January-February 2019 NPJ

Other Industries' I&C Regulations By the U.S. Nuclear Regulatory Commission. Introduction The U.S. Nuclear Regulatory Commission (NRC) developed this report as directed by the Joint Explanatory Statement accompanying the Energy and Water, Legislative Branch, and Military Construction and Veterans Affairs Appropriations Act, 2019 (Public Law 115-244). The Joint Explanatory Statement directed the NRC to submit to the House and Senate Appropriations Committees a report describing approaches to permitting 1 the use of digital instrumentation and controls (I&C) in safety applications outside of the nuclear industry and discussing whether these approaches would be acceptable in nuclear applications. In response to this direction, the NRC has evaluated the approaches used in the civil aviation, automobile, and medical device industries to permit the use of digital I&C and the results are described below focusing on the safety significance involved in each industry as compared to operating nuclear power reactors. Background The NRC evaluates digital I&C systems for use in nuclear reactors as part of its safety reviews of applications for reactor design certifications, combined licenses, operating licenses, and license amendment requests. The NRC’s current regulations provide flexibility for applicants and licensees to use alternatives or request exemptions to the established performance-based requirements. The NRChas incorporated by reference into its regulations several consensus standards developedwith industry experts to provide regulatory requirements for particular areas. Specifically for I&C, the NRC has codified the Institute of Electrical and Electronics Engineers (IEEE) Standard 603-1991, 2 “Standard Criteria for Safety Systems for Nuclear Power Generating Stations,” which establishes minimum functional design criteria for I&C and electrical safety systems. This standard also requires the use of key design criteria, such as independence, isolation, and single-failure tolerance, for plant safety system designs. The NRC’s regulations allow applicants and licensees to use alternatives to IEEE Standard 603-1991 as long as a commensurate level of safety and quality can be demonstrated, an option that allows design flexibility. The NRC has published voluntary guidance that describes one method to satisfy regulatory requirements. This guidance endorses consensus standards, including ones that are digital-specific. While this guidance does not represent the only way to satisfy regulatory requirements, it does provide some predictability in the NRC’s approach to reviewing I&C features in applications. The NRC has established a process for dedicating commercial-grade systems and components for use in nuclear safety applications. The NRC also reviews generic digital I&C platforms (some of which were developed for commercial applications) that can subsequently be used for nuclear safety applications. An NRC-approved digital I&C platform can be used by operating nuclear power plants performing digital upgrades of existing safety-related I&C systems and by new reactor licensees in their digital I&C safety applications. The NRC continues to place a high priority on making progress on digital I&C issues so that potential safety benefits can be realized by properly implementing digital I&C upgrades. The NRC recently issued Regulatory Issue Summary (RIS) 2002-22, Supplement 1 3 to further detail whether prior NRC approval is required for digital I&C modifications. The NRC is currently developing improved guidance for NRC staff review of LARs to allow for approval of the LAR earlier in the system development process. Under the new process, licensees would not need to wait for completion of the system testing to receive the NRC staff’s approval. The NRC has conducted research studies about how the experience and practices of other industries can be leveraged in the licensing of digital I&C equipment used for nuclear safety applications. For example, the NRC has conducted research 4 on methods to determine the degree to which diversity is considered sufficient to mitigate common cause failure vulnerabilities that may arise from digital I&C safety system designs. As a part of this research, the NRC evaluated approaches used for high-integrity and safety-significant I&C applications in non-nuclear industries that have already transitioned to digital I&C systems. The NRC investigation focused on industries that employ similar I&C technologies and have applications with high consequence hazards. Methods to incorporate diversity that are employed within the aerospace, aviation, chemical process, and rail transportation industries were evaluated. Such methods were described within guidance developed by the National Aeronautics and Space Administration, the FAA, and the Center for Chemical Process Safety. The results of this NRC study revealed that although none of the other high-consequence industries have applications directly analogous to the nuclear power industry, in most cases the methods of addressing common cause failure through diversity used by these non-nuclear industries were comparable to the approaches used in the nuclear power industry. When attempting to transfer regulatory evaluation methods from non-nuclear industries to the nuclear industry, the NRC will need to consider inherent technical and regulatory oversight differences. 34 NuclearPlantJournal.com Nuclear Plant Journal, January-February 2019 A Report for the House and Senate Committees on Appropriations on December 28, 2018.