IR 05000346/1993018
| ML20058B372 | |
| Person / Time | |
|---|---|
| Site: | Davis Besse  |
| Issue date: | 11/16/1993 |
| From: | Creed J, Ervin N, Madeda J, Pirtle G NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION III) |
| To: | |
| Shared Package | |
| ML20058B353 | List: |
| References | |
| 50-346-93-18, NUDOCS 9312020056 | |
| Download: ML20058B372 (14) | |
Text
._
_ _ _
~
.
.
U.S. NUCLEAR REGULATORY COMMISSION
REGION III
Report No. 50-346/93018(DRSS)
,
Docket No. 50-346 License No. NPF-3 Licensee: Toledo Edison Company Edison Plaza 300 Madison Avenue i
Toledo, OH 42652
Facility Name: Davis-Besse Nuclear Power Station
,
Inspection Dates:
September 20 - 24, 1993 Type of Inspection: Announced, Access Authorization Program Inspection Inspectors:
u[
- kMf3
'y4A/y L. Plrtle Date j
Physical Security Inspector Lith
"
f3 i
N er~y J. Mddeda Date l
P sical Security Irspector l
i j
Accompanying Personnel:
Nn h[/&[f3 I
o i
A#anty"Ervin Date Office of Nuclear Reactor
{
Regulation Approved By:
WJ If aimes R. Creed M hief Date b afeguards & Incident Response Section l
!
Inspection Summary Inspection on September 20 - 24. 1993 (Report No. 50-346/93018iDRSS))
Areas Inspected:
Routine, announced Access Authcrization Prcgram inspection involving Program Administration and Organization; Background Inve.stigation Elements; Psychological Evaluations; Behavioral Observation; Grandfathering, Reinstatement, Transfer of Access Authorization and Temporary Access
,
l Authorization; Denial / Revocation of Unescorted Access; Audits; and Records Retention.
Results: The licensee's Access Authorization Program provided assurance that individuals who were authorized unescorted access to the licensee's nuclear j
plant were trustworthy and reliable, and did not constitute an undue risk to
!
9312O20056 931116
~
j PDR ADOCK 05000346 i
G PDR i
.
i the health and safety of the public as a result of their unescorted access to the nuclear facility.
No violations were noted. The following items were
'
considered program strengths-
-
The level of professionalism and staffing of the licensee's access
'
.
authorization program (Section 4).
Training for personnel that administered, conducted and processed the
psychological evaluation program (Section 6).
I The level of experience and expertise of the training instructor for the
behavioral observation program (Section 7.a).
Documentation of access denial appeals (Section 9).
,
Storage of case files and related investigations to protect personal and l
private information (Section 10).
The following items were considered program weaknesses:
,
Self-screening contractors and corporate security representatives were
not provided detailed written criteria to evaluate and define derogatory information (Section 5.a).
Weak quality (review) checks of background investigation documentation
(Section 5.b).
Licensee policy for the resubmittal of fingerprint cards was in error
(Section 5.c).
Procedures for psychological testing had not been developed
(Section 6.a).
Contractual agreements for psychological evaluations _ did not address
record retention requirements (Section 6.b).
,
The inability to adequately monitor security badge holders who may be a
offsite for more than 30 days and not under a behavioral observation program (Section 7.b).
Audits of contractor access authorization programs (Section 11.b).
This I
=
issue was adequately resolved subsequent to the onsite inspection.
" Functional Independence" of licensee auditors conducting audits of
.
self-screening contractors (Section 11.a). This issue was adequately resolved subsequent to the onsite inspection.
l i
i
.
_
-
_ _..
.
...
_
_
__
_
_
. _ _ _ _
___
_
l
,
i
.
!
'
-
!
'
DETAILS
.!
- '
1.
Key Persons Contacted i
In addition to the key members of the licensee's.-staff listed below, the
inspectors interviewed other employees, contractor-personnel, and l
-
members of the security organization. The asterisk-(*) denotes those
!
present at the Exit Interview conducted at the Davis-Besse site on September 24, 1993.
l
- L. Storz, Vice President,- Nuclear l
- J. Wood, Plant Manager
!
- G. Gibbs, Director, Engineering-
!
,
'
- S. Jain, Director, Nuclear Services
-;
- G. Skeel, Manager, Industrial Security
- R. Buehler, Supervisor, Access Control j
- T. Beryner, Manager, Training.
