29 January 1998 Source: http://www.access.gpo.gov/su_docs/aces/aces140.html ----------------------------------------------------------------------- [Federal Register: January 29, 1998 (Volume 63, Number 19)] [Notices] [Page 4498-4501] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr29ja98-141] ----------------------------------------------------------------------- NUCLEAR REGULATORY COMMISSION Proposed Generic Communication; Year 2000 Readiness of Computer Systems at Nuclear Power Plants (MA0138) AGENCY: Nuclear Regulatory Commission. ACTION: Notice of opportunity for public comment. ----------------------------------------------------------------------- SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to issue a generic letter to all holders of operating licenses for nuclear power plants, except those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel, to require that all addressees provide certain information regarding their programs, planned or implemented, to address the Year 2000 (Y2K) problem in computer systems at their facilities. In particular, addressees are being asked to provide written confirmation of implementation of the programs, and written certification that their facilities are Y2K ready and in compliance with the terms and conditions of their licenses and NRC regulations. This information is being requested under 10 CFR 50.54(f). The NRC is seeking comment from interested parties on both the technical and regulatory aspects of the proposed generic letter presented under the Supplementary Information heading. In this regard, the NRC encourages the industry to propose a viable alternative to the generic letter as a means of providing the necessary assurance to the NRC that licensees are effectively addressing the Y2K problem in computer systems at their facilities. Such an alternative could consist of a voluntary initiative on the part of the nuclear power industry to obtain licensee inputs and communicate its findings to the NRC. The proposed generic letter has been endorsed by the Committee to Review Generic Requirements (CRGR). Relevant information that was sent to the CRGR will be placed in the NRC Public Document Room. The NRC will consider comments received from interested parties in the final evaluation of the proposed generic letter. The NRC's final evaluation will include a review of the technical position and, as appropriate, an analysis of the value/impact on licensees. Should this generic letter be issued by the NRC, it will become available for public inspection in the NRC Public Document Room. DATES: Comment period expires March 2, 1998. Comments submitted after this date will be considered if it is practical to do so, but assurance of consideration cannot be given except for comments received on or before this date. ADDRESSES: Submit written comments to Chief, Rules and Directives Branch, Division of Administrative Services, U.S. Nuclear Regulatory Commission, Mail Stop T6-D69, Washington, DC 20555-0001. Written comments may also be delivered to 11545 Rockville Pike, Rockville, Maryland, between 7:45 am to 4:15 pm, Federal workdays. Copies of written comments received may be examined at the NRC Public Document Room, 2120 L Street, N.W. (Lower Level), Washington, D.C. FOR FURTHER INFORMATION CONTACT: Matthew Chiramal, (301) 415-2845. SUPPLEMENTARY INFORMATION: NRC Generic Letter No. 98-XX: Year 2000 Readiness of Computer Systems at Nuclear Power Plants Addressees All holders of operating licenses for nuclear power plants, except those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel. Purpose The U.S. Nuclear Regulatory Commission (NRC) is issuing this generic letter to require that all addressees provide the following information regarding their programs, planned or implemented, to address the Year 2000 (Y2K) problem in computer systems at their facilities: (1) written confirmation of implementation of the programs, and (2) written certification that the facilities are Y2K ready and in compliance with the terms and conditions of their licenses and NRC regulations. Description of Circumstances Simply stated the Y2K computer problem pertains to the potential inability of computers to correctly recognize dates beyond the current century, i.e., beginning with January 1, 2000 and beyond. The problem results from computer hardware or software that uses two-digit fields to represent the year. If the Y2K problem is not corrected, computer systems will be unable to recognize the change in century and will misread ``00,'' for the year 2000, as 1900. The Y2K problem has the potential to interfere with the proper operation of any computer system, any hardware that is microprocessor-based (embedded [[Page 4499]] software), and any software or database at nuclear power plants. As a consequence, there is a risk that affected plant systems and equipment will fail to function properly. The Y2K problem is urgent because it has a fixed, non-negotiable deadline. This matter requires priority attention because of the limited time remaining to assess the magnitude of the problem, its associated technical and cost risks, and resource availability, and to implement programs that will achieve satisfactory resolution. Existing reporting