ML17306A598
| ML17306A598 | |
| Person / Time | |
|---|---|
| Site: | Palo Verde  |
| Issue date: | 03/23/1992 |
| From: | Conway W ARIZONA PUBLIC SERVICE CO. (FORMERLY ARIZONA NUCLEAR |
| To: | NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM) |
| References | |
| 102-02128-WFC-T, 102-2128-WFC-T, NUDOCS 9203270091 | |
| Download: ML17306A598 (29) | |
Text
,ACCELERATED DISTRIBUTION DEMONSHRATION SYSTEM r
REGULATORY INFORMATION DISTRIBUTION SYSTEM (RIDS)
ACCESSION.NBR:9203270091 DOC.DATE: 92/03/23 NOTARIZED:
NO DOCKET ACIL:STN-50-528 Palo Verde Nuclear Station, Unit 1, Arizona Publi 05000528 STN-50-529 Palo Verde Nuclear Station, Unit 2, Arizona Publi 05000529 STN-50-530 Palo Verde Nuclear Station, Unit 3, Arizona Publi 05000530 AUTH.NAME AUTHOR AFFILIATION CONWAY,W.F.
Arizona Public Service Co. (formerly Arizona Nuclear Power
- RECIP.NAME RECIPIENT AFFILIATION Document Control Branch (Document Control Desk)
SUBJECT:
Responds to NRC 920224 ltr re violations noted in Insp Repts 50-528/92-01,50-529/92-01
& 50-530/92-01 on 920113-23.
Corrective actions:individual permitted in vital areas logged
& or access levels verified.
DZSTRZBUTZON CODE:
ZEOZD COPZES RECEZVED:LTR j
ENCL SZSE: l TITLE: General (50 Dkt)-Insp Rept/Notice of Violation Response D
NOTES:STANDARDIZED PLANT Standardized plant.
Standardized plant.
RECIPIENT ID CODE/NAME PD5 PD THOMPSON,M ERNAL: ACRS AEOD/DEIIB DEDRO NRR MORISSEAUP D NRR/DLPQ/LPEB10 NRR/DREP/PEPB9H NRR/PMAS/ILRB12 OE DI.
RE ILK~~
EXTERNAL: EG&G/BRYCEPJ.H.
NSIC NOTES:
COPIES LTTR ENCL 1
1 1
1 2
2 1
1
- 1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
RECIPIENT ID CODE/NAME TRAMMELL,C AEOD AEOD/DSP/TPAB NRR HARBUCK,C.
NRR/DLPQ/LHFBPT NRR/DOEA/OEAB NRR/DST/DIR 8E2 NUDOCS-ABSTRACT OGC/HDS1 RGN5 FILE 01 NRC PDR COPIES LTTR ENCL 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 1
1 05000528 A
05000529 P5PPP53P D
D R
D NOTE TO ALL"RIDS" RECIPIENTS:
PLEASE HELP US TO REDUCE WASTE! CONTACT THE DOCUMENT CONTROL DESK, ROOM P 1-37 (EXT. 20079) TO ELIMINATEYOUR NAMEFROM DISTRIBUTION LISTS FOR DOCUMENTS YOU DON'T NEED!
D D
TOTAL NUMBER OF COPIES REQUIRED:
LTTR 26 ENCL 26
WILLIAMF. CONWAY EXECUTIVEVICEPRESIDENT NUCI.EAfl Arizona Public Service Company
'.O. BOX 53999
~
PHOENIX. ARIZONA85072<999 102-02128-WFC/TRB/PJC March 23, 1992 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Mail Station: P1-37 Washington, D. C. 20555
Reference:
Letter dated February 24, 1992, from R. A, Scarano, Director, Division of Radiation Safety and Safeguards, NRC, to W. F. Conway,'-
Executive Vice President, Nuclear, Arizona Public Service Company Gentlemen:
SUBJECT:
PALO VERDE NUCLEAR GENERATING STATION (PVNGS)
UNITS 1, 2, AND 3 REPLY TO NOTICE OF VIOLATIONS50-528/92-0141) 528/924142, AND 528/92-01-03 File: 92-070-026 Arizona Public Service Company (APS) has reviewed NRC Inspection Report 50-528, 529, 530/92-01 and the Notice of Violations dated February 24, 1992.
