II. Objectives and Elements of State Physical Protection systems

Introduction
Governmental Organization and Nuclear Physical Protection Legislation
Role and Responsibility of the Competent Authority
Regulations and Guides
Licensing Process
Integration and Participation of Other Organizations
Assessment of the Threat
Review and Assessment
Inspection and Enforcement
Development of Emergency Plans

Introduction

201. Because of differences in States' perceived threats, culture, legal systems and history, there will be reasonable and necessary variations in physical protection practices between different countries. The time taken for State response forces to arrive on the scene and their degree of responsibility for dealing with an attack against a nuclear facility or nuclear material in transport will also have great impact on physical protection practices in different countries. Therefore, there will be differences in the implementation of international guidance contained in The Physical Protection of Nuclear Material (INFCIRC/225/Rev.3), obligations required in the Convention on Physical Protection of Nuclear Material and commitments made by States under the Nuclear Suppliers Group guidelines (INFCIRC/254/Rev 2). 

202. For these reasons, and because each Member State is ultimately responsible for the physical protection of nuclear materials and facilities on its own territory [3.2.1.1], it is neither realistic nor proper to expect regulatory organizations to require the identical implementation of the provisions of INFCIRC/225/Rev.3 as in other States. 

203. However, it is in the interest of all States to require the implementation of physical protection systems that are as compatible as possible with the recommendations of INFCIRC/225/Rev.3, which should be considered as a baseline for any physical protection system. This chapter provides supplementary guidance to aid in a better understanding of the provisions of INFCIRC/225/Rev.3 with respect to the following activities of State authorities:

-	Governmental Organization and Nuclear Physical Protection Legislation
-	Role and Responsibility of the Competent Authority
-	Regulations and Guides
-	Licensing Process
-	Integration and Participation of Other Organizations
-	Assessment of the Threat
-	Review and Assessment
-	Inspection and Enforcement
-	Development of Emergency Plans

 

204. The IAEA has no responsibility for the supervision, control or implementation of a State's physical protection system and assistance will be provided only when so requested by a State [2.2]. Assistance in the form of the International Physical Protection Advisory Service (IPPAS) is available to States on request to the Agency. The role of IPPAS missions is to provide advice and assistance to Member States to help strengthen and enhance the effectiveness of the State physical protection system through interpreting and applying INFCIRC/225/Rev.3 recommendations to the needs of requesting States. Further details of this service are contained in a separate IAEA TECDOC.

Governmental Organization and Nuclear Physical Protection Legislation

205. The physical protection of nuclear material and facilities within the Member State rests on the fundamental basis of government organisation and legislation. Governments need to discharge their responsibilities to regulate the physical protection of nuclear activities in order to protect nuclear material from theft and public health and safety from undue radiological risk as a result of sabotage. The Member State therefore needs to have an adequate and supportive governmental organization and statutory legislation. The legislation should provide for a competent authority [3.2.1.3], which needs to have sufficient staff, funding and legal powers to perform its duties and the freedom to do so without undue interference. The government should also encourage international exchanges aimed at improving physical protection and seek to minimize any impediments to such exchanges.

Objectives

206. The government or state legislature of the Member State should establish a system for the physical protection of nuclear material and facilities within which the physical protection competent authority can exist and operate effectively, has adequate legal powers and sufficient funds for its activities, and can pursue its regulatory task without undue interference.

207. The government should ensure an adequate hierarchy of authority and responsibility to enable the nuclear competent authority to fulfil its physical protection functions. In particular, the competent authority should be separated in the governmental organization and be independent from the bodies responsible for developing, promoting or operating nuclear facilities.

Role and Responsibility of the Competent Authority

1. To establish a system to define and maintain acceptable levels of physical protection to counter the defined threat; to monitor the licensees to ensure that they fulfil their physical protection responsibilities; to evaluate the implemented physical protection systems and to ensure that the licensees provide appropriate levels of physical protection;
2. To have a clearly defined legal status and independence from the applicant(s)/licensee(s) and to have the legal authority to enable it to perform its responsibilities and functions effectively;
3. To establish clear regulatory objectives, and to understand how these are achieved and how they compare with international standards and good practices. The competent authority will also need to establish a system for effective interaction, liaison and cooperation with other nuclear regulatory bodies and with international bodies and organizations.

209. All staff of the competent authority should clearly understand the legal authority which provides the basis for their activities, and how this governs their activities in regulatory development, assessment, licensing, inspection, enforcement, planning, etc.

210. In exercising their authority in matters of physical protection, all staff of the competent authority should understand their organization's regulatory role and objectives, how these are achieved and how they compare with international standards and practices.

211. The competent authority should establish any necessary arrangements for coordination with other regulatory organizations and those responsible for national security, for the provision of external (off-site) response forces and for other affiliated agencies to ensure an integrated approach to physical protection. 

Regulations and Guides

212. The competent authority needs to establish a clear framework of requirements for those nuclear activities permitted by the State. The requirements with which applicant(s)/licensee(s) should comply should be consistent with INFCIRC/225/Rev.3 and provide guidance amplifying how regulatory obligations may be fulfilled [3.2.1.2/3.2.4.1/3.2.5.1]. Comprehensive regulations and guides are not obligatory for all situations. The competent authority may consider it appropriate to develop them in step with the development of the national nuclear programme.

213. The competent authority should endeavour to ensure that regulations, codes, guides etc. explicitly address the possibilities for unauthorized removal of nuclear material or for sabotage of nuclear material or facilities as the main reason for their production.

Objectives

214. The competent authority should establish a clear policy regarding the approach taken to developing and producing regulations and guides. This policy should be developed to suit both the licensing system and the system of government in the Member State.

215. The competent authority should ensure that an applicant/licensee is made aware of and held accountable to regulations and guides that are applicable.

Licensing Process

216. While responsibility for physical protection rests with each applicant/licensee, control over physical protection by the competent authority, at all stages of the life of nuclear installations and during transportation, is exercised primarily through governmental licence(s) [3.2.2.1]. Hence, a primary task of the competent authority is to consider whether to approve (or not) applications for new licences and renewals or amendments to existing licences. The licence itself should be an official document authorizing an activity or activities and approving the licensee's physical protection plan describing how it will implement its physical protection programme. 

217. Licensing needs to be kept as a live issue throughout all stages of the life of a nuclear facility. The licence may be changed or modified as circumstances dictate but always by and under the control of the competent authority [3.4.1].

Objectives

218. The competent authority should ensure that any licence issued is:

1. In compliance with the relevant national legislation;
2. Accurately specifies the activity or activities to be licensed; and
3. Clearly identifies any constraints regarding the activities, i.e. requirements, conditions or time limits.

219. The competent authority should ensure that it has received and assessed adequate documentary evidence from each applicant/licensee regarding the physical protection plan for activity or activities to be licensed before the licence is issued. Assessment may be supported by a review of physical protection measures employed on the ground.

220. Any change to a licence should be controlled by the competent authority to ensure that the change receives appropriate levels of consideration and assessment before being implemented.

Integration and Participation of Other Organizations

1. The threat is assessed, kept up to date and communicated to those regulatory bodies and authorities responsible for the arrangements for the physical protection of nuclear materials and facilities;
2. Response forces with the necessary legal and constitutional authority are made available to respond to incidents which could threaten nuclear material at facilities or in transit and that these response forces have prepared the necessary contingency plans and are exercised in their role; and
3. That the responsibility for criminal investigation and recovery of nuclear materials is clear.

Objectives

222. The State should establish a clear policy and procedures to ensure that State bodies, agencies and other official organizations provide the necessary support to protect nuclear materials from theft and to counter sabotage of nuclear materials and facilities.

Assessment of the Threat

223. The competent authority should define the basis for the level of physical protection which will be required to protect against theft of nuclear material and sabotage at nuclear facilities under its responsibility and during nuclear material transportation. This is accomplished by making an assessment of the intentions and capabilities of criminal/terrorist groups known to pose a threat to national security or a serious threat to law and order in the country [3.1.2]. Measures to counter the assessed capabilities should then be incorporated into physical protection standards and regulatory requirements, due consideration being given to a conceivable aggravation of the threat situation in the future.

224. This assessment should take into account the possibility of these groups being assisted by or formed of individual(s) who have authorised access to the facilities, the tactics employed by these groups, their technical competence, size and the equipment available to them for use in any attack. The assessment should be reviewed on a regular basis and the implications of any change taken into account in reviewing the adequacy of existing physical protection standards and regulatory requirements.

Objectives

225. A national authority should clearly define and review on a regular basis the potential threat(s) to nuclear facilities and nuclear material in transit in sufficient detail to allow regulators, physical protection system designers and nuclear facility licensees to develop adequate systems for protecting nuclear materials from theft and sabotage, both when in use and storage at facilities and when in transit.

Review and Assessment

226. It is the responsibility of the competent authority to confirm that the physical protection arrangements at any proposed nuclear facility, at all stages of its life, and during the transport of nuclear material meets the standards contained in national regulations. To fulfil this requirement the competent authority needs to acquire a complete understanding of the physical protection approach, design and quality assurance program of the facilities, and the proposed operating principles of the applicant(s)/licensee(s). The competent authority will also need to perform a thorough review of these issues to ensure that they comply with the competent authority's own physical protection objectives [3.5.1]. Consistent application of regulations at similar nuclear facilities is important so that one facility is not viewed as being more vulnerable than another.

227. Following suitable review, the competent authority may require modifications to be implemented in physical protection programmes where necessary.

228. The competent authority should establish a system for reviewing, at the appropriate level, all of its licensing decisions.

Objectives

229. The competent authority should establish a regime to ensure that review and assessment decisions are followed up by subsequent supervisory, inspection and evaluation activities to ensure that the decisions are appropriate and implemented effectively.

Inspection and Enforcement

230. An inspection and enforcement regime should be established by the competent authority that complements its review and assessment activities [3.5.1/5.2.21/5.3.15/5.4.6]. This regime should be able to satisfy the competent authority that each licensee complies with national legislation and maintains the nuclear facility(s), throughout all stages of its life, and/or carries out the transport of nuclear material in conformity with the physical protection system approved by the competent authority and that the licensee is fulfilling the conditions set out in the licence. The competent authority will require correction of any situation where there is not proper compliance with the licence through the application of appropriate enforcement action(s) [3.2.1.5].

Objectives

231. The competent authority should establish a structured inspection and enforcement system for evaluating and systematically following up all inspection findings and an enforcement system to ensure that all aspects of legislation, including the licence, are fully complied with by each licensee, that this compliance is verifiable and that experience gained is fed back to the licensee.

232. The competent authority should ensure that the responsible persons in an licensee's organizations are qualified to discharge their physical protection functions at a licensed nuclear facility and for transports of nuclear material.

233. The competent authority should ensure that the required quality and performance are achieved by each licensee at all times.

Development of Emergency Plans

234. An emergency plan should be established at all facilities and activities where physical protection measures are required by the competent authority. This plan should provide guidance to licensee personnel for accomplishing specific defined objectives in the event of threats, thefts or sabotage relating to licensed activities involving nuclear material or nuclear facilities [5.2.19/5.3.13/5.4.5].

235. The goals of the emergency plan for responding to threats, thefts and sabotage are:

1. To identify a range of credible emergency situations that may occur;
2. To organize the response effort at the licensee/operator level;
3. To identify predetermined, structured responses by the licensee/operator to an emergency situation;
4. To ensure the integration of the licensee/operator response with other entities; and
5. To achieve a measurable performance in response capability.

236. Licensee/operator emergency planning should result in organizing the licensee/operator's resources in such a way that possible emergency events will be identified with preplanned responses, the various emergency responders will be identified, their responsibilities specified and the responses coordinated in a timely manner. Planning should take account of the need for prompt and controlled access to facilities by off-site emergency responders. It is also important to note that the licensee/operator emergency plan is intended to be complimentary to other emergency plans in place for responding to other safety-related radiological incidents or accidents. Periodic response exercises should be conducted with emergency responders to demonstrate effectiveness and to provide familiarisation and training.

Objectives

237. The competent authority should require each licensee/operator of a facility where physical protection measures are required to develop and implement an emergency plan which should, as a minimum, contain:

1. The criteria for initiation and termination of responses to security emergencies together with the specific decisions, actions and supporting information needed to bring about such responses;
2. An identification of the data, criteria, procedures and mechanisms affecting emergency planning that are specific to the facility or means of transportation involved and are necessary to efficiently implement the emergency plan; and
3. A designation of the individual, group or organization responsible for each decision and action associated with specific responses to security emergencies.

238. The competent authority should require that response exercises for the nuclear activity are conducted with the off-site emergency responders frequently enough to ensure facility familiarisation and appropriate integration with licensee/operator response.