ML20199C634
| ML20199C634 | |
| Person / Time | |
|---|---|
| Site: | San Onofre  |
| Issue date: | 01/23/1998 |
| From: | Howell A NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION IV) |
| To: | Ray H SOUTHERN CALIFORNIA EDISON CO. |
| References | |
| 50-361-97-24, 50-362-97-24, EA-97-585, NUDOCS 9801300060 | |
| Download: ML20199C634 (88) | |
See also: IR 05000361/1997024
Text
- - .
_.
...-
..
.-
- - - -
._ -
.- - -
-
. _ .
- .
_ ,
e
p * *' h
UNIftDSTAfts
j' , .
, \\
NUCLEAR REGUL ATORY COMMISSION
$
-
f
'
}
A LGION IV
,*
/
611 RY AN PL A2A ORIVE. $ ult ( 400
S .,
F
A A LING TON, T [ X A$ 76011 8064
llanuary 23, 1998
,
'
E A N o.: 97 585
Harold B. Ray, Executive Vice President
Southern California Edison Co.
San Onofre Nuclear Generating Statioit
P.O. Box 128
San Clemente, California 92674 0128
SUBJECT: PREDECISIONAL ENFORCEMENT CONFERENCE SUMMARY
This refers to the predecisional enforcement conference conducted in the Region IV office on
January 20,1998. This meeting was bid to discuss the apparent violatio 1s identified in NRC
Inspection Repot 50-361/97 24; 50 362/97-24. The conference was held at the request of
Region IV. This meeting contributed to a better understanding of the apparent violations. The
attendance list and the licensee's presentation are enclosed,
-
in accordance with Section 2.790 of the NRC's " Rules of Practice," Part 2, Title 10, Code of
Federal Regulations, a copy of this letter will be placed in the NRC's Public Document Room.
Should you have any questions conceming this matter, we will be pleased to discuss them with
you.
Sincerely,
I
aLA
'
,
Arthur T. How
111 Director
Division of Reactor Safety
Enclosures:
1. Attendance List
2. Licensee Presentation
Docket Nos.: 50 361; 50-362
License Nos.: NPF-10; NPF 15
cc:
Chairman, Board of Supervisors
County of San Diego
1600 Pacific Hignway, Room 335
San Diego California 92101
= 1300060 - w3
IllIllll!lllll llll
ll
ADOCK 05000361
',
G
pon
. _ _ _ _ _ _ _ _
>
4
Southern California Edison Co.
2-
l
Alan R. Watts, Esq.
Woodruff Sprodlin & Smait
1
701 S. Parker St. Suite 7000
Orange, Califomia 92868 4720
Sherwin Harris, Resource Project Manager
Public Utilities Department
City of Riverside
3900 Main Street -
Riverside, Califomia 92522
i
R. W. Krieger, Vice President
Soutnem Califomia Edison Company
San Onofre Nuclear Generating Station
P.O. Box 128
San Clemente, Califomia 92674-0128
Stephen A. Woods, Senior Health Physicist
Division of Drinking Water and
Environmental Management
Nuclear Emergency Response Program
Califomia Department of Health Services
P.O. Box 942732, M/S 396
Sacramento, Califomia 94334 7320
Mr. Gary D. Cotton, Sr. Vice President
Energy Supply
San Diego Gas & Electric Company
P. O. Box 1831
San Diego, California 92112-4150
- Mr. Steve Hsu
Radiological Health Branch
State Department of Health Services
P.O. Box 942732
Sacramento, California 94234
Mayor
City of San Clemente
100 Avenida Presidio
San Clemente, Califomia 92672
Mr. Truman Burns \\Mi. Robert Kinosian
California Public Utilities Commission
505 Van Ness, Rm. 4102
San Francisco, California 94102
mm -
_ _ . . _ .
_ . _ _ . . _ _ _ _ _ _ . _ _
. _ _ . _ . _ ._ ._.__._.. _ _.-__.___
-
,
J
- Southern Califor lia Edison Co.
3-
DISTRIBUTION:
DMB (IE45)w/ enclosures
4
Regional Administrator
SONGS Resident Inspector
DRS Director
DRS Deputy Director
-
DRP Director -
-
- DRS PSB
G. F. Sanbom, EO
J, Lieberman, OE (MS 7 H5)
OE:EAFile (MS 7 HS)
'
W. L. Brown, RC
Branch Chief (DRP/F, WCFO)
Senior Project inspector (DRP/F, WCFO)
Branch Chief (DRP/TSS)
'
M. Hammond (PAO, WCFO)
WCFO File
!
MIS System
RIV File w/ enclosures
i
B. Earnest w/ enclosures
i
i
I
1
k
-DOCUMENT NAME: G:\\ REPORTS \\SO724MS.ABE
To receive copy of document. Indicate in bor: "C" = Copy without enclosures "E"
Copy with enclosures "N" = No cocy
lRIV:PSB
_
C:DRS\\PSB
C:DRP\\F _ {/
D:DRS
BMurray N
DKirsch K
ATHowell lli -
l ABEarnest:nh[M'
Ot/AM8
01ht/98
01fd98
^
101 AI/98
'
D\\
OFFICIAL RECORD COPY
- - -
.
-
- . - . -
~ - -- - -
. - - - .
. - . -
(~ ,
$-cf
a
Southem Califomia Edison Co.
3
DISTRIBUTION:
. DMS (IE46)w/ enclosures
y
Regional Administ.'ator
SONGS Resident inspector
DRS Director
DRS Deputy Director
DRP Director
DRS PSB
G. F. Sanborn, EO -
J. Lieberman, OE (MS 7-H5)
OE:EAFile (MS 7 HS)
W. L Brown, RC
Branch Chief (DRP/F, WCFO)
Senior Project inspector (DRP/F, WCFO)
Branch Chief (DRP/TSS)
M. Hammond (PAO, WCFO)
WCFO File
MIS System
RIV File w/ enclosures
B. Earnest wh nclosures
DOCUMENT NAME: G:\\ REPORTS \\SO724MS.ABE
To receive copy of document, Indicate in box: *C" = Copy without enclosures *E" = Copy with enclosures "Ns No copy
RIV:PSB
_
C:DRS\\PS,B
C:DRP\\F
d y' D:DRS
ABEarnest:nh@
BMurrav N
DKirsch M
ATHowell til
01 DI/98
~
OVA $8
01ht/98
01(pj98
"
'
D\\
OFFICIAL RECORD COPY
3nn004
o
PREDECISIONAL ENFORCEMENT CONFERENCE ATTENDANCE
. _ _ _ _ . . _ _ _ _ . _ _ . _ . - . . ..
_
_._
LICENSEE / FACILITY
Southern California Edison Co.
