ML18031B047

From kanterella
Jump to navigation Jump to search
IMC 2201 Security Inspection Program for Operating Commercial Nuclear Power Reactors
ML18031B047
Person / Time
Issue date: 08/20/2018
From: Costa R
NRC/NSIR/DSO/SOSB
To:
Wharton E
Shared Package
ML17262A696, ML18229A187 List:
References
CN 18-026
Download: ML18031B047 (12)
v  d  e


Text

NRC INSPECTION MANUAL NSIR/DSO INSPECTION MANUAL CHAPTER 2201 SECURITY INSPECTION PROGRAM FOR OPERATING COMMERCIAL NUCLEAR POWER REACTORS Effective Date: January 1, 2019 2201-01 PURPOSE To establish inspection policy for the security inspection program for operating commercial power reactors subject to the U.S. Nuclear Regulatory Commissions (NRCs) Reactor Oversight Process (ROP).

2201-02 OBJECTIVES 02.01 To obtain factual information providing objective evidence that the security at licensed facilities is maintained in a manner that contributes to public health and safety and promotes the common defense and security.

02.02 To determine that licensees have established measures to deter, detect, and protect against the design basis threat of radiological sabotage, and controls and accounts for special nuclear material, as required by regulations and other NRC requirements such as orders.

02.03 To identify declining performance in the security cornerstone of the safeguards strategic performance area before such performance reaches a level that could result in an unacceptable degradation to reactor safety or an undue risk to public health and safety.

02.04 To identify those significant issues that may have generic applicability or cross-cutting applicability to other ROP cornerstones.

2201-03 APPLICABILITY The program described in this inspection manual chapter (IMC) is applicable to all operating commercial power reactor licensees subject to the requirements in Part 73 in Title 10 of the Code of Federal Regulations (10 CFR Part 73) that are subject to oversight under the NRCs ROP. The guidance in this IMC applies to all NRC personnel with responsibilities for oversight of security operations at commercial power reactors.

2201-04 DEFINITIONS OF INSPECTION FREQUENCIES The inclusive dates for ROP cycles, referenced in the definitions below, are found in to IMC 2515, Light-Water Reactor Inspection Program Operations Phase.

Issue Date: 08/20/18 1 2201

04.01 Triennially or Every Three Years (T). The inspection effort should be performed at least once during ROP cycles 1-3, 4-6, 7-9, etc. It is not intended for this frequency to be based on a rolling 3 year cycle.

04.02 Biennially or Every Two Years (B). The inspection effort should be performed at least once during ROP cycles 1-2, 3-4, 5-6, etc. It is not intended for this frequency to be based on a rolling 2 year cycle.

04.03 Annually (A). The inspection effort should be performed once each calendar year.

04.04 Semiannually (S). The inspection effort should be performed twice each year; once each half year.

04.05 Quarterly (Q). The inspection effort should be performed four times each year; once each calendar quarter.

04.06 As Needed (AN). The inspection effort should be performed when the activity or event occurs at the facility as specified in the inspection procedures (e.g., transportation of irradiated fuel).

04.07 Baseline Inspection Program Completion. Completion of the security baseline inspection program is counted as part of the overall ROP baseline completion described in IMC 2515, Section 04.07.

2201-05 RESPONSIBILITIES AND AUTHORITIES 05.01 Director, Office of Nuclear Security and Incident Response.

a. Provides overall program direction for the security inspection program.
b. Promulgates policies associated with the inspection of security within the security cornerstone of the NRCs ROP.
c. Provides overall assessment of security inspection effectiveness, uniformity, and completeness to meet or exceed agency performance goals.

05.02 Director, Office of Nuclear Reactor Regulation. Provides overall program direction and oversight for the ROP implemented at operating commercial power reactors.

05.03 Director, Division of Security Operations.

a. In coordination with Office of Nuclear Reactor Regulation (NRR), establishes the budget for inspection resources to complete the objectives of this IMC.
b. Develops and implements the programs and procedures for the security inspection of licensed commercial nuclear power facilities.
c. Develops and assesses the overall effectiveness of the security inspection program.

