IR 05000282/1999003
| ML20205R491 | |
| Person / Time | |
|---|---|
| Site: | Prairie Island  |
| Issue date: | 04/16/1999 |
| From: | NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION III) |
| To: | |
| Shared Package | |
| ML20205R488 | List: |
| References | |
| 50-282-99-03, 50-282-99-3, 50-306-99-03, 50-306-99-3, NUDOCS 9904230044 | |
| Download: ML20205R491 (11) | |
Text
.
.
U.S. NUCLEAR REGULATORY COMMISSION REGION lli Docket Nos:
50-282;50-306 i
License Nos:
50-282/99003(DRS); 50-306/99003(DRS)
I Licensee:
Northern States Power Company
'
Facility:
Prairie Island Nuclear Generating Plant Location:
1717 Wakonade Dr. East Welch, MN 55089
'
Dates:
March 22-26,1999 onsite March 30 and April 7,1999 at NRC Region ill Office inspector:
G. Pirtle, Physical Security inspector Approved by:
James R. Creed, Safeguards Team Leader Division of Reactor Safety
,
l 9904230044 990416
~
PDR ADOCK 05000292 G
c;
-
.
!
EXECUTIVE SUMMARY Prairie Island Nuclear Generating Plant l
NRC Inspection Reports 50-282/99003; 50-306/99003 t-This inspection included a review of the physical security program. It was an announced l
inspection conducted by a regional physical security specialist.
L Records and documec,5 reviewed were complete and accurate. Security procedures
)
'
were generally well written. The exception to the quality of the procedures was one procedure that required a security post to perform an excessive number of tasks that
{
could not be achieved by one individual during peak traffic periods. An unresolved item
!
was identified pertaining to manning requirements for a designated security post (Section S.3).
!
'
Review of security logs indicated the security force performed their duties in an effective j
and consistent manner. Also, the inspector determined that the security force was j
knowledgeable of post responsibilities. However, the inspector observed two occasions l
when ingress posted security officers failed to take appropriate actions to prevent or mitigato a significant disruption which could have resulted in the potential for missed searches or unauthorized entry into the protected area (Section S.4).
l Self-assessments continued to be a strength. The self-assessment program was varied, l
aggressive, well documented, and involved most levels of the organization. Findings l
were effectively documented and corrective actions were implemented. Thorough l
analysis of security force caused security events were performed (Section S.7).
l
?
i I
i
)
i
4
c
.
.
Report Details IV. Plant SupppA S2 Status of Security Facilities and Equipment a.
Lnsoection Scoce (81700)
The inspector reviewed the condition of security equipment and facilities required by the i
security plan. The equipment observed included, but was not limited to, search equipment, intrusion alarm equipment, alarm assessment equipment, and equipment I
within the primary security alarm station. Facilities observed included the Main Access Facility and primary alarm station b.
Observations and Findinas
,
Security equipment observed during the inspection functioned as designed and compensatory measures were implemented when appropriate. Maintenance support for security equipment was generally timely.
l An observation was noted pertaining to the test source used to test certain search j
detectors. The inspector noted that the detector's test source was not being effectively monitored by the security force to assure it was not used beyond the manufacturer's specified period of effectiveness. The manufacturer that provided the test source noted that the source was effective for only three months after being opened. The security force was unable to determine if the test source used for the observed testing of the i
equipment was a current and valid test source. A valid test source was obtained and the search equipment was successfully tested with the new source. Procedures were being developed by the security staff to inventory the test source and monitor the test source expiration dates. Discussions with the security staff concluded that testing with an invalid test source would cause a conservative failure. As the source weakened, the detection time for the equipment would increase to a point that the equipment would not detect the i
source within the specified time (therefore failing) because of the weakened source. The test failure however would be due to the weakened source, rather than equipment not in
'
calibration or capable of performing as designed.
The inspector had discussions with the Superintendent, Security and the Security Computer Engineer in reference to the security computers being Y2K compliant.
Preliminary testing has been completed for the critical computer components and software. Final testing and certification for Y2K compliance were expected to be completed not later than July 1999. One component of the system (video graphics) may or may not be Y2K compliant, but that component is not required to meet security plan criteria and has no potential to impact on the critical components and software required by the security plan.
i i
'
l
'
\\
[
c.
Conclusions q
Seculity facilities and equipment observed by the inspector functioned as designed.
Compensatory measures were seldom required. The security force was not effectively monitoring expiration dates for a search detector test source. Final testing and l
certification for Y2K compliance for the security computers are expected to be completed I
by July 1999.
!
S3 Security and Safeguards Procedures and Documentation a.
Inspection Scope (81700)
The inspector reviewed selected procedures pertaining to the areas inspected and also reviewed appropriate logs, records, and other documents.
b.
Observations and Findinos Records and documents reviewed were complete and accurate. Security procedures were generally well written and were in sufficient depth to adequately address the tasks described. However, the procedure for the Portal Control Room (PCR) Operations contained excessive tasking and security management expectations for the PCR post during peak ingress periods.
The PCR is a primary post within a bullet resistant structure that monitors and controls major search equipment functions for the protected area ingress and access control functions. The responsibilities for the PCR security post as described in Security Implernenting Procedure 3.3, " Portal Control Room Operations," approved February 27, 1998, cannot be achieved by one individual assigned to that position during ingress peak traffic periods for the following reasons. Some responsibilities for the post cannot be effectively completed because of the physicallayout of the ingress area (e.g., ensuring
,
hand carried items are placed on the x-ray conveyor in lane 3). Other responsibilities are duplicative of another post primarily responsible for the function (e.g., observing and ensuring vehicles are searched in accordance wah the appropriate prncedures; ensuring vehicles entering the protected area have been authorized; and confirming the vehicle
'
gate dead bolt is in place). Still other responsibilities for the PCR Operator are too time consuming during peak ingress periods (i.e., logging the badge number and name of personnel entering the protected area in case of card reader failure). This issue is primarily an administrative issue, but could have an adverse impact on performance if i
i not corrected ((IFI) 50-282/99003-01; 50-306/99003-01).
During our in-office review of security procedures, an Unresolved item was identified in reference to manning of a specific security post. Section 5.2.4 of Security implementing Procedure (SIP) 3.1 " Security Force Organization and Responsibilities," Revision 4,
,
approved April 8,1998, allowed a security post designated for contingency response purposes to be unmanned for a specified period of time under certain circumstances (details are considered safeguards information and exempt from public disclosure). By letter to the NRC dated March 4,1994, Subject: " Operational Safeguards Response
- .
Evaluation," the licensee stated on page 4 of Attachment A that a security officer would remain in the "immediate vicinity" of this post. Additionally, by letter dated April 25,1995, Subject: " Modified Response to " Operational Safeguard Response Evaluation," the licensee stated that identified members of the response force (to include the post subject to this URI) had to remain within a specified building to fulfill their mission. During an inspection conducted between April 4 and June 29,1995, (Report Nos. 50-282/95007; 50-306/95007, dated July 27,1995), it was identified that on occasions there were no security officer within the "immediate vicinity" of the post (IFl 50-282/95007-01; 50-306/95007-01). This issue was closed in inspection Report No. 50-282; 50-306; 72-10/95013, dated December 5,1995, based upon confirmation that the post was being continuously manned.
Discussions with the Superintendent, Security disclosed that subsequent to that inspection, additional analysis had been completed which showed that a security officer did not need to remain within the immediate vicinity of the designated post to be able to complete its intended function. However, the prior written corrective action commitment to the NRC was not changed, and the analysis data has not been reviewed by the NRC
,
to determine if a change in commitment pertaining to manning of the post is justified. On April 8,1999, the Corporate Security Director stated that a security officer would remain
within the immediate vicinity of the designated post until the NRC is advised of a change i
to the prior written commitments, and analysis data would be provided to the NRC if the licensee's commitment is changed. The need to change a prior corrective action j
commitment to the NRC, and the adequacy of the justification for the prior change of
!
commitment are the information required to resolve this issue (URI 50-282/99003-02; 50-306/99003-02).
c.
Conclusions Records and documents reviewed were complete and accurate. Security procedums were generally well written. The procedure for the Portal Control Room Operator defined responsibilities beyond the capabilities for a single person to effectively perform during periods of peak protected area ingress search and access control functions. An unresolved item was identified pertaining to manning requirements for a designated security post.
.
S4 Sr*; md Safeguards Staff Knowledge and Performance
)
a.
Inspection Scoce (81700)
The inspector toured various security posts and observed performance of duties to determine if the officers were knowledgeable of post requirements. Security event logs and other records pertaining to security force performance were also reviewed.
b.
Observations and Findinos Reviewed alarm station and security supervisor activity logs were current and accurate.
Personnel observed on post were knowledgeable of post responsibilities and
-
.
procedures. Excel lent vehicle searches were observed and documentation of vehicle i
entry and exit from the protected area was in accordance with the appropriate procedure.
