ML20199B084

From kanterella
Revision as of 08:44, 10 December 2024 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Audit Rept on Implementation of GL 98-01, Year 2000 Readiness of Computer Sys at Npps
ML20199B084
Person / Time
Site: Wolf Creek Wolf Creek Nuclear Operating Corporation icon.png
Issue date: 01/11/1999
From:
NRC (Affiliation Not Assigned)
To:
Shared Package
ML20199B061 List:
References
GL-98-01, GL-98-1, NUDOCS 9901130220
Download: ML20199B084 (24)
v  d  e


Text

-_

. _ ~ _. _ _ _.. _.

\\

i i

U.S. NUCLEAR REGULATORY COMMISSION 1

l OFFICE OF NUCLEAR REACTOR REGULATION (NRR) i AUDIT REPORT ON IMPLEMENTATION OF GENERIC LETTER (GL) 98-01

" YEAR 2000 READINESS OF COMPUTER SYSTEMS AT NUCLEAR POWER PLANTS" l

Docket Nos:

50-482 License No:

NPF-42 Licensee:

Wolf Creek Nuclear Operating Corporation Facility:

Wolf Creek Nuclear Operating Station Location:

Burlington, Kansas Dates:.

November 17 - November 19,1998 Audit Team Members:

Deirdre Spaulding, NRR W. Keith Mortensen, NRR Approved by:

Jared Wermiel, Chief instrumentation and Controls Branch Office of Nuclear Reactor Regulation e

9901130220 990111 PDR ADOCK 05000482 G

PDR ATTACH'JIENT

~'

%q-..y7,,

y

\\

EXECUTIVE

SUMMARY

From November 17,1998 to November 19,1998, the NRC staff conducted an audit of the Year 2000 (Y2K) program at the Wolf Creek Nuclear Operating Station (Wolf Creek).

The purpose of the audit was to (1) assess the effectiveness of the Wolf Creek Nuclear Operating Corporation (the licensee) programs for achieving Y2K readiness, including continued safe operation of the plant as well as compliance with applicable NRC regulations and license conditions with respect to potential Y2K problems, (2) evaluate Y2K program implementati.n to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-31 guidelines for achieving Y2K readiness by July 1,1999, and (3) assess the licenses's contingency plans for addressing risks associated with potential events resulting from Y2K problems. The audit team reviewed sele <:ted licensee documentation regarding Wolf Creek and conducted interviews with cognizant licensee personnel. The results of this audit and subsequent audits at other selected plants will be used by the staff to determine the need for additional action, if any, on Y2K readiness for nuclear power plants.

Based on the audit team's assessment and evaluation of the Wolf Creek Y2K readiness program, the following findings were made:

1. The NEl/NUSMG 97-07 guidance is being followed. The Wolf Creek licensee has not identified any systems needed for safe shutdown as having Y2K problems.
2. Wolf Creek is making use of its existing QA and modification programs and procedures to achieve Y2K readiness. Furthermore, Wolf Creek is engaged in extensive information sharing and interfaces with other entities on the Y2K problem.
3. The need for Y2K contingency planning is understood by the Wolf Creek licensee and in keeping with the NEl/NUSMG 98-07 recommendation, one individual has been designated as the single point of contact for contingency planning.
4. Wolf Creek is at the detailed assessment phase except for the items of minimal significance designated as Limited Use Databases and Spreadsheets, which come under the category of Limited Use Hardware / Software. Y2K readiness for Wolf Creek is scheduled for September 15,1999 and can be ach8eved based on the effort underway.

E. Executive management support was found to be aggressive at Wolf Creek.

Management at Wolf Creek has dedicated the fiscal resources needed for successful completion of the Y2K readiness program.

i 1

2-

1.0 INTRODUCTION

l i

The objectives of the Wolf Creek Nuclear Operating Station (Wolf Creek) Y2K Program audit were to:

l

1. Assess the effectiveness of the Wolf Creek Nuclear Operating Corporation (WCNOC) l programs for achieving Y2K readiness including continued safe operation of the plant as

- well as compliance with applicable NRC regulations and license conditions with respect to potential Y2K problems.

2. - Evaluate Y2K program implementation to assure that the licensee's schedule is in accordance with NRC Generic Letter (GL) 98-01 guidelines for achieving Y2K readiness by l

- July 1,1999.

3. Assess the licensee's contingency plans for addressing risks associated with notential i

events resulting from Y2K prottms.

L The audit was conducted in accordance with the established audit plan (inttp://www.nrc. gov /NRC/Y2K/y2kaudit.html) which was based in part on the guidance l

and requirements contained in the following documents:

- GL 98-01, " Year 2000 Readiness of Computer Systems at Nuclear Power Plants"

- Licensee Response (s) to GL 98-01

- Plant technical specifications and license terms and conditions l

- Applicable NRC regulations

- NEl/NUSMG 97-07, "Nt. clear Utility Year 2000 Readiness" l

- NEl/NUSMG 98-07, " Nuclear Utility Year 2000 Readiness Contingency Planning" l-Prior to the audit at the plant site, the audit team reviewed the Wolf Creek Year 2000 l'

Project Manual, revision 0, dated September 14,1998.

The audit process started with an entrance meeting attended by the Wolf Creek Y2K Sponsor and Y2K Project Manager and other plant personnel, and members of the NRC audit team. Attachment 1 is a list of the attendees. Members of the Wolf Creek Y2K organization described the project organization, the project plan, implementation, and the current status.

