Reporting of Safeguards Events (Generic Letter 91-03)
March 6, 1991
TO: ALL HOLDERS OF OPERATING LICENSES OR CONSTRUCTION PERMITS FOR
NUCLEAR POWER REACTORS AND ALL OTHER LICENSED ACTIVITIES INVOLVING
A FORMULA QUANTITY OF SPECIAL NUCLEAR MATERIAL (SNM).
SUBJECT: REPORTING OF SAFEGUARDS EVENTS (GENERIC LETTER 91-03)
This generic letter provides an immediate revision to current NRC policy
regarding prompt reporting of safeguards events, thereby eliminating
unnecessary prompt reporting of certain safeguards events and reducing their
attendant effect on the NRC Operations Center. The revised position reduces
the reporting burden on licensees and does not impose any new requirements.
On June 9, 1987, the NRC revised Section 73.71 of Title 10 of the Code of
Federal Regulations (10 CFR), "Reporting of Safeguards Events." The rule
requires licensees to report significant events to the NRC Operations Center
promptly, within 1 hour after discovery, and to record certain other
safeguards events in a log for quarterly reporting to the NRC.
The NRC published Revision 1 to Regulatory Guide (RG) 5.62 in November 1987
and published NUREG-1304 in February 1988, both titled, "Reporting of
Safeguards Events," to clarify the rule changes and to provide guidance on
reporting safeguards events.
When the NRC published the above guidance, it was anticipated that there
would be a need to revise it again based on experience with implementation
of the rule. During the implementation period, the NRC staff evaluated the
safeguards events reported to the NRC Operations Center based on their
safety significance and the immediate actions taken by the NRC and the
licensees, and the staff determined that many of the events did not need to
be reported promptly. Some events were being reported in accordance with
NRC guidance that the NRC staff has subsequently determined is
inappropriate, while other events were being reported because the NRC
guidance did not provide enough clarity. The NRC staff has initiated an
appropriate revision to RG 5.62, which will supersede NUREG-1304. However,
the scope of the proposed revision is much broader than prompt safeguards
reports. When completed, the revised guidance will be issued for public
comment, and therefore, may not be published for a considerable time.
Pending completion of the revision to RG 5.62, this generic letter provides
interim guidance that should reduce unnecessary reporting to the NRC
Operations Center and reduce the reporting burden on licensees.
Enclosure 1 to the generic letter lists examples of safeguards events that
do not need to be reported promptly to the NRC Operations Center. Unless
otherwise noted, if these events are properly compensated in accordance with
RG 5.62 and NUREG-1304, they need only be logged.
9103010258
. - 2 -
Licensees should properly compensate for events listed in Enclosure 1 within
10 minutes of discovery by a licensee employee, contractor, or vendor or
within the time prescribed in the licensee's NRC-approved plan (as stated in
RG 5.62). However, if extenuating circumstances prevent compensation within
that time, the event need not be reported promptly provided there was no
malevolent intent, nothing adverse resulted from the delay, and the licensee
takes appropriate measures to ensure a more timely response or other
necessary action in the future. For example, if an individual inadvertently
fails to notify security of a safeguards event in a timely manner, the
licensee may still log the event if the above conditions are met. In these
cases, the licensee should note the cause of delay in the log entry.
If the licensee determines that unauthorized or undetected access could have
been gained during any of the enclosed events, the licensee should
immediately initiate a thorough search of the affected area for sabotage
devices, evidence of tampering, or persons who may have achieved
unauthorized access (as stated in NUREG-1304). The licensee should complete
the search as soon as practicable. If additional information is
subsequently discovered that establishes the event as significant, the
licensee should report the event to the NRC within 1 hour of discovering the
additional information.
A significant fitness-for-duty (FFD) event must be reported under the
provisions of 10 CFR 26.73, but need not be reported under Section 73.71.
FFD program performance data must be submitted under the provisions of 10
CFR 26.71(d). In those rare cases where an event with safeguards
significance is caused by an FFD event, the FFD aspects must be submitted to
the NRC in accordance with 10 CFR Part 26, and safeguards aspects reported
in accordance with 10 CFR 73.71. When a telephonic report is required by
both rules, the licensee need only make one telephone call to the NRC
Operations Center within 1 hour. In that case, a written report of the
safeguards aspects must also be submitted within 30 days, as required by 10
CFR 73.71.
Backfit Discussion
The actions in this generic letter are voluntary; no backfit is intended.
This action is expected to result in a safety enhancement and a saving of
resources. The staff performed an analysis of the type described in 10 CFR
50.109(a)(3) and 50.109(c), and a qualitative determination was made that
any attendant costs are nominal and are balanced by continued savings due to
reduced significant event reporting.
This generic letter consists of guidance and does not require a response.
Therefore, an OMB clearance number is not necessary.
. - 3 -
If you have any questions about this matter, please call the NRC technical
contact listed below.
