NRC Enforcement Policy

Federal Register, Volume 81 Issue 215 (Monday, November 7, 2016)

Federal Register Volume 81, Number 215 (Monday, November 7, 2016)

Rules and Regulations

Pages 78022-78028

From the Federal Register Online via the Government Publishing Office www.gpo.gov

FR Doc No: 2016-26762

-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Chapter I

NRC-2014-0221

NRC Enforcement Policy

AGENCY: Nuclear Regulatory Commission.

ACTION: Policy revision; issuance.

-----------------------------------------------------------------------

SUMMARY: The U.S. Nuclear Regulatory Commission (NRC) is issuing a revision to its Enforcement Policy (Policy) to incorporate changes approved by the Commission.

DATES: This revision is effective on November 7, 2016. The NRC is not soliciting comments on this revision to its Policy at this time.

ADDRESSES: Please refer to Docket ID NRC-2014-0221 when contacting the NRC about the availability of information regarding this document. You may obtain publicly-available information related to this document using any of the following methods:

Federal Rulemaking Web site: Go to http://www.regulations.gov and search for Docket ID NRC-2014-0221. Address questions about NRC dockets to Carol Gallagher: telephone: 301-415-

3463; email: Carol.Gallagher@nrc.gov. For technical questions, contact the individual listed in the FOR FURTHER INFORMATION CONTACT section of this document.

NRC's Agencywide Documents Access and Management System (ADAMS): You may obtain publicly-available documents online in the ADAMS Public Documents collection http://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``ADAMS Public Documents'' and then select ``Begin Web-based ADAMS Search.'' For problems with ADAMS, please contact the NRC's Public Document Room (PDR) reference staff at 1-800-397-4209, 301-415-4737, or by email to pdr.resource@nrc.gov. The ADAMS accession number for each document referenced in this document (if that document is available in ADAMS) is provided the first time that a document is referenced.

NRC's PDR: You may examine and purchase copies of public documents at the NRC's PDR, Room O1-F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852.

The NRC maintains the Enforcement Policy on its Web site at http://www.nrc.gov: under the heading ``Popular Documents,'' select ``Enforcement Actions,'' then under ``Enforcement'' in the left side column, select ``Enforcement Policy.'' The revised Enforcement Policy is available in ADAMS under Accession No. ML16271A446.

FOR FURTHER INFORMATION CONTACT: Gerry Gulla, Office of Enforcement, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone: 301-287-9143; email: Gerald.Gulla@nrc.gov.

SUPPLEMENTARY INFORMATION:

  1. Background

    The mission of the NRC is to license and regulate the Nation's civilian use of byproduct, source, and special nuclear material to ensure adequate protection of public health and safety, promote the common defense and security, and protect the environment. The NRC supports this mission through its use of its Policy. Adequate protection is presumptively assured by compliance with the NRC's regulations, and the Policy contains the basic procedures used to assess and disposition apparent violations of the NRC's requirements.

    The NRC initially published the Policy in the Federal Register on October 7, 1980 (45 FR 66754). Since its initial publication, the Policy has been revised on a number of occasions to address changing requirements and lessons learned. The most recent Policy revision is dated August 1, 2016. That revision reflects the new maximum civil penalty amount that the NRC can assess for a violation of the Atomic Energy Act of 1954, as amended (AEA), or any regulation or order issued under the AEA.

    This current revision to the Policy incorporates lessons learned along with miscellaneous clarifications and additions. These revisions include a rewrite of Section 6.13, ``Information Security,'' to incorporate a risk-informed approach for assessing the significance of information security violations; the implementation of the Construction Reactor Oversight Process (cROP); and miscellaneous revisions to: (1) The Glossary; (2) violation examples; and (3) Section 2.3.4, ``Civil Penalty.''

    The NRC provided an opportunity for the public to comment on these Policy revisions in a document published in the Federal Register on October 9, 2014 (79 FR 61107). The Nuclear Energy Institute (NEI) was the only stakeholder that submitted comments (ADAMS Accession No. ML14364A020).

  2. Revisions to the Enforcement Policy

    1. Construction Reactor Oversight Process (cROP)

      1. Table of Contents

        The NRC is revising the Table of Contents to incorporate the implementation of the cROP into the Policy. This requires a revision to the titles of Sections 2.2.3 and 2.2.4. In addition to the revision discussed below, there are also other miscellaneous cROP related reference revisions throughout the Policy.

