OFFICIAL ONR GUIDE SECURITY ORGANISATIONAL CULTURE. Nuclear Security Technical Inspection Guide. CNS-INSP-GD-2.0 Revision 0

Transcription

1 Title f dcument ONR GUIDE SECURITY ORGANISATIONAL CULTURE Dcument Type: Unique Dcument ID and Revisin N: Nuclear Security Technical Inspectin Guide Revisin 0 Date Issued: January 2018 Review Date: January 2021 Apprved by: Matt Sims Prfessinal Lead Security Specialism Recrd Reference: TRIM Flder (2017/456584) Revisin cmmentary: New dcument issued TABLE OF CONTENTS 1 INTRODUCTION PURPOSE AND SCOPE RELATIONSHIP TO RELEVANT LEGISLATION OVERVIEW OF FUNDAMENTAL SECURITY PRINCIPLE 2: ORGANISATION CULTURE GUIDANCE ON INSPECTION OF ORGANISATIONAL CULTURE ARRANGEMENTS AND THEIR IMPLEMENTATION FURTHER READING Office fr Nuclear Regulatin, 2018 If yu wish t reuse this infrmatin visit fr details. Published 01/18 Template Ref: ONR-DOC-TEMP-003 Revisin 1 Page 1 f 11

2 1 INTRODUCTION 1.1 The Nuclear Industries Security Regulatins (NISR) 2003 (Reference 6.1) cntains requirements fr respnsible persns t make certain arrangements including standards and prcedures t ensure the security f the nuclear premises, Nuclear Material (NM) r Other Radiactive Material (ORM) stred n the premises, Sensitive Nuclear Infrmatin (SNI) and standards and prcedures fr the transprtatin f Categry I - III NM. 1.2 Regulatin 4 f NISR requires there t be an apprved security plan fr each nuclear premises 1 which details thse arrangements fr the prtectin f NM/ORM and SNI, including cntingency plans. Regulatin 7 places the requirement fr the dutyhlder t maintain arrangements in accrdance with the apprved plan. Similarly, transprters f Categry I-III quantities f NM are required t detail their security arrangements in an apprved Transprt Security Statement in accrdance with Regulatin 16 and Regulatin 17 requires them t maintain thse arrangements. Fr the purpses f this guide, the term security plan will be used t refer t bth apprved dcuments. 1.3 The Office fr Nuclear Regulatin (ONR) has established a set f utcme fcused Security Assessment Principles (SyAPs) (Reference 6.2) which prvide a framewrk fr it t assess security arrangements defined in security plans and make cnsistent regulatry judgements n the adequacy f thse arrangements. The Fundamental Security Principles (FSyPs) and their underpinning Security Delivery Principles (SyDPs) are gal-setting and d nt describe what the dutyhlder s arrangements shuld cntain; this is the respnsibility f the dutyhlders wh remain respnsible fr security. 1.4 T assist inspectrs, ONR prduces a suite f guides t assist them in making regulatry judgements and decisins in relatin t the adequacy f cmpliance. This inspectin guide is ne f the suite f dcuments prvided by ONR fr this purpse. 2 PURPOSE AND SCOPE 2.1 Security plans shuld be structured in a frmat cnsisting f high-level claims, supprted by arguments substantiated by evidence. Where the dutyhlder is required t have an apprved security plan, the purpse f this guide is t facilitate a cnsistent and effective apprach t inspecting cmpliance with the arrangements described in the plan and detailed in the underpinning dcumentatin cncerning FSyP 2 Organisatinal Culture. 2.2 The judgements made by the inspectr will primarily relate t the efficacy f the implementatin f arrangements described in evidence that supprts the security plan t ensure that assciated arguments are fully substantiated. Hwever, ONR takes a sampling apprach t regulatin and it is pssible that elements f evidence within the plan r underpinning the plan were nt subject t assessment as part f the apprval prcess. Therefre, when reviewing r inspecting evidence as part f the interventin, the judgement may relate t the adequacy f the arrangements which supprt the apprved plan. The inspectr may als prvide advice and guidance in the interests f encuraging dutyhlders t seek cntinuus imprvement. 2.3 The guidance shuld nt be regarded as either cmprehensive r mandatry, but prvides a framewrk fr inspectrs n which t base their judgements and discretin during such inspectins. 1 As defined by Regulatin 2 f NISR TRIM Ref: Page 2 f 11

