Download: docx | pdf

Supporting Statement for PRA Submission

Chemical Facility Anti-Terrorism Standards Personnel Surety Program

OMB Control Number 1670-NEW

A. Supporting Statement A for the Chemical Facility Anti-Terrorism Standards Personnel Surety Program

1. Circumstances Making the Collection of Information Necessary

Overview

On December 18, 2014, the President signed into law the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (“CFATS Act of 2014”) providing long term authorization for the CFATS program and affirming that the Department of Homeland Security should continue to require high-risk chemical facilities to identify individuals with terrorist ties.

Section 550 of Public Law 109-295 previously provided (and the CFATS Act of 2014 continues to provide) the Department with the authority to identify and regulate the security of high-risk chemical facilities using a risk-based approach. On April 9, 2007, the Department issued the CFATS Interim Final Rule (IFR) implementing this statutory mandate.¹

Section 550 required (and the CFATS Act of 2014 continues to require) that the Department establish risk-based performance standards (RBPS) for high-risk chemical facilities and, under CFATS, the Department promulgated 18 RBPS. Each chemical facility that has been finally determined by the Department to be high-risk must submit a Site Security Plan (SSP), or an Alternative Security Program (ASP) if the facility so chooses, for Department approval that satisfies each applicable RBPS. RBPS 12 – Personnel Surety – requires high-risk chemical facilities to:

Perform appropriate background checks on and ensure appropriate credentials for facility personnel, and as appropriate, for unescorted visitors with access to restricted areas or critical assets, including, (i) Measures designed to verify and validate identity; (ii) Measures designed to check criminal history; (iii) Measures designed to verify and validate legal authorization to work; and (iv) Measures designed to identify people with terrorist ties[.]²

As explained by the Department in the preamble to the CFATS IFR, the ability to identify affected individuals (i.e., facility personnel or unescorted visitors with access to restricted areas or critical assets at high-risk chemical facilities) who have terrorist ties is an inherently governmental function and necessarily requires the use of information held in government-maintained databases that are unavailable to high-risk chemical facilities.³ Thus, under RBPS 12(iv), the Department and high-risk chemical facilities must work together to satisfy the “terrorist ties” aspect of the Personnel Surety performance standard. As a result, the CFATS Personnel Surety Program will identify individuals with terrorist ties that have or are seeking access to the restricted areas and/or critical assets at the nation’s high-risk chemical facilities.

Who is Impacted by the CFATS Personnel Surety Program?

The CFATS Personnel Surety Program will provide high-risk chemical facilities the ability to submit certain biographic information about affected individuals to the Department. As explained above, affected individuals are (1) facility personnel who have access, either unescorted or otherwise, to restricted areas or critical assets, and (2) unescorted visitors who have access to restricted areas or critical assets.

There are also certain groups of persons that the Department does not consider to be affected individuals, such as (1) Federal officials that gain unescorted access to restricted areas or critical assets as part of their official duties; (2) state and local law enforcement officials that gain unescorted access to restricted areas or critical assets as part of their official duties; and (3) emergency responders at the state or local level that gain unescorted access to restricted areas or critical assets during emergency situations.

In some emergency or exigent situations, access to restricted areas or critical assets by other individuals who have not had appropriate background checks under RBPS 12 may be necessary. For example, emergency responders not described above may require such access as part of their official duties under appropriate circumstances. If high-risk chemical facilities anticipate that any individuals will require access to restricted areas or critical assets without visitor escorts or without the background checks listed in RBPS 12 under exceptional circumstances (e.g., foreseeable but unpredictable circumstances), facilities may describe such situations and the types of individuals who might require access in those situations in their SSPs or ASPs. The Department will assess the appropriateness of such situations, and any security measures to mitigate the inherent vulnerability in such situations, on a case-by-case basis as it reviews each high-risk chemical facility’s SSP or ASP.

Options Available to High-Risk Chemical Facilities to Comply with RBPS 12(iv)

In the preamble to the CFATS IFR, the Department outlined two potential approaches to help high-risk chemical facilities satisfy RBPS 12(iv), both of which would involve high-risk chemical facilities submitting certain information to the Department. See id.

