[Federal Register Volume 63, Number 19 (Thursday, January 29, 1998)]
[Notices]
[Pages 4498-4501]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-2182]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
Proposed Generic Communication; Year 2000 Readiness of Computer
Systems at Nuclear Power Plants (MA0138)
AGENCY: Nuclear Regulatory Commission.
ACTION: Notice of opportunity for public comment.
-----------------------------------------------------------------------
SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to issue
a generic letter to all holders of operating licenses for nuclear power
plants, except those who have permanently ceased operations and have
certified that fuel has been permanently removed from the reactor
vessel, to require that all addressees provide certain information
regarding their programs, planned or implemented, to address the Year
2000 (Y2K) problem in computer systems at their facilities. In
particular, addressees are being asked to provide written confirmation
of implementation of the programs, and written certification that their
facilities are Y2K ready and in compliance with the terms and
conditions of their licenses and NRC regulations. This information is
being requested under 10 CFR 50.54(f).
The NRC is seeking comment from interested parties on both the
technical and regulatory aspects of the proposed generic letter
presented under the Supplementary Information heading. In this regard,
the NRC encourages the industry to propose a viable alternative to the
generic letter as a means of providing the necessary assurance to the
NRC that licensees are effectively addressing the Y2K problem in
computer systems at their facilities. Such an alternative could consist
of a voluntary initiative on the part of the nuclear power industry to
obtain licensee inputs and communicate its findings to the NRC.
The proposed generic letter has been endorsed by the Committee to
Review Generic Requirements (CRGR). Relevant information that was sent
to the CRGR will be placed in the NRC Public Document Room. The NRC
will consider comments received from interested parties in the final
evaluation of the proposed generic letter. The NRC's final evaluation
will include a review of the technical position and, as appropriate, an
analysis of the value/impact on licensees. Should this generic letter
be issued by the NRC, it will become available for public inspection in
the NRC Public Document Room.
DATES: Comment period expires March 2, 1998. Comments submitted after
this date will be considered if it is practical to do so, but assurance
of consideration cannot be given except for comments received on or
before this date.
ADDRESSES: Submit written comments to Chief, Rules and Directives
Branch, Division of Administrative Services, U.S. Nuclear Regulatory
Commission, Mail Stop T6-D69, Washington, DC 20555-0001. Written
comments may also be delivered to 11545 Rockville Pike, Rockville,
Maryland, between 7:45 am to 4:15 pm, Federal workdays. Copies of
written comments received may be examined at the NRC Public Document
Room, 2120 L Street, N.W. (Lower Level), Washington, D.C.
FOR FURTHER INFORMATION CONTACT: Matthew Chiramal, (301) 415-2845.
SUPPLEMENTARY INFORMATION:
NRC Generic Letter No. 98-XX: Year 2000 Readiness of Computer Systems
at Nuclear Power Plants
Addressees
All holders of operating licenses for nuclear power plants, except
those who have permanently ceased operations and have certified that
fuel has been permanently removed from the reactor vessel.
Purpose
The U.S. Nuclear Regulatory Commission (NRC) is issuing this
generic letter to require that all addressees provide the following
information regarding their programs, planned or implemented, to
address the Year 2000 (Y2K) problem in computer systems at their
facilities: (1) written confirmation of implementation of the programs,
and (2) written certification that the facilities are Y2K ready and in
compliance with the terms and conditions of their licenses and NRC
regulations.
Description of Circumstances
Simply stated the Y2K computer problem pertains to the potential
inability of computers to correctly recognize dates beyond the current
century, i.e., beginning with January 1, 2000 and beyond. The problem
results from computer hardware or software that uses two-digit fields
to represent the year. If the Y2K problem is not corrected, computer
systems will be unable to recognize the change in century and will
misread ``00,'' for the year 2000, as 1900. The Y2K problem has the
potential to interfere with the proper operation of any computer
system, any hardware that is microprocessor-based (embedded
[[Page 4499]]
software), and any software or database at nuclear power plants. As a
consequence, there is a risk that affected plant systems and equipment
will fail to function properly.
The Y2K problem is urgent because it has a fixed, non-negotiable
deadline. This matter requires priority attention because of the
limited time remaining to assess the magnitude of the problem, its
associated technical and cost risks, and resource availability, and to
implement programs that will achieve satisfactory resolution.