3 2.4 The guidance prvided is split int three main elements: 1) relatin t relevant legislatin; 2) an verview f the FSyP and assciated SyDP; 3) guidance n inspectin f arrangements fr rganisatinal culture, and their implementatin 3 RELATIONSHIP TO RELEVANT LEGISLATION 3.1 The term dutyhlder mentined thrughut this guide is used t define respnsible persns n civil nuclear licensed sites and ther nuclear premises subject t security regulatin, a develper carrying ut wrk n a nuclear cnstructin site and apprved carriers, as defined in NISR. It is als used t refer t thse hlding SNI. 4 OVERVIEW OF FUNDAMENTAL SECURITY PRINCIPLE 2: ORGANISATION CULTURE 4.1 As described in the SyAPs, Reference 2, FSyP 2 is cncerned with the develpment and maintenance f an embedded security culture within the dutyhlder rganisatin. It states that Dutyhlders must encurage and embed an rganisatinal culture that recgnises and prmtes the imprtance f security. The qualifying text describes hw safety and security culture will cexist within an rganisatin, and althugh there may be differences due t the different needs f each discipline, successful rganisatins fster an apprach that integrates safety and security in a mutually supprting manner. 4.2 The assciated SyDP 2.1 cnsiders the maintenance f a rbust security culture. It ntes the rle f the Bard t ensure the entire rganisatin recgnises that a credible threat exists, that nuclear security is imprtant and the rle f the individual in maintaining a rbust security culture. The detailed assessment guide assciated with SyDP 2.1 is published by ONR as CNS-TAST-GD-2.1 (Reference 6.3). 4.3 SyDP 2.1 ntes that dutyhlders are expected t cmmunicate security expectatins and standards t all emplyees and that prcesses and arrangements shuld be in place t create and sustain a rbust security culture acrss the rganisatin and its supply chain and cntractrs. 4.4 SyDP 2.1 als describes hw the arrangements fr a rbust security culture shuld be reviewed and assessed by an apprpriate, independent gvernance regime. There shuld als be a prcess t review and test the security culture f the rganisatin and t encurage cntinuus imprvement. 4.5 SyDP 2.1 further describes hw the rganisatinal culture shuld be aligned t supprt business and security pririties. Any cnflict between safety and security cultures shuld be identified and addressed in a prmpt manner. Similarly, any cmpeting safety and security requirements shuld be managed and recnciled thrugh integrated hlistic risk management and decisin making prcesses. 4.6 The rle f leaders at all levels within the rganisatin t display behaviurs that supprt and demnstrate a cmmitment t security culture is als recgnised. Leaders shuld ensure staff can engage in apprpriate levels f decisin making as well as reprting and challenge. 4.7 The Internatinal Atmic Energy Agency (IAEA) publish Implementing Guide NSS N 7 titled Nuclear Security Culture (Reference 6.4) which includes the latest gals f the TRIM Ref: Page 3 f 11