Coordinates with the Director, Division of Inspection and Regional Support (DIRS),

Issue Date: 08/20/18 2 2201

NRR for periodic assessments of the security inspection program in accordance with IMC 0307, Reactor Oversight Process Self-Assessment Program.

d. Develops, maintains, and revises inspection program guidance and procedures applicable to security inspections. Incorporates lessons learned into the inspection program. Recommends changes to other organizations for IMCs, inspection procedures, and management directives under their purview that relate to the security inspection of operating commercial power reactors.
e. Serves as a source of technical expertise for questions on security inspections at licensed facilities, and within the national and international community.
f. Provides Nuclear Security and Incident Response (NSIR) inspection resources to support region-led inspections within the safeguards strategic performance area.

Participates in and reviews inspection plans and schedules, assists in the coordination of inspections conducted by the regions and headquarters, as requested.

g. Identifies any special inspection resources necessary to resolve technical or regulatory issues for inclusion into security inspection plans.
h. Interfaces with the regions and other offices regarding coordination of inspections, event/incident response, licensee performance assessment, and implementation of the security cornerstone portion of the ROP.
i. Develops inspection program policies and procedures with respect to security at nuclear power plants.

05.04 Deputy Director, Division of Security Operations

a. Directs the implementation of the security oversight process for nuclear power reactors in accordance with IMC 0305, Operating Reactor Assessment Program.
b. Assures that security-related inspection program documents conform to IMC 0040, Preparing, Revising, and Issuing Documents for the NRC Inspection Manual.
c. Directs the periodic assessment of security inspection program effectiveness in accordance with IMC 0307, Reactor Oversight Process Self-Assessment Program, and to meet agency performance goals.
d. Assesses and evaluates regional and headquarters implementation of the security inspection program. Recommends to the Director, NRR/DIRS, any security-related program changes within the ROP in accordance with IMCs 0307 and 0801, Inspection Program Feedback Process.
e. Implements other security inspection program duties as directed by the Director, Division of Security Operations (DSO).

05.05 Directors, Technical Divisions. Provide NRRs technical review of security issues that have the potential to effect the safety, licensing, or inspection of licensees that are project managed by NRR. This includes the assessment of ROP findings and issues, or other licensee Issue Date: 08/20/18 3 2201

performance concerns, identified through the security inspection program that could impact safe reactor operation.

05.06 Regional Administrators.

a. Directs the regional assessment of licensee performance.
b. Directs and manages regional implementation of inspection programs including the security inspection program described in this chapter.
c. Ensures that, within budget limitations, the regional office staff includes a sufficient number of inspectors in the security discipline to carry out the security inspection program described in this chapter, including those which may be needed for regional supplemental and reactive inspections.
d. Assures that inspection resources, as necessary, are applied to deal with significant issues and problems at individual plants within their purview.

2201-06 REGULATORY OVERSIGHT FRAMEWORK 06.01 Oversight Structure. The fundamental building blocks that form the framework for the regulatory oversight process for power reactors are the seven cornerstones of safety: initiating events; mitigating systems; barrier integrity; emergency preparedness; occupational radiation safety; public radiation safety; and security. These cornerstones have been grouped into three strategic areas: reactor safety; radiation safety; and safeguards. This framework is based on the principle that the agencys mission of assuring public health and safety and promoting common defense and security is met when the agency has reasonable assurance that licensees are meeting the objectives of the cornerstones of safety which include meeting the objectives of the security cornerstone consistent with the general performance objective of 10 CFR 73.55(b).

Along with inspection oversight, the other major activities of the agencys oversight of power reactor licensees include licensee performance assessment, performance indicators (PIs), and significance determination of inspection findings.

06.02 Inspection. The security baseline inspection program (Appendix A) is one of several inputs into an overall assessment of licensee performance that contributes to the assurance of adequate protection of public health and safety and promoting the common defense and security.

The supplemental portion of the inspection program (Appendix B) provides diagnostic inspections of identified problems, issues, and events beyond the baseline, if the issues are of more than very low significance. Supplemental inspections are planned in response to security issues that require additional evaluation and assessment as determined by the baseline security significance determination process.

06.03 Program Documents. Assessment of licensees performance in security is governed by the following inspection manual documents:

a. IMC 2515, Light-Water Reactor Inspection Program - Operations Phase, Issue Date: 08/20/18 4 2201
b. IMC 0305, Operating Reactor Assessment Program,
c. IMC 0609, Significance Determination Process, and
d. IMC 0350, Oversight of Operating Reactor Facilities in an Extended Shutdown as a Result of Significant Performance Problems, as needed.