Pursuant to the provisions of 10 CFR 2.201, APS'esponses are attached.
Appendix A to this letter is a restatement of the Notice of Violations. APS'esponses are provided in Attachment 1.
As discussed at the February 11, 1992, Enforcement Conference, APS considers each of these violations to be serious, and significant effort has been invested to identify and address the root causes, not only for the specific violations, but for the overall Security performance issue. Attachment 2 discusses APS'valuation ofSecurity performance and the corrective actions that have been implemented.
The results of the corrective actions, thus far, have been positive.
APS management will closely monitor the implementation and effectiveness of the corrective actions to assure the improved performance is sustained.
r'y
/', J a L'i,r.
9+pg27opv 1 oo52g PDR ADOCK O PDR G
I
((p
NRC Document Control Desk Page 2 102-02128-MFC/TRB/PJC March 23, 1991 Should you have any questions regarding these responses, please contact me.
Sincerely, WFC/TRB/PJC Attachments:
- 1. Appendix A - Restatement of Notice of Violations
- 2. Attachment 1 - Reply to Notice of Violations
- 3. Attachment 2 - Security Performance Evaluation t
cc:
J. B. Martin D. H. Coe
APPENDIX A RESTATEMENT OF NOTICE OF VIOLATIONS 50-528/92-01-01, 528/92-01-02, AND 628/92-0143 NRC INSPECTION CONDUCTED JANUARY 13-23, 1992 INSPECTION REPORT NOS. 50-528, 629, 530/92-01
~
RESTATEMENT OF NOTICE OF VIOLATIONS 50-528 92>>0'I&1 528 92-01%2 AND 528 92%1<3 During an NRC inspection conducted on January 13-23, 1992, violations of NRC requirements were identified. - In accordance with the "General Statement of Policy and Procedure for NRC Enforcement Actions," 10 CFR Part 2, Appendix C (1991), as modified by 57 Fed. Reg. 5791, the violations are listed below:
A.
Access Control iolation 50-528 92-01-02 Paragraph 2.E of Operating License No. NPF-51, in part, requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved security plan for Palo Verde Nuclear Generating Station.
Sections 5.0, 5.2.2, and 9.0 of the licensee's approved Security Plan require that access to vital areas (islands) that are not devitalized be positively controlled.
Section 1.6.1.2 of the licensee's approved Security Plan requires that personnel entering vital areas be logged prior to entry and exit.
Section 5.0, Table 5-1, and Figures 5-13 and 5-30 of the licensee's approved Security Plan identifies portals 2F-103 and 2Y-1H04A as vital security portals, leading to the 100'levation ofthe Fuel Building, and to the vital 110'levation of the Unit-2 Spray Pond, respectively.
Contrary to the above:
On November 30, 1991, security officers posted at Unit-2 Spray Pond Hatch number 2Y-1H04A, a vital area that had not been devitalized, failed to positively control access to the vital Spray Pond by allowing five individuals to enter the vital area without first verifying that they were authorized access for entry to that vital area.
The entry and.exit of the individuals was properly logged.
This violation lasted for approximately 4-1/2 hours.
On December 27, 1991, security officers posted at the open roll-up Door 2F-103, offering access to a vital area that had not been devitalized; failed to positively control access to the vital Fuel Building by allowing three individuals to enter the 1 of 3
vital area without logging their names or badge numbers, and without first verifying that they were authorized access for entry to that vital area.
This violation lasted for approximately 90 minutes.