4 IAEA nuclear security prgramme. This guide explains the basic cncepts and elements f nuclear security culture and prvides recmmendatins t assist in planning and implementing a prgramme t imprve rganisatins security culture. Where cnsidered apprpriate, elements f this guidance has been included in this Technical Inspectin Guide (TIG). 4.8 The high level Leadership and Management fr Safety requirements defined in General Safety Requirements Part 2 (Reference 6.5) recgnise the interactin between nuclear safety and security culture and the imprtance f fstering bth in a harmnius manner. 4.9 The nuclear industry Safety Directrs Frum has prduced a bklet Key Attributes f an Excellent Nuclear Security Culture (Reference 6.6), which cntains additinal infrmatin and guidance The Wrld Institute fr Nuclear Security has published best practice guide 1.4 fr nuclear security culture (Reference 6.7). This gives guidance n the factrs that encurage a strng security culture. 5 GUIDANCE ON INSPECTION OF ORGANISATIONAL CULTURE ARRANGEMENTS AND THEIR IMPLEMENTATION PHASES GENERAL 5.1 Detailed infrmatin n all the phases is detailed in ONR Guide GD-064 (Reference 6.8). PLANNING PHASE 5.2 ONR has develped regulatry strategies fr dutyhlders. This includes cnducting a prgramme f security culture interventins t cnfirm psitive management f nuclear security culture acrss the industry. Fr all f the majr sites and facilities, an annual Integrated Interventin Strategy (IIS) plan exists which describes hw the strategy is realised thrugh a series f planned inspectins. Fr mre detail n IIS plans, see ONR Guide GD-059 (Reference 6.9). 5.3 When planning security culture interventins: Review the IIS plan t cnfirm the inspectin is n the plan, r if necessary, that the plan is mdified t include the planned inspectin. Determine the scpe f the inspectin. Thus, are all the elements f this guide ging t be cnsidered at a high level, fr example fr a small rganisatin, r is ne specific element t be inspected in detail t help build an verall picture f a larger dutyhlder? Determine the tpics t be sampled. D recent events r ther infrmatin frm the security site inspectr suggest a specific tpic shuld be subject t detailed inspectin? Cnsider invlving a specialist in Leadership and Management fr Safety/Security frm the Human and Organisatinal Factrs (HOF) specialism. Cnsult with the nminated site security inspectr (where applicable) t ensure they are fully aware f all inspectin activities taking place and can supprt and TRIM Ref: Page 4 f 11

5 give a regulatry cntext, ptentially gruping similar inspectins, fr example n a tpic r facility basis. Identify which ONR inspectrs (safety and security), technical advisers and internal regulatrs will be invlved. PREPARATION PHASE 5.4 Specific activities when preparing security culture interventins inspectrs culd include the fllwing: Review the inspectin histry fr the dutyhlder. Previus IRs and the RID shuld be reviewed t determine if there are legacy cncerns r issues utstanding which may prvide an indicatin f the current security culture. Review the inputs and utputs frm dutyhlder annual reprting and the ONR backbrief prcess t determine if specific tpics shuld be sampled. Review event reprts since the last security culture interventin t identify thse which have, r culd have, been identified by the dutyhlder as having identified weaknesses in the security culture f the rganisatin. Review relevant guidance, References 4, 5, 6 and 7, in cnjunctin with relevant gd practice, t develp a clear understanding f the cmpliance standards that are expected. The scpe f the inspectin shuld be decided and articulated thrugh the preparatin f an apprpriate questin set. Review the Inspectrs shuld cnsider questins frm the apprpriate TAG and this TIG. Cnsider in advance hw the planned inspectin is prprtinate t the size f the dutyhlder as well as the maturity and quality f the dutyhlder s security culture prgramme. If an extensive inspectin is planned, can it be justified n the basis f infrmatin n security culture rating and security perfrmance f the dutyhlder? Cnsider seeking certain dcuments in advance f the inspectin, ptentially including sme f the fllwing Nuclear security plicy statement Threat briefing materials used fr training and disseminatin Event investigatin reprts where security culture was determined t be a cntributing feature as well as ptentially lking at event reprts where security culture culd have been a cntributing cause, but this hasn t been identified by the dutyhlder. Cpies f management indicatrs used t measure security culture ver a defined perid Current nuclear security culture survey reprt Current nuclear security culture imprvement plan Assurance reprts n the effectiveness f the culture imprvement plan TRIM Ref: Page 5 f 11

