ML18299A193

From kanterella
Revision as of 08:37, 30 November 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
Jump to navigation Jump to search
M181025: Scheduling Note and Slides - Briefing on Digital Instrumentation and Control (Public Meeting)
ML18299A193
Person / Time
Issue date: 10/25/2018
From:
NRC/SECY
To:
References
M181025
Download: ML18299A193 (62)
v  d  e


Text

SCHEDULING NOTE

Title:

Briefing on Digital Instrumentation and Control (Public Meeting)

Purpose:

To discuss with the Commission the progress in implementing the regulatory infrastructure for digital and instrumentation control (Dl&C) systems, and industry initiatives in implementing Dl&C Scheduled: October 25, 2018 9:00 am Duration: Approx. 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> Location: Commissioners' Conference Room, 1st Floor OWFN

Participants:

Presentation External Panel 40 mins.*

Bill Pitesa, Chief Nuclear Officer, Nuclear Energy Institute 8 mins.*

Topics:

  • Industry perspectives on:

o Progress on publishing and implementing guidance for digital l&C upgrades at nuclear power plants o Planned digital l&C capital improvements at nuclear power plants o NRC licensing and oversight of digital l&C o Transformation Team Dl&C recommendations Frank Novak, Senior Systems Engineer, GE Hitachi Nuclear Energy, 8 mins.*

Instrumentation and Control Group; and Chair of IEEE Nuclear Power Engineering Committee (NPEC) Working Group 6.3 Topics:

  • IEEE perspectives on:

o Recent digital l&C upgrades at nuclear power plants o NRC licensing of digital l&C o NRC Transformation Team recommendations Clayton Scott, Senior Vice President - Deputy, Global l&C Business, 8 mins.*

Framatome Inc.

Topic:

  • Vendor's perspectives on international practices and standards, commercial grade dedication, and NRC's digital l&C platform approval process 1

~*

George Romanski, Chief Scientific and Technical Advisor for 8 mins.*

Aircraft Computer Software, Federal Aviation Administration Topics:

  • Federal Agency's perspectives on approaches for software reliability in critical safety systems, experience in the aviation industry guidance and standards for digital l&C
  • Digital implementation and operational experience Dr. John P. Thomas, Professor, Massachusetts Institute of Technology 8 mins.*

Topic:

  • Subject matter experts views on addressing common cause failure hazards, addressing evolving digital technologies, and perspectives on regulatory acceptance of digital l&C Commission Q & A 50 mins.

Break 5mins.

NRC Staff Panel 40 mins.*

Margaret Doane, Executive Director for Operations Ho Nieh, Director, Office of Nuclear Reactor Regulation (NRR)

Eric Benner, Director, Division of Engineering, NRR Michael Waters, Chief, Instrumentation and Control Branch, NRR Rossnyev Alvarado, Digital l&C Engineer, NRR Dinesh Taneja, Sr. Electronics Engineer, NRO Topics:

  • Status of Digital l&C Integrated Action Plans (SECY-16-0070) o Digital Upgrades under 10 CFR 50.59: Status of guidance development, implementation and inspection training and lessons-learned in guidance improvements o New Licensing Approaches for Major Digital Systems: Licensing and digital l&C platform approval status and status of guidance development, and future risk-informed approaches and digital l&C categorization o Addressing Digital Common Cause Failure (CCF): Key safety and regulatory issues; NRC and industry guidance development; and graded approaches for evaluating diversity and defense-in-depth o Broader Modernization Activities: Commercial grade dedication; risk-informing initiatives and CCF research; advanced reactor l&C framework; as well as relevant transformation team recommendations 2

Commission Q & A 50 mins.

Discussion - Wrap-Up 5 mins.

3

-

Introduction ~I Quotes from SECY 18-0060 (Transformation)

  • "The current staff review process is burdensome to these technologies as it drives the licensees or manufacturers to demonstrate detailed compliance with no commensurate safety improvement to the design"
  • "Promotes a clause-by-clause, compliance-based approach to l&C safety system reviews that is focused on component-level design rather than a more performance-based, risk informed approach that permits a broader consideration of overall plant safety and system performance" 2

© 2018 Nuclear Energy Institute, Inc.

