[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IN 98-30 on the Year 2000 computer problem



NRC Information Notice 98-30 on the Year
2000 computer problem was issued August 12,
1998 to material and fuel cycle licensees
and certificate holders.  A text copy of
the document is attached. For additional
information, see the NRC Y2K Web Page at: 
www.nrc.gov/NRC/NEWS/year2000.html 

-------------------------     

UNITED STATES
  NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR MATERIAL SAFETY
  AND SAFEGUARDS
WASHINGTON, D.C.  20555

August 12, 1998

NRC INFORMATION NOTICE 98-30:  EFFECT OF
THE YEAR 2000 COMPUTER PROBLEM ON NRC
LICENSEES AND CERTIFICATE  HOLDERS

Addressees:

All material and fuel cycle licensees and
certificate holders.

Purpose:

The  U.S. Nuclear Regulatory Commission
(NRC) is issuing this information notice to
remind all addressees of the potential
problems their computer systems and
software may encounter as a result of the
change to the year 2000.  It is expected
that recipients will review this
information for applicability to their
facilities and consider actions, as
appropriate, to avoid potential problems. 
However, suggestions contained in this
information notice are not NRC
requirements; therefore, no specific action
nor written response is required.

Description of Circumstances:

The Year 2000 (Y2K) problem pertains to the
potential inability of computers to
correctly recognize dates beyond December
31,1999.  This problem results from
computer hardware and/or software that uses
two-digit fields to represent the year. 
These systems may misread the year 2000 and
cause the systems to fail, generate faulty
data, or act in an incorrect manner.  The
Y2K problem has the potential to interfere
with the proper operation of any computer
system, hardware that is microprocessor-
based (embedded software), software, or
database.  

As discussed in this Information Notice,
"Y2K Ready" is defined as a computer system
or application that has been determined to
be suitable for continued use into the year
2000, even though the computer system or
application is not Y2K Compliant.  A Y2K
Readiness Program is a plan for a facility
to become Y2K Ready.  "Y2K Compliant" is
defined as a computer system or application
that accurately processes date/time data
(including, but not limited to,
calculating, comparing, and sequencing)
from, into, and between the years 1999 and
2000, and beyond, including leap-year
calculations.

The Y2K problem is urgent because it has a
fixed, non-negotiable deadline that is
quickly approaching.  This matter requires
priority attention because of the limited
time remaining to assess the magnitude of
the problem, assess its associated risks,
and implement programs that will achieve a
satisfactory resolution of the Y2K problem.

Existing reporting requirements under 10
CFR Part 21 provide for notification to NRC
of deficiencies, non-conformances, and
failures, such as the Y2K problem in
safety-related systems.

Examples of systems that may be affected by
the Y2K problem include:

 * Treatment planning systems
 * Dose calibrators
 * Embedded systems
 * Decay programs
 * Physical Protection
 * Analytical systems that rely on
     microprocessors and software controls
 * Interlocks
 * Material Control and Accounting
 * Emergency response systems
 * Radiation monitoring systems
 * Dosimeters, dosimetry programs, 
     and readers
 * Communication systems
 * Surveillance and 
     maintenance tracking systems

To alert  licensees and certificate holders
to the Y2K problem, NRC issued Information
Notice (IN) 96-70, "Year 2000 Effect on
Computer System Software," on December 24,
1996, and IN 97-61, "U.S. Department of
Health and Human Services Letter, to
Medical Device Manufacturers, on the Year
2000 Problem," on August 6, 1997.  In IN
96-70, the staff described the potential
problems that computer systems and software
may encounter as a result of the change
from the year 1999 to the year 2000 and how
the Y2K issue may affect NRC licensees and
certificate holders.  IN 96-70 encouraged
licensees and certificate holders to
examine their uses of computer systems and
software well before the year 2000 and
suggested that they consider appropriate
actions to examine and evaluate their
computer systems for Y2K vulnerabilities. 
In IN 97-61, the staff forwarded to
licensees a letter from the U.S. Department
of Health and Human Services, Food and Drug
Administration (FDA), to medical device
manufacturers, regarding the Y2K problem. 
In a letter dated June 25, 1997, the FDA
reminded medical device manufacturers that
some computer systems and software
applications currently used in medical
devices, including embedded
microprocessors, may experience problems as
a result of the turn to the new century. 
In addition, the letter indicated that
computer-controlled design, production, or
quality control processes could be
adversely affected.

As part of NRC's response to the Y2K
problem, NRC assembled a Y2K team to gather
more information on the Y2K programs of
materials and fuel cycle licensees and
certificate holders.  In addition,
materials and fuel cycle inspectors have
been instructed to confirm receipt of NRC's
INs 96-70 and 97-61, by materials and fuel
cycle licensees and certificate holders;
determine whether the licensees and
certificate holders have identified any
potential problems associated with the Y2K
issue; and note any corrective actions
taken by the licensees and certificate
holders.