6 DELIVERY PHASE - GENERAL 5.5 The arrangements develped by an rganisatin t create and sustain a rbust security culture shuld cntain a number f discrete elements, including: Bard and management-level standards and expectatins; A prcess fr the assessment and measurement f security culture; A prgramme t review and imprve the measured security culture; The implementatin f an assurance led review and assessment f security culture. 5.6 Guidance n the inspectin f the arrangements made by the dutyhlders fr these elements and their implementatin is defined in the fllwing sectins. DELIVERY PHASE - BOARD AND MANAGEMENT-LEVEL STANDARDS AND EXPECTATIONS 5.7 Led by its Bard, the rganisatin shuld create and publish a nuclear security plicy which is widely available and prmted at all levels within the rganisatin. The plicy shuld explain that security has a high pririty and reflects that a credible threat exists and that individuals all have a rle t mitigate elements f that threat. 5.8 Leaders and managers in the dutyhlder rganisatin shuld ensure the nuclear security plicy is embedded within the verall management system and that alngside all the ther elements f the management system, the security elements are reviewed and updated peridically. 5.9 Leaders and managers in the dutyhlder rganisatin shuld ensure that the imprtance f a gd security culture is prmted within all elements f the supply chain which culd have an impact n verall security perfrmance Leaders and managers at all levels in the rganisatin shuld prmte and display standards f behaviur which enable staff t engage with them regarding security cncerns. They shuld clearly articulate the standards f security behaviur they expect f their staff, and set ut what sanctins can be applied if these standards and expectatins are nt met Leaders and managers shuld be briefed n relevant security threats and similarly have briefed their staff regarding credible threats and their rle in respnding t them. Briefing materials shuld be develped and recrded and the rganisatin shuld ensure they are used cnsistently and at an apprpriate frequency. The delivery f training assciated with these briefing materials shuld be recrded and arrangements shuld be in place fr thse staff wh culd nt receive the training face t face t als be engaged and trained Decisin making by managers shuld have a clear and demnstrable security element. Decisin making shuld be delegated t defined rles and individuals that are suitably qualified and experienced, and thse pst hlders shuld take due accunt f the ideas and feedback frm their staff. The cntributins made by staff shuld be recgnised and accunted fr clearly and transparently t gain the maximum level f wnership. Where decisins in the interests f security and safety are nt fully aligned, the pririty assigned t each shuld be defined and managers shuld ensure decisins are reached and recrded in a systematic and repeatable manner. Where necessary, decisins shuld be elevated t higher levels within the rganisatin and reviewed by an independent assurance functin. TRIM Ref: Page 6 f 11

7 5.13 The reprting and investigatin f events t supprt imprvement and prevent repetitin shuld be pen and transparent. Decisins made as a result f the investigatins shuld be frmally captured and disseminated t apprpriate parts f the rganisatin. The expectatins fr arrangements made under Licence Cnditin 7 are equally applicable t thse fr events f a security rigin Inspectrs shuld cnsider the fllwing regarding the arrangements and their implementatin: Des the rganisatin have a clear and accessible nuclear security plicy statement? Is the nuclear security plicy cntained within the verall management system and is that management system reviewed and updated peridically? D leaders and managers check t ensure that the security culture f supply chain partners meets their standards and expectatins? Des the dutyhlder have a clear mechanism t ensure enclave rganisatins display site-wide behaviurs and culture? D tenant rganisatins and cntractrs have access t site-wide security training and security culture initiatives? Are briefing materials which define the current threat r respnse levels and their applicability t the rganisatin develped and used? What arrangements are in place fr the recrding f balanced decisins? Are pririties between security and safety elements clearly defined? Des the decisin making prcess take accunt f the impact f decisins n the security culture f the rganisatin? When events are investigated, d the arrangements ensure security culture is cnsidered as a cntributing feature, and is the ptential impact f subsequent imprvement prgrammes n security culture cnsidered? Culd the dutyhlder have verlked security culture as a cntributing factr twards reprted events? D the leaders and managers display behaviurs which demnstrate their cmmitment t the nuclear security plicy statement? D they supprt and accept challenge? D all members f staff recgnise the nuclear security plicy statement and can they explain their rle in its implementatin? Are behaviurs by managers r individual staff which are nt in accrdance with defined security practices challenged? Are recrds available t demnstrate the rganisatin des nt tlerate pr behaviurs r practices which leave the rganisatin vulnerable t external threats? Are sanctins clearly defined and, when apprpriate, enfrced? The inspectr shuld nte that this is an area where a prly judged interventin culd be as likely t prduce a detrimental as a psitive effect, and thus where specialist HOF supprt culd be useful. D annual reviews f staff perfrmance include an element lking at security perfrmance and culture? TRIM Ref: Page 7 f 11

