Insp Repts 50-498/99-12 & 50-199/99-12 on 990816-19.Three Violations Noted & Being Treated as Ncvs.Major Areas Inspected:Access Authorization,Assessment Aids,Security Event Logs & Security Program Audits

ML20212A730
Person / Time
Site:	South Texas, 05000199
Issue date:	09/14/1999
From:	NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION IV)
To:
Shared Package
ML20212A717	List: IR 05000199/1999012 IR 05000498/1999012
References
50-498-99-12, 50-499-99-12, NUDOCS 9909170120
Download: ML20212A730 (20)
v • d • e

Text

o

.

'

ENCLOSURE l

U.S. NUCLEAR REGULATORY COMMISSION

REGION IV

l Docket Nos.: 50-498 l 50-499 License Nos.: NPF-76 l NPF-80 Report No.: 50-498/99-12 50-499/99-12 Licensee: STP Nuclear Operating Company Facility: South Texas Project Electric Generating Station, Units 1 and 2 Location: FM 521 - 8 miles west of Wadsworth Wadsworth, Texas Dates: August 16-19,1999 Inspector (s): D. Schaefer, Secunty Specialist, Plant Support Branch Approved By: Gail M. Good, Chief, Plant Support Branch Division of Reactor Safety Attachment: SupplementalInformation l

,

!

l l

l 9909170120 990914 PDR ADOCK 05000498 O PDR

J

.

,

.

-2-EXECUTIVE SUMMARY South Texas Project Electric Generating Station, Units 1 and 2 NRC Inspection Report No. 50-498/99-12; 50-499/99-12 This was an announced inspection of the licensee's access authorization and physical security programs. The areas inspected included: access authorization, assessment aids, security event logs, and security program audit Plant Sucoort

• A violation was identified for failure to review and consider all background investigation information prior to granting unescorted plant access, as required by Paragraph 4.1.2 of the physical security plan and Paragraph 4.1 of Licensee Procedure OHRP01-ZA-0001, Revision 3. On three occasions, the licensee improperly granted unescorted access to an individual who would nqt have been granted unescorted access if a complete review had been conducted. On two additional occasions, the licensee's reevaluation resulted in continuation of individuals' unescorted access. This Severity Level IV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy. This violation is in the licensee's corrective action program as Condition Reports 99-8275,99-6371, and 99-7237 (Section S1.1).

• Assessment aids provided effective assessment of the perimeter detection zones. The video capture system provided enhanced ability to determine the cause of perimeter security alarms (Section S2.1).

• The event logs and supporting incident reports were accurate and neat, and the security staff was correctly reporting security events (Section S3.1).

• A violation was identified for failure to maintain positive control of a vital area key, as required by Station Procedure OPGP03-ZS-0005. This Severity Level IV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy. This violation is in the licensee's corrective action program as Condition Report 99-8375 (Section S3.1).

• A violation was identified for failure to properly revitalize Unit-1 standby diesel generator No.11, as required by the security plan. This Severity Level IV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Polic This violation is in the licensee's corrective action program as Condition Report 99 9227 (Section S3.1).

• The audits of the security program, the access authorization program, and the fitness-for-duty program were effective, thorough, and intrusive. The audits were conducted at the required intervals and were performance based (Section S7.1).

,

-3- )

I Report Details IV. Plant Support S1 Conduct of Security and Safeguards Activities l

S1.1 Access Authorization Insoection Scope (81700 and 92700)

The Access Authorization Program was inspected to determine compliance with the requirements of 10 CFR 73.56, the security plan, and Regulatory Guide 5.66. The areas inspected included a review of Licensee Event Report 50-498/499-S01-00 regarding the improper granting of unescorted access authorization to a contract employee. Additionally, the areas inspected included a review of background investigation files for individuals presently granted unescorted access. The inspector reviewed records and conducted interviews to determine the adequacy of the progra The inspector also reviewed information concerning the licensee's verification of identity, employment history, educational history, credit history, criminal history, military service, and the character and reputation of the applicants before granting individuals unescorted access to protected and vital areas. Eight background investigation files were reviewe Observations and Findinas Background investigation screening files were generally complete and thorough, except as discussed below. The licensee had accepted the access authorization program of four (self-screening) contractors. The licensee stated that each of these self-screening contractors had been audited within the previous 12 month CFR 73.56(b)(1) stated, in part, that the licensee shall establish and maintain an j access authorization program granting unescorted access to protected and vital areas ;

