EA-97-411 - McGuire 1 & 2 (Duke Energy Corporation)

September 26, 1997

EA 97-411

Duke Energy Corporation
ATTN: Mr. B. Barron
Vice President
McGuire Site
12700 Hagers Ferry Road
Huntersville, NC 28078-8985

SUBJECT: NOTICE OF VIOLATION (NRC INSPECTION REPORT NOS. 50-369/97-13 AND 50-370/97-13)

Dear Mr. Barron:

This letter refers to an NRC security inspection conducted at Duke Energy Corporation's (DEC) McGuire Nuclear Station between July 21 and 24, 1997. The results of the inspection were formally transmitted to you by letter dated August 22, 1997. The apparent violations identified were discussed with members of your staff during an inspection exit conducted by telephone on August 28, 1997, and were provided to you in our letter dated September 11, 1997. An open predecisional enforcement conference was conducted in the Region II office on September 19, 1997, to discuss the apparent violations, the root causes, and your corrective actions to preclude recurrence. A list of conference attendees, NRC slides, and a copy of your presentation materials are enclosed.

Based on the information developed during the inspections and the information that you provided during the conference, the NRC has determined that violations of NRC requirements occurred. The violations are cited in the enclosed Notice of Violation (Notice), and the circumstances surrounding them are described in detail in the subject inspection report and our letter to you dated September 11, 1997.

Violation A involves the failure to notify McGuire security officers promptly of the termination of seven contractor employees, which resulted in a failure to remove their security badges from the badge rack. An April 19, 1996, event involved inadequate control of the access badges of three involuntarily terminated contractor employees. On April 8, 1997, a more serious event occurred. Two individuals, both with protected and vital area access, were terminated (one involuntarily). They subsequently retrieved their security badges and gained access to the protected area and could have accessed vital areas. The two individuals were located and escorted offsite within 10 minutes of their entry. In July 1997, two other contractor employees were terminated and McGuire security was not notified to ensure their security badges were restricted. The root cause of these events was the failure of the responsible contractor manager to make a timely notification to McGuire security officers such that the security badges were removed from the plant badge rack.

Violation B includes two examples of the failure to remove the security badges of individuals from the badge storage rack upon notification of their favorable termination or expiration of a temporary clearance. As a result, one individual, who should have been denied access due to an expired temporary clearance, entered the protected area on July 3, 7 and 8, 1997. This individual was subsequently granted a clearance and access to the site.

Although these access control problems were licensee-identified, the violations are of significant regulatory concern because the failure to control access of individuals no longer authorized entry into protected and vital areas of the plant could compromise overall plant security. The NRC is also concerned that the examples identified in Violations A and B indicate weaknesses in the area of access control for contractor employees. Stringent measures to control badges are critical for an effective Security Plan. Based on the above, Violations A and B have been classified in the aggregate in accordance with the "General Statement of Policy and Procedures for NRC Enforcement Actions" (Enforcement Policy), NUREG-1600, as a Severity Level III problem.

In accordance with the Enforcement Policy, a base civil penalty in the amount of $55,000 is considered for a Severity Level III problem. Because your facility has been the subject of escalated enforcement actions within the last two years ⁽¹⁾, the NRC considered whether credit was warranted for Identification and Corrective Action in accordance with the civil penalty assessment process in Section VI.B.2 of the Enforcement Policy. Because you identified the access control events included in Violations A and B, the NRC determined that credit for the factor of Identification was appropriate. Your corrective actions for the two violations, as described at the predecisional enforcement conference and provided in detail in your handout, included review of each event, prompt correction of the discrepant condition, and counseling and retraining of the individuals involved to address individual performance failures and re-emphasize procedural requirements. In addition: (1) after the April 1997 event, you initiated formal training for site access control sponsors which was initiated on July 31, 1997; (2) in May 1997, you revised the contract employee termination checklist to add security notification requirements; and, (3) in June 1997, you established a more formal badge termination process including site-wide notification of the process and a dedicated security phone line for reporting employee terminations. You also improved controls on computer monitoring of access authorization. Based on these facts, the NRC determined that credit was warranted for the factor of Corrective Action, resulting in no civil penalty for the Severity Level III problem.

Therefore, to encourage prompt identification and comprehensive correction of violations, I have been authorized, after consultation with the Office of Enforcement, not to propose a civil penalty in this case. However, significant violations in the future could result in a civil penalty.

Violation C involved ten examples of the loss of control of protected area badges. The badges were taken offsite by the badge holders when exiting the protected area. The NRC is concerned that these events were also repetitive and could have been prevented by appropriate corrective action for the initial occurrences. The safety significance of this violation was low because no unauthorized use of the badges occurred; therefore, Violation C has been characterized as a Severity Level IV violation.