Subsequent to the entrance meeting, the audit team reviewed the Wolf Creek Year 2000 Project Manual, associated project documentation, and cortmunicated with the Wolf Creek I

1 Year 2000 team personnel on an on-going basis to resolve questions as they arose. The

- documents reviewed are listed in Attachment 2.

The Wolf Creek Y2K readiness schedule is provided in Table 1.

4 4

~

.m. m a

i 2.0 WOLF CREEK PROJECT DESCRIPTION 2.1 Proiect Oraanization t

The Wolf Creek Year 2000 Project organization consists of the following: (1) WCNOC i

project sponsor (2) WCNOC Y2K Core Team, (3) WCNOC Y2K Extended Team, (4) 4-WCNOC Information Services (IS), (5) plant system owners, (6) quality assurance, (7)

Licensing, (8) procurement, (9) materials engineering and support, (10) financial controls, (11) corporate communications, and (12) all other WCNOC employees.

k i

The WCNOC Project Sponsor is the WCNOC management individual responsible for g

overseeing the entire project for Wolf Creek and is actively involved in the oversight of the project through to its completion.

L The WCNOC Y2K Core Team operates as a cross functional team responsible for day-to-j day coordination of the Y2K project at Wolf Creek. Additionally, the core team acts as the technical and programmatic Y2K resource for Wolf Creek and acts as the primary interface to the owner's Y2K Program Offices and outside organizations. The core team is j

comprised of three people; the Y2K Project Manager, the IS Hardware / Software Lead, and the Non-lS Hardware / Software Lead, also referred to as the Embedded Systems Lead.

3 i

i The Wolf Creek Y2K Extended Team is comprised of representatives from a majority of I

the site organizations that assist in the WCNOC Y2K effort in several ways such as acting as the point of communications between the Y2K Core Team and the site organization for i

which the extended team member is responsible, and, conducting inventory, testing and Y2K issue resolution within that orge, ation. Each plant system owner is responsible for

)

{

the resolution of all Y2K related issues.

The Y2K project team includes the executive sponsor, job sponsor, project manager, IS j~

hardware / software lead, non-IS hardware / software lead, legal interface, regulatory interface, corporate communications interface, controller interface, and, performance improvement and assessment interface.

. The Wolf Creek project plan designates the following as "high level" tasks for their Y2K project: initial inventory, detailed inventory and assessment phases, remediation phase, and issues resolution phase. Initial inventory pertains to the development of the list of items which have not been found to be immune to the Y2K issue. Detailed inventory and assessment pertains to positive identification of all components and applications that are not Y2K-compliant / acceptably ready.

The following are designated as Program Tasks: initial assessment, detailed assessment, remediation, contingency planning, site-wide communications, interface with outside groups, and program assessments. The Wolf Creek licensee used various methods for the initial identification of items to be assessed for Y2K problems including system owner knowledge and review of plant procedures, vendor supplied documentation, and test data.

~

4 The items identified were designated as Y2K suspect, Y2K compliant, Y2K ready, Y2K inert, or Y2K non-compliant. At Wolf Creek, the detailed assessment phase involves testing of components and applications to determine their Y2K status and the gathering of information to be used for remediation planning. Additionally, a parallel activity of contingency planning begain for items that were deemed " mission critical" or important

- to the plant," and, are not " inert."

l The NRC Audit Team examined the manner in which the Wolf Creek licensee defined

" component", " computer", "firmware", and " embedded system", in their Year 2000 Project Plan, and asked for clarification on some of the definitions contained in the Wolf Creek Year 2000 Project Manual. The term " software" is only used in the definition for "Y2K Inert" whereas " system / component " is used in the definitions for "Y2K Compliant,"

"Y2K Ready," and "Y2K Suspect." Since software could also be designated as compliant, I

ready, or suspect, the Audit Team wanted to be sure the application of the terms was consistent by all members of the licensee Y2K project team. Through discussion with site personnel, it was apparent that those involved in the inventory clearly understood the inventory process and that items had been properly identified / addressed. Inadvertent omission of the term " software"in the definitions was noted by the licensee and will be

(

incorporated into the revised Wolf Creek Year 2000 Project Manual which is scheduled to i

be completed by the end of December.

l The inventory of the items initially began with a database of 300,000 plant component items. The 300,000 plant component items identified were found in Wolf Creek's l

configuration status accounting record system (CSARS) database. This list of items was reduced to 40,000 items and then further reduced to 1208 items. The reduction in the list of items was initially achieved by the system experts reviewing the items and making a knowledge-based decision on whether the item contained any softwar?, or firmware/ microprocessors.

2.2.1 Awareness Site awareness of the Y2K problem is an on going activity at Wolf Creek. The Y2K core team continues to communicate the issue with alllevels of site personnel. The target l

audience for Y2K awareness consists of management, subject matter experts and system owners, system engineers, software applicatior' awners and sponsors, support organizations, and general employees.

Awareness at Wolf Creek has been addressed in a number of ways including organizational awareness briefings and distribution of information, Y2K presentations made to the job review board and the major job review board, and sessions held with individual work groups. Additionally, the Wolf Creek licensee set up a separate e-mail address so that plant personnel could submit Y2K inquiries and information to the core team. Weekly Y2K articles appear in the Wolf Creek " Currents" newsletter. Furthermore, the Wolf Creek licensee placed a flyer in personnel paychecks concerning the Y2K issue.

