IR 05000275/1996015
| ML16342D377 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 07/16/1996 |
| From: | NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION IV) |
| To: | |
| Shared Package | |
| ML16342D376 | List: |
| References | |
| 50-275-96-15, 50-323-96-15, NUDOCS 9607230194 | |
| Download: ML16342D377 (30) | |
Text
ENCLOSURE U.S.
NUCLEAR REGULATORY COMMISSION
REGION IV
Docket Nos License Nos Report No Licensee:
Facility:
Location:
Dates:
Inspector:
Approved By 50-275 50-323 DPR-80 DPR-82 50-275/96-15 50-323/96-15 Pacific Gas and Electric Company Diablo Canyon Nuclear Power Plant.
Units 1 and
San Luis Obispo County. California June 24-28.
1996 D.
W. Schaefer, Physical Security Specialist Blaine Murray, Chief, Plant Support Branch ATTACHMENT:
Attachment:
Partial List of Persons Contacted List of Inspection Procedures Used List of Items Opened.
Closed, and Discussed List of Acronyms 9607230194 9607l6 PDR ADOCK 05000275
EXECUTIVE SUMMARY Diablo Canyon Nuclear Power Plant, Units 1 and
NRC Inspection Report 50-275/96-15; 50-323/96-15 This routine, announced inspection focused on the licensee's physical security program.
The areas inspected included Licensee Event Report 96-S01-00.
records and reports, testing and maintenance.
assessment aids.
review of commitments in the updated final safety analysis report, compensatory measures, access control of personnel and packages, and review of previous inspection findings.
Plant Su ort An excellent records and reports program was maintained.
The security staff was correctly reporting security events as required by regulations.
A concern was identified regarding the licensee's handling and control of documents marked as containing safeguards information (Secti on Sl. 2).
The testing and maintenance program was properly implemented and documented.
The length of time to complete action requests and repair security equipment had been reduced (Section S2. 1).
The assessment aids system provided proper assessment of the perimeter detection zones.
Compensatory security posts were established for deactivated closed circuit television cameras for portions of the main protected area (Section S2.2).
The compensatory measures program was effectively implemented.
Security personnel were well trained on the program requirem'ents.
A non-cited violation was identified (in Section S1.1) involving compensatory measures (Section S4. 1).
In general; an effective program for searching personnel and packages was maintained.
However, program weaknesses and concerns were identified involving the increased number of unlocked vital area doors, low identification-rate for simulated contraband and test items entering the protected area, authorized individuals entering vital area without '
following security pr'ocedures, and unsecured forklift vehicles inside the protected area (Section S4.2).
Re ort Details III.
En ineer in E2 'eview of Commitments in the U dated Final Safet Anal sis Re ort
~UFSAR
,A recent discovery of a licensee operating their facility in a manner contrary to the Updated Final Safety Analysis Report (UFSAR) description highlighted the need for a special focused review that compares plant practices, procedures and/or parameters to the UFSAR description.
While performing the inspection discussed in this report, the inspector reviewed the applicable portions of the UFSAR that related to the areas inspected.
The inspector verified that the UFSAR wording was consistent with the observed plant practice.
procedures and/or parameters.
IV.
Plant Su ort Sl Conduct of Security and Safeguards Activities Sl. 1* Onsite Review of Licensee Event Reports (92700)
Closed Licensee Event Re ort 275/96-S01-00 323/96-S01-00 01013 Uncom ensated Perimeter Detection Zone License Condition 2.E of the licensee's facility operating licenses requires'n part. that the licensee fully implement and maintain in effect all provisions of the Commission-approved physical security plan
~
including amendments made pursuant to the authority of 10 CFR 50.54(p)
and
CFR 50.90.
Paragraph 6.8. 1 of the Facility Technical Specifications states, in part
~ that written procedures shall be established, implemented.
and maintained covering security plan implementation.
Section 3. 1.4.5 of the licensee's physical security plan requires, in part, that a failure of the protected area intrusion detection hardware results in the implementation of appropriate compensatory measures.
