Information Notice No. 86-91: Limiting Access Authorizations
SSINS No.: 6385
IN 86-91
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF INSPECTION AND ENFORCEMENT
WASHINGTON, D.C. 20555
November 3, 1986
Information Notice No. 86-91: LIMITING ACCESS AUTHORIZATIONS
Addressees:
All nuclear power reactor facilities holding an operating license or
construction permit, and fuel fabrication and processing facilities using or
possessing formula quantities of special nuclear material.
Purpose:
This information notice is provided to alert licensees to some of the
weaknesses in access control which could have an impact on public health and
safety. It is expected that the recipients will review the information for
applicability to their facilities and consider actions, if appropriate, to
preclude similar problems from occurring at their facilities. However,
suggestions contained in this information notice do not constitute NRC
requirements; therefore, no specific action or written response is required
at this time.
Description of Circumstances:
Some recent events involving threats to safety, for example unauthorized
breaker manipulation and misalignment of valves, have occurred at sites
where large numbers of personnel are granted unescorted access to a number
of vital areas and vital islands. 10 CFR 73.55(d)(7) clearly states that
access must be limited to individuals who require such access to perform
their duties. Granting access to others for expediency or convenience
increases the risk of sabotage and vandalism by insiders and reduces the
likelihood of identifying the perpetrators in followup investigations.
Two recent examples follow where access was not limited in accordance with
10 CFR 73.55:
1. In an Enforcement Conference, a licensee claimed that a condition in-
volving two (2) unlocked and unalarmed vital area doors was not sig-
nificant because all but six (6) of about 4000 people onsite had been
authorized access to the vital area.
2. At another site most of the administrative/secretarial staff had been
granted access to a vital area becaUse a spare word processing terminal
had been installed there.
8610290048
.
IN 86-91
November 3, 1986
Page 2 of 3
As a result of these and other specific instances, an informal survey was
conducted of 18 sites in one NRC region. The data collected showed that 90
percent of the 28,000 active badges allowed access to at least one vital
area and more than 50 percent of the badges allowed access to all vital
areas.
A review of the above cases showed that the licensee's programs did not
address specific criteria for establishing "need for access" to vital areas
or the equipment contained therein. In some cases, the plans or procedures
simply indicated that a member of management determines access
authorization, but no standard existed for what constituted need. In other
cases management provided overly broad and nonspecific criteria such as
"emergency duties" or "work-related duties."
Discussion:
The above described circumstances are indicative of potential weaknesses in
security programs which could allow individuals access to vital equipment
when no supportable reason for such access exists. The root cause of this
weakness appears to be the lack of adequate criteria to clearly determine
the circumstances which must exist prior to allowing an individual free,
unescorted access to controlled areas of the plant.
While it is recognized that facilities differ, certain basic criteria should
be applied to determine the need for access. As noted in IE Bulletin 79-16
(copy attached), valid need should be based on the performance of specific
tasks on or associated with equipment located in each vital area to which
access is authorized. In addition, vital areas should exclude nonvital
equipment and activities to the extent possible to minimize the number of
people requiring access.
To minimize the number of people granted access, consideration may be given
to (1) removing or limiting unescorted access authorization for those with
only infrequent or administrative needs, and (2) removal of unescorted
access authorization when need no longer exists. In accordance with IE
Bulletin 79-16, dated July 26, 1979, access lists should be reviewed every
31 days to eliminate individuals whose need for access has expired. When
only infrequent access is required, escorted access authorization should be
sufficient.
.
IN 86-91
November 3, 1986
Page 3 of 3
No specific action or written response is required by this information
notice. If you have any questions regarding this matter, please contact the
Regional Administrator of the appropriate NRC regional office or the
technical contact listed below.
Edward L. Jordan, Director
Division of Emergency Preparedness
and Engineering Response
Office of Inspection and Enforcement
Technical Contact: R. P. Rosano, IE
(301) 492-4006
Attachments:
1. IEB 79-16
2. List of Recently Issued IE Information Notices
Page Last Reviewed/Updated Tuesday, March 09, 2021