Outline Outline Outline Background information on the drivers behind the New DOE Software Quality New DOE Software Quality New DOE Software Quality push for software quality assurance (SQA) Assurance Requirements and Assurance Requirements and Assurance Requirements and What DOE is doing to address these drivers Implications for Meteorology and Implications for Meteorology and Implications for Meteorology and Definition of safety software Consequence Assessment Consequence Assessment Consequence Assessment The new DOE SQA Order and Guide Software Software Software SQA Work Activities and Levels defined in the Order and Guide Cliff Glantz The graded approach to SQA Pacific Northwest National Laboratory Implications for meteorological software cliff.glantz@pnl.gov 509.375.2166 New need for balance… 2 Background Info Background Info (cont) Background Info Background Info Background Info (cont) Background Info (cont) DNFSB issued Quality Defense Nuclear Facility Assurance for Safety-Related Safety Board (DNFSB) Software released in issued “ Quality Assurance September 2002 for Safety Related Calls for prompt actions in: Software at Department of Energy Defense � Defining SQA Nuclear Facilities” in responsibility and authority January 2000 � Recommending computer However, little progress codes for safety analysis was made in addressing and design issues raised by the � Conducting research and DNFSB development 3 4 Implementation Plan for DNFSB Implementation Plan for DNFSB Implementation Plan for DNFSB What is Safety Software? What is Safety Software? What is Safety Software? Recommendation Recommendation Recommendation 1. Software that performs a safety function as part of DOE accepted the a structure, system, or component at a a nuclear DNFSB facility and is cited in either (a) a DOE approved Recommendation in documented safety analysis or (b) an approved November 2002 hazard analysis Issued Implementation 2. Software that is used to classify, design, or Plan in March 2003 analyze nuclear facilities. This software is not with 26 Commitments part of a safety structure, system, or component Completed QA Order (SSC) but helps to ensure the proper accident or and Safety Software hazards analysis of nuclear facilities or an SSC Guide Scheduled for that performs a safety function. Release in July 2005 5 6 1
What is Safety Software? (cont) What is Safety Software? (cont) What is Safety Software? (cont) DOE O 414.C: The new DOE SQA Order DOE O 414.C: The new DOE SQA Order DOE O 414.C: The new DOE SQA Order 3. Software that meets one or more of the Calls for more rigor in software design, following: development, documentation, testing, configuration management, and maintenance. performs a hazard control function in support of nuclear facility or radiological safety Requires the use of ASME NQA-1-2000 or other management program national or international consensus standards that provide an equivalent level of quality performs a control function necessary to assurance requirements. provide adequate protection from nuclear facility or radiological hazards. Establishes grading levels for safety software. Requires the documentation of the grading levels supports eliminating, limiting, or mitigating in a Quality Assurance Plan. nuclear hazards to workers, the public, or the environment as addressed in 10 CFR 830, 10 Calls for a graded approach for implementing ten CFR 835, and the DEAR ISMS clause. software quality assurance work activities. 7 8 The Order’s Ten SQA Work Activities The Order’s Ten SQA Work Activities The Order’s Ten SQA Work Activities DOE G 414.1- DOE G 414.1 -4: The SQA Guidance Document 4: The SQA Guidance Document DOE G 414.1-4: The SQA Guidance Document 1. Software project management Provides detail guidance on how to implement 2. Software risk management the 10 SQA work activities. 3. Software configuration management Each work activity is described including sub- 4. Procurement and vendor management activities. 5. Software requirements identification and Identifies grading based upon software source management types and level of impact (Level A, B or C). 6. Software design and implementation Each work activity must be addressed. For impact Level B or C or a graded approach is 7. Software safety design allowed for some work activities. 8. Verification and validation In many instances, optional implementation of 9. Problem reporting & corrective action sub-activities provides the grading. 10. Training of personnel in design, development, use, and evaluation of safety software 9 10 Software is Level A Software is Level A Software is Level A Software is Level B Software is Level B Software is Level B if it Meets One of the Following: if it Meets One of the Following: if it Meets One of the Following: if it Meets One of the Following: if it Meets One of the Following: if it Meets One of the Following: Software failure that could compromise a Safety management databases used limiting condition for operation. to aid in decision making whose Software failure that could cause a failure could impact safety SSC reduction in the safety margin for a operation. safety system. Software failure that could result in Software failure that could cause a incorrect analysis, design, monitoring, reduction in the safety margin for other alarming, or recording of hazardous systems. exposures to workers or the public. Software failure that could result in Software failure that could non-conservative safety analysis, comprise the defense in depth design, or misclassification of capability for the nuclear facility. facilities. 11 12 2
Software is Level C Software is Level C Software is Level C if it Meets One of the Following: if it Meets One of the Following: The SQA Guide’s Specified Software Types The SQA Guide’s Specified Software Types if it Meets One of the Following: The SQA Guide’s Specified Software Types Software failure that could cause a 1. Custom developed potential violation of regulatory 2. Configurable permitting requirements. 3. Acquired Software failure that could affect 4. Utility calculations environment, safety, health monitoring or alarming systems. 5. Commercial design & analysis Software failure that could affect the safe operation of an SSC. 13 14 Graded Work Activities Guidance for Level A Graded Work Activities Guidance for Level B Type of Software Type of Software SQA Work Activity SQA Work Activity Custom Config. Acquired Utility D&A Custom Config. Acquired Utility D&A Project Management Full Full Grd Grd n/a Project Management Full Full Grd Grd n/a Risk Management Full Full Full Full n/a Risk Management Grd Grd Grd Grd n/a Configuration Management Full Grd Grd Grd Grd Configuration Management Full Grd Grd Grd Grd Procurmnt & Supplier Mng. Full Full Full Full Full Procurmnt & Supplier Mng. Full Full Full Full Full Requirements ID & Mng. Full Full Full Full Full Requirements ID & Mng. Full Full Full Full Full Design & Implementation Full Grd n/a Grd n/a Design & Implementation Full Grd n/a Grd n/a Safety Full Full Full n/a n/a Safety Grd Grd Grd n/a n/a Verification & Validation Full Full Full Grd n/a Verification & Validation Grd Grd Grd Grd n/a Problem Reporting Full Full Full Grd Full Problem Reporting Full Full Full Grd Full Training Grd Grd Grd Grd n/a Training Full Full Full Full n/a 15 16 Current Status of the New SQA Current Status of the New SQA Current Status of the New SQA Graded Work Activities Guidance for Level C Order and Guide Order and Guide Order and Guide Type of Software SQA Work Activity Custom Config. Acquired Utility D&A All major issues have been Project Management Grd Grd Grd Grd n/a resolved among the key regulatory and review agencies - Risk Management Grd Grd Grd Grd n/a - including the Program Configuration Management Grd Grd Grd Grd Grd Secretarial Officer (PSO) and Procurmnt & Supplier Mng. Full Full Full Full Full the DNFSB Requirements ID & Mng. Full Full Full Full Full Issuance expected very soon Design & Implementation Full Grd n/a Grd n/a (July) Safety Grd Grd Grd n/a n/a Verification & Validation Grd Grd Grd Grd n/a Kick off general information Problem Reporting Full Grd Grd Grd Grd meeting (a video conference) will likely be held in July or August Training Grd Grd Grd Grd n/a 17 18 3
Recommend
More recommend
