ML14181A816
| ML14181A816 | |
| Person / Time | |
|---|---|
| Site: | Robinson  |
| Issue date: | 04/23/1996 |
| From: | Fredrickson P, Thompson D NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION II) |
| To: | |
| Shared Package | |
| ML14181A814 | List: |
| References | |
| 50-261-96-03, 50-261-96-3, NUDOCS 9605140307 | |
| Download: ML14181A816 (12) | |
See also: IR 05000261/1996003
Text
PcREG(
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION II
0o
101 MARIETTA STREET, N.W., SUITE 2900
ATLANTA, GEORGIA 30323-0199
Report No.:
50-261/96-03
Licensee:
Carolina Power and Light Company
P.O. Box 1551
Raleigh, NC
27602
Docket No.:
50-261
License No.:
Facility Name: H. B. Robinson Unit 2
Inspection Conducted:
March 11 thru April 4, 1996
Inspector:
_
___
__
i
'
Da i
.
Th pson, Safdg
rds Inspector
Date Signed
Approved by: ___________
__________'
Paul E. Fredrickson, Chief
Date Signed
Special Inspection Branch
Division of Reactor Safety
SUMMARY
Scope:
This routine announced inspection was conducted in the various aspects of the
Security Program for Power Reactors, specifically: management support;
security program plans and procedures; safeguards information; audits;
security lighting and final safety analysis commitments.
Results:
In the areas inspected, two potential violations were identified. Observation
and inspection results confirmed operational effectiveness of the security
program except in the areas discussed below. Management support was evident
by the continued efforts to enhance security program capabilities through
upgraded security system components and personal equipment that is utilized by
the security force. The security manager had been in his present position for
approximately seven months and was dedicated to upgrading the performance
level of the security force. The inspector noted that part of the support
staff and shift supervisors were newly assigned to their positions and had
limited experience in performing their assigned task. The officers observed
performing their day-to-day duties were capable of providing security support
to plant operations. Security plans and procedures were reviewed and found to
be in accordance with regulatory requirements. Security plans were in the
process of being updated and procedures were being reviewed and updated as
needed. Audits were found to be very detailed and thorough. The auditor was
very knowledgeable of security requirements and had identified meaningful
9605140307 960425
ADOCK 05000261
Q
2
an excellent management tool which can be used to enhance the effectiveness of
the security program. Access controls had been enhanced with the installation
of hand geometry and the automated system was operating effectively during the
inspection. The inspector followed up on an unresolved item 96-02-04,
identified by the Resident Inspectors during their review of the operation of
the newly installed hand geometry system. The concern was that the hand
geometry system had not been tested prior to installation. The inspector
determined that the hand geometry had not been adequately tested and the test
results properly documented prior to activation (see Paragraph 2.5).
The
licensee had identified and reported that on February 19-20, and on March 19,
1996, that safeguards information had not been properly stored and controlled
when outside the approved storage container (see Paragraph 2.4).
The Resident
Inspector had opened an unresolved item 96-02-05, for failure to properly
secure safeguards information. The Resident Inspector had opened an
unresolved item 96-02-06 concerning security lighting not being turned on and
off properly.
Security lighting was found to be adequate to support the
security officers to identify activities inside the protected area (see
Paragraph 2.7).
One violation was identified:
Violation 50-261/96-03-01: Failure to test properly and to document the test
results prior to operating newly installed security equipment.
One apparent violation was identified:
Apparent violation 50-261/96-03-02:
Failure to control safeguards information
(two examples) properly. Additionally, there were three examples identified
during licensee's audits of failure to comply with the requirements of the
safeguards information procedure.
