29 March 1999
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html

-------------------------------------------------------------------------

[Federal Register: March 29, 1999 (Volume 64, Number 59)]
[Rules and Regulations]
[Page 14814-14818]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr29mr99-3]

[[Page 14814]]

=======================================================================
-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION

10 CFR Parts 50 and 73

RIN 3150-AF63


Frequency of Reviews and Audits for Emergency Preparedness
Programs, Safeguards Contingency Plans, and Security Programs for
Nuclear Power Reactors

AGENCY: Nuclear Regulatory Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is amending its
regulations to allow nuclear power reactor licensees the option to
change the frequency of licensees' independent reviews and audits of
their emergency preparedness programs, safeguards contingency plans,
and security programs. The amendment allows nuclear power reactor
licensees to elect to conduct program reviews and audits either at
intervals not to exceed 12 months as is currently required, or as
necessary, based on an assessment by the licensee against performance
indicators, and as soon as reasonably practicable after a change occurs
in personnel, procedures, equipment, or facilities that potentially
could adversely affect the emergency preparedness program, the
safeguards contingency plan, and security program, but no longer than
12 months after the change. In any case, each element of the emergency
preparedness program, the safeguards contingency plan, and the security
program must be reviewed at least every 24 months. This action will
reduce the regulatory burden on licensees without compromising public
health and safety.

EFFECTIVE DATE: April 28, 1999.

FOR FURTHER INFORMATION CONTACT: Dr. Sandra D. Frattali, Office of
Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, telephone (301) 415-3703, e-mail
sdf@nrc.gov.

SUPPLEMENTARY INFORMATION:

Background

    On July 31, 1997 (62 FR 40978), the NRC published a proposed rule
in the Federal Register to amend the NRC's regulations for the
frequency of program reviews and audits for emergency preparedness
programs, safeguards contingency plans, and security programs at
nuclear power reactors. This rulemaking was developed in response to
two petitions for rulemaking submitted by Virginia Power Company, PRM
50-59 and PRM 50-60. These petitions were published for public comment
by the NRC in the Federal Register (59 FR 23641; April 13, 1994, and 59
FR 17449; May 6, 1994, respectively). This final rule grants the
petitioner's request in each of these petitions with some additional
qualifications and conditions. This final rule completes NRC action on
PRM-50-59 and PRM-50-60.
    As written, the proposed rule would have required all power reactor
licensees to conduct program reviews and audits in response to program
performance indicators or after a significant change in personnel,
procedures, equipment, or facilities, but in no case less frequently
than every 24 months. Although the proposed rule was a reduction in the
burden on the power reactor licensees, the requirements might have
constituted a backfit for some licensees as they would be required to
make procedural changes and possibly take other actions. Therefore, the
final rule has been modified to allow the licensees the option of
continuing to use the current regulations and thus a backfit analysis
is not required for this proposed action.
    The following sections of 10 CFR Parts 50 and 73 are amended by
this rulemaking: requirements pertaining to the review frequency of
safeguards contingency plans by power reactor licensees contained in
Sec. 50.54(p)(3) and in Appendix C to Part 73; <SUP>1</SUP>
requirements for security program reviews contained in
Sec. 73.55(g)(4); and requirements pertaining to the frequency of
program reviews of the emergency preparedness program by nuclear power
reactor licensees contained in Sec. 50.54(t).
---------------------------------------------------------------------------

    \1\ Note that this appendix is currently cited by both
Sec. 73.46, which applies to nuclear fuel licensees, and Sec. 73.55,
which applies to nuclear power reactor licensees. This rulemaking
applies only to nuclear power reactors.
---------------------------------------------------------------------------

Public Comments

    Ten public comments were received, one from an Agreement State, one
from a utility industry group, and eight from licensees. The only
comment that did not support the rulemaking was from the State of
Illinois, the Agreement State. The utility group supported the rule
with comments. Of the eight licensee commenters that supported the
rulemaking, two supported the rulemaking with no additional comments,
three supported the rulemaking with additional comments, one supported
the industry group's comments and two supported the industry group's
comments with additional comments. The NRC had specifically requested
public comments on performance indicators appropriate for the emergency
preparedness and security programs that would amplify the regulation.
Three of the industry commenters responded to this request, but only
one suggested specific performance indicators.
    Copies of the letters are available for public inspection and
copying for a fee at the Commission's Public Document Room, located at
2120 L Street, NW (Lower Level), Washington, DC.
    The public comments were grouped and are discussed below.

