- Site: Heysham 2
- IR number: 22-035
- Date: June 2022
- LC numbers: 10, 23, 24, 27, 28
Purpose of Intervention
The purpose of this intervention was to undertake a planned system-based inspection (SBI) of the Data Processing and Control System (DPCS) at EDF Nuclear Generation Limited’s Heysham 2 (HYB) power station in line with the planned inspection programme in the Heysham 2 Integrated Intervention Strategy for 2022/23.
Interventions Carried Out by ONR
The focus of this inspection, which was carried out by two control and instrumentation (C&I) specialist inspectors, a Civil Nuclear Security and Safeguards (CNSS) Cyber Security & Information Assurance (CS&IA) specialist inspector, and the HYB Site Inspector, was the DPCS. Whereas the C&I aspects of the inspection considered arrangements in relation to the DPCS safety case, the concurrent CS&IA inspection considered security arrangements in relation to the DPCS security case.
Although not a safety system, the DPCS is a safety-related system and contributes to safety by providing prompts for operator action and, in conjunction with hard-wired alarms and indications, ensuring that in normal operation the plant remains within the safe operating envelope of the reactor, thus minimising the frequency of demand on the reactor’s hard-wired safety systems.
The objective of the inspection was to examine, on a sample basis, the adequacy of implementation of the safety case against the following licence conditions (LC), which are all applicable provisions of the Energy Act 2013:
- LC 10 (Training)
- LC 23 (Operating Rules)
- LC 24 (Operating Instructions)
- LC 27 (Safety Mechanisms, Devices and Circuits)
- LC 28 (Examination, Inspection, Maintenance and Testing)
- LC 34 (Leakage and escape of radioactive material and radioactive waste), which is usually considered during a SBI, was not considered applicable to this particular intervention.
In addition to inspecting against the above LCs, the physical, administrative procedural and technical security controls of the DPCS were inspected by a specialist security inspector from the ONR CNSS CS&IA division and are included in this intervention record. These security aspects of the inspection were conducted under the requirements of the Nuclear Industries Security Regulations (NISR) 2003.
The intervention was performed in line with ONR’s guidance requirements (as described in our technical inspection guides) in the areas inspected.
Explanation of Judgement if Safety System, including its security, Not Judged to be Adequate
Key Findings, Inspector’s Opinions and Reasons for Judgements Made
Based on the information sampled during the inspection, we concluded the following in relation to each licence condition and cyber security considerations:
- LC 10 (Training) – We sampled the training records for several personnel who carry out operations and maintenance activities on the DPCS, from which we were satisfied that EDF NGL has made and implemented adequate arrangements for suitable training of those on site who have responsibility for operations and maintenance of the DPCS that may affect safety. We were also satisfied that suitable arrangements were in place to support individuals who were still in training for their roles. Although we identified that a Unit Desk Engineer’s authorisation had expired shortly before the inspection, they were promptly reauthorised; an associated INF1 also confirmed that ‘extent of condition’ checks revealed no further anomalies. We have therefore assigned a rating of ‘Green’ (no formal action) for LC10 compliance.
- LC23 (Operating Rules) – We examined the safety case, technical specifications and other supporting documents for the DPCS in order to determine whether suitable limits and conditions were identified. We also sampled surveillance check-sheets associated with our technical specification sample, which confirmed that these captured the surveillance requirements and were being completed appropriately. However, we identified an apparent ‘circular reference’ for the completion time of a required action associated with a condition in a technical specification, which we agreed to include as a further example in a Regulatory Issue arising from a recent LC 23 inspection. Based on the evidence sampled, we were satisfied that EDF NGL has identified suitable limits and conditions in the interests of safety as claimed in the safety case, and that these were clearly set out within technical specifications and being demonstrated through surveillance checks. We have therefore assigned a rating of ‘Green’ (no formal action) for LC23.
- LC24 (Operating Instructions) – We sampled a number of station operating instructions and check-sheets, which we also discussed with operational staff in the Central Control Room during our surveillance check enquiries. Based on the evidence sampled, we were satisfied that required limits and conditions for operations that may affect safety were implemented via clear working instructions. We have therefore assigned a rating of ‘Green’ (no formal action) for LC24.
- LC 27 (Safety Mechanisms, Devices and Circuits) – We carried out a plant walk-down, discussed EDF NGLs arrangements for manging system health, and also sampled records and reviews of system health. Based on the evidence sampled, we were satisfied that suitable and sufficient safety mechanisms, devices and circuits were properly connected and in good working order. We have therefore assigned a rating of ‘Green’ (no formal action) for LC27.
- LC 28 (Examination, Inspection, Maintenance and Testing) – We discussed a number of reactive maintenance interventions with staff responsible for arranging and delivering these maintenance activities. During these enquiries we identified that a potential equipment coding (i.e. data quality) issue was affecting the pick-up of DPCS Condition Reports by the System Health Indicator Programme (SHIP)/ Fleet Asset Information Register (FLAIR) database, for which we raised a Level 4 Regulatory Issue to cover an action for station to address this anomaly. Based on the evidence sampled, we were satisfied that adequate arrangements for examination, inspection, maintenance and testing of plant which may affect safety were implemented and being applied. We have therefore assigned a rating of ‘Green’ (no formal action) for LC28.
- NISR 2003/ Cyber security – Although there were no obvious significant shortfalls with the DPCS, there was some uncertainty over the categorisation of the system which called in to question some of the security control selection and risk acceptance decisions. Some of the risk acceptance decisions were based on the higher category security controls being in place, which they were not. As a result an action was placed on station to establish the category of the DPCS and conduct analysis of the security case against the Security Requirements Specification (SRS) document, for which a Level 4 Regulatory Issue has been raised.
Conclusion of Intervention
Based on the evidence sampled in relation to the above LCs, and also cyber security considerations, we judged that the Heysham 2 DPCS adequately fulfils the requirements of the safety case and the security case, and we did not identify any findings that could significantly undermine nuclear safety.
The intervention findings were shared and accepted by EDF NGL as part of normal inspection feedback.
Based on the evidence sampled, we judged that an overall inspection rating of ‘Green’ was merited.