[Federal Register Volume 63, Number 64 (Friday, April 3, 1998)]
[Notices]
[Pages 16592-16594]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-8771]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
Proposed Generic Communication; Guidance on the Storage,
Preservation, and Safekeeping of Quality Assurance Records in
Electronic Media (M98441)
AGENCY: Nuclear Regulatory Commission.
ACTION: Notice of opportunity for public comment.
-----------------------------------------------------------------------
SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to issue
a generic letter to all holders of operating licenses for nuclear power
plants, including those who have permanently ceased operations and have
certified that fuel has been permanently removed from the reactor
vessel, to provide guidance on an acceptable method, and NRC staff
expectations, for storing, preserving, and safekeeping quality
assurance (QA) records in electronic media. The generic letter does not
provide guidance on submitting electronic records to the NRC. The
guidance provided supplements Regulatory Guide (RG) 1.88, Revision 2,
and RG 1.28, Revision 3. No specific action or written response is
required by the generic letter.
The proposed generic letter has been endorsed by the Committee to
Review Generic Requirements (CRGR). Relevant information that was sent
to the CRGR will be placed in the NRC Public Document Room.
The NRC is seeking comment from interested parties regarding both
the technical and regulatory aspects of the proposed generic letter
presented under the Supplementary Information heading. The NRC will
consider comments received from interested parties in the final
evaluation of the proposed generic letter. The NRC's final evaluation
will include a review of the technical position and, as appropriate, an
analysis of the value/impact on licensees. Should this generic letter
be issued by the NRC, it will become available for public inspection in
the NRC Public Document Room.
DATES: Comment period expires June 2, 1998. Comments submitted after
this date will be considered if it is practical to do so, but assurance
of consideration cannot be given except for comments received on or
before this date.
ADDRESSES: Submit written comments to Chief, Rules and Directives
Branch, Division of Administrative Services, U.S. Nuclear Regulatory
Commission, Mail Stop T6-D59, Washington, DC 20555-0001. Written
comments may also be delivered to 11545 Rockville Pike, Rockville,
Maryland, between 7:45 am and 4:15 pm, Federal workdays. Copies of
written comments received may be examined at the NRC Public Document
Room, 2120 L Street, N.W. (Lower Level), Washington, D.C.
FOR FURTHER INFORMATION, CONTACT: Michael T. Bugg, (301) 415-3221.
SUPPLEMENTARY INFORMATION:
NRC Generic Letter XX-XX: Guidance of the Storage, Preservation,
and Safekeeping of Quality Assurance Records in Electronic Media
Addressees
All holders of operating licenses for nuclear power plants,
including those who have permanently ceased operations and have
certified that fuel has been permanently removed from the reactor
vessel.
Purpose
The U.S. Nuclear Regulatory Commission (NRC) is issuing this
supplement to Generic Letter (GL) 88-18 to provide guidance on a
methodology for storing, preserving, and safekeeping quality assurance
(QA) records in electronic media. This generic letter supplement does
not abrogate the guidance in Regulatory Guide (RG) 1.88, Revision 2,
and RG 1.28, Revision 3. It also does not provide guidance on
submitting electronic records to the NRC.
Background
Criterion VI, ``Document Control,'' and Criterion XVII, ``Quality
Assurance Records,'' of Appendix B, ``Quality Assurance Criteria for
Nuclear Power Plants and Fuel Reprocessing Plants,'' to Part 50 of
Title 10 of the Code of Federal Regulations (10 CFR Part 50), establish
requirements for the issuance, identification, and retrievability of QA
records.
