Supporting Statement OMB 3060-xxxx 911 Reliability PRA supp statement (2014)

Download: docx | pdf

Improving 911 Reliability; Reliability and Continuity of Communications 3060-XXXX

Including Networks, Broadband Technologies August 2014

Supporting Statement

A. Justification:

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection.

In June 2012, a violent weather storm called a derecho battered large portions of the Midwest and Mid-Atlantic regions of the United States. The storm left millions of Americans without full 911 access for periods ranging from a few hours to several days. Providers of 911 service have traditionally relied on voluntary, industry-developed best practices to ensure that their networks meet minimum levels of reliability. In a January 2013 Report,¹ the Public Safety and Homeland Security Bureau (PSHSB or Bureau) of the Federal Communications Commission (Commission or FCC) found that “911 and other problems could and would have been avoided if providers had followed industry best practices and available guidance,” and recommended consideration of “specific action by the Commission to supplement the current best-practice approach in key areas.”² In a December 2013 Report and Order, the Commission concluded that a purely voluntary approach to 911 reliability has not been sufficiently effective.³ Preventable 911 network failures during the June 2012 derecho put lives and property at risk and revealed that service providers have not consistently implemented vital best practices voluntarily despite repeated reminders.⁴ In light of this experience and substantial evidence in the record of this proceeding, the Commission concluded that it would no longer rely exclusively on a voluntary approach, and that additional action was warranted with respect to critical 911 communications.

The Commission specifically rejected the suggestion that Commission action to improve 911 reliability would disrupt the development of best practices and adopted a certification approach in the Report and Order intended to be both flexible and encouraging of innovation.

As pertinent here, the new rules require certain 911 service providers⁵ to certify annually whether they implement specific best practices or reasonable alternative measures to mitigate the risk of failure. This process includes an initial certification of 50 percent compliance one year after the effective date of the rules⁶ and a full, annual certification every year thereafter. The annual certification is contained in 47 C.F.R. §12.4(c) and covers three substantive areas: critical 911 circuit diversity, central office backup power, and diverse network monitoring. Service providers that have implemented every element of the certification may simply certify compliance at each covered facility without attaching additional information. If a service provider does not meet one or more certification requirements, it must provide a brief explanation of the alternative measures it has implemented in that area, or of why that element of the certification is not applicable to its network. Service providers must retain records to support their certification responses for two years.⁷ As discussed below, however, the Commission anticipates that such records will already be generated and retained in the normal course of business as part of the certification process, making any additional record-keeping burden minimal.

The statutory authority for this collection of information is contained in sections 1, 4(i), 4(j), 4(o), 201(b), 214(d), 218, 251(e)(3), 301, 303(b), 303(g), 303(r), 307, 309(a), 316, 332, 403, 615a-1, and 615c of the Communications Act of 1934, as amended, 47 U.S.C. §§ 151, 154(i)-(j) & (o), 201(b), 214(d), 218, 251(e)(3),301, 303(b), 303(g), 303(r), 307, 309(a), 316, 332, 403, 615a-1, and 615c.

This information collection does not have any impacts under the Privacy Act.

2. Indicate how, by whom and for what purpose the information is to be used.

1. The information will be collected in the form of an electronically-filed annual certification from each Covered 911 Service Provider, in which the provider will indicate whether it has implemented specified best practices promoting 911 reliability. Providers that are able to certify that they are in fact implementing those best practices will be deemed to satisfy the “reasonable measures” requirement in the rules. Providers that are not able to certify to all of the elements may also certify that they have taken alternative measures reasonably sufficient in light of the provider’s particular facts and circumstances, so long as they briefly describe such measures and provide supporting documentation to the Commission upon request. Similarly, service providers may respond that a particular certification element is not applicable to their networks, but they must include a brief explanation as to why.

2. PSHSB will collect the information for review and analysis to verify that Covered 911 Service Providers are taking reasonable measures to ensure a reliable 911 network, as demonstrated by their implementation of specified best practices or reasonable alternative measures. In certain cases, based on the information included in the certifications and subsequent contact with the provider, the Commission may ultimately require remedial action to correct vulnerabilities in a service provider’s 911 network if it determines that (a) the service provider has not, in fact, adhered to the elements of the certification, or (b) in the case of providers employing alternative measures, that those measures were not reasonably sufficient to mitigate the associated risks of failure. The Commission has delegated authority to PSHSB to review certification information and follow up with service providers as appropriate to address deficiencies revealed by the certification process.