- J. Syrowski, Supervisor, Training
- G. Honma, Supervisor, Compliance Licensing
- G. Bradley, Licensing Associate l
- D. Alley, Auditor, Quality Assurance
!
A. Palmer, Ph.D., Consulting Psychologist, Contractor
R. Ho'imor, Manager, Investigations, Wackenhut Corporation
- S. Stasek, Senior Resident Inspector, NRC Region III
!
!
-!
2.
Entrance and Exit Interviews j
.
a.
At the beginning of the inspection, Mr. G. Skeel and other members'
!
of his staff were informed of the' purpose of-the inspection,-its i
scope, and the areas to be examined.
b.
The inspectors met with the licensee representatives, denoted;in Section 1, at the conclusion of the inspection activities.
A-
'
general description of th6 scope and conduct of the inspection was provided. Briefly listed below are the findings discussed during the exit interview. The details of each finding listed below are referenced, as noted, in the report.
(1)
Personnel present were' advised that no violations were dentified during the inspection.
(2)
Program strengths were discussed, including professionalism and staffing levels (Section 4); administration of_ the ps..hological evaluation program (Section 6); behavioral observation training program (Section 7.a); documentation of appeals (Section 9); and, storage of protected personal'
,
information (Section 10).
(3)
Program weaknesses were discussed,'.to include:
not providing self-screening contractors and other cognizant personnel with detailed written criteria to. evaluate and define dc mgatory information'(Section 5.a); poor reviews of-screening documentation (Section 5.b); inadequate procedure
.l
-1
--
-
-
-
.
..
.. -
.
-
.
-
.
- '
guidance regarding resubmittal.of fingerprint cards (Section
5.c); lack of procedures for psychological testing-(Section -
6.a); record retention not addressed in psychological
-
,
'
testing contractual agreements (Section 6.b); behavioral
observation program potential inability to' monitor personnel-
!
(Section 7.b); weak audits of contractor programs (Section 11.b); and, questionable functional independence of some
.
audit activities (Section 11.a)..
i I
The last two issues were adequately resolved through further; discussions with licensee access authorization personnel-l subsequent to the onsite inspection.
l
'
!
3.
Backaround
-
-
-
.
i On April 25,1991,. the Commission published the Personnel ' Access
-
Authorization Requirements for Nuclear Power Plants,10 CFR-73.56 (the
,
rule). This rule requires each licensee authorized, on that date, to operate a nuclear reactor pursuant to 10 CFR 50.21' to implement an.
l
-
Access Authorization-Program by April 27, 1992,.and to comply with the
'
i requirements of 10 CFR 73.56. The program is also required to be
incorporated into the licensee's Physical Security Plan. The rule --
4 requires that licensees establish and maintain'an Access Authorization i
Program with the objective of providing high assurance that individuals
granted unescorted access are trustworthy--and reliable, and do not'
[
constitute an unreasonable _ risk to the health and safety of;the~ public, i
including a potential to commit radiological" sabotage.
l This inspection, conducted in accordance with NRC Inspection Manual I
Temporary Instruction 2515/116, " Access Authorization," assessed the j
licensee's Access Authorization Program and its implementation to
determine if regulatory requirements were being met.-
Inspected activities applied to the Davis-Besse nuclear site. This_was-i the first inspection of the licensees' Access Autha. ' ion Program-l under the criteria of 10 CFR 73.56.
-
4.
Access Authorization Proaram - Administration and Oraanizatfan I
The inspectors interviewed key access authorization (AA) personnel and appropriate management personnel to determine the effectiveness of the AA program administration and organization. One program strength was noted.
The licensee committed in its security plan to implement all-elements of -
Regulatory Guide 5.66 to satisfy the requirements of 10 CFR 73.56. The Access Control Section at the Davis Besse plant consisted of a
!
supervisor, two access control analysts, and two nuclear. security
clerks. The Supervisor, Access Control reported to the Manager, l
Industrial Security. The competence of the personnel and staffing level.
within the Access Control section were considered to be program '.
strengths. _The Supervisor,. Access Control was familiar-with applicable regulatory requirements and site specific procedural requirements pertaining to the access authorization program. Other section personnel j
were thoroughly familiar with their specific areas ofLresponsibility.
-
-
, _.
~
-
.
.
-
.
~
'
.
