ML19085A043

From kanterella
Jump to navigation Jump to search
DPO-2018-003, DPO Case File (Public)
ML19085A043
Person / Time
Issue date: 05/13/2018
From: Gordon A
NRC/NSIR/DPCP/RSB
To: Figueroa G
NRC/OE
Figueroa G
References
DPO-2018-003
Download: ML19085A043 (32)
v  d  e


Text

DPO Case File for DPO-2018-003 The following pdf represents a collection of documents associated with the submittal and disposition of a differing professional opinion (DPO) from an NRC employee involving the regulatory framework governing power reactor license security plan changes submitted under 10 CFR 50.54(p)(2).

Management Directive (MD) 10.159, NRC Differing Professional Opinions Program, describes the DPO Program. https://www.nrc.gov/docs/ML1513/ML15132A664.pdf The DPO Program is a formal process that allows employees and NRC contractors to have their differing views on established, mission-related issues considered by the highest level managers in their organizations, i.e., Office Directors and Regional Administrators. The process also provides managers with an independent, multi-person review of the issue (one person chosen by the employee). After a decision is issued to an employee, he or she may appeal the decision to the Executive Director for Operations (or the Commission, for those offices that report to the Commission).

Because the disposition of a DPO represents a multi-step process, readers should view the records as a collection. In other words, reading a document in isolation will not provide the correct context for how this issue was reviewed and considered by the NRC.

It is important to note that the DPO submittal includes the personal opinions, views, and concerns by NRC employees. The NRCs evaluation of the concerns and the NRCs final position are included in the DPO Decision.

The records in this collection have been reviewed and approved for public dissemination.

Document 1: DPO Submittal Document 2: Memo Establishing DPO Panel Document 3: DPO Panel Report Document 4: DPO Decision

Document 1: DPO Submittal

Document 2: Memo Establishing DPO Panel May 17, 2018 MEMORANDUM TO: Russell Felts, Panel Chairperson Office of Nuclear Reactor Regulation Vince William, Panel Member Office of Nuclear Security and Incident Response Norman St. Amour, Panel Member Office of the General Counsel THRU: Anne T. Boland, Director /RA/

Office of Enforcement FROM: Gladys Figueroa-Toledo /RA Anne for/

Differing Views Program Manager Office of Enforcement

SUBJECT:

AD HOC REVIEW PANEL - DIFFERING PROFESSIONAL OPINION INVOLVING THE REGULATORY FRAMEWORK GOVERNING POWER REACTOR LICENSEE SECURITY PLAN CHANGES SUBMITTED UNDER 10 CFR 50.54(p)(2)

(DPO-2018-003)

In accordance with Management Directive (MD) 10.159, The NRC Differing Professional Opinion Program; and in my capacity as the Differing Professional Opinion (DPO) Program Manager; and in coordination with Anne Boland, Director, Office of Enforcement, Brian McDermott, Director, Office of Nuclear Security and Incident Response; and the DPO submitter; you are being appointed as members of a DPO Ad Hoc Review Panel (DPO Panel) to review a DPO submitted by an U.S. Nuclear Regulatory Commission (NRC) employee.

The DPO (Enclosure 1) involves the regulatory framework governing power reactor licensee security plan changes submitted under 10 CFR 50.54(p)(2). The DPO has been forwarded to Mr. McDermott for consideration and issuance of a DPO Decision.

CONTACT: Gladys Figueroa-Toledo, OE (301) 287-9497

R. Felts, et al. 2 The DPO Panel has a critical role in the success of the DPO Program. Your responsibilities for conducting the independent review and documenting your conclusions in a report are addressed in the handbook for MD 10.159 in Section II.F and Section II.G, respectively. The DPO Web site also includes helpful information, including interactive flow charts, frequently asked questions, and closed DPO cases, including previous DPO Panel reports. We will also be sending you additional information that should help you implement the DPO process.

Disposition of this DPO should be considered an important and time sensitive activity. The timeliness goal for issuing a DPO Decision is 120 calendar days from the day the DPO is accepted for review. In this case, the DPO was accepted for review on May 15, 2018. The timeliness goal for issuing this DPO Decision is September 12, 2018.

Process Milestones and Timeliness Goals for this DPO are included as Enclosure 2. The timeframes for completing process milestones are identified strictly as goalsa way of working towards reaching the DPO timeliness goal of 120 calendar days. The timeliness goal identified for your DPO review task is 75 calendar days (July 31, 2018) from the date of this memorandum.

Although timeliness is an important DPO Program objective, the DPO Program also sets out to ensure that issues receive a thorough and independent review. The overall timeliness goal should be based on the significance and complexity of the issues and the priority of other agency work. Therefore, if you determine that your activity will result in the need for an extension beyond the 75-day timeliness goal, please send an e-mail to Mr. McDermott, the DPO submitter, and DPOPM.Resource@nrc.gov and include the reason for the extension request and a proposed completion date for your work. Mr. McDermott is responsible for subsequently forwarding the request for a new DPO Decision issuance timeliness goal to the EDO for approval.

