On September 10, 2003 at 1458 CDT with both units operating at 100% power, an outage worker was granted unescorted access. At 1502 the worker entered the Prairie Island protected area in an unescorted status. At 1730 information in the worker's access authorization file was discovered that warranted denial of unescorted access. At 1743 the worker was removed from the protected area.
The individual made no keycard entries into vital or security-controlled areas. |
EVENT DESCRIPTION
Between August 18, 2003, and September 8, 2003, Nuclear Management Company, LLC, (NMC) Security initiated unescorted access authorization (UAA) processing on an applicant that Prairie Island had requested in support of the Fall 2003 outage. Initial UAA processing was initiated in accordance with NMC Access Authorization Program. Elements of initial UAA include:
? 3-year employment check ? 5-year education verification ? Credit check ? Criminal history check ? Psychological assessment ? Reference checks Except for the psychological assessment, all UAA elements for the applicant had been completed as of September 8, 2003.
On September 9, 2003, at 0943 CDT, NMC received fax results of the psychological assessment on the applicant, which completed initial access authorization elements for the applicant. Results of the psychological assessment recommended against the granting of UAA. At 1830 CDT the same day, the NMC Site Access Specialist (SAS) for Prairie Island misread the letter from the psychological services provider and incorrectly entered the information into the plant inprocessing system — indicating the individual successfully completed the assessment.
On September 10, 2003, at 0559 CDT, the SAS ran an audit checklist for the applicant indicating the applicable elements for UAA were complete. Because the results of the psychological assessment were incorrectly entered, the audit report indicated the applicant met applicable UAA requirements. At 1458 CDT the same day, the Prairie Island Site Access Coordinator (SAC) granted unescorted access in the security computer activating the applicant's badge for protected area access. At 1502 CDT, the applicant entered the Prairie Island protected area in an unescorted status. At 1730 CDT, the SAS identified the error in reading and entering the information into the plant inprocessing system. At 1743 CDT, the applicant was removed from the protected area. The individual made no keycard entries into vital or security-controlled areas.
CAUSE OF THE EVENT
An apparent cause evaluation conducted by the NMC Access Manager attributed this event to two causes:
1. The SAS did not demonstrate the appropriate attention to detail to correctly interpret the information received from the psychological services provider.
2. Similarity in the format of favorable/unfavorable communications from the psychological services provider. At the time of the event, the letters for screen-in versus screen-out were similarly formatted, with header, applicant identifying information, and lead-in paragraph exactly alike. The type in the letter indicating screen-out is similar to the font in the screen-in letter, but the language is distinct and does clearly state the individual is not recommended for UAA.
ANALYSIS OF THE EVENT
This event resulted in an actual entry of an unauthorized person into a protected area and, thus, is reportable per 10CFR 73, Appendix G, Section I.(b).
Impact on Safety System Functional Failure Performance Indicator This event is not equipment related and thus has no impact on the Safety System Functional Failure Performance Indicator.
CORRECTIVE ACTIONS
Immediate 1. The worker who was inappropriately granted unescorted access to the protected area was removed from the protected area.
2. An unfavorable termination was entered in the inprocessing system indicating denied access status. The inprocessing system automatically transfers the same information to the Personnel Access Data System (PADS) utilized by the nuclear industry to share access authorization status. The denied individual did not have access at any other nuclear sites at the time of denial at Prairie Island.
. # 0 1.,.),7;o 7 „ c .
' Subsequent , , 3. The NMC Access Manager immediately directed peer reviews for all initial and update screening to minimize risk of error recurrence. Audit checklists for initial and update UM have been revised to, require documented peer review prior to granting UAA.
4. NMC Séburity worked with the psychological services provider to revise the method for ?- reporting ps chological reconimendations against UAA to more clearly distinguish such i letters frdm osé recommending UM. The formats for the letters are now significantly more distinct. , , l t 5. A Plant Personnel Tracking Report was generate-CI froth theisecurity computer to verify the individual had not entered any security-Controlled areas..,Follow-up interviews with the individual's supervisor and a co-worker confirmed the individual did not perform any acts adverse to plant safety or security.
Lonq Term . (., ' 6. The fleet Adcess Authorization Program procedure will be revised to reflect to enhanced peer check as a required action fleet-wide. , .
, t / . .
FAILED COMPONENT. IDENTIFICATION . .
None.
PREVIOUS SIMILAR EVENTS .
None.
) , , ,
|
|---|
|
|
| | | Reporting criterion |
|---|
| 05000397/LER-2003-010 | | | | 05000528/LER-2003-001 | Pressurizer Safety Valve As-Found Lift Pressure Outside of Technical Specification Limits | 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000277/LER-2003-001 | | | | 05000282/LER-2003-001 | | | | 05000301/LER-2003-001 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000261/LER-2003-001 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000251/LER-2003-001 | Channel Failure of Qualified Safety Parameter Display System | | | 05000316/LER-2003-001 | Unit 2 Shutdown In Accordance With Technical Specification 3.8.1.1, A.C. Sources, Action b | 10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown | | 05000324/LER-2003-001 | Main Steam Line Drain Isolation Valve Local Leak Rate Test Failures | 10 CFR 50.73(a)(2)(v)(C), Loss of Safety Function - Release of Radioactive Material
10 CFR 50.73(a)(2)(ii)(A), Seriously Degraded | | 05000352/LER-2003-001 | | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000353/LER-2003-001 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000397/LER-2003-001 | | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition | | 05000364/LER-2003-001 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000529/LER-2003-001 | Reactor Trip with Loss of Forced Circulation Due to Failed Pressurizer Main Spray Valve | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(v), Loss of Safety Function | | 05000278/LER-2003-001 | | | | 05000305/LER-2003-001 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000331/LER-2003-001 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition | | 05000313/LER-2003-001 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000352/LER-2003-002 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000301/LER-2003-002 | | 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown | | 05000305/LER-2003-002 | | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition | | 05000316/LER-2003-002 | Supplemental LER for Unit 2 Reactor Trip due to Instrument Rack 24 Volt Power Supply Failure | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(iv), System Actuation | | 05000458/LER-2003-002 | | 10 CFR 50.73(a)(2)(v)(c) | | 05000348/LER-2003-002 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000341/LER-2003-002 | Automatic Reactor Shutdown Due to Electric Grid Disturbance and Loss of Offsite Power | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000261/LER-2003-002 | | | | 05000285/LER-2003-002 | 4 | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000397/LER-2003-002 | | | | 05000499/LER-2003-002 | Safety Injection Actuation | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000440/LER-2003-002 | Reactor Scram as a Result of a Loss of Off-site Power | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(v)(D), Loss of Safety Function - Mitigate the Consequences of an Accident
10 CFR 50.73(a)(2)(vii), Common Cause Inoperability
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications
10 CFR 50.73(a)(2)(iii) | | 05000400/LER-2003-002 | 1 O OF 3 3 | | | 05000266/LER-2003-002 | | 10 CFR 50.73(a)(2)(iv), System Actuation | | 05000250/LER-2003-003 | Unescorted Access Inappropriately Approved Due to Falsified Pre-Access Information | | | 05000261/LER-2003-003 | | 10 CFR 50.73(a)(2)(v)(A), Loss of Safety Function - Shutdown the Reactor | | 05000219/LER-2003-003 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000247/LER-2003-003 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000530/LER-2003-003 | | 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000331/LER-2003-003 | | | | 05000529/LER-2003-003 | SOURCE RANGE MONITOR INOPERABLE DURING CORE RELOAD | 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000440/LER-2003-003 | Unrecognized Diesel Generator Inoperability During Mode Changes | | | 05000348/LER-2003-003 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000482/LER-2003-003 | REACTOR PROTECTION SYSTEM ACTUATION AND REACTOR TRIP DUE TO FEEDWATER ISOLATION VALVE CLOSURE | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(iv), System Actuation | | 05000301/LER-2003-003 | | | | 05000302/LER-2003-003 | Reactor Coolant System Pressure Boundary Leakage Limit Exceeded Due To Pressurizer Instrument Tap Nozzle Cracks | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications
10 CFR 50.73(a)(2)(ii)(A), Seriously Degraded | | 05000382/LER-2003-003 | RCS Pressure Boundary Leakage Due to Primary Water Stress Corrosion Cracking (PWSCC) | 10 CFR 50.73(a)(2)(ii)(A), Seriously Degraded | | 05000397/LER-2003-003 | | 10 CFR 50.73(a)(2)(v)(B), Loss of Safety Function - Remove Residual Heat
10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(iv), System Actuation | | 05000458/LER-2003-003 | | 10 CFR 50.73(a)(2)(v)(c) | | 05000454/LER-2003-003 | Licensed Maximum Power Level Exceeded Due to Inaccuracies in Feedwater Ultrasonic Flow Measurements | | | 05000282/LER-2003-003 | | | | 05000346/LER-2003-014 | Steam Feedwater Rupture Controls System Re-Energizes in a Blocked Condition | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition
10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications |
|