Publication Date: 11/1/87     Pages: 12     Date Entered: 12/16/87     Title: REPORTING OF SAFEGUARDS EVENTS (2/81)     Revision 1     November 1987     U.S. NUCLEAR REGULATORY COMMISSION     REGULATORY GUIDE     OFFICE OF NUCLEAR REGULATORY RESEARCH     REGULATORY GUIDE 5.62     (Task SG 901-4) REPORTING OF SAFEGUARDS EVENTS A. INTRODUCTION     In 10 CFR Part 73, "Physical Protection of Plants and Materials,"     paragraphs 73.71(a) through (c) have recently been amended. Section     73.71 requires licensees to report to the Operations Center of the NRC     or to record for quarterly transmittal to the NRC certain safeguards     events. These events are those that threaten nuclear activities or     lessen the effectiveness of a security system as established by     safeguards regulations or an approved security or contingency plan.     This regulatory guide provides an approach acceptable to the NRC     staff for use by the licensee for determining when and how an event     should be reported. The examples provided represent the types of events     that should be reported and are not intended to be all-inclusive. The     applicability of events may vary from site to site.     Any information collection activities mentioned in this regulatory     guide are contained as requirements in 10 CFR Part 73, which provides     the regulatory basis for this guide. The information collection     requirements in 10 CFR Part 73 have been cleared under OMB Clearance No.     3150-0002. B. DISCUSSION     The information reportable under Section 73.71 is required so the     NRC will be informed of safeguards-related events that have the     potential to endanger public health and safety or national security.     The required information is also used to monitor trends in safeguards     system effectiveness.     Because certain significant safeguards events warrant immediate     involvement by the NRC and possibly other government agencies such as     the FBI, these events must be reported by telephone to the NRC within 1     hour of discovery of the event, and a detailed written report must     follow within 30 days.     Certain other less significant safeguards events are required to     be recorded in a log and copies of the recorded log submitted to the NRC     every 3 months. While these events are less significant than those     reportable within 1 hour, they are required to be reported to the NRC on     a quarterly basis for review and long-term trend analysis. If an event     occurs repeatedly at one facility or throughout the industry, it may     represent a defect in the security program or a generic trend. Not all     generic defects or trends require action on the part of the NRC;     however, this decision cannot be made unless the events are reported to     the NRC. Licensees have been required to maintain a separate log to     record events reportable under Section 73.71 in the past, but are now     required to submit a copy of that log to the NRC on a quarterly basis.     For the purposes of this guide and for understanding the     regulations, a glossary is given in Appendix A of this guide. Table 1     presents a summary of reportable events and reporting times. C. REGULATORY POSITION 1. LICENSEES SUBJECT TO SECTION 73.71     Licensees who are subject to the provisions of Sections 73.25,     73.26, 73.27(c), 73.37, 73.67(e), or 73.67(g) of 10 CFR Part 73 are     subject to the provisions of paragraph 73.71(a).     Licensees who are subject to the provisions of Sections 73.20,     73.37, 73.50, 73.55, 73.60, or 73.67 are subject to the provisions of     paragraph 73.71(b) for events described in paragraph (I)(a)(1) of the     new Appendix G to Part 73. Licensees subject to the provisions of     Sections 73.20, 73.37, 73.50, 73.55, 73.60, or each licensee possessing     strategic special nuclear material (SSNM) and subject to paragraph     73.67(d) are subject to the provisions of paragraph 73.71(b) for events     described in paragraphs I(a)(2), I(a)(3), I(b), and I(c) of Appendix G     to Part 73. Licensees subject to the provisions of Sections 73.20,     73.37, 73.50, 73.55, or 73.60 are subject to the provisions of paragraph     73.71(b) for events described in paragraph I(d) of Appendix G to Part     73.     (Due to database constraints, Table 1 is not included. Please contact     LIS to obtain a copy.) Licensees subject to the provisions of Sections 73.20, 73.37,     73.50, 73.55, 73.60, or each licensee possessing SSNM and subject to     paragraph 73.67(d) are subject to the provisions of paragraph 73.71(c). 2. REPORTABLE EVENTS     2.1 Safeguards Events To Be Reported Within 1 Hour     Paragraphs 73.71(a) and (b) require certain events to be reported     within 1 hour of discovery. Events under paragraph 73.71(a) involve     incidents in which theft, loss, or diversion of a shipment of special     nuclear material (SNM) or spent fuel has occurred or is believed to have     occurred. A written report should be submitted to the NRC within 30     days on each event that is reported within 1 hour. Safeguards events     reportable under paragraph 73.71(b) and described in Appendix G to 10     CFR Part 73 include: 1. Acts, attempts, or threats to commit:     (a) Theft or unlawful diversion of SNM or spent fuel;     (b) Significant physical damage to a power reactor, to any     facility possessing SSNM or such facility's equipment,     to the carrier equipment transporting nuclear fuel or     spent nuclear fuel, or to the nuclear fuel or spent     nuclear fuel a facility or carrier possesses;     (c) Interruption of normal operation of a licensed nuclear     power reactor through the unauthorized use of or     tampering with its machinery, components, or controls,     including the security system. 2. Any actual entry of an unauthorized person into a protected     area, material access area, controlled access area, vital     area, or transport equipment. 3. Any uncompensated failure, degradation, or discovered     vulnerability in a safeguards system that could allow     unaithorized or undetected access to a protected area,     material access area, controlled access area, vital area, or     carrier transporting nuclear fuel, spent fuel, or formula     quantities of SSNM. 4. Any actual or attempted introduction of contraband into a     protected area, material access area, vital area, or     transport equipment.     