Table of contents
- 1 Introduction
- 2 Scope of application
Design bases for nuclear security and the relevant requirements set on them
- 3.1 The design bases for nuclear security
- 3.2 Security of a nuclear facility
- 3.3 Safety classification of systems, structures and components
- 3.4 The concept of security zones and the use of zones within one another
- 3.5 Security organisation
- 3.6 Passage and goods traffic control
- 3.7 Central alarm centre
- 3.8 The command centre and rooms assigned for use by the police
- 3.9 Security control and communication systems
- 3.10 Advisory Committee on Nuclear Security Arrangements
- 4 Maintenance and development of security arrangements
- 5 Actions during a threat
- 6 Demonstration of the effectiveness of nuclear security
- 7 Documents to be submitted to STUK for oversight
- 8 Regulatory oversight by the Radiation and Nuclear Safety Authority
- 9 Classification
- Appendix A Security arrangements of a nuclear facility – detailed requirements concerning nuclear security
- Appendix B Structural resistance and layout in the protection of a nuclear power plant and spent fuel storage against an airplane crash
- Appendix C Design basis threat concerning an airplane crash
With regard to new nuclear facilities, this Guide shall apply as of 1 December 2013 until further notice. As regards these facilities, this Guide replaces Guide YVL 6.11 (ST III) issued on 13 July 1992 as well as the specifying decisions 4/CS1/02 and 5/AS1/02 (ST II) concerning it. With regard to operating nuclear facilities and those under construction, this Guide shall be enforced through a separate decision to be taken by STUK.
ISBN 978-952-309-064-4 (print) Kopijyvä Oy 2014
ISBN 978-952-309-065-1 ( pdf)
ISBN 978-952-309-066-8 (html)
According to Section 7 r of the Nuclear Energy Act (990/1987), the Radiation and Nuclear Safety Authority (STUK) shall specify detailed safety requirements for the implementation of the safety level in accordance with the Nuclear Energy Act.
Rules for application
The publication of a YVL Guide shall not, as such, alter any previous decisions made by STUK. After having heard the parties concerned STUK will issue a separate decision as to how a new or revised YVL Guide is to be applied to operating nuclear facilities or those under construction, and to licensees’ operational activities. The Guide shall apply as it stands to new nuclear facilities.
When considering how the new safety requirements presented in the YVL Guides shall be applied to the operating nuclear facilities, or to those under construction, STUK will take due account of the principles laid down in Section 7 a of the Nuclear Energy Act (990/1987): The safety of nuclear energy use shall be maintained at as high a level as practically possible. For the further development of safety , measures shall be implemented that can be considered justified considering operating experience, safety research and advances in science and technology.
According to Section 7 r(3) of the Nuclear Energy Act, the safety requirements of the Radiation and Nuclear Safety Authority (STUK) are binding on the licensee, while preserving the licensee’s right to propose an alternative procedure or solution to that provided for in the regulations. If the licensee can convincingly demonstrate that the proposed procedure or solution will implement safety standards in accordance with this Act, the Radiation and Nuclear Safety Authority (STUK) may approve a procedure or solution by which the safety level set forth is achieved.
Translation. Original text in Finnish.
101. The general obligations pertaining to security arrangements are set forth in the Nuclear Energy Act (990/1987) and in the Government Decrees on Security in the Use of Nuclear Energy (734/2008) and on the Safety of Nuclear Power Plants (717/2013) issued by virtue of the Act [ 1, 2, 3]. Some obligations are also contained in international conventions in the field of nuclear energy signed by Finland, other inter-governmental treaty arrangements, and obligations undertaken by Finland.
102. The YVL Guides ensure coordination of security arrangements with emergency arrangements during threats and emergency situations.
103. Under Section 55 of the Nuclear Energy Act, the Radiation and Nuclear Safety Authority (STUK) is the authority overseeing the security arrangements of nuclear facilities. Under Section 9 of the Nuclear Energy Act, security arrangements are the responsibility of the licensee in so far as these duties are not assigned to authorities [ 1].
104. What is prescribed in the Act on the Openness of Government Activities (621/1999) applies to the publicity of nuclear security documents [ 4]. The confidentiality obligation relating to the activities (nuclear security) referred to in the Nuclear Energy Act is decreed in Section 78 of the Nuclear Energy Act [ 1]. Confidentiality requirements in private security services are laid down in Sections 14 and 41 of the Private Security Services Act (282/2002) [ 5].
2 Scope of application
201. Compiled in this Guide are regulations that apply to the nuclear security of nuclear facilities, and it presents the requirements for their application. This Guide applies to nuclear facilities as well as to the treatment in accordance with Table 2 of nuclear material or waste belonging to categories 1–3. The requirements pertaining to other nuclear use items are given in Guide YVL D.1. The requirements for the security arrangements of nuclear material and nuclear waste transports are provided in Guide YVL D.2. Design basis threat (DBT) is addressed in a separate document, ”Design basis threat for the use of nuclear energy and radiation”, the facility-related parts of which are delivered to licensees operating nuclear facilities assigned in the facility classes (section 9.1) in question for use as the basis for security arrangements in the planning. General requirements for security arrangements and STUK’s oversight are also described in the Guides YVL B.1 and B.2, B.7, C.5, D.1, D.2, D.3, D.4, D.5, E.6 and E.7.
3 Design bases for nuclear security and the relevant requirements set on them
3.1 The design bases for nuclear security
301. Under Section 28 of Government Decree (717/2013), when designing, constructing, operating and decommissioning a nuclear power plant, a good safety culture shall be maintained [ 3]. A corresponding requirement concerning nuclear facilities is presented in Section 19 of Government Decree (736/2008). A good safety culture covering security shall be observed in the planning and implementation of nuclear security.
302. Under Section 3 of Government Decree (734/2008), the design of security shall prepare, among other risks, for the risk of unlawful action being taken by an individual working at the nuclear facility, or by someone participating in the treatment and transport of nuclear material or nuclear waste, or by an outside group or person, who may be assisted by a person working at the facility or in a transport-related task. Design shall also account for the possibility that any person or group attempting unlawful action may have conventional weapons and explosives or ones based on an electromagnetic, chemical or biological impact, as well as information and expertise unavailable to the public [ 2]. The design basis threat (DBT), risk analyses of the operations to be secured and the protection needs identified based on them shall be used as a basis for the planning of security arrangements.
303. Under Section 4 of Government Decree (734/2008), structures, systems and components important to the safety of a nuclear facility as well as the locations of nuclear material and nuclear waste shall be designed to facilitate the effective implementation of security, taking into account the requirements for nuclear and radiation safety [ 2].
304. A design basis threat defines the threat on which the requirements, design and assessment of nuclear security are based [ 2]. The design basis threat contains definitions for the characteristics of groups/individuals possibly engaging in unlawful action used as design bases for nuclear security. The design basis threat contains threats of various degrees in severity. Based on the threat of unlawful action possibly taken against the use of nuclear energy and radiation, STUK maintains the design basis threat in co-operation with other authorities. STUK regularly assesses the design basis threat and updates it, where necessary [ 2]. The licensee shall plan nuclear security in a way that makes it possible to ward off, to the extent practicable, a design basis threat in accordance with the protection objectives established in the design basis threat document. The planning of nuclear security shall ensure that the arrangements do not hamper emergency management measures at the facility in connection to a long-term loss of electricity.
305. Under Section 8 of Government Decree (736/2008), the design of a nuclear waste facility shall take account of any impacts caused by potential natural phenomena and other events external to the facility. As external events, even unlawful activities aiming at damaging the facility shall be taken into account [ 17].
306. The design basis threat concerning an airplane crash and the applicable requirements are presented in Appendices B (public) and C (protection class III) of this Guide.
307. The risk analyses referred to in Section 2 of the Government Decree (734/2008) on Security in the Use of Nuclear Energy shall be utilised in designing the facility and its structural details, practical oversight measures and the organisation responsible for the implementation of security arrangements. Based on risk analysis, the need for protection at the facility and during transport shall be determined in accordance with a graded approach, taking the design basis threat into account. The use of risk analysis shall be described in the management system of the design and construction phases. Nuclear security related risk analyses shall utilise probabilistic risk assessments conducted in accordance with Government Decree 717/2013. Security arrangements related risk management shall, for applicable parts, take into account the requirements presented in Guide YVL A.7 Probabilistic risk assessment and risk management of a nuclear power plant.
308. More detailed design bases for nuclear security and descriptive requirements have been compiled in Appendix A, which is classified and confidential (protection level III) since the disclosure to a third party of information contained in it could compromise the purpose of nuclear security (Section 78 of Nuclear Energy Act, Section 24.1(7) of the Act on the Openness of Government Activities [ 1, 4].
309. Nuclear-security related requirements shall be taken into account in all phases of the nuclear facility’s life cycle and, later, during plant improvements, refurbishments and modifications. Nuclear security design shall take place simultaneously with other designing of the plant or its systems and structures. The design process shall proceed logically, taking into account the following nuclear security aspects:
- fundamental principles and tasks
- design bases and requirements
- interdependencies between systems design and components design
- definitions, technical specifications and functional descriptions
- documentation needs.
