National Nuclear Laboratory

Security

UKNNL recognise that secure operations are dependent upon employee participation, commitment and accountability. UKNNL will maintain the highest appropriate levels of security for our offices, projects and sites to prevent unauthorised access to all protected assets whilst allowing authorised persons to go about their business.

What you can expect from us:

  • As dutyholder for security, UKNNL will establish and comply with ONR approved Nuclear Site Security Plans (NSSP) for any site that handles nuclear material and Sensitive Nuclear Information (SNI) to prevent the unauthorised access, removal (theft) of nuclear material or SNI, or the sabotage of nuclear premises and nuclear material transit.
    UKNNL will ensure that NSSPs, procedures and instructions are in place to protect nuclear assets.
  • UKNNL will develop a robust cyber security and information assurance plan to mitigate risks to systems and information in accordance with ISO27001 standards, Cabinet Office requirements for Protectively Marked Information (PMI) and ONR’s requirements for Sensitive Nuclear Information.
  • UKNNL will promote security awareness across all UKNNL employees and contractors via security educational courses, periodic communications encouraging healthy security culture and Learning from Experience (LfE) messages.
  • UKNNL will benchmark performance and culture against industry standards and certifications, such as the CPNI SeCuRE tool and comparing results to similar national infrastructure industries.
  • UKNNL will develop and implement a security culture to reduce the likelihood of security incidents occurring.
  • UKNNL will ensure that UKNNL remains compliant with all relevant nuclear and general security legislation, including but not limited to the Official Secrets Acts, the Nuclear Industry Security Regulations, The Nuclear Safeguards Act, The Cabinet Office Security Policy Framework and the Data Protection Regulations.
  • UKNNL will provide a facility to report any non-compliances with this policy.
  • UKNNL will provide the necessary tools, equipment, information and resources to employees to enable secure access to facilities, material or information and provide a secure working environment.
  • UKNNL will take reasonable steps to protect staff, contractors and visitors from the effects of any security incident including malicious attacks.
  • UKNNL will ensure effective emergency arrangements are in place, planning and testing these to ensure continuous improvement.

What we can expect from you:

  • Employees will ensure they adhere to security procedures and instructions that flow down from any Nuclear Site Security Plan (NSSP).
  • Employees will ensure adherence to UKNNL’s information and cyber security standards, procedures and instructions.
  • Employees should undertake all mandatory security awareness courses and apply learning from these and any LfE broadcast.
  • Employees will investigate and rectify all incidents and known vulnerabilities wherever possible.
  • Emp Employees will adhere to all relevant security procedures and instructions that flow down from legislation and approved security plans.loyees with specific security roles will lead by example, carry out monitoring at all times and all employees will remain vigilant and report any suspected security incidents.
  • Employees will report any suspected non-compliance though the correct channels as soon as practicable.
  • Employees will demonstrate diligence in the protection of any asset afforded by UKNNL and return any such items as soon as practicably possible when requested to do so.
  • Employees will report any suspicious activity or behaviours and adhere to any security procedure or instruction that protects their safety and security.
  • Employees will participate in security drills as required and comply with emergency arrangements.

Review/measurement:

This Policy will be reviewed regularly and updated as required to ensure it is effective and reflects the business needs.

UKNNL expects all to operate in accordance with UKNNL’s values and behaviours, and adhere to this policy

The implementation of this Security Policy and key monitoring activities will be detailed in the EHSS&Q and Delivery Operations Policy Implementation Matrix – IMS-EHSS&Q-DO-PIM

How we will measure our performance

  • Annual security targets and objectives
  • Audits and reviews, to monitor security across the organisation

You can download a copy of our Security policy by clicking on this link.