      2. Section 2.2 ``Assessment of Violations''

        Section 2.2 is modified to include the cROP, and remove the specificity which allows for the use of the significance determination process (SDP), not only for facilities under construction, but for independent spent fuel storage installations when an SDP is developed.

        Revision

        After a violation is identified, the NRC assesses its severity or significance (both actual and potential). Under traditional enforcement, the severity level (SL) assigned to the violation generally reflects the assessment of the significance of a violation. For most violations committed by power reactor licensees, the significance of a violation is assessed using the Reactor Oversight Process (ROP) or the Construction Reactor Oversight Process (cROP), as discussed below in Section 2.2.3, ``Assessment of Violations Identified Under the ROP or cROP.'' All other violations at power reactors or power

        Page 78023

        reactor facilities under construction will be assessed using traditional enforcement as described in Section 2.2.4, ``Using Traditional Enforcement to Disposition Violations Identified at Power Reactors.'' Violations identified at facilities that are not subject to an ROP or cROP are assessed using traditional enforcement.

      3. Section 2.2.3 ``Operating Reactor Assessment Program''

        The NRC is revising this section to add the implementation of the cROP and will reference the NRC's Inspection Manual Chapter (IMC) 2505, ``Periodic Assessment of Construction Inspection Program Results'' (ADAMS Accession No. ML14269A107). IMC 2505 describes the construction assessment program and IMC 0305, ``Operating Reactor Assessment Program,'' describes the ROP (ADAMS Accession No. ML15089A315).

        Revision

        2.2.3 Assessment of Violations Identified Under the ROP or cROP

        The assessment, disposition, and subsequent NRC action related to inspection findings identified at operating power reactors are determined by the ROP, as described in NRC Inspection Manual Chapter (IMC) 0305, ``Operating Reactor Assessment Program,'' and IMC 0612, ``Power Reactor Inspection Reports.'' The assessment, disposition, and subsequent NRC action related to inspection findings identified at power reactors under construction are determined by the cROP, as described in IMC 2505, ``Periodic Assessment of Construction Inspection Program Results'' and in IMC 0613, ``Power Reactor Construction Inspection Reports.''

        Inspection findings identified through the ROP are assessed for significance using the SDP described in IMC 0609, ``Significance Determination Process.'' Inspection findings identified through the cROP are assessed for significance using the SDP described in IMC 2519, ``Construction Significance Determination Process.'' The SDPs use risk insights, where possible, to assist the NRC staff in determining the significance of inspection findings identified within the ROP or cROP. Inspection findings processed through the SDP, including associated violations, are documented in inspection reports and are assigned one of the following colors, depending on their significance.

      4. Section 2.2.4 ``Exceptions To Using Only the Operating Reactor Assessment Program''

        The NRC is revising this section to add the implementation of the cROP and will reference IMC 2505.

        Revision

        2.2.4 Using Traditional Enforcement to Disposition Violations Identified at Power Reactors

        Some aspects of violations at power reactors cannot be addressed solely through the SDP. In these cases, violations must be addressed separately from any associated ROP or cROP findings (when findings are present). Accordingly, these violations are assigned severity levels and can be considered for civil penalties in accordance with this Policy while the significance of the associated ROP or cROP finding (when present) must be dispositioned in accordance with the SDP. In determining the severity level assigned to such violations, the NRC will consider information in this Policy and the violation examples in Section 6.0 of this Policy, as well as SDP-related information, when available.

      5. Section 2.2.6 ``Construction''

        Section 2.2.6, ``Construction,'' will be revised to provide clarifying guidance regarding enforcement and the Changes during Construction (CdC) Preliminary Amendment Request (PAR) process. The policy will now note that enforcement actions will not be taken for construction pursuant to a PAR No-Objection Letter, issued by the NRC, even if that construction is outside of the current licensing basis (CLB) while a corresponding license amendment request (LAR) is under review. This will allow the licensee to continue construction at-risk if the construction is consistent with the associated LAR and the No-

        Objection Letter. In addition, this section will also be revised to conform the policy to be consistent with the revised regulations promulgated by the NRC in ``Licenses, Certifications, and Approvals for Materials Licenses'' (76 FR 56951; September 15, 2011).