310. Security arrangements aim to ward off unlawful action. The planning of security arrangements shall take account of the various areas of physical protection: deterrence, prevention, detection, delay and response. Response comprises mitigation of consequences, prevention of serious consequences and bringing a situation under control. Planning shall consider the dependencies of the various areas. In the planning of detection and delay, for example, the time needed to arrange response shall be taken into account.
311. A nuclear facility’s layout design shall aim for unambiguous solutions. The number of access openings and routes to the plant area as well as the volume of passenger and materials traffic shall be kept to a practicable minimum to enhance access control. Rooms with no nuclear safety or security significance for facility operations and/or operation shall be located outside the plant area.
312. Security zones shall be reliably separated from one another. Emergency access routes from a safety division shall, whenever possible, lead out and not to another division, Safety division as a concept is defined in Guide YVL B.1. Furthermore, it shall be ensured that emergency access routes cannot be used as access routes for unlawful action.
313. In the design, implementation and manufacturing of security-related components and structures, relevant industrial standards and quality management in accordance with them shall be followed to ensure their reliability.
314. The design bases referred to in the requirements above pertain to off-site threats and insider threats (insider: individual(s) working at the facility). Off-site threats in this context mostly mean intentional or negligent actions taken against the nuclear facility from the outside, and which could, without preparedness, compromise the security of the nuclear facility. In determining threats, an attempt shall be made to take into account nuclear-security related current events, the service life of the facility unit under design, construction or in operation and uncertainties relating to the making of predictions about the future, as regards various disturbances and crises in society, for example. However, military operations are excluded from the design bases that apply to the licence applicant and the licensee.
3.2 Security of a nuclear facility
315. The Nuclear Energy Act decrees that the licensee shall take care of the safety of the use of nuclear energy [ 1]. Since the means and authority of the licensee alone do not suffice to provide against the threat of terrorism, for example, the police and other authorities providing executive assistance where necessary in case of various unlawful situations have legislative obligations in ensuring security. The countermeasures launched shall be dimensioned according to the threat in question. The licensee shall, as concerns nuclear security, maintain an up-to-date situation assessment essential for own operation, and shall, where necessary, conduct threat assessments relating to situations and functions. The licensee is responsible for handling a threat until the authorities assume command responsibility. The licensee shall agree with the police authority about the procedure of relaying the situation assessment to the police.
3.3 Safety classification of systems, structures and components
318. Safety classification of systems associated with nuclear security is based on the potential safety significance of the systems. At the system level, only nuclear security related systems are comparable to Class EYT/STUK (Guide YVL B.2 defines the classification) where STUK’s oversight procedures are concerned. To be submitted to STUK for information about these systems is, for applicable parts, system level documentation that is in accordance with Guide YVL B.1. Paras 702–721 specify in detail what documentation is to be submitted in each licensing phase.
319. Security-related component level documents need not be submitted to STUK, unless STUK specifically so requires.
3.4 The concept of security zones and the use of zones within one another
320. According to Section 4 of Government Decree (734/2008), the interfaces of safety zones (“security zones” in this Guide) will form efficient structural obstacles to unlawful action [ 2]. The interfaces of security zones shall form obstacles that are balanced in terms of their protective performance, mutually comparable and sufficiently effective to prevent or delay unauthorised access to provide the security organisation and authorities with sufficient time to undertake countermeasures. In dimensioning structural strength, to be taken into account are an item’s safety significance and classification in accordance with subsection 3.3 and the design basis threat.
321. Under Section 4 of Government Decree (734/2008), security shall be based on the utilisation of several security zones placed within each other so that systems and components important to safety, and nuclear material and nuclear waste, are afforded particular protection and access control and the control of goods traffic can be arranged [ 2]. Technical, administrative and operative procedures shall be used to protect the aforementioned items.
322. Security arrangements shall aim at detecting a threat as early as possible to initiate immediate countermeasures.
323. Access openings, security zones and interlocking arrangements shall fulfil nuclear security requirements in accordance with Appendix A, in addition to which fire safety and accident preparedness requirements as well as the safety of facility operation shall be taken into account.
324. For the implementation of nuclear security, facility classes 1 and 2 in accordance with table 1 at nuclear facilities shall form four security zones within one another, which are defined in subsections 3.4.1–3.4.4):
- restricted area
- plant area
- protected area
- vital area.
At nuclear power plants, the restricted area is called a site area.
325. There shall be at least two security zones at a nuclear facility in facility class 3.
3.4.1 Restricted area
326. In a nuclear facility’s outermost security zone, an adequately large area shall be reserved where movement and stay is limited based on a decision by the competent authority or under a decree. Security arrangements within this area shall concentrate on monitoring, threat detection and buying time for the initiation of immediate countermeasures.
327. Actions requiring the use of force shall be left for the authorities, where possible.
328. Security personnel shall conduct random patrols of the area to detect a potential threat.
3.4.2 Plant area
329. The plant area consists of a double-fenced area surrounding the buildings pertaining to the plant’s operation and it shall be located inside the restricted area.
330. Security personnel shall conduct random patrols of the plant area to detect potential threats. Detailed orders concerning the plant area are given in Appendix A.
3.4.3 Protected area
331. A protected area is, as a rule, an area bounded by the outer walls of the facility building or buildings, which in its entirety shall be within the plant area. The outer surfaces of buildings inside the protected area shall be heavily protected against unlawful action as described in the design basis threat.
332. Security personnel shall conduct random patrols of the protected area to detect potential threats. Detailed orders concerning the protected area are given in Appendix A.
3.4.4 Vital area
333. Vital areas shall be located inside the protected area. The licensee shall, based on plant type characteristics and its design basis threat, define vital areas and submit the definition to STUK for approval. Below are examples of a vital area:
- rooms containing structures, systems or components essential for the facility’s safety functions
- rooms containing nuclear materials
- rooms from where systems important to the safety of the facility can be controlled (e.g. control room and emergency control room)
- rooms from where security arrangements can be directed and supervised (e.g. alarm centres).
334. The placement in the vital area of systems or components having a minor safety significance but requiring frequent maintenance, for example, shall be avoided. More detailed provisions concerning the vital area are presented in Appendix A.
3.5 Security organisation
335. Under Section 7 l of the Nuclear Energy Act, a nuclear facility shall have security personnel trained for the planning and implementation of arrangements for security (security organisation). Security personnel shall also be employed for securing the transport and storage of nuclear material and nuclear waste pertaining to the operation of the nuclear facility. The tasks and qualification requirements of the security organisation and security personnel shall be defined and they shall have monitoring equipment, communication equipment, protective equipment and equipment for use of force available as required for their tasks [ 1].
336. The security organisation and its minimum staffing during normal operation and during a threat shall be defined in the security standing order. The resulting manning shall be documented.
337. For a nuclear facility’s security tasks (security personnel) and physical security functions, only a private guarding services supplier established and managed in compliance with the Private Security Services Act shall be used. Physical security tasks and functions may also be taken care of by the licensee's own security organisation, which shall, for applicable parts, fulfil the requirements of the aforementioned act and the provisions issued under it.
338. Under Section 7 of the Nuclear Energy Act, the security standing order shall determine:
1) how the security organisation is managed and its operations organised;
2) the equipment and forcible means equipment in the security organisation's possession; and
3) when the police should be called and how responsibility should be transferred from the security organisation to the police once they have arrived on the scene [ 1].
339. The security organisation shall have general written instructions for action by means of which the personnel are capable of performing their duties correctly and efficiently. In addition to this, the security organisation shall have, for example, specific instructions for action for each area or target under guard.
340. The security organisation’s procedures and principles for the use of force means shall be defined in the security standing order.
341. The security organisation shall promptly draw up a separate event notification of observations and events that led to action, for example, to ensure the legal protection of anyone at whom regulatory oversight and actions are directed. The security standing order shall define the following matters as regards the event notification:
- which events are reported
- how they are reported
- authorities the reports are submitted to.
342. Written instructions shall be in place for the design and efficient implementation of security arrangements. The instructions shall also include instructions for the purchase, design, manufacturing, installation, commissioning, operation, maintenance, repair and modification of security arrangements planning related structural protection and electrical control systems.
343. A nuclear facility shall always have a someone in the security organisation with unambiguous responsibility and mandate for the command of security arrangements.
3.5.1 Responsible manager
344. Under Section 7 k of the Nuclear Energy Act, the task of a nuclear facility's responsible manager is to ensure that the provisions of the Nuclear Energy Act concerning the safe use of nuclear energy and nuclear security, the licence conditions and regulations issued by the Radiation and Nuclear Safety Authority (STUK) are complied with. The responsible manager shall be familiar with the functionality and level of security arrangements as well as of nuclear-security related events [ 1].
