Clinton Power Station NRC Security Baseline Inspection Report 05000461/2009-402(DRS)

ML11129A289
Person / Time
Site:	Clinton
Issue date:	05/14/2009
From:	Duncan E R Plant Support Branch II
To:	Pardee C G Exelon Generation Co, Exelon Nuclear
References
FOIA/PA-2011-0187 IR-09-402
Download: ML11129A289 (16)
v • d • e

Text

May 14, 2009

Mr. Charles Senior Vice President, Exelon Generation Company, LLC President and Chief Nuclear Officer (CNO), Exelon Nuclear 4300 Winfield Road Warrenville IL 60555

SUBJECT: CLINTON POWER STATION NRC SECURITY BASELINE INSPECTION REPORT 05000461/2009402(DRS)

Dear Mr. Pardee:

On April 10, 2009, the U.S. Nuclear Regulatory Commission (NRC) completed a security baseline inspection at your Clinton Power Station and Exelon Nuclear Corporate Office. The inspection covered one or more of the key attributes of the security cornerstone of the NRC's Reactor Oversight Process. The enclosed inspection report documents the inspection results, which were discussed on April 10, 2009, with Mr. F. A. Kearney and other members of your staff.The inspection examined activities conducted under your license as they relate to security and compliance with the Commission's rules and regulations and with the conditions of your license.The inspector reviewed selected procedures and records, observed activities, and interviewed personnel.

No findings of significance were identified.

In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records System (PARS) component of NRC's Agencywide Documents Access and Management System (ADAMS), accessible from the NRC Web site at http://www.nrc.qov/reading-rm/adams.html (the Public Electronic Reading Room).However, because of the security-related concerns contained in the enclosure, and in accordance with 10 CFR 2.390, a copy of this letter's enclosure will not be available for public inspection..ncosue ransmtte with contains Sensiti e U assifi~d Non-"0 egu r Whel~4eparated f'ro enclos this tr'ahsmittal document is decontrolled.

CuO~ s T EAMTN

-2- Should you have any questions concerning with you.this inspection, we will be pleased to discuss them

Sincerely,IRA/Eric Duncan, Chief Plant Support Branch Division of Reactor Safety Docket Nos. 50-461 License Nos. NPF-62 Nonpublic

Enclosure:

Inspection Report 05000461/2009402(DRS)

w/Attachment:

Supplemental Information cc w/encl: D. Riffle, NSIR/DSO/DDSO J. Klinger, State Liaison Officer, Illinois Emergency Management Agency C. Williamson, Clinton Site Security Manager cc w/encl: Site Vice President

-Clinton Power Station Plant Manager -Clinton Power Station Manager Regulatory Assurance

-Clinton Power Station Senior Vice President

-Midwest Operations Senior Vice President

-Operations Support Vice President

-Licensing and Regulatory Affairs Director -Licensing and Regulatory Affairs Manager Licensing

-Clinton, Dresden and Quad Cities Associate General Counsel Document Control Desk -Licensing Assistant Attorney General Chairman, Illinois Commerce Commission F IC AL US N S\ý1ER ý-% ý1W O

-2-

SUMMARY OF FINDINGS

IR 05000461/2009402(DRS);

01/20/2009

-01/22/2009, Exelon Nuclear Corporate; 04/06/2009

-04/10/2009;

Clinton Power Station; Routine Security Baseline Inspection.

This report covers a 2-week period of announced routine baseline inspection on security.The inspection was conducted by four Region III physical security inspectors.

No findings of significance were identified.

The NRC's program for overseeing the safe operation of commercial nuclear power reactors is described in NUREG-1649, "Reactor Oversight Process." A. Inspector-Identified and Self-Revealed Findings

Cornerstone: Physical Protection

No findings of significance were identified.

B. Licensee-Identified Violations

None.6ýýýS ýYýSlff-1KY-ELTI" O

OF~IA U OL SC T-EINQJVA\TION

REPORT DETAILS

SAFEGUARDS

Cornerstone:

Physical Protection (PP)S01 Access Authorization (71130.01

)a. Inspection Scope The inspectors evaluated this area by: reviewing program procedures, implementing procedures, and records; and conducting interviews with responsible personnel and plant employees.

