ML24256A055

From kanterella
Jump to navigation Jump to search
IP 81000.10 Security Organization, Management Effectiveness, Program Reviews and Audits
ML24256A055
Person / Time
Issue date: 12/10/2024
From: Dante Johnson
NRC/NSIR/DSO/SOSB
To:
References
CN 24-041
Download: ML24256A055 (1)
v  d  e


Text

Issue Date: 12/10/24 1

81000.10 NRC INSPECTION MANUAL NSIR/DSO INSPECTION PROCEDURE 81000.10 SECURITY ORGANIZATION, MANAGEMENT EFFECTIVENESS, PROGRAM REVIEWS AND AUDITS Effective Date: January 1, 2025 PROGRAM APPLICABILITY: IMCs 2200 A, 2562 81000.10-01 INSPECTION OBJECTIVES 01.01 To verify the licensees security organization and chain of command are in conformance with the approved Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, and Cyber Security Plan, referred to hereafter as security plans, licensee procedures, and applicable regulatory requirements, and are adequate and appropriate for their intended function.

01.02 To verify that the licensee has developed an adequate management system that provides for adequate development, implementation, revision, and oversight of security procedures that implement Commission requirements and the commitments contained in the licensees security plan.

01.03 To verify that the licensee has established a security organization that is designed, staffed, trained, qualified, and equipped to implement the physical protection program in accordance with the U.S. Nuclear Regulatory Commission (NRC)-approved security plan, regulatory requirements, and any other applicable Commission requirement.

01.04 To verify that the licensee has established a process where it reviews and audits the security program to include all elements of the physical protection program for effectiveness in implementation and problem identification.

01.05 To verify that the licensee has established a Corrective Action Program to address deficiencies in the physical protection program and ensure that comprehensive actions are taken to correct any non-conformance that is identified.

81000.10-02 INSPECTION REQUIREMENTS General Guidance This inspection procedure (IP) was developed to ensure the operational program established for implementation at a plant licensed in accordance with Title 10 of the Code of Federal Regulations (10 CFR) Part 50 or 10 CFR Part 52 meets all NRC requirements and objectives for operational program readiness. Note that this inspection is conducted as licensees activate the operational program in accordance with IMC 2200, Appendix A, Security Construction Inspection Program, or IMC 2562, Light-Water Reactor Inspection Program for Restart of Reactor Facilities Following Permanent Cessation of Power Operations. For reactors under

Issue Date: 12/10/24 2

81000.10 construction, this IP is applicable to all power reactors under construction that are subject to oversight under the NRCs Construction Reactor Oversight Process (cROP). For restart of reactor facilities following termination of an operating license, this IP is applicable for transitioning from a decommissioning or extended shutdown reactor facility to an operational power reactor facility subject to the Reactor Oversight Process (ROP). Verification through observation of activities may not be possible. In such cases, the inspector(s) should review the appropriate licensee procedures and conduct inspections of all associated areas to ensure program compliance upon implementation.

Through verification of the inspection requirements within this inspection procedure, the inspector(s) shall ensure that the licensees physical protection program associated with this sample is designed and implemented, or is prepared to implement, the general performance objective of 10 CFR 73.55(b).

In preparing to complete this procedure, the inspector(s) should familiarize themselves with relevant documentation which may include, but is not limited to, the licensee's Physical Security Plan, site-specific and/or corporate implementing procedures, security post orders, all open allegations or past allegation trends pertaining to areas to be inspected during inspection preparation, and security program reviews and audits. The inspector(s) should also consider conducting a review of past security inspection reports for the facility, if applicable.

Inspectors are responsible for ensuring each sample in the inspection procedure is completed and evaluated to a level which provides reasonable assurance that licensees are meeting NRC regulatory requirements within the security program area being inspected. This guidance is being provided as a tool which: (1) recommends to inspectors certain methods and techniques for determining licensee security program compliance and effectiveness related to an inspection sample or; (2) clarifies certain aspects of a regulatory requirement associated with a particular inspection sample. Where minimum sampling numbers are indicated, inspectors should adhere as closely as possible to the numbers identified in the guidance. Inspectors may expand the minimum number to aid in determining the extent of the condition, should compliance concerns arise. Completion of other recommended actions contained in this guidance should not be viewed as mandatory prior to the inspector determining whether an inspection sample has been adequately addressed. Should questions arise regarding procedural requirements or guidance, inspectors should consult with regional management or the Office of Nuclear Security and Incident Response (NSIR), the program office, for clarification.

