United States Nuclear Regulatory Commission - Protecting People and the Environment

Information Notice No. 88-49: Marking, Handling, Control, Storage and Destruction of Safeguards Information

                                  UNITED STATES
                          NUCLEAR REGULATORY COMMISSION
                      OFFICE OF NUCLEAR REACTOR REGULATION
                            WASHINGTON, D. C.  20555

                                  July 18, 1988


Information Notice No. 88-49:  MARKING, HANDLING, CONTROL, STORAGE AND
                                   DESTRUCTION OF SAFEGUARDS INFORMATION


Addressees: 

All holders of operating licenses or construction permits for nuclear power 
reactors and all other licensed activities involving a formula quantity of 
special nuclear material. 

Purpose: 

This information notice is being provided to alert addressees to identified 
weaknesses in the use and protection of Safeguards Information (SGI) that 
could adversely impact the public health and safety.  It is expected that 
recipients will review the information for applicability to their facilities 
and consider actions, as appropriate, to avoid similar problems.  Suggestions 
contained in this information notice do not constitute NRC requirements; 
therefore, no specific action or written response is required. 

Description of Circumstances: 

In a number of recent instances SGI has not been adequately protected.  Inade-
quacies have been found in marking, handling, control, storage, and destruc-
tion.  In most instances, these violations were directly attributable to poor 
training or no training in the use and protection of SGI.  Many licensees do 
not specifically address SGI in either their Guard Force Training and Qualifi-
cation Program or in general employee training programs.  Other deficiencies 
include lack of designated program responsibility, inadequate procedures, and 
lack of (or inadequate) audit of licensee SGI programs at both corporate and 
nuclear facility locations.  Some licensees have not vested responsibility for 
their SGI program in one individual or group; it has more or less been left to 
the discretion of each individual who produced or acquired such information to 
protect it in accordance with that individual's interpretation of 10 CFR 
73.21.  Although each individual who produces or acquires SGI is responsible 
for safeguarding it, it is important that licensees train and audit their 
employees, agents, and contractors in order to assure proper handling and 
protection of SGI.  

Failure to protect SGI contained in a nuclear facility's Physical Security and 
Contingency Plans and in implementing procedures could compromise access 
controls and security response capabilities that are designed to protect 
against theft of nuclear materials and radiological sabotage. 



8807120550
.                                                                 IN 88-49
                                                                 July 18, 1988
                                                                 Page 2 of 3


The following are examples of instances in which SGI was inadequately protect-
ed, resulting in violations of regulatory requirements: 

l.   Markings: 

     Some SGI documents were not marked properly; some were not marked at all.

2.   Storage: 

     �    A licensee was unable to locate a missing copy of the site Physical 
          Security Plan.  

     �    SGI consisting of quality assurance (QA) check sheets that addressed 
          various aspects of the nuclear security program at one of a 
          licensee's nuclear facilities was discovered incorporated with 
          nonsafeguards QA documents.  The safeguards documents were 
          inadequately protected.

     �    At some facilities, documents containing SGI were found stored in 
          unauthorized or unlocked containers both inside and outside the 
          protected area.

     �    SGI relating to the security program at each of a licensee's nuclear 
          facilities was made accessible to unauthorized personnel through 
          computer terminals on and off the site.  This occurred because a 
          contractor, employed by the utility to upgrade the utility-wide 
          computerized information management system, incorporated 
          computerized SGI data into the system without the knowledge of the 
          licensee. 

3.   Destruction: 

     The security programs of a licensee's nuclear facilities could have been 
     compromised when major portions of Physical Security and Safeguards 
     Contingency Plans for each facility were inadequately destroyed.  The 
     potential compromises occurred at the licensee's corporate office and 
     were committed by administrative personnel who tore superseded pages of 
     plans (identified as SGI) into large pieces that could have been easily 
     reconstructed and discarded them in office-type trash containers.

Discussion: 

These occurrences indicate that weaknesses exist in programs for protecting 
SGI that could allow unauthorized access to SGI and could compromise programs 
at nuclear facilities.  

Section 73.21 of 10 CFR established the requirements for protecting SGI, 
specified the type of information to be protected, and defined access, 
storage, marking, handling, and destruction criteria.  Additional guidance is 
available in NUREG-0794, "Protection of Unclassified Safeguards Information."  
Also, 10 CFR 73.57 establishes a requirement for criminal history checks of 
individuals permitted access to SGI by power reactor licensees.  This new rule 
supersedes NUREG-0794 with respect to access to SGI.  
.                                                                 IN 88-49
                                                                 July 18, 1988
                                                                 Page 3 of 3


Although the manner in which SGI programs are managed and administered varies 
among individual licensees and nuclear facilities, it is important that 
certain basic criteria defined in 10 CFR 73.21 be applied in all SGI programs.
Viable SGI programs include training, procedures, annual program reviews, and 
audits, as well as requirements for corrective action and licensee or 
contractor followup.  It is important that programs not be verbatim copies of 
10 CFR 73.21 which, due to its nature as a regulation, is not very 
illustrative and, therefore, subject to varied interpretations.  Using 
NUREG-0794 as a guide, licensees can specifically address all aspects of SGI 
as they apply to their facility. 

Recipients should consider (1) providing this notice to employees and 
contractor's employees, especially those having custodial and data management 
responsibility for SGI; (2) reviewing their SGI program, including the areas 
of organizational responsibilities, training, procedures and audits; and (3) 
advising those personnel authorized access to SGI that not only are they 
subject to civil enforcement action for failure to protect the information, 
but also to criminal prosecution if the requirements for the protection of SGI 
are intentionally violated.

No specific action or written response is required by this information notice.
If you have any questions about this matter, please contact one of the 
technical contacts listed below or the Regional Administrator of the 
appropriate regional office.




                              Charles E. Rossi, Director 
                              Division of Operational Events Assessment 
                              Office of Nuclear Reactor Regulation 

Technical Contacts:  Aubrey Tillman, RII
                     (404) 331-5613

                     Nancy E. Ervin, NRR
                     (301) 492-0946

Attachment:  List of Recently Issued NRC Information Notices
.                                                            Attachment
                                                            IN 88-49 
                                                            July 18, 1988 
                                                            Page 1 of 1

                             LIST OF RECENTLY ISSUED
                            NRC INFORMATION NOTICES 
_____________________________________________________________________________
Information                                  Date of 
Notice No._____Subject_______________________Issuance_______Issued to________

88-48          Licensee Report of            7/12/88        All holders of OLs
               Defective Refurbished                        or CPs for nuclear
               Valves                                       power reactors. 

88-47          Slower-Than-Expected          7/14/88        All holders of OLs
               Rod-Drop Times                               or CPs for PWRs. 

88-46          Licensee Report of            7/8/88         All holders of OLs
               Defective Refurbished                        or CPs for nuclear
               Circuit Breakers                             power reactors. 

88-45          Problems In Protective        7/7/88         All holders of OLs
               Relay and Circuit                            or CPs for nuclear
               Breaker Coordination                         power reactors. 

88-44          Mechanical Binding of         6/24/88        All holders of OLs
               Spring Release Device                        or CPs for nuclear
               in Westinghouse Type                         power reactors. 
               DS-416 Circuit Breakers 

88-43          Solenoid Valve Problems       6/23/88        All holders of OLs
                                                            or CPs for nuclear
                                                            power reactors. 

88-42          Circuit Breaker Failures      6/23/88        All holders of OLs
               Due to Loose Charging                        or CPs for nuclear
               Spring Motor Mounting Bolts                  power reactors. 

88-41          Physical Protection           6/22/88        All holders of OLs
               Weaknesses Identified                        or CPs for nuclear
               Through Regulatory Ef-                       power reactors. 
               fectiveness Reviews (RERs) 

88-40          Examiners' Handbook for       6/22/88        All holders of OLs
               Developing Operator                          or CPs for nuclear
               Licensing Examinations                       power reactors. 

88-39          LaSalle Unit 2 Loss of        6/15/88        All holders of OLs
               Recirculation Pumps With                     or CPs for BWRs. 
               Power Oscillation Event 
_____________________________________________________________________________
OL = Operating License
CP = Construction Permit 
Page Last Reviewed/Updated Tuesday, November 12, 2013