[Federal Register Volume 63, Number 19 (Thursday, January 29, 1998)]
[Notices]
[Pages 4498-4501]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-2182]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION


Proposed Generic Communication; Year 2000 Readiness of Computer 
Systems at Nuclear Power Plants (MA0138)

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of opportunity for public comment.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to issue 
a generic letter to all holders of operating licenses for nuclear power 
plants, except those who have permanently ceased operations and have 
certified that fuel has been permanently removed from the reactor 
vessel, to require that all addressees provide certain information 
regarding their programs, planned or implemented, to address the Year 
2000 (Y2K) problem in computer systems at their facilities. In 
particular, addressees are being asked to provide written confirmation 
of implementation of the programs, and written certification that their 
facilities are Y2K ready and in compliance with the terms and 
conditions of their licenses and NRC regulations. This information is 
being requested under 10 CFR 50.54(f).
    The NRC is seeking comment from interested parties on both the 
technical and regulatory aspects of the proposed generic letter 
presented under the Supplementary Information heading. In this regard, 
the NRC encourages the industry to propose a viable alternative to the 
generic letter as a means of providing the necessary assurance to the 
NRC that licensees are effectively addressing the Y2K problem in 
computer systems at their facilities. Such an alternative could consist 
of a voluntary initiative on the part of the nuclear power industry to 
obtain licensee inputs and communicate its findings to the NRC.
    The proposed generic letter has been endorsed by the Committee to 
Review Generic Requirements (CRGR). Relevant information that was sent 
to the CRGR will be placed in the NRC Public Document Room. The NRC 
will consider comments received from interested parties in the final 
evaluation of the proposed generic letter. The NRC's final evaluation 
will include a review of the technical position and, as appropriate, an 
analysis of the value/impact on licensees. Should this generic letter 
be issued by the NRC, it will become available for public inspection in 
the NRC Public Document Room.

DATES: Comment period expires March 2, 1998. Comments submitted after 
this date will be considered if it is practical to do so, but assurance 
of consideration cannot be given except for comments received on or 
before this date.

ADDRESSES: Submit written comments to Chief, Rules and Directives 
Branch, Division of Administrative Services, U.S. Nuclear Regulatory 
Commission, Mail Stop T6-D69, Washington, DC 20555-0001. Written 
comments may also be delivered to 11545 Rockville Pike, Rockville, 
Maryland, between 7:45 am to 4:15 pm, Federal workdays. Copies of 
written comments received may be examined at the NRC Public Document 
Room, 2120 L Street, N.W. (Lower Level), Washington, D.C.

FOR FURTHER INFORMATION CONTACT: Matthew Chiramal, (301) 415-2845.

SUPPLEMENTARY INFORMATION:

NRC Generic Letter No. 98-XX: Year 2000 Readiness of Computer Systems 
at Nuclear Power Plants

Addressees

    All holders of operating licenses for nuclear power plants, except 
those who have permanently ceased operations and have certified that 
fuel has been permanently removed from the reactor vessel.

Purpose

    The U.S. Nuclear Regulatory Commission (NRC) is issuing this 
generic letter to require that all addressees provide the following 
information regarding their programs, planned or implemented, to 
address the Year 2000 (Y2K) problem in computer systems at their 
facilities: (1) written confirmation of implementation of the programs, 
and (2) written certification that the facilities are Y2K ready and in 
compliance with the terms and conditions of their licenses and NRC 
regulations.

Description of Circumstances

    Simply stated the Y2K computer problem pertains to the potential 
inability of computers to correctly recognize dates beyond the current 
century, i.e., beginning with January 1, 2000 and beyond. The problem 
results from computer hardware or software that uses two-digit fields 
to represent the year. If the Y2K problem is not corrected, computer 
systems will be unable to recognize the change in century and will 
misread ``00,'' for the year 2000, as 1900. The Y2K problem has the 
potential to interfere with the proper operation of any computer 
system, any hardware that is microprocessor-based (embedded