requirements under 10 CFR part 21, 10 CFR 50.72, and 10 CFR 50.73 provide for notification to the NRC staff of deficiencies, non-conformance and failures, such as the Y2K problem in safety-related systems. To date, the NRC staff has not identified nor received notification from licensees or vendors of digital protection systems (e.g., Westinghouse, General Electric, Combustion Engineering, Foxboro, Allen Bradley, or Framatome/Babcock & Wilcox) that a Y2K problem exists with safety-related initiation and actuation systems. However, problems have been identified in non-safety, but important, computer-based systems. Such systems, primarily databases and data collection processes necessary for plant operation that are date driven, may need to be modified for Y2K compliance. Some examples of systems and computer equipment that may be affected by Y2K problems follow: Security computers Plant process (data scan, log, and alarm) and safety parameter display system computers Emergency response systems Radiation monitoring systems Dosimeters and readers Plant simulators Engineering programs Communication systems Inventory control systems Surveillance and maintenance tracking systems Control systems To alert nuclear power plant licensees to the Y2K problem, the NRC issued Information Notice (IN) 96-70, ``Year 2000 Effect on Computer System Software,'' on December 24, 1996. In IN 96-70 the staff described the potential problems that nuclear power plant computer systems and software may encounter as a result of the change to the new century and how the Y2K issue may affect NRC licensees. In IN 96-70 the staff encouraged licensees to examine their uses of computer systems and software well before the turn of the century and suggested that licensees consider actions appropriate to examine and evaluate their computer systems for Y2K vulnerabilities. The NRC staff also incorporated recognition of the Y2K concern in the updated Standard Review Plan (SRP), NUREG-0800, Chapter 7, ``Instrumentation and Control,'' dated August 1997, which contains guidance for staff review of computer-based instrumentation and control systems. At the Nuclear Utilities Software Management Group (NUSMG) Year 2000 Workshop, an industry workshop held in July 1997, nuclear power plant licensees described their Y2K programs, and gave examples of areas in which they addressed Y2K issues in order to ensure the safety and operability of their plants on January 1, 2000. Some of the issues discussed were the (1) evaluation of the impact of the Y2K problem on plant equipment, (2) assessment process involved in the identification of Y2K affected components, vendors, and interfaces, (3) development of Y2K testing strategies, and (4) identification of budget needs to address the Y2K problem. The Nuclear Energy Institute (NEI) met with NUSMG and nuclear plant utility representatives in August 1997 to formulate an industry-wide plan to address the Y2K issue. On October 7, 1997, representatives of NEI and NUSMG met with the NRC staff to discuss actions NEI was taking to help utilities make their plants ``Year 2000 ready.'' NEI was preparing a framework document with guidance for utility use in readying for the Year 2000. The framework document makes a distinction in terminology between ``Y2K readiness'' (``Y2K Ready'' is defined as a computer system or application that has been determined to be suitable for continued use into the year 2000 even though the computer system or application is not fully Y2K Compliant) and ``Y2K compliance'' (``Y2K Compliant'' is defined as computer systems or applications that accurately process date/time data (including but not limited to, calculating, comparing, and sequencing) from, into and between the twentieth and twenty-first centuries, the years 1999 and 2000, and leap-year calculations). NEI/NUSMG issued the framework document NEI/ NUSMG 97-07, ``Nuclear Utility Year 2000 Readiness'' to all licensees in November 1997. The document recommends methods for nuclear utilities to attain Y2K readiness and thereby ensure that their facilities remain safe and continue to operate within the requirements of their license. The scope of NEI/NUSMG 97-07 covers software, or software-based systems or interfaces, whose failure (due to the Y2K problem) would (1) prevent the performance of the safety function of a structure, system or component and (2) degrade, impair, or prevent operability of the nuclear facility. Discussion Diverse concerns are associated with the potential impact of the Y2K problem on nuclear power plants because of the variety and types of computer systems in use. Some of the concerns are the (1) scheduling of maintenance and technical specification surveillance requirements, (2) use and application of programmable logic controllers and other commercial off-the-shelf software and hardware, (3) operation of process control systems, (4) performance of engineering calculations, and (5) collection of operating and post-accident plant parameter data. Some vendors have taken such actions as placing information on the Internet discussing which of their products are Y2K compliant, and how the vendor is addressing the Y2K problem with respect to specific products, including products purchased