ML11318A030
ML11318A030
ML11318A030
w s"
Revision I
Table of Contents
2. R eferences ...................................................................................................... 11
2.1. Industry Documents .....................................................................
11
2.2. NRC Documents .......................................................................
11
2.3. 12
PG&E Documents ......................................................................
2.4. Invensys Triconex Docum ents ..............................................................
12
8. Appendices .................................................................................................... 40
41
Appendix A - Typical Verification and Validation Flow Chart ..............................................
42
Appendix B - T ask R eport L og ..................................................................
44
Appendix C - T ask R eport Forin .................................................................
i r 7 V "e . n s '.4 s " in v'e. nvs '. s "
List of Figures
Figure 1. Westinghouse PWR Reactor Protection Concept ...................................................... 7
Figure 2. Tricon Protection Set Architecture for the PPS Replacement System ................. ...*....... 9
Figure 3. PPS Replacement Project Organization Structure ..................................................... 16
inv e.n s'.b s
in v'e. n s'.j s"
Operations Management Triconex
I Document: 993754-1-802 Title: Software Verification And Validation Plan
Revision: I Page: 7 of 46 1 Date: 1 10/13/2011
1. Introduction
1.1. Purpose
The purpose of this Software Verification and Validation Plan (SVVP) is to establish the
requirements for the Verification and Validation (V&V) process to be applied to the TriStation
Application Project (TSAP) software developed for the Process Protection System (PPS)
Replacement Project, running on the Safety-Related V10 Tricon platform hardware. This SVVP
is described in the Software Quality Assurance Plan (SQAP) [Ref 2.4.8]. This SVVP includes
the TSAP software and V 10 Tricon system hardware interface with Advanced Logic System
(ALS) (but not the ALS functions themselves), and Maintenance Workstation (MWS).
Control
Power
Cabinet •
WReactor Control
a aed dd o Trip M-G
i Sets
uon tcts e
...- •[State
NIS Protection
Racks and-impleme
ThePis and
clVPalssidfineds Nucear Saey-eatd(CasE proec
activities
allhmspcii b shall
erormply
with the applicable requirements of the Invensys Operation Management Nuclear Quality
in v'e. n s , " in ve. n s.t s
Assurance Manual (IOM-Q2) [Ref 2.4.1] and any additional quality requirements specified in
the Project Quality Plan (PQP) [Ref 2.4.7].
This SVVP is prepared in accordance with PPM 7.0 [Ref 2.4.4], Application Program
Development, and follows the guidelines described in IEEE 10 12-1998 "IEEE Standard for
Software Verification and Validation" [Ref 2.1.6], IEEE 1074-1995, "IEEE Standard for
Developing Software Life Cycle Processes" [Ref 2.1.9], and Branch Technical Position 7-14,
"Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control
Systems", [Ref 2.2.6].
1.2. Scope
The V&V activities described in this SVVP apply to VI10 Tricon Protection Set software,
documents, and other items that are produced during implementation of this project. The
boundaries of the V&V activities include I/O inputs from ALS and data link inputs via the TCM
for the MWS. These ALS inputs to the V10 Tricon will be simulated during the factory
acceptance test, as discussed in Invensys document 993754-1-813, Validation Test Plan. This
SVVP does not include V&V of the software running on ALS and the MWS as shown in Figure
2. This V&V process does not include operating systems, software, or firmware other than the
TSAP generated by the TriStation 1131 (TS 1131). This SVVP does not include V&V of the
TS 1131 programming tool, which will be used to develop the TSAP software. Software
generated by Vendors other than Invensys Operations Management are verified and validated by
the originating organization under separate programs. This SVVP addresses the attributes of
third-party software only to the extent of verifying that the inputs, outputs, and displays are
correct as specified.
i n \e.V n s ' s"
in vae. n s'.y s"
Operations Management Triconex
Document: 993754-1-802 Title: I Software Verification And Validation Plan
Revision: I Page: 9 of 46 1 Date: 1 10/13/2011
Figure 2. Tricon Protection Set Architecture for the PPS Replacement System.
