[Federal Register Volume 63, Number 64 (Friday, April 3, 1998)]
[Notices]
[Pages 16592-16594]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-8771]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION


Proposed Generic Communication; Guidance on the Storage, 
Preservation, and Safekeeping of Quality Assurance Records in 
Electronic Media (M98441)

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of opportunity for public comment.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to issue 
a generic letter to all holders of operating licenses for nuclear power 
plants, including those who have permanently ceased operations and have 
certified that fuel has been permanently removed from the reactor 
vessel, to provide guidance on an acceptable method, and NRC staff 
expectations, for storing, preserving, and safekeeping quality 
assurance (QA) records in electronic media. The generic letter does not 
provide guidance on submitting electronic records to the NRC. The 
guidance provided supplements Regulatory Guide (RG) 1.88, Revision 2, 
and RG 1.28, Revision 3. No specific action or written response is 
required by the generic letter.
    The proposed generic letter has been endorsed by the Committee to 
Review Generic Requirements (CRGR). Relevant information that was sent 
to the CRGR will be placed in the NRC Public Document Room.
    The NRC is seeking comment from interested parties regarding both 
the technical and regulatory aspects of the proposed generic letter 
presented under the Supplementary Information heading. The NRC will 
consider comments received from interested parties in the final 
evaluation of the proposed generic letter. The NRC's final evaluation 
will include a review of the technical position and, as appropriate, an 
analysis of the value/impact on licensees. Should this generic letter 
be issued by the NRC, it will become available for public inspection in 
the NRC Public Document Room.

DATES: Comment period expires June 2, 1998. Comments submitted after 
this date will be considered if it is practical to do so, but assurance 
of consideration cannot be given except for comments received on or 
before this date.

ADDRESSES: Submit written comments to Chief, Rules and Directives 
Branch, Division of Administrative Services, U.S. Nuclear Regulatory 
Commission, Mail Stop T6-D59, Washington, DC 20555-0001. Written 
comments may also be delivered to 11545 Rockville Pike, Rockville, 
Maryland, between 7:45 am and 4:15 pm, Federal workdays. Copies of 
written comments received may be examined at the NRC Public Document 
Room, 2120 L Street, N.W. (Lower Level), Washington, D.C.

FOR FURTHER INFORMATION, CONTACT: Michael T. Bugg, (301) 415-3221.

SUPPLEMENTARY INFORMATION:

NRC Generic Letter XX-XX: Guidance of the Storage, Preservation, 
and Safekeeping of Quality Assurance Records in Electronic Media

Addressees

    All holders of operating licenses for nuclear power plants, 
including those who have permanently ceased operations and have 
certified that fuel has been permanently removed from the reactor 
vessel.

Purpose

    The U.S. Nuclear Regulatory Commission (NRC) is issuing this 
supplement to Generic Letter (GL) 88-18 to provide guidance on a 
methodology for storing, preserving, and safekeeping quality assurance 
(QA) records in electronic media. This generic letter supplement does 
not abrogate the guidance in Regulatory Guide (RG) 1.88, Revision 2, 
and RG 1.28, Revision 3. It also does not provide guidance on 
submitting electronic records to the NRC.

Background

    Criterion VI, ``Document Control,'' and Criterion XVII, ``Quality 
Assurance Records,'' of Appendix B, ``Quality Assurance Criteria for 
Nuclear Power Plants and Fuel Reprocessing Plants,'' to Part 50 of 
Title 10 of the Code of Federal Regulations (10 CFR Part 50), establish 
requirements for the issuance, identification, and retrievability of QA 
records.
    American National Standards Institute (ANSI) N45.2.9-1974, 
``Requirements for Collection, Storage, and Maintenance of Quality 
Assurance Records for Nuclear Power Plants,'' as endorsed by RG 1.88, 
``Collection, Storage, and Maintenance of Nuclear Power Plant Quality 
Assurance Records,'' Revision 2, and ANSI/American Society of 
Mechanical Engineers (ASME)-NQA-1, 1983 edition, ``Quality Assurance 
Program Requirements for Nuclear Facilities,'' as endorsed by RG 1.28, 
``Quality Assurance Program Requirements (Design and Construction),'' 
Revision 3, describe NRC-accepted practices for the collection, 
storage, and maintenance of nuclear power plant QA records.

