ML20151M258
| ML20151M258 | |
| Person / Time | |
|---|---|
| Site: | Peach Bottom  |
| Issue date: | 07/27/1988 |
| From: | Danni Smith PECO ENERGY CO., (FORMERLY PHILADELPHIA ELECTRIC |
| To: | Russell W NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I) |
| Shared Package | |
| ML20151M261 | List: |
| References | |
| NUDOCS 8808050071 | |
| Download: ML20151M258 (4) | |
Text
_ _ _ _ _ _ _ _ _ _
t 4
- % PillLADELPIIIA ELECI'RIC C051PANY e YMrq PEACll BO'! TOM ATUMIC POWER SlATION
' R. D.1, llox 208 i O fa_ YM Delu, Penns31 nnia 17314 i re u n norTow-Tm rum i a or a u a tte w e pl?) 4 W701(
D. M. Smith Yke President July 27, 1988 Docket Nos. 50-277 50-278 Mr. William T. Russell, Administrator Region I Office of Inspection and Enforcement U.S. Nuclear Regulatory Commission Attention: Document Control Deck Washington, DC 20555
Subject:
Peach Bottom Atomic Power Station Security
Dear Mr. Russell:
A meeting was held with your staff on June 9, 1988 to discuss concerns identified in the Nuclear Quality Assurance Audit Report AP88-48 PL and our Claime and Security Division investigation. We submitted a response to the issues discussed. This meeting was followed by a letter on June 13, 1988 discussing actions on those issues. That submission was amended as a result of a conference call on June 14 , 1988. During that conference call it was agreed that a root cause assessment of the problems with Peach Bottom Security would be performed and submitted.
Attached is a copy of the Security Problem Root Cause Assessment, dated July 15, 1988, and our action plan to address the root causes identified in the assessment. There are no significant changes in the action plan from what we presented to your staff on July 20, 1988. Each action has a responsible individual assigned to the cask and a target completion date has been specified as appropriate. We are confident that the steps we are taking are properly focused to successfully resolve the root causes of the security problems.
Sincerely, DMS/DRM:aus Attachments cc: Addressee W. F. Kane, Director, Division of Reactor Projects, USNRC, Region I T. P. Johnson, USNRC Senior Resident Inspector, PBAPS T. E. Magette, Dept. of Natural Resources, State of Maryland-w/o attachments Or ed$
Add:d ul W A W ' I 8808050071 880727 M84 !
ADOCK0500p{,7 i PDR F '
PEACH BOTTOM ATOMIC POWER STATION The following action plan was developed to address the findings of the Security Problem Root Cause Assecsment, dated July 15, 1988, which was performed by the Independent Safety Engineering Division of Nuclear Quality Assurance.
Clarify, by August 12, 1988, the scope of the Nuclear Security Program. The statement of scope will be approved by senior nuclear management and distributed to personnel involved in developing, executing, monitoring or auditing the site nuclear security function.
D. R. Meyers, Support Manager, Peach Bottom, is responsible for this task.
Clarify the responsibilities and authorities of key organizations involved in the nuclear security function, establish single point accountability and issue approved interface agreements by September 30, 1988. R. J. Weindorfer, Director Nuclear Plant Security, is responsible for this task.
Review and revise as necessary, by September 30, 1988, position descriptions for:
Nuclear Security Specialist Chief Nuclear Security Coordinator Shift Security Assistant These revisions are to assure conformance with program scope and to assure appropriate emphasis on supervisory responsibilities. D. R.
Meyers, Support Manager, Peach Bottom is responsible for this task.
Hold meetings, by October 14, 1988, with key personnel from each involved corporate group to review the nuclear security program scope, organization responsibilities, position descriptions, and interface agreements. D. R. Meyers, Support Manager, Peach Bottom.
is responsible for this task.
J
.g g
-2
]
Develop, by September 30, 1988, two sets of performance assessment standards to be used by Nuclear Quality Assurance for program auditing and evaluation; one set of standards against which site security programs will be audited for compliance and a second set, against which the effectiveness of the programs will be assessed. These standards will be apprcved by senior Nuclear Grep management. R. J. Weindorfer, Director % clear Plant Security, %
responsible for this task.
