OMB 1652-0040 Table of Changes for Air Cargo Security

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

The Aviation and Transportation Security Act of 2001 (ATSA), Public Law 107-71, 115 Stat. 597 (Nov. 19, 2001), transferred the responsibility for civil aviation security to the Transportation Security Administration (TSA). Congress set forth in ATSA two specific requirements for TSA in the area of air cargo security: (1) to provide for screening of all property, including U.S. mail, cargo, carry-on and checked baggage, and other articles, that will be carried aboard a passenger aircraft; and (2) to establish a system to screen, inspect, or otherwise ensure the security of all cargo that is to be transported in all-cargo aircraft as soon as practicable. While new aviation security requirements have greatly reduced the vulnerability of the air cargo system, TSA, in cooperation with industry partners, has identified additional gaps in the existing cargo security requirements that must be filled to reduce the likelihood of cargo tampering or unauthorized access to the aircraft with malicious intent. This collection is a central component of this solution and proposes updating the requirements of airports, aircraft operators, and indirect air carriers currently operating under a security program and instituting security requirements for all-cargo carriers and the freight forwarders servicing them as set forth in 49 CFR parts 1540, 1542, 1544, 1546, and 1548.

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

The Aviation and Transportation Security Act of 2001 (ATSA), Public Law 107-71, 115 Stat. 597 (Nov. 19, 2001), transferred the responsibility for civil aviation security to the Transportation Security Administration (TSA). Congress set forth in ATSA two specific requirements for TSA in the area of air cargo security: (1) to provide for screening of all property, including U.S. mail, cargo, carry-on and checked baggage, and other articles, that will be carried aboard a passenger aircraft; and (2) to establish a system to screen, inspect, report, or otherwise ensure the security of all cargo that is to be transported in all-cargo aircraft as soon as practicable. While new aviation security requirements have greatly reduced the vulnerability of the air cargo system, TSA, in cooperation with industry partners, has identified additional gaps in the existing cargo security requirements that must be filled to reduce the likelihood of cargo tampering or unauthorized access to the aircraft with malicious intent. This collection is a central component of this solution and updates the requirements of airports, aircraft operators, and indirect air carriers (IACs) currently operating under a security program and instituting security requirements for all-cargo carriers and the IACs servicing them as set forth in 49 CFR parts 1540, 1542, 1544, 1546, and 1548. TSA published a final rule implementing these requirements on May 26, 2006 (71 FR 30478).

Changed tense as required to reflect that this is a resubmission.

Called out the requirement to report in number (2).

Changed “freight forwarder” to IAC.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

The rule associated with this information collection will require the respondents, who may include certain regulated entities, to: (1) create, implement, and update as necessary security programs that must remain on file and ready for inspection by TSA personnel; (2) for regulated entities with cargo screening responsibilities, maintain a written record of the justification for exemption from screening as provided in the applicable security programs; (3) accomplish security training for employees and agents who have access to secure areas and keep records of such training on file and ready for inspection; and (4) conduct background checks, which includes a criminal history records check (CHRC) and a security threat assessment (STA), on employees and agents who have access to secure cargo areas, who have unescorted access to cargo, and who screen cargo for certain aircraft operators in order to ensure fitness for security responsibilities, and on sole proprietors, general partners, officers, directors, and certain owners of indirect air carriers or applicants to be an indirect air carrier because these operations are a critical link to a secure cargo supply chain.

More specifically, TSA will collect and retain the following information for a security threat assessment for an individual with unescorted access to cargo; each individual who is a general partner, officer or director of an IAC or an applicant to be an IAC, and certain owners of an IAC or an applicant to be an IAC; and an individual who has responsibility for screening cargo that will be carried on an aircraft of an aircraft operator required to screen cargo under 49 CFR part 1544:

1. Legal name, including first, middle, and last; any applicable suffix; and any other names used.

2. Current mailing address, including residential address if different than current mailing address, and all other residential addresses for the previous seven years and email address, if applicable.

3. Date and place of birth.

4. Social security number (although provision of one’s social security number is voluntary, failure to provide a social security number may result in delays in processing the security threat assessment).

5. Citizenship status and date of naturalization if the individual is a naturalized citizen of the United States.

6. Alien registration number, if applicable.

Further, TSA will collect identifying information for a database for both companies and individuals who indirect air carriers and air carriers have qualified to ship cargo on passenger aircrafts, also referred to as “known shippers.” This information consists of:

1. Legal name, including first, middle, and last; any applicable suffix; and any other names used.

2. Current physical address.

3. Phone number.

In addition to information specified above, individuals who work for aircraft operators and who have the responsibility to screen cargo must undergo a CHRC. The rule requires that these individuals must complete a fingerprint application, including personal information, and submit the application through their employer to the American Association of Airport Executive’s (AAAE) Transportation Security Clearinghouse, a service that AAAE provides to airports, air carriers, and their members. Using AAAE provides one point of contact, instead of multiple contacts. Additionally, AAAE converts paper fingerprint submissions into an electronic format, if the employer does not have the capacity to do so. This service limits the number of unreadable prints and facilitates a better turn-around time for adjudication. AAAE sends this information to TSA via secured e-mail. TSA then transmits the fingerprint to the FBI for CHRC. The FBI returns the results to TSA’s secure Fingerprint Results Distribution website for adjudication. The FBI will make a notation that the fingerprint record has been audited and may retain a copy of the fingerprints if the copy that TSA provided is more readable than the one on record.