REPORT DETAILS
1.0
Persons Contacted
1.1
Licensee Employees
- W. Baum, Director, Human Resources, H.B. Robinson Nuclear Power Plant
(RNP)
- C. Bowen, Security Analyst, RNP
- P. Cafarella, Superintiident, Mechanical Systems, RNP
- B. Clark, Manager, Maintenance, RNP
- J. Clements, Manager, Site Support Services, RNP
- P. Gaffney, Supervisor, Electrical Engineering, RNP
- J. Ellis, Manager, Corporate Security, Carolina Power and Light (CP&L)
- W. Hatcher, Corporate Nuclear Security, CP&L
- C. Henderson, Access Authorization, Senior Support Specialist, RNP
- M. Herrell, Manager, Training, RNP
- C. Hinnant, Vice President, RNP
- R. Howell, Senior Specialist, Nuclear Assessment Section, RNP
- R. Krich, Manager, Regulatory Affairs, RNP
- J. Lucas, Supervisor, Technical Training, RNP
- V. Makowski, Security Operations, RNP
- E. Martin, Superintendent, Document Services, RNP
- B. Meyer, Manager, Operations, RNP
- R. Moore, Manager, Outage and Scheduling, RNP
- J. Moyer, Manager, Nuclear Assessments, RNP
- T. Natal, Superintendent, Operations Training, RNP
- R. Neumann, Security Analyst, RNP
- B. Randlett, Security Superintendent, RNP
- D. Young, Plant General Manager, RNP
1.2 Other Employees
Other employees contacted during this inspection included craftsmen,
engineers, mechanics, security force members, technicians, and
administrative personnel.
1.3
U.S. Nuclear Regulatory Commission
- P. Byron, Resident Inspector, Brunswick Nuclear Plant
- W. Orders, Senior Resident Inspector
- J. Zeiler, Resident Inspector
- Attended Exit Interview
2.0
Physical Security Program For Power Reactors (81700)
2
2.1
Management Support, Security Program Plans and Implementing
Procedures, and Security Audit
2.2
Management Support
Management support provided by the licensee for the site security program was
reviewed to ensure that the criteria specified in Section 1 of the approved
Industrial Security Plan (ISP) were adequately implemented. Review and
observation further determined that the current staffing levels met ISP
commitments and regulatory requirements. It was noted that the security force
was composed of Carolina Power and Light employees supported by 82 Burns
Security, Inc., contract security force members.
Senior management support of the security program was evident by the continued
upgrade of the security equipment such as, the hand geometry for access
control, video capture for improved assessment, and a new range facility.
Based on observation during the inspection, it was apparent that corporate and
site senior management were responsive to the site security organization's
requirements for resources and maintenance support.
Based on review of the security operational activities, the inspector
concluded that the security organization was adequately staffed, trained, and
equipped, and was supported by licensee management in accordance with
commitments contained in the ISP.
There were no violations of regulatory requirements noted in this area.
2.3 Security Program Plans and Implementing Procedures
The licensee's approved ISP and Contingency and Training and Qualification
Plans were reviewed to verify that the provisions of 10 CFR 50.34(c) and the
procedural requirements for compliance with the provisions of Part 73 were
effectively implemented.
The inspector reviewed the 17 implementing procedures for ensuring compliance
with the provisions and commitments of the ISP and Contingency Plan. The
inspector noted that the procedures were sufficient to support the security
operations. The Security Manager informed the inspector that the licensee was
in the process of updating the procedures. The inspector noted that the
licensee had not included the seven day lighting test in the testing and
maintenance procedure. However, the inspector determined that the lighting
was being reviewed daily by the security force, and at the end of the
inspection the licensee was in process of including the seven day test in the
testing and maintenance procedure. An additional lighting concern which was
noted by the Resident Inspector is discussed in Paragraph 2.7.
Based on review and discussion with management personnel and observation of
security performing day-to-day activities, the inspector determined that the
ISP and implementing procedures adequately addressed the security
requirements.
There were no violations of regulatory requirements noted in this area.
3
2.4
Safeguards Information
Prior to this inspection period, on February 21, 1996, the Resident Inspector
toured the Central Alarm Station area.
During this tour, the inspector noted
that a filing cabinet, which was known to have been locked and classified as
"Safeguards" during previous tours of the area, was now unlocked and
safeguards information was no longer stored in the container. However, the
inspector found several of the drawers to be filled with documents that were
questionable as to their security classification. While none of the material
sampled had been stamped with typical safeguards markings or numbers, some of
the material had pages with typewritten security/safeguards references in the
page headings. There were also numerous electrical drawings of the plant
security equipment. While these drawings were old and appeared to be
outdated, the inspector was concerned that the material may not have been
properly classified. This issue was identified as URI 96-02-05.