This is a Severity Level IV violation (Supplement III).
om ensato Measures iolation 2
2 1 Paragraph 2.E of Operating License No. NPF-51, in part, requires the licensee to fully implement and maintain in effect all provisions of the Commission-approved security plan forthe Palo Verde Nuclear Generating Station.
Section 3.1.2 of the licensee's approved Security Plan requires that immediate compensatory measures be taken upon detection of any degradation of the vital area physical barriers, and that these measures remain in effect until the barrier is restored to full operational capability.
Paragraph 6.8.1 of the Facility Technical Specifications states, in part, that written procedures shall be established, implemented, and maintained covering security plan implementation.
Paragraph 3.8.1 of Security Plan Implementing Procedure No. 20SP-OSK08 states in part that discovery of lost VitalArea Barrier integrity...the Security Shift Captain or designee shall post a Security officer..."
Section 5.0, Table 5-1, and Figures 5-7 and 5-16 ofthe licensee's approved Security Plan identify portals 2C-301 and 2G-1 03 as vital area security doors leading the vital 140'levation of the Unit-2 Main Steam Support Structure, and to the vital 100'levation of the Unit-2 Diesel Generator
- Building, respectively.
Contrary to these requirements, On July 21, 1991, a security officer discovered that vital area barrier Door 2C-301 was degraded in that it would not remain locked.
This deficiency was reported to a security sergeant, but compensatory measures were not taken until 80 minutes later, rather than immediately.
On December 10, 1991, a security officer discovered that vital area barrier Door 2G-103 was degraded, in that it would not remain locked.
This deficiency was reported to a security sergeant, but compensatory measures were not taken until approximately thirteen hours
- later, rather than immediately.'of3
This is a Severity Level IV Violation (Supplement III).
~
~
~
~
~
C.
- Protection of Safe uards Information iolation 2-01-03 10 CFR 73.21 provides that each power. reactor licensee is required to ensure that Safeguards Information (SGI) is protected against unauthorized disclosure, and that while unattended, SGI shall be stored in a locked security storage container. Additionally, documents containing safeguards information shall be marked "Safeguards Information" in a conspicuous manner.
Contrary to the above, the licensee failed to properly protect Safeguards Information, in that.'1) on October 8, 1991, Engineering Evaluation Request 90 072 (dated September 24, 1990) containing SGI was discovered to have been previously distributed without being
=
marked as containing SGI.
(2) on four occasions, October 14, 17, November 16, 1991, and January 8, 1992, security compensatory post order books containing SGI were left unattended, in several areas withinthe protected area.
(3) on October 30, 1991, a packet of security shift documents containing SGI was discovered missing and has not been recovered.
(4) on December 29, 1991, extra sheets from the mobile patrol post order book, then containing information categorized as SGI, were left unattended within the protected area.
(5) on January 16, 1992, a packet of security shift documents containing SGI was discovered in an unattended security van.
This is a Severity Level IV Violation (Supplement III).
3of3
ATTACHMENT'I REPLY TO NOTICE OF VIOLATIONS 50-528/92-01-01, 528/92-01 W2, AND 528/92%1 <3
'RC INSPECTION CONDUCTED JANUARY 13-23, 1992 INSPECTION REPORT NOS. 528, 529, AND 530/92N1
REPLY TO NOTICE OF VIOLATION50-528 92-012 A
Reason For The Violation The two access control incidents included in this violation involved contract security officers. The first incident, failure to verify access levels of individuals entering the Unit 2 spray pond hatch, occurred on December 1, 1991, at which time corrective action was being developed and implemented for a previous access control violation which involved an APS officer.
The second incident occurred on December 27, 1991 when contract officers did riot log or verify the access levels of individuals transferring equipment through the Unit 2 Fuel Building rollup door., The APS evaluation of the incidents and the personnel involved concluded'that the violation resulted from weaknesses in on-the-job t
training for temporary contract personnel and a lack of post-specific instructions from the responsible supervisors.
Corrective Ste s That Have Been Taken And The Results Achieved The individuals permitted into the vital areas were logged and/or their access levels verified.