345. A responsible manager’s duty is, for his/her part, to ensure that a good nuclear security culture is maintained. This requires, among other things, a commitment to nuclear security and to emphasising this attitude to the personnel.
346. Under Section 7 l(4) of Nuclear Energy Act, measures belonging to the regular security control of a nuclear facility shall be appropriately communicated to the employees of the nuclear facility and other people transacting business within the nuclear facility site [ 1].
347. The qualification requirements and approval procedure for a responsible manager and his/her deputy are given in Section 7 k of the Nuclear Energy Act [ 1] and in Guide YVL A.4 Organisation and personnel of a nuclear facility.
3.5.2 Person responsible for nuclear security
348. Under Section 7 i of the Nuclear Energy Act [ 1], the licensee shall appoint a person responsible for security arrangements [ 1]. A deputy shall be appointed for the person responsible for security arrangements. STUK approves the aforementioned persons for their duties.
349. The qualification requirements and approval procedure for the person responsible for nuclear security and his/her deputy are presented in Guide YVL A.4 Organisation and personnel of a nuclear facility.
350. Under Section 7(i)(4) of the Nuclear Energy Act, the licensee shall ensure that the persons referred to above occupy the positions required for the task, while possessing adequate authority and the genuine prerequisites for bearing the responsibility vested in them [ 1]. They shall keep the responsible manager informed of all significant nuclear-security related events, drawbacks, development projects and changes.
351. Those responsible for nuclear security shall ensure its appropriate implementation in accordance with an approved security plan and security standing order. They shall update nuclear-security related the situation assessments based on information received from authorities and shall develop the functionality of nuclear security, and also implement nuclear-security related tasks.
352. Those responsible for nuclear security shall actively follow events in the field and develop their own proficiency.
353. The responsible manager and the person responsible for nuclear security as well as their deputies, shall be in the licensee’s employ.
3.5.3 Shift managers and other security personnel
354. A nuclear facility shall have, around the clock, the number of security personnel defined in the security standing order, who are appropriately equipped and trained and have undergone drills to act under various threats.
355. The number of security personnel shall be adequate to simultaneously manage more than one hazard, such as a fire and threat.
356. As the shift manager of security personnel, a suitable person shall be appointed who is particularly familiar with the legislation and practical procedures relating to both the nuclear facility and guarding.
357. Only a person who has a security guard’s training in accordance with the Private Security Services Act, or some other corresponding basic training in the security field, can act as a shift manager or other member of the security personnel. In addition, security personnel shall fulfil the general approval conditions stipulated for a security guard [ 2]. Security personnel having a training other than the basic training of a security guard shall be presented to STUK for approval.
358. Security personnel shall have valid and approved training in equipment for use of force as defined in the security standing order and also nuclear facility-specific training. The required training shall be defined in more detail in the security standing order.
359. Temporary security guards shall not be used as security personnel.
360. The mental and physical capability of shift managers and other security personnel shall be ensured every year based on an assessment conducted by occupational health care.
361. In the annual training events and demonstration tests (practice and theory), shift managers and other security personnel shall demonstrate their capability to carry out their physical security tasks correctly and safely. The demonstration test and training events shall be described annually within the scope of a training programme to be sent to STUK for information before the implementation of the programme starts. A file shall be kept of the demonstration tests, training events and participants. The data in question shall be handed over to STUK and the police authority on request.
362. The physical capability of shift managers and other security personnel carrying out operative physical security tasks shall be evaluated every year. Every year they shall undergo tests measuring physical capability in accordance with the Directive for Rescue Diving (48/2007) of the Ministry of the Interior [ 10]. Those performing the duties in question shall be defined in the security standing order.
363. A real-time list shall be kept of the security personnel.
3.5.4 Commission agreement as well as the contact persons of the licensee and guarding services supplier
364. If persons employed by a guarding services supplier are used as security personnel or guards, a written agreement ( commission agreement) for the physical security tasks and functions shall be drawn up before the supply of the services covered by the commission begins. If, because of the urgent nature of the work, it has not been possible to draw up an agreement before initiating the tasks, an agreement shall be made at the latest on the second weekday after the commencement of the work [ 5]. The procedures for liability distribution, training and other actions shall be described in the security standing order or security plan.
365. For communication between the licensee and the guarding services supplier, contact persons and their deputies shall have been defined in writing. The person responsible for nuclear security shall be the licensee’s contact person and his or her deputy shall be in reserve. The guarding services supplier’s primary contact person shall be their manager or security manager who must have the qualifications to act as the responsible manager of a guarding services supplier.
3.5.5 Cooperation between licensees
366. A licensee’s nuclear security operations can be implemented in cooperation between two different licensees if the following prerequisites are met:
- Both licensees are licensees as referred to in the Nuclear Energy Act and engaged in their trade in areas geographically bordering each other.
- Both areas use the services of the same approved guarding services supplier.
- Both licensees have their own, STUK-approved security plan and an STUK-confirmed security standing order.
- Both licensees have their own STUK-approved responsible managers and persons responsible for nuclear security as well as deputies for them.
- For communication between licensees and the guarding services supplier, the various parties shall have contact persons and their deputies defined in writing, all of whom shall fulfil the requirements presented in requirement 365.
367. In accordance with the preconditions in subsections 2 and 5 of para 366, the arrangement of some nuclear security arrangements measures may be bestowed upon the project supplier as regards a construction site limited to a nuclear facility’s construction or modification project, however, in such a way that the licence applicant/licensee’s responsibility for security arrangements remains undivided. On the supplier’s side, no responsible manager or a person responsible for security arrangements is thus appointed but contact persons shall be defined.
3.6 Passage and goods traffic control
369. Under Section 7 m of the Nuclear Energy Act, a member of the security organisation may carry out a security check on anyone working at a nuclear facility or transacting business at the nuclear facility, and on their goods, in a manner defined in the security standing order [ 1].
370. Detailed orders for security checks are given in Appendix A.
371. Under Section 5 of Government Decree (734/2008), appropriate security clearances shall be carried out in order to ensure the personnel vetting of persons working at the nuclear facility and participating in the treatment and transportation of nuclear material and nuclear waste [ 2].
373. Under Section 7(3) of Government Decree (734/2008), passage through the site area for those transacting business with the nuclear facility shall be restricted in compliance with the purpose of the transactions, and controlled [ 2].
374. The procedures and authority of granting access and visiting passes to the different security zones (who has the right to grant and what kind of access rights, goods transport rights, etc.) shall be determined in the security plan.
The procedures and associated documentation shall address at least the following:
- a list of those with access or visiting passes, to what access right area the passes have been granted and their validity
- substances and items that are not allowed to be taken to or from the facility without special permission.
The procedures shall also address, for example, the matter of granting visiting passes to the guests of a person who grants access or visiting passes. A record shall be kept of all access and visiting passes granted, lost and returned.
3.6.1 Access control
375. Only those with an access or visiting pass granted for the purpose may be admitted to the nuclear facility.
376. The prerequisites for granting access rights to the different security zones and access right areas shall be defined in advance in the licensee’s instructions.
377. The number of access and key rights to the vital area shall be kept as low as possible.
378. Those with an access pass shall be issued an identity card with a photo, while visitors shall receive a visiting pass. An identity card or visiting pass shall be kept visible in all security zones and presented to a member of the security organisation on request.
379. An access pass for unescorted access rights to the plant area may only be granted to persons who it to work there and on whom a background check in accordance with the Act on Background Checks (177/2002) has been conducted – on a foreign worker some other equivalent check verifying personal safety shall have been conducted to the extent possible [ 11]. The check shall be repeated at fixed intervals as defined in appropriate the instructions. Procedures that apply to visitors shall be applied to those coming to the facility to work and whose trustworthiness has not been verified and whose access to the facility is considered fundamental.
380. An access or visiting pass shall not be granted if a physician or other health care professional has established that a person is inclined to, for example, violent behaviour, vandalism or the misuse of intoxicating substances, or mental or other potentially dangerous illnesses.
381. Under Section 7 m of the Nuclear Energy Act, any person working at the nuclear facility or conducting business therein is obliged, upon the request of a member of the security organisation, to undergo a test in order to detect alcohol or any other intoxicating substance [ 1]. The test procedures, target levels and equipment used shall be defined in the nuclear facility’s security standing order.
382. Visitors, a restricted number at a time, may only be allowed to the plant area or the protected area in the company of a person authorised for such a task. The host shall guide and supervise the visitors during the entire visit.
383. Visitors are only allowed to the vital area in exceptional cases. The facility instructions shall define the person granting visiting passes to the vital area.
384. Essential information of the visits and visitors shall be recorded:
- name, identity number (if not applicable, time and place of birth)
- host of visit
- contact information.
In maintaining different registers, legislation applicable to person registers and the ensuing requirements shall be taken into account.
385. All persons shall be reliably identified before entry to the plant area. Entry arrangements shall prevent entry into the plant area until a person has been identified by biometric means and, as regards visitors, on the basis of an identity card issued by a national authority or similar identification, or a document issued by an international authority.
