Transcription
UF/NREUFIRProjectID: QA-IRevision 0Copy 1, Page 1 of 54QUALITY ASSURANCE DOCUMENTProject Title: UFTR DIGITAL CONTROL SYSTEM UPGRADEUFTR-QA1-02, Software Configuration Management Plan (SCMP)Prepared by,Reviewed by,Matthew Marzano and Dr. Gabriel GhitaProf. DuWayne Schubring.(Signature)Date: .Date:Approved by,Prof Alireza Haghighat. A. ./.J.Date: .,./4.7./. -.(Signature).'nW.
UFINREName:UFTR Date:PreparedbyInitials:Reviewed byName:Date:Initials:QA-I, UFTR-QAI-02Revision 0Copy .1Page 2 of 54THE DISTRIBUTION LIST OF THE DOCUMENT
UFINREName:UFTRDate:PreparedbyInitials:Reviewed byName:Date :Initials:QA-1, UFTR-QAI-02Revision 0Copy 1Page 3 of 54THE LIST OF THE REVISED PAGES OF THE DOCUMENTRevision no.Reviewed byApproved byThe Modified PagesDate
UFINREName:UFTRDate:Reviewed byPreparedbyInitials:Name:Date:Initials:QA-1, UFTR-QAI-02Copy IRevision 0Page4 of 54TABLE OF CONTENTS1. Introduction .81.1Purpose .81.2Scope and Applicability .91.3References .91.3.11.3.21.3.31.3.41.4UFTR Documents .AREVA NP Inc. Documents .Industry Standards .NRC Documents .991010Definitions, Abbreviations And Acronyms .101.4.11.4.2Definitions .Abbreviations And Acronyms .10152. SCM M anagement .173.2.1Organization .172.2SCM Responsibilities .172.3Applicable Policies, Directives, and Procedures .18SCM Activities .193.1Configuration Identification .193.1.13.1.2Identifying Configuration Items .Naming Configuration Items .3.1.2.1Identification of Software Components .3.1.2.2CRC Checksums .3.1.2.3Identification of TXS System Software .3.1.2.4Identification of TXS Application Software .3.1.2.5Identification of Downloaded Software .3.1.3Acquiring Configuration Items .1920202122232324Configuration Control .243.23.2.13.2.23.2.33.2.43.2.5Change Control .24Configuration and Control Board (CCB) .24Code Control . 24TXS System and Tools Software Configuration Control . 25TXS Project-Specific Software Baseline Control .26
UFINREName:UFTRDate:Reviewed byPreparedbyName:Initials:Date:Initials:QA-), UFTR-QAI-02Copy 1Revision 0Page 5 of 543.2.5.1CM Procedure during Initial Generation of TXS ApplicationSoftware .263.2.5.1.1Engineering .273.2.5.1.1.1 Implementation of the Design in the Engineering Databaseusing SPACE .273.2.5.1.1.2 Functional Tests of Design .273.2.5.1.2Code Generation .273.2.5.1.2.1 Check Identity of TXS System Software Configuration .273.2.5.1.2.2 Setup of Engineering Database .273.2.5.1.2.3 Backup of Engineering Database prior to Code Generation.273.2.5.1.2.4 Code Generation .283.2.5.1.2.5 Compiling / Linking / Locating of TXS Code . 283.2.5.1.2.6 Generation of Application Code for the TXS Gateway . 283.2.5.1.2.7 Checksums of the Complete Code Directory . 293.2.5.1.2.8 Backup of the Specification Data after Code Generation.293.2.5.1.2.9 Creation of Software and Hardware Listing . 293.2.5.1.2.10 Analysis of MIC files .293.2.5.1.2.11 List of Changeable Parameters . 293.2.5.1.2.12 Software Release CD .303.2.5.1.3Software Download .303.2.5.1.3.1Creation of the Online Database. 303.2.5.1.3.2 Download Procedure .303.2.5.2CM Procedure during Modification of TXS Application Software-. 313.2.5.2.1Engineering .313.2.5.2.1.1 Tracking Changes . . 31,3.2.5.2.1.2 Modification of the Engineering Database using SPACE.313.2.5.2.1.2.1Software Release Modifications .323.2.5.2.1.2.2Interim Software Release Modifications .333.2.5.2.1.3 Functional Tests of Database Modifications . 343.2.5.2.2Code Generation .343.2.5.2.2.1 Check Identity of TXS System Software Configuration .343.2.5.2.2.2 Setup of Engineering Database .343.2.5.2.2.3 Backup of the Engineering Database prior to CodeGeneration .353.2.5.2.2.4 Check of Identity and Consistency of the previouslygenerated C Code .353.2.5.2.2.5 Code Generation .353.2.5.2.2.6 Compiling / Linking / Locating of TXS Code . 363.2.5.2.2.7 Generation of Application Code for TXS Gateway . 36
