IR 05000327/1997007
| ML20149L580 | |
| Person / Time | |
|---|---|
| Site: | Sequoyah  |
| Issue date: | 07/24/1997 |
| From: | Fredrickson P, Thompson D NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION II) |
| To: | |
| Shared Package | |
| ML20149L560 | List: |
| References | |
| 50-327-97-07, 50-327-97-7, 50-328-97-07, 50-328-97-7, NUDOCS 9708040122 | |
| Download: ML20149L580 (11) | |
Text
.. _ - -.. _. _. _. _...
. _. _.. _ _ _ _.. _. _.... _.. _.. ~. -
. _.. _. _ _ _... _ _.. _. _ _.... _ _
!
!
.-
.
j
-
I i
.
i i
U.S. NUCLEAR REGULATORY COMMISSION REGION 11 l
Docket Nos.:
50-327 and 50-328 License Nos.:
DPR-77 and DPR-79 Report Nos.:
50-327/97-07, 50-328/97-07 Licensee:
Tennessee Valley Authority i
Facility:
Sequoyah Nuclear Plant Location:
2600 Igou Ferry Soddy-Daisy, TN 377d9
Dates:
June 23-27,1997 Inspector:
D. H. Thompson, Safeguards Specialist
_
Approved by:
P. E. Fredrickson, Chief, Special Inspection Branch
)
Division of Reactor Safety-A 9708040122 970724 PDR ADOCK 05000327 G
PDR ENCLOSURE 2
-. _ _
_ _
.
.
.
_.
_
_ _ _ _...
_
__
._
'
.
'
'
.
.
t EXECUTIVE SUMMARY l
'
Sequoyah Nuclear Plant NRC Inspection Report 50-327/97-07 and 50-328/97-07 This safeguards inspection included aspects of licensee plant support. The report covers a week period of an announced routine inspection by a regional safeguards specialist inspector.
,
Plant Support j
Implementation of compensatory measures for loss of protected and vital area
intrusion detection alarms and during the loss of portions of the electronic security equipment was less than effective. One violation of regulatory requirements was noted (97-07-01). (S1.1)
The inspector determined, through review of the fitness for duty and access
authorization procedures and records, that the licensee had established an appeals process and an adjudication process to ensure that personnel who were granted unescorted access were trustworthy, reliable and do not constitute an unreasonable risk to the health and safety of the public. (S1.2)
The evaluation of the protection of vital equipment revealed that one portion of vital i
piping was not located in a vital area and protected in accordance with regulatory requirements. Due to self identification, remote location of the equipment and the fact that the building was secured occasionally, and immediate corrective actions we have concluded that the violation meets the criteria specified in Section Vll.B.1 of the Enforcement Policy and therefore will not be cited. (96-07-02). (S2.1)
The inspector concluded that the licensee was complying with alarm station and
communication commitments of the Physical Security Plan. (S2.2)
A random review of plans, records, reports, and interviews with appropriate individuals
verified that security plan and procedure changes did not decrease the effectiveness of the Physical Security Plan. (S3.1)
The inspector found that licensee management provided appropriate and excellent
support for the Physical Secunty Program. Examples of the excellent management support were the firing range enhancements and the excellent maintenance and engineering support for the security equipment. (S6.1)
The inspector concluded that the licensee evaluated the non-human errors, hardware
and mechanical problems and they were effectively controlled and managed. (S6.2)
'
ENCLOSURE 2
_ _.. _.
_. _.. -..
. _.. _. _ _. _. _. _.. _ _. _ _ _ _. _ _ _. _..._ __. _ _ _ _._.... -.._ __
-
l
,
-
.
,
5 i
Licensee-conducted audits were thorough, complete, and effective in terms of
uncovering weaknesses in the security system, procedures, and practices. The last audit report concluded that the security program was effective and recommended
'
appropriate action to improve the effectiveness of the security program, and the licensee had acted appropriately in response to recommendations made in the audit
.
-
report, (S7.1)
s'
t i
k.
$
ll -
<
!
a l
)
ENCLOSURE 2
_ _ _
,
l
.
.
.
I Report Details IV. Plant Support l
l S1 Conduct of Security and Safeguards Activities S1.1 Compensatory Measures
,
a.
Inspection Scope (81700)
,
To verify that the licensee employed compensatory measures when security equipment had failed or its performance had been impaired and that the compensatory measures employed did not reduce the effectiveness of the security system that existed prior to the failure.
b.
Observation and Findincis The inspector reviewed safeguards event logs and security logs to determine if proper compensatory measures were implemented in the event of security equipment failures. While reviewing the event logs and the corrective actions for inspector Follow-up Item (IFI) 96-08-06 the inspector determined that on June 27,1996, the security computer at the Central Alarm Station (CAS) failed. The Secondary Alarm Station (SAS) was in the process of being upgraded and not fully functional at the time of failure. At approximately 4:45 p.m., security determined that they had lost the primary computer and declared a security alert. After declaration of a security alert, as compensatory measures for the loss of the alarm capability, the licensee placed an additional patrol in the prctected area to support the existing three patrols. The patrols were assigned districts / sectors, and the patrols were established within 10 minutes. Posting of pathways to exterior doors was implemented using arriving shift turn-over personnel. Vital area doors (which had failed locked) were posted by 6:15 p.m. and a supervisor was dispatched to the secondary alarm station to provide additional surveillance of the protected area perimeter using closed circuit television (CCTV). At 6:28 p.m. the security computer system was declared operational. At 9:00 p.m. the security alert was terminated.
The inspector noted during the system failure on June 27,1996, that alarm capability for the perimeter and vital doors had been lost. Therefore, in the event of an alarm at the protected area perimeter and vital door, security would not be aware of the possible intruder. The inspector noted that the CCTV and door locks remained operatienal.
As noted in NRC Inspection Report Nos. 50-327/328/96-08 the lack of clear l
procedural guidance contributed to the licensee's failure to note that the Physical l
Security Plan (PSP) required the posting of the perimeter to ensure surveillance of the j
entire perimeter in the ennt of loss of the electronic equioment. In response to the l
ENCLOSURE 2
'
.
.
l l
i IFl the inspector determined that the licensee had developed Memorandum Instruction Letter 134, Guidarice for Security Supervisors /CAS/SAS Attendants During Loss of l
Perimeter or Loss of Doors, dated December 2,1996, to direct the security force actions during contingency responses.
The licensee's PSP, Revision 0, dated November 20,1995, paragraph 5.0, Total Loss of Security Electronic Equipment, states that 'Within ten (10) minutes from the total
'
loss, MSFs shall be posted in position which shall afford surveillance of the entire protected area perimeter."
On June 27,1996, when a loss of the security electronic equipment occurred, security failed to post officers in a position to provide surveillance of the entire protected area perimeter, c.
Conclusion Implementation of compensatory measures for loss of intrusion detection alarms was less than effective during the loss of portions of the electronic security equipment, j
One violation of regulatory requirements was noted (97-07-01)
S1.2 Access Authorization a.
Inspection Scope (Tl 2515/127)
j
'
To verify that the licensee had an adequate procedure for review, if requested by an individual who is denied access or their access is suspended or revoked, in accordance with the Access Authorization (AA) Program.
b.
Observation and Findinas The inspector reviewed AA records of selected individuals to determine that the licensee had adequately implemented the AA requirements which are to ensure that individuals who are granted unescorted access are trustworthy, reliable and do not constitute an unreasonable risk to the health and safety of the public.
The inspector reviewed the licensee's AA Procedure, TVA Nuclear Standard, STD-11.1, Providing Access Clearance for Nuclear Plants and Safeguards Information, and determined that the procedure clearly defined the AA regulatory requirements.
