Reporting of Safeguards Events (Generic Letter 91-03)

 March 6, 1991



This generic letter provides an immediate revision to current NRC policy 
regarding prompt reporting of safeguards events, thereby eliminating 
unnecessary prompt reporting of certain safeguards events and reducing their 
attendant effect on the NRC Operations Center.  The revised position reduces 
the reporting burden on licensees and does not impose any new requirements.

On June 9, 1987, the NRC revised Section 73.71 of Title 10 of the Code of 
Federal Regulations (10 CFR), "Reporting of Safeguards Events."  The rule 
requires licensees to report significant events to the NRC Operations Center 
promptly, within 1 hour after discovery, and to record certain other 
safeguards events in a log for quarterly reporting to the NRC.

The NRC published Revision 1 to Regulatory Guide (RG) 5.62 in November 1987 
and published NUREG-1304 in February 1988, both titled, "Reporting of 
Safeguards Events," to clarify the rule changes and to provide guidance on 
reporting safeguards events.  

When the NRC published the above guidance, it was anticipated that there 
would be a need to revise it again based on experience with implementation 
of the rule.  During the implementation period, the NRC staff evaluated the 
safeguards events reported to the NRC Operations Center based on their 
safety significance and the immediate actions taken by the NRC and the 
licensees, and  the staff determined that many of the events did not need to 
be reported promptly.  Some events were being reported in accordance with 
NRC guidance that the NRC staff has subsequently determined is 
inappropriate, while other events were being reported because the NRC 
guidance did not provide enough clarity.  The NRC staff has initiated an 
appropriate revision to RG 5.62, which will supersede NUREG-1304.  However, 
the scope of the proposed revision is much broader than prompt safeguards 
reports.  When completed, the revised guidance will be issued for public 
comment, and therefore, may not be published for a considerable time.  
Pending completion of the revision to RG 5.62, this generic letter provides 
interim guidance that should reduce unnecessary reporting to the NRC 
Operations Center and reduce the reporting burden on licensees.  

Enclosure 1 to the generic letter lists examples of safeguards events that 
do not need to be reported promptly to the NRC Operations Center.  Unless 
otherwise noted, if these events are properly compensated in accordance with 
RG 5.62 and NUREG-1304, they need only be logged. 

.                                    - 2 - 

Licensees should properly compensate for events listed in Enclosure 1 within 
10 minutes of discovery by a licensee employee, contractor, or vendor or 
within the time prescribed in the licensee's NRC-approved plan (as stated in 
RG 5.62).  However, if extenuating circumstances prevent compensation within 
that time, the event need not be reported promptly provided there was no 
malevolent intent, nothing adverse resulted from the delay, and the licensee 
takes appropriate measures to ensure a more timely response or other 
necessary action in the future.  For example, if an individual inadvertently 
fails to notify security of a safeguards event in a timely manner, the 
licensee may still log the event if the above conditions are met.  In these 
cases, the licensee should note the cause of delay in the log entry. 

If the licensee determines that unauthorized or undetected access could have 
been gained during any of the enclosed events, the licensee should 
immediately initiate a thorough search of the affected area for sabotage 
devices, evidence of tampering, or persons who may have achieved 
unauthorized access (as stated in NUREG-1304).  The licensee should complete 
the search as soon as practicable.  If additional information is 
subsequently discovered that establishes the event as significant, the 
licensee should report the event to the NRC within 1 hour of discovering the 
additional information.  

A significant fitness-for-duty (FFD) event must be reported under the 
provisions of 10 CFR 26.73, but need not be reported under Section 73.71.  
FFD program performance data must be submitted under the provisions of 10 
CFR 26.71(d).  In those rare cases where an event with safeguards 
significance is caused by an FFD event, the FFD aspects must be submitted to 
the NRC in accordance with 10 CFR Part 26, and safeguards aspects reported 
in accordance with 10 CFR 73.71.  When a telephonic report is required by 
both rules, the licensee need only make one telephone call to the NRC 
Operations Center within 1 hour.  In that case, a written report of the 
safeguards aspects must also be submitted within 30 days, as required by 10 
CFR 73.71. 

Backfit Discussion 

The actions in this generic letter are voluntary; no backfit is intended.  
This action is expected to result in a safety enhancement and a saving of 
resources.  The staff performed an analysis of the type described in 10 CFR 
50.109(a)(3) and 50.109(c), and a qualitative determination was made that 
any attendant costs are nominal and are balanced by continued savings due to 
reduced significant event reporting.  

This generic letter consists of guidance and does not require a response.  
Therefore, an OMB clearance number is not necessary.

.                                    - 3 -

If you have any questions about this matter, please call the NRC technical 
contact listed below. 


                                  James G. Partlow 
                                  Associate Director for Projects 
                                  Office of Nuclear Reactor Regulation 

Technical Contact:  
Nancy E. Ervin, NRR
(301) 492-0946

1.  Examples of Safeguards Events That Do Not Need To Be Reported to the 
    NRC Within One Hour of Discovery 
2.  List of Recently Issued Generic Letters 