        Revision

        2.2.6 Construction

        In accordance with 10 CFR 50.10, no person may begin the construction of a production or utilization facility on a site on which the facility is to be operated until that person has been issued either a construction permit under 10 CFR part 50, a combined license under 10 CFR part 52, an early site permit authorizing the activities under 10 CFR 50.10(d), or a limited work authorization under 10 CFR 50.10(d). In an effort to preclude unnecessary regulatory burden on 10 CFR part 52 combined license holders while maintaining safety, the Changes during Construction (CdC) Preliminary Amendment Request (PAR) process was developed in Interim Staff Guidance (ISG)-025, ``Interim Staff Guidance on Changes During Construction Under 10 CFR part 52.'' The license condition providing the option for a PAR as detailed in ISG-025 allows the licensee to request to make physical changes to the plant that are consistent with the scope of the associated license amendment request (LAR). The NRC staff may issue a No-Objection Letter with or without specific limitations, in response to the PAR. Enforcement actions will not be taken for construction pursuant to a PAR No-Objection Letter that is outside of the Current Licensing Basis (CLB) while the corresponding LAR is under review as long as the construction is consistent with the associated LAR and the No-Objection Letter (the latter of which may contain limitations on construction activities). The PAR No-Objection Letter authorization is strictly conditioned on the licensee's commitment to return the plant to its CLB if the requested LAR is subsequently denied or withdrawn. Failure to timely restore the CLB may be subject to separate enforcement, such as an order, a civil penalty, or both.

      6. Section 2.3.1 ``Minor Violation''

        This revision will remove redundant language (IMC titles) from previously identified IMCs and will add references to examples of minor violation issues found in IMCs 0613 and 0617.

        Revision

        Violations of minor safety or security concern generally do not warrant enforcement action or documentation in inspection reports but must be corrected. Examples of minor violations can be found in the NRC Enforcement Manual, IMC 0612, Appendix E, ``Examples of Minor Issues,'' IMC 0613, Appendix E, ``Examples of Minor Construction Issues,'' and IMC 0617, Appendix E, ``Minor Examples of Vendor and Quality Assurance Implementation Findings.'' Provisions for documenting minor violations can be found in the NRC Enforcement Manual, IMC 0610, IMC 0612, IMC 0613, IMC 0616, and IMC 0617.

      7. Section 2.3.2 ``Noncited Violation''

        This revision incorporates ``plain writing'' into the Policy regarding noncited violations. It will also revise

        Page 78024

        the opening paragraph of Section 2.3.2 to be consistent with a previous approved revision to this section associated with crediting licensee corrective action programs.

        Revision

        2.3.2 Noncited Violation

        If a licensee or nonlicensee has implemented a corrective action program that is determined to be adequate by the NRC, the NRC will normally disposition SL IV violations and violations associated with green ROP or cROP findings as noncited violations (NCVs) if all the criteria in Paragraph 2.3.2.a. are met.

        For licensees and nonlicensees that are not credited by the NRC as having adequate corrective action programs, the NRC will normally disposition SL IV violations and violations associated with green ROP or cROP findings as NCVs if all of the criteria in Paragraph 2.3.2.b are met. If the SL IV violation or violation associated with Green ROP or cROP finding was identified by the NRC, the NRC will normally issue a Notice of Violation.

        Inspection reports or inspection records document NCVs and briefly describe the corrective action the licensee or nonlicensee has taken or plans to take, if known. Licensees and nonlicensees are not required to provide written responses to NCVs; however, they may provide a written response if they disagree with the NRC's description of the NCV or dispute the validity of the NCV.

    2. Section 2.3.4 ``Civil Penalty''

      Recent cases involving the willful failure to file for reciprocity or to obtain an NRC specific license have led to discussions about the agency's ability to deter future noncompliance in these areas and lessen the perceived potential economic benefit of working in NRC jurisdiction without the required notification or license.

      Although the Policy (Section 3.6, ``Use of Discretion in Determining the Amount of a Civil Penalty'') allows the NRC to exercise discretion to propose or escalate a civil penalty for cases involving willfulness, the NRC will add clarifying language to Section 2.3.4, ``Civil Penalty.'' To aid in implementation and ensure consistency, the Enforcement Manual will include specific guidance on the typical or ``starting'' civil penalty amount (e.g., 2 times the base civil penalty).

      Revision

      The following language appears in Section 2.3.4 after the paragraph starting: ``The NRC considers civil penalties for violations . . .''