To clarify, safeguards system failures include not only mechanical     or electrical system failures but also improper security procedures or     personnel practices. Discovered vulnerabilities include incidents in     which the security system has not failed, but some flaw in the security     system that had existed without being noticed has been discovered.     2.2 Examples of Safeguards Events To Be Reported Within 1 Hour     The following are examples of events that should be reported to     the NRC within 1 hour because of their potential to endanger public     health and safety or national security. This list should not be     considered all-inclusive. The applicable regulation is cited for each     event, and compensatory measures are discussed if appropriate. 1. Credible bomb or extortion threats. In addition to the     initial telephone report, a telephone report of the results of a bomb     search should be made within 1 hour of completion of the search.     Unsubstantiated threats need not be reported immediately unless a     specific organization or group claims responsibility or the threat is     one of a pattern of harassing threats; in these cases, the threat must     be reported within 1 hour. (Paragraph I(a)(1), (2), or (3) of Appendix     G) There are no compensatory measures that would preclude the reporting     of a substantiated threat within 1 hour. If a threat cannot be     substantiated (no organization or group identified, negative search     results, and no additional evidence other than the threat message), the     event need only be logged. (Also see number 13 in Section 2.4 of this     guide.)2. Discovery of a criminal act involving individuals granted     unescorted protected area or vital area access that, in the judgment of     the licensee, adversely affects radiological safety in licensed     activities or facility operations (e.g., felonious acts, discovery of a     conspiracy to bomb the facility or disturb its vital components,     vandalism of vital equipment, reasonable suspicion of illegal sale, use,     possession, or introduction of a controlled substance onsite).     (Paragraph I(a)(2) or (3) of Appendix G) Because of the serious nature     of such an event, discovery of the event should be reported within 1     hour even if the individual's unescorted access authorization is     cancelled. (Also see number 3 in this section.)3. Discovery of a criminal act involving a person granted unescorted     protected area or vital area access if the act has the potential for     adversely affecting the public health and safety, e.g., illegal use of a     controlled substance offsite by a reactor control room operator.     (Paragraph I(a)(2) or (3) of Appendix G) Licensees should exercise     judgment in determining the reportability of criminal acts conducted     offsite. Only those acts with the potential for affecting the     radiological safety of licensed activities need be reported. Criteria     that can be used to judge reportability of these types of events include     (1) the event indicates a failure in program design or implementation,     (2) the person involved has safety-related responsibilities, or (3) the     event is receiving media attention. Positive drug screens should be     validated prior to determining reportability to the NRC. If the event     is properly compensated, e.g., the program failure is corrected or the     individual's unescorted access is suspended, then the event need only be     logged. 4. Discovery of theft or loss of classified documents     pertaining to facility or transport safeguards. (Paragraph I(a) of     Appendix G) (Note: This is also reportable under Section 95.57 of 10     CFR Part 95.) This type of event is considered a credible threat to the     proper safeguarding of a facility or transport. By the nature of this     event, its discovery can occur only after a significant degradation of     the safeguards system designed to protect the classified documents. No     measure can adequately compensate for such an event, and events of this     type should always be reported within 1 hour of discovery. After the     discovery, the licensee should endeavor to locate the missing or stolen     document, take measures to help ensure the event is not repeated, and     take whatever steps are possible to minimize the consequences of the     event. 5. Fire or explosion of suspicious or unknown origin within the     isolation zone, protected area, material access area, or vital area.     (Note: Events reportable under Sections 50.72 or 50.73 do not require     duplicate reports under Section 73.71.) (Paragraphs I(a)(1), (2), (3),     or I(d) of Appendix G) If the origin of a fire or explosion can be     determined within 1 hour to be nonsuspicious and the facility sustains     no significant damage, the event is not considered a security threat to     the facility and need not be reported or logged. (Also see number 4 in     Section 2.5.) 6. Discovery of a suspicious vehicle following a licensed     carrier transporting formula quantities of SSNM. (Paragraph I(a)(1) of     Appendix G) In this situation, armed escorts or other responsible     personnel should determine whether or not a threat exists and assess the     extent of the threat, if any. If a threat exists, it should be reported     to the NRC within 1 hour of confirmation and the provisions of paragraph     73.26(e) should be followed. If no threat exists, the event need not be     reported or logged. 7. Mechanical breakdown of transport vehicle carrying formula     quantities of SSNM. (Paragraphs I(a)(1), (2) of Appendix G) Since it is     difficult to readily determine if a mechanical breakdown is random or     intentional, and because of the strategic significance of the material,     mechanical breakdowns of transports carrying formula quantities of SSNM     should always be reported to the NRC within 1 hour of discovery. 