IR 05000528/1993036
| ML20057E778 | |
| Person / Time | |
|---|---|
| Site: | Palo Verde  |
| Issue date: | 09/22/1993 |
| From: | Pate R, Schaefer D, Schuster M NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION V) |
| To: | |
| Shared Package | |
| ML20057E769 | List: |
| References | |
| 50-528-93-36, 50-529-93-36, 50-530-93-36, NUDOCS 9310130142 | |
| Download: ML20057E778 (10) | |
Text
.
U. S. NUCLEAR REGULATORY COMMISSION
REGION V
Report Nos.
50-528/93-36, 50-529/93-36, and 50-530/93-36
Docket Nos.
50-528, 50-529, and 50-530 License Nos.
NPF-41, NPF-51, and NPF-74 Licensee:
Arizona Public Service Company P.O. Box 53999, Station 9082 Phoenix, Arizona 85072-3999 Facility Name: Palo Verde Nuclear Generating Station, Units 1, 2, and 3
_
Inspection at: Wintersburg, Arizona Inspection Conducted: August 30 through September 3, 1993 9W-94 m.e W.
I Inspectors:
e D. Schaefer, Physical S curity Inspector Date Signed-M.
9122/9~5 s
n M.'Schuster, SMPhysical Security Specialist Date Signed Accompanying Personnel: Nancy Ervin, NRR Reactor Security Specialist Approved by:
%.
D
%) L2/93 Robert J. Pate7 Chief, Safeguards, Emergency Date Signed Preparedness, and Non-Power Reactor Branch Inspection Summary:
Areas Inspected: This special, announced inspection reviewed the licensee's Access Authorization Program as required by 10 CFR 73.56. The inspectors used NRC Temporary Instruction 2515/116, " Access Authorization" dated October 30, 1992.
Results:
In the areas inspected, the licensee's Access Authorization Program appeared adequate to accomplish its objectives. The licensee was found to be in compliance with NRC requirements within the areas examined during this inspection, except for one non-cited violation involving the licensee's identification of failure to notify individuals with unescorted access authorization of their responsibility to report any arrest that may impact
,
t upon their trustworthiness (Inspection Report Details, paragraph 3.d).
l l
9310130142 930922 l
$DR ADOCK 05000528 PDR l
l
'
(
__
-
-
- -
.
.
-
i
I Five weaknesses in the licensee's Access Authorization Program were identified as follows:
1.
The licensee did not fully document or procedurally address verification of activities during claimed periods of unemployment in excess of 30 days.
(Inspection Report Details, paragraph 3.b).
'
2.
The licensee did not fully document or procedurally address a determination of willful or unintentional omission when individuals being investigated are found to have omitted information from personal history provided to the licensee.
(InspectionReport Details, paragraph 3.b).
3.
The licensee's procedure addressing verification of highest claimed post high school attendance, leading to a degree, was incomplete.
(Inspection Report Details, paragraph 3.b).
4.
The written results of psychological testing prepared by the licensee's clinical psychologist included an outdated (ANSI)
standard.
(Inspection Report Details, paragraph 3.c).
5.
A security supervisor had limited ability to authorize, manufacture,
and deliver a security photo identification badge (ACAD) for issuance, without the individual having previously completed all
'
requirements for unescorted site access.
(Inspection Report Details, paragraph 3.j).
The licensee's Access Authorization Program was characterized as having the
,
i following program strengths:
I 1.
The staff was professional and knowledgeable of the overall program.
(Inspection Report Details, paragraph 3.a).
2.
Department of Motor Vehicle checks are required for all individuals seeking unescorted site access.
(Inspection Report Details, paragraph 3.b).
3.
Local criminal records checks are performed for selected individuals in addition to the required FBI fingerprint check.
(Inspection Report Details, paragraph 3.b).
4.
Psychological testing of employees was implemented prior to the rule.
(Inspection Report Details, paragraph 3.c).