Comment Resolution

Performance Indicators

    Performance indicators are used by nuclear operating organizations
to provide a quantitative indication of plant performance. A
performance indicator is a parameter derived from plant performance
data that can be correlated with individual plant regulatory and safety
performance. Licensees typically utilize performance indicators to gain
additional perspective on plant activities and to provide an indication
of the possible need to adjust priorities and resources to achieve
improved overall performance. Performance indicators as related to this
rulemaking refer to numerical parameters generally derived from
quantitative data to monitor the performance and gain insight to the
effectiveness of the emergency preparedness and security programs.
    Performance indicators are usually derived from data in a way that
provides measurement of success in a summary fashion. Some examples of
performance indicators for emergency preparedness are:
    <bullet> Emergency response facility availability,
    <bullet> Completeness of emergency preparedness duty roster
personnel training,
    <bullet> Quality of response to declared plant emergencies,
    <bullet> Timeliness of corrective action closure,
    <bullet> Measure of state and local interface, and
    <bullet> Percentage of drill objectives successfully demonstrated.
    Some examples of performance indicators for physical security
programs (including safeguards contingency plans) are:
    <bullet> Exercise and drill performance
    <bullet> Instances of unescorted access granted incorrectly,
    <bullet> Instances of uncompensated degradation of security
equipment,
    <bullet> Compensatory hours expended due to equipment failures,

[[Page 14815]]

    <bullet> Test failures involving security equipment,
    <bullet> False/nuisance alarm rates, and
    <bullet> Nature, frequency, and type of equipment failures.
    Performance indicators are generally intended to monitor success in
performing an activity relative to a success level identified as
acceptable. For a performance indicator to be meaningful a level of
acceptable success is identified. This may be based on historical
success levels, common industry success levels, design parameters,
management expectations, improvement goals, or other such bases.
Performance that is indicated as being below the acceptable success
level would indicate the need for a program review or audit of the
affected area.
    The proposed rule specifically requested suggestions for
performance indicators. Only one commenter replied directly with
suggestions for emergency preparedness indicators. This commenter also
indicated that the performance indicators for security would be
difficult to manage and an industry consensus would be extremely
difficult to reach on this issue. The commenter noted that some
performance indicators for security are tracked differently between
plants or not at all. One commenter wanted performance standards or
measurements to be defined and approved in industry guidelines. One
commenter wanted each utility to be allowed to develop its own
performance indicators. The industry group stated its interest in
developing industry guidance for this new approach. Because of the
licensees' experience in implementing and performing self-assessment of
their programs, the NRC has decided that at this time it will be the
responsibility of the individual utilities to define their own
performance indicators. Industry development of performance indicators
is to be encouraged.
    Additional information concerning performance indicators is
included in the Inspection and Enforcement section.

Audit Frequency

    The State of Illinois commented that the current requirement for
annual emergency preparedness audits <SUP>2</SUP> does not constitute
an excessive burden, especially when offsite agencies must certify
annually that their emergency preparedness plan meets NUREG-0654 Rev.1/
FEMA-REP-1, ``Criteria for Preparation and Evaluation of Radiological
Emergency Response Plans and Preparedness in Support of Nuclear Power
Plants,'' <SUP>3</SUP> and that a review every 24 months is not
sufficiently frequent to ensure that all the multiple and complex
aspects of an emergency preparedness plan remain current. Another
commenter believed that specifying any maximum frequency is not
necessary but, if one is specified, it should be defined in an industry
developed standard. Another commenter specifically stated that
performance-based testing to correct demonstrated weaknesses is
significantly better than schedule-driven audits but did not object to
the 24-month requirement. The other commenters agreed with the rule as
written.
---------------------------------------------------------------------------