Existing reporting requirements under 10 CFR part 21, 10 CFR 50.72,
and 10 CFR 50.73 provide for notification to the NRC staff of
deficiencies, non-conformance and failures, such as the Y2K problem in
safety-related systems. To date, the NRC staff has not identified nor
received notification from licensees or vendors of digital protection
systems (e.g., Westinghouse, General Electric, Combustion Engineering,
Foxboro, Allen Bradley, or Framatome/Babcock & Wilcox) that a Y2K
problem exists with safety-related initiation and actuation systems.
However, problems have been identified in non-safety, but important,
computer-based systems. Such systems, primarily databases and data
collection processes necessary for plant operation that are date
driven, may need to be modified for Y2K compliance. Some examples of
systems and computer equipment that may be affected by Y2K problems
follow:
Security computers
Plant process (data scan, log, and alarm) and safety parameter
display system computers
Emergency response systems
Radiation monitoring systems
Dosimeters and readers
Plant simulators
Engineering programs
Communication systems
Inventory control systems
Surveillance and maintenance tracking systems
Control systems
To alert nuclear power plant licensees to the Y2K problem, the NRC
issued Information Notice (IN) 96-70, ``Year 2000 Effect on Computer
System Software,'' on December 24, 1996. In IN 96-70 the staff
described the potential problems that nuclear power plant computer
systems and software may encounter as a result of the change to the new
century and how the Y2K issue may affect NRC licensees. In IN 96-70 the
staff encouraged licensees to examine their uses of computer systems
and software well before the turn of the century and suggested that
licensees consider actions appropriate to examine and evaluate their
computer systems for Y2K vulnerabilities. The NRC staff also
incorporated recognition of the Y2K concern in the updated Standard
Review Plan (SRP), NUREG-0800, Chapter 7, ``Instrumentation and
Control,'' dated August 1997, which contains guidance for staff review
of computer-based instrumentation and control systems.
At the Nuclear Utilities Software Management Group (NUSMG) Year
2000 Workshop, an industry workshop held in July 1997, nuclear power
plant licensees described their Y2K programs, and gave examples of
areas in which they addressed Y2K issues in order to ensure the safety
and operability of their plants on January 1, 2000. Some of the issues
discussed were the (1) evaluation of the impact of the Y2K problem on
plant equipment, (2) assessment process involved in the identification
of Y2K affected components, vendors, and interfaces, (3) development of
Y2K testing strategies, and (4) identification of budget needs to
address the Y2K problem.
The Nuclear Energy Institute (NEI) met with NUSMG and nuclear plant
utility representatives in August 1997 to formulate an industry-wide
plan to address the Y2K issue. On October 7, 1997, representatives of
NEI and NUSMG met with the NRC staff to discuss actions NEI was taking
to help utilities make their plants ``Year 2000 ready.'' NEI was
preparing a framework document with guidance for utility use in
readying for the Year 2000. The framework document makes a distinction
in terminology between ``Y2K readiness'' (``Y2K Ready'' is defined as a
computer system or application that has been determined to be suitable
for continued use into the year 2000 even though the computer system or
application is not fully Y2K Compliant) and ``Y2K compliance'' (``Y2K
Compliant'' is defined as computer systems or applications that
accurately process date/time data (including but not limited to,
calculating, comparing, and sequencing) from, into and between the
twentieth and twenty-first centuries, the years 1999 and 2000, and
leap-year calculations). NEI/NUSMG issued the framework document NEI/
NUSMG 97-07, ``Nuclear Utility Year 2000 Readiness'' to all licensees
in November 1997. The document recommends methods for nuclear utilities
to attain Y2K readiness and thereby ensure that their facilities remain
safe and continue to operate within the requirements of their license.
The scope of NEI/NUSMG 97-07 covers software, or software-based systems
or interfaces, whose failure (due to the Y2K problem) would (1) prevent
the performance of the safety function of a structure, system or
component and (2) degrade, impair, or prevent operability of the
nuclear facility.
Discussion
Diverse concerns are associated with the potential impact of the
Y2K problem on nuclear power plants because of the variety and types of
computer systems in use. Some of the concerns are the (1) scheduling of
maintenance and technical specification surveillance requirements, (2)
use and application of programmable logic controllers and other
commercial off-the-shelf software and hardware, (3) operation of
process control systems, (4) performance of engineering calculations,
and (5) collection of operating and post-accident plant parameter data.
Some vendors have taken such actions as placing information on the
Internet discussing which of their products are Y2K compliant, and how
the vendor is addressing the Y2K problem with respect to specific
products, including products purchased by their nuclear power plant
customers. When addressing some of the particular issues associated
with the use and application of software, it has been found that even
if the application has no apparent date manipulation algorithms, it may
still be affected by a Y2K related problem. For example, a subroutine
that date stamps the header information in archival tapes regardless of
the rest of the content of the tape may be affected. In addition,
although individually several systems may be ``date safe,'' the
integrated operations that the systems support may be vulnerable to the
Y2K problem. Further, there are potential impacts from the operating
system supporting their instrumentation system's application software
and from sub-programs (such as calibration and data recording/
reporting) associated with the main application software.
One application which is common to all power reactor licensees is
the link between plant computers and the NRC's Emergency Response Data
System (ERDS). This application performs the communication and data
transmission function which provide near real-time data availability to
NRC and state incident response personnel during declared emergencies.
The NRC is currently performing Y2K related upgrades to ERDS which will
maintain the same communication protocol as the current system with the
exception that either 2-digit or 4-digit year fields will be accepted.
Those licensees that anticipate changes to their ERDS link should allow
time in their schedules for retesting their systems. NRC contractors
[[Page 4500]]
will support requests for testing on a ``first come, first served''
basis.
NEI/NUSMG 97-07 suggests a strategy for developing and implementing
a nuclear utility Y2K program. The strategy recognizes management,
implementation, quality assurance, regulatory considerations, and
documentation as the fundamental elements of a successful Y2K project.
The document contains additional guidance for these fundamental
elements. The recommended components for management planning are
management awareness, sponsorship, project leadership, project
objectives, project management team, management plan, project reports,
interfaces, resources, oversight, and quality assurance. The suggested
phases of implementation are awareness, initial assessment (which
includes inventory, categorization, classification, prioritization, and
analysis of initial assessment), detailed assessment (including vendor
evaluation, utility-owned or -supported software evaluation, interface
evaluation, remedial planning), remediation, Y2K testing and
validation, and notification. The quality assurance (QA) measures apply
to project management QA and implementation QA.
Regulatory considerations include the performance of appropriate
reviews, reporting requirements, and documentation. Documentation of
Y2K program activities and results includes documentation requirements,
project management documentation, vendor documentation, inventory
lists, checklists for initial and detailed assessments, and record
retention. NEI/NUSMG 97-07 also contains examples of various plans and
checklists as appendices.
The staff believes that the guidance in NEI/NUSMG 97-07, when
properly implemented, will present an appropriate approach for
licensees to address the Y2K problem at nuclear power plant facilities.
In the course of implementing the Y2K readiness program, problems
could be identified that potentially impact the licensing basis of the
plants. In certain cases, license amendments may be needed to address
the problem resolution. Licensees should submit such license amendments
to the NRC on a timely basis. The utility Y2K readiness programs and
schedules should have the flexibility to accommodate such an
eventuality. In addition, licensees are reminded that any changes to
their facilities that impact their current licensing basis must be
reviewed in accordance with existing NRC requirements and the change
properly documented.
Required Response
In order to gain the necessary assurance that addressees are
effectively addressing the Y2K problem and are in compliance with the
terms and conditions of their licenses and NRC regulations, the NRC
staff requires that all addressees submit a written response to this
generic letter as follows:
(1) Within 90 days of the date of this generic letter, submit a
written response indicating whether or not you have pursued and are
continuing to pursue a Y2K readiness program as outlined in NEI/NUSMG
97-07. If you are not conforming to the NEI/NUSMG guidance, present a
brief description of the program(s) that have already been completed,
are being conducted, or are planned to ensure Y2K readiness of the
computer systems at your facility(ies). This response should address
the program's scope, assessment process, and plans for corrective
actions (including testing, and schedules).
(2) Upon completing your Y2K readiness program, or, in any event,
no later than July 1, 1999, submit a written response confirming that
your facility is Y2K ready and in compliance with the terms and
conditions of your license(s) and NRC regulations. In addition, the
response should contain a status report of work remaining to be done to
complete your Y2K program, including completion schedules. {``Y2K
Ready'' is defined as a computer system or application that has been
determined to be suitable for continued use into the year 2000 even
though the computer system or application is not fully Y2K Compliant.
``Y2K Compliant'' is defined as computer systems or applications that
accurately process date/time data (including but not limited to,
calculating, comparing, and sequencing) from, into and between the
twentieth and twenty-first centuries, the years 1999 and 2000, and
leap-year calculations.}
Address the written reports to the U.S. Nuclear Regulatory
Commission, Attention: Document Control Desk, Washington, D.C. 20555-
0001, under oath or affirmation under the provisions of Section 182a,
Atomic Energy Act 1954, as amended, and 10 CFR 50.54(f). In addition,
submit a copy to the appropriate regional administrator.
Backfit Discussion
This generic letter only requests information from addressees under
the provisions of Section 182a of the Atomic Energy Act of 1954, as
amended, and 10 CFR 50.54(f). The requested information will enable the
staff to verify that each nuclear power plant licensee is implementing
an effective plan to address the Y2K problem and provide for safe
operation of the facility before January 1, 2000, and is in compliance
with the terms and conditions of their license(s) and NRC regulations.
The following NRC regulations are a basis for this request:
10 CFR 50.36, ``Technical Specifications,'' paragraph
(c)(3), ``Surveillance requirements,'' and paragraph (c) (5),
``Administrative controls.'' These relate, respectively, to
requirements relating to test, calibration, or inspection to assure
that the necessary quality of systems and components is maintained, and
to provisions relating to management, procedures, record keeping, and
review and audit necessary to assure operation of the facility in a
safe manner.
10 CFR 50.47, ``Emergency plans,'' paragraph (b)(8), which
relates to the provision and maintenance of adequate emergency
facilities and equipment to support the emergency responses.
Appendix B to 10 CFR Part 50, Criterion III, ``Design
Control,'' requires that design control measures shall provide for
verifying or checking the adequacy of design, such as by the
performance of design reviews, by the use of alternate or simplified
calculational methods, or by the performance of a suitable testing
program.
Appendix B to 10 CFR Part 50, Criterion XVII, ``Quality
Assurance Records,'' requires that sufficient records shall be
maintained to furnish evidence of activities affecting quality. The
records are to include, among others, operating logs and results of
reviews.
Appendix E to 10 CFR 50, Section VI, ``Emergency Response
Data System'' which relates to the provision and maintenance of
licensee links to the Emergency Response Data System.
In addition, the following requirements from Appendix A to 10 CFR
part 50, ``General Design Criteria for Nuclear Power Plants'', also
provide a basis for the request: (In the statement of consideration
(SOC) for the amendment to 10 CFR part 50 which added Appendix A,
``General Design Criteria for Nuclear Power Plants,'' published in the
Federal Register on February 20, 1971, the Commission noted that the
general design criteria added as Appendix A to Part 50 establish the
minimum requirements for the principal design criteria for water-cooled
nuclear power plants similar in design and location to plants for which
construction permits have been issued
[[Page 4501]]
by the Commission. Principal design criteria established by an
applicant and accepted by the Commission will be incorporated by
reference in the construction permit. The SOC also notes that in
considering the issuance of an operating license under part 50, the
Commission will require assurance that these criteria have been
satisfied in the detailed design and construction of the facility and
any changes in such criteria are justified. It should be noted that a
proposed Appendix A to 10 CFR part 50 was published in the Federal
Register on July 11, 1967, and the comments and suggestions received in
response to the notice of proposed rule making and subsequent
developments in the technology and in the licensing process have been
considered in developing the general design criteria.)
Appendix A to 10 CFR part 50, General Design Criterion
(GDC) 13, ``Instrumentation and control,'' which addresses the
provision of appropriate instrumentation and controls to monitor and
control systems and variables during normal operation, anticipated
operational occurrences, and accident conditions as appropriate to
ensure adequate safety.
Appendix A to 10 CFR part 50, GDC 19, ``Control room,''
which requires the provision of a control room from which actions can
be taken to operate the nuclear plant safely.
Appendix A to 10 CFR part 50, GDC 23, ``Protection system
failure modes,'' which requires that the protection system shall be
designed to fail into a safe state or into a state demonstrated to be
acceptable on some other defined basis.
Dated at Rockville, Maryland, this 23rd day of January 1998.
For the Nuclear Regulatory Commission.
Jack W. Roe,
Acting Director, Division of Reactor Program Management, Office of
Nuclear Reactor Regulation.
[FR Doc. 98-2182 Filed 1-28-98; 8:45 am]
BILLING CODE 7590-01-P
