Experience from Quality Assurance in Nuclear Power Plant Protection System Software Validation

Validation of a digital computer program to be used in a nuclear power plant protection system must meet quality assurance requirements. Digital systems have not traditionally been used on nuclear reactor protection systems. Licensing of digital system software requires providing assurance that the software performs its intended function. To provide added assurance, the Babcock and Wilcox Company performed software validation on the digital program intended for use on a protection system. Software validation of the Reactor Protection System-II digital program presented a multi-faceted challenge. Quality assurance requirements were imposed on the project. Certain validation ground rules were specified. No known methods existed for proving program correctness for nontrivial software. No precedence had been set to estimate the quality or quantity of testing required as a method of validation. Project schedule constraints were imposed. The need for more documentation than normally furnished was recognized, but how much and what kind was not clear. This paper relates how this challenge was met through a discussion of how the project was performed and the lessons learned through those experiences. A test method was devised within validation ground rules and project schedule constraints to validate that software performed the specified functions. Orderly methods of testing and evaluating were implemented and documented in compliance with a plan to provide auditable, traceable evidence of the validation effort and the digital component program performance.