Security
Nuclear Generation recognises the value of the people, physical assets, information and systems that it utilises to undertake its business and the necessity to protect them. Security is about protecting our physical and intellectual property, our staff and the public from any potential or actual event which could adversely affect the confidentiality, integrity or availability of our infrastructure and information as well as the personal security and safety of staff and the public.
There are a series of safety and security measures in place at each of our power stations in addition to the inherent physical security provided by the very robust design of the nuclear reactors. Access to nuclear power stations is strictly controlled and armed police are deployed at all of the UK's nuclear sites to complement existing security measures. The Civil Nuclear Constabulary is a specialised armed force whose role is the protection of civil nuclear sites and nuclear materials. The overall purpose of the Constabulary is to deliver an effective and efficient police response service, complying with national security requirements.
Our policy takes account of the business drivers and perceived business risks as well as our obligation to fulfil specified security requirements of the Office for Nuclear Regulation (Civil Nuclear Security), the security regulator for the civil nuclear industry in the UK and the UK Information Commissioner’s Office. It is this responsibility to address the nuclear safety risks which differentiates Nuclear Generation from other equivalent non nuclear organisations and drives us towards the need for high quality security regimes which address the optimum balance of physical, operational, personnel and information security requirements.
Nuclear Generation takes security seriously and recognises that people working in our industry and the public at large, are entitled to a safe and secure environment. Our security staff are routinely trained, exercised and developed and our security systems are subject to regular and routine review and evaluation.
The framework for Nuclear Security in the UK is provided by the Office for Nuclear Regulation (Civil Nuclear Security); who is the security regulator for the UK's civil nuclear industry.
ONR conducts its regulatory activities on behalf of the Secretary of State for Energy and Climate Change (DECC) under the authority of the Nuclear Industries Security Regulations 2003 (NISR 03) - as amended 2006. It works in close conjunction with nuclear security policy officials in DECC and with other government departments and agencies, and with overseas counterparts. It is responsible for approving security arrangements within the industry and ensuring compliance with NISR 03 which is enforced in the form of a Security Policy Framework, based upon a specialist Technical Requirements Document for physical security and ISO 27002 controls with specialist modifications for Information and IT Security.
Through our Nuclear Generation Corporate Security function, we have implemented a management system, comprising physical, logical and personnel controls, supported by processes, standards and guidelines, which meet both our business and regulatory commitments. Staff are made aware of, and appropriately trained in, this management system; in particular in terms of their individual security responsibility, regulatory compliance and event reporting. The system also demonstrates how Nuclear Generation achieves compliance with nuclear site licence conditions and applicable security regulatory and legal requirements as well as meeting the prime security requirements of the business.
Our approach to security is risk based and designed to make certain that appropriate and proportionate controls are implemented; to ensure a safe and secure environment is maintained. The perceived security risks are subjected to regular internal review. The risk profile covers all the perceived security threats to the business from normal crime and malicious behaviour through to protestor disruption, cyber security and terrorism. As part of our process of continuous improvement, the security regimes are routinely reviewed and developed in the light of operational experience at home and abroad and make appropriate use of developing technologies, capabilities and processes.