Hold all hands meetings quarterly with security force personnel, their supervision, and PECo management to search for ways to resolve issues of mutual concern and to stress the need for good working relationships with other group 3. The first session is to be held in August, 1988, with a second ses. ion in November. O. R. Meyers, Support Manager, Peach Bottom is cesponsible for this task.
Assure that security force personnel are included in site wide team building activities. This will be ongoing as opportunities arise. W. R. Bowers, Nuclear Security Specialist, Peach Bon om, is responsible for this activity.
Beginning in August, the Nuclear Security Specialist will speak to each group of new security force member trainees to welcome them and to provide an overview of the program, to address performar.ce expectations, and to stress the need for teamwork. W. R. Bowers, Nuclear Security Specialist, Peach Bottom, is responsible for this task.
Expand, by September 1, 1988, the training received by Shift Security Assistants at Peach Bottom Atomic Power Station to be similar to the program at Limerick. F. J. Larkin, Nuclear Security Specialist, Limerick, is responsible for this task.
Extend, by September 1, 1988, initial watchman training to include much of the material covered in the Limerick program. W. R.
Bowers, Nuclear Security Specialist, Peach Bottom, is responsible to assure that the security contractor has this implemented by the target date.
3-Provide upgraded "on-the-job" training to security force members starting September 1, 1988. W. R. Bowers, Nuclear Security Specialist, Peach Bottom. is responsible to assure that the security contractor meets this target date.
Include, by September 30, 1988, a more ccmprehensive module in GET training which addresses the role of the security force in nuclear plant operations. E. A. Till, Superintendent-Training, Peach Bottom, is responsible for this task.
_ , , . - - - - , - , - - - - a , e- --- , - - -
~ ma
1 s
- Peach Bottom Atomic Power Station
- Security Problem Root Cause Assessment July 15, 1988 Philadelphia Electric Company 2301 Market St.
Philadelphia, PA 19101 Prepared by:
Independent Safety Engineering Division Nuclear Quality Assurance 8808050232 880727 PDR ADOCK 05000277 P PDC
'. 1 Table of Contents Section. Title Page Executive Summary i Table of Contents 1 1 Introduction 2 2 Background 2 3 Approach 2 4 Causative Factors 3 A. Culture and Attitudinal Influences 4 B. Roles, Responsibilities, and Accountabilities 4 C. Management Policy and Implementation 6
- 0. Contractor Personnel Issues 9 5 Conclusions 9 Appendices A Team Member Capsule Resumes A-1 8 Personnel Interviewed B-1 C An Extract from the Previous Root Cause Assessment Report Dated June 17, 1987 C-1
2-
- 1. INTRODUCTION Philadelphia Electric Company (PECo) is licensed by the U.S. Nuclear Regulatory Commission (NRC) to operate two nuclear power reactors (Units 2 and 3) at the Peach Bottom Atomic Power Station (Peach Bottom) located near Delta, Pennsylvania. On June 9, 1988, PECo briefed the NRC on the results of the Nuclear Quality Assurance (HQA) April 1988 audit of the Peach Bottom security functions. In a letter to the NRC dated June 17, 1988, PECo committed to performing a root cause analysis of the security problems at Peach Bottom since 1984.
On June 20, 1988, PECo assembled a team, composed of members from PECo and Management Analysis Company (MAC) with management and nuclear security experience, and under the leadership of the Manager, Independent Safety Engineering Division (ISED), NQA. Brief resumes of team members are provided in Appendix A. The teem was tasked with conducting a root cause assessment addressing the security and management functions as they related to Peach Bottom, focusing on the period 1984 to the present. This report documents the results and conclusions of that assessment.
- 2. BACKGROUND The Peach Bottom ple.nt started operation during a period of minimal security requirements. Rulemaking and the issuance of regulatory requirements (10CFR73.55) in the late 1970s required PECo to develop a physical security plan, obtain NRC approval, retrofit security facilities and equipment, expand and upgrade the guard force, and implement new processes and procedures at the plant. The physical changes were completed within the required implementation period.
In February 1984, Peach Bottom received a SALP rating of 1 in security from the NRC. In May 1985, the NRC assigned a SALP rating of 3 based on PECo's performance during the intervening period. The SALP rating of 3 was again assessed in January 1986. In May 1987, the NRC assigned a SALP rating of 2.
In May 1988, the results of a PECo internal Claims / Security Division investigation and an NQA audit of the security function focused management's attention on problems in the execution of the security program. PECo management decided to conduct a root cause assessment of those problems.
