Nuclear Regulatory Commission Request for Comment on Disclosure Letter by Plant Licensees:
NUCLEAR REGULATORY COMMISSION
Proposed Generic Communication
YEAR 2000 READINESS OF COMPUTER SYSTEMS
AT NUCLEAR POWER PLANTS (MA0138)
AGENCY: Nuclear Regulatory Commission
ACTION: Notice of opportunity for public comment
SUMMARY: The Nuclear Regulatory Commission (NRC) is
proposing to issue a generic letter to all holders of operating
licenses for nuclear power plants, except those who have
permanently ceased operations and have certified that fuel
has been permanently removed from the reactor vessel, to
require that all addressees provide certain information
regarding their programs, planned or implemented, to
address the Year 2000 (Y2K) problem in computer systems
at their facilities. In particular, addressees are being asked
to provide written confirmation of implementation of the
programs, and written certification that their facilities are Y2K
ready and in compliance with the terms and conditions of
their licenses and NRC regulations. This information is
being requested under 10 CFR 50.54(f).
The NRC is seeking comment from interested parties
on both the technical and regulatory aspects of the proposed
generic letter presented under the Supplementary
Information heading. In this regard, the NRC encourages
the industry to propose a viable alternative to the generic
letter as a means of providing the necessary assurance to
the NRC that licensees are effectively addressing the Y2K
problem in computer systems at their facilities. Such an
alternative could consist of a voluntary initiative on the part
of the nuclear power industry to obtain licensee inputs and
communicate its findings to the NRC.
The proposed generic letter has been endorsed by the
Committee to Review Generic Requirements (CRGR).
Relevant information that was sent to the CRGR will be
placed in the NRC Public Document Room. The NRC will
consider comments received from interested parties in the
final evaluation of the proposed generic letter. The NRC's
final evaluation will include a review of the technical position
and, as appropriate, an analysis of the value/impact on
licensees. Should this generic letter be issued by the NRC,it
will become available for public inspection in the NRC
Public Document Room.
DATES: Comment period expires [30 days after FRN is
published]. Comments submitted after this date will be
considered if it is practical to do so, but assurance of
consideration cannot be given except for comments
received on or before this date.
ADDRESSEES: Submit written comments to Chief, Rules
and Directives Branch, Division of Administrative Services,
U.S. Nuclear Regulatory Commission, Mail Stop T6-D69,
Washington, DC 20555-0001. Written comments may also
be delivered to 11545 Rockville Pike, Rockville, Maryland,
between 7:45 am to 4:15 pm, Federal workdays. Copies of
written comments received may be examined at the NRC
Public Document Room, 2120 L Street, N.W. (Lower Level),
Washington, D.C.
FOR FURTHER INFORMATION, CONTACT: Matthew
Chiramal, (301) 415-2845
SUPPLEMENTARY INFORMATION:
NRC GENERIC LETTER NO. 98-XX: YEAR 2000
READINESS OF COMPUTER SYSTEMS AT NUCLEAR
POWER PLANTS
Addressees
All holders of operating licenses for nuclear power plants,
except those who have permanently ceased operations
and have certified that fuel has been permanently
removed from the reactor vessel.
Purpose
The U.S. Nuclear Regulatory Commission (NRC) is
issuing this generic letter to require that all addressees
provide the following information regarding their
programs, planned or implemented, to address the Year
2000 (Y2K) problem in computer systems at their
facilities: (1)written confirmation of implementation of
the programs, and (2) written certification that the
facilities are Y2K ready and in compliance with the terms
and conditions of their licenses and NRC regulations.
Description of Circumstances
Simply stated the Y2K computer problem pertains to the
potential inability of computers to correctly recognize
dates beyond the current century, i.e., beginning with
January 1, 2000 and beyond. The problem results from
computer hardware or software that uses two-digit fields
to represent the year. If the Y2K problem is not
corrected, computer systems will be unable to recognize
the change in century and will misread "00," for the year
2000, as 1900. The Y2K problem has the potential to
interfere with the proper operation of any computer
system, any hardware that is microprocessor-based
(embedded software), and any software or database at
nuclear power plants. As a consequence, there is a risk
that affected plant systems and equipment will fail to
function properly.
The Y2K problem is urgent because it has a fixed,
non-negotiable deadline. This matter requires priority
attention because of the limited time remaining to assess
the magnitude of the problem, its associated technical
and cost risks, and resource availability, and to implement
programs that will achieve satisfactory resolution.
