| (B) The implementing procedures and revisions to these
procedures must be approved in writing by the individual with overall
responsibility for the security program.
(C) The licensee shall retain a copy of the current
procedure as a record for three years after the procedure is no longer
needed. Superseded portions of the procedure must be retained for
three years after the record is superseded.
(3) Training.
(A) Each licensee shall conduct training to ensure
that those individuals implementing the security program possess and
maintain the knowledge, skills, and abilities to carry out their assigned
duties and responsibilities effectively. The training must include
instruction in:
(i) the licensee's security program and procedures
to secure category 1 or category 2 quantities of radioactive material
and the purposes and functions of the security measures employed;
(ii) the responsibility to report promptly to the licensee
any condition that causes or may cause a violation of the requirements
of the commission, the NRC, or any Agreement State;
(iii) the responsibility of the licensee to report
promptly to the LLEA and licensee any actual or attempted theft, sabotage,
or diversion of category 1 or category 2 quantities of radioactive
material; and
(iv) the appropriate response to security alarms.
(B) In determining those individuals who shall be trained
on the security program, the licensee shall consider each individual's
assigned activities during authorized use and response to potential
situations involving actual or attempted theft, diversion, or sabotage
of category 1 or category 2 quantities of radioactive material. The
extent of the training must be commensurate with the individual's
potential involvement in the security of category 1 or category 2
quantities of radioactive material.
(C) Refresher training must be provided at a frequency
not to exceed 12 months and when significant changes have been made
to the security program. This training must include:
(i) review of the training requirements of this paragraph
and any changes made to the security program since the last training;
(ii) reports on any relevant security issues, problems,
and lessons learned;
(iii) relevant results of commission inspections; and
(iv) relevant results of the licensee's program review
and testing and maintenance.
(D) The licensee shall maintain records of the initial
and refresher training for three years from the date of the training.
The training records must include dates of the training, topics covered,
a list of licensee personnel in attendance, and related information.
(4) Protection of information.
(A) Licensees authorized to possess category 1 or category
2 quantities of radioactive material shall limit access to and unauthorized
disclosure of their security plan, implementing procedures, and the
list of individuals that have been approved for unescorted access.
(B) Efforts to limit access shall include the development,
implementation, and maintenance of written policies and procedures
for controlling access to, and for proper handling and protection
against unauthorized disclosure of, the security plan, implementing
procedures, and the list of individuals that have been approved for
unescorted access.
(C) Before granting an individual access to the security
plan, implementing procedures, or the list of individuals that have
been approved for unescorted access, licensees shall:
(i) evaluate an individual's need to know the security
plan, implementing procedures, or the list of individuals that have
been approved for unescorted access; and
(ii) if the individual has not been authorized for
unescorted access to category 1 or category 2 quantities of radioactive
material, safeguards information, or safeguards information-modified
handling, the licensee must complete a background investigation to
determine the individual's trustworthiness and reliability. A trustworthiness
and reliability determination shall be conducted by the reviewing
official and shall include the background investigation elements contained
in subsection (d)(1)(B) - (G) of this section.
(D) Licensees need not subject the following individuals
to the background investigation elements for protection of information:
(i) the categories of individuals listed in subsection
(f)(1) of this section; or
(ii) security service provider employees, provided
written verification that the employee has been determined to be trustworthy
and reliable, by the required background investigation in subsection
(d)(1)(B) - (G) of this section, has been provided by the security
service provider.
(E) The licensee shall document the basis for concluding
that an individual is trustworthy and reliable and should be granted
access to the security plan, implementing procedures, or the list
of individuals that have been approved for unescorted access.
(F) Licensees shall maintain a list of persons currently
approved for access to the security plan, implementing procedures,
or the list of individuals that have been approved for unescorted
access. When a licensee determines that a person no longer needs access
to the security plan, implementing procedures, or the list of individuals
that have been approved for unescorted access or no longer meets the
access authorization requirements for access to the information, the
licensee shall remove the person from the approved list as soon as
possible, but no later than seven working days, and take prompt measures
to ensure that the individual is unable to obtain the security plan,
implementing procedures, or the list of individuals that have been
approved for unescorted access.
(G) When not in use, the licensee shall store its security
plan, implementing procedures, and the list of individuals that have
been approved for unescorted access in a manner to prevent unauthorized
access. Information stored in non-removable electronic form must be
password protected.
(H) The licensee shall retain as a record for three
years after the document is no longer needed:
(i) a copy of the information protection procedures;
and
(ii) the list of individuals approved for access to
the security plan, implementing procedures, or the list of individuals
that have been approved for unescorted access.
(k) LLEA coordination.
(1) A licensee subject to subsections (i) and (j) of
this section, this subsection, and subsections (l) - (q) of this section
shall coordinate, to the extent practicable, with an LLEA for responding
to threats to the licensee's facility, including any necessary armed
response. The information provided to the LLEA must include:
(A) a description of the facilities and the category
1 and category 2 quantities of radioactive materials along with a
description of the licensee's security measures that have been implemented
to comply with subsections (i) and (j) of this section, this subsection,
and subsections (l) - (q) of this section; and
(B) a notification that the licensee will request a
timely armed response by the LLEA to any actual or attempted theft,
sabotage, or diversion of category 1 or category 2 quantities of material.
(2) The licensee shall notify the executive director
within three business days if:
(A) the LLEA has not responded to the request for coordination
within 60 days of the coordination request; or
(B) the LLEA notifies the licensee that the LLEA does
not plan to participate in coordination activities.
(3) The licensee shall document its efforts to coordinate
with the LLEA. The documentation must be kept for three years.
(4) The licensee shall coordinate with the LLEA at
least every 12 months, or when changes to the facility design or operation
adversely affect the potential vulnerability of the licensee's material
to theft, sabotage, or diversion.
(l) Security zones.
(1) Licensees shall ensure that all aggregated category
1 and category 2 quantities of radioactive material are used or stored
within licensee established security zones. Security zones may be
permanent or temporary.
(2) Temporary security zones must be established as
necessary to meet the licensee's transitory or intermittent business
activities, such as periods of maintenance, source delivery, and source
replacement.
(3) Security zones must, at a minimum, allow unescorted
access only to approved individuals through:
Cont'd... |
