ML11136A097

From kanterella
Jump to navigation Jump to search
OL - 20110421 Open Item List Master TVA Update 04-26-11.docx
ML11136A097
Person / Time
Site: Watts Bar Tennessee Valley Authority icon.png
Issue date: 04/26/2011
From:
- No Known Affiliation
To:
Division of Operating Reactor Licensing
References
Download: ML11136A097 (149)
v  d  e


Text

1 WBN2Public Resource From:

Clark, Mark Steven [msclark0@tva.gov]

Sent:

Tuesday, April 26, 2011 2:23 PM To:

Crouch, William D Cc:

Hilmes, Steven A; Kepler, Jeffrey T; Raley, Thomas R; Poole, Justin

Subject:

20110421 Open Item List Master TVA Update 04-26-11.docx Attachments:

Comparison of RG 1 180 and SS E18 14 01.docx; 25402-011-V1A-HARA-00184-001.pdf; NPG-SPP-12-7.pdf; WBT-D-2782.pdf; 20110421 Open Item List Master TVA Update 04-26-11.docx All:

Attached is the matrix update for this week. I have included the non-proprietary attachments that have been reviewed by engineering.

Bill:

Please forward to Justin.

Regards, Steve Steve Clark Bechtel Power Corp.

Control Systems Watts Bar 2 Completion Project Phone: 423.365.3007 e-mail: msclark0@tva.gov

Hearing Identifier:

Watts_Bar_2_Operating_LA_Public Email Number:

359 Mail Envelope Properties (7AB41F650F76BD44B5BCAB7C0CCABFAF1816A0CC)

Subject:

20110421 Open Item List Master TVA Update 04-26-11.docx Sent Date:

4/26/2011 2:23:16 PM Received Date:

4/26/2011 2:23:50 PM From:

Clark, Mark Steven Created By:

msclark0@tva.gov Recipients:

"Hilmes, Steven A" <sahilmes@tva.gov>

Tracking Status: None "Kepler, Jeffrey T" <jtkepler@tva.gov>

Tracking Status: None "Raley, Thomas R" <trraley@tva.gov>

Tracking Status: None "Poole, Justin" <Justin.Poole@nrc.gov>

Tracking Status: None "Crouch, William D" <wdcrouch@tva.gov>

Tracking Status: None Post Office:

TVANUCXVS2.main.tva.gov Files Size Date & Time MESSAGE 422 4/26/2011 2:23:50 PM Comparison of RG 1 180 and SS E18 14 01.docx 27515 25402-011-V1A-HARA-00184-001.pdf 2927286 NPG-SPP-12-7.pdf 280938 WBT-D-2782.pdf 67036 20110421 Open Item List Master TVA Update 04-26-11.docx 516459 Options Priority:

Standard Return Notification:

No Reply Requested:

No Sensitivity:

Normal Expiration Date:

Recipients Received:

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 1 of 8 TVA SS E 18.14.01 History and Program Description o TVA SS E18.14.01 Revision 0 issued in 1980 o TVA experience used extensively in Electric Power Research Institute (EPRI1) Topical Report (TR)-102323, Guidelines for Electromagnetic Interference Testing of Power Plant Equipment o SS E18.14.01Revision 3 updated to reflect EPRI TR-102323 Revision1 o Nuclear Regulatory Commission (NRC) Safety Evaluation Report (SER) dated April 17, 1996 accepted EPRI TR-102323 Revision 1 o Test levels conservative to RG 1.180 Revision 1 o SS allows alternate tests (like RG 1.180 Revision 1) o Equipment that requires certification to the SS require reports/testing to be evaluated and approved for the application by the Corporate Electromagnetic Compatibility (EMC)

Program Manager o SS applied to all electronic equipment - not just digital safety systems Graded approach SS for equipment requirements is shown in sections 1.5 and 1.6 Emissions - for all electronic equipment Susceptibility - required for equipment in the RG 1.180 Revision 1 area.

o Main difference with RG 1.180 - Magnetic Field testing Typically not applicable The location of electronic equipment not in high fields Considered realm of harmonic distortion and not EMI - TVA requires a THD of <5%

on sources such as inverters.

Testing would be applicable and specified for Cathode Ray Tube (CRT) equipment if installed in magnetic field locations 30 years of evaluating equipment TVA has not seen a failure from the susceptibility testing 1 EPRI is a registered service mark of the Electric Power Research Institute Incorporated.

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 2 of 8 Specific comparisons Emissions SS E18.14.01 Revision 3 SS 6.7 Radiated Emissions - electromagnetic fields o System is required to be configured per the test plan and operable o Frequency range is 1 MHz to 1GHz o EPRI TR-102323 Figure 7.4 limit is specified o Alternate tests are allowed - Industry standard test levels [Federal Communications Commission (FCC), International Special Committee on Radio Interference (CISPR),

European Standard (EN)] have more conservative limits over comparable frequency ranges SS 6.8 Conducted Emissions o The equipment under test (EUT) is required to be configured normally and operable o Typically a power line test o TVA requires testing on output lines where applicable o Frequency range is 10kHz to 400MHz o EPRI TR-102323 Figure 7-2 limit is specified o Alternate tests are allowed - Military Standard (MIL STD) tests referenced Emissions RG 1.180 Revision 1 Radiated Emissions (RE) o RE 101 Magnetic Fields 30Hz to 100kHz o RE 102 Electric Fields 2 MHz to 1GHz o CISPR 11 Electric Field 30MHz to 1GHz Conducted Emissions (CE) o CE 101 30Hz to 10kHz

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 3 of 8 This frequency range is considered in the power quality distortion requirements of sources and not EMI. The recommendation in EPRI TR-102323 Revision 1 is followed.

MIL STD 461F does not require this for Army Ground equipment. The issues for this test relate to ships and aircraft that use the hull/structure for returns o CE102 10kHz to 2MHz TVA tests over a greater range and requires testing on output of sources such as DC power supplies o CISPR11 150kHz to 30MHz TVA tests require a greater frequency range and requires testing on output of sources such as DC power supplies o Alternate or commercial tests The RG as with TVA alternate commercial tests are acceptable when evaluated.

Susceptibility SS E18.14.01 Revision 3 SS 6.1 Radiated Susceptibility - electric field o 10V/meter, 1kHz, 80% sin wave modulated from 10kHz to 1GHz o Panel doors are required to be open o Alternative tests are allowed - same field strength required SS 6.2 Conducted susceptibility - Low frequency o 30Hz to 50kHz, 6.3Vrms as calibrated through 50ohm load o Typically applied to power input but can be specified on other ports o Alternate tests allowed SS 6.3 Conducted susceptibility - High Frequency o 50kHz to 400MHz, 7Vrms, 1kHz, 80% modulated o Required on all cable bundles including power o Alternate tests allowed

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 4 of 8 SS 6.4 - Surge - High Energy o 3kV, asymmetric waveform o Power and any conductor / shield that connects to external structures o Alternate tests allowed SS 6.5 Impulse & Bursts of Impulses (EFT) - Low Energy o 3kV, asymmetric wave Power o 2kV, asymmetric wave Data/Control o Alternate tests allowed SS 6.6 Electrostatic Discharge o 6kV contact, 8kV air discharge - equivalent to International Electrotechnical Commission (IEC) 61000-4-2 level 3 o For man-machine interfaces such as switches and push buttons on electronic equipment o Alternate tests allowed Susceptibility RG 1.180 Revision 1 Radiated Susceptibility o RS101 magnetic field 30Hz to 100kHz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o RS103 electric field 30MHz to 1GHz 10V/m per standard This is the same as TVA testing o IEC 61000-4 Magnetic Field

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 5 of 8 50Hz and 60Hz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o IEC 61000-4 Magnetic field 50/60Hz to 50kHz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o IEC 61000-4 Magnetic field 100kHz and 1MHz TVA electronic equipment is not located in areas with strong magnetic fields and per the RG exempted o IEC 61000-4 electric field 26Mhz to 1GHz 10V/m per standard This is the same level as TVA testing Conducted Susceptibility (CS) o Power Leads CS101 30Hz to 150kHz - 136dBµV to 5kHz then decreasing linearly to 106.5dBµV at 150kHz Over the comparable range, TVA testing is equal to or greater than the RG requirements. the range from 50kHz to 150khz is covered by CS - High injection testing CS114 10kHz to 30MHz - 100dBµA from 10kHz to 200kHz then decreasing to 97dBµA from 200kHz to 30MHz TVA test level is 103dBµA from 10kHz to 400MHz enveloping the RG test.

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 6 of 8 IEC 61000-4 10Vrms into a calibrated 150ohm load TVA test level is 103dBµA from 10kHz to 400MHz enveloping the RG test.

IEC 61000-4-13 TVA CS-low is equivalent to this test IEC 61000-4-16 This test is designed for power harmonics from sources. TVA controls this in the power quality program. Sources such as inverters are required to have a THD <5%. These disturbances are not considered in the EMI program.

o Signal Leads CS114 - 10kHz to 30MHz - 91dBµA TVA testing is at 103dBµA over a wider frequency range CS115 - 2A - impulse This is an alternate test that TVA would accept in lieu of an EFT test The equivalent calibrated voltage level is lower than required by TVA CS116 - 5A - damped sinusoid Damped sinusoidal tests are less intrusive than IEC asymmetric surge wave in both frequency content and energy. Therefore TVA has chosen the IEC surge test. However, on signal and data lines this test is only required on cables that would be subject to this type of surge. Ones that go between structures or go between different ground planes.

IEC 61000-4 EFT TVA requires 2kV on signal and data leads. This is the maximum level required by the RG 1.180 Revision 1 IEC 61000-4 Surge TVA requires 3kV surge on signal and data lines that connect between external structures and differing ground planes. This is greater than required by RG 1.180 Revision 1 IEC 61000-4 conducted radio frequency (RF)

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 7 of 8 This is an alternative test acceptable to TVA TVA requires a higher level test than RG 1.180 Revision 1 IEC 61000-4 damped sinusoid Damped sinusoidal tests are less intrusive than IEC asymmetric surge wave in both frequency content and energy. Therefore TVA has chosen the IEC surge test. However, on signal and data lines this test is only required on cables that would be subject to this type of surge. Ones that go between structures or go between different ground planes.

IEC 61000-4-16 This test is designed for power harmonics from sources. TVA controls this in the power quality program. Sources such as inverters are required to have a THD <5%. These disturbances are not considered in the EMI program.

Institute of Electrical and Electronic Engineers (IEEE'2) C62.41'3-1991, IEEE Recommended Practice for Surge Voltages in Low-Voltage AC Power Circuits The RG discusses various categories for the IEEE surge withstand test. TVA follows the same categories but not the same levels. EPRI TR-102323 Revision 1 defined surge test level of 3kV. This puts the test level between category A and B. This level was approved by the NRC.

Most equipment will fall in the category A 2kV level. TVA required test levels are typically conservative.

Ring Wave Testing TVA does not require ring wave testing. The frequency that a circuit will ring in the plant is determined by the length, resistance, capacitance and inductance due to an impulse generator.

The IEC surge wave would be such an impulse generator. The IEC pulse has more energy and greater frequency content.

TVA has determined that the IEC surge impulse test is more severe than the ring wave test.

Radiated susceptibility testing above 1GHz 2 IEEE is a registered trademark of the Institute of Electrical and Electronics Engineers Incorporated.

3 C62.41 is a registered trademark of the Institute of Electrical and Electronics Engineers Incorporated.

Comparison of Regulatory Guide (RG) 1.180, Guidelines For Evaluating Electromagnetic and Radio-Frequency Interference In Safety-Related Instrumentation and Control Systems, Revision 1 and Tennessee Valley Authority (TVA) Standard Specification (SS) E18.14.01, Electromagnetic Interference (EMI) Testing Requirements For Electronic Devices, Revision 3 April 21, 2011 Page 8 of 8 TVA does not presently require testing above 1GHz Intentional transmitters are approved on a case by case basis. This is for all new frequencies not just above 1GHz.

This is a legacy issue. Intentional transmitters are evaluated for impact.

EPRI TR-102323 working group contracted with Wyle labs to show that >1GHz signals are difficult to couple to typical plant equipment. Additionally, the signal loss with distance on cables is high.

TVA will add a requirement for radiated susceptibility testing above 1GHz in the future.

==

Conclusion:==

TVA meets the intent of the RG 1.180 Revision 1. TVA required tests are typically conservative with the required tests of RG 1.180 Revision 1 TVA has a Corporate EMC Program Manager who reviews and approves vendor test reports to assure that proper testing has been performed on the critical equipment.

All electronic equipment is required to meet emissions standards to assure the susceptibility test envelopes are conservative.

TVA Corporate EMC Program Manager evaluates and approves all intentional radiators on a case by case basis.

TVAs EMC program gives assurance that equipment coming into the plant will perform as needed in the EMC environment that it is subject.

Richard Brehm Corporate EMC Program Manager April 21, 2011

TITLE Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 1 of 56 Quality Related

 Yes

 No NPG Standard Programs and Processes Effective Date 12-17-2010 Responsible Peer Team/Working Group:

Engineering Approved by:

Sam Harvey 8/11/10 Corporate Functional Area Manager Date

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 2 of 56 Revision Log Revision or Change Number Effective Date Affected Page Numbers Description of Revision/Change 0

12/17/10 All Minor/editorial revisions:

Due to the conversion of NPG procedures to the new TVA procedure numbering system this procedure replaces SPP-2.6. It also includes the change of "NPG Computer Engineering Group to Computer Engineering and some reformatting due to new procedure format requirements. Added Section

6.0 REFERENCES

to incorporate the external Requirements and References document.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 3 of 56 Table of Contents 1.0 PURPOSE................................................................................................................................. 6 2.0 SCOPE...................................................................................................................................... 6 3.0 INSTRUCTIONS........................................................................................................................ 7 3.1 Roles and Responsibilities......................................................................................................... 7 3.2 General Requirements............................................................................................................... 9 3.3 Purchasing or Developing New Application Software or Digital Plant Control Systems/Components.............................................................................................................. 10 3.3.1 Application Software Datasheet (ASD) - Software Categorization........................... 10 3.3.2 Purchasing Digital Plant Control Systems/Components........................................... 11 3.3.3 Purchasing Computer Software................................................................................ 12 3.3.4 Developing New Application Software...................................................................... 14 3.3.5 Software Documentation.......................................................................................... 15 3.3.6 Software Interfaces................................................................................................... 15 3.3.7 Data Migration.......................................................................................................... 15 3.3.8 Software Testing....................................................................................................... 16 3.3.9 Software Verification and Validation Report............................................................. 16 3.3.10 Software Configuration Control................................................................................ 16 3.3.11 Installation and Deployment..................................................................................... 16 3.4 Changes to Computer Software and Software Integral to Plant Digital Systems/Components.............................................................................................................. 17 3.4.1 Changes to Software Integral to Plant Digital Systems/Components....................... 17 3.4.2 Changes to Computer Software - Software Service Request (SSR)........................ 18 3.4.3 Initiating A Software Change.................................................................................... 18 3.4.4 Software Change Request Approval........................................................................ 19 3.4.5 Software Implementation.......................................................................................... 19 3.4.6 Software Testing....................................................................................................... 19 3.4.7 Software Service Request Closure........................................................................... 20 3.4.8 Software Control Configuration................................................................................ 21 3.4.9 Installation and Deployment..................................................................................... 21 3.4.10 Emergency Software Changes................................................................................. 21 3.5 Software Validation Testing..................................................................................................... 22 3.6 Software Operability Testing.................................................................................................... 24 3.7 Software Dedication Process................................................................................................... 25

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 4 of 56 Table of Contents (continued) 3.8 Software Trouble Reporting..................................................................................................... 25 3.9 Software Using Electronic Approvals....................................................................................... 26 3.10 Data Management................................................................................................................... 26 3.10.1 Data Verification Activities........................................................................................ 26 3.10.2 Application Software Data Management Requirements........................................... 27 3.11 Computer Application Software Inventory................................................................................ 27 3.12 Changes to Software Operating Environments........................................................................ 28 3.13 Software Compatibility Testing................................................................................................ 29 3.14 Retiring Application Software................................................................................................... 29 3.15 Plant Control System Boundary Protection Devices................................................................ 29 4.0 RECORDS............................................................................................................................... 31 4.1 QA Records............................................................................................................................. 31 4.2 Non-QA Records...................................................................................................................... 32 5.0 DEFINITIONS.......................................................................................................................... 32

6.0 REFERENCES

........................................................................................................................ 35 6.1 Source Documents.................................................................................................................. 35 6.1.1 Business Requirements............................................................................................ 35 6.1.2 Requirements Documents........................................................................................ 35 6.2 Developmental References...................................................................................................... 35 Appendix A:

Application Software Categories........................................................................ 36 Appendix B:

Software Documentation Summary.................................................................... 37 Appendix C:

Guidelines For SQAPs and SVVPs..................................................................... 39 Appendix D:

Guidelines For Software Requirements Specifications (SRS)......................... 41 Appendix E:

Guidelines For Software Design Descriptions (SDD)....................................... 43 Appendix F:

Guidelines For Software Verification And Validation Report (SVVR)................................................................................................................... 45 Appendix G:

Guidelines For User Documentation.................................................................. 47 Appendix H:

Cross-Reference Of NPG-SPP-12.7 And Summit Terminology....................... 48 Appendix I:

System Hardening Guidelines............................................................................ 49 :

NPG-SPP-12.7-1 Application Software DataSheet (QA Record)...................... 52

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 5 of 56 Table of Contents (continued) :

NPG-SPP-12.7-2 Software Verification and Validation Deficiency Form................................................................................................... 53 :

NPG-SPP-12.7-3 Computer Software Service Request (SSR).......................... 54 :

NPG-SPP-12.7-4 Vendor Software Error Report Evaluation............................. 55 Source Notes........................................................................................................ 56

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 6 of 56 1.0 PURPOSE This document describes the quality controls and processes for the development, procurement, modification, and configuration management of computer software used to support the design, operation, modification, and maintenance of TVAs nuclear power plants consistent with the Nuclear Quality Assurance Plan (NQAP).

These controls and processes provide assurance that the computer software within the scope of this procedure performs its intended functions correctly and that the output of the software is correct and can be used without further verification for its intended purpose.

2.0 SCOPE A.

The processes and requirements specified in this SPP apply to all computer application software used in TVA Nuclear Power Group (NPG) with the following exceptions.

1.

Computer software integral to devices such as phones, phone systems, radios, beepers, and programmable calculators.

2.

Computer software integral to test equipment, test instruments, and lab equipment whose functions can be validated by conventional test methodologies.

These methodologies include NPGs measuring and test equipment calibration program or periodic checks against known standards. To meet this exception, the test methodologies must be able to validate all of the devices critical characteristics. If the exception criteria cannot be met, the software must comply with the requirements of this SPP.

3.

NPGs nuclear plant simulators. Simulator software is managed in accordance with applicable ANSI standards.

4.

System software (computer vendor operating systems and network software) designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system and associated programs.

5.

Computer application software that is not owned by NPG and does not meet the criteria for Category B or C software as specified in Appendix A of this SPP.

6.

End user software tools, as defined in Section 5.0 of this SPP, TVA core applications provided to all TVA employees, and applications available through TVAs InsideNet unless they meet the criteria for Category B or C software as defined in Appendix A of this SPP.

B.

Applications utilized internally by contractors performing quality-assured functions for NPG under their own 10 CFR 50 Appendix B Quality Assurance Program shall meet the intent of the requirements of this SPP. Should the contractor deliver computer application software to TVA, then that software is subject to the applicable requirements of this document.

C.

This document provides guidance for evaluating the software Quality Assurance Program of suppliers of computer software and software services for inclusion on the NPG Acceptable Suppliers List (ASL).

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 7 of 56 3.0 INSTRUCTIONS 3.1 Roles and Responsibilities Application Owner The individual with administrative and technical responsibility for defining the functional requirements of the computer software. The application owner represents the interests of all users of the application. The application owner is responsible for ensuring software documentation required by NPG-SPP-12.7 has been prepared and approved, and that all required software testing has been completed and that the test results are documented and acceptable. Specific roles and responsibilities of the application owner include the following:

A.

Ensuring that the application software is properly classified and documented on the ASD.

B.

Ensuring that the application software functional requirements are documented in an SRS. In doing so the application owner represents the interest of the users of the software.

C.

Authorizing changes to the application software. All changes to the application software must be approved by the application owner including installation of new releases to previously installed software.

D.

Approving software documentation including the software requirements specification, software verification and validation report, software quality assurance and verification and validation plans, if applicable, validation and operability test results, user documentation, and Software Service Requests (SSRs).

E.

Ensuring that software documentation is submitted to NPG DCRM for archival within 60 days of the in-service date of the software.

F.

Ensuring that purchased application software within the scope of this procedure meets the requirements of this procedure.

G.

In conjunction with the software developer; ensuring that software validation and operability test procedures are prepared, and that the test results are documented.

Reviews and approves test results.

H.

Authorizing installation of validated (tested) application software and software changes.

I.

Ensuring that a cyber security assessment has been performed if required.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 8 of 56 3.1 Roles and Responsibilities (continued)

NOTE The application owner ensures that the software documentation listed in the Software Documentation Summary for newly developed/purchased application software in Appendix B is prepared, reviewed, and approved for the new software application. These documents may be prepared by the application owner, application developer, application custodian, or others.

However, the application owner must ensure that they have been completed, reviewed, approved, and submitted to Corporate NPG DCRM for archival within 60 days of the in-service (production) date of the software application. Document submittal may be made in hardcopy or as an electronic document and is made using Form NPG-SPP-31.1-2, Document and Record Release Form.

Application Developer The individual, organization, or vendor responsible for development of a computer software application and associated software documentation and application owner authorized changes to this software. Specific roles and responsibilities of the application developer include the following.

A.

Developing and/or modifying the application software as specified by the application owner.

B.

Preparing and/or revising software documentation as required by this procedure for application owner approval.

C.

Performing and documenting validation and operability testing in conjunction with the application owner.

Application Custodian The organization, individual, or vendor who ensures the computer software is installed after validation testing has been completed as authorized by the application owner.

A.

Ensures that only the validated version of the application software is available for use in the production environment.

B.

Ensures software security measures are implemented to prevent unauthorized changes to software.

NPG Point of Contact Represents NPGs interest in software applications owned by organizations outside NPG, but which are used by NPG in quality-related ways. (Application meets the criteria for Category B or C software.)

A.

Ensures NPGs functional requirements are documented in the software documentation.

B.

Ensures validation and operability tests are performed and that the results obtained are acceptable. (NPGs functional requirements have been successfully implemented.)

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 9 of 56 3.1 Roles and Responsibilities (continued)

C.

Ensures software changes are documented and tested and that the changes do not adversely affect NPGs use of the application software.

3.2 General Requirements A.

Classification of Computer Software Computer software is divided into five classifications depending on how the outputs of the application are used. Software classifications are defined in Appendix A of this SPP and may be applied to individual subsystems or subprograms within a particular software application. It is not necessary for all subsystems/subprograms to be classified at the same level. Classifications of component parts of an application must take into account the functions performed by the subsystem/subprogram, their impact on the integrity of the applications outputs, and how the outputs of the software application are used. The classification of computer software is documented on an Application Software Datasheet (ASD), Form 40522 NPG-SPP-12.7-1.

1.

An Application Software Datasheet (ASD) shall be completed and submitted to Computer Engineering for review and archival in EDMS for all software applications with the exceptions of end-user software tools as defined in Section 5.0 of this SPP. Classification of the software shall be based on the criteria listed in Appendix A of this SPP.

NOTE Questions regarding classification of application software should be directed to Computer Engineering.

2.

It is the responsibility of the application owner to ensure the computer software is used consistent with its classification. If the manner in which the software is used changes, its classification must be re-evaluated. The ASD must be revised to reflect changes in software classifications.

NOTE If a software application is reclassified, the controls in effect at the time of its reclassification shall be applied.

3.

ASDs are not required for computer application software that is provided to all TVA employees as a TVA core application or that is available through TVAs InsideNet unless it meets the criteria for Category B or C software as defined in Appendix A of this SPP.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 10 of 56 3.2 General Requirements (continued)

4.

ASDs should be updated whenever information on the form changes. This is particularly important for changes in software ownership and changes to software versions.

B.

Application software placed in service prior to 7-14-1997 (SPP-2.6 Rev. 0) is required to have software documentation which meets the requirements applicable at the time the software was placed in service. As a minimum, documentation describing the correct use of the software must be available and up-to-date. Retrofitting documentation for these applications is not required. However, the application owner shall ensure that available software documentation has been archived as a record in accordance with Section 4.0 of this SPP. The following sections of this SPP apply to this software.

Requirement NPG-SPP-12.7 Reference Changes to Application Software Section 3.4 Software Validation Testing Section3.5 Software Operability Testing Section 3.6 Software Trouble Reporting Section 3.8 Data Management Section 3.10 Computer Software Inventory Section 3.11 Changes to Software Operating Environments Section 3.12 Software Compatibility Testing Section 3.13 Retiring Application Software Section 3.14 C.

With the exception of the ASD and any IS required software compatibility testing, Category E software is exempt from all other requirements of this SPP.

3.3 Purchasing or Developing New Application Software or Digital Plant Control Systems/Components This section of the SPP defines the requirements for purchasing or developing new application software or digital plant control systems/components.

3.3.1 Application Software Datasheet (ASD) - Software Categorization A.

An application owner for the software application or digital control systems to be purchased or developed must be documented on the ASD, Form NPG-SPP-12.7-1.

Digital plant components are excluded from this requirement.

NOTE The application owner for computer software specifically for a particular site is typically an organization at that site. The application owner for computer software used at all sites should be a corporate organization; it is permissible to have joint ownership of a computer application when the software is used at more than one but not all sites.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 11 of 56 3.3.1 Application Software Datasheet (ASD) - Software Categorization (continued)

B.

The application owner assigns a Software Category to the application software or digital plant control system to be purchased or developed using the Table in Appendix A of this SPP and documents the assigned software category along with the rationale on an Application Software Datasheet, Form NPG-SPP-12.7-1. Categorization of the software must be done before proceeding. End user software tools, as defined in Section 5.0, are Category E by definition and do not require an ASD.

NOTE Questions regarding classification of application software should be directed to Computer Engineering.

NOTE Programs/subsystems within an application may be classified individually. If clear distinctions between functions/programs cannot be made or are not practical, then a single classification for the computer application would be appropriate.

C.

The Application Owner completes and signs the ASD verifying that the form is complete and the information is correct.

D.

The completed ASD is submitted to the Manager, Computer Engineering for review and archival in EDMS. The information is also used by Computer Engineering to update software inventory data.

3.3.2 Purchasing Digital Plant Control Systems/Components A.

Plant digital instrumentation and control systems/components shall be specified, purchased, and implemented, tested, and documented in accordance with Electrical Engineering Standard Specification, SS-E18.15.01 Software Requirements for Real Time Data Acquisition and Control Computer Systems. Guidance and useful information on evaluation and acceptance of commercial grade digital equipment in nuclear safety systems may be found in EPRI document TR-106439, Guideline on Evaluation and Acceptance of Commercial-Grade Digital Equipment for Nuclear Safety Applications.

B.

System hardening guidelines identified in Appendix I of this SPP must be considered as part of the system implementation.

C.

A cyber security assessment is required for purchased plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 12 of 56 NOTE The remainder of Section 3.3 of this SPP does not apply to digital plant instrumentation and control systems/components purchased and implemented in accordance with Standard Specification, SS-E18.15.01. Plant systems defined to be outside the scope of this specification are purchased or developed in accordance with NPG-SPP-12.7 Section 3.3.3 and 3.3.4, respectively.

3.3.3 Purchasing Computer Software A.

Category E software may be purchased through the IT Online Store and is not subject to further requirements of this section of the SPP. If the IT Online Store does not support procuring the desired category E software, the remainder of this section of the SPP should be followed.

B.

When application software is purchased, it shall be procured to the appropriate quality level as noted in the following table. Category A and B application software must be procured from a vendor on NPGs ASL as a qualified supplier of computer software (QA Level 1) or dedicated in accordance with Section 3.7 of this SPP (QA Level 2).

Software Category Procurement Quality Level A

1 or 2 B

1, 2, Note 1 C

Note 2 D

0 E

0 NOTE 1 Category B software that is used exclusively for the design, analysis, testing, or acceptance of quality-related and not safety-related plant structures, systems, and components may be procured QA Level 3.

NOTE 2 Software that falls within the scope of NPG-SPP-09.3 shall be procured at the quality level determined by the NPG-SPP-09.3 process. Software used to implement quality related programs listed in section 5.1 of the Nuclear Quality Assurance Plan shall be procured QA level 3. All other category C software shall be procured non-quality.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 13 of 56 3.3.3 Purchasing Computer Software (continued)

C.

The application owner or designee prepares a procurement request that defines the required deliverables and required vendor activities in accordance with SPP-4.1, Procurement of Material, Labor, and Services. The request shall state whether or not the application software will be installed as part of a plant system. For applications that are installed as part of a plant system, procurement shall be reviewed by PEG. All other applications will not require a PEG review.

D.

Items to be included in the procurement request are noted below:

1.

The request shall specify the version and/or versions to be delivered to TVA.

2.

Software documentation to be provided.

NOTE The software documentation that must be available for the completed application software is identified in Appendix B. Any required software documentation not provided by the software vendor must be prepared by TVA or obtained from another source.

NOTE Documents required by the procurement specification document but considered proprietary by the software supplier must be available to TVA for audit purposes if they are not delivered to TVA.

3.

Verification reviews to be performed. The contract should specify the software documentation verification reviews to be performed by the supplier or by TVA.

4.

Validation testing required of the software supplier. This includes written validation test procedures and results which demonstrate that the requirements specified in the SRS have been implemented correctly. If features and functionality have been implemented in the software beyond those specified in the SRS, they shall be addressed in the test procedure to demonstrate that they work correctly and that they do not have an unintended impact on the specified requirements. Validation testing required in Section 3.5 must be completed and the results reviewed and approved by the application owner.

5.

Contract specifications shall require that changes to the application software be controlled commencing with the software validation test.

6.

Any onsite installation support.

7.

Training and training materials to be provided.

8.

Maintenance support to be provided by the vendor, if any.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 14 of 56 3.3.3 Purchasing Computer Software (continued)

9.

If TVA does not take delivery of the source code, then consideration should be given to having the software supplier place a copy of the source code in escrow which would be given to TVA in the event the vendor no longer supports the application software.

E.

The completed procurement request is processed in accordance with SPP-4.1.

F.

A cyber security assessment may be required for the new software application.

Contact Computer Engineering for assistance. Assessments are made based on guidance in NEI-04-04, Cyber Security Program for Power Reactors.

G.

Proceed to implement Sections 3.3.5 through 3.3.11 of this SPP.

3.3.4 Developing New Application Software The following defines the requirements for the development of application software. The extent of the implementation of each requirement is based on the applications classification and its importance to safe and reliable plant operations.

A.

Software development shall proceed in a traceable manner. The number of steps in the process and their order depends on the nature and complexity of the software. As such, development may be performed in an iterative or sequential manner.

B.

Development of new application software begins with the determination of its classification based on its intended end use. The application owner is responsible for classifying the software and documenting the rationale for its classification. Refer to section 3.3.1 of this SPP.

C.

The application owner ensures that the software documentation listed in Appendix B, is prepared, reviewed, and approved for the new software application. These documents may be prepared by the application owner, application developer, application custodian, or others.

Appendix B identifies software documentation by generic document names and provides details on document content. Software documentation may be assigned titles as appropriate to the application. In addition, these documents need not exist as discrete packages but may be combined provided the content requirements are addressed.

D.

Additional documentation, as necessary, may be prepared for a given application such as operations and maintenance manuals, system managers manuals, and training manuals. This documentation shall be reviewed, approved, and issued in a manner similar to the aforementioned documentation.

E.

A cyber security assessment is required for purchased plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 15 of 56 3.3.5 Software Documentation A.

The application owner must ensure that all required software documentation has been completed, reviewed, approved, and submitted to Corporate NPG Document Control and Records Management (DCRM) for archival within 60 days of the in-service (production) date of the software application. Document submittal may be made in hardcopy or as an electronic document and is made using Form NPG-SPP-31.1-2, Document and Record Release Form. Software documentation must reflect the as validated and installed version of the software.

B.

Those documents designated as quality assurance records (refer to Section 4.1) shall be uniquely identified and noted as QA records before they are submitted to Corporate NPG DCRM.

C.

Corporate NPG DCRM archives the software documentation. Typically, no controlled hardcopy distribution of the software manuals is made. However, information only copies may be made available as authorized by the application owner. All hardcopy distribution of software documentation is controlled in accordance with NPG-SPP-31.1.

For the purposes of this SPP, software documentation excludes plant drawings.

D.

Software documentation may be submitted directly to Electronic Document Management System (EDMS) by the software developer provided the documentation is submitted consistent with applicable indexing specifications and with prior approval by the Manager, NPG DCRM.

NOTE Appendix H contains an NPG-SPP-12.7 to Summit cross-reference of software documentation terminology. Either terminology is acceptable.

3.3.6 Software Interfaces The application owner shall ensure that the interfaces to other applications are specified, developed, and tested such that the data being used by the application is of the necessary quality. If the data is to be automatically transferred and used without further verification from another application, then the owner is responsible for ensuring that the source applications meet the requirements of this SPP or TVA-SPP-12.5. The owner can establish less automated interfaces that have the appropriate manual checks to ensure the quality of the data being transferred without invoking this SPP. The application owner shall also ensure that configuration control processes are in place to provide notification when changes are made to the source applications and/or interfaces that impact the quality of the transferred data.

3.3.7 Data Migration If implementation of the application software involves data migration from another application, the requirements of Section 3.10 of this SPP must be addressed.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 16 of 56 3.3.8 Software Testing A.

When software development activities are complete, software validation testing shall be performed in accordance with Section 3.5.

B.

The validation test procedure and test results are documented in a Software Verification and Validation Report (SVVR).

C.

The application owner authorizes software installation after reviewing and approving the validation test results.

NOTE If the software is to be installed on a standard NPG desktop/laptop computer, then the functional application profile (FAP) must be updated prior to installation of the software and software compatibility testing must be performed by IS.

D.

Software operability testing shall be performed in accordance with Section 3.6 of this SPP after it is installed in its production environment but before it is released for use.

The operability test and test results are documented in a SVVR.

3.3.9 Software Verification and Validation Report A Software Verification and Validation Report (SVVR) is prepared to document validation and operability test procedures and test results. (Refer to Appendix F.) It is permissible to include test procedures and results in the SVVR by reference for large test packages.

3.3.10 Software Configuration Control The TVA application custodian shall store the applications source code and/or executables in a physically secure, environmentally controlled space. The applications source code and/or executables shall be stored in an environment that it is protected from inadvertent changes. Cyber security considerations should be addressed in the storage environment.

Cyber security considerations may include protection against source code contamination by malicious codes (viruses, worm Trojans, etc.), protection against code information exploited for malicious intent (i.e., storage area is not connected to a LAN that has internet connectivity), username and password required to access source code, firewall protection to prevent unwanted access, and Intrusion Detection to monitor access.

3.3.11 Installation and Deployment The process for moving application software from a production to operational environment should include cyber security considerations to ensure it contains no malicious code or software. All applications, binaries, and supporting files transferred from the production to operational environment should include cyber security considerations to ensure they contain no viruses, worms, or other forms of malicious code.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 17 of 56 3.4 Changes to Computer Software and Software Integral to Plant Digital Systems/Components 3.4.1 Changes to Software Integral to Plant Digital Systems/Components A.

Software changes purchased or supplied by the equipment vendor shall be implemented, tested, and documented in accordance with Electrical Engineering Standard Specification, SS-E18.15.01 for those systems/components within the scope of that specification.

1.

System hardening guidelines identified in Appendix I of this SPP must be considered as part of the change to the plant system/component.

