NSW Environmental Protection Agency NSW Government
 

Security of radioactive sources - frequently asked questions

Why is the source security code being implemented in NSW?

The Code of Practice for the Security of Radioactive Sources (the Code) forms part of the national strategy to address the security of radioactive sources and minimise the risk of such materials being misused. The NSW Government is committed to implementing the strategy to support Australia's counter-terrorism strategy.

What radioactive sources does the Code apply to?

The Code applies to sealed radioactive sources in Category 1, 2 or 3 security-enhanced sources according to the methodology in Schedule B of the Code.

How do I know if I have a security-enhanced source?

The category for each source is determined using the methodology specified in Schedule B of the Code.

Who must comply with the duties of responsible persons in the Code?

Generally, the organisation that holds a radiation management licence in relation to the security enhanced source will be the responsible person referred to in the Code.

What do I have to do as a responsible person?

The responsible person ensures the implementation of the Code and associated security plans. These responsibilities include:

  • undertaking the categorisation of sources in accordance with section 2.1.1 of the Code and assigning a security category to these sources based on the methodology in Schedule B
  • ensuring that security outcomes applicable to the particular sources according to the Code are met during the use, storage or transport of Category 1, 2 and 3 sources
  • development, maintenance, compliance and review (at least every 12 months) of Source Security Plans and, if required, Source Transport Security Plans that are endorsed by an independent assessor
  • ensuring that a source security plan is re-endorsed every 5 years by an accredited radiation security assessor
  • managing who has access to security-enhanced sources including verifying identities of relevant employees and organising security background checks and identity checks, and keeping records of those checks for 5 years
  • monitoring and ensuring procedures are in place to update security arrangements according to the threat level for a radiological attack as set by the Australian Government
  • reporting and recording security incidents
  • ensuring written approval from the appropriate regulatory authority is obtained before the transfer of ownership and the disposal of a security-enhanced source.

What are the responsibilities of employees and contractors?

A person other than the responsible person, who deals with a security-enhanced source, must comply with the organisation's source security plan.

The Code also requires individuals who deal with security-enhanced radioactive sources to have an identity check or a security background check in some cases.

How does the Code fit with the Protection from Harmful Radiation Act 1990?

The Environment Protection Authority (EPA) is giving effect to the Code through the inclusion of new conditions in licences to use radiation apparatus or radioactive substances, and licences to sell and/or possess radiation apparatus and radioactive substances issued under the Protection from Harmful Radiation Act 1990.

What is a source security plan?

A source security plan provides a comprehensive description of the security system surrounding use, transport and storage of a radioactive source and demonstrates how the responsible person will meet the requirements of the Code. This includes how risk-based security measures will be implemented to achieve the outcomes appropriate to the categorisation of the source as defined by the Code.

Who will endorse my source security plan?

The EPA has accredited independent radiation security assessors to review source security plans or amended security plans to assess whether the plans are made or amended in accordance with the Act, and to endorse that the plan or amended plan satisfies the requirements of the Act. You should contact an assessor directly to discuss your plan.

What if there is a security incident relating to a source for which I am responsible?

In the case of a security breach involving detectable theft, unexplained loss, unauthorised damage, unauthorised access, or unauthorised transfer, the responsible person dealing with a radioactive source must immediately notify NSW Police and the EPA Environment Line on 131 555.

In addition, a written report of the incident must be submitted to the EPA within seven days of the date of the notification in accordance with the Protection from Harmful Radiation Regulation 2025, indicating the circumstances of the breach, the steps take to rectify the breach and any information that may assist in the recovery of the source.

What is an identity check or security background check and what do I need 
to do?

The Code requires that those who deal with security-enhanced sources have an identification check or a security background check. 

A nationally approved guide for identity checking requires documents from four categories to establish proof of identity:

  1. Evidence of commencement of identity in Australia
  2. Linkage between evidence of the identity and person
  3. Evidence of identity operating in the community
  4. Evidence of residential address.

The person responsible for the security enhanced source must undertake and keep a record of the identity check of any person dealing with the source and the record must be kept for 5 years. The record must record the name and residential address of the person who is the subject of the check and the documents sighted in performing the check.

What is a source transport security plan?

A person who is responsible for a security-enhanced source that is being transported must prepare a source security transport plan.

A source transport security plan sets out how the source is to be protected from unauthorised access and nominate a person who is responsible for implementing the plan. Schedule A of the Code contains the information that must be included in this plan.

A plan must be submitted to the EPA at least seven days before transportation, or if it is a regular transportation of Category 2 and 3 sources, before the first transportation.

Who will endorse my source transport security plan?

The EPA has accredited independent radiation security assessors to review source transport security plans or amended security plans to assess whether the plans are made or amended in accordance with the Act, and to endorse that the plan or amended plan satisfies the requirements of the Act. You should contact an assessor directly to discuss your plan.

Who will advise me if the threat level changes?

The Code requires security plans to be scalable, based on the current national Threat Level. The EPA maintains a record of contacts at organisations that are responsible for security-enhanced sources. The NSW Police or the EPA will advise of any sudden change in the threat level for a radiological hazard.