I i

r n ~~

- ~ -

-. ~ - - -

5-2.2.2 initial Assessment Inventory The Y2K team at Wolf Creek approached the identification of items in two ways. One was to compile an inventory of all potential computer-based items at the plant from the information located in various data bases at Wolf Creek. The other was to call upon all Wolf Creek employees to identify, (1) any potential or confirmed Y2K items in their areas of responsibility, or (2) any other items of which they may be aware. Exclusions l

performed on the data were recorded on an " Initial Data Screening Report Form" and serve as a record of how data was pre-screened in preparation for interviews and walk downs.

A review of procedures, training material, and other facility documentation for the occurrence of phrases that would indicate the existence of an internal clock or processor was used to identify applications, systems, and components possibly affected by the Y2K problem. Additionally, the compiling of the initial inventory data-base included information obtained through interviews with system owners, plant walk downs, and communication with vendors and suppliers.

The data collected in the initialinventory were entered into the Litton Enterprise Solutions (LES) 2000 Wolf Creek Inventory Database. Information collected during the initial inventory was used to identify applications, systems, and components that would require further investigation. The items in the intial inventory are those which have not been found to be immune to the Y2K issue. The information collected for the database j

included software or device name, version or model number, description and use, vendor or manufacturer, and Wolf Creek owner or support group. The data also included information regarding the item's importance to safety, plant operability, regulatory commitments, and business considerations. The data collected were used to make in'tial decisions on categorization, classification and prioritization and were also used to determine budget and resource estimates for the detailed assessment phase.

Categorization After the inventory was collected, a categorization of the inventoried items was performed. Categorization is the process that groups applications, systems and components, thus allowing management to effic%+ly assign resources to the classification and prioritization activities. Each ihm included in the initial inventory was assigned to a category. The categories used at % A Greek were similar to those identified in NEl/NUSMG 97-07 as follows:

e IS Infrastructure Hardware / Operating Systems, e

IS Infrastructure Software / Databases, e

Telecommunication equipment, o

Embedded devices,

-e m

m.

-,vse,

~

E-l l

e Building equipment, i

e Limited Use Hardware / Software / Databases, and e

Measuring and test equipment and laboratory equipment.

I Classification 1

Classification is the process by which potential risk factors were evaluated to provide the Y2K team at Wolf Creek with criteria for assigning resources to evaluate and resolve the identified potential Y2K problems. The Y2K team assigned risk categories to facilitate the process of determining the order of performing the detailed assessment of the inventoried items. Two types of risk were defined, (1) date usage risk (DUR), and (2) Safety and Regulatory Risk (SRR). Each risk has three defined category levels.

DUR categories indicate the level of urgency that the date/ time function has on the application, system, or component. DUR assignments were made for IS/ infrastructure and for Limited Use Hardware and Software Applications. The three categories of DUR are:

Cateagry_J Date/ time stamped data or data for long-term averaging, integrating, trending, scheduling, or reporting.

.Q.ateaorv 11 Data used for short-term averaging, integrating, trending, scheduling, or reporting.

Cateoorv lj] Data used for time-independent calculations or operations.

SRR categories indicate the level of impact on plant and personnel safety, continued generating capability, and other facility operating capabilities that the application, system, or component may have if the potential Y2K problem is not resolved and/or mitigated.

SRR assignments were made for Plant Embedded and Telecommunication items and IS Infrastructure and Limited Use Items. The three categories of SRR are:

Cateoorv I The application, system, or component:

e is, of itself, nuclear safety-related, special scope or mission critical equipment, o

Controls a nuclear safety-related application, system, or component, e

May force an immediate or near-immediate plant shutdown, e

is used for nuclear safety-related mtivities or calculations, o

Provides automatic control of critical plant functions, o

May require entry into a technical specification limiting condition for operation (LCO) with a limit of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> or less, or e

May degrade the ability to protect the health and safety of the general public.

Cateaorv ll The application, system, or component:

e May degrade the ability to protect the health and safety of plant personnel, o

May degrade the control of plant habitability systems, o

May require entry into an LCO with a limit of greater than 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />, i'

I I

q y

w-y

+

,+r-,-.

~.. -

7-e

. Is required by regulations or license commitments, or May affect the control or tracking of other critical plant information or operations.

I Cateaorv Ill _ The application, system, or component-e Controls other plant systems, May affect the control or tracking of other plant information or operations, o

is required by quasi-regulatory (e.g. Institute of Nuclear Power Operations (INPO),

e American Nuclear Standards institute (ANSI) requirements, or May affect other non-plant applications or systems not covered by Category I or 11.

e Prioritization The results of the inventory were prioritized to ensure that resources were effectively allocated to high risk, high priority iterr.:.. Generally, for IS Infrastructure and Limited Use items, prioritization followed the following pattern, based on the risk assessment matrix:

PRIORITY Safety and Date Usage Regulatory Risk Risk (DUR)

(SRR) l Critical l

I Critical I

ll High ll l

High ll 11 Medium i

Ill Medium lil I

Low ll Ill Low lli 11 -

Low Ill lll For plant embedded components and telecommunication items, the highest priority category relating to the assigned SRR was used. Building' equipment and measuring, test and lab equipment were directly assigned a priority without using the SRR/DUR categories.

i.

Other' factors beyond the risk categoc.s defined above helped to determine prioritization of the inventory results. These other factors included:

e items known to have Y2K failures or vulnerabilities.

l l

. ~.