An important aspect of our organizational culture includes maintaining an environment that encourages, supports, and respects differing views. As such, you should exercise discretion and treat this matter appropriately. Documents should be distributed on an as-needed basis. In an effort to preserve privacy, minimize the effect on the work unit, and keep the focus on the issues, you should simply refer to the employees as the DPO submitters. Avoid conversations that could be perceived as hallway talk on the issue and refrain from behaviors that could be perceived as retaliatory or chilling to the DPO submitters or that could potentially create a chilled environment for others. It is appropriate for employees to discuss the details of the DPO with their co-workers as part of the evaluation; however, as with other predecisional processes, employees should not discuss details of the DPO outside the agency. If you have observed inappropriate behaviors, heard allegations of retaliation or harassment, or receive outside inquiries or requests for information, please notify me or John Harrison.

On an administrative note, please ensure that all DPO-related activities are charged to Activity Code ZG0007.

We appreciate your willingness to serve and your dedication to completing a thorough and objective review of this DPO. Successful resolution of the issues is important for NRC and its

R. Felts, et al. 3 stakeholders. If you have any questions or concerns, please feel free to contact me or John Harrison.

We look forward to receiving your independent review results and recommendations.

Enclosures:

1. DPO-2018-003 Submittal
2. Process Milestones and Timeliness Goals cc:

B. McDermott, NSIR J. Lubinski, NSIR D. Gordon, NSIR M. Franovich, NRR C. Safford, OGC D. White, NSIR A. Boland, OE G. Figueroa-Toledo, OE J. Harrison, OE

R. Felts, et al. 4

SUBJECT:

AD HOC REVIEW PANEL - DIFFERING PROFESSIONAL OPINION INVOLVING THE REGULATORY FRAMEWORK GOVERNING POWER REACTOR LICENSEE SECURITY PLAN CHANGES SUBMITTED UNDER 10 CFR 50.54(p)(2) (DPO-2018-003) Date: 5/17/2018 ADAMS Package: ML18137A486 MEMO: ML18137A487 - ML18135A241 - ML18137A489 OE-011 OFFICE OE: DPO/PM OE: D NAME GFigueroa ABoland DATE 5/17/2018 5/17/2018 OFFICIAL RECORD COPY

Document 3: DPO Panel Report

Introduction A Differing Professional Opinion (DPO-2018-003) was submitted on May 3, 2018 and accepted for review on May 15, 2018. The concern expressed in the DPO involved the U.S. Nuclear Regulatory Commissions (NRC) implementation of the regulatory framework governing power reactor licensee security plan changes submitted under 10 CFR 50.54(p)(2). As identified below, the DPO raised several issues of concern associated with the implementation of the 10 CFR 50.54(p)(2) change process. On May 17, 2018, a memorandum from the Differing Professional Views Program Manager, Office of Enforcement, established the DPO Panel. The memorandum tasked the DPO Panel with conducting an independent review of the issues raised in the DPO and documenting the results of that review in a report.

The Panel met with the DPO submitter on June 13, 2018, to establish a concise summary of issues. The DPO submitter approved the summary of issues in an email dated July 23, 2018. The Panel performed its review by interviewing the DPO submitter, reviewing documents, and identifying and interviewing relevant subject matter experts on the issues raised in the DPO. These subject matter experts included Security Specialist licensing reviewers in the Office of Nuclear Security and Incident Response (NSIR),

licensing Senior Project Managers in the Office of Nuclear Reactor Regulation (NRR), Security Inspectors in several regions, Security Inspectors in NSIR, an Enforcement Specialist in the Office of Enforcement (OE), and several attorneys in the Office of the General Counsel (OGC). The following reflects the agreed upon summary of issues identified by the DPO Panel in conjunction with the DPO submitter:

Summary of Issues (SOI)

Based on a review of the DPO submittal and associated references as well as an interview and follow up interactions with the DPO submitter, the following concerns were identified by the Panel:

1. The existing regulatory framework for the 50.54(p)(2) change process lacks clarity.
  • This lack of clarity makes it difficult to determine if plan changes implemented through the 10 CFR 50.54(p)(2) process constitute an NRC-approved security plan.
2. A licensees prior approved security plan becomes part of the site licensing basis. Therefore it is critical for the security plan to contain adequate written descriptions of how the licensee intends to implement required programmatic elements rather than relying on implementation of the plan through site procedures.
  • A security plan change implemented without prior NRC approval is, in effect, a change to the site licensing basis without NRC approval.
  • Lack of clarity in the regulatory framework blurs the line between licensing and oversight.
  • This lack of clarity creates uncertainty for inspectors, particularly with respect to enforcement of the plan and associated regulatory requirements.
3. Approval of the security plan is predicated on the plan containing appropriate programmatic elements to implement applicable security requirements.
  • Failure of the 10 CFR 50.54(p)(2) report to adequately describe how a 10 CFR 50.54(p)(2) change meets appropriate programmatic elements constitutes a decrease in effectiveness of the plan.
  • The current 10 CFR 50.54(p)(2) review process does not allow licensing staff to require the licensee to correct deficient security plan text.
4. The records retention requirements in 10 CFR 50.54(p)(2) are inconsistent with the record retention requirements relating to security plans in 73.55(q)(2).
5. The requirements for the submission of a report in 10 CFR 50.54(p)(2) are inadequate.