[[Page 16593]]

    On October 20, 1988, the NRC staff issued GL 88-18, ``Plant Record 
Storage on Optical Disks,'' to provide guidance on appropriate quality 
controls for an optical disk document imaging system. GL 88-18 expanded 
on the guidance provided by RG 1.88 and RG 1.28 to describe an 
acceptable method for storing QA documents in optical media in 
accordance with the applicable criteria in Appendix B to 10 CFR Part 
50.

Discussion

    Although the guidance in GL 88-18, RG 1.88, and RG 1.28 remains 
relevant and acceptable, licensees and nuclear steam system suppliers 
have suggested that additional guidance which addresses the 
acceptability of new information management technologies is needed. NRC 
regulations already recognize the appropriateness of storing and 
maintaining licensee records in electronic media. Specifically, 
paragraph (d)(1) of 10 CFR 50.71, ``Maintenance of Records, Making of 
Reports,'' states, in part, that records that must be maintained 
pursuant to 10 CFR Part 50 ``may also be stored in electronic media 
with the capability of producing legible, accurate, and complete 
records during the required retention period.'' Therefore, this generic 
letter supplement provides the additional guidance requested by the 
nuclear industry for the storage and maintenance of QA records in 
electronic media. The guidance provided herein only applies to QA 
records that are subject to the requirements of Appendix B to 10 CFR 
Part 50, as noted in a licensee's QA program description.
    Recognizing that addressees are responsible for ensuring the 
integrity of QA records, the attachment to this generic letter provides 
guidance on establishing an electronic recordkeeping system to maintain 
the integrity, authenticity, and acceptability of QA records during 
their required retention period in accordance with the requirements of 
Appendix B to 10 CFR Part 50.
    This guidance also pertains to developing methods to authenticate 
and prevent alteration or falsification of electronic records. While 
the guidance provided herein constitutes an acceptable method for 
satisfying the applicable provisions of Appendix B to 10 CFR Part 50 
with regards to QA record storage in electronic media, this guidance 
does not supersede current QA record commitments in the addressees' QA 
program descriptions. Additionally, this generic letter does not 
provide guidance on the storage of records in electronic media pursuant 
to other regulations such as 10 CFR 73.21, ``Requirements for the 
Protection of Safeguards Information.''
    Addressees using electronic media for storing, preserving, and 
safekeeping QA records should notify the NRC when updating their QA 
program description in accordance with 10 CFR 50.71(e) or 10 CFR 
50.54(a), as appropriate. This submittal should describe the 
addressee's implementation of the guidance in this generic letter or 
otherwise describe how the relevant criteria in Appendix B to 10 CFR 
Part 50 continue to be satisfied if electronic media are used for 
storing, preserving, and safekeeping QA records.

Related Generic Communication

    Generic Letter 88-18, ``Plant Record Storage on Optical Disks,'' 
dated October 20, 1988.

Attachment 1--Guidance on the Storage, Preservation, and 
Safekeeping of Quality Assurance Records in Electronic Media