    \2\ Although the commenter used the term ``audits,'' the term
used in the emergency planning regulations is ``reviews.''
    \3\ Available from the National Technical Information Service,
Springfield, VA 22161.
---------------------------------------------------------------------------

    The comments of the State of Illinois in response to the original
publication of the petitions were the same as the State's comments in
response to the proposed rulemaking. In each comment, Illinois
expressed concern with lengthening the period between reviews. This
concern was addressed by clarifying that more frequent, focused program
reviews and audits may be required, based on an assessment of security
or emergency preparedness by the licensee against performance
indicators or after a change in licensee personnel, procedures,
equipment, or facilities that potentially could adversely affect
emergency preparedness or security. Although some commenters believed
that there should be no maximum audit period specified, most commenters
had no problem with the proposed frequency of not less than 24 months.
The final rule retains this specified frequency.

Audit Procedures

    One commenter said that the rule would add an additional layer of
requirements, especially in security. This commenter wanted to
eliminate the requirement to audit <SUP>4</SUP> in response to a
significant change in personnel, procedures, equipment, or facilities.
The commenter also wanted a clear specification in the rule that the
audit frequency should be altered only after the licensee has
determined that a significant change has occurred. The rule change has
been made an additional voluntary option. The licensee has the option
to maintain the current review intervals, which does not add an
additional layer of requirements. Alternatively, under the new option,
it is the licensee who determines when a review is necessary, and the
rule language has been changed to replace the phrase ``significant
change in personnel, procedures equipment or facilities'' with ``a
change in personnel, procedures, equipment or facilities, that
potentially could adversely affect emergency preparedness or
security.''
---------------------------------------------------------------------------

    \4\ See footnote 2.
---------------------------------------------------------------------------

    One commenter wanted to eliminate all the requirements for audits.
One commenter wanted clear and standard criteria for emergency
preparedness audits. One commenter wanted the level of independence
required for reviewers and the qualifications of the persons conducting
the reviews to be clarified. Finally, one commenter observed that the
review of performance should be against the emergency plan.
    If the licensee chooses to maintain the current rule intervals,
there is no additional layer of requirements. The final rule adds a
voluntary option. If the licensee chooses to implement it, it relaxes
the existing requirement for frequency of audits, and provides decision
criteria for determining when focused audits need to be conducted, but
makes no changes in how those audits and reviews are conducted.

Definitions and Clarifications

    There were a few requests from commenters to define the terms
``significant,'' ``significant change,'' ``as necessary,'' and
``reasonably practical.'' The terms ``significant'' and ``significant
change'' in the rule language have been replaced with the words ``a
change that potentially could adversely affect emergency preparedness
or security.'' The term ``as necessary'' is a function of the nature of
the change. The scope and depth of the review would be expected to vary
with the change. Thus, judgment will need to be exercised in making the
decisions. Similarly, ``reasonably practicable'' is a function of the
significance of the change and needs to be factored into the scope and
depth of review. Other changes in the rule language from the proposed
rule were editorial in nature to make the rule language more
understandable.
    Another commenter observed that the NRC should use the terms
``review'' and ``audit'' consistently. The Commission notes that the
emergency planning regulations use the term ``program reviews,'' and
the security program and safeguards contingency plan regulations also
use ``reviews.'' When describing the requirements for a ``review'' of
the physical security plan, the regulations use the term ``audits'' for
some of the requirements. These amendments do not change the use of any
of these terms from the previous text of the rule, and are consistent
with other NRC regulatory usage of these terms.

