Nuclear security is a specialty niche in the U.S. physical security industry. The safety and security measures at nuclear power generating plants require compliance with myriad federal regulations and public safety considerations. In the mid-1990s, a question arose: Can security operations at a nuclear utility be adequately tested and measured for ISO 9002 registration?

 The first aggressive application of an improvement system within a nuclear utility was Florida Power and Light's (FP&L's) effort to win the coveted Deming Prize (which the company succeeded in doing in 1989). It was during the Deming Prize evolution that Wackenhut Corp., supplier of security services to FP&L, was exposed to the successful application of quality improvement strategies--strategies normally applied to engineering systems or manufacturing firms--to protective services.

 Wackenhut applied the quality improvement lessons (and the associated tools and culture) learned from the FP&L experience to all of its 17 contracts with commercial nuclear power generating facilities.

 Wackenhut found that those facilities successful in the continued application of quality improvement had the following attributes in common as part of their business and work culture:

  A customer-service-driven environment

  A proactive approach to regulatory issues

  A document control system specific to plant protection

  A performance-based job culture

  Application of statistical methods to measure job output

  Employee involvement through suggestions, assessment or audit systems

  Strong customer-supplier relationships

  Measurable continuous improvement

 These attributes were applied daily through cross-functional groups within the plant protection work sections. Application of a formal quality system that was procedure-driven and audited by a third party meant moving toward an ISO 9000-compliant system.

 It was a difficult task to select a flagship site in which to apply for an ISO 9002 quality management system (QMS) registration because most of the customer sites had the basics in place.

Selecting a site

 Wackenhut's Nuclear Services Division had been providing security services at Vermont Yankee since December 1992. Within the years that followed, the application of an informal QMS and its tools provided the security department with a documented history of continuous improvement. During the first year of partnership, department performance improved 66 percent. The application of a progressive suggestion system, which became a formal department procedure and process, also provided continued employee involvement. A quality culture was in place and the customer/vendor partnership was strong.

 Early in 1998, Wackenhut Corp. decided to take quality to a higher level and set the goal of having two customer sites strive for ISO 9002 registration. The Nuclear Services Division selected Vermont Yankee as the initial target site because its basic quality systems were in place and its leadership was willing to improve its own system during Wackenhut Corp.'s ISO 9002 registration process. Meetings in which Wackenhut corporate personnel provided a presentation on the standard were held with the Vermont Yankee utility security department management. The presentation convinced customer utility management that a supplier that utilized an ISO 9002 system to monitor and measure its services would be a good fit because it would provide a positive level of supplier oversight. In addition, the customer saw ISO 9002 registration as an opportunity to improve its security department processes.

Starting the process

 The initial ISO 9002 implementation at the site was delayed due to site outage and support commitments; after all, the daily operation and needs of the site came first. After those commitments were completed, a consultant led the site through a gap analysis and ISO 9000 document training. The pace was slow, with Wackenhut employees questioning how ISO 9000 would be effectively applied in a nuclear security environment without having a negative effect on daily operations. The site already enjoyed a good improvement system, they insisted, so why start another?

 After four months of floundering in a failed attempt to modify the work process for the quality system, the company started over with a different approach. Internal auditors were trained, and aggressive project management was provided. This project management came from Wackenhut corporate oversight and from consultant staff. The first major step was reorganizing the steering committee and redefining its authority and project mission. The next step was to inventory and define each job task and match customer-owned and/or supplier-owned current procedures to those jobs; jobs without current policy or procedure documentation were examined for relevance. Those necessary "tribal knowledge" tasks were then covered through the use of work instructions.

 Once these tasks were completed, the level II documents (quality system procedures) and the level I document (quality policy manual) began to form, helping make a meaningful system. Internal auditors, who began early on after the project restart, found it very easy to understand the system and its application in providing service to the customer. The supplier system, in draft form, underwent continuous evaluation by all Wackenhut employees as well as by the steering committee and the small internal audit staff. The steering committee developed the quality policy and three implementing objectives and posted them in critical locations throughout the plant. The system took shape with a focus on the quality policy: "To continuously improve service delivery processes and provide a safe/secure work environment which is consistent with Wackenhut's and our customer's goals. To prevent any act of radiological sabotage and protect company property and public health and safety."

Changing behaviors

 The second major project hurdle was the control of obsolete documentation. The site had a long operating history, and Wackenhut shift supervisors with many years on the job had developed a habit of storing old information. Sometimes useful as references, the old documents were also too easy to utilize while making current process decisions. The steering committee directed the growing internal audit staff to seek out those obsolete documents and manuals and bring them in for review or destruction. The Security Training Department took aggressive measures in examining reams of old documents and records, only retaining those required by regulation or policy and destroying the rest. This effort saved Vermont Yankee money in document retention efforts; absence of the old documents provided space for current and important records retention efforts, including those required by the new QMS. The internal audit staff destroyed or revised old records and documents to assure the security department that only current and approved materials were applied at the shift level.

 The document control effort required that all Wackenhut personnel change their behaviors in relation to retaining useful information as well as controlling certain directives and communications issued by Wackenhut management to the work force. The document control coordinator, in support of the steering committee internal policies, developed a system to identify and control written communications from the three supplier departments that support and manage the force.

 This effort began in the first week of January 1999, with each individually generated document or process-related memo having a department prefix assigned to a control number.

 Wackenhut also developed a system of logs to track developed quality system documents, communications, corrective action reports and internal audits, as well as a master list of all current and approved procedures, forms and manuals. With help from the Security Training Department, training lesson plans were revised or rewritten to conform to the quality system. Personnel training records were also improved and simplified without compromising regulatory compliance.

 Nuclear security systems require continuous compliance to federal regulations. That effort normally creates a vast amount of documentation and records. Vermont Yankee's administrative assistant, who controlled its regulatory documents, ensured an easy flow to ISO 9002 by having an excellent system in place.

 The Wackenhut steering committee decided to emulate Vermont Yankee's efforts in document and records retention for those documents and records under its contractual control, including those developed as a result of normal business. This approach was successfully integrated, and management behaviors in document control began to make positive changes (see Figure 1).

Figure 1: ISO 9000 Waste Elimination

Including the customer

 The Vermont Yankee security management staff made a conscious decision to become active in the Wackenhut ISO 9002 process. This included participating in Wackenhut steering committee meetings, attending internal auditor training classes and participating as members of internal audit staffs. The ISO 9002 internal auditing effort enhanced Vermont Yankee's efforts in supplier oversight as well as improving an already strong teamwork ethic. Vermont Yankee took an active roll in review of the various levels of documentation and provided positive feedback in areas where their process procedures may have conflicted with Wackenhut's system.

Communicating effectively

 As the system began to take shape, the steering committee realized that it was important to continually inform the work force about the current status of the new QMS. After every meeting, the committee issued a newsletter to communicate current issues, review the status of all corrective action reports, and announce upcoming training classes and management milestones.

 As the newsletters were distributed, many of the personnel who initially hadn't taken an active roll in the ISO 9002 process began to show more interest and volunteered their efforts in seeing the project through. This included continuous vigilance for obsolete documents on post, increased attention to detail and a greater level of communication through the ranks. Once the shift personnel realized that the system was a benefit, more personnel stepped forward to participate and embrace the concept. Most important, through the newsletter, personnel were able to see actual changes and improvement as the corrective actions were addressed; this showed that management was serious in its commitment to the process and that ISO 9002 wasn't just another fad.

ISO 9002--"the best self-assessment"

 The use of self-assessment has become an increasingly important effort within the nuclear industry. Within its Security Department procedures, Vermont Yankee had an excellent system that required annual review of critical path processes as well as review of daily business practice (see Figure 2). The site self-assessment effort focused on process, and it required the assessor to identify both weaknesses and strengths within the process assessed. Recommendations were also issued and documented through the resulting report. Wackenhut staff continuously utilized the self-assessment process, and the site did have a documented history of completed self-assessments.

Figure 2: ISO 9000 System Within a Regulatory Environment

 The customer-owned self-assessment process didn't reach through the supplier business processes into those areas of customer-owned but supplier-utilized processes. The ISO 9002 system ensured that internal auditors, who conducted monthly scheduled ISO audits, would be reaching into Vermont Yankee procedures and therefore ensuring continuous "secondary" levels of self-assessment. Feedback from assigned regulatory personnel, who were given a presentation of the supplier ISO 9002 system, indicated a high level of confidence in that system to ensure supplier oversight, continuous improvement and timely corrective actions to concerns or contract nonconformance.

Quality planning

 Wackenhut Nuclear Services had a current quality plan in place at the site. That plan was reviewed and modified to fit into the ISO 9002 effort currently underway. The steering committee decided to develop a flowchart rather than rely on text (see Figure 3). That flowchart would be placed within a level III work instruction and utilized at the shop-floor level. The company purchased a special software program to enhance the new document control center computer used primarily for the ISO 9002 effort. This program developed flowcharts that could be integrated into current word processing text documents. As soon as the plan was developed and approved for use, it was evident that it could be transferred to other Wackenhut Nuclear Services customer sites as the Nuclear Division quality plan with little or no modification.

Figure 3: Site Quality Plan Process Chart

Performing on target

 After the ISO 9002 effort was restarted in December 1998, an aggressive timetable was developed with the ambitious aim of attaining registration by the following May.

 By the end of February 1999, the site had a fledgling system in place. Most work instructions had been developed or were at various stages the of approval process. The steering committee had completed and tentatively approved quality procedures (level II) and the quality policy manual (level I). The level I and level II documents were sent off to American Systems Registrar--the selected ISO 9002 registrar--for a desktop audit. Once the response to that audit was received, changes were made to the system and the steering committee accepted it as valid on March 1, 1999.

 A consultant conducted a full system audit as a backup to the current internal audit effort and found very little that would have to be changed. By the end of the month, the steering committee announced that the system would be ready for registration no later than May 31, 1999. All supplier personnel were now using the system's tools in their daily work efforts. Internal audits were still scheduled for those sections of the system that the steering committee had targeted and scheduled.

ISO 9002--a perfect fit

 While the system was in its infancy, the internal auditors provided positive feedback on how the system was developed for the security mission; it made a perfect fit. The auditors, who had previously discovered more than five nonconformances during each of the first audits, were now only making observations and pointing out opportunities for further improvement. The tracking and closing of corrective action reports, which had been slow at first, began to pick up pace with more improvements to that section of the system. Auditors took the initiative to follow up and verify all corrective actions implemented, not only those within Wackenhut's quality system but also issues normally under Vermont Yankee's control.

 The system enhanced the high level of regulatory compliance already in place at the site and ensured a greater level of consistent performance shift-to-shift. Internal auditing was key, and the auditor force, 20 people strong, maintained a constant vigil against nonconformance at all levels of the organization. This continuous attention to conformance works very well within the nuclear security mission, as the new ISO 9002 system proved and the upcoming registration would verify.

Moving toward registration

 The registration effort began in the last week of April 1999 with a pre-registration audit conducted by the selected registrar. After the exit meeting, in which the registrar presented the steering committee with minimal nonconformances and observations, the personnel assigned to this audit felt it was much like regulatory compliance audits and were confident in their ability to achieve registration within 30 days.

 During the last week of May 1999, the registrar returned for the three-day, three-night registration audit. Auditors visited all shifts, interviewed personnel, examined documentation and observed processes. A staff internal auditor was assigned to the registrar as an escort, a measure required within the nuclear power plant setting, and escorts were changed each day. At the exit meeting, the steering committee was happy to hear that the registrar was going to recommend registration. The company received the ISO 9002 registration certificate on June 11, 1999, just slightly outside of the target date the committee had set.

Sharing lessons learned

 After the registration was received, the on-site Wackenhut corporate representative developed an implementation plan based upon each section of the standard.

 This plan identified all of the probable barriers as well as some systemic internal strengths pertaining to each section of the standard within the nuclear security setting. This implementation plan can be rolled out to other customer sites along with the templates and examples developed by the staff at Vermont Yankee.

 The plan identifies and addresses many of the hidden dangers that had a negative effect on the initial startup of the project. For example, certain issues must be addressed in specific order within this environment, the system must enhance customer regulatory and licensing issues, personnel must be sold on the effort and must be continually involved even after any orientation training is conducted, and consultants who are selected to assist in the effort must be aware of the unique culture within the commercial nuclear setting.

Continuing to improve

 The application of ISO 9002 within a nuclear power setting at first appeared difficult, but with the right approach and commitment at all levels of the organization, the system not only fits well but also enhances the current regulatory nature of the business.

 One of the largest concerns of nuclear utilities is "contractor oversight," a subject that has been a target for discussion within many professional utility working groups. The use of ISO 9002 helps the utility customer ensure that suppliers do what they say and say what they do; it provides a systematic method that ensures conformance not only to contract requirements, but to regulatory requirements as well.

 The site steering committee, which continues to meet on a monthly basis, has developed specific working goals to ensure continued success with ISO 9002. The current Wackenhut Quality Improvement Program, complete with its improvement tools and methods, will be integrated into the ISO 9002 application. The site's suggestion program, already a success, will become a formal part of the quality system. The committee has set the following objectives to ensure success:

  Integrate quality improvement tools and administrative quality training modules into work instructions to ready the system for the ISO 9000:2000.

  Train additional internal auditors.

  Integrate the site's "self-assessment" system into ISO 9002 to track system issues and ensure timely attention.

  Share experience with other nuclear sites seeking ISO 9002 registration.

  Maintain the frequency of steering committee meetings to maintain the system and ensure that it continues to mature and improve.

  Revisit quality policy objectives for revision or recalibration on an annual basis.

  Maintain an aggressive internal audit schedule to ensure system effectiveness.

 Maintaining focus on these objectives will ensure that the ISO 9000 partnership developed by Wackenhut and the customer security department continues to be a true success story at Vermont Yankee Nuclear Power Plant. In its first 12 months, the system showed the strength of the partnership. The annual surveillance resulted in one minor corrective action report, which was immediately addressed by the staff. Top-quality performance by the site has been recognized by others in the industry. The Vermont Yankee Security staff is currently helping another Wackenhut contract site prepare for a December 2000 ISO registration date.

About the authors

 Bob Kindilien has 30 years of experience in law enforcement and protective services, 19 of which have been within the nuclear industry. He has been with Wackenhut Nuclear Services for the last 15 years. He is currently director of nuclear quality assurance and was the corporate representative responsible for the ISO 9002 project implementation at Vermont Yankee. E-mail him at bkindilien@qualitydigest.com .

 Ed Wright has 25 years of experience in law enforcement and protective services. He began work at Vermont Yankee in 1978 as an armed nuclear security officer. He progressed through the ranks to his current position of project manager for Wackenhut Nuclear Services. Wright was responsible for the day-to-day ISO 9002 implementation efforts and is the senior on-site management representative. E-mail him at ewright@qualitydigest.com .