Historical Performance Historical Performance Historical Performance PWR Turbine Controls BWR Digital Feedwater BWR Turbine Controls 0 .140 0 .300 0 .140

'i:" 'i:" 'i:"

g 0 .120 :g 0.250 "'a,> 0.120

> >

a, QI a, u

.!::! 0 .100 a, .!::! 0 .100 a,

1ii ~

a: a, 0.080

"'

"'

a: ~

.

QI * -

.... > 0.200 .... >

...

"' a, 0 .080 a:

"'

E- :E

~ -*~ 0.150 :E -

~

u::,

  • ~ 0 .060 ~ *~ 0 .060 u::, u  :::,

VI - VI ";;' 0.100

...."'C 0.040 ....C VI -

...."'C 0 .040 C1I QI C1I

> >

- C1I 0.020 0.000

-QI 0.050 0.000

- > 0 .020 C1I 0.000

  • Analog
  • Digita l
  • Analog
  • Digital
  • Ana log
  • Digital

Final Planned NRC Planned NRC Awaiting EPRI Awaiting EPRI Document 2018and Revision Endorsement Results in Guidance in Issued May Beyond 4Q2018 2018 2019 2019 2018

Digital Appetite ~I

  • Over 50 system and component upgrades planned as a result of RIS guidance

- Control room chiller controls, indicators and recorders

- Emergency Diesel Generator controls

- Circuit breakers and relays with embedded digital devices

- Main / Emergency Feedwater and Turbine controls

  • Utilities in discussion to implement digital upgrades to Reactor Protection and Engineered Safety Features Actuation Systems

- Plans subject to revision of Dl&C ISG-06

- Second License Renewal providing opportunity for major capital investments 6

© 2018 Nuclear Energy Institute, Inc.

-

Goin Forward - Re ulato Guidance ~I

  • While RIS 2002-22, Supplement 1 & ISG-06 Rev 2 provide near-term opportunity - long term digital solutions are still needed

- Policy for CCF in SECY 93-0087 (implemented in BTP 7-19) does not reflect current technology nor risk insights

- Current policy does not recognize:

  • international standards
  • industry's design guides
  • digital engineering standardization initiatives 9

© 2018 Nuclear Energy Institute, Inc.

-

Goin Forward - Culture ~I

- "staff continues to believe that the Commission's direction in SRM-SECY-93-087 addresses CCF in digital l&C systems and provides adequate flexibility for regulatory modernization activities"

- "staff believes that some residual faults might remain undetected within a system and could result in hazards that can challenge plant safety" 10

© 2018 Nuclear Energy Institute, Inc.

Implement NRC Transformation Recommendations ftEI

  • Eliminate outdated regulatory guidance
  • Benefits and advances achieved under RIS 2002-22, Supplement 1 and ISG-06 Rev 2 should be moved into more durable regulatory guidance (Reg Guide)
  • Allow Alternate Standards

-- Allowing the use of international Dl&C standards will broaden available equipment resulting in a more efficient design and procurement process 11

© 2018 Nuclear Energy Institute, Inc.

-

Implement NRC Transformation Recommendations ~I

  • "The staff recommends changing the paradigm for licensing reviews of Dl&C systems from a strictly bottom-up approach using specific standards to a risk-informed, performance-based approach"

- Such an approach would enable effective, efficient, and agile use of multiple alternative standards and methods

- Focusing on the most safety significant issues will reduce the impact of CCF questions 12

© 2018 Nuclear Energy Institute, Inc.

-

Future ~I Digital upgrades are paramount to the success of the nuclear industry We need tangible, useable, endorsed Digital l&C guidance for implementation of safety-related digital upgrades both under 10 CFR 50.59 and the License Amendment Request (LAR) process such that regulatory uncertainty is minimized 13

© 2018 Nuclear Energy Institute, Inc.