[[Page 4499]]

software), and any software or database at nuclear power plants. As a 
consequence, there is a risk that affected plant systems and equipment 
will fail to function properly.
    The Y2K problem is urgent because it has a fixed, non-negotiable 
deadline. This matter requires priority attention because of the 
limited time remaining to assess the magnitude of the problem, its 
associated technical and cost risks, and resource availability, and to 
implement programs that will achieve satisfactory resolution.
    Existing reporting requirements under 10 CFR part 21, 10 CFR 50.72, 
and 10 CFR 50.73 provide for notification to the NRC staff of 
deficiencies, non-conformance and failures, such as the Y2K problem in 
safety-related systems. To date, the NRC staff has not identified nor 
received notification from licensees or vendors of digital protection 
systems (e.g., Westinghouse, General Electric, Combustion Engineering, 
Foxboro, Allen Bradley, or Framatome/Babcock & Wilcox) that a Y2K 
problem exists with safety-related initiation and actuation systems. 
However, problems have been identified in non-safety, but important, 
computer-based systems. Such systems, primarily databases and data 
collection processes necessary for plant operation that are date 
driven, may need to be modified for Y2K compliance. Some examples of 
systems and computer equipment that may be affected by Y2K problems 
follow:

Security computers
Plant process (data scan, log, and alarm) and safety parameter 
display system computers
Emergency response systems
Radiation monitoring systems
Dosimeters and readers
Plant simulators
Engineering programs
Communication systems
Inventory control systems
Surveillance and maintenance tracking systems
Control systems

    To alert nuclear power plant licensees to the Y2K problem, the NRC 
issued Information Notice (IN) 96-70, ``Year 2000 Effect on Computer 
System Software,'' on December 24, 1996. In IN 96-70 the staff 
described the potential problems that nuclear power plant computer 
systems and software may encounter as a result of the change to the new 
century and how the Y2K issue may affect NRC licensees. In IN 96-70 the 
staff encouraged licensees to examine their uses of computer systems 
and software well before the turn of the century and suggested that 
licensees consider actions appropriate to examine and evaluate their 
computer systems for Y2K vulnerabilities. The NRC staff also 
incorporated recognition of the Y2K concern in the updated Standard 
Review Plan (SRP), NUREG-0800, Chapter 7, ``Instrumentation and 
Control,'' dated August 1997, which contains guidance for staff review 
of computer-based instrumentation and control systems.
    At the Nuclear Utilities Software Management Group (NUSMG) Year 
2000 Workshop, an industry workshop held in July 1997, nuclear power 
plant licensees described their Y2K programs, and gave examples of 
areas in which they addressed Y2K issues in order to ensure the safety 
and operability of their plants on January 1, 2000. Some of the issues 
discussed were the (1) evaluation of the impact of the Y2K problem on 
plant equipment, (2) assessment process involved in the identification 
of Y2K affected components, vendors, and interfaces, (3) development of 
Y2K testing strategies, and (4) identification of budget needs to 
address the Y2K problem.
    The Nuclear Energy Institute (NEI) met with NUSMG and nuclear plant 
utility representatives in August 1997 to formulate an industry-wide 
plan to address the Y2K issue. On October 7, 1997, representatives of 
NEI and NUSMG met with the NRC staff to discuss actions NEI was taking 
to help utilities make their plants ``Year 2000 ready.'' NEI was 
preparing a framework document with guidance for utility use in 
readying for the Year 2000. The framework document makes a distinction 
in terminology between ``Y2K readiness'' (``Y2K Ready'' is defined as a 
computer system or application that has been determined to be suitable 
for continued use into the year 2000 even though the computer system or 
application is not fully Y2K Compliant) and ``Y2K compliance'' (``Y2K 
Compliant'' is defined as computer systems or applications that 
accurately process date/time data (including but not limited to, 
calculating, comparing, and sequencing) from, into and between the 
twentieth and twenty-first centuries, the years 1999 and 2000, and 
leap-year calculations). NEI/NUSMG issued the framework document NEI/
NUSMG 97-07, ``Nuclear Utility Year 2000 Readiness'' to all licensees 
in November 1997. The document recommends methods for nuclear utilities 
to attain Y2K readiness and thereby ensure that their facilities remain 
safe and continue to operate within the requirements of their license. 
The scope of NEI/NUSMG 97-07 covers software, or software-based systems 
or interfaces, whose failure (due to the Y2K problem) would (1) prevent 
the performance of the safety function of a structure, system or 
component and (2) degrade, impair, or prevent operability of the 
nuclear facility.