- 3. APPROACH The assessment team's information gathering process included document reviews, interviews, and observations. The documents and correspondence reviewed, nominally for the period 1984 to the present, included the following:
. Peach Bottom Security Plans Physical Security Plan (PSP)
Training and Qualification Plan (T&QP)
Safeguards Contingency Plan (SCP)
. NRC corresponder.ce (inspection reports, enforcement letters, SALP ,
reports) and PECo responses j
. HQA audit reports and responses
. Claims / Security Division audit reports
)
. Claims / Security Division investigation report, dated April 15, 1988 !
. Resumes of guard force contractor supervision
. Internal PECo report "Proposal for a Nuclear Security Section," dated November 14, 1986, by R. Weindorfer.
. PECo/ Burns security force "contract' (specifications, purchase order, and amendments)
Interviews were conducted with persons knowledgeable of the past and present operations of the security functions at Peach Bottom. Those interviews included both PECo corporate and Peach Bottom site personnel, as well as guard force contractor, Burns International Security Services, Inc.
(Burns), personnel. Personnel interviewed are listed in Appendix 8.
Observations were made of current Peach Bottom security activities both at the corporate office and at the site.
The information obtained during the document reviews, interviews, and observations was analyzed by team members to assess its implications, particularly with regard to recurring problems and signs of commonality of cause or effect. In an iterative process, the significant information was sorted into categories of similar problem areas. The information in each of the general areas was then analyzed. Based upon the team's collective experience and judgment, the causative factors affecting the security program were identified and are presented in Section 4. Again in an iterative process, the causative factors were then evaluated to identify root causes. The team's conclusions are documented in Section 5.
- 4. CAUSATIVE FACTORS As indicated in the preceeding section, the information gathered was grouped into related categories for analysis. The four general categories, each of which is discussed below are:
. Culture and Attitudinal Influences
. Management Policy and Implementation
. Roles, Responsibilities, and Accountabilities
. Personnel Issues Within each of these general categories, specific causative factors are identified.
1 A. Culture and Attitudinal Influences Prior to the March 1987 shutdown, the security function operated 1 within essentially the same organizational culture / environment as that found and reported in the "Problem Root Cause Assessment of Peach Bottom Shutdown" dated June 17, 1987. An extraction of a portion of the June 17, 1987 report is provided in Appendix C to provide a basis for understanding the impact of the organizational culture / environment on the specific problematic findings in the security area.
This extraction must be read with the understanding that it describes the culture and environment that existed at PECo at the time of or prior to the March 1987 shutdown.
Management changes made at Corporate c.nd at Peach Bottom have had a significant impact on behaviors, attitudi, and culture in the intervening time period. While management changes in the security area occurred much later than in other groups, the implementation of a cultural change / team building action plan is expected to produce similar results in the near future.
B. Roles, Responsibilities, and Accountabili'.ies Within PECo there are two differently held perspectives of the definition and scope encompassed by the nuclear security program.
Some believe it is limited to the people, processes, and equipment required by 10CFR73.55. Others believe it also includes all or portions of related activities or programs such as fitness for duty; plant access authorization; interdiction of alr.ohol, drugs, and other contraband; and asset protection.
Responsibility for security program policy, management, implementation, support, and oversight has been divided in the past and is currently split among at least the following organizations.
Claims / Security Division, Legal Department Nuclear Quality Assurance Nucl 3r Review Board Nuclear Engineering Department Nuclear Services Department
. Licensing Section
. Nuclear Plant Security Section
. Information Resource Management Peach Bottom
. Plant Organization
- Plant Operations Review Committee
- Operations
- Maintenance
. Project Organization
. Support Organization
- Site Security
- Contractor Security Force
There has been no single point accountability for management of the I security program to ensure that all aspects of the program are accomplished. In the absence of specifically delineated roles and responsibilities, there have been gaps, overlaps, and a lack of accountability. The areas in which these issues exist include policy changes, program goals, security plan amendments, tracking and ensuring resolution of identified deficiencies, and hardware modifications. Administrative controls did not ensure appropriate review, approval, and control of security plan changes, and security-related hardware maintenance and modifications.
There is no on-site individual with "system engineer" responsibilities for installed physical security hardware and systems as there are for other plant systems. As a result, maintenance and modifications affecting security systems have been performed without appropriate determination of the impact of the work.