San Onofre Nuclear Generating Station
DATE/ TIME
January 20,1998, at i o m.
CONFERENCE LOCATION
Region IV, Training Conference Roon
Arbngton, TX
EA NUMBER
EA 97 585
NRC REPRESENTATIVES
_
.. ..
. . . . .. . . . . . _
- . . . . . _ . - . _ . . . . _
. . . . .
. . _ . . _ . . . . _ - _ _ . _
_ - . . . . . - . . . _ _ _ _. - _
.
.
_
_
, _ _ _
_ . .. ..
.
_ _ _ _ _
..
. . .
NAME (PLEASE PRINT)
ORGANIZATION
TITLE
Su .he
Nic.
P5
lb. 12s. A/n.n.1 A ,9
f
I
v
kt0
wtll
'
b'rtcAnt.
}$.$
lh,sna
SAru m4 S.p eM >>
"
Adthe/
A. $ua kt
(h s;ed.Sen
10 59celA( d
y
v
"
8 bale kW9
c M Pi n r % e u Biw %.
v ' o ,. J , n . ,l,.
a a A
Tub
hcVw
n. . n n~ t f
v
/
06/ss/A L
doWA.fEL.
J44/AM ). $A/WA/
/
- '
,
6~ C1
& L/r
L/v
"
,
_
_ . _ - _ _ _ _ _ --_ __ ___ _ -.
._
.
. _ -
- _ _ -- _ ___ __ _ _ _ _ _
.
o
/
PREDECISIONAL ENFORCEMENT CONFERENCE ATTENDANCE
bCENSEE[ FACILITY
Southern California Edison Co
San Onofre Nuclear Generating Station
DATEmME
January 20,1998, at 1 p m
CONFERENCE LOCATION
Region IV, Training Conference Room
Arlington, TX
_
EA NUMBER
EA 97-585
&*
LICENSEE REPRESENTATIVES
_ NA_ME (PLEASE PRINT)
ORGANIZATION
TITLE
C.A. Pl u /e< T
5c E / G e<< t , D.v
Sc+vw. , Sec~ Ar Caveha v<
hE.No
9cE
Ei T">
ce %
%
k-
'
'
wa
Go. ha
sah
u
a > aa
i
l ALLACE
3CEl/Mq
W,L
AL M
.
M.J . 6PsER
sce
4tJ. 5rrs Secdw
wsw
sa
n u; ec a ,.<~ w
.
emundus
I
. . . . . _
.
-
SOUtilFRN C%1tFt,yiWIt
EDISON
'
.Aa TJn50% fMTRh4 710%! Catrpay
SOUTHERN CALIFORNIA EDISON
4
SAN ONOFRE NUCLEAR GENERATING STATION
PRE-DECISIONAL ENFORCEMENT
CONFERENCE
January 20,1998
-
L..-
. _ . _ _ _ . _ _ _ _
-
j.
bA-4
-ue-,.-
ea-
a
sau-e-
-
aed.-
A--..as
3-_.d.J.4e
a_A e aeehMbfAAt---
-J-A
w-mf=4
a
4a na-
-m-eemb
~4-
J42r.s
.- _ -
6-__Ju at
m-wu.sa.-_4A1.m4#A-
.A__A4_wd
l
e'
1
i
1
f
O
j
.h
-
O
cc
v
.
i
et
-
Aoa
!
o
!
DI)
.5
~
~
l
Oo
'
V
zD
-
L
C3
eZ a
<
a
,
5
9
pad
3
9
g
b@ 3
42
Q
!E O i
N
stu W
C3
2
00
nn
3
.
. -
.
-
-
c.
.
Summary - Safeguards Contingency Plan (SCP)
l
.
Loss of SCP - isolated personnel error.
-
Strong program for control of Safeguards Information.
-
Licensee identified, reported and aggressive enhancements
were implemented.
3
___ -
.
- - - - - -
_
A; parent Violation
"An apparent vio.ation was ic entified involving t~ 3e
failure to ac.equately protect a copy of t:1e
Safeguarc s Contingency Plan."
.
l
... With respect to the issue offailing to protect
"
safeguards information, NRC inspection Report 50-
361/95-15; 50-362/95-15 notedfive other instances of
failing to protect safeguards information, including two
lost safeguards documents. "
4
. _ _ _
-
- - - - -
..
.
Loss of SCP - Facts
.
October 27,1997, Safeguards Contingency Program (SCP)
-
discovered missing from cabinet.
Cabinet and lock met program requirements.
-
No evidence of tampering was found.
-
Immediately implemented security compensatory measures.
-
Made a 1-hour telephone report on October 27,1997.
-
.
5
_ _ _ _ _ _ - - _ _ _ _ _ _
-
-
- - - -
-
,
Loss of SCP - Response to Event
,
Conducted a site investigation.
-
Requested an independent Corporate Security
-
Investigation.
Implemented interim SI internal controls.
-
Submitted Licensee Event Report 1-97-002 on
-
November 25,1997. Revised Licensee Event Report,1-
97-002, December 19,1997, to include the results of the
Corporate Investigation.
.
6
_ _ _ _ _ _ _ _ _ _ _ _ -
.
.
.
.
.
-
.
.
Loss of SCP - Resaonse to Event (continued)
Prepared Human Performance Evaluation.
-
Conducted a site search for the SCP.
Informed the site population and solicited their assistance
-
in locating the missing SCP.
Formed a Program Enhancement Team.
-
7
-- -
.
.
.
s
Loss of SCP - Event Summary
SCP has not been found.
-
How SCP xvas lost has not been identified.
l
-
Individual who mishandled SCP has not been identified.
-
Root cause - personnel error.
-
I
I
i
8
,
I
i
.
- .
-
-
- - - - - - -
..
.
Discussion of Previous Events - IR 95-15
,
SI file destroyed.
-
(Licensee Identified June 14,1995)
SI lost in routing for review (did not arrive).
-
(Licensee Identified July 11,1995)
SI mailed in envelope with holes (swiss).
-
(Licensee Identified April 25,1995)
,
SI cabinet open for five minutes unattended.
-
(. Licensee Identified May 3,1995)
SI stored in a desk.
-
(Licensee Identified June 16, 1995)
9
. _
- - _ _ _ _ _ _ _ - _ -
- - - - - - - - - - -
,_
Correc~ive Actions ;Resulting from NRC
Inspection Report 95-15
Counseled responsible individuals and retrained.
-
Vice President met tvith Managers and Supervisors.
-
Reduced number of SI authorized personnel and SI storage
-
locations.
10
_ _ _ _ _ _ _ _ _ _ _ _ _ - _ -
i
..
.
Corrective Actions Resulting from NRC
Inspection Reaort 95-15 (continued)
.