Discussion:

There are several concerns associated with
the potential impact of the Y2K problem
because of the variety and types of
computer systems and software in use.  For
example, the role and use of computers and
embedded systems in: (1) treatment planning
systems; (2) dose calibrators; (3)
programmable logic controllers and other
commercial off-the-shelf software and
hardware; (4) document control systems; (5)
process control systems; (6) engineering
calculations; and (7) systems for the
collection of operating and post-accident
site parameter data.  Licensees should
develop contingency plans for systems that
are not Y2K Ready.

Some treatment planning systems and dose
calibrators have been found not to be Y2K
Compliant by the manufacturer.  Addressees
should contact their treatment planning
system and dose calibrator venders to
determine if their systems are Y2K Ready. 
Further, addressees should verify that
their treatment planning systems and dose
calibrators are Y2K Ready.

Some systems that have been determined to
be Y2K Compliant by the manufacturer have
been found not to be Y2K Compliant by the
end user.  Conversely, some systems that
have been determined not to be Y2K
Compliant by the manufacturer have been
found to be Y2K Ready by the end user. 
Further, devices that are the same model
may have microprocessors from different
manufacturers which may cause the devices
to behave differently in the year 2000. 
Addressees should not rely completely on
manufacturers certification.  Y2K Readiness
is also dependent on the manner in which
the system is used.  Again, addressees
should verify that all of their systems are
Y2K Ready. 

Applications that have no apparent date
manipulation algorithms may still be
affected by a Y2K problem.  For example, a
subroutine that date-stamps the header
information in archival tapes, regardless
of the rest of the content of the tape, may
be affected.  In addition, individual 
systems may be "date-safe," but the
integrated operations that the systems
support may be vulnerable to the Y2K
problem.  Therefore, after testing a
subsystem for Y2K compliance, a functional
test of the entire system should be
performed.

The following elements can be used to aid
in the development of a successful Y2K
Readiness Program: (1) management planning;
(2) implementation; (3) quality assurance
(QA); (4) regulatory considerations; and
(5) documentation.  The components for
planning include management awareness,
sponsorship, project leadership, project
objectives, project management team,
management plan, project reports,
interfaces, resources, and oversight.  The
phases of implementation include:
awareness; initial assessment (e.g.,
inventory, categorization, classification,
prioritization, and analysis); detailed
assessment (e.g., vendor evaluation,
software evaluation, interface evaluation,
remedial planning); remediation; testing
and validation; and notification.  The
features of QA include project management
QA as well as implementation QA.  The
aspects of regulatory considerations
include the performance and documentation
of appropriate reviews and/or evaluations. 
The elements of documentation of activities
and results include project management
documentation, vendor certifications,
inventory lists, checklists, and record
retention. 

There are three reference documents that
may help licensees and certificate holders
with their Y2K Readiness Programs.  The
General Accounting Office published "Year
2000 Computing Crisis: An Assessment
Guide," in September 1997 and "Year 2000
Computing Crisis: Business Continuity and
Contingency Planning. Exposure Draft," in
March 1998
<http://www.gao.gov/special.pubs/publist.ht
m> as general business tools; and the
Nuclear Energy Institute published
NEI/NUSMG 97-07, "Nuclear Utility Year 2000
Readiness," in October 1997
<http://www.nrc.gov/NRC/Y2K/NRCNEI/NEI9707.
html> to assist nuclear power plants in the
development of their Y2K Readiness
Programs.  Even though the latter applies
to commercial nuclear power plants, the
general discussion of the elements in Y2K
Readiness Programs could be beneficial to
other business entities.

NRC has certified that its Nuclear Material
Management Safeguards System (NMMSS) is Y2K
Compliant.  For NRC licensees and
certificate holders required to report
nuclear material transactions to NMMSS,
from May 1, 1998, through mid-1999, NMMSS
will operate in a manner that allows all
nuclear material transaction reports to
NMMSS to be either in the current two-digit
year reporting format or in the Y2K
Compliant four-digit year format.  After
mid-1999, only the Y2K Compliant format
will be acceptable.  Licensees and
certificate holders that use their own
software to input data into NMMSS will have
to modify it themselves, to be Y2K
Compliant.

The U.S. Food and Drug Association has
established a web site
<http://www.fda.gov/cdrh/yr2000>  to
provide information regarding the status or
impact on product performance of the "Year
2000 Date Problem" for medical devices and
scientific laboratory equipment (biomedical
equipment). The information provided, or
the linked sites maintained by
manufacturers, have been provided by the
manufacturers of the products in response
to the January 21, 1998, request from the
Deputy Secretary of the Department of
Health and Human Services. 

Many manufacturers have web sites that
contain Y2K information regarding their
products.  This information may include
information on products that are not Y2K
Compliant and the availability of product
updates.  Attachment 1 contains a list of
websites that may be useful in addressing
the Y2K problem.

This information notice requires no
specific action or written response.  If
you have any questions about the
information in this notice, please contact
the technical contact listed below or the
appropriate regional office.


  Frederick C. Combs, Acting Director
  Division of Industrial and Medical 
    Nuclear Safety
  Office of Nuclear Material Safety
    and Safeguards


Contact:  Gary Purdy, NMSS
  (301) 415-7897
  E-mail:  gwp1@nrc.gov

************************************************************************
The RADSAFE Frequently Asked Questions list, archives and subscription
information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html