Auditing Services for Nuclear Power Industry
For safety system software as well as for plant design and analysis software, audits can demonstrate compliance with internal procedures and NRC regulations. Software engineering relies, in part, on software V&V and on technical reviews and audits to meet general quality and reliability requirements in 10 CFR Part 50 Appendix A and B. In addition, management reviews and audits of software processes are part of a verification process consistent with Appendix B.10 CFR Part 50 Appendix B defines quality assurance functions to include verifying, such as by checking, auditing, and inspection, that those activities affecting safety-related functions have been correctly performed. It also requires design control measures for verifying or checking the adequacy of design. V&V organizations may employ audits of software to accomplish these objectives.
Software Quality Consulting has the software engineering skills and resources to perform the required audits on behalf of the software development organization or the licensee's Quality Assurance organization.
Audits are conducted in accordance with IEEE standards, EPRI technical reports, and NRC Reg Guides including:
- IEEE Standard 1012—Software Verification and Validation
- IEEE Standard 1028—Software Reviews and Audits
- IEEE 7-4.3.2 Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations
- NRC Reg Guide 1.152 Criteria for Use of Computers in Safety Systems of Nuclear Power Plants
- NRC Reg Guide 1.168 Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants
- Plant Engineering: Guideline for the Acceptance of Commercial-Grade Design and Analysis Programs used in Nuclear Safety-Related Applications, EPRI TR-1025243
- Guideline for the Utilization of Commercial Grade Items in Nuclear Safety Related Applications, EPRI NP-5652
- Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications, ERPI TR-106439
- Evaluating Commercial Digital Equipment for High Integrity Applications—A Supplement to EPRI Report TR-106439 EPRI TR-107339
For digital equipment, a new dimension is added due to the reliance on software for proper operation of the equipment. The dependability of software of the size and complexity used in most I&C equipment cannot be established by inspection and testing alone. The process used to develop the software is a very important factor in ensuring that the final product will meet its requirements under all conditions that may be encountered in service. As a result, a survey of the software development organization’s development process and quality assurance practices is often required. It serves to verify critical characteristics related to built-in quality and dependability, which are especially important for software.
My team of experienced software engineers typically works together with software developers, third party dedicators, and Quality Assurance organizations and can perform all required audits, including:
- Critical Grade Dedication Audits
- Commercial Grade Surveys
- Functional audits
- In-process audits
- Physical audits
I hold ASQ Certifications as a Quality Auditor and Software Quality Engineer. Each audit begins with a detailed Audit Plan that identifies what, when, where, and who. The Audit Plan is reviewed and approved prior to the audit. Members of the client's staff are encouraged to participate on the Audit Team.
- An Opening Meeting is held on the first day of the audit to review the audit process and the audit scope with all of the stakeholders and management.
- Daily summary meetings are held to review the day’s findings.
- A Closing Meeting is held on the last day of the audit with stakeholders and management in order to ensure everyone has a clear understanding of the audit findings and observations.
Once the audit is completed, a detailed Audit Report is prepared identifying the regulatory source for each finding. If requested, a detailed "gap analysis" is provided.
The Audit Report is reviewed and discussed with the client to ensure that the report is accurate and that findings are relevant.