386. Inside the border of the plant area, persons shall be monitored and reasons for any deviant behaviour identified, where necessary.
387. Access control at the nuclear facility shall be implemented in a way enabling reliable establishment of who are, or have been, within the plant area, the protected area and the vital area.
388. An individual shall not have an unnecessary right or possibility of access during the same work shift to more than a half of the rooms containing redundant subsystems of the same safety function unless so required to ensure nuclear safety. This requirement applies to nuclear facilities in facility class 1.
389. Detailed requirements for access control are given in Appendix A.
3.6.2 Keys management
390. There shall be written instructions on procedures for the handing over, keeping and use of keys. Detailed orders for the management of keys are given in Appendix A.
3.6.3 Goods traffic control
391. Vehicles present in the security zones shall be monitored. The control procedures shall be described in the security plan.
392. The amount of goods taken to the protected area and the vital area shall be kept to a minimum. Detailed orders on goods traffic control are given in Appendix A .
3.7 Central alarm centre
Both shall have redundant communication lines with the police and the control room. The central alarm centre shall not have duties that would impede the implementation and oversight of security arrangements. The stand-by alarm centre shall be separated from the central alarm centre proper by distance and structural design to prevent the simultaneous loss of the centres due to the same off-site or on-site cause.
394. It shall be possible to reliably ascertain the continuous capability to operate of the central alarm centre and the stand-by alarm centre. Detailed provisions on the alarm centres are presented in Appendix A.
3.8 The command centre and rooms assigned for use by the police
395. Under Section 12 of Government Decree (734/2008), a nuclear facility shall have a constantly manned control centre function for the security organisation, and a room allocated for this function [ 2]. The person responsible for the function commands the facility’s security functions until the police, as laid down in Section 13 of Government Decree (734/2008), announce that they assume command of measures taken for the prevention of unlawful action [ 2]. In a nuclear facility, excluding a research reactor, the same person cannot simultaneously act as the person responsible for commanding the security organisation and security alarm functions.
396. A nuclear facility shall designate an appropriately equipped room for the use of the police in commanding operations for the prevention of unlawful action being taken against the nuclear facility [ 2]. The equipment needs of the room in question shall be agreed upon with the competent police authority. Depending on the situation, the police may determine as the command post a room other than that offered for the purpose. The communication arrangements of temporary command posts shall be agreed upon with the police authority.
397. The command centre shall have a stand-by centre. Both centres shall be capable of maintaining redundant communication with the police and the plant control room [ 2]. The stand-by command centre shall be separated from the command centre proper by distance and structural solutions to prevent the simultaneous loss of the centres due to the same off-site or on-site cause.
3.9 Security control and communication systems
398. The communication, alarm and control equipment (and devices) belonging to security arrangements shall be tested and serviced at intervals determined in the nuclear facility’s instructions. In provision against failures, measures shall be planned in advance to ensure the adequate functionality of security arrangements. Detailed orders on security control and communication systems are presented in Appendix A.
3.10 Advisory Committee on Nuclear Security Arrangements
399. For the preparatory handling of matters pertaining to the security of the use of nuclear energy, the Government-appointed Advisory Committee on Nuclear Security Arrangements acts in conjunction with STUK. Under Section 15 of Government Decree (734/2008), the Committee’s task is to promote co-operation between the authorities and the licensee as well as to assess threat scenarios in the field of nuclear security and any changes thereto [ 1, 2].
4 Maintenance and development of security arrangements
402. The effectiveness of security may not be significantly reduced by any failure of a single security system, structure or component. Security shall be implemented so that the level thereof does not significantly decrease in the event of any common-cause failures or emergencies at the facility, such as an electric power failure or fire [ 2].
404. Members of the security organisation shall be adequately equipped as defined in the security standing order.
405. The functionality and adequacy of nuclear security shall be continuously monitored. Domestic and foreign security events and experiences shall be followed and taken into account in maintaining and developing nuclear security. The necessary actions to compensate for and correct deficiencies shall be initiated and implemented without delay. In addition, the participation of the police authority in the monitoring of nuclear security shall be requested.
406. Events related to nuclear security shall be recorded, and they shall be verifiable afterwards. For continuous improvement of operation, the events shall be assessed, and the potential development needs identified and implemented in a timely manner.
5 Actions during a threat
501. Under Sections 13–14 and 19 of Government Decree (734/2008), during a threat, immediate action in compliance with the security standing orders or the security plan shall be taken alongside other measures required [ 2].
502. Whenever a threat has been detected, the alarm shall be raised with the police immediately. As the police arrive at the scene, information on the threat and its progress shall be submitted to the police as far as possible. The Radiation and Nuclear Safety Authority (STUK) shall be notified without delay when a threat arises [ 2]. All the necessary information about the threat and its progress shall also be submitted to STUK, even if the security organisation’s management is occupied with warding off the threat.
504. When a threat has been detected, the person in charge of the security organisation will take control of measures preventing the threat. Control of these activities will be handed over to the police when the police officer concerned notifies that the police are assuming said control. In such a case, a sufficient number of personnel shall be designated to assist the police. These persons shall possess expert knowledge of nuclear technology and radiation protection [ 2].
506. During a threat, the authenticity, extent and significance of the threat shall be evaluated. The evaluation is conducted, as far as possible, in cooperation with the representatives of the nuclear facility and the police. For such situations, the police draws up action plans as well as maintains these plans and related preparedness. The necessary training and exercises shall be arranged in cooperation with the police. The facility’s representatives shall maintain preparedness to independently make the aforementioned evaluation during an urgent situation.
507. During a threat, the following actions shall be initiated:
- ensuring the facility’s safety functions and worker safety
- mitigating potential consequences
- warding off of the threat
- eliminating the threat.
Once the situation is over, the controlled closure of the situation, bringing the facility to a normal state, and debriefing management shall also be ensured.
508. Detailed facility-specific actions to provide against threats shall be described in the security standing order and/or other relevant instructions.
509. Securing of safety functions includes, in accordance with the nature of the threat, the following actions, for example:
- bringing the facility to the safest possible state considering the threat in question
- protecting items essential to safety
- controlling the facility from a place other than its control room, if necessary.
510. Mitigation of consequences also includes initiation of the emergency organisation’s operation. A threat with objective or potential consequence of compromise facility safety shall be classified as an emergency situation in accordance with the emergency plan. The emergency plan is described in Guide YVL C.5.
511. All detected threats to the facility’s nuclear security as well as any related threats, events, phenomena and persons which may have a bearing on nuclear safety or security or which could surpass the national or international news threshold, shall be reported to STUK as soon as possible.
6 Demonstration of the effectiveness of nuclear security
601. The licensee shall aim at risk management by the following procedures:
- elimination or reduction of a detected risk by preventive measures such as the following:
- by improving security the efficiency, for example, through increased physical barriers or delaying elements, and improved detection by means of modern monitoring systems
- by increasing response
- by mitigating the impact of the consequences of unlawful action.
602. The licensee shall demonstrate the effectiveness and efficiency of nuclear security against unlawful action and the conformance of the arrangements with this publication during the different phases of the nuclear facility’s life cycle: Significant changes shall be submitted to STUK for approval before implementation. The licensee shall present the criteria against which to assess security arrangements. In security arrangement related assessment, the National Security Auditing Criteria (KATAKRI) [ 13] for example shall be used.
603. In demonstrating the effectiveness of nuclear security, the licensee shall also utilise external, independent assessments as well as exercises. Nuclear security assessment is intended to establish the adequacy of security arrangements and identify potential needs for improvement. During an assessment, a security plan covering the plant, any functions affecting plant security as well as a list of items in the vital area shall be submitted to STUK. Security structures and equipment shall be described and their detection and delay properties assessed. The monitoring systems of access openings to the vital area with consideration to a room’s security significance and the threat scenario for the room in question shall be placed under special scrutiny. The assessment shall also cover the actions by the facility’s operating and security organisations, which have a bearing on the prevention and warding off of unlawful action and the mitigation of its consequences.
604. In order to ensure a correct level of nuclear security, the licensee shall periodically arrange an extensive nuclear-security self-assessment and an extensive nuclear-security assessment by a separately assembled team of experts, both of which shall, however, take place no less often than every four years. The assessments can be conducted simultaneously. The mutual compatibility of security arrangements with the licensee’s emergency arrangements and with the action plans of the police shall be assessed at the same time. STUK shall be given an adequate advance notification of the assessment to enable STUK’s participation, at its discretion, in observing the assessment. A report shall be drawn up to STUK of the assessments and their results.
605. The licensee shall demonstrate the facility’s preparedness for various threatening situations and the adequacy of the systems, structures, components and actions related to nuclear security to prevent or delay, for a sufficiently long time, anyone intending to inflict malicious damage from causing a situation compromising the safety of the facility’s personnel or its environment
606. In order to demonstrate the effectiveness of nuclear security, the licensee shall draw up an exercise programme and, accordingly, hold exercises related to security at regular intervals, however, no less frequently than once a year. The exercise programme shall be submitted to STUK for information.
