|
|
| (6 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| {{Adams | | {{Adams |
| | number = ML20199C634 | | | number = ML20247H396 |
| | issue date = 01/23/1998 | | | issue date = 12/24/1997 |
| | title = Refers to Predecisional Enforcement Conference Conducted on 980120 Re Apparent Violations Identified in NRC Insp Repts 50-361/97-24 & 50-362/97-24.List of Attendees & Presentation Matl Encl | | | title = Partialy Withheld Insp Repts 50-361/97-24 & 50-362/97-24 on 971117-21 & 1203-05 (Ref 10CFR73.21).Violations Being Considered for Ea.Major Areas Inspected:Physical Security Program |
| | author name = Howell A | | | author name = |
| | author affiliation = NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION IV) | | | author affiliation = NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION IV) |
| | addressee name = Ray H | | | addressee name = |
| | addressee affiliation = SOUTHERN CALIFORNIA EDISON CO. | | | addressee affiliation = |
| | docket = 05000361, 05000362 | | | docket = 05000361, 05000362 |
| | license number = | | | license number = |
| | contact person = | | | contact person = |
| | document report number = 50-361-97-24, 50-362-97-24, EA-97-585, NUDOCS 9801300060 | | | document report number = 50-361-97-24, 50-362-97-24, NUDOCS 9805210154 |
| | document type = CORRESPONDENCE-LETTERS, OUTGOING CORRESPONDENCE | | | package number = ML20247H362 |
| | page count = 88 | | | document type = INSPECTION REPORT, NRC-GENERATED, TEXT-INSPECTION & AUDIT & I&E CIRCULARS |
| | | page count = 2 |
| }} | | }} |
|
| |
|
| Line 18: |
Line 19: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:- - . ...- .. .- - - - - ._ - .- - - - . _ . - . _ , | | {{#Wiki_filter:_ _ - _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ - _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ - _ - _ - _ _ |
| e p * *' h UNIftDSTAfts
| | . |
| ** j' , . '
| | I l |
| ,\ NUCLEAR REGUL ATORY COMMISSION
| | l DOCUMENT CONTAINS ENCLOSURE l |
| $ -
| |
| f } A LGION IV
| |
| ,* / 611 RY AN PL A2A ORIVE. $ ult ( 400 S ., F A A LING TON, T [ X A$ 76011 8064
| |
| *****
| |
| llanuary 23, 1998 ,
| |
| '
| |
| E A N o.: 97 585 Harold B. Ray, Executive Vice President Southern California Edison C San Onofre Nuclear Generating Statioit P.O. Box 128 San Clemente, California 92674 0128 SUBJECT: PREDECISIONAL ENFORCEMENT CONFERENCE SUMMARY This refers to the predecisional enforcement conference conducted in the Region IV office on January 20,1998. This meeting was bid to discuss the apparent violatio 1s identified in NRC Inspection Repot 50-361/97 24; 50 362/97-24. The conference was held at the request of Region IV. This meeting contributed to a better understanding of the apparent violations. The
| |
| - attendance list and the licensee's presentation are enclosed, in accordance with Section 2.790 of the NRC's " Rules of Practice," Part 2, Title 10, Code of Federal Regulations, a copy of this letter will be placed in the NRC's Public Document Roo Should you have any questions conceming this matter, we will be pleased to discuss them with yo
| |
| | |
| Sincerely, I
| |
| aLA '
| |
| ,
| |
| Arthur T. How 111 Director Division of Reactor Safety Enclosures:
| |
| 1. Attendance List 2. Licensee Presentation Docket Nos.: 50 361; 50-362 License Nos.: NPF-10; NPF 15 cc:
| |
| Chairman, Board of Supervisors County of San Diego 1600 Pacific Hignway, Room 335 San Diego California 92101
| |
| = 1300060 - w3 PDR
| |
| ', IllIllll!lllll
| |
| *'''''
| |
| llll ll
| |
| *
| |
| ADOCK 05000361 G pon
| |
| | |
| . _ _ _ _ _ _ _ _
| |
| >
| |
| | |
| Southern California Edison C l Alan R. Watts, Es Woodruff Sprodlin & Smait 1 701 S. Parker St. Suite 7000 Orange, Califomia 92868 4720 Sherwin Harris, Resource Project Manager Public Utilities Department City of Riverside 3900 Main Street -
| |
| Riverside, Califomia 92522 i
| |
| R. W. Krieger, Vice President Soutnem Califomia Edison Company San Onofre Nuclear Generating Station P.O. Box 128 San Clemente, Califomia 92674-0128 Stephen A. Woods, Senior Health Physicist Division of Drinking Water and Environmental Management Nuclear Emergency Response Program Califomia Department of Health Services P.O. Box 942732, M/S 396 Sacramento, Califomia 94334 7320 Mr. Gary D. Cotton, Sr. Vice President Energy Supply San Diego Gas & Electric Company P. O. Box 1831 San Diego, California 92112-4150
| |
| - Mr. Steve Hsu Radiological Health Branch State Department of Health Services P.O. Box 942732 Sacramento, California 94234 Mayor City of San Clemente 100 Avenida Presidio San Clemente, Califomia 92672 Mr. Truman Burns \Mi. Robert Kinosian California Public Utilities Commission 505 Van Ness, Rm. 4102 San Francisco, California 94102 mm -
| |
| | |
| _ _ . . _ . _ . _ _ . . _ _ _ _ _ _ . _ _ . _ _ . _ . _ ._ ._.__._.. _ _.-__.___
| |
| , -
| |
| J
| |
| - Southern Califor lia Edison C DISTRIBUTION:
| |
| | |
| DMB (IE45)w/ enclosures Regional Administrator SONGS Resident Inspector DRS Director
| |
| -
| |
| DRS Deputy Director
| |
| -
| |
| DRP Director -
| |
| - DRS PSB
| |
| ;
| |
| G. F. Sanbom, EO J, Lieberman, OE (MS 7 H5)
| |
| : '
| |
| OE:EAFile (MS 7 HS)
| |
| W. L. Brown, RC Branch Chief (DRP/F, WCFO)
| |
| Senior Project inspector (DRP/F, WCFO)
| |
| ' Branch Chief (DRP/TSS)
| |
| M. Hammond (PAO, WCFO) :
| |
| WCFO File !
| |
| MIS System RIV File w/ enclosures i B. Earnest w/ enclosures i
| |
| i I
| |
| | |
| k-DOCUMENT NAME: G:\ REPORTS \SO724MS.ABE To receive copy of document. Indicate in bor: "C" = Copy without enclosures "E" Copy with enclosures "N" = No cocy lRIV:PSB _
| |
| C:DRS\PSB C:DRP\F _ {/ D:DRS BMurray N DKirsch K ATHowell lli -
| |
| l ABEarnest:nh[M' ^
| |
| 101 AI/98 Ot/AM8 01ht/98 01fd98
| |
| '
| |
| D\ OFFICIAL RECORD COPY
| |
| *
| |
| - - - _ . - - . - . - __~ - -- - - . - - - . . - . -
| |
| | |
| (~ ,
| |
| $-cf a Southem Califomia Edison C DISTRIBUTION:
| |
| . DMS (IE46)w/ enclosures y Regional Administ.'ator SONGS Resident inspector DRS Director DRS Deputy Director DRP Director DRS PSB G. F. Sanborn, EO -
| |
| J. Lieberman, OE (MS 7-H5)
| |
| OE:EAFile (MS 7 HS)
| |
| W. L Brown, RC Branch Chief (DRP/F, WCFO)
| |
| Senior Project inspector (DRP/F, WCFO)
| |
| Branch Chief (DRP/TSS)
| |
| M. Hammond (PAO, WCFO)
| |
| WCFO File MIS System RIV File w/ enclosures B. Earnest wh nclosures DOCUMENT NAME: G:\ REPORTS \SO724MS.ABE To receive copy of document, Indicate in box: *C" = Copy without enclosures *E" = Copy with enclosures "N''s No copy RIV:PSB _
| |
| C:DRS\PS,B C:DRP\F d y' D:DRS ABEarnest:nh@ BMurrav N DKirsch M" ATHowell til
| |
| ~
| |
| 01 DI/98 OVA $8 01ht/98 01(pj98
| |
| '
| |
| D\ OFFICIAL RECORD COPY 3nn004
| |
| | |
| o
| |
| *
| |
| *
| |
| PREDECISIONAL ENFORCEMENT CONFERENCE ATTENDANCE
| |
| . _ _ _ _ . . _ _ _ _ . _ _ . _ . - . . .. _ LICENSEE / FACILITY Southern California Edison C San Onofre Nuclear Generating Station DATE/ TIME January 20,1998, at i o CONFERENCE LOCATION Region IV, Training Conference Roon Arbngton, TX EA NUMBER EA 97 585 NRC REPRESENTATIVES
| |
| .. ..