      For cases involving the willful failure to either file for reciprocity or obtain an NRC specific license, the NRC will normally consider a civil penalty to deter noncompliance for economic benefit. Therefore, notwithstanding the normal civil penalty assessment process, in cases where there is any indication (e.g., statements by company employees regarding the nonpayment of fees, previous violations of the requirement including those not issued by the NRC, or previous filings without a significant change in management) that the violation was committed for economic gain, the NRC may exercise discretion and impose a civil penalty. The resulting civil penalty will normally be no more than 3 times the base civil penalty; however, the agency may mitigate or escalate the amount based on the merits of a specific case.

    3. Addition of Section 3.10 ``Reactor Violations With No Performance Deficiencies''

      The NRC is revising Section 2.2.4.d to clarify that violations with no ROP findings are dispositioned by using traditional enforcement. Section 3.10, ``Reactor Violations with No Performance Deficiencies,'' has been added for NRC guidance to properly disposition these violations. This clarification involves no actual change in policy.

      Revisions

      2.2.4.d: Violations not Associated With ROP or cROP Findings

      3.10 Reactor Violations With No Performance Deficiencies

      The NRC may exercise discretion for violations of NRC requirements by reactor licensees for which there are no associated performance deficiencies (e.g., a violation of a TS which is not a performance deficiency).

    4. Section 6.0 ``Violation Examples''

      1. 6.3 ``Materials Operations''

        Section 6.3, ``Materials Operations,'' of the Policy addresses the failure to secure a portable gauge as required by 10 CFR 30.34(i). Specifically, under the current Policy, paragraph 6.3.c.3, a Severity Level (SL) III violation example, states, ``A licensee fails to secure a portable gauge with at least two independent physical controls whenever the gauge is not under the control and constant surveillance of the licensee as required by 10 CFR 30.34(i).'' Accordingly, a violation of 10 CFR 30.34(i) constitutes a SL III violation for gauges having either no security or one level of security. The SL III significance is based largely on licensees' control of portable gauges to reduce the opportunity for unauthorized removal or theft and is the only example currently provided in the Policy for this type of violation.

        When assessing the significance of a violation involving the failure to secure a portable gauge, the NRC considers that both physical controls must be defeated for the portable gauge to be removed. This deters a theft by requiring a more determined effort to remove the gauge. Considering that there is a reduced risk associated with having one barrier instead of no barrier, the NRC has determined that a graded approach is appropriate for 10 CFR 30.34(i) violations of lower significance. Therefore, the NRC believes that failures of one level of physical control to secure portable gauges warrant a SL IV designation. This graded approach was piloted in Enforcement Guidance Memoranda 11-004, dated April 28, 2011 (ADAMS Accession No. ML111170601). After over 2 years of monitoring, the NRC determined that the addition of the SL IV example did not increase the number of losses/thefts reported. Therefore, the NRC is revising violation example 6.3.c.3 and adding violation example 6.3.d.10:

        Revisions

        6.3.c.3: Except as provided for in section 6.3.d.10 of the policy, a licensee fails to secure a portable gauge as required by 10 CFR 30.34(i);

        6.3.d.10: A licensee fails to secure a portable gauge as required by 10 CFR 30.34(i), whenever the gauge is not under the control and constant surveillance of the licensee, where one level of physical control existed and there was no actual loss of material, and that failure is not repetitive.

      2. Section 6.5.c.4 and 5 SL III Violations Involve, for Example

        The NRC modifies these examples (4 and 5) to reference the appropriate regulation governing changes to a facility referencing a certified design (i.e., 10 CFR 52.98). This regulation refers to applicable change processes in the applicable design certification rule, which are currently contained in 10 CFR part 52, Appendix A-D.

        Revisions

    5. A licensee fails to obtain prior Commission approval required by 10 CFR 50.59 or 10 CFR 52.98 for a change that results in a condition evaluated as having low-to-moderate or greater safety significance; or

      Page 78025

    6. A licensee fails to update the FSAR as required by 10 CFR 50.71(e), and the FSAR is used to perform a 10 CFR 50.59 or 10 CFR 52.98 evaluation for a change to the facility or procedures, implemented without Commission approval, that results in a condition evaluated as having low-to-moderate or greater safety significance.

      1. Section 6.5.d.5 SL IV Violations Involve, for Example

        Example 6.5.d.5 was added to Section 6.9.d ``Inaccurate and Incomplete Information or Failure to Make a Required Report.''

