IR 05000498/2019411
| ML19288A334 | |
| Person / Time | |
|---|---|
| Site: | South Texas  |
| Issue date: | 10/15/2019 |
| From: | Ray Kellar NRC Region 4 |
| To: | Gerry Powell South Texas |
| Kellar R | |
| References | |
| EA-19-088 IR 2019411 | |
| Download: ML19288A334 (10) | |
Text
ber 15, 2019
SUBJECT:
SOUTH TEXAS PROJECT, UNITS 1 AND 2 - NRC SECURITY INSPECTION REPORT 05000498/2019411 AND 05000499/2019411
Dear Mr. Powell:
On June 6, 2019, the U.S. Nuclear Regulatory Commission (NRC) completed the onsite inspection at your South Texas Project, Units 1 and 2. One finding discovered during the inspection required additional in office review. On September 26, 2019, the NRC inspectors discussed the results of this inspection with Ms. Kimberly Harshaw and other members of your staff. The results of this inspection are documented in the enclosed report.
NRC inspectors documented one finding of very low safety significance (Green) in this report.
This finding involved a violation of NRC requirements. The NRC is treating this violation as a non-cited violation (NCV) consistent with Section 2.3.2 of the Enforcement Policy.
If you contest the violation or significance of the NCV, you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; the Director, Office of Enforcement; and the NRC resident inspector at the South Texas Project, Units 1 and 2.
One cross-cutting aspect was assigned to a finding in Human Performance associated with work management (H.5). If you disagree with the cross-cutting aspect assignment in this report, you should provide a response within 30 days of the date of this inspection report, with the basis for your disagreement, to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with copies to the Regional Administrator, Region IV; and the NRC resident inspector at the South Texas Project, Units 1 and 2. This letter and its enclosure will be made available for public inspection and copying at http://www.nrc.gov/reading-rm/adams.html and at the NRC Public Document Room in accordance with 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding.
If you choose to provide a response to this report that contains Security-Related Information, please mark your entire response Security-Related Information - Withhold from Public Disclosure Under 10 CFR 2.390 (d)(1) and follow the instructions for withholding in 10 CFR 2.390(b)(1).
Sincerely,
/RA/
Ray L. Kellar, P.E., Chief Plant Support Branch 1 Division of Reactor Safety Docket Nos. 50-498 and 50-499 License Nos. NPF-76 and NPF-80
Enclosure:
Inspection Report 05000498/2019411 and 05000499/2019411
Inspection Report
Docket Numbers: 05000498, 05000499 License Numbers: NPF-76, NPF-80 Report Numbers: 05000498/2019411, 05000499/2019411 Enterprise Identifier: I-2019-411-0035 Licensee: STP Nuclear Operating Company Facility: South Texas Project, Units 1 and 2 Location: Wadsworth, Texas Inspection Dates: June 4, 2019, to September 26, 2019 Inspectors: M. Chambers, Security Inspector A. Meyen, Security Inspector J. Rollins, Security Inspector Approved By: Ray L. Kellar, P.E., Chief Plant Support Branch 1 Division of Reactor Safety Enclosure
SUMMARY
The U.S. Nuclear Regulatory Commission (NRC) continued monitoring the licensees performance by conducting a baseline security inspection at South Texas Project, Units 1 and 2, in accordance with the Reactor Oversight Process. The Reactor Oversight Process is the NRCs program for overseeing the safe operation of commercial nuclear power reactors. Refer to https://www.nrc.gov/reactors/operating/oversight.html for more information. NRC-identified and self-revealed findings, violations, and additional items are summarized in the table below. Licensee-identified non-cited violations are documented in the Inspection Results at the end of this report.