The inspectors verified the licensee's access authorization program:

(1) complied with the NRC-approved security plan and other regulatory requirements;

(2) provided high assurance that personnel granted unescorted access were trustworthy, reliable, and did not constitute an unreasonable risk to public health and safety, or the common defense Oft and security;

(3) established a behavioral observation program that provided high F assurance of continued reliability and trustworthiness of personnel with unescorted access; and

(4) implemented the provisions of the insider mitigation program to effectively mitigate against theactive and active violernt insider.The inspectors conducted the following inspection activities:

reviewed and evaluated licensee event reports, safeguards log entries, and corrective action documents dated between March 2008 and April 2009 which were associated with Access Authorization (no licensee event reports were documented);

verified for access authorization implementing procedures that the licensee:

(a) implemented a method which ensured all individuals who maintained unescorted access to the Protected Area (PA), including supervisors and escorts, were subject to a behavioral observation program and received behavior observation training;

(b) developed and implemented procedures and processes for all categories of unescorted access;

(c) developed and implemented procedures that provided details on behavioral observation training;(d) developed and implemented procedures that described how the licensee protects personal information maintained in the licensee's personnel information management system and that the records on which the access authorization was based or denied had been retained for the duration of the unescorted access or for 5 years following access denial or access termination;

(e) developed, implemented, and maintained procedures to ensure that personnel denied unescorted access after January 1, 1997, were included in a common industry database; f) developed, implemented, and maintained procedures to ensure that individuals performing background investigations met criteria consistent with the requirements for persons undergoing background investigations; and

(g) developed, implemented, and maintained procedures and training for ensuring that persons granted unescorted access were aware and remained-2- Enclosure rFl OY 6YýLý \ A o CIA sE L-E RY L .D R oTIN aware of their responsibility to report arrests, were knowledgeable about the elements of the behavioral observation program, and were notified in writing of their responsibilities; I'r" verified for granting unescorted access that the licensee:

(a) developed, implemented, and maintained access authorization categories and processes for determinations regarding initial unescorted access, updated unescorted access, and reinstatement of unescorted access;

(b) implemented adequate provisions to obtain sufficient information to determine the true identity of applicants for unescorted access;

(c) conducted employment and/or education verifications and suitable inquiries within the required time constraints;

(d) required applicants to undergo professionally accepted and standardized psychological evaluations as required;

(e) ensured that any psychological abnormality identified during the process resulted in a clinical review by a licensed psychologist or psychiatrist and, as applicable, a medical review by a medical practitioner;

(f) reviewed and evaluated theiFederal Bureau of Investigation's criminal history record before authorizing unescorted access;

(g) conducted an assessment of trustworthiness and reliability before authorizing unescorted access;

(h) reviewed credit history summaries for the entire period covered by the credit history summary;(i) implemented extended inquiries for credit history summaries to determine fraud or misuse of social security numbers or other financial identifiers;(j) compared the data in the credit history summary with information contained in the applicant's personal history questionnaire to validate the information provided by the applicant;

(k) appropriately implemented the standard of best effort associated with the verification of past or present employment information of the applicant; (I) appropriately implemented the requirements for submitting fingerprints, including the restrictions on requesting name searches;(m) effectively implemented a pre-access drug and alcohol testing program for persons requesting unescorted access and a random drug and alcohol testing program for persons maintaining unescorted access; and

(n) conducted a holistic review of the information developed in making an access authorization decision;verified that the licensee had provisions in place to reassess and reevaluate, on the day of discovery, information received by or provided to the licensee on the day of discovery that may have had an effect on the trustworthiness or reliability of a person with unescorted access authorization;

• verified for the common industry database that the licensee:

(a) developed, implemented, and maintained a method to ensure individuals who have unescorted access authorization are identifiable in an industry-wide database, which is accessible by other NRC-licensed facilities;

(b) included in the industry-wide database, personnel who have been denied access for a certain period;

(c) developed, implemented, and maintained procedures to ensure that personnel who are denied access have been included in an industry-wide database;

(d) implemented measures to ensure the timely entry of information into the common industry database needed for a licensee to make an informed access authorization decision;

(e) denied access to the PA to personnel who have been denied access based on NRC requirements;

(f) ensured that personnel with unescorted access authorization who are in a licensee or contractor/vendor follow-up program are identified to enable continuation of the-3- Enclosure follow-up activities by the receiving licensee;

(g) developed, implemented, and maintained backup manual procedures and processes for sharing information; and

