ML20067C017
| ML20067C017 | |
| Person / Time | |
|---|---|
| Site: | Monticello  |
| Issue date: | 02/16/1994 |
| From: | Richard Anderson NORTHERN STATES POWER CO. |
| To: | NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM) |
| References | |
| NUDOCS 9402250245 | |
| Download: ML20067C017 (6) | |
Text
..-,...
i Northem States Power Company 414 Niconet Mall Minneapolis, Minnesota 55401 1927 Telephone (612) 330-5500 February 16, 1994 10 CFR Part 2 Section 2.201 U.S.
Nuclear Regulatory Commission ATTN:
Document Control Desk Washington, DC 20555 MONTICELLO NUCLEAR GENERATING PLANT Docket No. 50-263 License No. DPR-22 Reply to a Notice of tiolation Contained in NRC Inspection 11epo r t Jo. 50-263/93019 Conc ernina Uncontrolled Safecuards Information Pursuant to the provisions of 10 CFR Part 2, Section ::.201, our reply to the notice of violation contained il your letter of Janua:*y 19, 1994 is provided as Attachment A.
The event that led to this violation was also the subject of Licensee Event Report (LER) 93-009-00, which was submitted to the NRC on September 27, 1993.
A number of the corrective actions discussed in the attached violation response were previously identified as commitments in the LER 93-009-00 transmittal letter.
We will continue to track those actions against LER 93-009-00 to avoid duplication.
This letter contains no new NRC commitments.
Please contact Terry Coss, Sr Licensing Engineer, at (612) 294-1449 if you have any questions or wish further information concerning this matter.
f7
/
44 0,
/
Roc >r O Anderson Director Licensing and Management Issues c:
Regional Administrator, Region III, NRC Senior Resident Inspector, Mcnticello NRC NRR Project Manager, NRC J Silberg Attachments:
- Affidavit to the US Nuclear Regulatory Commission
- Reply to Notice of Violation 2 on i e c, l-9402250245 940216 PDR ADOCK 05000263
(
0 PDR 1\\
/
e t
f UNITED STATES NUCLEAR REGULATORY COMMISSION NORTHERN STATES PvWER COMPANY MONTICELLO NUCLEAR GENERATING PLANT DOCKET NO. 50-263 I
Reply to a Notice of Violation Contained in NRC Inspection Peport No. 50-263/93019 Concerd na Uncontrolled Safecuards Information I
Northern States Power Company, a Minnesota corporation, hereby provides the l
required response to the Notice of Violation associated with NRC Inspection Report 50-263/93019. The Notice of Violation was transmitted to NSP via a letter from John B. Martin, NRC Region III Regional Administrator, to Dcuglas l
Antony, Northern States Power Company, on January 19, 1994.
Thio letter contains no restricted or other defense information.
i NORTHERN-TATES POWER COpPANY t -
By
//
/g;
[M1, ger O Anderson Director Licensing & Management Issues l
On this ay of 8 ARCbT f
before me a notary public in and for said County, personally appt ed Roger O Anderson, Director, Licensing and Manaoement Isoues, and beibg first duly sworn acknowledged that he is i
autnorized to execute this document on behalf of Northern States Power Company, that he knows the contents thereof, and that to the best of his j
knowledge, information, and belief the statements made in it are true and that it is not interposed for delay.
/
/
- ~vawa*vww.w wwywwwyf v
f%
JCY L CAPPER:CK
'IU d NOTARY MgUC y;g{3g3
? MS #
ANOK A COUNTv 9 Ceeco Expu sm; 2, w wwwwvwvwsw wwww.
I 1
i i
k t
i i
Attachment A
[
+
Page 1 February 16, 1994 4
REPLY TO NOTICE OF VIOLATION i
Violation (Severity Level III (Supplement III))
"10 CFR 73.21(d) requires, in part, that while in use, matter containing-l Safeguards Information shall be under the control of an authorized individual and that, while unattended, it shall be stored in a locked security storage container.
l l
10 CFR 50.73.21,'a requires, in part, that each document or other matter that contains Safeguards Information shall be marked ' Safeguards Information' in a conspicuous manner to indicate the presence of protected information.
l t
contrary to the above, on August 26, 1993, a computer diskette containing Safeguards Information, was not under the control of an j
authorized individual and it was not stored in a locked security container.
(01013)
J g
Th2s is a Severity Level III violation (Supplement III). "
I 1
i HSP Peopo.Dse:
i i
NSP acknowledges the above violation. The reasons for the violation, as well as corrective actions taken and actions planned to prevent recurrence, are discuooed below.
Beasoq_ Lor the VJolatioD:
Our investigation concluded that several factors contributed to this i
violation.
Licensee Event Report (LER) 93-009-00, which was submitted on l
September 27, 1993 cnneerning this same event, reported that the primary cause of the event was a lack of adequate procedures for control of Safeguards Information at the time the drawings were generated through the drafting i
process.
The drawings on the uncontrolled diskette were created in July of 1990.