The first approach would involve facilities submitting certain information about affected individuals to the Department, which the Department would use to vet those individuals for terrorist ties. Specifically, identifying information about affected individuals would be compared against identifying information of known or suspected terrorists contained in the Federal Government’s consolidated and integrated terrorist watchlist, the Terrorist Screening Database (TSDB), which is maintained on behalf of the Federal government by the Department of Justice (DOJ) Federal Bureau of Investigation (FBI) in the Terrorist Screening Center (TSC).

In order to avoid unnecessary duplication of terrorist screening, the Department also described an additional approach under which high-risk chemical facilities would submit information about affected individuals possessing certain credentials that rely on security threat assessments conducted by the Department.⁴

The Department has developed a CFATS Personnel Surety Program that will provide high-risk chemical facilities additional options to comply with RBPS 12(iv) while continuing to make available the two alternatives outlined in the preamble to the CFATS IFR. In addition to the alternatives expressly described in this document, the Department also intends to permit high-risk chemical facilities to propose alternative measures for terrorist ties identification in their SSPs or ASPs, which the Department will consider on a case-by-case basis in evaluating high-risk chemical facilities’ SSPs or ASPs.

As a result of the CFATS Personnel Surety Program, regardless of the option selected by the high-risk chemical facility, the Department will identify individuals with terrorist ties that have or are seeking access to the restricted areas and/or critical assets at the nation’s high-risk chemical facilities.

The first option is consistent with the primary approach described in the CFATS IFR preamble. Under Option 1 – Direct Vetting, high-risk chemical facilities (or others acting on their behalf) would submit certain information about affected individuals to the Department through a Personnel Surety Program application in an online technology system developed under CFATS called the Chemical Security Assessment Tool (CSAT). Access to and the use of CSAT is provided free of charge to high-risk chemical facilities (or others acting on their behalf).

Under this option, information about affected individuals submitted by, or on behalf of, high-risk chemical facilities would be vetted against information contained in the Federal government’s consolidated and integrated terrorist watchlist.

The second option is consistent with the second approach described in the CFATS IFR preamble. Under Option 2 – Use Of Vetting Conducted Under Other Department Programs, high-risk chemical facilities (or others acting on their behalf) would also submit certain information about affected individuals to the Department through the CSAT Personnel Surety Program application.

Option 2 would, however, allow high-risk chemical facilities and the Department to take advantage of the vetting for terrorist ties already being conducted on affected individuals enrolled in the Transportation Worker Identification Credential (TWIC) Program, Hazardous Materials Endorsement (HME) Program, as well as the NEXUS, Secure Electronic Network for Travelers Rapid Inspection (SENTRI), Free and Secure Trade (FAST), and Global Entry Trusted Traveler Programs. All of these programs conduct terrorist ties vetting equivalent to the terrorist ties vetting that would be conducted under Option 1. Under Option 2, high-risk chemical facilities, or their designees (e.g., third parties), could submit information to the Department about affected individuals possessing the appropriate credentials to enable the Department to electronically verify the affected individuals’ enrollments in these other programs. The Department would subsequently notify the Submitter of the high-risk chemical facility whether or not an affected individual’s enrollment in one of these other Department programs was electronically verified. The Department would also periodically re-verify each affected individual’s continued enrollment in one of these other programs, and notify the appropriate designee of the high-risk chemical facility of significant changes in the status of an affected individual’s enrollment (e.g., if an affected individual who has been enrolled in the HME Program ceases to be enrolled, the Department would change the status of the affected individual in the CSAT Personnel Surety Program application and notify the Submitter). Electronic verification and re-verification would enable the Department and the high-risk chemical facility to ensure that an affected individual’s credential or endorsement is appropriate to rely upon in compliance with RBPS 12(iv).