UF/NREUFTRReviewed QA-I, UFTR-QA I-02Copy 1Revision 0Page 6 of 533.2.5.2.2.8 Checksums of the complete Code Directory . 363.2.5.2.2.9 Backup of the Specification Data after Code Generation.373.2.5.2.2.10 Creation of Software and Hardware Listings . 373.2.5.2.2.11 Analysis of the MIC-files .373.2.5.2.2.12 List of Changeable Parameters .37373.2.5.2.2.13 Software Release CD .383.2.5.2.3 Software Download .3.2.5.2.3.1 Creation of the new Online Database .38383.2.5.2.3.2 Download Procedure .3.2.5.2.3.3 System Normalization .393.2.5.2.3.4 Software Download after Module Replacement . 393.2.5.2.3.5 Final Documentation . . 393.2.5.3CM Procedure during Parameter Modifications .393.2.5.3.1 Changeable Parameters .40403.2.5.3.2 Verification of Parameter Changes .3.2.5.3.3 Constants .403.2.6 Media Control . .413.2.6.1Media Control for Documents .413.2.6.2Media Control for TXS System Software and Additional Software41. .3.2.6.3Media Control for SPACE Function Diagrams, Test Scripts, andService Scripts .413.2.6.4Software Release CD .413.3 Configuration Status Accounting .423.4 Configuration Audits and Reviews .423.4.13.4.23.4.33.4.4Software Configuration Management Plan Reviews .Physical Configuration Audits .Functional Configuration Audits .Software Process Audits .3.5 Interface Control .3.5.13.5.23.6Organizational Interfaces .Project Software Interfaces to External Items .Subcontractor/Vendor Control .43434344444444. 443.7 Anomalies Identified after Release .454. SCM Schedule .465. SCM Resources .475.1Tools .47
UFINREName:UFTRDate:5.1.15.1.25.1.3Reviewed byPreparedbyInitials:Name:Date:Initials:QA-I, UFTR-QAI-02Copy 1Revision 0Page 7 of 53Tools Overview . e. 47Tools for Application Software .47Tools for Sim ulation and Verification . . 475.2Personnel .475.3Software Librarian .476. SCM Plan Maintenance .486.1Responsibility .486.2Updates .486.3Change Approval .486.4Change Distribution .48
UFMREUFTRReviewed QA-1, UFTR-QAI-02Copy 1Revision 0 FPage 8 of 541. IntroductionThe UFTR Digital Control System Upgrade Project is executed according to the projectphases defined in UFTR "Quality Assurance Project Plan (QAPP)," /3/, as Project Startup/Conceptual EngineeringBasic HW/SW EngineeringDetailed HW/SW EngineeringManufacturingTestingInstallation and CommissioningFinal DocumentationDuring this process, the configuration of the software and its documentation is required tobe controlled by this Plan. This Plan controls:a. Software code that is generated and loaded onto the TELEPERM XS (TXS) I&CSystemb. Documentation for the software (e.g., Software Requirements Specification).Software Configuration Management (SCM) is the process that identifies the softwareconfiguration items (CIs), identifies System and Application Software anomalies, controlschanges to the Application Software, records and reports the status of the changes, andverifies the correctness and completeness of the released software.Per IEEE Std 828-1990, /18/, processes and activities are established for:* Identification and control of interface documentation* Identification and establishment of baselinese Review, approval, and control of software design and code* Tracking and reporting of design changes* Audits and reviews of the evolving software product1.1PurposeThe Software Configuration Management Plan (SCMP) is established to providethe method and tools to identify and control the TXS Application Software developed forthe UFTR Reactor Protection System (RPS).The SCMP follows the guidance of IEEE Std 828-1990, /18/, and ANSI/IEEE Std1042-1987, /20/, as endorsed in Regulatory Guide 1.169, /21/, with the exception of theuse of the configuration control board. The UFTR method meets the intent of IEEE Std828-1990, /18/, and ANSI/IEEE Std 1042-1987, /20/.The intended audience and primary users of the SCMP are those that are planningand executing SCM activities or conducting SCM audits.