At that time, different and less-stringent requirements were in place for the control of Safeguards Information drawings developed via the computer drafting system.
Since that time, significant procedural improvements have
[
been implemented concerning the control of Safeguards Information stored on computerized media that would prevent a similar occurrence.
I LER 93-009-00 noted that a contributing cause of this event was insufficient corrective actions in response to a Quality Assurance Finding regarding.the A-1
~.
l, i
Attachment A Page 2 February 16, 1994 computerized control of Safeguards Information drawings.
On August 16, 1991, a Power Supply Quality Assurance audit finding identified the control of
(
Safeguards Information on computerized media as a concern.
The Safeguards j
Information control procedural improvements noted above were developed and i
implemented in response to the audit finding.
However, at the time of the I
finding there was no effort made to review all existing drafting department
?
diskettes and other computerized media to ensure proper control of Safeguards Information.
If this action had been taken, the subject diskette would have
.i been identified prior to the drafting group moving outside of the Protected Area in late 1991.
This would have significantly reduced the length of time the diskette was uncontrolled.
As indicated in your letter of January 19, 1994, other contributing causes were discussed at the December 2, 1993 enforcement conference.
These
{
additional contributing causes involved a lack of oversight of the contract drafting group by NSP and a failure to adequately train the drafting group on how to handle, process, mark, protect, and destroy Safeguards Information.
}
I Corrqrtive Action Taken and Results Achieved 1.
Immediate corrective Actions (first hours after discovery):
a.
Patrols of the Protected Area and the Owner Controlled Area were-l immediately conducted to check for any. unauthorized, suspicious, l
or threatening activities.
None were identified.
I i
b.
All Security Officers on shift were briefed regarding the details l
of the incident and the possible implications.
An EOF /ONS report was run { listing of personnel on site) and reviewed against the badge rack to ensure all personnel on site were properly authorized.
c.
Heightened Security Awareness measures were determined and
)
implemented in response to the potential compromise of significant Safeguards Information.
Based on the results'of the event investigation and the determination that there was no malevolent or deliberate intent, these measures were discontinued at 1030 on 9/16/93.
d.
Badges of the individuals involved in the incident were placed on hold pending further investigation.
Based on the results of the investigation this hold was subsequently lifted.
A-2 i
i i
l e
l Attachment A Page 3 February 16, 1994 2.
Subsequent Corrective Actions:
a.
Investigators from the Corporate Security services department were called in the following morning to investigate the event.
The draftsman's computer hardware and the destroyed diskette were i
controlled and sent to a D.O.D.
approved facility to attempt recovery of destrcyed and deleted information.
This was done in an effort to verify that the information was indeed the Vulnerability Assessment drawings, and therefore significant Safeguards Information. Attempts to recover destroyed and deleted information from the computer media were unsuccessful.
b.
All diskettes from the drafting area were collected and reviewed l
for any cther Safeguards Information.
In addition, the hard drives of all work stations in the drafting area were checked for Safeguards Information.
No additional problems with uncontrolled diskettes were identified.
The search for and review of drafting diskettes included those that were stored in secure locations.
Five additional diskettes l
containing Safeguarcs Information were-found that were not 3
properly marked.
However, these diskettes were stored,in l
accordance with Safeguards Information requirements and were not compromised.
Immediate action was taken such that the diskettes were either marked with the proper Safeguards Information 3
identification or destroyed.
l 8
c.
Prior to this event, plans had been made to move all on-site Safeguards Information to a central location within the Protected Area.
The details of these plans were being developed at the time of the event.
Since the event, all on-site Safeguards Information f
has been moved to storage locations within the Protected Area.
security now controls all Safeguards Information within the Protected Area except when operaLlonal circumstances require its use outside of the Protected Area.
Strict controls are placed on such use.
d.
The Superintendent, Security at the Monticello site has been made
[
responsible for the classification and declassification of l
Safeguards Information for the entire site.
A program has been instituted to reduce the amount of Safeguards Information that is j
available and stored at the site.
Documents will be reviewed and i
I declassified as appropriate.
A guidance document was-developed to aid individuals in the determination of whether information should i
be classified as Safeguards Information.
A-3 j
I
~ _ -
~&
4 Attachment A
-I Page 4 February 16, 1994 i
e.
Subsequent to the event and after determination of'the causes, all.
drafting personnel were trained on the control and handling of Safeguards Information.
l f.
In May of 1993, the drafting organization was changed such-that an.
NSP employee is now responsible for directly supervising the j
activities of the drafting group. This change, which occurred prLor to discovery of the uncontrolled diskettes, was implemented by management in recognition of the fact that closer NSP oversight of this fonction was desirable.
CorrectAve Action to be Taken to Avoid Further violation No additional corrective actions are believed to be necessary at this i
timo.
The actions described in the preceding section are considered adequate to avoid further violation.
i pate When Full Compliance Will Be Achieved Full compliance has been achieved.
I I
A-4 l
1 i
i
'*T
F-
.