'
.
,
'
AA Program responsibilities are broadly described in Toledo Edison Security Implementing Procedure IS-AC-00516, " Unescorted Access-
'
Requirements".
The security section had developed several procedures to address most aspects of the AA program. The lack of a procedure for control of psychological test material, and other less significant procedural weaknesses are addressed in the appropriate sections of this report.
The licensee had contracted with four firms to act as its agent to complete elements of the background investigation-for licensee
'
personnel, the licensee adjudicated the access authorization
-
recommendations. Contractor personnel were required to meet ~the J
licensee's AA program requirements and were audited.by Quality Assurance
'
or Access Control Section staff personnel.
Psychological evaluation services and AA training were also contracted out.
The inspection-j showed that appropriate contracts had been completed for. all of the AA j
contract services and that the contracts were adequate in scope,'except q
as noted in the appropriate sections of this report.
'
Conclusion We concluded that actual program implementation was being conducted-in an adequate manner. The professionalism and competence of the Access
Control Section personnel was considered a program strength.
5.
Backaround Investiaations Three weaknesses were identified in this area. Self-screening contractors and cognizant licensee corporate security personnel were not provided detailed written criteria _ to define and _ evaluate derogatory information (Section a). Quality checks of background screening documentation were weak (Section b). The licensee's. policy'of processing resubmitted fingerprint cards required revision (Section c).
These issues were considered to be Inspection Followup. Items.
The inspectors reviewed records and conducted interviews to confirm that the licensee's program verified the true identity of~an applicant and i
developed information concerning employment history, educational history, credit history, criminal history,. military service, and the character and reputation of an individual prior to granting them unescorted access to protected and vital areas.
The inspectors reviewee the case files of 19 background investigations completed after the 'icensee's implementation of 10.CFR 73.56 to determine if the elements involved in background screening were adequately investigated.
Inspection results showed that the scope and depth of background investigations satisfied NRC regulatory' requirements-.
and provided an adequate level of. background information on which to.
-
base a determination for access authorization. Reviewed BI files showed a "best effort" to obtain and document required-information to. address
,
an applicant's employment history, education history, credit history, criminal history, military service, and the applicant's character and.
reputation.
Background investigations covered-the specified time period'
and the number of required contacts for each element.
In cases where-
---
-
.
.
. _.
.-
-
.-
,
__
_
j
.,
l l
'
'
derogatory information had been developed, the licensee. adequately,'and in a timely manner, reviewed and evaluated the derogatory information.
Three weaknesses were identified in the licensee's program. These three i
issues are discussed below:
a.
Davis-Besse Administrative Procedure IS-AC-00516 provided a i
general description of evaluation criteria for derogatory
information. This evaluation criteria which is provided to i
self-screening contractors and the licensees corporate security
!
department did not identify specific examples or actions to be i
taken for derogatory information found. Under the' licensee's-
'
program, contractors and cognizant personnel in the licensee's
'
corporate security department have the sole responsibility to identify derogatory information. However, the inspectors i
determined through interviews and review of records that,-in j
actual practice, derogatory information appeared to be adequately
,
identified. Developing specific guidance and providing this.'
i information will assure.a high ' level of consistency in the review
~
'
and proper identification of derogatory information. This issue.
was considered an Inspection Followup Item (346/93018-01).
i b.
Inspection results identified a weakness in the review activities for background investigation information.. Review of background-
'i screening records by the inspectors, specifically employment -
H applications. and background investigations, identified minor.
j discrepancies in three' of nineteen case files.. The discrepancies
involved differences'in the employment history documented on the employee's application and the background investigation results of that employment history. Specifically, employment location and periods of unemployment did not match. These discrepancies were not identified or resolved during the. actual investigation-conducted by the vendor or during review activities of the information by the contractor-or licensee reviewer. Our review showed that the licensee had not_ developed written criteria to review background investigation results.
In some cases it'
appeared that reviewers only reviewed-the background investigation i
!
results and did not compare these results against the employee's application. Followup review of these minor discrepancies,.
requested by the inspector's identified no negative information.
.
Inspection results concluded that the quality check of background information was weak. This issue was considered an Inspection'
Followup Item (346/93018-02).
c.
The licensee's policy of processing and controll'ing fingerprint:
cards was weak.
10 CFR 73.57(d)(1) requires licensees to. submit legible fingerprints.. An interview with.the licensee's Supervisor of Security Support showed that it is the licensee's policy to submit fingerprint cards to the FBI up to two times.'If the FBI determines the two submittals are unclassifiable, a name check would be requested from the FBI. Current NRC guidance is that after two unclassifiable attempts the licensee should attempt.to have a third set taken by a technically qualified fingerprint--
expert. Only after a third failure should a name check be requested.
{
,
.
,
-
_
.
.
The inspector determined, through interviews and a selective review of records, that the licensee has always submitted classifiable prints and has not needed to request a name check.
This issue is considered an Inspection Followup Item (346/93018-03)
Conclusion The licensee's background investigation program was adequate to meet regulatory requirements. However, three weaknesses, each referenced above, were identified.
'
6.
Psycholoaical Evaluations Two program weaknesses and one program strength were noted during inspection of the psychological evaluation program.
The licensee utilizes the Minnesota Multiphasic Personality Inventory-2 (MMPI 2) test for initial psychological evaluations.
If necessary, follow-up evaluations are completed by psychologists contracted by the licensee.
Initial evaluation of test results are completed at The Stress Center of Forked River, New Jersey.
Interview results disclosed that the psychologists performing the evaluations were properly licensed for such functions.
Personnel administering the psychological test were aware of the proper procedure for administering the test, identifying personnel taking the test, and proctoring the test administration.
The MMPI-2 test booklets were kept in secure stcrage when not in use.
a.
Inspection results disclosed that no procedure had been prepared pertaining to control, administration, distributica, cr storage for the MMPI 2 test booklets and answer sheets. Although no deficiencies were noted in these areas durir.g the inspection, the positive results were due primarily to the quality and competence of the personnel involved in the activity rather than management guidance provided to the staff.
Since the licensee had not prepared a procedure for the access control staff use, they also had not provided guidance on administration and control of the MMPI 2 test booklets and answer sheets to contractors that complete MMPI 2 testing for their personnel.
The licensee agreed to prepare a procedure for the control, administration, distribution, and storage of MMPI 2 test booklets and answer
'
sheets. This issue was considered an Inspection Followup Item (346/93013-04).
b.
Section 6.13.5 of Toledo Edison Security Department Procedure IS-AC 00516, " Unescorted Access %quirements", requires documentation which each licensee / contractor retains in accordance with approved
'
screening procedures shall be retained for the longer of (a) five years from the date unescorted access was revoked by that licensee or (b) until five years of inactivity on the INDEX system.
Review of thd% contract with The Stress Center (Purchase Order S 03618 C92, dated July 28,1992) disclosed that record retention requirements for psychological evaluations were not included in the contract. The contract also did not state what actions would
'
'
.
4
.
be required of the contractor in reference to record retention'or release of the records to the licensee in case the contract is
'
terminated for whatever reason. The licensee contacteo The Stress Center and the psychologist was well aware of the record retention requirements and stated that the records would not be destroyed during the record retention period. The licensee agreed to modify
the contract to identify record retention requirements.
This issue was considered an Inspection Followup Item (346/93019-05).
,
c.
A program strength was identified in reference to training and monitoring of personnel who administer the MMPI 2 test.
The agency evaluating the MMPI 2 test results (The Stress Center)
prepared an instruction sheet for administering and proctoring of.
the MMPI 2 test. The person responsible for administering the tests signs the instruction sheet as being aware of the instruction requirements.
Interviews disclosed that The Stress Center would not accept test results from persons administering-
,
!
the test unless they had a record that the person administering the test had signed the sheet which indicated that they were aware of the proper procedures for administering and proctoring the MMPI 2 test.
This practice helps to assure consistency in test administration and proctoring.
Conclusion A procedure needs to be developed pertaining to the control, administration, distribution, and storage for the MMPI 2 test booklets and answer sheets.
Psychological evaluation record retention i
requirements need to be added to the psychological evaluation services contract. Training and monitoring of personnel who administer and proctor the MMPI 2 tests was considered a strength.
7.
Behavioral Observation Proaram u
r rength involving the utilization of an instructor with a high level of knowledge and expertise in the area of behavioral observation was identified (Section a).