Established SI Helpline bulletin board.
Distributed memorandum on expectations and disciplinary
policy.
Formed an SCE inspection team to conduct unannounced
-
surveillances.
.
I1
- -
.
-
.
,
. . . . . . . .
..
.
. . .
_ _ _ _ _ - _ _ _ - _ .
._
Program Improvements (Post 95-15)
1
September 1995
Initiated SI industry benchmarking.
-
November 1995
Began unannounced surveillances.
-
January 1996
Additional program enhancements.
-
Distributed desktop aide to all site
personnel.
March 1996
Presented industry benchmarking results
-
to Western Nuclear Security Association.
12
._ _
-
- - - - - -
~l
.
l
Program Imarovements (Post 95-15) (continued)
June 1996
Completed SI Program actions and
-
program enhancements.
January 1998
Additional SI Program enhancements.
-
l
13
.
___
_____ __
___ _ _.
.
.
..
.
..
. _
.
.
.
- - - - -
,
SCE Safeguards Information Program
1
SCE's Safeguards Information (SI) Program consists of:
- Procedures
- Training
- Program audits
- Routine surveillances
.
14
- - - - - - - - - -
--
- - - - -
_
_
_
SI Program Enhancements in Response to SCP
Event
Requires SI cabinet inventories.
l
-
l
Requires use of a check out log.
-
Restricts SI access to single point of control.
-
SCP and PSP distribution control transferred from
-
Security to CDM.
Use colored binders.
-
SI Program exceeds regulatory requirements (equivalent
of DOD " SECRET").
.
15
o
_
-
.
.
.
SI Program Enhancements in Response to SCP
Event (continued)
_
Further reduced:
- Storage locations,
1
- Storage cabinets, and
- Number of personnel with SI access.
.
16
-
-
- -
-
-
__
--
_
_
_
f
Actions to Mitigate Risk of Mishandling SI
Reduction of SI Storage Cabinets / Locations
'94
'95
'96
'97
Year End Values
y
-
-
- - -
-
-
-
_
,
F
.,
,
.
Summary
._
=
SCE program substantially exceeds regulatory
-
requirements.
1
Loss of SCP ivas an anomaly.
-
.
SCE response tvas aggressive and comprehensive.
-
Program enhancements have been implemented.
-
Previous corrective actions and program enhancements
-
noted would not have prevented the loss of the SCP.
18
___ ______________
_
,
- - - - -
.
~
Application of tLie Enforcement Policy
.
Factors
Individual (unknown) personnel error.
Prompt response and aggressive corrective action.
!
-
Licensee identified and reported.
-
Non-willful, self-identified, and no previous escalated
-
enforcement in past 5 years.
IR 95-15 events were unrelated and corrective actions
-
would not prevent SCP event.
19
_ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _
_ _ -
,
- - - -
Application 0:n:he Enforcement Policy (continued)
Loss of SCP and 95-15 Events
Event (date)
Org.
Cause
Comments
Files destroyed (7/11/95)
CDM
Purged files
Not SI
Left in Inbox (7/14/95)
NEDO
No self-check
Not delivered
,
Swiss Envelope (4/25/95)
LIC
Personnel error
Improperly wrapped
Cabinet unattended (5/3/95)
COMP
Inattention to detail
Under observation
Left in Desk (6/14/95)
Personnel error
Not SI
j
_
SCP (10/27/97)
SEC
Unknown
Program accountability
enhancements
20
. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ .
.
_.
!
..
.
Arlication of the Enforcement Po.. icy (cor,tinued)
Violation 95-15-02 (Failure to Protect SI) - Closure
.NRC inspection report 96-12 dated October 25,1996,
-
provided for closure of NOV 95-15-02 (failure to protect
SI) noted:
- SCE had significantly improved the protection of SI,
acknowledged the reduced number of SI documents and storage
locations, enhanced SI training for individuals with access, and
concluded these measures had significantly reduced the possibility
,
of mishandling SI.
" Missed opportunities is normally not applied where the
licensee appropriately reviewed the opportunityfor
application to its activities and reasonable action was
[taken]... "
[NRC Enforcement Policy,Section VI.B.2.b[2](v)]
21
_-____ _ _
_ - _ .
I
..
.
Aaplication of the Enforcement Po icy (continued)
The Enforcement Policy allows discretion to encourage
-
licensees to maintain a safety-conscious work environment
with a low threshold for self-identification.
-
"The NRC may exercise discretion cnd refi ainfi om issuing a civil
'
penalty and/or Notice of Violation, ifthe outcome ofthe normal
process described in Section V1.B does not residt in a sanction
consistent with an appropriate regulatory message. "
yRC
i
Enforcement Policy,Section VII.B]
-
" Consistent with that pmpose, enforcement action should be used
to... encourage the prompt identification andprompt,
comprehensive correction ofviolations. "
[NRC Enforcement
Policy, Section 1]
22
-
-
-
(
--
.
-
.
Aaplication of the Enforcement Policy (continued)
_
Escalated enforcement (Severity Level III) is usually
-
inappropriate for cases which meet all following criteria: (1) an
isolated personnel error; (2) aggressive corrective action; (3) no
programmatic breakdown nor loss of safety function; and (4) not
willful.
>
l
" Supplements I through VIIIprovide examples and serve as
guidance in determining the appropriate severity levelfor
violations in each of the eight activity areas. However, the
examples are neither exhaustive nor controlling . . . The NRC
reviews each case on its own merits to ensure that the severity of
a violation is characterized at the level best suited to the
significance oftheparticular violation. In some cases, special
circmnstances may warrant an adjustment to the severity level
categorization ". (emphasis added)
[NRC Enforcement Policy,
Cection IV;
23
l
-
-
. _ _ _ _ _ _ _ _ _ _ _ _ _
-
MLM
.
~
.
l
Aaplication of ~ he Enforcement Policy (continued)
T ae NRC s aoulc exercise ciscretion and
categorize t ne loss as a Severity Level IV
(Supp ement III.D.: 0) violation, as a pruc ent anc.
measurec regu.atory response to this event.
_
24
-
-
...
t
4
i
E15Is5s
A o T.D!$0 V t.\\ T!ttN 4 Tro st!. Osmpacy
e
i
l
Discussion of Other Events
l
__
--
_
_
Summary - Ot1:er Even':s
.
Guard Wire 645 engineering error.
-
l
Unlocked weapons cabinet personnel error.
-
Adequacy of compensatory measures (during computer
-
outages).
Reporting of(1) inadequate compensatory measures and
-
(2) unlocked weapons locker.
.
"
26
_ _ _ _ - _ _ _ _ _ _ - _ _ _ _
-
-
- - - - - - - -
,
,
.'