Appendix B of STD-11.1 established the criteria for denying, suspending, or revoking a clearance. Appendix D, of STD-11.1, established the process for appeal and defined the requirements of the screening review board.
!
l l
l ENCLOSURE 2
. _. _
. _ _ _.
--
_ _.. - _ _ __
_
_
.
.-_
.
.._.
__
-
l,
-
,
.
I
,
l
.
!
-
c.
Conclusion
The inspector determined, through AA procedures and records review, that the licensee had established in their procedures an appeals process and an adjudication
,
process to ensure that personnel who were granted unescorted access were
l trustworthy, reliable and do not constitute an unreasonable risk to the health ar.d
!
safety of the public. There were no violations of regulatory requirements noted in this area.
l S2 Status of Security Facilities and Equipment
)
l
'
S2.1 Vital Access Controls
-
a.
Inspection Geope (81700)
The inspector evaluated the licensee's program to control access to the vital areas.
l This was to ensure that the licensee had positive access controls of personnel and materials entering the vital areas.
b.
Observations and Findinas An engineering review was conducted on August 9,1996, of buildings which were
-
j previously Category I structures, to determine if interfaces exist with safety-related
!
plant systems which required increased maintenance or protection. During the review l
the licensee determined that Emergency Raw Cooling Water (ERCW) piping was
located in the fifth diesel generator building and that the ERCW piping was vital l
equipment located outside a vital area. The ERCW piping had not been in a vital area since 1986, when the licensee decided not to complete the fifth diesel. The diesel building was located inside the protected area and although the fifth diesel building was not etways locked, it was not a high traffic area and most of the personnel inside
,
l the PA had access to vital areas. The security force immediately posted an armed
'
officer at the building and initiated a work request to installlocks and alarms on the doors at the fifth diesel. Compensatory measures for security of the building l
remaincu in effect until the locks and alarms were installed and operational on
.
October 24,1996.
!
c.
Conclusion This evaluation of the vital area access controls for personnel revealed that one
,
portion of vital piping was not located in a vital area and protected in accordance with regulatory requirements. Due to the self identification, remote location of the i
equipment and the fact that the building was secured occasionally, and licensee immediate corrective actions, NRC has concluded that the violation met the criteria j
,
,
specified in Section Vll.B.1 of the Enforcement Policy and therefore will not be cited.
'
(96-07-02)
~
ENCLOSURE 2
__
.
.
S2.2 Alarm Stations and Communications l
a.
Inspection Scope (81700)
l
!
The inspector evaluated the licensee's alarm stations and communication equipment to ensure application of the criteria of the PSP.
b.
Observations and Findinas The inspector verified that annunciation of protected and vital area alarms occurred audibly and visually in the alarm stations. The licensee equipped both stations with
!
CCTV assessment capabilities and communication equipment. Alarms were tamper-indicating and self-checking, and provided with an uninterruptable power supply.
These stations were continually manned by capable and knowledgeable security operators. The stations were independent yet redundant in operation. The interior of
'
'
,
the alarm stations were not visible from the protected area, and no single act could l
remove the capability of calling for assistance or otherwise responding to an alarm.
'
Alarm stations' walls, doors, floors, ceiling and windows were bullet-resistant at the high-powered rifle rating (UL752).
The inspector evaluated the alarm stations operation and concluded that intemal and external security equipment was well maintained. The inspector also noted that the licensee had established an instruction defining who could enter the alarm stations and developed expectations for maintaining cleanliness of the facility. Also, the licensee had established that supervisors, during alarm station visits, should ensure that the facilities were being well maintained and that all personnel in the alarm stations were on official business. The licensee had established compensatory measure procedures that required alarm station operators to test alarm zones any time they received an off-line message generated by a field LocalIntelligence Unit (LIU). Security verifies the status of each zone covered by the LIU by operability testing the zone.
c.
