RIS 2008-04, Discontinuation of Two Performance Indicators Associated with the Security Reactor Oversight Process: Difference between revisions

UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555-0001

February 28, 2008

NRC REGULATORY ISSUE SUMMARY 2008-04 DISCONTINUATION OF TWO PERFORMANCE INDICATORS

ASSOCIATED WITH THE SECURITY REACTOR OVERSIGHT PROCESS

ADDRESSEES

All holders of operating licenses for nuclear power reactors, except those that have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel.

INTENT

The U.S. Nuclear Regulatory Commission (NRC) is issuing this regulatory issue summary (RIS)

to inform licensees that the APersonnel Screening Program@ and the AFitness-for-Duty/Personnel Reliability@ performance indicators (PIs) used in the Security Reactor Oversight Process (ROP)

will be discontinued.

BACKGROUND

Following the events of September 11, 2001, the NRC issued a series of orders requiring additional security measures at operating power reactor facilities. Following the issuance of these orders, the NRC revised the process for assessing licensee security performance within the framework of the ROP to incorporate the new requirements and update the security cornerstone procedures. The revised process consisted of several integral components: a revised security baseline inspection program (BIP); a revised significance determination process for inspection findings; security PIs; and assessment using a new separate security action matrix. Since 2004, the staff has been coordinating with industry to evaluate, assess, and revise all four components of the ROP for the Security Cornerstone. The objective of this effort was to review the revised ROP inspection process and provide industry and the NRC with a more efficient and effective means to determine the adequacy of licensee=s programs.

The agency assesses licensee security performance using the ROP. Licensee performance is determined by combining the number and significance of NRC inspection findings with the significance of voluntarily-reported PIs in an action matrix specific to the Security Cornerstone.

Note: Inspection Manual Chapter 2201 and SECYs 04-0020, 04-0198, 05-0082, and 07-0136, as identified in this RIS, are withheld from public disclosure because they contain sensitive unclassified non-safeguards information, Commission Policy No. 77, dated October 26, 2005.

Performance indicators were developed for each of the cornerstones to provide an objective indication of licensee performance. A risk-informed baseline inspection program was developed to both independently verify the PIs and to inspect those aspects of licensee performance not adequately covered by a PI. The risk-informed baseline inspection program established the minimum inspection effort that all licensees would receive, regardless of their performance.

Early in 2003, the staff began developing a new risk-informed BIP for the Security Cornerstone (previously called the Physical Protection Cornerstone) of the ROP that expanded the review of licensee=s performance by including the inspection of new requirements imposed by NRC orders issued in 2002 and 2003. The revised BIP for the Security Cornerstone expanded the areas of importance that needed direct agency oversight from the previous baseline inspections for physical protection. The procedures and associated program guidance (Inspection Manual Chapter 2201, ASecurity and Safeguards Inspection Program for Commercial Power Reactors@)

were issued on February 19, 2004 (see note below).

The Commission directed the staff, in Staff Requirements Memorandum (SRM) to SECY-04-

0020, dated March 29, 2004, to develop a separate but parallel ROP for physical protection to address how security-related inspection findings and security PIs would be considered when determining appropriate agency response. The Commission also directed the staff to work with licensees and industry representatives, noting that such meetings be closed to the public because, in part, sensitive, plant-specific security-related performance information would need to be discussed. In its SRM, the Commission noted that other aspects of the ROP, such as security PIs, may also need to be changed.

Beginning in July 2004, a cooperative effort was initiated in which members of the NRC staff combined with the Industry Security Task Force subcommittee of the Nuclear Security Working Group to form the Performance Indicator Review (PIR) Group. The group consisted of NRC

regional and headquarters staff, several licensee security managers, and representatives from the Nuclear Energy Institute (NEI). The group met on several occasions throughout 2004 and early 2005 to promote open discussions, exchange information, and evaluate whether to modify or to maintain the existing security PIs and ROP assessment process for the security cornerstone. During this period, the industry task force provided the NRC staff with suggestions, concerns, and recommendations in several letters coordinated by NEI. The NRC staff shared these preliminary comments with the Commission during several Commission briefings to discuss ongoing security issues.

The ROP development process, status, and schedules were discussed in SECY-04-0198, ARedeveloping the Assessment Process for the Physical Protection Cornerstone of the Reactor Oversight Process,@ dated October 22, 2004, and the revised process was described in SECY-

05-0082, ARevised Assessment Process for the Security Cornerstone of the Reactor Oversight Process,@ dated May 12, 2005. The program guidance, IMC 0320, AOperating Reactor Security Oversight Process,@ implementing the new process was issued on October 22, 2005.

SUMMARY OF ISSUE

The PIR Group reviewed and evaluated proposals for modifying or maintaining the existing PIs in the NRC=s security ROP to ensure that the process would continue to provide information sufficient to aid in the assessment of licensee performance within the newly revised security ROP. The PIR Group considered, in part, developing new PIs to supplement the existing security PIs; combining similar PIs (such as the Personnel Screening Program and the Fitness- for-Duty/Personnel Reliability PIs); modifying the predetermined thresholds of the existing PIs;

and, maintaining the current PIs in the security assessment process.

The PIR Group established a set of goals for security PIs. The PIs should provide both the industry and the NRC with an efficient means to measure in part the effectiveness of a licensee=s security program, and provide information used to determine assurance that a licensee=s physical protection system can protect against the security design basis threat.

Further, the PIs should promote the common defense and security, and contribute to the protection of the public health and safety. To accomplish these goals, the PIR group established success criteria to evaluate any proposed modifications to the PIs and security assessment process.