The officers were removed from their posts and instructed on proper access'ontrol methods.
A performance-based testing and training program that included access control logging and access authorization verification requirements was conducted by Contract Security. Contract security personnel completed the program by February 15, 1992. This
'I training was expedited for contract security personnel because only contract officers were 1 of8
involved in access control events after completion of the enhancement training in
- December, 1991.
APS Security personnel will complete a
performance-based requalification annually.
Additionalcorrective measures include increasedinterfaces withsecurity personnel on post by both Security management and Quality Assurance.
On January 29, 1992, the Security Operations Supervisor issued a memorandum to Security shift supervisors and sergeants reiterating their responsibilities for communication with management, each other, and Security force members including providing and obtaining thorough shift turnover briefings and ensuring personnel on shift (supervisory and non-supervisory) are made aware of and comply with new or revised requirements, practices, procedures, etc.
Security shift briefings on these violations have been conducted by the Security Manager and the Security Operations Supervisor.
Security shift supervisors and sergeants are presently responsible for verifying the opening and closing of each compensatory post. This practice willbe continued until Security management is assured that security awareness is at an effective level.
Corrective Ste s That Will Be Taken To Avoid Further Violations In addition to the corrective actions discussed above, actions to address the underlying management concerns involved in these violations are discussed in.
2of 8
Date When Full Com Iiance Will Be Achieved Full compliance was achieved on December 1, 1991, and December 27, 1991, respectively, when the individuals permitted entry-into the Unit 2 spray pond hatch and the Unit 2 Fuel Building rollup door were logged and/or their access levels verified.
h Additional Information Another, dissimilar, access control incident occurred at the Unit 1, 140-'foot containment entry on February 22, 1992.
In this case, a Radiation Protection (RP) technician entered Unit 1 containment without leaving his key card at the Security Desk and being carded in by the Security officers on duty.
The occurrence was identified when the technician exited containment and was found to be wearing his key card.
His t
access level was verified at that time. The two officers manning the security desk were both contract personnel.
It has been determined that inattention to detail was the cause of this occurrence, and appropriate disciplinary action has been taken.
In addition, the configuration of the security control point at containment entry has been enhanced to provide a more consistent observation vantage point.'
of 8
REPLY TO NOTICE OF VIOLATION50-528 92'1+1 B
Reason F r The Violation This violation, which involves failure to compensate for degraded security doors on two occasions, is the result of personnel errors by Security supervisors.
On July 21, 1991, a Security officer on patrol in Unit 2 was advised by another officer that there was a lot of "play" in one of the Main Steam Support Structure (MSSS) missile doors.
The
=
officer on patrol proceeded to the door in question to investigate and was able to pull the door open without using his key card. The Central Alarm Station (CAS) received intrusion alarms each time the door was opened.
The officer posted himself at the door and notified the Unit 2 sergeant on duty of his findings.
During the ensuing telephone conversation, a miscommunication apparently occurred.
The sergeant understood the officerto report that the door was loose and he (the officer) thought he could pull it open.
Based upon this miscommunication, the sergeant made the decision not to post the door, and to rely upon the MSSS roving patrol to ensure the door was locked after all transactions were completed.
The roving patrol was assigned to provide observation of the area and assistance to personnel who required access through the missile doors.
Approximately one hour and twenty minutes later, a second officer defeated the same door lock.
The door was then immediately posted and the area purged for possible intruders.
The second incident occurred on December 10, 1991, when an officer performing function tests of Unit 2 security doors, pulled one of the doors open without using his key 4 of 8
I card.
Subsequent efforts to defeat the door's magnetic lock were unsuccessful.
The I
officer reported the occurrence to the Unit 2 sergeant on duty. The Unit 2 power block sergeant conferred with the sergeant posted at Security headquarters and, because the lock failure could not be repeated, the decision was made not to post the door.
This decision was contrary to an approved procedure which required that a door that could be physically defeated be posted until it was repaired.