with the objective of providing high assurance that individuals granted unescorted I access are trustworthy and reliable.10 CFR 73.56(a)(1) required the licensee to 4 incorporate the access authorization program into the site physical security plan and implement i Paragraph 4.1.2 of the licensee's physical security plan, Revision 12A, committed to implementing all elements of Regulatory Guide 5.66, " Access Authorization Program for Nuclear Power Plants," in its entiret Paragraph 7.1 of the Appendix to Regulatory Guide 5.66 (NUMARC 89-01) stated,in part, that in its decision to grant unescorted access, the utility shall consider (all)

information obtained during the background investigation. Paragraph 7.1 also stated,

"In making a determination of trustworthiness and reliability, the following must be considered: . . . b. lllegal use or possession of a controlled substance . . . ."

i

>

-

-4-Paragraph 4.1 of South Texas Project Electric Generating Station (STPEGS)

Procedure, OHRP01-ZA-0001, " Unescorted Access Evaluation Process," Revision 3, dated December 19,1996, required, in part, that a determination to grant or deny unescorted access is based upon a review of (all) information submitted by an individual. Additionally, derogatory information discovered during conduct of a background investigation is submitted to the Access Program Director for a determination to grant or deny unescorted access. Addendum 1 to this procedure identified " Illegal use or possession of a controlled substance . . . without adequate evidence of rehabilitation" as evidenced by "Any single criminal conviction for sale . . or possession of a controlled substance," as criteria for denying unescorted site acces (1) Failure to Review and Consider Deroaaterv information Prior to Grantina Unescorted Access (Licensee Event Report 99-S01-00)

In June 28,1999, the licensee submitwd Licensee Event Report 50-498/499-S01-00. This report stated that on three separate occasions (January 13, and August 14,1997, and March 22,1999) the licensee granted a contract employee unescorted access to the plant without evaluating available criminal information. The licensee stated that in each of the three instances, if the available derogatory information had been evaluated, the contract employee would not have been granted unescorted access to the plant. The licensee identified this event following its third improper granting of unescorted access to

]

the contract employe )

January 1997 Event

1

• The licensee reported that on January 13,1997, a contract employee !

was processed for unescorted access in support of Plant Outage 2RE0 l The employee completed his personnel history statement and disclosed an arrest in July 1988 for " Felony possession of meth(amphetamine)," a controlled substance. The employee also indicated that his arrest had been resolved through " Deferred adjudication." Fingerprints were obtained from the employee and submitted to the Federal Bureau of i investigation (FBI).

• On January 13,1997, a licensee access coordinator processed the individual and inappropriately determined that the July 1988 felony disclosure did not meet access denial criteria. A second access coordinator concurred with this determination. The access coordinators did not complete the Evaluation of Access Suitability / Unsuitability Form, and the derogatory criminal history information was not evaluated by the Access Program Director. The licensee stated that if the information regarding the July 1988 arrest for felony possession of a controlled substance had been evaluated, the contract employee would ngt have been granted unescorted plant acces * On January 29,1997, the employee was authorized temporary unescorted access to the plant. On February 28,1997, upon completion of assigned work, the employee's unescorted access was revoked under

<-

..

-5-favorable conditions. During this time, the contract employee was authorized unescorted access to the following vital areas at Units I and 2:

Essential Cooling Water intake Structure and Mechanical Electrical Auxiliary Buildin * On March 25,1997, the licensee received the FBI fingerprint report. This report confirmed that the GO;mer) contract employee had been arrested and convicted in 1988 for possession and sale of a controlled substance; the employee's sentence included 4 days in jail and 36-months probatio The FBI fingerprint report did not support the employee's claims that he had been convicted only of drug " possession," and that this matter had been resolved through " deferred adjudication."

• On May 27,1997, the licensee's access coordinator reviewed the FBI fingerprint report, and again inappropriately determined that this information did not meet tecess denial criteria. The access coordinator did not complete the Evaluation of Access Suitability / Unsuitability Form, and the derogatory criminai history information was not evaluated by the Access Program Directo * On June 5,1997, the licensee's access coordinator updated the employees " temporary" unescorted access to " full" unescorted access status, and again inappropriately determined that the above criminal history did not meet access denial criteria. Specifically, the access coordinator wrote in the file, " Applicant disclosed criminal history )

information and does not meet denial criteria."

Auaust 1997 Event

• On August 13,1997, the contract employee was again processed for unescorted access in support of Plant Outage 1RE07. The employee updated his personnel history statement. The employee listed that "yes" he had been previously arrested and that the information regarding the arrests was "on record" with the licensee. The licensee reviewed his background investigation file to determine if access evaluations were required and/or pending from previous access periods. Based on the file not containing any evaluation of derogatory information, the individual was again authorized unescorted plant access. The licensee again stated that if the information regarding the July 1988 arrest for felony possession of a controlled substance had been evaluated, the contract employee would not have been granted unescorted plant acces * On August 14,1997, the contract employee was authorized unescorted access to the plant. On August 28,1997, upon completion of assigned work, the employee's unescorted access was revoked under favorable l conditions. During this time, the contract employee was authorized I unescorted access to the protected area. No vital area access was authorize .

6-March 1999 Event

• On March 18,1999, the contract employee was again processed for unescorted access in support of Plant Outage 1RE08. The process included obtaining an updated criminal history check. The employee completed (updated) his personnel history statement, and fingerprints were again obtained and submitted to the FBI. The licensee reviewed his background investigation file to determine if access evaluations were required and/or pending from previous access periods. The licensee stated that if the information regarding the July 1988 arrest for felony possession of a controlled substance had been evaluated, the contract employee would agt have been granted unescorted plant acces * On March 22,1999, the contract employee was authorized unescorted access to the plant. On April 22,1999, upon completion of assigned work, the employee's unescorted access was revoked under favorable conditions. During this time, the contract employee was authorized unescorted access to the protected area. No vital area access was authorize * On May 24,1999, the licensee received the (second) FBI fingerprint report. On May 27,1999, an access coordinator reviewed the report and determined that the results could potentially meet denial criteria. The access coordinator determined that the results of the (second) criminal history check were the same as those received on March 25,1997, and that the required evaluation of the results of the employee's criminal history check had not been performe * On June 17,1999, based upon a review of the FBI criminal history reports, the licensee denied the (former) contract employee unescorted access to the plan Licensee's investiaation The licensee's investigation determined that the root cause of this event was failure of its access coordinator to comply with Procedure OHRP01-ZA-000 Specifically, the Access Coordinator failed to:

• Adequately evaluate on January 13,1997, derogatory (criminal history)

Information provided by the contract employee on the personal history statement and to provide this evaluation to the access program directo * Perform an evaluation in March 1997 of derogatory information included in the employee's FBI fingerprint report and submit this information to the access program directo _

.

I I'

s7 The licensee's investigation also determined that the following factors contributed to this event:

• The access authorization process did not require a second independent review of FBI criminal history informatio * During conduct of the background investigation in January 1997, the ,

second access coordinator performed an inadequate independent review of the employees' background investigation fil Licensee's Corrective Actions The licensee reported that the following completed corrective actions: ;

• On May 24,1999, the licensee verified that the contract employee did not have current unescorted access at the plant. Additionally, through a review of the Personnel Access Data System (PADS) the licensee also verified that the employee did not have current access at another nuclear plan ,

• On June 17,1999, upon review of derogatory information, the licensee denied the (former) employee unescorted access to the plant. This information was appropriately annotated in the PAD * The licensee had initiated the process of a second independent review of information provided in FBI criminal history report * On June 24 and August 10,1999, the licensee retrained Access Department personnel on identifying derogatory and potentially derogatory information and the requirements for evaluating this informatio * A 100 percent review of all unescorted access files processed during Plant Outage 1 RE08 (Spring 1999) to validate that all access requirements were completed. Additionally, conducted lessons-learned I training to address issues identified from this review. During this review, I the licensee identified, in part, that it had granted two individuals unescorted access prior to initiating the required suitable inquiry. Upon completion of the suitable inquiry, no derogatory information was l identifie * Sampled the unescorted access files processed during Plant Outage 2RE06 (Fall 1998) to determine if similar events exis * Trained additional support personnel for upcoming plant outage I l

8-The licensee reported that the following corrective actions were in process, and had not been completed:

• Revision of Procedure OPGP09-ZA-0001," Plant Access Authorization Program," to clarify requirements for processing personnel for unescorted acces * Revision of Procedure OHRP01-ZA-0001," Unescorted Access Evaluation Process," to add requirements to perform second independent reviews of criminal history information and to clarify the requirements and process for evaluating derogatory informatio *

Revision of checklist forms to ensure that all requirements for granting unescorted access had been me *

Developing specific (step-by-step) desk instructions for completing requirements to grant unescorted plant acces I Insoection Findinos During this inspection, the inspector determined that the event occurred as reported in the licensee's event report. Through observations and interviews, the inspector verified the above corrective actions. The event was entered into the licensee's corrective action system as Condition Report 99-8275, Revision The inspector determined that the failure to review and consider all background investigation information prior to granting unescorted plant access was a i violation of Paragraph 4.1.2 of the physical security plan and Paragraph 4.1 of l Procedure OHRP01-ZA-0001, Revision 3. This Severity Level IV violation is )

being treated as a noncited violation, consistent with Appendix C of the NRC !

Enforcement Policy. This violation is in the licensee's corrective action program as Condition Reports 99-8275,99-6371, and 99-7237 (50-498;-499/9912-01).

(2) Failure to Review and Consider Deroaatory Information Prior to Grantina Unescorted Access l On February 11,1999, the licensee granted an individual unescorted access prior to reviewing and considering information obtained during the background l investigation. Specifically, the licensee failed to review available derogatory j criminal history information that the individual had listed on his Personal History

'

Statement. The licensee discovered the error on March 30,1999, upon receipt of the individual's FBI fingerprint report. Following review, the licensee determined that the derogatory criminal history information was not disqualifyin The licensee determined this event was caused by inattention to detail. As corrective actions, the licensee reviewed this event with access coordinators and reinforced management expectations for job performanc r r

.

Inspection Findinas During this inspection, the inspector determined that this event occurred as reported in the licensee's Condition Report 99-4692.

l l (3) Failure to Review and Consider Deroaatory Information Prior to Grantina Unescorted Access

,

O1 March 16,1999, the licensee granted an individual unescorted access prior l to reviewing and considering information obtained during the background l investigation. Specifically, the licensee failed to review available derogatory criminal history information provided in an FBI fingerprint report. The licensee discovered the error on March 23,1999. The fingerprint report was obtained during previous access processing in August 1997. Following review, the licensee determined the derogatory information was not disqualifying.

l The licensee determined this event was caused by inappropriate staff actions.

l Access authorization personnel had appropriately flagged the individual's background investigation file to indicate this matter needed to be evaluated prior to again granting unescorted access. However, access authorization personnel l had failed to flag the individual's database record. As a result, when the individual returned to the site, the access authorization personnel failed to l recognize he already had a ' flagged" file from the previous access period. As i corrective actions, the licensee reviewed this event with access coordinators and I reinforced management expectations for job performanc !

)

Inspection Findinas During this inspection, the inspector determined that this event occurred as reported in the licensee's Condition Report 99-4143.

! c. Conclusions l

A violation was identified for failure to review and consider all background investigation l information prior to granting unescorted plant access, as required by Paragraph 4.1.2 of l the physical security plan and Paragraph 4.1 of Licensee Procedure OHRP01-ZA-0001, I Revision 3. On three occasions, the licensee improperly granted unescorted access to an individual who would no.1 have been granted unescorted access if a complete review had been conducted. On two additional occasions, the licensee's reevaluation resulted in continuation of individuals' unescorted access. This Severity Level IV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy. This violation is in the licensee's corrective action program as Condition Reports 99-8275,99-6371, and 99-723 :

!

l l

L

o L,

.

-10-S2 Status of Security Facilities and EaulomeD1 S Assessment Aids Inspection Scooe (81700)

The inspector reviewed the assessment aids to determine compliance with the physical security plan. The areas inspected included the closed-circuit television monitors -

located in the alarm station Observations and Findinas The inspector verified through observation that the fixed closed-circuit television cameras were positioned to ensure proper coverage of the perimeter security alarm zones. The cameras produced a good resolution. The video capture system enhanced the licensee's ability to immediately identify the cause of perimeter security alarm Through interviews, the inspector determined that prompt maintenance support was provided to ensure that system problems were corrected in a timely manne Conclusions Assessment aids provided effective assessment of the perimeter detection zones. The

. video capture system provided enhanced ability to determine the cause of perimeter security alarm S3- Security and Safeguards Procedures and Documentation LS3,1 Security Event Loas Insoection Scope (81700)

The inspector reviewed safeguards event logs and security incident reports to determine compliance with the requirements of 10 CFR 73.21(b) and (c),10 CFR 26.73, and the physical security plan. The inspector reviewed Licensee Event Report

' 50-498/499-S02-00 regarding the failure to maintain positive control of a vital area ke The inspector also reviewed Licensee Event Report 50-498/499-S03-00 regarding the improper revitalization of the Unit-1 standby diesel generator no.11 and miscellaneous report . Observations and Findinas The inspector reviewed the security event logs from January 1 to August 15,1999. The records were available for review and maintained for the time required by regulation The inspector determined that the licensee conformed to the regulatory requirements regarding the reporting of security events. The logs and supporting security incident

,

.

.

-11 -

reports were accurate, neat, and contained sufficient detail for the reviewer to determine root cause, reportability, and corrective action take (1) Security Vital Area Kev (Licensee Event Report 50-498/499-S02-00)

In accordance with 10 CFR 73.71, the licensee telephonically reported to the NRC on June 1,1999, that operations personnel had lost a security key to vital area In June 23,1999, the licensee submitted Licensee Event Report 50-498/499-S02-00. This report summarized the circumstances surrounding the (temporary) loss of an operations key ring containing a security vital area ke License Condition 6.8.1(c) (Units 1 and 2) of the licensee's facility operating licenses requires, in part, that the licensee establish, implement, and maintain written security plan implementing procedure Station Procedure OPGP03-ZS-0005, " Control of Keys, Locks, Cores, and Keycards," paragraph 5.3, required, in part, that individuals possessing vital area keys must maintain positiva control of the keys at all time E /ent Chronoloav a The licensee reported that at 10:09 p.m., May 31,1999, an auxiliary operator entered the diesel generator building to perform assigned wor The operator unlocked a valve using a key on his assigned key ring, and walked away leaving his set of keys in the lock. (Note: The operator's key ring included a security key to plant vital areas.)

• At approximately 11 p.m., May 31,1999, the auxiliary operator noticed that he did not have his watch station key ring in his possession. He rationalized that he must not have received the keys at shift turnover and waited to report the misplaced key ring until he spoke to the operator that he relieved. The operator was unaware of specific requirements to maintain positive control of vital area key * At approximately 6 a.m., June 1,1999, the auxiliary operator contacted the operator he had relieved the previous shift. Upon realizing that he must have had previous possession of the key ring, the auxiliary operator notified the shift supervisor of the missing key ring. At approximately 6:12 a.m., June 1,1999, following an additional search for the key ring, the shift supervisor contacted the security force supervisor to report the missing key rin * At 6:15 a.m., June 1,1999, the security force began implementing compensatory measures for the missing vital key. At 6:22 a.m.,

compensatory measures were posted at all vital areas, and security had initiated actions to change lock cores in all vital doors. The change of lock cores in vital doors was completed at 10:50 f 1

!

.

-12-

• At approximately 9 a.m., June 1,1999, a maintenance mechanic discovered the keys in the padlock to the valve that the auxiliary operator had unlocke Licensee't, Investiaation

• The licensee's investigation determined that the key ring was left unattended for approximately 11 hours1.273148e-4 days <br />0.00306 hours <br />1.818783e-5 weeks <br />4.1855e-6 months <br /> inside a vital are * The licensee deterrhined that the root cause of this event was the auxiliary operators' lack of attention to detail to ensure that control of the security vital area key we.s maintained. Additionally, the operator's lack of knowledge pertaining to the consequences of a lost vital security key i

'

resulted in his failure te immediately report the key missin Licensee Corrective Action * The licensee reviewed the security computer records to verify that the ;

vital area key had not been used in an unauthorized manner while j missing. There were no security system alarms that could be attributed l to the missing vital area ke * The event was communicated to operations personnel via night order * The importance of this event was discussed with the auxiliary operator in accordance with the constructive discipline progra l

• The event will be communicated with operations personnel dunng j upcoming operations lessons-learned requalification training. The importance of maintaining control of vital area keys will be emphasize Inspection Findinas During this inspection, the inspector determined that the event occurred as reported in the licensee's event report. This event was entered into the licensee's corrective action system as Condition Report 99-837 The inspector determined that the failure to maintain positive control of a vital j area key was a violation of Procedure OPGP03-ZS-005. This Severity LevelIV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy. This violation is in the licensee's corrective action program as Condition Report 99-8375 (50-498;-499/9912-02).

(2) Imorocer Revitalization of Vital Area (Licensee Event Report l 50-498/499-S03-00)

In accordance with 10 CFR 73.71, the licensee telephonically reported to the NRC on June 19,1999, (Event No. 35848) that compensatory measures had {

been implemented following discovery of a degraded vital area boundar t

-13-In July 15,1999, the licensee submitted Licensee Event Report 50-498/499-S03-00. This report identified that on June 18,1999, plant operations had " revitalized" the Unit-1 standby diesel generator (No.11) a vital area without notifying plant security. As a result, the required revitalization search had not been completed prior to declaring the diesel generator as operable. Additionally, the security door alarms to the diesel generator remained deactivated for approximately 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after the diesel generator had been declared operational.

License Condition 1.F (Units 1 and 2) of the licensee's facility operating licenses requires, in part, that the licensee fully implement and maintain in effect all provisions of the physical security, training and qualification, and safeguards contingency plans previously approved by the Commission and all amendments and revisions to such plans made pursuant to the authority under 10 CFR 50.90 and 10 CFR 50.54(p).

Section 5.3.2 of the licensee's physical security plan requires, in put, that all 1 doors accessing vital areas be kept locked and protected by an active intrusion (

detection device with alarms annunciating in the central and secondary alarm 1 station.

Section 10.0 of the licensee's physical security plan provides, in part, that in accordance with Technical Specification 3.8.1.1, a standby diesel generator may i be devitalized during power operation for up to 14 days. Additionally, ptior to j revitalizing areas, each area shall be searched to detect the presence of j tampering or contraband items. Further, once operability tests of the intrusion '

detection and access control devices have been completed, the (vital) area will be brought back under full security control )

Appendix H (Vital Areas and Equipment) of the licensee's physical security plan established, in part, the Unit-1 Diesel Generator No.11 as vital equipment and its area (diesel generator bay) as a vital area.

Event Chronoloov

= The licensee reported that on June 14,1999, Unit-1 standby diesel generator No.11 was devitalized for a limited outage to accommodate repairs. The diesel generator was scheduled to be revitalized on June 19,1999, at 9 p.m. Upon devitalization, the licensee deactivated the security alarm on vital area card reader door No.1D2108. Additionally, a large equipment access portal was removed to allow plant employees unimpeded access to the diesel generator.

• On June 18,1999, at approximately 7:08 p.m., repairs to diesel generator No.11 were completed 1 day ahead of schedule. Operations ended the outage, reinstalled the large equipment-access portal, and declared diesel generator No.11 as operable. Operations did not notify the security department of these action * On June 19,1999, at approximately 7:40 p.m., the security department discovered that the Unit-1 standby diesel generator No.11 had been declared operable approximately 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> earlier. However, the vital area for the diesel generator had not been revitalized. As such, the vital area had not been searched for tampering or contraband items, and the vital area intrusion detection system had not been operability teste Additionally, during this 24-hour period, the alarm on vital area door No.1D2108 remained deactivated.

• On June 19,1999, at approximately 7:45 p.m., security posted a compensatory measure at door No.1D2108, the entrance to the diesel generator No.11 vital area. At approximately 8:45 p.m., security completed operability testing of all security door alarms for the diesel generator. At 10:30 p.m., securi+y and operations completed the search of the diesel generator vital area.

Licensee's investication The licensee's investigation determined that the root cause of this event was the lack of a formal process to preclude the standby diesel generator from being returned to operable status prior to restoration of required security measures.

Licensee Corrective Actions

• The standby diesel generator No.11 was revitalized at 10:31 p.m.,

June 19,1999.

• The licencee developed a security force instruction which formalized the process for devitalizing and revitalizing plant vital equipment.

• An operability assessment system number will be generated by operations personnel at the time of devitalization to ensure that revitalization occurs prior to returning equipment to operable statu Inspection Findinas During this inspection, the inspector determined that the event occurred as reported in the licensee's event rcport. This event was entered into the licensee's corrective action system as Condition Report 99-9227.

The inspector determined that the failure to properly revitalize Unit-1 standby diesel generator No.11 was a violation of Section 10.0 of the security plan. This Severity Level IV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy. This violation is in the licensee's corrective action program as Condition Report 99-9227 (50-498;-499/9912-03).

l

I

I L -

l-15- Conclusions j

The event logs and supporting incident reports were accurate and neat, and the security staff was correctly reporting security event A violation was identified for failure to maintain positive control of a vital area key, as required by Station Procedure OPGP03-ZS-0005. This Severity Level IV violation is being treated as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy. This violation is in the licensee's corrective action program as Condition Report 99-8375.

I A violation was identified for failure to properly revitalize Unit-1 standby diesel generator No.11, as required by the security plan. This Severity Level IV violation is being treated l as a noncited violation, consistent with Appendix C of the NRC Enforcement Policy.

l This violation is in the licensee's corrective action program as Condition Report 99-9227.

S7 Quality Assurance in Security and Safeguards Activities S7.1 Security Proaram Audits Inspection Scope (81700)

The audits of the security program were reviewed to determine compliance with the j requirements of 10 CFR 50.54(p) and the physical security pla Observations and Findinas  !

The inspector verified that security program, access authorization, and fitness-for-duty l

audits were conducted at the required intervals. The inspector reviewed the 24 audits and monitoring reports listed in the attachment. The inspector interviewed audit personnel and confirmed that they were independent of plant security management and ;

plant security management supervisio l l

The inspector determined that the audits of the security plan, the access authorization program, and the fitness-for-duty programs were effective, thorough, and intrusiv Additionally, these audits were performance base l Conclusions I The audits of the security program, the access authorization program, and the l

'

fitness-for-duty program were effective, thorough, and intrusive. The audits were conducted at the required intervals and were performance base l

.

l

!

-16-S8 Miscellaneous Security and Safeguards issues (92700 and 92904)

S (Closed) Licensee Event Report 50-498/499-S01-00: Improper Grantino of Unescorted Access Authorization l in accordance with 10 CFR 73.71, the licensee telephonically reported to the NRC on ,

May 27,1999, (event No. 35773) that a contract employee had been erroneously )

granted unescorted plant acer ss. See paragraph S1.1 of this report for discussion of l this even S (Cloted)

e Licensee Event Report 50-498/499-S02-00: Failure to Maintain Positive Control of a Vital Area Kev i

in accordance with 10 CFR 73.71, the licensee telephonically reported to the NRC on )

June 1,1999, that operations personnel had lost a security key to vital areas, and that compensatory measures were not implemented in a timely manner. See Paragraph S3.1(b)(1) of this report for discussion of this even i S8.3 (Closed) Licensee Event Report 50-498/499-S03-00: Imorocer Revitalization of a Vital Area in accordance with 10 CFR 73.71, the licensee telephonically reported to the NRC on June 19,1999, that compensatory measures had been implemented following discovery of a degraded vital area boundary. See Paragraph S3.1(b)(2) of this report for discussion of this even S (Closed) Inspection Followuo item 50-498/499-9816-01: Security Eauipment Lockers j i

During a previous inspection, the inspector determined that some of the licensee's metal i storage lockers for security equipment could be moved by an individual to another location within the buildings, in this event, the security officers would not know the location of the lockers, and the security equipment inside the cabinets would be ;

unavailable to the security officers. The licensee initiated Condition Report 98-18221 to determine the feasibility of possibly permanently affixing its equipment lockers to the wall of the floo During this inspection, the licensee stated that all security equipment lockers positioned on concrete or tile floors had been permanently affixed to the floor. The remaining equipment lockers located on turbine deck grating material and more difficult for a person to move had not been permanently affixed. The inspector verified the licensee's completed action S Information Notice 98-35: Threat Assessments and Consideration of Heiahtened Physical Protection Measures Information Notice 98-35 dated September 4,1998, was issued to inform licensees of factors considered by the NRC when assessing threats and disseminating that information to the licensees. Additionally, the Notice advised licensees about additional

.

-17-physical protection m'easures that should be considered for specific threat condition The notice discussed threat levels and appropriate response levels in an effort to avoid any future misunderstandings concerning NRC threat advisories and to facilitate an appropriate and comparable level of physical protection response throughout the nuclear industr During this inspection, the licensee stated they had received the notice and had reviewed it for applicabilit V. Manaaement Meetinas XI Exit Meeting Summary The inspector presented the inspection results to members of licensee management at the conclusion of the inspection on August 19,1999. The licensee acknowledged the findings presente l l

I

.

.

ATTACHMENT l SUPPLEMENTAL INFORMATION PARTIAL LIST OF PERSONS CONTACTED Licensee W. Cottle, President and Chief Executive Officer J. Sheppard, Vice President, Engineering and Technical Services

!

P. Arrington, Licensing Specialist C. Bowman, Assistant to Operations Manager D. Brune, Access Coordinator )

R. Crocken, Systems Engineer l J. Drymiller, Supervisor, Nuclear Plant Protection R. Foote, Acting Manager, Operating Experience G. Frasier, Access Coordinator I M. Hall, Senior Security Operations Coordinator S. Head, Supervisor, Licensing C. Johnson, Manager, South Texas Project Activities, Central Power and Light i G. Massey, Access Coordinator R. Mumme, Quality Auditor R. Piggott, Senior Quality Audit Specialist P Serra, Manager Emergency Response i M.Woodard-Hall, Supervisor, Access Authorization  !

'

R. Young, Access Coordinator Qontractors D. Bennetsen, Supervisor, Security Force, PTl Security E. Bernard, Security Quality Coordinator, PTl Security D. Bilski, Lead Security Instructor, PTl Secerity C. Sanders, Project Manager, PTl Security INSPECTION PROCEDURES USED IP 81700 Physical Security Program for Power Reactors IP 92700 On-site Followup of Written Reports of Nonroutine Events at Power Reactor ,

Facilities l l

IP 92904 Followup - Plant Support

l

I 1

. l

. i l

LIST OF ITEMS OPENED CLOSED AND DISCUSSED ltems Ooened 50-498;-499/9912-01 NCV Improper Granting of Unescorted Access, Multiple Occurrences 50-498;-499/9912-02 NCV Failure to Maintain Positive Coatrol of a Vital Area Key 50-498;-499/9912-03 NCV Failure to Properly Revitalize A Unit-1 Vital Area Jigms Closed 50-498;-499/9816-01 IFl Security Equipment Lockers 50-498;-499-S O1-00 LER Erroneous Granting of Unescorted Access Authorization 50-498;-499-SO2-00 LER Failure to Maintain Positive Control of a Vital Area Key 50-498;-499-S O3-00 LER improper Revitalization of a Vital Area 50-498;-499/9912-01 NCV improper Granting of Unescorted Access, Multiple Occurrences 50-498;-499/9912-02 NCV Failure to Maintain Positive Control of a Vital Area Key 50-498;-499/9912-03 NCV Failure to Properly Revitalize A Unit-1 Vital Area Itgms Discussed Information Notice 98-35 IN Threat Assessments and Consideration of Heightened Physical Protection Measures LIST OF DOCUMENTATION REVIEWED Licensee Event Report 99-S01-00 dated June 28,1999 Licensee Event Report 99-S02-00 dated June 23,1999 Licensee Event Report 99-S03-00 dated July 15,1999 Safeguards Event Logs from January 1 to August 15,1999

'

Security Self Assessment, " Vehicle Access Control," dated July 27,1999 Twenty-two Quality Monitoring Reports from January 7,1998, through June 30,1999

!

.

i

.

!

!

,

-3-l Quality Audit 9812, Physical Security, Fitness-for-Duty Program, ard Access Authorization dated September 22,1998 Ouality Audit 97-16, Physical Security, Fitness-for-Duty Program, and Access Authorization dated October 8,1997 South Texas Procedure OHRP01-ZA-0001, Revision 3, " Unescorted Access Evaluation Process" South Texas Procedure OPGP09-ZA-0001, Revision 9, " Plant Access Authorization Program" l

l

.

!

l

i

l l

!

t- 2