2.

A cyber security assessment is required for changes to plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.

NOTE The remainder of this section of this SPP does not apply to software changes supplied by the equipment vendor and implemented under Standard Specification SS-E18.15.01.

B.

Changes to the human-machine interface for plant digital systems/components within the scope of SS-E18.15.01 not supplied by the equipment vendor shall be made using the Software Service Request process described in Section 3.4.2 through 3.4.9 of this SPP. In addition, the following items should be addressed:

1.

A site impact review shall be performed, documented, and attached to the SSR.

2.

A 10 CFR 50.59 evaluation shall be performed and attached to or referenced in the SSR.

3.

A human factors review of the proposed change shall be conducted in accordance with NPG-SPP-09.3. The reviewed should be attached to or referenced in the SSR.

C.

Software changes for plant systems outside the scope of SS-E18.15.01 shall be made using the software change process defined in Sections 3.4.2 through 3.4.9 of this SPP.

D.

Cyber system hardening guidelines identified in Appendix I of this SPP must be considered as part of the software changes in paragraphs B and C above.

E.

A cyber security assessment is required for software changes to plant digital instrumentation and control systems/components. Contact Computer Engineering for assistance in completing the assessment.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 18 of 56 3.4.2 Changes to Computer Software - Software Service Request (SSR)

A.

Changes to application software are documented and controlled using the Software Service Request (SSR). Changes to application software include

1.

Those implemented to resolve validation test or operability test deficiencies after the computer software is placed in service,

2.

Changes made to add new or enhanced functionality,

3.

Vendor supplied software updates, releases, and patches,

4.

New versions of software, and

5.

Changes to database structure and data files (control code tables) which determine the function of the computer application.

This requirement does not apply to information entered into a database.

B.

Changes to application software implemented as part of a change to plant structures, systems, or components which result in changes to Engineering issued system design criteria, the FSAR, or plant technical specifications shall be implemented under the engineering design change process. In these cases, the software change controls defined in NPG-SPP-12.7 guide the development and testing of the computer software.

The SSR must be closed prior to the Design Change Notice (DCN) closing and the SSR package must include references to the DCN number.

C.

Changes to computer software, control variables, setpoints, and other data constants on digital plant control systems from remote locations are prohibited. Remote locations are defined as any location physically located outside the power plant or not in the same location as the installed control system component.

D.

The Software Service Request process applies to Category A, B, C, and D software.

SSRs are not required for Category E software.

3.4.3 Initiating A Software Change A change to application software within the scope of this SPP may be requested by completing Section 1 of the Software Service Request (SSR), Form NPG-SPP-12.7-3, and submitting it to the application owner. An SSR shall be initiated for any of the following:

A.

Implementing software changes after the computer software has been placed in service. This includes changes for enhancements, to correct problems, or to resolve outstanding test deficiencies (after the software was placed in service).

B.

Installing new releases, new versions, (software updates), patches, or updates of vendor supplied application software.

C.

Changes which add or enhance software application functionality.

D.

Changes which eliminate software functionality.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 19 of 56 3.4.3 Initiating A Software Change (continued)

E.

Changes to database structures, files, or software control variables which determine the functions performed by the software.

3.4.4 Software Change Request Approval The application owner evaluates the request, dispositions the request by completing and signing Section 2 of the SSR form. For applications owned outside of NPG, the application owner forwards a copy of the SSR to the NPG Point of Contact for information. The application owner forwards the approved SSR to the application developer for implementation. Each approved SSR shall be assigned a unique number. Disapproved requests should be returned to the requester along with an explanation for its disapproval.

NOTE The NPG Point of Contact serves as the NPG owner for the software and represents NPGs interest in its functionality and use. See Section 3.1 for Roles and Responsibilities.

3.4.5 Software Implementation A.

The application custodian shall implement controls to prevent unauthorized changes to application software. These controls shall include the following:

1.

Prevention of unauthorized or accidental changes to the production (validated) version of the application software.

2.

Control of the migration of the software between development/test and production environments.

B.

The application developer designs the software change taking into consideration the interfaces with other applications, and modifies the software to implement the approved change.

C.

Software changes shall be made to the current, in service version of the software in a nonproduction environment or with the software application in an off-line mode (out of service) unless it is not practical/possible to do so.

D.

The application developer evaluates the impact of the software change on the software documentation, updates the software documentation impacted by the change, and notes the results of this evaluation in Section 3 of the SSR. The assessment of software documentation includes the ASD. If the ASD is revised, the form is submitted to the Manager, Computer Engineering for review and archival.

3.4.6 Software Testing A.

When software development activities are complete, validation testing of the software change shall be performed in accordance with Section 3.5 of this SPP. The validation test demonstrates that the modified software correctly implements the requested change.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 20 of 56 3.4.6 Software Testing (continued)

B.

Following completion of the validation test, Section 4 of the SSR is completed and the validation test and validation test results including any test deficiency reports are attached. It is permissible to reference validation test procedures and results in Section 4 of the SSR rather than attaching them to the SSR.

C.

The application owner authorizes software installation only after reviewing and approving the validation test results.

NOTE If the software is to be installed on a standard NPG desktop/laptop computer, then the functional application profile (FAP) must be updated prior to installation of the software and software compatibility testing must be performed by IS.

D.

After installation of the software changes is complete, the application custodian notifies the application owner that the software is ready for operability testing. Operability tests of the software changes shall be performed in accordance with Section 3.6 of this SPP.

Operability testing must be complete and results approved by the application owner before the modified software is released for use. A signature on the test documentation denotes approval.

E.

The operability test and test results, including any test deficiency reports, are attached to the SSR and Section 5 of this SSR is completed. It is permissible to reference the operability test procedures and results rather than attaching them to the SSR.

3.4.7 Software Service Request Closure A.

The application owner completes Section 6 of the SSR indicating if a cyber security assessment was performed. Contact Computer Engineering for assistance.

B.

The application owner completes and signs Section 7 of the SSR releasing the software change for use. If any restrictions are placed on its use, the application owner attaches the restrictions to the SSR or provides a reference for the restrictions and notifies the users of those restrictions.

C.

The SSR package includes the following: (1) validation test procedure and test results, and (2) operability test procedure and results or at least references to these documents. Since the operability test may be a site post modification test (PMT), it is permissible to simply reference the PMT or any other post installation test that can be taken credit for as an operability test. If the software change is installed on more than one unit at a site, the SSR package must include the operability test and test results for each unit. If the software change is installed at more than one site, the SSR package must include the operability test and results for each installation unless the software is installed on a standard TVA desktop/laptop computer.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 21 of 56 3.4.7 Software Service Request Closure (continued)

NOTE A SVVR may be prepared for the software change to document the results of software testing. If a SVVR is prepared it should be consistent with requirements of Appendix F and may be attached to or referenced in the SSR.

NOTE In general, resubmittal of the entire SVVR including revisions is preferred.

D.

The application owner is responsible for ensuring that the completed SSR form with any attachments is submitted to Corporate NPG DCRM for archival using transmittal Form NPG-SPP-31.1-2 within 60 days of the in service date of the software change.

Revised software documentation is not part of the SSR and is submitted separately to Corporate NPG DCRM for archival in EDMS.

E.

The application owner notifies Corporate NPG DCRM if copies of user documentation are to be distributed and provides the approved distribution.

3.4.8 Software Control Configuration The TVA application custodian shall store the applications source code and/or executables in a physically secure, environmentally controlled space. The applications source code and/or executables shall be stored in an environment that it is protected from inadvertent changes. Cyber security considerations should be considered in the storage environment.

Cyber security considerations may include protection against source code contamination by malicious codes, (viruses, worm Trojans, etc.), protection against code information exploited for malicious intent (i.e., storage area is not connected to a LAN that has internet connectivity), username and password required to access source code, firewall protection to prevent unwanted access, and Intrusion Detection to monitor access.

3.4.9 Installation and Deployment The process for moving application software from a production to operational environment should include Cyber security considerations to ensure it contains no malicious code or software. All applications, binaries, and supporting files transferred from the production to operational environment should include cyber security considerations to ensure they contain no viruses, worms, or other forms of malicious code.

3.4.10 Emergency Software Changes Emergency software changes may be made to application software provided the change is approved by the application owner and it is tested prior to use in its production environment.

If the change affects plant components or plant operations, notification of the Shift Manager is required before the change is implemented. Within 30 days of installation of the change, a SSR shall be prepared in accordance with the software change control process specified above. In addition, a justification of the emergency change shall be attached to the SSR form.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 22 of 56 3.5 Software Validation Testing The purpose of validation testing is to provide confidence that new or revised applications perform as specified in the SRS or SSR.

A.

The application owner ensures that a written validation test procedure that demonstrates that the software requirements specified in an application owner approved software requirements specification (SRS) or Software Service Request (SSR) have been implemented correctly is prepared and executed before the software is installed on the computer on which it will be used. For new Category A software, a traceability matrix shall be prepared that cross references the software functional requirement with the portion/section of the test procedure which tests it. The matrix may be a separate table included in the test report (SVVR), a standalone document which is referenced in the test report, or a cross reference documented in individual steps in the test procedure. To the extent possible, this testing is done off-line or in a non-production environment. If the validation test must be run on the target system, that system shall be declared out of service until the testing is completed. Testing should also consider impact of new software on software already in service and system interfaces.

B.

The validation test criteria include the following:

NOTE Not all of the criteria listed below are applicable to every software application.

1.

Functions and features specified in the SRS or SSR work correctly.

2.

Software revisions do not adversely affect previously approved and tested functions that were not intended to be within the scope of the change. This criteria may be met by running a test case for the application which demonstrates overall software functionality.

3.

Values entered into data control tables to trigger a set of programmatic logic or provide for system functionality have been correctly entered and the output of the logic is correct.

4.

Interfaces with software systems/applications with which the application transfers or shares data function properly.

5.

Data conversions and migrations are correct. The data sample size included in the test should be commensurate with the magnitude of the data migration. The scope of the test should be commensurate with the complexity of the application.

6.

Software responses to abnormal/error conditions.

7.

Software response to system loading and expected number of simultaneous users.

8.

Software response to other than normally expected sequences of inputs and transactions.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 23 of 56 3.5 Software Validation Testing (continued)

9.

Software performance at end of period (shift, month, day, year, etc.).

10. Interaction of multiple changes or patches installed at the same time.

C.

The application owner approves the validation test procedure.

NOTE The application owner and application developer/custodian should consider the latest completed validation/functional test, including any test deficiencies, for lessons learned in developing the current validation test plan. The application developer and/or custodian should assist the owner in the development of an adequate validation test, providing input direction, and help as needed.

NOTE For database applications, the acceptance database will be refreshed with a production copy of the data and all database objects. This refresh will be done prior to operability testing. It should be noted that not all software changes require a refresh of the acceptance environment. The refresh will be done at the discretion of the application owner and application custodian based on the magnitude of the software change and the condition of the acceptance environment.

NOTE Refer to IEEE 7-4.3.2, Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations, for additional guidance regarding Category A software validation activities.

D.

The validation test procedure is reviewed to ensure that the validation test addresses the items specified in the SRS or SSR. These reviews shall be performed by an independent reviewer for Category A and B software.

E.

Prior to initiating software validation testing, the software to be tested shall be placed under configuration control. Once the validation test begins, the software development phase ends and all subsequent changes to the software shall be controlled, including changes necessary to resolve test deficiencies. Software changes are documented on deficiency reports prior to placing the software in service and by software service requests after the software is in use.

F.

Validation tests shall be conducted in a non-production environment whenever practical. This environment may include offline development systems, simulators, or systems isolated from the production (in service) system such that the users of the application cannot use the computer software during the test.

G.

Validation test results shall be documented. Test deficiencies identified during the validation test as well as their resolution are documented using Form NPG-SPP-12.7-2 or similar document.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 24 of 56 3.5 Software Validation Testing (continued)

H.

Validation test results, including resolution of test deficiencies, shall be reviewed and approved by the application owner. Approval is denoted by signature on the test documentation. Application owner approval indicates the results are valid and acceptable. In addition, for Category A and B software, the validation test results shall be reviewed by an independent reviewer.

I.

Validation test procedure/plan and test results become part of the SVVR for new software applications or the SSR for software changes. Test procedures and results may be included by reference.

3.6 Software Operability Testing The purpose of operability testing is to ensure that the application has been installed correctly and operates correctly in the production environment.

NOTE The operability test procedure is run after the software change is installed on the computer system(s) on which it will be used. The purpose for the testing is to verify that the installed software works correctly in its production environment. For business process application software, the operability test should address major transactions that may have been affected by the change. For applications run on PCs, an operability test on a representative production system can be used even if the software is installed at multiple sites.

A.

The application owner ensures preparation and execution of an operability test procedure which demonstrates that the software performs correctly in its operating environment. This testing is done after software installation on the target system is complete but before the software is released for use. Commencement of the operability testing should be coordinated between the installer of the software and the application owner and users.

B.

The operability test procedure should be sufficiently comprehensive to demonstrate (1) that the software installation was correct and (2) that the software is functioning correctly in its operating environment. The operability test procedure may be a plant post modification test, a rerun of the software validation test, or a subset of the validation test depending on the complexity of the software and its interfaces with other systems and equipment. The operability test does not have to be a complete rerun of the software validation test.

C.

Operability test results shall be documented, including test deficiencies and their resolution. Operability test deficiencies are documented along with their resolution using Form NPG-SPP-12.7-2 or similar form.

D.

Software changes to resolve test deficiencies made prior to placing the software in service are controlled under the test deficiency report. Each software change to resolve test deficiencies must be tested to demonstrate that it resolves the test deficiency.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 25 of 56 3.6 Software Operability Testing (continued)

E.

Once the software is placed in service (made available for use), all software changes, including those to resolve any remaining (outstanding) test deficiencies, must be controlled in accordance with Section 3.4.

F.

The application owner reviews and approves the operability test results after the resolution of any test deficiencies identified during the operability test. Approval is denoted by signature on the test documentation.

G.

Operability test procedures and test results become part of the SVVR for new software and the SSR for software changes. Test procedures and results may be included by reference in these documents.

3.7 Software Dedication Process Category A or B application software procured QA Level 2 must be dedicated as follows unless the software is part of a plant computer system and is dedicated under the DCN process. The application owner is responsible for ensuring that the software dedication is performed when required.

A.

A documented evaluation of the industry operating experience with the software being purchased. The review should focus on the same version of the software as much as practical and the software vendors error reporting process.

B.

A documented review of the software vendors software verification and validation procedure, software development and configuration management procedures, and software error reporting and correction practices. This SPP should be used as guidance for conducting the review.

C.

Formal documentation which summarizes the basis for accepting the software for use as a Category A or B computer application. This documentation may be a memorandum or report which summarizes the activities performed and the results which provide the application owner confidence that the computer software is ready for use as a Category A or B application.

D.

Software dedication documentation is submitted to Corporate NPG DCRM for archival as a QA record.

E.

When new versions of the software are released by the software supplier, installation of the new release is controlled by Section 3.4 of this SPP. The software dedication process is not required for these subsequent releases.

3.8 Software Trouble Reporting A.

Problems identified with computer application software that is part of an in service plant system should be reported directly to the application owner for evaluation. For computer application software that is not part of a plant system, problems should be reported to the Information Technology Customer Center (ITCC) (Help Desk - 751-4357).

B.

The ITSC shall report problems with computer application software that they cannot resolve to the application custodian.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 26 of 56 3.8 Software Trouble Reporting (continued)

C.

The application custodian is responsible for ensuring the reported problem is evaluated for impact to the application software as installed and used.

D.

If the software does not perform as specified in the SRS or yields incorrect results, the problem shall be documented and resolved in accordance with NPGs Corrective Action Program.

NOTE Software changes necessary to resolve a confirmed problem are controlled in accordance with Section 3.4.

E.

Error reports received from software suppliers shall be forwarded to the application custodian for screening. The application custodian shall perform the screening and send the results to the application owner within 28 days of receiving the error report.

The screening evaluation shall be documented on the Vendor Software Error Report Evaluation, Form NPG-SPP-12.7-4 and submitted to NPG DCRM for archival in EDMS.

F.

If the vendor reported problem is not screened out in Step 3.8E, the application owner shall assess NPGs specific use of the software to determine if the reported error affects the output of the software as used by NPG. If the error does not affect the output, the error report shall be submitted to DCRM as part of the software documentation for the affected application. If the error affects the output, the error shall be documented and resolved in accordance with NPGs Corrective Action Program.

3.9 Software Using Electronic Approvals Electronic approval is the process where a document or information displayed on a computer display monitor is reviewed, concurred with, and/or approved electronically. This electronic process replaces initials or signature on a hard copy of the document as indication of concurrence or approval. Functional requirements for application software which implement/utilize electronic approvals are contained in NPG Standard Programs and Processes NPG-SPP-31.2, Records Management.

3.10 Data Management 3.10.1 Data Verification Activities In order for the outputs of Category A-C software to be used without further verification, it is essential that the data used by the software in generating its output be verified and properly managed. It is the responsibility of the application owner to ensure that data verification activities are implemented. Data verification, when required, should be implemented using the following guidelines:

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 27 of 56 3.10.1 Data Verification Activities (continued)

A.

Electronic data may be verified by being compared to a reference source. If large amounts of data need to be verified, statistical sampling of the data is permissible.

Should reference sources not be available for verifying the data, the application owner is responsible for documenting the basis for using the unverified data in a process where the output of the quality assured application software will be used without further verification.

B.

Electronic data may be transferred from another application (electronic source) in which it has already been verified.

C.

Electronic data may be verified electronically through a formal review process including independent checking as appropriate. This type of verification is appropriate for use on electronic documents such as procedures or calculations that are being routed electronically for checking, review, and approval.

D.

Data values which are entered into data control tables to trigger a set of programmatic logic or provide for system functionality shall be verified and the logical operation tested within the Verification and Validation process to ensure the data value has been correctly entered and the output of the logic is correct.

3.10.2 Application Software Data Management Requirements A.

For data that has been verified and is being stored within the computer, the software providing the storage environment must ensure that the integrity of the verified data is not compromised either by outside sources or by the computer software providing the storage environment itself.

B.

Computer software providing for the transfer of verified data must not compromise the datas integrity while the verified data is being transferred. If the transfer application is performing data conversion, the application software must identify and resolve data which does not successfully pass through the data conversion.

C.

Application software that outputs or distributes data must not compromise the integrity of the data while performing that function.

D.

Application software generating new data (for example, results of calculations) from verified input data must generate the results correctly.

E.

Data shall be protected from unauthorized modifications.

3.11 Computer Application Software Inventory An inventory of Computer Application Software used in NPG shall be maintained by Computer Engineering. This inventory may be kept in hardcopy form or in an electronic file such as a spreadsheet or database. This inventory contains, as a minimum, the application name, owner, custodian, and software QA classification. Training on the contents and purpose of the inventory is satisfied by training individuals on the requirements of this SPP.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 28 of 56 3.12 Changes to Software Operating Environments NOTE Whenever system software used by a computer program within the scope of this SPP is upgraded to a major new version, the operating environment under which the computer program was qualified and tested has been changed. Examples include, but are not limited to the following A.

Upgrading computer operating system software.

B.

Installing new releases of database management software such as Oracle, or MS Access, etc., which are used by application software within the scope of this procedure.

C.

Installing new releases to end-user software tools used by application software within the scope of this procedure, such as Excel, Access, or MathCAD.

A.

When changes to the software operating environment have been made (as defined above), an operability test for computer programs (software application) within the scope of this SPP which are to run in the new operating environment is performed.

The purpose of this operability test is to verify that the computer program (application software) has not been adversely affected by the change. It is not intended to be a complete rerun of previous application software validation tests.

NOTE Refer to Section 3.6 for guidance on operability testing.

B.

The application developer or custodian evaluates the proposed change to the operating environment and determines the extent of operability testing required to demonstrate that the application software was not adversely affected by the change to the operating environment.

C.

The application owner is responsible for ensuring that an operability test, in accordance with the findings of the previous paragraph, is performed and documented before the system software is placed into production. The operability test and test results are documented and submitted to Corporate NPG DCRM for archival using Form NPG-SPP-31.1-2. The Application Owner is responsible for ensuring that identified deficiencies are resolved.

NOTE The operability test may include (1) rerunning the entire software validation test, (2) running selected test cases or subsets of a previously run validation test, or (3) verifying that the application runs and that data screens/data can be accessed. The extent of the test depends on the nature and scope of the change to the operating environment.

D.

In cases where emergency changes to system software must be made, the application owner shall be notified within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> and operability tests conducted and documented within 30 calendar days of the change. The application owner shall identify any required interim control procedures needed until the operability testing is completed and the test results approved.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 29 of 56 3.13 Software Compatibility Testing The purpose of compatibility testing is to provide confidence that new or revised PC-based software does not adversely impact other quality assured software installed on PC desktop computers. It is in addition to software validation and operability testing specified in Sections 3.5 and 3.6. The application owner ensures that appropriate compatibility testing is performed.

A.

Software compatibility testing is required for most PC-based software.

Information Services is responsible for making the determination if compatibility testing is required.

B.

Information Services determines the appropriate subset of PC-based software applications to be included in the compatibility test and conducts or coordinates the compatibility testing before the new or revised software is installed in its production environment. Information Services works with affected Application Owners and Application Custodians to resolve any identified conflicts.

C.

Compatibility testing should be documented to the extent that it identifies when and by whom the test was conducted and the subset of PC-based software included in the test and the test results. Software compatibility testing documentation is the responsibility of Information Services. IS is responsible for submitting this documentation to EDMS.

3.14 Retiring Application Software Software applications that are no longer needed shall be retired as follows:

A.

The Application Software Datasheet (ASD) shall be revised to indicate the software application is retired and the effective date of the retirement. The revised ASD is submitted to Computer Engineering for review and archival to NPG DCRM.

B.

The Application Custodian shall remove the application from the production environment and store the source code, executable code, and data files in a physically secure, environmentally controlled space. Code and files shall be protected from unauthorized access and inadvertent use in a production environment.

C.

Computer Engineering shall notify the IS FAP Administrator to remove the software from FAPs on which it is listed.

3.15 Plant Control System Boundary Protection Devices Boundary Protection Devices are used to monitor and control communications at the external boundary of a network to prevent and detect malicious and other unauthorized communications. This section of the SPP applies to firewalls, routers, switches, and network intrusion detection devices managed by NPG.

A.

Guideline for configuring Boundary Protection Devices when initially installed.

1.

Whenever possible disable, through software or physical disconnection, all unneeded communication ports and removable media drives, or provide engineered barriers.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 30 of 56 3.15 Plant Control System Boundary Protection Devices (continued)

2.

Examine Boundary Protection Devices for configuration settings such as access control lists, firewall and proxy server settings, inspecting to verify that only authorized network traffic is being allowed through the external boundary interfaces.

3.

Firewalls

a.

Provide firewalls and firewall rule sets between network zones.

b.

Provide detailed information on all communications (including protocols) required through a firewall, whether inbound or outbound, and identify each network device initiating a communication.

c.

Provide firewall rule sets or other equivalent documentation. The basis of the rule set shall be deny all, with exceptions explicitly identified.

4.

Network Intrusion Detection Systems (NIDS) provide traffic profiles with expected communication paths, network traffic, and expected utilization boundaries. For signature based NIDSs, provide appropriate signatures.

5.

When replacing existing Boundary Protection Devices, if possible, verify that configuration of the new device is the same as the one replaced. If not possible, verify that the configuration is equivalent to the one replaced.

B.

Documenting and controlling Boundary Protection Device configurations

1.

An Application Software Datasheet (ASD) is not required for a Plant Control System Boundary Protection Device.

2.

A Software Service Request (SSR) shall be completed for each Boundary Protection Device when it is initially installed or whenever the configuration of the device is changed. Configuration file(s) shall be obtained from the Plant Control System Boundary Protection Device and attached to the SSR. The configuration file(s) shall be noted in Section 3 of the SSR. No other software documentation is required for Section 3 of the form. For the purposes of completing the SSR, the Boundary Protection Device configuration settings shall be classified Category C on the SSR.

3.

A validation test is not applicable or required for the Plant Control System Boundary Protection Device and should be so noted in section 4 of the SSR.

4.

An operability test shall be performed on the device once its configuration is finalized. The operability test and test results shall be attached to SSR or included by reference.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 31 of 56 3.15 Plant Control System Boundary Protection Devices (continued)

NOTE The SSR and all related documentation are deemed business sensitive and shall be protected as such according to the Business Practice 29 guidelines. Forward the completed SSR and all attached documentation to Computer Engineering for archival into the EDMS Sensitive Information Vault.

C.

Cyber security assessments A cyber security assessment may be required for Boundary Protection Devices when they are installed or whenever the configuration of the device is changed. Contact Computer Engineering to determine if a cyber security assessment is required. This determination shall be documented in Section 6 of the SSR form. If a cyber security assessment is required, the cyber security assessment shall be performed, completed and submitted to Computer Engineering for review and archival in the EDMS sensitive information vault.

4.0 RECORDS 4.1 QA Records The following documents are considered QA records for software classified as Category A, B, or C software.

A.

Software Requirement Specification B.

Validation and Operability Test Procedures and Results C.

Software Verification and Validation Report D.

Software Service Requests (TVA Form NPG-SPP-12.7-3)

E.

Software Quality Assurance Plan (SQAPs)

F.

Software Verification and Validation Plan (SVVPs)

G.

Documentation of reviews prepared as part of the software dedication process in Section 3.7.

H.

Application Software Datasheet (NPG-SPP-12.7-1)

I.

Software Verification and Validation Deficiency Form ( NPG-SPP-12.7-2)

J.

Vendor Software Error Report Evaluation (NPG-SPP-12.7-4)

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 32 of 56 4.2 Non-QA Records A.

Software documentation not specifically identified in Section 4.1 of this SPP, including Software Design Descriptions, User Documentation, and Maintenance Manuals.

B.

Documentation associated with end-user tools or system software as defined in Section 5.0.

C.

Software change requests that are not implemented in the production version of the application software.

D.

All Category D and E software documentation.

5.0 DEFINITIONS Application Custodian - The organization or individual who has responsibility for the information technology implementation of a computer software application or software changes.

Application Developer - The individual, organization, or vendor responsible for development of a computer software application and associated software documentation including changes to the software. The application developer develops and tests the computer software.

Application Owner - Individual with administrative and technical responsibility for defining the functional requirements of the computer software. The application owner represents the interests of all users of the application, authorizes changes to the software, and approves software documentation.

Application Software - A logically-related group of computer programs used by the end-user to perform specific and defined functions.

Business Process Application Software - Computer software used to enable critical NPG business processes. Examples include software used to enable the work management, document management, radiation exposure tracking, master equipment list, bill of materials, and equipment clearance control processes.

Commercially Available Software - Software which is procured and used without modification.

Database (Data) - Data collected and managed through a software system (including commercially available software packages); accessed through a computer (including personal computer, minicomputer, or mainframe computer); and used to calculate a result or satisfy a set of information or process requirements.

Data Dictionary - A dictionary that defines the meaning of all the data represented on the data flow. The definitions include NOT only the English definitions, but also describes the detailed sub-data elements that comprise the data that are registered on the data flow.

Emergency Software Change - A change made to application software to prevent compromising plant safety systems or safe plant operations whose delays could result in a degradation of plant or personnel safety or result in a reduction of electrical generation.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 33 of 56 5.0 DEFINITIONS (continued)

End-User Software Tools - Commercially available software designed to support the development and operation of end-user applications. It includes database programs, spreadsheet programs, report generators, CAD/CAM programs, desktop publishing, word processing programs, graphics programs, terminal emulators, communications programs (i.e., Telnet, FTP, etc.), office equipment device drivers (printers, scanners, etc.), Mathcad or similar programs, Project Management, handbooks, and catalogs. These applications are Category E and do not require an Application Software Data Sheet.

FAP Administrators - Information Services employees that update and maintain FAPs.

The FAP Administrator is available at e-mail address FAP - Administrator.

Functional Application Profiles (FAPs) - A FAP is a logical grouping of applications associated with performing a specified business function that is managed by a business peer team. FAPs define the appropriate applications an employee is authorized to use in the performance of their job.

Independent Review - A review of software documentation or test procedures and results by an individual other than those who prepared the document, but who may be from the same organization.

NPG Point of Contact - The designated individual responsible for representing NPGs interest in software applications owned by organizations outside NPG, but which are used by NPG in quality-related ways.

Off-the-Shelf Software - Off-the-shelf software is computer software procured and used without modification of any kind. Same as commercially available software.

Operability Tests - A test of a computer program which demonstrates that the validated computer software including changes to the software, performs properly after it is installed in its operating environment.

Plant Systems - A permanent plant system is one that implements an engineering design requirement and is included on an engineering issued drawing.

Software - Computer programs, procedures, rules and data pertaining to the operation of a computer system independent of the media on which it resides (tape, disk, eprom, prom, etc.).

Software Categories - A categorization of software based upon usage of the software that determines the level of software quality assurance that will be applied to the acquisition, development, enhancement, or maintenance of the software.

Software Dedication - An acceptable process undertaken to provide reasonable assurance that computer software from vendors not on the NPG Acceptable Suppliers List will perform its intended function and in this respect is deemed equivalent to computer software developed under a 10CFR50 Appendix B QA program.

Software Modification - Changes to previously validated computer software (1) to eliminate defects, (2) to enhance existing functions/features, or (3) to implement new functions/features in the application software.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 34 of 56 5.0 DEFINITIONS (continued)

Software Operating Environment - Those elements of the system hardware and system software which are required for or may affect the successful functioning of the application software which operates in that environment.

Software Quality Assurance Plan (SQAP) - A plan for the development and maintenance of computer software necessary to provide adequate confidence that the software conforms to established requirements. This SPP serves as the software quality assurance plan for all application software within the scope of this procedure except for Category A software.

Software Validation - The test and evaluation of the completed software to ensure compliance with software requirements.

Software Verification - The process of determining whether or not the product of a given phase of the software development cycle fulfills the requirements imposed by the previous phase.

Software Verification and Validation Plan (SVVP) - A document describing the verification (review) and validation (test) activities to be performed. This SPP serves as the SVVP for all application software within the scope of this procedure except for Category A software.

Software Verification and Validation Report (SVVR) - A document containing the results of completed verification and validation activities and identifying any constraints or restrictions placed on the use of the computer software.

Software Design Description (SDD) - A document which provides a technical description of how the computer software design satisfies/addresses the functional requirements specified in the software requirements specification.

Software Requirements Specification (SRS) - A document which defines the requirements the software must satisfy.

System Software - Software designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system and associated programs.

System Version - The numerical designation of a particular version of a computer software system. For new software systems it shall be the integer 1. Existing software systems will maintain their current version until they are modified. Major revisions (e.g., incorporation of significant requirements changes or expansions to the software scope) are identified by incrementing the version to the next highest integer.

User Documentation (User Manual) - An organized compilation of information which explains the use of the application software and/or computer software system.

Validation Test - A test of the completed application software performed before the software is installed in its production environment which demonstrates that the specified requirements have been implemented correctly. If additional features/functions have been implemented in the software and will be used, they must be tested to demonstrate that they work correctly and do not have an unintended impact on the specified requirements.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 35 of 56

6.0 REFERENCES

6.1 Source Documents 6.1.1 Business Requirements None 6.1.2 Requirements Documents Nuclear Quality Assurance Plan 6.2 Developmental References ASME NQA2 Part 2.7, Quality Assurance Requirements of Computer Software for Nuclear Facility Applications NUREG/CR-4640, Handbook of Software Quality Assurance Techniques Applicable to the Nuclear Industry

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 36 of 56 Appendix A (Page 1 of 1)

Application Software Categories APPLICATION SOFTWARE CATEGORIES Category Description A

Application software which is an integral part of a safety-related plant system or component and is essential to the performance of the safety-related function. These systems have direct, active effect on the operation of Class 1E plant systems.

B Application Software which performs calculations used without further verification for the design and analysis of safety-or quality-related structures, systems, or components or to establish the design basis as described in the final safety analysis report.

Application software used without further verification for the design of reactor core loads.

Software or portions of software which perform calculations used without further verification to verify compliance with plant technical specifications or nuclear regulatory requirements.

Software which performs calculations used without further verification for testing and/or acceptance of safety-related or quality-related plant structures, systems, or components.

C Software and data which are an integral part of a quality-related but not safety-related plant system or component and are essential to the performance of that function.

Software, portions of software, and data essential to the implementation of quality-related programs listed in Section 5.1.B of the Nuclear Quality Assurance Plan, including software used to implement regulatory physical security requirements.

Software and data which implements NQAP requirements but not specifically identified as an augmented quality-related program as defined in Section 5.1.B of the NQAP.

Software, not associated with a specific plant system, which stores, maintains, controls, distributes or manages data which can be used without further verification in activities which affect safety-or quality-related plant structures, systems, and components.

Software, portions of software, and data which are an integral part of a nonsafety-related, non-quality related plant system or component whose failure would significantly impact plant operations.

Software used in the design of nonquality-related, nonsafety-related plant structures, systems, and components.

D Computer software used to enable critical NPG business processes or software not meeting the criteria for Category A-C software. These are considered business process application software.

E Other application software not meeting any of the criteria identified for Category A, B, C, or D software. Category E includes end user software tools.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 37 of 56 Appendix B (Page 1 of 2)

Software Documentation Summary Category NPG-SPP-12.7 Software Documentation A

B C

D E

Approved By:

Reference ASD (See note below)

X X

X X

X Application Owner Form NPG-SPP-12.7-1 Software Quality Assurance Plan (SQAP)

X O

NR NR NR Application Owner Appendix C Software Verification and Validation Plan (SVVP)

X O

NR NR NR Application Owner Appendix C Software Requirements Specification (SRS)

X X

X X

NR Application Owner Appendix D Software Design Description (SDD)

X X

O NR NR Application Developer Appendix E Software Verification and Validation Report (SVVR)

X X

X X

NR Application Owner Appendix F Traceability Matrix X

NR NR NR NR Application Owner Section 3.5 Validation Test Procedure (Part of SVVR)

X X

X X

NR Application Owner Section 3.5 Validation Test Results (Part of SVVR)

X X

X X

NR Application Owner Section 3.5 Operability Test Procedure (Part of SVVR)

X X

X X

NR Application Owner Section 3.6 Operability Test Results (Part of SVVR)

X X

X X

NR Application Owner Section 3.6 Software Dedication Documentation X

X NR NR NR Application Owner Section 3.7 User Documentation X

X X

X O

Application Owner Appendix G Software Service Requests (SSR)

X X

X X

NR Application Owner Section 3.4 X = Required O = Optional (Discretionary) NR=Not Required NOTE All software applications used in NPG are required to have an Application Software Datasheet (ASD) with the exception of end user software tools as defined in Section 5.0 of this SPP and TVA core applications provided to all TVA employees.

NOTE For applications requiring a software design description (SDD), the SDD may be combined with the SRS into a single document which meets the requirements of both.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 38 of 56 Appendix B (Page 2 of 2)

Software Documentation Summary NOTE A SQAP and SVVP is required for Category A software. Appendix C of this SPP provides guidance for contents of these documents. For Category B software, this SPP may serve as the SQAP and SVVP, since it defines the standard processes for managing the development and configuration control of computer software. If requirements unique to a computer application are not adequately addressed by this SPP, a SQAP and SVVP may be developed to address these requirements and/or provide supplemental guidance. However, these documents may not supersede the requirements set forth in this SPP.

NOTE Software Dedication Documentation is only required for Category A or B software purchased from a vendor not on the Nuclear Assurance maintained NPG Acceptable Suppliers List for software products.

NOTE If the user documentation is incorporated in the software application as an online help feature, it is controlled as part of the application and is excluded from the user documentation requirements above.

NOTE For applications that were placed in service prior 7-14/1997 (SPP-2.6 Rev. 0), the backfit of documentation (i.e., SRS, SDD, Initial SVVP) to what is specified in this appendix is not required.