Background

The review of security plan changes through the 10 CFR 50.54(p)(2) was initially an inspection activity conducted by regional security inspectors. Regional staff submitted several differing professional views concerning the execution of the 10 CFR 50.54(p)(2) inspection activity and the inconsistencies found within its implementation. In the aftermath of the 9/11 terrorist attacks, the review of security plan changes under the 10 CFR 50.54(p)(2) process was transferred to NSIR to address the issue of inconsistency and to manage licensee security plan changes for the implementation of various post 9/11 orders. In 2004, all power reactor licensees submitted security plans demonstrating compliance with the post-9/11 security orders, and safety evaluation reports (SERs) were written for each of these security plans. Since 2004, NSIR staff in the Division of Security Policy (now the Division of Physical and Cyber Security Policy) have conducted reviews of power reactor security plans.

After the post-9/11 security plans were submitted and approved, NSIR security specialists continued to review changes to these security plans via the 10 CFR 50.54(p)(2) process and interacted with licensees via teleconferences to discuss the descriptions that changed from those that were captured in 2004 SERs.

In 2009, new regulatory requirements for power reactors were made effective with a compliance date of March 2010. Each licensee was required to submit security plans that addressed the new security requirements. Many of these security plan submittals were provided via the 10 CFR 50.54(p)(2) process because the Commission determined that the implementation of the new requirements did not decrease the safeguards effectiveness of security plans. 1 Headquarters staff reviewed the security plans to: 1) ensure that the plans met the new requirements, 2) maintained the licensing basis established in the 2004 SERs, and 3) addressed site-specific conditions that uniquely met new requirements and order implementation.

Evaluation Issue 1:

The existing regulatory framework for the 50.54(p)(2) change process lacks clarity.

Discussion and

Conclusions:

The 10 CFR 50.54(p)(2) change process allows a licensee to make a change to its security plan without prior Commission approval if the licensee determines that the change does not decrease the safeguards effectiveness of the plan. The licensee must submit a report containing a description of each change within 2 months after the change is made. The regulatory framework currently does not provide a definition of what is meant by the terms prior Commission approval or a decrease in safeguards effectiveness.

Security inspectors communicated during interviews that the current regulation and associated guidance 1

74 FR 58, March 27, 2009 at 13929

documents and inspection procedures do not contain a definition of what constitutes a decrease in safeguards effectiveness. Inspectors stated that a definition of what constitutes a decrease in safeguards effectiveness would improve the 10 CFR 50.54(p)(2) process. There is similar ambiguity in what is meant by the term prior Commission approval.

Security specialists also identified during interviews that defining the term a decrease in safeguards effectiveness, as well as clarifying what constitutes an NRC approved security plan would improve the 10 CFR 50.54(p)(2) change process. They indicated that the regulation is ambiguous with respect to whether a 10 CFR 50.54(p)(2) security plan change is approved by the NRC as part of its licensing review and therefore becomes the licensees NRC approved security plan. Security specialists interviewed by the DPO Panel suggested that information clarifying these areas of ambiguity would improve the licensing review process and also aid inspectors in the field evaluating compliance with regulatory requirements.

They also suggested that improved guidance on the 10 CFR 50.54(p)(2) change process was needed.

The DPO Panel agrees that the existing regulatory framework for the 50.54(p)(2) change process lacks clarity for the following reasons:

  • The regulatory requirement does not define the terms, change or decrease in safeguards effectiveness for a security plan.
  • The contents of the description contained within the report of security plan changes are not identified within requirements.
  • The regulatory requirement does not explicitly identify that NRC staff review security plan changes, however, there is an inference within the citation of an approval for the change (i.e., without prior Commission approval is read by many to imply that Commission approval subsequent to submission of the report will happen).
  • There is confusion as to whether the NRC review of the required licensee report constitutes approval of the change if NRC doesnt timely object to the change.

The DPO Panel is aware that the proposed decommissioning rulemaking currently before the Commission has proposed changes to the 10 CFR 50.54(p)(2) language to more closely align with the language in 10 CFR 50.54(q), including the addition of a definition of the term decrease in safeguards effectiveness.

The DPO panel believes that the proposed decommissioning rulemaking changes will address some of the ambiguities identified by security specialists and inspectors.

