IAEA International Atomic Energy Agency Security of Radiation Sources.
-
Upload
loren-canby -
Category
Documents
-
view
240 -
download
2
Transcript of IAEA International Atomic Energy Agency Security of Radiation Sources.
IAEAInternational Atomic Energy Agency
Security of Radiation Sources
IAEA 2
To understand the criteria for establishing the level of security required for radioactive sources and how the criteria are to be implemented by users and the Regulatory Body
Objective
IAEA 3
Contents
• Security and source categorization.• Security requirements to be applied to the user.• Controls to be applied by the Regulatory Body.
IAEA
• States should formulate security policy for radioactive sources and regulatory bodies should develope regulatory requirements that are consistent with the Code of Conduct .
• Operators managing radioactive sources should develope their own security programmes
• Operators should develope measures for the prevention of, detection of, and response to malicious acts involving radioactive sources, and preventing the loss of control of such sources.
• Security measures should be applied on a graded basis, taking into account the current evaluation of the threat, the relative attractiveness of the source, and the potential consequences resulting from malicious use. The requisite level of security is achieved through a combination of deterrence, detection, delay, response and security management
Background
Security of Radioactive Sources IAEA NSS No. 11 (2009)
IAEA 5
Every State should, in order to protect individuals, society and the
environment, take the appropriate measures necessary to ensure:
Basic principles1
1 Code of Conduct on the safety and security of radiation sources, paragraph 7
• that the radioactive sources within its territory, or under its jurisdiction or control, are safely managed and securely protected during their useful lives and at the end of their useful lives;
• the promotion of safety culture and of security culture with respect to radioactive sources.
IAEA
Basic Principles-cont
• Operators, as the authorized entities, should have the primary responsibility for implementing and maintaining security measures for radioactive sources in accordance with national requirements.
• Operators should ensure that their personnel and their contractors are suitably trained and meet the regulatory requirements, which should include trustworthiness.
• Operators should promote a security culture, and establish a management system commensurate with the levels of security
IAEA 7
• Security and source categorization.
• Security requirements to be applied by the user.
• Controls to be applied by the Regulatory Body.
Security of Radioactive Sources.Implementation Guide
IAEA 8
• Design of devices and sources to minimize the feasibility of malicious acts;
• Management of sources only within an authorized and regulated legal framework;
• Measures to prevent unauthorized acquisition of sources;
• Measures to detect theft or loss;
• Measures to respond to theft or loss.
Program against malevolent uses
IAEA 9
Part I: Security Grouping
IAEA 10
Security Grouping based on Source Categorization
• Three Security Groups (A, B, and C) have been identified for the five source categorizations (1, 2, 3, 4 and 5)
IAEA 11
Source categories
1000
10
1
0.01
exempt
Teletherapy sourcesIrradiators
Industrial gamma radiography sourcesHigh / medium dose rate brachytherapy sources
Industrial gauges with high activity sourcesWell logging gauges
Low dose rate brachytherapy sourcesIndustrial gauges with moderate / low activity sources
X-ray fluorescence (XRF) devicesElectron capture devices
1
2
3
4
5
Activity ratioA/D
IAEA 12
Security Grouping based on Source Categorization (cont)
Security Group
Source Category
Examples
A 1
• Irradiators• Teletherapy• Radioisotope thermoelectric
generators• Fixed multi-beam teletherapy
(gamma knife)
IAEA 13
Security Grouping based on Source Categorization (cont)
Security Group
Source Category
Examples
B 2• Industrial radiography• High / medium dose rate
brachytherapy
C 3• Fixed industrial gauges that
incorporate high activity sources• Well logging
IAEA 14
Security Grouping based on Source Categorization (cont)
Security Group
Source Category
Examples
Applymeasures asdescribedin theBasic SafetyStandards
4
• Low dose rate brachytherapy (except eye and permanent implants))
• Industrial gauges that do not incorporate high activity sources
• Bone densitometers• Static eliminators
IAEA 15
Security Grouping based on Source Categorization (cont)
Security Group
Source Category
Examples
Applymeasures asdescribedin theBasic SafetyStandards
5
• Low dose rate brachytherapy eye plaques and permanent implant sources
• X-ray fluorescence devices• Electron capture devices• Mossbauer spectrometry sources• Positron emission tomography
(PET) • check sources
IAEA
RECOMMENDED MEASURES FOR SECURITY LEVEL A
Securityfunction
Security objective Security measures
Detect
Provide immediate detection ofany unauthorized access to thesecured area/source location
Electronic intrusion detection system and/or continuous surveillance by operator personnel.
Provide immediate detection ofany attempted unauthorizedremoval of the source, includingby an insider
Electronic tamper detection equipment and/ or continuous surveillance by operatorpersonnel
Provide immediate assessment ofdetection
Remote monitoring of CCTV or assessment by operator / response personnel
Provide immediatecommunication to responsepersonnel
Rapid, dependable, diverse means ofcommunication such as phones, cell phones, pagers, radios
Provide a means to detect lossthrough verification
Daily checking through physical checks, CCTV, tamper indicating devices, etc.