The backfit of documentation is also not required for applications that are category E applications as established on 3/31/2003 (SPP-2.6 Rev.8) and were in use on 3/31/2003. However, all changes to the software implemented after 7-14/1997 (SPP-2.6 Rev. 0) must be tested and documented in accordance with the procedure revision in effect at the time the software change is made.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 39 of 56 Appendix C (Page 1 of 2)

Guidelines For SQAPs and SVVPs 1.0 GUIDELINES FOR SQAPS A software quality assurance plan is required for Category A software. The SQAP should address the following:

A.

The software to which the SQAP applies.

B.

Roles and responsibilities of those individuals/organizations performing tasks within the scope of the SQAP.

C.

Required documentation.

D.

Software verification and validation activities for the development and/or maintenance of the software.

E.

Software configuration management and change control.

F.

Code and Media Control.

G.

Problem and error reporting.

H.

Supplier Control.

I.

Records Collection, Maintenance, and Retention 2.0 GUIDELINES FOR SVVPS A Software Verification and Validation Plan (SVVP) is required for Category A software. The SVVP should address the following:

A.

Software to which the SVVP applies.

B.

Roles and responsibilities of those individuals/organizations performing tasks within the scope of the SVVP.

C.

A description of the tasks for accomplishing the verification activities for application software development and/or maintenance/modification.

1.

A system requirements review to determine if the requirements are correct, complete, consistent and testable.

2.

A design review to demonstrate that the stated system requirements are satisfied in the system design.

3.

A review of the overall structure of the computer code to verify that the design has been implemented.

4.

Verification that the system users manual reflects the proper use of the software and that specified functions are addressed.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 40 of 56 Appendix C (Page 2 of 2)

Guidelines For SQAPs and SVVPs 2.0 GUIDELINES FOR SVVPS (continued)

5.

Verification that validation test procedures test system requirements. This includes a traceability matrix for Category A software.

D.

A description of software validation activities which demonstrate that the completed software performs its intended functions correctly and has been properly integrated with system hardware.

E.

Method for documenting and resolving discrepancies identified during verification and validation activities.

F.

Method for documenting the results of the verification and validation activities.

NOTE IEEE STD 7-4.3.2 may provide guidance for specifying verification and validation requirements for Category A software to ensure appropriate integration of computer system hardware and software.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 41 of 56 Appendix D (Page 1 of 2)

Guidelines For Software Requirements Specifications (SRS) 1.0 REQUIREMENT SPECIFICATIONS A.

The application owner ensures the Software Requirements Specification (SRS) is prepared to document the functions and requirements the computer software must satisfy. Requirements should be specified so that their achievement can be verified and validated. The SRS is required for Category A through D software. The following provides guidance for preparation of the SRS.

1.

Title Page The SRS should be identified by a title page that contains the following as a minimum:

a.

The words Software Requirements Specification.

b.

The SRS revision number.

c.

The software name, acronym and release version (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).

d.

The computing system identification, if applicable.

e.

The name and dated signature of the preparer(s) (authors).

f.

The name and dated signature of the SRS reviewer(s).

g.

The name and dated signature of the application owner.

2.

Revision Log

3.

Functions to be Performed by the Software

4.

Calculations, algorithms, or logical operations (if any)

5.

Software performance acceptance criteria (for example, response time)

6.

Responses to valid and invalid inputs

7.

Responses to abnormal situations

8.

Data input/output requirements

9.

Interfaces/communications with other systems or databases at the application software level

10. User interface
11. Security/access restraints or controls

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 42 of 56 Appendix D (Page 2 of 2)

Guidelines For Software Requirements Specifications (SRS) 1.0 REQUIREMENT SPECIFICATIONS (continued)

12. Regulatory requirements, if any, the software is intended to satisfy (implement)
13. Design constraints/restrictions which must be considered NOTE It is recommended that the SRS be developed with input/assistance from the application developer or custodian.

NOTE For Category A software, IEEE STD 7-4.3.2 provides additional guidance for developing and specifying system requirements.

B.

The SRS is reviewed for (1) completeness, (2) verifiability, (3) technical feasibility, and (4) consistency by a technically competent individual other than the one that prepared the document. The individual, however, may be from the same organization.

NOTE A new application software implemented as part of a change to plant structures, systems, or components or which result in changes to Engineering issued system design criteria, the FSAR, or plant technical specifications is implemented under the engineering design change process. In these cases, Section 3.3 of NPG-SPP-12.7 guides the development and testing of the computer software.

C.

Approval of the SRS is not a prerequisite for software development activities to proceed. However, it must be recognized that software design and coding activities started before final approval of the SRS could be significantly impacted by changes to the SRS during the review and approval process.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 43 of 56 Appendix E (Page 1 of 2)

Guidelines For Software Design Descriptions (SDD) 1.0 SOFTWARE DESIGN DESCRIPTION (SDD)

A.

A software design description (SDD) is prepared to provide a technical description of how the software and/or data base design satisfies the requirements in the SRS.

Typically the SDD is prepared by the application developer. The SDD is required for Category A and B software.

Differences between the SDD, SRS and actual available (or practically achievable) software should be resolved by referring to the SRS and revising, if necessary, the SRS. Ultimately the SDD, SRS, and software must agree.

The following provides guidance for the preparation of the SDD. Typical topics to be addressed in the SDD are noted below. The scope of the SDD is determined by the scope and complexity of the software requirements:

1.

Title Page The SDD will be identified by a title page that contains:

a.

The words Software Design Description.

b.

The SDD revision number.

c.

The software name, acronym and/or release version (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).

d.

The SDD author(s) name and dated signature.

e.

The name and dated signature of the reviewer(s).

f.

The name and dated signature of the application developer.

2.

Revision Log

3.

Overall structure of software including major components

4.

Technical description of models, algorithms, calculations, and logical operations

5.

Description of data and file structure

6.

Description of global control structure

7.

Description of control and data flow

8.

Description of software modules describing their inputs and outputs

9.

Design constraints limitations

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 44 of 56 Appendix E (Page 2 of 2)

Guidelines For Software Design Descriptions (SDD) 1.0 SOFTWARE DESIGN DESCRIPTION (SDD) (continued)

10. Design assumptions
11. Description of security provisions NOTE For Category A software IEEE STD 7-4.3.2 may provide additional guidance for preparation of software design documentation.

B.

The SDD is reviewed for (1) technical adequacy, (2) completeness, (3) consistency, and (4) verification that all requirements in the SRS are addressed in the software design. The reviews may include logic, screen designs, data field lists, etc., for which specific application requirements exist. The review is performed by an individual other than the one that prepared the document. The individual, however, may be from the same organization.

C.

The finalized SDD, including changes made to resolve reviewer comments, is approved by the application developer.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 45 of 56 Appendix F (Page 1 of 2)

Guidelines For Software Verification And Validation Report (SVVR) 1.0 GUIDELINES FOR SOFTWARE VERIFICATION AND VALIDATION REPORT (SVVR)

A.

The application owner ensures that the results of validation and operability testing are documented in a SVVR.

The SVVR has the following characteristics:

1.

Reports the results of the verification and validation activities required by NPG-SPP-12.7.

2.

Includes objective data and test results, wherever possible.

3.

Documents test results that demonstrate the software performs as anticipated over the entire range of predicted use including indication as to whether the product passed or failed specified test criteria.

B.

A typical SVVR should include the following:

1.

Title page

a.

The word Software Verification and Validation Report.

b.

The SVVR revision number.

c.

The software name, acronym and version number (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).

d.

The authors name and dated signature.

e.

The reviewer(s) name and dated signature.

f.

The application owners name and dated signature.

2.

Validation test procedure and test results.

3.

Validation test deficiency reports.

4.

Operability test procedure(s) and results.

5.

Operability test deficiency reports.

6.

Statement certifying (declaring) the software is ready for use along with identification of any restrictions placed on the use of the software.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 46 of 56 Appendix F (Page 2 of 2)

Guidelines For Software Verification And Validation Report (SVVR) 1.0 GUIDELINES FOR SOFTWARE VERIFICATION AND VALIDATION REPORT (SVVR) (continued)

NOTE Reference to test procedures which can be retrieved through Records Management or Design Change Packages is an acceptable alternative to attaching test procedure packages to the SVVR.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 47 of 56 Appendix G (Page 1 of 1)

Guidelines For User Documentation NOTE The user documentation may be an online help feature of the application, an electronic desktop procedure, an approved hardcopy procedure, or a hardcopy manual.

1.0 GUIDELINES FOR USER DOCUMENTATION A.

The application owner ensures that user documentation is prepared. The following provides guidance for its preparation. User documentation may be prepared by the application developer, application custodian, or application owner.

Suggested topics to address in the user documentation are noted below. However, the extent of the documentation should be determined by the application owner.

1.

Title page

a.

The words Users Documentation or similar designation.

b.

Revision number of document.

c.

The software name, acronym and version number (if applicable). The name and acronym must match those documented on the Application Software Datasheet (ASD).

d.

The authors name and dated signature.

e.

The dated signature of the reviewer(s).

f.

The application owners name and dated signature.

2.

Revision Log

3.

A system overview including purpose and applicability.

4.

Description of the purpose and instructions for use of each software function.

5.

Restrictions or limitations on use.

6.

Description of the user interface with the software including input data requirements with acceptable ranges, interpretation of data outputs, and required responses to system error messages or prompts.

7.

Samples of outputs, forms, reports, or displays.

8.

Information for obtaining user and maintenance support.

9.

Organization to which problems with the software should be reported.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 48 of 56 Appendix H (Page 1 of 1)

Cross-Reference Of NPG-SPP-12.7 And Summit Terminology The following table provides a cross-reference of software documentation terminology between NPG-SPP-12.7 and the summit methodology used by Information Services. Either terminology may be used provided the requirements of NPG-SPP-12.7 are satisfied.

NPG-SPP-12.7 SUMMIT METHODOLOGY Software Service Request Service Request Software Requirements Specification System Prospectus Software Design Description Technical System Design Validation Test Acceptance Test Operability Test System Test

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 49 of 56 Appendix I (Page 1 of 3)

System Hardening Guidelines The following cyber security principles should be considered when purchasing, developing, or modifying digital plant control systems/components and their associated network, if any (software, systems, networks). Note that all items are not applicable to every system, component or device.

1.0 REMOVAL OF UNNECESSARY SERVICES AND PROGRAMS A.

All software artifacts should be removed or disabled that are not required for the operation and maintenance of the Control System. The services and software to be removed or disabled should include, but not be limited to:

1.

Games

2.

Device drivers for network devices not delivered

3.

Messaging services

4.

Servers or clients for unused Internet services

5.

Software compilers in all user workstations and servers except for development workstations and servers

6.

Software compilers for languages that are not used in the Control System

7.

Unused networking and communications protocols

8.

Unused administrative utilities, diagnostics, network management, and system management functions

9.

Backups of files, databases, and programs used only during system development

10. All unused data and configuration files
11. Sample programs and scripts
12. Unused document processing utilities, for example, Microsoft Word, Excel, PowerPoint, Adobe Acrobat, OpenOffice, etc.

2.0 CHANGES TO FILE SYSTEMS AND OPERATING SYSTEM PERMISSIONS The system shall be configured with hosts having the least privileged file and account access necessary to perform the functions of the system.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 50 of 56 Appendix I (Page 2 of 3)

System Hardening Guidelines 3.0 HARDWARE CONFIGURATION A.

Whenever possible, all unneeded communication ports and removable media drives shall be disabled through software or physical disconnection or be protected by other engineered barriers.

B.

If technically feasible, the system BIOS shall be password protected from unauthorized changes.

C.

Where possible, network devices shall be configured to limit access to/from specific locations.

D.

The system shall be configured to allow the system administrators the ability to re-enable devices if they are disabled by software.

4.0 PERIMETER PROTECTION A.

Firewalls and firewall rule sets between network zones shall be implemented.

B.

Network Intrusion Detection Systems shall be implemented within the control network.

5.0 ACCOUNT AND SESSION MANAGEMENT A.

All default and guest accounts shall be removed prior to placing the system in service.

Vendor owned accounts shall be removed or disabled unless required by the contract.

B.

The system should not transmit user credentials in clear text.

C.

The system shall not allow applications to retain login information between sessions, nor provide any auto-fill functionality during login, nor allow anonymous logins. User account based logout and timeout settings should be used to the extent practical.

6.0 PASSWORD/AUTHENTICATION POLICY AND MANAGEMENT To the extent practical the system should have a configurable account password management system that allows for selection of password length, frequency of change, setting of required password complexity, number of login attempts, inactive session logout, screen lock by application, and denial of repeated or recycled use of the same password.

7.0 ACCOUNT AUDIT AND LOGGING The system should have an account activity log that is auditable both from a management (policy) and operational (account use activity) perspective. The audit trails and logging files must be time stamped and access controlled.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 51 of 56 Appendix I (Page 3 of 3)

System Hardening Guidelines 8.0 ROLE-BASED ACCESS CONTROL FOR CONTROL SYSTEM APPLICATIONS The system shall provide for user accounts with configurable access and permissions associated with the defined user role.

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 52 of 56 (Page 1 of 1)

NPG-SPP-12.7-1 Application Software DataSheet (QA Record)

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 53 of 56 (Page 1 of 1)

NPG-SPP-12.7-2 Software Verification and Validation Deficiency Form

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 54 of 56 (Page 1 of 1)

NPG-SPP-12.7-3 Computer Software Service Request (SSR)

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 55 of 56 (Page 1 of 1)

NPG-SPP-12.7-4 Vendor Software Error Report Evaluation

NPG Standard Programs and Processes Computer Software Control NPG-SPP-12.7 Rev. 0000 Page 56 of 56 Source Notes (Page 1 of 1)

Requirements Statement Source Document Implementing Statement Section 13.2 A Section 13.2 B Section 13.2 C Section 13.2 D Section 13.2 E Section 13.2 F Section 13.2 G Section 13.2 H Section 13.2 I Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Nuclear Quality Assurance Program Section 3.3 Section 3.4 Section 3.3.5 Section 3.3.5 Appendix G Section 3.11 Section 3.5 Section 3.10 Section 3.2 B

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 001 All All B

(

A The Watts Bar Nuclear Plant FSAR red-line for Unit 2 (Agency 12/15/2009 Presentation Slides

1.

Y Closed Closed EICB RAI 3/12/2010 NNC 11/19/09: The FSAR contains 002 All All B

(

A Are there I&C components and systems that have changed to a 12/15/2009 Presentation Slides

2.

Y Closed Closed EICB RAI 3/12/2010 NNC 11/19/09: The FSAR contains 003 All All B

(

A Because a digital I&C platform can be configured and programmed 12/15/2009 Presentation Slides

3.

Y Closed Closed EICB RAI 3/12/2010 NNC 11/19/09: The FSAR contains 004 All All B

(

A Please identify the information that will be submitted for each Responder: Webb 1/13/10 Public Meeting

4.

Y Closed Closed EICB RAI January 13, 2010 NNC 11/19/09: LIC-110 Rev. 1 Section 005 7.1.3.

(

G By letter date February 28, 2008 (Agencywide Documents Access Responder: Craig/Webb

5.

Y Closed Closed EICB RAI TVA Letter dated 006

(

G Amendment 95 of the FSAR, Chapter 7.3, shows that change 7.3-1 By letter dated February 5, 2010: TVA provided the Unit 2

6.

Y Closed Closed EICB RAI TVA Letter dated NNC: WCAP-12096 Rev. 7 007 7.1.3.

(

G The setpoint methodology has been reviewed and approved by the TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 7 7.

Y Closed Closed EICB RAI TVA Letter dated TVA to provide Rev. 8 of the Unit 1 008 7.3

(

G There are several staff positions that provide guidance on setpoint TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 8 8.

Y Closed Closed EICB RAI TVA Letter dated 009 7.3.2 5.6,

(

D a

Change 7.3-2, identified in Watts Bar Nuclear Plant FSAR red-line TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 9 9.

Y Closed Closed EICB RAI 3/12/10, 010 7.3 7.3

(

D a

The original SER on Watts Bar (NUREG-0847) documents that the TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 10 10. Y Closed Closed EICB RAI 3/12/10, 011 7.3.2 5.6,

(

D a

NUREG-0847 Supplement No. 2 Section 7.3.2 includes an TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 11 11. Y Closed Closed EICB RAI ML101680598, 012 7.4 7.4

(

D a

The original SER on Watts Bar (NUREG-0847) documents that the TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 12 12. Y Closed Closed EICB RAI TVA Letter dated 013 7.1.3.

(

G Chapter 7 and Chapter 16 of Amendment 95 to the FSAR do not TVA Letter Dated March 12, 2010 (Enclosure 1, Item No. 13 13. Y Closed Closed EICB RAI TVA Letter dated TS have been docketed.

014 All All B

(

A Provide the justification for any hardware and software changes Date: 4/27/10

14. Y Closed Closed NRC Meeting TVA Letter dated 015

(

G Verify that the refurbishment of the power range nuclear Date: 4/27/10

15. Y Closed Closed NRC Meeting TVA Letter dated 016

(

C Identify the precedents in license amendment requests (LARs), if Date: 4/27/10

16. Y Closed Closed NRC Meeting TVA Letter dated 017 7.3.1 7.3.1,

(

D a

Identify precedents in LARs, if any, for the solid state protection Date: 4/27/10

17. Y Closed Closed NRC Meeting TVA Letter dated 018

(

G Identify any changes made to any instrumentation and control Date: 4/27/10

18. Y Closed Closed NRC Meeting TVA Letter dated 019

(

G Verify that the containment purge isolation radiation monitor is the Date: 4/27/10

19. Y Closed Closed NRC Meeting TVA Letter dated 020

(

G Provide environmental qualification information pursuant to Section Date: 4/27/10

20. Y Closed Closed NRC Meeting TVA Letter dated NNC 4/30/10: SRP Section 7.0 states:

021 7.3

(

G For the Foxboro Spec 200 platform, identify any changes in Date: 5/25/10

21. Y Closed Closed NRC Meeting TVA Letter dated The resolution of this item will be 022 7.3.2 5.6,

(

D a

Verify the auxiliary feedwater control refurbishment results in a like-Date: 4/27/10

22. Y Closed Closed NRC Meeting TVA Letter dated 023

(

G Provide environmental qualification (10 CFR 50.49) information for Date: 4/27/10

23. Y Closed Closed NRC Meeting TVA Letter dated NNC 4/30/10: SRP Section 7.0 states:

024

(

C Provide a schedule by the January 13, 2010, meeting for providing During the January 13, 2010 meeting, TVA presented a

24. Y Closed Closed NRC Meeting N/A - Request for NNC 4/30/10: Carte to address 025 7.5.2 7.5.1

(

S i

For the containment radiation high radiation monitor, verify that the Date: 4/27/10

25. Y Closed Closed NRC Meeting ML101230248, 026

(

G Provide environmental qualification (10 CFR 50.49) information for Date: 4/27/10

26. Y Closed Closed NRC Meeting TVA Letter dated NNC 4/30/10: SRP Section 7.0 states:

027 7.7.1.

(

C For Foxboro I/A provide information regarding safety/non-safety-Date: 4/27/10

27. Y Closed Closed NRC Meeting TVA Letter dated 028

(

G For the turbine control AEH system, verify that the refurbishment Responder: Mark Scansen

28. Y Closed Closed NRC Meeting TVA Letter dated 029

(

C For the rod control system, verify that the refurbishment results in a Date: 4/27/10

29. Y Closed Closed NRC Meeting TVA Letter dated 030

(

G Regarding the refurbishment of I&C equipment, identify any Responder: Clark

30. Y Closed Closed NRC Meeting TVA Letter dated 031

(

C For the rod position indication system (CERPI), provide information Date: 4/27/10

31. Y Closed Closed NRC Meeting TVA Letter dated CERPI is non-safety related.

032

(

C For the process computer, need to consider cyber security issues Date: 4/27/10

32. Y Closed Closed NRC Meeting TVA Letter dated EICB will no longer consider cyber 033

(

C For the loose parts monitoring system, provide information Date: 4/27/10

33. Y Closed Closed NRC Meeting TVA Letter dated The loose parts monitoring system is 034

(

G 2/4/2010 Responder: TVA

34. Y Closed Closed N/A TVA Letter dated 034.

a r

g Chapter 7.1 - Introduction

35. Y Closed Closed N/A N/A 034.

(

G Chapter 7.2 - Reactor Trip System

36. Y Closed Closed N/A N/A 034.

7.3 7.3

(

D a

Chapter 7.3 - ESFAS

37. Y Closed Closed N/A N/A 034.

7.5.1.

7.5.2

(

M a

Chapter 7.5 - Instrumentation Systems Important to Safety

38. Y Closed Closed N/A N/A Closed 034.

7.5.1.

7.5.2 r

c u

Chapter 7.6 - All Other Systems Required for Safety

39. Y Closed Closed N/A N/A Closed 034.

n g

h

/

Chapter 7.7 Control Systems

40. Y Closed Closed N/A N/A 035

(

S i

2/18/2010 Responder: Clark

41. Y Closed Closed RAI No. 1 TVA Letter dated LIC-110 Section 6.2.2 states: Design 036 7.5.2 7.5.1

(

C February 18, 2010 Date: 5/25/10

42. Y Closed Closed NRC Meeting NNC: Unit 2 FSAR Section 7.5.1, Post 037 7.5.1.

7.5.2

(

M a

2/18/2010 Responder: Clark Date: 5/25/10

43. Y Closed Closed N/A TVA Letter dated FSAR Amendment 100 provides

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 038 7.5.1.

7.5.2

(

M a

2/18/2010 Responder: Clark Date: 5/25/10

44. Y Closed Closed EICB RAI TVA Letter dated The slides presented at the December 039

(

G January 13, 2010 Responder: Clark Date: 5/25/10

45. Y Closed Closed EICB RAI FSAR amendment The equation for the calculation of the 040

(

G January 13, 2010 Responder: Clark Date: 5/25/10

46. Y Closed Closed EICB RAI EICB RAI FSAR amendment The equation for the calculation of the 041 7.5.2 7.5.1 EICB (Carte) 2/19/2010 Please provide the following Westinghouse documents:

(1) WNA-DS-01617-WBT Rev. 1, "PAMS System Requirements Specification" (2) WNA-DS-01667-WBT Rev. 0, "PAMS System Design Specification" (3) WNA-CD-00018-GEN Rev. 3, "CGD for QNX version 4.5g" Please provide the following Westinghouse documents or pointers to where the material was reviewed and approved in the CQ TR or SPM:

(4) WNA-PT-00058-GEN Rev. 0, "Testing Process for Common Q Safety systems" (5) WNA-TP-00357-GEN Rev. 4, "Element Software Test Procedure" Responder: WEC Items (1) and (2) were docketed by TVA letter dated April 8, 2010.

Item (3) will be addressed by Revision 2 of the Licensing Technical Report. Due 12/3/10 Item (4) will be addressed by Westinghouse developing a WBN2 Specific Test Plan to compensate for the fact that the NRC disapproved WNA-PT-00058-GEN during the original Common Q review. Due 12/7/10 Item (5) Procedures that are listed in the SPM compliance table in the Licensing Technical Report revision 1 supersede that test procedure WNA-TP-00357-GEN.Due 10/22/10 For Item 3, Attachment 19 contains the Westinghouse document Post-Accident Monitoring System (PAMS)

Licensing Technical Report, WNA-LI-00058-WBT, Revision 2, dated December 2010. Attachment 20 contains the Westinghouse Application for Withholding for the Post-Accident Monitoring System (PAMS) Licensing Technical Report, WNA-LI-00058-WBT, Revision 2, dated December 2010.

For Item 4, Attachment 9 contains the Westinghouse document Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0, dated November 2010. Attachment 10 contains the Westinghouse Application for Withholding for the WNA-PT-00138-WBT, Revision 0 Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0, dated November 17, 2010.

TVA Response to Follow-up NRC Request:

(1) WEC presented the results of the self assessment to the NRC on February 2, 2011.

(2) By agreement between TVA, WEC and the NRC, the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0 will not be revised. Instead a non-proprietary Common Q PAMS Test Summary Report will be developed and submitted to address the issues with the STP. Attachment 1 contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.

1.

N Open Pending Submittal of the Test Summary Report due 3/29/11 Final Response included in letter dated 12/3/10 Partial Response is included in letter dated 10/5/10.

The SysRS and SRS incorporate requirements from many other documents by reference.

NNC 8/25/10: (3) An earlier version of this report was docketed for the Common Q topical report; therefore, there should be no problem to docket this version. (4) Per ML091560352, the testing process document does not address the test plan requirements of the SPM.

Please provide a test plan that implements the requirements of the SPM.

Open-NRC Review Due 3/29/11 NNC 1/27/11: Issues with the STP were discussed in the weekly public meetings.

Westinghouse to:

(1) perfrom STP self assessment., and (2) Augment Test Summary report to provide missing test plan information NNC 2/3/11: At next audit compare &

discuss:

(1) WNA-PT-00058-GEN Rev. 0 (2) WNA-PT-00138-WBT Rev. 0 (3) AP1000 STP NRC Meeting Summary NRC Meeting Summary ML093560019, Item No. 11 TVA Letter dated 6/18/10 TVA Letter dated 10/5/10 See also Open Item Nos. 226 & 270.

042 All All B

(

A February 25, 2010: Telecom Date: 5/25/10

47. Y Closed Closed EICB RAI TVA Letter dated The drawing provided did not have the 043 7.5.2 7.5.1 CB (C

art 2/19/2010 Responder: WEC Date: 5/25/10

2.

N Open Open-NRC Review EICB RAI ML102910002 TVA Letter dated 2/5/10 NNC 8/25/10: A CQ PAMS ISG6 compliance matrix was docketed on: (1)

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments The PAMS ISG6 compliance matrix supplied as Enclosure 1 to TVA letter dated February 5, 2010 is a first draft of the information needed. The shortcomings of the first three lines in the matrix are:

Line 1: Section 11 of the Common Q topical report did include a commercial grade dedication program, but this program was not approved in the associated SE. Westinghouse stated that this was the program and it could now be reviewed. The NRC stated that TVA should identified what they believe was previously reviewed and approved.

Line 2: TVA stated the D3 analysis was not applicable to PAMS, but provided no justification. The NRC asked for justification since SRP Chapter 7.5 identified SRM to SECV-93-087 Item II.Q as being SRP acceptance criteria for PAMS.

Line 3: TVA identified that the Design report for computer integrity was completed as part of the common Q topical report. The NRC noted that this report is applicable for a system in a plant, and the CQ topical report did no specifically address this PAMS system at Watts Bar Unit 2.

NRC then concluded that TVA should go through and provide a more complete and thorough compliance matrix.

The PAMS ISG6 compliance matrix supplied as Enclosure 1 to TVA letter dated February 5, 2010 is a first draft of the information needed.

By letter dated April 8, 2010 TVA provided the PAMS Licensing Technical Report provided additional information.

contains the revised Common Q PAMS ISG-6 Compliance Matrix, dated June 11, 2010, that addresses these items (Reference 13).

By letter Dated June 18, 2010 (see Attachment 3) TVA provided a table, "Watts Bar 2 - Common Q PAMS ISG-6 Compliance Matrix."

It is TVAs understanding that this comment is focused on the fact that there are documents that NRC has requested that are currently listed as being available for audit at the Westinghouse offices. For those Common Q PAMS documents that are TVA deliverable documents from Westinghouse, TVA has agreed to provide those to NRC.

Westinghouse documents that are not deliverable to TVA will be available for audit as stated above. Requirements Traceability Matrix issues will be tracked under NRC RAI Matrix Items 142 (Software Requirements Specification) and 145 (System Design Specification). Commercial Item Dedication issues will be tracked under NRC RAI Matrix Item 138. This item is considered closed.

TVA Response to Follow-up NRC Request:

WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following changes to address the NRC requests:

(1) While RSEDs are not specifically mentioned, Section 7 has been revised to be applicable to both hardware and software which includes the RSEDs.

(2) Table 6-1 item 15 reference added for WNA-VR-00280-WBT (RESD)

TVA Response to Second Follow-up NRC Request:

The NRC audited the Westinghouse commercial item dedication process for both hardware and software during the week of February 28 to March 4, 2011. The audif found the processes acceptable. Westinghouse and TVA previously agreed to provide additional information to address this item in Revision 3 of the Licensing Technical Report.

contains WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary). contains WNA-LI-00058-WBT-NP, Post-Accident Monitoring System (PAMS) Licensing Technical Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Revised response included in letter dated 12/22/10.

Response is included in letter dated 10/5/10.

Revised compliance matrix is unacceptable.

NNC 8/12/10: It is not quite enough to provide all of the documents requested. There are two possible routes to review that the NRC can undertake: (1) follow ISG6, and (2) follow the CQ SPM. The TVA response that was originally pursued was to follow ISG6, but some of the compliance items for ISG6 were addressed by referencing the SPM. The NRC approved the CQ TR and associated SPM; it may be more appropriate to review the WBN2 PAMS application to for adherence to the SPM that to ISG6. In either path chosen, the applicant should provide documents and a justification for the acceptability of any deviation from the path chosen. For example, it appears that the Westinghouse's CDIs are commercial grade dedication plans, but Westinghouse maintains that they are commercial grade dedication reports; this apparent deviation should be justified or explained.

Due 3/29/11 NNC 2/2/11: Issues with Common Q TR &

SPM compliance were discussed in the weekly public meetings.

Westinghouse to perform Common Q TR

& SPM compliance self assessment; his will be discussed in detail on the next audit.

Item No. 2 TVA Letter dated 5/12/10 TVA Letter dated 6/18/10 TVA Letter dated 10/5/10 February, 5 12010, (2) March 12, 2010,

& (3) June 18, 2010. The staff has expressed issued with all of these compliance evaluations. The staff is still waiting for a good compliance evaluation.

NNC 11/23/10: WNA-LI-00058-WT-P Rev. 1 Section 7 does not include the RSED documents, and it should. Table 6-1 Item No. 15 should also include the RSED RTMs.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Report, Revision 3 dated March 2011 (non-proprietary). contains CWA-11-311, Application for Withholding Proprietary Information from Public Disclosure, WNA-LI-00058-WBT-P, Revision 3 Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post-Accident Monitoring System (PAMS) Licensing Technical Report, dated March 14, 2011.

044 7.5.2 7.5.1

(

C February 25, 2010 Date: 5/25/10

48. Y Closed Closed EICB RAI TVA Letter dated 045

(

C February 25, 2010 Date: 5/25/10

49. Y Closed Closed EICB RAI TVA Letter dated 046

(

C February 25, 2010 Date: 5/25/10

50. Y Closed Closed N/A - Request for N/A 047 7.5.2 7.5.1

(

C 4/8/2010 Responder: WEC/Hilmes Date: 5/25/10

51. Y Closed Closed EICB RAI TVA Letter dated 048 7.5.2 7.5.1

(

C April 8, 2010 Date: 5/25/10

52. Y Closed Closed EICB RAI TVA Letter dated 049 7.5.2 7.5.1

(

C 4/8/2010 Responder: WEC Date: 5/25/10

53. Y Closed Closed EICB RAI TVA Letter dated 050 7.5.2 7.5.1

(

C 4/8/2010 Responder: WEC Date: 5/25/10

54. N Closed Closed EICB RAI TVA Letter dated NNC 11/18/10: SysRS Rev. 2 contains 051

(

G April 15, 2010 Date: 5/25/10

55. Y Closed Closed N/A N/A Review addressed by another Open 052 7.5.2 7.5.1

(

S i

April 19, 2010 Date: 5/25/10

56. Y Closed Closed RAI No. 12 053 7.5.2 7.5.1

(

S i

April 19, 2010 Date: 5/25/10

57. Y Closed Closed RAI No. 13 054 7.5.2 7.5.1

(

S i

4/19/2010 Responder: Slifer/Clark Date: 5/25/10

58. Y Closed Closed RAI No. 14 TVA Letter dated 055 7.5.2 7.5.1

(

S i

4/19/2010 Responder: Slifer/Clark Date: 5/25/10

59. Y Closed Closed RAI No. 15 TVA Letter dated 056

(

S i

April 19, 2010 Date: 5/25/10

60. Y Closed Closed RAI No. 16 TVA Letter dated Sorrento Radiation Monitoring 057 7.5.2 7.5.1

(

S i

4/19/2010 Responder: TVA I&C Staff Date: 5/25/10

61. Y Closed Closed RAI No. 17 TVA Letter dated 058 7.5.0 7.5

(

S i

April 19, 2010 Date: 5/25/10

62. Y Closed Closed RAI No. 18 TVA Letter dated 059 7.5.2 7.5.1

(

S i

April 19, 2010 Date:

63. Y Closed Closed RAI No. 19 TVA Letter dated 060 7.5.2 7.5.1

(

C April 19, 2010 Date: 5/25/10

64. Y Closed Closed N/A N/A Addressed by Open Item No. 47 061 7.5.2 7.5.1

(

C April 19, 2010 Date: 5/25/10

65. Y Closed Closed N/A N/A Addressed by Open Item No. 48 062 7.5.2 7.5.1

(

C April 19, 2010 Date: 5/25/10

66. Y Closed Closed N/A N/A Addressed by Open Item No. 49 063 7.5.2 7.5.1

(

C April 19, 2010 Date: 5/25/10

67. Y Closed Closed N/A N/A Addressed by Open Item No. 50 064 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: Webb Date: 4/8/2010

68. Y Closed Closed N/A - No question TVA Letter dated 065 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

69. Y Closed Closed N/A - No question TVA Letter dated 066 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

70. Y Closed Closed N/A - No question TVA Letter dated 067 7.5.2 7.5.1 EICB (Carte)

By letter dated March 12, 2010 TVA stated that the target submittal date for the "Commercial Grade Dedication Instructions for AI687, AI688, Upgraded PC node box and flat panels." was September 28, 2010.

Responder: WEC Date: 5/25/10 The following status is from the revised WB2 Common Q PAMS ISG-6 Compliance Matrix submitted in response to Item 43:

a. AI687, AI688 - Scheduled for September 28, 2010
b. Upgraded PC node box and flat panel displays - Per Westinghouse letter WBT-D-2024 (Reference 7), these items are available for audit at the Westinghouse Rockville office.
c. Power supplies - Per Westinghouse letter WBT-D-2035 (Reference 12), these items are available for audit at the Westinghouse Rockville office.

To be addressed during 9/20-9/21 audit TVA Response to Follow-up NRC Request:

3.

N Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Response included in letter dated 12/22/10.

This item is addressed in Rev. 2 of the Licensing Technical Report Open-NRC Review Due: 3/29/11 NNC 2/2/11: Section 7 of the WBN2 PAMS LTR should be updated to include:

(1) non-proprietary description of commercial grade dedication, and (2) Software example Commercial grade dedication will also be addressed at the next audit.

N/A - No question was asked. Item was opened to track comm8ittment made by applicant.

TVA Letter dated 6/18/10

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following change to address the NRC request:

Section 7, Commercial Grade Dedication Process, has been revised to describe the general commercial grade dedication process for both hardware and software and uses a description of the AI687 dedication process as an example of how the process is applied.

TVA Response to Follow-up NRC Request dated 2/2/11:

The non-proprietary commercial grade dedication discussion is included in Attachment 3, WNA-LI-00058-WBT-NP, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3 dated March 2011 (non-proprietary)

Section 7. The software example is included in Attachment 2, WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary) Section 7.

068 7.5.2 7.5.1 EICB (Carte)

By letter dated March 12, 2010 TVA stated that the target submittal date for the "Summary Report on acceptance of AI687, AI688, Upgraded PC node box, flat panels, and power supplies." was September 28, 2010.