8 D staff have clear access t the relevant threat briefing materials and d they understand their rle (and the rle f thers including site security teams) in respnding t this threat? Are the briefing materials recrded, reviewed and re-used n a peridic basis? Is training delivered based n the threat briefing materials recrded and checked t ensure all staff receive the relevant aspects? Fr peratinal security decisin making, is a decisin lg maintained and is it accessible t all relevant staff? Are event reprts and investigatins cmpleted in a timely manner and are subsequent imprvement prgrammes fully implemented and cmpleted within apprpriate timescales? D rganisatins learn frm relevant gd practice in ther high hazard industries? Hw d dutyhlders ensure that their security culture is nt cmprmised by ther stakehlders invlved in their business? DELIVERY PHASE ASSESSMENT AND MEASUREMENT OF SECURITY CULTURE AND ASSOCIATED IMPROVEMENT PLAN 5.15 The dutyhlders measurement f security culture can be achieved thrugh a range f direct and indirect indicatrs and measures. Fr many rganisatins, and specifically the larger dutyhlders, an annual survey f security culture may be apprpriate, either as part f an annual safety r wider rganisatinal culture survey, r as an independent survey. Inspectrs shuld test when the last survey was undertaken and the scpe and cntent f the security sectin f the survey The indicatrs shuld be benchmarked against ther industries and parts f the Critical Natinal Infrastructure, t ensure gd practices are adpted Fr all dutyhlders, ther indirect measures f security culture shuld als be cnsidered. These include security perfrmance measures and their peridic review by management teams. Security practices in the rganisatin shuld als be subject t peridic reviews and reviews fllwing specific events r changes in threat levels. Arrangements shuld describe hw the rganisatin respnds t internal and external changes that may necessitate a review f security in additin t the mechanisms by which peridic reviews are initiated. They shuld als explain hw subsequent imprvement prgrammes are develped and implemented Security related infrmatin, including threat briefings, shuld be cmmunicated quickly thrugh the rganisatin. Similarly, learning frm experience (LfE) bth n site, and frm thers, shuld als be cmmunicated effectively. The inspectr shuld seek cnfirmatin that security based LfE and threat briefings are cmmunicated in a timely manner by the dutyhlder Lessns identified frm rganisatinal culture surveys, r frm LfE, need t be acted n t embed a culture f cntinuus imprvement and t imprve lng term security culture The rganisatin shuld have a clear imprvement plan with SMART (specific, measurable, attainable, realistic, timely) actins. The inspectr shuld lk fr bth arrangements t develp and manage an imprvement plan and fr evidence f delivery f actins arising frm the plan. TRIM Ref: Page 8 f 11

9 5.21 Management and gvernance arrangements fr the security culture imprvement plan shuld include milestnes and indicatrs t cnfirm actins are being delivered and reviewed t ensure the expected imprvements are being realised. The imprvement plan shuld als be subject t review by internal assurance and ther internal cntrls t cnfirm delivery f actins, and t cnfirm that the deliverables have been effective and will prduce measureable imprvements Fllw up surveys f rganisatinal culture shuld ensure they address previusly identified gaps and shrtfalls, and where apprpriate, they shuld use repeatable measurements t ensure the effectiveness f imprvement actins Inspectrs shuld cnsider the fllwing regarding the arrangements and their implementatin: Are suitable arrangements in place fr peridic measurement f security culture? Hw and when was security culture last measured? Are indirect measures f security culture als cnsidered by the dutyhlder? Are they credible and realistic surrgates fr security culture? Are arrangements in place t review internal and external events and imprve security culture shuld it be necessary? D the arrangements fr the review f events allw fr shrtfalls in security culture t be identified as a cntributr r rt cause? Are management arrangements in place t cnfirm delivery f a security culture imprvement plan? Are internal assurance arrangements in place t cnfirm delivery and effectiveness f a security culture imprvement plan? Des the dutyhlder cmmunicate LfE specific t security? Are threat briefings cmmunicated in a timely manner? Is there an imprvement plan fr security culture which is widely knwn? Des the imprvement plan cntain SMART actins? Are the actins priritised and is the priritisatin system apprpriate? Is there measurable and valid prgress against the actins? Are the utputs frm the actins reviewed t ensure they deliver the expected imprvements? Is the next assessment f security culture planned and is it fcussed t ensure previusly identified weaknesses have been addressed? DELIVERY PHASE ASSURANCE OF SECURITY CULTURE TRIM Ref: Page 9 f 11