in v"e, S" .- ineve. ns'.u s"
Operations Management Triconex
Document: 993754-1-802 Title: Software Verification And Validation Plan
Revision: 1 Page: 10 of 46 I Date: 10/13/2011
Traceability is critical to the success of the project. Traceability is achieved through the
development of a Project Traceability Matrix (PTM). Traceability shall be determined sufficient
if one is able to trace requirements from design inputs to design outputs and to trace requirement
from design outputs back to design inputs (forward and backward traceability).
The PTM has shared responsibility. The Requirement and Design Phase PTM are prepared by
Nuclear Delivery, where the Implementation and Test Phase PTM are prepared by Nuclear
IV&V.
2. References
3.1. Definitions
Acceptance Testing: Formal testing conducted to deten-nine whether or not a system satisfies
its acceptance criteria and to enable the customer to determine whether or not to accept the
system.
Anomaly: A condition observed in the documentation or operation of hardware and software
that deviates from expectations based on previously verified hardware/software products or
reference documents. A critical anomaly is one that must be resolved before the V&V effort
proceeds to the next phase.
Baseline: A work product that has been formally reviewed and accepted by the involved parties
as the revision level approved for the Implementation Phase of the project. A baseline should be
changed only through formal configuration management procedures. Some baselines may be the
project deliverables, while others provide the basis for further work.
Component Testing: Testing conducted to verify the implementation of the design for a system
hardware/software element (e.g., unit, module, function block etc,).
Criticality: A subjective description of the intended use and application of the system. Software
and hardware criticality properties may include: safety, security, complexity, reliability,
performance, or other characteristics.
Criticality Analysis: A structured evaluation of the software characteristics (e.g., safety,
security, complexity, performance) for severity of impact of system failure, system degradation,
or failure to meet software requirements or system objectives.
Deliverable: Document or product submitted to satisfy a requirement of the contract.
Demonstration: This is the life cycle activity where customer Factory Acceptance Testing
occurs.
Detailed Design: This life cycle activity contains typical work packages used during the design
stages of the project, such as: review design input, prepare P&IDs, define design control
strategies, develop design reports, etc.
Hazard Analysis: A systematic qualitative or quantitative evaluation of software for
undesirable outcomes resulting from the development or operation of a system. These outcomes
may include injury, illness, death, mission failure, economic loss, environmental loss, or adverse
social impact. This evaluation may include screening or analysis methods to categorize,
eliminate, reduce, or mitigate hazards.
Implementation: This life cycle activity contains typical work packages used during the
hardware staging and software installation phase of the project. Typical work packages include:
review detailed implementation input, procure materials, configure control strategies, and
prepare test procedures and cases.
Inspection: A static analysis technique that relies on visual examination of development or
purchased products to detect errors, violations of development standards, specifications, and
other problems.
Integration Testing: An orderly progression of testing of incremental pieces of the software
program in which software elements, hardware elements, or both are combined and tested until
in ve. n s" s inV'e. n s. s"
Operations Management Triconex
Document: 1 993754-1-802 1 Title: I Softare Verification And Validation Plan
Revision: 1 Page: 14 of 46 1 Date: 1 10/13/2011
the entire system has been integrated to show compliance with the programs design, and
capabilities and requirements of the system. Typical work packages include verification of
control strategies, document verification and resolution of discrepancies. Verification is
performed during this activity.
Integrity level: A denotation of a range of values of a property of an item necessary to maintain
system risks within acceptable limits. For items that perform mitigating functions, the property is
the reliability with which the item must perform the mitigating function. For items whose failure
can lead to a threat, the property is the limit on the frequency of that failure.
Life Cycle Activity: A set of interrelated activities or processes that result in the development
or assessment of software and hardware products. For V&V purposes, no process is concluded
until its development products are verified and validated according to the defined tasks in the
SVVP.