(h) ensured that personnel potentially affected by any licensee violation of any 10 CFR Part 26 program element are identified to any licensee having taken credit for the activities of the licensee in violation and to any licensee who may attempt to take credit for the activities of the licensee in violation; verified for the reinvestigations that the licensee:

(a) performed reinvestigations of all personnel having unescorted access to NRC-licensed facilities as required;and

(b) developed, implemented, and maintained criteria for individuals performing background investigations, and ensured that the criteria were consistent with the requirements for those undergoing background investigations; verified for the insider threat and mitigation that the licensee:

(a) reassessed and re-approved personnel access lists for Vital Areas (VA) at the prescribed frequency to confirm that personnel on the VA access list had a continued need to access VA;

(b) screened individuals on personnel access lists to ensure that they had a "continued need" for access to VA, not just a possibility of needing unescorted access at some undefined time in the future;

(c) implemented provisions for conducting psychological reassessments for critical group members at intervals not to exceed 5 years;

(d) implemented provisions for conducting and reviewing annual supervisory reviews;

(e) maintained a training program for security personnel that ensured security personnel recognized obvious indications of tampering, and that these conditions were reported in a timely manner and compensated where appropriate; and

(f) maintained a training program for operations personnel that ensured personnel wee alert to changes in configurations that indicated possible tampering and that these conditions wee reported in a timely manner and compensated where appropriate; verified for the licensee's behavioral observation program that the licensee:

(a) designed its program to ensure recognition of behaviors adverse to the safe operation and security of the facility;

(b) documented behavioral observation program training and refresher training;

(c) established provisions for initial and annual re-qualification behavior observation training for both the employees and their supervisors that wee off-site to maintain unescorted access; and

(d) included a method to validate the implementation of the licensee's behavior observation program for off-site employees who maintained unescorted access;verified for its personnel information management system that the licensee:

(a) developed, implemented, and maintained a personnel information management system to protect personal and confidential information;(b) provided protection of information stored or transmitted in electronic format;and

(c) designed its system to prohibit unauthorized access to the information and to prohibit modification of the data without proper authorization; and verified for safeguards information that the licensee:

(a) developed, implemented, and maintained procedures to control access authorization to safeguards information; and

(b) if appropriate, developed, implemented, and maintained procedures to control access authorization to safeguards information at contractor facilities.

ýTI N The inspectors reviewed access authorization-related issues during baseline inspection activities to verify that they were being entered into the licensee's corrective action system at an appropriate threshold, that adequate attention was being given to timely corrective actions, and that adverse trends were identified and adequately addressed.

The inspectors completed 48 of the required 48 samples.b. Findings No findings of significance were identified.

S02 Access Control (71130.02)

a. Inspection Scope

The inspectors evaluated this area by: reviewing program procedures, implementing procedures, and records; conducting interviews with responsible personnel and plant employees; and performing walkdowns.

The inspectors verified that:

(1) the licensee's Access Control program complied with the NRC-approved security plan and regulatory requirements;

(2) the licensee had control measures and equipment in place to detect and prevent the introduction of contraband into the PA; and

(3) the licensee's identification and authorization processes ensured that only those personnel that have been properly screened are granted unescorted access to the PA and VA.The inspectors conducted the following specific inspection activities:

reviewed and evaluated licensee event reports, safeguards log entries and corrective action documents dated between. March 2008 and April 2009 which were associate with Access Control (no licensee event reports were documented);

verified that:

(a) the licensee had a procedure that adequately described the method to immediately notify security to block badges for personnel who have had their access suspended;

(b) individuals responsible for implementing personnel access denial procedures were knowledgeable of how to effectively implement the procedures;

(c) identified procedure changes have not reduced the effectiveness of any of the security plans; and

(d) the licensee implemented and maintained measures, as necessary, to protect badging and/or other access control activities; verified that:

(a) in-processing searches of personnel, packages, and vehicles at access locations during peak ingress times were performed in compliance with established procedures;

(b) any collateral duty that security personnel conducting access control or search activities may perform did not adversely impact their ability to perform their primary duty in accordance with the security plan and implementing procedures;

(c) the licensee had sufficient staffing for processing personnel and equipment at the access control points in accordance with the-5- Enclosure O~ft~A S L E YE RAi security plan and implementing procedures; and

(d) the licensee properly implemented processes for control of packages and materials, and for material that was exempted from search;verified that the licensee manually controlled access to VAs when electronic controls were not in service; and verified that:

(a) the licensee had a program in place for controlling and accounting for hard keys to PA and VA, and for the replacement or changing of lock cores if a key was lost or compromised;

(b) personnel granted escorted access to the PA were badged to indicate that an escort was required; had registered his or her name, date, time, purpose of visit, employment affiliation, citizenship, and name of the individual visited; and the licensee had records of the escorted access retained for 3 years;

(c) the licensee had control of all locations (designed and used for access) where packages, personnel, and vehicles could be brought into the protected area;

(d) access control personnel identified authorized packages and could identify unauthorized packages and materials; and

(e) the licensee implemented and maintained control functions for vehicles delivering hazardous material within the site's PA.The inspectors routinely reviewed access control program-related issues during baseline inspection activities to verify that they were being entered into the licensee's corrective action system at an appropriate threshold, that adequate attention was being given to timely corrective actions, and that adverse trends were identified and adequately addressed.

The inspectors completed 16 of the required 16 samples.b. Findings No findings of significance were identified.

40A1 Performance Indicator Verification (71151)Cornerstone:

Physical Protection

.1 Safeguards

Strategic Area

a. Inspection Scope

The inspectors sampled licensee submittals for the performance indicator (PIs) listed below for the period from March 2008 through April 2009. To verify the accuracy of the PI data reported during that period, PI definitions and guidance contained in NEI 99-02,"Regulatory Assessment Performance Indicator Guideline," Revision 5, was used to verify the basis for reporting each data element. A sample of plant reports related to security events, and security shift activity logs were also reviewed.

The following PI was reviewed: Protected Area Security Equipment.

CU 4 I ý L ý U R L E ýN R IO ,,

Theinspectors completed 1 of the required 1 sample.b. Findings No findings of significance were identified.

40A6 Meetings Exit Meeting The inspectors presented the inspection results to Mr. F. A. Kearney and other members of licensee management at the conclusion of the inspection on April 10, 2009. The inspectors asked the licensee whether any materials examined during the inspection should be considered proprietary.

No proprietary information was identified.

ATTACHMENT:

=SUPPLEMENTAL

INFORMATION=

KEY POINTS OF CONTACT

Licensee

F. Kearney, Site Vice President

M. Kanavos, Plant Manager

M. Hiter, Security Analyst

S. Gackstetter, Regulatory

Assurance

Manager

C. Williamson, Security Manager

J. Waddell, Security Supervisor

D. Montgomery, Access Authorization

Nuclear Requlatory

Commission

B. Kemker, Senior Resident Inspector

D. Lords, Resident Inspector

LIST OF ITEMS OPENED, CLOSED, AND DISCUSSED

Opened. Closed, and

Discussed

None A "Ci ý-1-Attachment

• ~//

LIST OF DOCUMENTS

REVIEWED The following is a list of documents reviewed during the inspection.

Inclusion on this list does not imply that the NRC inspector reviewed the documents in their entirety but rather that selected sections or portions of the documents were evaluated as part of the overall inspection effort. Inclusion of a document on this list does not imply NRC acceptance of the document, or any part of it, unless this is stated in the body of the inspection report.S01 Access Authorization

(71130.01)

Number Description or Title Date or. Revision Clinton Power Station Security Plan (SGI) 5

SY-AA-103-500

Access Authorization Program 8

SY-AA-103-501

Access Authorization Categories and 7 Requirements

.SY-AA-103-502

Processing of Personal History 6 Questionnaire

SY-AA-103-503

Psychological Assessments

SY-AA-103-504

Review of Background Investigation and 9 Unescorted Access Denial Appeal

SY-AA-103-506

Utilizing the Personnel Access Database 10 System (PADS)SY-AA-103-507

Review Criteria for Unescorted Access 18

SY-AA-103-508

Conducting Background Investigations

SY-AA-103-509

Protection of Personal Information

SY-AA-103-510

Critical Group Security Requirements

SY-AA-103-511

Request for Unescorted Access 18

SY-AA-103-513

Behavior Observation Program 6

SY-AA-103-514

Fabrication of Security Badges 13

SY-AA-103-517

Inprocessing of Personnel (Employer and 6 Contractor)

SY-AA-103-518

Outprocessing of Personnel (Employer and 11 Contractor)

NOSA-NCS-09-03

Security Plan, FFD, Access Authorization, January 5, 2009 (AR 855534855534 and PADS Audit Report January 9, 2009 QAA/2255-08-01

Exelon Corporate Access Authorization May 6, 2008

VEQ-2008-80

Audit:

NE 2008-015 for Illinois Emergency July 2, 2008 Management Agency- Division of Nuclear Safety, Progress energy NEI Access Authorization and FFD Audit Follow-up

LS-AA-126-1001

FASA Self-Assessment January 26, 2009 Sample Access Authorization Records (Initials)

Sample Access Authorization Records (Updates)

_ _ _ _ _-2-Attachment

xOFýFI I L S ýYý-E ITY- diLi\TE94Nbl

MATI N,\S02 Number Description or Title Date or Revision Sample Access Authorization Records (Reinstatements

31-365 days)Sample Access Authorization Records (Reinstatements days or less)Sample Access Authorization Records (3-5 year)Sample Nuclear Generating Employee Training (NGET) Records Sample Annual Supervisor Reviews Sample Security Training Lesson Plan (VA, 00 PA Patrols)Corrective Action Program Reports March 2008 -(Security-Related);

April 2009 Security Event Reports (SER); March 2008 -April 2009 Access Control (71130.02)

Number Description or Title Date or Revision Clinton Power Station Security Plan 5 (SGI)SY-AA-101-1

Control and Confiscation of Contraband or Prohibited Items

SY-AA-101-110

Maintaining Search Integrity between 4 Stations

SY-AA-101-111-1002

Guidance Document for the 6 Implementation of Safeguards Advisory Actions

SY-AA-1 01-112 Searching Personnel, Vehicles, 13 Packages, and Cargo

SY-AA-101-113

Escorting Personnel and Vehicles 6

SY-AA-101-114

Processing Emergency Response 4 Vehicles and Personnel

SY-AA-101-115

Controlling Gates 5

SY-AA-101-117

Routine Processing and Escorting of 15 Personnel and Vehicles

SY-AA-101-118

Control of Badges 2

SY-AA-1,01-119

Control of Receiving Warehouses

SY-AA-101-120

Control of Security Keys and Cores 2

SY-AA-101-120

1, Key Issuance Log Sample

SY-AA-101-120

2, Key Inventory Sample

SY-AA-101-123

Searching Vehicles and Cargo/Material

8-3-ICI L ON -EC I -LA IN A ION Attachment

,ýý SE M,ý:ýUýYRjýý

ý IF _T-111ý I N Number Description or Title Date or Revision

SY-AA-1 013 General Guidance for Use of the 2 Itemiser 3 Explosive Detector

SY-AA-103-511

Request for Unescorted Access 17

SY-AA-150-1001

Non-Member/Temporary Member of the Figure 5-5 Security Organization Individual Qualification Record (Sample)SY-AA-101-125-1002

Weapons and Ammunition Control 2 Security Key Inventory;

Non-Issued

2007-2009 P Key and Cores Security Key Inventory;

V and P Key 2007-2009 Inventory

LS-AA-125

Corrective Action Program (CAP) 11 Procedure Corrective Action Program Reports March 2008 -April (Security-Related)

2009 Security Event Reports (SER) March 2008 -April 2009

AR 00904201 AR Report (NRC Identified)

April 7, 2009

AR 00905200 AR Report (NRC Identified)

April 9, 2009 Performance Indicator Verification

(71151)Number Description or Title Date or Revision

NEI 99-02 Regulatory Assessment Performance Indicator Guideline

LS-AA-2160

Monthly (PI) Data Elements for Protected

A Security Equipment Performance Index Exelon Security Monthly Performance March 2008 -Indicator Summary Report April 2009 Nuclear Security Performance Summary March 2008 -Report April 2009 SERs March 2008 -April 2009 40A1-4-Attachment

CAP CFR DRS FASA FFD NOS NRC OCA PA PI VA SER

LIST OF ACRONYMS

USED Corrective

Action Program Code of Federal Regulations

Division of Reactor Safety Focus Area Self-Assessment

Fitness-for-Duty

Nuclear Oversight Nuclear Regulatory

Commission

Owner-Controlled

Area Protected

Area Performance

Indicator Vital Area Security Event Reports-5-FSE I E Attachment