To evaluate the adequacy of the arrangements Cavendish Nuclear (CN) had in place to manage their supply chain when considering relevant good practice and the regulatory expectations set out in NS-TAST-GD-077 ‘Supply Chain Management Arrangements for the Procurement of Nuclear Safety Related Items or Services’.
To evaluate the management and control of Sensitive Nuclear Information (SNI) and nuclear security culture within Cavendish Nuclear and their supply chain. This activity was supported by the ONR Cyber Security and Information Assurance (CS&IA) team.
I carried out a planned vendor inspection of CN to determine the adequacy of their supply chain management arrangements and how these were aligned with the expectations set out in TAG 77; and to evaluate the adequacy of CN control and management of SNI.
I found CN’s supply chain management arrangements for the areas inspected were adequate and aligned with the expectations set out in TAG 77, (IIS Rating Green).
I found CN’s material and SNI holdings will potentially require them to operate as a Contracting Authority, however this had not been identified within CN’s business. Further investigation by ONR CS&IA team will be required to establish if operating as a Contracting Authority would be appropriate for CN.
The inspection was performed in line with ONR’s guidance requirements (as described in our technical inspection guides, which can be found at ) in the areas inspected. Further information on inspection ratings is available at .
I was satisfied that the principle objectives set for this inspection were achieved. The evaluation confirmed the adequacy of CN’s supply chain management arrangements considered against relevant good practice and the expectations described in TAG 77.
I confirmed that CN had a Supply Chain Management strategy which focussed on enhancing supply chain capabilities and integrating the supply chain function into the project delivery teams. I noted CN’s arrangements for supply chain management were embedded in an integrated web based management system which had been third party certified as meeting the requirements of ISO9001:2008. The procurement process, as with other processes within the management system, was actively managed by the process owner (Head of Procurement) who set the requirements and expectation for the process.
I noted that the process for supplier assessment and selection was well documented and CN had rationalised their approved suppliers list to improve their supplier’s resilience capability, this allowed CN more time to interact with and develop the remaining suppliers. Potential new suppliers were monitored and mentored when appropriate to achieve the right attributes for a supplier to the nuclear industry. There was also good involvement and cooperation between CN and the industry supply chain improvement forums.
I was satisfied that CN had an intelligent customer capability in which appropriate engineering resources were made available throughout the procurement process e.g. specification writing, control of technical queries, deviations and concessions.
I was advised by CN that they were developing their oversight and assurance activities to improve reporting to the Senior Leadership Team and to improve the analysis and use of supply chain data.
I noted CN were executing organisational changes including the supply chain team. I commented that care needed to be exercised to ensure these changes did not adversely affect the recent supply chain improvement initiatives which had yet to be embedded. I also made recommendations on cascading awareness of Nuclear Safety and Counterfeit, Fraudulent & Suspect Items (CFSI) requirements and expectations in appropriate documentation throughout CN‘s supply chain.
I was satisfied from the activities sampled that CN’s Supply Chain Management arrangements were adequate against relevant good practice and, were aligned with the regulatory expectations described in TAG 77 (IIS Rating Green).
I raised a number of recommendations relating to CN’s new initiatives and organisational changes, to emphasise the importance of nuclear safety in high level documentation and to cascade requirements and expectations for CFSI throughout their supply chain.
I found that whilst CN had a good nuclear safety culture, which was cascaded through their supply chain, that this was not as developed in relation to nuclear security. I consider this as an opportunity for CN to strengthen their security arrangements. After analysis by ONR CS&IA it would also appear that Cavendish’s nuclear material and SNI holdings may require them to operate as a Contracting Authority, which had not been recognised within their business. Further investigation by CN will be required to confirm their status.
I have raised a recommendation for CN to confirm in writing to ONR CS&IA (and ONR MG) whether they should operate as a Contracting Authority. Following that decision, a gap analysis and assessment will likely be required by CN to determine further actions. ONR CS&IA will follow up this issue through further engagement with Cavendish Nuclear.
The following recommendations were made:
Cavendish Nuclear to confirm in writing to ONR CS&IA (and copied to ONR MG) whether it should be operating as a Contracting Authority.
ONR will conduct a follow up inspection to consider the adequacy of the deployment of CN supply chain management arrangements on a CN Project for a UK Licensee.
CN (via their licensee) to consider providing a brief to the UK Safety Directors Forum – Supply Chain Sub Group (SDF SCSG) on the learning gained from this inspection and, an update on their supply chain improvement initiatives, as a number of these had yet to be embedded.