Issue 2:

A licensees prior approved security plan becomes part of the site licensing basis, which is predicated on written descriptions contained in the plan, not implementation of the plan through site procedures. A security plan change implemented without prior NRC approval is, in effect, a change to the site licensing basis without NRC approval. Lack of clarity in the regulatory framework blurs the line between licensing and oversight, creating uncertainty for inspectors, particularly with respect to enforcement.

Discussion and

Conclusions:

There are several concerns interwoven in this issue statement.

A sites security licensing basis includes all applicable security requirements contained in the NRCs regulations, the site security plans (physical security plan, safeguards contingency plan, training and

qualification plan, and cyber security plan), and applicable security orders that remain in effect. Notably, security regulations are written with an intent to avoid publication of information that would aid a potential adversary in planning an attack. As such, these regulatory requirements are high level and performance-based - detailed requirements are in orders or site security plans. Security plans are conditions of the sites license, and thus contain obligations, on par with regulatory requirements.

The objective of security licensing review is to verify that the security plans describe the programmatic security elements necessary to provide an effective security program in accordance with regulatory requirements. In contrast, the objective of a security inspection is to verify that implementation of site security programs meets the requirements in the security licensing basis.

The DPO submitter has expressed the concern that security plan requirements, consisting of written descriptions within the plans, will be eroded over time if the NRC relies on inspection to evaluate security plan changes made by licensees without prior NRC approval. Inspection focuses on effectiveness of implementation (site procedures), and not on the adequacy of the security plan written descriptions. The DPO submitter is therefore concerned that inspection activities measure the wrong attributes for determining the adequacy of security plan descriptions, which is inherently a licensing review. This is discussed further under Issue 3.

A second concern is that the security licensing basis becomes unclear as licensees change their security plans without NRC approval. Although the DPO submitter recommended removing the word prior from 10 CFR 50.54(p)(2), it is included in the statement of this issue to distinguish NRC approval that occurs as part of a license amendment from NRC tacit approval that is perceived to occur after a licensee implements a security plan change without prior NRC approval. Once the licensee reports a change implemented without prior NRC approval, should the NRC not object to the change, the licensee and many within the NRC consider the new plan to have superseded the previous plan in the licensing basis.

For example, security inspectors indicated that they inspect the licensees security program for compliance with requirements in the current plan, without considering previous security plans.

The third concern is that the lack of clarity in the regulatory framework creates uncertainty for inspectors, particularly with respect to enforcement. If a licensees implemented security program fails to meet regulatory requirements, but meets the licensees security plan requirements, it is unclear if the NRC will have to perform a backfit analysis to determine whether or not to enforce a security regulation. If a licensee implements a security plan change without NRC approval, and the NRC does not recognize that the change decreased security plan effectiveness and thus does not object, perhaps so.

Some security specialists interviewed by the DPO Panel stated that only those changes to security plans supported by a SER) properly change a licensees licensing basis. Others stated that security plans are a condition of the license, and therefore all changes to the security plan consistent with NRC regulations change a licensees licensing basis.

The DPO Panel agrees that it is not clear whether or not a 10 CFR 50.54(p)(2) security plan change is a change to the licensees licensing basis. The DPO Panel agrees that the written descriptions in NRC-approved security plans are part of the site licensing basis. The DPO Panel agrees that the lack of clarity in the regulatory framework blurs the line between licensing and oversight and creates uncertainty with respect to enforceability of security plans and associated regulatory requirements.

The DPO Panel view is that security plan changes implemented without prior NRC approval which should have properly been approved prior to implementation through a license amendment (i.e., decrease

in safeguards effectiveness of a security plan, alternative measure, exemption) are not approved (tacitly nor explicitly) by the NRC. Such security plan changes, should they constitute a decrease in security plan effectiveness, are subject to enforcement action to restore compliance. However, the DPO Panel acknowledges that backfit concerns will likely arise if NRC is slow to identify that a security plan change decreased safeguards effectiveness of the plan.

Issue 3:

The DPO submitter asserts that NRC approval of a licensees security plan is predicated on the plan containing the appropriate programmatic security elements needed to implement applicable NRC security requirements. Inclusion of the appropriate programmatic security elements in the security plan is necessary to enable the NRC to determine that the facility can be operated in a safe and secure manner that is not inimical to the common defense and security and does not constitute an undue risk to public health and safety. If a security plan change implemented in accordance with 10 CFR 50.54(p)(2) does not contain or adequately describe the required programmatic security elements, the NRC is unable to determine if the security plan adequately meets NRC security requirements. The incorporation of these inadequately documented changes constitutes a decrease in the safeguards effectiveness of the plan.

Licensees are currently not required to correct the deficient security plan text associated with a 10 CFR 50.54(p)(2) change.

