ML093230700
ML093230700 | |
Person / Time | |
---|---|
Site: | 05000083 |
Issue date: | 12/22/2009 |
From: | Hardesty D A Research and Test Reactors Licensing Branch |
To: | Brock K M Research and Test Reactors Licensing Branch |
Hardesty, D NRC/NRR/DPR/PRTA 415-3724 | |
Shared Package | |
ML093230785 | List: |
References | |
Download: ML093230700 (10) | |
Text
December 22, 2009 MEMORANDUM TO: Kathryn Brock, Chief Research and Test Reactor Branch A Division of Policy and Rulemaking Office of Nuclear Reactor Regulation FROM: Duane Hardesty, Project Manager /RA/ Research and Test Reactor Branch A Division of Policy and Rulemaking Office of Nuclear Reactor Regulation
SUBJECT:
SUMMARY
OF OCTOBER 16, 2009 PUBLIC MEETING REGARDING DIGITAL INSTRUMENTATION AND CONTROL PRE-APPLICATION (PHASE 0) REVIEW The U.S. Nuclear Regulatory Commission (NRC) held a Category 1 public meeting on October 16, 2009, to conduct a Pre-Application (Phase 0) review to discuss the proposed license amendment request (LAR) for the University of Florida Training Reactor (UFTR) digital instrumentation and control (I&C) upgrade.
The purpose of this meeting was to discuss the initial design concept, how the UFTR will address the required review areas for the LAR, and any site specific issues. A preliminary NRC staff assessment of the UFTR's concept to identify the applicable regulations and expected documentation at LAR submittal is provided in the enclosure. Duly noted was the lack of specific NRC research reactor guidance for digital I&C upgrades and the difficulty of adapting power reactor licensing practices to be commensurate with a risk-informed graded approach appropriate for non-power reactors.
The meeting was attended by NRC staff, UFTR staff, and industry stakeholders. The meeting presentation slides may be found on the NRC's Agencywide Documents Access and Management System (ADAMS) under accession number ML093230647.
Docket No. 50-83
Enclosures:
- 1. UFTR Preliminary NRC Staff Assessment 2. List of Attendees CONTACT: Duane Hardesty, NRR/PRTA 301-415-3724 December 22, 2009 MEMORANDUM TO: Kathryn Brock, Chief Research and Test Reactor Branch A Division of Policy and Rulemaking Office of Nuclear Reactor Regulation
FROM: Duane Hardesty, Project Manager /RA/ Research and Test Reactor Branch A Division of Policy and Rulemaking Office of Nuclear Reactor Regulation
SUBJECT:
SUMMARY
OF OCTOBER 16, 2009 PUBLIC MEETING REGARDING DIGITAL INSTRUMENTATION AND CONTROL PRE-APPLICATION (PHASE 0) REVIEW The U.S. Nuclear Regulatory Commission (NRC) held a Category 1 public meeting on October 16, 2009, to conduct a Pre-Application (Phase 0) review to discuss the proposed license amendment request (LAR) for the University of Florida Training Reactor (UFTR) digital instrumentation and control (I&C) upgrade.
The purpose of this meeting was to discuss the initial design concept, how the UFTR will address the required review areas for the LAR, and any site specific issues. A preliminary NRC staff assessment of the UFTR's concept to identify the applicable regulations and expected documentation at LAR submittal is provided in the enclosure. Duly noted was the lack of specific NRC research reactor guidance for digital I&C upgrades and the difficulty of adapting power reactor licensing practices to be commensurate with a risk-informed graded approach appropriate for non-power reactors.
The meeting was attended by NRC staff, UFTR staff, and industry stakeholders. The meeting presentation slides may be found on the NRC's Agencywide Documents Access and Management System (ADAMS) under accession number ML093230647.