8. Complete loss of offsite communications. (Paragraph I(a)(2)     or (3) of Appendix G) If possible, the licensee should report the     complete loss of communications from the site within 1 hour or     immediately after restoration of communications. If communications from     the site are lost and cannot be restored within 1 hour, the licensee     should use communications located offsite to notify the NRC. 9. Mass demonstration at plant site that may pose a threat to     the facility. (Paragraph I(a)(2) or (3) of Appendix G) 10. Civil disturbance near the plant site that may pose a threat     to the facility. (Paragraph I(a)(2) or (3) of Appendix G) 11. Confirmed tampering of suspicious origin with safety or     security equipment. (Paragraph I(a)(1), (2), or (3) of Appendix G) 12. An assault on a power reactor, facility, or transport     possessing or transporting SSNM regardless of whether perimeter     penetration is achieved. (Paragraph I(a)(1), (2), or (3) of Appendix G) 13. Confirmed intrusions by unauthorized individuals into the     protected area, material access area, controlled access area, vital     area, or carrier transporting formula quantities of SSNM. (Paragraph     I(b) of Appendix G) Measures should be taken to preclude the recurrence     of such events. Since any compensatory measures for such an event would     be after the fact of a serious safeguards degradation, there are no     compensatory measures that would preclude reporting such an event within     1 hour of discovery. The violation of licensee-established work rules     (e.g., area zoning) within an area by an authorized individual need not     be reported or logged as a safeguards event. (Also see number 11 in     Section 2.4.) 14. Uncompensated suspension of safeguards controls during     either radiological or nonradiological emergencies that could allow     undetected or unauthorized access. (Note: Events reportable under     Sections 50.72 or 50.73 do not require duplicate reports under Section     73.71.) (Paragraph I(c) of Appendix G) Section 5.3, "Controls that Can     Be Suspended During an Emergency," of Regulatory Guide 5.65, "Vital Area     Access Controls, Protection of Physical Security Equipment, and Key and     Lock Controls," describes safeguards measures that may be suspended     during nonradiological emergencies.     15. Discovery of intentionally falsified identification badges     or key cards. (Paragraph I(a) of Appendix G) This event is considered a     safeguards threat to the facility and should always be reported within 1     hour of discovery. Measures should be taken immediately to cancel the     badges or key cards from the access system and to determine to what     extent the badges or key cards have been used.     16. Discovery of uncompensated and unaccounted for, lost, or     stolen key cards, I.D. card blanks, keys, or any access device that     could allow unauthorized or undetected access to protected areas,     material access areas, controlled access areas, or vital areas.     (Paragraph I(c) of Appendix G) Such events need not be reported within 1     hour if measures are taken within 10 minutes of the discovery of the     loss to preclude the use of the lost or stolen device for gaining access     to a controlled area and to ensure that the lost or stolen device has     not been used in an unauthorized manner prior to completion of actions     to prevent unauthorized use of the device. (Also see number 6 in     Section 2.4.) 17. Compromise of safeguards information (including loss or     theft) that would significantly assist a person in an act of     radiological sabotage or theft of SNM. (Paragraph I(a) of Appendix G)     There is no measure that would adequately compensate a compromise of     safeguards information once the event has occurred. A licensee should     always report this type of event within 1 hour of discovery, and     follow-up measures similar to those for theft or loss of a classified     document should be taken. (Also see number 4 in this section.) 18. Uncompensated loss of the ability to monitor or remotely     assess protected area alarms through loss of both central and secondary     alarm stations. (Paragraph I(c) of Appendix G) If the event involves an     outage of the alarms, closed circuit television, or security computers,     the event is considered properly compensated if the original capability     is restored within 10 minutes of discovery of the event or if dedicated     observers with appropriate communications equipment are in place within     10 minutes of the discovery to provide total observation of each     area.(1) Licensees are expected to discover this type of event upon     occurrence. If immediate restoration of system capability is provided     by activating secondary computers, the loss of backup capability need     not be reported within 1 hour. (Also see number 10 in Section 2.4.) 19. Unavailability of a minimum number of security personnel or     an actual or imminent strike by the security force. (Paragraph I(c) of     Appendix G) If an unexpected unavailability of a minimum number of     security personnel occurs, procedures pre-approved by the NRC may be     used; or "on call" guards or trained management, supervisory, or     operations personnel available within 10 minutes may be used to     supplement the on-duty security force. If minimum requirements cannot     be met, the event should be reported within 1 hour of discovery.     20. Uncompensated loss of all ac power supply to security     systems that could allow unauthorized or undetected access to a     protected area, material access area, controlled access area, or vital     area. (Paragraph I(c) of Appendix G) If the security system integrity     can be maintained by standby power, the event is considered properly     compensated and need only be logged. However, if standby power fails     prior to restoration of ac power, the event should be reported within 1     hour of loss of standby power. Licensees are expected to discover this     type of event upon occurrence. (Also see number 7 in Section 2.4.) 21. Uncompensated loss of ability to detect within a single     intrusion detection system zone. (Paragraph I(c) of Appendix G) Proper     compensation for this event means immediate deployment (within 10     minutes of discovery) of back-up intrusion detection equipment or     posting a dedicated observer with a view of the entire area and     capability to communicate with alarm stations.