2201-07 SECURITY INSPECTION PROGRAM ELEMENTS The inspection program described in this chapter is comprised of the following four program elements:

  • Security Baseline Inspections (Appendix A).
  • Supplemental Inspections (Appendix B).
  • Generic, Special, and Infrequent Inspections (Appendix C).
  • Facility Status Reviews for Security and Safeguard Inspections (Appendix D).

Overall, the inspection program emphasizes achieving a balanced look at a cross section of licensee activities important to the security of the facility and licensed materials with resources assigned to each area based on each areas relative importance to meeting the objectives of the cornerstone. The inspection program also provides for the agencys response to security events or occurrences. The guidance for determining the level of response to an event or occurrence is contained in Management Directive 8.3, Incident Investigation Program.

Security information designation guidance will be adhered to for all inspection reports, temporary instructions (TIs), orders, etc., that contain or have the potential to contain safeguards information or sensitive unclassified non-safeguards information (SUNSI). These documents shall be marked and controlled in accordance with Management Directive, Volume 12, Security, or agency SUNSI guidance which is located at http://www.internal.nrc.gov/sunsi/.

07.01 Security Baseline Inspections.

The security baseline inspection program element, described in Appendix A, is to be performed at all NRC operating power reactor licensees subject to the requirements in 10 CFR Part 73.

The baseline inspection program provides the minimum examination of the facilities, licensee activities, and licensee programs and procedures to determine whether licensees are meeting applicable regulatory requirements. Baseline inspections also identify indications of performance problems to allow further engagement by the NRC before a licensees performance deteriorates to unacceptable levels.

The baseline inspection program constitutes an appropriate minimum level of inspection at NRC-licensed power reactors whose overall performance is adequate. Adequate overall performance is characterized as performance that remains in the licensee response column as identified in IMC 0305. For licensees whose performance results in findings or PIs of significance (e.g., performance outside the licensee response column) additional plant-specific supplemental inspections are performed.

Issue Date: 08/20/18 5 2201

The inspection frequency and sample size for each inspectable area are based on risk information and security insights. The baseline inspection procedures should be completed at every plant at the prescribed interval, including as-needed procedures. In certain cases, completion of some inspection requirements may be accomplished through other inspections such as TIs (Section 07.03 below).

The specific procedures listed in Appendix A and its supplements provide estimates of the hours associated with each inspection procedure for overall resource planning purposes only. The effort hours identified in the resource estimate section of the inspection procedures do not represent a measure for completion of the procedure.

07.02 Facility Specific Supplemental Inspections.

The supplemental element of the inspection program, described in Appendix B, is designed to apply NRC inspection assets in an increasing manner when performance issues of significance are identified, either by inspection findings (with the application of the Baseline Security Significance Determination Process (SDP)), or when PI thresholds are exceeded. Accordingly, the associated NRC regional office will assess the need for supplemental inspections after identifying and evaluating any inspection finding that is greater than green.

The depth and breadth of specific supplemental inspections chosen for implementation will depend upon the risk characterization of the issue, severity of the occurrence, or particular threat condition. A supplemental inspection will be performed for all white, yellow, or red issues (either PIs or inspection findings).

Depending on the significance of the identified performance issue, supplemental inspections provide a graded response, which includes, but is not limited to: oversight of the licensees root cause analysis of the issues; expansion of the baseline inspection sample or a focused team inspection (as necessary to evaluate extent of condition); or a broad-scope, multi-disciplined team inspection, which would include inspection of multiple cornerstone areas and inspection of cross-cutting issues, if necessary. Any new issues identified during the supplemental inspection(s) will be evaluated by management or an applicable SDP.

07.03 Generic, Special, and Infrequently Performed Inspections.

The generic, special, and infrequently performed inspections element of the program, described in Appendix C, is implemented when there is a need for additional inspections to address emergent security issues, in response to events, for infrequent major security activities at a facility, or to fulfill the NRCs obligations under inter-agency memoranda of understanding. In situations where the inspection procedures within this appendix do not address a specific issue or event, it may be necessary to develop and implement an inspection activity designed to obtain the necessary information to ensure the continued security of licensed facilities. In these situations, the inspection activity would typically be conducted utilizing a TI.