607. Under Section 6 of Government Decree (734/2008), annual exercises shall be taken to practice procedures in compliance with the security plan and security standing order in a threatening situation. Regular exercises shall also be arranged with the authorities concerned. [ 2]. In drawing up the exercise programme, co-operation exercises and their number shall be agreed upon with the police authority taking into account the various police special groups.
608. Table-top exercises, simulations and practical exercises, for example, shall be used as exercise methods. In the exercises, situations shall be included with a simultaneous accident and nuclear-security related threat. The exercises shall take into account plant site-specific circumstances, such as port-related ISPS (International Ship and Port Facility Security Code) requirements.
609. The licensee shall update the exercise programme at specified intervals, however, no less frequently than every three years. Any significant modifications to the programme shall be sent to STUK for information in conjunction with the updates. The licensee shall invite the authorities in question to participate in the exercises and, as far as possible, plan the exercises in cooperation with them.
7 Documents to be submitted to STUK for oversight
701. The safety classification description and the requirements pertaining to it presented in requirement 318 shall be taken into account in the different licensing phases.
7.1 Decision-in-principle phase
702. According to Section 24 of the Nuclear Energy Decree, in connection with the submission of an application for a decision-in-principle for a nuclear facility, a description of the suitability of the planned location for its purpose, taking account of the impact of local conditions on safety, security and emergency arrangements, shall be submitted [ 7].
7.2 Construction licence phase
704. When submitting to STUK a construction licence application for a nuclear facility, preliminary plans for the security and emergency arrangements shall also be submitted for approval in accordance with Section 35(6) of the Nuclear Energy Decree[ 7]. The preliminary plans shall include a preliminary security plan concerning the operation of the nuclear facility and a draft security standing order concerning the operation of the nuclear facility, as well as, in accordance with Section 19 of Government Decree (734/2008), a conceptual design plan and a description on how the design basis threat has been used as the basis for nuclear security planning and how, by means of the protection objectives of the planned security arrangements, the design basis threat can be warded off in accordance with the protection objectives set in it as well as possible through practical measures.
705. In conjunction with the construction licence application, a report on the security arrangements in place during a plant unit’s construction phase shall be submitted to STUK for approval. The report shall include, among other information, a description of the security organisation and the nuclear security principles as well as, as an attachment to them, a set of instructions for the implementation of the security arrangements. Information about guarding arrangements and any possible external guarding services supplier utilised during construction shall be included in the report.
706. The conceptual design plan shall include risk analyses and a definition of protection needs, the design criteria for nuclear security as well as a comprehensive description of the design principles and technical solutions to ward off unlawful action, which ensure the fulfilment of the requirements in sections 3–5 at the facility or facility unit in question.
707. The licensee shall present how requirements pertaining to nuclear security during operation have been taken into account in construction design and implementation.
708. The licensee shall draw up a separate plan presenting the nuclear security as it is to be applied during the storage and handling of non-irradiated fuel. The plan shall be submitted to STUK for approval six months before nuclear fuel is brought to the facility for the first time.
709. If, in the vicinity of the construction site of a new unit, there are nuclear facility units in a commissioning, operational or decommissioning phase, their security plans shall be supplemented with a description of nuclear security as it is to be applied during the construction phase of the new unit. The plans and documents referred to in paras 703–709 as well as their revisions are subject to STUK’s approval.
7.3 Operating licence phase
710. When an operating licence application for a nuclear facility is submitted to STUK, security plans in accordance with Section 36(7) of the Nuclear Energy Decree [ 7] shall also be submitted to STUK for approval. The plans shall include a security plan, a security standing order and a description of how the design basis threat is warded off by means of the security arrangements in accordance with the protection objectives established in the threat to the extent practicable, and how the design basis threat will be used as the basis in nuclear security planning and assessment during operation. The aforementioned plans and documents, as well as any changes to them, are subject to STUK’s approval.
711. The documents shall systematically, and with justification, show the principles and designs by which the structural, technical, administrative and organisational requirements presented above in this Guide are taken into account at the facility in question.
712. Instructions for the implementation of security arrangements, including guarding instructions, shall be submitted for information in conjunction with the plan.
713. With the security plan, a schedule shall also be submitted for information presenting the implementation of the different sectors of nuclear security as well as the installation and commissioning of security devices.
7.4 Commissioning phase
714. Before the nuclear facility is introduced into service, the licensee shall request from STUK an inspection of the acceptability of nuclear security [ 1]. A prerequisite for the inspection is the approval of the documents mentioned above in subsection 7.3.
715. Where a nuclear reactor is concerned, the licensee shall also request from STUK an adequately extensive inspection of nuclear security before nuclear fuel is brought to the plant area. One prerequisite for the receipt of nuclear fuel is that the implementation of security arrangements has been approved in an inspection.
716. Where a nuclear reactor is concerned, STUK’s inspection of the overall implementation of nuclear security shall be requested before nuclear fuel is loaded into the reactor. A prerequisite for the initiation of fuel loading is that the implementation of nuclear security has been approved in an inspection.
717. In so far as security arrangements is completed earlier than mentioned above, the inspection shall be requested as early as possible.
7.5 Operation phase
718. Changes to the security standing order and security plan are subject to STUK’s approval. The licensee shall submit for approval all changes made to approved nuclear security within a time presupposed by their scope and significance before their planned implementation, however, no later than three months before the planned modification. The modifications are subject to approval before their implementation and commissioning.
7.6 Decommissioning phase
719. Even in the decommissioning phase, the nuclear security shall be adequate to ward off unlawful action and guarantee nuclear safety.
720. The licensee shall present to STUK for approval the implementation of nuclear security during the decommissioning phase.
7.7 Contents of plans
721. To be incorporated into the plans are matters required in the review and licensing phases in question. Document contents shall, for applicable parts, take into account the content requirements of Guide YVL B.1. The following areas shall be considered:
- bases for nuclear security, including a risk analysis and an analysis of protection needs conducted based on the design basis threat
- design criteria and dimensioning criteria derived from the analysis of protection needs
- the facility’s nuclear security and security organisations (incl. all units contributing to security arrangements), duties, powers of decision and lines of responsibility
- implementation of security clearances to ensure personal safety
- implementation of nuclear security in different licensing phases
- action under normal conditions and threats
- recruitment and training of personnel, use of external workforce
- an account of nuclear security and a possible external guarding services supplier as well as the number of security personnel and their equipment
- co-operation with competent authorities
- division of the facility into security zones with justification
- interfaces between the security zones, their structures and access openings
- passenger and goods traffic control, routes, access rights, interlockings and key management
- security control and alarm systems
- Central alarm centre and stand-by alarm centre
- command centre and stand-by command centre
- control room and emergency control room
- means of communication
- action when under threat
- measures to prevent unauthorised removal of nuclear use items from the facility
- measures to locate and recover missing or stolen nuclear use items
- analysis of the effectiveness and efficiency of security arrangements
- maintenance and follow-up of security arrangements
- compensatory and corrective actions
- training programme for the security and security arrangements organisation
- exercise programme for the security and nuclear security organisation
- maintenance outage arrangements
- off-site communications
- protection of measuring equipment monitoring the facility’s environment
- quality management of the design and implementation of security arrangements
- information security
- other matters essentially affecting nuclear security.
722. The licensee shall submit to STUK for information a report on the extensive assessment and self-assessment of nuclear security.
723. Exercise programmes concerning security shall be submitted to STUK for information.
724. The licensee shall submit exercise reports to STUK for information.
725. The annual training programme presented in para 361 shall be submitted to STUK for information.
726. Threats, as well as any significant deterioration in the functionality of nuclear security, shall be immediately reported to STUK and, where applicable, these shall be reported in writing in compliance with the procedures presented in Guides YVL A.9 and YVL A.10.
727. The functionality of nuclear security has significantly deteriorated if a system belonging to security arrangements has failed either completely or in part. The functionality of nuclear security is considered to have significantly deteriorated in cases such as
- a malfunction or a structural defect surfaces, which would make possible unauthorised access to the protected area or the vital area without anyone noticing it, or
- a failure of all communication lines to the local authorities.
728. STUK shall be informed as soon as possible of any of the above events, such as a significant deterioration of the functionality of nuclear security where the level of security arrangements was promptly resumed by compensatory action.
729. Reporting shall take into account regulations pertaining to the confidentiality of documents.
8 Regulatory oversight by the Radiation and Nuclear Safety Authority
801. Under Section 37 of the Nuclear Energy Decree, the Radiation and Nuclear Safety Authority (STUK) shall supplement its opinions on applications for nuclear facilities with a statement from the advisory committee referred to in section 56 sub section 2 of the Nuclear Energy Act [ 7] (Advisory Committee on Nuclear Security).