List of Findings and Violations Failure to Administer Random Drug And Alcohol Tests To Site Personnel Cornerstone Significance Cross-cutting Inspection Aspect Procedure Security Green [H-5] - 71130.05 NCV 05000498/2019411-01 Teamwork Protective NCV 05000499/2019411-01 Strategy Closed Evaluation and Performance Evaluation Program This was a Green self-revealing non-cited violation for the licensees failure to administer drug and alcohol tests to the individuals who are subject to 10 CFR Part 26, Subpart B, on a statistically random and unannounced basis, so that all individuals in the population subject to testing have an equal probability of being selected and tested. Specifically, due to an error in the software used to randomly select workers for drug and alcohol testing, a significant portion of workers subject to testing were excluded from the random selection pool and therefore had no probability of being selected and tested.
Additional Tracking Items None
INSPECTION SCOPES
Inspections were conducted using the appropriate portions of the inspection procedures (IPs)in effect at the beginning of the inspection unless otherwise noted. Currently approved IPs with their attached revision histories are located on the public website at http://www.nrc.gov/reading-rm/doc-collections/insp-manual/inspection-procedure/index.html.
Samples were declared complete when the IP requirements most appropriate to the inspection activity were met consistent with Inspection Manual Chapter (IMC) 2201, Security Inspection Program for Commercial Nuclear Power Reactors. The inspectors reviewed selected procedures and records, observed activities, and interviewed personnel to assess licensee performance and compliance with Commission rules and regulations, license conditions, site procedures, and standards.
SAFEGUARDS
71130.05 - Protective Strategy Evaluation and Performance Evaluation Program
The inspectors evaluated the sites protective strategy and performance evaluation program.
The inspectors also observed one licensees annual force-on-force exercise. The following elements were evaluated:
Tier I: all requirements.
Tier II: all requirements.
Tier III: all requirements.
Note that in Section 02.08 Reviews, Identification and Resolution of Problems, was used to verify that the licensee is identifying issues related to its protective strategy and performance evaluation program at an appropriate threshold and entering them in the corrective action program, verify that the licensee has appropriately resolved the issues regarding regulatory requirements for a selected sample of problems associated with its protective strategy per 10 CFR 73.55(b)(10), and to review Condition Report (CR) 19-4623, Revision 1, concerning the failure to perform random testing.
==71130.08 - Fitness for Duty Program (No samples)
==
In addition to using IP 71130.05, Identification and Resolution of Problems Review Section, the inspectors used portions of the fitness-for-duty (FFD) IP to inspect the licensees failure to perform random testing. The reference use of this IP did not consist of a sample.
INSPECTION RESULTS
Failure to Administer Random Drug and Alcohol Tests to Site Personnel Cornerstone Significance/Severity Cross-cutting Inspection Aspect Procedure Security Green [H-5] - 71130.05 NCV 05000498/2019411-01 Teamwork Protective NCV 05000499/2019411-01 Strategy Closed Evaluation EA-19-088 and Performance Evaluation Program This was a Green self-revealing non-cited violation for the licensees failure to administer drug and alcohol tests to the individuals who are subject to 10 CFR Part 26, Subpart B, on a statistically random and unannounced basis, so that all individuals in the population subject to testing have an equal probability of being selected and tested. Specifically, due to an error in the software used to randomly select workers for drug and alcohol testing, a significant portion of workers subject to testing were excluded from the random selection pool and therefore had no probability of being selected and tested.
Description:
On April 22, 2019, during a Leadership Team Alignment Meeting (LTAM), a licensee manager reported a rumor circulating among site personnel that employees with more tenure and in the licensees pension plan, were being subjected to random FFD testing more frequently than more junior employees that were not in the pension plan. The licensees pension plan was no longer offered to site employees around 2007. The following day the licensee generated CR 19-4623 to document and evaluate the concern.
On April 23, 2019, the licensee discovered that the algorithm in the software used to select individuals for random FFD testing contained an error. Specifically, the algorithm, at the time of discovery, inappropriately excluded approximately 59 percent of the site population subject to testing (approximately 958 individuals) from the random selection pool. The licensee discovered that this error in the algorithm had been introduced when the FFD database was converted from Microsoft Access 97 to Oracle forms in February 2005. The error in the algorithm used for random FFD testing contained a constraint that limited the random number generator from producing a number greater than 32,767. This meant that site workers with Oracle identification numbers of greater than 32,767 could not be selected for random testing when the constraint was introduced in February 2005. Oracle identification number 32,767 was exceeded on September 16, 2002. Therefore, at the time the algorithm error was introduced in 2005, the site was excluding a much smaller percentage of the site population from the random selection pool. The percentage of the site population excluded from random FFD testing would then continue to grow from February 2005 to April 2019 as each new worker that came to the site was assigned an Oracle identification number greater than 32,767.