{
An inspection Followup Item was identified in reference to two observations of search activities at the main access facility during peak ingress periods to the protected area.
The issues are addressed below.
A significant disruption of the ingress search and access process was observed on
{
March 23,1999. During a peak ingress period, two contractor personnel entered the
'
protected area search lanes and without advising or coordinating with the security force, started replacing mats 'on the floor between search equipment within the search area.
Their actions significantly interfered with both available lanes for the ingress to the protected area and caused almost constant alarms during the mat replacement process, which significantly increased the potential for proper searches not being performed and increasing the possibility of allowing an unauthorized person into the protected area.
Although the PCR Operator immediately locked the tumstiles when the disruption started and stringently controlled protected area access, the security force failed to immediately gain control of the situation by controlling the individuals and removing them from the ingress search area. The disruption continued until the contractors job was completed and they left the area unchallenged by the security force.
A similar concern was noted during observation of ingress searches conducted by the security force on March 24,1999. The searches were conducted in the pathway used by personnel for normal entry into the protected area, rather than moving the person to a location that would not disrupt the search and ingress access control process. While the searches were being performed, other persons had to walk around the search process, wait for thgsearch to be completed, or cross in front of the person being searched to retrieve their hand carried items. Again this resulted in a significant disruption of the search and ingress process and increased the potential for required searches not being
completed or unauthorized entry into the protected area.
T he security staff will review the circumstances pertaining to the observed significant disruptions in the protected area ingress and access control functions and strengthen the process (IFl 50-282/99003-03; 50-306/99003-03).
Security force overall performance was effective and consistent since November 1998.
During this four-month period about six security loggable events have been caused by security force error. No significant deficiencies (except for the ingress searches) were noted during the inspector's visit to security posts. Since all armed security officers were trained to the alarm station operator level, there was a great deal of depth in security officers knowledge and capabilities.
c.
Conclusions Security force members were knowledgeable of post requirements, and have performed their duties in an effective and consistent manner since November 1998. However,
-
-
.
$
protected area search and access control functions were significantly disrupted on two occasions.
S5 Security and Safeguards Staff Training and Qualification
,
a.
Inspection Scoce (81700)
Eight training files for recently trained security personnel were reviewed.
b.
Observations and Findinas Security personnel were trained on appropriate tasks identified in the Security Force Training and Qualification Plan. A licensee security supervisor certified the personnel as qualified in training and qualification criteria. Records of physical examination results were complete and accurate for the individual's job position.
c.
Conclusions No deficiencies were noted during the review of eight security force training and qualification records.
S7 Quality Assurance in Security and Safeguards Activities i
a.
Insoection Scooe (81700)
I The inspector reviewed self-assessment evaluations conducted by security staff and other personnel (licensee and contractor).
b.
Observations and Findinas The self-assessment program for the security department continued to be a strength.
The major program elements included audit and field observations by the Generation Quality Service (GOS) Department, self assessments by the security department, documented shift checks and evaluations by senior licensee and contract security force supervisors, and surveillance / audits of limited scope completed by individual security officers. NRC security inspection procedures (81000 series) were often used to define the scope of the audits. Self-assessment findings were documented, actions assigned, and corrective actions implemented. The security department's self-assessment efforts were further strengthened by root cause analysis evaluations completed by a trained member of the security staff for each security force error that resulted in a loggable security event. The analysis included a " Lessons Learned" evaluation that was usually distributed to the security force within six or seven days after the security incident occurred. The assigned contractor self-assessment supervisor has only recently assumed those duties so the effectiveness of the position could not be evaluated.
,
.
.
The inspector reviewed the most recent GQS audit of the security program (No. AG 1998-S-3) for the period between July 1,1998 and September 30,1998. The scope of the audit was adequate. The audit's results were well documented. Practically all of the audit security findings were positive, but problems were noted in reference to vehicle key control in the protected area, and administrative errors with some procedures.
c.
Conclusions Scif-assessments continued to be a strength. The self-assessment program was varied, aggressive, well documented, and involved most levels of the oiganization. Findings were effectively documented and corrective actions were implemented. Thorough
'
analysis of security force caused security events were performed.
S8 Miscellaneous Security and Safeguards issues (92904)
S8.1 (Ocen) Unresolved item (Recort Nos. 50-282/97013-01: 50-306/97013-01): This unresolved item pertained to one alarm station operator having the ability to prevent a response to an alarm. NRC is still reviewing this issuo.