The following are examples of events that can be logged if they are properly 
compensated in accordance with existing approved guidance (i.e., RG 5.62 and 
NUREG-1304) or by the relaxed guidance in this generic letter.  (Specific 
factors that could change reportability are addressed with the applicable 

o   A design flaw or vulnerability in a protected area (PA), controlled 
    access area (CAA), material access area (MAA), or vital area (VA) 
    safeguards barrier.  
o   A failed compensatory measure such as inattentive or sleeping security 
    personnel, or equipment that fails after being successfully established 
    as an effective compensatory measure for a degraded security system.  If 
    security personnel are ineffective because of alcohol or drugs, the 
    security degradation can be logged under 10 CFR 73.71, and the positive 
    results of the for-cause test included in the data submitted to the NRC 
    under 10 CFR 26.71(d). 
o   Discovery of contraband inside the PA that is not a significant threat. 
    For example, such a condition could be the discovery of a few bullets. 
    If contraband is found in a vehicle located in a parking lot outside the 
    PA, normally no report or log entry is required.  If it constitutes a 
    threat or attempted threat, a report is required within 1 hour as 
    currently stated in RG 5.62 and NUREG-1304.    

o   Compromise (including loss or theft) of safeguards information that 
    could not significantly assist an individual in gaining unauthorized or 
    undetected access to a facility, or would not significantly assist an 

    individual in an act of radiological sabotage or theft of SNM.

o   Loss of all ac power supply to security systems, or loss of all computer 
    systems provided adequate compensatory measures can be maintained until 
    systems are restored.  Further, if a power loss or computer failure 
    could not enable unauthorized or undetected access, no report or log 
    entry is required.  For example, a computer failure would not require 
    reporting if it is negated by an automatic switchover to a functioning 
    backup computer without a time delay.  Also, momentary loss of lighting 
    caused by a power interruption would not require reporting if the loss 
    could not have allowed undetected or unauthorized access.  

Enclosure 1 To Generic Letter 91-03 
.                                    - 2 - 

o   Partial failure of an otherwise satisfactory access authorization or 
    access control program.  The following are examples of partial failures:

    -    A vendor who has been cleared and authorized to receive a badge 
         permitting unescorted access to protected and vital areas 
         inadvertently enters the PA through a vehicle gate before being 
         searched and issued a badge.  The licensee discovers the event, 
         searches the individual, issues a badge and takes corrective action
         to prevent recurrence.  

    -    Search equipment fails and the licensee does not detect the 
         failure, thereby allowing unsearched individuals to enter the PA.  
         Individuals are not authorized PA entry without the proper search 
         under the provisions of 10 CFR 73.46(d)(4)(i) and 10 CFR 
         73.55(d)(1).  If the licensee discovers search equipment failure 
         before anyone goes through unsearched, and the licensee immediately 
         uses other equipment available with the same capability (such as 
         hand-held or walk-through searching devices), no report or log 
         entry is required.  

    -    An individual who is required to have an escort for a particular 
         area inadvertently becomes separated from his or her escort but the 
         escort or another person authorized unescorted access recognizes 
         the situation and corrects it.  Further, if an individual separates 
         from his or her escort to use a rest room which has limited means 
         of egress and the escort remains nearby and has full view of the 
         egress area, no report or log entry is required.  

    -    An employee of a licensee or contractor enters a VA improperly 
         without realizing that the card reader is processing a preceding 
         employee's card, or the employee walks in behind another employee 
         without using a key card.  This event can be logged even if the 
         employee was not authorized access to any VA, if the improper entry 
         was inadvertent or without malevolent intent.    

    -    An individual enters a VA to which he or she is authorized 
         unescorted access by inadvertently using an access control medium 
         (key card or badge) intended for another individual who also is 
         authorized unescorted access to the area.

    -    An individual authorized only PA access is incorrectly issued a 
         badge granting VA access, but does not enter any VAs or does not 
         enter any VAs with malevolent intent.  Further, if an individual is 
         incorrectly issued a badge, but cannot reasonably use it because 
         he or she does not know a personal identification number (PIN) 
         needed to enter the PA, the event need not be reported or logged if 
         it is promptly discovered and corrected.  
.                                    - 3 - 

    -    Improper control (to include loss or offsite removal) of access 
         control media, including picture badges, keys, key cards or access 
         control computer codes, that could be used to gain unauthorized or 
         undetected access.  Proper compensation includes preventing 
         successful use of the medium and initiation of measures to 
         determine if the medium was used during the period it was lost or 
         offsite.  If the licensee determines that the medium was used 
         during this period, the licensee should report the event to the NRC 
         within 1 hour from the time the use was discovered.  If the 
         licensee determines that the medium could not have been used to 
         gain unauthorized or undetected access, the licensee does not have 
         to report or log the event.  Situations of this type could include 
         the following:  if the authorized individual only momentarily takes 
         a badge outside of the PA, and the event is immediately discovered 
         and corrected by return of the badge before a compromise could 
         occur; if a badge or key is only momentarily misplaced and the 
         event is discovered and corrected before anyone could reasonably 
         use the device for entry; or if a badge is automatically deleted 
         from the system when taken offsite, a new badge with a different 
         access code is issued to the individual involved upon reentry, and 
         the previous access code is not used in another badge.  

    -    Card reader failure that causes VA doors to unlock in the open 
         position or to lock in the closed position but with no functioning 
         door alarm.  Further, if card reader failure causes VA doors to 
         lock in the closed position and the door alarms function properly, 
         no report or log entry is required, provided that proper access 
         control measures are implemented before allowing individuals into 
         the vital areas.  

    -    Incomplete preemployment screening records (to include 
         falsification of a minor nature), or inadequate administration, 
         control or evaluation of psychological tests.  Unescorted access of 
         the individual may need to be cancelled or suspended until the 
         identified anomaly is resolved.  If the licensee determines that 
         unescorted access would have been denied based on developed 
         information, a 1-hour report is required after discovery of the new 
         information, as currently stated in RG 5.62 and NUREG-1304.

Page Last Reviewed/Updated Thursday, March 25, 2021