The Department also plans to offer high-risk chemical facilities a third option. Under Option 3 – Electronic Verification of TWIC, a high-risk chemical facility (or others acting on the high-risk chemical facility’s behalf) would not submit information about affected individuals in possession of TWICs to the Department if the high-risk chemical facility (or others acting on the high-risk chemical facility’s behalf) electronically verify and validate the affected individuals’ TWICs through the use of TWIC readers (or other technology that is periodically updated with revoked card information). Any high-risk chemical facilities that choose this option would need to describe in their SSPs or ASPs the procedures they will follow if they choose to use TWIC readers for compliance with RBPS 12(iv).

In accordance with the CFATS Act of 2014 the Department will offer a fourth option of Visual Verification. Option 4, Visual Verification of Credentials Conducting Periodic Vetting, complies with section 2102(d)(2)(B) of the Homeland Security Act and will allow a high risk chemical facility to satisfy its obligation under 6 CFR 27.230(a)(12)(iv) to identify individuals with terrorist ties by using any Federal screening program that periodically vets individuals against the TSDB if:

• The Federal screening program issues a credential or document; and

• The high risk chemical facility is presented a credential or document by the affected individual; and

• The high risk chemical facility (in accordance with its SSP or ASP) visually inspects the credential or document to assess whether it is current.

Pursuant to section 2101(d)(2)(B)(i)(II) of the Homeland Security Act, high-risk chemical facilities shall accept credentials from Federal screening programs and address in their SSPs or ASPs the measures they would take to verify that a credential or document is current.

High-risk chemical facilities would have discretion as to which option(s) to use for an affected individual. For example, even though a high-risk chemical facility could comply with RBPS 12(iv) for certain affected individuals (i.e. those holding existing credentials or documents as described above) by using Option 4, the high-risk chemical facility could choose to use Option 2 or Option 3 for those affected individuals. High-risk chemical facilities also may choose to combine Option 1, Option 2, Option 3 and/or Option 4, as appropriate, to ensure that adequate terrorist ties checks are performed on different types of affected individuals (e.g., employees, contractors, unescorted visitors). Each high-risk chemical facility will need to describe how it will comply with RBPS 12(iv) in its SSP or ASP.

In addition to the options described above for satisfying RBPS 12(iv), high-risk chemical facilities are welcome to propose alternative or supplemental options not described in this document in their SSPs or ASPs. The Department will assess the adequacy of such alternative or supplemental options on a facility-by-facility basis, in the course of evaluating each facility’s SSP or ASP.

High-risk chemical facilities may also consider measures to address, or minimize the impacts of, compliance with RBPS 12(iv). For example, high-risk chemical facilities may restrict the numbers and types of persons whom they allow to access their restricted areas and critical assets, thus limiting the number of persons who will need to be checked for terrorist ties. High-risk chemical facilities also have wide latitude in how they define their restricted areas and critical assets in their SSPs or ASPs, thus potentially limiting the number of persons who will need to be checked for terrorist ties. High-risk chemical facilities also may choose to escort visitors to restricted areas and critical assets in lieu of performing the background checks required by RBPS 12.⁵

Relationship Between This Information Collection Request and Other CFATS Information Collections

This ICR is associated with 1670-0007, 1670-0014, and 1670-0015, all of which describe different information collections which support CFATS.

1670-0007 is primarily responsible for the collection of information electronically through CSAT from high-risk chemical facilities as part of CFATS. 1670-0007 also covers CSAT user registration and the assignment of user roles within CSAT. 1670-0007 is relevant to the CFATS Personnel Surety Program because the CFATS Personnel Surety Program was designed to enable flexibility in how facilities assign CSAT user roles and responsibilities to match their business operations.

1670-0014 collects information that supports the Department’s management of CFATS communications and notifications to/from high-risk chemical facilities.

1670-0015 collects information about Chemical-terrorism Vulnerability Information (CVI), information that is related to the unique information protection regime which ensures that certain information provided by high-risk chemical facilities to the Department is properly protected.

No Need For Statement B

The CFATS Personnel Surety Program will not use statistical methods on information collected.

2. By Whom, How, And For What Purpose The Information Is To Be Used

What/Who is the Source of the Information?

