(i) Each licensee that possesses an aggregated category
1 or category 2 quantity of radioactive material shall establish,
implement, and maintain a security program in accordance with the
requirements of this paragraph and paragraphs (10) - (17) of this
subsection.
(ii) An applicant for a new license and each licensee
that would become newly subject to the requirements of this paragraph
and paragraphs (10) - (17) of this subsection upon application for
modification of its license shall implement the requirements of this
paragraph and paragraphs (10) - (17) of this subsection, as appropriate,
before taking possession of an aggregated category 1 or category 2
quantity of radioactive material.
(iii) Any licensee that has not previously implemented
the security orders or been subject to the provisions of this paragraph
and paragraphs (10) - (17) of this subsection shall provide written
notification to the department at least 90 days before aggregating
radioactive material to a quantity that equals or exceeds the category
2 threshold.
(B) General performance objective. Each licensee shall
establish, implement, and maintain a security program that is designed
to monitor and, without delay, detect, assess, and respond to an actual
or attempted unauthorized access to category 1 or category 2 quantities
of radioactive material.
(C) Program features. Each licensee's security program
must include the program features, as appropriate, described in paragraphs
(10) - (16) of this subsection.
(10) General security program requirements.
(A) Security plan.
(i) Each licensee identified in paragraph (9)(A) of
this subsection shall develop a written security plan specific to
its facilities and operations. The purpose of the security plan is
to establish the licensee's overall security strategy to ensure the
integrated and effective functioning of the security program required
by paragraph (9), this paragraph, and paragraphs (11) - (17) of this
subsection. The security plan must, at a minimum:
(I) describe the measures and strategies used to implement
the requirements of paragraph (9), this paragraph, and paragraphs
(11) - (17) of this subsection; and
(II) identify the security resources, equipment, and
technology used to satisfy the requirements of paragraph (9), this
paragraph, and paragraphs (11) - (17) of this subsection.
(ii) The security plan must be reviewed and approved
by the individual with overall responsibility for the security program.
(iii) A licensee shall revise its security plan as
necessary to ensure the effective implementation of department and
NRC requirements. The licensee shall ensure that:
(I) the revision has been reviewed and approved by
the individual with overall responsibility for the security program;
and
(II) the affected individuals are instructed on the
revised plan before the changes are implemented.
(iv) The licensee shall maintain a copy of the current
security plan as a record for inspection by the department in accordance
with subsection (mm) of this section. If any portion of the plan is
superseded, the licensee shall maintain the superseded material for
inspection by the department in accordance with subsection (mm) of
this section.
(B) Implementing procedures.
(i) The licensee shall develop and maintain written
procedures that document how the requirements of paragraph (9), this
paragraph, and paragraphs (11) - (17) of this subsection and the security
plan will be met.
(ii) The implementing procedures and revisions to these
procedures must be approved in writing by the individual with overall
responsibility for the security program.
(iii) The licensee shall maintain a copy of the current
procedure as a record for inspection by the department in accordance
with subsection (mm) of this section. Superseded portions of the procedure
shall be maintained for inspection by the department in accordance
with subsection (mm) of this section.
(C) Training.
(i) Each licensee shall conduct training to ensure
that those individuals implementing the security program possess and
maintain the knowledge, skills, and abilities to carry out their assigned
duties and responsibilities effectively. The training must include
instruction in:
(I) the licensee's security program and procedures
to secure category 1 or category 2 quantities of radioactive material,
and in the purposes and functions of the security measures employed;
(II) the responsibility to report promptly to the licensee
any condition that causes or may cause a violation of the requirements
of the department;
(III) the responsibility of the licensee to report
promptly to the local law enforcement agency and licensee any actual
or attempted theft, sabotage, or diversion of category 1 or category
2 quantities of radioactive material; and
(IV) the appropriate response to security alarms.
(ii) In determining those individuals who shall be
trained on the security program, the licensee shall consider each
individual's assigned activities during authorized use and response
to potential situations involving actual or attempted theft, diversion,
or sabotage of category 1 or category 2 quantities of radioactive
material. The extent of the training must be commensurate with the
individual's potential involvement in the security of category 1 or
category 2 quantities of radioactive material.
(iii) Refresher training must be provided at a frequency
not to exceed 12 months and when significant changes have been made
to the security program. This training must include:
(I) review of the training requirements of this subparagraph
of this paragraph and any changes made to the security program since
the last training;
(II) reports on any relevant security issues, problems,
and lessons learned;
(III) relevant results of inspections by the department;
and
(IV) relevant results of the licensee's program review
and testing and maintenance.
(iv) The licensee shall maintain records of the initial
and refresher training for inspection by the department in accordance
with subsection (mm) of this section. The training records shall include:
(I) the dates of the training;
(II) the topics covered;
(III) a list of licensee personnel in attendance; and
(IV) any related information.
(D) Protection of information.
(i) Licensees authorized to possess category 1 or category
2 quantities of radioactive material shall limit access to and unauthorized
disclosure of their security plan, implementing procedures, and the
list of individuals that have been approved for unescorted access.
(ii) Efforts to limit access shall include the development,
implementation, and maintenance of written policies and procedures
for controlling access to, and for proper handling and protection
against unauthorized disclosure of, the security plan, implementing
procedures, and the list of individuals that have been approved for
unescorted access.
(iii) Before granting an individual access to the security
plan, implementing procedures, or the list of individuals that have
been approved for unescorted access, licensees shall:
(I) evaluate an individual's need to know the security
plan, implementing procedures, or the list of individuals that have
been approved for unescorted access; and
(II) if the individual has not been authorized for
unescorted access to category 1 or category 2 quantities of radioactive
material, safeguards information, or safeguards information-modified
handling, the licensee must complete a background investigation to
determine the individual's trustworthiness and reliability. A trustworthiness
and reliability determination shall be conducted by the reviewing
official and shall include the background investigation elements contained
in paragraph (4)(A)(ii) - (vii) of this subsection.
(iv) Licensees need not subject the following individuals
to the background investigation elements for protection of information:
(I) the categories of individuals listed in paragraph
(6)(A)(i) - (xiii) of this subsection; or
(II) security service provider employees, provided
written verification that the employee has been determined to be trustworthy
and reliable, by the required background investigation in paragraph
(4)(A)(ii) - (vii) of this subsection, has been provided by the security
service provider.
(v) The licensee shall document the basis for concluding
that an individual is trustworthy and reliable and should be granted
access to the security plan, implementing procedures, or the list
of individuals that have been approved for unescorted access.
Cont'd... |