| Main |
1.1. |
The IAEA Nuclear Security Series provides guidance for States to assist them in implementing a national nuclear security regime, and in reviewing and strengthening this regime when necessary. The series also provides guidance for States in fulfilling their obligations and commitments with respect to binding and non-binding international instruments. |
| Main |
1.2. |
The Nuclear Security Fundamentals set out the objective of a nuclear security regime and its essential elements [1]. The Nuclear Security Recommendations indicate what a nuclear security regime should address regarding the following: Physical protection of nuclear material and nuclear facilities [2];
Radioactive material and associated facilities [3];
Nuclear and other radioactive material out of regulatory control [4].
|
| Main |
|
The Implementing Guide, IAEA Nuclear Security Series No. 27-G, Physical Protection of Nuclear Material and Nuclear Facilities (Implementation of INFCIRC/225/Revision 5) [5] provides more detailed information on the implementation of the recommendations on the physical protection of nuclear material and nuclear facilities [2]. This Technical Guidance publication supplements Ref. [5], and provides more detailed information on the subject of developing and maintaining contingency plans for nuclear facilities. |
| Main |
1.3. |
This publication provides guidance to States, competent authorities and operators on how to develop and maintain contingency plans for nuclear facilities. It can be used as a starting point for organizations that have not previously prepared or developed contingency plans, as well as a reference for organizations that wish to validate or improve their existing contingency plans. It is intended for use by senior managers and security specialists charged with developing contingency plans and by competent authorities charged with the oversight of such contingency plans.
|
| Main |
1.4. |
This publication provides guidance on how to develop and maintain contingency plans for nuclear facilities. |
| Main |
1.5. |
This publication addresses facility level contingency plans and not the State contingency plan, also referred to in some publication as the national response plan. |
| Main |
1.6. |
Notably, this publication includes guidance on the interface between contingency plans, which focus on nuclear security, and emergency plans, as required in IAEA Safety Standards Series No. GSR Part 7, Preparedness and Response for a Nuclear or Radiological Emergency [6]. This guidance is intended to inform the preparation of an effective, comprehensive, unified and coordinated response in situations where both plans are invoked simultaneously, for example, in cases where a nuclear security event triggers a nuclear or radiological emergency. |
| Main |
1.7. |
Contingency plans for nuclear security events involving computer security or that occur during transport are not addressed in this publication. These types of nuclear security events are addressed in IAEA Nuclear Security Series Nos 26-G, Security of Nuclear Material in Transport [7]; and 17, Computer Security at Nuclear Facilities [8]. |
| Main |
1.8. |
Following this introduction, Section 2 addresses the objectives and goals of developing contingency plans, Section 3 addresses elements of maintaining contingency plans, including contingency plan exercises, contingency plan sustainability and information security. The annexes address interfaces between the contingency plans and the emergency plans (Annex I) and provide examples of a response memorandum of understanding (Annex II), an implementing procedure (Annex III) and an action matrix (Annex IV). |
| Main |
2.1. |
Fundamental Principle K of the 2005 Amendment to the Convention on the Physical Protection of Nuclear Material states that “Contingency (emergency) plans…should be prepared and appropriately exercised by all license holders and authorities concerned” [9]. |
| Main |
2.2. |
According to Ref. [2], contingency plans are “Predefined sets of actions for response to unauthorized acts indicative of attempted unauthorized removal or sabotage, including threats thereof, designed to effectively counter such acts.” Reference [2] further recommends in para. 3.58 that (footnote omitted) “The State’s competent authority should ensure that the operator prepares contingency plans to effectively counter the threat assessment or design basis threat taking actions of the response forces into consideration.” |
| Main |
2.3. |
The contingency plan should be approved by the competent authority in connection with the security plan as part of licensing. Operators should ensure that the competent authority is provided with sufficient evidence that the contingency plan has been appropriately coordinated with the requirements of the emergency plan to ensure that the plans are integrated and provide for an effective response. |
| Main |
2.4. |
When developing a contingency plan, the operator should first identify any data, criteria, procedures, resources and logistical support necessary for the contingency plan. After this step is completed, the drafting of the contingency plan should be initiated. |
| Main |
2.5. |
Paragraph 4.19 of Ref. [2] recommends that “Contingency plans should be prepared to counter malicious acts effectively and to provide for appropriate response by guards or response forces. Such plans should also provide for the training of facility personnel in their actions.” |
| Main |
2.6. |
Paragraph 3.122 of Ref. [5] states: |
| Main |
2.7. |
When developing a contingency plan to meet these goals, the operator should ensure that the contingency plan provides clear guidance for the following:Identification of the type of nuclear security event that has occurred;
The sequence of actions that would be taken in response to the nuclear security event;
The resources (including number of staff) needed to implement the response to the nuclear security event;
Responsible parties for the implementation of different parts of the contingency plan;
The procedure for informing parties involved in the response that a nuclear security event has occurred.
|
| Main |
2.8. |
In order to ensure an integrated and cohesive response, the contingency plan should be consistent and well integrated with the State contingency plan, the operator’s overall security plan, the National Radiation Emergency Plan, the operator’s emergency plan, and nuclear material accounting and control and off-site response procedures. |
| Main |
2.9. |
The following elements should be specifically addressed as part of the contingency plan:The objective of the contingency plan;
The physical layout (schematic arrangement of parts and area) of the nuclear facility, the local environment, and potential targets, if not included as part of the security plan;
An overview of the physical protection system, if not included as part of the security plan;
The application of the design basis threat or threat assessment, if not included as part of the security plan;
A description of roles and responsibilities during response to a nuclear security event;
Criteria for the initiation of the contingency plan;
Rules of engagement;
Response planning;
On-site response forces;
Protocols for off-site response to a nuclear security event;
Recapture and recovery of nuclear material;
Minimizing and mitigating the consequences of a nuclear security event;
Command, control and communication during a nuclear security event.
|
| Main |
2.10. |
In the following subsections, guidance is provided on addressing each of these elements in the contingency plan. The guidance provided here assumes that the operator has chosen to develop a separate section of the contingency plan to address each element. Other methods for structuring these plans could also be used, as long as each element is adequately addressed in the plan. |
| Main |
|
Objective |
| Main |
2.11. |
The contingency plan should clearly address the objective of the contingency response. Paragraph 3.11 of Ref. [5] states:Denial of access, in which the goal is for the response force to prevent adversaries from gaining access to the target area;
Denial of task, in which the goal is for the response force to stop the adversaries (including any insiders involved) before they are able to successfully complete their task;
Containment, in which the goal is for the response force to prevent adversaries from removing material beyond a specific point, such as the boundary of the limited access area, thus preventing it from becoming out of regulatory control.”
|
| Main |
2.12. |
Thus, the objective set out in the contingency plan for the response will depend upon the State’s response objectives as well as the types of potential targets in the facility. |
| Main |
|
Physical layout of the nuclear facility, the local environment and potential targets |
| Main |
2.13. |
The contingency plan should include a description of the physical layout of the nuclear facility and the potential targets within the facility, as well as the local environment. The goal of this section of the contingency plan is to enable staff who use the plan to have ready access to this information for coordination of response activities. Access to the information contained in this section should be provided only to those personnel who require the information to implement their part of the contingency plan. |
| Main |
2.14. |
The description of the facility and potential targets within it should include physical structures located on the site, as well as, where applicable, barriers, vital and inner areas, on-site fuel or hazardous material storage, critical systems, and components and other possible targets. The description of the local environment of the facility should include both the site and the surrounding area. The location of the site in relation to nearby towns should be described, as well as transportation routes (e.g. rail, water and roads), staging areas, pipelines, airports, hazardous material facilities and pertinent environmental features that might affect coordination of response activities. Main and alternate entry routes for off-site response should also be described in the plan and maps should be included as appropriate. |
| Main |
|
Overview of the physical protection system |
| Main |
2.15. |
The contingency plan should include a visual depiction of the physical protection systems that support and influence the operator’s response to a nuclear security event, such as maps, drawings and floor plans, as well as a written description of these systems. |
| Main |
2.16. |
The depiction and description should include all on-site physical protection measures, from those implemented at the outermost facility perimeter to those protecting vital and inner areas as well as other targets. |
| Main |
2.17. |
The description of the physical protection systems in this section should highlight any physical protection systems and hardware providing defence-indepth, such as access delays, detection systems, access controls, armaments and communications systems, as identified in the operator’s security plan. |
| Main |
|
The application of the design basis threat or threat assessment |
| Main |
2.18. |
Paragraph 3.124 of Ref. [5] states “The State, the appropriate competent authorities and the operator should have a comprehensive set of contingency plans that address different types of nuclear security event.” |
| Main |
2.19. |
The operator should develop appropriate site specific scenarios for nuclear security events involving sabotage or unauthorized removal of nuclear material, based on the threats described in the State’s design basis threat or threat assessment. A range of these possible site specific scenarios should be described in the contingency plan, as well as steps to be taken by response personnel in responding to these scenarios (see paras 2.28–2.33). |
| Main |
|
Description of roles and responsibilities during response to a nuclear security event |
| Main |
2.20. |
Roles, responsibilities and priorities for protection should be set out in the contingency plan. The minimum number of response personnel needed to implement the contingency plan should be determined during the planning process, and this number should be documented either in the contingency plan, the operator’s security plan or as required by the relevant competent authorities. The operator should also identify and document any off-site response forces needed to support the response to a nuclear security event. |
| Main |
|
Criteria for the initiation of the contingency plan |
| Main |
2.21. |
Paragraph 3.62 of Ref. [2] states, “The operator should initiate its contingency plan after detection and assessment of any malicious act.” |
| Main |
2.22. |
The criteria that the operator will use to judge whether a malicious act has been detected should be clearly described in the contingency plan. These criteria should include indicators for whether the cause of the alarm is malicious. If a malicious act is determined to have been detected, a nuclear security event would be considered to be underway. Once it has been determined that a nuclear security event is underway, the competent authority should be notified, as required. |
| Main |
2.23. |
Criteria for the initiation of the contingency plan should also be included in the contingency plan, and could include the detection of certain malicious acts that put the facility at risk in such a way that could lead to unacceptable radiological consequences or unauthorized removal of material. Examples of such acts include the following:Armed attack;
Detection of unauthorized intrusion;
Discovery of an insider threat;
Suspicion or detection of unauthorized removal of nuclear material or other radioactive material;
Loss of power for physical protection systems.
|
| Main |
2.24. |
States might also consider requiring the operator to include criteria for initiating the contingency plan in situations that do not involve a malicious act, but for which a security response might still be needed, such as natural disasters, peaceful protest or a fire. |
| Main |
2.25. |
The contingency plan should also describe criteria for determining when to terminate the response to a nuclear security event after the threat has been neutralized or the facility is no longer considered to be at risk. |
| Main |
2.26. |
Interfaces with emergency response should be carefully considered (see Annex I for more information on this topic). In particular, when defining the criteria for activating the contingency plan, consideration should be given to the emergency classification used to activate an appropriate level of emergency response as per Refs [6] and [10] such that notifications to the competent authority and the activation of the two plans are coordinated. |
| Main |
|
Rules of engagement |
| Main |
2.27. |
The contingency plan should describe any legal or other constraint that could affect the response to a nuclear security event. Such constraints could include restrictions on the use of force or other administrative and logistical requirements for on-site and off-site response personnel, such as requirements to ensure equipment and other resources are readily available and in working condition. |
| Main |
|
Response planning |
| Main |
2.28. |
Regardless of whether the response force is based on-site or off-site, the operator should develop implementing procedures for each scenario included in the contingency plan (see paras 2.18, 2.19). The response planning section could include flow diagrams, results from computer modelling or an action matrix to describe these procedures. |
| Main |
2.29. |
An action matrix is a planning tool that can be used by response personnel to inform timely decision making and specify procedures for response to a specific type of nuclear security event. For each type of nuclear security event addressed in the contingency plan, specific actions, roles and responsibilities, resources and associated timelines would be assigned in the action matrix in a manner that addresses competing priorities and promotes interoperability across the contingency and emergency plans. An example of an action matrix is included as Annex IV. |
| Main |
2.30. |
The operator’s action matrix or a suitable alternative used for response planning should be based on the scenarios outlined in the contingency plan as well as on the criteria for initating the contingency plan (see paras 2.21–2.26), and should include the following information:A short heading describing the type of nuclear security event (e.g. bomb threat).
A brief narrative of an activity that identifies the beginning of the nuclear security event and provides enough information to allow response personnel to determine whether to initiate the contingency plan.
Responders who would be assigned duties and actions as a result of this nuclear security event.
Specific duties and the steps to be taken by responsible personnel, including provision of initial alerts or event notifications, assessment, communication, activation of response, mitigating actions to be taken and actions to return to normal operations.
Relevant supporting information that will facilitate decision making and necessary actions (e.g. procedures, floor plans, maps, cordon distances, alarm zones and contact lists). This information should not contain an excessive amount of background information or material, as this could hinder navigation by response personnel or their subsequent decision making.
|
| Main |
2.31. |
In the response planning section of the contingency plan, the operator should also specify any areas of the facility that need additional protection, such as vital or inner areas. The operator should also include potential adversary routes to those areas in the contingency plan and ensure the timelines provided for the site-specific scenarios are sufficient to allow for response personnel to perform their actions. |
| Main |
2.32. |
The contingency plan should identify response positions that can provide protection for responders and should include provisions to ensure that response personnel are appropriately equipped for the full range of scenarios outlined in the contingency plan, including weapon systems, protective equipment, communications, transportation and other response equipment. |
| Main |
2.33. |
This section of the contingency plan should also address ensuring that roles, responsibilities and resources are identified in advance and that the necessary procedures are put in place. |
| Main |
|
On-site response forces |
| Main |
2.34. |
The contingency plan should specifically address the on-site response forces. The plan should specify that guards and on-site response forces assigned to implement the contingency plan, which might include on-site military or law enforcement personnel, should be suitably trained and qualified in those duties, should be ready to respond at all times and should not be assigned other duties or responsibilities that could negatively affect the implementation of the contingency response. |
| Main |
2.35. |
Protocols for response should be established between the operator and any on-site response forces and these protocols should be referenced and described in the contingency plan. These protocols should describe specific actions, areas of responsibility, resources and associated timelines for execution of the contingency plan by on-site response forces. |
| Main |
2.36. |
In order to facilitate the execution of the contingency plan, the operator could consider integrating information on guards and on-site response forces into an action matrix (see Annex IV and discussion in paras 2.28–2.33). |
| Main |
|
Protocols for off-site response |
| Main |
2.37. |
In addition to on-site response forces, arrangements for off-site response forces should be discussed in the contingency plan, including reference to any protocols established between the operator and off-site response force organizations. |
| Main |
2.38. |
Where possible and consistent with national policing and emergency arrangements, protocols such as a written memorandum of understanding (MOU) should be established between the operator and relevant off-site response force organizations. The purpose of such protocols is to facilitate cooperation and understanding between on-site and off-site response forces and to integrate the off-site response forces into the overall contingency response planning process. Challenges associated with off-site response should be considered in the contingency plan, such as securing resources for the response, potentially long response times depending on the location of the off-site response forces, considerations associated with the sharing of sensitive information and personal data, difficulties with integrated information exchange and collaboration, ensuring secure communications and the need to increase off-site responders’ level of familiarity with the facility. An example of an MOU for off-site response is included as Annex II. |
| Main |
2.39. |
Protocols established between the operator and relevant off-site response force organizations should clearly set out the roles and responsibilities of the operator and the response force organizations during a nuclear security event. Where possible and consistent with national policing and emergency arrangements, protocols should:Establish incident command structure and specify responsibilities for each organization involved in the response;
Identify the communications methods to be used during the response;
Provide for timely reception and assembly of the off-site responders and coordination of response activities;
Provide an estimate of the number of personnel that will be involved in the response from each organization and the response capabilities available, including weapons and equipment as well as timelines for arrival of both immediately available personnel and personnel that will arrive at a later time;
Identify suitable secure locations in close proximity to the facility where responders could receive a briefing on the situation during a nuclear security event to enable them to better plan and prepare their response;
Set out the availability of key personnel and any additional information needed to assist in command decisions, briefings, assignment of responders, and situational awareness, such as maps, floor plans and equipment diagrams;
Describe locations that have adequate utilities, such as sanitation, water and electricity, to sustain operations as well as the equipment needed to respond to a nuclear security event (e.g. weapon systems, protective equipment, communications, transportation), and the locations and capabilities of equipment staged on-site and off-site.
|
| Main |
2.40. |
The contents of any MOU or protocols established with off-site response organizations should be included in the contingency plan. |
| Main |
2.41. |
Provisions should be included in the contingency plan that call for a periodic review of the protocols for off-site response within the framework of the review of the operator’s security plan. This periodic review of the protocols for off-site response could include reviewing that the protocols are consistent with and can operate in accordance with the contingency and emergency plans (see Annex I) as well as renegotiating the protocols at the request of either party if changes occur in the governing conditions, such as operating regulations, competent authorities or threat levels, or as necessary. |
| Main |
|
Recapture and recovery |
| Main |
2.42. |
In order to support any off-site response undertaken by the operator (e.g. when in pursuit of an adversary), the contingency plan should describe in detail how coordination with State authorities and off-site responders is to be undertaken, in accordance with all applicable laws and regulations. |
| Main |
2.43. |
The protocols for off-site response described in paras 2.37–2.41 should include provisions establishing the roles and responsibilities of the operator and the off-site response forces with respect to nuclear and other radioactive material that has left the facility in an unauthorized manner during a nuclear security event. |
| Main |
2.44. |
For on-site recapture and recovery, these protocols should include information on notifications to be sent to the competent authority as well as the operator’s procedures for continuing to search for missing nuclear material and for securing and protecting the area where the nuclear and other radioactive material was stored as a crime scene. |
| Main |
2.45. |
Recovery actions to be taken by the operator to coordinate the securing and return of nuclear and other radioactive material to the facility should also be described in detail in the contingency plan, including identifying personnel responsible for the transportation and preservation of evidence for any potential criminal proceedings. |
| Main |
|
Command, control and communication |
| Main |
2.46. |
Paragraph II.6. of Ref. [5] states: |
| Main |
2.47. |
Command, control and communication procedures should be documented in the contingency plan, including those for the following:Coordination of guards and response forces;
Management of response;
Secure communication, if required, and other information security measures;
Chain of command during a nuclear security event;
Handover and delegation of authority during a nuclear security event.
|
| Main |
2.48. |
All communication methods and protocols used during a nuclear security event should be addressed in the contingency plan, and details regarding their interoperability, implementation and maintenance during a nuclear security event should be documented. |
| Main |
2.49. |
Command, control and communication procedures described in the contingency plan should be integrated with those in the emergency plan in order to allow for effective response in situations where both plans are invoked simultaneously. |
| Main |
2.50. |
In addition to developing the contingency plan as described in the previous sections, operators should establish and maintain procedures detailing actions to be taken in the event that the contingency plan is initiated. These procedures should enable unified command and control by clearly identifing the steps to be taken and decisions to be made by each member of the response organization following the initiation of the contingency plan. An example of such procedures is provided in Annex III. |
| Main |
3.1. |
Once the contingency plan is in place, it should be regularly exercised, it should be sustained, and sensitive information relevant to it should be protected. The following sections address these three aspects of maintaining the contingency plan. |
| Main |
3.2. |
Training and exercises should be used to evaluate and improve the ability of response personnel to implement the contingency plan. Paragraph 3.60 of Ref. [2] states: |
| Main |
3.3. |
The operator should ensure that all personnel involved in the response to a nuclear security event receive initial as well as periodic training relating to the contingency plan and participate in exercises of the contingency plan and emergency plan, commensurate with their roles and responsibilities during a nuclear security event. |
| Main |
3.4. |
Training and exercises relating to the contingency plan could include tabletop exercises, limited scope testing, classroom lectures, walking tours to familiarize personnel with the facility and force on force exercises or other activities during which responders will need to demonstrate their responsibilities during a nuclear security event in order to validate the effectiveness of the various components of the contingency plan. The ability of personnel to implement the contingency plan could be evaluated based on their knowledge of topics such as the following:Implementing procedures;
The facility, targets, physical protection systems and defence-in-depth measures;
Threats to the facility;
Response equipment;
Response positions and timelines;
Steps to be taken by individuals or groups in particular situations.
|
| Main |
3.5. |
The operator should develop an evaluation process to identify lessons from training and exercises that could be incorporated into a corrective action programme to further improve and refine the contingency plan. For example, operators might document all drills and exercises, including a post-exercise critique in which participants identify good practices, areas for improvement, deficiencies or other findings in relation to performance, plans, equipment or strategies. If a concern is identified during this critique, it should be incorporated into the operator’s corrective action programme for timely correction. Issues incorporated into the corrective action programme should be protected and communicated only on a need-to-know basis, consistent with information security requirements imposed by the competent authority. |
| Main |
3.6. |
The operator should also conduct joint contingency plan exercises involving coordinated response by safety, nuclear materials accounting and control, and security personnel, in order to evaluate and improve the effectiveness of unified communication, command and control, and handover. In particular, exercises should be used to ensure interoperability between the contingency plan and the emergency plan. Joint security exercises involving off-site organizations should also be undertaken in order to evaluate and improve implementation of the contingency plan as well as coordination between the contingency and emergency plans. |
| Main |
3.7. |
According to Ref. [11], contingency planning should be considered at each stage of the life cycle of a facility. Each of these stages will have actions associated with them that will need to be addressed in the contingency plan, as detailed in Ref. [11]. |
| Main |
3.8. |
Operators should ensure that the contingency plan continues to guide a systematic, coordinated and effective response to malicious acts at all stages of the life cycle of a facility. This can be accomplished through periodic and independent review, evaluation, audit and maintenance of the contingency plan in accordance with the requirements of the competent authority. |
| Main |
3.9. |
The contingency plan should be updated as soon as reasonable after any change in personnel, procedures, equipment or facilities that may affect the plan. Revisions to the contingency plan should be submitted to and approved by the relevant competent authorities, as required, and their interoperability with the emergency plan, as well as with any procedures followed by the organizations responsible for implementing the contingency plan (such as the nuclear material accounting and control organization), should be regularly reviewed. |
| Main |
3.10. |
Protocols that are relevant to the contingency plan, such as an MOU agreed between the operator and off-site response forces, should also be reviewed at regular intervals or as necessary in order to ensure compliance with performance requirements. |
| Main |
3.11. |
The results of the reviews of the contingency plan should be analysed as part of the operator’s lessons identified and corrective action programme. The results should be available to the operator’s management so that they are able to assess the findings, recommendations and implement corrective actions when needed. |
| Main |
3.12. |
All records relating to reviews of the contingency plan should be retained in accordance with the requirements of the competent authority. |
| Main |
3.13. |
The contingency plan may contain sensitive information that should be protected properly according to the information security requirements of the competent authority. More information on securing sensitive information can be found in Ref. [12]. |
| Main |
3.14. |
Consistent with the guidance provided in Ref. [12], information on the contingency plan should be treated as sensitive and should be provided to only those personnel who need the information in order to implement their roles with respect to the contingency plan. Controls applied to the plan could include records of its receipt, location, transfer and destruction. Where necessary, encryption or other secure means should be used to convey sensitive information relating to or extracted from the contingency plan to external parties. The external parties should provide assurance that the sensitive information relating to or extracted from the contingency plan will be stored in secure (access controlled) systems. There should also be procedures to ensure the integrity and availability of any information critical to the appropriate response to a nuclear security event. This includes information systems such as detection and assessment systems, and communication systems.INTERNATIONAL ATOMIC ENERGY AGENCY, Objective and Essential Elements of a State’s Nuclear Security Regime, IAEA Nuclear Security Series No. 20, IAEA, Vienna (2013). INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/ Revision 5), IAEA Nuclear Security Series No. 13, IAEA, Vienna (2011). INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Radioactive Material and Associated Facilities, IAEA Nuclear Security Series No. 14, IAEA, Vienna (2011). EUROPEAN POLICE OFFICE, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL CIVIL AVIATION ORGANIZATION, INTERNATIONAL CRIMINAL POLICE ORGANIZATION–INTERPOL, UNITED NATIONS INTERREGIONAL CRIME AND JUSTICE RESEARCH INSTITUTE, UNITED NATIONS OFFICE ON DRUGS AND CRIME, WORLD CUSTOMS ORGANIZATION, Nuclear Security Recommendations on Nuclear and Other Radioactive Material out of Regulatory Control, IAEA Nuclear Security Series No. 15, IAEA, Vienna (2011). INTERNATIONAL ATOMIC ENERGY AGENCY, Physical Protection of Nuclear Material and Nuclear Facilities (Implementation of INFCIRC/225/Revision 5), IAEA Nuclear Security Series No. 27-G, IAEA, Vienna (2018). FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL CIVIL AVIATION ORGANIZATION, INTERNATIONAL LABOUR ORGANIZATION, INTERNATIONAL MARITIME ORGANIZATION, INTERPOL, OECD NUCLEAR ENERGY AGENCY, PAN AMERICAN HEALTH ORGANIZATION, PREPARATORY COMMISSION FOR THE COMPREHENSIVE NUCLEAR-TEST-BAN TREATY ORGANIZATION, UNITED NATIONS ENVIRONMENT PROGRAMME, UNITED NATIONS OFFICE FOR THE COORDINATION OF HUMANITARIAN AFFAIRS, WORLD HEALTH ORGANIZATION, WORLD METEOROLOGICAL ORGANIZATION, Preparedness and Response for a Nuclear or Radiological Emergency, IAEA Safety Standards Series No. GSR Part 7, IAEA, Vienna (2015). INTERNATIONAL ATOMIC ENERGY AGENCY, Security of Nuclear Material in Transport, IAEA Nuclear Security Series No. 26-G, IAEA, Vienna (2015). INTERNATIONAL ATOMIC ENERGY AGENCY, Computer Security at Nuclear Facilities, IAEA Nuclear Security Series No. 17, IAEA, Vienna (2011). Amendment to the Convention on the Physical Protection of Nuclear Material, GOV/INF/2005/10–GC(49)/INF/6, IAEA, Vienna (2005). INTERNATIONAL ATOMIC ENERGY AGENCY, Developing a National Framework for Managing the Response to Nuclear Security Events, IAEA Nuclear Security Series No. 37-G, IAEA, Vienna (in preparation). INTERNATIONAL ATOMIC ENERGY AGENCY, Security during the Lifetime of a Nuclear Facility, IAEA Nuclear Security Series No. 35-G, IAEA, Vienna (2019). INTERNATIONAL ATOMIC ENERGY AGENCY, Security of Nuclear Information, IAEA Nuclear Security Series No. 23-G, IAEA, Vienna (2015).
|
| Main |
I–1. |
Each State independently determines the relationship between nuclear and radiation safety, and nuclear security. |
| Main |
I–2. |
While separate from the emergency plan for the facility, as stated in Ref. [I–1], Fundamental Principle K “may imply that contingency plans are the same as emergency plans. In practice there are differences among States in the definition and use of these terms.” Paragraph 3.120 of Ref. [I–1] continues by noting that in Ref. [I–2] (reference omitted): |
| Main |
I–3. |
This annex lists areas of interfaces between the contingency plans and emergency plans. Each section highlights the main areas of interface and includes supporting examples within these areas. |
| Main |
I–4. |
Consideration of physical protection during the facility design and site selection phases is important to ensure that safety and security functions are mutually supportive and are not in conflict with each other to the extent possible. As the contingency plan is a predefined set of actions for response to unauthorized acts, the following are examples of where an interface may exist between emergency planning and contingency planning:Physical layout of nuclear facility and local environment (e.g. demographics and topography);
Safety related equipment and radioactive material requiring protection against unauthorized removal or sabotage based on a graded approach;
Location and protection of control rooms, emergency response facilities and alarm stations;
Design of fire safety features (fire doors, suppression systems);
Emergency evacuation routes, access routes and muster points (including physical barriers along these routes);
Coordination of changes to the layout or design of a nuclear facility that may impact security or emergency response.
|
| Main |
I–5. |
Contingency plans and emergency plans need to take into account the respective security and safety requirements. |
| Main |
I–6. |
The following lists the consistencies needed between contingency plans and emergency plans:Plans need to be implemented with the appropriate level of response;
Plans need to be comprehensive and complementary;
Off-site emergency plans, procedures and assets need to be coordinated, and interact with on-site security forces (e.g. access control, on-site protection);
Sufficient numbers of security personnel need to be available to support an emergency response while maintaining adequate security;
An MOU with any single off-site response organization needs to be consistent with both the emergency plans and contingency plans.
|
| Main |
I–7. |
The roles and responsibilities are identified between the emergency plan and the contingency plan in order to do the following:Define a coordinated response, including decision making;
Respond with an appropriate number of qualified personnel, with appropriate and sufficient equipment, and within required timelines;
Identify competing priorities (dual assignments, unavailability) for security personnel during an emergency response.
|
| Main |
I–8. |
Establishment and use of a unified command and control system for emergency and contingency response provides for effective coordination of on-site and off-site response. Some characteristics of the unified command and control mechanism may include the following: |
| Initiating event |
I–9. |
Assessment of an event involves the following:Identification of initiating events that require coordination between emergency and contingency plan.
Coordinated activation of both internal emergency and security personnel, which may include the following:
Arranging access to vital areas;
Moving physical barriers;
Relocating security personnel based on a nuclear or radiological emergency;
Establishing a timeline and criteria for activation that may be different for contingency plan versus the emergency plan.
Arranging access to vital areas;
Moving physical barriers;
Relocating security personnel based on a nuclear or radiological emergency;
Establishing a timeline and criteria for activation that may be different for contingency plan versus the emergency plan.
|
| Coordination of response actions |
I–10. |
Coordination between the emergency plan and the contingency plan with respect to on-site activities to ensure protection from all hazards, including radiological hazards, involves the following:Coordination between the emergency plan and the contingency plan to ensure safe movement of emergency workers necessary to perform required actions;
Coordination of security measures for all personnel;
Emergency evacuation of personnel, as prescribed in the emergency plan, for rapid and safe egress to designated emergency planning zones;
Coordination in relation to accountability of personnel and nuclear or radiological material following an emergency evacuation;
Identification of safety related equipment and devices, equipment within vital areas, and hazardous materials that may be adversely affected by the security response actions;
Coordination of safety and security response as event progresses;
Re-evaluation of target(s) as event progresses;
Adaptation of protective strategies against threat as event progresses;
Coordination between the emergency and contingency plan to ensure protection from all hazards, including radiological hazards, of off-site security response assets, and the potential need for rapid ingress/egress of response personnel.
|
| Coordination of response actions |
I–11. |
Coordination between contingency and emergency response actions needs to include communication systems and procedures addressing the following:Secure internal communication systems between contingency response personnel and emergency response personnel;
Awareness and understanding of contingency and emergency response actions and terminology;
Diverse and redundant methods of communication for both contingency and emergency response;
Communication processes established between the contingency and emergency response in order to ensure a coordinated response;
Coordination of notification to appropriate levels of contingency and emergency response consistent with the potential consequences of the event;
Coordinated notification to off-site response agencies;
Coordination of the established public communication strategy on contingency and emergency response that provides for transparency while maintaining the appropriate level of confidentiality (e.g. not disclosing security or safety related sensitive information) based on the audience (e.g. media, local population, other nuclear facilities, other stakeholders) and timing of information release.
|
| Coordination of response actions |
I–12. |
Coordination of contingency and emergency responses needs to address the post-event recovery considerations including the following:Prioritized and coordinated recovery team efforts (all hazards, medical, security);
Clearing of areas and site equipment (e.g. searching for additional or residual security concerns) prior to resuming operations;
Preservation of forensic evidence (e.g. prevention of unnecessary interference with collection or preservation of evidence).
|
| Coordination of response actions |
I–13. |
Coordinated contingency and emergency response actions need to be trained and exercised to include initial and periodic training, commensurate with the prescribed actions of the contingency and emergency personnel. |
| Coordination of response actions |
|
REFERENCES TO ANNEX 1 |
| Coordination of response actions |
[I–1] |
INTERNATIONAL ATOMIC ENERGY AGENCY, Physical Protection of Nuclear Material and Nuclear Facilities (Implementation of INFCIRC/225/Revision 5), IAEA Nuclear Security Series No. 27-G, IAEA, Vienna (2018). |
| Coordination of response actions |
[I–2] |
INTERNATIONAL ATOMIC ENERGY AGENCY, Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/ Revision 5), IAEA Nuclear Security Series No. 13, IAEA, Vienna (2011). |
| Coordination of response actions |
[I–3] |
INTERNATIONAL ATOMIC ENERGY AGENCY, IAEA Safety Glossary: Terminology Used in Nuclear Safety and Radiation Protection, 2018 Edition, IAEA, Vienna (2019). |
| Coordination of response actions |
[I–4] |
INTERNATIONAL ATOMIC ENERGY AGENCY, Developing a National Framework for Managing the Response to Nuclear Security Events, IAEA Nuclear Security Series No. 37-G, IAEA, Vienna (in preparation). |
| Coordination of response actions |
II–1. |
This annex gives an example of an MOU (Box II–1). This MOU outlines the agreement between the [name of the facility] (the operator) and the [name of the response force organization] (the response forces). It might not apply to States where the response forces are government agencies that are mandated under law to provide response to the facility. |
| Coordination of response actions |
|
BOX II–1. EXAMPLE MEMORANDUM OF UNDERSTANDING FOR OFF-SITE RESPONSEThe response forces agree to provide an adequate, appropriate and effective response to calls for assistance as a result of a nuclear security event.
The response forces agree to participate in familiarity, preparedness activities and security exercises and training.
The operator agrees to provide facilities, technical support, logistics, expertise and resources to support the response forces.
Information regarding any radiological and technical issues;
On-site protection of workers;
Site maps and facility floor plans;
Escorts;
Compatible communications;
Logistical support, such as marshalling areas, briefing areas, power supplies;
Accountability of personnel arriving and working on the site at all times.
Tactical response units;
Crisis negotiator;
Canine team;
Explosive disposal;
Emergency services (e.g. local law enforcement, medical services, hazmat teams);
Forensic identification services;
Technical traffic collision investigation;
Dangerous goods coordinator;
Any other service provided by the response forces or supporting units deemed necessary by the incident commander.
A direct phone line between the command and control elements;
Compatible command centre radios and frequencies;
Compatible portable security radios and frequencies;
Other compatible communication devices.
Dedicated direct telephone link between the CAS and response forces;
Radio communication between the facility CAS and response forces.
|
| Coordination of response actions |
III–1. |
The bomb warning procedure detailed in paras III–3 to III–8 is provided as an example of how to develop written procedures that implement the requirements of the contingency plan. |
| Coordination of response actions |
III–2. |
Purpose: The purpose of this procedure is to establish and maintain predetermined actions that implement the requirements of contingency plan response personnel during a nuclear security event for a (bomb warning). |
| Coordination of response actions |
III–3. |
Event description: Bomb warnings may be expressed by telephone, by mail (letter or email), by a hand delivered message, or by some other means. Warnings may be given directly or indirectly through a law enforcement agency, mass media organization, or some other third party. Warnings also may be received and communicated by plant personnel, authorities off-site, or other third parties who would notify security. |
| Coordination of response actions |
III–4. |
Objectives of the contingency response to a bomb warning include the following: — Validate the warning; |
| Coordination of response actions |
III–5. |
Decisions and actions in response to a bomb warning include the following:Gather and evaluate information from the bomb warning communication;
Notify appropriate entities;
Attempt to locate suspected bomb(s);
If bomb is confirmed, take action to mitigate potential consequences;
If bomb is not confirmed, begin taking actions to return to normal operations;
Terminate event once the facility is determined to be safe.
|
| Coordination of response actions |
III–6. |
Responsible response personnel and their associated actions in response to a bomb warning include the following: |
| Coordination of response actions |
III–7. |
Termination of a bomb warning event involves the following decisions and actions: |
| Coordination of response actions |
III–8. |
The bomb warning implementing procedure contains the following data and supporting guidance:Bomb warning checklist;
Discovery of explosives nuclear security event procedure;
Emergency evacuation plan for bomb warning;
Facility maps and floor plans;
Off-site response contact list;
On-site response contact list;
On-site emergency plan.
|
| Coordination of response actions |
IV–1. |
Table IV–1 is provided as an example of an action matrix to identify the steps to be taken for responding to nuclear security events. The action matrix could also be represented by way of flow diagrams, computer modelling, or a comparable process. |