Information distribution and feedback regarding security program activities have been inhibited by safeguards information handling requirements, and the sensitivity of information. A review of documents designated as safeguards information indicates an overly broad application of this designation to non-safeguards information.
The lack of agreed upon lines of responsibility, coupled with the unique safeguards and sensitive information handling requirements, and the lack of appropriate storage facilities for such information within some of the various involved organizations, have resulted in inconsistent feedback on audit / inspection findings, and on occasion, in multiple layers of management being unaware of identified problem areas and resolution status.
There is confusion as to the specific roles of various organizations.
Some view the Claims / Security Division as having an overall policy-making role and conversely others view it as having only an oversight and advisory role. Similarly differing views are held regarding the role of corporate Nuclear Plant Security Section.
The authority and responsibility of specific individuals is also subject to different understandings. Some believe the Shift Security Assistant, Chief Security Coordinator, and Nuclear Security Specialist have line management / supervisory responsibility for directing the activities of the guard force, while others insist they have only oversight responsibility. The Shift Manager's role in security is not clearly understood by guard force contractor personnel, or by PECo site and corporate Nuclear Security personnel.
There are multiple understandings of the role of the on-site Claims / Security Division investigator.
Responsibility for managing the security force contract and the activities of the contracted security force is not clear. Further, the contract is unclear as to which responsibilities are delegated to the contractor and which are retained by PECo. Prior PECo management has stated that it hired nuclear security experts and relied on the contractor to provide the expertise tc ensure that the requirements of 10CFR73.55 and the Peach Bottom security plans were met. The existing purchase specification makes reference to those documents.
However, 10CFR73.55 specifically requires that PECo, not the contractor, be responsible for the security program; management statedsthat for several years after issuance of the Peach Bottom Physical Security Plan the contractor was not provided a copy; and PECo personnel prepare and maintain the procedures that the contract guard force is expected to follow. Inconsistencies in understanding and implementing a clear management position have led to inconsistencies in contract management and unclear responsibilities allowing some PECo managers to state that they believed that they were not responsible for identified problems.
Failure to establish clearly who is responsible for managing the contract and the contractor has resulted in multiple sources of direction to the security contractor and confusion on the part of contractor personnel as to who in PECo has the authority to direct guard force operational activities. In some cases, directions from one PECo employee / group have been countermanded by another PECo employee / group.
To avoid "co-employer" status (a previously litigated labor relations matter), PECo management has stated that PECo employees must not direct the activities of contractor employees and has assigned position titles that do not reflect supervisory authority (specialist, coordinator, assistant). The terms oversight and overview are consistently used in describing the interface between the PECo site security organization and the contractor. This policy has contributed to misunderstandings of PECo's responsibility to manage the guard force and has limited the "oversight" role to one of quality control rather than proactive management direction.
C. Management Policy and Implementation PECo managers responsible for the nuclear security program in the past acknowledged that there was a policy of committing to and doing only the minimum that was necessary to achieve compliance with physical security requirements. In their opinion, to do more was viewed as unnecessary from either a security or regulatory standpoint and, therefore, economically undesirable. They indicated that decisions and actions related to the physical security program at Peach Bottom, including the evaluation of identified problems and determination of corrective actions, had been limited to achieving the minimum compliance goal. Historically, the individuals responsible for interpreting physical security requirements tended to meet the "letter of the law" rather than the intent, and to manage the physical security program reactively rather than proactively. ,
They also expressed concern that NQA was auditing to requirements that did not exist. J i
To illustrate the "letter of the law" approach, four security force members were task tested in the use and handling of required security equipment as part of an NQA audit and all failed. Even though the l individuals were requalified before being returned to security i duties, both a PECo and a contractor supervisor expressed the belief that the individuals had not been "unqualified." They based this belief on the fact that the individuals had previously qualified with the equipment and that the task testing was not part of a "required"
l
. . l l
l I
annual requalification. Their position implied to the team that "qualified" meant having a piece of paper in the file that documented qualification, and that an individual's qualification was unaffected by a demonstrated inability to perform the task in the interval between required requalifications.