In addition, one weakness was noted in that I
the potential existed that some individuals, granted unescorted access, may not be subject to a behavior observation program (Section b). This i
issue was considered to be an Inspection Followup Item.
j The licensee's behavioral observation program (B0P) was inspected to l
determine whether the licensee nad a training and retraining program to j
ensure that supervisors have the awareness and sensitivity to detect
'
changes in behavior which could adversely affect trustworthiness and reliability and to report such to appropriate licensee management. for.
evaluation and action.
The program was instituted as part of, and is an
'
element in common with, the licensee's fitness-for-duty program.
In
addition, personnel interviews were conducted to determine if
'
individuals with unescorted access authorization had been notified of their responsibility to report any arrests that might impact upon their j
trustworthiness.
The inspectors reviewed licensee lesson plans and procedures and interviewed five supervisory / management personnel (four licensees and
.
-
.
...
l I
<
[.
!
j
-
'
one contractor) granted unescorted access at the Davis-Besse facility.
.
i All had been trained in behavioral observation.
The inspectors j
]
determined from interviews with licensee personnel and review of lesson
.
plans that the program addressed drug and alcohol related behavioral.
,
problems and other behavioral changes involving trustworthiness and
.
]
reliability.
In addition, behavior traits that may be (or indicate) a
!
potential threat to interrupting normal plant operations, including
.
,
radiological sabotage, were incorporated in the training program. All
'
,
personnel interviewed were knowledgeable of their responsibility to
,
i refer behavioral issues to utility management for evaluation and action.
i l
.
-
.
I Interviews with' a mix of 13 randomly selected. Davis-Besse contractor.and l
licensee site personnel, both supervisory (five) and non-supervisory
l (eight), showed that they were aware of;their. responsibility to report any arrests that might impact upon their trustworthiness.
'
,
,
One strength (Section a) and one weakness (Section b) were identified
]
during our review of the' licensee's behavioral observation program.
!
l These issues are discussed below:
'
-l
[
a.
During our review of the licensee's behavioral. observation-l training program we were advised that the instructor was a
'
professional psychologist. An interview with the individual:
verified that he is a licensed consulting psychologist Ph.D. 'with extensive experience (25 years) in research and teaching-in the
'
area of personnel behavior activities.
Discussion with.the
.
.l
individual and review of lesson plans showed that the training.
'
ranged from drug and alcohol-issues to awareness and sensitivity
to detect changes in behavior which couldiadversely. reflect upon
!
i trustworthiness and reliability. This included' behavior a
activities that may be a potential threat to the plant.- Course
material is continuously changed to address current behavioral l
issues. The program's latest change addressed: behavioral issues
!
involved with staff downsizing.. Initial training is-conducted
during a two day course. Retraining is conducted annually in a
!
four hour block. Behavioral training is independent and conducted-i separately of all other site training.
i
'
b.
Inspection results showed a potential problem in ensuring that each individual granted unescorted access would be subject to a-behavior observation program-(B0P)... Some security badged individuals could be absent from the site for.30 days or more and
may not have been in a B0P during that period, yet would be~-
afforded unescorted access upon return without any action by the licensee to evaluate the person's activities during the period of_-
absence. The licensee does not. track frequency.of. badge use and _a badge will' normally remain active until termination of employment..
The licensee could not determine how many badged personnel were in this group but believed the number to be small. Current security
<
computer configuration did not allow the licensee access. to this.-
type of information.
Section 9.0 of NUMARC 89-01 (an attachment to Regulatory Guide-i
5.66) requires that each individual granted unescorted access shall be subject to a behavioral observation program.
i
.
.
.
.
.
.
,
, _.
....
... _..,
o
'..
l Additionally, Section B.3 of Regulatory Guide 5.66 states,
" Requiring a complete psychological assessment and background j
investigation after every break of 365 days or less in the
.j behavioral observation program is not feasible. However, there is information available to the licensee from other sources....It is reasonable to expect that the licensee will ascertain that
,
whatever activities the employee engaged ia during his or her
'
absence would not have the potential to affect the employee's trustworthiness and reliability." The licensee initiated an
)
evaluation to address this matter. This issue was considered to be an Inspection Followup Item (346/93019-06).
Conclusion The licensee's behavioral observation training program was well organized and ensured that all applicable supervisors and managers had been trained and retrained as appropriate. The licensee could not
'
provide positive assurance that all individuals granted unescorted j
access were subject to a B0P.
)
8.
Unescorted Access Authorization
"Grandfatherina. Reinstatement.
