Ohio Administrative Code
Title 3701:1 - Radiation Control
Chapter 3701:1-37 - Physical Protection of Category One and Category Two Quantities of Radioactive Material
Section 3701:1-37-15 - General security program requirements
Universal Citation: OH Admin Code 3701:1-37-15
Current through all regulations passed and filed through March 18, 2024
(A) Security plan:
(1) Each licensee identified in paragraph (A)
of rule
3701:1-37-14 of the
Administrative Code shall develop a written security plan specific to its
facilities and operations. The purpose of the security plan is to establish the
licensee's overall security strategy to ensure the integrated and effective
functioning of the security program required by rules
3701:1-37-14 to
3701:1-37-22 of the
Administrative Code. The security plan must, at a minimum:
(a) Describe the measures and strategies used
to implement the requirements of rules
3701:1-37-14 to
3701:1-37-22 of the
Administrative Code; and
(b)
Identify the security resources, equipment, and technology used to satisfy the
requirements of rules
3701:1-37-14 to
3701:1-37-22 of the
Administrative Code.
(2)
The security plan must be reviewed and approved by the individual with overall
responsibility for the security program.
(3) A licensee shall revise its security plan
as necessary to ensure the effective implementation of Ohio department of
health requirements. The licensee shall ensure that:
(a) The revision has been reviewed and
approved by the individual with overall responsibility for the security
program; and
(b) The affected
individuals are instructed on the revised plan before the changes are
implemented.
(4) The
licensee shall retain a copy of the current security plan as a record for three
years after the security plan is no longer required. If any portion of the plan
is superseded, the licensee shall retain the superseded material for three
years after the record is superseded.
(B) Implementing procedures:
(1) The licensee shall develop and maintain
written procedures that document how the requirements of rules
3701:1-37-14 to
3701:1-37-22 of the
Administrative Code and the security plan will be met.
(2) The implementing procedures and revisions
to these procedures must be approved in writing by the individual with overall
responsibility for the security program.
(3) The licensee shall retain a copy of the
current procedure as a record for three years after the procedure is no longer
needed. Superseded portions of the procedure must be retained for three years
after the record is superseded.
(C) Training:
(1) Each licensee shall conduct training to
ensure that those individuals implementing the security program possess and
maintain the knowledge, skills, and abilities to carry out their assigned
duties and responsibilities effectively. The training must include instruction
in:
(a) The licensee's security program and
procedures to secure category one or category two quantities of radioactive
material, and in the purposes and functions of the security measures
employed;
(b) The responsibility to
report promptly to the licensee any condition that causes or may cause a
violation of department requirements;
(c) The responsibility of the licensee to
report promptly to the local law enforcement agency (LLEA) and licensee any
actual or attempted theft, sabotage, or diversion of category one or category
two quantities of radioactive material; and
(d) The appropriate response to security
alarms.
(2) In
determining those individuals who shall be trained on the security program, the
licensee shall consider each individual's assigned activities during authorized
use and response to potential situations involving actual or attempted theft,
diversion, or sabotage of category one or category two quantities of
radioactive material. The extent of the training must be commensurate with the
individual's potential involvement in the security of category one or category
two quantities of radioactive material.
(3) Refresher training must be provided at a
frequency not to exceed twelve months and when significant changes have been
made to the security program. This training must include:
(a) Review of the training requirements of
paragraph (C) of this rule and any changes made to the security program since
the last training;
(b) Reports on
any relevant security issues, problems, and lessons learned;
(c) Relevant results of Ohio department of
health inspections; and
(d)
Relevant results of the licensee's program review and testing and
maintenance.
(4) The
licensee shall maintain records of the initial and refresher training for three
years from the date of the training. The training records must include dates of
the training, topics covered, a list of licensee personnel in attendance, and
related information.
(D) Protection of information:
(1) Licensees
authorized to possess category one or category two quantities of radioactive
material shall limit access to and unauthorized disclosure of their security
plan, implementing procedures, and the list of individuals that have been
approved for unescorted access.
(2)
Efforts to limit access shall include the development, implementation, and
maintenance of written policies and procedures for controlling access to, and
for proper handling and protection against unauthorized disclosure of, the
security plan,
implementing procedures, and the list of individuals that have been approved for
unescorted access.
(3) Before
granting an individual access to the security plan,
implementing
procedures, or the list of individuals that have been
approved for unescorted access, licensees shall:
(a) Evaluate an individual's need to know the
security plan,
implementing procedures,
or the list of individuals that have been approved for unescorted access;
and
(b) If the individual has not
been authorized for unescorted access to category one or category two
quantities of radioactive material, safeguards information, or safeguards
information- modified handling, the licensee must complete a background
investigation to determine the individual's trustworthiness and reliability. A
trustworthiness and reliability determination shall be conducted by the
reviewing official and shall include the background investigation elements
contained in paragraphs (A)(2) to (A)(7) of rule
3701:1-37-09 of the
Administrative Code.
(4)
Licensees need not subject the following individuals to the background
investigation elements for protection of information:
(a) The categories of individuals listed in
rule 3701:1-37-11 of the
Administrative Code; or
(b)
Security service provider employees, provided written verification that the
employee has been determined to be trustworthy and reliable, by the required
background investigation in rule
3701:1-37-09 of the
Administrative Code, has been provided by the security service
provider.
(5) The
licensee shall document the basis for concluding that an individual is
trustworthy and reliable and should be granted access to the security plan,
implementing
procedures, or the list of individuals that have been
approved for unescorted access.
(6) Licensees shall maintain a list of
persons currently approved for access to the security plan,
implementing
procedures, or the list of individuals that have been
approved for unescorted access. When a licensee determines that a person
no longer needs access to the security plan,
implementing procedures, or the list of individuals that have been approved for
unescorted access, or no longer meets the access authorization
requirements for access to the information, the licensee shall remove the
person from the approved list as soon as possible, but no later than seven
working days, and take prompt measures to ensure that the individual is unable
to obtain the security plan,
implementing procedures, or the list of individuals that have been approved for
unescorted access.
(7) When
not in use, the licensee shall store its security plan,
implementing
procedures, and the list of individuals that have been
approved for unescorted access in a manner to prevent unauthorized
access. Information stored in nonremovable electronic form must be password
protected.
(8) The licensee shall
retain as a record for three years after the document is no longer needed:
(a) A copy of the information protection
procedures; and
(b) The list of
individuals approved for access to the security plan,
implementing
procedures, or the list of individuals that have been
approved for unescorted access.
Disclaimer: These regulations may not be the most recent version. Ohio may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.