For many years, many of the personnel with key roles in the implementation of the Peach Bottom physical security program (from )
the time 10CFR73.55 became effective) were the same individuals who were instrumental in the installation of the security hardware and systems, establishment of the guard force, and writing of the security procedures. These individuals were directly responsible for developing the Peach Bottom physical security plans and finalizing the content of the plans with the NRC. Further, the individuals constituted for a time, PECo's total nuclear physical security expertise. This is no longer the case. Many of the individuals responsible for establishing the Peach Bottom physical security program have been reassigned as a result of the reorganization since the shutdown of Peach Bottom. Responsibility for managing security at Peach Bottom rests with the Support Manager who reports to the site vice president.
Some of these same individuals were responsible for evaluating and responding to potential or actual deficiencies and determining what, if any, corrective ' action was necessary. Being the authors and having obtained NRC approval of the security plans, there was no question in the minds of these individuals as to what was intended by the plans. Accordingly, their responses to identified problems and corrective action recommendations from internal and external oversight groups, often based on a different measure of program performance, were often argumentative and defensive. When corrective action was taken, it appears to have addressed only the specific example cited in the finding rather than fixing the underlying problem. This approach does not reflect an understanding of "rising levels of expectation" of what constitutes an acceptable security program. This "rising level" is exemplified by the following description of the Limerick security program, contained in the SALP dated July 7, 1988:
. . . in excellent performance and implementation of a security program that is oriented toward meeting the NRC's nuclear plant security objectives rather than merely regulatory compliance."
Correcting security problems has been afforded a low priority in comparison to nuclear safety and power production problems as evidenced by the resources applied to and the timeliness of corrective actions, in contrast, oversight personnel expressed concern that security requirements were not being met, that the line and staff organizations were argumentative and defensive and not correcting problems. The ideological differences concern the scope of the program and the performance standards against which the acceptability or adequacy of the program is to be measured.
The assessment team reviewed and compared the NRC inspection and SALP reports with the NQA audit reports.
NRC inspection reports and SALP reports from May 1985 to just before the HQA audit of security in April 1988 identified only three violations of NRC requirements. There were, however, repeated references to lack of management attention, lack of aggressive management, and lack of managemerot oversight of the contractor.
The 1986 SALP report indicated that, while the SALP rating was 3, I there had been increased management attention and, the report acknowledged an improving trend. Between this and the next SALP report there were no violations identified and the SALP rating for security for the most recent period was a 2. The most recent report i acknowledged several improvements and PECo's desire to implement a high quality program with a well qualified and professional force.
The report did address the NRC's concern with the failure of PECo to exercise appropriate oversight of the security contractor.
Subsequent to that SALP report there have been three violations, all severity level 4, and another reference to concern about the performance and lack of management oversight of the security contractor.
l For the same period, the NQA audit reports collectively contained eight findings and thirty-three recommendations. While all eight findings represented conditions which should be addressed, only two findir.gs (one finding in each report (classified as Significant Noncompliance Reports, SNCRs)) represent actual noncompliance with the security plans. The others can be classified as follows:
. One involved a hardware operational weakness identified by the auditors and appropriate compensatory measures were implemented in accordance with the plan.
l . One was written against HUREG 1045, two were written against elements of the Peach Bottom Quality Assurance Plan and one was written against 10CFR50, Appendix 8, Criteria II, even though there is no commitment that the security program meet the cited references.
! . One identified that drawings referenced in the security plan l should be available for use in emergencies, even though it was
[ not a specific plan requirement.
l l The repetitive manner in which findings are presented in the audit l reports gives the appearance that there are more problems than there really are.
The numerous recommendations contained in the audit reports are directed at improving effectiveness and efficiency in the security program. However, acceptanc.e and implementation is not required from a compliance standpoint.
0 4 The 1988 audit report contains a conclusion that the overall effectiveness of the security program did not yield the level of protection against radiological sabotage as delineated in 10CFR73.55(a). The problems identified in the audit report led the auditor and his technical consultants and the auditor's management to reach that conclusion. The assessment team does not share that j judgement based on the information presented in the audit report. it should be recognized that substantial judgement is required to be exercized in making such determinations and that differing conclusions can be reached by competent technical experts reviewing the same facts.
The various problems with the audit reports have resulted in reported and observed organizational and interpersonal conflict and defensiveness and argumentativeness for those responsible for security program management.