. Complexity of testing /remediation strategy. If a system or component might e

require a plant / system / component outage, this item received increased priority over non-outage items with higher risk ratings. Items that required engineering design packages for remediation also received a higher priority, e

The number of items requiring testing /remediation. Where a common component was identified and the number of the items requiring attention was large. this received a higher priority.

e Long leaa-time items received increased priority. These included items that required testing and remediation by outside agencies whose services might become increasingly difficult to obtain as the year 2000 nears.

e Availability of replacement parts and components.

e Management input. WCNOC management had the ultimate authority relative to the risk assessment and prioritization for Wolf Creek equipment.

Analysis of Initial Assessment The inventory has been converted to the LES 2000 Wolf Creek Inventory Database, which will be used to track and record information for each inventoried item. This database provides access to the information needed in the detailed assessment phase of the Y2K Project. The licensee's analysis of the data included reports sorted in several ways, including by classification, component, system, vendor, priority and category.

For each item in the inventory, there is a " unique total," and an overall " total." The term unic,ue totalindicates that several duplicates of the same component are counted as one item, as opposed to the overall total which the several duplicates of the same componet are individually counted items. For example, the licensee inventoried several air monitoring systems manufactured by Erline Instrument Corporation. These air monitoring systems, which are Y2K compliant, are counted once for the unique total and counted individually to arrive at the overall total. In the instance when Y2K testing would be performed on a suspect component, testing would not need to be done on each component if they are determined to be identical.

The limited use database and spread sheets are still being inventoried. Prior to the arrival of the NRC Y2K audit team, plant personnel conducted a "hard-drive clean-up day" in order to ensure that unnecessary limited use software was removed. An example of a limited use item is a computer program to calculate MOV torque, which is usually loaded on an employee's PC.

Wolf Creek contracted with LES to assist in making any needed vendor contacts to obtain Y2K information. The Wolf Creek licensee has developed guidance to review and assess vendor responses. The Wolf Creek licensee will conduct some testing to confirm the accuracy of vendor information. LES also compiles the Y2K information from Utility Service Alliance (USA) members in a database which the Wolf Creek licensee accesses bi-

.g.

weekly. Additional Y2K information is also obtained from the EPRI database on embedded systems. The Wolf Creek licensee will first draw their own conclusion concerning the Y2K readiness / compliance of an item and then review the information in the databases to determine if they need to re-evaluate their conclusion or conduct additional testing.

Table 2 provides the resulting completed and cetegorized Y2K item inventory.

l 2.2.3 Detailed Assessment The purpose of the detailed assessment phase at Wolf Creek is to obtain sufficient information about each inventoried item to determine its expected performance beyond l

December 31,1999. The Wolf Creek licensee uses written checklists to capture the detailed assessment process and provide for documentation and quality assurance of the work performed. Detailed assessment results are used to make decisions regarding actions required to ensure the continued operation of the software or equipment. The detailed assessment is scheduled for completion on June 24,1999, with the detailed assessment of mission criticalitems being completed in early 1999. The following l

activities occur during the detailed assessment phase:

e Perform visual inspection i

i e

Interview user and/or vendor e

Review vendor documentation including manuals and drawings e

Review vendor parts list e

Review start-up procedure e

Review calibration procedure e

Access vendor Internet Website for Y2K compliant / ready information t

Access third-party Internet Websites for Y2K compliant / ready information s.

Review LES 2000 Wolf Creek Inventory Database for identification of other detailed assessment results e.

Access other databases such as EPRI for identification of detailed assessment results e

Review vendor or third party test results e

Perform Y2K testing e

Review computer code including scanning for date references The Wolf Creek Y2K Team developed a vendor assessment questionnaire and cover letter i

that have been sent to all vendors of software, firmware or equipment having an embedded microprocessor. The evaluation of the vendor correspondence is being tracked in the LES 2000 Wolf Creek Inventory Database.

The Wolf Creek licensee has scheduled some items for replacement irrespective of the Y2K issue (for example, some items / systems are obsolete), in some instances, the replacement schedule was accelerated in order to meet the needs of the Y2K schedule.

The replacement items will be Y2K compliant. The Wolf Creek licensee uses the acronym "NTB," not to be assessed, (see Table 2) for those items that were going to be replaced anyway, irrespective of the Y2K problem

l 10 -

l l

The Wolf Creek licensee is performing an assessment of the Wolf Creek supported applications and devices using the same checklists as noted above for outside vendor items. Wolf Creek's methods for determining Y2K readiness of applications and devices l

include knowledge-based decisions, scanning of code, and testing, if testing is utilized to l

determine if a Y2K-suspect application and/or component is Y2K-compliant, it will be performed in accordance with the WCNOC " Year 2000 IS and Embedded Systems Test l

Instructions," and applicable plant procedures.

. Consideration is being given to the plant conditions that are available or needed for a given l

Y2K assessment test. For example, for certain plar,t components for which a spare is available, it may be permissible to bench test the spare. Other components, however may be better tested while resident in their system environment, and may seguire a component, system, or plant outage to test. When testing components for Y2K compliance, the test will be designed to account for any hardware or software interfaces which that component may have with other components or systems, and the resultant impact that testing may have on those interfaces.