(1) Licensees are expected     to discover this type of event upon occurence. (Also see number 3 in     Section 2.4.)----------     (1) Posting personnel as a compensatory measure implies that the     personnel are capable of performing the lost or degraded function. When     they cannot perform that function, such as when they are asleep, there     is an uncompensated loss that must be reported within 1 hour of     discovery. Preplanned compensatory measures are normally described in     NRC-approved safeguards plans.     ----------     22. Loss of alarm capability or locking mechanism on a material     access area or vital area portal. (Paragraph I(c) of Appendix G) A     bolt-position alarm capability is not a proper compensatory measure for     loss of a balanced-magnetic alarm because it is not tamper-resistant.     Proper compensation for either of these events means immediate (within     10 minutes of discovery) posting of a dedicated observer for loss of an     alarm or posting an armed member of the security force for loss of a     lock. The posted observer or guard should have appropriate     communications equipment.(1) In addition, a thorough search of the     affected area should be initiated immediately and completed as soon as     practicable. Licensees are expected to discover this type of event upon     occurrence. (Also see number 8 in Section 2.4.) 23. Discovery of the actual or attempted introduction into or     possession within the protected area, material access area, or vital     area of unauthorized weapons, explosives, or incendiary devices.     (Paragraph I(d) of Appendix G) There are no compensatory measures that     would preclude reporting this event within 1 hour. If an actual     introduction of contraband is made, steps should be taken to correct the     vulnerability that allowed the introduction. The discovery of vehicular     emergency equipment such as safety flares during entrance searches need     not be reported or logged. (Also see number 5 in this section.) 24. Loss of security weapon at the site. (Paragraph I(a)(3) of     Appendix G)2.3 Safeguards Events To Be Reported and Submitted Quarterly in a Log     The following safeguards events reportable under paragraph     73.71(c) need only be logged within 24 hours of their discovery and     submitted quarterly to the NRC: 1. Any failure or degradation of a safeguards system or     discovered vulnerability in a system that could have allowed     unauthorized or undetected access to a protected area,     material access area, controlled access area, vital area, or     transport equipment if compensatory measures had not been     established. (Logging is not required for preplanned     situations that require compensatory measures, such as     special outage work, equipment relocation, exercises and     drills, and other situations that are not the result of a     safeguards system failure.) 2. Any other threatened, attempted, or committed act not     previously defined in Appendix G that has the potential for     reducing the effectiveness of the safeguards system below     that committed to in a licensed physical security or     contingency plan or the actual condition of such reduction     in effectiveness.     With respect to the proper compensation of an event, compensatory     measures need to be implemented promptly to be effective. For example,     measures used to compensate for a design flaw or vulnerability in a     safeguards barrier that has existed for some period of time and that     could allow unauthorized or undetected access are not considered     effective if implemented more than 10 minutes after the flaw or     vulnerability occurs; such events require immediate reporting. Prompt     implementation will minimize any period of degradation that may exist     between the occurrence and proper compensation after discovery of     certain events. Proper compensation after discovery of an event does not     relieve the licensee from the responsibility for taking long-term     corrective action, nor does it relieve the licensee from possible     enforcement action by the NRC for non-compliance during the periods of     safeguards system degradation. However, licensees are not ordinarily     cited for violations resulting from matters not within their control,     such as equipment failures that occurred despite reasonable licensee     quality assurance measures, testing and maintenance programs, or     management controls. (See 10 CFR Part 2, Appendix C, paragraph V.A.) False alarms (those generated without any apparent cause) and     nuisance alarms (those generated by an identified input that does not     represent a safeguards threat) generally need not be reported or logged.     However, if false or nuisance alarms are so frequent that the     effectiveness of the alarm system is degraded or a pattern of false or     nuisance alarms emerges, the licensee should take corrective action and     note the degraded status and compensatory measures taken in the     safeguards event log.     2.4 Examples of Safeguards Events To Be Reported and Submitted     Quarterly in a Log     The following are examples of events that are less significant     than those reportable within 1 hour, and according to the rule are     required to be logged within 24 hours and submitted quarterly to the     NRC. This list should not be considered all-inclusive. The applicable     regulation is cited for each event, and compensatory measures are     discussed where appropriate. 1. Properly compensated security computer failures. (Paragraph     II(a) of Appendix G) Properly compensated means that within 10 minutes     of the discovery of the failure the system is restored to operation, the     backup system is operational, or other resources (e.g., security     personnel with appropriate communications equipment) are posted to     provide an equivalent level of protection. In all cases, a thorough     search of all areas where alarms or access controls may have been     compromised by the failure should be initiated immediately and completed     as soon as practicable. Licensees are expected to discover this type of     event upon occurrence. 