8.1 Decision-in-principle phase
802. Under Section 25 of the Nuclear Energy Decree, in its preliminary safety assessment of the application for a decision-in-principle, the Radiation and Nuclear Safety Authority (STUK) must also include a statement from the advisory committee referred to in section 56 sub section 2 of the Nuclear Energy Act [ 7].
803. STUK reviews a plan to provide against a large commercial airplane crash in accordance with requirement 703.
804. Under Section 11 of Government Decree (717/2013), the impact of local conditions, on safety and on the implementation of the security and emergency arrangements, shall be considered when selecting the site of a nuclear power plant. The site shall be such that the impediments and threats posed by the plant to its environment remain extremely low and heat removal from the plant to the environment can be reliably implemented [ 3].
8.2 Construction licence phase
805. When a construction licence is applied for, STUK issues a statement to the Ministry of Employment and the Economy about the application including a safety assessment it has prepared and a review of the documents as mentioned in Section 35 of the Nuclear Energy Decree. In preparing the safety assessment, STUK requests from the Ministry of the Interior a statement about the reviews referred to in Section 35(6) of the Nuclear Energy Decree pertaining to nuclear security and emergency arrangements [ 7].
806. STUK handles preliminary plans related to nuclear security, as presented in paras 704–709, in co-operation with other competent authorities.
8.3 Construction phase
807. STUK oversees the implementation of nuclear security along with other operations as part of the construction inspection programme. The inspections ensure that the construction licence conditions as well as approved analyses and plans pertaining to the implementation of nuclear security are observed.
8.4 Operating licence phase
808. When an operating licence is applied for, STUK issues a statement to Ministry of Employment and the Economy about the application, and attaches to the statement a safety assessment it has prepared and a review of the documents mentioned in Section 36 of the Nuclear Energy Decree. In preparing the safety assessment, STUK requests from the Ministry of the Interior a statement about the accounts referred to in Section 36(7) of the Nuclear Energy Decree, pertaining to security and emergency arrangements [ 7].
8.5 Commissioning phase
809. Before commissioning, STUK conducts the inspections referred to in subsection 7.4.
810. STUK reviews a plan that is in accordance with para 708.
8.6 Operation phase
811. STUK oversees the implementation of security alongside other operations as part of the periodic inspection programme. Periodic inspections are conducted during plant unit operation as well as during refuelling, maintenance and repair outages. In addition, STUK carries out inspections related to security arrangements at the licensee’s request and at its own discretion. Some of STUK’s inspections will be made on advance notice and some without notice.
812. As regards the modifications referred to in requirement 718, STUK states in its decision whether or not the licensee must request from STUK an inspection of a modification’s implementation. In inspections relating to modifications affecting nuclear security, STUK attaches special attention to the licensee’s procedures relating to the design, implementation and commissioning of the modifications. A modification’s commissioning inspection includes a review of the result documentation, among other measures. An inspection may also entail, for example, performance tests in the scope necessary.
8.7 Renewal of an operating licence and a periodic safety assessment
813. When an application for the renewal of an operating licence is lodged, STUK issues a statement to Ministry of Employment and the Economy about the application, and attaches to the statement a safety assessment it has prepared and a review of the documents mentioned in Section 36 of Nuclear Energy Decree. In preparing the safety assessment, STUK requests from the Ministry of the Interior a statement about the accounts referred to in Section 36(7) of the Nuclear Energy Decree, pertaining to nuclear security and emergency arrangements [ 7]. Detailed requirements as regards operating licence renewal and periodic safety assessment are presented in Guide YVL A.1 Regulatory oversight of safety in the use of nuclear energy.
8.8 Decommissioning phase
814. STUK oversees the implementation of nuclear security for as long as it is possible for the nuclear facility to sustain damage, compromise its security or the integrity of nuclear material, nuclear components or nuclear waste, or cause a direct or indirect threat to nuclear or radiation safety.
815. In practice this means that the security arrangements presented in paras 719–720 are required to be in place until a nuclear facility’s radioactive parts have been dismantled and the nuclear materials, nuclear components and nuclear waste have been removed from the facility or placed in a final disposal facility. The need for security arrangements for the final disposal facility can only cease when the facility has been safely closed in a way approved as permanent by STUK.
9.1 Classification of nuclear facilities
901. In accordance with subsection 1.1, this Guide applies to the following nuclear facilities, among others:
- nuclear power plants
- research reactors
- facilities intended for the large-scale final disposal of nuclear material, nuclear components or nuclear waste, which has not been safely closed in a way approved as permanent by STUK
- facilities intended for the large-scale treatment, modification or storage of nuclear material, nuclear components or nuclear waste.
902. Requirements concerning nuclear security are based on a graded approach. A nuclear facility shall be assigned to one of the below classes in accordance with the principles in Table 1.
|Facility class 1||Facility class 2||Facility class 3|
|nuclear power plant||research reactor||nuclear power plant before nuclear material is brought to the plant or after the removal of nuclear material|
|dry or pool storage of spent nuclear fuel||processing or final disposal facility of high level nuclear waste||processing or final low or intermediate level waste|
|Category 1 nuclear material processing or storage facility||Category 2 nuclear material processing or storage facility||Category 3 nuclear material processing or storage facility|
903. The requirements in this Guide apply as such to Category 1 nuclear facilities. As regards Category 2 or 3 nuclear facilities, STUK may, based on a licensee’s justified application, partly moderate the requirements in this Guide.
9.2 Categorisation of nuclear material and nuclear waste
904. All materials referred to in Section 3 of the Nuclear Energy Act as well as in Sections 3 and 5 of the Nuclear Energy Decree shall be considered nuclear material and nuclear waste. Categorisation is based on the Convention on the Physical Protection of Nuclear Material (SopS 72/1989) [ 14] and IAEA’s Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (NSS 13, INFCIRC/225/Rev.5) [ 15]. In terms of severity, Category 1 is the highest and 3 the lowest. Guide YVL D.1 Regulatory control of nuclear safeguards sets forth the security arrangements requirements pertaining to nuclear materials other than those in nuclear facilities, natural uranium separated from uranium ore, depleted uranium and thorium. Security arrangement requirements for nuclear material and nuclear waste transport are presented in Guide YVL D.2 Transport of nuclear materials and nuclear waste.
r = enrichment level (atom %)
m = mass (kg)
m = mass (kg)
A = activity (Bq)
m = mass (kg)
A = activity (Bq)
|Plutonium-239||m ≥ 2||0.5 < m < 2||0.015 < m ≤ 0.5||natural uranium (uranium containing a mixture of the U-235 isotope occurring in nature), depleted uranium and thorium|
|Uranium-233||m ≥ 2||0.5 < m < 2||0.015 < m ≤ 0.5|
|Uranium-235||r ≥ 20||m ≥ 5||1 < m < 5||0.015 < m ≤ 1|
|10 ≤ r < 20||m ≥ 10||1 < m < 10|
|0.71< r < 10||m ≥ 10|
|Nuclear waste||spent nuclear fuel ¹
nuclear waste not containing nuclear material in which A > 1×10 15
nuclear waste not containing nuclear material in which 1×10 12< A ≤ 1×10 15
¹ Spent nuclear fuel may belong to Category 1 based on the amount of nuclear material it contains, provided that the radiation level at 1 metre’s distance from the fuel does not exceed 1 Gy/h.
- Auditing shall refer to a systematic, independent and documented process to objectively evaluate the audit evidence obtained to determine the extent to which the agreed auditing criteria are met.
- Personnel and work shift records
- Personnel and work shift records shall refer to the bookkeeping records referred to in Section 18 of the Private Security Services Act (282/2002) that are intended to ensure official supervision by authorities.
- Access control
- Access control shall refer to the access management and guidance of individuals, vehicles and goods by using technical and administrative systems to control access rights of various levels, for example.
- Quality management
- Quality management shall refer to all of the coordinated and planned activities performed to ensure that the organisation, component, plant or activity meets the requirements and quality criteria set for it (SFS-EN ISO 9000).
- Unlawful action
- Unlawful action shall refer to a deliberate activity or action aimed at endangering the safety of a nuclear facility or the integrity of nuclear material or nuclear waste or posing some other direct or indirect threat to nuclear or radiation safety, or to negligent infliction of damage on a nuclear facility, nuclear material, or nuclear waste. (Government Decree 734/2008)
- Graded approach
- Graded approach related to nuclear security shall refer to a principle according to which, the specification, planning and implementation of nuclear security takes into account the applicable threat assessment, the properties of nuclear materials, and the potential consequences of unlawful action directed at nuclear materials.
- Risk analysis
- Risk analysis shall refer to examinations performed by using systematic measures in order to identify threats, problems, and vulnerabilities, surveying the causes and consequences thereof, and assess the related risks. (Government Decree 734/2008)
- Design basis
- Design bases shall refer to all requirements, definitions and bases for normal operational conditions and accidents that pertain to the design and operation of a plant, system and component.