Management Activity: This life cycle activity contains the generic activities and tasks, which
may be employed by any party that manages its respective processes. Examples of tasks are 1)
prepare plans for execution; 2) initiate the plans, etc. This activity is applicable to all life cycle
phases.
Phase: Defined for this document as a step in life cycle activity.
Preliminary Design: This life cycle activity contains typical work packages used in the
preliminary stages of a project, such as: contract review, define control strategies, develop
Project Plans, and describe change management.
Project Traceability Matrix: A documented matrix indicating the origin of the requirements,
their implementing design output documentation and the corresponding testing requirements.
Unit: An assembly of interconnected components that constitutes an identifiable device,
instrument, or piece of equipment. A unit can be disconnected, removed as a single piece, and
replaced by a spare. It has definable performance characteristics that permit it to be tested as a
single assembly. Software functions that meet the requirements of this definition are also defined
as a unit. By this definition, the words "unit" and "module" (hardware/software) are
interchangeable.
Verification: The process of evaluating a system or component to determine whether the
products of a given development phase satisfy the conditions imposed at the start of that phase.
Validation: The process of evaluating a system or component during or at the end of the
development process to determine whether it satisfies specified requirements.
3.2. Acronyms
ALS Advanced Logic System
DRCS Document Review Comment Sheet
FAT Factory Acceptance Test
FMEA Failure Modes and Effects Analysis
HRS Hardware Requirements Specification
HVT Hardware Validation Test
10 Input/Output
IV&V Independent Verification and Validation
M&TE Measurement and Test Equipment
inn V' . n • , s-
.,Lj inV'e. nfs'.tS.Ys"
4. V&V Overview
The V&V approach as described in IEEE 10 12-1998 will be used for conducting project V&V
activities. These activities will be planned and scheduled per the project schedule, the applicable
PPMs [Ref 2.4.4], and the PQP.
The V&V efforts shall be accomplished using a Nuclear Independent Verification & Validation
organization not associated with the Nuclear Delivery organization as identified in the PQP. This
independent V&V process is consistent with the process described in Annex C.4.1 of IEEE
1012-1998.
4.1. Organization
The Nuclear IV&V group shall be responsible for performing independent design document
review, software design verification, generating and verifying the V&V documents, and
performing V&V test executions. The Nuclear IV&V group will define its own schedule for the
V&V activities without any restrictions or influence from the Nuclear Delivery group.
The PPS Replacement Project team members from Nuclear IV&V include the IV&V Team Lead
and three IV&V Engineers.
During day-to-day V&V execution, the Nuclear IV&V team will interface with ND engineers
and the PQAE as needed. When anomalies have been identified during the project lifecycle,
cases may arise that require escalating the resolution to higher levels of management within
Invensys Operations Management. In Figure 3, the lines of communication between the
organizations at the Management and Director levels are shown by the dashed lines. As shown,
issues requiring escalation can be escalated up separate and independent reporting chains up to
the Director level. In those rare cases that the Director level is not sufficient, IOM-Q2 allows
escalation to the Regional and Global Director levels and still maintain the necessary managerial,
technical, and financial independence necessary for compliance with NRC requirements
contained in, for example, Regulatory Guide 1.168 [Ref 2.2.1].
Director- 77]
The Nuclear IV&V Director reports to the Global Director of Quality, and is responsible for
providing resources and expertise to V&V operations.
Manager - I L
The Nuclear IV&V Manager reports to the Director, Nuclear IV&V, and is responsible for
implementation of the nuclear IV&V activities conducted at the Invensys Operations
Management Lake Forest Facility. The IV&V Manager has the authority and organizational
freedom to ensure that V&V activities are managerially, technically, and financially independent
of the development organization. The IV&V Manager approves Project IV&V documents, e.g.,
Software Verification and Validation Plan (SVVP), IV&V Phase Reports, etc.
