Text

NRC INSPECTION MANUAL NSIR/DSO INSPECTION PROCEDURE 71130.09 SECURITY PLAN CHANGES Effective Date: 01/01/2020 PROGRAM APPLICABILITY: IMC 2201, App A 71130.09-01 INSPECTION OBJECTIVES 01.01 To verify that changes to the licensees security plans have not decreased the safeguards effectiveness as required by Title 10 of the Code of Federal Regulations (10 CFR) 50.54(p)(2).

01.02 To verify and assess licensee implementation of the change process in accordance with 10 CFR 50.54(p)(2).

71130.09-02 INSPECTION REQUIREMENTS General Guidance Each application for an operating license subject to the provisions of 10 CFR 73.55, must include a Physical Security Plan, Training and Qualification Plan, a Safeguards Contingency Plan, and a Cyber Security Plan. These four plans describe the licensee's physical protection system/program that will be used (or implemented) to prevent radiological sabotage in accordance with the Commission requirements. These plans are collectively referred to as the "Security Plan.

The licensee can change an element of the plan if an evaluation is performed to demonstrate that the plan change continues to ensure the licensees capability for detection, assessment, interdiction, and neutralization is maintained to adequately protect against the design basis threat (DBT) of radiological sabotage. This change can be submitted as a 10 CFR 50.54(p)(2) change if, in addition to the above, the change meets all regulations and considers site specific conditions (site characteristics, location, size, etc.). If a plan change can meet these criteria, it is not considered a decrease in safeguards effectiveness. If the change cannot meet these criteria, it must be submitted as a license amendment request under 10 CFR 50.90 and receive NRC approval prior to implementation.

The licensees determination regarding whether the change constitutes a decrease in safeguards effectiveness is used by the licensee to determine whether the licensee has the authority to implement the change without prior NRC approval under 10 CFR 50.54(p)(2), or must submit for prior NRC-approval under 10 CFR 50.90.

Issue Date: 01/29/20 1 71130.09

Licensee submittals that require NRC-approval, such as amendments, are not subject to this inspection procedure and will be reviewed and approved by Office of Nuclear Security and Incident Response (NSIR).

The NRCs inspection of 10 CFR 50.54(p)(2) plan changes should verify that changes to security programs did not result in: (1) a noncompliance or violation of established regulatory requirements; (2) an adverse impact to the licensees ability to detect, assess, interdict, and neutralize to protect against the DBT of radiological sabotage; and (3) a site-specific vulnerability.

As an example, a licensee has 15 armed responders, which exceeds the minimum number of required armed responders of ten in 10 CFR 73.55(k). The licensee submits a 10 CFR 50.54(p)(2) change to reduce the number to ten. Since the regulatory requirements are considered the baseline for the change threshold, the licensee could use 10 CFR 50.54(p)(2) to reduce the number to ten, if the site-specific evaluation determines that the requirements of 10 CFR 73.55 are met, and no adverse impact to the licensees capability to detect, assess, interdict, and neutralize results from the change.

To prepare for inspection activity, inspectors should review the previous security plan revision in effect at the time of the last baseline inspection to gain a better understanding of the nature of the changes.

If the inspector anticipates the inspection of all security plan changes would likely exceed the 8-hour resource allocation, the inspector should contact NRC Headquarters (HQ) NSIR for support.

This procedure can be conducted in-office, on-site, or a combination of both.

02.01 Review Security Plan Changes For this portion of the inspection, the inspector(s) should review the licensees documented security plan. The inspector(s) should also review all security plan changes that have been submitted to the NRC since the last inspection.

a. Verify the licensee submits reports associated with security plan change(s) under 10 CFR 50.54(p)(2) to the NRC within two months after the change has been made.

(10 CFR 50.54(p)(2))

Specific Guidance Inspector(s) should review the report, submitted by the licensee to the NRC, that documents the change associated with licensees implementation of its physical protection program. The inspector(s) should verify that the submittal was provided to the NRC within the required two-month period.

b. Assess each licensee-submitted security plan change to verify that the change(s) does not decrease the safeguards effectiveness of the plan. (10 CFR 50.54(p)(2))

Specific Guidance Inspector(s) should request supporting documentation that demonstrates the change does not represent a decrease in safeguards effectiveness of the security plans and how the change continues to provide reasonable assurance through the effective Issue Date: 01/29/20 2 71130.09

implementation of the security plans and site protective strategy. Types of documentation may include drill and exercise reports, self-assessments, blast analyses, maps, corrective action documentation, procedures, and lesson plans.