Finally, TSA may collect information that an individual chooses to submit in connection with an appeal of a TSA determination.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

The regulations associated with this information collection require the respondents, who may include certain regulated entities, to: (1) create, implement, and update as necessary security programs, provide cargo screening data, and provide data with which to vet known shippers, that must remain on file and ready for inspection by TSA personnel; (2) for regulated entities with cargo screening responsibilities, maintain a written record of the justification for exemption from screening as provided for in the applicable security programs; (3) accomplish security training for employees and agents who have access to secure areas and keep records of such training on file and ready for inspection; and (4) conduct background checks, which includes a criminal history records check (CHRC) and a security threat assessment (STA) on employees and agents who have access to secure cargo areas, who have unescorted access to cargo, and who screen cargo for certain aircraft operators, in order to ensure fitness for security responsibilities, and on sole proprietors, general partners, officers, directors, and certain owners of IACs or applicants to be an IAC because these operations are a critical link to a secure cargo supply chain.

More specifically, TSA collects and retains the following information for a security threat assessment for an individual with unescorted access to cargo; each individual who is a general partner, officer or director of an IAC or an applicant to be an IAC, and certain owners of an IAC or an applicant to be an IAC; and an individual who has responsibility for screening cargo that will be carried on an aircraft of an aircraft operator required to screen cargo under 49 CFR part 1544:

1. Legal name, including first, middle, and last; any applicable suffix; and any other names used.

2. Current mailing address, including residential address if different than current mailing address, and all other residential addresses for the previous seven years and email address, if applicable.

3. Date and place of birth.

4. Social Security number (although provision of one’s social security number is voluntary, failure to provide a Social Security number may result in delays in processing the security threat assessment).

5. Citizenship status and date of naturalization if the individual is a naturalized citizen of the United States.

6. Alien registration number, if applicable.

Further, TSA will collect identifying information for a database for both companies and individuals whom IACs and aircraft operators have qualified to ship cargo on passenger aircrafts, also referred to as “known shippers.” This information is primarily collected electronically via the Known Shipper Management System (KSMS); however, a manual method is allowed for those shippers who are unable to be entered into KSMS. The manual method is comprised of completion and retention of TSA Form 419H. IACs and aircraft operators enter information into the database. The information consists of:

4. Legal name, including first, middle, and last; any applicable suffix; and any other names used.

5. Current physical address.

6. Phone number.

In addition to information specified above, individuals who work for aircraft operators and who have the responsibility to screen cargo must undergo a CHRC. Collections of CHRC for individuals who work for aircraft operators and who have responsibility to screen cargo are covered under the Aircraft Operator Security Program and the Model Security Program, OMB number 1652-0003. The rule requires that these individuals must complete a fingerprint application, including personal information, and submit the application through their employer to the American Association of Airport Executive’s (AAAE) Transportation Security Clearinghouse, a service that AAAE provides to airports, aircraft operators, and their members. Using AAAE provides one point of contact, instead of multiple contacts. Additionally, AAAE converts paper fingerprint submissions into an electronic format, if the employer does not have the capacity to do so. This service limits the number of unreadable prints and facilitates a better turn-around time for adjudication. AAAE sends this information to TSA via secure e-mail. TSA then transmits the fingerprints to the FBI for the CHRC. The FBI returns the results to TSA’s secure Fingerprint Results Distribution website for adjudication. The FBI will make a notation that the fingerprint record has been audited and may retain a copy of the fingerprints if the copy that TSA provided is more readable than the one on record. Finally, TSA may collect information that an individual chooses to submit in connection with an appeal of a TSA determination on an applicant’s STA.

Changed tense as required to reflect that this is a resubmission.

Further explained the cargo reporting requirement and the known shipper data collection.

Defines and explains the Known Shipper Management System (KSMS).

Further explains that the requirement for CHRC is found in another PRA.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.

In compliance with the Government Paperwork Elimination Act, TSA intends and is working to collect all information electronically. However, for those respondents without the resources to submit information electronically, TSA will continue to work with them so that they can submit and/or maintain the required information in a manner that best meets their particular needs. Electronic signatures are not applicable to this program.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.

In accordance with the Government Paperwork Elimination Act, TSA is working to develop systems to collect all information electronically through the Air Cargo Data Management System (ACDMS). For those respondents without the resources to submit information electronically, TSA will continue to work with them so that they can submit and/or maintain the required information in a manner that best meets their particular needs. TSA has already converted the record keeping and data collection requirements for the known shipper program from a manual to an electronic process. TSA expects to fully deploy the ACDMS to enable automated STA processing and the cargo reporting requirements in 2010.