- HITACHI Digital IHC Licensing and the NRC Transformation NRC Panel, October 25. 2018 Frank Novak Senior Systems Engineer

/

DutlinB

  • Perspectives on
  • Recent experience with digital IHC modifications
  • NRC Transformation Tearn recommendations
  • NRC licensing of digital IHC

I chair the IEEE Working Group that is responsible for IEEE Std 603. but I do not represent IEEE.

e HITACHI Class I (Public) 2 NRCPanel ID/25/2Dl 8

Recent Experience with Licensing Digital Modifications:

Before SAfter ISG-6 (Rev t)

  • Overview of product Duratian af Review af License Amendment Requests
  • License Amendment Requests (LAR) were for different sites. but for the (LAR's) same product and based on the same Licensing Tapical Report (L TR). 3.0
  • LAR scope increase due to ISG-06 (Rev I) j 2.0 --
  • Page count: from -150 pages in 2 attachments to more than IDDD pages in 34 attachments. u,
  • L co 1.5
  • GEH support: a few hundred hours to thousands of hours. OJ

>-

  • Comments on factors contributing to difficulty
  • Increased scrutiny of software development process. which continues 1.0

-

through Factory Acceptance Test (FAT). was a major factor. * *

  • Complying with system criteria in IEEE Standards was only a minor 0.5
  • --

factor.

,__

0.0 1995 2000 2005 201D 2015 2020 Approval Date The anticipated improvements in (draft) ISG-06 Rev 2 are much e HITACHI Class I (Public) appreciated.

3 NRCPanel I0/25/2DIB

Perspective on Transformation Tearn Recommendation:

Alternative Standards for Digital = IHC= = = = = = = = - = - - - - - - - -

New Plant Designs Dperating._F_.le_et_ _ _ _ _~

System-level modifications

  • Transition to alternative less likely to be cost-effective.
  • Pre-existing design basis for lfiC is IEEE-based.
  • Approved software development processes (in US) tend to be IEEE-based.
  • General comments
  • Both IEEE and established alternatives lead to excellent safety and quality.
  • Appeal of alternatives relies on clean endorsements. leading to ease of use.
  • ISG-06 Rev 2 continues to be very important.

- HITACHI Class I (Public) 4 NRC 0 anel ID/25/2Dl8

NRC LicBnsing of Digital IHC:

Important RBlatBd lnitiativBs to ConsidBr

===~-----------

I. Transition regulatory review of software development process to NRC UA

  • Could BliminatB projBct-by-projBct rBviBw of softwarB dBvBlopmBnt procBss.
  • Should rBliBVB schBdulB prBssurB and rBducB rBgulatory uncertainty.
  • ISG-06 RBvision 2 is taking stBps in this dirBction.
2. Promote harmonization of nuclear IHC standards
  • Industry and thB standards bodiBs alrBady support dBvBlopmBnt of harmonizBd IEEE/ IEC standards carrying "joint logos."

- Successes include IEEE/IEC standards for equipment qualification. condition monitoring. accident monitoring.

- Recent decision: pursue joint IEEE/IEC standard for safety classification.

- Fosters standardization. cost-effectiveness.

  • In anticipation of Bndorsing altBrnativBs. NRC should support harmonization.

Significant positive impact can be made e HITACHI without waitin for rule-making.

Class I (Public) 5 NRC Panel I0/25/2Dl8

Status of IEEE Std 603

  • Snapshot of current revision project
  • Revision started: Feb. 2Dl5.
  • Issuance expected: 2Dl8.
  • Revisions. balloting. and IEEE Review Committee approvals are complete.
  • Most important change: addition of a risk-based criterion for addressing Common Cause Failure (CCF).
  • Disposition of NRC input
  • NRC letter to IEEE Nuclear Power Engineering Committee (NPEC) dated May 4. 2Dl6 [MLl6117A374]

- addressed technical concerns.

  • New issues in SECY-18-0060 (Encl. 5) - not considered because of timing.

8 HITACHI Class I (Public)

NRCPanel ID/25/2Dl8

Summary

  • CausBs of rBcBnt difficulty of licBnsing DISC modifications
  • Scrutiny on software development - a major factor.
  • Concerns about IEEE standards (as raised in SECY) - only a minor factor.
  • PBrspBctivBs on NRC Transformation S Digital ISC LicBnsing
  • Processes involving alternative / harmonized standards are appealing. especially for new plant designs.
  • Should pursue related initiatives in parallel:

I. Transition review of software development to NRC UA

2. Promote IEEE/IEC harmonization
  • IEEE Std 603 should bB issuBd soon 8 HITACHI Class I {Public} 7 NRC Panel JD/25/2Dl8

framat Digital l&C in Nuclear Briefing for the NRC October 25, 2018 Clayton Scott SVP-Deputy, Global l&C Business