Existing reporting requirements under 10 CFR Part 21, 10
CFR 50.72, and 10 CFR 50.73 provide for notification to
the NRC staff of deficiencies, non-conformance and
failures, such as the Y2K problem in safety-related
systems. To date, the NRC staff has not identified nor
received notification from licensees or vendors of digital
protection systems (e.g., Westinghouse, General Electric,
Combustion Engineering, Foxboro, Allen Bradley, or
Framatome/Babcock & Wilcox) that a Y2K problem exists
with safety-related initiation and actuation systems.
However, problems have been identified in non-safety,
but important, computer-based systems. Such systems,
primarily databases and data collection processes
necessary for plant operation that are date driven, may
need to be modified for Y2K compliance. Some examples
of systems and computer equipment that may be affected
by Y2K problems follow:
Security computers
Plant process (data scan, log, and alarm) and
safety parameter display system computers
Emergency response systems
Radiation monitoring systems
Dosimeters and readers
Plant simulators
Engineering programs
Communication systems
Inventory control systems
Surveillance and maintenance tracking systems
Control systems
To alert nuclear power plant licensees to the Y2K
problem, the NRC issued Information Notice (IN) 96-70,
"Year 2000 Effect on Computer System Software," on
December 24, 1996. In IN 96-70 the staff described the
potential problems that nuclear power plant computer
systems and software may encounter as a result of the
change to the new century and how the Y2K issue may
affect NRC licensees. In IN 96-70 the staff encouraged
licensees to examine their uses of computer systems and
software well before the turn of the century and
suggested that licensees consider actions appropriate to
examine and evaluate their computer systems for Y2K
vulnerabilities. The NRC staff also incorporated
recognition of the Y2K concern in the updated Standard
Review Plan (SRP), NUREG-0800, Chapter 7,
"Instrumentation and Control," dated August 1997,
which contains guidance for staff review of computer-based
instrumentation and control systems.
At the Nuclear Utilities Software Management Group
(NUSMG) Year 2000 Workshop, an industry workshop
held in July 1997, nuclear power plant licensees
described their Y2K programs, and gave examples of
areas in which they addressed Y2K issues in order to
ensure the safety and operability of their plants on
January 1, 2000. Some of the issues discussed were the
(1) evaluation of the impact of the Y2K problem on plant
equipment, (2) assessment process involved in the
identification of Y2K affected components, vendors, and
interfaces, (3) development of Y2K testing strategies, and
(4) identification of budget needs to address the Y2K
problem.
The Nuclear Energy Institute (NEI) met with NUSMG and
nuclear plant utility representatives in August 1997 to
formulate an industry-wide plan to address the Y2K issue.
On October 7, 1997, representatives of NEI and NUSMG
met with the NRC staff to discuss actions NEI was taking
to help utilities make their plants "Year 2000 ready." NEI
was preparing a framework document with guidance for
utility use in readying for the Year 2000. The framework
document makes a distinction in terminology between
"Y2K readiness" ("Y2K Ready" is defined as a computer
system or application that has been determined to be
suitable for continued use into the year 2000 even
though the computer system or application is not fully
Y2K Compliant) and "Y2K compliance" ("Y2K Compliant"
is defined as computer systems or applications that
accurately process date/time data (including but not
limited to, calculating, comparing, and sequencing) from,
into and between the twentieth and twenty-first
centuries, the years 1999 and 2000, and leap-year
calculations). NEI/NUSMG issued the framework
document NEI/NUSMG 97-07, "Nuclear Utility Year 2000
Readiness" to all licensees in November 1997. The
document recommends methods for nuclear utilities to
attain Y2K readiness and thereby ensure that their
facilities remain safe and continue to operate within the
requirements of their license. The scope of NEI/NUSMG
97-07 covers software, or software-based systems or
interfaces, whose failure (due to the Y2K problem) would
(1) prevent the performance of the safety function of a
structure, system or component and (2) degrade, impair,
or prevent operability of the nuclear facility.
Discussion
Diverse concerns are associated with the potential impact
of the Y2K problem on nuclear power plants because of
the variety and types of computer systems in use. Some
of the concerns are the (1) scheduling of maintenance
and technical specification surveillance requirements, (2)
use and application of programmable logic controllers and
other commercial off-the-shelf software and hardware, (3)
operation of process control systems, (4) performance of
engineering calculations, and (5) collection of operating
and post-accident plant parameter data.