    The Electronic Recordkeeping Subcommittee of the Regulations 
Committee of the Nuclear Information and Records Management 
Association, Inc. (NIRMA), has prepared a set of guidelines on the 
collection, storage, and maintenance of electronic quality assurance 
(QA) records for nuclear power plants. The guidelines included in NIRMA 
TG15-1993, ``Management of Electronic Records'' (which may be obtained 
from the Nuclear Information and Records Management Association, Inc., 
210 Fifth Avenue, New York, New York 10010), are acceptable to the NRC 
staff and provide an adequate basis for complying with pertinent QA 
requirements of Appendix B to 10 CFR Part 50, subject to the following 
conditions related to the use of electronic signatures for 
authentication of records.
    1. An electronic signature process should include (a) the printed 
name of the signer; (b) the date and time the signature is executed; 
(c) the meaning (such as review, approval, responsibility, or 
authorship) implied by the signature, which should not be used by, or 
assigned to, anyone else; (e) the organization responsible for 
establishing, assigning, certifying, or otherwise sanctioning an 
individual's electronic signature, or any element of such electronic 
signatures, which should be formally identified and duly authorized; 
and (f) electronic signatures linked to their respective electronic 
records to ensure that the signatures cannot be excised, copied, or 
otherwise transferred so as to falsify electronic records by ordinary 
means.
    2. Electronic signatures that are not based upon biometrics 
(biometrics means a method of verifying an individual's identity on the 
bases of measurement of the individual's physical feature(s) or 
repeatable action(s) when those features and/or actions are both unique 
to that individual and measurable) should (a) employ at least two 
distinct identification components, such as an identification code and 
a password; (b) be used only by their genuine owners; and (c) be 
administered and executed to ensure that attempted use of an 
individual's electronic signature by anyone other than its genuine 
owner requires collaboration of two or more individuals. Electronic 
signatures based upon biometrics should be designed to ensure that they 
cannot be used by anyone other than their genuine owner.
    3. Persons who use electronic signatures that are based upon use of 
identification codes in combination with passwords should employ 
controls to ensure their security and integrity. Such controls should 
include:
    a. Ensuring that identification code and password issuance are 
periodically checked, recalled, or revised (e.g., to cover such events 
as password expiration as a result of employee departures).
    b. The ability to electronically deactivate lost, stolen, missing, 
or otherwise potentially compromised tokens, cards, or other devices 
that bear or generate identification code or password information and 
to issue temporary or permanent replacements.
    c. Use of transaction safeguards to prevent unauthorized use of 
passwords and/or identification codes and to immediately detect and 
report any unauthorized use to the system security unit and, as 
appropriate, to organizational management.
    d. Initial and periodic testing of devices, such as tokens or 
cards, that bear or generate identification code or password 
information, to ensure that they function properly and have not been 
altered in an unauthorized manner.

Attachment 2--References

    1. Appendix B, ``Quality Assurance Criteria for Nuclear Power 
Plants and Fuel Reprocessing Plants`` to Part 50 of Title 10 of the 
Code of Federal Regulations (10 CFR).
    2. Title 10 of the Code of Federal Regulations (10 CFR), Section 
50.71, ``Maintenance of Records, Making of Reports.''
    3. Regulatory Guide 1.28, ``Quality Assurance Program Requirements 
(Design and Construction), ``Revision 3.

[[Page 16594]]

    4. Regulatory Guide 1.88, ``Collection, Storage, and Maintenance of 
Nuclear Power Plant Quality Assurance Records,'' Revision 2.
    5. Generic Letter 88-18, ``Plant Record Storage on Optical Disks,'' 
October 20, 1988.
    6. American National Standards Institute (ANSI) N45.2.9-1974, 
``Requirements for Collection, Storage, and Maintenance of Quality 
Assurance Records for Nuclear Power Plants.''
    7. American National Standards Institute/American Society of 
Mechanical Engineers (ANSI/ASME)-NQA-1, 1983 edition, ``Quality 
Assurance Program Requirements for Nuclear Facilities.''
    8. Title 21, Chapter I, ``Food and Drugs,'' of the Code of Federal 
Regulations (21 CFR), Part 11, ``Electronic Records; Electronic 
Signatures, Department of Health and Human Services, Food and Drug 
Administration.''
    9. Nuclear Information and Records Management Association, Inc., 
(NIRMA) TG15-1993, ``Management of Electronic Records.''

    Dated at Rockville, Maryland, this 26th day of March 1998.

For the Nuclear Regulatory Commission.
Jack W. Roe,
Acting Director, Division of Reactor Program Management, Office of 
Nuclear Reactor Regulation.
[FR Doc. 98-8771 Filed 4-2-98; 8:45 am]
BILLING CODE 7590-01-M