| |
| . . . . .. . . . . . _
| |
| .
| |
| ..
| |
| .
| |
| -. ...._.-._...._
| |
| . . .
| |
| _
| |
| . . . . .
| |
| _
| |
| . . _ . . _ . . . . _ _- _._ ..
| |
| , _ _ _
| |
| . _ .. _ _ _ _ _
| |
| .
| |
| _ | |
| _ - . . . . . - . . . _ _ _ _. - _ | |
| NAME (PLEASE PRINT) ORGANIZATION TITLE Su .he f Ni P5 lb. 12s. A/n.n.1 A ,9 I v kt0 wtll ' b'rtcAnt. }$.$
| |
| "
| |
| Adthe/ lh,sna SAru m4 S.p eM >>
| |
| (hy s;ed.Sen 10 59celA( d
| |
| ''
| |
| A. $ua kt v
| |
| "
| |
| 8 bale kW9 c M Pi n r % e u Biw %.
| |
| v ' o ,. J , n . ,l,. a a A Tub hcVw v n. . n n~ t f
| |
| /
| |
| ,
| |
| J44/AM ). $A/WA/ *'
| |
| 06/ss/A L doWA.fE /
| |
| 6~ C1 "
| |
| & L/r L/v
| |
| | |
| _ _ . _ - _ _ _ _ _ --_ __ ___ _ -. ._ . . _ - - _ _ -- _ ___ __ _ _ _ _ _ .
| |
| ,
| |
| o
| |
| /
| |
| PREDECISIONAL ENFORCEMENT CONFERENCE ATTENDANCE bCENSEE[ FACILITY Southern California Edison Co San Onofre Nuclear Generating Station DATEmME January 20,1998, at 1 p m CONFERENCE LOCATION Region IV, Training Conference Room Arlington, TX
| |
| _ | |
| EA NUMBER EA 97-585
| |
| &*
| |
| LICENSEE REPRESENTATIVES
| |
| _ NA_ME (PLEASE PRINT) ORGANIZATION TITLE C.A. Pl u /e< T 5c E / G e<< t , Sc+vw. , Sec~ Ar Caveha v< | |
| hE.No wa k-
| |
| '
| |
| '
| |
| 9cE Ei T"> ce % %
| |
| Go. ha i sah u a > aa
| |
| . l ALLACE 3CEl/Mq W,L AL M M.J . 6PsER sce 4t ; 5rrs Secdw wsw sa n u; ec a ,.<~ w
| |
| .
| |
| *
| |
| emundus I
| |
| | |
| . . . . . _
| |
| .
| |
| -
| |
| SOUtilFRN C%1tFt,yiWIt
| |
| '
| |
| EDISON
| |
| .Aa TJn50% fMTRh4 710%! Catrpay SOUTHERN CALIFORNIA EDISON 4 SAN ONOFRE NUCLEAR GENERATING STATION PRE-DECISIONAL ENFORCEMENT CONFERENCE January 20,1998
| |
| -
| |
| L..- . _ . _ _ _ . _ _ _ _
| |
| - bA-4 -ue-,.- ea- a sau-e- - aed.- A--..as 3-_.d.J.4e a_A e aeehMbfAAt--- -J-A w-mf=4 a 4a na- -m-eemb ~4- J42r.s .- _ - 6-__Ju at m-wu.sa.-_4A1.m4#A- =.A__A4_wd=
| |
| * l l
| |
| 1 e'
| |
| i
| |
| | |
| f O j
| |
| -
| |
| .h O
| |
| cc v
| |
| .
| |
| i
| |
| : et
| |
| -
| |
| A o
| |
| a
| |
| ! o
| |
| !
| |
| ~
| |
| DI)
| |
| :
| |
| .5
| |
| ~
| |
| l O
| |
| ' | | ' |
| o V
| | U.S. NUCLEAR REGULATORY COMMISSION |
| z
| |
| -
| |
| D L
| |
| C3
| |
| ;
| |
| eZ aa
| |
| < ,
| |
| pad 5 9
| |
| | |
| b@ 3 9 g 42 Q
| |
| !E O i N
| |
| :
| |
| stu W C3 2 00 n
| |
| n
| |
| | |
| .
| |
| . - .
| |
| | |
| - -
| |
| c. .
| |
| Summary - Safeguards Contingency Plan (SCP)
| |
| l
| |
| .
| |
| - Loss of SCP - isolated personnel erro Strong program for control of Safeguards Informatio Licensee identified, reported and aggressive enhancements were implemente ___ - .
| |
| | |
| - - - - - -
| |
| _
| |
| A; parent Violation
| |
| "An apparent vio.ation was ic entified involving t~ 3e failure to ac.equately protect a copy of t:1e Safeguarc s Contingency Plan." .
| |
| l
| |
| "
| |
| ... With respect to the issue offailing to protect safeguards information, NRC inspection Report 50-361/95-15; 50-362/95-15 notedfive other instances of failing to protect safeguards information, including two lost safeguards documents. "
| |
| | |
| . _ _ _
| |
| | |
| - - - - - -
| |
| .. .
| |
| Loss of SCP - Facts
| |
| .
| |
| - October 27,1997, Safeguards Contingency Program (SCP)
| |
| discovered missing from cabinet.
| |
| | |
| -
| |
| Cabinet and lock met program requirements.
| |
| | |
| -
| |
| No evidence of tampering was found.
| |
| | |
| -
| |
| Immediately implemented security compensatory measures.
| |
| | |
| -
| |
| Made a 1-hour telephone report on October 27,199 .
| |
| | |
| _ _ _ _ _ _ - - _ _ _ _ _ _
| |
| | |
| - - - - - - -
| |
| ,
| |
| Loss of SCP - Response to Event
| |
| ,
| |
| - Conducted a site investigatio Requested an independent Corporate Security Investigatio Implemented interim SI internal control Submitted Licensee Event Report 1-97-002 on November 25,1997. Revised Licensee Event Report,1-97-002, December 19,1997, to include the results of the Corporate Investigatio .
| |
| | |
| _ _ _ _ _ _ _ _ _ _ _ _ - . .
| |
|
| |
|
| . . . -
| | ==REGION IV== |
| . . | | Docket Nos.: 50-361; 50-362 License Nos.: NPF-10; NPF-15 Report No.: 50-361/97-24; 50-362/97-24 Ucensee: Southem Califomia Edison C Facility: San Onofre Nucfear Generating Station, Units 2 and 3 Location: 5000 S. Pacific Coast Hwy. |
| Loss of SCP - Resaonse to Event (continued)
| |
| -
| |
| Prepared Human Performance Evaluatio Conducted a site search for the SCP.
| |
|
| |
|
| - | | l San Clemente, Califomia ' |
| Informed the site population and solicited their assistance in locating the missing SCP.
| | Dates: November 17-21 and December 3-5,1997 Inspecto A. B. Eamest, Security Specialist, Plant Support Branch Approved By: Blaine Murray, Chief, Plant Support Branch Division of Reactor Safety Attachment: SupplementalInformation i |
| | DOCUMENT CbNTAINS ENCLOSURE (S) CONTAIN(S) UPON SEPARATION THIS l PAGE IS DECONTROLLED l 9805210154 971224 PDR ADOCK 05000361 |
| | : G PDR a____ . _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ .__ _ ___ _ _ _ _ _ _ _ _ _ _ } |
|
| |
|
| -
| |
| Formed a Program Enhancement Tea .. .
| |
| s Loss of SCP - Event Summary
| |
| -
| |
| SCP has not been foun How SCP xvas lost has not been identifie l
| |
| -
| |
| Individual who mishandled SCP has not been identifie Root cause - personnel erro :
| |
| I I
| |
| i
| |
| , | | , |
| | | . . . |
| i
| |
| . _ - . _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| | |
| - - - - - - -
| |
| .. .