Sincerely,
James G. Partlow
Associate Director for Projects
Office of Nuclear Reactor Regulation
Technical Contact:
Nancy E. Ervin, NRR
(301) 492-0946
Attachments:
1. Examples of Safeguards Events That Do Not Need To Be Reported to the
NRC Within One Hour of Discovery
2. List of Recently Issued Generic Letters
. EXAMPLES OF SAFEGUARDS EVENTS THAT DO NOT NEED
TO BE REPORTED TO THE NRC WITHIN 1 HOUR OF DISCOVERY
The following are examples of events that can be logged if they are properly
compensated in accordance with existing approved guidance (i.e., RG 5.62 and
NUREG-1304) or by the relaxed guidance in this generic letter. (Specific
factors that could change reportability are addressed with the applicable
example.)
o A design flaw or vulnerability in a protected area (PA), controlled
access area (CAA), material access area (MAA), or vital area (VA)
safeguards barrier.
o A failed compensatory measure such as inattentive or sleeping security
personnel, or equipment that fails after being successfully established
as an effective compensatory measure for a degraded security system. If
security personnel are ineffective because of alcohol or drugs, the
security degradation can be logged under 10 CFR 73.71, and the positive
results of the for-cause test included in the data submitted to the NRC
under 10 CFR 26.71(d).
o Discovery of contraband inside the PA that is not a significant threat.
For example, such a condition could be the discovery of a few bullets.
If contraband is found in a vehicle located in a parking lot outside the
PA, normally no report or log entry is required. If it constitutes a
threat or attempted threat, a report is required within 1 hour as
currently stated in RG 5.62 and NUREG-1304.
o Compromise (including loss or theft) of safeguards information that
could not significantly assist an individual in gaining unauthorized or
undetected access to a facility, or would not significantly assist an
individual in an act of radiological sabotage or theft of SNM.
o Loss of all ac power supply to security systems, or loss of all computer
systems provided adequate compensatory measures can be maintained until
systems are restored. Further, if a power loss or computer failure
could not enable unauthorized or undetected access, no report or log
entry is required. For example, a computer failure would not require
reporting if it is negated by an automatic switchover to a functioning
backup computer without a time delay. Also, momentary loss of lighting
caused by a power interruption would not require reporting if the loss
could not have allowed undetected or unauthorized access.
Enclosure 1 To Generic Letter 91-03
. - 2 -
o Partial failure of an otherwise satisfactory access authorization or
access control program. The following are examples of partial failures:
- A vendor who has been cleared and authorized to receive a badge
permitting unescorted access to protected and vital areas
inadvertently enters the PA through a vehicle gate before being
searched and issued a badge. The licensee discovers the event,
searches the individual, issues a badge and takes corrective action
to prevent recurrence.
- Search equipment fails and the licensee does not detect the
failure, thereby allowing unsearched individuals to enter the PA.
Individuals are not authorized PA entry without the proper search
under the provisions of 10 CFR 73.46(d)(4)(i) and 10 CFR
73.55(d)(1). If the licensee discovers search equipment failure
before anyone goes through unsearched, and the licensee immediately
uses other equipment available with the same capability (such as
hand-held or walk-through searching devices), no report or log
entry is required.
- An individual who is required to have an escort for a particular
area inadvertently becomes separated from his or her escort but the
escort or another person authorized unescorted access recognizes
the situation and corrects it. Further, if an individual separates
from his or her escort to use a rest room which has limited means
of egress and the escort remains nearby and has full view of the
egress area, no report or log entry is required.
- An employee of a licensee or contractor enters a VA improperly
without realizing that the card reader is processing a preceding
employee's card, or the employee walks in behind another employee
without using a key card. This event can be logged even if the
employee was not authorized access to any VA, if the improper entry
was inadvertent or without malevolent intent.
- An individual enters a VA to which he or she is authorized
unescorted access by inadvertently using an access control medium
(key card or badge) intended for another individual who also is
authorized unescorted access to the area.
- An individual authorized only PA access is incorrectly issued a
badge granting VA access, but does not enter any VAs or does not
enter any VAs with malevolent intent. Further, if an individual is
incorrectly issued a badge, but cannot reasonably use it because
he or she does not know a personal identification number (PIN)
needed to enter the PA, the event need not be reported or logged if
it is promptly discovered and corrected.
. - 3 -
- Improper control (to include loss or offsite removal) of access
control media, including picture badges, keys, key cards or access
control computer codes, that could be used to gain unauthorized or
undetected access. Proper compensation includes preventing
successful use of the medium and initiation of measures to
determine if the medium was used during the period it was lost or
offsite. If the licensee determines that the medium was used
during this period, the licensee should report the event to the NRC
within 1 hour from the time the use was discovered. If the
licensee determines that the medium could not have been used to
gain unauthorized or undetected access, the licensee does not have
to report or log the event. Situations of this type could include
the following: if the authorized individual only momentarily takes
a badge outside of the PA, and the event is immediately discovered
and corrected by return of the badge before a compromise could
occur; if a badge or key is only momentarily misplaced and the
event is discovered and corrected before anyone could reasonably
use the device for entry; or if a badge is automatically deleted
from the system when taken offsite, a new badge with a different
access code is issued to the individual involved upon reentry, and
the previous access code is not used in another badge.
- Card reader failure that causes VA doors to unlock in the open
position or to lock in the closed position but with no functioning
door alarm. Further, if card reader failure causes VA doors to
lock in the closed position and the door alarms function properly,
no report or log entry is required, provided that proper access
control measures are implemented before allowing individuals into
the vital areas.
- Incomplete preemployment screening records (to include
falsification of a minor nature), or inadequate administration,
control or evaluation of psychological tests. Unescorted access of
the individual may need to be cancelled or suspended until the
identified anomaly is resolved. If the licensee determines that
unescorted access would have been denied based on developed
information, a 1-hour report is required after discovery of the new
information, as currently stated in RG 5.62 and NUREG-1304.
Page Last Reviewed/Updated Thursday, March 25, 2021