One hour has been allocated within the resource estimate of this inspection procedure for the inspector(s) to conduct physical protection program status verifications of previously inspected physical protection program elements. The purpose of the status verification is to ensure that the implementation of the licensee's physical protection program is maintained in accordance with regulations, licensee security plans, and implementing procedures to determine overall security program operational readiness. The inspector(s) should conduct observations of previously inspected physical protection program elements being implemented by the licensee to ensure continued operational readiness.

02.01 Events and Logs

a. Review and evaluate licensee event reports and safeguards log entries, and corrective action program entries which are associated with the security

Issue Date: 12/10/24 3

81000.10 organization, management effectiveness, program reviews and audits and follow up, if appropriate. (10 CFR 73.55(b)(10), 10 CFR 73.71, and Security Plan)

Specific Guidance Before the inspection, the inspector should review and evaluate licensee event reports and safeguards log entries that are associated with the licensees security organization, management effectiveness, program reviews and audits. If any discrepancies or deficiencies are identified during this review, the inspector(s) should follow up as necessary.

02.02 Security Organization.

a. Verify that the licensee has established measures to maintain an onsite physical protection program to include a security organization, which will have as its objective to provide high assurance that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to the public health and safety. (10 CFR 73.55(b)(1) and Security Plan)

Specific Guidance The inspector(s) should verify that the licensee has established measures to maintain an onsite physical protection program. Licensee security plans should discuss and identify members of the security organization and their duties and responsibilities. Additionally, the inspector should verify that licensee implementing procedures ensure that all members of the security organization remain aware of their responsibilities and associated requirements.

b. Verify that the licensees physical protection program is designed to protect against the design basis threat of radiological sabotage. (10 CFR 73.55(b)(2) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should verify that the licensee has designed and is implementing, or is prepared to implement, a physical protection program that uses the characteristics of the design basis threat as a basis to develop their protective strategy that provides a defense in depth approach in the protection against radiological sabotage.

c. Verify that the licensee has established a management system that provides oversight of the onsite physical protection program. (10 CFR 73.55(d)(2)(i) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should verify that the licensee has established a method for management to review and evaluate the onsite physical protection program. This can be achieved through interviews with onsite security management concerning their role in the implementation of security implementing procedures and the resolution of deficiencies.

Issue Date: 12/10/24 4

81000.10

d. Verify that the licensee has established measures to ensure at least one member of the security organization is onsite and available at all times, who has the authority to direct activities of the security organization. (10 CFR 73.55(d)(2)(ii) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should verify that the licensee has identified in its implementing procedures a chain of command and control measures that address security activities during all modes of plant operation both during daytime and night time operations. This chain of command should ensure that at least one member of the security organization is onsite and available at all times. Through interviews the inspector can identify who the licensee has designated as the individual who has the responsibility of directing security organization activities for both normal and contingency operations.

e. Verify that the member of the security organization designated to direct the activities of the security organization is assigned no other duties that would interfere with this individuals capability to perform these duties.

(10 CFR 73.55(d)(2)(ii) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should verify that the licensee has identified in its security plan and protective strategy the duties and responsibilities for individuals assigned the responsibility of directing the security organization. The inspector should evaluate any collateral duties that could adversely impact the individuals capability to implement the sites protective strategy.

f. Verify that all individuals required to implement any part of the physical protection program are trained, equipped, and qualified to perform their assigned duties and responsibilities. (10 CFR 73.55(d)(3) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should verify that the licensee has trained and qualified all members of the security organization required to implement any part of the physical protection program. The inspector should review a sample of training records that document each individual was trained and qualified to perform duties. Additionally, the inspector should verify that the individuals have access to any and all equipment required to perform the duties associated with their position.

g. Verify that the licensees implementing procedures document the structure of the security organization and detail the types of duties, responsibilities, actions, and decisions to be performed or made by each position of the security organization.

(10 CFR 73.55(c)(7)(ii) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should review the licensees implementing procedures specifically the section related to duties and responsibilities of personnel within the security organization. The inspector should be able to identify

Issue Date: 12/10/24 5

81000.10 through this review each individuals duties as it relates to the position they hold within the security organization. The inspector should obtain from the licensee a copy of the licensees facility organizational chart. Through interviews with licensee personnel the inspector should verify the chart is current and accurately identifies the highest-ranking individual on site with responsibilities solely in security.

h. Verify that the licensee has established a chain of command through which it has the ability to maintain all aspects of a physical protection program during both normal and emergency conditions throughout all levels of the security organization. (10 CFR 73.55(b)(1), 10 CFR 73.55(c)(7)(ii), and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector should review the licensees organizational chart and conduct interviews to ensure that licensee personnel are aware of the chain of command for normal and emergency conditions.

i.