Staff -
The Nuclear IV&V Staff reports to the Nuclear IV&V Manager. Some of the major functions
and responsibilities for the IV&V Staff are listed below.
" Prepare the Software Verification and Validation Plan (SVVP).
" Prepare the Software Safety Plan (SSP).
" Prepare the Safety Analysis (Criticality/Hazards/Risk/Interface).
" Prepare the Validation and Verification Test Plans.
i n v'e.n" in V e. n s .t s
Operations ManagemenTt riconex
I Document: 1993754-1-802 Title: I Software Verification And Validation Plan
Revision: 1 Page: 18 of 46 I Date: 1 10/13/2011
The following is a listing of the documents generated as a result of PPS Replacement Project
V&V activities. These documents shall be controlled per PPM 4.0 [Ref 2.4.4]. The specific
documents shall be developed and processed in accordance with the controlling Project
Procedures Manual. These documents shall be generated by the Nuclear IV&V staff, with the
exception of the PTM 1 and will be verified by Nuclear IV&V staff and approved by Nuclear
IV&V Manager.
1) Software Verification and Validation Plan, 993754-1-802.
2) Software Safety Plan, 993754-1-911.
3) Safety Analysis (Criticality/ Hazard/ Risk/ Interface), 993754-1-915.
4) Validation Test Plan, 993754-1-813.
5) Project Traceability Matrix, 993754-1-8041
6) Software Verification Test Plan, 993754-1-868.
7) Validation Test Specification, 993754-1-812.
8) Software Verification Test Specification, 993754-1-869.
9) Software Verification Test Procedure and Test Case, 993754-1n 2 -870-k 3 .
10) Software Verification Test Case Execution and Report, 993754-1n 2-853.
11) Hardware Validation Test Procedure, 993754- In 2-902-0.
12) Factory Acceptance Test Procedure, 993754-1 n2-902-1.
13) Validation Test Report.
a. Hardware Validation Test Report, 993754-1n 2-854-0.
b. Factory Acceptance Test Report, 993754-1n 2-854-1.
14) Project Traceability Matrix 1 , 993754-1-804.
15) V&V Phase Summary Reports, 993754-1-856 to -863.
16) System Time Response Confirmation Report, 993754-1-818.
The PTMs has shared responsibility. The Requirements and Design Phase PTM are prepared by Nuclear Delivery,
where the Implementation and Test Phase PTMs are prepared by Nuclear IV&V.
2 n = 1 through 4 to match the Protection Set. Project Plans are not required to have this additional number because
the plans are at the project level and not specific to a particular Protection Set.
3 k = 1 through i, where i is the number of programs in the V10 Tricon Protection Set application program (PT2
file).
in v'e. n s". inve. ns. s
Operations Management Triconex
I Document: 1993754-1-802 1 Title: I Software Verification And Validation Plan
Revision: 1 Page: 19 of 46 Date: 10/13/2011
The project documents listed below identify the types of design outputs at the system level and
will be assigned a Software Integrity Level 4 rating:
1) Project Plans, Software V&V Plan, Software Safety Plan.
2) Project Specifications/Reports
a. Hardware Requirements Specification (HRS)
b. Software Requirements Specification (SRS)
c. Software Design Description (SDD)
d. Validation Test Specification
e. Verification Test Specification
f. V&V Activity Summary Reports
3) System Design Integration Drawings.
4) TriStation Application Project application program.
5) Verification and Validation Test Produces, Test Reports, Final V&V Report.
3) Application of relevant U.S. NRC staff guidance related to design and licensing of
nuclear safety systems, such as DI&C-ISG -06 [Ref 2.2.4].
4) Understanding of staff guidance contained in Chapter 7 of U.S. NRC NUREG-0800,
Standard Review Plan [Ref 2.2.5].
5) Application of Institute of Electrical and Electronics Engineers standards (e.g., those
endorsed by U.S. NRC Regulatory Guides) relevant to independent verification and
validation of software for nuclear safety-related applications.