by their nuclear power plant customers. When addressing some of the particular issues associated with the use and application of software, it has been found that even if the application has no apparent date manipulation algorithms, it may still be affected by a Y2K related problem. For example, a subroutine that date stamps the header information in archival tapes regardless of the rest of the content of the tape may be affected. In addition, although individually several systems may be ``date safe,'' the integrated operations that the systems support may be vulnerable to the Y2K problem. Further, there are potential impacts from the operating system supporting their instrumentation system's application software and from sub-programs (such as calibration and data recording/ reporting) associated with the main application software. One application which is common to all power reactor licensees is the link between plant computers and the NRC's Emergency Response Data System (ERDS). This application performs the communication and data transmission function which provide near real-time data availability to NRC and state incident response personnel during declared emergencies. The NRC is currently performing Y2K related upgrades to ERDS which will maintain the same communication protocol as the current system with the exception that either 2-digit or 4-digit year fields will be accepted. Those licensees that anticipate changes to their ERDS link should allow time in their schedules for retesting their systems. NRC contractors [[Page 4500]] will support requests for testing on a ``first come, first served'' basis. NEI/NUSMG 97-07 suggests a strategy for developing and implementing a nuclear utility Y2K program. The strategy recognizes management, implementation, quality assurance, regulatory considerations, and documentation as the fundamental elements of a successful Y2K project. The document contains additional guidance for these fundamental elements. The recommended components for management planning are management awareness, sponsorship, project leadership, project objectives, project management team, management plan, project reports, interfaces, resources, oversight, and quality assurance. The suggested phases of implementation are awareness, initial assessment (which includes inventory, categorization, classification, prioritization, and analysis of initial assessment), detailed assessment (including vendor evaluation, utility-owned or -supported software evaluation, interface evaluation, remedial planning), remediation, Y2K testing and validation, and notification. The quality assurance (QA) measures apply to project management QA and implementation QA. Regulatory considerations include the performance of appropriate reviews, reporting requirements, and documentation. Documentation of Y2K program activities and results includes documentation requirements, project management documentation, vendor documentation, inventory lists, checklists for initial and detailed assessments, and record retention. NEI/NUSMG 97-07 also contains examples of various plans and checklists as appendices. The staff believes that the guidance in NEI/NUSMG 97-07, when properly implemented, will present an appropriate approach for licensees to address the Y2K problem at nuclear power plant facilities. In the course of implementing the Y2K readiness program, problems could be identified that potentially impact the licensing basis of the plants. In certain cases, license amendments may be needed to address the problem resolution. Licensees should submit such license amendments to the NRC on a timely basis. The utility Y2K readiness programs and schedules should have the flexibility to accommodate such an eventuality. In addition, licensees are reminded that any changes to their facilities that impact their current licensing basis must be reviewed in accordance with existing NRC requirements and the change properly documented. Required Response In order to gain the necessary assurance that addressees are effectively addressing the Y2K problem and are in compliance with the terms and conditions of their licenses and NRC regulations, the NRC staff requires that all addressees submit a written response to this generic letter as follows: (1) Within 90 days of the date of this generic letter, submit a written response indicating whether or not you have pursued and are continuing to pursue a Y2K readiness program as outlined in NEI/NUSMG 97-07. If you are not conforming to the NEI/NUSMG guidance, present a brief description of the program(s) that have already been completed, are being conducted, or are planned to ensure Y2K readiness of the computer systems at your facility(ies). This response should address the program's scope, assessment process, and plans for corrective actions (including testing, and schedules). (2) Upon completing your Y2K readiness program, or, in any event, no later than July 1, 1999, submit a written response confirming that your facility is Y2K ready and in compliance with the terms and conditions of your license(s) and NRC regulations. In addition, the response should contain a status report of work remaining to be done to complete your Y2K program, including completion schedules. {``Y2K Ready'' is defined as a computer system or application that has been determined to be suitable for continued use into the year 2000 even though the computer system or application is not fully Y2K Compliant. ``Y2K Compliant'' is defined as computer systems or applications that accurately process date/time data (including but not limited to, calculating, comparing, and sequencing) from, into and between the twentieth and twenty-first centuries, the years 1999 and 2000, and leap-year calculations.