Protecting People and the EnvironmentUNITED STATES NUCLEAR REGULATORY COMMISSION
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, D. C. 20555
July 18, 1988
Information Notice No. 88-49: MARKING, HANDLING, CONTROL, STORAGE AND
DESTRUCTION OF SAFEGUARDS INFORMATION
Addressees:
All holders of operating licenses or construction permits for nuclear power
reactors and all other licensed activities involving a formula quantity of
special nuclear material.
Purpose:
This information notice is being provided to alert addressees to identified
weaknesses in the use and protection of Safeguards Information (SGI) that
could adversely impact the public health and safety. It is expected that
recipients will review the information for applicability to their facilities
and consider actions, as appropriate, to avoid similar problems. Suggestions
contained in this information notice do not constitute NRC requirements;
therefore, no specific action or written response is required.
Description of Circumstances:
In a number of recent instances SGI has not been adequately protected. Inade-
quacies have been found in marking, handling, control, storage, and destruc-
tion. In most instances, these violations were directly attributable to poor
training or no training in the use and protection of SGI. Many licensees do
not specifically address SGI in either their Guard Force Training and Qualifi-
cation Program or in general employee training programs. Other deficiencies
include lack of designated program responsibility, inadequate procedures, and
lack of (or inadequate) audit of licensee SGI programs at both corporate and
nuclear facility locations. Some licensees have not vested responsibility for
their SGI program in one individual or group; it has more or less been left to
the discretion of each individual who produced or acquired such information to
protect it in accordance with that individual's interpretation of 10 CFR
73.21. Although each individual who produces or acquires SGI is responsible
for safeguarding it, it is important that licensees train and audit their
employees, agents, and contractors in order to assure proper handling and
protection of SGI.
Failure to protect SGI contained in a nuclear facility's Physical Security and
Contingency Plans and in implementing procedures could compromise access
controls and security response capabilities that are designed to protect
against theft of nuclear materials and radiological sabotage.
8807120550
. IN 88-49
July 18, 1988
Page 2 of 3
The following are examples of instances in which SGI was inadequately protect-
ed, resulting in violations of regulatory requirements:
l. Markings:
Some SGI documents were not marked properly; some were not marked at all.
2. Storage:
ø A licensee was unable to locate a missing copy of the site Physical
Security Plan.
ø SGI consisting of quality assurance (QA) check sheets that addressed
various aspects of the nuclear security program at one of a
licensee's nuclear facilities was discovered incorporated with
nonsafeguards QA documents. The safeguards documents were
inadequately protected.
ø At some facilities, documents containing SGI were found stored in
unauthorized or unlocked containers both inside and outside the
protected area.
ø SGI relating to the security program at each of a licensee's nuclear
facilities was made accessible to unauthorized personnel through
computer terminals on and off the site. This occurred because a
contractor, employed by the utility to upgrade the utility-wide
computerized information management system, incorporated
computerized SGI data into the system without the knowledge of the
licensee.
3. Destruction:
The security programs of a licensee's nuclear facilities could have been
compromised when major portions of Physical Security and Safeguards
Contingency Plans for each facility were inadequately destroyed. The
potential compromises occurred at the licensee's corporate office and
were committed by administrative personnel who tore superseded pages of
plans (identified as SGI) into large pieces that could have been easily
reconstructed and discarded them in office-type trash containers.
Discussion:
These occurrences indicate that weaknesses exist in programs for protecting
SGI that could allow unauthorized access to SGI and could compromise programs
at nuclear facilities.
Section 73.21 of 10 CFR established the requirements for protecting SGI,
specified the type of information to be protected, and defined access,
storage, marking, handling, and destruction criteria. Additional guidance is
available in NUREG-0794, "Protection of Unclassified Safeguards Information."
Also, 10 CFR 73.57 establishes a requirement for criminal history checks of
individuals permitted access to SGI by power reactor licensees. This new rule
supersedes NUREG-0794 with respect to access to SGI.
. IN 88-49
July 18, 1988
Page 3 of 3
Although the manner in which SGI programs are managed and administered varies
among individual licensees and nuclear facilities, it is important that
certain basic criteria defined in 10 CFR 73.21 be applied in all SGI programs.
Viable SGI programs include training, procedures, annual program reviews, and
audits, as well as requirements for corrective action and licensee or
contractor followup. It is important that programs not be verbatim copies of
10 CFR 73.21 which, due to its nature as a regulation, is not very
illustrative and, therefore, subject to varied interpretations. Using
NUREG-0794 as a guide, licensees can specifically address all aspects of SGI
as they apply to their facility.
Recipients should consider (1) providing this notice to employees and
contractor's employees, especially those having custodial and data management
responsibility for SGI; (2) reviewing their SGI program, including the areas
of organizational responsibilities, training, procedures and audits; and (3)
advising those personnel authorized access to SGI that not only are they
subject to civil enforcement action for failure to protect the information,
but also to criminal prosecution if the requirements for the protection of SGI
are intentionally violated.
No specific action or written response is required by this information notice.
If you have any questions about this matter, please contact one of the
technical contacts listed below or the Regional Administrator of the
appropriate regional office.
Charles E. Rossi, Director
Division of Operational Events Assessment
Office of Nuclear Reactor Regulation
Technical Contacts: Aubrey Tillman, RII
(404) 331-5613
Nancy E. Ervin, NRR
(301) 492-0946
Attachment: List of Recently Issued NRC Information Notices
. Attachment
IN 88-49
July 18, 1988
Page 1 of 1
LIST OF RECENTLY ISSUED
NRC INFORMATION NOTICES
_____________________________________________________________________________
Information Date of
Notice No._____Subject_______________________Issuance_______Issued to________
88-48 Licensee Report of 7/12/88 All holders of OLs
Defective Refurbished or CPs for nuclear
Valves power reactors.
88-47 Slower-Than-Expected 7/14/88 All holders of OLs
Rod-Drop Times or CPs for PWRs.
88-46 Licensee Report of 7/8/88 All holders of OLs
Defective Refurbished or CPs for nuclear
Circuit Breakers power reactors.
88-45 Problems In Protective 7/7/88 All holders of OLs
Relay and Circuit or CPs for nuclear
Breaker Coordination power reactors.
88-44 Mechanical Binding of 6/24/88 All holders of OLs
Spring Release Device or CPs for nuclear
in Westinghouse Type power reactors.
DS-416 Circuit Breakers
88-43 Solenoid Valve Problems 6/23/88 All holders of OLs
or CPs for nuclear
power reactors.
88-42 Circuit Breaker Failures 6/23/88 All holders of OLs
Due to Loose Charging or CPs for nuclear
Spring Motor Mounting Bolts power reactors.
88-41 Physical Protection 6/22/88 All holders of OLs
Weaknesses Identified or CPs for nuclear
Through Regulatory Ef- power reactors.
fectiveness Reviews (RERs)
88-40 Examiners' Handbook for 6/22/88 All holders of OLs
Developing Operator or CPs for nuclear
Licensing Examinations power reactors.
88-39 LaSalle Unit 2 Loss of 6/15/88 All holders of OLs
Recirculation Pumps With or CPs for BWRs.
Power Oscillation Event
_____________________________________________________________________________
OL = Operating License
CP = Construction Permit