5.
Contractors and vendors who do not enter the protected area for 30 days have their security photo identification badge (ACAD)
terminated.
(Inspection Report Details, paragraph 3.e).
6.
Protection of personal information and records retention exceeded regulatory requirements.
(Inspection Report Details, paragraph
.
l 3.1).
.
.-
_.
_ _. _.
f
.
k b
.
[
REPORT DETAILS
1.
Key Persons Contacted C. Ahert, Senior Analyst, Access Control, Security Department, APS R. Barringer, Supervisor, Radiation Training /Genen1 Employee Training, APS T. Bland, Employee Assistance Program, APS
- R. Bouquot, Supervisor, Quality Audits, APS
- P. Brandjes, Consultant, Nuclear Safety M. Brucker, Senior Analyst, Badging, Security Department, AFS G. Dennis, Senior Analyst, Access Control, Security Department, APS
- D. Douglass, Auditor, Quality Audits and Monitoring, APS
- J. Draper, Site Representative, Southern California Edison l
- R. Fullmer, Manager, Quality Audits and Monitoring, APS
'
- B. Grabo, Supervisor, Nuclear Regulatory Affairs, APS
- D. Heller, Supervisor, Fitness For Duty, APS
- R. Henry, Site Representative, Salt River Project
- A. Huttie, Supervisor, Security Training, Security Department, APS M. Jefferson, Senior Analyst, Access Control, Security Department, APS
- J. Knuth, Security Senior Analyst, Security Department, APS
- F. Kroll Jr., Security Manager, APS
- E. Lumley, Supervisor, Performance Assessment, Security Department. APS
- M. Maddix, Senior Nurse, Fitness For Duty, APS
- D. Marks, Consultant, Nuclear Oversight
- J. McLaren, Supervisor, Access Control, Security Department, APS
- J. Napier, Senior Engineer, Nuclear Regulatory Affairs, APS
- J. Nielson, Technical Specialist, Quality Audits and Monitoring, APS
- J. Sloan, NRC Senior Resident Inspector, Palo Verde
- T. Steckler, Analyst, Access Control, Security Department, APS
- B. Whitney, Auditor, Quality Assurance, APS l
!
The above individuals denoted with an asterisk were present during the exit meeting on September 3,1993, as discussed in paragraph 4 of this inspection report. The inspectors also contacted other supervisors and members of the licensee's security, administrative, and technical staffs
as well as contractor organizations during the course of this inspection.
'
2.
Backcround i
On April 25, 1991, the Commission published the Personnel Access Authorization Requirements for Nuclear Power Plants,10 CFR 73.56, (the rule), which requires that each licensee, authorized on that date to operate a nuclear reactor, implement an Access Authorization Program (AAP) by April 27, 1992, to comply with the requirements of the rule, and that such program be incorporated into the licensee's Physical Security Plan (PSP). The rule further requires that licensees maintain that Access Authorization Program to provide high assurance that individuals
,
l granted unescorted access are trustworthy and reliable, and do not constitute an unreasonable risk to the health and safety of the public, including a potential to commit radiological sabotage.
This inspection, conducted in accordance with NRC Inspection Manual Temporary Instruction 2515/116, Access Authorization, assessed the
!
,
. -.
_ _ _
.
.
f.
l
.
.
l.
.
,
i
l licensee's AAP and its implementation. By letter dated April 27, 1992,
'
the licensee certified that all elements of Regulatory Guide No. 5.66 (RG 5.66) had been implemented to satisfy the requirements of 10 CFR 73.56.
The licensee's PSP was modified by Revision 31 and 31A, submitted by letters dated April 27 and October 1. 1992, respectively. These provisions were accepted for inclusion in the PSP by Region V letter dated November 23, 1992.
3.
Access Authorization Procram One non-cited violation and five weaknesses were identified.
a.
Administration and Oroanization Based on interviews, and direct observations of the AAP staff, the inspectors determined the staff was knowledgeable and professional'.