Verify that the licensees safeguards contingency plan describes the organizations chain of command and delegation of authority during safeguards contingency events, to include a general description of how command and control functions will be coordinated and maintained. (10 CFR 73 Appendix C, Section II (b)(3)(a) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should review the licensees implementing procedures to ensure that the licensee has documented provisions that identify the chain of command during contingency events and how the licensee ensures the integrity of the chain of command throughout the contingency event. This can be completed through table top exercises or interviews with personnel who are responsible for coordination and maintaining the command and control function of the security organization. Additionally, this information should be contained within the licensees safeguards contingency plan as it must describe the organizations chain of command and delegation of authority during safeguards contingency events, to include how command and control functions are coordinated and maintained.

j.

Verify that the security organization maintains continuous communication capability with onsite and offsite resources to ensure effective command and control during both normal and emergency situations. (10 CFR 73.55(j)(1) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should review licensee implementing procedures and any Memoranda of Understanding with offsite resources (i.e., local law enforcement agencies fire and emergency medical services) to ensure the licensee has provisions in place to maintain continuous communication during both normal and emergency conditions.

Issue Date: 12/10/24 6

81000.10

k. Verify the licensees security organization has established measures to ensure it identifies site-specific conditions that affect how the licensee implements Commission requirements. (10 CFR 73.55(c)(ii) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should review licensee implementing procedures to ensure a methodology has been established and documented by the licensee that evaluates site-specific conditions that have the potential to affect the licensees implementation of Commission requirements.

l.

Verify that the licensees security organization has established measures that describe how the licensee will implement the use of security equipment and technology, the training and qualification of security personnel, the implementation of predetermined response plans and strategies, and the protection of digital computer and communication systems and networks.

(10 CFR 73.55(c)(1)(i) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector should verify that the licensee has developed and maintains implementing procedures that describe how the licensee shall implement the use of security equipment and technology, the training and qualification of security personnel, the implementation of predetermined response plans and strategies, and the protection of digital computer and communication systems and networks. This can be accomplished through interviews with site security personnel and reviews of implementing procedures.

m. Verify that the licensee has established a process for the written approval of implementing procedures and revisions by the individual with overall responsibility for the security program. (10 CFR 73.55(c)(7)(iii)(A) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector should review a sample of implementing procedures to ensure the individual with the overall responsibility for the security program has reviewed and approved all implementing procedures utilized by the site security organization.

n. Verify that individuals within the security organization are properly trained, qualified and equipped to implement the physical protection program in accordance with the NRC-approved security plan, regulatory requirements, and any other applicable Commission requirement. (10 CFR 73.55(d)(3) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector should review a sample of the training records for members of the security organization to ensure they have been trained and qualified for the position they hold. Additionally, the inspector should conduct

Issue Date: 12/10/24 7

81000.10 walkdowns of areas where security personnel are posted to ensure they are properly equipped to perform their duties.

o. Verify that the security organization is appropriately staffed at all times to implement the physical protection program. (10 CFR 73.55(d)(1) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector shall have the licensee provide schedules for day and night operations. A comparison between the schedules and sites protective strategy should be conducted to ensure the security organization is appropriately staffed at all times to implement the sites protective strategy. Inspectors should reference the licensees Responsibility Matrix to ensure that the licensee is staffed with the appropriate security personnel as stated in their safeguard contingency plan.

p. Verify that the licensee has established a process to ensure that revisions to security implementing procedures satisfy NRC requirements.

(10 CFR 73.55(c)(7)(iii)(B) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector should have the licensee provide documents (i.e., training records, implementing procedures, contingency plan procedures, lesson plans, testing procedures, calibration procedures, maintenance procedures) that establish that the licensee maintains and documents revisions to implementing procedures.

q. Verify that all non-security personnel assigned duties and responsibilities required to implement the physical protection program are:
1. Trained (possess the appropriate knowledge, skills, and abilities).

