§ 73.1210 Recordkeeping of physical security events.

(a) Objective and purpose. (1) Licensees with facilities or shipment activities subject to the provisions of § 73.20, § 73.25, § 73.26, § 73.27, § 73.37, § 73.45, § 73.46, § 73.50, § 73.51, § 73.55, § 73.60, or § 73.67, must record the physical security events and conditions adverse to security that are specified in paragraphs (c) through (f) of this section.

(2) These records facilitate the licensee’s monitoring of the effectiveness of its physical security program. These records also facilitate the licensee’s effective tracking, trending, and performance monitoring of these security events and conditions adverse to security; and the subsequent identification and implementation of corrective actions to prevent recurrence.

(3) These physical security events and conditions adverse to security include, but are not limited to, human performance security errors; failure to comply with security procedures; insufficient or inadequate security procedures; security equipment failures and malfunctions; security structures, systems, and components design deficiencies; and inadequate or insufficient security structures, systems, and components. This includes events or conditions where the licensee has implemented compensatory measures within the required timeframe specified in its physical security plan.

(b) General requirements. (1) Licensees must record within 24 hours of the time of discovery the physical security events and conditions adverse to security specified in paragraphs (c) through (f) of this section.

(2) Licensees must retain these records for a period up to 3 years after the last entry is recorded, or until their license is terminated, whichever is later.

(3)(i) Licensees must record these physical security events and conditions adverse to security in either a standalone safeguards event log or as part of the licensee’s corrective action program, as specified under the applicable quality assurance program provisions of parts 50, 52, 60, 63, 70, and 72 of this chapter, or both.

(ii) Licensees choosing to use their corrective action program to record these physical security events and conditions adverse to security must ensure that the records contain sufficient information to permit the effective tracking, trending, and performance monitoring of these events and conditions and the implementation of corrective actions.

(iii) Licensees must ensure that Safeguards Information or classified security information associated with these records is created, stored, and handled in accordance with the provisions of § 73.21, or of part 95 of this chapter, as applicable.

(iv) Licensees choosing to use their corrective action program for these records may also choose to bifurcate the information in such records systems so as to maximize the use and advantages of their corrective action programs’ tracking, trending, and performance monitoring capabilities while simultaneously compartmenting sensitive security information and security vulnerabilities (i.e., by controlling access and limiting need to know to necessary personnel), in order to ensure information protection requirements are effectively implemented.

(4) These records must include, but are not limited to, information on the following data elements, as applicable—

(i) The date and time the event or condition was discovered;

(ii) The date and time the event or condition occurred;

(iii) The affected structures, systems, components, equipment, or procedures;

(iv) A description of the event or condition;

(v) The environmental conditions at the time of the event or occurrence, if relevant;

(vi) The root cause of the event or condition;

(vii) Whether any human performance errors were the cause or were a contributing factor of the event or condition, including: personnel errors, inadequate procedures, or inadequate training;

(viii) Whether previous events or conditions are relevant to the current event or condition and whether corrective actions were ineffective or insufficient;

(ix) Whether this event or condition is a recurring failure of a structure, system, component, or procedure;

(x) What compensatory measures, if any, were implemented in response to the event or condition;

(xi) What corrective actions, if any, were taken in response to the event or condition; and

(xii) When corrective actions, if any, were taken or will be completed.

(5) Physical security events and conditions adverse to security for which notifications were made to the NRC under § 73.1200 are not required to be recorded under this section.

(6) Suspicious activities that are reported under § 73.1215 are not required to be recorded under this section.

(7) Enhanced weapons events that are reported under § 73.1200 are not required to be recorded under this section.

(c) Compensated security events. The requirements of this section apply to any failure, degradation, or discovered vulnerability in a security or safeguards system for which compensatory measures were established within the required timeframe and for which the following could have resulted in—

(1) Undetected access of unauthorized explosives beyond a required vehicle barrier;

(2) Unauthorized personnel gaining access into a protected area (PA), vital area (VA), material access area (MAA), or controlled access area (CAA);

(3) Undetected access of contraband into a PA, VA, or MAA;

(4) Unauthorized personnel accessing a vehicle transporting a Category I or II quantity of strategic special nuclear material (SSNM), spent nuclear fuel (SNF), or high-level radioactive waste (HLW);

(5) Unauthorized personnel accessing a Category I or II quantity of SSNM, SNF, or HLW being transported;

(6) Undetected introduction of contraband into a vehicle transporting a Category I or II quantity of SSNM, SNF, or HLW; or

(7) Undetected introduction of contraband into the Category I or II quantity of SSNM, SNF, or HLW being transported.

(d) Ammunition events. (1) For licensees with armed security personnel, the discovery that greater than a small quantity of live ammunition authorized by the licensee’s security plan:

(i) Has been lost inside a PA, VA, or MAA; or

(ii) Has been found uncontrolled inside a PA, VA, or MAA.

(2)(i) The discovery that greater than a small quantity of unauthorized live ammunition is inside a PA, VA, or MAA.

(ii) A small quantity of live ammunition means five rounds or fewer of ammunition.

(iii) Uncontrolled authorized ammunition means ammunition authorized by the licensee’s security plans that is not in the possession of authorized personnel or is not in an authorized ammunition storage location.

(iv) Unauthorized ammunition means ammunition that is not authorized by the licensee’s security plans.

(3) As exemptions, licensees are not required to record:

(i) Ammunition that is in the possession of Federal, State, or local law-enforcement personnel performing official duties inside a PA, VA, or MAA is considered controlled and authorized; or

(ii) Blank ammunition used for training purposes by the licensee.

(e) [Reserved]

(f) Decreases in the effectiveness of the physical security program. The requirements of this section apply to any other threatened, attempted, or committed act not previously defined in this section that has resulted in or has the potential for decreasing the effectiveness of the licensee’s physical security program below that committed to in a licensee’s NRC-approved physical security plan.

(g) Classified Information. Licensee recordkeeping requirements regarding any security events or conditions adverse to security involving any infractions, losses, compromises, or possible compromise of classified information or classified documents are found in § 95.57 of this chapter.

(h) Recordkeeping—exemptions. Licensees subject to § 73.67 who possess or transport SSNM or special nuclear material (SNM) in the following categories are exempt from the provisions of this section:

(1) Category III quantity of SSNM;

(2) Category II quantity of SNM; or

(3) Category III quantity of SNM.

[88 FR 15895, Mar. 14, 2023]