SOUTitFRN CALIFOf.%34
EDISON
- An f.Dl50% l.\\TT&V4TIONAL Cort:my
Guard Wire (GW-645) Back-up Power
Supply
,
.
_ _ _ _ _ _ _
_____
- - - - - - - - - - -
..
,
Aaparent Vio ation
.
"An apparent violation was identified involving the failure to
provide battery back-up power supply to a portion of the
+
detection aids system."
'
... For each of the apparent violations involving the
"
failure to provide a backup power supply... more than one
instance occurred."
28
_____
-
- - - - -
-
..
~
Ju y 31,1997 Event Description - Loss of
Power :o IDS
On July 31,1997, at about 1900 PDT, IDS segment GW-
-
645 annunciated a power failure alarm.
GW-645 not part of perimeter IDS (see diagram).
-
Subsequent investigation, completed on August 2,1997,
-
revealed the required back-up power supply had not been
installed. License Condition 2.G Report was made on
August 2,1997.
29
l
- - - - - - -
_______-_ __ _ _ _
_
_
4
.
Y
i
N
- <
'
'
STAGING
VHSE.
-
.
,
,<
c
><
e ><
0
SSPF
l
tn
-
TD
g
U2/3 SERVICE
BLOG.
+-
.-
e
ceDC
- _ - - - -
- - - - -
..
.
Cause
,
Due to an error by the Design Engineer, contrary to
-
engineering procedure SO123-XXIV-10.21, " Field Interim
Design Change Notice (FIDCN) and Field Change Notice
(FCN)," the FCN had the back-up battery details included
l
as Construction Notes which were not included in the FCN
l
issued to the field for construction in June 1996.
I
Due to an error by the Engineering Supervisor, contrary to
-
engineering procedure SO123-XXIV-1.1, " Document
Review and Approval Control," design verification for this
i
FCN was performed by the same engineer involved in the
initial design process.
-
.
31
_ _ _ _ _ _
~
- - - -
-
..
.
.
Compensatory Measures & Corrective Actions
GW-645 was properly pcsted within 10 minutes of power
-
failure.
Design work initiated August 1997. Parts received
-
October 24,1997; installation completed October 29,
l
1997.
Prior to completion, another power failure occurred on
-
September 5. GW-645 was properly posted within 10
minutes of power failure.
.
32
___
EMOm
..
~
Compensatory Measures & Corrective Actions
(continued)
Previous ivork performed by the responsible design
-
i
engineer was checked and discipanary action taken
(Supervisor has left SCE).
'
No other instances ofimproper or incomplete FCNs noted.
i
-
1
Engineering management & supervision were briefed on
-
the event.
1
4
33
l
l
l
_.
-
- - _ _
__
Aaplica: ion of tae Enforcement Policy
Factors
Licensee identified and reported.
l
No previous enforcement action for the FCN design
-
process within last 2 years. The power outage on
September 5 was not a second event.
~
Prompt and aggressive corrective action taken.
-
Isolated individual errors by the design engineer and
-
supervision.
Minimal safety significance since posted within 10
-
minutes.
34
l
. _ _ _ - _ _ _ -
-
--
-
.
.
.
A niication of t1e Enforcement Policy (continued)
"The NRC. . . may refi ainfi om issuing a Notice of
Violationfor a Severity LevelIV violation. . . Described
herein as a Non-Cited Violation (NCV) provided the
1
.
violation meets all thefollowing criteria. . .
,
1
- (a) identified by the licensee, inchiding identific.ation through an
event:
- (b) was not a violation that cordd reasonably be expected to have
been prevented by the licensee 's corrective action... within last 2
years. ..
\\
- (c) it was or will be corrected within a reasonable time...
- (d) it was not a willful violation... "
- NRC Enforcement Policy, Sectioli VII.B:
-
35
l
_
_ _ - -
-
-
_
An ication o'tle Enforcement ?o icy (continued)
~
..
_
The NRC shou c. categorize t 1e engineering
.
aersona errors w 1ic a lec to not insta ing t_le GW-
'
6L5 Jac eup 3attery as a Non-Cited violation
-
(NCV).
.
e
, .
36
_ _ _ _ _ _ _
__
.
- --
_
.
+
E"5Is5K
.-
.ta fJ)i50% tATTRX4 TsOV.it. Corp,=uy
I
Storage of Security Weapons on
July 30 and November 7,1997
.
_ _ _ _ _ _ _ _ _ _ - _ _ - - _ - _ -
- - -
--
__
A narent Violation
5
"An apparent violation was identified involving t:ae
failure to ac equate y secure ( .ock) safeguards
contingency weapons containers."
...for each of the apparent violations involving the ...
"
.
failure to secure contingency weapons... more than one
,
instance occurred."
38
. , , .
,
_ - _ - _ - - -
__
Event 1 - July 30,
997 FMlure to Loc c
~ Weapons Locker
_
On July 30,1997, an SCE Security Officer performing a
routine check or the security weapons lockers found a
locker unlocked.
The Security Shift Commander responded to the weapons
-
locker and accounted lfor all weapons and ammunition
within 10 minutes of discovery.
l
l
39
_ _ _ _ _ _ _ _ _ _ _
-
,
_
_
__
Event 1 - July 30,1997 Failure to Loc <
Weapons Locker - Cause & Corrective Actions
In the absence of a trend in weapons container lock
-
problems in the past three years, the event was considered
an isolated personnel error (attention to detail).
Within 10 minutes of discovery, it was confirmed that no
-
weapons or ammunition were missing.
Security Event Log was made.
Disciplinary action for the individual and briefings for the
-
guard force were performed.
40
- -
.
~
.
i
Event 2 - Novem aer 7,1997 Failure to Lock
,
~
Weapons Locker
On November 7,1997, an SCE Security Officer
performing a routine check of the security weapons
lockers found a locker, outside the PA in a locked security
guardhouse, with its lock unlocked.
The weapons locker was inventoried and all weapons and
-
ammunition accounted for within 10 minutes of discovery.
.
41
_____
---
-
.
Even : 2 - November 7,1997 Failure to Loci
Weaaons Locker - Cause & Corrective Actions
.
,
The second event was the result of personnel error (attention to
-
detail).
,
Within 10 minutes of discovery SCE confirmed no weapons or
-
ammundion unaccounted.
.
Security Event Log entry was made.
~
-
Disciplinary action was taken for thc responsible individual.
-
Because this was the second instance of personnel error:
-
- Use " captured key" style locks.
- Installed security tamper-seals on lockers.
- Reduced the frequency oflock manipulations.
42
_ _ _ _ _ _ _ _ _ _ _
- _-_ _
_-
__
.
Application of the Enforcement Policy
.
Factors
Licensee identified and reported in SEL.