Corrects language to reflect effort to comply versus compliance.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

The amount of information required is proportional to the size of each air carrier and indirect air carrier operation and, therefore, the collection does not create a significant impact on a substantial number of small businesses.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

This collection does not create a significant impact on a substantial number of small businesses.

Clarified language.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).

5 CFR 1320.5(d)(2)(i):

Employees regulated under this rule have an obligation to inform TSA of any disqualifying offenses under 49 CFR 1544.229 for purposes of the CHRC, which means employees, if necessary, may have to report more often than quarterly.

IACs have an obligation to submit changes in business and associated personal information to TSA, if necessary, which may occur more often than quarterly.

5 CFR 1320.5(d)(2)(iv):

In the interests of national transportation security, IACs are required to retain records indefinitely, according to security program requirements, which may exceed three years.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d) (2).

5 CFR 1320.5(d)(2)(I):

IACs have an obligation to submit changes in business and associated personal information within 24 hours of the change to TSA, which may occur more often than quarterly.

Clarifies answer by removing unnecessary CHRC language since CHRC is cover under a different submission.

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA is promulgating this regulation after extensive consultation with industry through its Aviation Security Advisory Committee, other Federal agencies including the Department of Transportation, and the U.S. Customs and Border Protection. TSA also published a notice of proposed rulemaking for this rule in the Federal Register on November 10, 2004 (69 FR 65258), has reviewed comments to that rule, and provided responses to the comments in the final rule. Combined, the regulatory and programmatic changes associated with this collection will impose significant barriers to anyone seeking to access the air cargo system with malicious intent.

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA promulgated the regulation associated with these collections after extensive consultation with industry through its Aviation Security Advisory Committee, other Federal agencies including the Department of Transportation, and the U.S. Customs and Border Protection. Frequent outreach and consultation with industry trade groups and representatives continues. TSA published a notice of proposed rulemaking for this rule in the Federal Register on November 10, 2004 (69 FR 65258), and published a final rule on May 26, 2006 (71 FR 30478). Combined, the regulatory and programmatic changes associated with this collection will impose significant barriers to anyone seeking to access the air cargo system with malicious intent.

Changed tense as required to reflect that this is a resubmission.

Questions 12

Changed numbers to reflect current populations of respondents and to reflect the institution of KSMS.

13. Provide an estimate of the total annual cost burden to respondents or recordkeepers resulting from the collection of information.

TSA estimates that the average annual cost to:

• Air carrier employees for the CHRCs will be approximately $907,000.

• Air carrier employees for the STAs will be approximately $767,000.

• IACs for vetting will be approximately $1,778,000.

• IACs for the appeals process will be approximately $12,500.

• Air carriers for the annual reporting of their security program will be approximately $68,000.

Thus, TSA estimates that the average annual cost to all respondents as a result of this information collection will be approximately $3,600,000.

13. Provide an estimate of the total annual cost burden to respondents or recordkeepers resulting from the collection of information.

There is no cost burden to respondents or record keepers resulting from the collection of information.

Changed to reflect current cost structure. CHRC burden removed as it is covered in a different PRA.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

The cost to the government for conducting this collection of information stems from the modification of a web-based portal and the electronic processing of 101,625 cargo employee background checks the first year, and 15,395 each year afterwards. Based on information provided to us by the contractor responsible for this aspect of the program, the initial computer program modification will cost approximately $500,000, and it will cost approximately $2,400,000 per year for the shared application over the next three years, which comes to an annual total of $7.7 million for system modification, operations, data, and maintenance costs.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

The average annual cost to the government for conducting this collection of information is $6,510,403. This total is comprised of several components. First, the average annual cost of $23,474 to review new security programs by a TSA Principal Security Inspector is calculated by taking the loaded average hourly wage rate of $68.85 at two hours and fifteen minutes multiplied by the 152 annual average new program submissions. The average annual cost of $698,488 to review updated security programs by a TSA Principal Security Inspector is calculated by taking the loaded average hourly wage rate of $68.85 at two hours and fifteen minutes multiplied by the 4,509 annual average new program submissions. The total average annual cost of $8,398 to review cargo reporting is calculated by applying the loaded average hourly wage rate of $50.24 for a TSA H Band employee at 6 hours per month for 12 reviews per year with the loaded average hourly wage rate of $66.40 for a TSA I Band employee at 6 hours per month for 12 reviews per year. TSA will incur average annual costs for KSMS of $3,600,000 for an outside contract and $750,000 for operations and maintenance for a total of $4,350,000. TSA will also incur average annual costs for STAs of $750,000 for operations and maintenance and $680,043 ($17 fee multiplied by 40,003 average annual applicants) for STA fees for a total of $1,430,043.

Changed to reflect current known costs and populations.

15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

This is a new collection of information.

15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

This is a renewal of an expiring collection of information. The existing populations covered in this ICR as reflected in the burden estimate provided above, including KSMS, have increased. We have also provided more detailed burden estimates for cargo reporting.

Changed to reflect that this is a renewal, not a new collection.