D. Contractor Personnel Issues The failure rate during recent task testing of Security Force Members (SFMs) shows a need to assess the training program. The current training program is impacted by high personnel turnover rates, minimal space allotments, increasing curriculum requirements, and an "attendance based" versus "performance based" training structure.
The contract specifies that the contractor provide a training program in accordance with the Training and Qualification Plan (T&QP).
However, the T&QP provides only minimal guidance for the content of the training program and PECo's overview or review of Burns lesson plans appears to be minimal.
The co-employer issue discussed earlier, contractor status, and general feeling that security requirements get in the way of "doing the job" have prevented the integration of the guard force into the site workforce team. Different treatment, real or perceived, of PECo employees and contractor personnel has created a feeling of being "second class citizens" among the guard force members.
- 5. CONCLUSIONS l A review of the Peach Bottom compliance history from 1984 to present reveals no programmatic breakdowns of compliance with 10CFR73.55. It does, however, show continuing NRC discussion and comment about lack of l management performance, action, aggressiveness, and control.
Based upon information obtained during this assessment and the analysis made, the team has identified three root causes as the major contributors to the management concerns as expressed by the NRC. They are:
J o Divergent understandings of the scope of and responsibilities for various elements of the Peach Bottom Security Program as well as the fragmentation of those responsibilities.
o Inter /intraorganization philosophical differences with respect to the standards against which acceptability of the security program is measured (minimum /"letter of the law" standards vs. agreement on what constitutes an appropriate level of performance).
, o =
o A "hands-off" philosophy toward the security contractor and ineffective PECo management of the security contract.
These root causes, which when viewed individually may have had minimal i.apact, have a combined and interrelational effect. Together they have impacted the productivity and effectiveness of management of the Peach Bottom security program. The traditional PECo culture, as noted from the previous rsot cause report, has nurtured and sustained the acceptance of these conditions.
As a result of the 1987 shutdown, there have been significant changes in behaviors, attitudes, management structure, and approaches to management throughout the Peach Bottom and PECo nuclear organizations. Recent changes have been made to the organizational structure and personnel assignments in the security program and cultural change / team building action plans have been developed. In addition, renegotiation of the guard security force contract is underway. It is the team's assessment, however, that further management attention will be required to address the three root causes identified in this assessment as they relate to the security function.
The focus of the analysis team was the Peach Bottom Security Program, however some elements addressed were corporate in nature. Attention to the resolution of these root cause areas corporately would be expected to further enhance the Limerick security program.
l l
I 1
Appendix A ASSESSMENT TEAM CAPSULE RESUMES J. Theodore Robb, Manager, Independent Safety Engineering Division, Team Leader, has 21 years of experience with PECo. Assigned as an engineer in the Mechanical Engineering Division for eight years, he spent two years in the Engineering and Research Department Quality Assurance organization with responsibilities for Limerick activities. Mr. Robb served for five years in Corporate Analysis and subsidiary organizations and for five years was responsible for the Engineering and Research Department nuclear licensing activities. He was appointed to his current position in November 1987.
Carl E. Alderson, Management Analysis Company, Team Member, has over 29 years of experience in instrumentation and control systems, simulation systems, and in engineering, operations, testing, training, security, and regulatory activities related to military and commercial nuclear power plants and research reactors.
During nine years with the NRC in Region II, he held various positions including Chief, Physical Security Section, and Director, Investigations and Enforcement.
He has extensive experience in the investigation and assessment of conditions and events at reactor sites and in the development and evaluation of management systems and administrative controls.
Roger J. Robinson, Management Analysis Company, Team Member, has over 25 years of experience in a broad range of technical, engineering, and business disciplines, including four years with the Defanse Atomic Support Agency. His expertise and accomplishments are in consulting and management audits, security, design and field engineering, nuclear power operations, project construction, and in the human factors and cultural aspects of these activities. He has participated in more than 25 management diagnostics and has also inspected security, emergency response, and intrusion threat capabilities of nuclear facilities. He has provided support to federal agencies for VIP protection, physical security operations and instruction in security control and administration.
Howard E. Rossner, Management Analysis Company, Team Member, has 35 years of experience in the application and theory of physical security and technical security, including service as Chief of Protective Security at the 00E Oak Ridge Operations Office. His accomplishments have included developing, inspecting, and directing ongoing programs for the protection of nuclear plants involving physical, personnel, and technical security. He has extensive knowledge of the principles, theories, methodologies, and techniques of physical protection, cargo security, guard protection, and deployment and contingency planning, including assessing human factors. He was responsible for design, implementation, and review of security programs during his 40 year career with the Department of Energy and predecessor agencies. He has assessed, audited, and developed improvement programs for existing nuclear security organizations.