(10 CFR 73.55(d)(3) and Security Plan)

2. Qualified. (10 CFR 73.55(d)(3)(i) Security Plan)
3. Re-qualified. (10 CFR 73.55(d)(3)(i) and Security Plan)
4. Equipped. (10 CFR 73.55(d)(3)(ii) and Security Plan)
5. Possess the appropriate physical attributes, such as sight and hearing, to perform their assigned duties. (10 CFR 73.55(c)(7)(iii) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector should review a sample of training records and conduct onsite interviews to ensure members of the security organization needed for the implementation of the contingency plan are properly trained, qualified, re-qualified, and equipped. Additionally, the inspector should review a sample of medical records to ensure those subject to the physical attribute requirements are properly documented and maintained.

02.03 Management Effectiveness

a. Verify that the licensee has established a process to ensure that results and recommendations of the onsite physical protection program reviews,

Issue Date: 12/10/24 8

81000.10 management findings regarding program effectiveness, and any actions taken as a result of recommendations from prior program reviews, must be documented in a report to the licensees plant manager and to corporate management at least one level higher than that having responsibility for day-to-day plant operation.

(10 CFR 73.55(m)(3) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should review licensee assessments regarding the physical protection program and ensure that any identified issues or deficiencies are documented, entered into the corrective action program (CAP), and reported to the licensees plant manager as well as corporate management.

b. Verify items entered into the corrective action program are analyzed by the appropriate member of the security organization. (10 CFR 73.55(m)(1)(iii) and Security Plan)

Specific Guidance The inspector(s) should verify that items entered into the CAP are analyzed by the appropriate personnel, and that individual(s) possess the appropriate knowledge skills and ability to perform such an evaluation specific to the area analyzed.

c. Verify that the appropriate level of management reviews items entered into the corrective action program to ensure its effective in tracking trending and preventing recurrence of failures and deficiencies in the physical protection program. (10 CFR 73.55(b)(10) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should obtain a sample of examples of items related to the physical protection program that have been entered and vetted through the sites CAP to ensure they have been tracked and trended to prevent recurrence of failures and deficiencies.

02.04 Program Reviews and Audits

a. Verify that the licensee has established measures review each element of the physical protection program at least every 24 months. (10 CFR 73.55(m)(1) and Security Plan)

Specific Guidance For the inspection of this requirement, the inspector(s) should obtain, from the licensee, documentation that identifies the schedule the licensee uses to ensure each element of the physical protection program is reviewed at least every 24 months. Additionally, the inspector should verify the schedule identifies each element of the physical protection program.

Issue Date: 12/10/24 9

81000.10

b. Verify findings from onsite physical protection program reviews are entered into the site corrective action program. (10 CFR 73.55(m)(4) and Security Plan)

Specific Guidance When inspecting this requirement, the inspector(s) should obtain from the licensee a sample of items related to physical protection program reviews that have been entered into the corrective action program. The inspector(s) should ensure that those items have been analyzed by the appropriate level of management and that corrective actions have been implemented to prevent recurrence.

c. Verify that the licensee has established measures to conduct security program reviews within 12 months for the following elements that potentially could adversely affect the security program (10 CFR 73.55(m)(1)(ii) and Security Plan):
1. Initial implementation of the physical protection program.
2. Changes to personnel.
3. Changes to procedures.
4. Changes to equipment.
5. Changes to facilities.

Specific Guidance The inspector(s) should, obtain from the licensee, a sample of security program reviews conducted by the licensee for the following elements:

1. Initial implementation of the physical protection program.
2. Changes to personnel.
3. Changes to procedures.
4. Changes to equipment.
5. Changes to facilities.

The inspector(s) should review the documented results of the security program reviews or audits performed by the licensee to ensure the continued effectiveness of its Security Organization, Management Effectiveness, and Security Program. The inspector(s) should ensure that the reviews have been conducted in accordance with the requirements of 10 CFR 73.55(m). The inspector(s) should also request that the licensee provide a copy of the report that was developed and provided to licensee management for review. The inspector(s) should review the report to identify any findings that were identified via the review or audit to ensure the findings were entered in the licensee's corrective action program.

d. Verify that the licensee has established measures to conduct security program reviews as necessary based upon deficiencies identified during site-specific analyses, assessments, or other performance indicators. (10 CFR 73.55(m)(1)(ii) and Security Plan)

Specific Guidance For the inspection of this requirement the inspector(s) should verify that the licensee has a written process that provides the licensee the ability to conduct program reviews based

Issue Date: 12/10/24 10 81000.10 on deficiencies identified during site-specific analysis, assessments, or other performance indicators.