| |
| Discussion of Previous Events - IR 95-15
| |
| ,
| |
| - SI file destroye (Licensee Identified June 14,1995)
| |
| - SI lost in routing for review (did not arrive).
| |
| | |
| (Licensee Identified July 11,1995)
| |
| - SI mailed in envelope with holes (swiss).
| |
| | |
| (Licensee Identified April 25,1995)
| |
| ,
| |
| -
| |
| SI cabinet open for five minutes unattende (. Licensee Identified May 3,1995)
| |
| -
| |
| SI stored in a des (Licensee Identified June 16, 1995)
| |
| | |
| . _ - - _ _ _ _ _ _ _ - _ -
| |
| | |
| - - - - - - - - - - -
| |
| ,_
| |
| Correc~ive Actions ;Resulting from NRC Inspection Report 95-15
| |
| -
| |
| Counseled responsible individuals and retrained.
| |
| | |
| - Vice President met tvith Managers and Supervisors.
| |
| | |
| - Reduced number of SI authorized personnel and SI storage location _ _ _ _ _ _ _ _ _ _ _ _ _ - _ -
| |
| | |
| i .. .
| |
| Corrective Actions Resulting from NRC Inspection Reaort 95-15 (continued)
| |
| .
| |
| Established SI Helpline bulletin boar Distributed memorandum on expectations and disciplinary polic Formed an SCE inspection team to conduct unannounced surveillance .
| |
| I1
| |
| - - _ . _ _ _ _ _ - _ _ _ _ _ _ .
| |
| | |
| _ _ _ _ _ - _ _ _ - _ . ._
| |
| . . . . . . . . .. .
| |
| . . .
| |
| ,
| |
| Program Improvements (Post 95-15)
| |
| | |
| -
| |
| September 1995 Initiated SI industry benchmarkin November 1995 Began unannounced surveillance January 1996 Additional program enhancement Distributed desktop aide to all site personne March 1996 Presented industry benchmarking results to Western Nuclear Security Associatio ._ _ - - - - - - -
| |
| .
| |
| ~l l
| |
| Program Imarovements (Post 95-15) (continued)
| |
| -
| |
| June 1996 Completed SI Program actions and program enhancement January 1998 Additional SI Program enhancements.
| |
| | |
| l 13
| |
| .
| |
| .
| |
| .. . _ . .
| |
| ..
| |
| . ___ _____ __ ___ _ . .
| |
| | |
| - - - - -
| |
| ,
| |
| SCE Safeguards Information Program
| |
| | |
| SCE's Safeguards Information (SI) Program consists of:
| |
| - Procedures
| |
| - Training
| |
| - Program audits
| |
| - Routine surveillances
| |
| .
| |
| | |
| - - - - - - - - - -
| |
| | |
| -- - - - - -
| |
| _ _
| |
| _
| |
| SI Program Enhancements in Response to SCP Event
| |
| -
| |
| Requires SI cabinet inventorie l l
| |
| -
| |
| Requires use of a check out lo Restricts SI access to single point of contro SCP and PSP distribution control transferred from Security to CD Use colored binder SI Program exceeds regulatory requirements (equivalent of DOD " SECRET").
| |
| .
| |
| | |
| o _
| |
| -
| |
| | |
| .. .
| |
| SI Program Enhancements in Response to SCP Event (continued)
| |
| _
| |
| Further reduced:
| |
| - Storage locations,
| |
| - Storage cabinets, and
| |
| - Number of personnel with SI acces .
| |
| | |
| _ _ -_ - _ _ - - _ _ _ _ _ - _ _ _
| |
| | |
| - __ --
| |
| _ _
| |
| _
| |
| f Actions to Mitigate Risk of Mishandling SI Reduction of SI Storage Cabinets / Locations
| |
| '94 '95 '96 '97 Year End Values y
| |
| -
| |
| - -
| |
| - - -
| |
| -
| |
| - _
| |
| ,
| |
| | |
| F ., ,
| |
| .
| |
| Summary
| |
| ._ =
| |
| -
| |
| SCE program substantially exceeds regulatory requirement Loss of SCP ivas an anomaly.
| |
| | |
| .
| |
| -
| |
| SCE response tvas aggressive and comprehensiv Program enhancements have been implemente Previous corrective actions and program enhancements noted would not have prevented the loss of the SC ___ ______________ _
| |
| | |
| - - - - -
| |
| , | | , |
| . ~
| |
| Application of tLie Enforcement Policy
| |
| .
| |
| Factors Individual (unknown) personnel erro Prompt response and aggressive corrective actio !
| |
| - Licensee identified and reporte Non-willful, self-identified, and no previous escalated enforcement in past 5 year IR 95-15 events were unrelated and corrective actions would not prevent SCP even _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ -
| |
|
| |
| - - - -
| |
| ,
| |
| Application 0:n:he Enforcement Policy (continued)
| |
| Loss of SCP and 95-15 Events Event (date) Or Cause Comments Files destroyed (7/11/95) CDM Purged files Not SI Left in Inbox (7/14/95) NEDO No self-check Not delivered
| |
| ,
| |
| Swiss Envelope (4/25/95) LIC Personnel error Improperly wrapped Cabinet unattended (5/3/95) COMP Inattention to detail Under observation Left in Desk (6/14/95) SSS Personnel error Not SI j
| |
| _
| |
| SCP (10/27/97) SEC Unknown Program accountability enhancements 20 . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ . .
| |
|
| |
| ! .
| |
| . .
| |
| Arlication of the Enforcement Po.. icy (cor,tinued)
| |
| Violation 95-15-02 (Failure to Protect SI) - Closure
| |
| -
| |
| .NRC inspection report 96-12 dated October 25,1996, provided for closure of NOV 95-15-02 (failure to protect SI) noted:
| |
| - SCE had significantly improved the protection of SI, acknowledged the reduced number of SI documents and storage locations, enhanced SI training for individuals with access, and
| |
| , concluded these measures had significantly reduced the possibility of mishandling S " Missed opportunities is normally not applied where the licensee appropriately reviewed the opportunityfor application to its activities and reasonable action was
| |
| [taken]... " [NRC Enforcement Policy, Section VI.B.2.b[2](v)]
| |
|
| |
| _-____ _ _ _ - _ .
| |
|
| |
| I .
| |
| . .
| |
| Aaplication of the Enforcement Po icy (continued)
| |
| -
| |
| The Enforcement Policy allows discretion to encourage licensees to maintain a safety-conscious work environment with a low threshold for self-identificatio "The NRC may exercise discretion cnd refi ainfi om issuing a civil
| |
| '
| |
| penalty and/or Notice of Violation, ifthe outcome ofthe normal process described in Section V1.B does not residt in a sanction consistent with an appropriate regulatory message. " yRC i Enforcement Policy, Section VII.B]
| |
| -
| |
| " Consistent with that pmpose, enforcement action should be used to... encourage the prompt identification andprompt, comprehensive correction ofviolations. " [NRC Enforcement Policy, Section 1]
| |
|
| |
| _ _ _ _ _ _ _ - _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _
| |
|
| |
| --
| |
| ( .
| |
| . -
| |
| Aaplication of the Enforcement Policy (continued)
| |
| _
| |
| - Escalated enforcement (Severity Level III) is usually inappropriate for cases which meet all following criteria: (1) an isolated personnel error; (2) aggressive corrective action; (3) no programmatic breakdown nor loss of safety function; and (4) not willfu >
| |
| l
| |
| " Supplements I through VIIIprovide examples and serve as guidance in determining the appropriate severity levelfor violations in each of the eight activity areas. However, the examples are neither exhaustive nor controlling . . . The NRC reviews each case on its own merits to ensure that the severity of a violation is characterized at the level best suited to the significance oftheparticular violation. In some cases, special circmnstances may warrant an adjustment to the severity level categorization ". (emphasis added) [NRC Enforcement Policy, Cection IV; l
| |
|
| |
| - -
| |
| . _ _ _ _ _ _ _ _ _ _ _ _ _ -
| |
|
| |
| MLM
| |
| . ~
| |
| .