2. Properly compensated vital area card reader failures.     (Paragraph II(a) of Appendix G) For this event, proper compensation     means posting appropriate personnel (i.e., armed guard if door is     unlocked, dedicated observer if door remains locked but access is     required) within 10 minutes of discovery.(1) The appropriate personnel     must have a current access list and communications capability to alarm     stations. A thorough search of the affected area must be initiated     immediately and completed as soon as practicable. Licensees are expected     to discover this type of event upon occurrence. 3. Properly compensated alarm failures. (Paragraph II(a) of     Appendix G) For this event, proper compensation means deployment of     back-up alarm equipment (a bolt-position alarm capability is not     considered back-up alarm equipment because it is not tamper-resistant)     or posting a dedicated observer within 10 minutes of discovery.(1) The     dedicated observer should have appropriate communications equipment and     should be able to observe the entire affected area of the portal. In     addition, a thorough search of the affected area should be initiated     immediately and completed as soon as practicable. Licensees are     expected to discover this type of event upon occurrence. (Also see     number 21 in Section 2.2.) 4. Properly compensated closed circuit television failure in a     single zone while the intrusion detection system remains operational.     (Paragraph II(a) of Appendix G) Properly compensated means providing     other assessment capability, such as posting a dedicated observer with     communications equipment to assess the entire zone within 10 minutes of     discovery of the failure.(1) Licensees are expected to discover this     type of event upon occurrence. 5. Properly compensated failure or degradation of a single     perimeter lighting zone if the intrusion detection system remains     operational. (Paragraph II(a) of Appendix G) Measures to properly     compensate for failure or degradation of a lighting zone must be     implemented within 10 minutes of discovery and may include (1) using     standby power, (2) using low-light-level surveillance devices, (3) using     portable lighting systems, or (4) posting dedicated observers with     appropriate communications equipment to provide an equivalent level of     protection. 6. Properly compensated accidental removal offsite or loss of     badge by employee. (Paragraph II(a) of Appendix G) For this event,     proper compensation is cancelling the badge from the access control     system within 10 minutes of onsite personnel discovering that the badge     is missing. Measures must be taken to be sure the badge has not been     used in an unauthorized manner while it has been missing. (Also see     number 16 in Section 2.2.) 7. Properly compensated loss of the ac power supply for the     entire intrusion detection system that, if uncompensated, would allow     unauthorized or undetected access. (Paragraph II(a) of Appendix G)     Proper compensation for this event is immediately available emergency     power through an uninterruptible power source such as a battery     supported by a generator. If back-up power is not available, security     personnel with communications equipment should be posted within 10     minutes of discovery; however, this action is not considered proper     compensation for the event and does not excuse a licensee from reporting     the event within 1 hour. Licensees are expected to discover this type     of event upon occurrence. (Also see number 20 in Section 2.2.) 8. Properly compensated loss of either alarm or locking     mechanism on a material access area or a vital area portal. (Paragraph     II(a) of Appendix G) A bolt-position alarm capability is not considered     a proper compensatory measure because it is not tamper-resistant.     Proper compensation for this event is immediate (within 10 minutes of     discovery) posting of a dedicated observer for a loss of alarm or an     armed member of the security force for loss of a lock.(1) The posted     personnel should have appropriate communications equipment. In     addition, a thorough search of the affected area should be initiated     immediately and completed as soon as practicable. Licensees are     expected to discover this type of event upon occurrence. (Also see     number 23 in Section 2.2.) 9. Security computer failures that may not enable unauthorized     or undetected access. (Paragraph II(b) of Appendix G) 10. Loss of the capability of a single alarm station to monitor     or remotely assess alarms but monitoring or assessment capability     remains in other stations. (Paragraph II(b) of Appendix G) (Also see     number 18 in Section 2.2.) 11. Tailgating by a licensee or contractor employee to gain     access to an area to which he or she is authorized access. (Paragraph     II(b) of Appendix G) (Also see number 13 in Section 2.2.) 12. For shipments of formula quantities of SSNM, intra-convoy     communications ability is lost, but ability to communicate with movement     control center remains. (Paragraph II(b) of Appendix G) 13. Unsubstantiated bomb or extortion threat. (Paragraph II(b)     of Appendix G) An unsubstantiated bomb or extortion threat is a threat     in which no specific organization or group claims responsibility, the     search result is negative, and no evidence is available other than the     threat message. If a threat is one of a pattern of harassing, even if     unsubstantiated, it should be reported within 1 hour.     2.5 Events Not Required To Be Logged or Reported     Certain failures of the safeguards system that do not and could     not reduce the effectiveness of the system have little or no safeguards     significance; events having little or no safeguards significance need     not be reported or logged. The following are examples of events that     are not required to be logged or reported. This list should not be     considered all-inclusive. 1. Cuts made by authorized maintenance personnel through a     vital area barrier for a legitimate reason (e.g., to install pipe) if     prior approval, coordination with security, and proper compensatory     measures have been established. 