During this inspection the safeguards inspector reviewed applicable regulatory
requirements and discussed the event with the licensee. Based on review of
the event the inspector noted that the licensee can store safeguards material
in the cabinet discussed above providing it is in accordance with
paragraph 5.6.3, Administrative Procedure, AP-028, Safeguards Information,
Revision 12, dated June 16, 1995, which states that "other repositories, which
in the judgement of the security manager, would provide comparable physical
protection may be used to store safeguards information," and since the cabinet
discussed above was located in the central alarm station (Vital Area) computer
room and was under the control of a security officer, then the cabinet could
have been left open as long as the licensee controlled access to the area.
The safeguards inspector discussed the event with the licensee on March 11,
1996, and was informed by the licensee that they did not consider any of the
material in the cabinet as safeguards information. The inspector randomly
reviewed the material and concluded that the material did not contain
safeguards information. Therefore, URI 96-02-06 is closed.
The inspector determined through review and discussion with the licensee that
on February 19-20, 1996, a safeguards document (Industrial Security Plan) and
a one-page draft document had been found left unattended and unsecured in the
security office area which was located outside the protected area. The
licensee had an ongoing investigation to determine when and who removed the
document from the approved storage area, and when and who left the document on
top of the approved storage cabinet.
In addition to the event discussed above the licensee notified the NRC on
March 20, 1996, that at approximately 8:45 a.m., on March 19, 1996, that a
member of the security section had removed a safeguards document from the
storage facility and at approximately 10:35 a.m., had left it on his desk
unsecured and unattended. The safeguards document was found by another member
of the security force at approximately 10:45 a.m., when he entered the work
area of the individual after he had departed. The document was left
unattended and unsecured for approximately 10 minutes within the security
office.
The security office is located outside the protected area.
4
The inspector, during further review of previous safeguards events, noted that
the licensee had been issued a violation on April 5, 1995, for failure to
maintain control of safeguards information. Also, on June 22, 1995, the
licensee received a violation for four events concerning safeguards
information. The four events were: storing safeguards information in a non
approved locked filing cabinet; leaving a safeguards cabinet unlocked and
unattended; allowing a employee who was not authorized access to safeguards
information have access to the safeguards information; and receiving
safeguards information from a contractor that was improperly marked,
transmitted, and secured.
Additionally, during the Nuclear Assessment Department (NAD) audit of
February 27 to March 10, 1995, the licensee found that the safeguards
Procedure AP-028, did not provide a control for preventing the safeguards
information from being sent to the hard drive and potentially being exposed to
uncleared personnel.
During the Nuclear Assessment Section (same group as NAD
but recently redesignated) audit of February 5-16, 1996, the licensee
determined that the word processor automatic timed backup feature was not
deactivated as required by the safeguards Procedure AP-028. They also
determined that site personnel who had access to safeguards information had
not received training as required by the safeguards Procedure AP-028.
Based on the inspector's review of the corrective action to Violation 95-18
01, the inspector concluded that the corrective action to the violation was
not sufficiently in-depth and was for the most part administrative in nature.
The corrective action was, therefore, not adequate to prevent safeguards
material from being left unattended since the corrective action did not
include any changes to the safeguards information physical controls.
Prior to
the inspectors departure the licensee was in the process of implementing
physical controls as protective measures for maintaining control of safeguards
information.
10 CFR 73.21(d) requires that Safeguards Information, while in use, shall be
under the control of an authorized individual.
In addition, 10 CFR
73.21(d)(2) requires that Safeguards Information be stored in a locked
security storage container when unattended.
Administrative Procedure, AP-028, Revision 12, dated June 16, 1995, Paragraph
5.0, states that "Attachment 6.5 (Statement of Disclosure Form), shall be
completed for licensee and contract employees requiring access to safeguards
information."
Administrative Procedure, AP-028, Revision 12, dated June 16, 1995, Paragraph
5.5.4.1, states that "Individuals processing Safeguards Information on Pcs
shall ensure that the timed back-up is removed or routed to the Pcs diskette
drive."