Section 3.8 Security Procedure SP-106.
"Security Reporting," dated October 6,
1995. states'n part
~ that compensatory measures will be posted within 10 minutes of discovery of the event.
In accordance with 10 CFR 73.71(b)(1)
and
CFR 73 Appendix G(1)(c),
the licensee telephonically reported to the NRC on April 18, 1996 (Event 30317), that at approximately 1830 hours0.0212 days <br />0.508 hours <br />0.00303 weeks <br />6.96315e-4 months <br /> (PDT), April 18, 1996, adequate compensatory measures were not in place for a degraded (failed)
protected area perimeter alarm zone during a period of high wind.
(*) Topical headings such as Sl
~
S8 etc..
are used in accordance with the NRC standardized reactor inspection report outline.
Individual reports are not expected to address all outline topic The licensee's investigation of this event determined that at approximately 1803 hours0.0209 days <br />0.501 hours <br />0.00298 weeks <br />6.860415e-4 months <br /> PDT, April 18, 1996, perimeter microwave Zone 31 alarmed and a central alarm station (CAS) operator dispatched the security officer assigned to that sector of the perimeter to physically verify the cause of the alarm.
Five minutes later, at approximately 1808 hours0.0209 days <br />0.502 hours <br />0.00299 weeks <br />6.87944e-4 months <br />, microwave Zone 31 again alarmed and remained in almost continuous alarm.
The security officer dispatched to Zone 31 was instructed to telephone the CAS operator when he arrived at the guard post overlooking Zone 31.
The CAS operator intended to instruct the security officer to remain at the post and to provide required compensatory measures by maintaining observation of the alarming zone.
Instead, the security officer understood that the CAS operator had instructed him to remain in the general area of Zone 31 and that the CAS operator would advise him if additional alarms were received at Zone 31.
At approximately 1830 hours0.0212 days <br />0.508 hours <br />0.00303 weeks <br />6.96315e-4 months <br />, having not been advised of any additional alarms at Zone 31. the security officer left Zone 31 for his next rotational assignment.
At approximately 2105 hours0.0244 days <br />0.585 hours <br />0.00348 weeks <br />8.009525e-4 months <br />.
following the high number of alarms at Zone 31. the security watch commander notified the CAS operator to replace the security officer that had been acting as a compensatory measure.
At that time the CAS operator discovered that the initial security officer had not remained at the alarming zone, and that adequate compensatory security measures had not been posted at this microwave zone for over 2 1/2 hours.
At approximately 2110 hours0.0244 days <br />0.586 hours <br />0.00349 weeks <br />8.02855e-4 months <br />, a
security officer was posted at Zone 31 to provide compensatory security measures.
Upon discovery of the event. security officers checked all personnel encountered for protected area security badges and unusual activity.
No unauthorized individuals or activity were noted.
The licensee's root cause analysis determined that this event was caused by:
(1)
a breakdown of verbal communications between the security officer and the CAS operator; and (2) inconsistent understanding of
'policies and-procedures by members of the security organization.
During this inspection, the inspector verified that the licensee had completed the following corrective actions:
(1)
Security Procedure SP-410.
"Changing Status of Security Alarm Zones,"
was revised on May 10, 1996. to provide more specific guidance regarding the changing of status of security alarm zones; (2)
On May 10, 1996, more specific guidance was provided for the security departments'olicy concerning the posting of compensatory security measures.
(3)
On May 10.
1996, a shift memorandum was issued to all members of the security organization regarding the results of the investigation by the licensee's security review group and corrective actions to prevent recurrence of this even t '
-3-(4)
The licensee evaluated perimeter alarm Zone 31 to determine what measures could be taken to reduce susceptibility to environmentally caused nuisance alarms.
Subsequently, the perimeter detection equipment at alarm Zone 31 was upgraded.
The licensee's failure to maintain adequate compensatory measures for a
degraded (failed) protected area perimeter alarm zone during a period of high wind is a violation of Section 3. 1.4.5 of the physical security plan.
