Information Notice No. 99-12: Year 2000 Computer Systems Readiness Audits
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, D.C. 20555-0001
April 28, 1999
|NRC INFORMATION NOTICE 99-12:||YEAR 2000 COMPUTER SYSTEMS READINESS AUDITS|
All holders of operating licenses or construction permits for nuclear power plants.
The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform addressees of observations made by NRC staff during audits conducted on the Year 2000 (Y2K) readiness programs of twelve plants. It is expected that recipients will review the information for applicability to their facilities and consider actions, as appropriate. However, suggestions contained in this information notice are not NRC requirements: therefore, no specific action or written response is required.
The Y2K issue involves potential date-related errors with computer systems, microprocessor-based (embedded software) devices, and software applications. An example of a date-related problem is a software application or digital device that misinterprets the numbers "00" to represent the year 1900 rather than the year 2000. Date-related errors can result in malfunctions of computer systems by providing erroneous data output or failing to operate at all.
On December 24, 1996, the NRC issued Information Notice (IN) 96-70, "Year 2000 Effect on Computer System Software," to alert nuclear power plant licensees of the Y2K issue. Subsequently, on May 11, 1998 and January 14, 1999, the NRC issued Generic Letter (GL) 98-01, "Year 2000 Readiness of Computer Systems at Nuclear Power Plants," and Supplement 1 to Generic Letter 98-01, respectively, requesting information regarding each licensee's program to address the Y2K computer systems issue. In GL 98-01, the staff determined that the Nuclear Energy Institute/Nuclear Utilities Software Management Group (NEI/NUSMG) framework document, NEI/NUSMG 97-07, "Nuclear Utility Year 2000 Readiness," is an acceptable approach to addressing the Y2K issue, provided licensees address the additional areas of risk management, business continuity and contingency planning, and remediation of embedded systems. Subsequently, NEI/NUSMG issued NEI/NUSMG 98-07, "Nuclear Utility Year 2000 Readiness Contingency Planning," in August 1998, to address the additional areas cited by the NRC in GL 98-01.
From September 1998 thru January 1999, NRC audit teams conducted twelve representative Y2K readiness audits at nuclear plant sites throughout the United States. The NRC staff determined that this approach was an appropriate means of oversight of licensee Y2K readiness efforts because all licensees had committed to the nuclear power industry Y2K readiness guidance, NEI/NUSMG 97-07, in their first response to NRC GL 98-01 and because the NRC staff had not identified any Y2K problems in safety-related actuation systems. The NRC staff selected a variety of types of plants of different ages and locations in order to obtain the necessary assurance that nuclear power industry Y2K readiness programs are being effectively implemented and that licensees are on schedule to meet the readiness target date of July 1, 1999, established in GL 98-01. The results of the audits were intended to determine the need for additional regulatory action. The sample of 12 licensees included large utilities such as Commonwealth Edison and Tennessee Valley Authority (TVA) as well as small single-unit licensees such as North Atlantic Energy (Seabrook) and Wolf Creek Nuclear Operating Corporation. Because licensee Y2K programs are corporate-wide, many of the NRC staff audits include more than a single nuclear power plant site since many utilities own more than one nuclear power plant. In all, a total of 42 of 103 operating nuclear power plant units were associated with the Y2K readiness program audits of 12 utilities. The 12 representative Y2K program audit sites included Braidwood, Brunswick, Davis-Besse, Hope Creek, Limerick, Monticello, North Anna, Seabrook, Washington Nuclear Project No. 2, Waterford, Watts Bar, and Wolf Creek.
In evaluating the audited Y2K programs, the staff did not identify any issues that would preclude the nuclear power plants from achieving Y2K readiness before January 1, 2000. The licensee Y2K programs are generally on schedule to be ready by July 1, 1999, and no Y2K problems were identified that directly impact the proper functioning of safety systems. However, the audits did identify some remaining remediation activities of certain software items and embedded systems which will prevent a number of licensees from meeting full program implementation by July 1, 1999. In those instances the remaining remediation activities of software applications and digital devices are scheduled for the Fall 1999. The schedule was frequently driven by licensee outage planning or equipment availability. The audit reports are publicly available and may be accessed from the NRC website.