Conclusion Based on this evaluation, the inspector concluded that the licensee was complying with alarm station and communication commitments of the PSP. There were no l
violations of regulatory requirements noted in this area.
S3 Security and Safeguards Procedures and Documentation S3.1 Security Proaram Plans a.
inspection Scope (81700)
j The inspector reviewed appropriate chapters of the licensee's PSP, Revision 0, dated
'
November 20,1995, Revision 1, dated February 29,1996; Revision 2, dated May 13:
ENCLOSURE 2 i
l l
!
!
'
,
.
i 1996, Revision 3, dated July 3,1996; and Revision 4, dated September 10.1996,and security procedures as listed in paragraph S3.1(b).
b.
Observations and Findinas Review of the changes submitted to the NRC in Revision 0,1,2,3, and 4 to the PSP for approval verified that the PSP changes as submitted were in compliance with the requirements of 10 CFR 50.54(p). The PSP changes were numerous and consolidated regulatory requirements for vital and protected areas into specific
,
'
chapters. The PSP changes were well written and should aid the security force in finding specific requirements. Physical Security Instruction (PHYSI) 32, Revision 13,
'
dated May 31,1996, was reviewed and considered acceptable as guidance to implement the licensee's requirements. Additionally, the inspector reviewed the licensee's guidance, Memorandum Instruction Letter 134, Guidance for Security Supervisors /CAS/SAS Attendants During Loss of Perimeter or Loss of Doors, dated December 2,1996, and determined that the response officers were provided with clear guidance for responding to contingencies. Also, Memorandum Instruction Letter 135, Final Access to the PA at the Access Control Portal, was reviewed and found acceptable for controlling final access.
c.
Conclusion i
A random review of plans, records, reports, and interviews with appropriate individuals verified that security plan and procedures changes did not decrease the effectiveness of the (PSP). The inspector reviewed Revision 0,1,2,3 and 4, to the PSP and concluded that the PSP changes as submitted, met the requirements of 10 CFR 50.54(p). There were no violations of regulatory requirements noted in this area.
S6 Security Organization and Administration S6.1 Manaaement Sucoort a.
Inspection Scope (81700)
The inspector evaluated the degree of the licensee's management support to the Physical Security Program. Based on the requirements contained in the PSP, the inspector reviewed the licensee's Safeguards Event Log (SEL) entries. This review l
was to determine if the licensee appropriately assigned, analyzed, and set priorities for corrective action for the reports and log entries, and whether the corrective action taken was technically adequate and timely, b.
Observations and Findinas l
The licensee had an on-site physical protection system and security organization.
Their objective was to provide assurance against an unreasonable risk to public health and safety. The security organization and physical protection system were designed ENCLOSURE 2 l
_ _.
.
-
.
.
_
_
_
_ _. -.
-
_ _ _
'
.
.
l l
l to protect against the design basis threat of radiological sabotage as stated in 10 CFR 73.1(a). A proprietary security force provided site security for the licensee.
At least one full-time manager of the security organization was always on-site. This individual had the authority to direct the physical protection activities of the
organization. The management system included a mechanism for establishing, l
maintaining, and enforcing written security procedures. Licensee management exhibited an awareness and favorable attitude toward physical protection requirements. This continued to be evident by the firing range facility enhancements and the outstanding maintenance and engineering support to maintain and enhance l
security equipment, l
i The review of the SELs as of June 159/ indicated the following:
- EVENTS?
4th Quarter '96?
3rd QuarteH96i
- 1st Quarter '97!
~
Human Errors 03 (4%)
01 (1%)
05 (6%)
Hardware Systems 69 (96 %)
84 (99 %)
94 (94 %)
Other Events
0
!
TOTALS 72 (100 %)
85 (100%)
99 (100 %)
Each quarter had an excellent Trending Summary report that was provided to site i
l management.
i The were no long term compensatory measures in effect at the time of the inspection.