On the morning of December 11,-
1991, the day Shift Supervisor learned of the incident from his review of the shift turnover log.
He immediately had the door posted, the area purged, and the intrusion alarm verified.
Corrective Ste s That Have Been Taken And The Resul s Achieve As previously discussed, both incidents were compensated in accordance with
-approved procedures.
Work requests were generated, and the doors were repaired.
The Security sergeants were instructed on proper compensatory measures for degraded vital area barriers following the incidents.
Appropriate disciplinary action was I
taken with respect to the Shift Supervisor who was accountable for the performance of the sergeants involved in the occurrence on December 10,-1991.
On January 29, 1992, the Security Operations Supervisor issued a memorandum to Security shift supervisors and sergeants reiterating their responsibilities forcommunication with management, each other, and Security force members including providing and obtaining thorough shift turnover briefings and ensuring personnel on shift (supervisory and non-supervisory) are made aware of and comply with new or revised requirements, practices, procedures, etc.
5of8
~
~
~
~
~
~
~
Security shift briefings on these violations have been conducted by the Security Manager and the Security Operations Supervisor.
As a further preventive measure, Security shift supervisors and sergeants are presently responsible for verifying the openings and ciosings of all compensatory posts.
This practice will be continued until Security management is assured that security awareness is at an effective level.
Corrective Ste s That Will Be Taken To Avoid Further Violati ns In addition to the corrective actions discussed above, actions to address the underlying management concerns involved in these violations are discussed in.
e t
Date When Full Com ilance Will Be Achieved Full compliance was achieved on July 21, 1991 and December 11,
- 1991, respectively, when the degraded vital area doors were compensated and the areas were purged for possible intruders.
6of8
0
REPLY TO NOTICE OF VIOLATION50-528 92 1%3 Reason F r The Viola Ion The violation for failure to control safeguards information is comprised of eight incidents which involved both APS and contract security personnel
~ APS analyzed the Safeguards Information Program and determined that the violation stemmed from weaknesses in the on-the-job training program and a lack of individual and supervisory accountability. Those factors fostered insensitivity and inattention to the importance.and ramifications of safeguards control requirements.
Corrective Ste s That Have Been Taken And The Results Achieved During each incident the safeguards material was either recovered, reviewed for'afeguards content and declassified, or in the case of an unrecoverable document, itwas determined that the information contained in the document could not constitute a threat to the safe operation of PVNGS.
The personnel involved in each incident were reinstructed in the proper methods for controlling safeguards information. As discussed previously, Security shift briefings have been conducted on the violations by Security management; the Security Operations Supervisor issued a memorandum reiterating the responsibilities of shift supervision, and shift supervision is responsible for verifying the opening and closing of each compensatory post until Security management is assured that security awareness is at an effective level.
7of8
Corr ctive Ste s That Will B Taken T Avoid Fu her Violations Several corrective actions are in progress.
A review of personnel with safeguards access is being performed.
Individuals with access level 1 (Safeguards material may be checked out ofthe Document Control facility)who have not used safeguards information in the last twelve months will be deleted or reclassified.
The control of safeguards information procedure is being revised
'to clarify individual responsibility and accountability.
A seven-minute video on handling safeguards information is being disseminated to PVNGS departments for mandatory viewing by PVNGS personnel who have safeguards access=authorization.
A matrix is being developed that will aid in the process of determining or declassifying safeguards information. The completion date for each of these actions is April 30, 1992.
Date When Full Com llance Will Be Achieved Full compliance was achieved when the safeguards material associated with each incident was recovered, declassified, or determined not to constitute a threat to the safe operation of PVNGS.
8of8
ATTACHMENT2 SECURITY PERFORMANCE EVALUATION
0 SECURITY PERFORMANCE EVALUATION In the effort to identify the root causes of the evident decline in Security Force performance from July, 1991, through November, 1991, and to develop effective, lasting corrective
- actions, APS performed an in-depth review of the violations and the circumstances surrounding them.