2. A person attempting to climb a protected area fence if the     person is obviously a child. 3. Infrequent nuisance alarms caused by mechanical or     environmental problems and false alarms that do not exceed the rates     committed to in the licensee's approved security plan or do not degrade     alarm system effectiveness. 4. When the origin of a fire or explosion can be determined     within 1 hour to be nonsuspicious and the facility sustains no     significant damage. 3. PROCEDURES     The determination for reporting an event under paragraphs     73.71(a), (b), and (c) should be made by onsite security management or     their equivalent. However, discovery of such an event is not limited to     members of the security organization. It is recommended that all     regular site employees receive security orientation by the security     organization to foster an awareness of site security and to be briefed     on their responsibility to immediately notify site security of     safeguards anomalies.     Events of a dual nature (i.e., having both safety and safeguards     implications and subject to the requirements of Sections 50.72, 50.73,     and 73.71) do not require duplicate reports under the requirements of     Section 73.71. If a power reactor licensee reports an event that is     reportable in accordance with both Sections 50.73 and 73.71, the     procedures described in Section 50.73 (i.e., submittal of a licensee     event report (LER)) must be followed. The procedures contained in     NUREG-1022, "Licensee Event Report System,"(2) describe how to indicate     that an LER meets multiple reporting requirements. When submitting     reports of events reportable solely under the provisions of Section     73.71, power reactor licensees should use LER Form 366; all other     licensees should write a letter. If the written report contains     restricted data, e.g., unclassified safeguards information, the report     must be appropriately marked. If NRC Form 366 or 366A is used,     restricted data may be included only in the text section (Item 17 of the     form). Restricted data should not be included in the abstract section     (Item 16) or any other section of the form other than the text section.     In addition, the text should clearly indicate the information that is     restricted. Finally, the requirements of paragraph 73.21(g) must be met     when transmitting written proprietary information.     It is recognized that not all items of NRC Form 366 may apply when     safeguards events are reported. Power reactor licensees should be sure     that all the information needed by the NRC for analysis and evaluation,     as described in section 3.2 of this guide, is included on the form,     whether under a specific item or in the text section.     Procedures for the 1-hour report, the 30-day followup report, and     the quarterly log are discussed in the following sections.     ----------     (2) F. J. Hebdon, "Licensee Event Report System," U.S. Nuclear     Regulatory Commission, NUREG-1022, September 1983.     ----------     3.1 1-Hour Reports     When a licensee, licensee employee, or contract employee discovers     an event reportable under paragraph 73.71(a) or (b), telephone     notification to the NRC Operations Center listed in Appendix A to 10 CFR     Part 73 should be made within 1 hour of the discovery. Telephone     notification should be made via the Emergency Notification System (ENS)     if the licensee is party to that system. If the ENS is inoperative or     unavailable, a commercial telephone should be used to ensure that the     required notification is received by the NRC Operations Center within 1     hour of discovery of the event. The commercial telephone number that     may be used to contact the NRC Operations Center is (301) 951-0550.     Other methods that may be used to ensure notification within 1 hour     include telegram, mailgram, or facsimile. Telegrams and mailgrams     should be hand delivered to the Operations Officer at the NRC Operations     Center, Maryland National Bank Building, 7735 Old Georgetown Road,     Bethesda, Maryland 20814. For information concerning facsimiles,     telephone the NRC Operations Center at (301) 492-8893. If pertinent     information or errors are uncovered after the initial telephone report     but prior to submittal of the written report, the licensee should notify     the NRC Operations Center of the information or error by telephone.     Under the provisions of paragraph 73.71(a), the licensee (or     agent) should also notify the NRC Operations Center by telephone within     1 hour of the recovery of or accounting for a shipment with information     on the material located, known reason for loss, etc.     Telephone reports made pursuant to Section 73.71 may be     transmitted over unprotected lines as permitted by the exemption in     paragraph 73.21(g)(3).     3.2 30-Day Followup Written Reports     A followup written report must be submitted within 30 days of a     1-hour report. Power reactor licensees should use the Licensee Event     Report form, NRC Form 366, in submitting their reports; all other     licensees should use a letter format. For all licensees, the     information described below is sufficient for NRC analysis and     evaluation and should be included in the report as a minimum. Reports     of events must be legible and reproducible and should include the     following: 1. Date and time of event (start and end time). 2. Location of actual or threatened event in a protected area,     material access area, controlled access area, vital area, or     other (specify area). 3. For power reactors, the operating phase, e.g., shut-down,     operating. 4. Safety systems affected or threatened, directly or     indirectly. 5. Type of security force onsite (proprietary or contract). 6. Number and type of personnel involved, e.g., contractors,     security, visitors, NRC personnel, other (specify). 7. Method of discovery of incident, e.g., routine inspection,     test, maintenance, alarm, chance, informant, communicated     threat, unusual circumstances (give details). 8. Procedural errors involved, if applicable. 