IAEA
RECOMMENDED MEASURES FOR SECURITY LEVEL A - Cont
Securityfunction
Security objective Security measures
Delay Provide delay after detection sufficient for response personnel to interrupt the unauthorized removal
System of at least two layers of barriers (e.g. walls, cages) which together provide delay sufficient to enable response personnel to interdict.
Response Provide immediate response to assessed alarm with sufficient resources to interrupt and prevent the unauthorized removal.
Capability for immediate response with size, equipment, and training to interdict .
Security management
Provide access controls to source location that effectively restrict access to authorized persons only.
Identification and verification, for example, lock controlled by swipe card reader and personal identification number, or key and key control
Ensure trustworthiness ofauthorized individuals
Background checks for all personnel authorized for unescorted access to the source location and for access to sensitive information.
Identify and protect sensitiveinformation.
Procedures to identify sensitive information and protect it from unauthorized disclosure.
Provide a security plan. A security plan which conforms to regulatory requirements and provides for response to increased threat levels
Ensure a capability to manage security events covered by security contingency plans
Procedures for responding to security-related scenarios
Establish security event reporting system Procedures for timely reporting of security events.
IAEA
RECOMMENDED MEASURES FOR SECURITY LEVEL B
Securityfunction
Security objective Security measures
Detect
Provide immediate detection ofany unauthorized access to thesecured area/source location
Electronic intrusion detection system and/or continuous surveillance by operator personnel.
Provide detection of any attempted unauthorized removal of the source
Tamper detection equipment and/ or periodic checks by operator personnel
Provide immediate assessment ofdetection
Remote monitoring of CCTV or assessment by operator / response personnel
Provide immediatecommunication to responsepersonnel
Rapid, dependable means ofcommunication such as phones, cell phones, pagers, radios
Provide a means to detect lossthrough verification
Weekly checking through physical checks, tamper indicating devices, etc.
IAEA
RECOMMENDED MEASURES FOR SECURITY LEVEL B - Cont
Securityfunction
Security objective Security measures
Delay Provide delay to minimize the likelihood of unauthorized removal
System of two layers of barriers (e.g. walls, cages).
Response Provide immediate initiation of response to interrupt unauthorized removal .
Equipment and procedures to immediately initiate response.
Security management
Provide access controls to source location that effectively restrict access to authorized persons only.
One identification measure
Ensure trustworthiness ofauthorized individuals
Background checks for all personnel authorized for unescorted access to the source location and for access to sensitive information.
Identify and protect sensitiveinformation.
Procedures to identify sensitive information and protect it from unauthorized disclosure.
Provide a security plan. A security plan which conforms to regulatory requirements and provides for response to increased threat levels
Ensure a capability to manage security events covered by security contingency plans
Procedures for responding to security-related scenarios
Establish security event reporting system Procedures for timely reporting of security events.
IAEA
RECOMMENDED MEASURES FOR SECURITY LEVEL C
Securityfunction
Security objective Security measures
Detect
Provide detection of unauthorized removal of the source
Tamper detection equipment and/ or periodic checks by operator personnel
Provide immediate assessment ofdetection
assessment by operator / response personnel
Provide a means to detect lossthrough verification
Monthly checking through physical checks, tamper indicating devices, or other checks to confirm the presence of the source.
Delay Provide delay to reduce the likelihood of unauthorized removal of a source
One barrier (e.g. cage, sourcehousing) or under observation byoperator personnel
Response Implement appropriate action in the event of unauthorized removal of a source.
Procedures for identifying necessaryactions in accordance withcontingency plans
IAEA
RECOMMENDED MEASURES FOR SECURITY LEVEL C - Cont
Securityfunction
Security objective Security measures
Security management
Provide access controls to source location that effectively restrict access to authorized persons only.
One identification measure
Ensure trustworthiness ofauthorized individuals
Appropriate methods for determining the trustworthiness of authorized individuals withunescorted access to radioactive sources and access to sensitive information..
Identify and protect sensitiveinformation.
Procedures to identify sensitive information and protect it from unauthorized disclosure.
Provide a security plan. Documentation of security arrangements and reference procedures
Ensure a capability to manage security events covered by security contingency plans
Procedures for responding to security-related scenarios
Establish security event reporting system
Procedures for timely reporting of security events.
IAEA 22
Part II: Applicable Security Measures
IAEA 23
Applicable Security Measures
Administrative
Appropriate administrative measures include:
• access control procedures;• alarmed access points (e.g. with radiation detectors);
• key control procedures;
• video cameras or personal surveillance;
• records related to the management of sources;
IAEA 24
Applicable Security Measures
Administrative (cont)
Appropriate administrative measures include:
• regulations and guidance;
• reliability and trustworthiness of personnel;
• information security;
• quality assurance measures; and
• establishment of a safety culture and security culture.
• source inventories;
IAEA 25
Applicable Security MeasuresTechnical Measures
• walls;• cages;• transport packaging;• locks and interlocks for doors
(or access points);• locked, shielded containers.
• fences;
Appropriate technical measures include:
IAEA 26
Applicable Security Measures
Emergency response plan (Group A and B sources)
Minimum contents of the plan
• Early notification procedures.
• Immediate response measures to be taken.
• Procedures for public communication.
The plan should be
• Exercised periodically.
• Evaluated periodically.
IAEA 27
Applicable Security Measures
Information Security (Group A and B sources)
Information that can be used to identify specific locations, specific security measures or weaknesses in the system of management of sources should be controlled and distributed on a “need to know” basis. This includes information concerning:
• the specific locations of sources;
• the facility’s security plan and security systems;
• temporary or permanent weaknesses in the security system;
IAEA 28
Applicable Security Measures
Information Security (cont)
• source utilization plans and records;
• proposed dates and times of source shipments and transfers;
• emergency response plans and systems.
IAEA 29
Applicable Security Measures
Personnel background checks (Group A and B sources)
Authorized users
• the licensee should ensure trustworthiness;
• check should be made before an authorization is granted.
IAEA 30
Applicable Security Measures
Transport
The transport of Security Group B and C sources should:
• satisfy the performance requirements for security for the particular group;
• for a mobile source, administrative controls such as personal surveillance should be rigorously maintained;
• include consideration of a communication link to allow timely response to incidents or potential threats.
IAEA 31
Applicable Security Measures
Transport
The transport of Security Group A sources should provide for:
• background checks on trustworthiness of the transport organization and operatives;
• deterrence through the use of locked and sealed transport packages and the use of a dedicated, locked transport unit;
• timely detection through radio communication between the personnel in the vehicle and a security office or organization;
IAEA 32
Applicable Security Measures
Transport (cont)
The transport of Security Group A sources should provide for:
• response through security trained transport operatives;
• an emergency plan developed to deal with emergencies in transit.
IAEA 33
Part III: Responsibilities of the Authorities
IAEA 34
Applicable Security Measures
The Regulatory Body
The Regulatory Body should:
• establish systems to ensure, where practicable, that radioactive sources are identifiable and traceable;
• maintain appropriate records of authorizations that clearly indicate the type of radioactive source, and records of the transfer and disposal of source on termination of the authorization;
IAEA 35
Applicable Security Measures
The Regulatory Body (cont)
The Regulatory Body should:
• implement an inspection Program that includes verification that facilities and radiation protection Programs are maintained and adequately manage the radioactive sources.
• ensure that regulations and other criteria with regard to the security of radioactive sources remain adequate and valid;
IAEA 36
Part IV: Responsibilities of the Registrants and Licensees
IAEA 37
Applicable Security Measures
Registrants and Licensees
Registrants and Licensees:
• who appoint other people to carry out actions and tasks, nevertheless remain responsible for the relevant actions and tasks themselves.
• bear the responsibility for setting up and implementing the technical and organizational measures that are needed to ensure both the safety and security of the authorized sources;
IAEA 38
Applicable Security Measures
Registrants and Licensees (cont)
Registrants and Licensees should ensure that:
• when not in use, sources are promptly stored in an approved manner and relevant to the requirements of the security grouping to which the source(s) belong;
• the transfer of sources to another person is documented and that person is appropriately authorized to receive the transferred source;
• sources are managed in accordance with the authorization;
IAEA 39
Applicable Security Measures
Registrants and Licensees (cont)
Registrants and Licensees should ensure that:
• financial provisions in accordance with regulatory requirements are in place for the safe disposal of disused sources;
• sources are shipped and received in accordance with regulatory requirements.
IAEA 40
Applicable Security Measures
Surveys and audits
• perform an inventory check of all radiation sources at regular intervals, including x-ray equipment, spent, calibration and crawler control radioactive sources;
The registrant or licensee must:
• ensure that all radioactive sources are surveyed when removed from, and returned to, storage;
IAEA 41
Applicable Security Measures
Surveys and audits
• apply the same survey and audit procedures to locations where extended field site work is taking place and where a temporary store is established;
The registrant or licensee must:
• if a radiation source cannot be located, take action as if an accident has occurred and shall immediately notify the Regulatory Body.
IAEA 42
Applicable Security Measures
Registrants and Licensees (cont)
In addition to normal reporting requirements relating to safety issues, registrants and licensees should report to the Regulatory Body:
• any loss of control over a radioactive source;
• unauthorized access to, or unauthorized use of, a source;
• malicious acts threatening authorized activities;
• failures of equipment containing radioactive sources which may have security implications;
• the discovery of any unaccounted source.
IAEA 43
• Security of Radioactive Sources. Implementing Guides. IAEA Nuclear Security Series No. 11, Vienna (2009).
• Categorization of Radioactive Sources, Safety Guide RS-G-1.9, IAEA, Vienna (2005).
References