High-risk chemical facilities are responsible for complying with RBPS 12(iv). However, companies operating multiple high-risk chemical facilities, as well as companies operating only one high-risk chemical facility, may comply with RBPS 12(iv) in a variety of ways. High-risk chemical facilities, or their parent companies, may choose to comply with RBPS 12(iv) by identifying and submitting the information about affected individuals to the Department directly. Alternatively, high-risk chemical facilities, or their parent companies, may choose to comply with RBPS 12(iv) by outsourcing the information submission process to third parties. High-risk chemical facilities may also choose options for compliance with RBPS 12(iv) that do not involve submission of information to the Department.

The Department anticipates that many high-risk chemical facilities will rely on businesses that provide contract services (e.g., complex turn-arounds, freight delivery services, lawn mowing) to identify and submit to the Department for vetting, the appropriate information about affected individuals they employ.

CSAT User Roles and Responsibilities

To minimize the burden of submitting information about affected individuals, under Options 1 and 2 (as described above), high-risk chemical facilities would have wide latitude in assigning CSAT user roles to align with their business operations and/or the business operations of third parties that provide contracted services to them. Furthermore, the Department intends to structure the CSAT Personnel Surety Program application to allow designees of high-risk chemical facilities to submit information about affected individuals directly to the Department on behalf of high-risk chemical facilities.

High-risk chemical facilities and their designees will be able to structure their CSAT user roles to submit information about affected individuals to the Department in several ways:

1. A high-risk chemical facility could directly submit information about affected individuals, and designate one or more officers or employees of the facility with an appropriate CSAT user role; and/or

2. A high-risk chemical facility could ensure the submission of information about affected individuals by designating one or more persons affiliated with a third party (or with multiple third parties); and/or

3. A company owning several high-risk chemical facilities could consolidate its submission process for affected individuals. Specifically, the company could designate one or more persons to submit information about affected individuals on behalf of all of the high-risk chemical facilities on a company-wide basis.

The Department may, upon request, also consider allowing CSAT users the ability to submit information about affected individuals to the Department via a web service. The ability to submit information about affected individuals via a web service will be provided on a case by case basis. The Department will review all requests for feasibility and to ensure appropriate security and privacy safeguards are in place and have been agreed to by the CSAT user.

The Purpose for Collecting the Information

The purpose of the CFATS Personnel Surety Program is to identify individuals with terrorist ties that have or are seeking access to the restricted areas and/or critical assets at the nation’s high-risk chemical facilities. This ICR will allow chemical facilities to comply with RBPS 12(iv).

3. Use of Improved Information Technology and Burden Reduction

The CFATS Personnel Surety Program primarily uses CSAT, which is available to high-risk chemical facilities and to their designees free of charge. Using CSAT reduces the burden on high-risk chemical facilities by streamlining the data collection process to meet CFATS regulatory obligations.

The CFATS Personnel Surety Program also allows high-risk chemical facilities the opportunity to leverage existing TWIC reader technology to electronically verify and validate affected individuals’ TWICs. The Department believes that the data submission for RBPS 12(iv) will likely be accomplished in concert with the routine hiring and access control background checks related to RBPS 12(i)-(iii) because doing these checks in concert with one another is likely to generate the potential for cost savings.⁶

Similarly, for facilities that chose Option 4 – Visual Verification of Credentials Conducting Periodic Vetting, the Department will not collect any data and believes facilities will satisfy RBPS 12(iv) in concert with routine hiring and access control background checks related to RBPS12(i)-(iii).

4. Efforts to Identify Duplication and Use of Similar Information

Under Option 2 (as described above), the Department will not duplicate the vetting of affected individuals against the TSDB under the CFATS Personnel Surety Program, if the Department can verify the affected individual’s enrollment in the TWIC, HME, or Trusted Traveler Programs.

Under Option 3 (as described above), high-risk chemical facilities do not need to submit information about affected individuals enrolled in the TWIC Program, if the facility opts to electronically verify and validate TWICs through the use of TWIC readers as described in their SSPs or ASPs.