-
No previous enforcement action for the security weapons
-
lockers within last 2 years.
Prompt and aggressive coriective action taken when
-
-
" trend" first determined upon second event..
Isolated individual errors.
-
Minimal safety significance since accountability within 10
-
'
minutes of discovery.
43
. _ _ _ _ _ _ _ _ .
- -
.
.
- ---- ----
- - - --
.
.
.
A~nlication of the Enforcement Po. icy (continued)
"The NRC. . . may refiainfiom issuing a Notice of
,
Violationfor a Severity LevelIV violation. . . Described
herein as a Non-Cited Violation (NCV)provided.he
violation meets all thefollowing criteria. . .
'
- (a) identified by the licensee, including identification through an
event:
- (b) was not a violation that could reasonably be expected to have
been prevented by the licensee 's corrective action... within last 2
years...
.
- (c) it was or will be corrected within a reasonable time...
- (d) it was not a willfid violation... "
[NRC Enforcement Policy,Section VII.B.~
44
.
.
. . . .
. . .
_ _ _ _ . _ _ _ _ . _ _ _ _ _ _ . _ _ . . _ _ _
,
A niication of the Enforcement Policy (continued)
,
1
Tae NRC shoulc categorize the security personal
.
errors w.aic a caused the failure to
oci t ae security
weapons locxer as a Non-Cited violation (NCV).
1
4
45
_ _ _ _ _ - _ _ _ _
___
_
_-
-
- - - - -
- - - - -
D
J
E15is5W
, . - - , , - , ~ , .
. .
.
Implementation of Connensatory
Measures During Dual Computer
F
Failures on May 20, July 29, and
Octoaer 30,1997
,
- - - - - - - -
Apparent Vio. ation
"An apparent violation was ic entified involving
inadequate compensatory measures during three
failures of t ae security computer system."
...for each of the apparent violations involving the ...
"
failure to implement proper compensatory measures...
more than one instance occurred."
47
I
1
- --
-
--
_
-- -- -- -----
Event Description
On May 20, July 29 and October 30,1997, SCE
experienced loss of both primary and back-up security
computers. SCE instituted compensatory measures in
accordance with SCP scenario M-4D.
Folloiv-up interviews with SCE security supervision
-
confirmed the use of 13 officers for these three events
(seven additional officers in hardened posts \\ vere not
'
credited).
48
. __ __________ _ _
s
s
Comaensatory Measures & the SCP -
Facts
In response to Generic Letter 89-07,"Poiver Reactor
-
Safeauards Contingency Planning for Surface Vehicle
Bombs," SCE mac e changes to the SCP to incorporate
specific compensatory measures scenarios.
One SCP scenario added in October 27,1989, is M-4D,
-
actions to be taken on loss of a security computer system:
- M-4D actions include instructions to initiate patrol routes; and
- M-4D patrol routes were inspected and accepted by die NRC in
Inspector Follow-up Item (IFI) 90-SO-03; closed out in Inspection
Report 91-05, dated March 12,1991.
- Patrol routes involve the use of sufTicient of6cers to <
,ure proper
ostin
compensatory measures. Patrol versus p(June'g svas first
acknowledg,ed by the NRC in IR 88-12
6,1988).
49
-
-
,
,
.
NRC Inspection of Compensatory Measures
Inspection 97-24, three different security personnel
demonstrated three different patrol routes for a simulated
computer outages:
- one officer procerly demonstrated his M-4D patrol route.
- A second of3cer was confused and was unable to demonstrate
knowledge of some of the alarm points on his M-4D route.
- A third officer was asked to demonstrate a two-person M-4D route.
He did not check Vital Area door locks, since he had been asked
only to show the patrol route, and did not complete the route
within 10 minutes because it was a two-person route.
50
!
-
-
-
-
-- - -
---
..
NRC Inspection of Compensatory Measures
(continued)
"The inspector confirmed that there were sufficient security
ofpcers on shift to adequately compensatefor afailed computer
system.
"In smnmary, the inspector determined that the licensee did not
employ adequate compensatory measures that ensured that the
l
physical security plan requirement ofproviding an equivalent
level ofintrusion detection protection was met. Further, through
demonstrations and record review, the inspector determined that
\\
the licensee did not provide an aaequate specific procedurefor
the employment ofcompensatory measures to ensure the
requirements of10 CFR 73.55(g)(1) were met. "
51
i
.
..
..
NRC Inspection of Compensatory Measures
(continued)
.
SCE concludes the demonstrations were not a sufficient
basis upon which to make a regulatory conclusion on the
adequacy of M-4D compensatory measures, or upon which
to base enforcement action.
]
52
.
_____
--
- - - - - - - - - - - - - - -
,
Regulatory Analysis
-
10 CFR 73.55(g)(1) states:
-
- The licensee shall develop and employ compensatory measures
including equipment, additional security personnel andspecific
j
procedures to assure that the effectiveness ofthe security system is
'
not reduced byfailure... "
SCP M-4D and the adequacy of compensatory measures
-
have been the subject ofinspections since 1988 - 1989 in
NRC inspection reports IR 88-12 and IR 91-05 (i.e.,
previously accepted NRC staff position). Benchmarking
of other sites confirms other licensees have a similar
compensatory measure approach.
53
_ _ _ _ _ _ _ _ _ _ _ _ _
. .. . _.
.
.
_
_
-
.
Regulatory Analysis (continued)
'
,
'l
SCE, as n. ted in IR 97-24, is not committed to NUREG-
-
1045.
Measures taken were adequate.
-
No violation of regulatory requirements occurred.
-
i
l
54
-
-
__
_
- - - - - - - - - - - - - -
--
-
--
,
Enforcement Action is Inaapropriate
SCE conc udes no violation of regulatory
requirements occurrec. anc enforcement action
wou c be inappropriate.
.
55
. - _ _ _ _ _ _ _ _ _
-
a
'bA-nre-,,
mNA
-,
k-w-,hr-A
AuAes-a,4-m
>
-- -
e
e4
+
a
aAa .
.nl--
A
h
e+-k
--M-b
- 4,4 4 M ut&
- sa
G. we-
6--
A
s-
A.hu-,
s
-
,
4
[
}
1
4
1
-@
+1
i
No>N
b
. -
NDOo
Z
%
O
60
.c
-
.
o%
o
iZ i
jQ R
sw a
1- ?
E O i.
=>
c
$0
b:
l
j .'
.-
--- -
. . - . .
.
-
-
. .. , .
. .-
.-. .
- _
.
__
s
Apparent Violation - Reaorting Connuter
Outage
,
"An apparent vio ation was ic entified involving t ae
~
fai ure to correctly report sa eguarc s events."