American National Standards Institute (ANSI) N45.2.9-1974,
``Requirements for Collection, Storage, and Maintenance of Quality
Assurance Records for Nuclear Power Plants,'' as endorsed by RG 1.88,
``Collection, Storage, and Maintenance of Nuclear Power Plant Quality
Assurance Records,'' Revision 2, and ANSI/American Society of
Mechanical Engineers (ASME)-NQA-1, 1983 edition, ``Quality Assurance
Program Requirements for Nuclear Facilities,'' as endorsed by RG 1.28,
``Quality Assurance Program Requirements (Design and Construction),''
Revision 3, describe NRC-accepted practices for the collection,
storage, and maintenance of nuclear power plant QA records.
[[Page 16593]]
On October 20, 1988, the NRC staff issued GL 88-18, ``Plant Record
Storage on Optical Disks,'' to provide guidance on appropriate quality
controls for an optical disk document imaging system. GL 88-18 expanded
on the guidance provided by RG 1.88 and RG 1.28 to describe an
acceptable method for storing QA documents in optical media in
accordance with the applicable criteria in Appendix B to 10 CFR Part
50.
Discussion
Although the guidance in GL 88-18, RG 1.88, and RG 1.28 remains
relevant and acceptable, licensees and nuclear steam system suppliers
have suggested that additional guidance which addresses the
acceptability of new information management technologies is needed. NRC
regulations already recognize the appropriateness of storing and
maintaining licensee records in electronic media. Specifically,
paragraph (d)(1) of 10 CFR 50.71, ``Maintenance of Records, Making of
Reports,'' states, in part, that records that must be maintained
pursuant to 10 CFR Part 50 ``may also be stored in electronic media
with the capability of producing legible, accurate, and complete
records during the required retention period.'' Therefore, this generic
letter supplement provides the additional guidance requested by the
nuclear industry for the storage and maintenance of QA records in
electronic media. The guidance provided herein only applies to QA
records that are subject to the requirements of Appendix B to 10 CFR
Part 50, as noted in a licensee's QA program description.
Recognizing that addressees are responsible for ensuring the
integrity of QA records, the attachment to this generic letter provides
guidance on establishing an electronic recordkeeping system to maintain
the integrity, authenticity, and acceptability of QA records during
their required retention period in accordance with the requirements of
Appendix B to 10 CFR Part 50.
This guidance also pertains to developing methods to authenticate
and prevent alteration or falsification of electronic records. While
the guidance provided herein constitutes an acceptable method for
satisfying the applicable provisions of Appendix B to 10 CFR Part 50
with regards to QA record storage in electronic media, this guidance
does not supersede current QA record commitments in the addressees' QA
program descriptions. Additionally, this generic letter does not
provide guidance on the storage of records in electronic media pursuant
to other regulations such as 10 CFR 73.21, ``Requirements for the
Protection of Safeguards Information.''
Addressees using electronic media for storing, preserving, and
safekeeping QA records should notify the NRC when updating their QA
program description in accordance with 10 CFR 50.71(e) or 10 CFR
50.54(a), as appropriate. This submittal should describe the
addressee's implementation of the guidance in this generic letter or
otherwise describe how the relevant criteria in Appendix B to 10 CFR
Part 50 continue to be satisfied if electronic media are used for
storing, preserving, and safekeeping QA records.
Related Generic Communication
Generic Letter 88-18, ``Plant Record Storage on Optical Disks,''
dated October 20, 1988.
Attachment 1--Guidance on the Storage, Preservation, and
Safekeeping of Quality Assurance Records in Electronic Media
The Electronic Recordkeeping Subcommittee of the Regulations
Committee of the Nuclear Information and Records Management
Association, Inc. (NIRMA), has prepared a set of guidelines on the
collection, storage, and maintenance of electronic quality assurance
(QA) records for nuclear power plants. The guidelines included in NIRMA
TG15-1993, ``Management of Electronic Records'' (which may be obtained
from the Nuclear Information and Records Management Association, Inc.,
210 Fifth Avenue, New York, New York 10010), are acceptable to the NRC
staff and provide an adequate basis for complying with pertinent QA
requirements of Appendix B to 10 CFR Part 50, subject to the following
conditions related to the use of electronic signatures for
authentication of records.
1. An electronic signature process should include (a) the printed
name of the signer; (b) the date and time the signature is executed;
(c) the meaning (such as review, approval, responsibility, or
authorship) implied by the signature, which should not be used by, or
assigned to, anyone else; (e) the organization responsible for
establishing, assigning, certifying, or otherwise sanctioning an
individual's electronic signature, or any element of such electronic
signatures, which should be formally identified and duly authorized;
and (f) electronic signatures linked to their respective electronic
records to ensure that the signatures cannot be excised, copied, or
otherwise transferred so as to falsify electronic records by ordinary
means.
2. Electronic signatures that are not based upon biometrics
(biometrics means a method of verifying an individual's identity on the
bases of measurement of the individual's physical feature(s) or
repeatable action(s) when those features and/or actions are both unique
to that individual and measurable) should (a) employ at least two
distinct identification components, such as an identification code and
a password; (b) be used only by their genuine owners; and (c) be
administered and executed to ensure that attempted use of an
individual's electronic signature by anyone other than its genuine
owner requires collaboration of two or more individuals. Electronic
signatures based upon biometrics should be designed to ensure that they
cannot be used by anyone other than their genuine owner.
3. Persons who use electronic signatures that are based upon use of
identification codes in combination with passwords should employ
controls to ensure their security and integrity. Such controls should
include:
a. Ensuring that identification code and password issuance are
periodically checked, recalled, or revised (e.g., to cover such events
as password expiration as a result of employee departures).
b. The ability to electronically deactivate lost, stolen, missing,
or otherwise potentially compromised tokens, cards, or other devices
that bear or generate identification code or password information and
to issue temporary or permanent replacements.
c. Use of transaction safeguards to prevent unauthorized use of
passwords and/or identification codes and to immediately detect and
report any unauthorized use to the system security unit and, as
appropriate, to organizational management.
d. Initial and periodic testing of devices, such as tokens or
cards, that bear or generate identification code or password
information, to ensure that they function properly and have not been
altered in an unauthorized manner.
Attachment 2--References
1. Appendix B, ``Quality Assurance Criteria for Nuclear Power
Plants and Fuel Reprocessing Plants`` to Part 50 of Title 10 of the
Code of Federal Regulations (10 CFR).
2. Title 10 of the Code of Federal Regulations (10 CFR), Section
50.71, ``Maintenance of Records, Making of Reports.''
3. Regulatory Guide 1.28, ``Quality Assurance Program Requirements
(Design and Construction), ``Revision 3.
[[Page 16594]]
4. Regulatory Guide 1.88, ``Collection, Storage, and Maintenance of
Nuclear Power Plant Quality Assurance Records,'' Revision 2.
5. Generic Letter 88-18, ``Plant Record Storage on Optical Disks,''
October 20, 1988.
6. American National Standards Institute (ANSI) N45.2.9-1974,
``Requirements for Collection, Storage, and Maintenance of Quality
Assurance Records for Nuclear Power Plants.''
7. American National Standards Institute/American Society of
Mechanical Engineers (ANSI/ASME)-NQA-1, 1983 edition, ``Quality
Assurance Program Requirements for Nuclear Facilities.''
8. Title 21, Chapter I, ``Food and Drugs,'' of the Code of Federal
Regulations (21 CFR), Part 11, ``Electronic Records; Electronic
Signatures, Department of Health and Human Services, Food and Drug
Administration.''
9. Nuclear Information and Records Management Association, Inc.,
(NIRMA) TG15-1993, ``Management of Electronic Records.''
Dated at Rockville, Maryland, this 26th day of March 1998.
For the Nuclear Regulatory Commission.
Jack W. Roe,
Acting Director, Division of Reactor Program Management, Office of
Nuclear Reactor Regulation.
[FR Doc. 98-8771 Filed 4-2-98; 8:45 am]
BILLING CODE 7590-01-M