The overall professionalism and knowledge.of the AAP staff is considered.a strength. The licensee uses ten procedures to delineate the duties and responsibilities of implementing its AAP.
These procedures generally address most of the NRC criteria and guidance relative to such elements as: background investigation; granting, denying, suspending and revoking unescorted access; data exchange; behavioral observation; appeals; records retention; adjudication of questionable information; transfer or temporary I
access authorization; administering the psychological evaluation; fingerprint checks;-suitable inquiries, etc. Three weaknesses identified in the licensee's procedures are discussed in paragraph 3.b. below, b.
Backoround Investication Elements The inspectors reviewed records and conducted interviews to l
'
determine the adequacy of the program to verify the true identity of an applicant and to develop information concerning employment
l history, educational history, credit history, criminal history, military service, and character and reputation of the applicants
prior to granting unescorted access to protected and vital areas.
!-
l The inspectors reviewed the results of the background investigations
!
(bis) of numerous licensee and contractor employees.
l The inspectors noted that the licensee did not fully document or procedurally address verification of all activities during claimed -
periods of unemployment in excess of 30 days. A review of the licensee's background screening files indicated in one case, there was no documentation of an individual's activities during a declared period of unemployment. Through discussions with the analyst who conducted the investigation, it appeared that the activities may have been discussed although not documented. The licensee's procedures 20AC-0SK07 and 20DP-0SK11 required that the period of unemployment be verified, but did not require that an individual's activities during any claimed period of unemployment be verified.
This weakness was discussed during the exit meeting on
L
'
!
.
.
,
1
.
l
\\
September 3,1993, and will be reviewed during a future security inspection.
(0penItem 528/93036-01)
i During a review of background screening files, the inspectors also l
noted that one individual, when completing his Employee Security Questionnaire, had failed to list a 2-3 month period of
,
'
l unemployment. The licensee's review of this individual's employment history had discovered the omission of this period of unemployment.
'
The background screening records indicated that the licensee had contacted the individual and had verified this 2-3 month period of l
unemployment. However, the licensee's background screening records
,
did not indicate if the licensee had determined if the individual l
l had willfully omitted this 2-3 month period of unemployment, or if
,
the omission had been unintentional. Discussions with the analysts
!
l who conduct the investigations disclosed that some analysts do
,
discuss reasons why individuals omit information.
If it is
!
determined that the omission was unintentional, nothing further is done.
It was also determined that even if an analyst did not
,
inquire further into the omission, the reason is usually provided by l
the individual who omitted it. The licensee's procedures 20AC-0SK07 and 20DP-0SK11 did not address determination of willful or l
l unintentional omissions when individuals being investigated omit information from their personal history. This weakness was
'
discussed during the exit meeting on September 3,1993, and will be reviewed during a future security inspection.
(0 pen Item 528/93036-02)
During a review of background screening files, the inspectors noted
!
that in one case, the licensee's manner of verifying claimed post
!
high school attendance was incomplete.
In this case there was I
documentation in the background screening files for a claimed two-year associate of arts (AA) degree, however 36 credits subsequently earned at a university had not been verified. The licensee's l
procedures 20AC-0SK07 and 20DP-0SK11 incorrectly required that
,
l educational history be verified to the point of highest level of education claimed after high school which led to a decree. The appendix to RG 5.66 (NUMARC 89-01) requires the verification of the highest ci imed post high school attendance leadina to a decree
i regardless of time. Other files reviewed during the inspection i
!
contained adequate verification of all listed education as required; however, through discussions with analysts and review of the above
~
procedures, it was apparent that there was a potential for a failure of this nature to occur again. This weakness was discussed during the exit meeting on Septembet 3, 1993, and will be reviewed during a l
future security inspection.
(0penItem 528/93036-03)
The licensee's Access Authorization Program requires completion of a l
Department of Motor Vehicle (DMV) check for all individuals seeking
,
l unescorted site access. This DMV check is completed with the state that issued the individual's drivers license. The licensee
'
indicated that occasionally, a Dr1V check revealed moving vehicle violations, and/or convictions involving driving a motor vehicle l
l
.
.
which the individual had omitted from his Employee Security Questionnaire. This type of information is normally not available
!
through the FBI fingerprint check. The required completion of DMV checks is considered a program strength.
)
The licensee's Access Authorization Program requires the completion of local criminal history checks for selected individuals. The
licensee indicated that-occasionally, a local criminal history check completed in addition to the required FBI fingerprint check, revealed information not provided in the FBI fingerprint check. The
'
licensee's completion of selected local criminal history checks is
t considered a program strength.
Background investigations for licensee employees and those
~
contractors without an approved program, are primarily conducted by the licensee's own AAP staff. The licensee has reviewed and formally accepted the background screening program of two contractors. Additionally, the licensee has contracted with the following vendors to conduct portions of the background investigations: Trans Union (for credit checks); Equifax (for Department of Motor Vehicle checks); and Corporate Research Systems, Inc. (for selected criminal history checks). The scope and depth of i
background investigations are prescribed in the licensee's bid specifications.
"
The inspectors also reviewed numerous background investigations used as the basis for temporary unescorted access authorization, as permitted by the rule.
Records of completed background investigations contained a summary of information developed during the conduct of the investigation.
The inspectors determined through interviews and reviews of records that these records were reviewed by responsible licensee personnel and, in those cases where questionable or derogatory information had been reported, the licensee had investigated and documented the results of those investigations.
c.
Psycholooical Assessment Preceding implementation of the rule, the licensee had initiated
'
psychological assessment of all employees granted unescorted access.
This is considered a program strength.
The licensee contracts with Ron Lavit Associates (RLA) to score and
'
.
evaluate the Minnesota Multiphasic Personality Inventory 2, a 567 item true/ false questionnaire, administered by the licensee's staff.
Clinical interviews are conducted for those individuals identified by RLA based upon the test scores.
The inspectors " walked through", and discussed the administration of the test with proctors. Proper protection of the questions and answer sheets, isolation and proctoring practices were noted.
NRC
.
.
-.
-..-
-
-
-
-.-
-
'
.
.
>
!*
-
l Information Notice 91-59 relative to fraudulent psychological j
assessment has been discussed with on-site proctors and contractors.
by the licensee. The inspectors noted that positive identification i
is required and that " suitable inquiries" are made of the employee's past reliability and trustworthiness prior to taking. the test. The
!
Information Notice also provided guidance relative to criminal
.
!
penalties associated with falsification of safety-related records.
Twenty four individuals were interviewed and all were aware that falsification of safety-related documentation could be prosecuted as l
a federal criminal offense.
l l
During this inspection the inspectors noted that the licensee's clinical psychologist included an outdated standard as part of his certification of results of written psychological testing. The
,
psychologist's " Mental Examination" referenced, in part, ANSI-
<
Standard N18.17 as part of the basis for administering the Minnesota.
.
'
Multiphasic Personality Inventory (MMPI).. During the inspection, the licensee indicated that reference to this ANSI Standard would be
removed. This weakness was discussed during the September 3, 1993, i
exit meeting and will be reviewed during a future security
inspection.
(0 pen Item 528/93036-04)
-
!
d.
Behavioral Observation Proaram '(B0P)
i Through interviews and documentation reviews the inspectors concluded that the current program specifically addressed
.
i observation to detect behavioral traits that might be indicative of individuals attempting to interrupt the normal operation of a
reactor or to commit radiological sabotage.
l
Based on 24 interviews with employees, contractors and supervisors,
the inspectors determined that it was generally clear to the l
,
individuals as to what arrests to report and how the information,
!
'
when reported, would be processed. The licensee also had procedures and practices in place to ensure that each individual authorized unescorted access was subject to its behavioral observation program (BOP)ortoalicenseeapprovedBOP.
If the authorized individual was away from the program for more than 30 days, the licensee would
,
ascertain whether the activities that the individual engaged in during the absence had the potential to affect his or her trustworthiness and reliability.
The licensee had previously identified that-certain individuals had not recognized their responsibility to report any arrests and had issued a clarifying memorandum dated March 19, 1993, which was
-
addressed to all employees having unescorted access to the protected area.
In addition, Palo Verde news bulletin dated August 27, 1993, had been addressed to all plant personnel stressing each person's obligation to report all arrests, appeal rights for. anyone denied unescorted access, and additional supervisory responsibilities for
.
- - _
..
.. -
- -.
.
.
.
.-.
.-
-
l
.
j
the BOP.
It was-also determined that the licensee training staff
had begun to place additional emphasis on the reporting of arrest
)
information.
~
,
On April 27, 1992, the licensee certified that all elements of RG 5.66 had been implemented to satisfy the requirements of 10 CFR i
73.56. Paragraph 9.0 of the appendix to RG 5.66 (NUMARC 89-01)'
requires that individuals with unescorted access authorization be notified of his/her responsibility to report any arrests that may
impact upon trustworthiness. During this inspection the licensee
'
indicated that individuals with unescorted access authorization had
,
'
been initially notified of this reporting responsibility on March
.
19, 1993. During the exit meeting on September 3,1993, the inspectors identified the licensee's delay of. approximately eleven
~
months (April 26, 1992 through March 19, 1993) to notify these i
'
individuals of their above responsibility, as a violation. The
.
inspectors determined that the licensee had also taken action to l
remind employees again of their responsibility to report any arrest i
l by a news bulletin dated August 27, 1993. Further, the licensee l
requires that persons requesting unescorted access, acknowledge in
'
writing, the requirement to report all arrests. These corrective
!
i l
actions were also verified during the interviews mentioned earlier.
This violation is not being cited because the criteria specified in l
NRC's Enforcement Policy,10 CFR Part 2, Appendix C, Section i
i l
VII.B(2) were satisfied.
(NCY 528/93036-05)
"Grandfatherino " Reinstatement and Transfer of Access Authorization e.
f The licensee's records were reviewed to ascertain that only qualified personnel with uninterrupted unescorted access
authorization for at least 180 days on April 25, 1991, had been
" grandfathered" into the licensee's access authorization program.
The licensee's procedure for reinstatement of access authorization was reviewed. The procedure provides for reinstatement of unescorted access if the individual's unescorted access has been interrupted for more than 30 days but less than 365 days, and if the
,
'
previous access was terminated under favorable conditions. The licensee's procedure for reinstatement also provides for personnel whose unescorted access had been interrupted for 365 days or more, but less than 5 years.
Individuals in this latter category may be l
granted a temporary unescorted access. All individuals seeking reinstatement shall complete an Employee Security Questionnaire, an Authorization for Release of Information, and a Suitable Inquiry Release form.
Additionally, the licensee's program regarding contractors or vendors considered such employees who do not visit the facility at least once every 30 days to be employees who require infrequent -
access and for whom unescorted access should not be requested.
Further, the licensee's program revokes the unescorted access for those contractor / vendor employees who do not use their badges for a
l
,
i
. -
..
..
.
..
.
..
. -. -.
..
-
i
e
.
period of 30 days. The revocation of unescorted access authorization in such cases is considered a strength, i
The inspectors determined that the licensee had procedures
!
established to govern receipt of access authorization data from other licensees. However, licensee management stated during
interviews that they do not avail themselves of the option, as
'
permitted in 10 CFR 73.56, to accept transfers of temporary access I
authorization from other licensees.
Further, the licensee management stated that temporary access authorizations for
!
l individuals employed at Palo Verde are not transferred to other
I l
facilities.
f.
Temporary Access Authorization
.
_
l The inspectors reviewed the temporary access authorization files of numerous personnel and determined that the requirements of the Access Authorization Program had been satisfied prior to the
,
'
granting of temporary access. The licensee was utilizing a computer tracking system to ensure that temporary access authorizations do not unknowingly exceed the 180 day limit.
g.
Denial / Revocation of Unescorted Access
,
!
The inspectors reviewed the licensee's procedures for denial or l
revocation of unescorted access for licensee and contractor
!
personnel and determined that appropriate measures were in place to j
l satisfy program commitments with respect to appeals and reviews.
'
!
The review process was being conducted at an appropriate management l
level.
i The inspectors determined through interviews and a review of records l
that adequate review and evaluation of individuals whose fingerprint
or local arrest records had been returned with derogatory information, had been conducted prior to granting unescorted access
-
authorization.
h.
Audits l
APS Audit Report No.92-012, dated October 14, 1992, was reviewed to determine the effectiveness of the audit for the access i
authorization program. While this audit was conducted within the required 12 month period, it was concluded by the inspectors that
-
the audit was not conducted in sufficient depth to identify problems
!
as required by paragraph 13.1 of the Appendix to RG 5.66 (NUMARC 89-01). The following areas were not audited:
Psychological
'
evaluations and testing; training of supervisors and employees;
,
reporting of all arrests by employees; and protection of personal i
information.
At the request of the security manager an unscheduled audit of the
,
'
access authorization program was conducted July 12-23, 1993, and
,,.
_. _
.
.
.
.
..
.
_ -_ _,_- _
.
_
.
.
.
.
_
documented by le'tter dated July 30, 1993. That audit, audit plan and associated checklists were reviewed and two of the auditors participating in that audit were interviewed.
This audit was of sufficient depth to determine problems, most of which should have l
l been identified in the earlier audit. As a result of this audit the
'
supervisor for access authorization is taking a series of corrective actions to improve the program. During the exit meeting the In inspector stated that this second effort was an excellent audit.
this regard, the licensee's corrective actions will be reviewed during a future security inspection.
(0 pen Item 528/93036-06)
l
\\
l 1.
Record Retention l
The inspectors reviewed the licensee's record retention activities to ensure.that required records were being retained for the~
~
The inspectors determined that records were appropriate duration.
retained appropriately and that the storage facilities provided adequate security to prevent disclosure of personal information to The licensee controls files through:
a unauthorized personnel.
I sign out system when a file is removed; the use of files locked with locking bars and combination padlocks, within a locked (cipher In coded) room; and detection devices alarming to a security post.
the event of an alarm, an armed security officer would respond.
Members of the AA staff were also observed to lock individual offices when unoccupied. The licensee's manner of record retention
<
and protection of personal information is considered a strength.
j.
Issuance of Unescorted Site Access During this inspection, the inspectors reviewed the licensee's procedure for issuing a security photo identification badge (ACAD)
to individuals that had satisfactorily completed background screening requirements, a psychological evaluation, fitness-for-duty requirements, and the required site access training. The inspectors determined through interviews that a recent procedural change provided a security supervisor limited ability to administratively bypass these requirements and to authorize, manufacture and deliver a security identification badge for issuance. The supervisor had this " bypass" capability for only a limited category of individuals.
.
This weakness was discussed at the September 3,1993, exit meeting.
At that time, the licensee indicated that they would take immediate corrective action for this weakness.
(0 pen Item 528/93036-07)
4.
Exit Interview The inspection scope and results were summarized on September 3,1993, in an exit meeting with those persons indicated in Paragraph 1.
The inspectors described the areas inspected and noted that one non-cited violation had been identified as discussed in paragraph 3.d above.
Additionally, the inspectors identified five weaknesses, as discussed in paragraphs 3.b, 3.c, and 3.j above.
i
~ ~'"" ~
. ~,.,.,,
,,. _.,