DHS 157.9704(2)(d)
(d) Health and Human Services security risk assessments for possession and use of select agents and toxins under
42 CFR 73.
DHS 157.9704(2)(e)
(e) Hazardous Material security threat assessment for hazardous material endorsement to commercial driver's license under
49 CFR 1572.
DHS 157.9704(2)(f)
(f) Customs and Border Protection's Free and Secure Trade (FAST) Program.
DHS 157.9704 History
History: CR 16-078: cr.
Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.104 under s. 13.92 (4) (b) 1., Stats.,
Register January 2018 No. 745.
DHS 157.9705(1)(1)
Any licensee who obtains background investigation information on an individual under this subchapter shall establish and maintain a system of files and written procedures for protection of the record and the personal information from unauthorized disclosure.
DHS 157.9705(2)
(2) A licensee may not disclose the background investigation record or personal history information collected and maintained to persons other than the subject individual, the individual's representative, or to persons who need access to the information in order to perform assigned duties in the process of granting or denying unescorted access to category 1 or category 2 quantities of radioactive material, safeguards information, or safeguards information-modified handling. No individual authorized to have access to the information may disseminate the information to any other individual who does not have a need to know.
DHS 157.9705(3)
(3) The personal information obtained on an individual from a background investigation may be provided to another licensee under the following conditions:
DHS 157.9705(3)(a)
(a) Upon the individual's written request to a licensee holding the data to disseminate the information contained in the individual's file.
DHS 157.9705(3)(b)
(b) The recipient licensee verifies information such as name, date of birth, social security number, gender, and other applicable physical characteristics.
DHS 157.9705(4)
(4) The licensee shall make background investigation records obtained under this subchapter available for examination by the department.
DHS 157.9705(5)
(5) The licensee shall retain all fingerprint and criminal history records received from the FBI, including data indicating no record, , or a copy of these records if the individual's file has been transferred, for 3 years from the date the individual no longer requires unescorted access to category 1 or category 2 quantities of radioactive material.
DHS 157.9705 History
History: CR 16-078: cr.
Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.105 under s. 13.92 (4) (b) 1., Stats.,
Register January 2018 No. 745.
DHS 157.9706
DHS 157.9706 Access authorization program review. DHS 157.9706(1)(1)
Each licensee shall be responsible for the continuing effectiveness of its access authorization program. Each licensee shall ensure that its access authorization program is reviewed for compliance with the requirements of this subchapter and that comprehensive actions are taken to correct any noncompliance that is identified. The licensee shall evaluate all program performance objectives and requirements. Each licensee shall periodically, and at least annually, at intervals not to exceed 13 months, review its access authorization program content and implementation.
DHS 157.9706(2)
(2) The licensee shall document the results of its access authorization program review and any recommendations. Documentation of the review shall identify conditions that are adverse to the proper performance of the access authorization program, the cause of the conditions, and, when appropriate, recommended corrective actions, and corrective actions taken. A licensee shall review the results of its access authorization program review and take any additional corrective actions necessary to preclude repetition of the condition, including additional review.
DHS 157.9706(3)
(3) The licensee shall maintain it access authorization program review records for 3 years.
DHS 157.9706 History
History: CR 16-078: cr.
Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.106 under s. 13.92 (4) (b) 1., Stats.,
Register January 2018 No. 745;
CR 22-015: am. (1) Register June 2023 No. 810, eff. 7-1-23. DHS 157.9707(1)(a)(a) Any licensee that possesses a category 1 or category 2 quantity of radioactive material shall establish, implement, and maintain a security program under the requirements of this subchapter.
DHS 157.9707(1)(b)
(b) An applicant for a new license and any licensee that would become newly subject to the requirements of this subchapter upon application for amendment of its license shall implement the applicable requirements of this subchapter and be inspected by the department, before taking possession of a category 1 or category 2 quantity of radioactive material.
DHS 157.9707(1)(c)
(c) Any licensee that has not previously implemented the physical protection license condition requirements or been subject to ss.
DHS 157.9707 to
157.9715 shall provide written notification to the department at least 90 days before aggregating radioactive material to a quantity that equals or exceeds the category 2 threshold.
DHS 157.9707(2)
(2)
General performance objective. . Each licensee shall establish, implement, and maintain a security program that is designed to monitor and immediately detect, assess, and respond to an actual or attempted unauthorized access to category 1 or category 2 quantities of radioactive material.
DHS 157.9707 History
History: CR 16-078: cr.
Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.107 under s. 13.92 (4) (b) 1., Stats., and correction in (1) (c), (3) made under s. 13.92 (4) (b) 7., Stats.,
Register January 2018 No. 745.
DHS 157.9708
DHS 157.9708 General security program requirements. DHS 157.9708(1)(a)(a) Any licensee identified in s.
DHS 157.9707 (1) shall develop a written security plan specific to its facilities and operations specifying the overall security strategy that ensures the integrated and effective functioning of the security program required by this subchapter. At a minimum, the security plan shall:
DHS 157.9708(1)(a)1.
1. Describe the measures and strategies used to implement the requirements of this subchapter.
DHS 157.9708(1)(a)2.
2. Identify the security resources, equipment, and technology used to satisfy the requirements of this subchapter.
DHS 157.9708(1)(b)
(b) The security plan shall be reviewed and approved by the individual with overall responsibility for the security program.
DHS 157.9708(1)(c)
(c) A licensee shall revise its security plan as necessary to ensure the department's requirements are effectively implemented. A licensee shall ensure all of the following:
DHS 157.9708(1)(c)1.
1. The revision to the security plan has been reviewed and approved by the individual with overall responsibility for the security program.
DHS 157.9708(1)(c)2.
2. Individuals affected by the revised security plan are notified and given instruction about changes to the plan before they are implemented.
DHS 157.9708(1)(d)
(d) A licensee shall retain a copy of the current security plan as a record for 3 years after the security plan is no longer required. A licensee shall retain a record of any superseded portion of the security plan for 3 years after it is superseded.
DHS 157.9708(2)(a)(a) A licensee shall develop and maintain written procedures that document how the requirements of this subchapter and the security plan will be implemented.
DHS 157.9708(2)(b)
(b) The implementing procedures and revisions to these procedures shall be approved in writing by the individual with overall responsibility for the security program.
DHS 157.9708(2)(c)
(c) A licensee shall retain a copy of the current implementing procedures as a record for 3 years after they are no longer required. A licensee shall retain a record of any superseded portion of the implementing procedures for 3 years after they are superseded.
DHS 157.9708(3)(a)(a) A licensee shall conduct training to ensure that individuals implementing the security program possess and maintain the knowledge, skills, and abilities required to carry out their assigned duties and responsibilities effectively. The training shall include instruction in all of the following:
DHS 157.9708(3)(a)1.
1. The licensee's security program, implementing procedures, and the purposes and functions of the security measures employed to secure category 1 or category 2 quantities of radioactive material.
DHS 157.9708(3)(a)2.
2. The responsibility to report promptly to the licensee any condition that causes or may cause a violation of the department's requirements.
DHS 157.9708(3)(a)3.
3. The responsibility of the licensee to report promptly to the LLEA and licensee any actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of radioactive material.
DHS 157.9708(3)(b)
(b) In determining those individuals who will be trained on the security program, a licensee shall consider each individual's assigned activities during authorized use and response to potential situations involving actual or attempted theft, diversion, or sabotage of category 1 or category 2 quantities of radioactive material. The extent of the training provided to an individual shall be commensurate with the individual's potential involvement in the security of category 1 or category 2 quantities of radioactive material.
DHS 157.9708(3)(c)
(c) Refresher training shall be provided at a frequency not to exceed 12 months and when significant changes have been made to the security program. Refresher training shall include all of the following:
DHS 157.9708(3)(c)1.
1. Review of the training requirements under sub.
(3) and any changes made to the security program since the last training.
DHS 157.9708(3)(c)4.
4. Relevant results of the licensee's program review and testing and maintenance.
DHS 157.9708(3)(d)
(d) A licensee shall maintain records of the initial and refresher training for 3 years from the date of the training. The training records shall include dates of the training, topics covered, a list of licensee personnel in attendance, and related information.
DHS 157.9708(4)(a)
(a) A licensee authorized to possess category 1 or category 2 quantities of radioactive material shall limit access to and unauthorized disclosure of their security plan, implementing procedures, and the list of individuals that have been approved for unescorted access.
DHS 157.9708(4)(b)
(b) Efforts to limit access shall include the development, implementation, and maintenance of written policies and procedures for controlling access to, and for proper handling and protection against unauthorized disclosure of, the security plan, implementing procedures, and the list of individuals that have been approved for unescorted access.
DHS 157.9708(4)(c)
(c) Before granting an individual access to the security plan,
implementing procedures, or the list of individuals that have been approved for unescorted access, a licensee shall do all of the following:
DHS 157.9708(4)(c)1.
1. Evaluate an individual's need to know the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access.
DHS 157.9708(4)(c)2.
2. If the individual has not been authorized for unescorted access to category 1 or category 2 quantities of radioactive material, safeguards information, or safeguards information-modified handling, the licensee shall complete a background investigation to determine the individual's trustworthiness and reliability. A trustworthiness and reliability determination shall be conducted by the reviewing official and shall include the background investigation elements contained in s.
DHS 157.9702 (1) (a) 2. to
6. and
(b).