Discussion

    Diverse concerns are associated with the potential impact of the 
Y2K problem on nuclear power plants because of the variety and types of 
computer systems in use. Some of the concerns are the (1) scheduling of 
maintenance and technical specification surveillance requirements, (2) 
use and application of programmable logic controllers and other 
commercial off-the-shelf software and hardware, (3) operation of 
process control systems, (4) performance of engineering calculations, 
and (5) collection of operating and post-accident plant parameter data.
    Some vendors have taken such actions as placing information on the 
Internet discussing which of their products are Y2K compliant, and how 
the vendor is addressing the Y2K problem with respect to specific 
products, including products purchased by their nuclear power plant 
customers. When addressing some of the particular issues associated 
with the use and application of software, it has been found that even 
if the application has no apparent date manipulation algorithms, it may 
still be affected by a Y2K related problem. For example, a subroutine 
that date stamps the header information in archival tapes regardless of 
the rest of the content of the tape may be affected. In addition, 
although individually several systems may be ``date safe,'' the 
integrated operations that the systems support may be vulnerable to the 
Y2K problem. Further, there are potential impacts from the operating 
system supporting their instrumentation system's application software 
and from sub-programs (such as calibration and data recording/
reporting) associated with the main application software.
    One application which is common to all power reactor licensees is 
the link between plant computers and the NRC's Emergency Response Data 
System (ERDS). This application performs the communication and data 
transmission function which provide near real-time data availability to 
NRC and state incident response personnel during declared emergencies. 
The NRC is currently performing Y2K related upgrades to ERDS which will 
maintain the same communication protocol as the current system with the 
exception that either 2-digit or 4-digit year fields will be accepted. 
Those licensees that anticipate changes to their ERDS link should allow 
time in their schedules for retesting their systems. NRC contractors

[[Page 4500]]

will support requests for testing on a ``first come, first served'' 
basis.
    NEI/NUSMG 97-07 suggests a strategy for developing and implementing 
a nuclear utility Y2K program. The strategy recognizes management, 
implementation, quality assurance, regulatory considerations, and 
documentation as the fundamental elements of a successful Y2K project. 
The document contains additional guidance for these fundamental 
elements. The recommended components for management planning are 
management awareness, sponsorship, project leadership, project 
objectives, project management team, management plan, project reports, 
interfaces, resources, oversight, and quality assurance. The suggested 
phases of implementation are awareness, initial assessment (which 
includes inventory, categorization, classification, prioritization, and 
analysis of initial assessment), detailed assessment (including vendor 
evaluation, utility-owned or -supported software evaluation, interface 
evaluation, remedial planning), remediation, Y2K testing and 
validation, and notification. The quality assurance (QA) measures apply 
to project management QA and implementation QA.
    Regulatory considerations include the performance of appropriate 
reviews, reporting requirements, and documentation. Documentation of 
Y2K program activities and results includes documentation requirements, 
project management documentation, vendor documentation, inventory 
lists, checklists for initial and detailed assessments, and record 
retention. NEI/NUSMG 97-07 also contains examples of various plans and 
checklists as appendices.
    The staff believes that the guidance in NEI/NUSMG 97-07, when 
properly implemented, will present an appropriate approach for 
licensees to address the Y2K problem at nuclear power plant facilities.
    In the course of implementing the Y2K readiness program, problems 
could be identified that potentially impact the licensing basis of the 
plants. In certain cases, license amendments may be needed to address 
the problem resolution. Licensees should submit such license amendments 
to the NRC on a timely basis. The utility Y2K readiness programs and 
schedules should have the flexibility to accommodate such an 
eventuality. In addition, licensees are reminded that any changes to 
their facilities that impact their current licensing basis must be 
reviewed in accordance with existing NRC requirements and the change 
properly documented.

Required Response

    In order to gain the necessary assurance that addressees are 
effectively addressing the Y2K problem and are in compliance with the 
terms and conditions of their licenses and NRC regulations, the NRC 
staff requires that all addressees submit a written response to this 
generic letter as follows:
    (1) Within 90 days of the date of this generic letter, submit a 
written response indicating whether or not you have pursued and are 
continuing to pursue a Y2K readiness program as outlined in NEI/NUSMG 
97-07. If you are not conforming to the NEI/NUSMG guidance, present a 
brief description of the program(s) that have already been completed, 
are being conducted, or are planned to ensure Y2K readiness of the 
computer systems at your facility(ies). This response should address 
the program's scope, assessment process, and plans for corrective 
actions (including testing, and schedules).
    (2) Upon completing your Y2K readiness program, or, in any event, 
no later than July 1, 1999, submit a written response confirming that 
your facility is Y2K ready and in compliance with the terms and 
conditions of your license(s) and NRC regulations. In addition, the 
response should contain a status report of work remaining to be done to 
complete your Y2K program, including completion schedules. {``Y2K 
Ready'' is defined as a computer system or application that has been 
determined to be suitable for continued use into the year 2000 even 
though the computer system or application is not fully Y2K Compliant. 
``Y2K Compliant'' is defined as computer systems or applications that 
accurately process date/time data (including but not limited to, 
calculating, comparing, and sequencing) from, into and between the 
twentieth and twenty-first centuries, the years 1999 and 2000, and 
leap-year calculations.}
    Address the written reports to the U.S. Nuclear Regulatory 
Commission, Attention: Document Control Desk, Washington, D.C. 20555-
0001, under oath or affirmation under the provisions of Section 182a, 
Atomic Energy Act 1954, as amended, and 10 CFR 50.54(f). In addition, 
submit a copy to the appropriate regional administrator.