Some vendors have taken such actions as placing
information on the Internet discussing which of their
products are Y2K compliant, and how the vendor is
addressing the Y2K problem with respect to specific
products, including products purchased by their nuclear
power plant customers. When addressing some of the
particular issues associated with the use and application
of software, it has been found that even if the application
has no apparent date manipulation algorithms, it may still
be affected by a Y2K related problem. For example, a
subroutine that date stamps the header information in
archival tapes regardless of the rest of the content of the
tape may be affected. In addition, although individually
several systems may be "date safe," the integrated
operations that the systems support may be vulnerable to
the Y2K problem. Further, there are potential impacts
from the operating system supporting their
instrumentation system's application software and from
sub-programs (such as calibration and data
recording/reporting) associated with the main application
software.
One application which is common to all power reactor
licensees is the link between plant computers and the
NRC's Emergency Response Data System (ERDS). This
application performs the communication and data
transmission function which provide near real-time data
availability to NRC and state incident response personnel
during declared emergencies. The NRC is currently
performing Y2K related upgrades to ERDS which will
maintain the same communication protocol as the current
system with the exception that either 2-digit or 4-digit
year fields will be accepted. Those licensees that
anticipate changes to their ERDS link should allow time in
their schedules for retesting their systems. NRC
contractors will support requests for testing on a "first
come, first served" basis.
NEI/NUSMG 97-07 suggests a strategy for developing
and implementing a nuclear utility Y2K program. The
strategy recognizes management, implementation, quality
assurance, regulatory considerations, and documentation
as the fundamental elements of a successful Y2K project.
The document contains additional guidance for these
fundamental elements. The recommended components
for management planning are management awareness,
sponsorship, project leadership, project objectives, project
management team, management plan, project reports,
interfaces, resources, oversight, and quality assurance.
The suggested phases of implementation are awareness,
initial assessment (which includes inventory,
categorization, classification, prioritization, and analysis
of initial assessment), detailed assessment (including
vendor evaluation, utility-owned or -supported software
evaluation, interface evaluation, remedial planning),
remediation, Y2K testing and validation, and notification.
The quality assurance (QA) measures apply to project
management QA and implementation QA. Regulatory
considerations include the performance of appropriate
reviews, reporting requirements, and documentation.
Documentation of Y2K program activities and results
includes documentation requirements, project
management documentation, vendor documentation,
inventory lists, checklists for initial and detailed
assessments, and record retention. NEI/NUSMG 97-07
also contains examples of various plans and checklists as
appendices.
The staff believes that the guidance in NEI/NUSMG 97-07,
when properly implemented, will present an
appropriate approach for licensees to address the Y2K
problem at nuclear power plant facilities.
In the course of implementing the Y2K readiness
program, problems could be identified that potentially
impact the licensing basis of the plants. In certain cases,
license amendments may be needed to address the
problem resolution. Licensees should submit such license
amendments to the NRC on a timely basis. The utility
Y2K readiness programs and schedules should have the
flexibility to accommodate such an eventuality. In
addition, licensees are reminded that any changes to their
facilities that impact their current licensing basis must be
reviewed in accordance with existing NRC requirements
and the change properly documented.
Required Response
In order to gain the necessary assurance that addressees
are effectively addressing the Y2K problem and are in
compliance with the terms and conditions of their licenses
and NRC regulations, the NRC staff requires that all
addressees submit a written response to this generic
letter as follows:
(1) Within 90 days of the date of this generic letter,
submit a written response indicating whether or not
you have pursued and are continuing to pursue a Y2K
readiness program as outlined in NEI/NUSMG 97-07.
If you are not conforming to the NEI/NUSMG
guidance, present a brief description of the
program(s) that have already been completed, are
being conducted, or are planned to ensure Y2K
readiness of the computer systems at your
facility(ies). This response should address the
program's scope, assessment process, and plans for
corrective actions (including testing, and schedules).