02.05 (U) Reviews Events and Logs. Review and evaluate the licensees physical security event log for the previous 12 months, or since the last inspection, for events associated with [81000.10, Security Organization, Management Effectiveness, Program Reviews, and Audits and follow up, if appropriate. In conjunction with IP 71153, Follow up of Events and Notices of Enforcement Discretion, review any written follow-up reports of physical security events associated with Security Organization, Management Effectiveness, Program Reviews and Audits. (10 CFR 73.55(b)(10),10 CFR 73.1205, 10 CFR 73.1210)

Security Program Reviews. Verify that the licensee is conducting security program reviews in accordance with 10 CFR 73.55(m) and that the licensees Security Organization, Management Effectiveness, Program Reviews and Audits were included in a review as required by the regulation. (10 CFR 73.55(m))

Identification and Resolution of Problems. Verify that the licensee is identifying issues related to the Security Organization, Management Effectiveness, Program Reviews and Audits program at an appropriate threshold and entering them in the licensees problem identification and resolution program. Verify that the licensee has appropriately resolved the issues regarding regulatory requirements for a selected sample of problems associated with Security Organization, Management Effectiveness, Program Reviews and Audits programs. (10 CFR 73.55(b)(10))

Specific Guidance Before the inspection, the inspector should determine if a Security Event Report (SER),

in accordance with 10 CFR 73.1205 has been submitted to the NRC by the licensee.

Closeout of SERs is performed under section 03.02 of IP 71153; however, assess if additional follow-up under this IP is warranted for the conditions or corrective actions associated with the SER.

The inspector(s) should review and evaluate licensee physical security event log entries documented in accordance with 10 CFR 73.1210, since at least the last inspection, that are associated with the Security Organization, Management Effectiveness, Program Reviews and Audits program. If discrepancies or deficiencies are identified during this review, the inspector(s) should follow up as necessary.

The inspector(s) should review the documented results of the security program reviews or audits performed by the licensee to ensure the continued effectiveness of its Security Organization, Management Effectiveness, Program Reviews and Audits. The inspector(s) should ensure that the reviews have been conducted in accordance with the requirements of 10 CFR 73.55(m). The inspector(s) should also request that the licensee provide a copy of the report that was developed and provided to licensee management for review. The inspector(s) should review the report to identify any findings that were identified via the review or audit to ensure the findings were entered in the licensees corrective action program.

Issue Date: 12/10/24 11 81000.10 The inspector(s) should review a sample of entries in the licensees Problem Identification and Resolution program associated with the Security Organization, Management Effectiveness, Program Reviews and Audits program. The intent of this review is to verify that the licensee is identifying deficiencies at the appropriate threshold, tracking deficiencies for trending, and correcting deficiencies commensurate with their security significance. Inspectors can follow-up on select samples in accordance with this procedure to ensure corrective actions are commensurate with the significance of the issue. Refer to IP 71152, Problem Identification and Resolution, section 03.01 for additional guidance.

81000.10-03 RESOURCE ESTIMATE Approximately 26 hours3.009259e-4 days <br />0.00722 hours <br />4.298942e-5 weeks <br />9.893e-6 months <br /> of inspection effort are allocated for this inspection procedure. The sample size for this procedure is 26.

END : Revision History for IP 81000.10

Issue Date: 12/10/24 Att1-1 81000.10 : Revision History for IP 81000.10 Commitment Tracking Number Accession Number Issue Date Change Notice Description of Change Description of Training Required and Completion Date Comment Resolution and Closed Feedback Form Accession Number (Pre-Decisional Non-Public Information)

N/A ML12114A125 09/07/12 CN 12-020 Researched commitments made in the last 4 years and found none. IP developed to support security construction inspections under IMC 2200.

Training to be covered at the 2013 Annual NSIR Counterpart Meeting.

N/A N/A ML24256A055 12/10/24 CN 24-041 This document was revised as a result of a periodic review, as well as the Palisades restart effort.

Editorial changes were made to adhere to IMC 0040, as well as the addition of IMC 2562 to the program applicability. Added section 02.06 and corresponding reporting language and specific guidance.

N/A ML24256A056

Retrieved from "https://kanterella.com/w/index.php?title=ML24256A055&oldid=4831975"