ML24107B092
| ML24107B092 | |
| Person / Time | |
|---|---|
| Issue date: | 07/09/2024 |
| From: | Niry Simonian NRC/NSIR/DSO/SOSB |
| To: | |
| References | |
| CN 24-020 | |
| Download: ML24107B092 (1) | |
Text
Issue Date: 07/09/24 1
71130.09 NRC INSPECTION MANUAL NSIR/DSO INSPECTION PROCEDURE 71130.09 SECURITY PLAN CHANGES Effective Date: 07/09/2024 PROGRAM APPLICABILITY: IMC 2201 A 71130.09-01 INSPECTION OBJECTIVES 01.01 To verify that changes to the licensees physical security plan, training and qualification plan, and safeguards contingency plan have not decreased the safeguards effectiveness, as required by Title 10 of the Code of Federal Regulations (10 CFR) 50.54(p)(2).
01.02 To verify and assess the licensees implementation of the change process, in accordance with 10 CFR 50.54(p)(2).
71130.09-02 INSPECTION REQUIREMENTS General Guidance.
Each applicant for an operating license or combined license, subject to the provisions of 10 CFR 73.55, and in accordance with 10 CFR 50.34(c) and (d) and 10 CFR 52.79(a)(35) and (36), must submit for NRC approval a physical security plan, training and qualification plan, safeguards contingency plan, and cyber security plan, as a part of their licensing basis. These four plans describe the licensee's physical protection program that is implemented to prevent the design basis threat (DBT) of radiological sabotage, in accordance with Commission requirements. These four plans are collectively referred to as the licensees security plan.
The NRCs inspection of 10 CFR 50.54(p)(2) security plan changes verify that the licensees changes did not decrease the safeguards effectiveness of its security plan. (Note: Inspection of cyber security plan related 10 CFR 50.54(p)(2) changes are conducted under Inspection Procedure (IP) 71130.10, Cybersecurity.) These inspections ensure that the licensees security plan change mechanism threshold (i.e., safeguards effectiveness) has been maintained and that the changes implemented did not require prior Commission approval (as contrasted with license amendment requests, in accordance with the provisions of 10 CFR 50.90). Because 10 CFR 50.54(p)(2) changes would not decrease the safeguards effectiveness of the licensees security plan, the NRC expects the changes to have a minimal impact on the agencys reasonable assurance of adequate protection determination.
A licensee can change an element of its security plan, if an evaluation is performed by the licensee to demonstrate that its plan change continues to ensure the licensees capability for detection, assessment, interdiction, and neutralization is maintained to adequately protect against the DBT of radiological sabotage. This change can be submitted as a 10 CFR 50.54(p)(2) change, if in addition to the above, the change meets all regulations and considers site-specific conditions (e.g., site characteristics, location, size, etc.). If a plan change
Issue Date: 07/09/24 2
71130.09 can meet these criteria, it is not considered a decrease in safeguards effectiveness. If the change cannot meet these criteria, it must be submitted as a license amendment request under 10 CFR 50.90 and receive NRC approval prior to implementation.
The licensees evaluation regarding whether the change constitutes a decrease in safeguards effectiveness is used by the NRC to determine whether the licensee has the authority to implement the change without prior NRC approval, under 10 CFR 50.54(p)(2), or whether the licensee must receive NRC approval prior to implementation under 10 CFR 50.90. Licensee submittals that require prior NRC approval, such as license amendments required under 10 CFR 50.90, are not subject to this inspection procedure and will be reviewed and approved by the Office of Nuclear Security and Incident Response (NSIR).
NRCs inspection of 10 CFR 50.54(p)(2) security plan changes should verify that modifications to physical protection programs did not result in: (1) a noncompliance or violation of established regulatory requirements; (2) an adverse impact to the licensees capability for detection, assessment, interdiction, or neutralization to adequately protect against the DBT of radiological sabotage; or (3) a site-specific vulnerability.
