IR 05000483/1994013

From kanterella
Jump to navigation Jump to search
Insp Rept 50-483/94-13 on 941128-1206.Violations Noted.Major Areas Inspected:Physical Security Including,Audits,Alarm Stations & Communications,Corrective Actions & Mgt Support, Protection of Safeguards Info & Security Program Plans
ML20149J399
Person / Time
Site: Callaway Ameren icon.png
Issue date: 12/23/1994
From: Pirtle G
NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION III)
To:
Shared Package
ML20149J379 List:
References
50-483-94-13, NUDOCS 9501050180
Download: ML20149J399 (9)
v  d  e


Text

-. .

. ._ . _ __ - __ _ ___ - - _____

l l

l l

l

U.S. NUCLEAR REGULATORY COMMISSION

REGION III

Reports No. 50-483/94013(DRSS)

Docket Nos. 50-483 License No. NPF-30 Licensee: Union Electric Company

'

St. Louis, MO 63166 Facility Name: Callaway County Nuclear Power Station, Unit 1 Inspection Dates: November 28 - December 6, 1994 Type of Inspection: Announced. Physical Security Inspection Date of Previous Physical Security Inspection: August 16 - 24, 1993 Inspector: b%% h Gary L. Putle Date 11/23/.99 Physical Security Inspector Approved By: OZ Liz E

James R. Creed, Chief Date

$afeguards and Incident Response Section Inspection Summary Inspection Between November 28 and December 6. 1994 (Report N /94013(DRSS))

Areas Insoected: Routine, announced physical security inspection involving:  ;

Audits, Corrective Actions and Management Support; Effectiveness of Management Controls; Security Program Plans; Protected Area Detection Equipment; Alarm Stations and Communications; Protection of Safeguards Information; and Followup on Previous Inspection Finding Results: The licensee was found to be in compliance with NRC requirements within the areas examined, except for one cited violation.for failure to adequately protect Safeguards Information, and a noncited licensee identified violation pertaining to a person entering the protected area without a security badg Three inspection followup items (IFIs) were identified during the inspectio One of the items pertained to incorrect or unclear commitments within a proposed security plan revision. Another IFI pertained to incorrect information within a procedure pertaining to logging lost security badge incidents. The third IFI pertained to monitoring loggable security events caused or contributed to by the security forc PDR ADOCK 05000483 G PDR

__

.

.

.

.

Two program strengths were identified during the inspection and pertained to:

excellent annual audit of the security program; and the significantly reduced number of loggable security events thus far in 199 Four previously identified inspection items were reviewed and closed. The previously identified items pertained to annual audits of Health and Human Services (HHS) certified laboratories used for Fitness-For-Duty (FFD) testing; Conflict in procedures pertaining to FFD appeals for contractors; the need for more readily available written instructions for personnel being FFD tested; and the need for more adequate control of access to individual quantitative FFD test result data.

l The security program continues to receive strong management support, j l

Equipment observed functioned as designe l l

l l l i

l l

l i

i i

t 2 1

. . - . - . - - . . - . .

_

.

.

REPORT DETAILS 1. Key Persons Contacted In addition to the key members of the licensee's staff listed below, the inspector interviewed other employees, contractor personnel, and members of the security organization. The asterisk (*) denotes those present at the onsite Exit Interview conducted on December 6, 199 *G. Randolph, Vice President, Nuclear Operations, Union Electric-

  • J. Laux, Manager, Quality Assurance, UE
  • R. Afforter, Manager, Operations Support, UE
  • D. Fitzgerald Superintendent, Security, UE J. Clark, Assistant Superintendent, Security, UE
  • E. Thornton, QA Engineering Evaluator, UE
  • J. Beck, Engineer, Licensing, UE
  • G. Hughes, Supervising Engineer, Nuclear Safety, UE
  • S. McLaughlin, Nuclear Clerk, Security Section, UE
  • Snavely, Vice President, Operations, Burns International Security Services, Inc. (BISSI)
  • G. Hill, District Manager, BISSI
  • Dunbar, Security Operations Supervisor, BISSI
  • Henry, Project Support Services Supervisor, BISSI
  • B. Bartlett, Senior Resident Inspector, USNRC Region III
  • D. Calhoun, Resident Inspector, USNRC Region III 2. Followuo on Previous Insoection Findinas (Closed) Unresolved Item (Recort No. 50-483/93021-01): This ;