- Design basis threat
- Design basis threat shall refer to a threat of unlawful action used as the basis for the planning and assessment of the nuclear security arrangements for which the licensee is responsible. (Government Decree 734/2008)
- Event notification
- Event notification shall refer to a written account provided by a security guard/employee containing the information listed in Section 17 of the Private Security Services Act and Section 11 of the Government Decree on Private Security Services.
- Commission agreement
- Commission agreement shall refer to a written agreement containing the information referred to in Section 8 of the Private Security Services Act (282/2002) and Section 10 of the Government Decree on Private Security Services.
- Operator shall, depending on the context, refer to a licensee, licence applicant or some other user of nuclear energy ( Section 2 of the Nuclear Energy Act) who is engaged in, or is planning to engage in, operations falling within the area of application of the Nuclear Energy Act.
- Physical security task
- Physical security task shall refer to the nuclear security and supervision tasks performed by security personnel, as laid down in Sections 7 l and 7 m of the Nuclear Energy Act.
- Security personnel
- Security personnel shall refer to persons trained and authorised to plan and implement nuclear security as laid down in Section 7 l of the Nuclear Energy Act.
- Security arrangements
- Security arrangements shall refer to the measures needed to protect the use of nuclear energy against illegal activities in the nuclear facility, its precincts other places or vehicles where nuclear energy is used. (Nuclear Energy Act 990/1987)
- Security zone
- Security zone shall refer to the safety zone referred to in Section 4 of Government Decree 734/2008.
- Safety functions
- Safety functions shall refer to functions important from the point of view of safety, the purpose of which is to control disturbances or prevent the generation or propagation of accidents or to mitigate the consequences of accidents. (Government Decree 717/2013)
- Security standing order
- Security standing order shall refer to a document referred to in Section 7 n of the Nuclear Energy Act.
- Security organisation
- Security organisation shall refer to the work community consisting of the personnel designing, implementing or supervising nuclear security of a nuclear facility; the licensee's security organisation shall refer to a similar work community that is directly employed by the licensee. (Nuclear Energy Act 990/1987)
- Physical security function
- Physical security function shall refer to the design, installation, repair or modification of structural protection or electronic surveillance systems as well as the planning of other physical protection arrangements (282/2002) and the supervision of these tasks.
- Security plan
- Security plan shall refer to the account (preliminary security plan) presented in Section 35(6) of the Nuclear Energy Decree and the account presented in Section 36(7) of the Nuclear Energy Decree, as well as any changes to them.
- Research reactor
- Research reactor shall refer to a nuclear facility equipped with a nuclear reactor mainly used for the generation of neutron flux and ionising radiation for research and other purposes. (Nuclear Energy Act 990/1987)
- Threat shall refer to a situation in which unlawful action against a nuclear facility, nuclear material, or nuclear waste is ascertained, or there is reason to suspect this. (Government Decree 734/2008)
- Emergency arrangements
- Emergency arrangements shall refer to advance preparation for accidents or events impairing safety at the nuclear facility or in its site area or other places or vehicles where nuclear energy is used. (Nuclear Energy Act 990/1987)
- Emergency situation
- Emergency situation shall refer to an accident or event during which the nuclear power plant’s safety has deteriorated or is in the danger of deteriorating or requires enhanced preparedness to act in order to ensure plant safety; emergency situations are classified on the basis of their severity and controllability as follows:
- an alert is a situation where the safety level of a nuclear power plant needs to be ensured in an exceptional situation.
- a site area emergency is a situation during which the nuclear power plant’s safety deteriorates or is in the danger of deteriorating significantly.
- a general emergency is a situation during which there is danger of radioactive substance releases that may require protective measures in the vicinity of the nuclear power plant. (Government Decree 716/2013)
- Security guard
- Security guard shall refer to a person employed by a guarding services supplier and certified under Section 24 of the Private Security Services Act (282/2002), who has completed basic guard training or a corresponding qualification and meets the general requirements for the guard certification.
- Responsible manager
- Responsible manager shall refer to the person specified in Section 7 k of the Nuclear Energy Act.
- Dangerous object
- Dangerous object shall refer such an object, copy of an object, or substance that may endanger or can be used to endanger the safety or security of a nuclear facility or persons within the nuclear facility, or the safety of persons participating in the treatment and transport of nuclear use items or nuclear waste. (Government Decree 734/2008)
- Vital area
- Vital area shall refer to locations and premises within the protected area of a nuclear facility from which it is possible to conduct unlawful actions that may lead to significant radiation consequences, for which reason these locations and premises must be placed under special protection.
- Site area
- Site area shall refer to an area in use by nuclear power plant units and other nuclear facilities in the same area, and to the surrounding area, where movement and stay are restricted by the Decree of the Ministry of the Interior issued under Section 52 of the Police Act (493/1995). (Government Decree 716/2013)
- Equipment for use of force
- Equipment for use of force shall primarily refer to a firearm referred to in the Firearms Act (1/1998), a gas spray referred to in the Firearms Act, handcuffs, a baton not more than 70 cm in length, and a telescopic baton, the latter referring to a baton over 45 cm and not more than 70 cm in length when opened and that can be collapsed for transport.
- Nuclear material
- Nuclear material shall refer to special fissionable materials or source materials, such as uranium, thorium and plutonium, suited for obtaining nuclear energy. (Nuclear Energy Act 990/1987, Section 3)
- Use of nuclear energy
- Use of nuclear energy ( Sections 2 and 3 of the Nuclear Energy Act) shall refer to:
- the construction and operation of a nuclear facility;
- mining and milling operations with the objective of producing uranium or thorium;
- the possession, manufacture, production, transfer, handling, use, storage, transport and import of nuclear material;
- the possession, manufacture, production, transfer, handling, use, storage, transport, export and import of nuclear waste;
- the possession, manufacture, assembly, transfer and import of certain materials, devices, equipment, or information decreed a Government Decree when they are significant in terms of the proliferation of nuclear weapons or if they are governed by obligations under international treaties which Finland has signed in the field of nuclear energy, including
- non-nuclear material, when its properties are particularly suited to creating nuclear energy;
- devices and equipment intended or otherwise particularly suited for use in nuclear facilities;
- devices and equipment intended or otherwise particularly suited for use in the manufacture of nuclear material or material referred to in item a);
- equipment essential for the manufacture of the devices or equipment referred to in items a) and b)
- nuclear information that is in written or some other physical form and not generally available
- export and import of ores containing uranium or thorium, specified in more detail in a Government Decree;
- the conclusion and implementation of a private-law agreement, for implementation outside Finland and concerning the activities referred to in this paragraph, with a foreign state, foreign person or foreign community, should the agreement be significant in terms of the proliferation of nuclear weapons, or if it is governed by obligations under international treaties which Finland has signed in the field of nuclear energy
- nuclear fuel cycle-related research and development activities determined in Article 18(a) of the Protocol Additional (53/2004) to the agreement made on the implementation of Article III (1) and (4) of the Treaty on the Non-Proliferation of Nuclear Weapons between the countries not in possession of nuclear weapons within the European Union, the European Atomic Energy Community and the International Atomic Energy Agency.
- Nuclear waste
- Nuclear waste shall refer to radioactive waste in the form of spent nuclear fuel or in some other form generated during or as a result of the use of nuclear energy. Nuclear waste also refers to materials, objects and structures which, having become radioactive during or as a result of the use of nuclear energy and having been removed from use, require special measures owing to the danger posed by their radioactivity. (Nuclear Energy Act 990/1987)
- Nuclear facility
- Nuclear facility shall refer to facilities used for the generation of nuclear energy, including research reactors, facilities implementing the large-scale final disposal of nuclear waste, and facilities used for the large-scale production, generation, use, processing or storage of nuclear material or nuclear waste.
- However, nuclear facility shall not refer to:
- mines or milling facilities intended for the production of uranium or thorium, or premises and locations with their areas where nuclear waste from such facilities is stored or located for final disposal; or
- premises finally closed and where nuclear waste has been placed in a manner approved as permanent by the Radiation and Nuclear Safety Authority. (Nuclear Energy Act 990/1987, Section 3)
- Nuclear use item
- Nuclear use item shall refer to nuclear material and the substances, devices, equipment, nuclear information and agreements referred to in Sections 2(1)(5) and 2(2)(1) of the Nuclear Energy Act (990/1987). (Government Decree 732/2008) (Nuclear Energy Decree 161/1988)
- Nuclear power plant
- Nuclear power plant shall refer to a nuclear facility for the purpose of electricity or heat production, equipped with a nuclear reactor, or a complex consisting of nuclear power plant units and other related nuclear facilities located at the same plant site. (Nuclear Energy Act 990/1987)
- Nuclear Energy Act (990/1987).
- Government Decree on Security in the Use of Nuclear Energy (734/2008).
- Government Decree on the Safety of Nuclear Power Plants (717/2013).
- Act on the Openness of Government Activities (621/1999)
- Private Security Services Act (282/2002).
- Government Decree on Private Security Services (534/2002).
- Nuclear Energy Decree (161/1988).