DHS 157.9708(4)(d)
(d) A licensee need not subject any of the following individuals to the background investigation elements for protection of information:
DHS 157.9708(4)(d)2.
2. Employees of security service providers for whom written verification has been provided to the licensee by the security service provider that indicates the employee has been determined to be trustworthy and reliable based upon the background investigation elements contained in s.
DHS 157.9702 (1) (a) 2. to
6. and
(2).
DHS 157.9708(4)(e)
(e) A licensee shall document the basis for concluding that an individual is trustworthy and reliable and should be granted access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access.
DHS 157.9708(4)(f)
(f) A licensee shall maintain a list of persons currently approved for access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. When a licensee determines that a person no longer needs access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access, or no longer meets the access authorization requirements for access to the information, the licensee shall remove the person from the approved list as soon as possible, but no later than 7 working days, and take prompt measures to ensure that the individual cannot obtain the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access.
DHS 157.9708(4)(g)
(g) When not in use, a licensee shall store its security plan, implementing procedures, and the list of individuals that have been approved for unescorted access in a manner to prevent unauthorized access. Information stored in non-removable electronic form shall be password protected.
DHS 157.9708(4)(h)
(h) A licensee shall retain all of the following as a record for 3 years after the document is no longer needed:
DHS 157.9708(4)(h)2.
2. The list of individuals approved for access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access.
DHS 157.9708 History
History: CR 16-078: cr.
Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.108 under s. 13.92 (4) (b) 1., Stats., correction in (1) (a), (4) (c) 2., (d) 1., 2. made under s. 13.92 (4) (b) 7., Stats., and correction in (4) (d) 2. made under s. 35.17, Stats.,
Register January 2018 No. 745;
CR 22-015: am. (4) (b), (c) (intro.), 1., (e) to (g), (h) 2. Register June 2023 No. 810, eff. 7-1-23. DHS 157.9709(1)(1)
A licensee subject to this subchapter shall coordinate, to the extent practicable, with an LLEA for responding to threats to a licensee's facility, including any necessary armed response. The information provided to the LLEA shall include all the following:
DHS 157.9709(1)(a)
(a) A description of the facilities and the category 1 and category 2 quantities of radioactive materials along with a description of the security measures that have been implemented by the licensee to comply with this subchapter.
DHS 157.9709(1)(b)
(b) A notification that the licensee will request a timely armed response by the LLEA to any actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of material.
DHS 157.9709(2)
(2) A licensee shall notify the department within 3 business days if any of the following occur:
DHS 157.9709(2)(a)
(a) The LLEA has not responded to the request for coordination within 60 days of the coordination request.
DHS 157.9709(2)(b)
(b) The LLEA notifies the licensee that the LLEA does not plan to participate in coordination activities.
DHS 157.9709(3)
(3) A licensee shall document its efforts to coordinate with the LLEA. The documentation shall be kept for 3 years.
DHS 157.9709(4)
(4) A licensee shall coordinate with the LLEA at least every 12 months, or when changes to the facility design or operation adversely affect the licensee's potential vulnerability to theft, sabotage, or diversion of its material.
DHS 157.9709 History
History: CR 16-078: cr.
Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.109 under s. 13.92 (4) (b) 1., Stats.,
Register January 2018 No. 745.
DHS 157.9710(1)(1)
A licensee shall ensure that all category 1 and category 2 quantities of radioactive material are used or stored within licensee established security zones. Security zones may be permanent or temporary.
DHS 157.9710(2)
(2) Temporary security zones shall be established as necessary to meet a licensee's transitory or intermittent business activities, such as periods of maintenance, source delivery, and source replacement.
DHS 157.9710(3)
(3) Unescorted access to security zones shall only be permitted to approved individuals through the following conditions, or combinations of conditions:
DHS 157.9710(3)(a)
(a) Category 1 and category 2 quantities of radioactive materials are isolated by the use of continuous physical barriers that allow access to the security zone only through established access control points. A physical barrier is a natural or man-made structure or formation sufficient for the isolation of the category 1 or category 2 quantities of radioactive material within a security zone.
DHS 157.9710(3)(b)
(b) The security zone is directly controlled by approved individuals at all times.
DHS 157.9710(4)
(4) For category 1 quantities of radioactive material during periods of maintenance, source receipt, preparation for shipment, installation, or source removal or exchange, a licensee shall, at a minimum, provide sufficient numbers of individuals approved for unescorted access to maintain continuous surveillance of sources in temporary security zones and in any security zone in which physical barriers or intrusion detection systems have been disabled to allow such activities.
DHS 157.9710(5)
(5) Individuals not approved for unescorted access to category 1 or category 2 quantities of radioactive material shall be escorted by an approved individual when in a security zone.