(2) Upon completing your Y2K readiness program, or, in
any event, no later than July 1, 1999, submit a
written response confirming that your facility is Y2K
ready and in compliance with the terms and
conditions of your license(s) and NRC regulations. In
addition, the response should contain a status report
of work remaining to be done to complete your Y2K
program, including completion schedules. {"Y2K
Ready" is defined as a computer system or
application that has been determined to be suitable
for continued use into the year 2000 even though the
computer system or application is not fully Y2K
Compliant. "Y2K Compliant" is defined as computer
systems or applications that accurately process
date/time data (including but not limited to,
calculating, comparing, and sequencing) from, into
and between the twentieth and twenty-first centuries,
the years 1999 and 2000, and leap-year
calculations.}
Address the written reports to the U.S. Nuclear
Regulatory Commission, Attention: Document Control
Desk, Washington, D.C. 20555-0001, under oath or
affirmation under the provisions of Section 182a, Atomic
Energy Act 1954, as amended, and 10 CFR 50.54(f). In
addition, submit a copy to the appropriate regional
administrator.
Backfit Discussion
This generic letter only requests information from
addressees under the provisions of Section 182a of the
Atomic Energy Act of 1954, as amended, and 10 CFR
50.54(f). The requested information will enable the staff
to verify that each nuclear power plant licensee is
implementing an effective plan to address the Y2K
problem and provide for safe operation of the facility
before January 1, 2000, and is in compliance with the
terms and conditions of their license(s) and NRC
regulations. The following NRC regulations are a basis
for this request:
10 CFR 50.36, "Technical Specifications," paragraph
(c)(3), "Surveillance requirements," and paragraph (c)
(5), "Administrative controls." These relate,
respectively, to requirements relating to test,
calibration, or inspection to assure that the
necessary quality of systems and components is
maintained, and to provisions relating to
management, procedures, record keeping, and
review and audit necessary to assure operation of
the facility in a safe manner.
10 CFR 50.47, "Emergency plans," paragraph (b)(8),
which relates to the provision and maintenance of
adequate emergency facilities and equipment to
support the emergency responses.
Appendix B to 10 CFR Part 50, Criterion III, "Design
Control," requires that design control measures shall
provide for verifying or checking the adequacy of
design, such as by the performance of design
reviews, by the use of alternate or simplified
calculational methods, or by the performance of a
suitable testing program.
Appendix B to 10 CFR Part 50, Criterion XVII,
"Quality Assurance Records," requires that sufficient
records shall be maintained to furnish evidence of
activities affecting quality. The records are to
include, among others, operating logs and results of
reviews.
Appendix E to 10 CFR 50, Section VI, "Emergency
Response Data System" which relates to the
provision and maintenance of licensee links to the
Emergency Response Data System.
In addition, the following requirements from Appendix A
to 10 CFR Part 50, "General Design Criteria for Nuclear
Power Plants", also provide a basis for the request: (In
the statement of consideration (SOC) for the amendment
to 10 CFR Part 50 which added Appendix A, "General
Design Criteria for Nuclear Power Plants," published in
the Federal Register on February 20, 1971, the
Commission noted that the general design criteria added
as Appendix A to Part 50 establish the minimum
requirements for the principal design criteria for water-cooled
nuclear power plants similar in design and location
to plants for which construction permits have been issued
by the Commission. Principal design criteria established
by an applicant and accepted by the Commission will be
incorporated by reference in the construction permit. The
SOC also notes that in considering the issuance of an
operating license under Part 50, the Commission will
require assurance that these criteria have been satisfied in
the detailed design and construction of the facility and
any changes in such criteria are justified. It should be
noted that a proposed Appendix A to 10 CFR Part 50
was published in the Federal Register on July 11, 1967,
and the comments and suggestions received in response
to the notice of proposed rule making and subsequent
developments in the technology and in the licensing
process have been considered in developing the general
design criteria.)
Appendix A to 10 CFR Part 50, General Design
Criterion (GDC) 13, "Instrumentation and control,"
which addresses the provision of appropriate
instrumentation and controls to monitor and control
systems and variables during normal operation,
anticipated operational occurrences, and accident
conditions as appropriate to ensure adequate safety.
Appendix A to 10 CFR Part 50, GDC 19, "Control
room," which requires the provision of a control
room from which actions can be taken to operate the
nuclear plant safely.
Appendix A to 10 CFR Part 50, GDC 23, "Protection
system failure modes," which requires that the
protection system shall be designed to fail into a safe
state or into a state demonstrated to be acceptable
on some other defined basis.
Dated at Rockville, Maryland, this 23rd day of January 1998.
FOR THE NUCLEAR REGULATORY COMMISSION
Jack W. Roe, Acting Director
Division of Reactor Program Management
Office of Nuclear Reactor Regulation
-- Sorry, I received this via e-mail so I don't have the url.
Best regards, Cathleen |