Digital l&C

  • Digital systems have been in use in all Sectors of industry including Nuclear since the 1970's
  • Global agencies in all Sectors of industry have issued substantial guidance, information, papers, publications, studies, regulations, etc ... to support understanding, implementing and operating digital control systems
  • A large percentage of nuclear power plants both new and existing are using digital technologies both in safety related and non-safety related systems p.2 framatome

Fuqing Unit 1 and Taishan Control Room

  • Tricon and Teleperm XS installed and many units globally meeting multiple regulatory requirements and providing safe, reliable operation p.3 framatome

Technology

  • New Build or Modernization - technology is technology

-

l&C Regulation applies to both

  • What are we missing? - Trust in Technology

+ Some technology platforms have over 1 Billion hours of operation without failure upon demand in Safety Related systems across multiple sectors including nuclear

+ The technologies today individually and even more so once placed within a multiple channel architecture have PRA's that are 1 Q-6 to 10 more emphasis on overall PRA needs to be leveraged

+ Overall NRC movement towards risk-informed regulation, but l&C not fully aligned p.4 framatome

Technology

  • Reliance Petroleum - Worlds Largest Control room in Sector globally
  • 180,000 digital 1/0
  • Trust in Technology in critical process systems - emergency shutdown systems Foxboro DCS and Tricon platforms used - S1L4 for safety critical are designed to consider failures that can impact digital, yet have demonstrated high levels of fault tolerance and high reliability - same technology supplied to nuclear power plants p.5 framatome

. J Technology

  • Outside US - Regulation ~s based on ~AEA, ~EC, IEEE and NRC

-**

guidance - why not in the US recogn~ze gioba! standards as well -

critical to supply chain

  • Common Cause Fa~~ure - is not common, most or a~~ digital events evolve around m~s~nterpretation of functional requkements or building of appi~cation code, not fai~ure-of the code itseff or even the hardware supporting the app~~cation as ~n -most safety or safety critical app!~caUons redundancy and in some cases triplications are in place *

. , .

  • Diverse Technologies in place globally p.6 framatome

Regulation

  • Need to expedrne Regu!atorry change to a~!ow for modernization

-

  • New guidance should be structured to benefn from the technologica!.

advantages of dig~tai platforms to make plants .safer arnd more reliable

+ Less risk of trip '

+ less risk of entering LCO

  • . industry core knowiedgei des~gn processes weU advanced~ being implemented. in digital design process, NR.C regu!atorry focus shou!d be on the final outcome of plant designs and thek ~mpact on safety~ not

.* on trying to specifyi or detail desigrn processes used. by ut!lities

/

framatome

Regulation .

-

  • NRC not ieveragirng industry (EPR!) and internaUonal data, standards, and practices and incorporating these ~nto the NRC regulatory framework '

/

. .

  • NRC ~&C staff should cons~der incorporating risk k~s~ghts into i&C regulations

+ Too much emphasis is being placed on the software life cycle

+ Nuclear and other industry data show !&C systems are not the dominant contributors to failure, and the. !&C failure rates are negligible when compared

.

to the plant pr~cess systems they interface with p.8 framatome

. r

Future Digital upgrades-are_a*necessity to sustain long term, efficient and safe operation of the plants both new and old.. Regulatory positions* for all upgrades need to-be useable and positioned so that there is minimal uncerl~inty allowing utilities to support -their fleet safely into the future

. .

p.9.

framatome

-

p. 10 framatome

Massachusetts l'lil Institute of Technology Digital l&C Lessons learned across industries Dr. John Thomas MIT Experiences across industries (Automotive, Aviation, Space Systems, Chemical, Oil & Gas, Nuclear Power, Defense, Healthcare, Medical Devices, Weapon Systems, etc.)

Accidents causes are changing Non-failure accidents Non-failure accidents Component failure Component failure accidents accidents 1970s Today

Barrier: requirements

  • "The hardest single part of building a software system is deciding precisely what to build."