... Additionally, the apparent violation involving a failure
"
-
to report security events involved multiple examples, and
NRC Inspection Report 50-361/95-15; 50-362/95-15 noted
that numerous items had not been documented in the
safeguards event log." : note: refers to computer outages]
.
- -
-
-
. .
- - - - - - -
-
,
,
Repor:ing - Compensatory Measures
(Computer Outage)
Procedure SO123-IV-11.2
-
- RG 5.62 guidance in 1987.
- RG 5.62 guidance amended by GL 91-03.
- As written, procedure body requires a 1-hour report.
1
- As written, procedure is internally inconsistent.
- " Events listed below are loggable assuming they are properly compensated;
if not properly compensated, they require a 1-hour report."
58
_ _
_ _
. _ _ _ _ _ _
___ _ _
_
.
NUCLEAR ORGAN!ZATION
SECURITY PROCEDURE S0123-IV-11.2
UNITS 1, 2 AND 3
REVISION 4
PAGE 210F 44
ATTACHMENT 4
e
24-Hour Safeauards Event too [SEL) Rebortabilitv Criterig
All 24-hour reporting is based on the criteria of 10 CFR 73 Appendix G as
modified by NRC Generic Letter 91-03 and Reference 2.1.9.
Yhesecriterlaare
contained in Section A below. Section 8 contains a list of specific events that
generally require an SEL entry. (This list is not all inclusive.)
A. General
10 CFR 73, Appendix G requires the following events to be recorded within 24
hours:
1.
Any comoensated failure, degradation, or discovered vuinerability in a
safeguards system which, if uncompensated may have allowed
unauthorizedorundetectedaccesstothefrotectedAreaoraVital
Area.
(See typical Flowchart #2, Attachment 7)
l
or committeri a ! which either reduces or has
I
Any threatened, attemnted,feguard system effectiveness below a level
2.
.
the potential to rertuce sa
l
committed to in the Physical Security Plan,(See typical Flowchart #1,
Safeguards Contingency
Plsn, or Training and Qualification Plan.
Attachment 7)
l
Any component that is identified in the Physical Security / failed.
3.
Plan or
Safeguards Contingency Pian that is placed out of service
This
also encompasses any component or piece of equipment in either Plan
whose status or condition results in compensatcry or corrective act'on.
B. Soecific Events
NOTE:
Events listed below are loggable assuming they are properly compenst.ted;
if not properly com
not all inclusive. pensated, they require a 1-hour report. This list is
1.
loss of all A.C. oower sucolv to security systems. or loss of all
comouter systems orovided adeauate comoensatory measures are maintained
util systems are restored.
The only acceptable compensatory action
for ioss of all power is the immediate availability of a backup power
supply (e.g. uninterruptible power supply). Although compensatory
personnel are to be posted within 10 minutes, this event is still
reported within one hour if the potential for unauthorized or
undetected access existed et any time. A computer failure would not
require reporting if it is negated by an automatic switchover to a
functioning backup computer without 'a time delay.
The unavailability
of a backup computer is a
1-huur reportable- es ent.
(Seetypical
flowchart #6, Attachment 7)
l
2.
Partial security comouter failures.
Proper compensation is achieved
when, within 10 minutes of failure, the system 1s restored to
operability.
For example:
backup systems are operational; or,
watchmen or security officers. as appropriate, equipped with the
ability to conmunicate with the alarm stations, are posted as required.
In all cases all areas in which alarms or access controls may have
-
-
been compromised as a result of system failure shall be searched, but
f-
the search need not be completed within 10 minutes to take credit for
proper compensation. If the VA portal's alarm and lock are operable, no
compensatory measures are required.
(See typical Flowchart #14,
Attachment 7)
l
ATTACHMENT 4
PAGE 1 0F 5
1s
V
'*
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ - _ _ _ _ _ -
/.
.
.
for a design flaw or vulnerability in a safeguards barner that
immediately and completed as soon as practica ble.
has e:Isted for some period of tirne and that could allow
<
unauthorized or undetected access are not considered
Licensees are expected to disecter this type of event upon
.
occurtence.
effective if implemented more than 10 minutes after the
, . . .;
Daw or vulnerabihty occurs; such events requlte immediate
3. Properly compensated alarm failures. (Parapaph
'
reporting. Prompt implementation will minimize ariy period
!!(a) of Appendix G) For this event, proper cornpensation
,
t
'
of derradation that may exist between the occunence and
proper compensation after discovery of certain events.
means deployment of back up ahrm equipment (a bolt.
Proper compensation after discovery of an event does not
position alarm capabdity is not considered back.up ajarm
relieve the licenses from the responsibility for taking
equipment because it is not tamper. resistant) or posting a
long. term corrective action, nor does it telieve the Ucensee
dedicated observer within 10 minutes of discovery.8 The
dedicated observer should have appropriate commuruca-
from pouible enforcement action ty the NRC for ne t-
tions equfpment and should be able to observe the entire
_
compliance during the ptnods of safeguards system
affected area of the portal. In addidon, a thorough search
degradation. However, licensees are not ordinarily cited for
of the aficcta tres should be inidated irnmediately and
violations resulting from matters not within their control,
completed :
..n
as practicable. Licensees are expected to
such as equipment fe!!ures that eccuned despite reasonable
dhcover this type of event upon occurrence. (Also see
licensee quality asserance measures, testing and mainte.
number 21 in Seedon 2.2.)
nance programs, or management contreds. (See 10 CFR Part 2, Appendh C, puapaph V.A.)
4. Pavperly compenssted closed circuit television
failure in a single tone while the intrusion detecdon system
Fahe alarms (those generated vithout any appa4ent
remains operational. (Parapaph !!(a) of Appendix G)
cause) and nuisance alarms (those generated by an identi-
Properly compensated means providing other assessm:nt
fled input that does not represent a safeguards threat)
capability, such as posting a dedicated observer with
generally need not be reported or logged. However,1f false
communications equipment to assess the entire tone
or nuisance alarms are so frequent that the effectiveness of
within 10 minutes of discovery of the failtre.3 Licensees
the alarm system h depaded or a pattern of fahe or nui-
sance alarms emerges, the licenses should take conective
are expected to discover this type of event upon occurrence.
aedon and note the degraded status and compensatory
$. Properly compensated failure or degradation of a
measures taken in the safeguards event leg.
single perimeter lighting tone if the intrusion detection
2.4
Examples of Safeguards Events To Be Reponed
system remains operat!cnal.(Paragraph !!(a) of Appen.
dh G) hicasures to properly compensate for failure or
and Submitted Quarterly in a Log
degredadun of a lighting tone must be implemented within [f
.