unresolved item was discussed in Section 5.a of the above report and pertained to the question if licensees had to conduct an annual audit of Health and Human Services (HHS) certified laboratories that perform Fitness-For-Duty testing analysis for them. The NRC Office of General Counsel has reviewed this issue and concluded that 10 CFR Part 26, as currently written, does not require licensees to conduct annual audits of HHS certified laboratories. This item is close (Closed) Insoection Followuo Item (Report No. 50-483/93021-02):

This issue was discussed in Section 5.b of the above report and pertained to conflicting guidance in procedures for contractor personnel FFD positive test results. One procedure allowed an ;

appeal for positive FFD results, another procedure did not allow l an appeal . Section 19 of Procedure APA-ZZ-00909, " Fitness For 4 i

,

- - - . .

.

'

Duty Program Contractor / Consultant Employees",' Revision 10, Dated November 7,1994, was revised to allow contractors and consultants the same appeal process that exists for licensee employees. This item is close (Closed) Inspection Followuo Item (Recort No. 50-483/93021-03): l This issue was discussed in Section 5.c of the above report and l pertained to the need for more readily available written instructions for personnel being FFD tested. The written instructions were reviewed during this inspection and they were adequate and readily available to personnel completing FFD testing. This item is close (Closed) Inspection Followuo Item (Report No. 50-483/93021-04):

This issue was discussed in Section 5.d of the above report and pertained to the need for more adequate control of access to !

individual quantitative FFD. test result data. During the initial i inspection, such data was openly filed in the FFD file folders, l Access to such files was limited however to medical and administrative personnel designated as having a need-to-kno During this inspection, it was confirmed that such data is maintained in sealed envelopes. This item is close . Entrance and Exit Interviews

! At the beginning of the inspection, Mr. Dave Fitzgerald and other members of the licensee's staff were informed of the purpose of this inspection, its scope and the topical areas to be examine The inspector met with the licensee representatives, denoted in Section 1, at the_ conclusion of onsite inspection activities. A general description of the scope and conduct of the inspection was

< provided. Briefly listed below are the findings discussed during the exit interview. The licensee representatives were invited to

'

provide comments on each item discussed. The details of each finding listed below are referenced, as noted, in the report.

l (1) Four previous inspection findings were reviewed and closed .

l (Refer to Section 2).  !

(2) Personnel present were advised that a violation had been noted pertaining to failure to comply with the protection i requirements for Safeguards Information (Refer to Section )

5).

(3) A licensee identified violation was noted pertaining to an l individual entering the protected area without a security I badge (Refer to Section 6.a). i (4) Three inspection followup items (IFIs) were noted. One of the items pertained to the need to clarify a revision to the security plan. Another IFI pertained to the need to revise

. _. _ _ . _ _

( -

'

l a security procedure pertaining to logging security events, l l

, The third IFI pertained to monitoring loggable security  ;

'

events caused or contributed to by security force members (Refer to Section 6.b).

(5) Program strengths were noted pertaining to the annual audit of the security program and the significant reduction of l loggable security events caused by plant personnel and l equipment (Refer to Section 6.c).

l

! Proaram Areas Inspected

!

Listed below are the areas examined by the inspector in which no findings (strengths, violations, deviations, unresolved items or i inspection followup items) were identified. Only findings are described i in subsequent Report Details section '

The below listed clear areas were reviewed and evaluated as c.emed necessary by the inspector to meet the specified " Inspection Requirements" (Section 02) of the applicable NRC Inspection Procedure (IP). Sampling reviews included interviews, observations, and document reviews that provided independent verification of compliance with requirements. Gathered data was also used to evaluate the adequacy of the reviewed program and practices to adequately protect the facility and the health and safety of the public. The depth and scope of inspection activities were conducted as deemed appropriate and necessary for the program area and operational status of the security syste Additional testing of security systems was not requested by the inspecto IP 81700-Physical Security Inspection Proaram for Power Reactors No violations, deviations, unresolved items, or. inspection followup items were noted pertaining to audits, corrective actions and management support, effectiveness of management controls, protected area detection equipment, and alarm stations and communications as identified in Inspection Procedure 8170 . Protection of Safeauards Information (IP 81810)

