EA-97-161 - Crystal River 3 (Florida Power Corp.)

May 29, 1997

EA 97-161

Florida Power Corporation
Crystal River Energy Complex
Mr. Roy A. Anderson (SA2A)
Sr. VP, Nuclear Operations
ATTN: Mgr., Nuclear Licensing
15760 West Power Line Street
Crystal River, FL 34428-6708

SUBJECT: NOTICE OF VIOLATION (NRC INSPECTION REPORT NO. 50-302/97-03)

Dear Mr. Anderson:

This letter refers to a Nuclear Regulatory Commission (NRC) inspection conducted during the period March 17 - 21, 1997, at Crystal River Unit 3. The purpose of the inspection was to review the implementation of your security program which included an evaluation of your control of Safeguards Information (SGI). The results of the inspection were discussed with members of your staff on March 21, 1997, at the exit meeting and were formally transmitted to you by letter dated April 18, 1997. That letter also provided you the opportunity to respond to the apparent violations in writing or request a predecisional enforcement conference. At your request, an open predecisional enforcement conference was conducted in the Region II office on May 22, 1997. A listing of conference attendees, Florida Power Corporation's (FPC) presentation materials, and NRC slides are enclosed.

Based on the information developed during the inspection and provided at the conference, the NRC has determined that violations of NRC requirements occurred. The violations are cited in the enclosed Notice of Violation (Notice), and the circumstances surrounding them are described in detail in the subject inspection report. The violations involved two instances where the staff at Crystal River failed to control SGI adequately to assure access by authorized persons only. Specifically, on January 16 and March 15, 1997, SGI was left unattended and unsecured outside the protected area for periods of approximately 16 hours. The materials were located in the locked security office and the document control area of the Nuclear Administration Building, respectively.

At the conference, your staff admitted the violations and identified the root cause as the lack of centralized control for SGI. Also, at the conference, NRC was informed that FPC had identified an additional event on April 7, 1997, where an individual, who was not fingerprinted, handled SGI. This event has not been reviewed by NRC; however, your staff stated that the corrective actions presented at the conference also addressed this most recent event.

NRC recognizes that many of the documents associated with the two violations could have been downgraded to non-SGI; however, some of the material did contain SGI and was being used as part of the physical security upgrade project. Regardless of the actual safety implications of the violations, it is NRC's expectation that all information classified as SGI be safeguarded and controlled. In this case, it does not appear that the SGI was compromised, but the material was located in an area outside the protected area, and a reasonable probability existed that unauthorized persons could have accessed it. Furthermore, NRC is particularly concerned regarding your inability to correct previously identified violations in this program area. Specifically, since March 1996, ten events (including FPC's most recent event in April 1997) involving inadequate control of SGI have occurred. NRC Notices of Violation were issued for several of these issues on May 1 and September 4, 1996, with the latter Notice highlighting the violation as repetitive in nature. As your staff discussed at the conference, corrective actions were implemented for previous violations; however, the events were treated as isolated instances of human performance errors, and the actions did not address the programmatic root cause. In addition, even though more extensive corrective actions were identified following the three September 1996 SGI events, the schedule for completion of the planned activities was protracted and did not prevent the additional occurrences in 1997. It is the responsibility of licensee management to emphasize the importance of and to ensure the implementation of lasting and effective corrective actions. Based on the above, the violations have been categorized in the aggregate in accordance with the "General Statement of Policy and Procedures for NRC Enforcement Actions" (Enforcement Policy), NUREG-1600, as a Severity Level III problem.

In accordance with the Enforcement Policy, a base civil penalty in the amount of $55,000 is considered for a Severity Level III problem occurring after November 12, 1996. Because your facility has been the subject of escalated enforcement actions within the last two years, ¹ the NRC considered whether credit was warranted for Identification and Corrective Action in accordance with the civil penalty assessment process described in Section VI.B.2 of the Enforcement Policy. NRC determined that credit was warranted for Identification in that both violations were identified by your staff. At the conference, your staff stated that corrective actions taken or initiated included the following: (1) securing the unattended SGI upon discovery; (2) counselling and/or disciplinary action for the individuals involved in the events; (3) establishing a single point of control for SGI within the protected area which was completed on May 5, 1997 (an additional area was also established in the Emergency Operations Facility for emergency use; (4) reducing the quantity of SGI through declassification and destruction scheduled for completion by September 30, 1997; (5) establishing a personnel access list for SGI which was completed on May 19, 1997; and (6) including security in the formal corrective action/precursor card program. In addition, to address the broader programmatic issues highlighted by these violations as well as those cited in another recent escalated enforcement action related to security (EA 97-012), your staff indicated that the following actions were planned: (1) employment of a new Security Manager effective June 2, 1997; (2) conduct of increased and improved training for security personnel; and (3) development and implementation of a Security Improvement Plan. Although corrective actions for prior violations have been ineffective, based on the above, the NRC determined that the corrective actions for the current violations appeared to be prompt and comprehensive and that credit was warranted for the factor of Corrective Action .

Therefore, to encourage prompt identification and comprehensive corrective actions for violations, I have been authorized, after consultation with the Director, Office of Enforcement, not to propose a civil penalty in this case. However, significant or further repetitive violations in the future could result in a civil penalty.

You are required to respond to this letter and should follow the instructions specified in the enclosed Notice when preparing your response. In your response, you should document the specific actions taken and any additional actions you plan to prevent recurrence of the violation. After reviewing your response to this Notice, including your proposed corrective actions and the results of future inspections, the NRC will determine whether further NRC enforcement action is necessary to ensure compliance with NRC regulatory requirements. Please be advised that this enforcement action does not address the April 7, 1997, SGI event. NRC will review and disposition this matter at a later date.