On April 24, 2019, the licensee determined that the issue was a significant FFD programmatic failure and reported the issue to the NRC within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> of discovery in accordance with 10 CFR 26.719(b)(4).
The licensee took immediate corrective action and restored compliance by correcting the software algorithm error on April 25, 2019, approximately 2 days after discovery. Additional remedial actions included temporarily increasing the rate of monthly random drug and alcohol tests. The licensee also completed a root cause evaluation under CR 19-4623 on May 21, 2019, which determined that the latent software error was a result of a lack of rigor in the Software Quality Assurance (SQA) process in the 2004-2005 timeframe when the new FFD database software was being developed and placed into production. None of the licensees FFD audits, up to the present, were of a rigor to detect this software error.
Corrective Actions: Some of the licensees root cause evaluation long-term corrective actions included improving the overall rigor in the SQA process and establishing requirements to periodically validate that the algorithm is functioning properly.
Corrective Action Reference: CR 19-4623
Performance Assessment:
Performance Deficiency: The failure to administer drug and alcohol tests to site personnel on a statistically random basis such that all individuals in the population subject to testing have an equal probably of being selected and tested is a performance deficiency. It is a performance deficiency because the licensee failed to meet a requirement which was within its ability to foresee and correct and could have been prevented.
Screening: The inspectors determined the performance deficiency was more than minor because it was associated with the access authorization attribute of the security cornerstone and adversely affected the cornerstone objective to provide assurance that the licensee's security system uses a defense-in-depth approach and can protect against the design basis threat of radiological sabotage from external and internal threats. Specifically, by excluding a large portion of personnel in its random drug and alcohol testing program, the licensee failed to provide defense-in-depth against the internal threat of the design basis threat, including untrustworthy or unreliable personnel working at its facility. This performance deficiency degraded the licensees ability to provide reasonable assurance that individuals at its site are trustworthy and reliable as demonstrated by the avoidance of substance abuse and are not under the influence of any substance which adversely affects their ability to safety and competently perform their duties.
The inspectors assessed the level of program degradation at the time of discovery by evaluating the other intact program elements that provided deterrence and could potentially detect the presence of drug and alcohol abuse. The inspectors also assessed the effectiveness of the deterrence aspect of the random fitness for duty testing program. The inspectors determined that the licensees pre-access testing program was unaffected by the algorithm error and continued to screen new employees for illicit drugs or alcohol use prior to granting unescorted access. Additionally, the inspectors determined that the licensee effectively implemented an effective for-cause testing program, used when an individual appeared to be under the influence of drugs or alcohol on site and a post-event testing program, used following an event involving a human error or where human error may have contributed to the event to ensure that illicit drug or alcohol abuse was not a contributing factor. Although the software error existed for a prolonged period of time, the inspectors determined that the error was unknown to the South Texas Project staff and therefore was unlikely to have been exploited by the licensee staff. Therefore, when evaluating the significance of this issue, the inspectors concluded that the deterrence aspect of the random fitness for duty testing program remained in effect for the entire duration of the software error.
Finally, the inspectors determined that the licensee also maintained an effective behavioral observation program under 10 CFR 26.33. The behavior observation program consists of training for individuals to detect behaviors that may indicate possible use, sale, or possession of illegal drugs; use or possession of alcohol on site or while on duty; or impairment from fatigue or any cause that, if left unattended, may constitute a risk to public health and safety or the common defense and security.
Significance: The inspectors assessed the significance of the finding using Inspection Manual Chapter (IMC) 0609, Appendix E - Part I, Baseline Security Significance Determination Process. Inspection Manual Chapter (IMC) 0609, Appendix E - Part I, requires all findings associated with an attribute of physical protection to be initially screened using the, Significance Screen for Physical Protection Findings, Figure 4.
Since the finding did not meet the entry criteria for the, Significance Screen for Physical Protection Findings, the finding was assessed using the, Baseline Security Significance Determination Flowchart Process. The inspectors determined that the cumulative total for the finding is three
- (3) points. This was calculated by factoring the impact area (vital area)against Access Authorization Tier I Element 08.02.01(a), Tier II Element 08.02.05(a), and Tier III Element 08.02.12(a). The finding was determined to be of Green significance because the calculated point total did not exceed six
- (6) points. The inspectors determined the finding to be of very low security significance.
Cross-cutting Aspect: The finding has a cross-cutting aspect in the area of Human Performance associated with work management (H.5), because the licensee failed to implement a process of planning, controlling, and executing work activities such that nuclear safety is the overriding priority. The licensee failed to manage the conversion to using Oracle databases which introduced the initial error and failed to conduct an audit in subsequent years that identified the issue.
Enforcement:
Violation: Title 10 CFR 26.31(c)(5) requires, in part, that licensees and other entities shall administer drug and alcohol tests to the individuals who are subject to this subpart on a statistically random and unannounced basis, so that all individuals in the population subject to testing have an equal probability of being selected and tested.
Contrary to this requirement, from February 2005 to April 25, 2019, the licensee failed to administer drug and alcohol tests to the individuals who are subject to 10 CFR Part 26, Subpart B, on a statistically random and unannounced basis, so that all individuals in the population subject to testing have an equal probability of being selected and tested.
Specifically, due to an error in the software used to randomly select workers for drug and alcohol testing, a significant portion of workers subject to testing were excluded from the random selection pool and therefore had no probability of being selected and tested.
Severity: Green Enforcement Action: This violation is being treated as a non-cited violation (NCV), consistent with Section 2.3.2 of the Enforcement Policy.
EXIT MEETINGS AND DEBRIEFS
On September 26, 2019, the inspectors presented the security inspection results to Ms. K. Harshaw and other members of the licensee staff. The inspectors verified no proprietary information was retained or documented in this report.
DOCUMENTS REVIEWED
Condition Reports
19-4623 18-0027 18-00818 18-05057 18-01544
18-02374 18-02657 18-04179 18-04815 18-05360
18-06183 18-06567 18-07129 18-07412 18-08186
18-08261 18-08774 18-10432 18-13179 19-00600
19-01088 19-01528 19-02209 19-04554
Procedures
Number Title Revision
0PGP09-ZA-0002 Fitness for Duty Program 27
0PGP03-ZS-0001 Vehicle, Material, Personnel Access Control 46
SI 2501 Tactical Drill and Force on Force Exercise Program 11
SI 2101 Access Control 24
SI 2201 Patrol Alarm 30
SI1004 Security Force Arrest and Use of Force 7
Miscellaneous
Documents
Title Date
Access Authorization / Fitness for Duty Quality Audit Report 14-04 (AA) 6/12/2014
Access Authorization / Fitness for Duty Quality Audit Report 16-04 (AA) 6/9/2016
Access Authorization / Fitness for Duty Quality Audit Report 18-04 (AA) 6/14/2018
Physical Security Quality Audit Report Audit Report Number 17-07 (SE) 10/4/2017
Physical Security Quality Audit Report Audit Report Number 18-07 (SE) 9/12/2018
SUNSI Review: ADAMS: Non-Publicly Available Non-Sensitive Keyword:
By: MLC Yes No Publicly Available Sensitive NRC-002
OFFICE PSI:PSB1 PSI:PSB1 PSI:ACES C:DRP ACES C:PSB1
NAME MChambers AMeyen JRollins JJosey JGroom RKellar
SIGNATURE /RA-E/ /RA-E/ /RA/ /RA/ /RA/ /RA/
DATE 09/09/2019 09/09/2019 09/10/2019 09/12/2019 09/11/2019 10/15/2019