The review included analyses of security-related personnel errors from 1989 to February, 1992, discussions with the individuals involved in the violations, observations by Security management, supervision, and employees,-and the results of monitoring by Quality Assurance.
From this review, APS identified three root causes:
-Inadequate Security management and supervisory involvement in day-to-day security field operations.
-Lack of accountability for personnel performance at the management,.
supervisory, and individual levels in both Security Operations and Security Training.
-Weaknesses in On-the-job training (OJT) for temporary contract security officers.
Several contributing factors were also recognized.
The Security performance assessments did not identify the OJT weaknesses in a timely manner; Security management focused on contingency event planning rather than the "human" issues that arose when temporary contract officers were added in June, 1991; and finally, there was an unanticipated increase in compensatory man-hours due to the vital area missile door problems experienced in the third and fourth quarters of 1991.
Root Cause: Inade uate Mana ement and Su ervlso Involvement In the Plant Emerging labor, relations issues in July, 1991, began to strain what had for some time been a stable operation.
When it became necessary for APS to hire and train a contract contingency force to ensure continued compliance with security requirements in the event of a union strike, the "human" impact on APS personnel and the possible ramifications were not adequately addressed.
Continued problems with security doors created an unanticipated increase in compensatory man-hours which, in turn, forced rapidintegration of the temporary contract personnel with APS personnel in the field. As the new United Plant Guard Workers of America (UPGWA) contract was implemented with its associated pay changes, the organizational stress continued to rise.
Unanticipated turnover in several supervisory positions during this same period was also a contributing factor.
The changes and stresses associated with these "human" issues were not immediately recognized as contributors to the performance problems.
1 of3
i Qi,
e R
k f Ac n
III r
The review of performance also revealed a lack of accepted accountability by shift supervisors and sergeants for the performance of personnel reporting to them. Training instructors were not held accountable for the performance of their trainees.
In turn, the supervisors and instructors were not holding individuals accountable for their errors.
Thus, a negative pattern was reinforced and Ied to the repetitive errors.
Roo C: Weaknes e
In n-h -o rainin f r rn ora on ractOfficer Weaknesses in on-the-job training were exposed when the stable operation of the Security Department was interrupted by labor concerns which adversely affected teamwork attitudes among Security personnel.
Performance assessments did not identify the OJT weaknesses in a timely manner, and those weaknesses impacted the performance of the temporary force.
Correc lve Actions Taken In mid-Novembei, 1991, senior management intervened with Security Department management and supervision. Since that time, management presence and visibilityin the plant have increased significantly, and Security human performance has improved.
In January, 1992, teambuilding sessions, led by the APS Corporate Development group, were begun for Security personnel.
The sessions include participation by all levels of Security personnel'from the manager to the guards.
The sessions are presently scheduled to continue through 1992.
A detailed task/post performance training program was developed and initiated. This performance-based training was completed for the temporary contract officers in mid-February. Compensatory posts are being opened and closed by Security sergeants, and accountability for human errors is being reinforced with Security personnel at all levels.
The variable associated with the labor relations issue is being addressed through individual commitment to performance by the uniformed force.
The results of these corrective actions through mid-March 1992, indicate an encouraging decrease in errors by Security personnel.
To improve compliance with security requirements among non-Security personnel, a
Security Awareness Program has been implemented.
The Program enlists the cooperation of non-Security managers and supervisors to hold their employees accountable for security-related human errors.
2 of 3
Ac ion o
us gin im r v d P rf rman
~
~
The Security organization has been restructured with the'PVNGS Services Director concentrating on ensuring the long-term stability and success of the Security program.
Management involvement in security operations and accountability for performance are ongoing efforts. The Security training program willbe refocused and reoriented to better address the on-the-job, on-shift needs of Security Operations employees.
And finally, Security supervisors will receive root cause analysis and human performance enhancement training to aid them in identifying and resolving concerns before they become problems.
3of3