The Physical Protection of Nuclear Material and Nuclear Facilities INFCIRC/225/Rev.4 (Corrected)

Requirements for Physical Protection Against Sabotage of Nuclear Facilities and Nuclear Material During Use and Storage

7.1.   General

7.1.1.   An act of sabotage involving nuclear material or against a nuclear facility could create a radiological hazard to the personnel, and a potential radioactive release to the public and the environment. Radiological hazards are strongly dependent on the threat to be considered, on the type of nuclear material, on the inventory of nuclear material and associated fission products, on the design of the facility or package and on its safety features. Consequently, a plant-specific or package design evaluation of the potential for sabotage and associated radiological consequences should be made in close consultation between safety and physical protection specialists.

7.1.2.   The concept of physical protection to protect against sabotage requires a designed mixture of hardware (security devices), procedures (including the organization of guards and the performance of their duties) and facility design (including layout). The level of the physical protection measures should be specifically designed to take into account the nuclear facility or nuclear material, the State's design basis threat and the radiological consequences. Emergency procedures should be prepared to counter effectively the State s design basis threat.

7.1.3.   The objective of the physical protection system should be to prevent or delay access to or control over the nuclear facility or nuclear material through the use of a set of protective measures including physical barriers or other technical means or the use of guards and response forces so that the guards or response forces can respond in time to prevent the successful completion of sabotage.

7.1.4.   Achievement of the objectives of the physical protection system should be assisted by:

  1. Taking into account physical protection in the design of the nuclear facility as early as possible;

  2. Limiting access to nuclear material or facilities to a minimum number of individuals. To accomplish this aim the State's competent authority should validate the operator s designation of protected areas, vital areas or other areas. In designating such areas, consideration should be given to the plant safety design, the location of the plant and the design basis threat. Access to these areas should be limited and controlled; and

  3. Requiring predetermination of the trustworthiness of all individuals permitted unescorted access to nuclear material or facilities.

7.1.5.   Safety specialists, in close cooperation with physical protection specialists, should evaluate the consequences of malevolent acts, considered in the context of the State's design basis threat, to identify nuclear material, or the minimum complement of equipment, systems or devices to be protected against sabotage. Also measures that have been designed into the facility for safety purposes should be taken into account. When protecting against sabotage, nuclear material or equipment, systems or devices the sabotage of which, alone or in combination based on analysis, could lead to unacceptable radiological consequences, should be located in a vital area(s). Potential conflicting requirements, resulting from safety and physical protection considerations, should be carefully analyzed to ensure that they do not jeopardize nuclear safety, including during emergency conditions.

7.1.6.   Evaluations of the overall implemented physical protection system, procedures and the timely response of the guards and response forces should be conducted at least annually by the operator to determine their reliability and effectiveness.

7.1.7.   Operators should regularly test intrusion detection, assessment and communications systems as well as other physical protection functions to determine their continued operability. When deficiencies are identified, corrective actions should be taken as soon as possible.

7.2.   Requirements for Nuclear Power Reactors

7.2.1.   The following set of measures represents the requirements applicable for the physical protection of nuclear power plants against sabotage because of their inventory of fission products and their inherent driving force for dispersion.

7.2.2.   Nuclear material or equipment, systems or devices that are important to safety or the sabotage of which could lead to unacceptable radiological consequences, should only be located within a vital area(s). Equipment, systems or devices located outside the protected area should be evaluated with respect to their potential impact on plant safety when subjected to the design basis threat.

7.2.3.   Access to and the number of access points into the protected area and vital area(s) should be kept to the minimum necessary. Persons authorized unescorted access to the protected area or vital areas should be limited to persons whose trustworthiness has been determined. Persons whose trustworthiness has not been determined such as temporary repair, service or construction workmen and visitors should be escorted by a person authorized unescorted access. The identity of all persons entering such areas should be verified and they should be issued with appropriately registered passes or badges.

7.2.4.    All persons and packages entering protected areas should be subject to search to prevent the introduction of articles for use for sabotage. All vehicles entering the protected area should be subject to search. Instruments for the detection of explosives and metals can be used for such searches. Consideration should be given to preventing the forceful intrusion of motor vehicles.

7.2.5.   Entry of private motor vehicles into protected areas should be strictly minimized and limited to designated parking areas. Private motor vehicles should be prohibited access to vital areas.

7.2.6.   All employees should be informed at least annually of the importance of effective physical protection measures and be trained in their implementation as appropriate.

7.2.7.   Operators should monitor to detect that no tampering or interference with equipment, systems or devices in vital areas has taken place, or to provide for timely detection of such tampering or interference. A report should be made to the competent authority whenever there is reason to suspect that any malevolent activity has occurred.

7.2.8.   Following a shutdown/maintenance period, special precautions should be taken prior to reactor startup to detect any malevolent actions.

7.2.9.   A record should be kept of all persons having access to or possession of keys or key-cards concerned with the containment or storage of nuclear material or to vital areas. Arrangements should be made for:

  1. The checking and custody of keys or key-cards, particularly to minimize the possibility of duplication;

  2. The changing of combination settings at suitable intervals; and

  3. The changing of locks, keys, or combinations whenever there is evidence or suspicion that they have been compromised.

7.2.10.   Intrusion detection should be performed at the physical barrier surrounding the protected area and timely assessment should be carried out. Clear areas should be provided on both sides of the perimeter of the protected area with illumination sufficient for assessment. To protect against unauthorized access or malevolent acts, special attention should be paid to all points of potential access. The perimeter of the protected area should normally consist of a physical barrier in addition to and outside the building walls. In cases where the walls of a building are of a specially solid construction, these walls may be designated as being the perimeter of the protected area under conditions specified by a security survey.

7.2.11.   Vital areas should be so arranged that the number of entries and exits is minimized (ideally only one). All emergency exits should be fitted with intrusion detection sensors. Other points of potential access should be appropriately secured and alarmed. Vital areas should not be sited close to public thoroughfares.

7.2.12.    Vital areas should provide penetration delay. They should be appropriately secured and alarmed when unattended. The issuing of keys or key-cards should be closely controlled. They should be appropriately protected to ensure that they are not malevolently used.

7.2.13.   All intrusion detection sensors should annunciate and be recorded in a continuously staffed central alarm station to provide for monitoring and assessment of alarms, initiation of response and communication with the guards, facility management and response force. The central alarm station should normally be located in the protected area unless its function will be more effectively performed in another area nearby. The central alarm station should be hardened so that its functions can continue in the presence of the design basis threat.

7.2.14.    A 24-hour guarding service should be provided. The guard force or the central alarm station personnel should report at scheduled intervals to the off-site response forces during non- working hours. Guards should be trained and adequately equipped for their function in accordance with national laws and regulations. When guards are not armed, compensating measures should be considered. The objective should be the arrival of adequately armed guards and/or response forces before an act of sabotage begins or while the act is in progress so that they may prevent its successful completion.

7.2.15.   Patrols of the protected area should be provided.

7.2.16.    Dedicated, tamper indicating transmission systems and independent power supplies, should be provided between the intrusion detection sensors and the central alarm station. Alarms generated by intrusion detection sensors should be promptly assessed and appropriate action taken.

7.2.17.   Dedicated, redundant and diverse transmission systems for two-way voice communication between the central alarm station and the response forces should be provided for activities involving detection, assessment and response. Also, dedicated two-way voice communication should be provided between guards and the central alarm station.

7.2.18.   Emergency plans of action should be prepared to counter effectively any attempted sabotage. Such plans should provide for the training of guards and response forces in their actions in case of an emergency. They should also provide for appropriate response by guards or response forces to attempted intrusion into the protected area and vital areas. The close co-ordination between guards and response forces should be regularly exercised. In addition, other facility personnel should be prepared to act in full coordination with guards, response forces and safety response teams for implementation of emergency plans.

7.2.19.   Arrangements should be made to ensure that during emergency evacuation exercises access to vital areas remains controlled.

7.3.   Requirements for Other Nuclear Facilities and Nuclear Materials

7.3.1.    Sabotage of nuclear facilities other than nuclear power plants and of various forms and quantities of nuclear material could also result in radiological hazards to the public. States should determine the level of protection needed against such sabotage depending upon the degree of radiological consequences. Measures specified in Section 7.2. may be applied as appropriate.

Next: >> Requirements for Physical Protection of Nuclear Material During Transport


Back to Contents Page
Back to Physical Protection Page | IAEA.org Main Page