Auditing Services for Nuclear Power Industry
For safety system software, software V&V, reviews, and audits are important parts of the effort to achieve compliance with NRC requirements. Software engineering rely, in part, on software V&V and on technical reviews and audits to meet general quality and reliability requirements in 10 CFR Part 50 Appendix A and B. In addition, management reviews and audits of software processes are part of a verification process consistent with Appendix B.10 CFR Part 50 Appendix B defines quality assurance functions to include verifying, such as by checking, auditing, and inspection, that those activities affecting safety-related functions have been correctly performed. It also requires design control measures for verifying or checking the adequacy of design. V&V organizations may employ audits of software to accomplish these objectives. Although these audits are commonly considered to be the responsibility of the software quality assurance organization and the configuration management organization, they may be performed and relied upon by the V&V organization.
Software Quality Consulting has the software engineering skills and resources to perform the required audits on behalf of the software development organization or the Quality Assurance organization.
Audits are conducted in accordance with IEEE standards, EPRI technical reports, and NRC Reg Guides including:
- IEEE Standard 1012—Software Verification and Validation
- IEEE Standard 1028—Software Reviews and Audits
- IEEE 7-4.3.2-2003 Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations
- NRC Reg Guide 1.152 Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, Rev. 2, Jan 2006
- NRC Reg Guide 1.168 Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, Rev. 1, Feb 2004
- EPRI NP-5652 Guideline for the Utilization of Commercial Grade Items in Nuclear Safety Related Applications
- ERPI TR-106439 Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications, dated April 1996
- EPRI Evaluating Commercial Digital Equipment for High Integrity Applications—A Supplement to EPRI Report TR-106439 TR-107339, Dec 1997
For digital equipment, a new dimension is added due to the reliance on software for proper operation of the equipment. The dependability of software of the size and complexity used in most I&C equipment cannot be established by inspection and testing alone. The process used to develop the software is a very important factor in ensuring that the final product will meet its requirements under all conditions that may be encountered in service. As a result, a survey of the software development organization’s development process and quality assurance practices is often required. It serves to verify critical characteristics related to built-in quality and dependability, which are especially important for software.
My team of experienced software engineers typically works together with software developers, third party dedicators, and Quality Assurance organizations and can perform all required audits, including:
- Critical Digital Reviews
- Commercial Grade Surveys
- Functional audits
- In-process audits
- Physical audits
Each audit begins with a detailed Audit Plan that identifies what, when, where, and who. The Audit Plan is reviewed and approved prior to the audit. Members of the client's staff are encouraged to participate on the Audit Team.
- An Opening Meeting is held on the first day of the audit to review the audit process and the audit scope with all of the stakeholders and management.
- Daily summary meetings are held to review the day’s findings.
The Audit Report is reviewed and discussed with the client to ensure that the report is accurate and that findings are understood.