One violation was noted. No written response to the violation is required since adequate corrective actions were being implemented by the lici se The dolation pertains to the failure to adequately protect safeguards information (SI) located outside of the protected are On three occasions between May 1993 and March 1994, and despite several corrective actions, the same security storage container within the Security Department (outside of the protected area) was left unlocked -

and unattended by the same individual. This constituted a violation of 10 CFR 73.21(d)(2). Safeguards Information was in the security

. _ . __ ___ -_ ,_ _

__

.

.

container but the information was not sufficient to assist in an act of radielogical sabotage. The time frame for the container being unlocked and unattended ranged from 14 minutes to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> > 45 minute The licensee by practice segregates the major st m .ty plans and does not file a composite security plan in one securi,.: container to prevent the insecure status of any one container from providing sufficient SI to assist in radiological sabotag Subsequent to the last occurrence on March 22, 1994, two task teams have been formed (May. and August 1994) to evaluate the causes and corrective actions to resolve the issue and prevent recurrence. Additionally, the QA' audit of the security program included.a review of the SI program and identified that the program required management attention. It is very apparent that senior management is aware that the SI protection program requires aggressive oversight and effective corrective action On November 10, 1994, the Manager, Operations Support and the Superintendent, Security briefed the NRC Region III security staff on the multi-faceted action plan developed to adequately strengthen the SI protection program and prevent recurrence of significant SI relate incidents. The action plan addressed programmatic revision of the governing document pertaining to SI protection; relocating SI within a secure facility inside the protected area; additional and ongoing training requirements; program review and audit criteria; and an effort to reduce the volume of SI. Review of the action plan items during this inspection showed that the significant milestones were being completed as schedule Based on the above corrective actions and the current progress-in meeting action plan objectives, a written response to the violation is not requested. We will continue to monitor completion of the action plan items during subsequent inspections (483/94013-01).

6. Physical Security Proaram for Power Reactors (IP 81700)

One licensee identified violation and three inspection followup items were noted and are described below. Two program strengths were also note A licensee identified violation was noted pertaining to an individual entering the protected area (PA) without a security badg Section 3.a of Inspection Report No. 50-483/94011 (Resident Inspector's report) noted that on October 12, 1994, a plant employee entered the protected area without his security badge. The plant employee left his security badge at the Main Access Facility (MAF) prior to exiting the PA to converse with a-delivery driver. The employee then requested a security officer to open the PA gate so he could retrieve a package which had been left on the PA side of the gate. Once the package was retrieved, the employee entered the PA through the gate and returned to wor About an hour later, the employee noticed that he did not have his

. -. -.- - -. . - - . .- . . - . .

I

! l I

security badge and notified security. This incident involved a failure on the part of the employee and the security officer present at the vehicle gate at the time of the incident. An excellent root cause analysis was completed and corrective actions will include instructions on the incident during the current security training cycle, and changes to post procedures for the vehicle search function. This incident meets the criteria of-Section VII.B.(1) of 10 CFR Part 2, Appendix C,.as a licensee identified noncited violatio Three inspection followup items were identified and are described below:

(1) During review of loggable security events, it was noted that the procedure pertaining to logging of. security events incorrectly stated that lost security badges did not have to be logged if the badge was not used. This is contrary'to !

the guidance in Generic Letter 91-03, dated March 6, 1991, and contrary to the security force's practice (483/94013-02). ,

)

(2) During review of security plan changes recently evaluated by ,

'

NRC Headquarters (NRR/RSPB), several areas were identified which require clarificatio The Security Superintendent agreed to address the concerns (483/94013-03).