6) Implementation of the Invensys Operations Management NSIPM and PPM to nuclear
safety-related projects.
7) Knowledgeable in the use of the TS 1131 Developer's Workbench, Invensys Emulator
Test Driver (ETD) and Microsoft Excel.
8) Knowledgeable of Tricon hardware.
9) Knowledgeable of safety and protection systems.
10) Experienced with reading and interpreting P&IDs, instrument diagrams, and function
block diagrams.
4.5.1. Tools
i n v'e. n s. s'
in v e. n s'.> s"
Operations Management Triconex
I Document: 1993754-1-802 Title: I Software Verification And Validation Plan
Revision: 1 Page: 21 of 46 1 Date: 1 10/13/2011
EL
i nv'e.n s'.: s"
in v'e. n s'.> s
Operations Management Triconex
I Document: 993754-1-802 Title: Software Verification And Validation Plan
Revision: 1 Page: 22 of 46 1 Date: 1 10/13/2011
w
in v* .n s'.ý s
i~~~~~~~ "e. rn {• - ".:: i V"e n s'.ý:
.. s-
5. V&V Process
The following explains the correlation of the Invensys Operations Management NSIPM life
cycle to IEEE 1012-1998 life cycle processes and activities.
Table 1. LifecycleMapping
IEEE 1012 V&V Lifecycle Processes NSIPM V&V Lifecycle Processes
Management Throughout (Primary Planning)
Acquisition Acquisition
Supply Throughout (Planning)
Development Development
" Concept • Planning
" Requirements • Requirements
" Design ° Design
" Implementation ° Implementation
• Test ° Test
Operation Delivery (scope of supply based on contract requirement.)
Maintenance
1) Management
The Management process is applicable to all phases the Project. Invensys Operations
Management shall meet the task performance requirements for management of V&V as
stated in IEEE 1012-1998. All acquisition process tasks shall be performed as
Management process activities. The supply process contract review task shall be
performed as a Management process activity.
2) Acquisition
Prior to accepting a Purchase Order, Nuclear Delivery reviews it to identify any
compliance issues. Until the review is completed, the Purchase Order is placed on.
Nuclear Hold, until the Acceptance Review is completed. A compliance matrix is created
to determine that the PG&E requirement can be satisfied. Nuclear IV&V reviews the
compliance matrix in accordance with IEEE Standard 1012-1998. Any deviations and
exceptions to PG&E requirements will be documented by Invensys Operations
Management and approved by PG&E.
3) Supply
This process is applicable for purposes of contract review, because a purchase order has
been offered and accepted. The supply process is initiated by either a decision to prepare
a proposal to answer an acquirer's request for proposal, or by signing and entering into a
contract with the acquirer to provide the system. This process also verifies that the
request for proposal requirements and contract requirements are consistent.
4) Development
This process is applicable to the Project and incorporates the majority of the project
activities. Invensys Operations Management shall meet the task performance
requirements for Development process activities as outlined below:
i n V e. n s-.i s- in Ve. nl s'. s"
Operations Management Triconex
Document: 993754-1-802 Title: Software Verification And Validation Plan
Revision: 1 Page: 24 of 46 1 Date: 1 10/13/2011
During the development process, the following tasks shall be performed and the V&V
task reports issued if any changes to design inputs occur.
a. Evaluation of New Constraints
b. Proposed Change Assessment
These tasks shall be performed as part of the Baseline Change Assessment task included
in each lifecycle activity.
5) Operation
This phase covers the operation of the software product and operational support to users
after installation normal commissioning. It addresses operational testing, system
operations, and user support with respect to the operating procedures.
This is not applicable to the PPS Replacement Project after delivery to the customer.
Plant operating procedures are not within the Invensys Operations Management scope of
work.
6) Maintenance
This applies to modifications to code and associated documentation caused by a problem
or a need for improvement or adaptation of the product. It addresses modifications,
migration, or retirement of the software during the operational process.