Discussion and

Conclusions:

The NRCs regulations do not define what constitutes an approval of a licensees security plan or modifications to its security plan. There are two principal methods by which a licensee may make changes to their security plan. In accordance with 10 CFR 50.54(p)(1), a licensee must obtain Commission approval for any change that decreases the safeguards effectiveness of the plan. This is accomplished by the licensee submitting an application for amendment to the license under 10 CFR 50.90. Requests for approval of alternative measures in accordance with 10 CFR 73.55(r) must also be submitted for NRC approval using the 10 CFR 50.90 license amendment process. In both cases, the NRC reviews the amendment request and then develops and issues a SER documenting its analysis of the amendment request and the basis for approving or denying the request. This process results in a clear and logical analysis documenting the NRCs approval of a security plan change.

In accordance with 10 CFR 50.54(p)(2), licensees may make changes to their security plans without prior Commission approval if the change does not decrease the safeguards effectiveness of the plan. Licensees must provide a report describing that change to the NRC within two months. NRC security specialists review that report but do not prepare a SER documenting their analysis of that report or the security plan change described in the report. Currently, security specialists reviewing these reports are limited to concluding if the change appears to or does not appear to decrease the safeguards effectiveness of a licensees security plan. This process does not result in a clear and logical analysis documenting the NRCs approval of the security plan change.

There is not a clear and consistent understanding of what constitutes an NRC approved security plan.

According to several security inspectors interviewed by the DPO Panel, licensees typically believe that any 10 CFR 50.54(p)(2) change not objected to by the NRC is approved and becomes part of the licensees NRC approved security plan. NSIR security specialists articulated during interviews that the lack of specificity in the rule allows for inconsistencies in the level of information that is provided by licensees for security plan changes. NSIR security specialists also identified during interviews that the evaluation of whether or not safeguards effectiveness is maintained is completed by using a series of

reviewer documents (e.g., requirements, SRPs, accepted-for-use industry documents), experience, and professional judgment.

According to the DPO submitter and several of the security specialists interviewed by the DPO Panel, approval of a security plan change requires a formal process supported by an adequate analysis that is properly documented. The DPO submitter takes the position that without such supporting analysis and documentation, the 10 CFR 50.54(p)(2) change is not approved and incorporation of such a change into the licensees security plan could decrease the safeguards effectiveness of the plan. Some reviewers believe that a formal review of security plan changes ensures that licensees maintain their licensing basis, which was established in the 2004 SERs that were written by NSIR staff for the implementation of several post 9/11 orders. During the interviews, it was also communicated that reviews of security plan changes are a licensing function and not an inspection activity because the emphasis of the review is on the adequacy of plan descriptions and not site procedures and practical implementation by a site security organization.

Security inspectors interviewed by the DPO Panel indicated that the information compiled by licensing reviewers to support 10 CFR 50.54(p)(2) reviews was accessible via NSIR SharePoint sites, but that that information was not being used to support baseline inspections. In certain instances, inspectors have been asked to support headquarters 10 CFR 50.54(p)(2) reviews with the collection of certain information during baseline inspections to assist NSIR staff in their determinations of whether or not safeguards effectiveness was maintained for specific security plan changes. During one interview, a physical security inspector stated that the determination of whether or not safeguards effectiveness is maintained is not resolved by completing determinations during performance-based inspections because these types of activities are not designed to evaluate specific changes to a security plan (e.g., reduction of armed response team members and the use of different types of equipment). Security inspectors do not routinely determine if a 10 CFR 50.54(p)(2) change incorporated into a licensees security plan has been approved by the NRC. They conduct their inspections using the current plan provided to them by the licensee to determine if the licensee is in compliance with the plan and existing NRC regulations. These inspectors assume that the security plan provided to them is the plan approved by the NRC.

The DPO panel agrees that the security plan description of appropriate programmatic elements is necessary to demonstrate the adequacy of the security plan, and that deficient descriptions in the security plan constitute a decrease in security plan effectiveness. The DPO panel agrees that the current practice for 10 CFR 50.54(p)(2) reviews does not enable headquarters licensing staff to compel licensees to correct deficient text.

There were several views shared by the physical security inspectors and headquarters security specialists to revise the process for determining whether or not safeguards effectiveness is maintained for a security plan:

  • The 10 CFR 50.54(p)(2) reviews should be a combined effort between headquarters security specialists and regional inspectors.
  • Develop more effective criteria and guidance for conducting 10 CFR 50.54(p)(2) reviews to align more closely with the criteria and guidance for the10 CFR 50.54(q) change process.

Issue 4:

The records retention requirements in 50.54(p)(2) are inconsistent with the record retention requirements

relating to security plans in 10 CFR 73.55(q)(2).

Discussion and

Conclusions:

The DPO submitter asserts that the records retention requirements in 10 CFR 50.54(p)(2) are inconsistent with the similar records retention requirements in 10 CFR 73.55(q)(2). The DPO submitter does not discuss any potential consequences of this alleged inconsistency. In addressing this assertion, the DPO Panel reviewed the relevant regulatory language as well as the statements of consideration for these two regulatory provisions.