Transfer and Temporary Personnel case files were reviewed to determine if they were properly i
and correctly "grandfathering", reinstating, transferring, and granting temporary access authorizations.
The licensee has procedures in their access control program to use the i
four categories referenced above.
Review of case files and interviews with cognizant licensee access control personnel concluded that these procedures were being appropriately implemented. The inspectors reviewed the case files of five individuals from each of the categories noted above.
Licensee's records were reviewed to determine that personnel who did not l
meet the criteria for grandfathering, i.e., those who did not have uninterrupted, unescorted access authorization for at least 180 days on April 25. 1991, had not been granted unescorted access authorization without having satisfied the elements of the program. The licensee met regulatory requirements as applied to grandfathering.
.
The licensee's program for reinstatement of access authorization was l
reviewed. The program provided for reinstatement of unescorted access l
if the individual's unescorted access had not been interrupted for a continuous period of more than 365 days and, if the previous access was terminated under favorable conditions, identity was verified, negative drug test was obtained, and background investigation information was updated.
If access had been interrupted more than 30 but less then 365 days, a suitable inquiry was completed prior to reinstatement of access.
Review of five randomly selected case files that involved employee reinstatement showed that the requirements noted above were being met.
The licensee has also established and implemented access control measures to accept transfer of access authorization from other licensees.
The program required that the receiving licensee confirm i
l
_
- _.
_
_
'
O
..
that the transferee currently holds a valid unescorted access i
'
authorization and that cross-checks on information relating to the person's identity (i.e., name, social security number, and date of birth) be verified before granting unescorted access.
The licensee utilized the transfer form in Appendix B to NUMARC 91.03. Review of i
five randomly selected case files of transfer, and interviews with
cognizant licensee access control personnel, identified no problems in l
this area.
i The inspectors reviewed the temporary access authorization program and
,
'
i determined through a review of records and interviews that licensee case
'
files reflected Access Authorization Program requirements having been satisfied prior to the licensee's granting of temporary access. The licensee's temporary Access Authorization Program allows the licensee to grant temporary access for a period not to exceed 180 continuous days pending completion of a full background investigation and access authorization with the exception of pending FBI criminal history check and military service. Temporary access was granted based on the satisfactory completion of the requirements noted in Regulatory Guide 5.66.
The licensee had a formal system to track personnel granted temporary access to ensure that the 180 day time limit was not exceeded.
Conclusion Licensee actions were good in this area and met' licensee program requirements and NRC regulatory requirements.
9.
Denial / Revocation of Unescorted Access The inspectors reviewed approximately seven case files involving denial or revocation of unescorted access. The denial and appeal process and case files were considered a program strength. The review and appeal process were being conducted at an appropriate management level.
The case files reviewed for appeals were well organized and complete in content. Appropriate background and supporting documentation was within each file whereby a decision could be rendered based upon the content of the files. Appeal decisions were appropriately documented.
Access authorization appeals were reviewed by the Industrial Security Committee which consisted of the Manager; Industrial Security, Supervisor-Personnel Administration; Nuclear Licensing Manager; the Plant Manager; or their designees. Toledo Edison Security Department Procedure No IS-AC-00017, Denied Access List Control" dated-June 26, 1992, addresses access denial and appeal responsibilities and procedures. Adequate protection of personnel privacy matters was observed during the inspection.
Conclusion Case files maintained for the denial and revocation of unescorted access authorization were considered to be a program strength.
Other aspects l
of the program were adequate.
t l
i
'
o
,
I
'..
10.
Protection of Personal Information The inspectors reviewed the licensee's practices for the protection of personal information collected and assembled for access authorization
,
purposes.
Interviews with licensee access authorization personnel, i
corporate security personnel, and a contractor that performs background l
investigations for the licensee were also conducted. Adequate controls
for access to personnel security access authorization records was
'
observed during the inspection.
Personnel were aware of the need to protect private and personal information'obtained during the access authorization process. The listing of personnel denied access authorization was stringently controlled within the office of the Supervisor-Access Control and maintained within a locked container when not in use. Access to storage containers with access authorization data
!
was controlled on a "need to know" basis. Release forms were routinely completed by personnel prior to initiation of the access authorization process.
I Conclusion i
Protection measures for personal information obtained during the access authorization process was considered adequate.
i 11.
