1 Review of Specifications for Digital Upgrades NHUG Summer Meeting July 17, 2008 Tim Mitchell Component Engineering Palo Verde Nuclear Generating Station

1

Review of Specifications for Digital Upgrades NHUG Summer Meeting

July 17, 2008

Review of Specifications for Digital Upgrades NHUG Summer Meeting

July 17, 2008

Tim MitchellComponent Engineering

Palo Verde Nuclear Generating Station

Tim MitchellComponent Engineering

Palo Verde Nuclear Generating Station

NHUG - Chicago - 7/17/08 2

Specifications Reviewed• Southern California Edison – SONGS

Replace six (6) non-class chillers controls with digital controls

• Duke – McGuire Station

Replace two (2) safety related Carrier chiller controls with Trane Tracer CH531 Micro-processor based controls

• TVA – Browns Ferry

Replace four (4) air cooled safety related chillers with rotary screw compressors with digital controls

• TVA – Sequoyah

Upgrade six (6) digital control systems to digital, micro-processor based control systems and add a Refrigerant Monitor

• Arizona Public Service Co – Palo Verde

Control Air System Software Upgrades

Core Protection Calculator System Upgrades


Applicable NRC Guidance and Industry Standards for Safety Related Digital Controls:


Nuclear Regulatory Commission (NRC):

Reg. Guide 1.152 – Criteria for Digital Computers in Safety Systems of Nuclear Power Generations Stations

Reg. Guide 1.168 – V&V, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Generation Stations

Reg. Guide 1.170 – Software Test Documentation for Digital Computer Software Used in Safety Systems of Nuclear Power Generating Stations

Reg. Guide 1.171 –Software Unit Testing for Computer Software Used in Safety Systems of Nuclear Power Generating Stations

Reg. Guide 1.172 -Software Requirements Specifications for Computer Software Used in Safety Systems of Nuclear Power Generating Stations




Nuclear Regulatory Commission (NRC) Continued:

Reg. Guide 1.173 – Developing Software Lifecycle Processes for Computer Software Used in Safety Systems of Nuclear Power Generation Stations

Reg. Guide 1.180 – Guidelines for Evaluating Electromagnetic and Radiofrequency Interference in Safety Related Instrumentation and Control Systems

Reg. Guide 1.75 – Physical Independence of Electrical Systems

10 CFR 20 – Standards for Protection Against Radiation

10 CFR 21 – Reporting of Defects and Noncompliance




Nuclear Regulatory Commission (NRC) Continued:

10 CFR 50, Appendix A - Licensing of production and Utilization Facilities, General Design Criteria for Nuclear Power Plants

10 CFR 50, Appendix B – Quality Assurance Criteria for Nuclear Power Plants

10 CFR 50, Appendix I – Numerical Guides for Design Objectives and Limiting Conditions of Operations

NUREG – 0700 – Human – System Interface Design Review Guidelines

NUREG – 0737 – Requirements for Emergency Response Capabilities

NUGEG – 0800 – Design Review Plan (SRP), Ch 7, BTP-14




Institute of Electrical and Electronic Engineers (IEEE):

7-4.3.2 – 2003 – Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations

279-1971 – Criteria for Protection Systems for Nuclear Power Generating Stations

308-2001 – Criteria for Class 1E Electrical Systems for Nuclear Power Generating Stations

323-2003 – Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations

338-2006 – Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Protection Systems




Institute of Electrical and Electronic Engineers (IEEE) Continued:

344-2004 – Guide for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations

383-2003 – Guide for Type Test of Class lE Electric Cables, Field Splices and Connections for Nuclear Power Generating Stations

379-2000 – Trial-Use Guide for the Application of the Single Failure Criterion to Nuclear Power Generating Station Protection Systems

384-2003 – Trial-Use Standard Criteria for Separation of Class 1E Equipment and Circuits

603 –1998 – Standard Criteria for Safety Related Systems for Nuclear Power Generating Stations





610.12 - 1990 – Standard Software Engineering Terminology

730-2002 – Software Quality Assurance Plans

802.3 Part 3: - 2005Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications

828-2005 – Standard for Software Configuration Management Plans

829-1998 – Standard for Software Test Documentation

830-1998 – Recommended Practice for Software Requirements Specifications

1008-1987 – Standard for Software Unit Testing





1012-2004 – Software Validation & Verification (V&V) Plans

1016-1998 – Recommended Practice for Software Design Descriptions

1023 –2004 – Guide for Application of Human Factors Engineering to Systems, Equipment, and Facilities of Nuclear Power Generating Stations

1028-1997 – Standard for Software Reviews and Audits

1044-1993 – Standard Classification for Software Anomalies

1063-2001 – Standard for Software User Documentation





1074-2006 – Software Lifecycle Process

1233-1998 – Guide for Developing System Requirements Specifications




EPRI Guides:

EPRI TR - 102323 - 1997Guidelines for Electromagnetic Interference Testing in Power Plants

EPRI TR - 106439 – 1996Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Application

EPRI TR - 107330 – 1996Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety Related Application at Nuclear Power Plants

EPRI TR – 107339 – 1997Evaluating Commercial Digital Equipment for High integrity Applications

EPRI TR – 108831 – 1997Requirements for Engineering for Digital Upgrades – Specification, Analysis, and Tracking

EPRI NP-5652 – 1988Utilization of Commercial Grade Items in Nuclear Safety Related Applications




Other Applicable Standards:

ANSI / ANS 3.5 – 1998 – Nuclear Power Plant Simulator for Use in Operator Training and Examination

ANSI / ANS N45.2.2 – 1972 – Packing, Shipping, Receiving, Storage and Handling of items for Nuclear Power Plants

ANSI / ANS 10.5-1086 – Guidelines for Considering User Needs in Computer Program Development


Plant Specific Programs and Procedures:

Plant Specific Programs and Procedures:

Programs and Procedures the Vendor is required to follow:

• Updated Final Safety Analysis Report (UFSAR)• Data and Software Quality Assurance (SQA) Program• Vendor Technical Data Controls• Station Configuration Management / Control Program• Classification of Systems and Components• Station Labeling Procedures• Danger / Red Tag Control Procedures• System and Equipment Description• Annunciation Interfaces • Shipping and Receiving Programs• Wire and Cable Termination Controls• Seismic Spectrum of Station Components


Technical Requirements:Technical Requirements:

Identify Work Scope:

• System operational parameters and response • include any desired changes made to the existing design

• Input parameters and system performance goals• Include all changes and what instrumentation does not change• Identify the required instrument accuracy and readability• Identify additional functionality needs

• Human – System Interface Criterion• Identify Maintenance, Testing, and diagnostic needs• Identify Workstation functionality and remote communication links

• Alarm and Station Computer Interfaces

• Acceptance Testing • Factory Acceptance Testing (FAT)• Post installation Acceptance Testing



Identify Work Scope:

• EMF / RFI and Radiological Requirements

• Life Cycle Requirements

• Troubleshooting and Functional Requirement• Provide a failure Modes and Effects Analysis (FMEA)

• Training Needs• Specify training materials for use in Maintenance and Operator Classes• Identify any special Tools for Maintenance and Troubleshooting

• Expected Electrical Quality• Identify the minimum and maximum voltage • Identify the expected Loss of Power Transient Time

• Specify a schedule for deliverables



Quality Assurance Requirements:

• Identify the specific Nuclear Safety quality standards

• Identify the QA program to be followed

• Identify Vendor document details

• Software Control and change notification• Identify the Vendor Support for Software Changes or Troubleshooting



Maintenance Requirements and Spare Parts:

• Specify any special periodic maintenance• Maintenance Rule Impacts

• Spare parts List • Specify any long term storage limitations• Battery Life• Identify the length of time the Vendor Support


“… Studies of software based systems have concluded that a large fraction of the problems characterized as software errors are more correctly attributed to problems in the requirements specifications, such as errors, omissions, inconsistencies, and ambiguities. The experience of nuclear utilities seems consistent with this review, in part, from ill-defines and inadequately verified requirements… “

EPRI – TR – 108831:Requirements Engineering for Digital Upgrades


SAFELY and efficientlygenerate electricity for

the long term

SAFELY and efficientlygenerate electricity for

the long term

20

Questions &

Discussion

Questions &

Discussion

Documents

1 Review of Specifications for Digital Upgrades NHUG Summer Meeting July 17, 2008 Tim Mitchell Component Engineering Palo Verde Nuclear Generating Station