Under Option 4 (as described above), high-risk chemical facilities will not be required to submit information about affected individuals when they choose to utilize Visual Verification of Credentials Conducting Periodic Vetting, in accordance with section 2102(d)(2)(B) of the Homeland Security Act.

5. Impact on Small Business or Other Small Entities

While no unique methods will be used to minimize the burden to small businesses, small businesses have flexibility in their SSPs or ASPs to choose which security measures they will implement in order to comply with CFATS.

6. Consequences of Collecting the Information Less Frequently

Reducing the frequency of information collection would prevent the Department from acquiring up-to-date information about who has or is seeking access to restricted areas and critical assets at high-risk chemical facilities. This could prevent an adequate government response in the event that an affected individual with terrorist ties has or seeks to obtain such access.

In accordance with the CFATS Act of 2014 the Department will not require high-risk chemical facilities to submit information about an individual more than one time.

7. Special Circumstances Relating to the Guidelines under 5 CFR § 1320.5(d)(2)(i)

Requiring respondents to report information to the agency more often than quarterly

Respondents under this collection are the individuals whose information has been submitted to the Department through CSAT by high-risk chemical facilities at which they have or are seeking access to restricted areas or critical assets. However, at no time do affected individuals report information directly to the Department; instead, the actual reporting burden is placed upon high-risk chemical facilities. The frequency of information submission for high-risk chemical facilities is a function of a number of variables, many of which are under the control of high-risk chemical facilities. Relevant variables include (but are not limited to) the nature of a facility’s access controls, visitor escorting procedures, and how high-risk chemical facilities choose to define what is and is not a restricted areas and critical assets within their SSP or ASP.

Under CFATS, high-risk chemical facilities have wide latitude to choose how to structure and implement the features of their SSPs. Facilities may structure their SSPs or ASPs so as to minimize the frequency and burden of information submission under the CFATS Personnel Surety Program, if they desire to do so.

8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency

Prior to the publication of the 60-day notice in March 2013, the Department had substantial dialogue with key CFATS stakeholders. The discussion focused on program design issues, the CSAT Personnel Surety Program application, options the Department had been considering, and additional options stakeholders recommended for the Department’s consideration, both in the short and long term.

A 60-day public notice for comments was published in the Federal Register on March 22, 2013, at 78 F.R. 17680 and specifically solicited comments on four standard questions.⁷. The Department received 28 comments submitted by the public, which may be found on www.regulations.gov under Docket ID DHS-2009-0061. The Department’s responses were included in a Paperwork Reduction Act (PRA) 30-day Federal Register notice and are briefly summarized below:

• The Department did not receive any comments suggesting that the proposed collection of information was not necessary for the proper performance of the functions of the agency.

• The Department received six comments that related to the accuracy of the agency's estimate of the burden of the proposed collection of information. Several commenters suggested that the annual turnover rate of 71% for frequent unescorted visitors estimated by the Department in the 60-day notice underestimated the annual turnover rate for delivery personnel. One commenter suggested that the Department adopt a higher annual turnover rate of 81.75% for all frequent unescorted visitors. The Department agreed to adopt the higher estimated rate of 81.75% for frequent unescorted visitor annual turnover. The Department's burden estimates reflect this revised assumption.

• The Department received two comments that related to the quality, utility, and clarity of the information to be collected. The Department responded with clarifications but did not adjust the ICR as a result of these comments.

• The Department received two comments that related to minimizing the burden of the collection of information on those who are to respond. The Department responded with clarifications but did not adjust the ICR as a result of these comments.

• The Department received 35 comments that were outside the scope of the ICR. Among the comments were suggestions that: (1) the Department develop substantially different processes than the processes described by the Department in the CFATS IFR published in April 2007; (2) the Department was not following White House recommendations to promote comparability and reciprocity across credentialing and screening programs; and (3) the collection of information under Option 2 to verify an affected individual's enrollment in the TWIC, HME, and the Trusted Traveler Programs qualifies as a duplicative background check. The Department did not adjust the ICR as a result of these comments but did provide a response to each comment.