UFINREUFTRName:Date:1.2PreparedbyInitials:Reviewed byName:Date:Initials:QA-l, UFTR-QA1-02Revision 0Copy IPage 9 of 54Scope and ApplicabilityThis Plan applies to all software and related documentation for the design,modification, and testing of TXS Application Software developed for the UFTR digitalcontrol upgrade. In addition, this Plan applies to Graphic Service Monitor (GSM) Screendevelopment and the Qualified Display System (QDS). The Plan is applicable from theBasic Design Phase to the completion of the Final Documentation Phase. At thecompletion of the Final Documentation Phase, SCM is controlled by UFTR's SoftwareQuality Assurance Plan (SQAP), /4/, and UFTR's Software Library and Control, /10/.Configuration Management of the Application Software is the responsibility of theUFTR Software Development Group. The identification and reporting of ApplicationSoftware anomalies apply to all personnel involved in the UFTR Digital Control UpgradeProject.This SCMP does not apply to the TXS system platform or software developmenttools or changes. The TXS system platform and tools software development and changesare performed by AREVA NP GmbH (Germany) on a project-independent (generic)basis and are handled by their respective Configuration Management Plan. The TXSsystem platform software is purchased for the UFTR digital upgrade. Each item ofproject-independent software purchased from AREVA NP GmbH is delivered with aCertificate of Conformance (CoC). Each CoC for the project independent software isreviewed to be current and applicable for its intended purpose.1.3References1.3.1 UFTR Documents/1//2//3//4//5//6//7//8//9//10// 11/UFTR-QAP, "Quality Assurance Program (QAP)"UFTR-QAP-0 1-P, "Conduct of Quality Assurance"UFTR QA1-QAPP, "Quality Assurance Project Plan (QAPP)"UFTR-QA 1-01, "Software Quality Assurance Plan (SQAP)"UFTR-QA1 -03, "Software Verification and Validation Plan (SVVP)"UFTR-QA1-09, "Software Operations and Maintenance Plan"UFTR-QAI-10, "Software Training Plan"UFTR-QA 1-11, "Software Reviews and Audits"UFTR-QA1-105, "Cyber-Security"UFTR-QAI-109, "Software Library and Control"UFTR-QA I-113, "Software Generation and Download"1.3.2 AREVA NP Inc. Documents/12/ AREVA NP Inc. Document No., 01-1007861-00, "TELEPERM XSSoftware Authentication Tools reflist and scanmic (TXS Softwarerelease 3.0.0 and Higher for LINUX) User Manual TXS-1034-76V1.0/02.03"
UUFTRName:Date:PreparedbyInitials:Reviewed byName:Date:. Initials:QA-), UFTR-QAI-02Revision 0copy IPage 10 of 54/13/AREVA NP Inc. Document No. 01-1007773-01, "TELEPERM XSCode Generation (for TXS Software Release 3.0.0 and Higher forLINUX) User Manual"/14/ AREVA NP Inc. Document No. 01-5044046-01, "TELEPERM XSSIVAT-TXS Simulation Based Validation Tool (version 1.5.0 andhigher) User Manual TXS-1047-76-V2.1"/15/ AREVA NP Inc. Document No. 01-1007859-00, TELEPERM XSSPACE Editor (TXS Software release 3.0.0 and Higher for LINUX)User Manual"/16/ AREVA NP Inc. Document No. 01-1007770-00, TELEPERM XSDatabase Administration Tool dbadmin (TXS Software release 3.0.0and Higher for LINUX) User Manual1.3.3 Industry Standards/17/ IEEE Std 610.12-1990, "Standard Glossary of Software EngineeringTerminology"/18/ IEEE Std 828-1990, "Standard for Software ConfigurationManagement Plans"/19/ IEEE Std 1012-1998, "Standard for Software Verification andValidation"/20/ ANSI/IEEE Std 1042-1987, "An American National Standard IEEEGuide to Software Configuration Management"1.3.4 NRC Documents/21/ Regulatory Guide 1.169, "Configuration Management Plans for DigitalComputer Software Used in Safety Systems of Nuclear Power Plants",September 19971.4Definitions, Abbreviations And Acronyms1.4.1 DefinitionsAnomaly, [IEEE Std 1012-1998,/19/]:Any condition that deviates from the expected condition based on requirements,specification, design, documents, user documents standards, etc., or fromsomeone's perceptions or experiences. Anomalies may be found during, but are notlimited to, the review, test, analysis, compilation, or use of software products orapplicable documentation.Application SoftwareThe plant specific functionality of the TXS I&C System that is documented andgenerated by the SPACE Engineering Tool. The platform System Software uses this
UFINREUFTRReviewed QA-I, UFTR-QAI-02Copy IRevision 0Page 11 of 54configuration data in order to carry out the application specific functionality of theI&C system.Baseline, [IEEE Std 61 0.12-1990, /17/]:A specification or product that has been formally reviewed and agreed upon, thatthereafter serves as the basis for further development, and that can be changed onlythrough formal change control procedures. Formal review and agreement meansthat responsible management has reviewed and approved a baseline. Baselines aresubject to change control. (Reg. Guide 1.169, /21/)Baseline Management, [IEEEStd 610.12-1990, /17/]:In configuration management, the application of technical and administrativedirection to designate the documents and changes to those documents that formallyidentify and establish baselines at specific times during the life cycle of aconfiguration item.Component, [IEEE Std 610.12-1990,/17/]:One of the parts that makes up a system. A component may be hardware orsoftware and may be subdivided into other components.Configuration, [IEEE Std 610.12-1990, /17/]:(1) The arrangement of a computer system or component as defined by the number,nature, and interconnections of its constituent parts. (2) In configurationmanagement, the functional and physical characteristics of hardware or software asset forth in technical documentation or achieved in a product.Configuration Control, [IEEESid 610.12-1990, /17/]:An element of configuration management, consisting of the evaluation,coordination, approval or disapproval, and implementation of changes to CIs afterformal establishment of their configuration identification.Configuration Control Board (CCB), [IEEE Std 610.12-1990, /17/]:A group of people responsible for evaluating and approving or disapprovingproposed changes to CIs, and for ensuring implementation of approved changes.Configuration Identification, [IEEE Std 610.12-1990, /17/]:An element of configuration management, consisting of selecting the CIs for asystem and recording their functional and physical characteristics in technicaldocumentation. The current approved technical documentation for a configurationitem as set forth in specifications, drawings, associated lists, and documentsreferenced therein.
UFINREUFTRName:Date:PreparedbyInitials:Reviewed byName:Date:Initials:QA-), UFTR-QA1-02Revision 0Copy 1Page 12 of 54Configuration Item (CI), [IEEEStd 610.12-1990, /17/]:An aggregation of hardware, software, or both, that is designated for configurationmanagement and treated as a single entity in the configuration management process.Configuration Management (CM), [IEEE Std 610.12-1990,/17/]:A discipline applying technical and administrative direction and surveillance to:***"Identify and document the functional and physical characteristics of aconfiguration itemControl changes to those characteristicsRecord and report change processing and implementation statusVerify compliance with specified requirementsConfiguration Status Accounting, [IEEE Std 610.12-1990, /17/]:An element of configuration management, consisting of the recording and reportingof information needed to manage a configuration effectively. This informationincludes a listing of the approved configuration identification, the status ofproposed changes to the configuration, and the implementation status of approvedchanges.Control Point, [IEEE Std 828-1990,/18/]:A project agreed on point in time or times when specified agreements or controlsare applied to the software CIs being developed, e.g., an approved baseline orrelease of a specified document/code.Functional Configuration Audit, [IEEE Sid 610.12-1990,/17/]:An audit that is conducted to verify that the development of a configuration itemhas been completed satisfactorily, that the item has achieved the performance andfunctional characteristics specified in the functional or allocated configurationidentification, and that its operational and support documents are complete andsatisfactory.Functional Requirements Specification (FRS)A document that is provided by the customer or his agent that describes in detail thefunctions of the system to be installed new or replaced. The FRS will include bothhardware and software functions of the system. This document can be called by adifferent name, but whatever document is provided by the customer to meet thisfunction will fit this definition.Interface, [IEEE Std 610.12-1990, /17/]:*A shared boundary across which information is passed. This boundary includesdesign interfaces between design organizations (Reg. Guide 1.169, /21/)
d byName:Date:QA-I, UFTR-QA 1-02Revision 0TInitials:Copy IPage13 of 54A hardware or software component that connects two or more other componentsfor the purpose of passing information from one to the otherTo connect two or more components for the purpose of passing informationfrom one to the otherTo serve as a connecting or connected component as in (2)Interface Control, [IEEE Std 610.12-1990,/17/]:In configuration management, the process of:**Identifying all functional and physical characteristics relevant to the interfacingof two or more CIs provided by one or more organizations, andEnsuring that proposed changes to these characteristics are evaluated andapproved prior to implementation.MAC AddressMedia Access Control Address - a 48-bit unique identifier assigned to networkcommunication hardware, commonly expressed as a string of six octets inhexadecimal representation.Open ItemAny item which constitutes an error or anomaly from the required status orcondition of a properly completed project. Open Items are each given a record witha unique (to the project) identifier and maintained by the Project Coordinator. Theentry contains information to track the cycle of the item from initiation to finalresolution.Physical Configuration Audit, [IEEE Std 610.12-1990, /17/]:An audit that is conducted to verify that a configuration item, as built, conforms tothe technical documentation that defines it.Release, [IEEEStd 1042-198 7, /20/]:A term that is used to designate certain promotions of CIs that are distributedoutside the development organization.Scanmic, [TXS Software Authentication Tools reflist and scanmic,/12/]:TXS software authentication tool that is used to analyze the software configurationof loadable code (MIC file), as well as:*Read the version strings of the application software components contained in aloadable MIC file from the MIC file itself*Calculate the CRC Checksum for each software segment in the MIC fileCalculate the CRC Checksum for the entire MIC file*