- Al -
Appendix B PERSONNEL INTERVIEWED PECo E. G. Alwood, PBAPS HPES Coordinator, NQA M. Bruecks, Shift Security Assistant, PBAPS G. A. Bird, Auditor, NQA M. J. Cooney, Assistant to the VP, Nuclear Engineering C. J. Cuthbert, Auditor, NQA R. S. Fleischmann, Assistant to the Manager, Engineering Division, Nuclear Engineering J. F. Franz, Plant Manager, PBAPS D. R. Helwig, General Manager, NQA B. Kirkpatrick, Auditor, NQA J. D. McGoldrick, Manager, Claims / Security Division, Legal R. H. Moore, Assistant General Manager, NQA D. R. Meyers, Support Manager, PBAPS J. C. Oddo, Nuclear Security Specialist, PBAPS J. C. Spinelli, Engineer, Engineering Division, Nuclear Engineering R. S. Sweeney, Investigator, Claims / Security Division, Legal S. Q. Tharpe, Chief Security Coordinator, PBAPS
- 0. B. Warfel, Shift Manager, PBAPS R. J. Weindorfer, Director, Nuclear Plant Security Section, Nuclear Services Burns S. Claiborne, Security Force Member G. Miller, Site Manager S. Spencer, Lieutenant E. Stegman, Security Force Member J. Wilson, Sergeant s e Appendix C AN EXTRACT FROM THE ROOT CAUSE ASSESSMENT REPORT DATED JUNE 17, 1987 (1)
Overview and History Organizational culture / environment is not an easily describable element, but it is a very powerful determinant of employee actions and management / employee relationships. It is the unique blend of values, beliefs, attitudes, norms, i practices, myths, history, self image, etc., that becomes "the way things are ;
done at PECo." It creates meaning and reference points for organization l members. It is also most differentiates an organization from other organizations.
PECo has developed a closely knit, almost completely homegrown, technically oriented culture. The vast majority of its members are hired at entry levels, and the company makes a strong commitment to employment security. Generally, only engineers progress op the management chain and in the nuclear areas, there appears to be greater emphasis placed on technical management than on people management skills. Management succession practices and long-term management I assignments in the same or successive positions result in a self-perpetuating f management system.
l The positive effects of this culture include:
. Loyal and dedicated employees
. Management and employees who are very knowledgeable about PECo history and the company's way of doing business
. An informal network that does at times work very effectively and efficiently because personal work histories and relationships encourage accessibility among PECo management and personnel
. Pride in company history and performance
. Comparatively low employee turnover The negative effects of the PECo culture, as they have been identified with l
respect to Peach Bottom operations, include:
I
. A lack of new managerial perspectives from outside the PECo ar.d l additionally at Peach Bottom, a lack of new perspectives from inside the company
. Limited number of management role models to expand PECo's management effectiveness, especially in Nuclear Operations
- C1 -
. Minical infusion of professionals with nuclear industry experience into the technical and managerial ranks, resulting in a limited exposure to the critical differences between the established Peach Bottom way of doing business and the constantly evolving requirements of the nuclear business
. A tendency on the part of Nuclear Operations personnel to rest on laurels of past technical accomplishments and competencies and to resist change
. Management which focuses on technical problem solving without suffie.ient attention or skill applied to organizational and people cont ns
. A lack of performance motivation on the part of some employees and an erosion of management control over disciplinary actions because of the widespread perception in Nuclear Operations that no one is ever effectively disciplined or fired at Peach Bottom
. Employees with very long memories about past management practices and personnel concerns who find it difficult to focus on "the way things are now" rather than "the way things were then" There is a powerful Peach Bottom sub-culture in Nuclear Operations. It has its roots in the operation of Unit 1 under early regulatory conditions that were less prescriptive than today's requirements. Judged by the standards of the time, the early years of Units 2 and 3 operation were regarded as models of professional nuclear operational performance.
(1) From pages 3 through 5 of Problem Root Cause Assessment of the Peach Bottom Shutdown dated June 17, 1987
- C2 -