In accordance with 10 CFR 2.790 of the NRC's "Rules of Practice," a copy of this letter, its enclosures, and your response will be placed in the NRC Public Document Room (PDR). To the extent possible, your response should not include any personal privacy, proprietary, or safeguards information so that it can be placed in the PDR without redaction.

Sincerely, Original Signed by L. A. Reyes Luis A. Reyes Regional Administrator

Docket No. 50-302
License No. DPR-72

Enclosures:
1. Notice of Violation
2. List of Conference Attendees
3. Licensee Presentation Materials
4. NRC Slides
cc w/encls:

John P. Cowan, Vice President
Nuclear Production (SA2C)
Florida Power Corporation
Crystal River Energy Complex
15760 West Power Line Street
Crystal River, FL 34428-6708

B. J. Hickle, Director
Nuclear Plant Operations (NA2C)
Florida Power Corporation
Crystal River Energy Complex
15760 West Power Line Street
Crystal River, FL 34428-6708

David F. Kunsemiller, Director (SA2A)
Nuclear Operations Site Support
Florida Power Corporation
Crystal River Energy Complex
15760 West Power Line Street
Crystal River, FL 34428-6708

R. Alexander Glenn
Corporate Counsel
Florida Power Corporation
MAC - A5A
P. O. Box 14042
St. Petersburg, FL 33733-4042

Attorney General
Department of Legal Affairs
The Capitol
Tallahassee, FL 32304

Bill Passetti
Office of Radiation Control
Department of Health and
Rehabilitative Services
1317 Winewood Boulevard
Tallahassee, FL 32399-0700

Joe Myers, Director
Division of Emergency Preparedness
Department of Community Affairs
2740 Centerview Drive
Tallahassee, FL 32399-2100

Chairman
Board of County Commissioners
Citrus County
110 N. Apopka Avenue
Inverness, FL 34450-4245

Robert B. Borsum
Framatome Technologies
1700 Rockville Pike, Suite 525
Rockville, MD 20852-1631

---

NOTICE OF VIOLATION Florida Power Corporation Docket No. 50-302 Crystal River Nuclear Plant License No. DPR-72 Unit 3 EA 97-161

During a Nuclear Regulatory Commission (NRC) inspection conducted during the period March 17 - 21, 1997, violations of NRC requirements were identified. In accordance with the "General Statement of Policy and Procedures for NRC Enforcement Actions," NUREG-1600, the violations are listed below:

10 CFR 73.21(d)(2) requires, in part, that while unattended, Safeguards Information shall be stored in a locked security storage container.

A. Contrary to the above, on January 16, 1997, outdated Physical Security and Training and Qualification Plans; 1990 NRC Safeguards Information Inspection Reports; and 1990 Safeguards Information Licensee Event Reports were left unattended and not locked in a security storage container in a locked, security office, a location outside of the protected area, for approximately 16 hours; and (01013)

B. Contrary to the above, on March 15, 1997, 152 aperture cards containing Safeguards Information were left unattended and not locked in a security container in the document control area of the Nuclear Administration Building, a location outside the protected area, for approximately 16 hours. (01023)

This is a repeat Severity Level III problem (Supplement III).

Pursuant to the provisions of 10 CFR 2.201, the Florida Power Corporation (Licensee) is required to submit a written statement or explanation to the U. S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, D. C. 20555 with a copy to the Regional Administrator, Region II, and a copy to the NRC Resident Inspector at the Crystal River facility, within 30 days of the date of the letter transmitting this Notice of Violation (Notice). This reply should be clearly marked as a "Reply to Notice of Violation" and should include: (1) the reason for the violation, or, if contested, the basis for disputing the violation, (2) the corrective steps that have been taken and the results achieved, (3) the corrective steps that will be taken to avoid further violations, and (4) the date when full compliance will be achieved. Your response may reference or include previously docketed correspondence, if the correspondence adequately addresses the required response. If an adequate reply is not received within the time specified in this Notice, an order or Demand for Information may be issued as to why the license should not be modified, suspended, or revoked, or why such other action as may be proper should not be taken. Where good cause is shown, consideration will be given to extending the response time.

Under the authority of Section 182 of the Act, 42 U.S.C. 2232, this response shall be submitted under oath or affirmation.

Because your response will be placed in the NRC Public Document Room (PDR), to the extent possible, it should not include any personal privacy, proprietary, or safeguards information so that it can be placed in the PDR without redaction. If personal privacy or proprietary information is necessary to provide an acceptable response, then please provide a bracketed copy of your response that identifies the information that should be protected and a redacted copy of your response that deletes such information. If you request withholding of such material, you must specifically identify the portions of your response that you seek to have withheld and provide in detail the bases for your claim of withholding (e.g., explain why the disclosure of information will create an unwarranted invasion of personal privacy or provide the information required by 10 CFR 2.790(b) to support a request for withholding confidential commercial or financial information). If safeguards information is necessary to provide an acceptable response, please provide the level of protection described in 10 CFR 73.21.

Dated at Atlanta, Georgia
this 29th day of May 1997

---

¹On July 10, 1996, multiple Severity Level III violations with a $500,000 civil penalty were issued related to unauthorized testing, engineering, and corrective action (EA 95-126). On February 28, 1997, a Severity Level III problem with a $50,000 civil penalty was issued related to security violations (EA 97-012). On March 12, 1997, a Severity Level II problem and two Severity Level III violations were issued related to engineering issues (EA 96-365, 96-465, 96-527).