Contract requirements are defined by the Warranty terms. These requirements shall be
maintained, along with processes for bug fixes (hardware and software), repairs, and
available upgrades. However, these processes are controlled at a corporate level, and
outside the scope of the PPS Replacement Project once the system is delivered.
in v" 2. n "s.• s- in ye. n.t', s-
Operations Management Triconex
I Document: 1993754-1-802 1 Title: I Software Verification And Validation Plan
Revision: I Page: 25 of 46 Date: 10/13/2011
Good communication between the ND staff and the Nuclear IV&V staff is a significant
contributor to a proper V&V process. One of the objectives of the V&V process is to verify the
assumptions incorporated into the design solution. The V&V process must ensure that the basis
for an assumption is correct and that the system requirements are met within the constraints of
the assumptions.
Tricon system hardware and software were verified as part of the initial qualification program
for Tricon hardware and software as identified in the Nuclear Qualified Equipment List (NQEL)
[Ref 2.4.5]. The TS 1131 programming tool is included in the set of software approved by the
NRC. In accordance with PPM 7.0, Application Program Development, the TSAP software and
system hardware lifecycle activities or phases applicable to the verification and validation of the
PPS Replacement Project are as follows:
1) Planning
2) Requirements
3) Design
4) Implementation
5) Test
The Project will utilize the design review methodology to perform the design verification
process as defined in PPM 2.0 [Ref 2.4.4].
Should baseline documents require modification, the changes shall be controlled in accordance
with PPM 2.0 and PPM 3.0 as appropriate. The design review will use both an in-process project
peer review and an independent review by an independent review engineer.
in v'e. n s's in V e. n s'.* s
F-L
in v'e. n s-. s" in Ve.n S
se . s'
information flow, processing steps, and other aspects required to be implemented in order to
satisfy the system design requirements. The intent of design verification is to ensure that the
design documents are clear and understandable, accurate, correct, consistent, complete,
implementable, testable, and traceable to the design requirements. The V&V tasks are conducted
on an ongoing basis. Test planning and verifying the conformance of the design are major
objectives of these V&V activities.
LiZ
i n V e. n s-
n v* e. n s-.!ý-j s-
Operations Management Triconex
Document: 993754-1-802 Title: Software Verification And Validation Plan
Revision: I Page: 30 of 46 1 Date: 1 10/13/2011
EiJ
5.2.5. Test Phase
The above verification process should provide a reasonable degree of assurance that the design
requirements were adequately and accurately translated through the Requirements, Design, and
Implementation Phases.
The system validation process determines whether the system meets its functional requirements
(functional operations, system level performance, external interfaces, internal interfaces,
testability, and other requirements stated during the requirements phase). System validation
evaluates the system performance against simulated inputs at the factory test facility. The
integrated system with the actual V10 Tricon Protection Set hardware and software is required.
w
i n v e. n s'.Y s"
in v2 n s'.ý s"
Operations Management Tr iconex
I Document: 1993754-1-802 1 Title: I S• are Verification And Validation Plan
I Revision: I I I Page: 1 33 of 46 1 Date: I 10/13/2011
EL
in V'e. nVS s2 s".
in v~e. n s.. s.
Operations Management Triconex
I Document: 993754-1-802 Title: I Software Verification And Validation Plan
Revision: 1 Page: 34 of 46 Date: 10/13/2011
w
5.3. Post Test/Pre-Ship Checkout
Upon completion of the Test Phase activities, a system integration document package shall be
assembled in accordance with PPM 8.0[Ref 2.4.4]. The package shall include all as-built
drawings, completed test procedures, and customer-specified documents.
LiZ
i nl e. nV s'.l s"
in V'e. n s'.> s"
Operations Management Triconex
Document: 993754-1-802 Title: Software Verification And Validation Plan
Revision: 1 Page: 35 of 46 Date: 10/13/2011
6. V&V Reporting
V&V reporting shall occur throughout the entire life cycle and include the following reporting
mechanisms.
