Nuclear security management system practice in regard to nuclear security culture development

Nuclear security culture development needs a holistic approach. Nuclear security development cannot be based on individual and organizational approaches only, but must also be based on any security systems holistically. A comprehensive management system on nuclear security has been built in Indonesian Nuclear Energy Agency (BATAN) facilities where it covers physical protection, security culture development, cyber protection, and insider threat mitigation aspects. The physical protection system is covered in the management system to ensure that any latest and credible risk is handled and mitigated using a suitable action in a sustained manner. The management system will assure all corrective action needed is taken for any nuclear security culture deficiency. The cyber aspect is included in order to manage the risk of intrusion to the facility whether it related to the physical risk or not. The purpose of the management system to take the insider risk into the account is to provide a more robust management on physical protection system. The management system is intended to maintain all regulation and any strong recommendation needed to be implemented. This management system is intended to mitigate the most related risks to the facilities. The system has been documented as BATAN standard where it was based on ISO 28001, ISO 27001 and IAEA GS-R-3 documents. The system was initiated as a standard that would be implementable in any BATAN facilities since each facility is administrated by different management. The different management among those facilities creates a significant application difference due to geographical location, size, style, level of risk, operation and activities of each organization. The management system is expected to assure the sustainability of all security system improvement including security culture development. The implementation of the nuclear security management system involved a team consisting nuclear security experts, nuclear safety experts, and nuclear quality assurance experts. This strong composition had offered an opportunity to build any idea requiring multi-aspect knowledge and experience. Prior to implementation, the team was trained using a predefined syllabus related to the management system and all associated risks.