When a TI is issued, the overall assessment of the applicable facilities may be considered in establishing priorities for conducting these inspections. The facilities to be inspected will be designated in each TI(s).

Specific criteria for closing a TI will be addressed in the TI itself. In general, a TI should not be closed until all relevant issues have been addressed by the licensee and verified by inspection.

However, exceptions may be considered when the licensees schedule for completing the items Issue Date: 08/20/18 6 2201

remaining is acceptable, properly documented, and is not a critical element to resolving the particular issue.

The need may arise for specific inspections to address major security evolutions that may be conducted at a limited number of licensees, such as upgrades to computer systems or engineered features designed for threat protection and mitigation. The need for these inspections will be assessed on a case-by-case basis and may also be conducted under the guidance of a TI.

07.04 Facility Status Reviews for Security and Safeguards Inspection Program.

The purpose of a facility status review, described in Appendix D, is to gather general information about the overall security posture at the site. This would include, for example, general information on threat conditions, considerations, issues, security force performance, and system and component operation. The goal of this periodic review is to help determine what issues may exist so that inspection resources can be effectively managed and appropriately focused on those activities of higher significance.

07.05 Related Inspection Activities. All inspections, as well as PIs reported by the licensee, provide input to the NRC-licensed facility performance assessment process. NSIR will provide technical lead for the security cornerstone of the safeguards strategic performance area and coordinate with NRR as required for an overall licensee performance assessment. Refer to IMC 0305 for details pertaining to the assessment process of the security cornerstone.

2201-08 DISCUSSION 08.01 General. The inspections described in Appendices A, B, C, and D are intended to provide a framework for managing inspection resources without being overly prescriptive. At the same time, a level of inspection necessary to complete pre-defined objectives at each licensed facility is specified. It is intended to place inspection emphasis on elements based on their relative importance to security.

The inspection program requires that inspectors and their managers evaluate problems to determine if follow-up inspections are necessary to diagnose whether a significant concern represents an isolated case or may signify a broader, more serious problem based on the evaluated significance of the issues. Licensee management controls (e.g., security quality assurance and oversight) may need to be examined to determine whether weaknesses in these controls contributed to the identified concerns.

The NRCs inspection program covers only small samples of licensee activities in any particular area. Sample sizes, specified in the inspection procedures, are based on the relative importance of the area covered by the procedure to the other areas inspected by the program.

As some areas do not have a direct connection with risk, the inspection sample size in these areas are chosen by expert opinion to provide periodic indications of a licensees performance in those areas.

The inspection samples are chosen to direct the inspector into the most important performance-based aspects of the area being inspected, commensurate with the estimated resources.

08.02 Completion of Inspection Procedures. The baseline inspection procedures represent the inspection requirements necessary in conjunction with PIs to assess licensee performance.

Issue Date: 08/20/18 7 2201

Inspectors should perform the nominal number of inspection requirements in each inspectable area within the baseline inspection procedures and must complete the minimum number of inspection requirements for completion of the procedure unless approval is given by the Deputy Director, NSIR/DSO. These deviations need to be communicated to the Director, NRR/DIRS.

The sample size specified in an inspection procedure is used to indicate the relative completion of the procedure. However, if the inspector has met the objectives of a procedure without performing every inspection requirement within the nominal number (e.g., an activity to be observed is not performed by the licensee during the inspection, or the complexity of significant findings (i.e., potentially greater than green) prevents the inspector from completing all the requirements), then the inspector can consider the procedure completed in full. [C1]

08.03 Program Feedback. The security inspection program is expected to be dynamic and to respond to changes in the threat environment and insights gained through the implementation of the inspection activity. Therefore, NSIR expects the regions and inspectors to identify problems in implementing the program, and to recommend changes to the program for consideration by NSIR or changes to the ROP for consideration by NRR. Any such feedback and recommendations should be submitted utilizing the feedback process outlined in IMC 0801.

2201-09 INTEGRATED INSPECTION PLANS Regional offices must develop annual site-specific inspection plans consistent with the program and the inspection planning module of the Reactor Program System which assists in managing inspection resources and monitoring inspection program completion. Under circumstances where the operation of multiple units at a site is not comparable, the inspection plan should be specific for each unit. The regional integrated inspection plan (i.e., the integration of individual site or unit plans) should project the planned inspection activities and available resources for all licensee facilities at the periodicity prescribed by the program offices (NSIR and NRR). The integrated plan should also provide for a summary of the fraction of regional resources allocated to each of the individual program elements discussed in Section 07 of this chapter.