The relevant regulatory language in 10 CFR 50.54(p)(2) requires that licensees maintain records of changes to the plans made without prior Commission approval for a period of three years from the date of the change. A plain reading of the regulatory language implies that a licensee may dispose of these records once the three-year retention period has expired. The regulatory language in 10 CFR 73.55(q) states: The licensee shall maintain all records required to be kept by Commission regulations, orders, or licensee conditions, until the Commission terminates the license for which the records were developed, and shall maintain superseded portions of these records for at least three (3) years after the record is superseded, unless otherwise specified by the Commission. (emphasis added) A plain reading of this regulatory language implies that relevant records must be kept until the license is terminated or for three years after the record has been superseded.

On its face, this would appear to be an inconsistency between the two record keeping requirements.

However, the regulatory language in 10 CFR 73.55(q)(2) contains the phrase unless otherwise specified by the Commission. In promulgating the regulatory requirements in 10 CFR 50.54, the Commission has specified a retention period for records associated with 10 CFR 50.54(p)(2) changes that differs from the retention period specified in 10 CFR 73.55(q)(2). Therefore, the DPO Panel has determined that there is no inconsistency between 10 CFR 50.54(p)(2) and 10 CFR 73.55(q)(2).

Issue 5:

The requirements for the submission of a report in 50.54(p)(2) are inadequate.

Discussion and

Conclusions:

Licensees are required to submit a report to the NRC containing a description of each change made in accordance with 10 CFR 50.54(p)(2) within 2 months after the change is made. The regulation does not specify what information should be included in the report.

Since the review of security plans submitted after the 2009 security rulemaking, NSIR staff continued to review each 10 CFR 50.54(p)(2) change to confirm that licensees appropriately concluded that the changes did not decrease the safeguards effectiveness (i.e., the program and/or requirements) of their Commission-approved security plans. The NSIR staff review verified that changes to security programs did not result in (1) a noncompliance or violation of established regulatory requirements, or (2) reduced or decreased availability or reliability of security measures (systems, personnel, or programs) previously established by license condition or by Commission-approved security plans. The NSIR technical review consisted of: (1) comparing specific changes with descriptions of programs and obligations in Commission-approved security plans, (2) (if provided) reviewing the adequacy of the licensees evaluation of changes, (3) reviewing the consistency of changes with staff guidance, including generic communications such as information notices and security advisories, security frequently asked questions, and NSIR Reports on Interaction, (4) reviewing changes with descriptions in NRC-endorsed Nuclear

Energy Institute (NEI) security plan templates or guidance, (5) reviewing consistency of changes with NRC-approved alternatives or amendments specific to the site, and (6) reviewing compliance of changes with regulatory requirements (including NRC orders).

Reviewers identified significant issues or concerns, including possible omissions, to ensure that regulatory requirements were met by security statements or obligations described in the security plans. The items were discussed with a branch chief before the items were discussed with a licensee.

During this process, issues have been communicated with licensees through clarification teleconferences during which licensees discussed the changes to their security plans. In certain instances, licensees agreed to change certain security plan descriptions to clarify the change that was previously submitted through the 10 CFR 50.54(p)(2) process. For a short period several years ago, NRC headquarters staff were interacting with licensees through requests for additional information with docketed licensee responses.

In both approaches, when headquarters staff were unable to determine that a specific change maintained safeguards effectiveness, regional inspector support was requested to assist with resolving open items from a review. Currently, NSIR staff do not engage licensees for 10 CFR 50.54(p)(2) security plan changes.

During this DPO process, interviewees have indicated to the DPO Panel that relevant staff guidance documents currently do not provide adequate guidance on the type of information that should be included in a 10 CFR 50.54(p)(2) report. Due to this lack of clarity in the regulatory requirement and associated guidance, licensees have provided a range of information in their reports. Some licensee descriptions have provided a table of changes for the submitted security plan and the page(s) where change(s) were completed. Other licensees have provided reports that contained the information described previously and an evaluation of how safeguards effectiveness of the plan was maintained for each change. The lack of guidance for staff and licensees has created inconsistent approaches for submitting and reviewing 10 CFR 50.54(p)(2) reports which has led to an inability to determine if safeguards effectiveness was maintained in each security plan change.

The DPO panel agrees that the 10 CFR 50.54(p)(2) report requirement is inadequate because it lacks clarity concerning the information that is required within the report and if this information is required to demonstrate how safeguards effectiveness is maintained in a security plan change.

The DPO Panel is aware that the proposed decommissioning rulemaking currently before the Commission has proposed changes to the 10 CFR 50.54(p)(2) language to more closely align with the language in 10 CFR 50.54(q). The revised regulation would require the submission of a summary of an analysis of the security plan change to demonstrate that a change does not decrease the safeguards effectiveness of the security plan. These proposed changes would help address the lack of clarity for what is described within a submitted 10 CFR 50.54(p)(2) report.