Administrative Procedure, AP-028, Revision 12, dated June 16, 1995, Paragraph
5.6.1, states that "Safeguards Information shall be protected from
unauthorized disclosure. While unattended, Safeguards Information shall be
stored in a locked security storage container."
5
Administrative Procedure, AP-028, Revision 12, dated June 16, 1995, Paragraph
5.12, states that "Safeguards Information shall be under the control of an
authorized person while in use in order to limit access to those persons who
have a 'need to know.'
This requirement is satisfied if the material is
attended by an authorized person even though the information is in fact not
being used."
On February 19-20, 1996, safeguards information was left unattended and
unsecured for approximately 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> in an area outside the protected area.
Again, on March 19, 1996, a safeguards document was left unattended and
unsecured for approximately 10 minutes outside the protected area. During the
Nuclear Assessment Department (NAD) audit of February 27 to March 10, 1995,
the licensee determined that the safeguards Procedure AP-028, did not provide
a control for preventing the safeguards information from being sent to the
hard drive and potentially being expo:cd to uncleared personnel.
During the
Nuclear Assessment Section (NAS) audit of February 5-16, 1996, the licensee
determined that the word processor automatic timed backup feature was not
deactivated as required by the safeguards procedure AP-028. They also
determined that site personnel with access to safeguards information had not
received training as required by the safeguards procedure AP-028.
These five issues were apparent violations of regulatory requirements and will
be tracked as EEI 96-03-02.
2.5
Security Program Audit
Chapter 14 of the ISP, requires the licensee to audit the security program at
least once every 12 months. The audit is required to be conducted by the NAD
which was recently designated as the NAS.
The NAS staff has within the past year conducted two major program audits of
the security program. An audit was conducted February 27 to March 10, 1995.
The auditors concluded during the audit that the security program was
effective to support the operation of the Robinson Nuclear Plant (RNP).
The
NAS auditors identified no strengths, one issue, and one weakness.
The one
issue was that management had not effectively communicated or enforced high
standards and expectations within the RNP security organization. To support
their conclusion, there were 12 findings identified and documented. The
second annual audit that the inspector reviewed was conducted February 5-16,
1996. The auditors concluded that the security program was effective in
support of the operations of the RNP. The NAS findings included one strength,
four issues, and no weaknesses. Maintenance of the security equipment was
considered a strength. The four issues were as follows:
-
The security unit is not effectively self-assessing and taking
advantage of precursors or trend data from the Corrective Action
Program.
-
The control of access to safeguards information does not meet
plant management expectations.
-
The security force training is not achieving desired results.
6
-
The security personnel are not complying with requirements set
forth in AP-006, "Procedure Use and Adherence."
Based on the inspector's discussion with the auditors and review of the audit
reports, the inspector concluded that the security audits were thorough and
sufficiently detailed in scope to effectively address the areas reviewed. The
inspector determined that the audit results were reported to the appropriate
management levels for review and corrective actions.
The failures to control access to safeguards information which were identified
during the two audits are apparent violations and are being considered as part
of the potential escalated enforcement action (see Paragraph 2.4).
2.6 Access Controls (Hand Geometry System Implementation Review)
On November 28, 1995, the licensee implemented the use of hand geometry
equipment to control unescorted personnel access into the protected area. The
licensee implemented use of this alternative access control equipment based on
NRC approval of a license exemption from the requirements of 10 CFR 73.55(d),
dated December 20, 1994. The exemption allowed an alternative unescorted
access control system that eliminated the need to issue and retrieve badges at
the entrance/exit locations. To implement the exemption request, the licensee
installed the hand geometry equipment in accordance with ESR Modification 94
00393.
Based on the Resident Inspectors' Unresolved Item 96-02-04, the inspector
reviewed and discussed with the licensee the results of the hand geometry test
that was performed prior to acceptance of the newly installed access control
equipment. The Resident Inspector indicated that when he had inquired about
the licensee acceptance testing for the hand geometry, he was provided with a
computer readout which denoted testing of card reader 2. Subsequently, the
inspectors determined that there was not any testing documented for card
readers 3 and 4. Based on the inspector's review of the testing data, the
inspector concluded that the licensee had not tested the hand geometry system
to arrive at a detection ratio of 90 percent with a 95 percent confidence
level.
During a discussion with an instrumentation and calibration (I&C)
technician, an I&C technician stated that during the installation of the
equipment, he recalled testing the system 30 times to arrive at the 90 percent
detection ratio and the 95 percent confidence level.
However, the inspector
was unable to review the data because all computer records were destroyed
prior to start-up of the hand geometry access control equipment. During a
subsequent meeting with the licensing and engineering staff, they informed the
inspector that since the hand geometry equipment had previously been tested at
the Sandia National Laboratory, they were not required to retest the system to
validate the probability detection rate and the confidence level after
installation. The licensee indicated that they were aware that the other two
CP&L sites had conducted acceptance tests prior to placing the hand geometry
equipment in operation.
The inspector also noted that Security Procedure, SP-012, Verification of
Security System Component Operation, was not included in the "documents
affected" section of the modification package. This procedure is used to
7
perform periodic testing of various components of the security system,
including the access control system. Although not listed in the modification
package, the inspector noted that this procedure had been revised to
incorporate changes in the access control system due to the new hand geometry
system. However, revised testing was only limited to verification of the
valid cardkey with valid hand function. The inspector discussed the limited
test with the licensee and they stated that they planned on including testing
with a valid badge and an invalid hand into the testing criteria.
The exemption from the requirements of 10 CFR 73.55(d), Access Requirements
Brunswick, H. B. Robinson and Shearon Harris Nuclear Power Plants, letter
dated December 20, 1996, paragraph III, requires the licensee's hand geometry
equipment to meet the detection probability of 90 percent with a 95 percent
confidence level, and to revise the physical security plan to include
implementation and testing of the hand geometry access control system.
Paragraph 12.1, of the Industrial Security Plan (ISP), Revision 31, dated
January 24, 1996, states, "Hand geometry reader testing to assure a
probability ratio of 90% with 95% confidence shall be performed annually,
after repairs, major maintenance, re-calibration of equipment, and after each
inoperative state."
From November 28, 1995 to March 9, 1996, the failure to perform and document
the acceptance testing prior to placing the hand geometry access control
system in operation is a violation of NRC regulatory requirements (50-261/96
.03-01). The unresolved item 96-02-05 is closed.
2.7 Protected Area Lighting Equipment Degradation
On February 21, at approximately 6:15 p.m., the Resident Inspectors observed
that the protected area high-mast lights was not turned on and that darkness
was approaching.
Based on the Resident Inspectors' concern that the lighting was not being
activated in a timely manner, he contacted plant security personnel, who
indicated that the automatic controls (photo-cell control device) for
actuating the lights was not functioning properly. As a result of the photo
cell malfunction, the security staff was manually energizing/de-energizing the
lights as necessary each day.
The inspectors discussed the status of efforts to repair the degraded security
equipment with the security manager. The security manager indicated that he
was unaware of the condition and immediately initiated actions to investigate
the matter. Subsequent investigations revealed that maintenance had been
notified on August 10, 1995, work-order (W/O 95-AKBN1) that it was almost too
dark before the lights activated. The maintenance to correct the deficiency
was accomplished on September 22, 1995.
On September 28, 1995, work-order
(W/0 95 ADB1) was submitted because the lights activated too early and went
off late. Maintenance action to correct this deficiency was completed on
September 29, 1995, which included an unsuccessful adjustment.
At this time
maintenance decided to procure a replacement photo-cell, and temporarily
repair the system by taping of a portion of the photo-cell sensor (to limit
8
light exposure).
After the actions to correct the deficiencies under work
order 95-ABD1, the security shifts began operating the lights manually due to
their concerns that the lights were not energizing early enough in the
evening. Based on discussion with the licensee after work order 95-ABD1, was
closed, another work request was not issued to repair the light controls, nor
was proper compensatory measures implemented for the degraded equipment. This
issue was identified as an URI 96-02-06.
