The 2014 Supporting Statement for OMB 0596-0204
Financial Information Security Request Form
Please Note: This information is collected from both Forest Service (FS) employees and federally employed contractors. The Paperwork Reduction Act of 1995 only covers burden on the public and not federal employees. The burden figures in this collection cover only the contractors and not the FS federal employees.
Justification
Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.
Regulations:
USDA DR-3140 (Automated Data Processing Security Policy)
USDA DM-3140 (Automated Data Processing Security Manual)
Public Law 107-347 – Federal Information Security Reform Act of 2002
Public Law 104-106 – Information Technology Management Reform Act of 1996
Title VI: NFC Security Access Procedures, Chapter 1 – Agency Liaison and Security Access, Section I: Security Access (unavailable electronically from NFC due to security constraints). The Guidelines Security Officers follow are defined in the NFC Client Security Officer Training Manual that is a part of the NFC Security Access Procedures noted above.
The majority of the Forest Service’s financial records are in databases stored at the National Finance Center (NFC). These records are maintained by both Forest Service employees and contractors who must receive access to NFC to perform essential duties. USDA DR-3140 and USDA DM-3140 require managers of computer processing operations to provide controlled access to facilities and computer resources. USDA agencies must designate unit (Automated Data Processing) Security Officers (Client Security Officer) to manage access to computers and to coordinate requests for National Finance Center (NFC) access. NFC grants access to users only at the request of Client Security Officers. In order for personnel to place their request with the Client Security Officer to gain access to NFC, the Forest Service (FS) uses the internal electronic form FS-6500-214 Financial Information Security Request. Prior to filling out the form, FS employees and contractors must first complete specific training before a user may request access to certain financial systems. Once the trainings are successfully passed, applicants complete and submit the request form to the Client Security Officer.
Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.
What information will be collected - reported or recorded? (If there are pieces of information that are especially burdensome in the collection, a specific explanation should be provided.)
The employee/contractor (applicant) and the Forest Service Lotus Notes Database provide the information necessary to complete form, FS-6500-214. The applicant verifies completion of two courses within the last year: Privacy Act Basics and IT (Information Technology) Security. The applicant then enters the Lotus Notes short name assigned by the Forest Service. Using the Lotus Notes short name, the screen is populated with information that the contractor can change if incorrect: Name, work email, work telephone number, and job title.
The applicant checks the appropriate box for a federal/contracted employee and provides the expiration date of the contract if applicable. The applicant then selects the databases and actions needed. Based on the database(s) selected, the applicant provides additional information regarding the financial systems, work location, access scope, etc. Once the form is submitted to the Client Security Officer, a one-page agreement automatically prints, which the applicant and Client Security Officer each sign. The agreement is a certification statement that acknowledges the employee/contractor’s recognition of the sensitive nature of the information and agrees to use the information only for authorized purposes.
From whom will the information be collected? If there are different respondent categories (e.g., loan applicant versus a bank versus an appraiser), each should be described along with the type of collection activity that applies.
This information is collected from both federal employees and contracted employees whom maintain financial records stored at NFC.
What will this information be used for - provide ALL uses?
The information will be used to ensure the required training has been completed and to determine what level of access to NFC financial systems is to be granted to the applicant.
How will the information be collected (e.g., forms, non-forms, electronically, face-to-face, over the phone, over the Internet)? Does the respondent have multiple options for providing the information? If so, what are they?
Web-based electronic form FS-6500-214 is the only option used to gather the information.
How frequently will the information be collected?
Collection occurs approximately three times per applicant – when an applicant is hired, to make modifications to an applicant’s access, and termination of access.
Will the information be shared with any other organizations inside or outside USDA or the government?
This information is shared with only those managing or overseeing the financial systems used by the Forest Service, including auditors.
If this is an ongoing collection, how have the collection requirements changed over time?
The collection requirements have not changed over time.
Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g. permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also, describe any consideration of using information technology to reduce burden.
Except for a short acknowledgement form printed at the end of the application process, the information collection occurs within the electronic environment using form FS-6500-214. The form consists of a series of data entry screens. Some data items self-populate the screen after entry of the applicant’s Lotus Notes short name. Required fields are automatically flagged for the user, and must be filled out before user can move to the next screen.
The form is submitted electronically to the Client Security Officer for approval. Once the form is completed, the closeout process includes a notice to fax the form (along with the appropriate fax number). An automatic process includes a response to the user, acknowledging receipt of the fax.
The form’s data fields are validated using data stored electronically at NFC. It takes approximately 10 minutes to complete and submit the access request. Use of the web-based electronic form has eliminated redundant requests, reducing burden.
Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.
The information collected is unique to the Forest Service. Collection of the information occurs as needed for the specific purpose of requesting and acquiring access to NFC data. This information collection is necessary to meet information security and financial management requirements.
If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
The information has no impact on small businesses or other small entities, other than those contracting with the Forest Service to provide assistance in maintaining financial records. All applicants, both FS employees and paid contract employees, are paid for the time to provide this information, as it is provided during official on-duty time, in relation to their official duties. The impact is the minimal necessary to meet regulations and does not place an undue burden on employed contractors.
Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
Without the collection of this information, employees and contracted employees would not be able to request access to the records necessary to accomplish duties.
Explain any special circumstances that would cause an information collection to be conducted in a manner:
Requiring respondents to report information to the agency more often than quarterly;
Although there is no specific requirement, applicants switching jobs, acquiring additional duties, and filling in for co-workers would necessitate requesting modifications to NFC access and documentation for security audits that may occur more often than quarterly.
Requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;
Due to the nature of these requests, they are typically completed in fewer than 30 days of receipt.
Requiring respondents to submit more than an original and two copies of any document;
Requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;
In connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;
Requiring the use of a statistical data classification that has not been reviewed and approved by OMB;
That includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or
Requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.
There are no other special circumstances. The collection of information is conducted in a manner consistent with the guidelines in 5 CFR 1320.6.
If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8 (d), soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.
A Federal Register notice requesting comment was published on December 9, 2013, Page 73819. No comments were received in response to this notice.
Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and record keeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.
This form is for internal use only by Forest Service employees and contracted employees.
In an effort to consult with persons outside the agency, we sent screen shots of our electronic form to the Security Officer at the Department of Agriculture to disseminate to other agencies that have similar OMB requirement; to provide us feedback regarding clarity of instruction and other disclosures on the form. We received feedback only from the Security Officer at the Department. The Department’s Security Officer’s feedback was related to issues of typographical errors and navigation. We included “Next” and “Previous” buttons on the form to help users navigate back and forth on the form. We also included instructions on how to start a new request on the final page of the form to help users interested in completing multiple requests.
Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every 3 years even if the collection of information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.
The following Forest Service contracted employees whom have completed the form were consulted:
Prem Das, Director of Software Engineering, NSGI
Dena-Kay Brown, Business Analyst, NSGI
Jason Pfaff, Senior Consultant, CGI
Jameson Simek, Senior Consultant, CGI
Overall, the comments received stated that the system access form is straight-forward and easy to complete. The information requested is relevant to the purpose of the form. One of the primary benefits is that the form is concise and can be completed quickly. Each of the contracted employees interviewed expressed concern for data security and was confident that the form will help provide some oversight.
They believe employees and contracted employees should be trained on what system they need access to before completing the form. However, they do not see the need for collecting Social Security Numbers on the form. We are reviewing the need for collecting Social Security Numbers.
Explain any decision to provide any payment or gift to respondents, other than re-enumeration of contractors or grantees.
Respondents do not receive payments or gifts for responses other than re-enumeration to applicants for their official on-duty time while attending the required training and providing this information.
Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.
The applicants are responding as part of their official duties and responsibilities. There is no assurance of confidentiality.
Provide additional justification for any questions of a sensitive nature, such as sexual behavior or attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.
There are no questions of a sensitive nature associated with this information collection.
Provide estimates of the hour burden of the collection of information. Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated.
The burden figures in this collection cover only the contractors and not the FS federal employees. The number of contractor respondents was estimated by obtaining the total count of distinct email addresses of contracted employees.
The number of responses per contractor respondent was estimated by taking the total number of responses actually received and then dividing by the number contracted employees.
The burden per response was estimated by measuring the time it took several first-time employees to complete the form, taking the average, and then rounding up.
Table 1
(
a ) |
(
b ) |
(
c ) |
(
d ) |
(
e ) |
(
f ) |
(
g ) |
IT Security Training by Contracted Employee |
n/a |
415 |
1 |
415 |
30 minutes |
208 |
Privacy Act Basic Training by Contracted Employee |
n/a |
415 |
1 |
415 |
30 minutes |
208 |
Completion of form by Contracted Employee |
FS-6500-214 |
415 |
3 |
1,245 |
10 minutes |
212 |
|
|
|
|
|
|
|
Total |
- |
415 |
- |
2,000 |
- |
600 |
Columns and rows may not add as totals are rounded.
• Record keeping burden –there is no record keeping requirement placed upon the respondents in relation to this information collection.
• Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories.
The Bureau of Labor Statistics’ report “Occupational Employment and Wages, May 2013, (http://www.bls.gov/oes/current/oes_nat.htm) was used to figure the wage, $43.85/hr., for an information security analyst contractor to attend training and to provide the necessary information. The $43.85 hourly wage was increased by 36.25%, based on OMB Memorandum M-08-13 as the best available information for benefits1, providing a total hourly wage of $59.75. A total of 600 hours multiplied by $59.75 per hour = $36,000. (Figures and totals are rounded.)
Provide estimates of the total annual cost burden to respondents or record keepers resulting from the collection of information, (do not include the cost of any hour burden shown in items 12 and 14). The cost estimates should be split into two components: (a) a total capital and start-up cost component annualized over its expected useful life; and (b) a total operation and maintenance and purchase of services component.
There are no start-up/capital or operation/maintenance costs.
Provide estimates of annualized cost to the Federal government. Provide a description of the method used to estimate cost and any other expense that would not have been incurred without this collection of information.
Table 2
|
|||||||||
The OPM 2014 Salary Table for the locality pay area of the Washington, DC area was used for the basic hour wage of a GS-7/Step 5. The $23.15 hourly wage rate has been calculated by multiplying 36.25% by the hourly OPM wage in accordance with OMB Memorandum M-08 13 for benefits and 28% for overhead for a total of $38/hour. Calculations may not add as total figures are rounded.
|
Explain the reasons for any program changes or adjustments reported in items 13 or 14 of OMB form 83-I.
There have been no program changes. Previous estimates did not have the benefit of historical usage. The estimated number of respondents has increased from 50 to 415 based on an analysis of the actual number of unique contracted employee users. Correspondingly, due to the increase in the estimated number of respondents, the burden hour estimate has increased from 75 to an estimate of 600 hours.
For collections of information whose results are planned to be published, outline plans for tabulation and publication.
There are no plans to publish the results of this information collection.
If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.
The Forest Service is seeking approval to omit the expiration date of the OMB approval, as the electronic form and data collection process are used exclusively by paid contractors and Forest Service employees on an internal, closed system. Including the expiration date would cause confusion to respondents as they may confuse the OMB expiration date with the term of the authority and agreement.
Explain each exception to the certification statement identified in item 19, "Certification Requirement for Paperwork Reduction Act."
There are no exceptions to the Certification Requirement for the Paperwork Reduction Act. The Agency is able to certify compliance with 5 CFR 1320.
1 The FS assumes that there are no overhead costs as the individuals are submitting this information themselves.
Page
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 2021-01-28 |