The following are examples of events that are less
10 minutes of discovery and rnay include (1) using standby
'f
l
power, (2) using low light-kn el surveillance devices,
g
significant than those reportable within I hour, and accord.
ing to the rule are required to be logged within 24 houn
(3) using portable light'ng systems, or (4) posting dedicated
and submitted quarterly to the NRC. This list should ne' be
observers with appropriate commurdcations equipmert to
provide an equivalent level of protection.
considtred all-inclusive. The applicable reguladon h cited
for each event, and compensatory measures ut discussed
' 6. Properly m.npensated ace: dental remeval offsite
where appropriate.
or loss of badgs by employee. (Paragraph II(a) of Appen-
1. Properly compensated security computer failures,
dh G) For this event, proper compensation is cancelling
the badge from the access control system within 10 minutes
(Puapaph !!(a) of Appendh G) Properly compensat:J
of onsite personnel discovering that the badge is missint.
means that within 10 minutes of the discovery of the
hicasures must be taken to be sure the badge has not been
failure the system is restored to operation, the backup
used in an unauthorized manner while it has been mitting.
system is operational, or other resources (e.g., secudty
(Also see number 16 in Section 2.1.)
penonnel with appropriate communica' ions equipment)
are posted to provide an equ4 valent level of protection. In
all cases, a thorough search of a!! areas where alarms or
access controls may have been compromised by the failure
7. Properly compensated loss of 'he ac power supply
should be initiated immediately and completed as soon as
for the entire intrusion detecdon system that, if uncom-
pensated, would allow unauthorized or undetected access.
practicable Licensees are espected to discover this type
of event upon occurrence.
(Parapaph II(a) of Appendix G) Proper compensation for
this event is immedi.tely available emergency power
2. Properly compensated vital area card reader failures,
through an uninterruptible power source such as a battery
(Parcuaph Il(a) of Appendh G) For this event, proper
supperted by a generator. If back.up power is not availaole,
compensation means posting approprice personnel (Le..
security personnel with communicatior.: equipment should
armed guard if door is unlocked, dedicated observer if door
be posted within 10 minutes of discovery; however, this
remains locked but access is required) within 10 minutes of
action is not considered proper compensation for the event
The appropriate personnel must have a current
and does not excuse a licensee from reporting the event
discovery 8
, , _
g ["7[' f
access list and communications capabdity to alarm stations.
w thin I hour. Licensees arc aspected to discover this type
"
A thorough search,of the affected area must be initicted
of event upon occurrence. Wo see numoer 20 in Section
f
I
e.
2,2,)
5.62 6
l
l
l
m
v
,
_ _ _ _ . _ _ _ _ _ _
- ] ' #
t%: 11 'i1 138:1
8.1
,
- .
'
?
.
t
.
IXAMPLES OF SAFEGUARDS EVEliTS RAT 00 NOT N. ELD
_,
,
TO BE REPORTED TO THE NRC WITHits 1 HOUR OF DISCOVERY
..
The following are 'exemples of events that can be logged if they are properly
...
NUREG-1304) or by the relaxed guidance in this generic letter. compensated i
Specific
factors that could change reportability are addressed with the applicable
excmple.)
!
A design flew or vulnerability in a prutected area (PA), controlled
access area (CAA), material access area (MAA), er vital area (VA)
safeguards barrier.
A f ailed compensatory measure such as inattentive or sleeping security
personnel, or equipment that f ails af ter being successfully establithed
as an effective compensatory measure for a degraded security system.
If
security personnel are ineffective because-of alcohol or drugs, the
security degradation can be legged under 10 CFR 73.71, and the positive
results of the for-cause test included in the data submitted to the HRC
linder 10 CFR 25.71(d).
'
Discevery of contraband inside the PA that is not a significant threat.
,
For example, such a condition could be the discovery of a few bullets,
if contraband is found in a vehicle located in a
PA, normally no report or log entry is required. parking lot outside the
If it constitutes 4
- hreat or attempted threat, a report is required within I hour as currently
stated in RG 5.62 and NUREG-1304
I
'
Compromise (including loss or theft) of safeguards information that could
not significantly assist an individual in gaining unauthorized or
undetected access to a facility, or would not significantly assist an
individual in an act of radiological sabotage or thef t of SNM.
Loss of all ac power supply to security systems, or loss of all computer
systems proviced adequate compensatory measures can be maintained until
j
systems are restored. -Further, if a power loss or computer failure could
not enable unauthert:ed or undetected access, no report or log entry is
r
.
required. For_ example
a computer failure would not require reporting
if it is negated by an, automatic switchover to a functioning backup
computer without a time delay.
Also, momentary less of lighting caused
by a power interruption would not require reporting if the loss could no.t
have allowed undetected or unauthorized access.
)-
'
Enclosure 1 To Generic Letter 91- 03
<
.
.
.
.
.
.
.
. , _ . _ .
- _ _ _ _ . . . . _ _ _ . . _ _ . _ _ _ _ _ _ _
- _ . _ _ . _ . _ .
_ . _
NUCLEAR ORGANIZATION
SECURITY PROCEDURE S0123-IV-11.2
UNITS 1, 2 AND 3
REVISION 4
PAGE 36 0F 44
!
ATTACHMENT 7
TYPICAL EVENT REPORTABILITY DETERMINATION FLOWCHARTS
'
FLOWCHART #6
'
Uncompensated PGrtial Loss of AC Power to Security System
.
Loss Discovered
?
'
Com)ensatory Measures Initiated
Yes
Log Event
Complete
Wit 11n 10 Minutes of Occurrence?
24-Hour Log
SE(123)112-3
Clock Starts
.
1-Hour Report
'
- No
Clock Starts
Make 1-Hour Report
Completa SE(123)112-2
.
4
u
00000PGL.WPD
ATTACHMENT 7
PAGE 6 0F 14
,
-.
.
. , . . . _ , _ . . _ . . . . _ . _
..
_ _ . _ , _ . .
. . . - . .
- _ _ _ _ _ _ . . - _ ,
._ _ ,.-.. . .
_-
--
,
..
Reaorting - Compensatory Measures (Computer
Outage) (continued)
SCE concluded only an SEL was required as long as
-
adequate compensatory measures were taken.
,1
10CFR73, Appendix G, Section I.(c), states in part:
l
-
- [1 hour report]
"Anyfailure, degradation, or the discovered
vulnerability in a safeguards system that could allow unantliorized or
undetected access to a protected area, material access area,
controlled access area, vital area, or transportfor which
compensatorv measures have not been employed. " (emphasis added)
As previously discussed, for the three computer failures,
-
SCE took adequate compensatory actions which resulted in
logging of the events versus making a 1-hour call.
63
_ _ _ _
__
..
..
.
.
.
--
_ _ _ _ _ _ _ . _ _ . _ _ _ _ . . _ _ _ _ _ _ _ _ _ . .