Planning significant alterations to the baseline inspection program to accommodate a licensees particular situation requires the concurrence of the Deputy Director, NSIR/DSO. Significant alterations include treating a multi-unit site as separate single unit sites, or increasing or decreasing the frequency of inspections or significant deviations in completing the minimum inspection requirements identified for procedure completion in the baseline inspection procedures. The factors to consider when planning alterations to the baseline inspection program include: (1) known licensed activities; (2) the facility size, design, age; and (3) complexity of the licensees programs.

For plants within the ROP (i.e., those not shut down for performance issues), the results of the end-of-cycle and mid-cycle performance reviews shall be used to inform baseline inspections and to determine the amount and focus of planned supplemental inspections at each site. The basis for the allocation or significant reallocation of resources among the sites will be documented. It is expected that the integrated plans will be living documents and be reviewed periodically, adjusted, and reissued to reflect shifts in plant performance and safety or security concerns. Individual site plans and the regional integrated inspection plan should be reviewed by regional management and updated at least semiannually.

Issue Date: 08/20/18 8 2201

2201-10 INSPECTOR POLICY 10.01 Resident Inspector Policy. At operating commercial power plants, resident inspectors provide the major on-site NRC presence for direct observation, verification, and evaluation of licensed activities. The resident inspectors are managed by the regions and are primarily focused on the implementation of the oversight program. Resident inspectors may also provide an initial, on-site evaluation of a security event or incident. In this case, NSIR will coordinate with NRR and the regions to facilitate resident inspector utilization. See Section 10.03, Inspector Coordination, below.

10.02 Regional Inspector Policy. Regional inspectors conduct inspections as directed by their regional management.

10.03 Inspection Coordination. In general, the senior on-site inspector and the regional Division of Reactor Projects must be kept advised of regional and headquarters-based inspectors activities at NRC-licensed facilities. For reactor sites, the associated regional branch chief must ensure coordination of regional and headquarters inspection activities in accordance with IMC 0301, Coordination of NRC Visits to Commercial Reactor Sites.

a. Regional and headquarters-based inspectors should contact the senior on-site inspector (i.e., Senior Resident Inspector) before each inspection to ascertain the availability of specific licensee personnel and the status of facility conditions to minimize any potential adverse impact on safe plant operations. In addition, they should contact the senior on-site inspector as soon as it is convenient, after they arrive at the site, to ensure a coordinated NRC presence at the facility.
b. The visiting inspectors should also advise the senior on-site inspector of changes to their planned inspection effort and schedule for the exit meeting with the licensee.
c. The senior on-site inspector should be asked to inform the regional and headquarters-based inspectors of any unique activities in progress and offer specific inspection suggestions.
d. The regional and headquarters-based inspectors should brief the senior on-site inspector about the results of their inspection before the exit meeting with the licensees management.
e. The senior on-site inspector should be asked to attend all exit meetings where significant issues are expected to be discussed.
f. For team inspections, force-on-force inspections, or other security-related efforts that are required by the baseline inspection program pursuant to Appendix A of this IMC, NSIR/DSO will coordinate with the region, NRR/DIRS, and NRR/Division of Operating Reactor Licensing, as required, to assess the potential impact on safe operations.

To utilize the resident inspector or senior resident inspector in the inspection or assessment of security cornerstone objectives, NSIR will coordinate with the associated Regional Branch Chief, Division of Reactor Projects. Resident inspectors may be directed to provide the initial, on-site evaluation and reporting of a security event or incident. Further, resident inspectors may be used to determine whether licensees are aware of changes in security threat conditions or other fast-breaking security issues requiring licensee implementation of compensatory, Issue Date: 08/20/18 9 2201

preventive, or mitigative measures that provide adequate assurance of public health and safety.

See Section 11.02, Responding to Events and Event Reports, below.