Conclusion The DPO Panel concludes that the 10 CFR 50.54(p)(2) process lacks clarity, leading to ambiguity in the security licensing basis and blurring the distinction between licensing activities and inspection activities.

The DPO submitter recommended that the agency resolve the identified issues with the regulatory framework for power reactor licensee security plan change control using one of two options: (1) clarify that 10 CFR 50.54(p)(2) implies that the Commission will review and approve security plan changes

implemented by licensees without prior Commission approval after the required report is received, ensure that NRC staff review such security plan changes to identify any plan language deficiencies, treat such deficiencies as a decrease in security plan effectiveness, and clarify that licensees are required to correct such deficiencies; or (2) conduct rulemaking to revise 10 CFR 50.54(p)(2) to clarify its language and remove the requirement for licensees to submit a report of changes made to security plans without NRC approval, which would remain subject to inspection.

DPO Panel Recommendations The DPO Panel recommends that:

1. agency management support the changes to 10 CFR 50.54(p) that are in the decommissioning rule.
2. agency management clarify whether or not a 10 CFR 50.54(p)(2) change results in a change to a licensees licensing basis.
3. agency management support the development of effective guidance for reviewing security plan changes.
4. agency management implement one of the following two options:
a. continue security plan change reviews by security licensing reviewers at HQ, with greater ability to follow up with licensees to correct deficient security plan descriptions or other issues when concerns are identified and with regional inspection staff as needed for inspection follow-up (preferred), or
b. terminate reviews by security licensing reviewers at HQ, and incorporate a review of security plan changes into the security baseline inspection program, including revisions to inspection procedures and training on licensing review skillsets to meet the new inspection requirements and to ensure consistency across regions.

Document 4: DPO Decision February 1, 2019 MEMORANDUM TO: Dennis Gordon, Reactor Security Specialist Reactor Security Branch Division of Physical and Cyber Security Policy Office of Nuclear Security and Incident Response FROM: Brian E. Holian, Director /RA/

Office of Nuclear Security and Incident Response

SUBJECT:

DIFFERING PROFESSIONAL OPINION REGARDING POWER REACTOR LICENSEE CHANGES TO SECURITY PLANS SUBMITTED UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS 50.54(P)(2) (DPO 2018-003)

On May 3, 2018, in accordance with Management Directive 10.159, The NRC Differing Professional Opinions Program, you submitted a differing professional opinion (DPO) involving the U.S. Nuclear Regulatory Commissions (NRC) implementation of the regulatory framework governing power reactor licensee changes to security plans submitted under Title 10 of the Code of Federal Regulations (10 CFR) 50.54(p)(2). Specifically, you stated that there is a lack of a clear and understandable regulatory framework governing the Commissions meaning and intent for security plan changes submitted under the provisions of 10 CFR 50.54(p)(2) relative to Commission-approved security plans, security plan content/description requirements, baseline inspection activities, and records collection requirements. The purpose of this memorandum is to respond to your DPO.

On May 17, 2018, a DPO Ad Hoc Review Panel (the Panel) was established and tasked to meet with you, review your DPO submittal, and issue a DPO report, including conclusions and recommendations to me regarding the disposition of the issues presented in your DPO. On November 15, 2018, after reviewing the applicable documents, completing internal interviews of relevant individuals and completing their deliberations, the Panel issued their report to me.

In order to make a decision with regard to your DPO, I reviewed your DPO submittal and the Panels report, and had brief discussions with you and the Panel chair.

CONTACT: David Curtis, NSIR/DPCP (301) 287-3607

D. Gordon Statement of Concerns Identified by the Panel

1. The existing regulatory framework for the 10 CFR 50.54(p)(2) change process lacks clarity.
2. A licensees prior approved security plan becomes part of the site licensing basis.

Therefore, it is critical for the security plan to contain adequate written descriptions of how the licensee intends to implement required programmatic elements rather than relying on implementation of the plan through site procedures.

3. Approval of the security plan is predicated on the plan containing appropriate programmatic elements to implement applicable security requirements.
4. The record retention requirements in 10 CFR 50.54(p)(2) are inconsistent with the record retention requirements relating to security plans in 10 CFR 73.55(q)(2).
5. The requirements for the submission of a report in 10 CFR 50.54(p)(2) are inadequate.