A 30-day public notice for comments was published in the Federal Register on February 3, 2014, at 79 F.R. 6417. The Department received 14 comments submitted eleven associations, two companies that perform background checks as a service, and one coalition representing multiple unions and other organizations. The comments may be found on www.regulations.gov under Docket ID DHS-2012-0061. The 14 commenters reiterated many of the previous comments submitted in response to the 60-day notice that were out of scope. The Department responded to each commenter with a letter. The letters may be viewed in the Docket as well under “Supporting Documents.” Below is a representative sample of the comments and suggestions the Department received. The Department reviewed and considered all the comments carefully. Based on this review, the Department addressed the comments in the response letters and determined that no modification to the ICR is necessary.

Among the comments received were suggestions that the Department:

• Clarify the parameters of acceptable technology that is periodically updated using the Cancelled Card List (CCL) to electronically verify TWICs under Option 3.

• Provide a voluntary option for Tier 3 and Tier 4 facilities to submit personally identifiable information on their affected individuals to DHS for TSDB vetting.

• Improve the transparency of the vetting process and ensure that affected individuals are vetted prior to being granted access to restricted areas and critical assets and develop a protocol for notifying the facility in the event of a positive match.

• Expand the TWIC program to the CFATS community.

Other comments expressed concern over programmatic items and suggested that:

• The Department deviated from Congress’ intent by prescribing a program based on compliance and information gathering instead of a system that focuses on making a high-risk chemical facility more secure.

• The information collection and submission system the Department proposed was duplicative of existing programs and that the proposed CFATS Personnel Surety Program scheme would increase rather than minimize the burden for both industry and the Department.

• The Department was attempting to regulate an area where Congress has clearly granted authority to other agencies. Specifically, that HME-holders should not be subject to any background check if that background check is equivalent to, or less stringent than, the background check required under 49 USC § 103a(g)(1)(B)(i)(II).

• It was difficult to understand how electronically verifying enrollment in other programs under Option 2 was either different from visually verifying on the TWIC, HME or FAST credentials, or necessary when visual verification was possible.

• For a small facility such as a chemical distributor, purchasing a TWIC reader to leverage Option 3 is a cost-prohibitive option.

• Limiting or restricting areas and/or individuals is highly unrealistic for a small facility with a limited amount of real estate to segment out areas away from visitors and/or contractors.

Other commenters detailed concerns about the lack of perceived authority to implement the ICR. Commenters questioned:

• Whether the approval of the CFATS Personnel Surety Program ICR would modify or extend the scope of ISCD’s regulatory authority.

• Whether ISCD had the necessary authority and expertise to investigate and act upon terrorist incidents.

• Whether the details of the agency’s planned program for managing the data discussed in this ICR had been evaluated for consistency against the 9/11 Commission’s recommendations.

• What oversight was necessary or expected for the agency in managing the CFATS Personnel Surety Program.

• Whether OMB had verified whether or not the objectives of the CFATS Personnel Surety Program was supported by the agency’s statutory authority.

• Whether the details of the underlying activities to achieve situational awareness about affected individual with terrorist ties should be proposed in a new rulemaking.

The Department did not modify the ICR as a result of the comments received from the 30-day public notice or the passage of the CFATS Act of 2014, because the burden estimates of the ICR have not changed as a result of the CFATS Act of 2014 or as a result of any programmatic changes to the CFATS Personnel Surety Program.

9. Explanation of Any Payment or Gift to Respondents

There is no offer of monetary or material value for this information collection process.

10. Assurance of Confidentiality Provided to Respondents

The Department has published the following to give respondents assurance of confidentiality, on information received:

• Privacy Impact Assessment (PIA) on the DHS.gov Web site at http://www.dhs.gov/privacy-documents-national-protection-and-programs-directorate-nppd;

• System of Records Notice that covers the CFATS Personnel Surety Program on June 14, 2011 in the Federal Register at 76 F.R. 34732, http://www.gpo.gov/fdsys/pkg/FR-2011-06-14/html/2011-14383.htm; and

• A Final Rule that exempts portions of the CFATS Personnel Surety Program system of records from certain provisions of the Privacy Act on May 21, 2014 in the Federal Register at 79 F.R. 29072, http://www.gpo.gov/fdsys/pkg/FR-2014-05-21/pdf/2014-11433.pdf.