At the conference, an additional example of Violation B was discussed regarding an April 11, 1997, failure of security to properly remove an access badge from the storage rack following notification of a favorable termination. After consideration of the information you presented at the conference and documented in an event review, the example is being withdrawn. Specifically, although the badge was available for issuance to the individual, security immediately deleted the individual's access authorization in the security computer upon notification of the termination. This action restricted the individual's access to the station via the security badge.

You are required to respond to this letter and should follow the instructions specified in the enclosed Notice when preparing your response. In your response, you should document the specific actions taken and any additional actions you plan to prevent recurrence. After reviewing your response to this Notice, including your proposed corrective actions and the results of future inspections, the NRC will determine whether further NRC enforcement action is necessary to ensure compliance with NRC regulatory requirements.

In accordance with 10 CFR 2.790 of the NRC's "Rules of Practice," a copy of this letter, its enclosures, and your response will be placed in the NRC Public Document Room (PDR). To the extent possible, your response should not include any personal privacy, proprietary, or safeguards information so that it can be placed in the PDR without redaction.

Sincerely, Original Signed by B. S. Mallett for Luis A. Reyes Regional Administrator

Docket Nos. 50-369, 50-370
License Nos. NPF-9, NPF-17

Enclosures:
1. Notice of Violation
2. List of Attendees
3. NRC Slides
4. Licensee Presentation Material

cc w/encls:
Michael T. Cash
Regulatory Compliance
Duke Energy Corporation
12700 Hagers Ferry Road
Huntersville, NC 28078-8985

G. A. Copp
Licensing - EC05O
Duke Energy Corporation
P. O. Box 1006
Charlotte, NC 28201-1006

Paul R. Newton
Legal Department (PB05E)
Duke Energy Corporation
422 South Church Street
Charlotte, NC 28242-0001

Mr. Robert P. Gruber
Executive Director
Public Staff - NCUC
P. O. Box 29520
Raleigh, NC 27626-0520

J. Michael McGarry, III, Esq.
Winston and Strawn
1400 L Street, NW
Washington, D. C. 20005

Director
Division of Radiation Protection
N. C. Department of Environmental
Health & Natural Resources
3825 Barrett Drive
Raleigh, NC 27609-7721

County Manager of Mecklenburg County
720 East Fourth Street
Charlotte, NC 28202

Peter R. Harden IV
Account Sales Manager
Power Systems Field Sales
Westinghouse Electric Corporation
P. O. Box 7288
Charlotte, NC 28241

Director
Mecklenburg County Department
of Environmental Protection
700 North Tryon Street
Charlotte, NC 28203

Assistant Attorney General
N. C. Department of Justice
P. O. Box 629
Raleigh, NC 27602

---

NOTICE OF VIOLATION

Duke Energy Corporation Docket Nos. 50-369,50-370 McGuire Units 1 and 2 License Nos. NPF-9,NPF-17 EA 97-411

During an NRC Inspection conducted on July 21 through 24, 1997, violations of NRC requirements were identified. In accordance with the "General Statement of Policy and Procedure for NRC Enforcement Actions," (NUREG-1600) the violations are listed below:

A. Technical Specification 6.8, requires, in part, that written procedures shall be established, implemented and maintained for applicable procedures in Appendix A to Regulatory Guide 1.33, Rev. 2, 1978. Appendix A specifies procedures for Security and Visitor Control.

McGuire Procedure Nuclear System Directive 218 of Nuclear Policy Manual-Volume 2, requires management, in the case of involuntary and voluntary termination, to be responsible for verbally notifying, site security and/or site staffing contacts to delete the individuals' security badge. For involuntary terminations, security is to be notified prior to the termination/discharge or simultaneously with the termination/discharge.

Security Procedure EXAO-02, Security Badge Program, Rev. 62, Paragraph III.B.8.c, provides that if termination is unfavorable, Security shall be contacted.

Contrary to the above, the licensee failed to follow procedures for security badge and access control as evidenced by the following:

1. On April 8, 1997, two individuals were terminated, one involuntarily (unfavorable), and the responsible manager failed to notify security prior to or simultaneously with the terminations. As a result the terminated individuals, with protected and vital area access, gained access to the protected area and could have accessed vital areas.

2. On April 19, 1996, a vendor failed to notify security of the involuntary (unfavorable) termination of three individuals with protected and vital area access. There was no access to the protected or vital areas after their termination.

