Why the Software QA Order and Guide Were Developed
The use of digital computers and programmable electronic logic systems is widespread and growing in safety applications at nuclear facilities across the Department of Energy's (DOE) complex. Commercial industries have increased attention to quality assurance of safety software to ensure that safety systems and structures are properly designed and operate correctly. The DOE experience with safety software has led to increased attention to the safety-related decision making process, the quality of the software used to design or develop safety-related controls, and the proficiency of personnel using the safety software.
DOE has recognized the need to establish rigorous and effective requirements for the application of quality assurance programs to safety software. The Defense Nuclear Facility Safety Board (DNFSB) took an initial look at quality assurance at DOE facilities. In January 2000, it issued DNFSB Technical Report 25, Quality Assurance for Safety-Related Software at Department of Energy Defense Nuclear Facilities.
Three public meetings were conducted on the subject of quality assurance—including Software QA. Subsequently, DOE developed a Quality Assurance Improvement Plan that would have addressed some of the issues identified by the Board. However, DOE agreed with the DNFSB’s observation that this effort had not produced substantial results.
In response, the DNFSB issued Recommendation 2002-1 on September 23, 2002. Recommendation 2002-1 notes that "the robustness and reliability of many structures, systems, and components throughout DOE’s defense nuclear complex depend on the quality of the software used to analyze and guide these decisions, the quality of the software used to design or develop controls, and proficiency in use of the software. In addition, software that performs safety-related functions in distributed control systems, supervisory control and data acquisition systems, and programmable logic controllers require the same high quality needed to provide adequate protection for the public, the workers, and the environment. Other types of software, such as databases used in safety management activities, can also serve important safety functions and deserve a degree of quality assurance commensurate with their contribution to safety.
The Board recommended that DOE define specific responsibilities and authorities for safety SQA, and to assign those responsibilities and authorities to individuals with the necessary technical expertise. The Board also recommended that:
- design and analysis software be identified and controlled
- the Department establish specific directives in the area of SQA
- a continuous improvement process be implemented to maintain and upgrade software as necessary.”
DOE conducted a review of the findings presented in Recommendation 2002-1 and performed its own evaluation of "the impact of potential safety software problems on safety systems that protect the public, workers, and the environment." DOE agreed with the DNFSB’s findings that "potential weaknesses in this type of software could negatively impact these safety systems."
DOE then developed an Implementation Plan (released in March 2003) that spelled out 26 commitments including the:
- Development of clear assignments for organizational roles, responsibilities, and authorities for safety software.
- Establishment of the infrastructure necessary to ensure an effective software quality assurance program, including personnel with the appropriate skill and expertise.
- Implementation of processes to identify safety analysis and design codes and ensure that they are subject to verification and validation appropriate for the application.
- Establishment of requirements and guidance for a rigorous software quality assurance process, which will include the use of industry or Federal agency standards where practical.
- A process that will track continuous improvements and initiatives in software technology. This information will be used as a basis for maintaining safety software and will be shared across the complex.
One of the outcomes of the Implementation Plan was the development and issuance of DOE O 414.1C and DOE G 414.1-4.
Another outcome was the establishment of the DOE/EH Central Registry for Toolbox Codes.
A progress report on the work being done to improve accident analysis software in response to the Recommendation 2002-1 was presented at the 2005 Safety Analysis Working Group workshop held in Santa Fe, New Mexico.