These publications discuss the confidentiality of information submitted to the Department as part of the CFATS Personnel Surety Program. Additionally, ensuring data security is the Department’s primary IT design requirement. The Department acknowledges that there is a non-zero risk when requesting data over the Internet, both to the original transmission and the receiving transmission. The Department has weighed the risk to the data collection approach against the risk to collecting the data through paper submissions and concluded that the Web-based approach was the best approach given the risk and benefits.

The Department has taken a number of steps to protect both the data that will be collected through CSAT and the process of collection. The site that the Department will use to collect submissions is equipped with hardware encryption that requires Transport Layer Security (TLS), as mandated by the latest Federal Information Processing Standard (FIPS). The encryption devices have full Common Criteria Evaluation and Validation Scheme (CCEVS) certifications. CCEVS is the implementation of the partnership between the National Security Agency (NSA) and the National Institute of Standards (NIST) to certify security hardware and software.

Finally, CVI is a sensitive but unclassified information protection designation established in 6 C.F.R. § 27.400. Some, but not all, of the information that is generated as part of the CFATS Personnel Surety Program will be CVI. The information protection and handling requirements contained in 6 C.F.R. § 27.400 will help to ensure the confidentiality of this information.

11. Justification for Sensitive Questions

There are no standard questions of a sensitive nature. However, the Department may ask questions of a sensitive nature to confirm that an affected individual is or is not a match to a known or suspected terrorist in the TSDB.

12. Estimates of Annualized Burden Hours and Costs

Annualized Burden Hours and Costs

This Information Collection estimates the annualized burden and hours for Tier 1 and Tier 2 high-risk chemical facilities. The Department estimates that this Information Collection will result in a total annualized burden cost of $4,844,000 during the approved collection period as a result of:⁸

• Information about 195,000 respondents being submitted as described in the 30 day notice

• High-risk chemical facilities expending 0.58 hours per respondent for 113,600 total annualized burden hours; and

• $399,800 in capital startup costs for some high-risk chemical facilities.

Table 3: Estimated Annualized Burden Hours and Costs

Type of Respondent	Form #	No. of Respondents	No. of Responses per Respondent	Avg. Burden per Response (in hours)	Total Annual Burden (in hours)	Avg. Hourly Wage Rate	Total Annual Respondent Cost
Individuals who have, or are seeking access to restricted areas or critical assets		195,000	1	0.58 (34.8 Minutes)	113,600	$42	$4,844,000
Total		195,000	1	0.58	113,600	$42	$4,844,000

Phased Implementation

The initial implementation of the CFATS Personnel Surety Program will be limited to a small number of Tier 1 and Tier 2 high-risk chemical facilities with authorized or approved SSPs or ASPs. Based upon the Department’s judgment about the success of this initial implementation of the CFATS Personnel Surety Program, the Department may expand implementation to additional Tier 1 and Tier 2 groups of high-risk chemical facilities.

Throughout the authorized collection period, the Department will be working with selected high-risk chemical facilities to adjust CSAT as required to reduce their burden and improve usability. The Department will maintain open communications with the facilities and accept feedback and input as offered by the high-risk chemical facilities. Generally, the Department intends to expand implementation to additional small groups of facilities and to make IT adjustments to CSAT using a spiral development approach throughout the collection period. Phased implementation to include additional Tier 1 and Tier 2 high-risk chemical facilities will occur while the Department analyzes facility-level and Department-level burdens in anticipation of submitting a revised ICR prior to the expiration of this Information Collection.

13. Estimates of Other Total Annual Cost Burden to Respondents and Record Keepers

There are no other annual costs to respondents or high-risk chemical facilities accounted for in this ICR. It is assumed that all high-risk chemical facilities that submit information to the Department will already have the appropriate computer hardware and Internet connections. The Department also assumes high-risk chemical facilities already have in place processes to safeguard information about affected individuals submitted to the Department under this ICR.

