Page 12 - Enclosure Fall-Winter 2023-24
P. 12
continued from page 10
Seismic and environmental equipment qualification the third-party firm informed of all design changes for a few
must be addressed in the CGD process. Generally, I&C sales per month. Complicating this, some commercial OEMs
components and cabinets usually operate in a mild subcontract their software development and maintenance.
environment, some commercial components may operate in Additionally, an end user such as a nuclear utility or DOE
harsh environments that require significantly more analysis. Maintenance & Operations contractor doesn’t generally
This means some equipment and components must be able have the buying power of third-party dedicators.
to operate in a radiation environment in a normal or accident Method 3: Source Verification – this method would not
condition. Environmental conditions can be limitation on the be used in verifying built-in quality of pre-existing software,
application of the EDD. Some microprocessors may have a because the software development has already occurred.
low radiation threshold, meaning that above this values the
processer may not work. A commercial manufacturer may Method 4: Acceptable Supplier Item or Service Performance
address EMI/RFI, but they do not usually address radiation Record is not a practical method for digital systems which are
impacts on the performance of their EDD. If the EDD is constantly upgraded, resulting in minimal operating history
replacing an analog device which usually has a radiation per design version. Additionally, method 4 is difficult to justify
threshold above 10,000 Rad, then a detailed material to regulators as a standalone method.
analysis of the EDD is recommended.
EDD INSPECTION
EDD VERIFICATION Configuration parameters verified during inspection
Identification of the verification methods for the include model, part number, firmware revision number,
acceptance criteria on each of the EDD item's critical software revision number, hardware version, module or circuit
characteristics shall provide reasonable assurance that the board revision level, dimensions, mounting, size, and others.
item will perform its safety function via one or more of the Disassembly and inspection for internal considerations
following methods: include microprocessor or microcontroller chips which are
typically marked in a way that enables an inspector to see
• Method 1: Special Tests, Inspections, and/or Analyses
the manufacturer name, type of CPU, and so forth. Markings
• Method 2: Commercial Grade Survey of the Supplier can also be used to search for the product data sheet, and
• Method 3: Source Verification the product data sheet can be reviewed for indications that
the device is a microprocessor or microcontroller. Markings
• Method 4: Acceptable Supplier Item or Service on these chips are often covered with a sticker or label that
Performance Record indicates the OEM part number, firmware version number,
For EDDs, the method of verification from least applicable and other information, such that the chip manufacturer
through most practical is as follows: marking is not visible. In these cases, the OEM sticker will need to
be removed to see the chip marking before it is possible to identify
Method 1: Special Tests, Inspections, and/or Analyses is the chip number and search for the product data.
the only practical method to identify EDD. Receipt inspection
Several inspection examples are presented below to describe
is performed for external indications, generally followed by typical inspection evaluation processes.
disassembly inspection for internal considerations. Receipt
inspection verifies the product description as defined in EDD EXTERNAL INSPECTION
the technical evaluation, which is reflected in the purchase
order requirements for visual verification of parameters and The external example in Figure 1 perfectly demonstrates
related documents. Method 1 may be non-destructive or a how software revision numbers and descriptions citing
destructive process. things like "the radio interference regulations" indicate the
Method 2: Commercial Grade Survey of the presence of EDDs.
Supplier is possible, but few OEMs are willing to
release the software configuration data for COS
items, though a few will consider a Non-Disclosure
Agreement (NDA) with the purchaser. A leading
third-party supplier stated at a conference that
an NDA typically requires 6 months minimum to
complete, with few agreements being signed. In
discussions with the OEM that agreed to support
a third-party nuclear supplier, the OEM stated
they will not do it again or renew the terms of
the contract. The problem is one of scale: an
OEM that produces thousands of items a day
would struggle to justify supporting a purchaser Figure 1, External digital indicators
invoking the control requirements of keeping
continued on next page
12 12