A V&V Validation Test Report is required to be developed per PPM 6.0 to summarize the
results of the tests performed. This Test Report may be either included the Test Phase summary
reports or incorporated them as attachments.
w
i n ve. n s'.
in v'e. n s.! s" s"
w-
in v'e. n s"..
5" inv'e. ns',• s'
w]
The above documents describe the quality assurance, configuration management, data
management, security, and protection of V&V results from unauthorized alterations.
IEEE Standard 603-1991 by reference. There are also a number of regulatory guidance
documents that will be followed by Invensys Operations Management during the V 10 Tricon
Process Protection System development. The regulatory guidance documents endorse consensus
standards from the Institute of Electronics and Electrical Engineers (IEEE). The standards to
which Invensys Operations Management conforms are also listed below.
The software standards, practices, and conventions that govern the performance of V&V tasks
are defined in the Project Procedures Manual. Verification and validation activities shall be
performed in accordance with Project Procedure Manual PPM 2.0, PPM 6.0, and PPM 7.0.
Regulatory Guides:
0 1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.
0 1.168, Verification, Validation, Reviews and Audits for Digital Computer Software Used
in Safety Systems of Nuclear Power Plants.
0 1.169, Configuration Management Plans for Digital Computer Software Used in Safety
Systems of Nuclear Power Plants.
0 1.170, Software Test Documentation for Digital Computer Software Used in Safety
Systems of Nuclear Power Plants.
* 1.171, Software Unit Testing for Digital Computer Software Used in Safety Systems of
Nuclear Power Plants.
0 1.172, Software Requirements Specifications for Digital Computer Software Used in
Safety Systems of Nuclear Power Plants.
a 1.173, Developing Software Life Cycle Processes for Digital Computer Software Used in
Safety Systems of Nuclear Power Plants.
* 1.180, Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in
Safety-related Instrumentation and Control Systems.
IEEE standards:
0 603, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations.
o 7-4.3.2, IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power
Generating Stations.
0 828, IEEE Standard for Configuration Management Plans.
0 829, IEEE Standard for Software Test Documentation.
* 830, IEEE Recommended Practice for Software Requirements Specifications.
0 1012, IEEE Standard for Software Verification and Validation.
0 1028, IEEE Standard for Software Reviews and Audits.
0 1059, IEEE Guide for Software Verification and Validation Plans.
* 1074, IEEE Standard for Developing Software Life Cycle Processes.
* 1228, IEEE Standard for Software Safety Plans.
in v e n s"
in v'e. n s'.> s"
Operations Management Triconex
Document: ] 993754-1-802 ] Title: ] Software Verification And Validation Plan
Revision: I Page: 39 of 46 Date: 10/13/2011
Other standards:
" ANSI/ASME NQA-l -1983, Quality Assurance Program Requirements for Nuclear
Facilities.
• ANSI/ASME NQA-la-1983 (Addenda), Addenda to ANSI/ASME NQA-I-1983, Quality
Assurance Program Requirements for Nuclear Facilities.
" ANSI/ASME NQA-I-1994, the basis for the PPM.
invNe.n s'.o s"
in v'e. n sn.=i s"
Operations Management Triconex
Document: 1993754-1-802 Title: Software Verification And Validation Plan
Revision: 1 Page: 40 of 46 1 Date: I 10/13/2011
8. Appendices
Appendix A - Typical Verification and Validation Flow Chart
Operations Management
Triconex
Document: 993754-1-855
i e. fl
2 nVs s"
in v'e. n s-. s"
Operations Management Triconex
I Document: 1993754-1-802 I Title: I Software Verification And Validation Plan
Revision: 1 Page: 44 of 46 ] Date: 1 10/13/2011
Document: 993754-1-855
in v e. n s'.> s" in v'e.n s'.- s"
wL
Document: 993754-1-855