,
'
Review of previous compensatory measures indicated that the licensee had 5837 hours0.0676 days <br />1.621 hours <br />0.00965 weeks <br />0.00222 months <br /> of compensatory measures in FY 1996. Most of the compensatory measures l
were in support of planned outage of equipment to support operations. Review of the l
outstanding security work-orders revealed the following:
l 0 High Priority orders
0 Medium Priority
-
24 Low Priority I
-
l
-
l TOTAL 24 outstanding security work-orders. (0 of the 24 are work-orders that l
involve regulatory requirements.)
i c.
Conclusion The inspector found that licensee management provided appropriate and excellent support for the Physical Security Program. Examples of the excellent management
,
support were the firing range enhancements and the continued engineering and i
maintenance support to maintain the security equipment in a high state of readiness.
Tnere were no violations of regulatory requirements noted in this area.
ENCLOSURE 2
.
,
.
.
-
_
-
- -.. -
-
_ -. - _. -. -. - - - -.
.
l
l l
S6.2 Effectiveness of Manaaement Control l
l a.
Inspection Scope (81700)
The inspector evaluated the adequacy of the licensee's controls for identifying, resolving and preventing problems by reviewing such areas as corrective action l
systems, root cause analyses, and self-assessment in the area of physical security.
Also, this inspection was to determine whether there were strengths or weaknesses in
,
the licensee's controls for the identification and resolution of the reviewed issues that l
could enhance or degrade plant operations or safety.
b.
Observations and Findinas To determine the adequacy of the above, the inspector reviewed the licensee's SEL
entries. This review was to determine if the licensee appropriately assigned, l
analyzed, and set priorities for corrective action for the reports and log entries, and whether the corrective action taken was technically adequate and timely.
l The root cause analyses, corrective actions, and self assessment, as mentioned in l
Paragraph S2.1, S6.1 above and in Paragraph S8.1 below, were reviewed and found appropriate and adequate.
,
l c.
Conclusion The inspector concluded that the licensee evaluated the non-human errors, hardware and mechanical problems and they were effectively controlled and managed.
S7 Quality Assurance in Security and Safeguards Activities
[
S7.1 Audits and Corrective Actions I
a.
Inspection Scope (81700)
'
Based on the commitments of the PSP, the inspector evaluated the licensee's audit program and corrective action system. This also ensured compliance with the l
requirement for an annual audit of the security and contingency programs. During the l
inspection, a small representative sample of the problems identified by audits was l
evaluated by the inspector to determine whether review and analysis were appropriately assigned, analyzed, and prioritized for corrective action and whether the corrective action taken was technically adequate and performed in a timely manner.
b.
Observations and Findinas
The licensee's program commitments included auditing its security program, including
the Safeguards Contingency Plan, at least every 12 months. The audit included a l
review of routine and contingency security procedures and practices. This review
,
ENCLOSURE 2 l
i
.
l
l evaluated the effectiveness of the physical protection system testing and maintenance l
program. This annual audit was completed on January 30,1997, and the results are documented in audit report SSA-9617. The audit report was sent to the site Vice President and corporate management. Reports of audits were available for inspection l
at the plant for a period of three years. The audit conclusion was, "The security program had improved, however; security would continue to be monitored for
,
I sustained performance." In addition to the annual audits the licensee had conducted audits of specific security practices and the audit findings were documented in
l NA-SO-96-39, dated December 19,1996; NA-SQ-97-06, Dated January 21,1997; NA-SQ-97-16, dated March 6,1997; NA-SO-97-25, dated April 1,1997; and NA-SQ-97-30, dated May 7,1997.
I c.
Conclusion i
Licensee-conducted audits were thorough, complete, and effective in terms of uncovering weaknesses in the security system, procedures, and practices. The last audit report concluded that the security program was effective and recommended appropriate action to improve the effectiveness of the security program. The licensee had acted appropriately in response to recommendations made in the audit report.