Docket No. 50-83
Enclosures:
- 1. UFTR Preliminary NRC Staff Assessment 2. List of Attendees CONTACT: Duane Hardesty, NRR/PRTA 301-415-3724 DISTRIBUTION
- PUBLIC PRTA Reading File RidsNrrAdro RidsNrrDpr RidsNrrOd RidsNrrDprPrta RidsNrrDprPrtb RidsAcrsAcnwMailCenter SWyman WKemper, NRR NCarte, NRR JDonohue, NRR Package No.: ML093230785 Meeting Notice No.: ML092640160 Meeting Summary No.: ML093230700 Meeting Handout (non-public) No.: ML093270432 Meeting Handout No.: ML093230647 TEMPLATE No.: NRC-001 OFFICE DPR:PRTA DPR:PRTA:LA DE:EICB:BC DPR:PRTA:BC NAME DHardesty GLappert WKemper (RStattel for)
KBrock DATE 12/1/2009 12/17/2009 12/22/2009 12/22/2009 OFFICIAL RECORD COPY ENCLOSURE 1 UFTR Preliminary NRC Staff Assessment SCOPE: The scope of the proposed upgrade is to replace the existing analog protection system of the University of Florida (UFTR) research reactor with a Siemens digital Teleperm XS instrumentation & control system (TXS) based system.
DISCUSSION:
In the previous meeting with the licensee held November 18, 2008, as summarized under ADAMS accession number ML083460468, the licensee stated that they would use the process applicable licensing power reactor digital I&C in their digital upgrade application. During the October 16, 2009 meeting UFTR clarified that they now want the upgrade to be performed in accordance with research reactor requirements, but that UFTR is preparing its license amendment request, informed by the NRC guidance for power reactors. The UFTR presentation and many associated discussions focused on the lack of specific research reactor guidance and the difficulty of adapting power reactor licensing practices to non-power reactors since the underlying design bases and requirements are so different.
NUREG-1537 Revision 0, dated February 1996 (the standard review plan for non-power reactors), has not been updated recently; however, when it was last issued, it referenced some of the same guidance used by power reactors (e.g., Generic Letter (GL) 95-02 and Regulatory Guide (RG) 1.152 Rev. 1). Neither of these guidance documents was uniquely developed for non-power reactors and may contain sections and requirements that do not apply. However, these same guidance documents have been updated and the current revisions are applicable to research reactor reviews.
The following sections provide amplifying information that the licensee should consider in assessing the applicability of the aforementioned guidance.
A. QUALITY
Section 7.2, "Identification of Safety-Related Systems," of the safety analysis report for the University of Florida Training reactor states:
The safety-related instrumentation and controls for the UFTR include the control console, the control and safety channels, the reactor interlock system, control drive switches, and the reactor scram circuitry.
B. INDEPENDENCE NUREG-1537 Part 1 Revision 0, dated February 1996, Section 7.4, "Reactor Protection System," states (page 7-11):
If justified by the accident analyses of Chapter 13, the Reactor Protections System (RPS) need not be separate and independent of the Reactor Control System (RCS).
If the RPS does not need to be separate and independent from the RCS then Clause 5.6 of Institute of Electrical and Electronics Engineers (IEEE) Std. 7-4.3.2 does not apply.
C. ESF Section 7.4, "Engineering Safety Features," of the safety analysis report for the University of Florida Training reactor states:
As explained in Chapter 6, there are no separate Engineered Safety Features required in the UFTR aside from those built into the facility. Therefore, no instrumentation or control system relative to this system is present.
D. SOFTWARE DEVELOPMENT
The University of Florida proposed that the unique safety features of the UFTR allows the use of the V&V software integrity 1 level 1 (SIL1). The NRC emphasized that it is still important for the software to work properly. The NRC stated that it needed to formally state the appropriate guidance is in this area.
IEEE 1012-1998 defined Software Integrity Levels (SIL) Criticality DescriptionLevelHigh Selected function affects critical performance of the system. 4 Major Selected function affects important system performance. 3 Moderate Selected function affects system performance, but workaround strategies can be implemented to compensate for loss of performance.
2 Low Selected function has noticeable affect on system performance but only creates inconvenience to the user if the function does not perform in accordance with requirements.
1 UFTR indicated that it had completed or was near completion of the following documents:
- Document ID UFTR Documents 1 UFTR-QAP UFTR QA Program 2 UFTR-QAP-01-P Conduct of Quality Assurance 3 UFTR-QA1-QAPP Quality Assurance Project Plan (QAPP) 4 UFTR-QA1-01 Software Quality Assurance Plan (SQAP) 5 UFTR-QA1-02 Software Configuration Management Plan (SCMP) 6 UFTR-QA1-03 Software Verification and Validation Plan (SVVP) 8 UFTR-QA1-05 Software Safety Plan (SSP) 9 UFTR-QA1-06.1 Software Test Plan - SIVAT Plan 10 UFTR-QA1-06.2 Factory Acceptance Test (FAT) Plan 11 UFTR-QA1-14 Safety System Design Basis 12 UFTR-QA1-100 Functional Requirements Specification (FRS) 13 UFTR-QA1-101.1 List of I/Os 14 UFTR-QA1-102.3 ID Coding 15 UFTR-QA1-103 Diversity and Defense-in-Depth (D3) Analysis 16 UFTR-QA1-104 Failure Modes Effect Analysis (FMEA) 17 UFTR-QA1-105 TELEPERM XS Cyber Security 18 UFTR-QA1-106 Reliability Analysis 19 UFTR-QA1-107 Safety Analysis 20 UFTR-QA1-108 Requirement Traceability Matrix 1 Integrity - The likelihood of a function being performed satisfactorily (e.g., high reliability).
E. Verification & Validation (V&V)
NUREG-1537 Part 1 Revision 0, dated February 1996, Section 7.2.2, "Design Basis Requirements," states (page 7-5, last bullet): For digital computer systems, in addition to the foregoing, the applicable guidelines from IEEE 7-4.3.2-1993, "EEE Standard Criteria for Digital Computers Systems in Safety Systems of Nuclear Power Generating Stations," for the design, application,-and evaluation of digital computer hardware and software and ANSI/ANS-10.4-1987, "Guidelines for the Verification and Validation of Scientific and Engineering Computer Programs for the Nuclear Industry," for evaluating the verification and validation programs for software for use in the I&C system. Regulatory Guide (RG) 1.152, which discusses the use of digital computers in nuclear power plant safety systems is attached as Appendix 7.1. However, neither of these standards was uniquely developed for non-power reactors and may contain sections and requirements that do not apply to a particular, situation. Furthermore, the technology and safety principles on which computerized I&C systems are based are changing. Until additional guidance is available, applicants should request current requirements from NRC. NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.3, "Reactor Control System," states (page 7-5, 6 th bullet): Hardware and software for computerized systems should meet the guidelines of IEEE 7-4.3.2-1993, "IEEE Standard Criteria for Digital Computers Systems in Safety Systems of Nuclear Power Generating Stations," and Regulatory Guide (RG) 1.152, "Criteria for Digital Computers in Safety Systems of Nuclear Power Plants," Revision 1... NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.4, "Reactor Protection System," states (page 7-12, 9th bullet): Hardware and software for computerized systems should meet the guidelines of 7-4.3.2-1993 and RG 1.152, Revision 1... NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.6, "Control and Display Instruments," states (page 7-18, last bullet): Hardware and software for computerized systems should meet the guidelines of 7-4.3.2-1993 and RG 1.152, Revision 1... NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.7, "Radiation Monitoring Systems," states (page 7-21, last bullet): Hardware and software for computerized systems should meet the guidelines of 7-4.3.2-1993 and RG 1.152, Revision 1... It is the practice of the research reactor group to review application in accordance with current criteria. Revision 2 of RG 1.152 is the current revision, and it endorses IEEE 7-4.3.2-2003. IEEE 7-4.3.2-2003, Section 5.3.3, "Verification and Validation," which states: The software V&V effort shall be performed in accordance with IEEE Std 1012-1998. The IEEE Std 1012-1998 V&V requirements for the highest integrity level (level 4) apply to systems developed using this standard... Therefore, based on the SRP for non-power reactors and the custom of reviewing in accordance with the latest revision of the endorsed regulatory guides, it appears that the UFTR application plans should be amended to address all required documentation for conformance with IEEE 1012-1998 SIL4. However, the NRC will take the safety significance and complexity into consideration while conducting the review.