The inspector was informed by the licensee that prior to February 1996, they
did not conduct official lighting surveillance of the protected area lighting.
However, during further discussion the inspector determined that the shift
personnel were responsible for informing security management when lighting
needed to be replaced. The licensee, as of March 11, 1996, stated that a
quarterly lighting check would be required as defined in Security Procedure,
SP-012, Verification of Security System Component Operation. The licensee
stated that they planned to establish procedures to ensure that the protected
area lighting meets the regulatory requirements weekly during the back shift
check.
Based on the information available, the licensee initially identified a
concern that the lighting energized later than was acceptable and attempted to
correct the problem. When the photo-cell sensor was adjusted, it appears that
the adjustment caused the lights to energize early and go off late.
The
corrective action was to place a piece of tape across the sensor. When this
action failed to correct the concern, the officers established compensatory
actions without notifying management or alerting maintenance of the problem.
Therefore, the licensee was in a compensatory measures without a planned
program to correct the deficiency.
The inspector determined from the National Weather Service that the official
sunset for Hartsville, SC, on February 21, 1996, was 6:09 p.m., and that
twilight ended at 6:34 p.m. Therefore, based on the twilight time the
lighting conditions were sufficient to meet regulatory requirements and it
does not appear that the lighting condition was below the regulatory
requirements.
The Unresolved Item 96-02-06 is closed. There were no violations of
regulatory requirements noted in this area.
3.0 Action on Previous Inspection Findings
CLOSED - URI 96-02-04, Failure to Test and Document the Test Results of Newly
Installed Security Equipment. The inspector reviewed the licensee's actions
concerning installation of the hand geometry and concluded that the equipment
had not been previously tested and the test results documented after
installation of the hand geometry system.
CLOSED - URI 96-02-05, Failure to Properly Secure Safeguards Information. The
inspector reviewed the safeguards information documents which were stored in
the CAS and determined that documents did not contain safeguards information.
9
CLOSED - URI 96-02-06, Failure to Properly Maintain the Lighting Equipment.
The inspector determined that the security lighting was adequate to support
the requirements of the ISP.
4.0 Review and Updated Final Safety Analysis (UFSAR) Commitments
A recent discovery of a licensee operating their facility in a manner contrary
to the UFSAR description highlighted the need for a special focused review
that compares plant practices, procedures, and/or parameters to the UFSAR
description. While performing the inspection discussed in this report the
inspector reviewed Chapter 13 the applicable portions of the UFSAR that
related to the areas inspected. The inspector verified that the UFSAR woring
was consistent with the obse,.ved plant practices, procedures, and/or
parameters.
5.0
Exit Interview
The inspection scope and results were summarized on March 11, 1996, with those
persons indicated in Paragraph 1. The inspector described the areas inspected
and discussed in detail the inspection results listed below. The licensee was
informed that there was one potential violation, and one potential repeat
violation of regulatory requirements identified during the inspection. The
licensee was further informed that the recent installation of hand geometry
had enhanced the capability to control personnel entering and exiting the
site.
It was further noted that the security personnel on shift were capable
of supporting the site's response requirements for contingencies and day-to
day security. The licensee was informed that they had failed to properly test
and document the test results for the newly installed hand geometry system.
The licensee was also informed that the inspector had noted that they had
repeatedly failed to properly handle and control safeguards information.
Dissenting comments were not received from the licensee.
Subsequently, on April 4, 1996, the licensee was informed that the safeguards
information control events were being considered for escalated enforcement and
that the ending date for the report was April 4, 1996. Dissenting comments
were not received from the licensee.
TYPE
Item Number
Status
Description and Reference
96-03-01
Open
Failure to properly test and
document the test results of newly
installed security equipment
(Paragraph 2.5)
96-03-02
Open
Failure to properly control and
secure safeguards information
(Paragraph 2.4)
96-02-04
Closed
Failure to test and document the
test results of newly installed
security equipment (Paragraph 2.5)
96-02-05
Closed
Failure to properly secure safe
guards information (Paragraph 2.4)
96-02-06
Closed
Failure to properly maintain the
lighting equipment (Paragraph 2.7)