      2. Section 6.9 Inaccurate and Incomplete Information or Failure to Make a Required Report

        Section 50.55(e)(3) requires holders of a construction permit or combined license (until the Commission makes the finding under 10 CFR 52.103(g)) to adopt procedures to evaluate deviations and failures to comply to ensure identification of defects and failures to comply associated with substantial safety hazards as soon as practicable. This section is similar to the reporting requirements of 10 CFR part 21. A SL II violation example was added; violation example 6.9.c.2.(a) was deleted; and the reference to 10 CFR 50.55(e) was moved to the revised 6.9.c.5 examples.

        Revisions

      3. SL II Violations Involve, for Example

    7. A deliberate failure to notify the Commission as required by 10 CFR 50.55(e).

      1. SL III Violations Involve, for Example

    8. (a) Deleted ``failure to make required notifications and reports pursuant to 10 CFR 50.55(e);''

    9. A failure to provide the notice required by 10 CFR part 21 or 10 CFR 50.55(e), for example:

      (

      1. An inadequate review or failure to review such that, if an appropriate review had been made as required, a 10 CFR part 21 or 10 CFR 50.55(e) report would have been required; or

        (b) A withholding of information or a failure to make a required interim report by 10 CFR 21.21, ``Notification of Failure to Comply or Existence of a Defect and Its Evaluation,'' or 10 CFR 50.55(e) occurs with careless disregard.

      2. SL IV Violations Involve, for Example

    10. A licensee fails to make an interim report required by 10 CFR 21.21(a)(2) or under 10 CFR 50.55(e);

    11. Failure to implement adequate 10 CFR part 21 or 10 CFR 50.55(e) processes or procedures that has more than minor safety or security significance; or

    12. A materials licensee fails to . . .

      1. Section 6.9 ``Inaccurate and Incomplete Information or Failure to Make a Required Report''

        The NRC is removing the reference to 10 CFR 26.719(d) in violation example 6.9.c.2.(c) because 10 CFR 26.719(d) is not a reporting requirement.

        Revision

        6.9.c.2.(b): Failure to make any report required by 10 CFR 73.71, ``Reporting of Safeguards Events,'' or Appendix G, ``Reportable Safeguards Events,'' to 10 CFR part 73 ``Physical Protection of Plants and Materials,'' or 10 CFR part 26, ``Fitness-For-Duty Programs;''

      2. Section 6.11 ``Reactor, Independent Spent Fuel Storage Installation, Fuel Facility, and Special Nuclear Material Security''

        The current Policy examples for a SL IV violation in Section 6.11.d are focused on the loss of special nuclear material (SNM) of low strategic significance. The loss of SNM is too narrow of a focus on the loss of material and not the other aspects of the Materials Control & Accountability (MC&A) program that could be a precursor to a loss of SNM. The Policy should include an example for the MC&A program at fuel facilities that covers the reduction in the ability to detect a loss or diversion of material which could lead to a more significant event. Therefore, the NRC is adding violation example 6.11.d.3 as follows.

        Violation Example

        6.11.d.3: A licensee fails to comply with an element of its material and accounting program that results in a fuel cycle facility procedure degradation regarding adequate detection or protection against loss, theft, or diversion of SNM.

      3. Section 6.14 ``Fitness-For-Duty'' Violation Example 6.14.a.2

        The NRC is incorporating violation example 6.14.a.2 into example 6.14.b.1. An employee assistance program (EAP) is one provision of many contained in 10 CFR part 26, subpart B, for which 6.14.a.1 applies. Therefore, the ``severity'' associated with an inadequate EAP is significantly less than that of a licensee not meeting ``two or more subparts of 10 CFR part 26.'' An ineffective implementation of an EAP does not directly result in an immediate safety or security concern and should not represent a SL I violation. Therefore, the NRC is deleting violation example 6.14.a.2 and modifying violation example 6.14.b.1.

        Revision

        6.14.a.2: Deleted.

        6.14.b.1: A licensee fails to remove an individual from unescorted access status when this person has been involved in the sale, use, or possession of illegal drugs within the protected area, or a licensee fails to take action in the case of an on-duty misuse of alcohol, illegal drugs, prescription drugs, or over-the-counter medications or once the licensee identifies an individual that appears to be impaired or that their fitness is questionable, the licensee fails to take immediate actions to prevent the individual from performing the duties that require him or her to be subject to 10 CFR part 26;

      4. Section 6.14 ``Fitness-For-Duty'' Violation Example 6.14.b.2

        In violation example 6.14.b.2, the NRC is removing the language ``unfitness for duty based on drug or alcohol use.'' Regulations in 10 CFR part 26 do not define unfitness and the behavioral observation program is not limited to drug and alcohol impairment.

        Revision

        6.14.b.2: A licensee fails to take action to meet a regulation or a licensee behavior observation program requirement when observed behavior within the protected area or credible information concerning the activities of an individual indicates impairment by any substance, legal or illegal, or mental or physical impaired from any cause, which adversely affects their ability to safely and competently perform their duties.

      5. Section 6.14 ``Fitness-For-Duty'' Violation Example 6.14.c.1

        The NRC is revising violation example 6.14.c.1 to encompass more than positive drug and alcohol tests; it should include other aspects of the fitness-for-duty program such as subversions.

        Revision

        6.14.c.1: A licensee fails to take the required action for a person who has violated the licensee's Fitness-For-Duty Policy, in cases that do not amount to a SL II violation;

      6. Section 6.14 ``Fitness-For-Duty'' Violation Example 6.14.c.5

        Due to the revision to violation example 6.14.b.1, the NRC is revising violation example 6.14.c.5 to maintain a graded approach method to its violation example.

        Page 78026

        Revision

        6.14.c.5: A licensee's employee assistance program (EAP) staff fails to notify licensee management when the EAP staff is aware that an individual's condition, based on the information known at the time, may adversely affect safety or security of the facility and the failure to notify did not result in a condition adverse to safety or security; or

    13. Section 6.13 ``Information Security''

      The NRC is revising Section 6.13, ``Information Security.'' This revision will replace the current examples, which are based on the classification levels of the information, with a risk-informed approach for assessing the severity of information security violations. This approach of evaluating the severity of information security violations by using a risk-informed process is based on the totality of the circumstances surrounding the information security violation and will more accurately reflect the severity of these types of violations and improve regulatory consistency.

      This process is the result of lessons learned from a number of violations that the NRC has processed over the last few years based on varying significance levels. This process will use a flow chart and table approach, along with defined terms.

      Once a noncompliance is identified, a four-step approach will be applied to determine the severity level of the violation. The four steps are: (1) Determine the significance of the information (i.e., high, moderate, or low), (2) determine the extent of disclosure (i.e., individual deemed trustworthy and reliable, unknown disclosure, or confirmed to an unauthorized individual), (3) determine the accessibility of the information (i.e., how limited was access to the information), and (4) determine the duration of the noncompliance (i.e., how long was the information available).

      Once all steps are completed, the user will obtain a recommended severity level for the violation. The staff recognizes this approach as a change from the traditional violation examples; however, the process will be risk-informed and will consider the totality of circumstances surrounding the information disclosure. The risk-informed approach to information security violations adopted by the NRC should not be read to contradict the national policy on classified information as set forth in Executive Order 13526, ``Classified National Security Information.'' This first revision is located in the beginning of the last paragraph of Section 4.3 of the Policy. Two conforming revisions are being made to Section 6.12 of the Policy to delete examples that conflict with the revised approach.

      Revisions

      1. Section 4.3 Civil Penalties to Individuals

        Section 6.13, ``Information Security,'' of this Policy provides a risk-informed approach for assessing the significance of information security violations.

      2. Section 6.12 Materials Security

        6.12.c.3: Deleted

        6.12.d.10: Deleted

      3. Violation example 6.13 Information Security

        BILLING CODE 7590-01-P

        GRAPHIC TIFF OMITTED TR07NO16.008

        BILLING CODE 7590-01-C

        Step 1: Significance \1\--Describes the decision point to determine the significance of the disclosure as it relates to national security and/or common defense and security.

        ---------------------------------------------------------------------------

        \1\ The significance guidance provided in Step 1 is only applicable within the context of the NRC's Enforcement Policy and its application. The significance guidance is not intended to define the ``harm'' that an unauthorized disclosure of SECRET or CONFIDENTIAL information is reasonably expected to cause as those definitions are set forth in Executive Order 13526, ``Classified National Security Information.'' Nothing in section 6.13 of the Enforcement Policy should be read to contradict the National Policy on classified information.

        ---------------------------------------------------------------------------

        High Significance: The totality of information disclosed provides a significant amount of information about a technology (i.e., key elements of a technology or system) or combinations of the following elements related to

        Page 78027

        protective strategies: Response Strategy, Target Sets, Physical Security Plan, Contingency Plan or Integrated Response Plan. The information can be either SECRET or CONFIDENTIAL (National Security or Restricted Data) or Safeguards.

        Moderate Significance: The totality of information disclosed provides limited information that may be useful to an adversary about technology information or physical security plan of a facility. The information can be either SECRET or CONFIDENTIAL (National Security or Restricted Data), Safeguards, or information requiring protection under 10 CFR part 37.

        Low Significance: The totality of information disclosed, taken by itself, would not aid an adversary in gaining information about a technology or physical security plan of a facility. The information can be either SECRET or CONFIDENTIAL (National Security or Restricted Data), Safeguards, or information requiring protection under 10 CFR part 37.

        Step 2: Disclosure--Describes the decision point to determine if: (

      4. The information was accessible to any individual(s) via hard copy format or electronic (e.g. computers) form, (b) you can determine who the individual(s) are, and (c) those individual(s) would meet the definition of Trustworthy and Reliable.

        Trustworthy and Reliable (T&R): Are characteristics of an individual considered dependable in judgment, character, and performance, such that disclosure of information to that individual does not constitute an unreasonable risk to the public health and safety or common defense and security. A determination of T&R for this purpose is based upon the results from a background investigation or background check in accordance with 10 CFR 37.5 or 10 CFR 73.2, respectively. To meet the T&R requirement, the individual must possess a T&R determination before the disclosure of the information, regardless of the ``need to know'' determination. Note: In accordance with 10 CFR 73.21 or 73.59, there are designated categories of individuals that are relieved from fingerprinting, identification and criminal history checks and other elements of background checks.

        Unknown Disclosure: Instances when controlled information has been secured, protected, or marked improperly but there is no evidence that anyone has accessed the information while it was improperly handled.

        Confirmed: Instances where a person who does not have authorization to access controlled information gains access to the information.

        Electronic Media/Confirmed: For electronic media it is considered confirmed once the information is no longer on an approved network for that type of information.

        Unauthorized Individual: A person who does not possess a T&R determination and a need to know.

        Step 3: Limited Access--Describes the decision point to determine the amount of controls (e.g., doors, locks, barriers, firewalls, encryption levels) needed to enter or gain access to an area or computer system in order to obtain the disclosed security information.

        Hard Copy Format: A location provides limited access if it meets all of the following conditions:

      5. The area was locked or had access control measures, and;

      6. individuals that frequented the area were part of a known population, and;

      7. records of personnel entry were maintained to the area via key control or key card access.

        Electronic Media: A computer network provides limited access if it meets all of the following conditions:

      8. The information is stored in a location that is still within the licensee's computer network's firewall, and

      9. the licensee has some type of control system in place which delineates who can access the information.

        Step 4: Duration--Describes the decision point in which a time period determination is made regarding the number of days the information was not controlled properly in accordance with the respective handling and storage requirements of the security information.

        Long: Greater than or equal to 14 days from the date of infraction to discovery of the non-compliance.

        Short: Less than 14 days from the date of infraction to discovery of the non-compliance.

    14. Glossary

      1. Confirmatory Action Letter

        Some agency procedures have not consistently described all Confirmatory Action Letter (CAL) recipients, according to an audit of the NRC's use of CALs. To date, all affected procedures have been revised to incorporate a consistent definition with the exception of the Policy. Therefore, the NRC is revising the Glossary term CAL to specifically state the recipients of a CAL.

        Revision

        Confirmatory Action Letter (CAL) is a letter confirming a licensee's, contractor's, or nonlicensee's (subject to NRC jurisdiction) voluntary agreement to take certain actions to remove significant concerns about health and safety, safeguards, or the environment.

      2. Interim Enforcement Policy

        The term Interim Enforcement Policy was added to the Glossary.

        Revision

        Interim Enforcement Policies (IEPs) refers to a policy that is developed by the NRC staff and approved by the Commission for specific topics, typically for a finite period. Generally, IEPs grant the staff permission to refrain from taking enforcement action for generic issues which are not currently addressed in the Policy and are typically effective until such time that formal guidance is developed and implemented or other resolution to the generic issue. IEPs can be found in Section 9.0 of the Policy.