The PIR Group also reviewed historical PI data associated with the Security Cornerstone of the ROP. This data showed that security PIs have a limited frequency of occurrence and have rarely exceeded their predetermined thresholds. For example, no licensee has reported a security PI crossing the green-white significance threshold since the second quarter of 2000.

The staff also compared the purpose of each PI to the current security BIP. In this review, the staff assessed the balance between changes in PIs, or their thresholds, and the resulting effect on the security BIP. Specifically, would changes in PIs cause changes in the BIP, and would these changes reduce inspection effort, licensee burden, and/or need for interaction between licensees and the NRC during the assessment process.

Based on its review, the PIR Group recommended, and the Commission approved by SRM-

SECY-07-0136, dated September 13, 2007, that two security PIs be discontinued because the aspects of security programs measured by the PIs are assessed by the BIP, and that this redundancy challenged efficiency and caused undue regulatory burden. Further, the data gained and insights provided by these PIs (1) have been of limited additional value to the security ROP and (2) are already reported to the NRC through 10 CFR reporting requirements.

The two discontinued PIs are:

Personnel Screening Program The Personnel Screening Program PI verifies that the unescorted access authorization program has been implemented pursuant to Section

73.56 of Title 10 to the Code of Federal Regulations (10 CFR 73.56) and Section 73.57 to evaluate trustworthiness and reliability of personnel before granting them unescorted access to the protected area. Fitness-for-Duty/Personnel Reliability The Fitness-for-Duty/Personnel Reliability Program PI is used to assess the implemented program for reasonable assurance that personnel are in compliance with associated requirements, 10 CFR Part 26 and '73.56, which include: suitable inquiry, testing for substance abuse, and behavior observation.

The staff notes that although these two security PIs are discontinued, reasonable confidence exists through the conduct of the BIP that NRC regulatory oversight and performance assessment of power reactor licensees will remain effective and efficient ensuring safe and secure reactor operations. The NRC will continue evaluating the efficacy of the use of PIs for the Security Cornerstone while gaining further experience with the BIP and assessment processes over the current 3-year inspection cycle (2006 - 2008). Based on the results of these evaluations, the NRC will continue to work with the industry to identify possible additional PIs. If identified, future pilot PI assessments may be conducted in coordination with the industry.

Therefore, to allow sufficient time to modify the consolidated data entry software, this change will be effective starting first quarter calendar year (CY) 2008. As such, power reactor licensees no longer need to report the Personnel Screening Program and the Fitness for Duty/Personnel Reliability PI=s starting with the first quarter CY 2008 PI submission in April 2008.

COMPLETENESS AND ACCURACY OF INFORMATION DISCUSSION

10 CFR 50.9 requires that information provided to the Commission by a licensee shall be complete and accurate in all material respects. This includes the voluntary submittal of PI

information by licensees. PI information is considered material because the NRC uses it to assess licensee performance and to make decisions on regulatory action. As a result, submitting inaccurate PI information is a violation of 10 CFR 50.9 and such occurrences will be dispositioned consistent with the NRC=s Enforcement Policy, as described at http://www.nrc.gov/about-nrc/regulatory/enforcement/enforce-pol.html.

BACKFIT DISCUSSION

This RIS requires no action or written response. Any action on part of addressees in accordance with the guidance contained in this RIS is strictly voluntary. The Commission has determined that information collections and reporting requirements are not subject to the Backfit Rule. In addition, this RIS communicate a voluntary relaxation which also does not constitute backfitting as defined in 10 CFR 50.109(a)(1). Consequently, the staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment on this RIS was not published in the Federal Register because the RIS is informational and involves the voluntary submission of information on the part of addressees.

CONGRESSIONAL REVIEW ACT

This RIS is a rule as designated by the Congressional Review Act (5 U.S.C. 801-886) and therefore is subject to the Act.

PAPERWORK REDUCTION ACT STATEMENT

This RIS contains information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). These information collection requirements were approved by the Office of Management and Budget (OMB), approval number 3150-0195.

PUBLIC PROTECTION NOTIFICATION

The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a current valid OMB control number.

CONTACT

Please direct any questions about this matter to the technical contact listed below.

/RA/

Michael J. Case, Director Division of Policy and Rulemaking Office of Nuclear Reactor Regulation

Technical Contact:

Paul W. Harris, NSIR

301-415-1169 E-mail: pwh1@nrc.gov

Note: NRC generic communications may be found on the NRC public Web site at http://www.nrc.gov/reading-rm/doc-collections/#gen.

ML072710523 TAC No. MD1487

OFC

PM:NSIR/DSO

Tech Ed

LA:NSIR/DSO

BC: NSIR/RSOB

DD:NSIR/DSO

NAME

PHarris

CHsu

DRiffle

FPeduzzi (acting)

RCorreia

DATE

10/10/2007

10/02/2007

10/10/2007

10/25/2007

10/27/2007

OFC

D:NSIR/DSO

BC:NRR/ADRO

OIS/IRSD/RFPSB

D:OE

OGC - CRA

NAME

DDorman

JAnderson

GTrussell

RBarnes

JGoldberg NLO

DATE

10/29/2007

12/6/2007

12/17/2007

12/11/2007

12/6/2007

OFC

OGC - CRA

NRR/PMDA

NRR/DORL:D

LA:NRR/PGCB

PM:NRR/PGCB

NAME

NSanchez* NLO

LHill

CHaney

CHawes

AMarkley

DATE

12/11/2007

12/10/2007

02/12/2008

02/14/2008

12/15/2008

OFC

BC:DPR/PGCB

D:DPR

NAME

MMurphy

MCase

DATE

2/27/2008

2/27/2008

• Per OGC, this is a rule under the Congressional Review Act. Coordination with OIS completed.