[Code of Federal Regulations] [Title 10, Volume 2] [Revised as of January 1, 2006] From the U.S. Government Printing Office via GPO Access [CITE: 10CFR73.56] [Page 441-443] TITLE 10--ENERGY CHAPTER I--NUCLEAR REGULATORY COMMISSION (CONTINUED) PART 73_PHYSICAL PROTECTION OF PLANTS AND MATERIALS--Table of Contents Sec. 73.56 Personnel access authorization requirements for nuclear power plants. (a) General. (1) Each licensee who is authorized on April 25, 1991, to operate a nuclear power reactor pursuant to Sec. Sec. 50.21(b) or 50.22 of this chapter shall comply with the requirements of this section. By April 27, 1992, the required access authorization program must be incorporated into the site Physical Security Plan as provided for by 10 CFR 50.54(p)(2) and implemented. By April 27, 1992, each licensee shall certify to the NRC that it has implemented an access authorization program that meets the requirements of this part. (2) Each applicant for a license to operate a nuclear power reactor pursuant to Sec. Sec. 50.21(b) or 50.22 of this chapter, whose application was submitted prior to April 25, 1991, shall either by April 27, 1992, or the date of receipt of the operating license, whichever is later, incorporate the required access authorization program into the site Physical Security Plan and implement it. (3) Each applicant for a license to operate a nuclear power reactor pursuant to Sec. Sec. 50.21(b) or 50.22 of this chapter and each applicant for a combined construction permit and operating license pursuant to part 52 of this chapter, whose application is submitted after April 25, 1991, shall include the required access authorization program as part of its Physical Security Plan. The applicant, upon receipt of an operating license or upon receipt of operating authorization, shall implement the required access authorization program as part of its site Physical Security Plan. [[Page 442]] (4) The licensee may accept an access authorization program used by its contractors or vendors for their employees provided it meets the requirements of this section. The licensee may accept part of an access authorization program used by its contractors, vendors, or other affected organizations and substitute, supplement, or duplicate any portion of the program as necessary to meet the requirements of this section. In any case, the licensee is responsible for granting, denying, or revoking unescorted access authorization to any contractor, vendor, or other affected organization employee. (b) General performance objective and requirements. (1) The licensee shall establish and maintain an access authorization program granting individuals unescorted access to protected and vital areas with the objective of providing high assurance that individuals granted unescorted access are trustworthy and reliable, and do not constitute an unreasonable risk to the health and safety of the public including a potential to commit radiological sabotage. (2) Except as provided for in paragraphs (c) and (d) of this section, the unescorted access authorization program must include the following: (i) A background investigation designed to identify past actions which are indicative of an individual's future reliability within a protected or vital area of a nuclear power reactor. As a minimum, the background investigation must verify an individual's true identity, and develop information concerning an individual's employment history, education history, credit history, criminal history, military service, and verify an individual's character and reputation. (ii) A psychological assessment designed to evaluate the possible impact of any noted psychological characteristics which may have a bearing on trustworthiness and reliability. (iii) Behavioral observation, conducted by supervisors and management personnel, designed to detect individual behavioral changes which, if left unattended, could lead to acts detrimental to the public health and safety. (3) The licensee shall base its decision to grant, deny, revoke, or continue an unescorted access authorization on review and evaluation of all pertinent information developed. (4) Failure by an individual to report any previous suspension, revocation, or denial of unescorted access to nuclear power reactors is considered sufficient cause for denial of unescorted access authorization. (c) Existing, reinstated, transferred, and temporary access authorization. (1) Individuals who have had an uninterrupted unescorted access authorization for at least 180 days on April 25, 1991 need not be further evaluated. Such individuals shall be subject to the behavioral observation requirements of this section. (2) The access authorization program may specify conditions for reinstating an interrupted access authorization, for transferring an access authorization from another licensee, and for permitting temporary unescorted access authorization. (3) The licensee shall grant unescorted access authorization to all individuals who have been certified by the Nuclear Regulatory Commission as suitable for such access. (d) Requirements during cold shutdown. (1) The licensee may grant unescorted access during cold shutdown to an individual who does not possess an access authorization granted in accordance with paragraph (b) of this section provided the licensee develops and incorporates into its Physical Security Plan measures to be taken to ensure that the functional capability of equipment in areas for which the access authorization requirement has been relaxed has not been impaired by relaxation of that requirement. (2) Prior to incorporating such measures into its Physical Security Plan the licensee shall submit those plan changes to the NRC for review and approval pursuant to Sec. 50.90. (3) Any provisions in licensees' security plans that allow for relaxation of access authorization requirements during cold shutdown are superseded by this rule. Provisions in licensees' Physical Security Plans on April 25, 1991 that provide for devitalization (that is, a change from vital to protected area status) during cold shutdown are not affected. [[Page 443]] (e) Review procedures. Each licensee implementing an unescorted access authorization program under the provisions of this section shall include a procedure for the review, at the request of the affected employee, of a denial or revocation by the licensee of unescorted access authorization of an employee of the licensee, contractor, or vendor, which adversely affects employment. The procedure must provide that the employee is informed of the grounds for denial or revocation and allow the employee an opportunity to provide additional relevant information, and provide an opportunity for an objective review of the information on which the denial or revocation was based. The procedure may be an impartial and independent internal management review. Unescorted access may not be granted to the individual during the review process. (f) Protection of information. (1) Each licensee, contractor, or vendor who collects personal information on an employee for the purpose of complying with this section shall establish and maintain a system of files and procedures for the protection of the personal information. (2) Licensees, contractors, and vendors small make available such personal information to another licensee, contractor, or vendor provided that the request is accompanied by a signed release from the individual. (3) Licensees, contractors, and vendors may not disclose the personal information collected and maintained to persons other than: (i) Other licensees, contractors, or vendors, or their authorized representatives, legitimately seeking the information as required by this section for unescorted access decisions and who have obtained a signed release from the individual. (ii) NRC representatives; (iii) Appropriate law enforcement officials under court order; (iv) The subject individual or his or her representative; (v) Those licensee representatives who have a need to have access to the information in performing assigned duties, including audits of licensee's, contractor's, and vendor's programs; (vi) Persons deciding matters on review or appeal; or (vii) Other persons pursuant to court order. This section does not authorize the licensee, contractor, or vendor to withhold evidence of criminal conduct from law enforcement officials. (g) Audits. (1) Each licensee shall audit its access authorization program within 12 months of the effective date of implementation of this program and at least every 24 months thereafter to ensure that the requirements of this section are satisfied. (2) Each licensee who accepts the access authorization program of a contractor or vendor as provided for by paragraph (a)(4) of this section shall have access to records and shall audit contractor or vendor programs every 12 months to ensure that the requirements of this section are satisfied. Licensees may accept audits of contractors and vendors conducted by other licensees. Each sharing utility shall maintain a copy of the audit report, to include findings, recommendations and corrective actions. Each licensee retains responsibility for the effectiveness of any contractor and vendor program it accepts and the implementation of appropriate corrective action. (h) Records. (1) Each licensee who issues an individual unescorted access authorization shall retain the records on which the authorization is based for the duration of the unescorted access authorization and for a five-year period following its termination. Each licensee who denies an individual unescorted access shall retain the records on which the denial is based for 5 years. (2) Each licensee shall retain records of results of audits, resolution of the audit findings and corrective actions for three years. (Approved by the Office of Management and Budget under OMB control number 3150-0002) [56 FR 19007, Apr. 25, 1991, as amended at 56 FR 24239, May 29, 1991] [[Page 444]]