Your World of Legal Intelligence
 United States | 1-800-335-6202

Generic letters: Storage, preservation, and safekeeping of quality assurance records in electronic media,

As Enacted ( Federal Register) Cited authorities 3 Cited in Related
Vincent

[Federal Register: April 3, 1998 (Volume 63, Number 64)]

[Notices]

[Page 16592-16594]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr03ap98-125]

NUCLEAR REGULATORY COMMISSION

Proposed Generic Communication; Guidance on the Storage, Preservation, and Safekeeping of Quality Assurance Records in Electronic Media (M98441)

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of opportunity for public comment.

SUMMARY: The Nuclear Regulatory Commission (NRC) is proposing to issue a generic letter to all holders of operating licenses for nuclear power plants, including those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel, to provide guidance on an acceptable method, and NRC staff expectations, for storing, preserving, and safekeeping quality assurance (QA) records in electronic media. The generic letter does not provide guidance on submitting electronic records to the NRC. The guidance provided supplements Regulatory Guide (RG) 1.88, Revision 2, and RG 1.28, Revision 3. No specific action or written response is required by the generic letter.

The proposed generic letter has been endorsed by the Committee to Review Generic Requirements (CRGR). Relevant information that was sent to the CRGR will be placed in the NRC Public Document Room.

The NRC is seeking comment from interested parties regarding both the technical and regulatory aspects of the proposed generic letter presented under the Supplementary Information heading. The NRC will consider comments received from interested parties in the final evaluation of the proposed generic letter. The NRC's final evaluation will include a review of the technical position and, as appropriate, an analysis of the value/impact on licensees. Should this generic letter be issued by the NRC, it will become available for public inspection in the NRC Public Document Room.

DATES: Comment period expires June 2, 1998. Comments submitted after this date will be considered if it is practical to do so, but assurance of consideration cannot be given except for comments received on or before this date.

ADDRESSES: Submit written comments to Chief, Rules and Directives Branch, Division of Administrative Services, U.S. Nuclear Regulatory Commission, Mail Stop T6-D59, Washington, DC 20555-0001. Written comments may also be delivered to 11545 Rockville Pike, Rockville, Maryland, between 7:45 am and 4:15 pm, Federal workdays. Copies of written comments received may be examined at the NRC Public Document Room, 2120 L Street, N.W. (Lower Level), Washington, D.C.

FOR FURTHER INFORMATION, CONTACT: Michael T. Bugg, (301) 415-3221.

SUPPLEMENTARY INFORMATION:

NRC Generic Letter XX-XX: Guidance of the Storage, Preservation, and Safekeeping of Quality Assurance Records in Electronic Media

Addressees

All holders of operating licenses for nuclear power plants, including those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel.

Purpose

The U.S. Nuclear Regulatory Commission (NRC) is issuing this supplement to Generic Letter (GL) 88-18 to provide guidance on a methodology for storing, preserving, and safekeeping quality assurance (QA) records in electronic media. This generic letter supplement does not abrogate the guidance in Regulatory Guide (RG) 1.88, Revision 2, and RG 1.28, Revision 3. It also does not provide guidance on submitting electronic records to the NRC.

Background

Criterion VI, ``Document Control,'' and Criterion XVII, ``Quality Assurance Records,'' of Appendix B, ``Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants,'' to Part 50 of Title 10 of the Code of Federal Regulations (10 CFR Part 50), establish requirements for the issuance, identification, and retrievability of QA records.

American National Standards Institute (ANSI) N45.2.9-1974, ``Requirements for Collection, Storage, and Maintenance of Quality Assurance Records for Nuclear Power Plants,'' as endorsed by RG 1.88, ``Collection, Storage, and Maintenance of Nuclear Power Plant Quality Assurance Records,'' Revision 2, and ANSI/American Society of Mechanical Engineers (ASME)-NQA-1, 1983 edition, ``Quality Assurance Program Requirements for Nuclear Facilities,'' as endorsed by RG 1.28, ``Quality Assurance Program Requirements (Design and Construction),'' Revision 3, describe NRC-accepted practices for the collection, storage, and maintenance of nuclear power plant QA records.

[[Page 16593]]

On October 20, 1988, the NRC staff issued GL 88-18, ``Plant Record Storage on Optical Disks,'' to provide guidance on appropriate quality controls for an optical disk document imaging system. GL 88-18 expanded on the guidance provided by RG 1.88 and RG 1.28 to describe an acceptable method for storing QA documents in optical media in accordance with the applicable criteria in Appendix B to 10 CFR Part 50.

Discussion

Although the guidance in GL 88-18, RG 1.88, and RG 1.28 remains relevant and acceptable, licensees and nuclear steam system suppliers have suggested that additional guidance which addresses the acceptability of new information management technologies is needed. NRC regulations already recognize the appropriateness of storing and maintaining licensee records in electronic media. Specifically, paragraph (d)(1) of 10 CFR 50.71, ``Maintenance of Records, Making of Reports,'' states, in part, that records that must be maintained pursuant to 10 CFR Part 50 ``may also be stored in electronic media with the capability of producing legible, accurate, and complete records during the required retention period.'' Therefore, this generic letter supplement provides the additional guidance requested by the nuclear industry for the storage and maintenance of QA records in electronic media. The guidance provided herein only applies to QA records that are subject to the requirements of Appendix B to 10 CFR Part 50, as noted in a licensee's QA program description.

Recognizing that addressees are responsible for ensuring the integrity of QA records, the attachment to this generic letter provides guidance on establishing an electronic recordkeeping system to maintain the integrity, authenticity, and acceptability of QA records during their required retention period in accordance with the requirements of Appendix B to 10 CFR Part 50.

This guidance also pertains to developing methods to authenticate and prevent alteration or falsification of electronic records. While the guidance provided herein constitutes an acceptable method for satisfying the applicable provisions of Appendix B to 10 CFR Part 50 with regards to QA record storage in electronic media, this guidance does not supersede current QA record commitments in the addressees' QA program descriptions. Additionally, this generic letter does not provide guidance on the storage of records in electronic media pursuant to other regulations such as 10 CFR 73.21, ``Requirements for the Protection of Safeguards Information.''

Addressees using electronic media for storing, preserving, and safekeeping QA records should notify the NRC when updating their QA program description in accordance with 10 CFR 50.71(e) or 10 CFR 50.54(a), as appropriate. This submittal should describe the addressee's implementation of the guidance in this generic letter or otherwise describe how the relevant criteria in Appendix B to 10 CFR Part 50 continue to be satisfied if electronic media are used for storing, preserving, and safekeeping QA records.

Related Generic Communication

Generic Letter 88-18, ``Plant Record Storage on Optical Disks,'' dated October 20, 1988.

Attachment 1--Guidance on the Storage, Preservation, and Safekeeping of Quality Assurance Records in Electronic Media

The Electronic Recordkeeping Subcommittee of the Regulations Committee of the Nuclear Information and Records Management Association, Inc. (NIRMA), has prepared a set of guidelines on the collection, storage, and maintenance of electronic quality assurance (QA) records for nuclear power plants. The guidelines included in NIRMA TG15-1993, ``Management of Electronic Records'' (which may be obtained from the Nuclear Information and Records Management Association, Inc., 210 Fifth Avenue, New York, New York 10010), are acceptable to the NRC staff and provide an adequate basis for complying with pertinent QA requirements of Appendix B to 10 CFR Part 50, subject to the following conditions related to the use of electronic signatures for authentication of records.

  1. An electronic signature process should include (a) the printed name of the signer; (b) the date and time the signature is executed; (c) the meaning (such as review, approval, responsibility, or authorship) implied by the signature, which should not be used by, or assigned to, anyone else; (e) the organization responsible for establishing, assigning, certifying, or otherwise sanctioning an individual's electronic signature, or any element of such electronic signatures, which should be formally identified and duly authorized; and (f) electronic signatures linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred so as to falsify electronic records by ordinary means.

  2. Electronic signatures that are not based upon biometrics (biometrics means a method of verifying an individual's identity on the bases of measurement of the individual's physical feature(s) or repeatable action(s) when those features and/or actions are both unique to that individual and measurable) should (a) employ at least two distinct identification components, such as an identification code and a password; (b) be used only by their genuine owners; and (c) be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals. Electronic signatures based upon biometrics should be designed to ensure that they cannot be used by anyone other than their genuine owner.

  3. Persons who use electronic signatures that are based upon use of identification codes in combination with passwords should employ controls to ensure their security and integrity. Such controls should include:

    1. Ensuring that identification code and password issuance are periodically checked, recalled, or revised (e.g., to cover such events as password expiration as a result of employee departures).

    2. The ability to electronically deactivate lost, stolen, missing, or otherwise potentially compromised tokens, cards, or other devices that bear or generate identification code or password information and to issue temporary or permanent replacements.

    3. Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes and to immediately detect and report any unauthorized use to the system security unit and, as appropriate, to organizational management.

    4. Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information, to ensure that they function properly and have not been altered in an unauthorized manner.

    Attachment 2--References

  4. Appendix B, ``Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants`` to Part 50 of Title 10 of the Code of Federal Regulations (10 CFR).

  5. Title 10 of the Code of Federal Regulations (10 CFR), Section 50.71, ``Maintenance of Records, Making of Reports.''

  6. Regulatory Guide 1.28, ``Quality Assurance Program Requirements (Design and Construction), ``Revision 3.

    [[Page 16594]]

  7. Regulatory Guide 1.88, ``Collection, Storage, and Maintenance of Nuclear Power Plant Quality Assurance Records,'' Revision 2.

  8. Generic Letter 88-18, ``Plant Record Storage on Optical Disks,'' October 20, 1988.

  9. American National Standards Institute (ANSI) N45.2.9-1974, ``Requirements for Collection, Storage, and Maintenance of Quality Assurance Records for Nuclear Power Plants.''

  10. American National Standards Institute/American Society of Mechanical Engineers (ANSI/ASME)-NQA-1, 1983 edition, ``Quality Assurance Program Requirements for Nuclear Facilities.''

  11. Title 21, Chapter I, ``Food and Drugs,'' of the Code of Federal Regulations (21 CFR), Part 11, ``Electronic Records; Electronic Signatures, Department of Health and Human Services, Food and Drug Administration.''

  12. Nuclear Information and Records Management Association, Inc., (NIRMA) TG15-1993, ``Management of Electronic Records.''

    Dated at Rockville, Maryland, this 26th day of March 1998.

    For the Nuclear Regulatory Commission. Jack W. Roe, Acting Director, Division of Reactor Program Management, Office of Nuclear Reactor Regulation.

    [FR Doc. 98-8771Filed4-2-98; 8:45 am]

    BILLING CODE 7590-01-M

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT