| Main |
1.1. |
Many States have established or strengthened their national nuclear security regimes for the prevention of, detection of and response to criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities and associated activities. The nuclear security regime is part of a State’s overall security regime. It covers nuclear material and other radioactive material, whether that material is under or out of regulatory control, as well as associated facilities and associated activities, throughout their lifetimes. The nuclear security regime reflects the State’s responsibility to protect persons, property, society and the environment from the harmful consequences of a nuclear security event [1]. |
| Main |
1.2. |
The nuclear security regime comprises:The legislative and regulatory framework and administrative systems and measures governing the nuclear security of nuclear material, other radioactive material, associated facilities and associated activities;
The institutions and organizations within the State responsible for ensuring the implementation of the legislative and regulatory framework and administrative systems of nuclear security;
Nuclear security systems and nuclear security measures for the prevention of, detection of and response to nuclear security events.” [1]
|
| Main |
1.3. |
The essential elements of a national nuclear security regime are set out in IAEA Nuclear Security Series No. 20, Objective and Essential Elements of a State’s Nuclear Security Regime (the Nuclear Security Fundamentals) [1]; a more detailed description of the elements is provided in IAEA Nuclear Security Series No. 19, Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme [2]. The guidance set out in the present publication should be applied using the graded approach: the extent and rigour of application should be proportionate to the potential consequences of the relevant criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities or associated activities, or other acts determined by the State to have an adverse impact on nuclear security. |
| Main |
1.4. |
The importance of sustaining the nuclear security regime is recognized in the Nuclear Security Fundamentals and the three Nuclear Security Recommendations publications; specifically:As Essential Element 12 of a nuclear security regime [1];
In paras 3.48–3.57 of IAEA Nuclear Security Series No. 13, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5) [3];
In paras 3.29–3.32 of IAEA Nuclear Security Series No. 14, Nuclear Security Recommendations on Radioactive Material and Associated Facilities [4];
In paras 3.16, 5.25 and 6.24 of IAEA Nuclear Security Series No. 15, Nuclear Security Recommendations on Nuclear and Other Radioactive Material out of Regulatory Control [5].
|
| Main |
1.5. |
This Implementing Guide provides guidance to States, competent authorities, authorized persons and other organizations with nuclear security responsibilities on the objectives of and actions for sustaining a nuclear security regime. |
| Main |
1.6. |
This publication addresses the sustainability of all aspects of a national nuclear security regime, including those relating to nuclear material and nuclear facilities, other radioactive material and associated facilities, and nuclear and other radioactive material out of regulatory control. The publication is relevant for States that have established a nuclear security regime as well as for States that are in the process of establishing a nuclear security regime. It includes guidance on how to address challenges in sustaining a nuclear security regime over time. It also addresses the initial development and implementation of the nuclear security regime, particularly where sustainability can be built into the nuclear security regime as part of its design. |
| Main |
1.7. |
For the purposes of this Implementing Guide, sustainability is defined by the set of objectives and implementing actions incorporated into the nuclear security regime to support its continuing effectiveness. |
| Main |
1.8. |
If the nuclear security regime is to remain effective, it needs to be sustained over time at both the national and the operational level, and those different levels of the nuclear security regime need to work together in a consistent and complementary manner. |
| Main |
1.9. |
The national level includes those elements of the nuclear security regime addressed by the State and its competent authorities that have general, State-wide applicability. The national level thus includes responsibility for: developing and implementing the overarching policy and strategy that support an integrated approach to nuclear security; developing and implementing the legislative and regulatory framework for nuclear security; assigning the roles and responsibilities for nuclear security; and defining the threat at the national level. National level competent authorities may also participate in the implementation of operational nuclear security measures as described below. Competent authorities should have a mechanism for obtaining feedback to identify any gaps or inconsistencies in implementation of the legislative and regulatory framework at the operational level. |
| Main |
1.10. |
The operational level includes those nuclear security systems and measures implemented at a facility or in connection with any activity where nuclear or other radioactive material is possessed, produced, used, handled, stored or disposed of, or where nuclear or other radioactive material is in transport, as well as those systems and measures implemented with respect to nuclear or other radioactive material out of regulatory control. The operational level includes nuclear security systems and measures implemented by national competent authorities as well as those implemented by operating organizations. Operating organizations in this context may include authorized persons, facilities, shippers, carriers and the frontline officers of competent authorities (e.g. customs and border control, law enforcement and/or military personnel) having responsibilities for sustaining the nuclear security systems and measures applicable to: nuclear material, other radioactive material, associated facilities and associated activities under the State’s jurisdiction; facilities or other activities where nuclear or other radioactive material is produced, processed, used, handled, stored or disposed of; nuclear or other radioactive material in transport; and detection of or response to a nuclear security event. |
| Main |
1.11. |
The national and operational sustainability objectives and implementing actions described in this publication are intended to sustain the effectiveness of the nuclear security regime. Some objectives and actions address the State’s national nuclear security regime as a whole and thus contribute to sustaining all of the elements. Other objectives and actions specifically address the sustainability of one or more elements. |
| Main |
1.12. |
In most cases, objectives and actions pertaining to nuclear security at the operational level are established through requirements at the national level, usually through the legislative and regulatory framework, and are implemented at the direction of the relevant competent authorities. |
| Main |
1.13. |
Section 2 provides guidance on sustaining the nuclear security regime at the national level and Section 3 provides guidance on sustaining the nuclear security regime at the operational level. |
| Main |
2.1. |
Guidance at the national level includes objectives and implementing actions for sustaining a nuclear security regime directed to the State and its competent authorities. |
| Main |
2.2. |
This section describes eight national sustainability objectives and implementing actions:Building and maintaining a national commitment to nuclear security;
Establishing and regularly reviewing the legislative and regulatory framework;
Defining roles and responsibilities and ensuring accountability;
Updating the national threat assessment and using a risk informed approach;
Conducting effective planning and organization;
Developing human resources;
Fostering a robust nuclear security culture;
Maintaining oversight of and regularly evaluating the nuclear security regime.
|
| Main |
2.3. |
Taken together, these national sustainability objectives and implementing actions are intended to provide a comprehensive basis for sustaining a nuclear security regime at the national level. |
| Main |
2.4. |
Building and maintaining a national commitment to nuclear security sustains the nuclear security regime by empowering and motivating competent authorities, other organizations and authorized persons to meet their nuclear security responsibilities. In addition, a strong national commitment provides assurance that the resources and capacity necessary to fulfil nuclear security roles and responsibilities are and will continue to be made available. |
| Main |
2.5. |
National commitment to nuclear security depends on continuing recognition by the leadership of the State that the threat of nuclear terrorism is a matter of grave concern to all States and that the establishment and maintenance of an effective nuclear security regime is a vital national interest of the State and integral to the security of all States. National commitment is essential to a strong nuclear security culture. |
| Main |
2.6. |
As national leaders change over time, the commitment to the nuclear security regime should be reaffirmed as a national priority and maintained through the legislative, regulatory and administrative framework. |
| Main |
2.7. |
Actions to be taken by a State to achieve this objective are to:Have in place a national nuclear security policy and strategy to ensure that the overall priority given to nuclear security and the priorities within nuclear security are appropriate and proportionate to the level and nature of the threat. The threat should be assessed periodically through a national threat assessment, whose results should be used to inform changes to the policy and strategy.
Systematically communicate nuclear security priorities to all relevant competent authorities and other stakeholders.
Provide sufficient human, financial and technical resources to support the nuclear security regime, including through regular budget allocations to competent authorities with responsibilities for nuclear security.
Actively participate in international activities that address the implementation of international legal instruments to which it is a State party or to which it has made a political commitment.
|
| Main |
2.8. |
Establishing the legislative and regulatory framework for nuclear security sustains the nuclear security regime by ensuring that its formal status is recognized within the State. Regular review ensures that this framework reflects current international obligations and guidance, current and emerging threats, other changes in the nuclear security environment, and lessons learned and good practices. |
| Main |
2.9. |
The legislative and regulatory framework for nuclear security ensures that all competent authorities have sufficient legal authority to fulfil their assigned nuclear security responsibilities. This framework also establishes offences and penalties to criminalize unauthorized acts involving or directed at nuclear and other radioactive material, associated facilities or associated activities, as well as threats to commit such acts. The legislative and regulatory framework should be regularly reviewed to ensure that it contains provisions that support all aspects of sustaining a nuclear security regime on a continuing basis. |
| Main |
2.10. |
As applied to nuclear material and other radioactive material under regulatory control and associated facilities and associated activities, this framework enables regulatory bodies to establish regulatory requirements and to undertake activities related to authorization, assessment of compliance and imposition of appropriate penalties or sanctions through enforcement tools to foster compliance, in order to sustain the operational nuclear security systems. The regulatory body should ensure, as far as possible, regulatory certainty and stability to enable authorized persons to plan and invest in nuclear security systems and programmes with long term effectiveness, while maintaining the flexibility to adapt to changes in international obligations and threat conditions. |
| Main |
2.11. |
An effective legislative and regulatory framework for detection of and response to nuclear and other material out of regulatory control ensures that all investigations undertaken, and all collection of evidence in the context of these investigations, are authorized by law in order to maximize the likelihood of prosecution or extradition of alleged offenders. |
| Main |
2.12. |
Actions to be taken by a State to achieve this objective are to:Enact appropriate legislation to provide the necessary legal powers to each competent authority;
Ensure that the roles and responsibilities of competent authorities, as established in relevant legislation and regulations, are clear — particularly where there may be a shared area of responsibility such as emergency response — and that there are mechanisms in place to address shared responsibilities;
Enact appropriate legislation to establish offences and penalties, including criminalization, for unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities or associated activities.
|
| Main |
2.13. |
Actions to be taken by competent authorities to achieve this objective are to:Establish and enforce regulations and associated administrative measures that support nuclear security, including requirements pertaining to transport security, information security, computer security and assessment of trustworthiness of staff, and enforceable measures for prevention, detection and response to nuclear security events.
|
| Main |
2.14. |
Actions to be taken by a State and its competent authorities to achieve this objective are to:Ensure that there is a comprehensive, predictable regulatory framework, including regular security inspections and enforcement actions for non-compliance;
Ensure that all actions taken in connection with the detection of and response to nuclear and other material out of regulatory control are authorized by law;
Regularly review, and if necessary update, the legislative and regulatory framework that supports the nuclear security regime, to ensure that it remains appropriate, effective, consistent and coherent.
|
| Main |
2.15. |
Defining roles and responsibilities and ensuring accountability for nuclear security sustains the nuclear security regime by ensuring that competent authorities are identified, empowered and held accountable for implementing assigned nuclear security functions on a continuing basis. |
| Main |
2.16. |
The definition of roles and responsibilities for nuclear security may differ from State to State depending on the legislative and regulatory framework, institutional and administrative arrangements, existing capabilities and national priorities. Regardless of such differences, clearly defined responsibilities enable competent authorities to plan and invest in the capabilities necessary for them to fulfil their responsibilities over time. Holding competent authorities accountable for carrying out their responsibilities ensures that those responsibilities are in fact fulfilled. Continuous improvement in the fulfilment of those responsibilities should also be encouraged. |
| Main |
2.17. |
Many aspects of nuclear security, such as threat assessment [6, 7], transport security [8–10] and national planning for response to nuclear security events [5], involve multiple competent authorities that need to work collaboratively and with a clear understanding of their individual and collective responsibilities. For some competent authorities, their role in nuclear security will be their primary responsibility; for others, nuclear security may be one responsibility among many. |
| Main |
2.18. |
Before assigning roles and responsibilities, a State should clearly define the scope of and priorities within the nuclear security regime in order to reduce the risk of gaps or unintended overlaps. However, reassignment of responsibilities may be necessary to address new issues or State level reorganization of the nuclear security regime. In the interest of promoting stability and certainty, reassignment of responsibilities should only be undertaken when essential. |
| Main |
2.19. |
Actions to be taken by a State to achieve this objective are to:Clearly define the scope of the nuclear security regime that is to be established, implemented, maintained and sustained in order to limit the potential for gaps and overlaps;
Clearly define and document assigned roles and responsibilities;
Hold competent authorities accountable for effectively meeting their nuclear security responsibilities by establishing, implementing, maintaining and sustaining an oversight mechanism;
Establish a coordinating mechanism or body and require cooperation among competent authorities;
Reassign nuclear security responsibilities if the existing assignment is inappropriate or if there is a need to address new issues.
|
| Main |
2.20. |
Updating the national threat assessment and using a risk informed approach sustains the nuclear security regime by enabling appropriate revision of the nuclear security policy and strategy to counter credible and defined threats and to allocate resources to those nuclear security systems and measures that provide the greatest risk reduction. |
| Main |
2.21. |
Achieving effective nuclear security over time requires the development and maintenance of capabilities commensurate with the national threat as periodically assessed [6, 7]. A well defined threat, as determined through a national threat assessment, identifies what the nuclear security regime should protect against. Because it involves the participation of all relevant competent authorities and consultation with operating organizations, the process of performing a national threat assessment helps to foster consensus on the nature and credibility of the threat. Regularly updating the threat assessment can help to maintain the national consensus and commitment over time, and ensure that nuclear security systems continue to be based on a relevant assessed threat. |
| Main |
2.22. |
The risk informed approach enables national planners and decision makers to manage the nuclear security regime and to select, prioritize and implement appropriate nuclear security systems and measures at the national level [2]. |
| Main |
2.23. |
Actions to be taken by a State to achieve this objective are to:Ensure that a national threat assessment is undertaken and revised on a regular basis, and disseminated to all appropriate competent authorities.
Ensure that the national threat assessment process is as inclusive as possible, with the active participation of all relevant competent authorities. This process ensures consideration of a wide range of viewpoints and sources of information, and maintains consensus about the credibility of the threat.
|
| Main |
2.24. |
Actions to be taken by a State and its competent authorities and by operating organizations to achieve this objective are to:Ensure that the results of the national threat assessment are considered, as part of a risk informed approach, in the development of a design basis threat, where appropriate, and other regulatory requirements; in the design of nuclear security systems and measures; and in the development of other national instruments, such as the national detection strategy and the national response plan.
Apply the risk informed approach to develop strategies and plans and to tailor nuclear security systems and measures to address the most significant risks.
Ensure that appropriate resources are allocated to counter each threat on a level commensurate with the risk.
|
| Main |
2.25. |
Conducting effective planning and organization sustains the nuclear security regime by providing a mechanism to implement the national strategy and priorities, and to ensure the continued availability of appropriate human, financial and technical resources over the long term. |
| Main |
2.26. |
A well structured national planning and organization process should result in a well integrated nuclear security regime. Effective structured planning and organization will result in: the avoidance of systemic gaps; appropriate management of the interfaces between safety and security; enhanced communication and coordination at all levels; the ability to build upon and support other national security and law enforcement objectives; effective resource utilization, including the avoidance of duplication; and continuous improvement, including the ability to adapt to changing needs and priorities. |
| Main |
2.27. |
An effective planning and organization process provides a structured method of translating national level priorities into a set of nuclear security objectives that can then be used as a basis to sustain necessary capabilities, including at the operational level. It should also incorporate accountability and evaluation mechanisms throughout the planning process. The planning process may also benefit from lessons learned and good practices from other domestic or international organizations. |
| Main |
2.28. |
Actions to be taken by a State to achieve this objective are to:Ensure that each competent authority regularly prepares, uses and reviews a long term plan for meeting its nuclear security responsibilities;
Support research and development for nuclear security and encourage the utilization of appropriate technology;
Ensure that the various plans that relate to safety and security are interoperable and that appropriate attention is paid to the interfaces between safety and security in all key areas;
Make use of existing safety, security and law enforcement infrastructure in the planning process for the nuclear security regime;
Emphasize and promote the importance of integrated management systems, planning processes and allocation of adequate resources to support sustainable nuclear security;
Ensure that national level planning includes response plans that specifically address nuclear security events and that take into account interfaces with emergency response plans for nuclear and radiological emergencies [11].
|
| Main |
2.29. |
Developing human resources sustains the nuclear security regime by ensuring the continued availability of appropriate numbers of staff with the necessary competences and expertise, and by establishing a nuclear security profession with a core of expertise. |
| Main |
2.30. |
Human resource development includes education, training and knowledge management. There should be national support for allocation of resources to ensure that competent authorities and operating organizations are able to develop and retain sufficient human resources in the short, medium and long term. |
| Main |
2.31. |
Professionalism in nuclear security should be fostered through such means as qualification programmes, advanced degree programmes and professional societies, to create a cadre of national experts in leadership roles and other key positions who serve as trainers, mentors and role models for the future. An established educational programme in academia helps to ensure continuity of expertise. |
| Main |
2.32. |
Effective human resource development depends on the creation and continuing support of indigenous training institutions, such as dedicated training departments within competent authorities, and other training centres. Such mechanisms help ensure that training in nuclear security is enduring, rigorous, relevant to national conditions and responsive to evolving needs. Knowledge management involves capturing, structuring and transferring information to ensure that organizations retain the experience and knowledge gained by their staff over time. |
| Main |
2.33. |
States may choose to work with partners in private industry, non-profit organizations and international and regional centres of excellence, to meet specific nuclear security related education and training needs. |
| Main |
2.34. |
Actions to be taken by a State to achieve this objective are to:Foster professionalism in nuclear security by establishing qualification programmes, creating advanced degree programmes and supporting professional societies;
Establish nuclear security education and training programmes that develop the competences needed for the nuclear security regime;
Promote the importance of nuclear security education at the national level and to participate actively in international nuclear security education initiatives [12];
Ensure that appropriate management development and succession planning are undertaken within the relevant competent authorities to cultivate leaders who are committed to sustainable nuclear security.
|
| Main |
2.35. |
Actions to be taken by competent authorities to achieve this objective are to:Develop knowledge management programmes that include succession planning and knowledge transfer;
Identify and utilize national, regional and international programmes that most appropriately build, maintain and continuously improve the human resources necessary to sustain the nuclear security regime.
|
| Main |
2.36. |
Actions to be taken by a State and its competent authorities to achieve this objective are to:Establish or utilize existing indigenous training institutions, such as dedicated training departments within competent authorities;
Promote the importance of retaining senior officials with a high level of nuclear security expertise.
|
| Main |
2.37. |
A robust nuclear security culture sustains the nuclear security regime by ensuring that the State and its competent authorities understand and promote characteristics, attitudes and behaviours that serve as a means to enhance nuclear security. |
| Main |
2.38. |
Sustaining the nuclear security regime depends on the commitment and actions of people, particularly those in leadership positions [13]. The State and its competent authorities should be fully engaged in furthering the State’s commitment to nuclear security as an important national priority. They should foster a strong nuclear security culture through role models, training, positive reinforcement and systematized processes that support a robust nuclear security culture. |
| Main |
2.39. |
Actions to be taken by a State to achieve this objective are to: |
| Main |
2.40. |
Actions to be taken by competent authorities to achieve this objective are to:Foster a high level of security awareness on the part of all staff, including management, with an appreciation of the threat and recognition of the need for nuclear security;
Establish clear expectations and accountability for nuclear security on the part of all staff, including management;
Systematically communicate nuclear security priorities to staff of all relevant competent authorities and other stakeholders;
Encourage teamwork and cooperation;
Develop effective leadership and management of nuclear security within their organizations, including positive role models;
Establish mechanisms to promote behaviour that supports nuclear security, such as raising concerns or making suggestions for improvement;
Provide training to staff in meeting their nuclear security responsibilities;
Develop tools and methodologies for assessing the nuclear security culture within their organizations.
|
| Main |
2.41. |
Maintaining oversight of and regularly evaluating the nuclear security regime sustains the regime by ensuring its continued effectiveness in addressing changing threats, adapting to new technologies and responding to other developments. |
| Main |
2.42. |
Oversight and evaluation of nuclear security systems for regulated activities and for material out of regulatory control can be used to measure the effectiveness of the nuclear security regime to ensure that it continues to meet the national objectives. Such oversight and evaluation will result in findings, conclusions and recommendations for preventive and corrective actions, as appropriate. |
| Main |
2.43. |
The State and its competent authorities may use the results of regulatory inspections, field exercises, self-assessment and other forms of oversight to inform periodic review and improvement of the nuclear security regime. The sustainability of a nuclear security regime may also be enhanced by sharing lessons learned and good practices, where appropriate, among States and competent authorities. |
| Main |
2.44. |
Competent authorities should evaluate nuclear security systems and measures within their jurisdiction. The outputs of these evaluations should result in findings, recommendations and corrective actions to address identified deficiencies. |
| Main |
2.45. |
Actions to be taken by a State to achieve this objective are to:Use peer reviews, such as IAEA advisory services, for benchmarking the national nuclear security regime against internationally recognized good practices;
Regularly assess the completeness and effectiveness of the nuclear security regime through oversight and evaluation, including integrated exercises and drills;
Ensure that competent authorities establish criteria for oversight and evaluation of nuclear security systems and measures.
|
| Main |
2.46. |
Actions to be taken by the State and its competent authorities to achieve this objective are to:Perform periodic inspections to verify compliance with applicable legislation, regulations and licence conditions. Inspections should result in enforcement actions and appropriate penalties for non-compliance.
Document and distribute lessons learned and good practices related to nuclear security (taking account of confidentiality requirements).
|
| Main |
3.1. |
Guidance at the operational level includes objectives and implementing actions for sustaining a nuclear security regime directed to operating organizations, which may include authorized persons, facilities, shippers or carriers, and to the front line officers of competent authorities, such as customs and border control, law enforcement and military personnel. |
| Main |
3.2. |
This section describes seven operational sustainability objectives and implementing actions:Managing and planning for sustainable operations;
Identifying and applying current threat information;
Developing and maintaining nuclear security competences;
Establishing and implementing an effective maintenance programme;
Applying configuration management;
Promoting a robust nuclear security culture;
Conducting regular compliance and performance evaluations.
|
| Main |
3.3. |
Taken together, these operational sustainability objectives and implementing actions are intended to provide a comprehensive basis for sustaining a nuclear security regime at the operational level. |
| Main |
3.4. |
Managing and planning for sustainable operations at the operational level sustains the nuclear security regime through the continuous allocation of resources for the effective design, operation and maintenance of nuclear security systems and measures. |
| Main |
3.5. |
Senior managers set priorities and identify the long term financial resources needed for ongoing operational expenses related to staff; for training, exercises and performance testing; for procurement, maintenance and replacement of equipment; and for configuration management. Managers also define roles, responsibilities and accountabilities. Plans provide a means of documenting these management decisions. |
| Main |
3.6. |
Plans enable operating organizations both to demonstrate to the relevant competent authorities their conformance with applicable requirements and to provide guidance to their own staff for the operation, maintenance and continuous improvement of nuclear security systems and measures. At facilities with nuclear or other radioactive material, authorized persons prepare a security plan and a contingency plan. Shippers, receivers and carriers of nuclear or other radioactive material prepare a transport security plan. Operating organizations responsible for detecting nuclear and other radioactive material out of regulatory control prepare instrument deployment plans, including appropriate operational protocols. Operating organizations with responsibilities for responding to nuclear security events prepare local response plans. |
| Main |
3.7. |
The operating organization’s senior managers should set priorities; identify long term financial resources; and define roles, responsibilities and accountabilities for nuclear security in order to ensure the effectiveness of the organization’s nuclear security system. |
| Main |
3.8. |
Actions to be taken by an operating organization to achieve this objective are to:Document relevant management decisions in appropriate plans.
Apply risk management to security related risks, as a comprehensive, robust and continuous process within a risk informed approach. Risk management includes:
Identifying assets;
Identifying risks;
Planning and executing risk reduction actions;
Assessing the effectiveness of actions and acceptability of residual risks;
Repeating and improving the process.
Prepare and use a security plan, a transport security plan, contingency plans, an instrument deployment plan, a response plan and/or other plans appropriate to its operations. These plans should:
Be based on consideration of appropriate threat information and application of the risk informed approach;
Include appropriate agreements and identify relevant external organizations that may need to be contacted or informed in the case of a nuclear security event;
Be regularly reviewed and revised, based on operational feedback and changes in requirements.
Make appropriate arrangements for measurement and assessment of security performance and continuous improvement.
|
| Main |
3.9. |
Identifying and applying current threat information sustains the nuclear security regime by enabling operating organizations to maintain the effectiveness of security systems and measures. |
| Main |
3.10. |
Ensuring that nuclear security systems and measures continue to be effective depends on periodic review and adjustment of such systems and measures to address updated information on current threats. Relevant threat information may be provided through a variety of sources, such as the national threat assessment process; competent authorities, including law enforcement; or the operating organization itself. Operating organizations should establish and maintain regular liaison with such sources in order to ensure that threat information is up to date. |
| Main |
3.11. |
Operating organizations should establish a process for ensuring that threat information provided by competent authorities, as well as local threat information, is promptly and systematically addressed by modifying nuclear security systems and measures as necessary. Operating organizations should also establish mechanisms to address a temporary increase in the threat that may arise owing to economic, political, environmental or other factors. |
| Main |
3.12. |
Operating organizations should document the process for identifying and addressing current threat information in their security plans or equivalent. |
| Main |
3.13. |
Actions to be taken by an operating organization to achieve this objective are to:Establish and document a systematic process for maintaining and acting on current threat information, including:
Exchanging updated external and insider threat information with competent authorities;
Establishing and maintaining relationships with competent authorities, including law enforcement bodies, to facilitate information exchange.
Review and mitigate potential insider threats through such means as a trustworthiness programme, information security measures and security training.
Adapt its nuclear security systems and measures, if necessary, to counter the current threat.
Implement compensatory measures, when necessary, in response to a specific, emerging or increased threat.
Have in place a mechanism for reporting updated threat or system effectiveness information to the responsible competent authorities.
|
| Main |
3.14. |
Developing and maintaining nuclear security competences at the operational level sustains the nuclear security regime by ensuring the continuing availability of motivated, skilled and experienced nuclear security staff. |
| Main |
3.15. |
Sustainability depends on the operating organization’s having staff with the competences necessary for effective operation and maintenance of its nuclear security systems and measures as defined by the competent authority. The organization should establish systems and processes for recruitment of qualified staff and for training of staff to attain these competences. |
| Main |
3.16. |
Recruitment of appropriate staff may be supported by outreach to educational institutions, professional societies and trade associations, as well as by the operating organization’s own human resource department. The operating organization should build relationships with external partners so that they become sources of qualified and competent staff on an ongoing basis. |
| Main |
3.17. |
The operating organization should establish programmes for providing necessary training, either with internal resources or using external training providers. These programmes should include specific mechanisms for career development. Sustainable operations benefit from staff who not only are qualified and trained to effectively meet their responsibilities, but are also motivated through professional recognition to continue in long term careers with the operating organization. |
| Main |
3.18. |
Actions to be taken by an operating organization to achieve this objective are to:Assign and document all nuclear security responsibilities, establish the number of staff needed, and define the qualifications and competences for each position;
Engage with and attract recruits from associated industries, military and intelligence services, law enforcement and other relevant professions, as well as trade associations, educational institutions and professional societies, through ongoing relationships with these organizations;
Determine the best means of providing training, through internal resources or using external training providers;
Provide for the continuous development and renewal of trained and qualified staff, by providing formal training programmes and mechanisms for career development, succession planning and retention of qualified staff.
|
| Main |
3.19. |
Establishing and implementing an effective maintenance programme at the operational level sustains the nuclear security regime by ensuring that related systems and equipment perform reliably and effectively over time. |
| Main |
3.20. |
The operating organization should be capable of performing timely maintenance by using its own workforce, contractors or a combination of those options. |
| Main |
3.21. |
Periodic maintenance of equipment, including repair, replacement and calibration, is essential to the stable and reliable operation of systems and equipment, to reduce the amount of downtime due to equipment failures, and to maximize the effective operational life of equipment. Regular, planned system checks and preventive maintenance can optimize performance and provide advance warning of possible system outages or maintenance problems so that mitigating actions can be taken. A formal maintenance programme helps to ensure that malfunctioning system components are promptly identified and repaired, that adequate spare parts are available to minimize system outage time, and that all equipment is calibrated within expected parameters according to an established schedule. Maintenance programmes should also provide for compensatory measures when systems are out of service. |
| Main |
3.22. |
Operating organizations should also take into account equipment life cycles, including the need to upgrade or replace equipment as it fails or becomes obsolete. Conducting equipment upgrades or replacement on a rotating basis may help to minimize the financial and operational impacts of maintenance. |
| Main |
3.23. |
Actions to be taken by an operating organization to achieve this objective are to:Establish, implement, document and periodically review and update, as appropriate, a maintenance programme for security systems and equipment;
Perform preventive maintenance on a periodic basis;
Ensure that it has access to sufficient qualified maintenance staff, whether internally or externally;
Identify a single point of contact dedicated to maintenance of security systems and equipment;
Ensure that equipment is tested against design requirements before being returned to service;
Ensure that the maintenance programme provides for compensatory measures when equipment is out of service;
Ensure that sensitive equipment is not compromised during maintenance.
|
| Main |
3.24. |
Applying configuration management sustains a nuclear security regime by ensuring that information on critical systems and processes accurately reflects the physical and operational characteristics of the system and is available in a timely manner for making informed decisions. |
| Main |
3.25. |
Configuration management involves documenting the physical, procedural and training elements of an operating organization’s critical nuclear security systems. It provides a repository for design documents, standard operating procedures and governing guidelines for the system. It also includes processes for coordinating changes to the facility’s systems or operations that may impact the effectiveness of nuclear security systems. |
| Main |
3.26. |
Configuration management ensures that changes to a nuclear security system are properly developed, implemented, verified and documented. Having immediate access to this information can help the operating organization recover rapidly from hardware or software failures and ensure that equipment is operating as intended when returned to service. In addition, access to accurate records regarding training, procedures, maintenance and logistics allows the operating organization to verify that these important aspects of a nuclear security system are being carried out. |
| Main |
3.27. |
Actions to be taken by an operating organization to achieve this objective are to:Apply configuration management to document the physical, procedural and training elements of its critical nuclear security systems;
Ensure that configuration management information is accurate, available in a timely manner and appropriately protected;
Ensure that the security implications of changes in the nuclear security systems subject to configuration management are reviewed prior to implementation and are documented appropriately;
Ensure that the security implications of changes in other systems that have an impact on nuclear security are reviewed prior to implementation and are documented appropriately.
|
| Main |
3.28. |
Promoting a robust nuclear security culture at the operational level sustains the nuclear security regime by ensuring that management and other staff within an operating organization understand and appreciate the need to maintain effective nuclear security. |
| Main |
3.29. |
Nuclear security culture is “The assembly of characteristics, attitudes and behaviour of individuals, organizations and institutions which serves as a means to support and enhance nuclear security” [13]. A strong nuclear security culture is based on an appreciation and awareness that the threat is real, that nuclear security is important, and that effective security is the responsibility of everyone within the organization. A robust nuclear security culture, with strong leadership and recognition of employees, motivates staff at all levels within the operating organization to meet their responsibilities, including reliable operation and maintenance of nuclear security systems and measures. |
| Main |
3.30. |
Actions to be taken by an operating organization to achieve this objective are to:Promote a high level of nuclear security awareness, including both an appreciation of the threat and recognition of the need for nuclear security, through regular communication with all staff;
Establish clear requirements, expectations and accountability regarding nuclear security;
Ensure that all staff are aware that security is everyone’s responsibility;
Establish mechanisms of positive reinforcement for behaviours and performance that support nuclear security, such as raising concerns or making suggestions for improvement;
Assess the strength of its nuclear security culture, through self-assessment and other means, and take corrective action, if necessary, as well as actions for continuous improvement;
Foster understanding by staff of the effects on and implications for nuclear security of their actions or omissions.
|
| Main |
3.31. |
The operating organization’s management should demonstrate commitment to security, to security policy and to robust security culture. |
| Main |
3.32. |
Conducting regular compliance and performance evaluations sustains the nuclear security regime by identifying strengths and areas for improvement in nuclear systems and measures. |
| Main |
3.33. |
Compliance and performance evaluations help operating organizations to identify aspects of their systems that need improvement. The rigour of the evaluation should be determined based on the graded approach, depending on the nature of the operations as well as the security system and measures. |
| Main |
3.34. |
Compliance evaluations should be designed to assess the operating organization’s security systems and measures against regulatory requirements or other national requirements (such as those in a national detection strategy or national response plan). Performance evaluations should be designed to assess performance of the operating organization’s systems and measures in meeting applicable performance objectives and addressing the defined nuclear security threats. A significant component of performance evaluation may be performance testing, both limited scope tests focusing on one individual component and system-wide tests of the entire security system. Performance testing should include the investigation, measurement, validation or verification of nuclear security systems and measures. |
| Main |
3.35. |
When compliance and performance evaluations indicate that any element of the security system is deficient or not performing adequately, corrective action, including compensatory measures, if required, should be taken and, where appropriate, reported to the competent authority. |
| Main |
3.36. |
Actions to be taken by an operating organization to achieve this objective are to:Implement formalized and documented compliance and performance evaluations.
Develop a plan to validate functional requirements and performance of the systems. The plan should provide a basis for the design and frequency of, and performance criteria for, the testing programme. These evaluations should verify that criteria for reliability, operability, readiness and performance are met.
Ensure that performance tests and exercises are conducted periodically, including tests and exercises with external response organizations.
Document results of evaluations, including corrective actions, and, where appropriate, report the results and findings to the competent authority.
|
| Main |
3.37. |
The operating organization may consider engaging with counterpart organizations to share lessons learned and best practices with respect to both the process of evaluation and the results.INTERNATIONAL ATOMIC ENERGY AGENCY, Objective and Essential Elements of a State’s Nuclear Security Regime, IAEA Nuclear Security Series No. 20, IAEA, Vienna (2013). INTERNATIONAL ATOMIC ENERGY AGENCY, Establishing the Nuclear Security Infrastructure for a Nuclear Power Programme, IAEA Nuclear Security Series No. 19, IAEA, Vienna (2013). INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/ Revision 5), IAEA Nuclear Security Series No. 13, IAEA, Vienna (2011). INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Radioactive Material and Associated Facilities, IAEA Nuclear Security Series No. 14, IAEA, Vienna (2011). EUROPEAN POLICE OFFICE, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL CIVIL AVIATION ORGANIZATION, INTERNATIONAL CRIMINAL POLICE ORGANIZATION–INTERPOL, UNITED NATIONS INTERREGIONAL CRIME AND JUSTICE RESEARCH INSTITUTE, UNITED NATIONS OFFICE ON DRUGS AND CRIME, WORLD CUSTOMS ORGANIZATION, Nuclear Security Recommendations on Nuclear and Other Radioactive Material out of Regulatory Control, IAEA Nuclear Security Series No. 15, IAEA, Vienna (2011). INTERNATIONAL ATOMIC ENERGY AGENCY, Development, Use and Maintenance of the Design Basis Threat, Implementing Guide, IAEA Nuclear Security Series No. 10, IAEA, Vienna (2009). INTERNATIONAL ATOMIC ENERGY AGENCY, Risk Informed Approach for Nuclear Security Measures for Nuclear and other Radioactive Material out of Regulatory Control, IAEA Nuclear Security Series No. 24-G, IAEA, Vienna (2015). Amendment to the Convention on the Physical Protection of Nuclear Material, INFCIRC/274/Rev.1/Mod.1, IAEA, Vienna (2016). The Convention on the Physical Protection of Nuclear Material, INFCIRC/274/Rev.1, IAEA, Vienna (1980). INTERNATIONAL ATOMIC ENERGY AGENCY, Security in the Transport of Radioactive Material, IAEA Nuclear Security Series No. 9, IAEA, Vienna (2008). FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL CIVIL AVIATION ORGANIZATION, INTERNATIONAL LABOUR ORGANIZATION, INTERNATIONAL MARITIME ORGANIZATION, INTERPOL, OECD NUCLEAR ENERGY AGENCY, PAN AMERICAN HEALTH ORGANIZATION, PREPARATORY COMMISSION FOR THE COMPREHENSIVE NUCLEAR-TEST-BAN TREATY ORGANIZATION, UNITED NATIONS ENVIRONMENT PROGRAMME, UNITED NATIONS OFFICE FOR THE COORDINATION OF HUMANITARIAN AFFAIRS, WORLD HEALTH ORGANIZATION, WORLD METEOROLOGICAL ORGANIZATION, Preparedness and Response for a Nuclear or Radiological Emergency, IAEA Safety Standards Series No. GSR Part 7, IAEA, Vienna (2015). INTERNATIONAL ATOMIC ENERGY AGENCY, Educational Programme in Nuclear Security, IAEA Nuclear Security Series No. 12, IAEA, Vienna (2010). INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Culture, IAEA Nuclear Security Series No. 7, IAEA, Vienna (2008).
|