DHS 157.9707(2)(2) General performance objective. . Each licensee shall establish, implement, and maintain a security program that is designed to monitor and immediately detect, assess, and respond to an actual or attempted unauthorized access to category 1 or category 2 quantities of radioactive material. DHS 157.9707 HistoryHistory: CR 16-078: cr. Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.107 under s. 13.92 (4) (b) 1., Stats., and correction in (1) (c), (3) made under s. 13.92 (4) (b) 7., Stats., Register January 2018 No. 745. DHS 157.9708DHS 157.9708 General security program requirements. DHS 157.9708(1)(a)(a) Any licensee identified in s. DHS 157.9707 (1) shall develop a written security plan specific to its facilities and operations specifying the overall security strategy that ensures the integrated and effective functioning of the security program required by this subchapter. At a minimum, the security plan shall: DHS 157.9708(1)(a)1.1. Describe the measures and strategies used to implement the requirements of this subchapter. DHS 157.9708(1)(a)2.2. Identify the security resources, equipment, and technology used to satisfy the requirements of this subchapter. DHS 157.9708(1)(b)(b) The security plan shall be reviewed and approved by the individual with overall responsibility for the security program. DHS 157.9708(1)(c)(c) A licensee shall revise its security plan as necessary to ensure the department’s requirements are effectively implemented. A licensee shall ensure all of the following: DHS 157.9708(1)(c)1.1. The revision to the security plan has been reviewed and approved by the individual with overall responsibility for the security program. DHS 157.9708(1)(c)2.2. Individuals affected by the revised security plan are notified and given instruction about changes to the plan before they are implemented. DHS 157.9708(1)(d)(d) A licensee shall retain a copy of the current security plan as a record for 3 years after the security plan is no longer required. A licensee shall retain a record of any superseded portion of the security plan for 3 years after it is superseded. DHS 157.9708(2)(a)(a) A licensee shall develop and maintain written procedures that document how the requirements of this subchapter and the security plan will be implemented. DHS 157.9708(2)(b)(b) The implementing procedures and revisions to these procedures shall be approved in writing by the individual with overall responsibility for the security program. DHS 157.9708(2)(c)(c) A licensee shall retain a copy of the current implementing procedures as a record for 3 years after they are no longer required. A licensee shall retain a record of any superseded portion of the implementing procedures for 3 years after they are superseded. DHS 157.9708(3)(a)(a) A licensee shall conduct training to ensure that individuals implementing the security program possess and maintain the knowledge, skills, and abilities required to carry out their assigned duties and responsibilities effectively. The training shall include instruction in all of the following: DHS 157.9708(3)(a)1.1. The licensee’s security program, implementing procedures, and the purposes and functions of the security measures employed to secure category 1 or category 2 quantities of radioactive material. DHS 157.9708(3)(a)2.2. The responsibility to report promptly to the licensee any condition that causes or may cause a violation of the department’s requirements. DHS 157.9708(3)(a)3.3. The responsibility of the licensee to report promptly to the LLEA and licensee any actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of radioactive material. DHS 157.9708(3)(b)(b) In determining those individuals who will be trained on the security program, a licensee shall consider each individual’s assigned activities during authorized use and response to potential situations involving actual or attempted theft, diversion, or sabotage of category 1 or category 2 quantities of radioactive material. The extent of the training provided to an individual shall be commensurate with the individual’s potential involvement in the security of category 1 or category 2 quantities of radioactive material. DHS 157.9708(3)(c)(c) Refresher training shall be provided at a frequency not to exceed 12 months and when significant changes have been made to the security program. Refresher training shall include all of the following: DHS 157.9708(3)(c)1.1. Review of the training requirements under sub. (3) and any changes made to the security program since the last training. DHS 157.9708(3)(c)4.4. Relevant results of the licensee’s program review and testing and maintenance. DHS 157.9708(3)(d)(d) A licensee shall maintain records of the initial and refresher training for 3 years from the date of the training. The training records shall include dates of the training, topics covered, a list of licensee personnel in attendance, and related information. DHS 157.9708(4)(a)(a) A licensee authorized to possess category 1 or category 2 quantities of radioactive material shall limit access to and unauthorized disclosure of their security plan, implementing procedures, and the list of individuals that have been approved for unescorted access. DHS 157.9708(4)(b)(b) Efforts to limit access shall include the development, implementation, and maintenance of written policies and procedures for controlling access to, and for proper handling and protection against unauthorized disclosure of, the security plan, implementing procedures, and the list of individuals that have been approved for unescorted access. DHS 157.9708(4)(c)(c) Before granting an individual access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access, a licensee shall do all of the following: DHS 157.9708(4)(c)1.1. Evaluate an individual’s need to know the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. DHS 157.9708(4)(c)2.2. If the individual has not been authorized for unescorted access to category 1 or category 2 quantities of radioactive material, safeguards information, or safeguards information-modified handling, the licensee shall complete a background investigation to determine the individual’s trustworthiness and reliability. A trustworthiness and reliability determination shall be conducted by the reviewing official and shall include the background investigation elements contained in s. DHS 157.9702 (1) (a) 2. to 6. and (b). DHS 157.9708(4)(d)(d) A licensee need not subject any of the following individuals to the background investigation elements for protection of information: DHS 157.9708(4)(d)2.2. Employees of security service providers for whom written verification has been provided to the licensee by the security service provider that indicates the employee has been determined to be trustworthy and reliable based upon the background investigation elements contained in s. DHS 157.9702 (1) (a) 2. to 6. and (2). DHS 157.9708(4)(e)(e) A licensee shall document the basis for concluding that an individual is trustworthy and reliable and should be granted access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. DHS 157.9708(4)(f)(f) A licensee shall maintain a list of persons currently approved for access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. When a licensee determines that a person no longer needs access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access, or no longer meets the access authorization requirements for access to the information, the licensee shall remove the person from the approved list as soon as possible, but no later than 7 working days, and take prompt measures to ensure that the individual cannot obtain the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. DHS 157.9708(4)(g)(g) When not in use, a licensee shall store its security plan, implementing procedures, and the list of individuals that have been approved for unescorted access in a manner to prevent unauthorized access. Information stored in non-removable electronic form shall be password protected. DHS 157.9708(4)(h)(h) A licensee shall retain all of the following as a record for 3 years after the document is no longer needed: DHS 157.9708(4)(h)2.2. The list of individuals approved for access to the security plan, implementing procedures, or the list of individuals that have been approved for unescorted access. DHS 157.9708 HistoryHistory: CR 16-078: cr. Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.108 under s. 13.92 (4) (b) 1., Stats., correction in (1) (a), (4) (c) 2., (d) 1., 2. made under s. 13.92 (4) (b) 7., Stats., and correction in (4) (d) 2. made under s. 35.17, Stats., Register January 2018 No. 745; CR 22-015: am. (4) (b), (c) (intro.), 1., (e) to (g), (h) 2. Register June 2023 No. 810, eff. 7-1-23. DHS 157.9709(1)(1) A licensee subject to this subchapter shall coordinate, to the extent practicable, with an LLEA for responding to threats to a licensee’s facility, including any necessary armed response. The information provided to the LLEA shall include all the following: DHS 157.9709(1)(a)(a) A description of the facilities and the category 1 and category 2 quantities of radioactive materials along with a description of the security measures that have been implemented by the licensee to comply with this subchapter. DHS 157.9709(1)(b)(b) A notification that the licensee will request a timely armed response by the LLEA to any actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of material. DHS 157.9709(2)(2) A licensee shall notify the department within 3 business days if any of the following occur: DHS 157.9709(2)(a)(a) The LLEA has not responded to the request for coordination within 60 days of the coordination request. DHS 157.9709(2)(b)(b) The LLEA notifies the licensee that the LLEA does not plan to participate in coordination activities. DHS 157.9709(3)(3) A licensee shall document its efforts to coordinate with the LLEA. The documentation shall be kept for 3 years. DHS 157.9709(4)(4) A licensee shall coordinate with the LLEA at least every 12 months, or when changes to the facility design or operation adversely affect the licensee’s potential vulnerability to theft, sabotage, or diversion of its material. DHS 157.9709 HistoryHistory: CR 16-078: cr. Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.109 under s. 13.92 (4) (b) 1., Stats., Register January 2018 No. 745. DHS 157.9710(1)(1) A licensee shall ensure that all category 1 and category 2 quantities of radioactive material are used or stored within licensee established security zones. Security zones may be permanent or temporary. DHS 157.9710(2)(2) Temporary security zones shall be established as necessary to meet a licensee’s transitory or intermittent business activities, such as periods of maintenance, source delivery, and source replacement. DHS 157.9710(3)(3) Unescorted access to security zones shall only be permitted to approved individuals through the following conditions, or combinations of conditions: DHS 157.9710(3)(a)(a) Category 1 and category 2 quantities of radioactive materials are isolated by the use of continuous physical barriers that allow access to the security zone only through established access control points. A physical barrier is a natural or man-made structure or formation sufficient for the isolation of the category 1 or category 2 quantities of radioactive material within a security zone. DHS 157.9710(3)(b)(b) The security zone is directly controlled by approved individuals at all times. DHS 157.9710(4)(4) For category 1 quantities of radioactive material during periods of maintenance, source receipt, preparation for shipment, installation, or source removal or exchange, a licensee shall, at a minimum, provide sufficient numbers of individuals approved for unescorted access to maintain continuous surveillance of sources in temporary security zones and in any security zone in which physical barriers or intrusion detection systems have been disabled to allow such activities. DHS 157.9710(5)(5) Individuals not approved for unescorted access to category 1 or category 2 quantities of radioactive material shall be escorted by an approved individual when in a security zone. DHS 157.9710 HistoryHistory: CR 16-078: cr. Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.110 under s. 13.92 (4) (b) 1., Stats., Register January 2018 No. 745. DHS 157.9711DHS 157.9711 Monitoring, detection, assessment, communication, and response. DHS 157.9711(1)(a)(a) A licensee shall establish and maintain the capability to continuously monitor and immediately detect all unauthorized entries into its security zones. A licensee shall provide the means to maintain continuous monitoring and detection capability if the primary power source is lost, or provide for an alarm and response if this capability to continuously monitor and immediately detect unauthorized entries is lost. DHS 157.9711(1)(b)(b) Monitoring and detection shall be performed by at least one of the following: DHS 157.9711(1)(b)1.1. A monitored intrusion detection system that is linked to an onsite or offsite central monitoring facility. DHS 157.9711(1)(b)2.2. Electronic devices for intrusion detection alarms that will alert nearby facility personnel. DHS 157.9711(1)(b)4.4. Direct visual surveillance by approved individuals located within the security zone. DHS 157.9711(1)(b)5.5. Direct visual surveillance by a licensee designated individual located outside the security zone. DHS 157.9711(1)(c)(c) A licensee subject to this subchapter shall detect unauthorized removal of the radioactive material from the security zone by establishing and maintaining the following capabilities: DHS 157.9711(1)(c)1.1. For category 1 quantities of radioactive material, immediate detection of any attempted unauthorized removal of the radioactive material from the security zone. Immediate detection capability shall be provided by any of the following: DHS 157.9711(1)(c)2.2. For category 2 quantities of radioactive material, weekly verification through physical checks, tamper indicating devices, use, or other means to ensure that the radioactive material is present. DHS 157.9711(2)(2) Assessment of actual or attempted unauthorized entry. A licensee shall immediately assess each actual or attempted unauthorized entry into the security zone to determine whether the unauthorized access was an actual or attempted theft, sabotage, or diversion. DHS 157.9711(3)(3) Personnel communications and data transmission. For personnel and automated or electronic systems supporting a licensee’s monitoring, detection, and assessment systems, a licensee shall comply with all of the following: DHS 157.9711(3)(a)(a) Maintain continuous communication capability for personnel and electronic data transmission and processing capability among site security systems. DHS 157.9711(3)(b)(b) Provide an alternative communication capability for personnel, and an alternative data transmission and processing capability if the primary means of communication or data transmission and processing is lost. Alternative communications and data transmission systems shall not be subject to the same failure modes as the primary systems. DHS 157.9711(4)(4) Response to actual or attempted unauthorized access, theft, sabotage, or diversion. A licensee shall immediately respond to any actual or attempted unauthorized access to the security zones, or actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of radioactive material at licensee facilities or temporary job sites. For any unauthorized access involving an actual or attempted theft, sabotage, or diversion of category 1 or category 2 quantities of radioactive material, a licensee’s response shall include immediately requesting an armed response from the LLEA. DHS 157.9711 HistoryHistory: CR 16-078: cr. Register January 2018 No. 745, eff. 2-1-18; renumbered from DHS 157.111 under s. 13.92 (4) (b) 1., Stats., Register January 2018 No. 745. DHS 157.9712(1)(1) Any licensee subject to this subchapter shall implement a maintenance and testing program to ensure that intrusion alarms, associated communication systems, and other physical components of the systems used to secure or detect unauthorized access to radioactive material are maintained in operable condition and are capable of performing their intended function when needed. The equipment relied on to meet the security requirements of this subchapter shall be inspected and tested for operability and performance at the frequency suggested by the manufacturer. If there is no suggested frequency by the manufacturer, testing shall be performed, at a minimum, every 12 months. DHS 157.9712(2)(2) A licensee shall maintain records documenting maintenance and testing activities for 3 years.
/code/admin_code/dhs/110/157
true
administrativecode
/code/admin_code/dhs/110/157/xv/9708/3/d
Department of Health Services (DHS)
Chs. DHS 110-199; Health
administrativecode/DHS 157.9708(3)(d)
administrativecode/DHS 157.9708(3)(d)
section
true