Audits An unresolved item pertaining to the question of " functional independence" of the site access control section staff member responsible for conducting audits of some contractors progitms was noted during the initial onsite inspection. Additionally, the methodology used for the audits of contractor programs was a concern. Both issues were resolved subsequent to the onsite inspection. The Quality Assurance audits of the access authorization program were adequate.
)
a.
One member of the access authorization staff is responsible primarily for conducting audits of the contractor's compliance with the licensee's access authorization program. The NRC's i
position on this issue is stated in the Statement of Considerations for the Access Authorization Rule in the Federal-Register on page 56 FR 19004, under Section III.6, Audits, states:
"The Commission believes that an independent evaluation is a reasonable requirement which could be met by a utility's quality assurance program if persons conducting the evaluation are qualified and functionally independent of those responsible for implementing the Access Authorization program." The inspectors did not consider the access authorization staff member to be sufficiently independent in light of the NRC position in the Statement of Consideration.
The licensee maintained that the staff member was independent because he performed only audits of the contractor programs and he had no responsibility for program implementation or other aspects of the access authorization program.
Inspector interviews noted that the individual did, on a routine basis, advise and discuss program requirements with contractor personnel. However, to resolve the issue, the licensee advised the inspectors by
12
-
..
-
. -.
-
-
--
l^.
>
>
.
..
telephone and a copy of a memorandum on October 1, 1993, that small contractor companies would be required to utilize one'of l
four background screening companies currently under contract to
+
the licensee. The background investigation reports would be
returned to the licensee Access Control Section for review,
-
approval, and storage. Quality ~ Assurance would audit the activities of Access Control,.the four background screening
'
companies on contract to the licensee, the agency providing.
..
psychological evaluation services, and the large contractor. firms
!
(about six) that completed screening requirements.for their own
personnel. Additionally, the access control staff member's
!
function would be to assist the Quality Assurance auditors as a
technical specialist during the audits.
i
,
The licensee's proposal resolved the issue of " functional independence" for the access control staff member performing audits.
^
b.
Interviews with the licensee staff member performing audits of the contractors programs and review of audit reports ' disclosed.that.
.
the majority of audits performed of contractors compliance with'
,
the licensee's access authorization program consisted of
>
contacting the contractor and requesting that a certain. number of case files identified by the auditor be sent to the licensee so
the auditor could review them and determine compliance with~
j requirements. Such methodology is a weak audit practice which i
concentrates almost exclusively on completion of background
investigation requirements and limits the licensee's ability.to determine the contractor's " program effectiveness." The l
licensee's commitment pertaining to more aggressive program audit
)
,
activities by Quality Assurance (described in section a above)
l
'
resolved this issue.
l c.
The Quality Assurance Department completed two audits of the l
access authorization program (Audit AR-92-SECUR-01, February 1992,
!
and AR-92-SECUR-02, November.1992).. Inspector review of the audit l
reports concluded that the audits were adequate and the audit:
'
findings were adequately documented.
!
Conclusion The methodology used to conduct audits of contractors compliance with-l the licensee's AA requirements was considered to be a program weakness.
l The AA staff member conducting audits of the contractors compliance with j
AA program requirements was not considered to be " functionally.
j l
independent".
Both issues were adequately resolved subsequent to the
!
onsite inspection.
12.
Record Retention The inspectors reviewed the licensee's record retention activities to
~
_,
assure that required records'would be retained for the appropriate time
'
period.
Section 7 of Toledo Edison Security Department Procedure IS-AC-00516, Revision 4, " Unescorted Access Requirements" addressed retention of access authorization records. The access authori.zation records.have.
u
--.
-
.
-
. - ~ ~
.-.
, -. -..
-
- ~;
.
-
i sq been designated as non-quality assurance records in TESDP IS-AC-00516.
The correct record retention period was identified in Sections 6.13.5 and 6 of TESDP IS-AC-00516. The inspectors also observed record storage facilities at the access authorization office; the Corporate security i
office; site nuclear security office; the central record storage area-
'
and at two contractor locations. The records were being stored in
'
adequate facilities or containers.
In most cases. the protection i
provided to access authorization records was equivalent to the l
protection provided for safeguards information.
l Conclusion
.
The procedure guidance, and practice for retention of access l
authorization records was considered adequate.
l
.
l l
l
,
t l
l
!
l
.
!
t-
._,