Responder: WEC Date: 5/25/10 The following status is from the revised WB2 Common Q PAMS ISG-6 Compliance Matrix submitted in response to Item 43:

a. AI687, AI688 - Scheduled for September 28, 2010
b. Upgraded PC node box - Per Westinghouse letter WBT-D-2024 (Reference 7), this item is available for audit at the Westinghouse Rockville office.
c. Flat panel displays - Per Westinghouse letter WBT-D-2024 (Reference 7), this item is available for audit at the Westinghouse Rockville office.
d. Power supplies - Per Westinghouse letter WBT-D-2035 (Reference 12), these items are available for audit at the Westinghouse Rockville office.

To be addressed during 9/20-9/21 audit TVA Response to Follow-up NRC Request:

For the commercial grade dedication process, please see the response to Request for Additional Information (RAI) item 3 in this letter, NRC Matrix Item 067.

The component level EQ/Seismic summary reports for the hardware listed above are available for NRC review/audit as described below:

(1) AI687 and AI688, the following documents were submitted in TVA Letter to NRC dated October 26, 2010, Watts Bar Nuclear Plant (WBN) Unit 2 -

Instrumentation and Controls Staff Information

4.

N Open Response included in letter dated 12/22/10.

This item is addressed in Rev. 2 of the Licensing Technical Report Open-NRC Review NNC 2/2/11:

Commercial grade dedication will be addressed at the next audit. Summary reports for AI687 &

AI688 were docketed one month late.

N/A - No question was asked. Item was opened to track comm8ittment made by applicant.

TVA Letter dated 6/18/10

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Requests, (Reference 5):

a.

EQ-EV-62-WBT, Revision 0, Common Q PAMS Comparison of Tested Conditions for the AI687 and AI688 Common Q Modules and Supporting Components to the Watts Bar Unit 2 (WBT)

Requirements, dated September 10, 2010

b.

EQLR-171, Revision 0, Environmental and Seismic Test Report, Analog Input (AI)687 &

AI688 Modules for use in Common Q PAMS, dated September 10, 2010

c.

CN-EQT-10-44, Revision 0, Dynamic Similarity Analysis for the Watts Bar Unit 2 Post Accident Monitoring System (PAMS), dated September 28, 2010 (2) Upgraded PC Node Box - As stated in Westinghouse letter WBT-D-2024, dated June 9, 2010 NRC Access to Common Q Documents at the Westinghouse Rockville Office, (Reference 6), the following documents are available for NRC audit at the Westinghouse Rockville office:

a.

CDI-3722, Revision 7, Next Generation PC Node Box Commercial Dedication Instruction

b.

LTR-EQ-10-50 PC Node Box/Flat Panel Display System Components Qualification Summary (3) Flat Panel Displays - As stated in Westinghouse letter WBT-D-2024, dated June 9, 2010 NRC Access to Common Q Documents at the Westinghouse Rockville Office, (Reference 6), the following documents are available for NRC audit at the Westinghouse Rockville office:

a.

CDI-3803, Revision 8, Next Generation Flat Panel Display (FPD) Commercial Dedication Instruction

b.

LTR-EQ-10-50 PC Node Box/Flat Panel Display System Components Qualification Summary (4) Power supplies - As stated in Westinghouse letter WBT-D-2035 dated June 11, 2010 NRC Access to Common Q Documents at the Westinghouse Rockville Office (Reference 7), the following documents are available for NRC audit at the Westinghouse Rockville office:

a.

CDI-4057, Revision 4, Commercial Dedication Instruction

b.

EQ-TP-1 05-GEN, Revision 0, Electromagnetic Compatibility Test Plan and Procedure for Quint Power Supplies and Safety System Line Filter

c.

Breakers, EQ-TP-114-GEN, Revision 0, Seismic Qualification Test Procedure For Common Q Power Supplies, Quint Power Supplies, Line Filter Assemblies, and South Texas Units 3 & 4 Circuit

d.

EQ-TP-117-GEN, Revision 0, Environmental Qualification Test Procedure For Common Q Powe Supplies, Quint Power Supplies, and Line Filter Assemblies 069 7.5.2 7.5.1 CB (C

art By letter dated March 12, 2010 TVA stated that the target submittal date for the "Watts Bar 2 PAMS Specific FAT Report" was October Responder: WEC Date: 5/25/10

5.

N Open Open-NRC Review Due 3/29/11 N/A - No question was asked. Item N/A

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 2010.

As agreed, the Watts Bar 2 PAMS Specific FAT Report will not be submitted. Instead a non-proprietary PAMS Test Summary Report will be submitted. contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.

Pending Submittal of the Test Summary Report due 3/29/11 Awaiting for document to be docketed by TVA.

NNC 2/3/11: The current due dated above is 4 months later than planned.

was opened to track comm8ittment made by applicant.

070 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

71. N Closed Closed N/A - No question TVA Letter dated NNC 11/23/10: The dues date in this 071 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

72. N Closed Closed N/A - No question N/A NNC 11/23/10: The dues date in this 072 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

73. Y Closed Closed N/A - No question N/A 073 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

74. N Closed Closed N/A - No question N/A 074 7.5.2 7.5.1 EICB (Carte)

By letter dated March 12, 2010 TVA stated that the target submittal date for the Post FAT IV&V Phase Summary Report was November 30, 2010.

Responder: WEC Date: 5/25/10 contains WNA-VR-00283-WBT-P, IV&V Summary Report for the Post Accident Monitoring System, Revision 4, dated March 2011 (proprietary). Attachment 2 contains WNA-VR-00283-WBT-NP, IV&V Summary Report for the Post Accident Monitoring System, Revision 4, dated March 2011 (non-proprietary). Attachment 3 contains CWA-11-3121, Application for Withholding Proprietary Information from Public Disclosure, WNA-VR-00283-WBT-P, Revision 4 Nuclear Automation IV&V Summary Report for the Post Accident Monitoring System" (Proprietary), dated March 3, 2011.

6.

N Open Response in letter dated March 16, 2011 Open-NRC Review Due TBD NNC 2/3/11: At least 3 months later than planned.

N/A - No question was asked. Item was opened to track commitment made by applicant.

N/A Rev. 4 will be available for the NRC audit on 2/28/11. This document will not be submitted. Rev. 5 will be submitted after resolution of the datastorm display issue.

075 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

75. N Closed Closed N/A - No question N/A 076 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: Clark Date: 5/25/10

76. Y Closed Closed N/A - No question N/A 077 7.5.2 7.5.1

(

C By letter dated March 12, 2010 TVA stated that the target submittal Responder: WEC Date: 5/25/10

77. Y Closed Closed N/A - No question TVA Letter dated 078

(

G 4/26/2010 Responder: Clark Date: 5/25/10

78. Y Closed Closed EICB RAI TVA Letter dated 079

(

G 4/26/2010 Responder: Clark Date: 5/25/10

79. Y Closed Closed EICB RAI TVA Letter dated Reviewed under Item 154 080

(

S i

4/26/2010 Responder: WEC

80. Y Closed Closed RAI No. 2 TVA Letter dated 081 7.5.2 7.5.1 EICB (Carte) 5/6/2010 The PAMS Licensing Technical Report (WNA-LI-00058-WBT Rev.

0, Dated April 2010), in Section 7, lists codes and standards applicable to the Common Q PAMS. This list contains references to old revisions of several regulatory documents, for example:

(1) RG 1.29 - September 1978 vs. March 2007 (2) RG 1.53 - June 1973 vs. November 2003 (a) IEEE 379-1994 vs. -2000 (3) RG 1.75 - September 1975 vs. February 2005 (a) IEEE 384-1992 vs. -1992 (4) RG 1.100 - June 1988 vs. September 2009 (a) IEEE 344-1987 vs. -2004 (5) RG 1.152 - January 1996 vs. January 2006 (a) IEEE 7-4.33.2-1993 vs. -2003 (6) RG 1.168 - September 1997 vs. February 2004 (a) IEEE 1012-1986 vs. -1998 (b) IEEE 1028-1988 vs. -1997 (7) IEEE 279-1991 vs. 603-1991 (8) IEEE 323-1983 vs. -1974 (RG 1.89 Rev. 1 June 1984 endorses 323-1974)

However, LIC-110, "Watts Bar Unit 2 License Application Review,"

states: "Design features and administrative programs that are unique to Unit 2 should then be reviewed in accordance with the current staff positions." Please identify all differences between the versions referenced and the current staff positions. Please provide Responder: Merten/WEC The codes and standards documents listed in Section 7 of the Common Q PAMS Licensing Technical Report are the documents that the Common Q platform was licensed to when the NRC approved the original topical report and issued the approved SER. The WBN Unit 2 Common Q PAMS is designed in accordance with the approved Common Q topical report and approved SER and the codes and standards on which the SER was based. Since the current versions referenced are not applicable to WBN Unit 2, there is no basis for a comparison review.

Bechtel to develop a matrix and work with Westinghouse to provide justification.

TVA Response to Follow-up NRC Request:

contains the results of the TVA analysis of standards and regulatory guides applicable to the Common Q PAMS. Based on the results of the analysis, the Common Q PAMS design meets the applicable requirements and is acceptable.

7.

N Open ML101600092 Item No.1: There are three sets of regulatory criteria that relate to a Common Q application (e.g. WBN2 PAMS):

(a) Common Q platform components - Common Q TR (b) Application Development Processes - Common Q SPM (c) Application Specific - current regulatory criteria The Common Q Topical Report and associated appendices primarily addressed (a) and (b).

The Common Q SER states:

Appendix 1, Post Accident Monitoring Systems, provides the functional requirements and conceptual design approach for upgrading an existing PAMS based on Common Q components (page 58, Section 4.4.1.1, Description)On the Open-NRC Review Due 2/25/11 TVA to provide requested information.

NNC 2/3/11: The above due date has been missed by at least 2 months.

Please provide new due date.

EICB RAI ML102910002 Item No. 9 TVA Letter dated 6/18/10 NNC 1/5/11: See Also Open Item No.

86 and 202.

NNC 4/125/2011: See Open Item No.

364.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments a justification for the acceptability PAMS with respect to these differences.

basis of the above review, the staff concludes that Appendix 1 does not contain sufficient information to establish the generic acceptability of the proposed PAMS design (page 56, Section 4.4.1.3, PAMS Evaluation)

The NRC did not approve the proposed PAMS design.

Section 6, References, and Section 7, Codes and Standards Applicable to the Common Q PAMS, of the PAMS Licensing Technical Report contain items that are not the current regulatory criteria.

Please provide an explanation of how the WBN2 PAMS conforms with the application specific regulatory criteria applicable to the WBN2 PAMS design. For example IEEE Std.

603-1991 Clause 5.6.3, Independence Between Safety Systems and Other Systems, and Clause 6.3, Interaction Between the Sense and Command Features and Other Systems, contain application specific requirements that must be addressed by a PAMS system.

Awaiting TVA Response.

082 7.5.2 7.5.1

(

C 5/6/2010 Responder: WEC Date: 6/18/10

81. N Closed Closed EICB RAI TVA Letter dated NNC 11/18/10: See also Open Item No.

083 7.5.2 7.5.1

(

C May 6, 2010 Date: 6/18/10

82. Y Closed Closed EICB RAI TVA Letter dated 084 7.5.2 7.5.1

(

C May 6, 2010 Date: 6/18/10

83. Y Closed Closed EICB RAI TVA Letter dated 085 7.5.2 7.5.1

(

C 5/6/2010 Responder: WEC

84. N Closed Closed EICB RAI 086 7.5.2 7.5.1 EICB (Carte) 5/6/2010 The PAMS Licensing Technical Report (WNA-LI-00058-WBT Rev.

0, Dated April 2010), in Section 6, lists references applicable to the Common Q PAMS. This list contains references to old revisions of several regulatory documents, for example:

(1) DI&C-ISG04 - Rev. 0 (ML072540138) vs. Rev. 1 (ML083310185)

However, LIC-110, "Watts Bar Unit 2 License Application Review,"

states: "Design features and administrative programs that are unique to Unit 2 should then be reviewed in accordance with the Responder: WEC Date: 5/24/10 The regulatory documents listed in the Common Q PAMS Licensing Technical Report are the documents that the Common Q platform was licensed to when the NRC approved the original topical report and issued the approved SER. The WBN Unit 2 Common Q PAMS is designed in accordance with the approved Common Q topical report and approved SER and the regulatory documents on which the SER was based. Since the current versions referenced are not applicable to WBN Unit 2, there is no basis for a

8.

N Open TVA to address with item OI

81.

Open-NRC Review Due 2/25/11 NNC 2/3/11: The above due date has been missed by at least 2 months.

Please provide new due date.

EICB RAI ML102910002 Item No. 14 TVA Letter dated 6/18/10 NNC 1/6/11: See Also Open Item No.81

& 202

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments current staff positions." Please identify all differences between the versions referenced and the current staff positions. Please provide a justification for the acceptability PAMS with respect to these differences.

comparison review.

Rev 0 of the Licensing Technical Report references Rev. 1 of ISG4 TVA Response to Follow-up NRC Request:

The analysis for compliance with DI&C-ISG04, Revision 0 to Revision 1 was previously submitted as part of the Common Q PAMS Licensing Technical Report Revision 2 on December 22, 2010. Attachment 4 contains the results of the TVA analysis of standards and regulatory guides applicable to the Common Q PAMS. Based on the results of the analysis, the Common Q PAMS design is acceptable.

087 7.5.2 7.5.1

(

S i

May 6, 2010 Date: 5/24/10

85. Y Closed Closed RAI No. 20 TVA Letter dated 088 7.5.2 7.5.1

(

S i

May 6, 2010 Date: 5/24/10

86. Y Closed Closed RAI No. 21 TVA Letter dated 089

(

C 5/6/2010 Responder: Clark

87. Y Closed Closed EICB RAI TVA Letter dated NNC: Docketed response states that 090

(

C 5/6/2010 Responder: Clark Date: 5/25/10

88. Y Closed Closed EICB RAI TVA Letter dated 091 7.4 7.4

(

D a

May 20, 2010 Date: 5/25/10

89. Y Closed Closed EICB RAI No.1 TVA Letter dated 092 DORL (Poole) 5/20/2010 TVA to review Licensee Open Item list and determine which items are proprietary.

Responder: Hilmes This item will close when we are no longer using this document as a communications tool.

1.

Y Open Due SER Issue Open-TVA/Oversight Due: SER Issue Continuous review as items are added 093

(

G May 20, 2010 Date: 5/25/10

90. Y Closed Closed N/A N/A Will be reviewed under item 154 094

(

G 5/20/2010 Responder: Clark Date: 5/25/10

91. Y Closed Closed N/A N/A Information was found in FSAR 095 7.8.1, XX

(

D a

May 20, 2010 Date:

92. Y Closed Closed EICB RAI No. 2 TVA Letter dated 096 7.7.5 XX

(

D a

5/20/2010 Responder:

93. Y Closed Closed EICB RAI No.3 TVA Letter dated 097 7.4.2 7.4

(

D a

May 20, 2010 Date:

94. Y Closed Closed EICB RAI No.4 TVA Letter dated 098 7.4.2 7.4

(

D a

May 25, 2010 Date:

95. Y Closed Closed EICB RAI No.5 TVA Letter dated 099

(

B a

April 12, 2010 Date:

96. Y Closed Closed Closed to Item 129 100

(

C 5/20/2010 Responder: WEC

97. Y Closed Closed N/A - No question N/A 101 DORL (Poole) 4/12/2010 The non-proprietary versions of the following RM-1000, Containment High Range Post Accident Radiation Monitor documents will be provided by June 30, 2010.
1. V&V Report 04508006A
2. System Description 04508100-1TM
3. Qualification Reports 04508905-QR, 04508905-1 SP, 04508905-2SP, 04508905-3SP
4. Functional Testing Report 04507007-1TR Responder: Slifer The documents, and affidavits for withholding for the listed documents were submitted to the NRC on TVA letter to the NRC dated July 15, 2010.
9.

Y Open Documents provided in letter dated 07/15/10 Open-NRC Review Due 10/14/10 Confirm receipt.

N/A TVA is working with the vendor to meet the 6/30 date, however there is the potential this will slip to 7/14.

102

(

C May 24, 2010 Date: 5/24/10

98. Y Closed Closed N/A TVA Letter dated Request for schedule not information.

103 7.4 7.4

(

D a

5/27/2010 Responder: Ayala Date: 5/27/10

99. Y Closed Closed EICB RAI No.1 TVA Letter dated Submittal date is based on current 104 7.4 7.4

(

D a

5/27/2010 Responder: Merten Date: 5/27/10 100. Y Closed Closed EICB RAI No.1 TVA Letter dated Submittal date is based on current 105

(

G April 29, 2010 Date:

101. Y Closed Closed N/A N/A Will be reviewed under item 154.

106

(

S i

May 6, 2010 Date: 5/25/10 102. Y Closed Closed RAI No. 9 TVA Letter dated 107

(

S i

May 6, 2010 Date: 5/28/10 103. Y Closed Closed RAI No. 22 TVA Letter dated 108

(

G May 6, 2010 Date: 5/25/10 104. Y Closed Closed N/A N/A Will be reviewed under OI#154

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 109.

7.8 XX

(

D a

5/6/2010 Responder: N/A 105. Y Closed Closed N/A N/A 109.

(

C 5/6/2010 Responder: N/A 106. Y Closed Closed N/A N/A Duplicate of another open Item.

110

(

G May 6, 2010 Date:

107. Y Closed Closed N/A N/A Information was found.

111

(

C May 6, 2010 Date: 5/28/10 108. Y Closed Closed N/A TVA Letter dated Request to help find, not a request for 112

(

G June 1, 2010 Date:

109. Y Closed Closed N/A N/A Information was received 113

(

G 6/1/2010 Responder: Clark 110. Y Closed Closed EICB RAI TVA Letter dated 114 7.2 7.2

(

G 6/1/2010 Responder: WEC 111. Y Close Closed EICB RAI TVA Letter dated 115

(

C 2/25/2010 Responder: Clark 112. Y Closed Closed EICB RAI TVA Letter dated 116

(

G 6/3/2010 Responder: WEC 113. Y Closed Closed EICB RAI TVA Letter dated Letter sent to Westinghouse requesting 117 7.1 7.1

(

G 6/3/2010 Responder: Hilmes 114. Y Closed Closed EICB RAI TVA Letter dated 118 7.4 7.4

(

D a

6/8/2010 Responder: Merten 115. Y Closed Closed EICB RAI No.1 TVA Letter dated Submittal date is based on current 119

(

S i

June 10, 2010 Date:

116. Y Closed Closed RAI No. 23 TVA Letter dated 120

(

C 5/6/2010 Responder: Hilmes/Merten/Costley 117. Y Closed Closed EICB RAI TVA Letter dated 121

(

C 5/6/2010 Responder: Webb/Webber 118. Y Closed Closed EICB RAI TVA Letter dated 122

(

C June 14, 2010 Date:

119. Y Closed Closed N/A - Request for N/A 123 7.7.3 7.4.1,

(

D a

6/14/2010 Responder:

120. Y Closed Closed ML101720589, TVA Letter dated 124 7.7.5 XX

(

D a

6/14/2010 Responder:

121. Y Closed Closed ML101720589, Item TVA Letter dated 125 7.7.8 7.7.1.12

(

D a

6/14/2010 Responder:

122. Y Closed Closed ML101720589, Item TVA Letter dated 126 7.8 7.8

(

D a

June 14, 2010 Date:

123. Y Closed Closed ML101720589, Item TVA Letter dated 127 7.2 7.2

(

G 6/16/2010 Responder: WEC/Clark 124. Y Closed Closed EICB RAI TVA Letter dated 128 7.2 7.2

(

G 6/18/2010 Responder: WEC Drake /TVA Craig 125. Y Closed Closed EICB RAI TVA Letter dated Track through SE open item 129

(

P 6/12/2010 Responder: WEC 126. Y Closed Closed N/A TVA Letter dated 130

(

P 6/28/2010 Responder: Clark 127. Y Closed Closed N/A TVA Letter dated 131

(

P 6/28/2010 Responder: Clark 128. Y Closed Closed N/A TVA Letter dated 132

(

P 6/28/2010 Responder: Clark 129. Y Closed Closed N/A TVA Letter dated 133

(

P 6/28/2010 Responder: Clark 130. Y Closed Closed TVA Letter dated 134

(

P 6/28/2010 Responder: Clark 131. Y Closed Closed TVA Letter dated 135 7.3.1 7.3.1

(

D a

6/30/2010 Responder: Clark 132. Y Closed Closed RAI not necessary TVA Letter dated 136 7.3.2, 7.4, 5.6,

(

D a

6/30/2010 Responder: Clark 133. Y Closed Closed RAI not necessary TVA Letter dated 137

(

C Several WBN2 PAMS documents contain a table titled, Document Responder: WEC 134. Y Closed Closed ML101650255, Item TVA Letter dated 138 EICB (Carte)

By letter dated February 3, 2010, Westinghouse informed TVA that certain PAMS documentation has been completed.

(a) The draft ISG6 states that a commercial grade dedication plan should be provided with an application for a Tier 2 review.

By letter dated February 5, 2010, TVA stated that the commercial grade dedication plan was included in the Common Q Topical Report Section 11, Commercial Grade Dedication Program.

Section 11 includes a description of the Common Q Commercial Grade Dedication Program, and states: A detailed review plan is developed for each Common Q hardware or software component that requires commercial grade dedication.

Please provide the commercial grade dedication plans for each Common Q hardware or software component that has not been previously reviewed and approved by the NRC.

Responder: WEC This item is used to track all Commercial Grade Dedication issues.

a.

WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following changes to address the NRC request:

Section 7, Commercial Grade Dedication Process has been revised to describe the general commercial grade dedication process for both hardware and software and uses a description of the AI687 dedication process as an example of how the process is applied.

10. N Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Revised response included in letter dated 12/22/10 TVA agreed to include a description of the generic Westinghouse hardware commercial grade dedication process in the PAMS licensing technical report. (see ML102920031 Item No 1)

Open-NRC Review NNC 2/2/11:

Commercial grade dedication will be addressed at the next audit.

NNC 2/17/11: The description of the commercial grade dedication process in the CQ PAMS LTR Rev. 2 should be updated to include a non-proprietary description and to ML101650255, Item No. 2 See also No. 82.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments (b) The draft ISG6 states that a commercial grade dedication report should be provided within 12 months of requested approval for a Tier 2 review.

(i) Please provide 00000-ICE-37722 Rev. 0, Commercial Grade Dedication Report for the QNX Operating System for Common Q Applications.

(ii) Please provide WNA-CD-00018-GEN Rev. 3, Commercial Dedication Report for QNX 4.25G for Common Q Applications.

As listed in Table 6-3. Westinghouse Watts Bar 2 Common Q PAMS Documents at Westinghouse Rockville Office, the following commercial grade dedication documents are available for NRC audit at the Westinghouse Rockville office: (list included in letter)

b.

It is TVAs understanding that the submittal of the documents listed in (b.i) and (b.ii) is no longer required.

Rather, it was agreed, that the inclusion of a description of the commercial grade dedication process in revision 2 of the Post-Accident Monitoring System (PAMS)

Licensing Technical Report, WNA-LI-00058-WT-P, would be sufficient to address this request.

TVA Response to Follow-up NRC Request:

The non-proprietary commercial grade dedication discussion is included in Attachment 3, WNA-LI-00058-WBT-NP, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3 dated March 2011 (non-proprietary)

Section 7. The software example is included in Attachment 2, WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary) Section 7.

TVA agreed to include (in the PAMS licensing technical report) an evaluation of WBN2 critical characteristics for commercial Westinghouse hardware components against the generic critical characteristics. (see ML102920031 Item No 2)

TVA agreed to include a description of the generic Westinghouse software commercial grade dedication process in the PAMS licensing technical report. (see ML102920031 Item No 3)

TVA agreed to include (in the PAMS licensing technical report) an evaluation of WBN2 critical characteristics for commercial software components against the generic critical characteristics. (see ML102920031 Item No 4) include a software example.

139

(

C The WBN2 PAMS System Requirements Specification (WBN2 Responder: WEC 135. Y Closed Closed ML101650255, Item TVA Letter dated WBN2 PAMS System Requirements 140

(

C The first requirement in the WBN2 PAMS SysRS (i.e., R2.2-1)

Responder: Clark 136. N Closed Closed ML101650255, Item TVA Letter dated WBN2 PAMS System Requirements 141

(

C Deleted by DORL Date:

137. Y Closed Closed ML101650255, Item WBN2 PAMS System Requirements 142 EICB (Carte)

The applicable regulatory guidance for reviewing the WBN2 PAMS SysRS would be IEEE 830 as endorsed by Regulatory Guide 1.172 and BTP 7-14 Section B.3.3.1, Requirements Activities - Software Requirements Specifications. IEEE 830-1994 Section 4.3.8, Traceable, states: A [requirements specification] is traceable of the origin of each of its requirements is clear

1.

How did TVA ensure the traceability of each requirement in the WBN2 PAMS SysRS.

2.

Explain the source(s) of the requirements present in the Post Responder: WEC This item is used to track all traceability issues with the Software Requirements Specification (SRS).

TVA Response to 1:

Traceability of requirements for the WBN Unit 2 Common Q PAMS is ensured by:

a.

Preparation of the TVA Contract Compliance Matrix contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010 (Reference 1).

b. Engineering review/comment/status of each revision of:
i.

WNA-DS-01617-WBT, Post Accident Monitoring System - System Requirements Specification ii.

WNA-DS-01667-WBT, Post Accident Monitoring System - System Design Specification (hardware) iii.

WNA-SD-00239-WBT, Software Requirements Specification for the Post Accident Monitoring System (software)

TVA Response to 2:

As documented in the RTM, some software requirements

11. N Open Revised response included in letter dated 02/25/11 Response included in letter dated 12/22/10 TVA/Westinghouse agreed to include the V&V evaluation of their reusable software element development process in the V&V design phase summary report. This evaluation would include an evaluation against the development process requirements. This evaluation would also include an evaluation of how the WBN2 specific requirements were addressed by the reusable software elements. (see ML102920031 Item No 5)

Open-NRC Review Due 2/25/11 (document submittals)

NNC 2/2/11: Updated Specifications and RTMs to be provided by TVA Tracability to be addressed during the next audit.

ML101650255, Item No. 6 WBN2 PAMS System Requirements Specification TVA docketed WNA-DS-01617-WBT Rev. 1, RRAS Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System-System Requirements Specification, dated December 2009.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Accident Monitoring Systems Software Requirements Specification. To clarify, many documents have requirements that are incorporated by reference into the SRS, but what served to direct the author to include those various documents in the SRS or, if the requirement is based on the System Requirements Specification, what directed the author to include the requirement there?

3.

Clarify whether the unnumbered paragraphs in the Post Accident Monitoring Systems Software Requirements Specification, such as in the section headings, or are all such sections simply considered to be informative?

Does the same apply to documents referenced by the SRS?

Such as WCAP-16096-NP-A, Rev. 1A, Software Program Manual for Common Q Systems, which is incorporated by reference in requirement R2.3-2 in the SRS.

R2.3-2 [The PAMS software shall comply with the requirements and guidelines defined in WCAP-16096-NP-A, Software Program Manual for Common Q Systems (reference 5).]

If any requirements are expressed in such unnumbered paragraph form instead of individually identified requirements, please list them, describe why they satisfy the fundamental requirement of unambiguity, and describe how they were verified.

4.

Are there any sources of requirements in parallel with the Post Accident Monitoring Systems Software Requirements Specification? Meaning does the SRS contain, explicitly or by reference, all the requirements that were used in the design phase for the application specific software, or do software design phase activities use requirements found in any other source or document? If so, what are these sources or documents?

5.

References 12, 27, 29, and 31-44 in the Post Accident Monitoring Systems Software Requirements Specification are various types of Reusable Software Element.

These references are used in the body of the SRS, for example:

R5.3.14-2 [The Addressable Constants CRC error signal shall be TRUE when any CAL CRC's respective ERROR terminal

= TRUE (WNA-DS-00315-GEN, "Reusable Software Element Document CRC for Calibration Data" [Reference 12]).]

are taken from generic documents. The decision to include generic software requirements was to reduce the overall scope for Common Q features that are unchanged across projects. Westinghouse reviewed the generic PAMS requirements and included those requirements that were applicable to WBN Unit 2 PAMS.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

TVA Response to 3:

Unnumbered paragraphs in the Post Accident Monitoring Systems Software Requirements Specification, such as in the section headings, are informative and are not to be interpreted as requirements. All requirements are explicitly numbered.

It depends on the document type. The statement would be true for requirements documents (such as the SysRS or SDS) if they were incorporated by reference. However, for the specific item cited, WCAP-16096-NP-A, Rev. 1A, it does not contain numbered requirements. The requirements contained in this document are contained within the text of the various sections.

Source: E-mail from Westinghouse (Matthew A. Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

TVA Response to 4:

The Westinghouse SRS, WNA-SD-00239-WBT, Revision 3 contains references to other Westinghouse software requirements documents. Specifically, 00000-ICE-3238, Revision 5, Software Requirements Specification Post Accident Monitoring System 00000-ICE-3239, Revision 13, Software Requirements Specification for the Common Q Generic Flat Panel Display Software Source: E-mail from Westinghouse (Matthew A. Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

TVA Response to 5:

Requirements for the reusable software elements (RSEDs) are evaluated in WNA-VR-00283-WBT-P, Revision 3, IV&V Summary Report for the Post Accident Monitoring System, dated December 2010 (Attachment 10).

RSED traceability is contained in WNA-VR-00280-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements. This document can be made available for audit

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments They are also included via tables such as found in requirement R7.1.2-1

[The Watts Bar 2 PAMS shall use the application-specific type circuits and custom PC elements listed in Table 7.1-1.]

Do the referenced reusable software element documents include requirements not explicitly stated in the SRS? If so what is their origin?

at the Westinghouse Rockville office.

At the September 15 public meeting in Rockville, the following actions were agreed to. These items address the traceability concerns with the Software Requirements Specification.

1.

Westinghouse will perform a review of the Requirements Traceability Matrix(RTM), using the issues identified at the 9/15 public meeting as a guide (documented below) and update the RTM as required.

TVA Response:

See response to letter Item 13 (NRC Matrix Item 145).

2.

The next issue of the IV&V report will include the Requirements phase review of the RTM and a partial review for the Design phase.

TVA Response:

See response to letter Item 13 (NRC Matrix Item 145).

3.

Westinghouse will add a comments column in the Requirements Traceability Matrix (RTM) to address items not in the SRS or SysRS.

TVA Response:

A comments column has been added to WNA-VR-00279-WBT, Revision 3, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

4.

IEEE 830 says you shouldnt have planning information in the SRS. Westinghouse has agreed to remove this information.

TVA Response:

Westinghouse has confirmed that process requirements have been removed from the SRS.

Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: Common Q RAI concerns, dated December 8, 2010 (Reference 17)

5.

IEEE 830 says you shouldnt have process requirements in the SRS. Westinghouse has agreed to remove these requirements.

TVA Response:

Westinghouse confirmed that process requirements have been removed from the SRS.

Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: Common Q RAI concerns, dated December 8, 2010 (Reference 17)

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments

6.

Westinghouse will perform and document an evaluation of the SRS to ensure compliance with Reg.

Guide 1.172 and justify any deviations.

TVA Response:

WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1):

Section 9, Compliance Evaluation Of The Watts Bar 2 PAMS Software Requirements Specification To IEEE Standard 830-1998 And Regulatory Guide 1.172 has been added.

7.

25 issues identified by V&V where some requirements have not been included in the System Design Specification (SDS) (14) and SRS (11) at the revisions reviewed by V&V. Have these been addressed?

TVA Response:

The twenty-five (25) issues are captured in Exception Reports (ERs): V&V-769 and V&V-770. These ERs have all been addressed and the ERs have been closed satisfactorily by Westinghouse IV&V.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

8.

Some hardware requirements are contained in the SRS instead of the System Design Specification (SDS). These will be removed from the SRS and incorporated into the next revision of the SDS.

TVA Response:

The hardware requirements in the Software Requirements Specification have been deleted and moved to System Design Specification.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 16, 2010 (Reference 15)

9.

RTM item R4.2-2 protection class software set to 0.

Needs to be fixed internally. Write CAPs to revise the application restrictions document on AC160.

TVA Response:

Westinghouse CAPs IR# 10-259-M034 has been issued. This item will be addressed in revision 4 of the RTM.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

10. Westinghouse to improve the traceability of the tests

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments that are performed with the function enable (FE) switch in the ENABLE position.

TVA Response:

The tests that are performed with the FE keyswitch in the ENABLE position are defined in the SRS Sections:

6.2 Manually Initiated Testing, 7.2.23 Annunciator Test Display, 7.2.25 Saturation Margin Test Display, and 7.2.26 Analog Output Test Display.

11. Westinghouse to revise documents to be consistent with referring to the FE switch in the ENABLE position.

TVA Response:

Westinghouse has elected to standardize on the terms FE keyswitch and ENABLE. A review of recent documents for compliance with this comment and commitment was performed with the following results:

a.

Revision 3 of the SysRS, and SDS have been revised to use the terms FE keyswitch. Revision 3 of the SDS is consistent in use of the term ENABLE.

b.

SysRS Revision 3 is not consistent in use of the term ENABLE as noted below:

i. R2.5.2.1-2 uses the term ENABLED instead of ENABLE ii. R2.5.2.1.3-3, R2.6.3.3-1, R2.6.3.3-2, R2.6.3.3-3, and R2.6.3.3-7, use the term Enable instead of ENABLE
c.

Revision 3 of the SRS is not consistent in use of the terms FE keyswitch and ENABLE as noted below:

i. Tables 7.2-1 Train A PAMS Data Transmitted to the Plant Computer and 7.2-2 Train B PAMS Data Transmitted to the Plant Computer items 101 and 102 in the SRS refer to the FE switch.

All other items in the SRS refer to the FE keyswitch.

ii. Section 2.1, page 2-4, uses the term Enable instead of ENABLE iii. Requirements R7.2.14-6 and R7.2.16-7 use the term active instead of ENABLE iv. Requirements R7.2.23-2, R7.2.25-2, R7.2.26-2, R7.2.31-4, 7.2.56 FPDS Availability, and R7.2.57-4 use the term enabled instead of ENABLE

d.

WNA-AR-00180-WBT-P, Revision 0, Failure Modes and Effects Analysis (FMEA) for the Post Accident Monitoring System, dated October 2010, submitted in TVA letter to NRC dated (Reference

12) is not consistent in use of the term FE keyswitch as noted below:
i. Section 2.2 System Description and Table 3-1 WB2 PAMS FMEA refer to the FE switch.

ii. Table 3-1 describes the switch as the Functional Enable (FE) switch and the FE key-switch

e.

Revision 2 of the Licensing Technical Report is not

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments consistent in use of the term FE keyswitch as noted below:

i. Sections 2.2, 5.3 use the term (FE) keylock switch on pages 2-3 (2 places), page 5-3, page 5-6 (4 places)

The identified discrepancies in the use of the terms FE keyswitch and ENABLE in the SysRS, SRS, FMEA and Licensing Technical Report, will be corrected in the next revision of the documents.

12. The flow of information is from the SysRS to the SDS (hardware) and SRS (software). Describe how the documents are used. Describe in 1.1 of the SysRS.

Need a good write up of how the process works.

TVA Response:

See response to letter item 13 (NRC Matrix Item 145).

13. Westinghouse and TVA will develop a revised schedule for document submittals and provide it to the NRC no later than 9/30/10 TVA Response:

The revised document submittal schedule was included as item 3 NRC Request (Matrix Item Number 142, TVA Commitments Nos. 10 and 17) in TVA letter to NRC dated October 26, 2010 (Reference 5).

14. TVA will update the Procurement Requisition Resolution Matrix and submit it to show how the Common Q PAMS design meets the contract requirements.

TVA Response:

The Procurement Requisition Resolution Matrix has been updated and is included in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS)

Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1), as Section 11, TVA Contract Compliance Matrix.