[[Page 14816]]

    The NRC does not require that the reviews and audits addressed in
this rulemaking be performed by the QA organization in accordance with
the QA program commitments for the conduct of the audits. The NRC
expects these audits to be conducted by individuals who are qualified
(technically competent) in the subjects being audited and are
independent of the program to ensure objectivity and no conflict of
interest. At the licensee's option, the QA organization may perform,
lead, or assist in these audits.

Regulatory Action

    The public comments have been considered as discussed above, and
the final rule amendment is promulgated as a voluntary option, with
changes made to the proposed rule language to clarify the requirements
and address public comments. One comment, that the NRC should implement
performance-based regulations across the full spectrum of emergency
preparedness and security requirements, is beyond the scope of this
rulemaking. These revisions are consistent with those requested in the
two petitions for rulemaking (PRM 50-59 and PRM 50-60) and will promote
performance-based rather than compliance-based review and audit
activities.

Inspection and Enforcement

    This rulemaking revises the regulations to allow licensees the
option to conduct focused program reviews and audits of their emergency
preparedness programs, safeguards contingency plans, and security
programs as needed, either based on an assessment by the licensee
against performance indicators or in response to a change in personnel,
procedures, equipment, or facilities, that potentially could adversely
affect emergency preparedness or security, and it requires in any case
that all program elements be reviewed and audited at least every 24
months. The focused program reviews by the licensees following changes
in licensee personnel, procedures, or equipment that potentially could
adversely affect emergency preparedness or security are to be performed
as soon as reasonably practicable, but no later than 12 months after
the changes. Inspection procedures will be changed to reflect the
revised rule. The NRC will review the performance indicators developed
by licensees choosing this option and observe whether and to what
extent these performance indicators are assisting licensees in
conducting their program reviews. The NRC will use this experience to
determine if specific and additional guidance should be developed.
    The Commission recognizes that licensees will need to exercise
judgement in light of the nature of the variety of changes that may
occur and the difficulty of defining in advance, except in general
terms, the threshold of changes that potentially could adversely affect
emergency preparedness and security. Accordingly, where the licensee
has made a good faith effort in making the judgements needed to comply
with this rule, the staff intends not to make citations unless the
licensee's actions were clearly unreasonable. In the absence of
willfulness, these violations are expected to be Severity Level IV
violations.

Environmental Impact: Categorical Exclusion

    The Commission has determined that this final rule is the type of
action described as a categorical exclusion in 10 CFR 51.22(c)(3)(I.).
Therefore, neither an environmental impact statement nor an
environmental assessment has been prepared for this final rule.

Paperwork Reduction Act Statement

    This final rule amends information collection requirements that are
subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et
seq.). These requirements were approved by the Office of Management and
Budget, approval numbers 3150-0002 and 3150-0011.
    If the licensee chooses the option of focused reviews and audits as
the final rule allows, the public burden for this information
collection is expected to be decreased by approximately 275 hours per
licensee per year. This reduction includes the time required for
reviewing instructions, searching existing data sources, gathering and
maintaining the data needed, and completing and reviewing the
information collection.
    Send comments on any aspect of this information collection,
including suggestions for further reducing the burden, to the Records
Management Branch (T-6 F 33), U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, or by Internet electronic mail at
BJS1@nrc.gov; and to the Desk Officer, Office of Information and
Regulatory Affairs, NEOB-10202, (3150-0002, -0011), Office of
Management and Budget, Washington, DC 20503.

Public Protection Notification

    If an information collection does not display a currently valid OMB
control number, the NRC may not conduct or sponsor, and a person is not
required to respond to, the information collection.

Regulatory Analysis

    This rulemaking revises the regulations to allow licensees to
conduct program reviews and audits of their emergency preparedness
programs, safeguards contingency plans, and security programs either:
    (i) At intervals not to exceed 12 months as is currently required,
or
    (ii) As necessary, based on an assessment by the licensee against
performance indicators, and as soon as reasonably practicable after a
change occurs in personnel, procedures, equipment, or facilities that
potentially could adversely affect the emergency preparedness program,
the safeguards contingency plan, and the security program, but no
longer than 12 months after the change. In any case, each element of
the emergency preparedness program, the safeguards contingency plan,
and the security program must be reviewed at least every 24 months .
    The optional changes, if elected by the licensee, represent a
potential cost savings because it is anticipated that fewer reviews and
audits will be necessary. Most licensees include the safeguards
contingency plan as part of the physical security program, and one
audit (review) covers both. Information provided by licensees on the
cost for conducting reviews and audits of the licensee emergency
preparedness and physical security programs varies, but is estimated to
cost approximately $15,000 per annual review or audit, for a total of
$30,000 annually for both audits (reviews). Each element of the program
is audited (reviewed) at least once every 24 months. The potential
maximum savings of 50 percent to licensees in the emergency
preparedness and physical security program audit costs is an estimated
$30,000 per licensee every 24 months. The total cost savings to the
industry is approximately $1.1M per year. Even if some elements of the
programs are audited more frequently, the cost to the licensee will
likely be less than auditing the entire program every year. Limited
focused audits that address changes in personnel, procedures,
equipment, or facilities, that potentially could adversely affect
emergency preparedness or security, will cost about $5,000 per year if
they are needed. There is no additional cost anticipated for collecting
and analyzing program performance indicators since most licensees
already do so in some fashion.

[[Page 14817]]

Regulatory Flexibility Certification

    As required by the Regulatory Flexibility Act, 5 U.S.C. 605(b), the
Commission certifies that this final rule does not have a significant
economic impact on a substantial number of small entities. This final
rule affects only licensees authorized to operate nuclear power
reactors. These licensees do not fall within the scope of the
definition of ``small entities'' under the size standards developed by
the NRC and codified in 10 CFR 2.810.

Backfit Analysis

    In the proposed rule, the NRC took the position that the backfit
rule, 10 CFR 50.109, did not apply because it did not propose new
requirements on existing 10 CFR Part 50 licensees except to reduce the
frequency with which licensees conduct independent reviews and audits
of their emergency preparedness programs, safeguards contingency plans,
and security programs. Since this action did not impose any new or
increased requirements in this area, no backfit was intended or
approved in connection with this rule change. Therefore, a backfit
analysis was not prepared for this amendment. However, upon further
review, the NRC has concluded that there is an insufficient basis to
support the original position. Some licensees may not have performance
indicators and may find it necessary to develop them. In such a case a
backfit analysis would be required. Therefore, the final rule has been
revised so that the changes are an additional voluntary option and
power reactor licensees may elect to continue to follow the current
requirements. Making the new requirements optional obviates the need
for a backfit analysis for this proposed action.

Small Business Regulatory Enforcement Fairness Act

    In accordance with the Small Business Regulatory Enforcement
Fairness Act of 1996, the NRC has determined that this action is not a
``major rule'' and has verified this determination with the Office of
Information and Regulatory Affairs, Office of Management and Budget.

List of Subjects

10 CFR Part 50

    Antitrust, Classified information, Criminal penalties, Fire
protection, Intergovernmental relations, Nuclear power plants and
reactors, Radiation protection, Reactor siting criteria, Reporting and
record keeping requirements.

10 CFR Part 73

    Criminal penalties, Hazardous materials transportation, Export,
Import, Nuclear materials, Nuclear power plants and reactors, Reporting
and record keeping requirements, Security measures.

    For the reasons set out in the preamble and under the authority of
the Atomic Energy Act of 1954, as amended; the Energy Reorganization
Act of 1974, as amended; and 5 U.S.C. 553; the NRC is adopting the
following amendments to 10 CFR Parts 50 and 73.

PART 50--DOMESTIC LICENSING OF PRODUCTION AND UTILIZATION
FACILITIES

    1. The authority citation for Part 50 continues to read as follows:

    Authority: Secs. 102, 103, 104, 105, 161, 182, 183, 186, 189, 68
Stat. 936, 937, 938, 948, 953, 954, 955, 956, as amended, sec. 234,
83 Stat. 1244, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2201,
2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88
Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846).
    Section 50.7 also issued under Pub. L. 95-601, sec. 10, 92 Stat.
2951 (42 U.S.C. 5851). Section 50.10 also issued under secs. 101,
185, 68 Stat. 955 as amended (42 U.S.C. 2131, 2235), sec. 102, Pub.
L. 91-190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, 50.54(dd),
and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42
U.S.C. 2138). Sections 50.23, 50.35, 50.55, and 50.56 also issued
under sec. 185, 68 Stat. 955 (42 U.S.C. 2235). Sections 50.33a,
50.55a and Appendix Q also issued under sec. 102, Pub. L. 91-190, 83
Stat. 853 (42 U.S.C. 4332). Sections 50.34 and 50.54 also issued
under sec. 204, 88 Stat. 1245 (42 U.S.C. 5844). Section 50.37 also
issued under E.O. 12829, 3 CFR 1993 Comp., p. 570; E.O. 12958, as
amended, 3 CFR, 1995 Comp., p. 333; E.O. 12968, 3 CFR 1995 Comp., p.
391. Sections 50.58, 50.91, and 50.92 also issued under Pub. L. 97-
415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued under
sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80--50.81 also
issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234).
Appendix F also issued under sec. 187, 68 Stat. 955 (42 U.S.C 2237).

    2. Section 50.54 is amended by revising paragraphs (p)(3) and (t),
and adding (p)(4) to read as follows:

Sec. 50.54  Conditions of license.

* * * * *
    (p) * * *
    (3) The licensee shall provide for the development, revision,
implementation, and maintenance of its safeguards contingency plan. The
licensee shall ensure that all program elements are reviewed by
individuals independent of both security program management and
personnel who have direct responsibility for implementation of the
security program either:
    (i) At intervals not to exceed 12 months, or
    (ii) As necessary, based on an assessment by the licensee against
performance indicators, and as soon as reasonably practicable after a
change occurs in personnel, procedures, equipment, or facilities that
potentially could adversely affect security, but no longer than 12
months after the change. In any case, all elements of the safeguards
contingency plan must be reviewed at least once every 24 months.
    (4) The review must include a review and audit of safeguards
contingency procedures and practices, an audit of the security system
testing and maintenance program, and a test of the safeguards systems
along with commitments established for response by local law
enforcement authorities. The results of the review and audit, along
with recommendations for improvements, must be documented, reported to
the licensee's corporate and plant management, and kept available at
the plant for inspection for a period of 3 years.
* * * * *
    (t)(1) The licensee shall provide for the development, revision,
implementation, and maintenance of its emergency preparedness program.
The licensee shall ensure that all program elements are reviewed by
persons who have no direct responsibility for the implementation of the
emergency preparedness program either:
    (i) At intervals not to exceed 12 months or,
    (ii) As necessary, based on an assessment by the licensee against
performance indicators, and as soon as reasonably practicable after a
change occurs in personnel, procedures, equipment, or facilities that
potentially could adversely affect emergency preparedness, but no
longer than 12 months after the change. In any case, all elements of
the emergency preparedness program must be reviewed at least once every
24 months.
    (2) The review must include an evaluation for adequacy of
interfaces with State and local governments and of licensee drills,
exercises, capabilities, and procedures. The results of the review,
along with recommendations for improvements, must be documented,
reported to the licensee's corporate and plant management, and retained
for a

[[Page 14818]]

period of 5 years. The part of the review involving the evaluation for
adequacy of interface with State and local governments must be
available to the appropriate State and local governments.
* * * * *

PART 73--PHYSICAL PROTECTION OF PLANTS AND MATERIALS

    3. The authority citation for Part 73 continues to read as follows:

    Authority: Secs. 53, 161, 68 Stat. 930, 948, as amended, sec.
147, 94 Stat. 780 (42 U.S.C. 2073, 2167, 2201); sec. 201, as
amended, 204, 88 Stat. 1242, as amended, 1245, sec. 1701, 106 Stat.
2951, 2952, 2953 (42 U.S.C. 5841, 5844, 2297(f)).
    Section 73.1 also issued under secs. 135, 141, Pub. L. 97-425,
96 Stat. 2232, 2241 (42 U.S.C. 10155, 10161). Section 73.37(f) also
issued under sec. 301, Pub. L. 96-295, 94 Stat. 789 (42 U.S.C. 5841
note). Section 73.57 is issued under sec. 606, Pub. L. 99-399, 100
Stat. 876 (42 U.S.C. 2169).

    4. Section 73.55 is amended by revising paragraph (g)(4) to read as
follows:

Sec. 73.55  Requirements for physical protection of licensed activities
in nuclear power reactors against radiological sabotage.

* * * * *
    (g) * * *
    (4)(1) The licensee shall review implementation of the security
program by individuals who have no direct responsibility for the
security program either:
    (i) At intervals not to exceed 12 months, or
    (ii) As necessary, based on an assessment by the licensee against
performance indicators and as soon as reasonably practicable after a
change occurs in personnel, procedures, equipment, or facilities that
potentially could adversely affect security but no longer than 12
months after the change. In any case, each element of the security
program must be reviewed at least every 24 months.
    (2) The security program review must include an audit of security
procedures and practices, an evaluation of the effectiveness of the
physical protection system, an audit of the physical protection system
testing and maintenance program, and an audit of commitments
established for response by local law enforcement authorities. The
results and recommendations of the security program review,
management's findings on whether the security program is currently
effective, and any actions taken as a result of recommendations from
prior program reviews must be documented in a report to the licensee's
plant manager and to corporate management at least one level higher
than that having responsibility for the day-to-day plant operation.
These reports must be maintained in an auditable form, available for
inspection, for a period of 3 years.
* * * * *
    5. Appendix C to 10 CFR Part 73, Licensee Safeguards Contingency
Plans, is amended by revising the section titled ``Audit and Review''
to read as follows:

Appendix C to Part 73--License Safeguards Contingency Plans

* * * * *

Audit and Review

    (1) For nuclear facilities subject to the requirements of
Sec. 73.46, the licensee shall provide for a review of the
safeguards contingency plan at intervals not to exceed 12 months.
For nuclear power reactor licensees subject to the requirements of
Sec. 73.55, the licensee shall provide for a review of the
safeguards contingency plan either:
    (i) At intervals not to exceed 12 months, or
    (ii) As necessary, based on an assessment by the licensee
against performance indicators, and as soon as reasonably
practicable after a change occurs in personnel, procedures,
equipment, or facilities that potentially could adversely affect
security, but no longer than 12 months after the change. In any
case, each element of the safeguards contingency plan must be
reviewed at least every 24 months.
    (2) A licensee subject to the requirements of either Sec. 73.46
or Sec. 73.55 shall ensure that the review of the safeguards
contingency plan is by individuals independent of both security
program management and personnel who have direct responsibility for
implementation of the security program. The review must include an
audit of safeguards contingency procedures and practices, and an
audit of commitments established for response by local law
enforcement authorities.
    (3) The licensee shall document the results and the
recommendations of the safeguards contingency plan review,
management findings on whether the safeguards contingency plan is
currently effective, and any actions taken as a result of
recommendations from prior reviews in a report to the licensee's
plant manager and to corporate management at least one level higher
than that having responsibility for the day-to-day plant operation.
The report must be maintained in an auditable form, available for
inspection for a period of 3 years.

    Dated at Rockville, Maryland, this 9th day of March, 1999.

    For the Nuclear Regulatory Commission.
William D. Travers,
Executive Director for Operations.
[FR Doc. 99-7597 Filed 3-26-99; 8:45 am]
BILLING CODE 7590-01-P