10.04 Third-Party Assistance. On occasion, licensees ask inspectors for recommendations on obtaining help for solving programmatic issues. Inspectors are prohibited from recommending the services of individuals or organizations for a project under NRC regulatory jurisdiction. Providing such a recommendation violates 5 CFR 2635.702, which prohibits Federal employees from using public office for endorsement of any product, service, or enterprise. For further guidance regarding third party assistance to licensees refer to NUREG/BR-0075 Revision 4, NRC Field Policy Manual.

2201-11 GENERAL INSPECTION POLICIES 11.01 Management Entrance and Exit Meetings. Inspectors are required to meet with licensee management as part of every inspection. Region and headquarters-based inspectors should hold an entrance meeting with the senior licensee representative who has responsibility for the areas to be inspected. Each inspection conducted by region or headquarters-based inspectors must include discussing inspection results with licensee management. At the conclusion of an inspection, inspectors must discuss their preliminary findings with the licensees management at a scheduled exit meeting.

Management entrance and exit meetings with licensee personnel should be scheduled to have the minimum impact on other licensee activities necessary to assure the safe operation of the plant.

Communicating inspection observations is also an integral and important part of every inspection, whether done daily during the course of an inspection, or periodically with status meetings. Many licensees have expressed the desire to hear inspector insights related to safety or regulatory performance even in instances where they do not reach the threshold for documentation in an inspection report (see IMC 0611, Power Reactor Inspection Reports).

Additional guidance and requirements for the conduct of entrance and exit meetings with commercial power reactors licensees is contained in IMC 2515.

11.02 Responding to Events and Event Reports. Events are followed-up as part of the baseline inspection program. Follow-up is conducted to collect information about the event for use by NRC staff in evaluating the risk significance of the event to help regional and headquarters management determine if a response beyond the baseline program is warranted.

Routine events of low significance, such as access control equipment malfunctions, will be followed-up by region-based inspectors to identify potentially generic issues.

As described in the preceding paragraph, the resident inspectors are not expected to provide follow-up or reporting on routine security events of low significance. Examples of such events would include, but not be limited to: security related modifications; compensated equipment or system malfunctions; low significant events involving unauthorized access or inadequate control; and recordable events. On the other hand, examples requiring initial resident inspector assessment and reporting to regional management could include: security force strikes or significant contract issues; frequent or repetitive access authorization, access control, or worker fatigue issues; an on-site (or in the vicinity of) event involving the use of deadly force, chemical, biological, or radiological agents; or a terrorist action against the facility. Reportable events could have limited follow-up by the resident inspectors as directed by regional management.

Issue Date: 08/20/18 10 2201

The agencys response to significant events is described in Management Directive 8.3, NRC Incident Response Program, and Management Directive 8.9, Accident Investigation.

Additional information is in IMC 2515.

END Appendices:

A. Security Baseline Inspection Program B. Supplemental Inspection Program C. Generic, Special, and Infrequent Inspections D. Facility Status Reviews for Security and Safeguards Inspection Program : Revision History for IMC 2201 Issue Date: 08/20/18 11 2201

ATTACHMENT 1 - Revision History for IMC 2201 Comment Resolution Accession Description of Commitment and Closed Feedback Number Training Required Tracking Description of Change Form Accession Number Issue Date and Completion Number (Pre-Decisional, Non-Change Notice Date Public) Information N/A ML040680406 Initial issuance None 02/19/2004 CN 04-007 C1 ML081440343 This document has been revised to remove None ML091380017 09/08/09 references to programs other than operating CN 09-021 power reactor, and update terminology and format. Revised to address recommendations from the Office of Inspector Generals audit of the NRCs Security Baseline Inspection Program (OIG-06-A-21): include guidance in the baseline security and safeguards inspection procedures to ensure inspectors review an adequate number of sample items to assess the effectiveness of the licensees security program.

N/A ML13234A497 This document has been revised to incorporate None ML15209A556 09/22/15 minor administrative changes and to reflect CN 15-017 current program resource implementation.

N/A ML18031B047 A periodic review of this document was None ML18032A040 08/20/18 conducted to ensure consistency with other CN 18-026 associated NRC Manual Chapters. Though no technical modifications were made to this document, upon completion of a SUNSI review, the staff concluded that this document should be de-controlled. Consistent with the staffs SUNSI determination, the document has been de-controlled and the SUNSI markings have been removed.

Issue Date: 08/20/18 Att1-1 2201

Retrieved from "https://kanterella.com/w/index.php?title=ML18031B047&oldid=2418497"