      3. Traditional Enforcement

        The NRC is revising the definition of traditional enforcement for clarification purposes.

        Revision

        Traditional Enforcement, as used in this Policy, refers to the process for the disposition of violations of NRC requirements, including those that cannot be addressed only through the Operating Reactor Assessment Program. Traditional enforcement violations are assigned severity levels and typically include, but may not be limited to, those violations involving (1) actual safety and security consequences, (2) willfulness, (3) impeding the regulatory process, (4) discrimination, (5) violations not associated with ROP or cROP findings, (6) materials regulations, and (7) deliberate violations committed by individuals.

    15. Miscellaneous Corrections/Modifications

      Note: The page numbers cited correspond with the newly revised Enforcement Policy.

      1. Page 8: Subject to the same oversight as the regional offices, the Directors of the Office of Nuclear Reactor Regulation (NRR), the Office of Nuclear Material Safety and Safeguards (NMSS), the Office of New Reactors (NRO), and the Office of Nuclear Security and Incident Response (NSIR) may also approve, sign, and issue certain enforcement actions as delegated by the Director, OE. The Director, OE, has delegated authority to the Directors of NRR, NMSS, NRO, and NSIR to issue Orders not related to specific violations

        Page 78028

        of NRC requirements (i.e., nonenforcement-related Orders.)

      2. Page 9: The NRC reviews each case being considered for enforcement action on its own merits to ensure that the severity of a violation is characterized at the level appropriate to the safety or security significance of the particular violation.

        Whenever possible, the NRC uses risk information in assessing the safety or security significance of violations and assigning severity levels. A higher severity level may be warranted for violations that have greater risk, safety, or security significance, while a lower severity level may be appropriate for issues that have lower risk, safety, or security significance.

      3. Page 15: a. Licensees and Nonlicensees with a credited Corrective Action Program

      4. Page 19: The flow chart (Figure 2) is a graphic representation of the civil penalty assessment process and should be used in conjunction with the narrative in this section.

      5. Page 33: The NRC may refrain from issuing an NOV for a SL II, III, or IV violation that meets the above criteria, provided that the violation was caused by conduct that is not reasonably linked to the licensee's present performance (normally, violations that are at least 3 years old or violations occurring during plant construction) and that there had not been prior notice so that the licensee could not have reasonably identified the violation earlier.

      6. Page 34: In addition, the NRC may refrain from issuing enforcement action for violations resulting from matters not within a licensee's control, such as equipment failures that were not avoidable by reasonable licensee QA measures or management controls (e.g., reactor coolant system leakage that was not within the licensee's ability to detect during operation, but was identified at the first available opportunity or outage).

      7. Page 43: 6.1.c.2 A system that is part of the primary success path and which functions or actuates to mitigate a DBA or transient that either assumes the failure of or presents a challenge to the integrity of the fission product barrier not being able to perform its licensing basis safety function because it is not fully qualified (per the IMC 0326, ``Operability Determinations & Functional Assessment for Conditions Adverse to Quality or Safety'') (e.g., materials or components not environmentally qualified);

      8. Page 43: 6.1.d.3 A licensee fails to update the FSAR as required by 10 CFR 50.71(e) and the lack of up-to-date information has a material impact on safety or licensed activities; or

      9. Page 59: 6.7.d.3 ``A radiation dose rate in an unrestricted or controlled area exceeds 0.002 rem (0.02 millisieverts) in any 1 hour (2 mrem/hour) or 50 mrem (0.5 mSv) in a year;''

  3. Procedural Requirements

    Paperwork Reduction Act Statement

    This policy statement does not contain new or amended information collection requirements subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). Existing requirements were approved by the Office of Management and Budget (OMB), approval number 3150-0136.

    Public Protection Notification

    The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number.

    Congressional Review Act

    This policy is a rule as defined in the Congressional Review Act (5 U.S.C 801-808). However, the Office of Management and Budget has not found it to be a major rule as defined in the Congressional Review Act.

    Dated at Rockville, Maryland, this 1st day of November, 2016.

    For the Nuclear Regulatory Commission.

    Annette L. Vietti-Cook,

    Secretary of the Commission.

    FR Doc. 2016-26762 Filed 11-4-16; 8:45 am

    BILLING CODE 7590-01-P

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT