Minnesota Legislature
Office of the Revisor of Statutes
Minnesota Administrative Rules
4731.8055 GENERAL SECURITY PROGRAM REQUIREMENTS.
Subpart 1.
Security plan.
A.
Each licensee identified in part 4731.8050 must develop a written security plan specific to its facilities and operations. The purpose of the security plan is to establish the licensee's overall security strategy to ensure the integrated and effective functioning of the security program required by parts 4731.8050 to 4731.8090. The security plan must, at a minimum:
B.
The security plan must be reviewed and approved by the individual with overall responsibility for the security program.
C.
A licensee must revise its security plan as necessary to ensure the effective implementation of commissioner requirements. The licensee must ensure that:
(1)
the revision has been reviewed and approved by the individual with overall responsibility for the security program; and
(2)
the affected individuals are instructed on the revised plan before the changes are implemented.
D.
The licensee must retain a copy of the current security plan as a record for three years after the security plan is no longer required. If any portion of the plan is superseded, the licensee must retain the superseded material for three years after the record is superseded.
Subp. 2.
Implementing procedures.
A.
The licensee must develop and maintain written procedures that document how the requirements of parts 4731.8050 to 4731.8090 and the security plan will be met.
B.
The implementing procedures and revisions to these procedures must be approved in writing by the individual with overall responsibility for the security program.
C.
The licensee must retain a copy of the current procedure as a record for three years after the procedure is no longer needed. Superseded portions of the procedure must be retained for three years after the record is superseded.
Subp. 3.
Training.
A.
Each licensee must conduct training to ensure that those individuals implementing the security program possess and maintain the knowledge, skills, and abilities to carry out their assigned duties and responsibilities effectively. The training must include instruction in:
(1)
the licensee's security program and procedures to secure category 1 or category 2 quantities of radioactive material, and in the purposes and functions of the security measures employed;
(2)
the responsibility to report promptly to the licensee any condition that causes or may cause a violation of commissioner requirements;
(3)
the responsibility of the licensee to report promptly to the local law enforcement agency and licensee any actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of radioactive material; and
B.
In determining those individuals who must be trained on the security program, the licensee must consider each individual's assigned activities during authorized use and response to potential situations involving actual or attempted theft, diversion, or sabotage of category 1 or category 2 quantities of radioactive material. The extent of the training must be commensurate with the individual's potential involvement in the security of category 1 or category 2 quantities of radioactive material.
C.
Refresher training must be provided at a frequency not to exceed 12 months and when significant changes have been made to the security program. This training must include:
(1)
review of the training requirements of this subpart and any changes made to the security program since the last training;
D.
The licensee must maintain records of the initial and refresher training for three years from the date of the training. The training records must include dates of the training, topics covered, a list of licensee personnel in attendance, and related information.
Subp. 4.
Protection of information.
A.
Licensees authorized to possess category 1 or category 2 quantities of radioactive material must limit access to and unauthorized disclosure of their security plan, implementing procedures, and the list of individuals that have been approved for unescorted access.
B.
Efforts to limit access must include the development, implementation, and maintenance of written policies and procedures for controlling access to, and for proper handling and protection against unauthorized disclosure of, the security plan, implementing procedures, and the list of individuals that have been approved for unescorted access.
C.
Before granting an individual access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access, licensees must:
(1)
evaluate an individual's need to know the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access; and
(2)
if the individual has not been authorized for unescorted access to category 1 or category 2 quantities of radioactive material, safeguards information, or safeguards information-modified handling, the licensee must complete a background investigation to determine the individual's trustworthiness and reliability. A trustworthiness and reliability determination must be conducted by the reviewing official and must include the background investigation elements contained in part 4731.8020, subpart 1, item A, subitems (2) to (6), and item B.
D.
Licensees need not subject the following individuals to the background investigation elements for protection of information:
(2)
security service provider employees, provided written verification that the employee has been determined to be trustworthy and reliable, by the required background investigation in part 4731.8020, subpart 1, item A, subitems (2) to (6), and item B, has been provided by the security service provider.
E.
The licensee must document the basis for concluding that an individual is trustworthy and reliable in order to be granted access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access.
F.
Licensees must maintain a list of persons currently approved for access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. When a licensee determines that a person no longer needs access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access, or no longer meets the access authorization requirements for access to the information, the licensee must remove the person from the approved list as soon as possible, but no later than seven working days, and take prompt measures to ensure that the individual is unable to obtain the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access.
G.
When not in use, the licensee must store its security plan, implementing procedures, and the list of individuals that have been approved for unescorted access in a manner to prevent unauthorized access. Information stored in nonremovable electronic form must be password protected.
History:
40 SR 145; 46 SR 791
Published Electronically:
May 26, 2022
Official Publication of the State of Minnesota
Revisor of Statutes