The inspector shall perform an in-depth review of selected items within the security plan change which could potentially result in a decrease in safeguards effectiveness. Selected items for review should not be administrative (e.g.,

typographical corrections).

c. Verify that prior to implementing the plan change(s), the licensee ensured all safeguards capabilities specified in the safeguards contingency plan are available and functional. (10 CFR 50.54(p)(2)(i))

Specific Guidance For inspection of this requirement, inspector(s) should review documentation that describes the licensees implementation of the plan change. This documentation should cover areas of implementation such as impacts associated with contingency response, physical protective measures, communication capabilities, and other areas that may have been impacted by the change. The inspector(s) should conduct interviews with security personnel responsible for implementing the plan change. The inspector(s) may also request that the licensee provide a protective strategy overview/briefing that addresses the impacts of the plan change(s) on the site protective strategy and all supporting physical protection measures and security equipment that the licensee employs in support of its protective strategy. The documentation review should provide insights pertaining to the plan changes impacts to the licensee's protective strategy and should support the completion of the inspection requirements within this section.

d. Verify that the licensee has developed new or revised procedures according to Appendix C to Part 73 associated with the plan change(s), as appropriate. (10 CFR 50.54(p)(2)(ii))

Specific Guidance Inspector(s) should review licensee procedures associated with recent plan changes. Specifically, inspectors should ensure the procedures reflect the plan change and align with licensee implementation practices. Inspectors should consider conducting observations of activities associated with the plan change to verify the licensee implementation aligns with the plan change(s).

e. Verify that licensee personnel impacted by the plan change(s) have been trained to respond to safeguards events as outlined in the plan and specified in procedures.

(10 CFR 50.54(p)(2)(iii))

Specific Guidance Inspector(s) should conduct interviews with a sample of licensee personnel to determine the methodology the licensee used to ensure it has appropriately trained the personnel responsible for implementation of the plan change(s). Additionally, the inspector(s) should review training material (i.e. lesson plans, briefing materials, computer-based training) developed to provide training to licensee personnel responsible for implementing the plan change(s).

Issue Date: 01/29/20 3 71130.09

71130.09-03 PROCEDURE COMPLETION The security plan change reviews should be documented in an inspection report in accordance with Inspection Manual Chapter 0611. Performance of this inspection procedure change review does not constitute approval of the security plan changes. Sample documentation wording for security plan changes with no apparent decrease in safeguards effectiveness is as follows:

Since the last NRC inspection of this program area, Security Plan Revision(s) XX to XX were implemented based on your determination, in accordance with 10 CFR 50.54(p)(2),

that the changes resulted in no decrease in safeguards effectiveness of the security plan, and that the revised security plan changed continues to meet the requirements of 10 CFR 73.55(b). The inspectors conducted a review of the security plan changes to evaluate for potential decrease in safeguards effectiveness of the security plan.

However, this review does not constitute formal NRC approval of the changes.

Therefore, these changes remain subject to future NRC inspection in their entirety.

This procedure is considered complete when the inspection requirements listed in the procedure have been satisfied.

71130.09-04 RESOURCE ESTIMATE The resource estimate for completion of this procedure consists of a range between 6-8 hours of direct inspection effort per sample. The resource allocation includes one or multiple security plan changes that have been submitted to the NRC since the last inspection.

The frequency at which this inspection activity is to be conducted is annually (once per year).

The sample size for this procedure is one.

Issue Date: 01/29/20 4 71130.09

Attachment 1 - Revision History for Inspection Procedure 71130.09, Security Plan Changes Comment Resolution and Description of Commitment Accession Number Closed Feedback Training Tracking Issue Date Description of Change Form Accession No.

Required and Number Change Notice (Pre-Decisional, Non-Public Completion Date Information)

Prior to October 2006, NRC regional inspectors had the discretion to audit security plan changes ML040680601 made under 10 CFR 50.54(p) during the normal N/A 02/19/04 N/A N/A inspection cycle in accordance with CN 04-007 IP 71130.06. IP 71130.06 Inspection of Security Plan Changes was rescinded.

ML040680626 Document issued as Non-publicly available IP N/A 02/19/04 N/A ML080030435 for inspection of owner controlled area controls.

CN 04-007 ML083450113 IP deleted as owner-controlled-area controls, all N/A 12/10/08 inspection requirements were added to IP N/A N/A CN 08-035 71130.05.

Licensee Performance Evaluation Program IP ML12353A490 issued as a Pilot; following the pilot period N/A 03/13/13 N/A ML12353A596 requirements were combined into IP 71130.05 CN 13-009 for efficiency and Pilot IP deleted.

IP deleted as Licensee Performance Evaluation 12/13/13 Program - all inspection requirements were CN 13-029 added to IP 71130.05.

Issue Date: 01/29/20 Att1-1 71130.09

Comment Resolution and Description of Commitment Accession Number Closed Feedback Training Required Tracking Issue Date Description of Change Form Accession No.

and Completion Number Change Notice (Pre-Decisional, Non-Public Date Information)

Inspection procedure developed for inspection Briefings are ML19276D748 of security plan changes marking a transition of being conducted N/A 01/29/20 review associated with security plan changes with Inspectors ML19276D751 CN 20-006 from Headquarters staff to their regional during the month counterparts. of January 2020 Issue Date: 01/29/20 Att1-2 71130.09