The Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facility (INFCIRC/225/Revision 5) Fundamental Principle E: Responsibilities of the Licence Holder: identifies that the operator should have a security plan. In the United Kingdom an approved Nuclear Site Security Plan (NSSP) is a requirement under Regulation 4 of the Nuclear Industries Security Regulations (NISR).
The National Nuclear Laboratory (NNL) is the Dutyholder for three (3) unique facilities in the United Kingdom; with nuclear assets ranging from Special Nuclear Materials through High Active Irradiated materials to nuclear materials recovery. The facilities undertake operational, and research and development activities so provide a challenging security environment.
NNL decided to take a Claims, Argument and Evidence (CAE) approach, common in the approach often taken by Safety, to meet the Fundamental Security Principles and Security Delivery Principles that are identified in the Office for Nuclear Regulations (ONR) regulatory guidance known as the “Security Delivery Principles”.
Claims, Arguments Evidence (CAE) is a logical structure in the development and presentation of an overall ‘case’, whether Safety or Security. It provides clarity of the claims that are required to be made, allows the development of the specific arguments and identifies the underpinning evidence to be shaped. CAE is an approach rather than a prescriptive format.
As the quality and extent of Security Plans increase they will often require complex, technical and multi-faceted arguments and evidence to be presented to underpin what can be essentially simple claims; “Our nuclear materials are secure from malicious threats”. Security Plans can be required to be understood, to a greater or lesser extent, by many and varied groups and stakeholders; Company Board, Facility Managers, staff, Regulators, existing and potential customers; often with varying understanding and appreciation of the technical and operational underpinning.
Those issues have the potential to drive further complexity into the security plan as all expectations and requirements are attempted to be managed resulting in the security plan being of little operational value.
As CAE is a tool which supports simplification of key elements of the security plan this paper will show how NNL have used this approach to meet multiple needs and deliver a relevant, useful and dynamic NSSPs. It will also identify how this approach can drive business improvement, regulatory confidence and understanding of risk.
NNL consider that a CAE approach to security will be relevant to operators to provide the assurances they, and their Regulator, requires whether they are working within a prescriptive or outcomes based regulatory environment.