This licensee-identified and corrected violation is being treated as a noncited violation consistent with Section VII.B.1 of the NRC Enforcement Policy (275/9615-01; 323/9615-01)
.
Records and Repor ts (81700-02.01)
Ins ection Sco e
The inspector reviewed safeguards event logs and security incident reports to determine compliance with the requirements of 10 CFR 73.21(b)
and (c),
CFR 26.73, and the physical security plan.
Observations and Findin s The inspector determined that the licensee conformed to the regulatory requirements to report security events.
The inspector specifically reviewed the security event logs from January 1 through June 26.
1996.
The reports were accurate, neat, and contained sufficient detail for the reviewer to determine root cause, reportabi lity, and corrective action taken'he records were available for review and maintained for the time requi red by regulations.
In addition the licensee used the information contained in their records and reports to track and trend problem areas.
~
Safe uards Information
CFR 73.21 requires the licensee to ensure that safeguards information is protected, against unauthorized disclosure and that while in use.
documents containing safeguards information shall be under the control of an authorized individual.
The inspector determined through a review of security event reports that from January 1 to June 26, 1996, the licensee had recorded the following.
four events pertaining to the mishandling of documents marked as containing safeguards information.
On February 14, 1996, a licensee Regulatory Services clerk, typed (as requested)
two pages, of the safeguards contingency plan that were marked as containing safeguards information.
The clerk was not cleared f'r access to safeguards information.
On February 23.
1996, a licensee (security)
employee mistakenly took home a training booklet that was marked as containing safeguards informatio S2 S2.1
On March 7, 1996.
a security supervisor observed a zone status log (SP-410).
stamped as containing safeguards information, in a tray at the badging office.
The licensee determined that this log had been previously sent to the badging office in error.
On May 25, 1996, a security watch commander discovered an unlocked cabinet in the Watch Commanders Office.
The cabinet contained documents stamped as containing safeguards information.
During the exit meeting on June 28, 1996. the inspector stated that these licensee-identified events would not be classified as a violation, because they were minor in nature and were isolated events.
The licensee's failure to properly handle and control documents marked as containing safeguards information is a concern.
Conclusions The licensee had an excellent record and report program.
The security staff was correctly reporting security events.
A concern was identified regarding the failure of the licensee to properly handle and control documents marked as containing safeguards information.
Status of Security Facilities and Equipment Testing and Maintenance (81700-02.07)
Ins ection Sco e
The inspector reviewed selected portions of'he testing and maintenance program to determine compliance with the requi rements of the security plan.
Observations and Findin s AAti R At During a previous security inspection, the inspector identified that the length of time requi red to complete action requests (work orders) for repair, maintenance or enhancement to security equipment was excessive.
Previously, an 8-month old action request for a blur red image on a
television monitor (screen)
inside a guard station had not been completed.
Additionally, 4 other actions requests were between 1 and 5 years old.
During this inspection, the inspector noted that the television monitor identified above had been properly repaired.
Additionally, the oldest action request requiring work was 8 months old.
Further, the inspector noted that the security organization had revised their procedure for processing action request ~
Testin and Maintenance Records The inspector reviewed testing and maintenance records for the following security equipment and confirmed that the records committed to in the security plan were on file and well documented.
The inspector determined through interviews with security officers and supervisors and a review of records that repai rs to security equipment were completed in a timely manner.
Intrusion alarm system Closed-circuit television system
~
Search equipment
~
Microwave intrusion alarm system
~
Perimeter microwave transceivers
~
Perimeter tamper switches
~
System internal tamper switches
~
System cardreaders The inspector observed a security officer perform functional tests of the fixed metal detectors, the explosive detectors, and the x-ray machines.
The officer performed these tests in accordance with applicable security procedures.
c.
Conclusions The length of time required to complete action requests and repai r security equipment had been reduced.
The testing and maintenance program was conducted in accordance with the security program plans and was properly documented.
S2.2 Assessment Aids (81700-02.06)
a.
Ins ection Sco e
The inspector reviewed the assessment aids to determine compliance with the physical security plan.