} Address the written reports to the U.S. Nuclear Regulatory Commission, Attention: Document Control Desk, Washington, D.C. 20555- 0001, under oath or affirmation under the provisions of Section 182a, Atomic Energy Act 1954, as amended, and 10 CFR 50.54(f). In addition, submit a copy to the appropriate regional administrator. Backfit Discussion This generic letter only requests information from addressees under the provisions of Section 182a of the Atomic Energy Act of 1954, as amended, and 10 CFR 50.54(f). The requested information will enable the staff to verify that each nuclear power plant licensee is implementing an effective plan to address the Y2K problem and provide for safe operation of the facility before January 1, 2000, and is in compliance with the terms and conditions of their license(s) and NRC regulations. The following NRC regulations are a basis for this request: 10 CFR 50.36, ``Technical Specifications,'' paragraph (c)(3), ``Surveillance requirements,'' and paragraph (c) (5), ``Administrative controls.'' These relate, respectively, to requirements relating to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained, and to provisions relating to management, procedures, record keeping, and review and audit necessary to assure operation of the facility in a safe manner. 10 CFR 50.47, ``Emergency plans,'' paragraph (b)(8), which relates to the provision and maintenance of adequate emergency facilities and equipment to support the emergency responses. Appendix B to 10 CFR Part 50, Criterion III, ``Design Control,'' requires that design control measures shall provide for verifying or checking the adequacy of design, such as by the performance of design reviews, by the use of alternate or simplified calculational methods, or by the performance of a suitable testing program. Appendix B to 10 CFR Part 50, Criterion XVII, ``Quality Assurance Records,'' requires that sufficient records shall be maintained to furnish evidence of activities affecting quality. The records are to include, among others, operating logs and results of reviews. Appendix E to 10 CFR 50, Section VI, ``Emergency Response Data System'' which relates to the provision and maintenance of licensee links to the Emergency Response Data System. In addition, the following requirements from Appendix A to 10 CFR part 50, ``General Design Criteria for Nuclear Power Plants'', also provide a basis for the request: (In the statement of consideration (SOC) for the amendment to 10 CFR part 50 which added Appendix A, ``General Design Criteria for Nuclear Power Plants,'' published in the Federal Register on February 20, 1971, the Commission noted that the general design criteria added as Appendix A to Part 50 establish the minimum requirements for the principal design criteria for water-cooled nuclear power plants similar in design and location to plants for which construction permits have been issued [[Page 4501]] by the Commission. Principal design criteria established by an applicant and accepted by the Commission will be incorporated by reference in the construction permit. The SOC also notes that in considering the issuance of an operating license under part 50, the Commission will require assurance that these criteria have been satisfied in the detailed design and construction of the facility and any changes in such criteria are justified. It should be noted that a proposed Appendix A to 10 CFR part 50 was published in the Federal Register on July 11, 1967, and the comments and suggestions received in response to the notice of proposed rule making and subsequent developments in the technology and in the licensing process have been considered in developing the general design criteria.) Appendix A to 10 CFR part 50, General Design Criterion (GDC) 13, ``Instrumentation and control,'' which addresses the provision of appropriate instrumentation and controls to monitor and control systems and variables during normal operation, anticipated operational occurrences, and accident conditions as appropriate to ensure adequate safety. Appendix A to 10 CFR part 50, GDC 19, ``Control room,'' which requires the provision of a control room from which actions can be taken to operate the nuclear plant safely. Appendix A to 10 CFR part 50, GDC 23, ``Protection system failure modes,'' which requires that the protection system shall be designed to fail into a safe state or into a state demonstrated to be acceptable on some other defined basis. Dated at Rockville, Maryland, this 23rd day of January 1998. For the Nuclear Regulatory Commission. Jack W. Roe, Acting Director, Division of Reactor Program Management, Office of Nuclear Reactor Regulation. [FR Doc. 98-2182 Filed 1-28-98; 8:45 am] BILLING CODE 7590-01-P