Information Notice No. 86-91: Limiting Access Authorizations

                                                            SSINS No.:  6385
                                                            IN 86-91 

                                UNITED STATES
                        NUCLEAR REGULATORY COMMISSION
                    OFFICE OF INSPECTION AND ENFORCEMENT
                           WASHINGTON, D.C. 20555

                              November 3, 1986

Information Notice No. 86-91:   LIMITING ACCESS AUTHORIZATIONS 

Addressees: 

All nuclear power reactor facilities holding an operating license or 
construction permit, and fuel fabrication and processing facilities using or 
possessing formula quantities of special nuclear material. 

Purpose: 

This information notice is provided to alert licensees to some of the 
weaknesses in access control which could have an impact on public health and 
safety. It is expected that the recipients will review the information for 
applicability to their facilities and consider actions, if appropriate, to 
preclude similar problems from occurring at their facilities. However, 
suggestions contained in this information notice do not constitute NRC 
requirements; therefore, no specific action or written response is required 
at this time. 

Description of Circumstances: 

Some recent events involving threats to safety, for example unauthorized 
breaker manipulation and misalignment of valves, have occurred at sites 
where large numbers of personnel are granted unescorted access to a number 
of vital areas and vital islands. 10 CFR 73.55(d)(7) clearly states that 
access must be limited to individuals who require such access to perform 
their duties. Granting access to others for expediency or convenience 
increases the risk of sabotage and vandalism by insiders and reduces the 
likelihood of identifying the perpetrators in followup investigations. 

Two recent examples follow where access was not limited in accordance with 
10 CFR 73.55: 

1.   In an Enforcement Conference, a licensee claimed that a condition in-
     volving two (2) unlocked and unalarmed vital area doors was not sig-
     nificant because all but six (6) of about 4000 people onsite had been 
     authorized access to the vital area. 

2.   At another site most of the administrative/secretarial staff had been 
     granted access to a vital area becaUse a spare word processing terminal
     had been installed there. 


8610290048 
.

                                                       IN 86-91 
                                                       November 3, 1986 
                                                       Page 2 of 3 

As a result of these and other specific instances, an informal survey was 
conducted of 18 sites in one NRC region. The data collected showed that 90 
percent of the 28,000 active badges allowed access to at least one vital 
area and more than 50 percent of the badges allowed access to all vital 
areas. 

A review of the above cases showed that the licensee's programs did not 
address specific criteria for establishing "need for access" to vital areas 
or the equipment contained therein. In some cases, the plans or procedures 
simply indicated that a member of management determines access 
authorization, but no standard existed for what constituted need. In other 
cases management provided overly broad and nonspecific criteria such as 
"emergency duties" or "work-related duties." 

Discussion: 

The above described circumstances are indicative of potential weaknesses in 
security programs which could allow individuals access to vital equipment 
when no supportable reason for such access exists. The root cause of this 
weakness appears to be the lack of adequate criteria to clearly determine 
the circumstances which must exist prior to allowing an individual free, 
unescorted access to controlled areas of the plant. 

While it is recognized that facilities differ, certain basic criteria should
be applied to determine the need for access. As noted in IE Bulletin 79-16 
(copy attached), valid need should be based on the performance of specific 
tasks on or associated with equipment located in each vital area to which 
access is authorized. In addition, vital areas should exclude nonvital 
equipment and activities to the extent possible to minimize the number of 
people requiring access. 

To minimize the number of people granted access, consideration may be given 
to (1) removing or limiting unescorted access authorization for those with 
only infrequent or administrative needs, and (2) removal of unescorted 
access authorization when need no longer exists. In accordance with IE 
Bulletin 79-16, dated July 26, 1979, access lists should be reviewed every 
31 days to eliminate individuals whose need for access has expired. When 
only infrequent access is required, escorted access authorization should be 
sufficient. 

.

                                                       IN 86-91 
                                                       November 3, 1986 
                                                       Page 3 of 3 

No specific action or written response is required by this information 
notice. If you have any questions regarding this matter, please contact the 
Regional Administrator of the appropriate NRC regional office or the 
technical contact listed below. 


                                   Edward L. Jordan, Director 
                                   Division of Emergency Preparedness 
                                     and Engineering Response 
                                   Office of Inspection and Enforcement 

Technical Contact:  R. P. Rosano, IE 
                    (301) 492-4006 

Attachments: 
1.   IEB 79-16 
2.   List of Recently Issued IE Information Notices