The areas inspected included the closed-circuit televisions (CCTV) monitors located in the alarm station S4 S4.1 Observations and Findin s During this inspection, the licensee was adding new closed-circuit television cameras and also relocating some of the existing closed-circuit television camer as along the (plant) west and north perimeter of the main protected area.
The closed-circuit television cameras in these areas had been deactivated and compensatory security officers were properly posted for these areas.
The inspector determined that the closed-circuit television system along the remainder of the perimeter generally provided proper assessment of the perimeter detection zones.
The licensee had identified two other areas along the perimeter of the main protected area that involved an extended field of vision for the closed-circuit television cameras.
The licensee stated that they plan to relocate/reposition closed-circuit television cameras in these areas to improve assessment capabilities.
During late afternoon, some glare problems were occasionally present for short periods of time.
The licensee had installed a video capture system that enhanced their capability to determine the cause of perimeter security alarms.
Conclusions The assessment aids system was determined to generally provide proper assessment of the perimeter detection zones.
Security posts properly compensated for deactivated closed-circuit television cameras.
Security and Safeguar ds Staff Knowledge and Performance Compensatory Measures (81700-02.07)
Ins ection Sco e
The compensatory measures program was inspected to determine compliance with the requirements of the physical security plan.
The areas inspected included deployment of compensatory measures and the effectiveness of those measures.
Observations and Findin s The inspector confirmed that the licensee deploys compensatory measures in a manner consistent with the requirements in the security plan.
The inspector determined through observation and interview of security personnel that the security personnel assigned to compensatory posts were adequately trained for those dutie S4.2 Conclusion The compensatory measures program was effectively implemented.
The security personnel were well trained on the program requirements.
A non-cited violation was identified (in Section Sl. 1) for failing to maintain adequate compensatory measures for a degraded protected area perimeter alarm zone.
Access Control of Personnel and Packages (81700-02.05)
Ins ection Sco e
The access control program f'r personnel and packages was inspected to determine compliance with the requirements of the security plan.
The areas inspected included the security building and the warehouse.
b.
Observations and Findin s The inspector determined through observations at the security building entrance and the warehouse that the licensee properly controlled personnel access to the protected area.
The protected area access control equipment was inspected and found to be functional and well maintained.
The inspector observed the x-ray machine search of hand-carried packages at the security building and at the warehouse.
The operators were efficient and well trained.
However, the inspector identified the following concerns and weaknesses in the licensee's access control program:
~
Unsecured Vital Area Doors Section 5.2.1. 1 of the security plan states, in part, that access to unoccupied vi.tal areas is controlled via locked and alarmed doors or portals.
Upon reviewing the licensee's security event logs and the licensee's trending history of safeguards events, the inspector noted that since 1994, the number of events involving unsecured vital area doors had significantly increased.
In 1994 and 1995 the licensee reported 62 and 80 unsecured vital area doors, respectively.
From January 1 through June 15, 1996, the licensee reported 84 unsecured vital area doors.
During this inspection, the licensee stated that they had been working with the mechanical maintenance group to reduce the number of events involving unlocked vital area security doors.
The inspector observed that the licensee had begun to implement a
variety of corrective measur es for the unlocked vital area doors; however. the increased number of unlocked vital area doors is a weakness in the security program.
During the exit meeting on June 28, 1996, the
-8-licensee stated that they plan to conduct a root cause analysis to review the high number of unsecured vital area doors.
The effectiveness of the licensee's continued corrective measures will be reviewed during future security inspections (275/9615-02; 323/9615-02).
~
Searchin of Haterial Section 3.2. 1.2 of the licensee's security plan states that individuals who are authorized access into the protected areas are searched for explosives and weapons by equipment designed for this purpose.
Upon reviewing the licensee's security self assessment reports the inspector noted that between January 1 and June 26, 1996, the security organization had conducted 20 access control training drills.
During each drill, individuals badged for unescorted site access attempted to introduce test items (weapons and explosives)
and prohibited items (alcohol and large knives) into the protected areas via the security building, the warehouse (materials receiving) area, the main vehicle portal, and the access control station at the intake structure.
