IR 05000454/1997011
| ML20151L994 | |
| Person / Time | |
|---|---|
| Site: | Byron  |
| Issue date: | 08/01/1997 |
| From: | NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION III) |
| To: | |
| Shared Package | |
| ML20151L983 | List: |
| References | |
| 50-454-97-11, 50-455-97-11, NUDOCS 9708080115 | |
| Download: ML20151L994 (10) | |
Text
.
.
U.S. NUCLEAR REGULATORY COMMISSION REGION lil Docket Nos:
50-454;50-455 Licenses No:
50-454/97011(DRS); 50-455/97011(DRS)
Licensee:
Commonwealth Edison Company Facility:
Byron Nuclear Generating Plant, Unit 1 and 2 Location:
4448 North German Church Road Byron, IL 61010-9750 Dates:
June 30 - July 7,1997 Inspector:
G. Pirtle, Physical Security inspector '
Approved by:
James R. Creed, Chief, Plant Support Branch 1 Division of Reactor Safety
,
,
i
"
9700000115 970001 PDR ADOCK 05000454 G
..
.
.
.
EXECUTIVE SUMMARY Byron Nuclear Generation Plant NRC Inspection Report 50-454/97011, 50-455/97011 This inspection included a review of the physical security program, it was an announced inspection conducted by a regional physical security specialist.
A violation was noted for not completing adequate required alarm system
testing on an annual basis (Section S2).
Procedure weaknesses were noted pertaining to security event logging and
exempting certain vehicles from being searched (Section S3.b.1 and S3.b.2).
Reduced alarm assessment capability was caused by some alarm station
operators actions (Section S4).
Attainment of self-established security performance goals,which were
monitored on a monthly basis, was a strength, and self-assessment efforts were varied and effective (Section S7).
.
._.
._
.- - _ _ _. _..
_ _ _ - _ _ _ _ __._
_
__
_ __
-
_
__
._
.
a L
'
Report Details
,
IV. Plant Support S2 Status of Security Facilities and Equipment a.
Inspection Scoce (81700)
-
t The inspector reviewed the condition of security equipment and facilities required by the security plan. The equipment observed included, but was not limited to, search equipment, intrusion alarm equipment, alarm assessment equipment, and
>
equipment within the security alarm stations. Facilities observed included the Main
i Access Facility and both alarm stations.
'
b.
Observations and Findinas
Security equipment observed during the inspection functioned as designed and
'
'
compensatory measures were implemented when appropriate. Maintenance support for security equipment requiring compensatory measures was generally l
very timely.
E l
Section 13.2.1 Of the licensee's security plan required among other things that the perimeter alarm system's 90% detection probability with a 95% confidence interval
,
!
be confirmed during annual testing of the perimeter alarm system. Such confirmation is determined by attempts to penetrate the alarm zone. The number of successful alarms determine the number of required penetration attempts (at j
least 30). The annual testing procedure did not contain a sufficient number of alarm penetration attempts to confirm the detection rate. Neither was an ongoing i
systematic analysis of system performance for the previous year being completed
}
by maintenance or security to confirm the 90% detection probability with a 95%
!
confidence. Such a systematic analysis would be an alternative to extensive l
testing at one time. The security staff did not understand the testing criteria to
'
determine the detection probability and confidence interval for the system's
'
performance. This constituted a violation of Section 13.2.1 of the security plan (50-454/97011-01; 50-455/97011-01).
The Station Security Administrator comr.litted to complete the required testing of the perimeter alarm system to confirm detection probability within the next 30 days
{
and to include such confirmation testing as a surveillance requirement on an annual basis. These actions are adequate to address the issue and to prevent recurrence.
,
'
.
j c.
Conclusions
Security facilities and equipment observed functioned as designed and compensatory measures were seldom required.
A violation was noted for not completing certain testing required by the security l
plan on an annual basis.
,
-.
-
-
_
_ __.__
_ _ _ _ _ _
_
_
_ _
_
_..
_ _ - _ _ _ _ _ _ _ _ _ _
.
I h'
S3 Security and Safeguards Procedures and Documentation a.
Inspection Scope (81700)
The inspector reviewed selected procedures pertaining to the areas inspected and also reviewed appropriate logs, records, and other documents.
b.
Observations and Findinas
.
Although some weaknesses were nonJ in some procedures, the procedures were
'
generally well written, detailed in nature, and reviewed at appropriate intervals.
1.
A review of security event reports and incident reports showed that all
'
security-related incidents were being documented and included in monthly trending data. However, some security issues were being recorded by I
incident reports rather than in the security event logs. Incident reports were not required by NRC regulations, but security event logs were required by NRC regulations. Examples of issues recorded in incident reports that should a
have been in the security logs include loss of security badges within the protected area, and failure to change out security area locks within the l
proper time limit. Additionally, some deficiencies were noted with the
!
procedure in reference to logging security incidents. Examples include: no guidance on logging loss of vital area keys; conflicts with the corporate i
nuclear security guidance document on reporting security events; conflicts between the narrative in the procedure and the procedure matrix for
reporting security events; and obsolete references to a backup security
<
j computer system (RACCS) which is no longer in use. This issue will be monitored as an inspection Followup Item (50-454/97011-02; 50-
455/97011-02).
1 2.
Certain vehicles, referred to as "C" vans (cargo containers) were exempted
'
from search prior to entering protected area based upon certain conditions.
A new practice was recently implemented whereby "C" vans from other licensee sites were searched at the other site, locked and sealed by Byron security personnel, escorted to Byron, and then allowed within the protected area without being searched because the van was searched at the other site and kept under security force observation. No procedures for this practice were developed.
To date, search of the "C" vans were not needed at the protected area gate because of the radiological hazards associated with the vans. Contaminated packages are exempt from search at the gate. However, if in the future, "C" vans (which were not contaminated, for example) would be required to be searched and were not searched because of the practice described earlier, then a security plan change will have to be completed and procedures developed and approved for the practice since it would be a new category of container exempt from search requirements. This issue will be monitored as an Inspection Followup item (50-454/97011-03; 50-455/97011-03).
.
.
.
.
c.
Conclusions Procedure weaknesses were noted pertaining to logging security events and exempting certain vehicles from search prior to entering the protected area.
S4 Security and Safeguards Staff Knowledge and Performance a.
Inspection Scope (81700)
The inspector toured various security posts and observed performance of duties to determine if the officers were knowledgeable of post requirements. Security event logs and other records portaining to security force performance were also reviewed.
b.
Observations and Findinas During inspection of alarm station activities, degraded alarm assessment capability was noted because of some alarm station operator actions. Sections 7.2.5 and 10.3.4 of the licensee's security plan required each alarm station to have the perimeter alarm zone appear on an assessment monitor within a specified time after the alarm occurs. A certain monitor within the secondary alarm station (SAS) was designed to fulfill this requirement. However, during post checks it was noted that the alarm assessment capability was degraded because of alarm station operator
,
actions resulting in subsequent alarms not appearing on the dedicated monitor as
{
required. Additionally, three zones of the CCTV assessment system were not j
functioning properly and work requests were not submitted to have them repaired until noted during the inspection.
The significance of this issue is reduced because responses were made to all intrusion alarms regardless of the cause of the alarm, and an assessment was always available by viewing other fixed camera video images. H;.vever, this issue demonstrates that the alarm station operators were not awe.re of the security plan requirements and the significance of the assessment moni.or at the SAS. Prior to the close of the inspection, alarm station operators warc advised of the necessity to clear alarms as soon as an assessment was completed. This issue will be monitored as an inspection followup item (50-454/97011-04; 50-455/97011-04).
Other security force personnel observed on post were very familiar with their
,
responsibilities and no deficiencies were noted.
c.
Conclusions Security force members were generally knowledgeable of post requirements and performed their duties in an adequate manner. However, some alarm station operator actions reduced assessment capability because of untimely clearing of alarms received.
.
'
.
S7 Quality Assurance in Security and Safeguards Activities a.
Insocction Scoce (81700)
The inspector reviewed self-initiated performance evaluations conducted by security staff and personnel (licensee and contractor),
b.
Observation and Findinas
.
The self-assessment program was flexible and varied. In addition to monthly monitoring of security force performance and security equipment performance, other programs were implemented. Audits of the security program were completed
by the Station Quality Verification Department and the Burns Security Service, Inc.
(BISSI) audit teams. Additionally, five BISSI self-assessments had been completed and documented between September 9,1996 and March 15,1997.
Attainment of security related goals monitored by the security performance trending j
report was a program strength. Within the past six months, loggable events have been under the goal established (36 per month), only two security plan deviations have occurred, required compensatory measure have generally been decreasing, and security equipment inservice time was 99% or higher.
c.
Conclusions Self-assessment efforts were varied and effective. Attainment of self identified security goals monitored on a monthly basis was a strength.
S8 Miscellaneous Security and Safeguards issues (92904)
S8.1 (Open) Unresolved Item (50-454/96010-01: 50-455/96010-01): Weak security badge issue and control procedures which may allow a single individual to fabricate and enter a security badge into the system without the knowledge and authorization of another person. This issue is still being reviewed by the NRC.
S8.2 (Ocen) inspection Followun item (50-454/96010-02: 50-455/96010-02): Need to revise om security plan to show the correct location of some segments of the vehict( barrier system. The plan revision has not been submitted yet to the NRC for review.
S8.3 (Closed) Inspection Followuo item (50-454/96010-03: 50-455/96010-03): A section of the Updated Final Safety Analysis Report (UFSAR) required revision because of the installation of the vehicle barrier system. The revision to the UFSAR (revision 6) was completed in December 1996.
S8.4 (Closed) Inspection Followuo item (50-454/96010-04: 50-455/96010-04): A procedure to cope with a vehicle bomb contingency needed to be deleted because the vehicle barrier system superseded practices identified in the procedure. The
'
procedure (BXP 200-11) was deleted.
,
.
_
.
. _ _ _.. _
_
. - _ _. _ _. _. _
.
.
.
. _ _ _.
.
t
.
S8.5 (Closed) Unresolved item (50-454/96010-05: 50-455/96010-05): Safeguards information contained in a memorandum prepared by the engineering department in reference to vulnerabilities with the vehicle barrier system was not adequately marked or protected. This issue was subsequently determined to be a violation.
This issue is closed as an unresolved item and addressed as a violation in Section
-
l S8.6 below.
i
!
S8.6 (Closed) Violation (50-454/97005-07: 50-455/97005-07): Safeguards information contained in a memorandum prepared by the engineering department in reference to
,
vulnerabilities with the vehicle barrier system was not adequately marked or protected. The written response to the violation has been received by the NRC and
the adequacy of the response will be addressed by separate correspondence. This
,
issue will be closed as an inspection item.
.
l X1 Exit Meeting Summary The inspector presented the inspection results to members of the licensee management at
.
a the conclusion of the inspection on July 7,1997. The licensee acknowledged the findings
!
presented. Actions agreed to by the security staff to address the inspection findings were discussed during the exit meeting.
.
I The inspector asked the licensee if any inspection findings discussed during the exit meeting should be considered as proprietary or safeguards information. No proprietary or safeguards information was identified.
.
.
_ _.
_ _ _..
_
__
.
.
., _ _
_
_
_ _ _ _
.
PARTIAL LIST OF PERSONS CONTACTED
Licensee:
I G. Bowers, Assistant Station Security Administrator R. Cassidy, Assistant Station Security Administrator R. Colgiazier, NRC Coordinator K. Kofron, Station Manager M. Mareth, Force Manager, BISSI M. Martin, Site Quality Verification Auditor d
S. Meyers, Maintenance Administrator, BISSI
'
S. Mills, Station Security Administrator
D. Minor, Operations Supervisor, BISSI R. Morley, Nuclear Security Administrator NRC S. Burgess, Senior Resident inspector INSPECTION PROCEDURES USED i
IP 81700 Physical Security Program For Power Reactors IP 92904 Followup - Plant Support
i ITEMS OPENED, CLOSED, AND DISCUSSED Opened j
50-454/97011-01 VIO Confirmation of The Probability of Detection For an Aiarm i
System Was Not Completed on an Annual Basis.
50-455/97011-01 VIO Confirmation of The Probability of Detection For an Alarm
System Was Not Completed on an Annual Basis.