For vendor responses that indicate that an application or device is Y2K-ready cr Y2K-compliant, a decision on whether or not to perform assessment testing is required by the Y2K Core Team (with system owner input). This decision will be based on the system risk classification of the item in question, prior experience with the vendor, extent of testing documentation provided by the vendor, and the system owner's knowledge of the item. For components or applications that fail a Y2K assessment test, an analysis will be 1

performed. This analysis will help to determine whether the non-compliant item should be replaced, repaired, retired, of left as-is.

The Performance improvement Request (PIR) is a form used at Wolf Creek to track the progress of a condition that needs attention. The PIR, after evaluation, may become a work request. Tests of plant embedded components will normally be performed using a work request.

l The detailed assessment for nine items which could have had an impact on the upcoming refueling outage has been completed. Two items were initially identified which need to be factored into the outage planning. The first is replacement of the Main Generator Watt Hour Meter. This replacement has been previously planned under a work request. Outage management has noted that this replacement must occur during the refueling outage as a Y2K remediation. The second item is the Programmable Logic Controllers (PLCs) and PC associated with the Fuel Handling Equipment. These devices are stored outside containment after outages and thus would be available for testingmediation (if necessary) without mpact on the outage unless there was a need to do in-situ testing.

3 Additional investigation has indicated that such in-situ testing will not bc necess' ry.

The Wolf Creek licensee uses an information system called MAPPER, for which Y2K l

remediation is necessary. Several applications are encompassed in MAPPER including the flux mapping console, purchasing, health physics, personnel training schedules, and i

periodic surveillance tracking. Sixty-two MAPPER assessments have now been completed along with 44 infrastructure hardware items. Plans are now being finalized to remediate a..

. the non-compliant / ready MAPPER applications.

Thirty detailed assessments have now been completed in the area of non-plant components /IS infrastructure items. Seventeen Wolf Creek communications items have been identified that are common with Western Resources (one of the owners) equipment.

Western Resources has assessed these items and the Wolf Creek licensee has requested their evaluations.

The licensee has determined that there are no microprocessors or software in the equipment necessary for safe shutdown of the plant. Microprocessors have been found in two items that can trip the plant. These are the turbine vibration monitoring equipment and the anticipated transient without scram (ATWS) mitigating system actuation circuitry (AMSAC). These two items are undergoing detailed assessment at this time.

Table 3, " Critical Embedded items Reviewed by the Audit Team," provides the list of eleven critical embedded items for which the folders mre reviewed by the NRC Audit Team. The NRC Audit Team noted the followingregarding these items:

1. The audit team tracked the progress of the folder for the RM-80 Steam Line Vent Monitor from " Suspect" to "Y2K Ready." The team chose to audit this folder because the content of the Asset / System Detail Report attached to the folder showed the status of the item to be " Suspect" while the folder indicated that the item had been found by the system engineer to be "Y2K Ready." The team found that this apparent discrepancy was due only to the fact that the report was printed one day earlier than the date of the entries into the folder. The result of the NRC Audit Team investigation was the confirmation that in this case there was no discrepancy between the content of the folder and the data in the LES 2000 Wolf Creek Inventory Database.
2. The supplier for the RM-11 process radiation monitor is General Atomic Company. The platform for the system is a DEC PDP11-34 mainframe computer. This model computer came into popular use in the early 1970's. It computes dates using the Julian Calendar.

The audit team tracked the progress of this item from " Suspect to "Non-compliant" with the intended approach to remediate the system.

3. The folder for the Model 4190 computer data aquisition system indicated that it is scheduled to be remediated and made Y2K compliant.
4. The Rosemount Model 8712RA12M4 flow transmitter is one of Rosemount's " smart" transmitters. The term " smart" is applied to models that are micro-processor based. A letter from the vendor confirms that this model is Y2K compliant. All transmitters in this model series have date functionality. The licensee judged the transmitter to be Y2K compliant based on information collected from the Rosemount website,
5. See discussion under 4. above..
6. Western Resources, one of the owners of Wolf creek, has investigated the Model JEM

, ~...,,,

- ll main transformer and confirmed that it is not Y2K compliant, it will be replaced with a Y2K compliant model. Information was gathered from the vendor's web site,

7. The assessment showed that the structure in the PROM results in the Model 4120 Fire Protection Panel experiencing failures on dates not usually associated with the Y2K problem. Thus, this system will be remediated. The final testing of this item after upgrade will include these dates in addition to those dates that are part of the licensee's i

usual Y2K tests as identified in their program.

8. The Model 4120 Fire Protection PC Terminal provides an interface to the Fire Protection panel. It has been determined that it is Y2K non-compliant and will be remediated..
9. The existing flux mapping console contains 6 microprocessors, four of which are type 8080A microprocessors on Westinghouse printed circuit cards and two of which are inside separate Hewlett Packard Model 2649A terminals. The existing system will be replaced by a Y2K compliant system.
10. The existing Site Security System controls personnel access throughout the site and was developed around a Digital Equipment Corporation (DEC) PDP11/34 minicomputer.

The PDP11/34 will be replaced by a more modern computer under Wolf Creek Change Package 06571, which includes major changes to multiple assets. Operation of the new system is scheduled for September 1,1999. The Wolf Creek licensee has a contingency plan for controlling site access in the event that readiness of the new system is delayed beyond January 1, 2000.