9. Immediate actions taken in response to event. 10. Corrective actions taken or planned.     11. Local, State, or Federal law enforcement agencies contacted.     12. Description of media interest and press release.     13. Indication of previous similar events.     14. Knowledgeable contact.     For security system failures, provide the following in addition to     Items 1 through 14:     15. Description of failed or malfunctioned equipment (including     manufacturer and model number).     16. Apparent cause of each component or system failure. (For     uncompensated security computer failures, state the reason     the event could not be compensated and list specific     components affected, e.g., central processor,     peripheral/terminal equipment, software.) 17. Status of the equipment prior to the event (e.g., operating,     being maintained, made secure) and compensatory measures in     place.     18. Secondary functions affected (for multiple-function     components).     19. Effect on plant safety.     20. Unusual conditions that may have contributed to failure,     e.g., environmental extremes.     For threat-related incidents, provide the following in addition to     Items 1 through 14:     21. Number of perpetrators.     22. Type of threat, e.g., bomb, extortion.     23. Means of communication, e.g., letter, telephone.     24. Text of threat.     25. Mode of operation.     26. Clear photocopy of threat letter and accompanying envelope     if applicable.     Licensees should submit one copy of each written report to the     U.S. Nuclear Regulatory Commission, Document Control Desk, Washington,     DC 20555, and one copy to the appropriate Regional Office listed in     Appendix A to 10 CFR Part 73. If pertinent information or errors are     uncovered after the initial telephone report or the written report is     submitted, the licensee should notify the NRC Operations Center by     telephone of the information or errors. If the information is uncovered     after the written report has been submitted, the licensee should submit     a complete revised written report with revisions indicated to the     Document Control Desk and the Regional Office. The revised report     should be complete and should not contain only the supplementary or     revised information.     3.3 Maintenance and Quarterly Submittal of Log     Events reportable under paragraph 73.71(c) only need to be logged.     In maintaining the log, it is recommended that the licensee log the     information as received and then summarize and update the log entry when     the event terminates. However, licensees are required by paragraph     73.71(c) to log entries within 24 hours of the discovery of the event.     Since the licensee would immediately investigate all events that     threatened nuclear activities or lessened the effectiveness of the     security system, the details would generally be available when the entry     was made in the log. Log entries should include as a minimum: 1. Date and time of the event; 2. Brief (one-line) description of the event; 3. Brief (one-line) description of compensatory or corrective     actions taken; 4. Area affected, e.g., vital area, protected area, owner     controlled, transport; and 5. How detected, e.g., alarm, routine inspections, patrol,     informants.     Every 3 months, the licensee is required to submit one copy of all     log entries not previously submitted to the NRC Document Control Desk.     The log entries need not be typed as long as they are legible; a     photocopy is acceptable. Licensees are permitted a 30-day grace period     for all log submittals.     Events of a similar nature that are logged and submitted to the     NRC under paragraph 73.71(c) may be consolidated into a single log entry     if they occur repeatedly within the quarterly submittal period. The     date and time should be specified for each occurrence of the event. For     example, if there is a repeated occurrence of a compensated computer     failure and each failure is the result of the same problem, only one log     entry providing the details of 1 through 5 above need be made. However,     the date, time, and duration of the event should be recorded in the log     for each occurrence.     Each log must be retained for 3 years after the last entry to that     log.     APPENDIX A     GLOSSARY     NOTE: This glossary only applies to the requirements of Section 73.71     of 10 CFR Part 73.     Any failure, degradation, or discovered vulnerability: The cessation of     proper functioning or performance of equipment, personnel, or procedures     that compose the physical protection program necessary to meet Part 73     requirements, or a discovered defect in such equipment, personnel, or     procedures that degrades function or performance.     Credible threat: A threat should be considered credible when (1)     physical evidence supporting the threat exists, (2) information     independent from the actual threat message exists that supports the     threat, or (3) a specific group or organization claims responsibility     for the threat.     Dedicated observer: A person, not necessarily a member of the security     force, posted as a temporary compensatory measure for a degraded     assessment or detection capability or both. While performing this     function, duties must be limited to detection and assessment. As a     minimum, the person must be able to view the entire area affected by the     degradation and must be able to communicate with the central alarm     station.     Diversion of SNM: Unauthorized movement of SNM by individuals     authorized access to or control over the material.     False alarm: An alarm generated without an apparent cause.     Investigation discloses no evidence of a valid alarm condition,     including tampering, no nuisance alarm conditions, and no equipment     malfunction.     Interruption of normal operation: The cessation of normal operation     that, if accomplished, would result in substantial economic harm or cost     to the licensee.     