10 CFR 73.1205 – Written follow-up reports of physical security events
(a) General requirements. (1) Licensees making a telephonic notification under § 73.1200 of this part must also submit a written follow-up report to the NRC within 60 days of such notifications, in accordance with § 73.4.
(2) As an exemption, licensees are not required to submit a written follow-up report subsequent to a telephonic notification made—
(i) Under the provisions of § 73.1200(e) and (f) regarding interactions with a Federal, State, or local law-enforcement agency;
(ii) Under the provisions of § 73.1200(m) regarding lost or stolen enhanced weapons; or
(iii) Under the provisions of § 73.1200(n) regarding adverse findings from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) for enhanced weapons possessed by the licensee.
(3)(i) Licensees are not required to submit a written follow-up report if the licensee subsequently retracts a telephonic notification made under § 73.1200 as invalid, not reportable under § 73.1200, or recharacterized as recordable under § 73.1210 (instead of reportable under § 73.1200), and has not yet submitted a written follow-up report under this section.
(ii) If the licensee subsequently retracts a telephonic notification made under § 73.1200 after it has submitted a written follow-up report under this section, then the licensee must submit a revised written follow-up report documenting the retraction.
(b) Submission criteria. (1) Each licensee must submit to the NRC written follow-up reports that contain sufficient information for NRC analysis and evaluation and are of a quality that will permit legible reproduction and processing.
(2)(i) Licensees subject to § 50.73 of this chapter must prepare the written follow-up report on NRC Form 366.
(ii) Licensees not subject to § 50.73 of this chapter must prepare the written follow-up report in a letter format.
(3)(i) If significant supplemental information becomes available after the submission of the initial written follow-up report, then the licensee must submit a revised report with the revisions indicated.
(ii) The revised written follow-up report must replace the previous written report in its entirety. The update must be complete and not be limited to only supplementary or revised information.
(iii) Errors discovered in a written follow-up report must be corrected in a revised report with the revisions indicated.
(c) Contents. A written follow-up report must contain:
(1) A brief abstract describing the major occurrences during the event or condition, including all component or system failures that contributed to the event or condition, and significant corrective actions taken or planned to prevent recurrence.
(2) A clear, specific, narrative description of what occurred so that a knowledgeable reader conversant with general security program requirements, but not familiar with the security requirements for the specific facility or activity, can understand the complete event.
(3) The narrative description must include, as a minimum, the following information, as applicable—
(i) The date and time the event or condition was discovered;
(ii) The date and time the event or condition occurred;
(iii) The affected structures, systems, components, equipment, or procedures;
(iv) The environmental conditions at the time of the event or occurrence, if relevant;
(v) The root cause of the event or condition;
(vi) Whether any human performance errors were the cause or were a contributing factor to the event or condition, including: personnel errors, inadequate procedures, or inadequate training;
(vii) Whether previous events or conditions are relevant to the current event or condition and whether corrective actions to prevent recurrence were ineffective or insufficient;
(viii) Whether this event or condition is a recurring failure of a structure, system, component, or procedure important to security;
(ix) What compensatory measures, if any, were implemented in response to the event or condition;
(x) What corrective actions, if any, were taken in response to the event or condition; and
(xi) When corrective actions, if any, were taken or will be completed.
(d) Transmission criteria. (1) In addition to the addressees specified in § 73.4, the licensee must also provide one copy of the written follow-up report addressed to the Director, Office of Nuclear Security and Incident Response (NSIR).
(2) For copies of a classified written follow-up report, the licensee must transmit them to the NRC via either the NRC Headquarters classified mailing address specified in Table 2 of appendix A to this part or via the NRC’s secure email address specified in Table 1 of appendix A to this part.
(3) Each written follow-up report containing classified information must be created, stored, marked, labeled, handled, transmitted to the NRC, and destroyed in accordance with the requirements of part 95 of this chapter.
(4) Each written follow-up report containing Safeguards Information must be created, stored, marked, labeled, handled, transmitted to the NRC, and destroyed in accordance with the requirements of §§ 73.21 and 73.22.
(e) Records retention. Licensees must maintain a copy of a written follow-up report as a record for a period of 3 years from the date of the report or until termination of the license, whichever is later.