3. On July 2, 1997, a vendor failed to notify security of the involuntary (unfavorable) termination of an individual with protected and vital area access. There was no access to the protected or vital areas after termination.

4. On July 8, 1997, a vendor failed to notify security of a voluntary (favorable) termination of an individual with protected area access. No protected areas were accessed. (01013)

B. Technical Specification 6.8, requires, in part, that written procedures shall be established, implemented and maintained for applicable procedures in Appendix A to Regulatory Guide 1.33, Rev. 2, 1978. Appendix A specifies procedures for Security and Visitor Control.

Security Procedure EXAO-02, Security Badge Program, Rev. 62, paragraph III.B.8e(2) provides that security badges shall be removed from storage when security is informed of a person's termination.

Contrary to the above, the licensee failed to follow procedures for security badge and access control as follows:

1. On January 30, 1997, security failed to remove the access badge from storage in the badge rack following notification of the voluntary (favorable) terminated of an individual who had protected and vital area access authorization. No protected or vital areas were accessed.

2. On June 30, 1997, security failed to remove the access badge of an individual from storage in the badge rack following notification (via the Daily Deletion Report) of the expiration of the individual's 180 day temporary clearance. As a result on July 3, 7 and 8, 1997, the individual, with protected area access only, entered the protected area. (01023)

These violations represent a Severity Level III problem (Supplement III).

C. The McGuire Facility Operating License NPF-17, Part 2.E, states, in part, that the licensee shall fully implement and maintain in effect all provisions of the Commission approved physical security, guard training and qualification, and safeguards contingency plans including amendments made pursuant to provisions of the Miscellaneous Amendments and Search Requirements, revisions to 10 CFR 73.55, and to the authority of 10 CFR 50.90 and 10 CFR 50.54(p).

Duke Power Company Nuclear Security and Contingency Plan, Rev. 6, dated May 13, 1997, Chapter 6, "Access", Paragraph 6.3, provides that protected area badges shall remain within the protected area.

Security Procedure EXAO-2, Security Badge Program, Rev 62, paragraph III.B.5.c provides that prior to exiting the protected area, all badges shall be returned to the exit turnstile at the primary access portal.

Contrary to the above, the licensee failed to follow Security Procedure EXAO-2 on ten occasions between the dates of February 5, 1997 and July 10, 1997, when the licensee failed to control protected area access badges, and the badges were taken outside the protected area. (02014)

This is a Severity Level IV violation (Supplement III).

Pursuant to the provisions of 10 CFR 2.201, Duke Energy Corporation is hereby required to submit a written statement or explanation to the U.S. Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, D.C. 20555 with a copy to the Regional Administrator, Region II, and a copy to the NRC Resident Inspector at the McGuire facility, within 30 days of the date of the letter transmitting this Notice of Violation (Notice). This reply should be clearly marked as a "Reply to a Notice of Violation" and should include for each violation: (1) the reason for the violation, or, if contested, the basis for disputing the violation, (2) the corrective steps that have been taken and the results achieved, (3) the corrective steps that will be taken to avoid further violations, and (4) the date when full compliance will be achieved. Your response may reference or include previously docketed correspondence, if the correspondence adequately addresses the required response. If an adequate reply is not received within the time specified in this Notice, an order or a Demand for Information may be issued as to why the license should not be modified, suspended, or revoked, or why such other action as may be proper should not be taken. Where good cause is shown, consideration will be given to extending the response time.

Under the authority of Section 182 of the Act, 42 U.S.C. 2232, this response shall be submitted under oath or affirmation.

Because your response will be placed in the NRC Public Document Room (PDR), to the extent possible, it should not include any personal privacy, proprietary, or safeguards information so that it can be placed in the PDR without redaction. If personal privacy or proprietary information is necessary to provide an acceptable response, then please provide a bracketed copy of your response that identifies the information that should be protected and a redacted copy of your response that deletes such information. If you request withholding of such material, you must specifically identify the portions of your response that you seek to have withheld and provide in detail the bases for your claim of withholding (e.g., explain why the disclosure of information will create an unwarranted invasion of personal privacy or provide the information required by 10 CFR 2.790(b) to support a request for withholding confidential commercial or financial information). If safeguards information is necessary to provide an acceptable response, please provide the level of protection described in 10 CFR 73.21.

Dated at Atlanta, Georgia
this 26th day of September 1997

---

¹ A Severity Level III violation was issued on August 22, 1995, concerning inadequate emergency diesel generator (EDG) turbocharger design control (EA 95-156). Two Severity Level III violations were issued on May 9, 1996 for inadequate procedures for monitoring of freeze protection equipment and design problems with the EDG (EA 96-080 and 96-100).