Additionally, test items were mailed to the site via united postal service (UPS) carrier.
During each drill one or more of the following simulated test items were utilized:
small pistol, explosive devices.
box of ammunition, large knives and alcohol.
The inspector noted that during the previous 6 months the licensee's overall identification-rate for test items during the security drills had declined.
Following each failed security drill at the security building, the licensee provided additional training to the security officer(s) that failed to locate the test item.
During the exit meeting on June 28, 1996. the licensee stated that they would revi.ew thei r drill procedures in order to make improvements in this area.
The licensee's performance to identify test items will be reviewed during future security inspections (275/9615-03; 323/9615-03).
~
Authorized Em lo ees Im ro erl Enterin Vital Areas Section 13.5 of the licensee's security plan states.
in part. that for vital area portals equipped with card readers, the security access control system maintains vital area access records indicating card key numbers time of entry and time of exit for all individuals granted access to vital areas, except those individuals entering or exiting the reactor control room.
Paragraph 4 of Security Procedure SP-411,
"Operation of Security Card Key Access Control System,"
discusses entering plant exterior and vital area doors, and states, in part:
-9-Pass the card key through the card reader.
The yellow
"wait" light will illuminate while the computer verifies access authorization.'f the correct procedure is followed and the card user is authorized access to the area.
the green
"proceed" light will illuminate and the door strike will be activated.
The door may then be opened.
Should the red "error" light illuminate, immediately call the security central or secondary alarm station for instructions.
This is important as a card alarm has displayed in the alarm stations.
Upon reviewing the licensee's security event logs from January 1 through June 7,
1996, the inspector noted that 28 authorized individuals had entered vital areas without having their card key numbers, and time of entry properly recorded in the security computer.
Following each incident. the responsible supervisor was notified.
In turn, each supervisor notified the security organization of completed corrective actions.
During this inspection, the licensee stated that this data covered the period of time during the last refueling outage and that a large number of these events were caused by new contract personnel that had not followed the above procedure.
These licensee-identified events involved individuals authorized to enter the vital areas.
The inspector determined that these events were of minor safety significance.
The licensee's failure to ensure that authorized individuals follow the proper procedure
'for entering vital areas is a concern.
~
Unsecured Vehicles Section 4.5.2.2 of the licensee's security plan states, in part, that while in the protected area and unattended.
designated vehicles are locked and the keys are maintained in the possession of the individual or department responsible for their use.
Additionally. the licensee stated that security procedures require that forklifts be secured with a chain and lock.
Upon reviewing the licensee's security event logs from January 1 through June 7,
1996. the inspector noted that from March 20 through April 29, 1996, security officers inside the protected area, had identified 7 unsecured forkliftvehicles.
In each instance.
the required chain and lock had not been applied to these vehicles.
During this inspection, the licensee stated that following each incident, the responsible supervisor was notified in writing concerning his unlocked forklift vehicle.
In turn.
each supervisor also notified
-10-the security organization of completed corrective actions.
The licensee stated'that this data covered the period of time during the last refueling outage and that a large number of these events were caused by contract vehicle operators.
Additionally. the licensee, stated that these forklifts had been equipped with a blank-key ignition switch.
Four of the above events were caused by two forklifts.
The inspector determined that these forklifts were equipped with a blank-key ignition switch and that these events were of minor safety significance.
The relatively high number of unsecured forklifts inside the protected area is a concern.
Conclusions S8 S8.1 A program for searching personnel, packages, and material was maintained.
Security events recorded in the event log identified two weaknesses and two concerns in the licensee's security program.
The weaknesses involved the reported increased number of unlocked vital area doors and the reported relatively low identification-rate for test items entering the protected area.
Concerns were identified involving the number of authorized individuals entering vital areas without following security procedures and the number of unsecured forklift vehicles inside the protected area.
Miscellaneous Security and Safeguards Issues (92904)
Closed Violation 275/9601-01 323/9601-01 01013:
Im ro er Grantin of Unescorted Access Authorization The licensee failed to review and evaluate all pertinent background information developed during an access authorization investigation before granting an individual unescorted access.'onsequently, an individual who should not have been granted access obtained unescorted access authorization to Diablo Canyon.
NRC Inspection Report 50-275/9601; 50-323/96-01 dated April 11, 1996.
concluded that the events summarized in Licensee's Event Report 95-S02-00 violated
CFR 73.56(b)
and Section 1.4.1 of the licensee's physical security plan.
This NRC inspection report also summarized the majority of the licensee's corrective actions to prevent a recurrence of this type of event.
In its May 10, 1996, response to the NRC, the licensee also provided the following additional corrective actions:
~
Licensee Procedure OHll. ID1,
"DCPP Site Access Process,"
was revised on Hay 10, 1996, to provide specific directions, actions.
documentation, and supervisor review when a "hold" on an individual's access is requested.
Access personnel are to have a
questioning attitude and are to request a complete explanation in writing indicating the reason for the hold.
During this inspection the inspector verified that these changes had been incorporated into Revision 4 of the procedure, dated Hay 10, 199 ~
The licensee evaluated the vendor's response to the February 1996 audit findings and closed 3 of the 9 audit findings.
During this inspection, the inspector verified that the licensee had properly retained the 6 remaining audit findings as "open."
The licensee continued to work with the vendor to resolve"these issues.
~
The licensee continued to perform the pre-access requirements for the vendor's personnel.
During this inspection.
the inspector verified that this will continue indefinitely or unti 1 the licensee is assured that the vendor has effectively implemented corrective actions and demonstrated that these deficiencies are not recurring.
In a June 27, 1996. letter to Westinghouse Electric Corporation, the licensee stated that in the future all Westinghouse personnel would be screened through the licensee's access and fitness-for-duty programs.
In this letter to Westinghouse, the licensee explained that this action was being taken to assure
"that there will not be a repeat of the events that led to a Westinghouse employee being inappropriately granted unescorted access to the Diablo Canyon Power Plant."
V.
Mana ement Meetin s X1 Exit Meeting Summary The inspector presented the inspection results to members of licensee management at the conclusion of the inspection on June 28, 1996.
The licensee, acknowledged the findings presente ATTACHMENT PARTIAL LIST OF PERSONS CONTACTED Licensee W. Drake, Watch Commander.
Security Services L. Fisher, Security Supervisor, Compliance and Administration B. Hansen-Harris.
Security Shift Supervisor, Special Projects C. Harbor, Nuclear Regulatory Engineer, Regulatory Services J.
Hubble. Security Supervisor.
Special Projects L. Lunsford, Security Supervisor, Operations and Training T. HcKnight, NRC Coordinator, Regulatory Services H. Paperno, Engineers Nuclear Quality Assurance R.
Powers, Acting Vice President and Plant Hanger W.
Ryan, Supervisor, Access and Fitness-for-Duty R. Todaro, Director, Security Services NRC S.
Boynton, Resident Inspector B. Hurray, Chief, Plant Support Branch M. Tschi ltz, Senior Resident Inspector
1/
-2-INSPECTION PROCEDURES USED IP 81700 IP 92700 IP 92904 Physical Security Program for Power Reactors Onsite Followup of Written Reports of Nonroutine Events at Power Reactor Facilities Followup - Plant Support ITEMS OPENED CLOSED AND DISCUSSED
~Qened 275/9615-02; 323/9615-02 275/9615-03 323/9615-03 IFI Security Door s IFI IFI Entry of Material Into Protected Area IFI Closed 50-275/9601-01 50-323/9601-01 LER 96-S01-00 VIO Improper Granting of Unesco ted Access Authorization LER Uncompensated Perimeter Detection Zone.
Closed as Non-Cited Violation Discussed 50-275/9615-01 NCV Failure to Compensate Perimeter Detection Zone 50-323/9615-01 LIST OF ACRONYMS USED CAS'CV NRC PDR UFSAR VIO Central Alarm Station Non-Cited Violation Nuclear Regulatory Commission Public Document Room Updated Final Safety Analysis Report Violation