ML17031A440
| ML17031A440 | |
| Person / Time | |
|---|---|
| Site: | SHINE Medical Technologies |
| Issue date: | 01/26/2017 |
| From: | Steven Lynch NRC/NRR/DPR/PRLB |
| To: | Bartelme J SHINE Medical Technologies |
| Lynch S | |
| Shared Package | |
| ML17031A438 | List: |
| References | |
| Download: ML17031A440 (4) | |
Text
DRAT REQUEST FOR ADDITIONAL INFORMATION RELATED TO THE SAFEGUARDS INFORMATION PROTECTION PROGRAM FOR SHINE MEDICAL TECHNOLOGIES, INC.
DOCKET NO. 50-608 CONSTRUCTION PERMIT NO. CPMIF-001 The following requests for information are based on the NRC staffs review of SHINE Medical Technologies, Inc.s (SHINEs) Safeguards Information (SGI) Protection Program. This information is necessary to demonstrate SHINEs compliance with the regulations contained in Title 10 of the Code of Federal Regulations (10 CFR) Parts 73, Physical Protection of Plants and Materials and 50, Domestic Licensing of Production and Utilization Facilities. The response to this request will inform the NRCs determination on the effectiveness of SHINEs SGI Protection Program.
SHINE Procedure 0900-01-08, Revision 0, Protection of Safeguards Information (SGI)
RAI-1
Section 3.3, page 4, of SHINE Procedure 0900-01-08 is missing a description of the individual or individuals responsible for establishing and administering the training that is referenced within this section and other sections of the SHINE SGI Protection Program.
As required by 10 CFR 73.21(a)(1), an SGI program must be established, implemented, and maintained by each licensee who produces, receives, or acquires SGI. This SGI program should include an appropriate training program.
Identify the individual (or individuals) responsible for the establishment, implementation, and maintenance of the SGI training program.
RAI-2
The definition of material found in Section 5.10, page 5, of SHINE Procedure 0900-01-08, and used in other sections of SHINEs SGI Protection Program, includes
[a]ny item containing information that is classified as SGI. However, SGI is not a classification type and is considered non-classified information.
As defined in 10 CFR 73.2, SGI means information not classified as National Security Information or Restricted Data.
Use a word other than classified in the definition of material to avoid confusion with terminology associated with National Security Information or Restricted Data.
Appropriate alternatives could include determined or designated.
RAI-3
Section 6.1.2, page 7, of SHINE Procedure 0900-01-08 does not identify the individual or individuals responsible for verifying that an outside organization understands the protection and handling requirements applicable to SGI. However, Section 6.1.4, page 7, identifies the Safeguard Custodian as responsible for verification.
The requirements of 10 CFR 73.22(b) describe the conditions for access to SGI, including the establishment of a need to know. As defined in 73.2, need to know means a determination by a person having responsibility for protection SGI that a proposed recipients access to SGI is necessary.
Identify the individual (or individuals) responsible for verifying than an outside organization understands the protection and handling requirements applicable to SGI.
RAI-4
The storage container labels described in Section 6.3.2, page 8, of SHINE Procedure 0900-01-08 and Attachment A, Security Storage Container Label (Example),
appear to conflict with Section 6.3.1.1, which indicates that there shall be no visible markings or indications that the container houses SGI.
Per 10 CFR 73.22(c)(2), containers shall not identify the contents of the container.
Revise the text of the storage container label shown in Attachment A such that it does not contain the word safeguard or otherwise identify the contents of the container.
RAI-5
Section 6.4.2, page 9, of SHINE Procedure 0900-01-08 provides guidance for completing FRM 0900-01-08-02, Security Storage Container Information.
However, it is unclear whether this form, once completed, will be added to the inventory log. Sections 6.6.1.6 and 6.9.1 of SHINE Procedure 0900-01-08 indicate that any document containing SGI will be marked as SGI and added to the inventory log.
As required by 73.22(c)(2), access to lock combinations must be strictly controlled so as to prevent disclosure to an individual not authorized access to SGI. Further, 10 CFR 50.9(a) requires that information required by statute or by the Commissions regulations, orders, or license conditions to be maintained by the applicant or licensee shall be complete and accurate in all material respects.
Revise the procedure for completing FRM 0900-01-08-02 in Section 6.4.2 to indicate that the form will be added to the SGI inventory log in accordance with Sections 6.6.1.6 and 6.9.1.
RAI-6
The word vault, as used in Sections 6.5.2 and 6.5.3.2, page 10, of SHINE Procedure 0900-01-08, is undefined. It is unclear whether this is an independent term or is intended to be synonymous with the tem security storage container, as defined in Section 5.16.
The terms vault and security storage container are defined in 10 CFR 73.2.
Further, 10 CFR 50.9(a) requires that information required by statute or by the Commissions regulations, orders, or license conditions to be maintained by the applicant or licensee shall be complete and accurate in all material respects.
Clarify what is meant by the term vault. If it is a unique term, provide a definition in the SGI Protection Program that describes what a vault is and how it is used. If a vault is synonymous with a security storage container, correct this terminology to be consistent with defined terms in the regulations and the SHINE SGI Protection Program.
RAI-7
Section 6.10.3, page 16, references a Section 6.10.1.1, which is not in SHINE Procedure 0900-01-08.
As described in 10 CFR 50.9(a), information required by statute or by the Commissions regulations, orders, or license conditions to be maintained by the applicant or licensee shall be complete and accurate in all material respects.
Revise this referenced section number to reflect the intended section in the SHINE SGI Protection Program.
SHINE Procedure 0900-01-09, Revision 0, Safeguards Information (SGI) Access Authorization
RAI-8
SHINE Procedure 0900-01-09 does not address a process for approving an individual whose Federal Bureau of Investigation (FBI) fingerprint criminal history records check contains insufficient information to form a basis for granting access to SGI.
As prescribed by 10 CFR 73.22(b)(2) and 73.57(b)(1), trustworthiness and reliability must be determined based on a background check or other means.
Discuss other means the Reviewing Official will use to determine the trustworthiness and reliability of an individual whose FBI fingerprint criminal history check does not provide sufficient information. These means should assure both the Reviewing Official and the Commission that granting the individual access to SGI does not constitute an unreasonable risk to the public health and safety or the common defense and security.
RAI-9
The definition of trustworthiness and reliability provided in Section 5.6, page 6, of SHINE Procedure 0900-01-09 differs from the definition of trustworthiness and reliability provided in both 10 CFR 73.2 and SHINE Procedure 0900-01-08.
The term trustworthiness and reliability is defined in 10 CFR 73.2. Further, 10 CFR 50.9(a) requires that information required by statute or by the Commissions regulations, orders, or license conditions to be maintained by the applicant or licensee shall be complete and accurate in all material respects.
Revise the definition trustworthiness and reliability such that is consistent throughout the SHINE SGI Protection Program and with the NRCs regulations.
RAI-10
Form 0900-01-09-01 references Public Law 99-399 as the basis for 10 CFR 73.57 as opposed to the Atomic Energy Act of 1954, as amended (AEA).
The requirements of 10 CFR 73.57 comply with Section 652 of the Energy Policy Act of 2005, which amended Section 149 of the AEA. This amendment required fingerprinting and FBI identification and criminal history records checks of individuals permitted unescorted access to a utilization facility.
Revise the statutory citation in Form 0900-01-09-01 to more accurately reflect the legal basis for 10 CFR 73.57.