As an example, a licensee has 15 armed responders, which exceeds the minimum number of required armed responders of ten, as prescribed in 10 CFR 73.55(k)(5)(ii). The licensee submits a 10 CFR 50.54(p)(2) change to reduce its numbers to ten. Since the regulatory requirements are considered the baseline for the change threshold, the licensee could use 10 CFR 50.54(p)(2) to reduce its responder numbers if the licensees site-specific evaluation determines that the requirements of 10 CFR 73.55 are met and the change results in no adverse impact to the licensees capability to detect, assess, interdict, or neutralize.
NRC staff performing the inspection of the changes should be knowledgeable of previous changes to the security plan that have occurred over time, to ensure that a deterioration of the established licensing basis (e.g., multiple security plan changes that accumulatively impact the licensing basis) does not occur. A change would not maintain safeguards effectiveness if a licensee made a change in such a manner that the capabilities to detect, assess, interdict, or neutralize were reduced or eliminated without compensating changes, such that the licensee would no longer be able to ensure the effectiveness of the physical protection program.
To prepare for this inspection activity, inspector(s) should review previous security plan revisions in effect at the time of the last baseline inspection to gain a better understanding of the nature of the change(s). In addition, inspector(s) should review all 10 CFR 50.54(p)(2) NSIR Screening Reviews that have been completed since the last baseline inspection.
If the inspector(s) anticipate the inspection of all security plan changes would likely exceed the 8-hour resource allocation, the inspector(s) should contact NSIR for support.
This procedure can be conducted in office, on site, or a combination of both.
02.01 Review Security Plan Changes For this portion of the inspection, the inspector(s) should review the licensees documented security plan. The inspector(s) should also review all security plan changes that have been submitted to the NRC since the last baseline inspection.
Issue Date: 07/09/24 3
- a. Verify the licensee submits reports associated with security plan change(s) under 10 CFR 50.54(p)(2) to the NRC within two months after the change is made.
Specific Guidance.
Inspector(s) should review each report submitted to the NRC that documents change(s) associated with the licensees implementation of its physical protection program.
Inspector(s) should verify that the submittal was provided to the NRC within the required two-month timeframe.
- b. Verify the licensee submits reports associated with security plan change(s) under 10 CFR 50.54(p)(2) to the NRCs Document Control Desk, with a copy to the appropriate Regional Office. (10 CFR 50.4(b)(4) and 10 CFR 52.3(b)(4))
Specific Guidance.
Ensure all security plan reports were correctly submitted to the NRCs Document Control Desk (i.e., NRC Headquarters), with a copy to the appropriate Regional Office.
Inspector(s) should confirm that the licensee submitted a copy of its security plan changes by comparing the one provided to them to the most recent version in the Safeguards LAN and Electronic Safe (SLES). 10 CFR 50.4 and 10 CFR 52.3, Written communications, specify the general requirements for submission of all correspondence, reports, applications, and other written communications from an applicant or licensee to the NRC. 10 CFR 50.4(b)(4) and 10 CFR 52.3(b)(4), Security plan and related submissions, specifically states, Written communications, as defined in paragraphs (b)(4)(i) through (iv) of this section, must be submitted to the NRCs Document Control Desk, with a copy to the appropriate Regional Office. If the communication is on paper, the submission to the Document Control Desk must be the signed original. Changes to security plans made without prior Commission approval under 10 CFR 50.54(p)(2) are included in these requirements.
- c. Verify each security plan report submitted to ensure changes made do not decrease the safeguards effectiveness of the licensees security plan.
Specific Guidance.
Inspector(s) should request supporting documentation or evaluations that demonstrate the change(s) do not represent a decrease in safeguards effectiveness of the security plan and how the change(s) continue to provide reasonable assurance through the effective implementation of the security plan and sites protective strategy. Types of documentation or evaluations may include drill and exercise reports, self-assessments, blast analyses, maps, corrective action documentation, procedures, and lesson plans.
The inspector(s) shall perform an in-depth review of selected items within the security plan change which could potentially result in a decrease in safeguards effectiveness, to include inspections and/or walkdowns of the physical aspects of the change(s) documented (as applicable). Selected items for review should not be administrative (e.g., typographical corrections).
Issue Date: 07/09/24 4
- d. Verify that prior to implementing security plan change(s), the licensee ensured all safeguards capabilities specified in the safeguards contingency plan were available and functional. (10 CFR 50.54(p)(2)(i))
Specific Guidance.
