§ 73.120 Access authorization program for commercial nuclear plants.
(a) Introduction and scope. Each applicant for an operating license or a holder of a combined license under 10 CFR part 53 must establish, maintain, and implement an access authorization program before initial fuel load into the reactor (or, for a fueled manufactured reactor, before initiating the removal of the features to prevent criticality required under § 53.620(d)(1) of this chapter). The requirements in this section apply to applicants and licensees who demonstrate compliance with 10 CFR 73.100(a)(1)(i).
(b) Applicability. (1) The following individuals must be subject to an access authorization program under this section:
(i) Any individual to whom a licensee intends to grant unescorted access to a commercial nuclear plant protected area, vital area, or controlled access area where licensed material is used or stored;
(ii) Any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's or applicant's operational safety, security, or emergency preparedness;
(iii) Any individual who has responsibilities for implementing a licensee's or applicant's protective strategy, including armed security force officers, alarm station operators, and tactical response team leaders but not including Federal, State, or local law enforcement personnel; and
(iv) The licensee or applicant access authorization program reviewing official or contractor or vendor access authorization program reviewers.
(2) The licensee or applicant may subject other individuals, including employees of a contractor or a vendor who are designated in access authorization program procedures, to an access authorization program that demonstrates compliance with the requirements of this section.
(c) General performance objectives and requirements. Each licensee's or applicant's access authorization program under this section must demonstrate that the individuals who are specified in paragraph (b) of this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security. The licensee's access authorization program must maintain the capabilities for demonstrating compliance with the following performance requirements:
(1) Background investigation. (i)(A) Licensees and applicants must ensure that any individual seeking initial unescorted access or to maintain unescorted access is subject to a background investigation.
(B) Background investigations must include the program elements contained under § 37.25 of this chapter and must also include a credit history evaluation.
(ii) Background investigations must include fingerprinting and an FBI identification and criminal history records check in accordance with § 37.27 of this chapter.
(iii) Licensees must have the informed and signed consent of the subject individual to initiate a background investigation. This consent must include authorization to share personal information with other individuals or organizations as necessary to complete the background investigation. A signed consent must be obtained prior to any reinvestigation. The subject individual may withdraw his or her consent at any time. Licensees must inform the individual that—
(A) If an individual withdraws his or her consent, the licensee may not initiate any elements of the background investigation that were not in progress at the time the individual withdrew his or her consent; and
(B) The withdrawal of consent for the background investigation is sufficient cause for denial or termination of unescorted access authorization.
(2) Behavioral observation. Licensees, applicants, contractors, and vendors must ensure the access authorization program includes provisions that the individuals specified in paragraph (b) of this section are subject to behavioral observation.
(i) Each person subject to behavioral observation must communicate to the licensee or applicant observed behaviors or activities of individuals that may constitute an unreasonable risk to the health and safety of the public and common defense and security.
(ii) Behavioral observation must include visual observation, in person or remotely by video, to detect and promptly report to plant supervision any concerns arising from behavioral observation, including, but not limited to, concerns related to any questionable behavior patterns or activities of others.
(3) Self-reporting of legal actions. Licensees or applicants must inform personnel who are granted and who maintain unescorted access of their responsibilities to self-report to plant supervision legal actions taken by a law enforcement authority or court of law against the individual that could result in incarceration or a court order or that requires a court appearance, including but not limited to an arrest, an indictment, the filing of charges, or a conviction, but excluding minor civil actions or misdemeanors such as parking violations or speeding tickets, for any individual who has applied for unescorted access or who maintains unescorted access.
(4) Unescorted access. Licensees or applicants must grant unescorted access only after the licensee has verified an individual is trustworthy and reliable. A list of persons currently approved for unescorted access to a protected area, vital area, or controlled access area must be maintained at all times. Unescorted access determinations must be reviewed annually by the reviewing official. Licensees and applicants must complete an FBI criminal history record check update for each individual maintaining unescorted access, within 10 years of the last review.
(5) Termination of unescorted access. Licensees and applicants must promptly terminate unescorted access when this access is no longer required or a reviewing official determines an individual is no longer trustworthy and reliable in accordance with this section.
(6) Determination basis for access. (i) The licensee's or applicant's reviewing official must determine whether to permit, deny, unfavorably terminate, maintain, or administratively withdraw an individual's unescorted access based on an evaluation of all of the information collected to demonstrate compliance with the requirements of this section.
(ii) Licensees and applicants must provide individuals subject to this section, prior to any final adverse determination, the right to complete, correct, and explain information obtained as a result of the licensee's background investigation pursuant to § 37.23(g) of this chapter.
(iii) The licensee's or applicant's reviewing officials are the only individuals authorized to make unescorted access determination decisions. Each licensee or applicant must name one or more individuals to be reviewing officials pursuant to the requirements of § 37.23(b)(2) of this chapter.
(7) Review procedures. Review procedures must be established in accordance with § 37.23(f) of this chapter, to include provisions for the notification in writing of individuals who are denied unescorted access or who are unfavorably terminated.
(8) Protection of information. Licensees, applicants, contractors, or vendors must establish and maintain a system of files and procedures in accordance with § 37.31 of this chapter, to ensure personal information is not disclosed to unauthorized persons.
(9) Access authorization reviews and corrective action. Licensees and applicants must develop, implement, and maintain procedures for conduct of access authorization reviews and corrective actions in accordance with § 37.33 of this chapter to ensure the continuing effectiveness of the access authorization program and to ensure that the access authorization program and program elements are in compliance with the requirements of this section. Each licensee and applicant must be responsible for the continuing effectiveness of the access authorization program, including access authorization program elements that are provided by the contractors or vendors, and the access authorization programs of any of the contractors or vendors that are accepted by the licensee or applicant.
(10) Records. Licensees, applicants, and contractors or vendors must document the processes and procedures for maintaining records used or created to establish an individual's trustworthiness and reliability or to document access determinations. Licensees, applicants, and contractor or vendors must—
(i) Retain documentation regarding the trustworthiness and reliability of individual employees for 3 years from the date the individual no longer requires unescorted access;
(ii) Retain a copy of the current access authorization program procedures as a record for 3 years after the procedure is no longer needed. If any portion of the procedure is superseded, retain the superseded material for 3 years after the record is superseded; and
(iii) Retain the list of persons approved for unescorted access for 3 years after the list is superseded or replaced. Records maintained in any database(s) must be available for NRC review.