F. Commercial Grade Dedication NUREG-1537 Part 1 Revision 0, dated February 1996, Section 7.2.2, "Design Basis Requirements," states (page 7-6, last bullet in section): Consult NRC Generic Letter 95-02 for I&C systems that are being upgraded to systems with digital technology; NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.3, "Reactor Control System," states (page 7-6, 1st bullet): For I&C systems that are being upgraded to systems based on digital technology, the applicant should consult NRC Generic Letter 95-02, "Use of NUMARC/EPRI Report TR-102348, Guideline on Licensing Digital Upgrades, in Determining the Acceptability of Performing Analog-to-Digital Replacements Under 10 CFR 50.59." NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.4, "Reactor Protection System," states (page 7-12, last bullet): Consult NRC Generic Letter 95-02 for I&C systems that are being upgraded to systems based on digital technology. NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.6, "Control and Display Instruments," states (page 7-18, last bullet): The reviewer should consult NRC Generic Letter 95-02 for guidance on I&C systems that are being upgraded to systems based on digital technology. NUREG-1537 Part 2 Revision 0, dated February 1996, Section 7.7, "Radiation Monitoring Systems," states (page 7-21, last bullet): The reviewer should consult NRC Generic Letter 95-02 for additional guidance on I&C systems that are being upgraded to systems based on digital technology.
It is the practice of the research and test reactor branch (PRTA) to review application in accordance with current criteria. NRC Generic Letter 95-02 endorsed EPRI TR-102348, which has been revised and is now NEI 01-01 (EPRI TR-102348 Revision 1); NEI 01-01 has been endorsed by NRC Regulatory Issue Summary 2002-22, "Use of EPRI/NEI Joint Task Force Report, 'Guideline on Licensing Digital Upgrades: EPRI TR-102348, Revision 1, NEI 01-01: A Revision Of EPRI TR-102348 to Reflect Changes to the 10 CFR 50.59 Rule',"
Appendix B.2, "Documents for a Tier 2 Review" A. Documents Expected Upon Application For digital upgrades of power reactor I&C, based on an approved topical report that has changed (see ISG#6), the NRC typically identifies the following documents as needed for a Tier 2 review. Tier 2 is where a licensee proposes to reference a previously approved topical report with deviations. The lists below are annotated (e.g., "[annotation text]") to address the UFTR application.
- 1. Commercial Grade Dedication Plan [The plan to dedicate the TXS equipment not addressed in the TXS topical report (ML003732662)]
- 2. D3 analysis (Including system modifications and plant specific architecture and use)
[presumably UFTR-QA1-103
] 3. System description a. Detail to address ISG-4 [ISG#4 may not be applicable if there are no requirements for: independence, immunity from single failures, and separation of protection and control]
- b. Detail down to block diagram level [Specific document to be identified by UFTR] 4. Design Analysis Report [Specific document to be identified by UFTR]
- 5. Design Report on Computer Integrity, Test and Calibration, and Fault Detection [Specific document to be identified by UFTR]
- 6. Theory of Operation Description [Specific document to be identified by UFTR]
- 7. Equipment Qualification Testing Plans (Including EMI, Temperature, Humidity, and Seismic to the degree to which these are affected by the plant specific application) 8. Software QA Plan and Procedures [presumably UFTR-QA1-01]
- 9. System Description [Specific document to be identified by UFTR]
- 10. Hardware & Software Architecture Descriptions [This applies to the application and to aspects of TXS that have changed.]
- 11. Preliminary Failure Mode Effects Analysis (FMEA) [presumably UFTR-QA1-104]
- 12. Preliminary Reliability Analysis [presumably UFTR-QA1-106]
- 13. Safety Analysis [presumably UFTR-QA1-107]
- 14. System Requirements [presumably UFTR-QA1-100]
- 15. System Test Plan [presumably UFTR-QA1-06.2]
- 16. Software Life Cycle Documentation a. Site Software CM [presumably UFTR-QA1-02.]
- b. Software Design Specification [Specific document to be identified by UFTR]
- c. Software Development Plan [Specific document to be identified by UFTR]
- d. Site Software Maintenance Plan [Specific document to be identified by UFTR]
- e. Software Operations Plan [Specific document to be identified by UFTR]
- f. Application Software Requirements Specification [Specific document to be identified by UFTR]
- g. Software Safety Plan [presumably UFTR-QA1-05]
- h. Software Test Plan [presumably UFTR-QA1-06.1]
- i. Software Training Plan [Specific document to be identified by UFTR]
- 17. Requirements Traceability Matrix [Specific document to be identified by UFTR
]
B. Documents Expected Within 12 Months of Requested Approval Since the approval is sought in less than 12 months, the following documents should also be supplied with the application.
- 1. Commercial Grade Dedication Report [Specific document to be identified by UFTR]
- 2. Commercial Grade Dedication Procedures [Specific document to be identified by UFTR] 3. Final Design Description [Specific document to be identified by UFTR]
- 4. Final FMEA [Specific document to be identified by UFTR]
- 5. Final Logic Diagrams [Specific document to be identified by UFTR]
- 6. Final Reliability Analysis [Specific document to be identified by UFTR]
- 7. Final Report on Acceptance of Commercial Grade Dedication [Specific document to be identified by UFTR]
- 8. Final System Configuration Documentation [Specific document to be identified by UFTR] 9. Final Test Reports [Specific document to be identified by UFTR]
- 10. Installation Test Plans and Procedures [Specific document to be identified by UFTR]
- 11. Operations Manuals [Specific document to be identified by UFTR]
- 12. Summary of Final Environmental Qualification Testing [Specific document to be identified by UFTR]
- 13. Summary of Factory Acceptance Testing (FAT) [Specific document to be identified by UFTR] 14. Installation Test Plans [Specific document to be identified by UFTR]
- 15. System Test Procedures [Specific document to be identified by UFTR]
- 16. Software Life Cycle Documentation [Specific document to be identified by UFTR]
- 17. Software Life Cycle Documentation a. Software management Implementing Procedures [Specific document to be identified by UFTR]
- b. Software Project Risk management Report [Specific document to be identified by UFTR] c. Software Test Procedures [Specific document to be identified by UFTR]
- d. Software Tool Analysis Report [Specific document to be identified by UFTR]
- 18. V&V Reports [Specific document to be identified by UFTR]
C. Documents to be Available for Audit
- 1. Completed FAT Procedure & Reports 2. Configuration Management Reports 3. Detailed System and Hardware Drawings 4. Final Circuit Schematics 5. Final Software Integration Report 6. Individual Completed Test Procedures & Reports 7. Individual V&V Problem Reports up to FAT 8. Software Code Listings
- 9. Vendor Build Documentation
D. Design Basis Documentation
During the presentation, UFTR suggested describing the design basis in accordance with Clause 4 of IEEE 603-1991. I&C system design requirements for non-power reactors are generally derived from the results of analyses of normal operating conditions and of accidents and transients that could occur. The NRC noted that the documentation of the I&C design basis occurs after the reactor has been designed. The initial steps involved were discussed (as follows) in terms of the applicable IEEE 603-1991 clauses:
4.1 List each mode of operation of the reactor. (e.g., NUREG-1431 Rev. 3 Volume 1 page 1.1-8 Table 1.1-1)
List each design basis even applicable to each mode.
List the initial conditions and allowable limit of plant conditions for each event.
4.2 List the safety functions and corresponding protective actions for each event.
4.3 Identify the conditions under which the initiation of protective actions is allowed to be bypassed. (Not applicable to UFTR since there are no operating bypasses allowed.)
4.4 List the variables that are used as inputs for controlling the protective actions, the analytical limit 2 associated with each variable, and the ranges and rates of change of these variables.
2 The analytical limit is roughly the safety limit plus calculation uncertainties. (See also RG 1.105 Rev. 3.) 10 CFR 50.36(c)(1): "Safety limits for nuclear reactors are limits upon important process variables that are found to be necessary to reasonably protect the integrity of certain of the physical barriers that guard against the uncontrolled release of radioactivity." IEEE Std 603-1991: "analytical limit. Limit of a measured or calculated variable established by the safety analysis to ensure that a safety limit is not exceeded.
LIST OF MEETING ATTENDEES Name Organization Alexander Adams US NRC Duane Hardesty US NRC Norbert Carte US NRC Alireza Haghighat University of Florida Brian Shea University of Florida Gabriel Ghita University of Florida Mark Burzynski Areva, NP Sean Kelley Areva Oldrich Klokocka Siemens Co.
ENCLOSURE 2