For this requirement, inspector(s) should review supporting documentation or evaluations that describe the licensees implementation of the security plan change(s), to include inspections and/or walkdowns of the physical aspects of the change(s) documented (as applicable). The documentation or evaluations should cover areas of implementation, such as impacts associated with contingency response, physical protective measures, communication capabilities, and other areas that may have been impacted by the change(s). The inspector(s) should conduct interviews with security personnel responsible for implementing the plan change(s). The inspector(s) may also request that the licensee provide a protective strategy overview/briefing that addresses the impacts of the plan change(s) on the site protective strategy and all supporting physical protection measures and security equipment that the licensee employs in support of its protective strategy. The documentation or evaluations review should provide insights pertaining to the impact of plan change(s) on the licensee's protective strategy and should confirm all security equipment and physical protection measures specified were available and functional when the plan was implemented.
- e. Verify that the licensee has developed new or revised procedures according to Appendix C to Part 73 associated with the plan change(s), as appropriate.
Specific Guidance.
Inspector(s) should review licensee procedures associated with recent plan change(s).
Specifically, inspector(s) should ensure the procedures reflect the plan change and align with licensee implementation practices. Inspector(s) should consider conducting observations of activities associated with the plan change(s) to verify the licensees implementation aligns with the plan change(s).
- f.
Verify that licensee personnel impacted by the plan change(s) have been trained to respond to safeguards events, as outlined in the plan, and specified in procedures. (10 CFR 50.54(p)(2)(iii))
Specific Guidance.
Inspector(s) should conduct interviews with a sample of licensee personnel to determine the methodology the licensee used to ensure it has appropriately trained its personnel responsible for implementation of security plan change(s). Additionally, inspector(s) should review training materials (i.e., lesson plans, briefing materials, computer-based training), developed to educate licensee personnel responsible for implementing the plan change(s).
02.02 Reviews Events and Logs. Review and evaluate the licensees physical security event log for the previous 12 months, or since the last inspection, for events associated with security plan changes and follow up, if appropriate. In conjunction with
Issue Date: 07/09/24 5
71130.09 IP 71153, Follow up of Events and Notices of Enforcement Discretion, review any written follow-up reports of physical security events associated with security plan changes. (10 CFR 73.55(b)(10), 10 CFR 73.1205, 10 CFR 73.1210)
Security Program Reviews. Verify that the licensee is conducting security program reviews in accordance with 10 CFR 73.55(m) and that the licensees security plan changes were included in a review, as required by the regulation.
Identification and Resolution of Problems. Verify that the licensee is identifying issues related to security plan changes at an appropriate threshold and entering them in the licensees problem identification and resolution program. Verify that the licensee has appropriately resolved issues regarding regulatory requirements for a selected sample of problems associated with security plan changes.
Specific Guidance.
Before the inspection, the inspector should determine if a Security Event Report (SER),
in accordance with 10 CFR 73.1205 has been submitted to the NRC by the licensee.
Closeout of SERs is performed under Section 03.02 of IP 71153; however, assess if additional follow-up under this IP is warranted for the conditions or corrective actions associated with the SER.
The inspector(s) should review and evaluate licensee physical security event log entries documented in accordance with 10 CFR 73.1210, since at least the last inspection, that are associated with security plan changes. If discrepancies or deficiencies are identified during this review, the inspector(s) should follow-up, as necessary.
The inspector(s) should review the documented results of the security program reviews or audits performed by the licensee to ensure the continued effectiveness of its security plan changes. The inspector(s) should ensure that the reviews have been conducted in accordance with the requirements of 10 CFR 73.55(m). The inspector(s) should also request that the licensee provide a copy of the report that was developed and provided to licensee management for review. The inspector(s) should review the report to identify any findings that were identified via the review or audit to ensure the findings were entered in the licensees corrective action program.
The inspector(s) should review a sample of entries in the licensees Problem Identification and Resolution program associated with security plan changes. The intent of this review is to verify that the licensee is identifying deficiencies at the appropriate threshold, tracking deficiencies for trending, and correcting deficiencies commensurate with their security significance. Inspectors can follow-up on select samples in accordance with this procedure to ensure corrective actions are commensurate with the significance of the issue. Refer to IP 71152, Problem Identification and Resolution, Section 03.01 for additional guidance.
Issue Date: 07/09/24 6
71130.09 71130.09-03 PROCEDURE COMPLETION A prerequisite to conduct this inspection is a 10 CFR 50.54(p)(2) plan change submittal by the licensee since the last baseline inspection was completed. The security plan change review(s) should be documented in an inspection report in accordance with Inspection Manual Chapter 0611, Power Reactor Inspection Reports. Performance of this inspection procedure change review does not constitute approval of the security plan change(s). Sample documentation wording for security plan change(s) with no apparent decrease in safeguards effectiveness is as follows:
Since the last NRC baseline inspection of this program area, Security Plan Revision XX to XX was implemented. Based on [LICENSEES] evaluation, and in accordance with 10 CFR 50.54(p)(2), the change(s) resulted in no decrease in safeguards effectiveness of the security plan and the revised security plan change(s) continue to meet the requirements of 10 CFR 73.55(b). The inspector(s) conducted a review of the security plan change(s) to evaluate for a potential decrease in safeguards effectiveness of the security plan; however, this review does not constitute formal NRC approval of those change(s). Therefore, the change(s) remain subject to future NRC inspection in their entirety.
This procedure is considered complete when the inspection requirements listed in the procedure have been satisfied or if no security plan changes were submitted since the last baseline inspection was completed.
71130.09-04 RESOURCE ESTIMATE The resource estimate for completion of this procedure consists of a range between 6-8 hours of direct inspection effort. The resource allocation accounts for multiple security plan changes submitted to the NRC, since the last baseline inspection. The frequency at which this inspection activity is to be conducted is annually (once per year). The sample size for this procedure is one.
END : Revision History for IP 71130.09, Security Plan Changes
Issue Date: 07/09/24 Att1-1 71130.09 : Revision History for IP 71130.09 Commitment Tracking Number Accession Number Issue Date Change Notice Description of Change Description of Training Required and Completion Date Comment Resolution and Closed Feedback Form Accession No.
(Pre-Decisional Non-Public Information)
N/A ML040680601 02/19/04 CN 04-007 Prior to October 2006, NRC regional inspectors had the discretion to audit security plan changes made under 10 CFR 50.54(p) during the normal inspection cycle in accordance with IP 71130.06. IP 71130.06, Inspection of Security Plan Changes, was rescinded.
N/A N/A N/A ML040680626 02/19/04 CN 04-007 Document issued as non-publicly available IP for inspection of Owner Controlled Area Controls.
N/A N/A N/A ML083450113 12/10/08 CN 08-035 IP deleted as Owner-Controlled-Area Controls, all inspection requirements were added to IP 71130.05, Protective Strategy Evaluation.
N/A ML080030435 N/A ML13072A127 03/13/13 CN 13-009 IP 71130.09, Licensee Performance Evaluation Program, issued as a pilot; following the pilot period requirements were combined into IP 71130.05 for efficiency and pilot IP deleted.
N/A ML12353A596 N/A ML13352A537 12/19/13 CN 13-029 IP deleted as Licensee Performance Evaluation Program -
all inspection requirements were added to IP 71130.05.
N/A ML12353A490 N/A ML19276D748 01/29/20 CN 20-006 Inspection procedure developed for inspection of security plan changes, marking a transition of review associated with security plan changes from Headquarters staff to their regional counterparts.
Briefings were conducted with inspectors in January 2020 ML19276D751
Issue Date: 07/09/24 Att1-2 71130.09 Commitment Tracking Number Accession Number Issue Date Change Notice Description of Change Description of Training Required and Completion Date Comment Resolution and Closed Feedback Form Accession No.
(Pre-Decisional Non-Public Information)
N/A ML24107B092 07/09/24 CN 24-020 This IP was revised to meet the 5 year periodic review and consisted mostly of moderate administrative and guidance updates. Additionally, it was revised to reflect current IMC 0040 format and references.
N/A ML24107B090