UFINREUFTRName:Date:PreparedbyInitials:Reviewed byName:Date:Initials:QA-I, UFTR-QA I-02Revision 0Copy 1Page 14 of 54This information can be output to a list that serves to document the generatedsoftware version. Differences in the software configuration between the old versionand the new version can be determined from these lists and verified.SIVAT, [TXS SIVA T, /14/]:Allows the functionality of the I&C system engineered in SPACE to be tested bysimulation based on the code generated by the FDG code generator and the RTEcode generator. This enables engineering errors to be detected at an early stage.The objective of the test is to verify that the requirements have been translated intofunction diagrams without errors, and that the software automatically generatedfrom these function diagrams provides the functionality required in terms of inputand output response. The tests cover interface to the RTE, use of correct functionblocks and whether they have been correctly connected and parameterized. Thefailure of I/O modules, processing modules and data messages can be simulated.The tests are run using scripts that define the input and output signals of the I&Csystem and the simulation run. The test results are recorded in log files and plots forfurther evaluation. Process models can also be linked into the simulator to performclosed-loop tests.Software, [IEEE Std 610.12-1990,/17/]:Computer programs, procedures, and possibly associated documentation and datapertaining to the operation of a computer system. Types of software included for aTXS project are System Software, Application Software and tools.Software Library, [IEEE Std 610.12-1990, /17/]:A controlled collection of software and related documentation that is designed toaid in software development, use, or maintenance. Types include master library,production library, software development library, software repository, and systemlibrary.Software Life Cycle, [IEEE Std 610.12-1990,/17/]:The period of time that begins when a softwareproduct is conceived and ends whenthe software is no longer available for use.SPACE, [TXS SPACE, /15/1:Engineering system comprising the tools used for the engineering and maintenanceof the TXS I&C software. Engineering in this context refers to the overall processof creating and testing the I&C software. SPACE tools cover the following:*Specification of the I&C functions and hardware topology*Automatic code generation**Software authentication (reflistand scanmic)Software Loading
UF/NREUFTRReviewed s:QA-I, UFTR-QA 1-02Copy IRevision 0Page 15 of 54Load Analysis toolDatabase administrationUnit, [IEEE Std 610.12-1990, /17/]:" A separately testable element specified in the design of a computer softwarecomponent" A logically separable part of a computer program* A software component that is not subdivided into other componentsVersion, [IEEESid 610.12-1990, /17/]:An initial release or re-release of a computer software configuration item,associated with a complete compilation or recompilation of the computer softwareconfiguration item.V&V (Verification and Validation), [IEEESid 610.12-1990,/17/]:!The process of determining whether the requirements for a system or componentare complete and correct, the products of each development phase fulfill therequirements or conditions imposed by the previous phase, and the final system orcomponent complies with specified requirements.1.4.2 Abbreviations And AcronymsANSICCBCDAmerican National Standards InstituteConfiguration Control BoardCompact DiscCD-ROMCompact Disc - Read Only CSIDIEEEISConfiguration ItemConfiguration ManagementCertificate of ComplianceCyclic Redundancy CheckEngineering Change ProposalElectrically Erasable Programmable Read Only MemoryFactory Acceptance TestFunction Diagram GroupFlash Erasable Programmable Read Only MemoryFunctional Requirements SpecificationGraphic Service MonitorInstrumentation and ControlInput/OutputI&C SystemsIdentificationInstitute of Electrical and Electronic EngineersInformation System
UFINREUFTRReviewed me:Date:Initials:QA-), UFTR-QAI-02Copy 1Revision 0Page 16 of 54Independent Verification & ValidationMedia Access ControlAn executable file in the Micros sys
a. Software code that is generated and loaded onto the TELEPERM XS (TXS) I&C System b. Documentation for the software (e.g., Software Requirements Specification). Software Configuration Management (SCM) is the process that identifies the software configuration items (CIs), identifies System and Application Software anomalies, controls
