together with the rationale for the determination based on the considerations or paragraphs li) through (vii) above, that:

(a) The public health and safety and the common defense and security would be adequately protected if the proposed reduction in requirements or positions were implemented, and (b) The cost savings attributed to the action would be substantial enough to justify taking the action.

Response

This item is not applicable.

Question (xi):

For each request for information under 10 CFR 50.54(f) (which is not subject to exception as discussed in Ill.A) an evaluation that includes at least the following elements:

(a) A problem statement that describes the need for the information in terms of potential safety benefit.

(b) The licensee actions required and the cost to develop a response to the information request.

(c) An anticipated schedule for NRC use of the information.

(d) A statement affirming that the request does not impose new requirements on the licensee, other than for the requested information.

l Response:

l (a) The information being requested is needed in order to obtain the necessary assurance that licensees are effectively addressing the Y2K problem.

The Y2K problem applies to any software based system, interface, software, and data base at nuclear power plants. The problem cculd adversely affect the performance of the safety function of a system, structure, or component, and could degrade, impair, or prevent operability of the nuclear power facility.

.. s 8-(b) The generic letter is not requiring any actions of the addressees, but is requesting certain information on current actions being planned or implemented by licensees to address the Y2K problem at their facilities. The reporting burden for this collection of information is estimated to average 100 hours0.00116 days <br />0.0278 hours <br />1.653439e-4 weeks <br />3.805e-5 months <br /> per response, including the time for reviewing the instructions, searching data sources, gathering and maintaining the needed data, and completing and reviewing the information collected.

(c) The first set of information will be used by the staff by September 1998 and the second set will be used by the staff in July 1999 to assure that the nuclear power facilities are or will be Y2K ready.

(d) Complying with the requested responses in the proposed generic letter does not represent a new staff position. The letter is requesting certain information on current actions being planned or implemented by licensees to address the Y2K problem at their facilities to ensure compliance with alllicense provisions.

Question (xii):

An assessment of hev the proposed action re!ates to the Commission's Safety Goal Policy Statement.

Response

This item does not apply.

- _ _ .