-- Fred Brooks, The Mythical Man-Month

  • Most software-related accidents have been traced to flaws in the requirements (Leveson, 2004) (Endres et al., 2003)(Lutz et al., 1993)
  • As is well known to softWare engineers~ by far the largest class of problems arises from errors made in the eliciting~

recorcling~ and analysis of requirementsn (Jackson et al., 2007) 3

Insight from Automotive 11

  • ln my experience the requirements are much more important than* preventing hard.ware failures.

recalls are rarely due to component failures, typically it's due to missed requirements, requirements never verified, or missed interaction

  • with sup.plier."
  • Joseph Miller 4

H PCI Flow Control System Operator System Interaction Initiation Signal HPCI/RCIC Flow

---.*

i Control System

  • Trip/

Throttle Admission Valve Valve System Initiation Signals System Isolation Signals Turbine Trip Signals (Open Steam Admission Valve & (Trip Turbine & Close Process Valves) (Close TripfThrottle Valve)

Process Valves) 1. High Steam Line Flow 1. Any system isolation signal

1. Low Reactor Level (-48") 2 . High Area Temperature 2. High Steam Exhaust Pressure (150 psi)
2. High Drywell Pressure* (HPCI 3 . Low Steam Line Pressure (HPCI only) 3. High Reactor Level (+46")

only; +2 psig) 4. Low Reactor Pressure (RCIC only)

  • 4 . Low pump suction pressure (15" Hg) 5 . Manual 5. Turbine overspeed
6. Manual (local or remote)

Operating Experience (No Component Failures) 2~0 120%

2200 Governor 2000 r Valve 100%

1800

\ I

  • 1 C:

1600 80% 0

"'C

\

. *-

  • -

~

Ill QJ 1~0 0 V,

QJ a.

Turbine

\

.. ci.

QJ

>

1200 60%

QJ Speed I

. ~

  • -.cC:

I.. 1000 I

. I..

~

I 0 800 \. \

. 40%

C:

'-

QJ

>

""

\ 0 600 . C,

\

400

. 200.k I Reset

.

"'

Setpoint 200 .

I

.J,

  • 0 0

0 0

0 0

0 0

0 0

0

~

0 0

0 0

L .- .-

0 0

0 0

0 0

- -.-

0 0

0 0

.- .- .-

0 0

0 0

0 0

- - . - . - . - . - . - .- . - .

0 0

0 0

0 0

0 0

0 0

0 0

0 0

0 0

0 0

- 0%

R

..., R

..., R

..., R

..., R

..., - - - - -

0 0  !=? R 0 0

"'

0

"'

0

"'

R

"'

0

"'

!=?

VJ 0

VJ

!=?

VJ

- - - - -

R R VJ R R  !=? R Time

Operating Experience (No Component Fa iIu res) 2~0 1~%

~o 2000

\

/

*- - I 100%
  • 1aoo I 1600 I "Trip" I Setpoint

'* System Enable Signal (17%) 80%

C:

..,0

  • -
  • *;:;;

"'C QJ 1~0 0 QJ ~

Q. QJ V,

QJ 1~0 System 60% .2 C:

  • - Initiation ~

..c

'-

s I-1000 Signal {0%) -P.'~1- ---* - Actual Response

'-

0 C:

'-

40% QJ 800

>

600

...I\ - Nonnal Start CJ 0

_

  • Gov Valve Position
  • 400 f----4 Reset I 20%

I Setpoint I . .

200 0 0%

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

  • * **
  • 0 0 0 0 0 0 0 0 0 ~ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0()0 :...  :...  :... :... ...... ~ ~ ~ N N c.> c.> w c.> w 0

"'

  • en 0

"' * (J) 00 0

"'

  • en 00 0 tJ
  • en 00 0 tJ en Time

Blind test of STPA Process Plant Operator Model Conditions I I I t I I I I

Select I I Set Desired I Adjust I System I 1 t Select Auto t I I I Desired I

Controller Flow Rate Flow Flow I t or Manual I I t t I I t I Speed

(MCR/RSP) (Auto) (Manual) Rate I t t I t

'

t I t

Process Flow Control System Model System Initiation I

I Signal System I Turbine I Valve I I

Open/Close System 1 t I I Flow Rate

  • Speed I Position I I Commands Enable :

I I I I I

I I I I I I I I I I

  • ---

t I I t Actuator t I

t I

I

t From Main Steam To

o Magnetic PickUp Trip/

Throttle Valve Steam Admission Valve Reactor From Torus or

--+--- Condensate Storage Tank Controlled Process

Blind test: STPA identified the problem Hazard: Equipment Operated Beyond Limits (H3)

