Text

From: Felts, Russell Sent: Tuesday, November 06, 2012 11:39 AM To: 'HANSON, Jerud' Cc: Albert, Ronald; Peduzzi, Francis; Johnson, Clay; Lui, Christiana; Layton, Michael; Aird, David; Costa, Richard; Frost, John; Gordon, Dennis; Lee, Pete; Petrucelli, Judy; Prescott, Peter; Rockhill, Rupert; Schnetzler, Bonnie; Williams, Vince

Subject:

Examples of failure to follow NEI 11-08

Jerud, At the last security frequently asked questions (SFAQ) meeting, the industry panel requested that I provide examples of security plan change submittals that demonstrate a failure to follow the guidance in NEI 11-08, Guidance on Submitting Security Plan Changes. Most such issues involve a failure to provide information adequate for the security licensing staff to conclude that the plan change does not constitute a decrease in effectiveness of the security plans, or information adequate to demonstrate security plan compliance with regulatory requirements.

NEI 11-08, Part 2, Security Plan Change Review Criteria, begins as follows, The following information should be considered by the licensee when reviewing and analyzing a security plan change. Although these items are not all inclusive, they provide a general overview of the specific types of information that should be considered when conducting a security plan change review and analysis, as well as what information should be included in the written security plan change submittal package. The licensee should provide as part of the security plan change submittal, in-depth information and explanation of impact that the plan changes have on the safeguards effectiveness of the security plans.

In May 2012, NRC received a security plan change implemented without prior NRC approval by the licensee under the provisions of 50.54(p)(2) that appeared to be a decrease in the safeguards effectiveness of the security plans. The submittal included a list of changes but had no description of the changes, description of the methodology used to justify implementation without prior NRC approval, or any description of how the changes would maintain effectiveness of the security plans. Based on the information available to the staff at that time, the site was requested to reinstate the provisions of the previous security plan until the NRC could ascertain the impacts of the changes. The staff issued a request for additional information (RAI) to the site seeking clarification on the licensees approach and considerations in making the changes.

Although the licensee indicated that they had used NEI 11-08, which was at the time under review by the NRC for endorsement, the information received from the licensee did not identify the purpose of the change, supporting information gained through the analysis conducted, or an explanation of how the plan changes did not reduce the safeguards effectiveness of the security plans, which is inconsistent with NEI 11-08. Furthermore, the changes to the security plans did not adequately characterize the use of certain equipment, such as intrusion detection and assessment systems, as specifically required in regulation. Subsequently, security inspectors and licensing staff visited the site to determine the impacts of the changes on effectiveness of the security plan. The staff determined that the changes would not decrease the effectiveness of the security plans; however, additional RAIs were sent to the licensee to ensure appropriate documentation of the change to the licensing basis.

NEI 11-08, Part 2, Item 1, begins as follows, Review the change against all requirements contained in 10 CFR 73.55.

The staff recently received a security plan change implemented without prior NRC approval by a licensee under the provisions of 50.54(p)(2) which contained a report describing what was being changed, including considerations made by the licensee in making the changes, and an affirmation that the changes did not decrease the safeguards effectiveness of the security plans.

In reviewing the report, staff concluded that the licensee had partially utilized the guidance in NEI 11-08. Staff determined that an RAI for this licensee was necessary to understand how certain owner control area security equipment is used in implementing the protective strategy and how the equipment meets regulatory requirements.

Neither of the security plan submittals discussed above adequately characterized the use of specific equipment in meeting regulations. These omissions, particularly when accompanied by a decrease in another area of the security plan, impede the NRC security licensing reviewer in performing an adequate licensing review and require RAIs. If the licensee is using security equipment to meet regulatory requirements, including performance requirements, then the licensee must fully characterize that equipment within their security plans (e.g., when the licensee describes equipment used for detection and assessment, it must be identified in the security plan and meet the regulatory requirements for detection and assessment, including maintenance, testing, etc.).

Best regards, Russell Felts Chief, Reactor Security Licensing Branch Office of Nuclear Security and Incident Response U. S. Nuclear Regulatory Commission Russell.Felts@nrc.gov (301) 415-5211 (office)

(301) 512-3156 (mobile)