Panel Recommendations The Panel offered the following four recommendations regarding the DPO (additional detail and bases regarding each recommendation is provided in the enclosed Panel Report):

1. Agency management should support the changes to 10 CFR 50.54(p) that are in the decommissioning rule.
2. Agency management should clarify whether a 10 CFR 50.54(p)(2) change results in a change to a sites licensing basis.
3. Agency management should support the development of effective guidance for reviewing security plan changes.
4. Agency management should implement one of the following two options:
a. Continue security plan change reviews by security licensing reviewers at HQ

[headquarters], with greater ability to follow up with licensees to correct deficient security plan descriptions or other issues when concerns are identified and with regional inspection staff as needed for inspection follow-up (preferred); or,

b. Terminate reviews by security licensing reviewers at HQ, and incorporate a review of security plan changes into the security baseline inspection program, including revisions to inspection procedures and training on licensing review skillsets to meet the new inspection requirements and to ensure consistency across regions.

After considering all the information, I agree in principle with the recommendations provided by the Panel. They have thoroughly and conscientiously endeavored to address your articulated concerns. I have the following comments, additions, and clarifications to the recommendations.

Regarding Recommendation 1, management has already concurred on the proposed decommissioning rule that includes changes to 10 CFR 50.54(p). To the extent that the Commission directs those changes to move forward in the rulemaking process and based on

D. Gordon public comment resolution, those changes would create a definition in regulation for the term decrease in safeguards effectiveness.

Regarding Recommendation 2, I have directed staff to enhance existing guidance for processing of 10 CFR 50.54(p(2 change reports submitted by licensees. Within that guidance, I have directed staff to clarify the impact of a 10 CFR 50.54(p(2 change to a sites licensing basis. Section 50.54 of 10 CFR is entitled Conditions of licenses and 10 CFR 50.54(p(2 makes as a condition of power reactor licenses that they may make changes to the plans without prior Commission approval if the changes do not decrease the safeguards effectiveness of the plan. Paragraph 73.55(a(3 of 10 CFR states that the licensee is responsible for maintaining the onsite physical protection program in accordance with Commission regulations through the implementation of security plans and written security implementing procedures (emphasis added). Historic agency practices indicate that 10 CFR 50.54(p(2 changes generally do result in a change to the sites licensing basis. In confirming my understanding, I have directed staff to coordinate with appropriate internal stakeholders and consider the comparison of 10 CFR 50.54(p to other change processes (e.g. 10 CFR paragraphs 50.54(a, 50.54(q, and section 50.59. I further directed staff to document this understanding in the updated guidance.

Regarding Recommendation 3, I have directed staff, in the updated guidance discussed in the response to Recommendation 2, to address how submitted reports should be periodically sampled for review, including the frequency and percentage of that sampling and how the sampling should be documented. This will be a change from some historical staff reviews that included extensive review scopes, and development of detailed staff reports. The guidance will also clarify how a 10 CFR 50.54(p(2 submission review differs from a license amendment review. I have directed staff that the guidance will indicate that the scope of a 10 CFR 50.54(p(2 review is to determine whether the change results in a decrease to the effectiveness of the security plans.

Regarding Recommendation 4, I have directed staff to implement a variant of the Panels preferred option a: continue security plan change reviews by security licensing reviewers at HQ, with greater ability to follow up with licensees to correct deficient security plan descriptions or other issues when concerns are identified and with regional inspection staff as needed for inspection follow-up. In the response to Recommendation 2, I noted that the purpose of 10 CFR 50.54(p(2 changes is to allow licensees to make changes to their security plans within certain limits. The updated guidance for the 10 CFR 50.54(p(2 submission review process described in the Recommendation 2 response will include discussion on follow-up activities between inspection staff at HQ and in the regions to assess specific security measures that have been modified by a licensee to evaluate if the licensee has decreased safeguards effectiveness. If there are questions after the HQ and regional interaction, then additional interaction with the licensee may be warranted.

The Panel identified a final concern that you raised in your DPO regarding inconsistency in the records retention requirements between 10 CFR 50.54(p(2 and 10 CFR 50.54(q(2. The Panel concluded, and I agree, that there is no inconsistency.

Thank you for raising your DPO and for your active participation in the DPO process. An open and thorough exploration of how we carry out our regulatory processes is essential to keeping these programs effective. Your willingness to raise concerns with your colleagues and

D. Gordon managers to ensure that your concerns are heard and understood is admirable and vital to ensuring a healthy safety culture within the NRC.

Enclosure:

DPO-2018-003 Panel Report Final, dated November 15, 2018 (ADAMS Accession No. ML18319A161)

D. Gordon DIFFERING PROFESSIONAL OPINION REGARDING POWER REACTOR LICENSEE CHANGES TO SECURITY PLANS SUBMITTED UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS 50.54(P)(2) (DPO 2018-003) DATED: FEBRUARY xx, 2019 DISTRIBUTION:

R. Felts, NRR V. Williams, NSIR N. St. Amour, OGC M. Sampson, NSIR D. Curtis, NSIR S. Helton, NSIR J. Lubinski, NSIR I. Gifford, OE G. Figuerosa-Toledo, OE G. Wilson, OE ADAMS Accession No.: ML19030B735

Retrieved from "https://kanterella.com/w/index.php?title=ML19085A043&oldid=1911645"