50-454/97011-02 IFl Documentation of Loggable Security Events Required Revision 50-455/97011-02 IFl Documentation of Loggable Security Events Required Revision 50-454/97011-03 IFl Procedures Required For Exempting Certain Vehicles From
<
Search 50-455/97011-03 IFl Procedures Required For Exempting Certain Vehicles From
Search
'
50-454/97011-04 IFl Degraded Alarm Assessment Capability Because of Some
Alarm Station Operators Actions
'
.
.
-.
_.-
_
...
. -..
.
. -
_. -.
.
.. =. _ -
-
-..
..
.
!
!
'
.
,
l
.
5*
50-455/97011-04 IFl Degraded Alarm Assessment Capability Because of Some
[
'
Alarm Station Operators Actions j
j Closed
.
50-454/96010-03 IFl The Updated FSAR Required Revision Because of Installation of the VBS.
50-455/96010-03 IFl The Updated FSAR Required Revision Because of installation
i of the VBS.
'
,
50-454/96010-04 IFl A Procedure Pertaining to the Vehicle Bomb Contingency
Needed to be Deleted.
50-455/96010-04 IFl A Procedure Pertaining to the Vehicle Bomb Contingency
Needed to be Deleted.
!
50-454/96010-05 URI A Memorandum May have Contained Safeguards information
.
and was Not Marked and Protected as Such.
- 50-455/96010-05 URI A Memorandum May Have Contained Safeguards Information and was Not Marked and Protected as Such.
50-454/97005-07 VIO A Memorandum Containing Safeguards Information Was Not Adequately Marked and Protected 50-455/97005-07 VIO A Memorandum Containing Safeguards Information Was Not Adequately Marked and Protected 50-454/97011-01 VIO Confirmation of The Probability of Detection For an Alarm System Was Not Being Confirmed on an Annual Basis.
50-455/97011-01 VIO Confirmation of The Probability of Detection For an Alarm j
System Was Not Being Confirmed on an Annual Basis.
Discussed 50-454/96010-01 URI Security Badge issue Process Had Weak Controls to Prevent Circumventing the System.
50-455/96010-01 URI Security Badge issue Process Had Weak Controls to Prevent Circumventing the System.
50-454/96010-02 IFl Security Plan Revision Required to Show Correct Location of the Vehicle barrier System.
50-455/96010-02 IFl Security Plan Revision Required to Show Correct Location of the Vehicle Barrier System.
- _ _ _ - - - _ - _
!
'
LIST OF ACRONYMS USED CAS Centraiiarm Station IFl Inspection Followup Item URI Unresolved item SAS Secondary Alarm Station UFSAR Updated Final Safety Analysis Report VBS Vehicle Barrier System VIO Violation PARTIAL LISTING OF DOCUMENTS REVIEWED Security Event Logs From January 1,1997 to July 3,1997 Security incident Reports From January 1,1997 to July 3,1997 Byron Station Security, Fitness For Duty (FFD), And Personnel Access Data System (PADS) Audit Report 06-97-07, Dated June 10,1997 Burns international Security Services, Inc. Quality Assurance Audit Report Number UBU 97-02 for The Period of January 27-31, 1997 Summaries of Burns International Security Services, Inc. Security Self Assessments Between September 1,1996 and March 15,1997, to include Assessment Numbers 96-08,96-09, 97-01, 97-02, 97-03.
Byron Procedure BAP 900-18, " Reporting and Recording of Security Events", Revision 3, Approved August 30,1996 Corporate Nuclear Security Guideline No.1, " Reporting and Recording of Security Events",
Revision 11, June 1997 Byron Station Security Performance Trending Report For the Period Between December 1, 1996 and May 31,1997 Security Equipment Test Procedure Manual to include Test Procedures For: Portal Firearms Detector; Explosive Detectors; X-Ray Machines; Entrance and Exit Turnstiles; Security Doors; Automatic Closure Doors; Perimeter Alarm System; Explosive Detector Tamper Alarms; and Duress Alarms Seven Day Test Result Sheets for: Perimeter Alarm System; Security Doors; Duress Alarms; and Explosive Detectors Tamper Alarms For the Period Between May 5,1997 and July 3,1997 Annual Test Procedure For The Perimeter Alarm System
t
- _ _ _ _ _ _ _ _ _ _ _ _