15. Westinghouse to add the Software Design Descriptions to the RTM TVA Response:

The Software Design Description documents were added to the RTM in WNA-VR-00279-WBT, Rev 2.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

16. Westinghouse to clarify how requirements or documents are incorporated by reference into the Common Q PAMS requirements.

TVA Response:

When a Common Q PAMS requirements document

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments references a section of another document, all requirements in that section are applicable.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

17. Westinghouse to review the use of shall outside of numbered paragraphs in requirements documents to ensure that all requirements are captured and clearly identified.

TVA Response:

See response in letter dated December 22, 2010, item 2 (NRC Matrix Item 050).

18. Westinghouse to resolve the following questions concerning Software Design Descriptions (SDDs)
a.

Is the SDD a standalone document or will it incorporate the generic SDD by reference?

b.

What are the SDDs?

c.

PAMS is a delta document so how do we capture all the generic requirements for traceability.

TVA Response:

a.

There are three SDDs prepared specifically for the Watts Bar 2 PAMS project. These are listed below in Item b. These documents and superior requirements documents refer to other generic SDDs also listed in Item b.

b.

The SDDs developed for this project are:

i.

WNA-SD-00248-WBT, Revision 1, Watts Bar 2 NSSS Completion Program I&C Projects Software Design Description for the Post Accident Monitoring System Flat Panel Display ii.

WNA-SD-00250-WBT, Revision 1, Watts Bar 2 NSSS Completion Program I&C Projects Software Design Description for the Post Accident Monitoring System AC160 Software iii.

WNA-SD-00277-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Software Design Description for the Post Accident Monitoring System Flat Panel Display System Screen Design Details iv.

Other generic SDDs referenced by the PAMS project are:

(a) 00000-ICE-20157, Revision 18, Software Design Description for the Common Q Generic Flat-Panel Software (b) 00000-ICE-30152, Revision 5,

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Software Design Description Post Accident Monitoring System AC160 (c) 00000-ICE-30140, Revision 4, Software Design Description for the Common Q Core Protection Calculator System Database and Utility Functions

c.

Refer to WNA-VR-00279-WBT, Revision 3.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

19. For Reusable Software Elements, Westinghouse to describe as qualified libraries by following the SPM and qualified using the Software Elements Test procedure under Appendix B program. Provide a summary of RSEDs generic WCAP. Westinghouse to determine if the WCAP was docketed under the AP1000. RSED concept is not in the SPM. WCAP-15927 AP-1000 does not discuss RCEDs. WCAP process was acceptable. RSEDs are listed in the SDD References.

TVA Response:

Section 3.2.4.1 of WCAP-15927 describes the RSED design process for custom PC elements and type circuits. The Glossary of Terms in the SPM defines custom PC elements and type circuits as modules.

Therefore, the relationship between WCAP-15927 describing the RSED process as circuits, is defined in the SPM requirements for software module development.

WCAP-15927 is on the AP1000 docket.

Source: E-mail from Westinghouse (Matthew A.

Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

TVA Response to Follow-up NRC Request:

WNA-VR-00279-WBT, Revision 4, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System is scheduled to be available for audit at the Westinghouse Rockville office February 21, 2011. The document will be available at the Westinghouse Cranberry offices to support the NRC Common Q PAMS audit.

contains the proprietary version of WNA-DS-01617-WBT-P, Revision 4, Post Accident Monitoring System - System Requirements Specification, dated February 2011. Attachment 10 contains the non-proprietary version WNA-DS-01617-WBT-NP, Revision 4, Post Accident Monitoring System - System Requirements Specification, dated February, 2011. Attachment 11 contains the Application for Withholding Proprietary Information from Public Disclosure, WNA-DS-01617-WBT-P, Revision 4, Nuclear Automation Watts Bar 2 NSSS

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Completion Program I&C Projects, Post Accident Monitoring System - System Requirements Specification (Proprietary),

dated February 10, 2011.

2 contains the proprietary version of WNA-DS-01667-WBT-P, Revision 4, Post Accident Monitoring System - System Design Specification, dated February 2011. Attachment 13 contains the non-proprietary version WNA-DS-01667-WBT-NP, Revision 4, Post Accident Monitoring System - System Design Specification, dated February 2011. Attachment 14 contains the Application for Withholding Proprietary Information from Public Disclosure, WNA-DS-01667-WBT-P, Revision 4, Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System - System Design Specification (Proprietary), dated February 11, 2011.

5 contains the proprietary version of WNA-SD-00239-WBT-P, Revision 4, Software Requirements Specification for the Post Accident Monitoring System, dated February 2011. Attachment 16 contains the non-proprietary version WNA-SD-00239-WBT-NP, Revision 4, Software Requirements Specification for the Post Accident Monitoring System, dated February 2011. Attachment 17 contains the Application for Withholding Proprietary Information from Public Disclosure, WNA-SD-00239-WBT-P, Revision 4, Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Software Requirements Specification for the Post Accident Monitoring System (Proprietary), dated February 10, 2011.

143 EICB (Carte)

The WBN2 PAMS Software Requirements Specification (WBN2 PAMS SRS - ML101050202) contains a table (see page iii) titled, Document Traceability & Compliance, which states that the WBN2 PAMS SRS was created to support the three documents identified (one of which is the WBN2 PAMS SysRS). Section 1.1, Overview, of the WBN2 PAMS SRS states: This document describes requirements for the major software components (a) Please list and describe each of the major software components. Please include a description of any NRC review for each of these components.

(b) Please list and describe each of the other software components. Please include a description of any NRC review for each of these components.

(c) What other documents contain the requirements for the other software components?

The WBN2 PAMS System Design Specification (WBN2 PAMS SDS) contains a table (see page iii) titled, Document Traceability

& Compliance, which states that the WBN2 PAMS SysRS was created to support the WBN2 PAMS SysRS. Section 1.1, Purpose, of the WBN2 PAMS SDS states: The purpose of this document is to define the hardware design requirements (c) Do the WBN2 PAMS SRS and SDS, together, implement all of the requirements in the WBN2 PAMS SysRS?

Responder: WEC Addressed in the 9/15 public meeting and 9/20 - 9/21 audit.

A detailed explanation will be provided.

TVA Response:

(a) and (b) The requested information is provided in the following documents:

i.

WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Table 6-1, Document Requirements which lists the software documentation requirements for the Common Q PAMS and Section 11 TVA Contract Compliance Matrix submitted in TVA Letter to NRC, dated December 3, 2010 (Reference 1).

ii.

WNA-DS-01617-WBT-P, Revision 3, Post Accident Monitoring System-System Requirements Specification, dated December 2010 (Attachment 1) iii.

WNA-SD-00239-WBT-P, Revision 3, Software Requirements Specification for the Post Accident Monitoring System, dated December 2010 (Attachment 7) iv.

WNA-VR-00279-WBT, Revision 3, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post

12. N Open Response included in letter dated 12/22/10 Open-NRC Review Due 2/25/11 (document submittals)

To be addressed by Revision of the RTM, SRS, SysRS, and SysDS.

NNC 2/2/11: Updated Specifications and RTMs to be provided by TVA NNC 2/3/11: The above due date has been missed by at least 2 months.

Please provide new due date.

ML101650255, Item No. 7 WBN2 PAMS System Requirements Specification TVA docketed WNA-DS-01617-WBT Rev. 1, RRAS Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System-System Requirements Specification, dated December 2009.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments (e) Please briefly describe all of the documents that implement the WBN2 PAMS SysRS.

Accident Monitoring System (available for NRC audit at the Westinghouse Rockville office)

To the best of TVAs knowledge, no prior NRC review of the software components has been performed.

(c) WNA-VR-00280-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements (available for NRC audit at the Westinghouse Rockville office)

(d) No. Please see Item (e) below.

(e) The documents that describe the requirements that implement the WBN Unit 2 SysRS are:

i.

WNA-VR-00279-WBT, Revision 3, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System (available for NRC audit at the Westinghouse Rockville office) ii.

WNA-VR-00280-WBT, Revision 2, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements (available for NRC audit at the Westinghouse Rockville office)

Source: E-mail from Westinghouse (Matthew A. Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 (Reference 13)

TVA Response to Follow-up NRC Request:

See Response to item 3 (Item number 142) 144 EICB (Carte)

The WBN2 PAMS Software Requirements Specification (WBN2 PAMS SRS) contains a table (see page iii) titled, Document Traceability & Compliance, which states that the WBN2 PAMS SRS was created to support the three documents identified (two of these documents have been provided on the docket).

(a) Please describe the third document (i.e., NABU-DP-00014-GEN Revision 2, Design Process for Common Q Safety Systems).

(b) Please describe the flow of information between these three documents.

(c) Does the PAMS SRS implement the requirements in these three documents?

(d) Please describe if and how these three documents are used in the development of the PAMS Software Design Description.

(e) Do the WBN2 V&V activities include verification that the requirements of these three documents have been incorporated into the WBN2 PAMS SRS.

Responder: WEC (a) The purpose of NABU-DP-00014-GEN document is to define the process for system level design, software design and implementation, and hardware design and implementation for Common Q safety system development.

This document supplements the Common Q SPM, WCAP-16096-NP-A. The scope of NABU-DP-00014-GEN includes the design and implementation processes for the application development. For a fuller description of the design process described in NABU-DP-00014-GEN please refer to the Design Process for AP1000 Common Q Safety Systems, WCAP-15927 on the AP1000 docket. Since this is a Westinghouse process document that is not specifically referenced in the SRS, it will be removed in the next revision of the document.

(b) - Closed to items 142 and 145 (c) - Closed 142 (d) - Closed to Item 142

13. N Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Revised response included in letter dated 12/22/10 Response provided in letter dated 10/5/10 NRC Review and WEC to complete response.

b-d to be addressed at public meeting and audit. Will require information to be docketed.

Open-NRC Review Due 3/29/11 Responses to items a and e provided.

NNC 11/18/10:

(1) Items b-d closed to other Open Item nos.

(2) The point of these questions was to understand how the origin of the requirements in the requirements specifications were documented. TVA stated that the origin of the requirements would be demonstrated in Rev. 2 of the CQ PAMS LTR.

ML101650255, Item No. 8 TVA Letter dated 10/5/10 WBN2 PAMS Software Requirements Specification By letter dated April 8, 2010 (ML10101050203), TVA docketed WNA-SD-00239-WBT, Revision 1, "RRAS Watts Bar 2 NSSS Completion Program I&C Projects, Software Requirements Specification for the Post Accident Monitoring System, dated February 2010 (ML101050202).

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments (e) WBN2 PAMS Software Requirements Specification (WNA-SD-00239-WBT, Rev. 1) refers to Document Traceability & Compliance table on page iii. This table has three entries; Design Process for Common Q Safety Systems (NABU-DP-00014-GEN, Rev. 2), RRAS Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System - System Requirements Specification (WNA-DS-01617-WBT, Rev. 1), and RRAS Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System - System Design Specification (WNA-DS-01667-WBT, Rev. 1).

IV&V performed a Requirements Traceability Assessment during which it reviewed Software Requirements Specification (WBN2 PAMS SRS, WNA-SD-00239-WBT, Rev. 1) against System Requirements Specification (WNA-DS-01617-WBT, Rev. 1) and System Design Specification (WNA-DS-01667-WBT, Rev. 1). Requirements within Software Requirements Specification that are referring to NABU-DP-00014-GEN, Rev 2, Design Process for Common Q Safety Systems, have also been reviewed for traceability and compliance. During IV&V's RTA effort the anomaly reports V&V-769 and V&V-770 have been initiated and reported in the IV&V Phase Summary Report for the System Definition Phase, WNA-VR-00283-WBT, Rev. 0.

IV&V has verified that the requirements in SRS are derived from the specified documents listed in the Document Traceability and Compliance Table of WBN2 PAMS SRS.

TVA Response to Follow-up NRC Request:

(1) Item (a) in the original list, NABU-DP-00014-GEN Revision 2, Design Process for Common Q Safety Systems, is available for NRC audit at the Westinghouse Rockville office.

(2) WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following change to address the NRC request:

Section 11, TVA Contract Compliance Matrix showing the origin of the requirements was added.

TVA Response to Second Follow-up NRC Request:

Section 13, Origin Tracing of WBN2 PAMS System Requirements Specification was added to the Licensing Technical Report Revision 3 to address this concern. contains WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary).

NNC 2/3/11: CQ PAMS LTR Rev. 2 Section 11 & 12 do not adequately demonstrate the origin of requirements in SysRS. TVA to describe how to address concern.

145 EICB (Carte)

The WBN2 PAMS System Design Specification (WBN2 PAMS SDS) contains a table (see page iii) titled, Document Traceability

& Compliance, which states that the WBN2 PAMS SDS was created to support the WBN2 PAMS SysRS.

Responder: WEC (1) The review and update of the RTM is complete. The revised RTM can be made available for NRC audit at

14. N Open Response included in letter dated 12/22/10 Open-NRC Review Due 2/25/11 ML101650255, Item No. 9 WBN2 PAMS System Design Specification TVA docketed WNA-DS-01667-WBT

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments (a) Does the WBN2 PAMS SDS implement all of the hardware requirements in the WBN2 PAMS SysRS?

(b) Please briefly describe all of the documents that implement the hardware requirements of the WBN2 PAMS SysRS.

This item is used to track all traceability issues with the System Design Specification (SDS).

At the September 15 public meeting in Rockville, the following actions were agreed to. These items partially address the traceability concerns with the System Design Specification.

This item will be updated with the results of the September 20 and 21 Commercial Grade Dedication and SDS RTM audit.

1.

Westinghouse will perform completed a review of the Requirements Traceability Matrix(RT), using the issues identified at the 9/15 public meeting as a guide (documented below) and update the RTM as required.

2.

Some hardware requirements are contained in the SRS instead of the System Design Specification (SDS). These will be removed from the SRS and incorporated into the next revision of the SDS.

3.

25 issues identified by V&V where some requirements have not been included in the SDS (14) and SRS (11) at the revisions reviewed by V&V. Have these been addressed?

Yes. The next revisions of the SDS and SRS address these issues.

4.

TVA will update the Procurement Requisition Resolution Matrix and submit it to show how the Common Q PAMS design meets the contract requirements.

5.

The next issue of the IV&V report will include the Requirements phase review of the RTM and a partial review for the Design phase.

6.

Westinghouse to provide the generic AC160 and flat panel specifications.

7.

Westinghouse and TVA to develop a schedule of licensing document submittals that can be met by the project team.

8.

The flow of information is from the SysRS to the SDS (hardware) and SRS (software). Describe how the documents are used. Describe in 1.1 of the SysRS. Need a good write up of how the process works.

the Westinghouse office in Rockville.

(2) Please see letter Item 10 (NRC Matrix Item 142, sub item 13).

(3) Please see letter Item 10 (NRC Matrix Item 142, sub item 12).

(4) Section 11 TVA Contract Compliance Matrix was added to WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1).

(5) WNA-VR-00283-WBT, Revision 1, IV&V Summary Report for the Post Accident Monitoring System, submitted in TVA to NRC letter dated December 3, 2010 (Reference 1) includes the Requirements and Design phase reviews.

(6) Per Westinghouse letter WBT-D-2268 NRC Access to Common Q Documents at the Westinghouse Rockville Office dated August 16, 2010 (Reference 9) System Requirements Specification for the Common Q Generic Flat Panel Display, 00000-ICE-30155, Revision 9 is available for audit at the Westinghouse Rockville office.

The generic AC160 specifications are contained in the documents listed below. The documents are available for NRC audit at the Westinghouse Rockville office in accordance with the letter number referenced. List is contained in letter.

(7) A schedule was developed and is reviewed weekly by Westinghouse and TVA project management.

(8) The revised document submittal schedule was included as item 3 NRC Request (Matrix Item Number 142, TVA Commitments Nos. 10 and 17) in TVA letter to NRC dated October 26, 2010.

(9) The flow of documentation information was provided to the NRC inspector during the Common Q PAMS audit.

Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: RAI on SysRS, dated December 8, 2010 TVA Response to Follow-up NRC Request:

See Response to item 3 (Item number 142)

During the September 20-21, 2010 audit at Westinghouse, it was acknowledged that TVA/Westinghouse had previously (in September 15, 2010 public meeting) stated:

TVA would provide the RSED RTM. (see ML102920031 Item No 6)

TVA would revise and resubmit the PAMS RTM to address all types of issues identified in the public meeting. (see ML102920031 Item No 7)

TVA would revise and resubmit the Software Verification and Validation phase summary report for the requirements phase to document the completion of the requirements phase review. (see ML102920031 Item No 8)

To be addressed by Revision of the RTM, SRS, SysRS, and SysDS.

Rev. 1, RRAS Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System-System Design Specification, dated December 2009.

146

(

C 6/17/2010 Responder:

138. Y Closed Closed ML101650255, Item PAMS System Requirements 147

(

C 6/17/2010 Responder:

139. Y Closed Closed ML101650255, Item PAMS System Requirements 148

(

C 6/17/2010 Responder:

140. Y Closed Closed ML101650255, Item PAMS System Requirements 149 7.2 7.2

(

G FSAR Section 7.1.1.2(2), Overtemperature delta T and Responder: Tindell 141. Y Close Closed ML101720589, Item TVA Letter dated 150 7.2 7.2

(

G Many of the changes were based on the Westinghouse document Responder: Clark 142. Y Close Closed ML101720589, Item TVA Letter dated

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 151 7.2 7.2

(

G Provide the EDCR 52378 and 54504 which discusses the basis for Responder: Clark 143. Y Close Closed ML101720589, Item TVA Letter dated 152 7.2 7.2

(

G Deleted portion of FSAR section 7.2.3.3.4 and moved to FSAR Responder: Merten/Clark 144. Y Close Closed ML101720589, Item TVA Letter dated 153 7.2 7.2

(

G FSAR section 7.2.1.1.7 added the reference to FSAR section Responder: Craig/Webb 145. Y Close Closed ML101720589, Item TVA Letter dated 154 7.2 7.2

(

G FSAR section 7.2.1.1.10, setpoints: NRC staff has issued RIS Responder: Craig/Webb 146. Y Closed Closed ML101720589, Item TVA Letter dated EICB RAI ML102861885 sent to DORL 155 7.2 7.2

(

G Summary of FSAR change document section 7.2 states that Date:

147. Y Closed Closed ML101720589, Item 156 7.2 7.2

(

G FSAR section 7.2.2.1.1 states that dashed lines in Figure 15.1-Responder: WEC 148. Y Closed Closed ML101720589, Item TVA Letter dated Response on hold pending 157 7.2 7.2

(

G FSAR section 7.2.2.1.1, fifth paragraph was deleted except for the Responder: Tindell 149. Y Close Closed ML101720589, Item TVA Letter dated 158 7.2 7.2

(

G FSAR section 7.2.2.1.1, paragraph six was changed to state that Responder: Tindell 150. Y Closed Closed ML101720589, Item TVA Letter dated 159 7.2 7.2

(

G FSAR section 7.2.2.1.2 discusses reactor coolant flow Responder: Craig 151. Y Close Closed ML101720589, Item TVA Letter dated 160 7.2 7.2

(

G FSAR section 7.2.2.2(7) deleted text which has references 12 and Responder: Tindell 152. Y Close Closed ML101720589, Item TVA Letter dated 161 7.2 7.2

(

G FSAR section 7.2.2.3 states that changes to the control function Responder: Clark 153. Y Closed Closed ML101720589, Item TVA Letter dated 162 7.2 7.2

(

G FSAR section 7.2.2.2(14) states that bypass of a protection Responder: Tindell 154. Y Closed Closed ML101720589, Item TVA Letter dated 163 7.2 7.2

(

G Deleted by DORL Date:

155. Y Closed Closed ML101720589, Item 164 7.2 7.2 a

r g

l FSAR section 7.2.2.2(20) has been revised to include the plant Responder: Perkins 156. Y Closed Closed ML101720589, Item TVA Letter dated Item No. 8 sent to DORL 165 7.2 7.2

(

G FSAR section 7.2.2.3.2, last paragraph of this section has been Responder: Clark 157. Y Closed Closed ML101720589, Item TVA Letter dated 166 7.2 7.2

(

G Changes to FSAR section 7.2.2.2(20) are justified based on the Responder: Clark 158. Y Closed Closed ML101720589, Item TVA Letter dated 167 7.2 7.2

(

G FSAR section 7.2.2.4, provide an analysis or reference to chapter Responder: Clark 159. Y Close Closed ML101720589, Item TVA Letter dated 168 7.2 7.2

(

G FSAR table 7.2-4, item 9 deleted loss of offsite power to station Responder: Clark 160. Y Close Closed ML101720589, Item TVA Letter dated 169

(

G 6/18/2010 Responder: Clark 161. Y Closed Closed 170

(

G 6/17/2010 Responder: Clark 162. Y Closed Closed 171 7.2 7.2

(

G 6/17/2010 Responder: Craig 163. Y Closed Closed EICB RAI TVA Letter dated Closed to SE Open Item 172

(

G 6/17/2010 Responder: Craig 164. Y Closed Closed EICB RAI 173 7.1 7.1

(

G 6/17/2010 Responder: Craig/Webb/Powers 165. Y Closed Closed EICB RAI 174

(

G 6/28/2010 Responder: Hilmes/Craig 166. Y Closed Closed EICB RAI 175

(

G June 28, 2010 Responder:

167. Y Closed Closed EICB RAI 176 7.1 7.1

(

G 6/28/2010 Responder: Craig/Webb 168. Y Closed Closed EICB RAI 177 7.5.2.

7.5.1

(

M a

7/15/2010 Responder: Clark 169. Y Closed Closed N/A TVA Letter dated RAI not required 178 7.5.2.

7.5.1

(

M a

7/15/2010 Responder: Clark 170. Y Closed Closed N/A TVA Letter dated RAI not required 179

(

C An emphasis is placed on traceability in System Requirements Responder: WEC 171. Y Closed Closed N/A - Closed to NA 180

(

C The SRP, BTP 7-14, Section B.3.3.1 states that Regulatory Guide Responder: WEC 172. Y Closed Closed N/A - Closed to NA 181

(

C An emphasis is placed on traceability in System Requirements Responder: WEC 173. Y Closed Closed N/A - Closed to NA 182

(

C Characteristics that the SRP states that a Software Requirements Responder: WEC 174. Y Closed Closed N/A - Closed to NA 183 EICB (Carte) 7/15/2010 An emphasis is placed on traceability in System Requirements Specifications in the SRP, in the unmodified IEEE std 830-1993, and even more so given the modifications to the standard listed in Regulatory Guide 1.172, which breaks with typical NRC use of the word should to say Each identifiable requirement in an SRS must be traceable backwards to the system requirements and the design bases or regulatory requirements that is satisfies On page 1-2 of the Post Accident Monitoring Systems Software Requirements Specification in the background section, is the sentence Those sections of the above references that require modification from the generic PAMS are defined in the document Responder: WEC The generic Software Requirements Specification applies except as modified by the WBN Unit 2 System Requirements Specification.

TVA Response to Follow-up NRC Request:

Please see the response to RAI item 12 in letter dated 12/22/10, NRC Matrix Item 144.

TVA Response to Second Follow-up NRC Request:

This item was addressed by updating the Contract

15. Y Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Revised response included in letter dated 12/22/10.

Response provided in letter dated 10/21/10 Open-NRC Review Due 3/29/11 NNC 11/18/10: The point behind this open item was that TVA must demonstrate that the origin of each requirement in the WEC requirements specification is known and documented. TVA stated that this EICB RAI ML102980066 Item No. 9 TVA Letter dated 10/21/10 Item No. 4

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments referring purely to the changes from WNA-DS-01617-WBT Post Accident Monitoring System-System Requirements Specification or is it saying that there are additional changes beyond those and that the SRS defines them?

If there are additional changes, what is their origin?

Compliance Matrix and adding Section 13, Origin Tracing of WBN2 PAMS System Requirements Specification to the Licensing Technical Report Revision 3 to address this concern. Attachment 2 contains WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, dated March 2011 (proprietary).

information would be in CQ PAMS LTR Rev. 2.

NNC 2/3/11: CQ PMS LTR Rev. 2 Sections 11

& 12 do not prove this information. TVA to proive a plan to address requested information.

184

(

C 7/15/2010 Responder: WEC 175. Y Closed Closed N/A - Closed to N/A 185 EICB (Carte) 7/15/2010 An emphasis is placed on the traceability of requirements in Software Requirements Specifications in the SRP, in the unmodified IEEE std 830-1993, and even more so given the modifications to the standard listed in Regulatory Guide 1.172, which breaks with typical NRC use of the word should to say Each identifiable requirement in an SRS must be traceable backwards to the system requirements and the design bases or regulatory requirements that is satisfies Also the NRC considers that the SRS is the complete set of requirements used for the design of the software, whether it is contained within one document or many. In order to evaluate an SRS against the guidance in the SRP the staff needs access to all the requirements.

References 12, 27, 29, and 31-44 in the Post Accident Monitoring Systems Software Requirements Specification are various types of Reusable Software Element.

These references are used in the body of the SRS, for example:

R5.3.14-2 [The Addressable Constants CRC error signal shall be TRUE when any CAL CRC's respective ERROR terminal = TRUE (WNA-DS-00315-GEN, "Reusable Software Element Document CRC for Calibration Data" [Reference 12]).]

They are also included via tables such as found in requirement R7.1.2-1

[The Watts Bar 2 PAMS shall use the application-specific type circuits and custom PC elements listed in Table 7.1-1.]

Do the referenced reusable software element documents include requirements not explicitly stated in the SRS? If so what is their origin?

Responder: WEC Steve Clark to look at how to combine traceability items.

Was addressed to during the 9/15 meeting and 9/20 - 9/21 audit.

TVA Response to Follow-up NRC Request:

(1) See NRC Matrix Item 144 (2) There is no RTM for development of the individual reusable software elements. As listed in item 15 of Table 6-1 Document Requirements of WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC, dated December 3, 2010, a RTM for implementation of the RSEDs (WNA-VR-00280-WBT) for the WBN Unit 2 Common Q PAMS has been developed. This document is available for NRC audit at the Westinghouse Rockville office.

16. N Open Response included in letter dated 12/22/10.

Open-NRC Review NNC 11/18/10: (1)The point behind this open item was that TVA must demonstrate that the origin of each requirement in the WEC requirements specification is known and documented. TVA stated that this information would be in CQ PAMS LTR Rev. 2.

(2) TVA also said it would provide a RTM for the RSED NNC 2/3/11: To be addressed during next audit.

EICB RAI ML102980066 Item No. 17 186 7.7.8 7.7.1.12

(

D a

7/15/2010 Responder: Perkins/Clark 176. Y Closed Closed EICB RAI No.6 TVA Letter dated 187

(

C By letter dated June 18, 2010, TVA docketed responses to NRC Responder: Merten 177. N Closed Closed ML101970033, Item TVA Letter dated Are these connections already 188

(

C By letter dated June 30, 2010, TVA docketed, Tennessee Valley Responder: Clark 178. Y Closed Closed ML101970033, Item TVA Letter dated 189 7.6.7

(

S i

7/20/2010 Responder: Clark 179. Y Closed Closed RAI No. 3 TVA Letter dated 190 7.9

(

S i

FSAR Table 7.1-1 states: Regulatory Guide 1.133, May 1981 Responder: Clark 180. Y Closed Closed RAI No. 4 TVA Letter dated Closed to OI-331.

191 7.9

(

C NUREG-0800 Chapter 7, Section 7.9, "Data Communication Responder: Jimmie Perkins 181. Y Closed Closed ML10197016, Item TVA Letter dated 192 7.5.1.

7.5.2

(

M a

The NRC Staff is using SRP (NUREG-0800) Chapter 7 Section Responder: Clark 182. Y Closed Closed Item No. 1 sent to TVA Letter dated EICB RAI ML1028618855 sent to 193 7.5.1.

7.5.2

(

M a

The WBU2 FSAR, Section 7.5.2, Plant Computer System, Responder: Clark 183. Y Closed Closed Item No. 2 sent to TVA Letter dated EICB RAI ML1028618855 sent to

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 194 7.5.1.

7.5.2.1

(

M a

The WBU2 FSAR Section 7.5.2.1, Safety Parameter Display Responder: Costley/Norman 184. Y Closed Closed Item No. 3 sent to TVA Letter dated EICB RAI ML1028618855 sent to 195 7.5.1.

7.5.2.2

(

M a

Bypassed and Inoperable Status Indication (BISI)

Responder: Costley/Norman 185. Y Closed Closed Item No. 4 sent to TVA Letter dated EICB RAI ML1028618855 sent to 196 7.5.1.

7.5.2.2

(

M a

Bypassed and Inoperable Status Indication (BISI)

Responder: Costley/Norman 186. Y Closed Closed Item No. 5 sent to TVA Letter dated EICB RAI ML1028618855 sent to 197 X

Open Item 197 was never issued.

187. Y Closed Closed 198 7.5.1.

7.5.2.2

(

M a

SRP Section 7.5, Subsection III, Review Procedures states:

Responder: Costley/Norman 188. Y Closed Closed Item No. 6 sent to TVA Letter dated EICB RAI ML1028618855 sent to 199 7.5.1.

7.5.2.3

(

M a

The WBU2 FSAR Section 7.5.2.3, Technical Support Center and Responder: Costley/Norman 189. Y Closed Closed Item No. 7 sent to TVA Letter dated Related SE Section 7.5.5.3 EICB RAI 200 7.2 7/21/2010 Responder: Clark 190. Y Closed Closed EICB RAI TVA Letter dated 201 7.7.1.

7.7.11

(

C 7/21/2010 Responder: Webb 191. Y Closed Closed EICB RAI TVA Letter dated 202 7.5.2 EICB (Carte) 7/22/2010 The letter (ML0003740165) which transmitted the Safety Evaluation for the Common Q topical report to Westinghouse stated: "Should our criteria or regulations change so that our conclusions as to the acceptability of the report are invalidated, CE Nuclear Power and/or the applicant referencing the topical report will be expected to revise and resubmit their respective documentation, or submit justification for continued applicability of the topical report without revision of the respective documentation."

Question No 81 identified many criteria changes; please revise the respective documentation or submit justification for continued applicability of the topical report.

Responder: WEC Revision 1 of the Licensing Technical Report will provide more detailed information on the changes to the platform.

Rev. 2 of the Licensing Technical Report will include the applicability of guidance.

TVA Response to Follow-up NRC Request:

WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report (LTR) submitted in TVA Letter to NRC dated December 3, 2010, contains the following change to address the NRC request:

Section 9, Compliance Evaluation of the Watts Bar 2 PAMS Software Requirements Specification to IEEE Standard 830-1998 and Regulatory Guide 1.172 to show the origin of the requirements has been added.

The descriptions and commitments in the Topical Report (TR) still apply. The LTR provides compliance evidence to the new ISG-04 criteria. The statement in the SE means that the TR can be evaluated against later NRC criteria when it appears.

Source: E-mail from Westinghouse (Matthew A. Shakun) to Bechtel (Mark S. Clark), RE: December 22 letter review, dated December 17, 2010 Partial TVA Response to Follow-up NRC Request:

contains the results of the TVA analysis of standards and regulatory guides applicable to the Common Q PAMS. Based on the results of the analysis, the Common Q PAMS design is acceptable.

The final response is pending submittal of the Licensing Technical Report Revision 3 scheduled for March 29, 2011.

TVA Response to Follow-up NRC Request:

(1) As discussed on page 9-1 of the Licensing Technical Report (Attachment 2) a comparison of IEEE 830-1993 and IEEE 830-1998 was performed and it was determined that the 1998 version enveloped all the

17. N Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Response included in letter dated 12/22/10 Partial Response provided in letter dated 10/5/10 NNC 1/5/11: Summary provided in Licensing Technical Report R2 has been reviewed and found to be unacceptable.

LTR Section 9 evaluates the compliance of the SRS to IEEE 830-1998. There are two issues with this evaluation:

(1) IEEE 830-1998 is not the current SRP acceptance criteria.

IEEE 830-1998 has not been formally endorsed by a regulatory guide.

(2) Westinghouse committed to evaluate the SRS against 830 when the NRC identified several inconsistencies.

Yes ISG-4 is one new criteria, and an evaluation against it has been provided.

In addition, LTR Rev. 2 Section 13 states: The applicable NRC regulatory guides, IEEE and EPRI industry standards fo the common Q PAMS are shown below. Compliance to these codes and standards are stated in Section 4 of Reference 1.

Reference 1 is the common Q topical report.

Open-NRC Review Due 2/25/11 &

3/29/11 to provide information requested.

Due TBD EICB RAI ML102980066 Item No. 4 TVA Letter dated 10/5/10 NNC 1/5/11: See Also Open Item No.

81 and 86.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments requirements of the 1993 version which is endorsed by Regulatory Guide 1.172. Therefore the use of IEEE 830-1998 is acceptable.

(2) Table 9.1 IEEE Std 830-1998 Compliance of the Licensing Technical Report (Attachment 2) evaluates the Software Requirements Specification against the requirements of IEEE 830-1998.

(3) See TVA to NRC letter Watts Bar Nuclear Plant (WBN)

Unit 2 - Instrumentation And Controls Staff Information Requests, dated February 25, 2011 Attachment 4 Common Q PAMS Regulatory Guide and IEEE Standard Analysis.

(4) This section of the Licensing Technical Report (Attachment 2) has been relocated to section 15. The comment has been addressed by adding Reference 40 to TVA to NRC letter dated February 25, 2011, which is the Common Q PAMS Regulatory Guide and IEEE Standard Analysis.

203 7.5.1.

7.5.2

(

M a

7/26/2010 Responder: Clark 192. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 204 7.5.1.

7.5.2

(

M a

7/26/2010 Responder: Costley/Norman 193. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 205

(

G 7/26/2010 Responder: Clark 194. Y Closed Closed EICB RAI TVA Letter dated Question B related to prior NRC 206 7.5.1.

7.5.2

(

M a

7/27/2010 Responder: Clark 195. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 207

(

C July 27, 2010 Date:

196. Y Closed Closed 208 7.5.2.

7.5.1

(

M a

7/27/2010 Responder: Clark 197. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 209 7.5.2.

7.5.1

(

M a

7/27/2010 Responder: Clark 198. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 210 7.5.2.

7.5.1

(

M a

7/27/2010 Responder: Clark 199. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 211 7.5.1.

(

C 7/27/2010 Responder: Clark 200. Y Closed Closed EICB RAI TVA Letter dated Relates to SE Sections:

212 7.5.2 EICB (Carte) 7/27/2010 By letter dated June 18, 2010 (ML101940236) TVA stated (Enclosure 1, Attachment 3, Item No. 3) that the PAMS system design specification and software requirements specification contain information to address the "Design Report on Computer Integrity, Test and Calibration..." The staff has reviewed these documents, and it is not clear how this is the case.

(1) Please describe how the information provided demonstrates compliance with IEEE 603-1991 Clauses 5.5, 5.7, 5.10, & 6.5.

(2) Please describe how the information provided demonstrates conformance with IEEE 7-4.3.2-2003 Clauses 5.5 & 57.

Responder: WEC Application specific requirements for testing. This cannot be addressed in a topical report. Evaluation of how the hardware meets the regulatory requirements.

WEC to provide the information and determine where the information will be located.

IEEE-603 1991:

5.5 System Integrity. The safety systems shall be designed to accomplish their safety functions under the full range of applicable conditions enumerated in the design basis.

TVA Response: The applicable conditions and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Rev. 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, Section 11, Contract Compliance Matrix items:

87 and 88 Seismic 89, 90, 91, 92 and 185 EMI/RFI

18. N Open Partial Response included in letter dated 03/16/11 Final response due 3/29/11 Open-NRC Review NNC 2/17/2011: IEEE 603 Clause 5.5 basically states that conditions identified in IEEE 603 Clauses 4.7

& 4.8 must be addressed in the design. Energy supply conditions have not been identified, or explicitly addressed.

EICB RAI ML102980066 Item No. 10

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 300, 301 and 302 Environmental Seismic qualification of the equipment to meet the design basis requirements 5.7 Capability for Test and Calibration. Capability for testing and calibration of safety system equipment shall be provided while retaining the capability of the safety systems to accomplish their safety functions.

The capability for testing and calibration of safety system equipment shall be provided during power operation and shall duplicate, as closely as practicable, performance of the safety function. Testing of Class 1E systems shall be in accordance with the requirements of IEEE Std 338-1987. Exceptions to testing and calibration during power operation are allowed where this capability cannot be provided without adversely affecting the safety or operability of the generating station. In this case:

(1) appropriate justification shall be provided (for example, demonstration that no practical design exists),

(2) acceptable reliability of equipment operation shall be otherwise demonstrated, and (3) the capability shall be provided while the generating station is shut down.

TVA Response: The requirements for test and calibration and Common Q PAMS system compliance, are contained in WNA-LI-00058-WBT-P, Rev. 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11, TVA Contract Compliance Matrix items:

202 self test 350 Maintenance Bypass 351 Loop Tuning Parameters, 400 and 401 3.7.2 Testing, Calibration, and Verification 402, 403 and 404, 3.7.3 Channel Bypass or Removal from Operation 5.10 Repair. The safety systems shall be designed to facilitate timely recognition, location, replacement, repair, and adjustment of malfunctioning equipment.

TVA Response: The requirements for repair and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Rev. 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11, TVA Contract Compliance Matrix items:

179 Mean time to repair 202 self test 398 3.7 Maintenance 399 3.7.1 Troubleshooting 6.5 Capability for Testing and Calibration NNC 2/18/11: Clause 5.7 is acceptably addressed.

NNC 2/18/2011: WNA-AR-00189-WBT Rev. 0 Table 5-2 shows a MTTR of 7.2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. It is not clear how this satisfies the contractual item No.

179.

The Contract Compliance Matrix Item 179 in Revision 3 of the LTR has been revised to show this item as a deviaition and to reflect TVAs acceptance of the 7.2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> MTTR value. Attachment 2 contains WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS)

Licensing Technical Report, Revision 3, dated March 2011

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 6.5.1 Means shall be provided for checking, with a high degree of confidence, the operational availability of each sense and command feature input sensor required for a safety function during reactor operation.

This may be accomplished in various ways; for example:

(1) by perturbing the monitored variable, (2) within the constraints of 6.6, by introducing and varying, as appropriate, a substitute input to the sensor of the same nature as the measured variable, or (3) by cross-checking between channels that bear a known relationship to each other and that have readouts available.

6.5.2 One of the following means shall be provided for assuring the operational availability of each sense and command feature required during the post-accident period:

(1) Checking the operational availability of sensors by use of the methods described in 6.5.1.

(2) Specifying equipment that is stable and retains its calibration during the post-accident time period.

TVA Response: The requirements for sense and command feature testing and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11 TVA Contract Compliance Matrix items:

10, display of sensor diagnostic information 202 self test 205 self diagnostics and watchdog timer 264 through 271, system self checks 311 system status displays, 341 alarms, 344 on-line diagnostics IEEE 7-4.3.2-2003 5.5 System integrity In addition to the system integrity criteria provided by IEEE Std 603-1998, the following are necessary to achieve system integrity in digital equipment for use in safety systems:

Design for computer integrity Design for test and calibration Fault detection and self-diagnostics 5.5.1 Design for computer integrity The computer shall be designed to perform its safety function when subjected to conditions, external or internal, that have significant potential for defeating the safety function. For example, input and output processing failures, precision or round off problems, improper recovery actions, electrical input voltage and frequency fluctuations, and maximum credible number of coincident signal changes.

(proprietary).

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments If the system requirements identify a safety system preferred failure mode, failures of the computer shall not preclude the safety system from being placed in that mode. Performance of computer system restart operations shall not result in the safety system being inhibited from performing its function.

TVA Response: Common Q PAMS system reliability and failure modes are described in:

WNA-AR-00180-WBT, Revision 0, Failure Modes and Effects Analysis (FMEA) for the Post Accident Monitoring System WNA-AR-00189-WBT, Revision 0 Post Accident Monitoring System Reliability Analysis The requirements for mean time between failure and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Section 11 TVA Contract Compliance Matrix item 178.

5.5.2 Design for test and calibration Test and calibration functions shall not adversely affect the ability of the computer to perform its safety function. Appropriate bypass of one redundant channel is not considered an adverse effect in this context. It shall be verified that the test and calibration functions do not affect computer functions that are not included in a calibration change (e.g., setpoint change).

V&V, configuration management, and QA shall be required for test and calibration functions on separate computers (e.g., test and calibration computer) that provide the sole verification of test and calibration data.

V&V, configuration management, and QA shall be required when the test and calibration function is inherent to the computer that is part of the safety system.

V&V, configuration management, and QA are not required when the test and calibration function is resident on a separate computer and does not provide the sole verification of test and calibration data for the computer that is part of the safety system.

TVA Response: The requirements for test and calibration and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report Section 11 TVA Contract Compliance Matrix items:

202 self test 350 Maintenance Bypass 351 Loop Tuning Parameters, 400 and 401 3.7.2 Testing, Calibration, and Verification

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 402, 403 and 404, 3.7.3 Channel Bypass or Removal from Operation 5.5.3 Fault detection and self-diagnostics Computer systems can experience partial failures that can degrade the capabilities of the computer system, but may not be immediately detectable by the system.

Self-diagnostics are one means that can be used to assist in detecting these failures. Fault detection and self-diagnostics requirements are addressed in this sub-clause.

The reliability requirements of the safety system shall be used to establish the need for self-diagnostics. Self diagnostics are not required for systems in which failures can be detected by alternate means in a timely manner. If self-diagnostics are incorporated into the system requirements, these functions shall be subject to the same V&V processes as the safety system functions.

If reliability requirements warrant self-diagnostics, then computer programs shall incorporate functions to detect and report computer system faults and failures in a timely manner. Conversely, self-diagnostic functions shall not adversely affect the ability of the computer system to perform its safety function, or cause spurious actuations of the safety function. A typical set of self-diagnostic functions includes the following:

Memory functionality and integrity tests (e.g.,

PROM checksum and RAM tests)

Computer system instruction set (e.g., calculation tests)

Computer peripheral hardware tests (e.g.,

watchdog timers and keyboards)

Computer architecture support hardware (e.g.,

address lines and shared memory interfaces)

Communication link diagnostics (e.g., CRC checks)

Infrequent communication link failures that do not result in a system failure or a lack of system functionality do not require reporting.

When self-diagnostics are applied, the following self-diagnostic features shall be incorporated into the system design:

a) Self-diagnostics during computer system startup b) Periodic self-diagnostics while the computer system is operating c)

Self-diagnostic test failure reporting TVA Response: The requirements for fault detection and self diagnostics and Common Q PAMS system compliance are contained in WNA-LI-00058-WBT-P, Rev. 2, Post-Accident Monitoring System (PAMS)

Licensing Technical Report Section 11 TVA Contract

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Compliance Matrix items:

107 error free download 202 self test 205 self diagnostics and watchdog timer 263 primary and backup communication 264 through 271, continuous on-line self checks 311 system status displays, 341 alarms, 344 on-line diagnostics 5.7 Capability for test and calibration No requirements beyond IEEE Std 603-1998 are necessary.

TVA Response: No response required.

Concurrence: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: RAI 212 Response - Errors in the Contract Compliance Matrix, dated December 17, 2010 (a) Energy Supply conditions are specified in WNA-DS-01617-WBT-P, System Requirements Specification Rev.

4, Requirement 4.1-1 which requires 120Vac +/-10% and 60+/-3Hz. Power to the Common Q PAMS is provided from the 120Vac vital power system. Per WBN Unit 2 FSAR section 8.3.1.1 the vital 120 volt ac system specifications are 120Vac +/-2% and 60+/-0.5Hz. Based on this, the power provided meets the system requirements.

Electromagnetic compatibility, seismic and environmental qualification of the equipment to meet the design basis requirements is documented in EQ-QR WBT-P, Revision 0 Qualification Summary Report for Post-Accident Monitoring System (PAMS)" (Proprietary)

(Attachment 4). Attachment 5 contains EQ-QR WBT-NP, Revision 0 Qualification Summary Report for Post-Accident Monitoring System (PAMS)" (non-proprietary). Attachment 6 contains CWA-11-3118, Application for Withholding Proprietary Information from Public Disclosure, EQ-QR-68-WBT-P, Revision 0 Qualification Summary Report for Post-Accident Monitoring System (PAMS), (Proprietary), dated February 28, 2011.

(b) The Contract Compliance Matrix Item 179 in Revision 3 of the Licensing Technical Report will be revised to show this item as a deviation and to reflect TVAs acceptance of the 7.2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> MTTR value. WNA-LI-00058-WBT-P, Post-Accident Monitoring System (PAMS) Licensing Technical Report, Revision 3, (proprietary) dated March 2011, will be submitted no later than March 29, 2011.

213 7.5.2 EICB (Carte) 7/27/2010 By letter dated June 18, 2010 (ML101940236) TVA stated (Enclosure 1, Attachment 3, Item No. 3) that the PAMS system design specification and software requirements specification Responder: WEC Conformance with IEEE 603 is documented in the revised Common Q PAMS Licensing Technical Report and the Common Q PAMS System Design Specification.

19. N Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11.

Open-NRC Review Due 3/29/11 NNC 2/3/11: The EICB RAI ML102980066 Item No. 18

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments contain information to address the "Theory of Operation Description." The staff has reviewed these documents, and it is not clear how this is the case. The docketed material does not appear to contain the design basis information that is required to evaluate compliance with the Clause of IEEE 603.

(1) Please provide the design basis (as described in IEEE 604 Clause 4) of the Common Q PAMS.

(2) Please provide a regulatory evaluation of how the PAMs complies with the applicable regulatory requirements for the theory of operation.

For example: Regarding IEEE 603 Clause 5.8.4 (1) What are the manually controlled protective actions? (2) How do the documents identified demonstrate compliance with this clause?

contains the proprietary version of Westinghouse document Tennessee Valley Authority (TVA), Watts Bar Unit 2 (WBN2), Post-Accident Monitoring System (PAMS), Licensing Technical Report, Revision 1, WNA-LI-00058-WBT-P, Dated October 2010 contains the proprietary version of Westinghouse document Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects Post Accident Monitoring System - System Design Specification, WNA-DS-01667-WBT, Rev. 2 dated September 2010.

TVA Response to Follow-up NRC Request:

The Regulatory Guide 1.97 classification of the Common Q PAMS variables is documented in TVA Design Criteria WB-DC-30-7 Post Accident Monitoring Instrumentation which was submitted as Attachment 5 on TVA to NRC letter Watts Bar Nuclear Plant (WBN) Unit 2 - Instrumentation And Controls Staff Information Requests dated June 18, 2010 (Reference 1)

The hardware design bases for the Common Q PAMS is described in the WBN Unit 2 FSAR section 7.5.1.8 Post Accident Monitoring System (PAMS).

The Common Q PAMS indications are used to support operator response to events described in chapter 15 of the WBN Unit 2 FSAR such as:

RCCA/RCCA Bank dropped/misaligned Steam Generator Tube Rupture Inadvertent Loading of a Fuel Assembly Into an Improper Position Loss of Shutdown Power Major Reactor Coolant System Pipe Ruptures (Loss Of Coolant Accident)

Major Secondary System Pipe Rupture Response is included in letter dated 10/25/10 NNC to review and revise this question after LTR R2 is received.

identified documentation does not include the design bases. Please provide schedule for providing the requested information.

214

(

C 7/27/2010 Responder: WEC 201. Y Closed Closed EICB RAI TVA Letter dated 215

(

P 7/29/2010 Responder: WEC 202. Y Closed Closed 216 7.5.1.

7.5.2

(

M a

7/29/2010 Responder: Clark 203. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 217

(

G 7/6/2010 Responder: Clark 204. Y Close Closed EICB RAI TVA Letter dated 218

(

G 7/6/2010 Responder: Clark 205. Y Closed Closed EICB RAI TVA Letter dated 219

(

G 8/4/2010 Responder: TVA Licensing 206. Y Closed Closed EICB RAI 220

(

G 8/4/2010 Responder: Ayala 207. Y Closed Closed EICB RAI TVA Letter dated 221 7.7.1.

7.7.1.3

(

M a

8/4/2010 Responder: Trelease 208. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 222

(

G 8/4/2010 Responder: Clark 209. Y Close Closed EICB RAI TVA Letter dated 223

(

G 8/4/2010 Responder: Clark 210. Y Closed Closed EICB RAI 224 7.5.1.

7.5.2

(

M a

8/4/2010 Responder: Norman (TVA CEG) 211. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 225

(

G 8/4/2010 Responder: Scansen 212. Y Close Closed EICB RAI TVA Letter dated 226

(

C 8/4/2010 Responder: TVA Licensing 213. Y Closed Closed N/A - Information TVA Letter dated See also Open Item Nos. 41 & 270.

227

(

G 8/4/2010 Responder: Clark 214. Y Close Closed EICB RAI TVA Letter dated

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 228

(

C 8/4/2010 Responder: Clark 215. Y Closed Closed EICB RAI TVA Letter dated 229

(

C 8/4/2010 Responder: Clark 216. Y Closed Closed EICB RAI TVA Letter dated 230

(

C 8/4/2010 Responder: Webb 217. Y Closed Closed EICB RAI TVA Letter dated 231

(

G 8/4/2010 Responder: Clark 218. Y Closed Closed EICB RAI TVA Letter dated 232

(

S i

8/4/2010 Responder: Clark 219. Y Closed Closed RAI No. 5 TVA Letter dated 233

(

C 8/4/2010 Responder: Clark 220. Y Closed Closed EICB RAI TVA Letter dated 234

(

C 8/4/2010 Responder:

221. Y Closed Closed N/A - Duplicate N/A 235

(

G 8/4/2010 Responder: TVA Licensing 222. Y Closed Closed N/A N/A 236

(

G 8/4/2010 Responder: Clark 223. Y Close Closed EICB RAI TVA Letter dated 237

(

C 8/4/2010 Responder: Clark 224. Y Closed Closed EICB RAI TVA Letter dated 238

(

C 8/4/2010 Responder: Webb/Hilmes 225. Y Closed Closed N/A - Duplicate N/A 239

(

C 8/4/2010 Responder: Hilmes 226. Y Closed Closed N/A - Meeting N/A 240

(

G 8/4/2010 Responder: Clark 227. Y Close Closed Ml102910008 TVA Letter dated 241

(

S i

8/4/2010 Responder: Davies 228. Y Closed Closed RAI No. 10 TVA Letter dated 242

(

G 8/4/2010 Responder: Hilmes 229. Y Close Closed EICB RAI TVA Letter dated 243

(

C 8/3/2010 Responder: WEC 230. Y Closed Closed N/A - Closed to N/A 244 EICB (Carte) 8/3/2010 Section 8.2.2 of the Common Q SPM (ML050350234) states that the Software Requirements Specification (SRS) shall be developed using IEEE 830 and RE 1.172. Clause 4.8, "Embedding project requirements in the SRS," of the IEEE 830 states that an SRS should address the software product, not the process of producing the software. In addition Section 4.3.2.1 of the SPM states "Any alternatives to the SPM processes or additional project specific information for the...SCMP...shall be specified in the PQP.

Contrary to these two statements in the SPM, the WBN2 PAMS SRS (ML101050202) contains many process related requirements, for example all seventeen requirements in Section 2.3.2, "Configuration Control," address process requirements for configuration control.

Please explain how the above meets the intent of the approved SPM.

Responder: WEC The process related requirements have been removed from revision 2 of the Software Requirements Specification (SRS).

of letter dated 10/25/10 contains the proprietary version of Westinghouse document Nuclear Automation, Watts Bar 2 NSSS Completion Program, I&C Projects, Software Requirements Specification for the Post Accident Monitoring System, WNA-SD-00239-WBT, Revision 2, Dated September 2010.

TVA Response to Follow-up NRC Request:

As shown is the listed documents, process related requirements have been deleted from the SRS and SysRS in Revision 3:

contains proprietary version of WNA-DS-01617-WBT-P, Revision 3, Post Accident Monitoring System-System Requirements Specification, dated December 2010.

contains the proprietary version of WNA-SD-00239-WBT-P, Revision 3, Software Requirements Specification for the Post Accident Monitoring System, dated December 2010.

Source: E-mail from Westinghouse (Andrew P. Drake) to Bechtel (Mark S. Clark), RE: Common Q RAI concerns, dated December 8, 2010 (Reference 17)

TVA Response to Follow-up NRC Request:

The documents discussed in Item 3 have been revised to address compliance with the Topical Report (TR) and the

20. N Open Revised response is included in letter dated 12/22/10 Response is provided in letter dated 10/25/10.

NNC 11/18/10: SysRS Rev. 2 also contains process requirements that are more appropriately incorporated into process documentation.

Open-NRC Review Due 2/25/11 Document revisions NNC 2/2/11: Issues with Common Q TR &

SPM compliance were discussed in the weekly public meetings.

Westinghouse to perform Common Q TR

& SPM compliance self assessment; this will be discussed in detail on the next audit.

EICB RAI ML102980066 Item No. 14 Response is provided in letter dated 10/25/10.

LIC-101 Rev. 3 Appendix B Section 4, "Safety Evaluation" states: "the information relied upon in the SE must be docketed correspondence."

LIC-101 Rev. 3 states: "The safety analysis that supports the change requested should include technical information in sufficient detail to enable the NRC staff to make an independent assessment regarding the acceptability of the proposal in terms of regulatory requirements and the protection of public health and safety."

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Software Program Manual (SPM).

245 EICB (Carte) 8/3/2010 Section 5.8 of the Common Q SPM (ML050350234) identifies the required test documentation for systems developed using the Common Q SPM. Please provide sufficient information for the NRC staff to independently assess whether the test plan for WBN2 PAMS, is as described in the SPM (e.g., Section 5.8.1).

Responder: WEC Relates to the commitment to provide the test plan and the SPM compliance matrix contains the Westinghouse document Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0, dated November 2010. Attachment 10 contains the Westinghouse Application for Withholding for the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0, dated November 2010.

TVA Response to Follow-up NRC Request:

The results of the self assessment were reviewed by Westinghouse with the NRC on February 2, 2011 and were further reviewed by TVA during the NRC Common Q PAMS audit during the week of February 28 to March 4, 2011.

Corrections to WNA-TR-02451-WBT, Test Summary Report for the Post Accident Monitoring System and the self assessment were made as a result of the TVA review to ensure this comment was fully addressed.

By agreement between TVA, WEC and the NRC, the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0 will not be revised. Instead a non-proprietary Common Q PAMS Test Summary Report will be developed and submitted to address the issues with TR and SPM compliance. Attachment 1 contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.

21. N Open Pending Submittal of the Test Summary Report due 3/29/11 Response included in letter dated 12/3/10 Common Q PAMS Test Summary Report scheduled to be submitted March 29, 2011.

Open-NRC Review Due 3/29/11 NNC 2/2/11: Issues with the Common Q TR

& SPM were discussed in the weekly public meetings.

Westinghouse to perform Common Q TR

& SPM compliance self assessment EICB RAI ML102980066 Item No. 119 LIC-101 Rev. 3 Appendix B Section 4, "Safety Evaluation" states: "the information relied upon in the SE must be docketed correspondence."

LIC-101 Rev. 3 states: "The safety analysis that supports the change requested should include technical information in sufficient detail to enable the NRC staff to make an independent assessment regarding the acceptability of the proposal in terms of regulatory requirements and the protection of public health and safety."

246 EICB (Carte) 8/3/2010 Section 4.3.2.1, "Initiation Phase" of the Common Q SPM (ML050350234) requires that a Project Quality Plan (PQP) be developed. Many other section of the SPM identify that this PQP should contain information required by ISG6. Please provide the PQP. If "PQP" is not the name of the documentation produced, please describe the documentation produced and provide the information that the SPM states should be in the PQP.

Responder: WEC As agreed ISG6 does not apply to the Common Q PAMS platform. The information required to address this question concerning the PQP and SPM has been added to compliance matrix in revision 1 of the Licensing Technical Report.

of letter dated 10/25/10 contains the proprietary version of Westinghouse document Tennessee Valley Authority (TVA), Watts Bar Unit 2 (WBN2), Post-Accident Monitoring System (PAMS), Licensing Technical Report, Revision 1, WNA-LI-00058-WBT-P, Dated October 2010 TVA Response to Follow-up NRC Request:

The results of the Common Q TR and SPM self assessment were reviewed by Westinghouse with the NRC on February 2, 2011.

The Westinghouse Watts Bar Unit 2 NSSS Completion I&C Projects Project Quality Plan, WNA-PQ-00220-WBT, Revision 1 is available for NRC audit at the Westinghouse Rockville Office and was available for review during the NRC Common Q PAMS audit during the week of February 28 to

22. N Open Pending Submittal of Revision 3 of the Licensing Technical Report due 3/29/11. PQP provided for audit the week of 2/28/11.

Response is provided in letter dated 10/25/10 NNC 11/18/10: PQP has not been provided and CQ PAMS LTR Rev. 1 does not contain comparable information.

Open-NRC Review Due 3/29/11 NNC 2/2/11: Issues with the Common Q TR

& SPM implementation were discussed in the weekly public meetings.

Westinghouse to perform Common Q TR

& SPM compliance self assessment EICB RAI ML102980066 Item No. 15 Response is provided in letter dated 10/25/10 LIC-101 Rev. 3 Appendix B Section 4, "Safety Evaluation" states: "the information relied upon in the SE must be docketed correspondence."

LIC-101 Rev. 3 states: "The safety analysis that supports the change requested should include technical information in sufficient detail to enable the NRC staff to make an independent assessment regarding the acceptability of the proposal in terms of regulatory requirements and the protection of public health and safety."

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments March 4, 2011. During the audit, the Westinghouse Quality Assurance in process audit of the Common Q PAMS project was reviewed by the NRC inspector with no issues identified.

247

(

C 8/8/2010 Responder: WEC 231. Y Closed Closed EICB RAI Response is LIC-101 Rev. 3 Appendix B Section 4, 248

(

C 8/8/2010 Responder: WEC 232. Y Closed Closed Response is LIC-101 Rev. 3 Appendix B Section 4, 249

(

C 8/8/2010 Responder: WEC 233. Y Closed Closed LIC-101 Rev. 3 Appendix B Section 4, 250 EICB (Carte) 8/8/2010 The SPM describes the software and documents that will be created and placed under configuration control. The SCMP (e.g.,

SPM Section 6, Software Configuration Management Plan) describes the implementation tasks that are to be carried out. The acceptance criterion for software CM implementation is that the tasks in the SCMP have been carried out in their entirety.

Documentation should exist that shows that the configuration management tasks for that activity group have been successfully accomplished. Please provide information that shows that the CM tasks have been successfully accomplished for each life cycle activity group.

Responder: WEC Westinghouse develops Software Release Reports/Records and a Configuration Management Release Report. Describe the documents and when they will be produced. Summarize guidance on how to produce these records, focus on project specific requirements in SPM etc.

TVA Response to Follow-up NRC Request:

The following documentation shows that the configuration management tasks for that activity group have been successfully accomplished.

1.

WNA-LI-00058-WT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) contains the following changes to address the NRC requests:

a.

Section 2.2.1 Hardware/Software Change Process has been added to describe the process of how changes are evaluated.

b.

Section 2.2.2, Software has been expanded to include a table detailing evolutionary software changes that have occurred since the initial submittal and the change evaluation of the life cycle.

2.

WNA-PT-00138-WBT, Revision 0, Nuclear Automation Watts Bar 2 NSSS Completion Program I&C Projects, Post Accident Monitoring System Test Plan, (Proprietary), dated November 2010 submitted in TVA Letter to NRC, dated December 3, 2010 (Reference 1).

23. N Open Revised response included in letter dated 12/22/10 Response included in letter dated 10/25/10.

Open-NRC Review NNC 2/2/11: To be addressed during the next audit.

LIC-101 Rev. 3 Appendix B Section 4, "Safety Evaluation" states: "the information relied upon in the SE must be docketed correspondence."

LIC-101 Rev. 3 states: "The safety analysis that supports the change requested should include technical information in sufficient detail to enable the NRC staff to make an independent assessment regarding the acceptability of the proposal in terms of regulatory requirements and the protection of public health and safety."

251 EICB (Carte) 8/8/2010 The SPM describes the software testing and documents that will be created. The SPM also describes the testing tasks that are to be carried out. The acceptance criterion for software test implementation is that the tasks in the SPM have been carried out in their entirety. Please provide information that shows that testing been successfully accomplished.

Responder: WEC The software testing performed and documents created are addressed by the SPM Compliance matrix contained in Revision 1 of the Licensing Technical Report.

of the letter dated 10/25/10 contains the Proprietary version of Westinghouses document titled:

Tennessee Valley Authority (TVA), Watts Bar Unit 2 (WBN2), Post-Accident Monitoring System (PAMS),

Licensing Technical Report, Revision 1, WNA-LI-00058-WBT-P, Dated October 2010 TVA Response to Follow-up NRC Request:

Please see the response to RAI item 21 in letter dated

24. N Open Pending Submittal of the Test Summary Report due 3/29/11 Revised response included in letter dated 12/22/10 Partial response is provided in letter dated 10/25/10 Open-NRC Review Due 3/29/11 NNC 2/2/11: Issues with the Common Q TR

& SPM were discussed in the weekly public meetings.

Westinghouse to perform Common Q TR

& SPM compliance self assessment LIC-101 Rev. 3 Appendix B Section 4, "Safety Evaluation" states: "the information relied upon in the SE must be docketed correspondence."

LIC-101 Rev. 3 states: "The safety analysis that supports the change requested should include technical information in sufficient detail to enable the NRC staff to make an independent assessment regarding the acceptability of the proposal in terms of regulatory requirements and the protection of public health and safety."

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 12/22/10, NRC Matrix Item 250.

TVA Response to second Follow-up NRC Request:

The results of the Common Q TR and SPM self assessment were reviewed by Westinghouse with the NRC on February 2, 2011.

By agreement between TVA, WEC and the NRC, the Post Accident Monitoring System Test Plan, WNA-PT-00138-WBT, Revision 0 will not be revised. Instead a non-proprietary Common Q PAMS Test Summary Report will be developed and submitted to address the issues with TR and SPM compliance. Attachment 1 contains non-proprietary WNA-TR-02451-WBT, Revision 0, Test Summary Report for the Post Accident Monitoring System, dated March 2011.

252 EICB (Carte) 8/8/2010 The SPM contain requirements for software requirements traceability analysis and associated documentation (see Section 5.4.5.3, Requirements Traceability Analysis). Please provide information that demonstrates that requirements traceability analysis has been successfully accomplished.

Responder: WEC Explain response to AP1000 audit report.

RTM docketed NRC awaiting V&V evaluation of RTM.

The following responses are based on WBN Unit 2 Common Q PAMS traceability:

Software requirements traceability analysis is described in the following documents:

1.

WNA-LI-00058-WBT-P, Revision 2, Post-Accident Monitoring System (PAMS) Licensing Technical Report submitted in TVA Letter to NRC dated December 3, 2010, (Reference 1) Section 11, TVA Contract Compliance Matrix

2.

WNA-VR-00279-WBT, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Post Accident Monitoring System (available for NRC audit at the Westinghouse Rockville office)

3.

WNA-VR-00280-WBT, Watts Bar 2 NSSS Completion Program I&C Projects Requirements Traceability Matrix for the Reactor Vessel Level Indication System (RVLIS) Custom PC Elements (available for NRC audit at the Westinghouse Rockville office) This document addresses the RSEDs used in the WBN Unit 2 Common Q PAMS.

The V&V evaluation of the RTM is documented in section 2.2.2 of the following documents:

1.

The Independent Verification & Validation (IV&V) report covering the Concept and Definition phases (Nuclear Automation Watts Bar Unit 2 NSSS Completion Program I&C Projects, IV&V Summary Report for the Post Accident Monitoring System, (Proprietary), WNA-VR-00283-WBT, Revision 1, dated November 2010), submitted in TVA Letter to NRC dated December 3, 2010 (Reference 1).

25. N Open Response included in letter dated 12/22/10 Read ML091560352 Open-NRC Review Due 2/25/11 (document submittals)

NNC 2/2/11: Updated RTMs and specifications to be provided.

Requirements traceability to be addressed during he next audit.

LIC-101 Rev. 3 Appendix B Section 4, "Safety Evaluation" states: "the information relied upon in the SE must be docketed correspondence."

LIC-101 Rev. 3 states: "The safety analysis that supports the change requested should include technical information in sufficient detail to enable the NRC staff to make an independent assessment regarding the acceptability of the proposal in terms of regulatory requirements and the protection of public health and safety."

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments

2.

The Independent Verification &Validation (IV&V) report covering the Design and Implementation phases (Nuclear Automation Watts Bar Unit 2 NSSS Completion Program I&C Projects, IV&V Summary Report for the Post Accident Monitoring System, (Proprietary), WNA-VR-00283-WBT, Revision 2, dated November 2010), submitted in TVA Letter to NRC dated December 3, 2010 (Reference 1).

3.

The integration phase is covered in Attachment 10, the proprietary version of IV&V Summary Report for the Post Accident Monitoring System, WNA-VR-00283-WBT-P, Revision 3, dated December 2010. 1 contains the non-proprietary version of IV&V Summary Report for the Post Accident Monitoring System, WNA-VR-00283-WBT-NP, Revision 3, dated December 2010. Attachment 12 contains the Application For Withholding Proprietary Information From Public Disclosure WNA-VR-00283-WBT-P, Revision 3, IV &V Summary Report for the Post Accident Monitoring System (Proprietary), dated December 2010.

TVA Response to Follow-up NRC Request:

See Response to item 3 (Matrix Item Number 142) 253

(

C 8/8/2010 Responder: Clark 234. Y Closed Closed TVA Letter dated Related to Open Item no. 83.

254

(

C 8/10/2010 Responder: WEC 235. Y Closed Closed N/A - Request to TVA Letter dated 255

(

C 8/10/2010 Responder: WEC 236. Y Closed Closed N/A - Request to TVA Letter dated 256

(

C 8/10/2010 Responder: WEC 237. Y Closed Closed N/A - Request to TVA Letter dated 257

(

C 8/10/2010 Responder: WEC 238. Y Closed Closed N/A - Request to N/A 258

(

C 8/10/2010 Responder: WEC 239. Y Closed Closed N/A - Request to N/A 259

(

C 8/10/2010 Responder: WEC 240. Y Closed Closed N/A - Request to TVA Letter dated 260

(

C 8/10/2010 Responder: WEC 241. Y Closed Closed N/A - Request to N/A 261

(

C 8/10/2010 Responder: WEC 242. Y Closed Closed N/A - Closed to TVA Letter dated LIC-110 Rev. 1 Section 6.2.2 states:

262

(

C 8/10/2010 Responder: WEC 243. Y Closed Closed N/A - Request to N/A 263

(

C 8/11/2010 Responder: WEC 244. Y Closed Closed ML101650255, Item 264

(

C 8/11/2010 Responder: WEC 245. Y Closed Closed ML101650255, Item 265

(

C 8/11/2010 Responder: WEC 246. Y Closed Closed ML101650255, Item 266

(

C 8/11/2010 Responder: Webb/Webber 247. Y Closed Closed TVA Letter dated 267

(

C 8/11/2010 Responder: WEC 248. Y Closed Closed 268

(

C 8/19/2010 Responder: WEC 249. N Closed Closed 269

(

P 8/20/2010 Responder: NRC 250. Y Closed Closed N/A N/A 270

(

C 8/23/2010 Responder: Clark 251. Y Closed Closed See also Open Item Nod. 41 & 245.

271

(

C 8/23/2010 Responder: WEC 252. Y Closed Closed N/A - Closed to NA 272 7.5.2.

7.5.1

(

M a

8/26/2010 Responder: Clark 253. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 273 7.5.2.

7.5.1

(

M a

8/26/2010 Responder: Clark 254. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 274.

(

S i

8/26/2010 Responder: Stockton 255. Y Closed Closed RAI No. 6 TVA Letter dated

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 274.

7.5.2.

7.5.1

(

M a

8/26/2010 Responder: Clark 256. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 275

(

S i

8/27/2010 Responder: Clark 257. Y Closed Closed Not Required N/A 276 7.6 7.6

(

G 8/27/2010 Responder: Webb 258. Y Closed Closed EICB RAI TVA Letter dated 277 7.6 7.6.3

(

G 8/27/2010 Responder: Clark 259. Y Close Closed EICB RAI TVA Letter dated 278 7.6 7.6.6

(

G 8/27/2010 Responder: Trelease 260. Y Close Closed EICB RAI TVA Letter dated 279 7.6 7.6.6

(

G 8/27/2010 Responder: Mather 261. Y Close Closed EICB RAI TVA Letter dated 280 7.6 7.6.6

(

G 8/27/2010 Responder: Trelease 262. Y Closed Closed EICB RAI TVA Letter dated 281 7.6 7.6.8

(

G 8/27/2010 Responder: Webb 263.

Closed Closed EICB RAI TVA Letter dated 282 7.6 7.6.9

(

G 8/27/2010 Responder: Trelease 264. Y Close Closed EICB RAI TVA Letter dated 283 7.7.5 XX

(

D a

8/27/2010 Responder: Clark 265. Y Closed Closed EICB RAI No.13 TVA Letter dated This item is a follow-up question to item 284 7.7.3 7.4.1

(

D a

8/27/2010 Responder: Webber 266. Y Closed Closed EICB RAI No.14 TVA Letter dated This item is a follow-up question to item 285 7.3.3 7.3

(

D a

8/27/2010 Responder: McNeil 267. Y Closed Closed EICB RAI No.15 TVA Letter dated This item is a follow-up question to item 286 7.7.3 9.3.4.2.4

(

D a

8/27/2010 Responder: Webber 268. Y Closed Closed EICB RAI No.16 TVA Letter dated 287 7.3 7.3-1

(

D a

8/27/2010 Responder: Elton 269. Y Closed Closed ML102390538, Item Response 288 7.3

(

G 9/2/2010 Responder: McNeil 270. Y Closed Closed EICB RAI 289

(

S i

9/2/2010 Responder: Faulkner 271. Y Closed Closed RAI No. 24 TVA Letter dated 290 7.7

(

C 9/7/2010 Responder: Clark 272. Y Closed Closed N/A N/A This item is a duplicate of item 291.

291 7.7

(

C 9/7/2010 Responder: Clark 273. Y Closed Closed TVA Letter dated 292 7.2.5 7.2

(

G 9/7/2010 Responder: Craig 274. Y Closed Closed EICB RAI TVA Letter dated 293 7.7.4 7.2.2.3.5

(

M a

9/8/2010 Responder: Craig 275. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 294 7.3 7.3.1.1.1

(

D a

9/9/2010 Responder: Elton 276. Y Closed Closed ML102390538, Item Response 295 7.3 7.3.1.1.2

(

D a

9/9/2010 Responder: Elton 277. Y Closed Closed ML102390538, Item Response 296 7.3 7.3.1.2.1

(

D a

9/9/2010 Responder: Elton 278. Y Closed Closed ML102390538, Item Response 297 7.3 7.3.1.2.2

(

D a

9/9/2010 Responder: Elton 279. Y Closed Closed ML102390538, Item Response 298 7.3 XX

(

D a

9/9/2010 Responder: Clark 280. Y Closed Closed ML102390538, Item Response 299

(

C Provide Common Q Software Requirements Specification Post 1 of the 10/5 letter contains the Common Q 281. Y Closed Closed TVA Letter dated 300

(

S i

Need Radiation Monitoring System Description/Design Criteria Responder: Temples/Mather 282. Y Closed Closed RAI No. 25 TVA Letter 301

(

S i

1.TVA is requested to address the consequences of software Responder: WEC/Davies/Clark 283. Y Closed Closed RAI No. 11 TVA Letter dated Note 1:

302 7.5.2.

7.5.1

(

M a

09/17/2010 Responder: Tindell 284. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 303 7.5.2.

7.5.1

(

M a

09/17/2010 Responder: Tindell 285. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 304 7.5.2.

7.5.1

(

M a

09/17/2010 Responder: Tindell 286. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 305 7.5.2.

7.5.1

(

M a

09/17/2010 Responder: Tindell 287. Y Closed Closed EICB RAI TVA Letter dated EICB RAI ML102861885 sent to DORL 306 7.1 7.1

(

G FSAR amendment 100, page 7.1-12 provides the definition of Responder: Hilmes 288. Y Closed Closed EICB RAI TVA Letter dated 307 7.1 7.1

(

G (1) FSAR amendment 100, Section 7.1, page 7.1-12, definition of Responder: Hilmes 289. Y Closed Closed EICB RAI TVA Letter dated 308 7.1 7.1

(

G (1) FSAR Amendment 100, Section 7.1, page 7.1-13, definition of Responder: Hilmes 290. Y Closed Closed EICB RAI TVA Letter dated 309 7.1 7.1.2.1.9

(

G (1) FSAR amendment 100, Page 7.1-14, Westinghouse setpoint Responder: Hilmes 291. Y Closed Closed EICB RAI TVA Letter dated 310 7.1 7.1.2.1.9

(

G (1) FSAR amendment 100, Page 7.1-14, TVA setpoint Responder: Hilmes 292. Y Closed Closed EICB RAI TVA Letter dated 311 7.1 7.1

(

G Both Westinghouse and TVA setpoint methodology do not have Responder: Hilmes 293. Y Closed Closed EICB RAI TVA Letter dated 312 7.0

(

G By letter dated September 10,2010, TVA provided the summary Responder: Stockton 294. Y Close Closed EICB RAI TVA Letter dated 313 7.7.8 7.7.1.12

(

D a

EDCR 52408 (installation of AMSAC in Unit 2) states that Design Responder: Ayala 295. Y Closed Closed EICB RAI No.18 TVA Letter dated 314 7.3 7.3

(

D a

The following 50.59 changes were listed in the March 12 RAI Responder: Stockton 296. Y Closed Closed EICB RAI No. 19 TVA Letter dated Related to OI 10 315 7.5.3 7.5.3

(

G IE Bulletin 79-27 required that emergency operating procedures to Responder: S. Smith (TVA Operations) 297. Y Close Closed EICB RAI TVA Letter dated 316 7.5.2.

7.5

(

S i

TVA has provided various documents in support of RM-1000 high Responder: Temples/Mather 298. Y Closed Closed RAI No. 26

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 317 7.5.2.

7.5

(

S i

TVA has provided a proprietary and a non-proprietary version of Responder: Temples 299. Y Closed Closed RAI No. 27 TVA Letter dated 318 7.5.2.

3 7.5 EICB (Singh)

TVA has provided the following documents for RM-1000 equipment qualification:

(i)

Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter 04508905-QR (January 2001)

(ii)

Qualification Test Report Supplement, RM-1000 Upgrades 04508905-1SP (June 2006)

(iii)

Qualification Test Report Supplement, RM-1000 Upgrades 04508905-2SP (June 2008)

(iv)

Qualification Test Report Supplement, RM-1000 Upgrades 04508905-3SP (May 2008)

Please clarify whether all of these are fully applicable to WBN2 or are they applicable with exceptions? If with exceptions, then please clarify what those are.

Supplement 3 was issued one month prior to supplement 2.

Please explain the reason for the same.

Responder: Temples (i)

Applicable to WBN Unit 2. 04508905-1QR is applicable only in regards to the RM-1000, with the exception of re-qualification of certain RM-1000 equipment differences covered in the -1SP report.

The Current-to-Frequency (I-F) converter module qualifications in the base report and the -1SP report are not applicable to the RM-1000s, and will be used later as references in the WBN Unit 2 specific qualification reports.

(ii)

Applicable to WBN Unit 2.

(iii)

Not applicable to WBN Unit 2 (iv)

Not applicable to WBN Unit 2 The 04508905-3SP report was prepared for another TVA plant, as a monitor system-level report, where the system included equipment mostly based on the base report equipment items. These two -2SP and -3SP supplement reports were essentially worked concurrently, but the -2SP document review/release process resulted in the release time difference.

TVA Response to Follow-up NRC Request:

NOTE: The response for the current to frequency (I to F) converter in item 1 below is a reversal of the response previously provided in TVA to NRC letter dated October 29, 2010 (Reference 22). General Atomics Electronic Systems Inc. (GA-ESI) notified TVA of this change on December 8, 2010 (Reference 20).

(1) The applicability of the qualification reports from GA-ESI e-mail dated December 10, 2010 (Reference 19) is as follows:

a.

04508905-QR Qualification Test Report for RM-1000 Processor Module and Current-to-Frequency Converter is applicable to the WBN Unit 2 RM-1000 and I to F converter modules.

b.

04508905-1SP Supplement to Qualification Test Report for RM-1000 Processor Module and Current-to-Frequency Converter is applicable to the WBN Unit 2 RM-1000 module.

c.

04508905-1SP is not applicable to the WBN Unit 2 I to F converter module.

d.

04508905-2SP Qualification Test Report Supplement, I-F Converter Upgrades is applicable to the WBN Unit 2 I to F converter

26. Y Open Revised response is included in letter dated 12/22/10.

Note check 04508905-1QR or QR. Staff version is QR only.

Response is included in letter dated 10/29/10 Open-NRC Review Due 2/25/11 Response update required. It is clear that 04508903-2SP and -

3SP are not applicable.

The response for applicability of 04508905-QR and -

1SP to RM-1000 and IF converter is not clear.

Check page numbers of Appendix F (missing/duplicate pages).

Check applicability of Appendix C to RM1000 instead of RM2300?

See items 336 and 337.

All equipment qualification reports including supplements 2SP and 3SP have been reviewed as vendor drawings for WBN-2. Please explain the reason for applicability of one report and not the other.

Further all TVA/Bechtel reviews seems to be dispositioned as Code 4, Review not required.

Work may proceed.

The applicable reports should have been reviewed prior to dispositioning them.

Please explain the apparent lack of review of WBN-2 applicable documents. Was appropriate review guidance used?

Further update required Provide model number/part number for the RM-1000 and I/F converter used for RAI No. 28 ML102980005 10/26/2010 TVA Letter dated 10/29/10, Encl 1 Item 34, and TVA letter 11/24/10, Att. 2.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments module.

GA-ESI provided two other reports required to support qualification of the containment high range radiation monitors. The report descriptions are from GA-ESI e-mail on December 8, 2010 (Reference 20). The reports are:

e.

GA-ESI report 04038903-QSR, Qualification Summary Report for Watts Bar Nuclear Plant Unit 2 Replacement Radiation Monitors: The report is the principle report and the starting point for all the radiation monitors provided as part of the replacement contract. The report describes each monitor; referenced to the technical manual for the physical and functional description and lists the major components of the monitor system.

Report section 3 identifies the TVA Watts Bar Unit 2 Environmental, Seismic, Electromagnetic Compatibility (EMC), and software requirements for each monitor. In section 4 a brief description of GA-ESI generic qualification programs for all radiation monitoring equipment in each of the four above areas is provided. The qualification basis for each monitor is provided in a separate supplement to the principle report and is identified in section 5.

f.

GA-ESI report 04038903-7SP, Qualification Basis for 04034101-001 (2-RE-90-271, -272, -

273, & -274) [TVA Note: These are the containment post accident high range radiation monitors.]: GA-ESI report 04038903-7SP is divided into subsections to address the Environmental, Seismic, EMC, and Software qualification basis for the High Range Area Monitors. Within each subsection, the HRAM is compared to a tested or analyzed article to demonstrate similarity and/or evaluate differences, the tests that were performed, and evaluation to demonstrate qualification. In most cases, the qualification basis references other documents. In addition to qualification, a section is provided that lists the life of those replaceable components that have life expectancy less than 40 years.

(2) This is addressed by response to RAI Question 336 in TVA to NRC letter dated November 24, 2010 (Reference 8)

(3) This is addressed by response to RAI Question 337 in TVA to NRC letter dated November 24, 2010 (Reference 8)

(4) The 04508905-3SP Qualification Test Report Supplement, RM-1000 Upgrades is not applicable to WBN Unit 2 (Reference 19).

WBN-2. This information is needed to verify that the model or part number used is the equipment that has been qualified for WBN-

2.

Provide qualification reports 04038903-QSR and 04038903-7SP by the dues date of 1/22/11.

Submit a copy of any other relevant reviewed versions of the qualification reports.

Submit copies of the reviewed reports for 04508905-QR, 04508905-1SP, 04508905-2SP.

Clarification of applicability of existing reports is acceptable.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Please see Item 1, above, for applicability of the other reports.

(5) TVA provided the proprietary versions of the reports by letter dated March 12, 2010 (Reference 10). By letter dated July 15, 2010 (Reference 23), TVA provided the non-proprietary version of the reports and included a copy of the proprietary report which had been erroneously marked as having not been reviewed.

04508905-QR report has been reviewed by TVA. The review of the remaining reports is ongoing.

(6) See item 5.

TVA Response to Follow-up NRC Request:

The following documents are the qualification documents associated with the RM-1000 radiation monitors: contains the approved proprietary version of General Atomics Electronic Systems 04508905-1SP, Qualification Test Report Supplement, RM-1000 Upgrade.

contains the approved proprietary version of General Atomics Electronic Systems 04508905-2SP, Qualification Test Report Supplement, I-F Converter Upgrades.

contains the approved proprietary version of General Atomics Electronic Systems 04038903-7SP, Qualification Basis for 04034101 (2-RE-90-271, 272, 273 & 274).

contains the proprietary version of General Atomics Electronic Systems 04038903-QSR, Qualification Summary Report for Watts Bar Nuclear Plant Unit 2 Replacement Radiation Monitors. In order to meet the NRC submittal schedule, the engineering review of this document was limited to the RM-1000. The document has been accepted for the RM-1000 monitors. Engineering approval will not occur until full review for all covered monitors is complete.

3 contains the approved proprietary version of General Atomics Electronic Systems 04508905-QR, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter.

319 7.5.2.

7.5

(

S i

TVA provided System Verification Test Results 04507007-1TR Responder: Temples 300. Y Closed Closed RAI No. 29 TVA Letter dated 320 E

I Per Westinghouse letter WBT-D-2340, TENNESSEE VALLEY Responder: Clark 301. Y Closed Closed N/A N/A Duplicate of item 156 321 E

I For the purposes of measuring reactor coolant flow for Reactor Responder: Clark 302. Y Closed Closed N/A N/A Duplicate of OI# 157 322 7.7.1.11

(

C Section 7.7.1.11 will be added to FSAR Amendment 101 to provide Responder: Clark 303. Y Closed Closed 323 EICB(Ga rg)

WCAP-13869 revision 1 was previously reviewed under WBN Unit 1 SER SSER 13 (Reference 8). Unit 2 references revision 2. An analysis of the differences and their acceptability will be submitted to the NRC by November 15, 2010 Responder: Hilmes/Unit 1 2 contains the WCAP 13869 Revision 1 to Revision 2 Change Analysis.

1.

Y Open Due 3/29/11 Open-TVA/Bechtel Due:

TVA Letter dated 10/29/10 Item No. 36

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments TVA Response to Follow-up NRC Request A FSAR change will be submitted in a future FSAR amendment to change the revision level back to 1.

TVA Response to Second Follow-up NRC Request The differences between the Revision 1 and Revision 2 WCAPs is documented in Attachment 12, WCAP 13869 Revision 1 to Revision 2 Change Analysis, to TVA to NRC letter dated October 29, 2010 (Reference 2). The design bases for the response to feedwater break inside containment, as documented in Chapter 15 of the WBN Unit 2 FSAR, is the same for WBN Unit 1. Since WBN Unit 2 is required to match the WBN Unit 1 licensing basis to the extent practical, the decision was made to revise the WBN Unit 2 FSAR to agree with the WBN Unit 1 FSAR which uses Revision 1.

Revised Response is included in letter dated 10/29/10 The staff is confused with the response since both units have reference leg not insulated Rev 2 should apply to Unit 1 also and there should be no difference between Unit 1 and 2 Need to provide additional info on why Rev. 1 is acceptable for both units.

3/10/11 Staff does not agree with the statement that there is no technical differences between WCAP-13869 rev.1 and rev2., but staff agree that rev1 and change analysis could be basis for acceptance for both Watts Bar units.

4/6/11 TVA response is acceptable, however this item remains open until TVA makes changes to FSAR.

324

(

M a

Per the NRC reviewer, the BISI calculation is not required to be 304. Y Closed Closed 325 B

(

G The Unit 2 loops in service for Unit 1 that are scheduled to be Responder: TVA Startup Olson 305. Y Closed Closed Closed to open item ?

326 B

(

G TVA uses double-sided methodology for as-found and as-left Responder: Webb 306. Y Closed Closed TVA Letter dated 327 DORL (Poole) 6 contains Foxboro proprietary drawings 08F802403-SC-2001 sheets 1 through 6. An affidavit for withholding and non-proprietary versions of the drawings will be submitted by January 31, 2011.

Responder: Webber In accordance with correspondence from Foxboro, there is no proprietary information contained in the 08F802403-SC-2001 drawings. Based on this, no affidavit for withholding is required. Attachment 1 contains versions of the drawings with the proprietary information block removed.

27. Y Open Response Included in letter dated 11/24/10 Open-NRC Review Due 11/24/10 328 7.5.2.

7.5

(

S i

Provide the model number for the four containment high range Responder: Temples 307. Y Closed Closed RAI No. 30 TVA Letter dated 329 7.6.1 7.6.7

(

S i

Section 7.6.7 of the FSAR (Amendment 100) states that, The Responder: Clark 308. Y Closed Closed RAI No. 1 TVA Letter dated 330 7.3 7.3

(

D a

Related to Item 298 Responder: Hilmes/Faulkner 309. Y Closed Closed EICB RAI No.20 Item 7, TVA letter 331 7.6.1 7.6.7

(

S i

As a follow up of OI 190, Staff has reviewed the proprietary version Responder: WEC/Harless/Clark 310. Y Closed Closed RAI No. 8 TVA Letter dated Follow-up of OI-190.

332 7.5.2.

7.5.1

(

M a

10/26/2010 311. Y Closed Closed ML103000105 Item TBD EICB RAI ML103000105 sent to DORL 333 7.5.2.

7.5.1

(

M a

10/27/2010 312. Y Closed Closed ML103000105 Item TBD EICB RAI ML103000105 sent to DORL 334 7

7

(

D a

FSAR Figure 7A-3 Mechanical Flow and Control Diagram Responder: Stockton 313. Y Closed Closed RAI not required.

N/A RAI not required because the figure is 335 7.6.1 7.6.7

(

S i

LPMS: Reference to OI-331, sub item 2.

Responder: WEC 314. Y Closed Closed RAI# 1, EICB letter TVA letter, dated We need to confirm when MEEB when 336 7.5.2.

7.5

(

S i

Re: RM-1000 Report 04508905-QR Responder: GA 315. Y Closed Closed 337 7.5.2.

7.5

(

S i

Re: RM-1000 Report 04508905-QR Responder: GA 316. Y Closed Closed 338 7.5.2.

7.5

(

S i

In page 3-15 and appendix B of Qualification Test Report 04508905-QR, Qualification Test Report for RM-1000 317. Y Closed Closed RAI #4 letter dated FSAR amend 103 Note: Item to be added to Section 3.10 339 7.5.2.

7.5

(

S i

In the Qualification Test Report 04508905-QR, the licensee As agreed to with the reviewer, Attachment 1 contains the 318. Y Closed Closed RAI #5 letter dated FSAR amend 103 Note: Item to be added to Section 3.10 340 7.5.2.

3 7.5 EICB (Singh)

Provide test result curves for all EMI/RFI tests listed in Table 3.2.3 (page 3-8) of the Qualification Test Report 04508905-QR. In addition, please provide the standards or the guidance documents used as the source for ENV 50140, ENV 55011 Class A, and EN 55022 Class B.

Responder: GA The following responses are based on e-mail: GA-ESI to Bechtel, dated December 8, 2010 (Reference 20),

(1) The EMI/RFI tests described in Table 3-2 are based on GA-ESI report 04509050 and are summarized in GA-

2.

N Open Due 4/30/11 Response included in letter dated 12/22/10.

Open-TVA/Bechtel Provide the qual reports by 1/28/11 per TVA letter of 12/22/10.

Due: 2/25/11

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments ESI report 04508905-QR. The independent laboratory report, with curves, is part of GA-ESI report 04509050.

Subsequent to issuing GA-ESI report 04508905-QR additional EMC testing was performed in accordance with TVA specific requirements. The results of the subsequent EMC testing are reported in GA-ESI report 04038800. GA-ESI report 04038800 includes the test curves and the report is used as the basis for EMC qualification of the Upper and Lower Inside Containment Post Accident Radiation Monitors (2-RE-90-271 through -274). The results of the testing and the acceptability of the RM-1000 monitors for use at WBN Unit 2 are addressed in GA-ESI report 04038903-7SP. This report will be submitted no later than January 28, 2010.

(2) ENV 50140, EN 55011, and EN 55022 are British Standard Institution (BSI) publications concerning equipment electromagnetic and radio frequency performance. The standard titles are shown below:

a.

ENV 50140 - Electromagnetic Compatibility -

Basic Immunity Standard - Radiated Radio-Frequency Electromagnetic Field - Immunity Test

b.

EN 55011 - Industrial, scientific and medical equipment - Radio-frequency disturbance characteristics - Limits and methods of measurement

c.

EN 55022 - Information technology equipment -

Radio disturbance characteristics - Limits and methods of measurement TVA Response to Follow-up NRC Request:

The total EMI/RFI testing of the RM-1000 and current-to-frequency converter is documented in the following reports:

contains the proprietary version of General Atomics Electronic Systems 04508905-1SP, Qualification Test Report Supplement, RM-1000 Upgrade. See sections 5.1.1, 5.1.2 and 5.1.4 for EMI/RFI.

contains the proprietary version of General Atomics Electronic Systems 04038903-7SP, Qualification Basis for 04034101 (2-RE-90-271, 272, 273 & 274). See section 5 for EMC qualification basis.

contains the proprietary version of General Atomics Electronic Systems 04038903-QSR, Qualification Summary Report for Watts Bar Nuclear Plant Unit 2 Replacement Radiation Monitors. See section 3.4 for electromagnetic compatibility qualification requirements.

3 contains the proprietary version of General Atomics Electronic Systems 04508905-QR, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter. See sections 3.2.1 through 3.2.5 and 6.2 for EMI/RFI.

Attachments 7 and 8 document the EMI/RFI testing specific Clarification Needed:

Per 2/25/11 response TVA document SS-E18.14.01, Rev. 3 is the source document for all testing. Please provide this document for staff review. In addition British Standards (e.g. ENV 50140) have been cited in testing which are not per RG 1.180, R1. TVA to describe compliance of SS-E18-14.01 to RG 1.180 with justification for deviations. No test curves have been provided in any of the reports. As a minimum TVA to provide a few sample test curves or justify not supplying them.

No EMI/RFI curves have been provided as yet. TVA to provide representative curves.

NRC review proceeding in parallel.

NRC current review guidance is based on compliance with RG 1.180 or equal with justification for variations. TVA is requested to provide the roadmap for compliance to RG 1.180 with justifications for any deviations.

Simply following TVA standard specification SS E18.14.01, Rev. 3 is not sufficient.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments to the WBN Unit 2 RM-1000 monitors and current-to-frequency converters.

TVA Response to Second Follow-up NRC Request:

GA-ESI qualification report 04038903-7SP, Qualification Basis for 04034101 (2-RE-90-271, 272, 273 & 274) Revision C dated February 22, 2011(Proprietary), submitted on TVA to NRC letter dated February 25, 2011 (Reference 2),

section 5.1 states:

GA-ESI has performed the tests on a 2 channel RM-1000 radiation monitoring system the configuration of which is shown in GA-ESI drawing 04509000 System Installation Configuration, RFI/EMI Test, RM-1000 the results of which are issued in GA-ESI report 04038800, RM-1000 EMC Test Report, TVA and 04509050, RM-1000 EMC Test Report.

The equipment tested used an RM-1000 microprocessor radiation monitor Display/Control NIM Bin Assembly, an I-F Converter, line filter, and an RD-23 detector. The monitor system being qualified is the same as the monitor system tested and includes ECO-17656 modifications to ensure EMC compliance.

contains the TVA Browns Ferry High Range Radiation Monitor which contains the requested EMI test curves. We have confirmed that the GA-ESI reports (04509050, RM-1000 EMC Test Report, dated 4/22/03 and 04038800, RM-1000 EMC Test Report, dated 11/11/99) included in the TVA report are applicable to the WBN Unit 2 RM-1000 monitors. The non-proprietary versions and affidavit for withholding of GA-ESI reports (04509050 and 04038800) will be submitted within two weeks of receipt from GA-ESI.

GA-ESI qualification report 04038903-7SP, section 5, provides a detailed discussion of the test results in GA-ESi report 04509050.

TVA Response to Follow-up NRC Request provides a comparision of the TVA EMC specification SS E18.14.01, Revision 3 requirements to RG 1.180 requirements.

341 7.5.2.

7.5

(

S i

FSAR Tables 3.10 list seismically qualified equipment. However, A review of WBN Unit 2 FSAR amendment 102 chapters 319. Y Closed Closed RAI #1 letter dated FSAR amend 103 342 7.5.2.

7.5

(

S i

Please confirm that RM-1000 monitors and the associated The RM-1000 containment high range radiation monitors are 320. Y Closed Closed 343 7.5.2.

7.5

(

S i

Seismic RRS in the 04508905-QR report Figures 3-2 and 3-3 (1) The cause of the difference between the RRS and TRS 321. Y Closed Closed 344 7.6.6

?

g

(

G Unit 1 SE discussed in Section 7.6.5, Valve Power Lockout.

(a) In accordance with0PDP-6, Locked Valve/Breaker 322. Y Close Closed Close based on TVA letter dated 345 7.5.2.

7.5

(

S i

Provide the normal temperatures and expected periods of high/low RM-1000 in a NIM Bin was Tested at 39°F for 72 Hrs and 323. Y Closed Closed

Response

346 7.5.2.

3 7.5 EICB (Singh)

TVA has previously stated in response to open item 319 that RM-1000 System Verification Test Results report, 04507007-1TR is not applicable to WBN-2. However, TVA has not provided a WBN-2 specific test results report. Please identify and provide the appropriate test results reports to complete the review.

Document 04507007-1TR is the RM-1000 System Verification Test Results. 04038903-QSR, Qualification Summary Report for Watts Bar Nuclear Plant Unit 2 Replacement Radiation Monitors (Attachment 8) and and 04038903-7SP, Qualification Basis for 04034101 (2-RE 271, 272, 273 & 274) (Attachment 7) are the Watts Bar Unit 2 equipment specific qualification reports.

3.

N Open Due 4/15/11 Open-TVA/Bechtel Due: 2/25/11 The proposed response appears to be conflicting with the

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments TVA Response to Follow up NRC Request:

Report 04507007-1TR RM-1000 System Verification Test Results is applicable to the WBN Unit 2 monitors. The applicability is that 04507007-1TR includes all test cases called out in the 04507006 RM-1000 System Test Procedure Specification and contains evidence that the V&V tests were performed with version 1.0 software code. The verification report for version 1.1 software is document 04508005 RM-1000 Software Version 1.1 Software Verification Report. Document 04508006 RM-1000 Version 1.2 Software Verification and Validation Report shows that the required test was completed to validated version 1.2 code for the RM-1000.

The Engineering reviewed and approved proprietary versions of 04507007-1TR, 04508005 and 04508006 will be submitted within two weeks of receipt from GA-ESI. The unreviewed proprietary versions, non-proprietary versions and affidavit for withholding were submitted on TVA to NRC letter July 15, 2010 (Reference 3).

TVA Response to Follow up NRC Request The safety-related production modules and the Sequoyah non-safety-related modules are physically identical. The difference is that one was produced under the GA-ESI QA program and the other was not.

proposed response for OI-351 regarding not submitting the 04508905-QR report.

TVA to re-assess proposed response for both OIs.

TVA to re-evaluate previous responses to OI-316 and OI-319 which have conflicting responses regarding the applicability of 04507007-1TR.

NRC Follow-up question Report 04507007-1TR, 1999 states in the Test Summary that Initially the testing was done using the SE safety related production modules that had undergone software V&V testing. The majority of the testing was done by using two of the Sequoyah non-safety related production modules for the TVA contract, substituted for the SE modules. Since the report is based on primarily non safety related components TVA to clarify and justify why NRC should accept this test report for safety related V&V testing.

347 7.5.2.

7.5

(

S i

Qualification report 04508905-1SP does not address EMI/RFI Qualification report 04038903-7SP, Qualification Basis for 324. Y Closed Closed 348 7.5.2.

7.5

(

S i

Qualification report 04508905-2SP does not address EMI/RFI Qualification report 04038903-7SP, Qualification Basis for 325. Y Closed Closed 349 7.5.2.

3 7.5 EICB (Singh)

Radiation testing was not considered in any of the test reports as all the equipment has been assumed to be located in nuclear power plant areas with mild environments and radiation dosages less than 1 x 103 rads for total integrated dose (TID). However, the radiation monitors and the I/F converters are located in the main control room which is defined as mild environment. For WBN-2 mild environment is defined as room or building zone where (1) the temperature, pressure, or relative humidity resulting from the direct effects of a design basis event (DBE) (e.g.,

temperature rise due to steam release) are no more severe than those which would occur during an abnormal plant operational The design criteria provides the criteria for determining what is a mild environment at WBN Unit 2. Calculation WBNAPS4004 Summary of Mild Environment Conditions for Watts Bar Nuclear Plant provides the actual values for each area of the plant. In accordance with Table 1, the Control Room has a 40 year maximum TID of 3.5x102 RAD and a maximum integrated accident dose of 710.5 RAD for a maximum TID of 1060.5 RAD.

The accident dose of 710.5 RAD is the dose for a 100 day LOCA at the surface of the HEPA filter in the Mechanical

1.

Y Open Open-TVA/Licensing Due: 2/25/11 TVA to provide the assessment document or a summary of the document with the reference to the appropriate document/documents.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments condition, (2) the temperature will not exceed 130ºF due to indirect effects of a DBE, (3) the event radiation dose is less than or equal to 1 x 104 rads, and (4) the total event plus the 40 year TID (total integrated dose) is less than or equal to 5 x 104 rads (reference WB-DC-40-54). TVA to address lack of radiation qualification for WBN-2.

Equipment Room. This is documented in TVA calculation WBNTSR-005, Dose Due to the Control Building Emergency Air Cleanup Filters Revision 3. However, on page 25 of WBNTSR-005, the shine from this source into the control room is negligible and is not considered in the dose calculation for the control room.

Calculation WBNAPS3-126, EQ Dose in the U1/U2 Auxiliary Instrument Rooms and the Computer Room in the Control Building Revision 0 documents the environmental qualification (EQ) radiation dose in the control building. A review of this document by the TVA radiation protection engineer determined that the TID including the normal and accident dose values for the control room is less than 1x103 RAD. Calculation WBNAPS3-126, will be revised to include the control room by July 1, 2011. Since the control room TID has been determined to be less than 1x103 RAD, radiation qualification of the RM-1000.

February 25, 2011 response is acceptable.

Item will be tracked as a confirmatory item in the SE. TVA to provide calculation or summary of calculation when complete.

350 7.5.2.

7.5

(

S i

The seismic required response spectra (RRS) is shown in Figures The RM-1000 was seismically tested in a NIM Bin and the 326. Y Closed Closed RAI # 9, letter FSAR amend 103 Note: Item to be added to Section 3.10 351 7.5.2.

7.5

(

S i

The replacement schedule for the components that have a The replacement schedules stated in 04508905-1SP, 327. Y Closed Closed 352 7.5.2.

7.5

(

S i

Please clarify how many RM-1000 radiation monitors are being The total number of RM-1000 units procured under MR 328. Y Closed Closed 353 7.5.2.

3 7.5 EICB (Singh)

Please provide a summary of the [manufacturers] commercial dedication plan for radiation monitors with references to the guidance document that it follows. Also please include different facets (e.g. receiving, inspection, testing etc.) of the plan.

GA-ESI submitted their commercial grade dedication procedure (OP-7.3-240, Safety-Related Commercial Grade Item Parts Acceptance, Revision H) to engineering for review. Engineering review of the procedure found that the procedure, Section 5, did not require multiple dedication methods for complex CGI or CGI used in digital safety systems. As a result, it was determined that the GA-ESI program did not meet the requirements of NUREG-800, Section 7.0A, Revision 5.

A discussion with GA-ESI found that while not required by procedure, GA-ESI does perform vendor surveys as required by Method 2 of NP-5652. The surveys are done based on prudent business practices. Based on this discussion, GA-ESI agreed to review the CGI used in the WBN Unit 2 digital safety-related monitors to determine if they had been dedicated by more than one method.

The review of the CGI used in the WBN Unit 2 digital safety-related monitors determined that all CGI had been dedicated using Method 1 of EPRI guideline NP-5652. However, in the sample of items reviewed, there were CGI that were dedicated using a single method. Based on the results of the engineering procedure review and the results of the GA-ESI CGI review, Service Request 346896 was initiated to document the condition and to place the monitors in Conditional Release status.

Based on the results of the previous reviews, GA-ESI agreed to the following plan of action to resolve the CGD issue:

1.

GA-ESI shall revise its commercial grade dedication procedure (OP-7.3-240) to require multiple dedication methods be utilized for complex commercial grade items and commercial grade items for digital safety class systems. The evidence that this has been

4.

N Open Due 4/15/11 Open-TVA/Bechtel TVA to note that staff has written a safety evaluation and accepted EPRI TR-106439 (1996) as an acceptable method of addressing commercial dedication. EPRI NP-5652 must be used in conjunction with the additional guidance in EPRI TR-106439 for commercial dedication processes e.g. EPRI NP-6404, EPRI TR-102260, GL 89-02, and GL-91-05 per Section 3.3 of EPRI TR-106439.

Follow-up clarification:

TVA to review and satisfy itself with the procedure and provide NRC a copy of the procedure for review.

In addition, TVA and GA to provide information as to what additional measures were taken by GA with available

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments completed will be provided to TVA by April 15, 2011.

Specifically, Method 1 and at least one additional method from the list below will be used to ensure that the CGD procedure complies with the current SRP.

Method 1 - Special Tests and Inspections Method 2 - Commercial Grade Survey of Supplier Method 3 - Source Verification Method 4 - Acceptable Supplier/Item Performance Record

2.

GA-ESI shall take actions consistent with the revised operating procedure to address the CGls used in the WBN Unit 2 safety-related digital monitors. Evidence that those actions have been completed will be provided no later than September 1, 2011.

Based on the above action plan, TVA will resolve the issues with the GA-ESI CGD of CGI used in the WBN Unit 2 monitors and submit documentation of the resolution to the NRC by:

GA-ESI procedure OP-7.3-240 revision: April 30, 2011 Resolution of CGD of CGI used in WBN Unit 2 RM-1000 monitors: September 15, 2011 TVA Response to Follow up NRC Request (1) TVA has reviewed the revised GA-ESI procedure and determined that changes bring the CGD program into conformance with the requirements of NUREG-800, Section 7.0A, Revision 5 EPRI topical report TR-106439 and EPRI guideline NP-5652. Attachment 2 contains GA-ESI procedure OP-7.3-240 Safety-Related Commercial Grade Item Parts Acceptance, Revision I.

(2) As stated in TVA to NRC letter dated April 15, 2011(Reference 1), Attachment 4, List of New Commitment Items, item 2, the due date for resolution of this issue is September 15, 2011.

documentation to prove that more than one method was followed for commercial dedication.

354 7.5.2.

7.5

(

S i

RG 1.180 endorsed the guidance of IEEE-1050-1996 with (1) The WBN Unit 2 grounding system design is in 329. Y Closed Closed The grounding specification used by 355 7.5.2.

7.5

(

S i

Staff has not found the stated exclusion zone for EMI/RFI Cautions and distance limitations for WBN Unit 1 legacy 330. Y Closed Closed 356 7.5.2.

7.5

(

S i

The attachment number refers to your February 25, 2011 letter.

The loss of the RM-3 output (current to frequency (I/F) 331. Y Closed Closed Closed by TVA 357 7.5.2.

3 7.5 EICB (Singh)

In Attachment 5, Qualification Test Report Supplement, RM-1000 (04508905-1SP), Attachment 6, Qualification Test Report Supplement, I-F Converter Upgrade (04508905-2SP), and 3, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter (04508905-QR), the applicant made a statement that the results for these tests are provided in SE document 04508903-1TR. Please provide SE document 04508903-1TR for the staff to review. IF this report has been submitted earlier then please advise us the letter number and date by which it was submitted. contains GA-ESI qualification report 04508903-1TR Seismic Qualification Test Results RM-1000 and Current-to Frequency (I/F) Converter original release, dated April 1999.

28. N Open-NRC Review 358 7.5.2.

3 7.5 CB (Si ng The attachment numbers refer to your February 25, 2011 letter. In, Wyle Test Report 41991 Safety Shutdown An incomplete response was inadvertently submitted in TVA to NRC letter dated March 31, 2011 (Reference 1). The

29. N Open Due 4/15/11 Open-NRC Review

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Earthquake (SSE) Test Response Spectra (TRS) Plots all five (5) pages, in Attachment 5, General Atomics Electronic Systems 04508905-1SP, page 5-5, Figure 5-2, and in Attachment 23, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter (04508905-QR), page 4-25, Figure 4-5 X-Axis SSE Test Response Spectra (TRS) versus Required Response Spectra (RRS), it shows that the TRS were below the RRS at various frequency (5% Damping). Please provide an explanation regarding why this is acceptable.

following response supersedes the previous response in its entirety.

1., Wyle Test Report 41991 Safety Shutdown Earthquake (SSE) Test Response Spectra (TRS) Plots all five (5) pages. These five Test Response Spectra (TRS) Plots versus Required Response Spectra (RRS) show that the TRS were below the RRS at various frequency (5% Damping).

Please provide an explanation regarding why this is acceptable.

of this letter provides five pages from the first seismic test (Wyle Test report 41991) from GA-ESI report 04508903-1TR, submitted in response to OI-357 on TVA to NRC letter dated March 31, 2011 (Reference 1). The following discussion refers to these pages.

Wyle test report 41991 provided the seismic test results for two RM-1000 monitors (one area monitor and one process monitor) and one I/F converter. During the test, the RM-1000 monitor configured as an area monitor was damaged due to the test table impacting its mechanical stop (see page 4 of Wyle Test Report 41991 attached).

This first test was completed for the RM-1000 monitor configured as a process monitor and the I/F converter.

A second seismic test for the RM-1000 monitor configured as an area monitor and two I/F converters (Wyle Test Report 41991-1) is also included in 04508903-1TR. The RM-1000 monitor used in this second test was the same RM-1000 process monitor used in the first seismic test reconfigured (switch in application type 1 mode) as an area monitor. One of the I/F converters tested was the same I/F converter tested in the first seismic test. This second test was performed to complete the testing which could not be performed during the first seismic test due to the damage to the RM-1000 area monitor and the loss of the high voltage power supply to the I/F converter that occurred during the first seismic test. None of the TRS plots in this second seismic test report 41991-1 were below the RRS.

General Atomics Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter (04508905-QR) refers to both Wyle Reports 41991 and 41991-1 included in report 04508903-1TR. It is recognized that the five TRS Plots versus the RRS where the TRS were below the RRS is an exceedance that must be justified. From Wyle report 41991 it can be determined that these five TRS versus RRS plots are for the seismic response in the front to back panel direction.

The RRS used in the Wyle test reports envelopes the TVA standard RRS shown in Fig 3.1 of TVA Standard Specification CEB-SS-5.10, For Seismic Qualification of Electrical, Mechanical and I&C Devices, submitted on TVA to NRC letter dated February 25, 2011, (Reference

2) below 33 Hz. This TVA standard RRS conservatively

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments envelopes the in panel seismic demand for most TVA applications. For specific cases when required the actual in panel RRS can be developed. Calculation WCG-ACQ-0766, In-Cabinet Required Response Spectra for RM-1000 Radiation Monitors in MCR Panel 2-M-30, Revision 0, (Attachment 3) has been issued to generate the 5% RRS for these safety related RM-1000 monitors, I/F converters and NIM bins for the WBN2 panel (2-M-30) where they will be installed. As can be seen from the RRS plots in calculation WCG-ACQ-0766 the front to back 5% RRS broad band peak is 9.76 g which is lower than the front to back 5% TRS shown in the subject five (5) plots.

2., General Atomics Electronic Systems 04508905-1SP, page 5-5, Figure 5-2. The Figure 5-2 Test Response Spectra (TRS) Plots versus Required Response Spectra (RRS) shows the TRS to be below the RRS at various frequency (5% Damping). Please provide an explanation regarding why this is acceptable.

The display module for the RM-1000 monitors procured for WBN2 differs from that used in previous RM-1000 qualification tests. The seismic qualification basis for the WBN2 display module is established by similarity to the display module used in RM-2000 monitor qualification tests shown on page 5-4 and 5-5 of 04508905-1SP (pages attached). The basis for the similarity discussion is provided on pages 5-2 and 5-3 of 04508905-1SP. The TRS non-exceedance at approximately 6-7 Hz shown on page 5-5 is not applicable to WBN2 since the RRS shown on that figure is not used for WBN2 qualification. The correct comparison for WBN2 would be the TVA standard RRS shown in Fig 3.1 of CEB-SS-5.10 for 5% damping. The TRS shown on page 5-5 meets or exceeds all points of the TVA standard RRS. Therefore, the seismic qualification of the WBN2 display module is provided by pages 5-4 and 5-5 for which the TRS completely envelopes the TVA standard RRS shown in Fig 3.1 of CEB-SS-5.10. Additionally, as previously stated, Calculation WCG-ACQ-0766 was issued to generate the 5% RRS for the WBN2 panel (2-M-30) where the safety related RM-1000 monitors will be installed. The vertical 5% RRS plot in calculation WCG-ACQ-0766 broad band peak is 4.2 g which is lower than the 5% TRS shown in 04508905-1SP, page 5-5, Figure 5-2.

3. 3, Qualification Test Report for RM-1000 Processor Module and Current-To-Frequency Converter (04508905-QR), page 4-25, Figure 4-5 X-Axis SSE Test Response Spectra (TRS) versus Required Response Spectra (RRS) shows the TRS to be below the RRS at various frequency (5% Damping). Please provide an explanation regarding why this is acceptable.

This Figure 4-5 is one of the same figures identified in item 1. See item 1. for the appropriate discussion.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 359 7.7.1.

1 EICB (Carte)

Was the CERPI system developed under a 10 CFR 50 Appendix B compliant program?

CERPI is a non-safety related system. Therefore, 10 CFR 50 Appendix B is not applicable.

30.

Open Due 4/15/11 Open-NRC Review 360 EICB (Garg)

In order for staff to review the acceptability of the Incore Instrumentation System (IIS):

(a) Provide a brief system description of IIS and its regulatory compliance. In your discussion include the discussion of WINCISE and BEACON system which are part of the IIS.

Also provide the differences between the system used at WBN Unit vs. at Unit 2, e.g. Movable vs. fixed IIS. For WINCISE provide the basis for acceptance.

(b) If this system has been accepted by the staff previously at some other plant then provide the reference to that SE.

Identify the document that describes the functionally of the IIS that is identical to the IIS used in the Westinghouse AP1000 reactor design.

(c) If this has not been evaluated by the staff previously, then provide the effect of CCF of this system and its effect on safety system or chapter 15 analysis.

(d) Does this have any interconnection with safety system?

(e) For BEACON provide the acceptability of this system. I believe that this system was accepted at WBN Unit 1. If that is the case then provide the reference to that review. Also provide any differences of this system to the one at WBN Unit 1 system.

(f) Please provide detailed information about the In-core Instrumentation System (IIS) to be installed in Watts Bar Unit

2. This information should indicate how the system meets the requirements established in the Standard Review Plan, including system concept, system requirements, system design, and system development, as well as the regulatory requirements identified for Watts Bar Unit 2.

(g) Please provide a description on how the system will meet the regulatory requirements identified in Table 7.1-1 of the SRP, applicable to the IIS.

(h) Provide detailed description about the connection and communication for the signals to be transmitted from the Core Exit Thermocouples to the Common Q Post Accident Monitoring System (PAMS). Also, describe how this communication will meet the NRC communications regulatory requirements.

(i) Please provide the following Westinghouse document: NO-WBT-002, Westinghouse Incore Information Surveillance &

Engineering (WINCISE') System Technical Manual.

(j) Provide the failure modes and effects analyses for the IIS, documented in calculation WBNOSG4220 WB Incore (a) The Watts Bar Unit 2 In-core Instrumentation System (IIS) replaces all of the functionality provided by the Movable Incore Detector System (MIDS) used at Watts Bar Unit 1. The IIS to be used at Watts Bar Unit 2 is a Westinghouse IN-Core Information, Surveillance, and Engineering (WINCISE) System that is functionally described in Section 7.7.1.9 of the Watts Bar Unit 2 Final Safety Analysis Report (FSAR). The WINCISE-style IIS used at Watts Bar Unit 2 is essentially the same as the in-core power distribution measurement systems used at most Combustion Engineering style of operating reactors that use a type of in-core neutron sensors commonly called "Fixed In-core Detectors (FID)." The Watts Bar Unit 2 IIS is functionally identical to the IIS used in the Westinghouse 1AP1000' reactor design.

The Watts Bar Unit 2 IIS includes the FIDs, Core Exit Thermocouples (CET), FID and CET signal cables, the FID signal processing hardware, and the FID signal processing software. This hardware and software is required to provide the measured signals to the associated BEACON System to periodically determine whether the reactor is operating within design core peaking factor limits. A detailed description of the Watts Bar Unit 2 IIS hardware is provided in the document titled, Westinghouse Incore Information Surveillance &

Engineering (WINCISE) System Technical Manual, NO-WBT-002, Revision 0 supplied by Westinghouse to TVA in September of 2010.

The qualification for the BEACON System to perform the core power distribution measurement function using the Watts Bar Unit 2 WINCISE style IIS instrumentation is documented in the generic NRC Safety Evaluation Reports (SER) provided with WCAP-12472-P-A, BEACON Core Monitoring and Operations Support System, Addendum I-A and Addendum 2-A.

(b) The WINCISE style IIS used at Watts Bar Unit 2 is essentially the same as the in-core power distribution measurement systems used at all Combustion Engineering style of operating reactors that use a type of in-core neutron sensors commonly called "Fixed In-core Detectors (FID)." The Watts Bar Unit 2 IIS is functionally identical to the IIS described in the Westinghouse AP1000 design documents and approved in the Westinghouse AP1000 SER section 7.5.7 as documented in Westinghouse Letter WBT-D-____,

title, dated April 14, 2011 (Attachment 7)

(c) The digital in-core flux monitoring portion of the IIS is non-safety-related. As such, CCF analysis is not required by NUREG-800 section 7.0-A. The IIS has no

31.

Open Due 4/15/11 Open-NRC Review 1 AP-1000 is a registered trademark of the Westinghouse Electric Company LLC

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Instrumentation System Failure Modes and Effects Analyses, and demonstrate how these potential failures do not adversely affect reactor safety.

impact on any Safety Analysis documented in Chapter 15 of the Watts Bar Unit 2 FSAR.

(d) The IIS includes the 1E qualified CET and CET analog signal cables required to allow the CETs to be directly connected to the Common Q Post Accident Monitoring System (PAMS). There is no other interface to safety systems. The CET signals are electrically isolated from signals output from the non-1E FID signals and signal processing electronics.

(e) The qualification for the BEACON System to perform the core power distribution measurement function using the Watts Bar Unit 2 WINCISE style IIS instrumentation is documented in the generic NRC Safety Evaluation Reports (SER) provided with WCAP-12472-P-A. This WCAP generically approves the BEACON System for use at PWR reactors including those using Movable In-core Detector Systems (MIDS) like Watts Bar Unit 1 and, through Addendum I-A and 2-A, those like Watts Bar Unit 2 using a WINCISE type fixed in-core instrumentation system.

The specific differences between the Unit 1 and Unit 2 core power distribution measurement systems are too numerous to simply list. A detailed description of the Watts Bar Unit 2 IIS hardware is provided in section 2 of the WINCISE System Technical Manual NO-WBT-002 (Attachment 5).

(f) NUREG-800 section 7.0-A, Table 7.0-A-1. Review Topics for Various Systems, requires only a limited review for non-safety related system discussed in NUREG-800 section 7.7 Control. WINCISE is a non-safety-related, indication only system within the scope of NUREG-800 section 7.7. The limited review required is:

Control systems receive a limited review as necessary to confirm that control system failures cannot have an adverse effect on safety system functions and will not pose frequent challenges to the safety systems. The only WINCISE interface with a safety-related system is the CET in the IITA which is hardwired to the Common Q PAMS system. See item (g) below for a description of the qualification process that demonstrates that failures in the balance of the WINCISE system do not impact the performance of the safety-related CET function.

(g) With the exception of the IITA hardware, WINCISE is a non-safety-related indication system. The IITA assemblies meet the following criteria:

i.

R.G. 1.26 Rev. 3 Quality Group Classification and Standards for Water, Steam and Radioactive Waste Components of Nuclear Power Plants ii.

R.G. 1.38 Rev. 2 Quality Assurance Requirements for Packaging, Shipping, Receiving, Storage and Handling of Items for Water-Cooled Nuclear Power

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Plants iii.

R.G. 1.71 Rev. 0 Welder Qualification for Areas of Limited Accessibility iv.

R.G. 8.8 Rev. 3 Information Relevant to Ensuring that Occupational Radiation Exposure at Nuclear Power Stations will be As Low As Reasonably Achievable

v.

R.G. 8.19 Rev. 1 Occupational Radiation Dose Assessment in Light-Water Reactor Plants Design State Man-Rem Estimates vi.

R.G. 1.84 Rev. 27 Design and Fabrication Code Case Acceptability - ASME Section III, Division 1R.G. 1.85 Rev. 27 Material Code Case Acceptability - ASME Section III, Division 1 1.1.4 The design, materials, fabrication, inspection, and testing of the IITA shall be in accordance with the ASME Boiler and Pressure Vessel Code,Section III Class 3, and all applicable Code Cases as proposed by the supplier and approved by Westinghouse. Materials shall be in accordance with this specification.

1.1.5 Component Classification - The IITA is classified as an instrument tube, so it is not under the jurisdiction of the ASME per NCA-1130(c). However, the design, primary pressure boundary materials, and NDE Requirements are per ASME Section III, Class 3 and the IITA is classified as Safety Class 2.

The non-safety-related WINCISE Signal Processing System Cabinets are located inside containment and are therefore required to not impact the function of any safety-related equipment. To meet this requirement the cabinets were tested and passed based on the following criteria:

i.

In accordance with WB-DC-40-31.2, Watts Bar Nuclear Plant Seismic Qualification of Category 1 Fluid System Components and Electrical or Mechanical Equipment, Revision 8, November 2000 and U.S. N.R.C. Regulatory Guide 1.100, Seismic Qualification of Electrical and Mechanical Equipment for Nuclear Power Plants, Revision 2, June 1988, the equipment must withstand five OBEs and one SSE without creating missiles. Testing was done in accordance with:

(1)

IEEE Std 344-1975, IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations, Institute of Electrical and Electronics

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Engineers, Inc., 1975 (2)

IEEE Std 344-1987, IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations, Institute of Electrical and Electronics Engineers, Inc., 1987 ii.

In accordance with U.S NRC Regulatory Guide 1.180 Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems, Revision 1, October 2003 and IEEE 323-1983 IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generator Stations, Institute of Electrical and Electronics Engineers, Inc., 1983, the equipment must not generate spurious electromagnetic emissions or suffer some common mode failure due to its operating environment that could directly or indirectly impact the operation of safety-related equipment (1)

IEC 61000-6-2, Electromagnetic compatibility (EMC). Generic Standards. Immunity for Industrial Environments, 2005 (2)

MIL-STD-461E, Requirements for the control of Electromagnetic interference Characteristics of Subsystems and Equipment, August 1999 (3)

IEC 61000-4-4, Electromagnetic compatibility (EMC) - Part 4-4: Testing and Measurement Techniques - Electrical Fast Transient/Burst Immunity Test, 1995 (4)

IEC 61000-4-12, Electromagnetic Compatibility (EMC) - Part 4: Testing and Measurement Techniques, Section 12:

Oscillatory Waves Immunity Tests, 1996 iii.

In order to demonstrate that a maximum expected surge of 600 volts on the power input to the cabinets would not propagate and damage the CET cables in the IITA, the cabinets were surge tested in accordance with IEC 61000-4-5, Electromagnetic compatibility (EMC) - Part 4-5: Testing and Measurement Techniques - Surge Immunity Test, 1995.

(h) The cables for the CETs separate from the FID cables at the seal table. The CETs are connected directly to the Common Q PAMS cabinet. The FIDs are connected directly to the in-containment signal processing system cabinets.

(i) Attachment 5 is the proprietary section 2 Equipment Description of NO-WBT-002, Westinghouse Incore Information Surveillance & Engineering (WINCISE')

System Technical Manual. This is strictly a proprietary

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments document and a non-proprietary version will not be submitted. An affidavit for withholding will be submitted within two weeks of receipt from Westinghouse.

(j) Attachment 6 is the proprietary WINCISE FMEA. A non-proprietary version and affidavit for withholding will be provided within two weeks of receipt from Westinghouse.

Westinghouse is available to discuss any specific questions on the methodology and hardware used in the Watts Bar Unit 2 IIS that the NRC believes are not well defined in the documents listed above.

361 7.7.1.

1 EICB (Carte)

Was the Foxboro IA system developed under a 10 CFR 50 Appendix B compliant program?

Foxboro I/A is a non-safety related system. Therefore, 10 CFR 50 Appendix B is not applicable.

32.

Open Due 4/15/11 Open-NRC Review 362 7.6.1 7.6.7 EICB ( Kemper & Singh)

OI #331 requested TVA to provide information regarding how the Loose Parts Monitoring System (LPMS) in-containment components (e.g., Accelerometer ( including the integral insulated hardline cable), Softline cable, and Remote Charge Preamplifiers) were qualified for vibration as addressed in regulatory position C.1.g of RG 1.133, Rev. 1. TVA responded by stating that TVA has reviewed the information provided by Westinghouse describing how the Loose Part Monitoring System (LPMS) sensor is qualified for normal operating conditions provided in Westinghouse letter WBT-D-2782, dated December 17, 2010 (Reference 11) as addressed in regulatory position C.1.g of Reg. Guide 1.133 and found it acceptable. Vibration qualification is not applicable to the softline cable. Due to the installation location (junction boxes mounted to the shield or fan room walls) and previous seismic qualification, vibration qualification of the charge converter/preamplifier is not required. This completes the response to this item.

However, the staff still desires further clarification on this response. Specifically, please provide a documented basis that demonstrates the LPMS in-containment equipment is qualified for normal operating conditions (e.g., test results compared to the equipment qualification specification), including vibration qualification. Also, provide justification for why vibration qualification if the Remote Charge Preamplifier is not required.

TVA committed to provide a letter on the docket (targeted is for 4/30/2011) stating why the the in-containment equipment has been qualified for vibration per RG 1.133, Rev. 1.

(1) Attachment 4 contains Westinghouse document WBT DMIMS-DX' Seismic Evaluation of the Digital Metal Impact Monitoring System (DMIMS-DX') for Watts Bar Unit 2, EQ-QR-33-WBT, Revision 0 (proprietary). The non-proprietary version and affidavit for withholding will be submitted within two weeks of receipt from Westinghouse.

contains Westinghouse non-proprietary white paper WBT-D-2782, Westinghouse DMIMS-DX In-Containment equipment environmental specifications EQ-EV-71-WBT-P, Revision 1, Environmental Evaluation and Operating History of the Westinghouse DMIMS-DX Preamplifier and Softline Cable Used at Watts Bar 2 dated February 2011 was submitted on TVA to NRC letter dated Februay 25, 2011 (Reference 4).

WEC to address vibration qualification of the accelerometer/hardline cable assembly.

(2) The Remote Charge Preamplifiers are mounted in junction boxes inside containment. The junction boxes are hard mounted either to the crane wall or to a fan room wall. The crane wall and fan room walls are subject to any significant vibration during normal operation.

5.

Open-TVA Open-TVA/Bechtel 363 7.5.1.

1.3 and 7.9.1 7.5.2 EICB (Rahn and Mossman)

OI#199 requested TVA to provide information concerning how TVA plans to meet regulatory criteria for Quality (10 CFR 50.55a(a)(1))

associated with the Technical Support Center and Nuclear Data Link. TVA responded in Letter Dated October 5, 2010, Item 63; however, TVAs response does not address the quality aspects of these system features. A similar question had been asked for Quality Criteria adherence for the SPDS and the BISI functions of TVA Procedure SPP-2.6 Computer Software Control has been superseded by TVA Procedure NPG-SPP-12.7, Computer Software Control, Revision 0, dated December 17, 2010 (Attachment 3).

To ensure quality, the design, testing, and inspection of all Integrated Computer System (ICS) software including a)

6.

Due 4/30/11 Open-TVA/Bechtel

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments the Integrated Computer System. In response to that request (same letter) TVA provided a description of TVA procedures, BISI software development procedures, and various management measures that will be taken to assure high quality in the design, operation, and maintenance of the SPDS and BISI functions of the ICS. Since the TSC and Nuclear Data Link information originates in the SPDS function of the ICS, are there any aspects of the quality measures that apply to the TSC and NDL features developed as part of quality processes for the ICS that are applicable to the data communications features?

Specifically, what is the scope of TVA Procedure SPP-2.6 Computer Software Control? How does it apply to the ICS functions of a) SPDS, b) BISI, and c) TSC and NDL functions?

Wouldnt there be aspects of the quality procedures that apply to the development, maintenance, and operations of the software needed to support the data communications features. Also, what quality measures will be applied to develop, maintain, and operate the hardware that accomplishes the TSC and NDL functions to ensure that these features will be reliable and available when needed?

SPDS, b) BISI and c) Technical Support Center (TSC) and Nuclear Data Link (NDL) functionality is controlled by qualified personnel in accordance with TVA procedure NPG-SPP-12.7. The TSC and NDL functions are provided and performed by the ICS and, in the case of NDL, the Central Emergency Control Center (CECC) computers in Chattanooga.

Any changes to ICS software must be documented and controlled using TVA procedure NPG-SPP-12.7. This includes the a) SPDS, b) BISI and c) TSC and NDL functions. The procedure details controls and processes required for the development, modification, and configuration management of computer software used to support the design, operation, modification, and maintenance of TVAs nuclear power plants consistent with the Nuclear Quality Assurance Plan.

Controls in NPG-SPP-12.7 guide the development and testing of the software changes. Other controls established by this procedure to further maintain quality standards are:

The application custodian implements controls to prevent unauthorized changes to the software.

Changes are made in a non-production environment, and validation testing takes place before the change is installed on the ICS when possible.

Once validation testing begins, the source code is placed under configuration control.

When the modifications are installed on the ICS, an operability test is performed to demonstrate that the software is installed correctly and is functioning correctly in its operating environment.

Documentation related to ICS software changes are QA records.

The software source code is kept in a physically secure, environmentally controlled space to prevent inadvertent changes.

Cyber security considerations are also considered in the storage environment.

The data goes through several validation steps before being presented to the operators.

When redundant sensors are used, the data received by the computer can be processed by software to determine if the quality of one or more points is questionable.

The hardware involved in the TSC and NDL functionality is verified to be operable on a periodic basis.

In the case of the NDL functionality, the ICS transmits the required data to the CECC on a continuous basis. The CECC monitors the status of the ICS data communications and alarms are generated when the link is not active. The Emergency Plan (EP) staff conducts a quarterly test that verifies that NDL data is successfully transmitted from each unit to the NRC.

364 7.5.2.

2 7.5 CB (C

art On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff

1.

Attachment __ contains the evaluation of the Common Q PAMS against the regulatory requirements in IEEE

1.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response:

TVA performed an analysis and concluded that the Common Q PAMS equipment does not need to meet either IEEE 279-1971 or IEEE 603-1991 and so no analysis was performed or provided.

However, SRP (NUREG-0800 Rev. 2 dated March 2007) Section 7.7, Information System Important to Safety, specifically identifies IEEE Std 603-1991 as being applicable to accident monitoring instrumentation. Based upon the review of this item, the staff finds the following open items:

1 TVA to demonstrate that the Common Q PAMS meets the applicable regulatory requirements in IEEE Std 603-1991.

2 TVA to updated FSAR (Amendment 103) Table 7.1-1 to reference IEEE Std 603-1991 for WBN2 Common Q PAMS and Sorento Containment High Radiation Monitors.

Std 603-1991. (Awaiting response from Westinghouse)

2.

Table 7.1-1 will be updated to reference IEEE Std 603-1991 for the Common Q PAMS.

TVA has reviewed the requirements of IEEE Std 603-1991 for the Sorrento Containment High Range Radiation Monitors and determined that IEEE Std 603-1991 is not applicable. IEEE 603-1991 is applicable to actuation systems. While TVA lists the containment high range radiation monitors as RG 1.97 Revision 2 Typa A variables, the classification is not based on the RG 1.97 requirements which states:

Type A, those variables that provide primary information needed to permit the control room operating personnel to take the specified manually controlled actions for which no automatic control is provided and that are required for safety systems to accomplish their safety functions for design basis accident event.

TVA calculation WBN0SG4047, PAM Type "A Variables Determination uses a broader definition.

The calculation definition is:

The type "A variables will be divided into three groups based on the parameter's purpose. The groups are: (1) event identification, (2) event recovery to plant stabilization, and (3) maintaining the stabilized conditions from event recovery to hot standby.

Following a reactor trip, the termination point for transients at WBNP is considered a stabilized condition at hot standby per chapter 15 of the WBN FSAR. Event recovery actions are those manual actions taken to mitigate a design basis accident to a stabilized condition. The plant can be considered stabilized when the plant parameters vary slowly and automatic systems are not being initiated. The diagnostic process consciously performed by the operator via the plant variables to interpret an event indication will be considered as a safety-related operator action regardless of the lack of manual manipulation of equipment. This diagnostic process is necessary to enable the operator to distinguish the "type" of transient and take the correct mitigating actions.

A review of TVA calculation WBN0SG4047 and the associated Emergency Instructions found that there are no operator actions that are meet the RG 1.97 Revision 2 definition for a Type A variable which are based on the containment high range radiation monitors. Based on this review, IEEE 603 is not applicable to the containment high range radiation monitors.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 365 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response:

that WBN2 is not committed in complying with Reg. Guide 1.75Since WBN2 is not committed to RG 1.75 or IEEE-384, no comparison is required However, WBN2 is committed to RG 1.75 Rev. 2, Physical Independence of Electric Systems. RG 1.75 Rev. 3 and IEEE Std. 384-1992 are used, in part, to address IEEE Std 603-1991 Clause 5.6.1. The current NRC staff position for RG 1.75 is documented in Rev. 3. Based upon the review of this item, the staff finds the following open item:

1 TVA to updated FSAR (Amendment 103) Table 7.1-1 to include RG 1.75 Rev. 3 for WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.

The Common Q PAMS was designed to meet the requirements of RG 1.75 Rev. 2. WBN2 did not perform an analysis to RG 1.75 Rev. 3. Based upon the review of this item, the staff finds the following open item:

2 TVA to evaluate Common Q PAMS and the Sorento Containment High Radiation monitor for conformance with RG 1.75 Rev. 3.

2.

Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

366 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response:

TVA stated that the Common Q PAMS equipment fully meets the RG 1.100 Rev. 0 and is compliant with Rev. 3, with exception of testing above 33 Hz, which is not applicable to Watts Bar.

The WBN2 FSAR (Amendment 103) references Regulatory Guide 1.100 Rev. 1 Seismic Qualification of Electrical Equipment for Nuclear Power Plants. The Common Q PAMS was designed to meet the requirements of RG 1.100 Rev. 2. RG 1.100 Rev. 3 is the current revision of this guide and is endorsed by the NRC. RG 1.100 Rev. 3 endorses IEEE 344-2004.

Based upon the review of this item, the staff finds the following open item:

1 TVA to updated FSAR (Amendment 103) Table 7.1-1 to include RG 1.100 Rev. 3 for WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.

or 2

TVA to evaluate Common Q PAMS for conformance with RG 1.100 Rev. 1.

3.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments 367 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response.

The WBN2 FSAR (Amendment 103) references RG 1.153 Rev. 0, Criteria for Safety Systems. The Common Q PAMS is designed to meet the requirements of RG 1.153 Rev. 1. By letter dated February 25, 2010 (ML110620219), TVA stated:

The subject Regulatory Guides [RG 1.153 Rev. 0 & 1]

endorse and reference other standards. Common Q PAMS has been evaluated to comply with the requirements of these other endorsed standards ([Comparison report in this letter titled IEEE-279-1971 to IEEE-603-1991 Comparison]).

Therefore no additional analysis needs to be performed and no further action is necessary.

However, the Comparison report in this letter titled IEEE-279-1971 to IEEE-603-1991 Comparison, stated:

The first of the two standards, IEEE-279, is part of the design basis of WBN2 but is not relevant to Common Q PAMS. The second standard, IEEE-603-1991 is not part of the design basis for the Common Q PAMS forWBN2.

Based on the reasoning quoted above, WBN2 did not evaluate the Common Q PAMS against the criteria of RG 1.153 Rev. 1; therefore, the staff finds the following open item (see also Open Items No. 1 & 2 above.):

1 TVA to evaluate Common Q PAMS for conformance with RG 1.153 Rev. 1.

4.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

368 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response.

The WBN2 FSAR (Amendment 103) references RG 1.152 Rev. 0, Criteria for Digital Computers in Safety Systems of Nuclear Power Plants. The Common Q PAMS was designed to meet the requirements of RG 1.152 Rev. 1. RG 1.152 Rev. 2 is the current revision of this guide and is endorsed by the NRC. By letter dated February 25, 2010 (ML110620219), TVA stated:

RG 1.152 rev 2 endorses ANSI/IEEE-ANS-7-4.3.2-2003, but also provides extra regulatory guidance concerning computer based cyber security. Since this revision was not part of the design basis of WBN2 or Common Q PAMS, the project makes no commitment to the compliance of RG 1.152 rev 2.

Based upon the review of this item, the staff finds the following open item:

1 TVA to evaluate Common Q PAMS for conformance with RG 1.152 Rev. 2. contains the evaluation for Common Q PAMS for conformance with RG 1.152 Revision 2

5.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

369 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response.

The WBN2 FSAR (Amendment 103) references IEEE 7-4.3.2-1982, "IEEE Standard Criteria for Digital Computers in Safety

6.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments Systems of Nuclear Power Generating Stations" as endorsed by Regulatory Guide (RG) 1.152, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants," Revision 0 for the Eagle 21 system. The current regulatory position is documented in RG 1.152 Rev. 2 which endorses IEEE Std 7-4.3.2-2003 as an acceptable method for using digital computers to meet IEEE Std 603-1991. Based upon the review of this item, the staff finds the following open item:

1 WBN2 to updated FSAR Table 7.1-1 to reference IEEE 7-4.3.2-2003 as being applicable to WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.

370 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response.

The WBN2 FSAR (Amendment 103) does not reference RG 1.168, IEEE 1012, or IEEE 1028. IEEE Std 7-4.3.2-2003 indentifies IEEE Std 1012-1998 as normative. RG 1.168 Rev. 1 endorses, with clarifications, IEEE 1012-1998. The current staff positions are documented in RG 1.168 Rev. 1, IEEE 1012-1998, and IEEE 1020-1997. Based upon the review of this item, the staff finds the following open item:

1 WBN2 to updated FSAR Table 7.1-1 to reference RG 1.168 Rev. 1, IEEE 1012-1998, and IEEE 1020-1997 as being applicable to WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.

7.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

371 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response.

The WBN2 FSAR (Amendment 103) does not reference Regulatory Guide 1.209, Guidelines for Environmental Qualification of Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants. Based upon the review of this item, the staff finds the following open item:

1 WBN2 to updated FSAR Table 7.1-1 to reference RG 1.209 and IEEE Std. 323-2003 as being applicable to WBN2 Common Q PAMS and the Sorento Containment High Radiation monitor.

TVA did not docket an evaluation against the criteria in RG 1.209.

Based upon the review of this item, the staff finds the following open item:

2 WBN2 to evaluate Common Q PAMS for conformance with RG 1.209 and IEEE Std. 323-2003.

8.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

372 7.5.2.

2 7.5 EICB (Carte)

On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.

By letter dated 2/25/11 (ML110620219), TVA docketed a response.

The requirements in the SysRS and SRS are not traceable back to the design basis (e.g., IEEE Std 603-1991 Section 4) for the system. The SRS does not include any documented evidence that

1. contains the evaluation for how the Common Q PAMS SysRS and SRS implement the design basis requirements of IEEE 603-1991 Clause 4.
2.
9.

N Open Due 5/15/11 Open-TVA/WEC NNC 4/125/2011: See Open Item No.

81.

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments it was ever independently reviewed in accordance with the 10CFR50 Appendix B Criterion III, Design Control. (Note: It appears that the only Common Q or WBN2 PAMS document that was independently reviewed in accordance with 10 CFR 50 Appendix B requirements is the SysRS.)

Based upon the review of the SysRS and SRS, the staff finds that there is reasonable assurance that the systems fully conform to the applicable guidelines, except for the following open items:

1 TVA to produce an acceptable description of how the SysRS and SRS implement the design basis requirements of IEEE 603-1991 Clause 4.

2 TVA to produce a final SRS that is independently reviewed in accordance with 10CFR50Appendix B, Criterion III Design Control, requirements.

373 7.5.2.

2 7.5 EICB (Carte)

The SDDs do not include any documented evidence that they were independently reviewed in accordance with the 10CFR50 Appendix B Criterion III, Design Control.

Based upon the review of the SDDs, the staff the following open item:

1 TVA to produce final SDDs that are independently reviewed in accordance with 10 CFR50 Appendix B Criterion III, Design Control, requirements.

10. N Open Due 5/15/11 Open-TVA/WEC 374 7.5.2.

2 7.5 EICB (Carte)

By letter dated October 29, 2010 (ML103120711), TVA docketed a draft technical evaluation associated with an engineering design change (ML103120712) that states the Common Q PAMS will require changes in the technical specifications. The technical specifications (TS) have not be received yet for review. The TS will be reviewed once they are received.

1 Confirm/Verify Technical Specification changes associated with Common Q PAMS are acceptable.

1.

The Technical Specification Changes required by implementation of the Common Q PAMS were made in Revision B of the Technical Specifications which were submitted on TVA to NRC letter dated February 2, 2010, Watts Bar Nuclear Plant (WBN) - Unit 2 -

Developmental Revision B of the Technical Specifications (TS), TS Bases, Technical Requirements Manual (TRM), TRM Bases; and Pressure and Temperature Limits Report (PTLR) ADAMS ascension number ML100550326 (Reference 2).

11. N Open Due 5/15/11 Open-TVA/WEC 375 7.7.9 EICB (Alvarado)
1.

During the conference call held on 4/12, the staff requested TVA to provide a description of the differences in hardware and/or software design and implementation of the Incore Instrumentation System instrumentation between WBN2 and WBN1. This information was not included in the 4/15 letter.

When will this be provided?

2.

The response for item g provided by TVA does not describe how the regulatory requirements were met. It only listed the criteria and stated that it passed the test. Also, the criteria for IITA does not list criteria for environmental qualifications of safety-related equipment (e.g., RG 1.29, Environmental Equipment Qualifications). Please provide summary test reports.

3. of the TVA letter 4/15 states that the CET and CET cable assembly, as well as mineral insulated cables and IITA connectors, are EQ and class 1E qualified. Please provide the qualification summary test report for these components.
4. of the TVA letter 4/15 provides the hardware description for the WINCISE (WEC document NO-WBT-002).

Does this document include a section for Software Description? If so, please provide a copy.

12. N Open Open-TVA/WEC

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments

5. of the TVA letter 4/15 describes the functionality of the IIS for Watts Bar unit 2 and the IIS used in AP-1000.

The description provided only describes the similarity for the core exit thermocouple (CET) and the PAMS system.

However, this document does not describe the other components of the IIS (e.g. IITAs). Please clarify if the only similarity between Watts Bar unit 2 and AP-1000 is for the CETs and PAMS, and that there is not similar for the IITAs.

6.

The WCAP-12472-P-A for the BEACON system describes that the system has three operational levels: on line monitoring, tech spec monitor (TSM), and direct margin monitor. For Unit 1, TVA requested approval of the Beacon TSM to be only used as a tech spec monitor for present peaking factor limits. Please confirm that the functionality to be implemented in Unit 2 is the same than the one requested and approved for unit 1. Note Attachment 5 states that the Beacon servers run the Beacon TSM, but it is not clear that this is the only level operating for the IIS.

7.

The SE for use of the Beacon System in Unit 1 states that the BEACON system will be used when thermal power is greater than 25% RTP. Page 129 of Attachment 4 states that the WINCISE system will be capable of performing its required core monitoring functions at or above 20%RTP. Please clarify what the intent is for the Beacon system in Unit 2.

8.

The technical evaluation provided for the Beacon System for unit 1 states that the movable incore detectors (MIDs) are used for periodic calibration of the PDMS when thermal power is greater than 25% RTP. Additionally, the MIDs are used whenever the PDMS is inoperable or whenever power distribution is below 25%. Please explain how this function will be performed with the fix incore detectors and the Beacon system for unit 2.

9.

In the NRC SE for WCAP-12472-P-A for the BEACON system, the staff accepted this system but subject to three conditions. In the TVA submittal for use of the Beacon system in unit 1, TVA described how they met these conditions for Unit 1. Please describe how TVA will meet these conditions for Unit 2.

10. Please clarify the following statement provided in Attachment 4, Page 25: During certain accident scenarios, it is possible for the CETs to see temperatures up to 20 deg F different from Unit 1.
11. Attachment 4 and 5 explained that the Mineral Insulation cable allows the isolation of the core exit thermocouples (1E) and self-powered neutron detector (non-1E) signals. Please provide the analysis that evaluated this separation, as well as the evaluation that show that failure of the non-1E signal wont affect the 1E signal.
12. Page 129 of Attachment 4 states that a minimum of three thermocouples are operable in each quadrant. Table 7.5-2 of the SSER (R.G. 1.97) states that 4 thermocouples should be

Agenda for Weekly Telecom with TVA (I&C Chapter 7 only) rad76F58.docx Open Items to be Resolved for SER Approval No.

SE Sec.

FSAR Sec.

NRC POC Issue TVA Response(s)

Response

Acceptable Y/N Status/ Current Actions Resolution Path RAI No. & Date RAI Resp. Date Comments operable in each quadrant. Please explain if TVA is deviating from the requirements in R.G 1.97, and how this is justified.

Retrieved from "https://kanterella.com/w/index.php?title=ML11136A097&oldid=5279255"