Reporting - Compensatory Measures (Com auter
Outage)
-
,
Enforcement Policy Section IV.D states:
-
A licensee will not normally be citedfor afailure to report a
"
condition or event unless the licensee was actually aware ofthe
,
'
condition or event that itfailed to report. "
s
64
,
____________
_
-
,
,
Reaorting - Compensatory Measures (Connuter
Outage) - Conclusion
.
k
SCE concluc es that enforcement action for not
,
reporting a c ual computer outage is inappropriate.
I
1
,
t
1
i
65
i
!
i
- -
-
- -
- -
- .
.
-
- - -
-
,
..
.
Reporting Unloc<ed Security Weapons Locker
I
... Although not identified as an example of the apparent
"
violation involving a failure to report, we request that you
specifically address your views regarding the reportability
I
'
of unlocked safeguards contingency weapons. containers."
4
l
66
l
. _ _ _
_ _ _ _ _ _ .
..
..
..
..
.
.
..
.
-
- - - -
,
,
Reporting Criteria - E nlocked Locker
SCE Security Procedure SO123-IV-11.2, " Reporting
Safeguards Events."
- " Loss or Unattended Weapon in the Protected Area. Any weapon
.
l
which becomes lost or out of the control or physical custody of
security personnel for any length of time. The 10 minute rule is not
applicable."
- The examples apply to a firearm inadvertently left, or far enough
~
apart from physical touch that it is "out of the control or physical
custody."
67
'
.______
s
=.
,
Reporting Criteria - Unlockec Loc <er (continued)
Existing Regulatory Guide 5.62, dated November 1987,
-
states:
-
"[l hour report] Loss ofsecurity weapon at the site. " (emphasis
added)
[ Position 24]
Federal Register published on 1/5/98 regarding issuance
and availability of a proposed revision 2 to Regulatory
Guide 5.62, " Reporting ofSafeguards Events" states:
.
-
"[1 hour report] Loss ofa security weapon onsite that is not
retrieved within one hour ofthe discoverv ofits loss. " (emphasis
added)
[ Position 19]
68
-
-
- - - - - - - - - - - -
_
.
Reporting Criteria - E nloc<ed . Locker (continued)
l
Benchmarking demonstrates differing interpretations of
-
security reportability issues within the Region.
,
Draft proposed revision 2 to Regulatory Guide 5.62,
" Reporting of Safeguards Events" is the appropriate
regulatory mechanism to effect changes.
.
69
i
'
_ _______ _-.
...
_
,
..
,
,,
I
Reaorting Criteria - L nlocked Locker - Conclusion
SCE concludes tLaat enforcement action for not
reporting an unlocxec security weapons .oc cer is
inappropriate.
70
_ _ _ _ _ _ _ -
_ - - -
--
,
.,
?revious Reporting XCV From IR 95-15
_
Failure to make Security Event Log entries.
I
1
I
'
- Events kept in the adjacent Reportability Disposition Sheet Book.
- Cause was inadequate understanding of existing NRC guidance.
- SO123-IV-11.2 was revised within 30 days ofIR 95-15 issuance.
- IR 95-15 events occurred over 7.4 months ago.
- IR 97-24 events involve 1-hour reports.
l
71
l
. _ _ _ _ _ - _ _ _ _ _ _ _ _ - _ _ _ _ _
- . - - - , . , - - , _ . ,
--,--..--,-,---_n._
_ , _ _
W
Mo>
,
i
4
l
O
-
M
w
O
%C
=
E
E
3z i
z
RO 3
c4
sm 5
?~?
$O 3
suJg
.
a
$
1
_-_
_
- -
- - - - -
,
.,
Summary - Other Events
1
.
i
Guard Wire 645 engineering error - Licensee identified &
-
corrected NCV.
.
Unlocked weapons cabinet personnel error - Licensee
-
identified & corrected NCV.
Adequacy of compensatory measures (during computer
-
outages) - enforcement action inappropriate.
Reporting of(1) inadequate compensatory measures and
-
(2) unlocked sveapons locker - enforcement action
inappropriate.
73
._
_ _____
1
--w- _
L
,
,
Summary - Other Events (continued)
.
.
.
__
Unrelated systems and processes.
-
Different underlying root causes.
-
Mimmal safety significance.
-
Self-identified, logged / reported, and corrected.
-
1
Not indicative of a programmatic breakdown.
-
74
_ _ _ _ _ _ _ _ _ _ _
--
-
..
__ -
_ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ - _ _ _ _ _ _ _ _ _ _ - - _ _ _ _ _ _ _
__
.
t
I
l
I
l
1
.b
-
puuuut
. pusi
ce
.-
M
l
M
M
w
@
w
@%
E
Cr)
h
w
.mb
-W
b
i
5Z i
@
l
!O I
Z
acn ?
I-
S
?$C i
s u) H,
w
+
'
,
)
-
-
,
-
.,
.
l
S::a:us of Security Computer Relia 3i ity Project
Purchased UNITY software from E!cctronic Systems USA.
-
Prior to installation, various softsvare changes were made by SCE to
-
meet Security requirements.
Upgrade software from vendor installed in January 1996.
-
,
Various site specific software changes svere made:
-
-
Substance Abuse Program Administration (SAPA) notification.
- Automated visitor badge usage.
- Automated inactivation ofNon-SCE personnel whose non-badge
usage exceeds 30 days.
l
76
,
_ _ _ _ _ _ _ _ _ _ _ - - - -
~
_ _ _ _ _ . - . - - - - - - - - - - - - - ~
-
-
S :a::us of Securi:y Computer Reliability Project
(continued)
>
.
- History to screen and printer to display seconds.
)
-
Message broadcasting of points placed in/out of ACCESS mode.
- " Hide" card status in Card Command dialog box (for SAPA
notifications).
- Last update status not changed when card flagged for SAPA
notification.
- Minor database changes to implement FCNs.
SCE is aggressively pursuing resolution to the recent computer
-
failures.
.
- Possible software problems (Vendor is assisting with this process in
parallel).
-
Possible hardware problems.
77
l
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
_
.-
_ - - - - _
,,
NRC Security Inspections
'
Inspection Report
Date
Inspector
95-05
3/24/95
Schaefer
-
E> 95-15
7/21/95
Earnest
95-25
11/9/95
Eamest
-
96-01
1/12/96
Earnest
-
96-07
6/28/96
Earnest / Dexter
-
96-12
9/13/96
Earnest
-
97-04
2/28/97
Earnest
-
97-07
4/11/97
Earnest
-
97-14
6/13/97
Earnest
-
9
97-24
12/5/97
Earnest
78
.
-.
_ _ _ .
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _