ML18137A168
ML18137A168 | |
Person / Time | |
---|---|
Issue date: | 05/17/2018 |
From: | Serita Sanders Advisory Committee on Reactor Safeguards, NRC/NRR/DLP/PLPB |
To: | |
Sanders S | |
Shared Package | |
ML18137A166 | List: |
References | |
Download: ML18137A168 (26) | |
Text
DIGITAL INSTRUMENTATION AND CONTROLS UPDATE Eric Benner, NRR/DE (Steering Committee Chair)
Serita Sanders, NRR/DLP (Project Manager)
Michael Waters, NRR/DE/EICB (Branch Chief)
Advisory Committee on Reactor Safeguards DI&C Subcommittee Briefing May 17, 2018
Agenda
- Introductions
- Integrated Action Plan
- Draft DI&C ISG-06 Presentation
- Common Cause Failure Status Update
- Next Steps 2
Key Messages
- Making progress on Integrated Action Plan (IAP) activities
- Focused on regulatory products to support near-term upgrade needs identified by industry
- First implementable result targets safety-related upgrades under 10 CFR 50.59 (i.e., RIS supplement)
- Next priority is revised licensing process (ISG-06)
- Staff will continue to pursue broader modernization efforts 3
Commission Direction on Digital I&C (SRM-SECY-15-0106 & SRM-SECY-16-0070)
- Develop an integrated strategy to modernize the DI&C regulatory infrastructure
- Engage stakeholders to identify common priorities, problems, and potential solutions to address them
- Focus on acceptable approaches to comply with requirements
- Technology neutral focus; Guidance can be tailored if necessary
- Evaluate potential policy issues 4
IAP - Modernization Plans
- Modernization Plan (MP) #1 - Protection against Common Cause Failure
- MP #1A - Regulatory Issue Summary (RIS) 2002-22, Supplement 1
- MP #1B - Review of NEI 16-16
- MP #1C - Implementing Commission Policy on Protection against CCF in DI&C Systems
- MP #2 - Considering Digital Instrumentation & Controls in Accordance with 10 CFR 50.59
- MP #3 - Acceptance of Digital Equipment (Commercial Grade Dedication)
- MP #4 - Assessment for Modernization of the Instrumentation &
Controls Regulatory Infrastructure
- MP #4A - ISG-06 Revision
- MP #4B - Broader Modernization Activities 5
MP #4A- Draft ISG-06, Licensing Process Revision 2 Samir Darbali, NRR/DE/EICB Richard Stattel, NRR/DE/EICB Deanna Zhang, NRO/DEI/ICE Michael Waters, NRR/DE/EICB/Branch Chief Advisory Committee on Reactor Safeguards DI&C Subcommittee Briefing May 17, 2018
Agenda
- ISG-06 Scope and Purpose
- Digital I&C Integrated Action Plan
- Background
- ISG-06, Revision 2 (Draft)
- Improved Review Process
- New Alternate Review Process (for Approval at earlier development stage)
- Next Steps 7
ISG-06 Purpose and Scope
- Defines the licensing process used to support the review of LARs associated with safety-related DI&C equipment modifications in operating plants and in new plants once they become operational
- Provides guidance for activities performed before LAR submittal and during LAR review. The NRC staff uses the process described in the ISG to evaluate compliance with NRC regulations 8
DI&C Integrated Action Plan
- The IAP established the following ISG-06 revision goals:
o To reduce the scope of licensee document submittals o To provide an alternative for earlier approval, which would precede factory acceptance testing, for digital designs that are based on approved topical reports
- The Modernization Plan #4A working group under the IAP worked with industry and internal stakeholders to improve the licensing process in ISG-06
- ISG-06 revision results:
o The ISG-06 Rev. 1 Tier 1, 2, and 3 Review Process has been improved o A new Alternate Review Process has been introduced for earlier approval 9
Background
- ISG-06 Rev. 1 Key Concepts
- Tiers
- Phases
- ISG-06 Rev. 1 Lessons Learned and Industry Feedback 10
ISG-06 Rev. 1 - Key Concepts Tiers Tiers - a general guide for defining the scope or complexity of a review.
- Tier 1 - license amendments proposing to reference a previously approved topical report.
- Tier 2 - license amendments proposing to reference a previously approved topical report with deviations to suit the plant specific application.
- Tier 3 - license amendments proposing to use a new digital I&C platform or component(s) not previously approved by an NRC topical report review.
11
ISG-06 Rev. 1 - Key Concepts Phases Phases - a general guide for defining the NRC staff activities to be performed during the review.
- Phase 0 - Pre-Application
- Phase 1 - Initial Application (LAR)
- Phase 2 - Continued Review and Audit (Supplemental Information)
- Phase 3 - Implementation and Inspection 12
ISG-06 Rev. 1 - Lessons Learned and Industry Feedback
- ISG-06, Rev. 1 has been used to review the Diablo Canyon Plant Protection System DI&C LAR (ADAMS Accession No. ML16139A008), the Hope Creek Power Range Neutron Monitoring System LAR (ADAMS Accession No. ML17216A022), and DI&C topical report reviews
- The concepts of tier labels and review phases are useful
- The one-stop shop approach of Revision 1 created challenges:
o Duplication of SRP Chapter 7, IEEE Std 603 and IEEE Std 7-4.3.2 guidance o References to Regulatory Guides and other documents became outdated o Revision 1 focused more on specific documents, instead of the information needed to make the required regulatory findings 13
ISG-06 Rev. 1 - Lessons Learned and Industry Feedback (Cont.)
- The Tier 1, 2 and 3 Review Process could be further improved/streamlined
- Industry has expressed concerns with ISG-06, Rev. 1:
o Significant resources are required for procuring, developing, and testing a full digital I&C design before the license amendment is issued
- Staff lessons learned, and industry feedback on Revision 1 informed the development of ISG-06, Revision 2 14
ISG-06 Review Process Focus ISG-06, Rev. 1 (current) ISG-06, Rev. 2 ISG-06, Rev. 2 Tier 1, 2, and 3 Review Process Tier 1, 2, and 3 Review Process Alternate Review Process Approved Platform Approved Platform Approved Platform Topical Report Topical Report Topical Report (Previously Approved for Tier 1 and 2) (Previously Approved for Tier 1 and 2) (Previously Approved)
(Concurrent Review for Tier 3) (Concurrent Review for Tier 3)
Application Specific Application Specific Application Specific System Design meets System Design meets System Design meets Regulatory Requirements Regulatory Requirements Regulatory Requirements Application Software Application Software Design, Implementation Design, Implementation and Test Plans and and Test Plans and Processes are Acceptable Processes are Acceptable Application System Application System Development and Testing Development and Testing produced Acceptable produced Acceptable Outputs Outputs 15
Comparison of Licensing and Oversight Activities Timeline Tier 1, 2, and 3 Review LA Issued Process (Rev. 1 and 2)
LAR Submitted NRC: LAR (Phase 1) and Phase 2 Review, and Regulatory Audit(s) NRC: Optional Regional Phase 1 Information Inspections of Site Activities Available Tier 1, 2, and 3 Licensee Activity:
Licensee Activities Producing and Submitting Phase 2 Supplement Info (Not applicable to the Alternate Review Process)
Modification Concept High Level Implementation and Detailed HW & SW Design and Phase 0 System Design, Test Activities, Post FAT Licensee Activities, SAT and Fabrication Meeting(s) Planning including FAT Report Alternate Review Process LA Issued (Rev. 2)
LAR Submitted NRC: LAR Review and NRC: Optional Vendor NRC: Optional Regional All Information to meet Regulatory Audit(s) Inspections of Inspections of Site Activities Regulatory Requirements Implementation & Test Activities per License Available Conditions Timeline 16
Characteristics of a LAR using the Alternate Review Process
- The LAR would provide the necessary and sufficient design information to demonstrate regulatory compliance
- The LAR would describe the licensees Vendor Oversight Plan that ensures the vendor executes the project consistent with the LAR and the requirements of the 2015 version of NQA 1, Part II Subpart 2.7 on Quality Assurance Requirements for Computer Software for Nuclear Facility Applications
- The LAR would include appropriate commitments to complete plant specific actions that are included in the referenced topical report
- The LAR would include appropriate commitments to complete lifecycle activities under the licensees QA program 17
Alternate Review Process:
Licensee Committments and License Conditions
- The Alternate Review Process relies on the LARs containing licensing information and additional regulatory commitments to implement remaining development phases by the licensees QA program, after the license amendment is issued
- The NRC staff may likely translate some of the regulatory-significant commitments into license conditions, as part of the approval (e.g., factory acceptance testing) 18
ISG-06 Rev. 2 Structure Section A - Introduction Section B - Purpose Section C Digital I&C Review Process Section C.1 Section C.2 Tier 1, 2, and 3 Process Overview Alternate Review Process Overview Section C.1 refers to the review guidance Section C.2 refers to the review guidance described in Sections D.1, and D.5 through D.9 described in Sections D.1 through D.8 Section D.1 Section D.1 Plant System Description Plant System Description Section D.2 System Architecture Section D.3 Hardware Equipment Qualification Section D.4 I&C System Development Processes Section D.5 Section D.5 Applying a Referenced TR Safety Evaluation Applying a Referenced TR Safety Evaluation Section D.6 Section D.6 Compliance Matrix for IEEE Stds 603 and 7 4.3.2 Compliance Matrix for IEEE Stds 603 and 7 4.3.2 Section D.7 Section D.7 Technical Specifications Technical Specifications Section D.8 Section D.8 Secure Development and Operational Environment Secure Development and Operational Environment Section D.9 Sections Applicable to Tier 1, 2, and 3 Reviews 19
ISG-06, Rev 2, Enclosure B Tables Tier Plant-Specific Information Submitted with License Amendment Request AR 1 2 3 (Phase 1 for Tier 1, Tier 2, Tier 3) 1.1 X System Architecture (D.2) 1.2 X (Summary of) Application Software Planning and Processes (D.4) 1.3 X (Summary of) Hardware Equipment Qualification (D.3) 1.4 X X X Approved Topical Report Safety Evaluation (D.5) 1.5 X X X X System Description (D.1) 1.6 X X X X (Unified Compliance Matrix for) IEEE Stds 603 and 7-4.3.2 (D.6) 1.7 X X X X (Changes to) Technical Specifications (D.7) 1.8 X X X X Setpoint Methodology and Calculations (D.7) 1.9 X X X X Secure Development and Operational Environment (D.8) 1.10 X X X Software Requirements Specification (D.9.1) 1.11 X X X Software Design Specification (D.9.2) 1.12 X X X Design Analysis Reports for Platform Changes (D.9.3) 1.13 X X X System Response Time Analysis Report (D.9.7) 1.14 X X Design Report on Computer Integrity, Test and Calibration, and Fault Detection (D.9.7) 1.15 X Commercial-Grade Dedication Plan (D.9.10) 1.16 X Quality Assurance Plan for Hardware (D.9.11) 1.17 X Equipment Qualification Testing Plans (Including EMI, Temp., Humidity, and Seismic) (D.9.9) 1.18 X (Summary of) Hardware Development Process (D.9.11)
Tier Phase 2 - Submitted before Requested Approval (Tier 1, Tier 2, Tier 3 only) 1 2 3 Note: This table does not apply to Alternate Review Process applications.
2.1 X X X Safety Analysis (D.9.4) 2.2 X X X As-Manufactured, System Configuration Documentation (D.9.5) 2.3 X X X Summary Test Reports (Including Test Results up to FAT) (D.9.6) 2.4 X X X System Response Time Confirmation Report (D.9.7) 2.5 X X X Reliability Analysis (D.9.7) 2.6 X X X System-Level Failure Modes and Effects Analysis (D.9.8) 2.7 X X X Qualification Test Methodologies (D.9.9) 2.8 X X Platform-Level Failure Modes and Effects Analysis (D.9.8) 2.9 X X (Summary of) EMI, Temp., Humidity, and Seismic Testing Results (D.9.9) 20 2.10 X Commercial-Grade Dedication Report(s) (D.9.10)
Alternate Review Process:
System Architecture - Fundamental Design Principles
- Four fundamental design principles integrated into Alternate Review Process
- Verify the design applies sufficient redundancy in the new architecture (ISG-06 Rev. 2, Section D.2.6.2.1)
- Verify the design demonstrate physical, electrical, data communications and functional independence in the new architecture (D.2.2, D.2.5, D.2.6.2.2)
- Verify design exhibits deterministic behavior (D.2.2.1, D.2.6.2.3)
- Verify the design has sufficient diversity and defense-in-depth in the new architecture to ensure safety is maintained in the event of a postulated common cause failure (D.2.6.2.4) 21
Alternate Review Process:
System Architecture - Simplicity
- Simplicity in design included in Alternate Review Process (D.2.6.2.5)
- Application of simplicity in the new architecture (or lack thereof) and affect on four fundamental design principles.
- If design decisions result in added complexity, balance with benefits obtained.
22
Licensing and Oversight Comparison Summary Tier 1, 2, and 3 Review Process Alternate Review Process Document 2 Submittals 1 Submittal Submittals (LAR - Phase 1) (Supplement - Phase 2) (LAR)
Design Changes Design changes submitted during the Design changes during Implementation and After LAR Phase 2 review (before FAT) can be Testing phases will need to be performed under Submittal reviewed as part of the LAR review 10 CFR 50.59, or new LAR approval Potentially:
- Implementation of high quality software development process (e.g., NQA-1-2015)
License None (Typically)
- Vendor oversight Conditions
- Resolution of plant specific action items identified in the topical report
- Implementation and Test activities (e.g., FAT)
- Vendor Inspection of Implementation, Integration, and Test Activities (e.g. FAT)
Inspection Scope
- Regional Inspection of Post FAT Licensee
- Regional Inspection of Post FAT Licensee Activities (e.g., Installation, Maintenance, Activities (e.g., Installation, Maintenance, Training, Operations, Plans, SAT) Training, Operations, Plans, SAT) 23
Next Steps
- ACRS Full Committee Briefing on June 6, 2018
- Table top exercise with industry on June 13-14, 2018
- Issue the draft ISG for formal public comment in July 2018
- Engage utilities in pre-application meetings
- LAR submittal from lead-plant using the alternate review process is expected in 2019
- Additional LAR submittals expected beyond 2019
- Exercise ISG and incorporate into Standard Review Plan 24
Questions?
25
- ACRS - Advisory Commission on Reactor
- I&C - Instrumentation and Control Safeguards
- LAR - License Amendment Request
- ADAMS - Agencywide Document Access and
- MP - Modernization Plan Management System
- NEI - Nuclear Energy Institute
- CCF - Common Cause Failure
- NQA - Nuclear Quality Assurance
- CFR - Code of Federal Regulations
- NRC - Nuclear Regulatory Commission
- DI&C - Digital Instrumentation and Control
- QA - Quality Assurance
- EMI - Electromagnetic Interference
- SAT - Site Acceptance Test
- FAT - Factory Acceptance Test
- SRM - Staff Requirements Memoranda
- IAP - Integrated Action Plan
- SRP - Standard Review Plan
- IEEE - Institute of Electrical and Electronics
- SSC - Structures, systems, and components Engineers
- TR - Topical Report
- ISG - Interim Staff Guidance 26