Year 2000 Readiness:
NRC's Proposed Approach Regarding Nuclear Powerplants
AIMD-98-90R, Mar 6, 1998
GAO reviewed the Nuclear Regulatory Commission's (NRC) proposed generic letter on the year 2000 readiness of computer systems at nuclear power plants, focusing on: (1) a more complete year 2000 program for licensees; (2) licensees' progress on year 2000 readiness; (3) the year 2000 ready certification; and (4) future year 2000 maintenance requirements.
GAO noted that: (1) as a benchmark of program effectiveness, NRC is relying heavily on year 2000 guidance developed jointly by the Nuclear Energy Institute (NEI) and the Nuclear Utilities Software Management Group (NUSMG); (2) GAO agreed with NRC on the importance of requiring licensees to provide NRC with assurance that they are implementing a program that effectively addresses the year 2000 issue; (3) however, GAO believes that NRC should be aware that the NEI/NUSMG document has several significant shortcomings; (4) as an alternative to relying on the NEI/NUSMG guidance, GAO suggested NRC should specify the elements of an effective year 2000 program, particularly as they bear on safety concerns under NRC's regulatory authority; (5) NRC should require licensees to address the elements of an effective year 2000 program when they submit the brief description of their own programs, as called for in the generic letter; (6) to effectively monitor licensees' year 2000 progress on systems under its regulatory authority, NRC will need more substantive and frequent progress reports; (7) these reports should, at a minimum, require: (a) a complete inventory of safety systems and other systems that will need to be certified as year 2000 ready under the generic letter; (b) planned actions on these systems, including formulation and testing of contingency plans; and (c) periodic updates on the status of those actions; (8) NRC's proposed generic letter requires each licensee to provide a written response confirming that its facility is year 2000 ready and in compliance with NRC regulations; (9) the proposed generic letter does not require the licensees to state how and why they determined that a noncompliant system would be suitable for continued use; (10) for those critical safety systems under NRC's purview, GAO suggested that the generic letter include such a requirement; (11) it would also be useful if the generic letter included a discussion on how NRC's ongoing inspection activities will be used in the process of certifying year 2000 readiness; (12) NRC's proposed generic letter requires only that the computer systems and applications be year 2000 ready; (13) however, there may be future maintenance requirements for year 2000 ready systems under NRC's purview; (14) NRC's generic letter does not include a way to identify, track, and follow up on the future maintenance plans for any safety-related year 2000 ready systems that could eventually fail without further modification or replacement; and (15) GAO suggested that the letter address the issue of future year 2000 maintenance requirements.