Loss of SNM: (1) A failure to measure or account for material by the     material control and accounting system approved for the facility when     the material is authorized to be possessed by the licensee and is not     confirmed stolen or diverted or (2) an accidental (i.e. unplanned)     offsite release or dispersal of SNM known or suspected to be 10 times     greater than normal operating losses for the time in question, whether     or not the release is measured. The term loss implies that a search has     been conducted to confirm the material is missing. For fixed sites,     this search should be conducted within the 1-hour time for reporting.     "Lost" versus "unaccounted for" in regard to transportation of material:     The term "lost" covers material that is no longer in the possession of     the party authorized to possess it during a specific time period, and a     search for the material has verified the loss. "Unaccounted for" refers     to material in transit that has not arrived at its delivery point 4     hours or more after the estimated arrival time; however, a search has     not confirmed the material to be lost.     Nuisance alarm: An alarm generated by an identified input that does not     represent a safeguards threat. Nuisance alarms may be caused by     environmental (rain, sleet, snow, lightning) or mechanical (natural     objects such as animals or tall grass) factors.     Properly compensated: Measures, including backup equipment, additional     security personnel, and specific procedures, taken to ensure that the     effectiveness of the security system is not reduced by failure or other     contingencies affecting the operating of the security-related equipment     or structures. Preplanned compensatory measures are normally described     in NRC-approved safeguards plans.     Safeguards event: Any incident representing an attempted, threatened,     or actual breach of the safeguards system or reduction of the     operational effectiveness of that system.     Safeguards Event Log: A compilation of log entries for the events     described in Section II of Appendix G to 10 CFR Part 73. Entries must     include the date and time of the event, a description of the event, and     any action taken. Repeated events may be consolidated into a single log     entry with the date, time, and duration of each event recorded for each     occurrence. The ongoing safeguards event log may be maintained in more     than one location onsite. The log may be typed or handwritten as long     as it is legible and reproducible. Entries in a safeguards event log     submitted to the NRC need not be in time-sequential order.     Safeguards system: The equipment, personnel, and procedures that make     up the physical protection program necessary to meet Part 73     requirements.     Significant physical damage: Physical damage to the extent that the     facility, equipment, transport, or fuel cannot perform its normal     function (applies to a power reactor, a facility possessing SSNM or its     equipment, carrier equipment transporting nuclear fuel or spent nuclear     fuel, or to the nuclear fuel or spent nuclear fuel a facility or carrier     possesses).     Tampering: When used in connection with Appendix G to 10 CFR Part 73,     altering for improper purposes or in an improper manner.     Theft of SNM: The unauthorized taking of SNM for unauthorized use.     Unauthorized person: Any unescorted person in an area to which the     person is not authorized unescorted access.     APPENDIX B     SAMPLE LOG ENTRIES     Safeguards events reportable under paragraph 73.71(c) of 10 CFR Part 73     need only be logged within 24 hours of their discovery. The copy of the     log (photocopy) submitted to the NRC every 3 months does not have to be     typewritten, but it must be legible. The sample log items presented     here should not be considered all-inclusive.     LOG ENTRY EVENT     DATE/TIME DATE/TIME EVENT RESPONSE 1. 1-8-87/0140 1-8-87/0130 CAS operator receivedArea search initiated at     0135     telephone bomb threathrs, completed 0140 hrs,     from unidentified male.nothing found.     Bomb reported near     diesel generator 2. 1-8-87/1245 1-8-87/1043 Delivery truck Guard posted at 1050 hrs,     significantly damagedrelieving patrol (immedia     PA fence in zone No. 4.comp), PA searched.     Discovered at 1047 by     security patrol, no PA     or VA alarms received. 3. 1-9-87/1605 1-9-87/1433 Card reader failure atAt 1440 hrs, posted guar     VA portal No. 2. with current access list.     System failure corrected a     operational at 1600 hrs. 4. 1-9-87/1815 1-9-87/1730 I.D. badge No. 342 lostBadge cancelled 1732 hr     onsite. Badge found on employee's     jacket at 1745 hrs. 5. 1-9-87/2055 1-9-87/2025 Security system Determined caused by     failure, single CPU electrical storm/power     surge.     outage. System back on line at 202     hrs. All VA portals     confirmed locked and alarm     by security. 6. 1-10-87/1410 1-10-87/1405 Fence repaired. (SeeCompensatory post     Entry No. 2.) discontinued at 1405. 7. 1-12-87-1100 1-12-87/0802 Perimeter fence alarmsArea searched by securit     1-12-87/0815 received zone No. 4 patrol. No apparent cause     1-12-87/0817 for alarms. Security post     1-12-87/0819 after third alarm and     1-12-87/0823 maintenance called to chec     system. System function     verified through test each     occurrence. All actions     completed 1035. 8. 1-12-87/1610 1-12-87/1443 CCTV failure, perimeterDedicated observer in p     zone No. 2 (IDS 1450 hrs. No alarms     operational). received. Camera replaced     and operational at 1610. 9. 1-12-87/2015 1-12-87/2007 See No. 5 above. Same as No. 5 above. Syst     on-line at 2011 hrs. 10. 1-12-87/2350 1-12-87/2230 Latch alarm received onGuard posted at 2238.     VA portal No. 6. searched, no abnormalities     Responder found doorfound. Maintenance reques     slightly ajar. initiated at 2315.     VALUE/IMPACT STATEMENT     A separate value/impact statement has not been prepared for this regulatory     guide was revised to provide guidance on reporting physical security events in ac     paragraphs 73.71(a) through (c) of 10 CFR Part 73. A regulatory analysis was pre     proposed revisions to Section 73.71 and was made available in the NRC Public Docu     the time of publication (August 27, 1985-50 FR 34708). This regulatory analysis     appropriate for this regulatory guide.     17