Backfit Discussion

    This generic letter only requests information from addressees under 
the provisions of Section 182a of the Atomic Energy Act of 1954, as 
amended, and 10 CFR 50.54(f). The requested information will enable the 
staff to verify that each nuclear power plant licensee is implementing 
an effective plan to address the Y2K problem and provide for safe 
operation of the facility before January 1, 2000, and is in compliance 
with the terms and conditions of their license(s) and NRC regulations. 
The following NRC regulations are a basis for this request:
     10 CFR 50.36, ``Technical Specifications,'' paragraph 
(c)(3), ``Surveillance requirements,'' and paragraph (c) (5), 
``Administrative controls.'' These relate, respectively, to 
requirements relating to test, calibration, or inspection to assure 
that the necessary quality of systems and components is maintained, and 
to provisions relating to management, procedures, record keeping, and 
review and audit necessary to assure operation of the facility in a 
safe manner.
     10 CFR 50.47, ``Emergency plans,'' paragraph (b)(8), which 
relates to the provision and maintenance of adequate emergency 
facilities and equipment to support the emergency responses.
     Appendix B to 10 CFR Part 50, Criterion III, ``Design 
Control,'' requires that design control measures shall provide for 
verifying or checking the adequacy of design, such as by the 
performance of design reviews, by the use of alternate or simplified 
calculational methods, or by the performance of a suitable testing 
program.
     Appendix B to 10 CFR Part 50, Criterion XVII, ``Quality 
Assurance Records,'' requires that sufficient records shall be 
maintained to furnish evidence of activities affecting quality. The 
records are to include, among others, operating logs and results of 
reviews.
     Appendix E to 10 CFR 50, Section VI, ``Emergency Response 
Data System'' which relates to the provision and maintenance of 
licensee links to the Emergency Response Data System.
    In addition, the following requirements from Appendix A to 10 CFR 
part 50, ``General Design Criteria for Nuclear Power Plants'', also 
provide a basis for the request: (In the statement of consideration 
(SOC) for the amendment to 10 CFR part 50 which added Appendix A, 
``General Design Criteria for Nuclear Power Plants,'' published in the 
Federal Register on February 20, 1971, the Commission noted that the 
general design criteria added as Appendix A to Part 50 establish the 
minimum requirements for the principal design criteria for water-cooled 
nuclear power plants similar in design and location to plants for which 
construction permits have been issued

[[Page 4501]]

by the Commission. Principal design criteria established by an 
applicant and accepted by the Commission will be incorporated by 
reference in the construction permit. The SOC also notes that in 
considering the issuance of an operating license under part 50, the 
Commission will require assurance that these criteria have been 
satisfied in the detailed design and construction of the facility and 
any changes in such criteria are justified. It should be noted that a 
proposed Appendix A to 10 CFR part 50 was published in the Federal 
Register on July 11, 1967, and the comments and suggestions received in 
response to the notice of proposed rule making and subsequent 
developments in the technology and in the licensing process have been 
considered in developing the general design criteria.)
     Appendix A to 10 CFR part 50, General Design Criterion 
(GDC) 13, ``Instrumentation and control,'' which addresses the 
provision of appropriate instrumentation and controls to monitor and 
control systems and variables during normal operation, anticipated 
operational occurrences, and accident conditions as appropriate to 
ensure adequate safety.
     Appendix A to 10 CFR part 50, GDC 19, ``Control room,'' 
which requires the provision of a control room from which actions can 
be taken to operate the nuclear plant safely.
     Appendix A to 10 CFR part 50, GDC 23, ``Protection system 
failure modes,'' which requires that the protection system shall be 
designed to fail into a safe state or into a state demonstrated to be 
acceptable on some other defined basis.

    Dated at Rockville, Maryland, this 23rd day of January 1998.

    For the Nuclear Regulatory Commission.
Jack W. Roe,
Acting Director, Division of Reactor Program Management, Office of 
Nuclear Reactor Regulation.
[FR Doc. 98-2182 Filed 1-28-98; 8:45 am]
BILLING CODE 7590-01-P