Controller: HPCI-RCIC Flow Control System Hazardous Control Action No. 2: "Increase governor valve position" command is provided when:

there is an accident and turbine speed is too high, regardless of system flow Inadequate, Missing or Delayed Feedback Enable signal sent to controller before there is a valid demand on HPCI/RCIC enable provided when steam admission valve is not open (broken or misaligned LS) steam admission valve commanded open when there is no demand on HPCI/RCIC (spurious ESFAS signal) enable provided when steam admission valve is opened, but too late (misaligned LS or LS setpoint too high) steam admission valve commanded open too late when there is a demand on HPCI/RCIC (ESFAS delay)

HPCI/RCIC pump flow rate signal to controller is missing, delayed, incorrect, too infrequent, or has inadequate resolution Signal corrupted during transmission sensor failure sensor design flaw sensor operates correctly but actual flow rate is outside sensor's operating range fluid type is not as expected (water vs. steam?)

Governor valve position signal to controller is missing, delayed, incorrect, too infrequent, or has inadequate resolution Problems with communication path actual position is beyond sensor's range sensor reports actuator position and it doesn't match valve position

Industry standards to solve this problem

  • ISO/PAS 21448: Safety of the Intended Functionality (SOTIF)
  • STPA used assess safety of digital systems _
  • "Standard Guide for Application of STPA to Aircraft"
  • "Using STPA during Development and Safety Assessment of Civil Aircraft"
  • "Airworthiness Security Methods and Considerations"
  • STPA-sec used for cybersecurity of digital systems
  • "Recommended Practice for STPA in Automotive Safety Critical Systems" (Last Slide)

7 U.S.NRC United Stares Nuclear Regulatory Comm ission Protecting People and the Environment BRIEFING ON DIGITAL INSTRUMENTATION AND CONTROL Commission Meeting October 25, 2018

Speakers

  • Ho Nieh, Director, Office of Nuclear Reactor Regulation {NRR)
  • Rossnyev Alvarado, Electronics Engineer, Instrumentation and Control Branch B, NRR/DE
  • Dinesh Taneja, Sr. Electronics Engineer, Instrumentation and Control Branch A, NRR/DE 2

Significantly Modernizing our

  • Digital l&C Infrastructure
  • Making real progress, in terms of flexibility and external engagement
  • Considering experiences, internal and external to NRC
  • Embracing a vision that safely enables new technologies and innovation Shippingport Control Room - 1957 NuScale Control Room Simulator 3

Focused on the Most Significant Regulatory Challenges

  • Addressing near-term challenges identified by external stakeholders

- Clarify common cause failure {CCF) expectations.

- Clarify and expand use of 10 CFR 50.59

- Improve licensing- and certification processes

- Clarify commercial grade dedication expectations

  • Identifying broader improvements to modernize the regulatory infrastructure

- Leverage international and non-nuclear approaches

_- Expand use of risk information 4

The IAP Implements Commission Direction and Stakeholder Priorities

  • * .Enable performance-based and*

technology neutral approaches

  • Use same re.gulations for new and operating reactors, with tailored
  • guidance if necessary.
  • Ensure co,mmon .understanding with

. stakeholders on challenges, priorities, and potential solutions 5

Recent Accomplishments Enabled

.by Changes in our Approach

  • Self-critical assessment of NRC practices:

.- Implementation of Commission* policy on CCF

  • Creating support networks to ensure/ effective implementation of new guidance:

- RIS 2002-22, Supplement 1

  • *
  • Revisiting what information is necessary to make a regulatory decision:
  • ,.
  • - Operating Reactor License Amendments (ISG-06)

- New Reactor Design Certification (NuScale DSRS) 6

Clarifying CCF Expectations

  • Evaluated:

- Policy in SRM-SECY-93-087

- Feedback from industry

- Lessons learned from regulatory reviews

  • Concluded:

- Current policy adequate and supports near-term improvements (i.e., graded approach, alternative standards, alternative methods of diverse actuation)

- Implementation has been inconsistent and, in specific cases, overly restrictive ~ *

  • SECY 18-0090:.

- Documents staff evaluation and identifies guiding principle~ to improve policy implementation 7

SECY 18-0090 Guiding Principles

  • Continue to address CCF
  • Diversity and Defense-in-Depth analysis typically warranted, but can be:

- Best estimate or design basis

- Graded commensurate with safety significance &

may not be necessary for low safety significance

  • Alternate means to accomplish safety function acceptable:
  • - *Non-safety or safety-related

- Manual or automatic

- Mitigation of consequences through other means

  • Justification for defensive measures can be commensurate with safety sfgnificance
  • 8

Clarifying and Expanding the use of 10 CFR 50.59

  • Operating reactors seek to implement majority of upgrades under 10 CFR 50.59

- Focused on lower safety significance l&C systems

- Clarifies appropriate use of qualitative factors when performing 1o. CFR 50.59 evaluations

- Addresses all l&C systems

- Includes improved 50.59 screening guidance .

9

Demonstrated Improvement in Recent Licensing and Certification Actions

  • Hope Creek PRNMS
  • NuScale Design Certification

~ * ~ ..,...-i,IT"'"='~'11"10

  • APR-1400 Design 1 Approval
  • Vogtle Unit 3&4 Amendments Purdue-1 Digital l&C System
  • MIT Nuclear Safety System
  • Purdue l&C System Upgrade 10

Improving the Licensing Process

  • Operating reactor licensees seek to obtain regulatory approval before making significant capital investment
  • Revising ISG-06 to:

- Provide alternate review process for earlier approval of digital systems

- Clarify information needed to initiate regulatory review

- Incorporate other lessons learned from operating and new reactor reviews 11

Licensing Processes Comparison Timeline (not to scale) 7 Traditional Process  ;  ; t- NRC Decision on LAR I I LA R Submitted .+I

NRCReviewandAudits I NRC Regional Inspection (Phase 1 Information) I I Processes I Phase 2 Supplementa l 1 I Information 1 Licensee Activities I I I

Concepts Initial System Implementation, Detailed HW & SW Design Installation and and Pre-application Design, Software V&V, and and Fabrication Site Acceptance Testing Meeti ngs Planning Factory Testing I I I I Alternate Review Process * ~ - - - - -* ~ NRC Decision on LAR I I ..-- ---.

I I NRCVendor NRC Regional Inspection LAR Submitted 71 NRCRevlewandAudits I Inspection Processes Processes All Information I I I I 12

Clarifying Commercial. Grade Dedication Expectations

  • -Vendors seek to demonstrate achievement, of domestic nuclear*

safety standards through international safety certi'fication

  • Will expand the number of systems and components available for use by domestic licensees
  • EPRI currently developing process which NEI will submit for NRC review 13

Continuing to Identify Broader Improvements to Modernize the

  • Regulatory Infrastructure
  • Evaluating international and non-nuclear approaches to identify best practices
  • Expanding use of higher level design principles applied in NuScale to improve advanced reactor reviews
  • Engaging industry to iden.tify alternative standards they are most interested in u.sing
  • . Evaluating broader use of risk-information in

. .

licensing, certification and oversight 14

Making Progress on Achieving an Efficient and Effective Digital l&C

  • Framework
  • Continue our efforts to modernize our decisio*n making in the use of Dl&C systems
  • Continue to effectively communicate with all stakeholders to understand their challenges, priorities, and potential solutions
  • Continue to transform with risk-informed and innovative approaches 15

Acronyms

  • APR....: Advanced Power Reactor
  • IEC - International Electrotechnical
  • BTP - Branch Technical Position Commission
  • CCF ...:. Common Cause Failure
  • ISG - Interim Staff Guidance
  • CFR - Code of Federal Regulations
  • LA - License Amendment
  • D3 - Diversity and Defense-in-Depth
  • LAR - License Amendment Request
    • Dl&C - Digital Instrumentation and
  • DSRS - Design Specific Review Standard
  • NEI - Nuclear Energy Institute
  • ESFAS - Engineered Safety Actuation
  • PRNMS - Power Range Neutron System Monitoring System
  • FPGA - Field Programmable Gate Array
  • QA - Quality Assurance
  • HW - Hardware
  • RIS - Regulatory Issue Summary
  • IAP - Integrated Action Plan
  • RPS - Reactor Protections System
  • l&C- Instrumentation and Control
  • SIL- Safety Integrity Level
  • IEEE - Institute of Electrical and Electronics * . SW - Software Engineers
  • V &V - Verification and Validation 16
Retrieved from "https://kanterella.com/w/index.php?title=ML18299A193&oldid=2216270"