10 5.24 The dutyhlder shuld assure themself that an active security culture assessment and imprvement prgramme is perating effectively within the rganisatin The assurance team shuld have access t all f the management infrmatin regarding security culture measurement and imprvement. They shuld als have access t independent measurement and feedback frm their interactins with the wider dutyhlder rganisatin and individuals within the rganisatin The assurance reprting t senir management and the Bard shuld reprt n bth delivery f a security culture imprvement prgramme and its effectiveness. The assurance functin shuld als generate and prvide an independent view n the accuracy and effectiveness f the security culture measurement and management prcesses. The reprting prcess shuld include bth written and verbal reprting The assurance teams shuld have access t (if they are nt part f) the investigatins and fllw up activities in the event f security incidents r shrtfalls. They shuld review the utputs frm these activities t cnfirm they are effective and lessns are learned t avid future shrtfalls and events. They shuld als review the infrmatin they btain frm their wn inspectin, assessment and ther assurance activity prgramme f wrk, t benchmark against the results frm the security culture reviews by the dutyhlder managers. This shuld prvide an independent view f the accuracy f the infrmatin n security culture that the leaders and managers are using as the basis f their decisin making and imprvement prgramme Inspectrs shuld cnsider the fllwing regarding the arrangements and their implementatin: Des the assurance team have arrangements fr the peridic review and assessment f the security culture measurement and imprvement plans? If s, d these arrangements include a clear line f reprting t the management and the Bard regarding the effectiveness f the security culture imprvement prgramme? Des the assurance team include security culture as ne f the areas they reprt n? D they use their wn inspectins and assessments t benchmark the management infrmatin generated regarding security culture? D the assurance teams fllw up imprvement actins t cnfirm they are effective? Is the assurance plan f wrk sufficiently wide ranging t give an bjective view f security culture acrss the rganisatin? Fr small dutyhlders with n independent assurance functin, are the internal challenge arrangements delivering an effective review f security culture measurement and imprvement activities? WRITE UP PHASE 5.29 A summary f the Write Up phase is that the inspectin is recrded in an Interventin Reprt in a timely manner, fllwing the detailed guidance in References 8 and It is imprtant t develp actins r issues taking full accunt f their ptential impact n the security culture f the dutyhlder. The ptential fr a prly defined r wrded actin r issue t generate an utcme which undermines security culture within the dutyhlder is higher than fr mre sharply fcussed engineering based inspectins. If apprpriate, the inspectr shuld cnsult peers and their line manager as well as TRIM Ref: Page 10 f 11

11 listening t the views f the dutyhlders managers and assurance teams t ensure the actin is suitably develped. 6 FURTHER READING 6.1 Nuclear Industries Security Regulatins Statutry Instrument 2003 N Security Assessment Principles 2017 Editin, Versin Maintenance f a Rbust Security Culture. CNS-TAST-GD-2.1 Revisin IAEA Nuclear Security Series N. 7. Nuclear Security Culture. 6.5 IAEA Safety Standards. General Safety Standards: GSR Part 2: Leadership and Management fr Safety. 6.6 Nuclear Industry Safety Directrs Frum. Key Attributes f an Excellent Nuclear Security Culture. 6.7 Wrld Institute fr Nuclear Security. Best Practice Guide 1.4 Nuclear Security Culture 6.8 ONR Guide GD-064 General Inspectin Guide 6.9 ONR Guide GD Guidance fr Interventin Planning and Reprting. TRIM Ref: Page 11 f 11