S8.2 (Closed) Inspection Followuo item (Recort Nos. 50-282/98018-01: 50-306/98018-01):
l This inspection followup item pertained to the very high number of environment caused I
alarms for the perimeter alarm system that occurred in the second quarter of 1998, and alarm station operators response to such alarms. The perimeter alarm system has been modified and required testing completed, and the security procedure has been revised to provide appropriate guidance for alarm station operators in responding to multiple i
environmental caused alarras. The error in criteria for counting false or environmental alarms was also addressed and corrected. Because of these actions, the January and February 1999 perimeter alarm rate has been significantly reduced.
X1 Exit Meeting Summary The inspector presented the inspection results to licensee management at the conclusion of the onsite inspection on March 26,1999. The licensee acknowledged the findings presented. The inspector asked the licensee whether any materials examined or inspection findings discussed during the exit meeting should be considered as proprietary or safeguards information. No proprietary or safeguards information was identified. On April 8,1999, the Corporate Security Director and the Superintendent, Security were advised of the Unresolved item pertaining to the manning requirements, for a specified post (details considered safeguards information and exempt from public disclosure).
.
,
PARTIAL LIST OF PERSONS CONTACTED Licensee J. Sorensen, Site General Manager D. Schuelke, Plant Manager D. Blakesley, Corporate Security Specialist K. Carlosn, Auditor, Generation Quality Services R. Glad, First Lieutenent, Training, The Wackenhut Corporation (TWC)
D. Hutchson, Nuclear Security Specialist C. Johnson, Operations Supervisor, TWC S. Kuehl,2d Lieutenant Shift Supervisor, TWC G. Miserendino, Corporate Security Director B. Nyberg, First Lieutenant, TWC D. Pallansch, District Trainer, TWC W. Shamia, Director, Generation Quality Services M. Sleigh, Superintendent, Security E. Timmer, Nuclear Security Specialist NRC Steven Ray, NRC Region lll Senior Resident inspector INSPECTION PROCEDURES USED IP 81700 Physical Security Program For Power Reactors IP 92904 Followup - Plant Support
-
F A
ITEMS OPENED, CLOSED, AND DISCUSSED
!
l Qoened
!
50-282/99003-01 IFl The Procedure For The Portal Control Room Operator Required
,
l Revision 50-306/99003-01 IFl The Procedure For The Portal Control Room Operator Required Revision
50-282/99003-02 URI Required Manning For a Designated Security Post l
50-306/99003-02 URI Required Manning For a Designated Security Post
50-282/99003-03 IFl Disrupted Ingress Search and Access Control
!
l 50-306/99003-03 IFl Disrupted Ingress Search and Access Control Closed l
50-282/98018-01 IFl Excessive Alarms and ineffective Response to Multiple Alarms 50-306/98016-01 IFl Excessive Alarms and ineffective Response to Multiple Alarms Discussed l
'
50-282/97013-01 URI Single Alarm Station Can Prevent Dispatch to Alarms 50-306/97013-01 URI Single Alarm Station Can Prevent Dispatch to Alarms LIST OF ACRONYMS USED GOS Generation Quality Service IFl inspection Followup Item IP inspection Procedure TWC The Wackenhut Corporation URI Unresolved item i
,
.
PARTIAL LISTING OF DOCUMENTS REVIEWED
Security implementing Procedure 1.2," Admittance and Exit of Personnel," Revision 8, Approved March 19,1999 Security Implementing Procedure 1.3," Vehicle Admittance / Control," Revision 11, Approved February 27,1998 Security implementing Procedure 3.1," Security Force Organization and Responsibilities,"
Revision 4, Approved April 8,1998 Security Implementing Procedure 3.2," CAS/SAS Operations," Revision 9, Approved January 5, 1999 l
Security implementing Procedure 3.3, " Portal Control Room Operations," Approved February 27,1998 Generation Quality Services Internal Audit Report (No. AG 1988-S-3), issued November 2,1998 Monthly Management Report from The Wackenhut Corporation for December 1-31,1998 Monthly Management Report from The Wackenhut Corporation for January 1-31,1999
!
.
Monthly Management Report from The Wackenhut Corporation for February 1-28,1999 PING Security Self-Assessment Schedule for 1998 Security Event Log Summary Reports From September 1998 through March 21,1999 Six Root Cause Analysis Evaluations For Security Force Caused Security Event Logs Eight Training Records For Recently Trained Security Officers Prairie Island Security Quarterly Report-Second Quarter of 1998 Prairie Island Security Quarterly Report-Third Quarter of 1998
<
Prairie Island Security Quarterly Report-Fourth Quarter of 1998
,
- -
-
-
-
0