At the time of the audits, most licensees were beginning the contingency planning phase of their actions to address the Y2K issue. Therefore, in an effort to verify and assess the effectiveness of licensee contingency planning, NRC staff will conduct audits focused in the area of Y2K contingency planning at six additional sites, involving licensees other than those that comprise the original 12. The sites selected are: Diablo Canyon, Duane Arnold, Indian Point 2, Oconee, Palo Verde and Turkey Point. As stated earlier, licensee Y2K programs are corporate - wide and many utilities own more than one nuclear power plant. Therefore, a total of 18 operating nuclear power plant units will be associated with these six licensee audits.
Further, NRC regional and resident staff will conduct additional Y2K readiness and contingency planning site-specific reviews at all commercial nuclear power plants. The six focused audits of contingency planning and regional site-specific reviews will be completed by July 1999.
Based on the 12 representative Y2K audit results, the staff observed several common factors among effective programs. The staff found that properly following the NEI/NUSMG 97-07 and NEI/NUSMG 98-07 guidance documents resulted in an overall functional and straight forward Y2K program. Effective Y2K programs have generally received appropriate management attention and support. The staff believes active management oversight is vital for program effectiveness. The staff found that central control of Y2K activities, independent peer reviews, and aggressive quality assurance involvement promotes consistency across program activities and products. In addition, the staff recognized that sharing information via owners groups and utility alliances aided licensees in the implementation of effective Y2K programs. The staff also concluded that corporate and plant programs should interface in order to achieve consistency in application and system readiness.
Most commercial nuclear power plants have protection systems based on analog technology rather than digital technology. Since Y2K concerns are associated with digital systems, analog reactor protection system functions are not affected directly by the Y2K problem. Although there is limited use of computer systems in nuclear power plant mission critical and safety-related functions, licensee Y2K programs have identified some software and digital devices that affect a small number of safety functions. None of these safety functions are actuation based.
Digital systems and components requiring remediation of Y2K-related problems perform functions such as post-accident sampling, fuel handling, core power distribution monitoring, and reactor vessel level measurement. Licensees have identified incorrect dates in safety-related printouts, logs, and displays in systems such as radiation monitoring. These errors, however, have not affected the functions performed by the devices or systems. There are mission critical non-safety-related functions such as digital feedwater controls, moisture separator reheater controls, reactor recirculating coolant controls, and motor generator set controls that are affected by the Y2K concern and have required remediation. These balance-of-plant functions are critical for power generation.
The audits revealed that licensees are actively addressing loss of off-site communications and grid instability issues which are addressed as part of their contingency planning. Based on the available contingency plans and licensees' scheduled evaluations, remediations, and testing, the staff did not identify any communication related issue that would prevent any audited plant from being Y2K ready by January 1, 2000. Licensees are continuing to evaluate their communication systems for susceptibility to the Y2K issue and have developed plans to cope with system failures. Licensees are interacting with the North American Electric Reliability Council (NERC) to develop electrical grid stability plans for generation and transmission. The licensees have identified grid instability as a factor to be included under external risk as part of the Y2K contingency planning effort. Nuclear plant licensees and the NRC recognize the national importance of having available the broadest range of electrical generating capability in order to cope with any unforseen Y2K impacts should they occur. However, NERC in their report to DOE, "Preparing the Electric Power Systems of North America For Transition to the Year 2000," dated September 17, 1998, states as follows: "Nuclear generating facilities are expected to be available to supply their share of energy needs and all nuclear safety systems are expected to be fully ready for Y2K." The NRC regulatory focus on electrical grid reliability is still related primarily to the challenges on plant safety systems.
Based on the regional site-specific reviews, contingency plan focused audits, and licensee responses to GL 98-01 or Supplement 1 of GL 98-01, the NRC will determine the need for future actions regarding the Y2K computer system readiness issue. The results of the these reviews and audits will be made publically available and may be accessed thru the NRC website.
This information notice requires no specific action or written response. However, recipients are reminded that they are required to consider industry-wide operating experience (including NRC information notices), where practical. If you have any questions about the information in this notice, please contact one of the technical contacts listed below or the appropriate Office of Nuclear Reactor Regulation (NRR) project manager.
Ledyard B. Marsh, Chief
Events Assessment, Generic Communications
and Non-Power Reactors Branch
Division of Regulatory Improvement Programs
Office of Nuclear Reactor Regulation
|Technical Contacts:||A. Bryant, NRR
|W. Burton, NRR
|Attachment:||List of Recently Issued NRC Information Notices|
(NUDOCS Accession Number 9904230323)