14. Annualized Cost to the Federal Government

Collection of Information as Part of the CFATS Personnel Surety Program

All costs to the Federal government to collect the information necessary to the CFATS Personnel Surety Program come from NPPD appropriated funds. NPPD does not collect fees from high-risk chemical facilities and does not collect fees from affected individuals.

Under Option 1 or Option 2, NPPD collects information from high-risk chemical facilities or their designees through the CSAT Personnel Surety Program application. NPPD estimates the annual Operating and Maintenance (O&M) costs to be $1.79M.

Under Option 1, NPPD submits information to TSA for vetting against the TSDB. In this ICR NPPD estimates that there will be 195,000 respondents annually. In addition to the per vet cost of $4.41, NPPD also pays for a portion of shared costs necessary to conduct vetting against the TSDB. The annual cost for vetting conducted under Option 1 is outlined in Table 4 below.

Table 4: Estimates of Annualized Costs Under Option 1

Expense Type	Annual Costs (dollars)
TSA Vetting	$860,000
TSA Shared Costs	$1,600,000
Total	$2,460,000

Under Option 2, NPPD submits information to TSA and CBP to verify enrollment in the TWIC, HME, and Trusted Traveler Programs. The capability to verify enrollment is paid for by NPPD. The annual cost to verify enrollment under Option 2 is outlined in the Table 5 below.

Table 5: Estimates of Annualized Costs Under Option 2

Expense Type	Annual Costs (dollars)
TSA Verification of Enrollment	$80,000
CBP Verification of Enrollment	$17,000
Total	$97,000

A summary of the annual federal cost is outlined below in Table 6.

Table 6: Summary of Annualized Federal Costs

Expense Type	Annual Costs (dollars)
Direct NPPD IT O&M	$1,790,000
Annual Option 1 Costs	$2,460,000
Annual Option 2 Costs	$97,000
Total	$4,347,000

Initial Capital Costs

Initial capital costs for the CSAT Personnel Surety Program have already been expended. The initial capital costs directly incurred by NPPD were $4,177,000. NPPD also expended $1,110,146 at TSA, and $60,000 at CBP. The initial capital costs are outlined in Table 7 below.

Table 7: Initial Capital Costs

Expense Type	Annual Costs (dollars)
NPPD direct costs	$4,177,000
NPPD funds at TSA	$1,110,146
NPPD funds at CBP	$60,000
Total	$5,347,146

Total Federal Government Costs

The estimated total annual operating cost to the United States Government for collecting and screening information under the CFATS Personnel Surety Program is $4,347,000, in addition to an estimated initial capital cost of $5,347,146.

15. Explanation for Program Changes or Adjustments

The CFATS Personnel Surety Program is a new collection.

16. Plans for Tabulation and Publication and Project Time Schedule

No plans exist for the publication of data collected under this information collection for statistical use, tabulation, or statistical analysis.

17. Reason(s) Display of OMB Expiration Date is Inappropriate

The CFATS Personnel Surety Program will display the expiration date for OMB approval of this information collection in the CSAT Personnel Surety Program application.

18. Exceptions to Certification for Paperwork Reduction Act Submissions

The Department is requesting from OMB an exception for the CFATS Personnel Surety Program to the PRA requirement, as contained in 5 CFR 1320.8(b)(3), which requires Federal agencies to confirm that their information collections provide certain reasonable notices under the PRA to affected individuals. If this exception is granted, the Department will be relieved of the potential obligation to require high-risk chemical facilities to collect signatures or other positive affirmations of these notices from affected individuals. Whether or not this exception is granted, the Department will still require high-risk facilities to affirm that the required Privacy Act notice has been provided to affected individuals before personal information is collected.

The Department’s request for an exception to the requirement under 5 CFR 1320.8(b)(3) would not exempt high-risk chemical facilities from having to adhere to applicable Federal, State, local, or tribal laws, or to regulations or policies pertaining to the privacy of affected individuals.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Hortega, Josiah
File Modified	0000-00-00
File Created	2021-01-28