11. The CEM Digester MDS 2100 has entries in the LES 2000 Wolf Creek Database that the audit team found to be inconsistent with regard to the usual definitions of Y2K.

compliant and Y2K ready. The entry under " compliance" showed the item to be Y2K compliant. The entry under " Milestone" indicates that the utility stillis performing some evaluation. This item was not yet known to be "Y2K Compliant" under the definition found in NEl/NUSMG 97-07. Y2K susceptibility testing is not complete. However, based on discussion with Wolf Creek personnel, it was determined that the system is known to be Y2K ready and can be used as is.

The NRC Audit Team noted that detailed assessments are ongoing for the non-outage plant component group of 472 items. Of these,370 assessments had been completed as of October 23,1998, with the remaining assessments on schedule per the Wolf Creek program plan.

2.2.4 Y2K Testina and Validation The Y2K susceptability test procedure used at Wolf Creek is the result of the combined efforts of the Utilitiy Service Alliance (USA) interaction. The Audit Team witnessed a

1 i

l demonstration of Y2K testing of a desktop PC used by plant personnel, and a demonstration of Y2K testing of the water cleanup / purification control system.

l.

The critical dates used in the PC test were: rollover from 12/30/98 to 1/1/99, which was successful, rollover from 12/30/99 to 1/1/00, which rolled the date back to 1980 (which

' is the DOS default date), rollover from 12/30/00 to 1/1/01, which was succesful, rollover I

from 2/28/00 to 2/29/00 which was successful, and rollover from 2/29/00 to 3/1/00 i

which was successful.

.i For the demonstration of Y2K testing of the water cleanup / purification control system, the following was observed: The Intel 486 PC, (which is the man machine interface (MMI))

was connected to the PLC (Allen Bradley PLC5) control logic. The PLCs were determined to be Y2K compliant but the MMI was not. The Intel 486 PC MMI will be upgraded to a l

Y2K compliant version.

2.2.5 Remediation As applications and devices are confirmed by the detailed assessment process to be Y2K non-compliant, a business decision will be made to repair or replace the item to (1) attain Y2K compliance or readiness, (2) leave the item as-is, or (3) retire the item. If the decision is made to retire the application or component, no further evaluation action is required other than to close any associated Y2K inventory item and document the decision. The associated work request will track the completion of the retirement of the item. If the decision is made to leave the application or component as-is, the item will be further evaluated to determine if any steps need to be taken to make the item Y2K-ready.

Documentation of this evaluation will be submitted with the applicable PIR or work request. If the decision is made to repair or replace the item to make it Y2K-compliant or ready, then the repair or replacement activities will be governed under the applicable plant procedures.

The final segment of the remediation phase is post-modification testing. If a test confirms that Y2K compliance has been attained for a given item, the Y2K-related PIR or work request for that item may be closed. If the item tested proves to be still Y2K non-compliant, the remediation phase becomes iterative and the related modification must be re-visited. Changes to software will be performed within the existing Wolf Creek software i

quality assurance program.

l Wolf Creek has identified the following items as needing remediation due to Y2K problems:

l Nuclear Plant Information System Computer Loose Parts Monitoring System

  • VOTES Test Equipment Radiation Monitor RM-11's

j 14 l

?-

HP Computer System Chemistry. Computer System y

CYBORG Computer Application (Human Rescources and Payroll) 7 Various MAPPER Applications Support Engineering Oil Analysis Program i

Main Transformer Watt Hour Meter -

4'

. Simplex Fire Detection Panels Training Computer Modules Post-Accident Sampling System (PASS)

Pyrotronics System 3 Fire Protection Panel

~ LANCE WIN-DATA Computer Program 14 IS Infrastructure Software items Effluent Management System Supplier Quality.information System -

The following additional items are being remediated for other reasons but also have Y2K problems:

Flux Mapping System Security Computer System

' The Post-Accident Sampling System (PASS) is based on a DEC PDP 11/34 minicomputer and a prograrnmable logic controller (PLC). A request to retire this system is presently in the hands of the NRC and awaiting approval. The request calls for the removal of the computer from the process and for a simplified post-accident sampling process, which will be accomplished by taking fewer samples manually Remediation at Wolf Creek will be required only if the request is denied or the approvalis delayed beyond December 31, 1999, in either of these cases, a workaround has been developed which includes providing for post-accident sampling to be done manually through a backup system until the issue is resolved. The backup system, called PASS Suitcase, already exists at Wolf

~

- Creek and is approved for use as part of the existing post-accident monitoring plan.

2.2.6. Reaulatorv Considerations

- The Wolf Creek licensee indicated that the objectives of their Year 2000 project include ensuring that site-wide activities are coordinated in a manner to maintain Y2K readiness and regulatory commitments. Wolf Creek makes use of existing programs and policies to ensure that appropriate reviews and evaluations are performed and documented for regulatory compliance including those required in accordance with 10 CFR 50.59 for modifications to plant systems, reportability evaluations per 10 CFR 50.72 and 10 CFR 50.73 and 10 CFR Part 21, and operability determinations as required by plant technical specifications.

Existing programs and procedures used at Wolf Creek to address Y2K readiness include (PIR), work orders, existing modification procedures, and existing configuration

~~r : -,

i procedures. The PIR process has resulted in several suggestions for Y2K review items and suggestions for performing an independent internal audit of the Wolf Creek Y2K program.

2.2.7 Continaency Plannina Wolf Creek uses the Y2K contingency planning guidance described in NEl/NUSMG 98 07.

Although no contingency plans have been finalized, some contingency plans are currently being drafted. The Wolf Creek Licensee's approach to contingency planning is to ensure that contingency plans are put in place which ensure that business continuity is maintained through the key Y2K rollover dates. The contingency plans are based on two areas: (1) risk assessment associated with remediation strategy challenges (internal), and (2) external challenges. In keeping with the NEl/NUSMG 98-07 contingency planning guidance, the Wolf Creek licensee has designated a single point of contact for contingency planning.

1 1

2.2.8. Y2K Proaram Manaaement i

Per the NEl/NUSMG 97-07 guidance, the Y2K management plan establishes, organizes, manages, and integrates the diversity of activities required to address Y2K readiness. The Wolf Creek licenses makes use of performance indicators to track the progress of the Y2K Project and provide a graphical representation of the actual work completed against established goals.

The Wolf Creek licensee recognized the importance of interfacing with other organizations to address Y2K readiness, and thus, a member of the Wolf Creek Y2K Core Team acts as liaison to the owners Year 2000 Program Offices. Wolf Creek personnel are involved in Y2K problem information sharing with the USA, NEl, NUSMG, EPRI and the Westinghouse j

Owners Group. A peer assessment of Wolf Creek was conducted by representatives from the Clinton, Ft. Calhoun, and Callaway Nuclear Power Plants (members of USA).

Feedback from this assessment will be incorporated in the revised Wolf Creek Year 2000 Project Plan. Each USA member completes its own Y2K evaluation / testing and then uses other members results to examine its own readiness program results.

Wolf Creek Nuclear Operating Station, has three owners, Western Resources, Kansas City Power and Light, and Kansas Electric Power Cooperative. The owner's Y2K coordinators maintain communication with the Wolf Creek Station Y2K program manager.

Senior management support for the Wolf Creek Y2K effort has been strong and effective.

The Executive Sponsor for the Y2K project is the VP -Engineering with lines of communication to the Executive Sponsor provided directly from the Y2K Project Manager through the Job Sponsor. Funding for the Y2K project has been provided in the budget, and in the event additional resources are needed to address Y2K readiness, they can be

l

, readily provided per the existing approval process.

]

Management oversight of Y2K activities is maintained by means of periodic reports i

provided to Wolf Creek Executives and Owners. in addition, the Y2K problem is an agenda item at the weekly Wolf Creek Executive and monthly Owner's Committee meetings, and reviews are performed by the Owner Internal Audit Group whose reports are submitted to the corporate chief executive officer.

2.2.9-Electrical Grid lasues The Wolf Creek licensee indicated that grid instability as a factor to be included under external risk identification, as part of their Y2K contingency planning effort, which has yet to be developed. The owner, Western Resources incorporated, will interface with NERC to address grid issues consistent with the overall Y2K grid reliability program for the mid-west.

i 3.0 AUDIT TEAM OBSERVATIONS

1. The NEl/NUSMG 97-07 guidance is being followed. At Wolf Creek, Y2K awareness is an on going activity and previously conducted awareness activities included all hands-meetings, newsletters, and a Y2K information flyer included with employee paychecks.

The Wolf Creek licensee has not identified any systems needed for safe shutdown as having Y2K problems.

i

2. Wolf Creek is making use of its existing QA and modification programs and procedures j

to achieve Y2K readiness. Furthermore, Wolf Creek is engaged in information sharing and I

interfaces with other entities including NEl, NUSMG, The Westinghouse Owners Group, l

-the Utility Service Alliance (USA), and the Callaway Nuclear Power Plant. Wolf Creek has participated in peer reviews and will incorporate recommendations from those reviews in the next version of the Wolf Creek Year 2000 Project Plan.

3. _ The need for Y2K contingency planning is understood by the Wolf Creek licensee and l

in keeping with the NEl/NUSMG 98-07 recommendation, one individual has been l-designated as the single point of contact for contingency planning.

4. Wolf Creek is at the detailed assessment phase except for the items of minima!

significance designated as Limited Use Databases and Spreadsheets, which come under l

the category of Limited Use Hardware / Software. Y2K readiness for Wolf Creek is l

scheduled for September 15,1999. The licensee will provide a status of remaining Y2K j-

. readiness work in their second Generic Letter 98-01 response due July 1,1999. The l

audit team believes the readiness date can be achieved based on the efforts underway by the licensee.

l

l l-I

- 17.-

5. Executive Management support is found to be aggressive at Wolf Creek. Management p_

at Wolf Creek has dedicated the fiscal resources needed for successful completion of the j

Y2K readiness program. Wolf Creek management has made it a point to maintain awareness of the Wolf Creek Y2K readiness efforts through weekly meetings and on-going communication with mornbers of Wolf Creek Y2K Team.

i

{'.

l

[ t Table 1 Wolf Creek Project Plan Schedule Activity Startina Date Finishira Date Awareness 1997 August 27,1999 Initial Assessment May 1998 November 30,1998 Detailed July 6,~ 1998 June 24,1999 l

Assessment / analysis Individual October 7,1997 September 15, j

Remediation 1999 i

Contingency Planning November 16 March 16,1999 1998 l

l l

l' l

l l

l f'

f L

v

, i TABLE 2 INVENTORY

  • INERT READY SUS-NTB COMPLIANT NON-TOTAL PECT ASSESSED COMPLIANT l

PLANT Unique 271 33-137 49 20 8

518 l

COMPONENT Total ITEMS t.

l Total 567 192 371 51 43 11 1125 l

18 Unique 4

0 287 23 231 118 663 INFRASTRUCTURE Total ITEMS l

Total 4

0 794 28 881 632 2339 MEASUREMENT, Unique 42 28 135 0

15 1

221 TEST & LAB Total ITEMS Total 69 38 440 0

62 1

610 COMMUNICATION Unique O

O 20 6

0 1

56 ITEMS Total Total O

O 20 6

0 1

112 FACILITY ITEMS Unique 4

3 47 1

1 0

56 Total

[

Total 6

3 97 3

3 0

112 LIMITED USE Unique 0

0 205 0

0 0

205-ITEMS Total Total O

O 205 0

0 0

205 "The licensee makes a distinction between " unique total" and " total." Unique Total refers

(

to a component being counted as one item although there may be multiple identical items whereas total refers to the absolute total of items.

4

=:

c i l

Table 3 - Critical Embedded items Reviewed by the Audit Team I

Asset Description / System Compliance Intended (Manufacturer)

Approach 1

Model RM-80/ Steam Line Vent Monitoring (General Y2K Ready Leave as is Atomic Company) 2 Model RM-11/ Cont. Process Radiation Monitor (General Non-compliant Remediate Atomic Company) 3 Model 4190/ Computer Data Acquisition and Trending Suspect Remediate (Graver Water) 4 Model 8712RAl2M4 Flow Transmitter / Discharge Header Compliant Leave as is (Rosemount) 5 Model 8712RA12M4 Flow Transmitter / Discharge of Compliant Leave as is ECG01 A, B, & C (Rosemount) 6 Model JEMil Main Transformer /WHM/in-out (Scientific Non-compliant Remediate Columbus, JEMTEC) 7 Model 4120 Fire Protection Panel (Simplex)

Non-compliant Remediate 8

Model 4120 Fire Protection PC Terminal (Simplex)

Non-compliant Remediate 9

Flux Mapping Console (Westinghouse)

Non-compliant Remediate 10 PDP11/34 Site Security System (Wolf Creek Design Non-compliant Modify Engineering Department) 11 Model 924070 CEM Digester MDS 2100 (CEM Corp.)

Compliant Leave as is I

l i

. LIST OF ATTENDEES ENTRANCE MEETING - November 17,1998 Lonie Ashurst WCNOC Mary Brinkman WCNOC Britt McKinney WCNOC Kevin Moles WCNOC Bob Kahn.

KCP&L Richard Robinson WCNOC Keith Mortensen USNRC Deirdre Spaulding USNRC Kim Savage Western Resources Dean Wilson We. stern Resources Mark Klug WCNOC Roy Andrews WCNOC Mario De La Cruz WCNOC Lee Jones WCNOC Gene Lawson WCNOC Peter Martin WCNOC Tony Harris WCNOC Bill Eales WCNOC ATTACHMENT 1

, EXIT MEETING - November 19,1998

~

Roy Andrews WCNOC Jack Pippin WCNOC Cathy Autrey.

WCNOC Rick Muench WCNOC

. Tony Harris WCNOC Glen Seier-WCNOC

~ Clarence Rich WCNOC Ed Peterson WCNOC Mark Klug WCNOC

- Michael McCrady WCNOC Terry Garrett WCNOC Richard Flannigan WCNOC.

Cara Codney Coffey County Republican - Reporter Keith Harvey WCNOC Janet Rinehart Western Resources Deirdre Spaulding USNRC Mary Brinkman WCNOC L.- E. Ellershaw USNRC Joe Colaccino USNRC Gary Boyer WCNOC Britt McKinney WCNOC David Knox WCNOC Krista Klaus KCTV - Reporter Bill.Lindsay KCTV - Photographer Kevin Moles.

WCNOC Wm. R. Laurence KSNP - Reporter Ken Hughes.

WCNOC Chris Youn#e WCNOC John Johnson

.WCNOC Bill Eales WCNOC David Oelrichs.

Callaway Ed Schmotzer WCNOC Dean Wilson WCNOC Keith Mortensen USNRC Jeannene Ryan WCNOC Chris Reekie.

WCNOC k

ATTACHMENT 1 u

1' LIST OF DOCUMENTS REVIEWED Wolf Creek Year 2000 Project Manual, Revision 0, dated September 14,1998 Portions of Wolf Creek Draft Y2K Testing Plan Wolf Creek Entrance Meeting Slides Handout, " Year 2000 Readiness Program," dated November 17,1998 Letter from Audit Services, Kansas City Power and Light, to Rick Muench, Kevin Moles, and Bill Eales,

Subject:

Review of Year 2000 Project - WCNOC, dated August 18,1998 NEl/NUSMG 97-07, " Nuclear Utility Year 2000 Readiness," dated October 1997 NEl/NUSMG 98-07, " Nuclear Utility Year 2000 Readiness Contingency Planning," dated August 1998 NRC Generic Letter No. 98-01, " Year 2000 Readiness of Computer Systems at Nuclear Power Plants," dated May 11,1998 Wolf Creek Nuclear Operating Corporation, " Year 2000 IS and Embedded Systems Test Instructions," Document Al-15E 002, Rev. O, non-dated Draft Version Nuclear Power Plant Year 2000 Peer Assessment Checklist, non-dated Draft Version l

l

's ATTACHMENT 3 w

,_,

Retrieved from "https://kanterella.com/w/index.php?title=ML20199B084&oldid=4091296"