The inspector determined that audit items were reviewed, appropriately assigned, analyzed and prioritized for corrective action. The corrective actions taken were technically adequate and performed in a timely manner. There were no violations of l
regulatory requirements noted in this area.
S8 Miscellaneous Security and Safeguards issues Actions on Previous inspection Findinas (92904)
(CLOSED) IFl 50-327/328/96-03-01, Establishment of a tracking and trending program for the new security equipment. The licensee's corrective actions as described in Section S6.1, closed this IFl.
'
(CLOSED) IFl 50-327/328/96-07-01, Housekeeping and Noise Level in the Central Alarm Station was inadequate in a control center environment. The licensee's corrective actions as described in Section S2.2, closed this IFl.
(CLOSED) Inspector Follow-up item 50-327/328/96-07-02, concerning a procedure that did not provide clear guidance for security responders. The licensee's corrective actions as described in Section S3.1, closed this violation.
(CLOSED) Inspector Follow-up item 50-327/328/96-07-03, Failure to complete the l
security upgrade project in a timely manner. The security upgrade project was l
completed in September 1996; therefore, this IFl was closed.
,
ENCLOSURE 2
!
__
_ -.
_.. _ _ _. _
_
_..
.
_.
~
.
i l
I
(CLOSED) IFl 50-327/50-328/96-07-04, Loss of intrusion detection capability without receiving a notification on the security computer that intrusion alarm capability function was inoperative. The licensee's corrective actions as described in Section S2.2, l'
closed this IFl.
,
(CLOSED) IFl 50-327/50-328/96-08-06, Failure to provide procedural guidance for responses to alarm station equipment failures. The licensee's corrective actions as described in Section S2, closed this IFl.
V. MANAGEMENT MEETING X1 Exit Meeting Summary l
The inspector presented the inspection results to licensee management at the conclusion of the inspection on April 25,1997. The licensee acknowledged the findings presented.
Although reviewed during this inspection, proprietary information is not contained in this I
report. The licensee stated during the exit that they believed that the potential violations
!
should be Non-Cited Violations. No other dissenting comments were received from the licensee.
!
PARTIAL LIST OF PERSONS CONTACTED Licensee M. Bajestani, Site Vice President J. Beasley, Site Quality Manager C. Burton, Engineering and Support Manager J. Dcwns, Security Supervisor T. Flippo, Site Services Manager M. France, Security Programs and Procedures Specialist i
i K. Fraiser, Systems Engineer
C. Kelley, Corporate Security Manager F. Little, Security Supervisor R. Norton, Quality Assessment Supervisor R. Proffit, Licensing J. Setliff, Site Security Manager K. Stevens, Security Oparations Supervisor J. Smith, Site Licensing Supervisor NRC D. Starkey, Resident inspector
i ENCLOSURE '2
.
.
~
.-
-.
--
.
.-
._ -
-
.-
.
.
INSPECTION PROCEDURES USED IP 81700:
Phys: cal Security Program for Power Reactors Tl 2515/127: Access Authorization ITEMS OPENED, CLOSED, AND DISCUSSED Opened VIO 50-327/328/97-07-01 Failure to take required compensatory action during a security system failure.
Opened /
NCV 50-327/328/97-07-02 Failure to enclose vital equipment Closed in a vital area.
Closed IFl 50-327/328/96-03-01 A tracking and trending program had not been implemented to ensure that the new security equipment was operational in accordance with the licensee's PSP.
Closed IFl 50-3.27/328/96-07-01 Inadequate housekeeping and noise level in the CAS.
. Closed IFl 50/327/328/96-07-02 Security procedures did not provide clear guidance for response force personnel.
-
Closed IFl 50/327/328/96-07-03 Security upgrade project completion
)
schedule continued to be extended.
Closed IFl 50/327/328/96-07-04 Loss of zone alarms after LIU failure.
Closed IFl 50/327/328/96-08-06 Failure to provide procedural guidance for system failures
!
,
I
,
I ENCLOSURE 2
!.