In accordance
with 5 CFR 1320, the information collection is approved for three
years. The agency is reminded that for information collections
submitted as an "Extension without change of a currently approved
collection," changes to the annual number of responses, time
burden, and cost burden should only be attributable to a change in
agency estimate as opposed to a substantative change to the
collection.
Inventory as of this Action
Requested
Previously Approved
09/30/2014
36 Months From Approved
09/30/2011
1,501
0
1,000
819,840
0
1,125,400
5,261
0
0
How is the information used? Under the
Critical Infrastructure Protection (CIP) Reliability Standards, a
responsible entity is not required to report to the Commission, ERO
or Regional Entities, the various policies, plans, programs and
procedures. However, a showing of the documented policies, plans,
programs and procedures is required to demonstrate compliance with
the CIP Reliability Standards. Who uses the information? The
responsible entity uses the information in a periodic audit in
order to show compliance with the Reliability Standards. Why is the
information collected? The purpose in documenting policies, plans,
programs and procedures is to be able to show how the standard is
being followed. What are the consequences of not collecting the
information? Without this information, the compliance enforcement
authority would have difficulty in verifying compliance to the CIP
Reliability Standards. Without verification, serious breaches in
cyber security could perpetuate indefinitely before being
corrected. Who must comply? Entities registered with NERC that have
at least one CIP-related function.
The adjustment decrease of
305,560 hours is due to two factors. The first is that the
multi-year implementation period for these initial CIP standards
was completed in 2010 (a reduction of 579,204 hours). It is now
assumed that most entities (all but an average of 6 new entities
per year) are incurring the much reduced burden requisite with
demonstrating ongoing compliance as opposed to initial
implementation. The second factor is an increase in the number of
applicable entities which is due to a more accurate estimate of the
effected industry (an increase of 273,644 hours). The net burden
change is a reduction of 305,560 hours.
$1,575
No
No
No
No
No
Uncollected
Nicholas Snyder 202
502-6408
No
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
IC11-725B Extension of time notice.pdf
725B_Revised Just_2011 v3.doc
FERC-725B, Mandatory Reliability Standards for Critical Infrastructure Protection