- SFS-EN ISO 9000
- Firearms Act (1/1998).
- Directive for Rescue Diving. Publication of the Ministry of the Interior 48/2007.
- Security Clearance Act (177/2002).
- Police Act (872/2011)
- KATAKRI, National Security Auditing Criteria.
- Convention on the Physical Protection of Nuclear Material and Nuclear Facilities (SopS 72/1989).
- Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Rev.5).
- Government Decree on Emergency Arrangements at Nuclear Power Plants (716/2013).
- Government Decree on the safety of disposal of nuclear waste (736/2008).
Appendix A Security arrangements of a nuclear facility – detailed requirements concerning nuclear security
Confidential, protection level III
Appendix B Structural resistance and layout in the protection of a nuclear power plant and spent fuel storage against an airplane crash
This Appendix B presents resistance as well as layout requirements and guidelines for protection against airplane impacts as well as their justification. It applies to nuclear power plants and spent fuel storages.
B.1 General requirements for resistance of a nuclear power plant and a spent fuel storage against an airplane crash
B01. The crash of a small airplane and a large commercial airplane as well as the consequences of the crash shall be the design criteria for a nuclear power plant and a spent fuel storage such that no significant releases into the environment result from the crash and that the most important safety functions can be activated and maintained with sufficient assurance to bring the facility to a safe state. Para B09 presents the accident categories and limit values for radiation effects equivalent to the crash of a small airplane and a large commercial airplane.
B02. All buildings containing systems accomplishing essential safety functions and nuclear fuel shall maintain adequate integrity to prevent aviation fuel from entering them.
B03. Safety functions for bringing the facility to a safe state shall be ensured by structural separation in accordance with the principles laid down in Guide YVL B.1 and the requirements B04–B08 of this Guide.
B04. To be taken into account in the design of structures, systems and components required to bring the facility to a safe state are the direct and indirect consequences of an airplane crash including the mechanical impact on structures of the crash, the impact on structures and components of crash-induced vibrations and aviation-fuel induced fires.
B05. When making provision against an airplane crash, in addition to structural resistance, layout related methods can be used such as locating redundant subsystems performing safety functions adequately far from one another or behind buildings as well as placing air intake and other openings so as to protect them against a crash and its consequential effects.
B06. An airplane crash and its consequential effects shall also be taken into account in the layout planning of the facility’s internal power supplies and the associated cable routes, and in the layout planning of the following: storages for materials required by safety systems; storages for combustible gases and gas lines; sea water inlet and outlet structures; fresh raw water lines, as well as process and fire water lines, and access routes.
B07. As regards the fire consequences of an airplane crash, the adequacy of fire safety shall be demonstrated by risk-informed design and fire analyses in accordance with Guide YVL B.8.
B08. The effect of an airplane crash on the capacity of personnel to ensure the safety of the facility and its environment shall be taken into account. The facility’s main control room shall be protected against a direct crash structurally or by locating it behind other buildings so as to make it difficult to approach, as well as by equivalent protection against secondary missiles (wreckage), see also requirements B22 and B25.
B09. The categorisation of accidents caused by an airplane crash and the equivalent limit values for radiation effects shall be set in accordance with Chapter 3, Section 10 of Government Decree (717/2013):
- the crash of a small airplane is assumed to be an aviation accident and is processed as a Class 2 postulated accident. The equivalent highest allowable annual dose is 5 mSv;
- the crash of a large commercial airplane is assumed to be intentional and is processed as a design extension condition. The highest equivalent allowable annual dose is 20 mSv.
B10. With the decision-in-principle application, the licence-applicant shall submit to the Radiation and Nuclear Safety Authority the nuclear facility's design principles to protect against an airplane crash. The layout criteria and the structural design criteria shall be presented to demonstrate at a principal level the maintainability of the nuclear facility’s safety functions and the limitation of releases. The design methods to be used may include site layout, impact-resistant structures as well as structural and operative means to prevent crash-induced fires.
B11. With the construction licence application, clear airplane crash-related objectives for facility, system and layout design, as well as the related structural and functional requirements, shall be presented, along with the design solutions to fulfil these requirements. Equivalent design standards, guidelines and methods to be used as well as research results supporting the design shall be presented.
B12. With the construction licence application, justification for the adequacy of building separation by distance and the structure types resistant to a direct airplane crash or secondary missiles (wreckage) shall be given. For these structure types, impact resistance criteria are given, such as building framework resistance, limiting of vibrations, limiting of displacement, prevention of perforation, level of collapse due to explosion pressure loads and prevention of scabbing. Preliminary analyses shall demonstrate
- crash resistance of protective structure types, for example, adequacy of structural thicknesses,
- fire resistance of structural and air conditioning solutions,
- vibration resistance of safety systems and structures important to safety.
B13. The structural design margins of facility design, the reliability of its safety systems and releases into the environment in connection to an airplane crash shall be estimated in the construction licence application. The parameters of estimation include material properties affecting strength and damping of vibrations as well as vibration isolation designs of equipment. The loading resistance parameters to be assessed include impact momentum, resistance to vibration accelerations, decreasing of the floor response spectra of vibrations, as well as improved protection of fire compartments and air-conditioning systems. The ALARA principle shall be applied in facility design assessment so as to identify any significant nuclear and radiation safety enhancements that can be attained by reasonable modifications.
B14. The layout, structural and fire extinguishing system designs in the context of an airplane crash shall be justified with appropriate analyses and clarifications before detail designs are approved, taking into account uncertainties in calculation methods and parameter choices, see also requirement B16.
B16. To be presented with an operating licence application are the design solutions implemented to fulfil the airplane crash-related requirements above and the necessary analyses to verify implementation of the design bases including at least:
- realised qualifications of materials and types of structure,
- realisation of air-conditioning solutions and fire protection,
- verification of the vibration resistance of safety systems and structures important to safety.
B.2 Design and analysis method related requirements and guidelines
B17. In analysing a large commercial airplane crash, realistic analysis methods and initial assumptions may be used (best estimate). A sensitivity analysis shall be applied to assess cliff edge phenomena. For a commercial airplane crash, additional failures independent of the crash need not be assumed. For a small airplane crash, the failure criteria for normal postulated accidents apply.
B18. The design standards and calculation methods used, as well as the equivalent deformation and stress limit values for materials, shall be based on uniform validated procedures. Scopes of application of the calculation methods shall be verified. Requirements for verification of material properties are given in Guide YVL E.6.
B19. The design criteria for impact-resistant structures are based on a facility’s safety design. The equivalent physical design bases presupposed by an impact are:
- prevention of hard missile perforation,
- prevention/limitation of effects that endanger the safety of the facility as a result of scabbing,
- limitation of structural displacement, deformations and stresses,
- structural and functional resistance against impact-induced vibrations,
- fire compartments, structural resistance and fire protection needs against impact fires.
B20. Physical phenomena shall be analysed by advanced and validated analysis methods and applications (benchmark). The analyses shall be verified by tested simplified calculation procedures. Guide YVL E.6 presents itemised requirements for calculation checks.
B21. In order to ensure the designed structural continuance of impact resistant structures, dynamic load carrying anchorage and splice length solutions for reinforcement shall be used, which have been assured by corresponding tests.
B22. In accordance with the separation by distance principle, the equivalent resistance of structural types against secondary missiles (wreckage) shall be ensured. Adequate structural minimum requirements, e.g. thickness, reinforcement and composite structures, shall be set for design.
B23. Fulfilment of vibration resistance requirements is demonstrated in compliance with the principles for demonstrating resistance to external vibrations presented in Guide YVL B.7. In addition, Guides YVL B.8 and YVL E.6 set forth the design criteria for fire protection and vibration resistance of buildings. To demonstrate vibration resistance, an assessment shall be made, in accordance with the principles stated in Guide YVL B.7, of the transfer of dynamic forces along a building frame, as well as of the development of vibration levels at different frequency levels from the point of impact to the systems, structures and components of which resistance to external vibration caused by an airplane crash is required. The vibration resistance assessment shall take into account the contradiction in conservative design objectives as regards the designed resistance of building frames and that of a component located in the building.
B24. Crash-induced fires shall be assessed as diverse combinations of fireball and pool fire events. The significance of these phenomena shall be assessed as part of the implementation of systems and layout design, as well as of the safety functions required to bring the facility to a safe state.
B25. Instead of the load/time curves presented in Appendix C to this Guide, the licensee may use analyses based on computational airplane models. In this case, it shall be demonstrated that the crash of these computation models against a rigid plane causes a momentum and peak vibration behaviour equal to at least the load-time curves and kinetic energy presented in Appendix C. An airplane computation model shall be applied in cases where acceptable partial rupturing of structures is assessed. Protection solutions may also include designs where the area to be protected is behind sequential structures so that in the demonstration of ultimate resistance, loading resistance for single structures in accordance with the load-time curves in Appendix C is not required.
Appendix C Design basis threat concerning an airplane crash
Confidential, protection level III