(a) Section 6.2.3 incorrectly states that one alarm station can not perform an important function without the knowledge of the other alarm station. This is l incorrect,when one of the alarm stations is in the l " independent mode" of operatio (b) Section 3.1.2.3 incorrectly implies that safeguards l information (SI) combinations can be stored in

! containers with combination locks. This is incorrect 1 for SI maintained outside of the protected area in noncontrolled access facilities. Additionally, specific types of combination locks are required for securing SI containers within the protected area.

(c) The QA audit noted that the door testing requirements and personnel search requirements for the Stores I receipt area required clarificatio This issue is being monitored under licensee tracking number SOS94-121 (3) The recent reorganization of the security force appeared to have been effectively implemented. The minimum manning

, levels for day and backshift are credible, overtime hours l l are adequately controlled, and call offs and compensatory l l 7 ,

!

___ ._ __. -

,-I

. _

. - _ -

! .

.

measures have been consistent with performance prior to-reorganization in August 1994. The new security director and contract security manager seem to have gained the confidence of the staff and the security force. One issue was noted pertaining to the number of security loggable events attributed directly or indirectly to the security force. Since reorganization, four loggable security events i

have been caused or contributed to by the security force and l 'the errors have been for noncomplex tasks such as badge

! issue. Three of the four logged events occurred between l October 16 and November 16, 199 Inattention to detail I

'

appeared to be a common thread. Although the number is low, it represents an increase when compared to the performance of the security force over the previous six months. An inspection followup item will be assigned to monitor security force caused loggable security events to determine if the recent increase in number is an isolated occurrence or an early indicator of reduced performance (483/94013-04). Two strengths were noted in the area of physical security for power reactors and are addressed below.

l

-

The Quality Assurance audits of the security program continued to be a program strength. The audit of the security program conducted between August 8-22, 1994, was j excellent in scope and depth and very well documente Audit findings are aggressively monitored until adequately close The number of loggable security events for 1994 will probably be the lowest in number since the plant has been licensed. As of December 6, 1994, only 90 security events have been logged compared to 245 security. events in 199 The criteria for logging security events has not changed so l

the significant reduction appears to be the result of aggressive management support for the program and the high level of security awareness of the general plant populatio l l

--- .-- . -. . ~ . .- . -.

. ___ _

.

security badge and notified security. This incident involved a failure on the part of the employee and the security officer present at the vehicle gate at the time of the incident. An excellent root cause analysis was completed and corrective actions will include instructions on the incident during the current security training cycle, and changes to post procedures for the vehicle search function. This incident meets the criteria of l Section VII.B.(1) of 10 CFR Part 2, Appendix C, as a licensee l identified noncited violatio i b. Three inspection followup items were identified and are described below: '

l (1) During review of loggable security events, it was noted that the procedure pertaining to logging of security events incorrectly stated that lost security badges did not have to be logged if the badge was not used. This is contrary to the guidance in Generic Letter 91-03, dated March 6, 1991, and contrary to the security force's practice (483/94013-02).

(2) During review of security plan changes recently evaluated by NRC Headquarters (NRR/RSPB), several areas were identified which require clarificatio The Security Superintendent agreed to address the concerns (483/94013-03).

t l (a) Section 6.2.3 incorrectly states that one alarm i

station can not perform an important function without the knowledge of the other alarm station. This is incorrect when one of the alarm stations is in the

" independent mode " of operatio (b) Section 3.1.2.3 incorrectly implies that safeguards information (SI) combinations can be stored in containers with combination locks. This is incorrect for SI maintained outside of the protected area in noncontrolled access facilities. Additionally, specific types of combination locks are required for securing SI containers within the protected are (c) The QA audit noted that the door testing requirements and personnel search requirements for the Stores I receipt area required clarification. This issue is l being monitored under licensee tracking number SOS 94-l 1218.

l (3) The recent reorganization of the security force appeared to have been effectively implemented. The minimum manning levels for day and backshift are credible, overtime hours are adequately controlled, and call offs and compensatory

l

!

Retrieved from "https://kanterella.com/w/index.php?title=IR_05000483/1994013&oldid=2974682"