| |
| l Aaplication of ~ he Enforcement Policy (continued)
| |
| T ae NRC s aoulc exercise ciscretion and categorize t ne loss as a Severity Level IV (Supp ement III.D.: 0) violation, as a pruc ent an ;
| |
| measurec regu.atory response to this even _
| |
|
| |
| - -
| |
| .
| |
| ..
| |
| t
| |
|
| |
| i E15Is5s A o T.D!$0 V t.\ T!ttN 4 Tro st!. Osmpacy e
| |
| i l
| |
| Discussion of Other Events l
| |
| __
| |
|
| |
| --
| |
| _ _
| |
| Summary - Ot1:er Even':s
| |
| .
| |
| -
| |
| Guard Wire 645 engineering erro l
| |
| -
| |
| Unlocked weapons cabinet personnel erro Adequacy of compensatory measures (during computer outages).
| |
|
| |
| -
| |
| Reporting of(1) inadequate compensatory measures and (2) unlocked weapons locke .
| |
| "
| |
|
| |
| _ _ _ _ - _ _ _ _ _ _ - _ _ _ _
| |
|
| |
| - - - - - - - - - -
| |
| , ,
| |
| .' SOUTitFRN CALIFOf.%34 EDISON
| |
| - An f.Dl50% l.\TT&V4TIONAL Cort:my Guard Wire (GW-645) Back-up Power Supply
| |
| ,
| |
| .
| |
| _ _ _ _ _ _ _ _____
| |
|
| |
| - - - - - - - - - - -
| |
| . ,
| |
| .
| |
| Aaparent Vio ation
| |
| .
| |
| "An apparent violation was identified involving the failure to
| |
| + provide battery back-up power supply to a portion of the detection aids system."
| |
|
| |
| '
| |
| "
| |
| ... For each of the apparent violations involving the failure to provide a backup power supply... more than one instance occurred."
| |
|
| |
| _____
| |
|
| |
| - - - - - - -
| |
| .
| |
| . ~
| |
| Ju y 31,1997 Event Description - Loss of Power :o IDS
| |
| - On July 31,1997, at about 1900 PDT, IDS segment GW-645 annunciated a power failure alar GW-645 not part of perimeter IDS (see diagram).
| |
|
| |
| -
| |
| Subsequent investigation, completed on August 2,1997, revealed the required back-up power supply had not been installed. License Condition 2.G Report was made on August 2,199 l
| |
| - - - - - - -
| |
|
| |
| _______-_ __ _ _ _ _ _
| |
|
| |
| .
| |
| * | | * |
| Y i
| |
| :<
| |
| N
| |
| ' '
| |
| STAGING VHS ::
| |
| . -
| |
| ,
| |
| ,< c ><
| |
| e ><
| |
| 0 SSPF l
| |
| tn -
| |
| T D
| |
| g U2/3 SERVICE
| |
| +
| |
| - BLO .-
| |
| e ce D
| |
| C
| |
|
| |
| - _ - - - - - - - - -
| |
| .
| |
| . .
| |
| Cause
| |
| , | | , |
| - Due to an error by the Design Engineer, contrary to engineering procedure SO123-XXIV-10.21, " Field Interim Design Change Notice (FIDCN) and Field Change Notice (FCN)," the FCN had the back-up battery details included l as Construction Notes which were not included in the FCN l I
| | -2- DOCUMENT CONTAINS |
| issued to the field for construction in June 199 Due to an error by the Engineering Supervisor, contrary to engineering procedure SO123-XXIV-1.1, " Document Review and Approval Control," design verification for this i
| | ' EXECUTIVE SUMMARY San Onofre Nuclear Generating Station, Units 2 and 3 NRC Inspection Report 50-361/97-24; 50-362/97-24 This routine, announced inspection focused on the licensee physical security program. The areas inspected included review of access control- personnel, access control- packages, emergency power supply, compensatory measures, records and reports, protection of safeguards information, and security of contingency weapon Plant Support |
| FCN was performed by the same engineer involved in the
| | - Personnel access to the protected area was controlled in an effective manner (Section S1.1). |
| -
| |
| initial design proces .
| |
|
| |
|
| _ _ _ _ _ _
| | - The program for searching handcarried packages and material was effective (Section S1.2). |
|
| |
|
| - - - - -
| | - An apparent violation was identified involving the failure to provide backup power supply to a portion of the detection aids system (Section S2.1). |
| ~
| |
| .
| |
| . .
| |
| .
| |
| Compensatory Measures & Corrective Actions
| |
| -
| |
| GW-645 was properly pcsted within 10 minutes of power failur Design work initiated August 1997. Parts received October 24,1997; installation completed October 29, l 199 Prior to completion, another power failure occurred on September 5. GW-645 was properly posted within 10 minutes of power failur .
| |
|
| |
|
| ___
| | - An apparent violation was identified involving inadequate compensatory measures during three failures of the security computer system (Section S2.2). |
|
| |
|
| EMOm
| | L - An apparent violation was identified involving the failure to correctly report safeguards |
| .. ~
| | ! |
| Compensatory Measures & Corrective Actions (continued)
| | events (Section S3.1). |
| - Previous ivork performed by the responsible design i
| |
| '
| |
| engineer was checked and discipanary action taken (Supervisor has left SCE).
| |
| | |
| - No other instances ofimproper or incomplete FCNs note i
| |
| | |
| -
| |
| Engineering management & supervision were briefed on
| |
| | |
| the even l l
| |
| l _ _ ----
| |
| _
| |
| _
| |
| Aaplica: ion of tae Enforcement Policy Factors Licensee identified and reporte l
| |
| -
| |
| No previous enforcement action for the FCN design process within last 2 years. The power outage on September 5 was not a second even ~
| |
| -
| |
| Prompt and aggressive corrective action take Isolated individual errors by the design engineer and supervisio Minimal safety significance since posted within 10 minute l . _ _ _ - _ _ _ -
| |
| | |
| - -- -
| |
| . .
| |
| .
| |
| A niication of t1e Enforcement Policy (continued)
| |
| "The NRC. . . may refi ainfi om issuing a Notice of Violationfor a Severity LevelIV violation. . . Described
| |
| . | |
| herein as a Non-Cited Violation (NCV) provided the 1 violation meets all thefollowing criteria. . . ,
| |
| | |
| - (a) identified by the licensee, inchiding identific.ation through an event:
| |
| - (b) was not a violation that cordd reasonably be expected to have been prevented by the licensee 's corrective action... within last 2 years. .. \
| |
| - (c) it was or will be corrected within a reasonable time...
| |
| - (d) it was not a willful violation... "
| |
| :NRC Enforcement Policy, Sectioli VII.B: -
| |
|
| |
|
| l | | l |
| _
| | - An apparent violation was identified involving the failure to adequately protect a copy of the safeguards contingency plan (Section S8.1). |
| | |
| __-- - -
| |
| _
| |
| An ication o'tle Enforcement ?o icy (continued)
| |
| ~
| |
| ..
| |
| _
| |
| .
| |
| The NRC shou c. categorize t 1e engineering aersona errors w 1ic a lec to not insta ing t_le GW-
| |
| ' | |
| -
| |
| 6L5 Jac eup 3attery as a Non-Cited violation (NCV).
| |
| | |
| .
| |
| e
| |
| , .
| |
| | |
| _ _ _ _ _ _ _ __ .
| |
| | |
| - -- _
| |
| .
| |
| +
| |
| .-
| |
| E"5Is5K
| |
| .ta fJ)i50% tATTRX4 TsOV.it. Corp,=uy I
| |
| Storage of Security Weapons on July 30 and November 7,1997
| |
| .
| |
| _ _ _ _ _ _ _ _ _ _ - _ _ - - _ - _ -
| |
| | |
| - - - --
| |
| _
| |
| _
| |
| A narent Violation
| |
| | |
| "An apparent violation was identified involving t:ae failure to ac equate y secure ( .ock) safeguards contingency weapons containers."
| |
| | |
| "
| |
| ...for each of the apparent violations involving the ...
| |
| .
| |
| failure to secure contingency weapons... more than one , | |
| instance occurred."
| |
| | |
| .,,. ,
| |
| | |
| _ - _ - _ - - -
| |
| _
| |
| _
| |
| Event 1 - July 30, 997 FMlure to Loc c
| |
| ~ Weapons Locker
| |
| _
| |
| On July 30,1997, an SCE Security Officer performing a routine check or the security weapons lockers found a locker unlocke The Security Shift Commander responded to the weapons locker and accounted lfor all weapons and ammunition ;
| |
| within 10 minutes of discover l l
| |
| | |
| _ _ _ _ _ _ _ _ _ _ _ - ,
| |
| | |
| _ _
| |
| _
| |
| _
| |
| ;
| |
| Event 1 - July 30,1997 Failure to Loc <
| |
| Weapons Locker - Cause & Corrective Actions
| |
| -
| |
| In the absence of a trend in weapons container lock problems in the past three years, the event was considered an isolated personnel error (attention to detail).
| |
| | |
| -
| |
| Within 10 minutes of discovery, it was confirmed that no weapons or ammunition were missin Security Event Log was made.
| |
| | |
| -
| |
| Disciplinary action for the individual and briefings for the guard force were performe _ - - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| | |
| .
| |
| . ~
| |
| i Event 2 - Novem aer 7,1997 Failure to Lock ,
| |
| Weapons Locker
| |
| ~
| |
| On November 7,1997, an SCE Security Officer performing a routine check of the security weapons lockers found a locker, outside the PA in a locked security guardhouse, with its lock unlocke The weapons locker was inventoried and all weapons and ammunition accounted for within 10 minutes of discover .
| |
| | |
| _____
| |
| | |
| --- -
| |
| .
| |
| Even : 2 - November 7,1997 Failure to Loci
| |
| .
| |
| Weaaons Locker - Cause & Corrective Actions ,
| |
| - The second event was the result of personnel error (attention to
| |
| ,
| |
| detail).
| |
| | |
| - Within 10 minutes of discovery SCE confirmed no weapons or
| |
| .
| |
| ammundion unaccounte Security Event Log entry was mad ~
| |
| -
| |
| - Disciplinary action was taken for thc responsible individua Because this was the second instance of personnel error:
| |
| - Use " captured key" style lock Installed security tamper-seals on locker Reduced the frequency oflock manipulation _ _ _ _ _ _ _ _ _ _ _
| |
| | |
| - _-_ _ _-
| |
| _
| |
| _
| |
| .
| |
| *
| |
| Application of the Enforcement Policy
| |
| .
| |
| Factors
| |
| - Licensee identified and reported in SE No previous enforcement action for the security weapons lockers within last 2 year Prompt and aggressive coriective action taken when
| |
| -
| |
| " trend" first determined upon second even Isolated individual error Minimal safety significance since accountability within 10
| |
| '
| |
| minutes of discover . _ _ _ _ _ _ _ _ . :-
| |
| | |
| . - ---- ---- - - - --
| |
| .
| |
| .
| |
| . .
| |
| A~nlication of the Enforcement Po. icy (continued)
| |
| ,
| |
| "The NRC. . . may refiainfiom issuing a Notice of Violationfor a Severity LevelIV violation. . . Described herein as a Non-Cited Violation (NCV)provided.he violation meets all thefollowing criteria. . .
| |
| '
| |
| - (a) identified by the licensee, including identification through an event:
| |
| - (b) was not a violation that could reasonably be expected to have been prevented by the licensee 's corrective action... within last 2
| |
| . years...
| |
| - (c) it was or will be corrected within a reasonable time...
| |
| - (d) it was not a willfid violation... "
| |
| [NRC Enforcement Policy, Section VII.B.~
| |
| | |
| _ _ _ _ . _ _ _ _ . _ _ _ _ _ _ . _ _ . . _ _ _
| |
| . .
| |
| . . . . . . .
| |
| ,
| |
| A niication of the Enforcement Policy (continued)
| |
| ,
| |
| | |
| Tae NRC shoulc categorize the security personal
| |
| .
| |
| errors w.aic a caused the failure to oci t ae security weapons locxer as a Non-Cited violation (NCV).
| |
| | |
| 4
| |
| | |
| _ _ _ _ _ - _ _ _ _ ___
| |
| | |
| _ _- - - - - - - - - - - -
| |
| D
| |
| .
| |
| J E15is5W
| |
| , . - - , , - , ~ , . . .
| |
| Implementation of Connensatory F
| |
| Measures During Dual Computer Failures on May 20, July 29, and Octoaer 30,1997
| |
| ,
| |
| | |
| - - - - - - - -
| |
| Apparent Vio. ation
| |
| "An apparent violation was ic entified involving inadequate compensatory measures during three failures of t ae security computer system."
| |
| | |
| "
| |
| ...for each of the apparent violations involving the ...
| |
| failure to implement proper compensatory measures...
| |
| more than one instance occurred."
| |
| | |
| I 1 - -- -
| |
| | |
| -- _ -- -- -- -----
| |
| Event Description On May 20, July 29 and October 30,1997, SCE experienced loss of both primary and back-up security computers. SCE instituted compensatory measures in accordance with SCP scenario M-4 Folloiv-up interviews with SCE security supervision confirmed the use of 13 officers for these three events
| |
| '
| |
| (seven additional officers in hardened posts \ vere not credited).
| |
| | |
| . __ __________ _ _
| |
| | |
| s s Comaensatory Measures & the SCP -
| |
| Facts
| |
| -
| |
| In response to Generic Letter 89-07,"Poiver Reactor Safeauards Contingency Planning for Surface Vehicle Bombs," SCE mac e changes to the SCP to incorporate specific compensatory measures scenario One SCP scenario added in October 27,1989, is M-4D, actions to be taken on loss of a security computer system:
| |
| - M-4D actions include instructions to initiate patrol routes; and
| |
| - M-4D patrol routes were inspected and accepted by die NRC in Inspector Follow-up Item (IFI) 90-SO-03; closed out in Inspection Report 91-05, dated March 12,199 Patrol routes involve the use of sufTicient of6cers to < ,ure proper ostin compensatory acknowledg,ed by measure the NRC inPatrol versus p(June'g IR 88-12 6,1988). svas first
| |
| | |
| ___ __
| |
| | |
| - -
| |
| , ,
| |
| .
| |
| NRC Inspection of Compensatory Measures Inspection 97-24, three different security personnel demonstrated three different patrol routes for a simulated computer outages:
| |
| - one officer procerly demonstrated his M-4D patrol rout A second of3cer was confused and was unable to demonstrate knowledge of some of the alarm points on his M-4D rout A third officer was asked to demonstrate a two-person M-4D rout He did not check Vital Area door locks, since he had been asked only to show the patrol route, and did not complete the route within 10 minutes because it was a two-person rout !
| |
| | |
| - - - - -- - - ---
| |
| ..
| |
| NRC Inspection of Compensatory Measures (continued)
| |
| "The inspector confirmed that there were sufficient security ofpcers on shift to adequately compensatefor afailed computer syste "In smnmary, the inspector determined that the licensee did not employ adequate compensatory measures that ensured that the l physical security plan requirement ofproviding an equivalent level ofintrusion detection protection was met. Further, through demonstrations and record review, the inspector determined that \
| |
| the licensee did not provide an aaequate specific procedurefor the employment ofcompensatory measures to ensure the requirements of10 CFR 73.55(g)(1) were met. "
| |
| | |
| i . ..
| |
| | |
| .
| |
| .
| |
| NRC Inspection of Compensatory Measures
| |
| .
| |
| (continued)
| |
| SCE concludes the demonstrations were not a sufficient basis upon which to make a regulatory conclusion on the adequacy of M-4D compensatory measures, or upon which to base enforcement actio :
| |
| ]
| |
| | |
| .
| |
| _____
| |
| | |
| -- - - - - - - - - - - - - - - -
| |
| ,
| |
| Regulatory Analysis
| |
| -
| |
| -
| |
| 10 CFR 73.55(g)(1) states:
| |
| :
| |
| - The licensee shall develop and employ compensatory measures including equipment, additional security personnel andspecific j
| |
| '
| |
| procedures to assure that the effectiveness ofthe security system is not reduced byfailure... "
| |
| - SCP M-4D and the adequacy of compensatory measures have been the subject ofinspections since 1988 - 1989 in NRC inspection reports IR 88-12 and IR 91-05 (i.e.,
| |
| previously accepted NRC staff position). Benchmarking of other sites confirms other licensees have a similar compensatory measure approac _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| | |
| . .. . _. . .
| |
| _ _ -
| |
| .
| |
| ; Regulatory Analysis (continued) '
| |
| ,
| |
| 'l
| |
| -
| |
| SCE, as n. ted in IR 97-24, is not committed to NUREG-104 Measures taken were adequat No violation of regulatory requirements occurre i l
| |
| | |
| _ ____ - _ - ______________ _______
| |
| | |
| __ _ - - - - - - - - - - - - - - -- - --
| |
| ,
| |
| Enforcement Action is Inaapropriate SCE conc udes no violation of regulatory requirements occurrec. anc enforcement action wou c be inappropriat .
| |
| | |
| . - _ _ _ _ _ _ _ _ _ -
| |
| | |
| a 'bA-nre-,,
| |
| - mNA -, k-w-,hr-A AuAes-a,4-m > -- - e e4 + a aAa . .nl-- A h e+-k 9GLA-O --M-b - 4,4 4 M ut& *sa G. we- 6-- A s- A.hu-, s
| |
| ,
| |
| | |
| [
| |
| }
| |
| | |
| 4
| |
| | |
| -@
| |
| +1 i N o
| |
| >
| |
| : N b
| |
| . -
| |
| N D
| |
| O o
| |
| Z
| |
| %
| |
| O
| |
| | |
| .c
| |
| - .
| |
| o
| |
| %
| |
| o iZ i jQ R sw a 1- ?
| |
| E O =>
| |
| c
| |
| $
| |
| | |
| b
| |
| :
| |
| l j .'
| |
| .- --- - . . - . . . - - . .. , . . .- .-. .
| |
|
| |
|
| - _
| | - An apparent violation was identified involving the failure to adequately secure (lock) |
| .
| | safeguards contingency weapons containers (Section S8.2). |
| __
| |
| s Apparent Violation - Reaorting Connuter Outage ,
| |
| "An apparent vio ation was ic entified involving t ae
| |
| ~
| |
| fai ure to correctly report sa eguarc s events."
| |
|
| |
|
| "
| |
| -
| |
| ... Additionally, the apparent violation involving a failure to report security events involved multiple examples, and NRC Inspection Report 50-361/95-15; 50-362/95-15 noted that numerous items had not been documented in the safeguards event log." : note: refers to computer outages]
| |
| .
| |
| _ - - _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . .
| |
|
| |
| - - - - - - - -
| |
| , ,
| |
| Repor:ing - Compensatory Measures (Computer Outage)
| |
| -
| |
| Procedure SO123-IV-1 RG 5.62 guidance in 198 RG 5.62 guidance amended by GL 91-0 As written, procedure body requires a 1-hour repor As written, procedure is internally inconsisten " Events listed below are loggable assuming they are properly compensated; if not properly compensated, they require a 1-hour report."
| |
|
| |
| _ _ _ _
| |
|
| |
| . _ _ _ _ _ _ ___ _ _ _
| |
| *
| |
| .
| |
| NUCLEAR ORGAN!ZATION SECURITY PROCEDURE S0123-IV-1 UNITS 1, 2 AND 3 REVISION 4 PAGE 210F 44 e ATTACHMENT 4 24-Hour Safeauards Event too [SEL) Rebortabilitv Criterig All 24-hour reporting is based on the criteria of 10 CFR 73 Appendix G as modified by NRC Generic Letter 91-03 and Reference 2. Yhesecriterlaare contained in Section A below. Section 8 contains a list of specific events that generally require an SEL entry. (This list is not all inclusive.)
| |
|
| |
| A. General 10 CFR 73, Appendix G requires the following events to be recorded within 24 hours: Any comoensated failure, degradation, or discovered vuinerability in a safeguards system which, if uncompensated may have allowed unauthorizedorundetectedaccesstothefrotectedAreaoraVital Are (See typical Flowchart #2, Attachment 7) l or committeri a ! which either reduces beloworahas I
| |
| .
| |
| l Any threatened, the potential to rertuce attemnted,feguard sa system effectiveness level Safeguards Contingency committed to in the Plsn, or Training andPhysical Qualification Security Plan.Plan,(See typical Flowchart #1, Attachment 7) l Plan or Any component Safeguards Contingency that is identified Pian that isinplaced the Physical Security / faile out of service This also encompasses any component or piece of equipment in either Plan whose status or condition results in compensatcry or corrective act'o B. Soecific Events NOTE: Events listed below are loggable assuming they are properly compenst.ted; if not properly com not all inclusive. pensated, they require a 1-hour report. This list is loss of all A.C. oower sucolv to security systems. or loss of all comouter systems orovided adeauate comoensatory measures are maintained util systems are restored. The only acceptable compensatory action for ioss of all power is the immediate availability of a backup power supply (e.g. uninterruptible power supply). Although compensatory personnel are to be posted within 10 minutes, this event is still reported within one hour if the potential for unauthorized or undetected access existed et any time. A computer failure would not require reporting if it is negated by an automatic switchover to a functioning backup computer without 'a time delay. The unavailability of a backup computer is a 1-huur reportable- es ent. (Seetypical flowchart #6, Attachment 7) l Partial security comouter failure Proper compensation is achieved when, within 10 minutes of failure, the system 1s restored to operability. For example: backup systems are operational; or, watchmen or security officers. as appropriate, equipped with the ability to conmunicate with the alarm stations, are posted as require In all cases all areas in which alarms or access controls may have
| |
| - -
| |
| been compromised as a result of system failure shall be searched, but f- the search need not be completed within 10 minutes to take credit for proper compensation. If the VA portal's alarm and lock are operable, no compensatory measures are required. (See typical Flowchart #14, Attachment 7) l ATTACHMENT 4 PAGE 1 0F 5 1s V '*
| |
|
| |
| _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| _ _ _ - _ _ _ _ _ -
| |
| /. .
| |
| .
| |
| for a design flaw or vulnerability in a safeguards barner that
| |
| < has e:Isted for some period of tirne and that could allow immediately and completed as soon as practica bl .
| |
| Licensees are expected to disecter this type of event upon unauthorized or undetected access are not considered occurtenc effective if implemented more than 10 minutes after the , . . .
| |
| * ;
| |
| Daw or vulnerabihty occurs; such events requlte immediate '
| |
| 3. Properly compensated alarm failures. (Parapaph ,
| |
| t reporting. Prompt implementation will minimize ariy period '
| |
| !!(a) of Appendix G) For this event, proper cornpensation of derradation that may exist between the occunence and means deployment of back up ahrm equipment (a bol proper compensation after discovery of certain event position alarm capabdity is not considered back.up ajarm Proper compensation after discovery of an event does not equipment because it is not tamper. resistant) or posting a relieve the licenses from the responsibility for taking dedicated observer within 10 minutes of discovery.8 The long. term corrective action, nor does it telieve the Ucensee dedicated observer should have appropriate commuruca-from pouible enforcement action ty the NRC for ne t- _
| |
| tions equfpment and should be able to observe the entire compliance during the ptnods of safeguards system affected area of the portal. In addidon, a thorough search degradation. However, licensees are not ordinarily cited for of the aficcta tres should be inidated irnmediately and violations resulting from matters not within their control, completed : ..n as practicable. Licensees are expected to such as equipment fe!!ures that eccuned despite reasonable dhcover this type of event upon occurrence. (Also see licensee quality asserance measures, testing and maint number 21 in Seedon 2.2.)
| |
|
| |
| nance programs, or management contreds. (See 10 CFR Part 2, Appendh C, puapaph V.A.)
| |
|
| |
| 4. Pavperly compenssted closed circuit television failure in a single tone while the intrusion detecdon system Fahe alarms (those generated vithout any appa4ent remains operational. (Parapaph !!(a) of Appendix G)
| |
| cause) and nuisance alarms (those generated by an identi-Properly compensated means providing other assessm:nt fled input that does not represent a safeguards threat) capability, such as posting a dedicated observer with generally need not be reported or logged. However,1f false communications equipment to assess the entire tone or nuisance alarms are so frequent that the effectiveness of within 10 minutes of discovery of the failtre.3 Licensees the alarm system h depaded or a pattern of fahe or nui-are expected to discover this type of event upon occurrenc sance alarms emerges, the licenses should take conective aedon and note the degraded status and compensatory $. Properly compensated failure or degradation of a measures taken in the safeguards event le single perimeter lighting tone if the intrusion detection system remains operat!cnal.(Paragraph !!(a) of Appe Examples of Safeguards Events To Be Reponed dh G) hicasures to properly compensate for failure or and Submitted Quarterly in a Log degredadun of a lighting tone must be implemented within 10 minutes of discovery and rnay include (1) using standby 'f[f
| |
| .
| |
| l The following are examples of events that are less g significant than those reportable within I hour, and accor power, (2) using low light-kn el surveillance devices, (3) using portable light'ng systems, or (4) posting dedicated ing to the rule are required to be logged within 24 houn observers with appropriate commurdcations equipmert to and submitted quarterly to the NRC. This list should ne' be provide an equivalent level of protectio considtred all-inclusive. The applicable reguladon h cited for each event, and compensatory measures ut discussed where appropriat ' 6. Properly m.npensated ace: dental remeval offsite or loss of badgs by employee. (Paragraph II(a) of Appen-dh G) For this event, proper compensation is cancelling 1. Properly compensated security computer failures, the badge from the access control system within 10 minutes (Puapaph !!(a) of Appendh G) Properly compensat:J of onsite personnel discovering that the badge is missin means that within 10 minutes of the discovery of the hicasures must be taken to be sure the badge has not been failure the system is restored to operation, the backup used in an unauthorized manner while it has been mittin system is operational, or other resources (e.g., secudty (Also see number 16 in Section 2.1.)
| |
|
| |
| penonnel with appropriate communica' ions equipment)
| |
| are posted to provide an equ4 valent level of protection. In all cases, a thorough search of a!! areas where alarms or access controls may have been compromised by the failure 7. Properly compensated loss of 'he ac power supply should be initiated immediately and completed as soon as for the entire intrusion detecdon system that, if uncom-pensated, would allow unauthorized or undetected acces practicable Licensees are espected to discover this type of event upon occurrenc (Parapaph II(a) of Appendix G) Proper compensation for this event is immedi.tely available emergency power 2. Properly compensated vital area card reader failures, through an uninterruptible power source such as a battery (Parcuaph Il(a) of Appendh G) For this event, proper supperted by a generator. If back.up power is not availaole, compensation means posting approprice personnel (L security personnel with communicatior.: equipment should armed guard if door is unlocked, dedicated observer if door be posted within 10 minutes of discovery; however, this remains locked but access is required) within 10 minutes of action is not considered proper compensation for the event discovery 8 The appropriate personnel must have a current and does not excuse a licensee from reporting the event , , _
| |
| w thin I hour. Licensees arc aspected to discover this type "
| |
| access list and communications capabdity to alarm station A thorough search,of the affected area must be initicted of event upon occurrence. Wo see numoer 20 in Section g f ["7[' f I 2,2,)
| |
| 5.62 6 l
| |
| l l | | l l |
| m v
| | l DOCUMENT C NTAINS ENCLOSURE (S) CONTAIN(S) UPON SEPARATION THIS PAGE IS DECONTROLLED I |
| | | L _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ____ |
| _ _ _ _ . _ _ _ _ _ _
| |
| ,
| |
| ** ] ' # t%: 11 'i1 138:1
| |
| , :.
| |
| '
| |
| ? .
| |
| t
| |
| .
| |
| *
| |
| IXAMPLES OF SAFEGUARDS EVEliTS RAT 00 NOT N. ELD
| |
| _,
| |
| ,
| |
| TO BE REPORTED TO THE NRC WITHits 1 HOUR OF DISCOVERY
| |
| .. | |
| ...
| |
| The following are 'exemples of events that can be logged if they are properly NUREG-1304) or by the relaxed guidance in this generic Specific letter. compensated i factors excmple.) that could change reportability are addressed with the applicable !
| |
| *
| |
| A design flew or vulnerability in a prutected area (PA), controlled access areabarrie safeguards (CAA), material access area (MAA), er vital area (VA)
| |
| *
| |
| A f ailed compensatory measure such as inattentive or sleeping security personnel, or equipment that f ails af ter being successfully establithed as an effective compensatory measure for a degraded security system. If security personnel are ineffective because-of alcohol or drugs, the security degradation can be legged under 10 CFR 73.71, and the positive results of the for-cause test included in the data submitted to the HRC linder 10 CFR 25.71(d).
| |
| | |
| ' ,
| |
| Discevery of contraband inside the PA that is not a significant threa For example, such a condition could be the discovery of a few bullets, if contraband is found in a vehicle located in a PA, normally no report or log entry is required. parking lot outside4the If it constitutes
| |
| *hreat or attempted threat, a report is required within I hour as currently stated in RG 5.62 and NUREG-1304 I '
| |
| Compromise (including loss or theft) of safeguards information that could not significantly assist an individual in gaining unauthorized or undetected access to a facility, or would not significantly assist an individual in an act of radiological sabotage or thef t of SN *
| |
| Loss of all ac power supply to security systems, or loss of all computer systems proviced adequate compensatory measures can be maintained until j
| |
| r systems are restored. -Further, if a power loss or computer failure could .
| |
| not enable unauthert:ed or undetected access, no report or log entry is required. For_ example a computer failure would not require reporting if it is negated by an, automatic switchover to a functioning backup computer without a time delay. Also, momentary less of lighting caused by a power interruption would not require reporting if the loss could n have allowed undetected or unauthorized access.
| |
| | |
| )-
| |
| '
| |
| <
| |
| Enclosure 1 To Generic Letter 91- 03
| |
| .
| |
| .
| |
| . .
| |
| .
| |
| .
| |
| | |
| . . , _ . _ . - _ _ _ _ . . . . _ _ _ . . _ _ . _ _ _ _ _ _ _ - _ . _ _ . _ . _ . _ . _
| |
| NUCLEAR ORGANIZATION SECURITY PROCEDURE S0123-IV-1 UNITS 1, 2 AND 3 REVISION 4 PAGE 36 0F 44
| |
| ! ATTACHMENT 7 TYPICAL EVENT REPORTABILITY DETERMINATION FLOWCHARTS
| |
| '
| |
| '
| |
| FLOWCHART #6 Uncompensated PGrtial Loss of AC Power to Security System
| |
| .
| |
| Loss Discovered
| |
| ?
| |
| ' Com)ensatory Measures Initiated Yes Log Event Wit 11n 10 Minutes of Occurrence? * Complete 24-Hour Log SE(123)112-3
| |
| '
| |
| . Clock Starts 1-Hour Report * No Clock Starts Make 1-Hour Report Completa SE(123)112-2
| |
| .
| |
| | |
| u 00000PGL.WPD ATTACHMENT 7 PAGE 6 0F 14
| |
| ,
| |
| -. . _ . , . . . _ , _ . . _ . . . . _ . _ .. _ _ . _ , _ . . _ _ . . . - . . - _ _ _ _ _ _ . . - _ , ._ _ ,.-.. . .
| |
| | |
| _- --
| |
| , ..
| |
| Reaorting - Compensatory Measures (Computer Outage) (continued)
| |
| - SCE concluded only an SEL was required as long as adequate compensatory measures were take ,1
| |
| - 10CFR73, Appendix G, Section I.(c), states in part: l
| |
| - [1 hour report] "Anyfailure, degradation, or the discovered vulnerability in a safeguards system that could allow unantliorized or undetected access to a protected area, material access area, controlled access area, vital area, or transportfor which compensatorv measures have not been employed. " (emphasis added)
| |
| - As previously discussed, for the three computer failures, SCE took adequate compensatory actions which resulted in logging of the events versus making a 1-hour cal _ _ _ _ __
| |
| | |
| -- _ _ _ _ _ _ _ . _ _ . _ _ _ _ . . _ _ _ _ _ _ _ _ _ . .
| |
| ..
| |
| .. .
| |
| .
| |
| .
| |
| Reporting - Compensatory Measures (Com auter Outage) - ,
| |
| Enforcement Policy Section IV.D states:
| |
| -
| |
| "
| |
| A licensee will not normally be citedfor afailure to report a condition or event unless the licensee was actually aware ofthe ,
| |
| '
| |
| condition or event that itfailed to report. "
| |
| s
| |
| | |
| ,
| |
| ____________ _ -
| |
| | |
| , ,
| |
| Reaorting - Compensatory Measures (Connuter
| |
| .
| |
| Outage) - Conclusion k
| |
| ,
| |
| SCE concluc es that enforcement action for not reporting a c ual computer outage is inappropriat I
| |
| | |
| ,
| |
| t i
| |
| 65 i i
| |
| _ _ - - _ - _ _ _ _ _ _ _ - - _ _ _ _ _ _ _ _ - - _ - . _ _ _ .
| |
| | |
| - - - - -
| |
| , ..
| |
| .
| |
| Reporting Unloc<ed Security Weapons Locker I
| |
| "
| |
| ... Although not identified as an example of the apparent violation involving a failure to report, we request that you :
| |
| specifically address your views regarding the reportability I
| |
| '
| |
| of unlocked safeguards contingency weapons. containers."
| |
| | |
| l
| |
| | |
| l
| |
| .. .
| |
| .
| |
| .. ..
| |
| .. .. .
| |
| . _ _ _ _ _ _ _ _ _ .
| |
| | |
| - - - - -
| |
| , ,
| |
| Reporting Criteria - E nlocked Locker SCE Security Procedure SO123-IV-11.2, " Reporting Safeguards Events."
| |
| | |
| - " Loss or Unattended Weapon in the Protected Area. Any weapon . l which becomes lost or out of the control or physical custody of security personnel for any length of time. The 10 minute rule is not applicable."
| |
| | |
| - The examples apply to a firearm inadvertently left, or far enough ~
| |
| apart from physical touch that it is "out of the control or physical custody."
| |
| | |
| '
| |
| .______
| |
| | |
| s =.
| |
| ,
| |
| Reporting Criteria - Unlockec Loc <er (continued)
| |
| -
| |
| Existing Regulatory Guide 5.62, dated November 1987, states:
| |
| -
| |
| "[l hour report] Loss ofsecurity weapon at the site. " (emphasis added) [ Position 24]
| |
| Federal Register published on 1/5/98 regarding issuance and availability of a proposed revision 2 to Regulatory Guide 5.62, " Reporting ofSafeguards Events" states:
| |
| .
| |
| -
| |
| "[1 hour report] Loss ofa security weapon onsite that is not retrieved within one hour ofthe discoverv ofits loss. " (emphasis added) [ Position 19]
| |
| | |
| _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| | |
| - - - - - - - - - - - - -
| |
| _
| |
| .
| |
| Reporting Criteria - E nloc<ed . Locker (continued)
| |
| l
| |
| - Benchmarking demonstrates differing interpretations of security reportability issues within the Region.
| |
| | |
| ,
| |
| Draft proposed revision 2 to Regulatory Guide 5.62,
| |
| " Reporting of Safeguards Events" is the appropriate regulatory mechanism to effect change .
| |
| | |
| i
| |
| '
| |
| _ _______ _-. ... _
| |
| ,
| |
| | |
| ..
| |
| , ,,
| |
| I Reaorting Criteria - L nlocked Locker - Conclusion SCE concludes tLaat enforcement action for not reporting an unlocxec security weapons .oc cer is inappropriat _ _ _ _ _ _ _ -
| |
| | |
| _ - - - --
| |
| , .,
| |
| ?revious Reporting XCV From IR 95-15
| |
| _
| |
| Failure to make Security Event Log entrie I
| |
| | |
| I
| |
| '
| |
| - Events kept in the adjacent Reportability Disposition Sheet Boo Cause was inadequate understanding of existing NRC guidanc SO123-IV-11.2 was revised within 30 days ofIR 95-15 issuanc IR 95-15 events occurred over 7.4 months ag IR 97-24 events involve 1-hour reports.
| |
| | |
| l
| |
| | |
| l
| |
| . _ _ _ _ _ - _ _ _ _ _ _ _ _ - _ _ _ _ _
| |
| | |
| - . - - - , . , - - , _ . , --,--..--,-,---_ _ , _ _
| |
| W M
| |
| o
| |
| >,
| |
| i l 4 O -
| |
| M w
| |
| O
| |
| %
| |
| C
| |
| =
| |
| E E
| |
| 3z i z RO 3 c4 sm 5
| |
| ?~?
| |
| $O 3 suJg .
| |
| a
| |
| $
| |
| | |
| _-_
| |
| | |
| - - - - - - -
| |
| _
| |
| , .,
| |
| Summary - Other Events
| |
| | |
| . i
| |
| - Guard Wire 645 engineering error - Licensee identified &
| |
| corrected NC .
| |
| - Unlocked weapons cabinet personnel error - Licensee identified & corrected NCV.
| |
| | |
| -
| |
| Adequacy of compensatory measures (during computer outages) - enforcement action inappropriate.
| |
| | |
| -
| |
| Reporting of(1) inadequate compensatory measures and (2) unlocked sveapons locker - enforcement action inappropriat ._ _ _____
| |
| | |
| 1 --w- _
| |
| L , , | |
| Summary - Other Events (continued)
| |
| . . | |
| . __
| |
| - Unrelated systems and processe Different underlying root cause Mimmal safety significanc Self-identified, logged / reported, and correcte Not indicative of a programmatic breakdow _ _ _ _ _ _ _ _ _ _ _ --
| |
| | |
| .. __ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ - _ _ _ _ _ _ _ _ _ _ - - _ _ _ _ _ _ _ __ .
| |
| t I
| |
| l I
| |
| l
| |
| | |
| .b-puuuut
| |
| . pusi ce
| |
| .-
| |
| M l M M
| |
| w
| |
| @
| |
| w
| |
| @
| |
| %
| |
| E C
| |
| r)
| |
| wh
| |
| .m b
| |
| -
| |
| W b i 5Z i @ l
| |
| !O I Z acn ?
| |
| I-
| |
| ? S | |
| $C i s u) H, w +
| |
| '
| |
| ,
| |
| ) -
| |
| , - -
| |
| | |
| .
| |
| .,
| |
| l S::a:us of Security Computer Relia 3i ity Project
| |
| - Purchased UNITY software from E!cctronic Systems US Prior to installation, various softsvare changes were made by SCE to meet Security requirement Upgrade software from vendor installed in January 199 ,
| |
| -
| |
| Various site specific software changes svere made:
| |
| -
| |
| Substance Abuse Program Administration (SAPA) notificatio Automated visitor badge usag Automated inactivation ofNon-SCE personnel whose non-badge usage exceeds 30 day l
| |
| ,
| |
| _ _ _ _ _ _ _ _ _ _ _ - - - - | |
| ~
| |
| | |
| _ _ _ _ _ . - . - - - - - - - - - - - - - ~ - - | |
| S :a::us of Securi:y Computer Reliability Project
| |
| > (continued)
| |
| .
| |
| - History to screen and printer to display seconds.
| |
| | |
| )
| |
| -
| |
| Message broadcasting of points placed in/out of ACCESS mod " Hide" card status in Card Command dialog box (for SAPA notifications).
| |
| | |
| - Last update status not changed when card flagged for SAPA notificatio Minor database changes to implement FCN SCE is aggressively pursuing resolution to the recent computer
| |
| .
| |
| failure Possible software problems (Vendor is assisting with this process in parallel).
| |
| | |
| -
| |
| Possible hardware problem l - - - - - - - - - - - - - - - - - - - - - - - - - - - - _
| |
| | |
| .-
| |
| _ - - - - _
| |
| ,,
| |
| NRC Security Inspections
| |
| '
| |
| Inspection Report Date Inspector
| |
| -
| |
| 95-05 3/24/95 Schaefer E> 95-15 7/21/95 Earnest
| |
| - 95-25 11/9/95 Eamest
| |
| -
| |
| 96-01 1/12/96 Earnest
| |
| -
| |
| 96-07 6/28/96 Earnest / Dexter
| |
| - 96-12 9/13/96 Earnest
| |
| - 97-04 2/28/97 Earnest
| |
| -
| |
| 97-07 4/11/97 Earnest
| |
| - 97-14 6/13/97 Earnest 9 97-24 12/5/97 Earnest
| |
| | |
| .
| |
| -.
| |
| _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| }} | | }} |