3. The purpose of this information collection is to promote more reliable 911 communications nationwide by requiring covered service providers to take reasonable measures to maintain reliable service, as evidenced by the annual certification. The Commission expects the certification requirement to bring the importance of 911 reliability to the attention of corporate leadership and ensure that adequate funds are budgeted for needed improvements in network infrastructure.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.

The Commission anticipates that all certifications will be filed electronically.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in item 2 above.

This agency does not impose a similar information collection on the respondents, and there is no similar data available from other sources.

The reporting requirement has been carefully designed to require reporting of only that data needed for the Commission to achieve its objective of assuring the reliability and security of 911 networks and services.

5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.

In conformance with the Paperwork Reduction Act of 1995, the Commission made an effort to minimize the burden on all respondents, regardless of size. In the Report and Order, the Commission concluded that overriding public safety concerns require its rules to apply equally to all Covered 911 Service Providers. Observing that 911 is no less a critical public service in any part of the nation, the Commission declined to establish two tiers of 911 reliability based on economics or geography. The Commission notes, however, that the certification approach and the option of certifying alternative measures allow flexibility for small or rural providers to comply with its rules in the manner most appropriate for their networks.

While all providers that meet the definition of Covered 911 Service Provider will be required to file a certification, many of the requirements will, by their nature, apply only to larger providers, as very few smaller providers operate Critical 911 Circuits, as defined in the Report and Order, and/or have regional aggregation points for network monitoring. The most likely scenario for smaller providers that fall within the definition of Covered 911 Service Provider is that they provide administrative lines, but not Critical 911 Circuits or selective routing capabilities, to one or more Public Safety Answering Points (PSAPs). In such cases, the provider must complete the backup power portion of the certification but may respond that the elements for circuit auditing and network monitoring are not applicable.

Additionally, the new rules are intended to complement and strengthen, not to replace, the Commission’s longstanding approach of encouraging service providers to voluntarily implement best practices, then measuring compliance through mandatory outage reporting. Thus, with respect to everyday commercial communications that do not impact public safety as much as 911, small entities with limited resources will continue to enjoy the benefits of the current framework, including a general focus on network performance and reliability rather than specific design requirements.

6. Describe the consequences to a Federal program or policy activity, if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reduce burden.

If this information is not collected, the Commission will have extremely limited ability to gauge the reliability of the nation’s 911 networks. The Commission, acting under its statutory obligation to promote the safety of life and property, determined that the status quo was unacceptable in light of preventable 911 outages affecting millions of Americans during the June 2012 derecho.

The Commission initially considered various reporting periods before determining that an annual certification is necessary to ensure that Covered 911 Service Providers are fulfilling their obligation to take reasonable measures to provide reliable 911 service. In order to reduce the immediate burden, the new rules require all Covered 911 Service Providers to file an initial, one-time certification one year after the effective date of the rules,⁸ showing that they have made substantial progress toward meeting the standard of the full certification. To allow service providers time to implement the best practices reflected in the certification, the Commission defined “substantial progress” in the Report and Order as at least 50-percent compliance with each of the three substantive certification requirements.⁹ The Commission delegated to the Bureau authority to implement this initial certification. After the first full certification two years from the effective date of the rules, all Covered 911 Service Providers will file a 911 reliability certification on an annual basis.

7. Explain any special circumstances that would cause an information collection to be conducted in a manner inconsistent with the criteria listed in supporting statement.

This collection of information is consistent with the guidelines in sections 5 CFR 1320.5(d)(2) & 1320.6.

8. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency’s notice, required by 5 CFR 1320.8(d), soliciting comments on the information prior to submission to OMB.

Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.

On March 12, 2014, pursuant to 5 CFR Section 1320.8, a 60 Day Notice was published in the Federal Register (See 79 FR 14039) for the information collection requirements contained in this collection with comments due on or before May 12, 2014. The Commission did not receive any comments following publication of the Notice.

9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

No payment or gift to respondents has been or will be made in connection to this information collection.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

The rules provide that the following information obtained from initial and annual certifications will be treated as presumptively confidential and exempt from routine public disclosure under the federal Freedom of Information Act: (1) descriptions and documentation of alternative measures to mitigate the risks of nonconformance with certification standards; (2) information detailing specific corrective actions taken; and (3) supplemental information requested by the Commission or Bureau with respect to a certification. Examples of information the Commission will treat as presumptively confidential include circuit routes and diagrams, maintenance records, internal policies and procedures, and outage data. The Commission does not consider confidential the mere fact that a certification was (or was not) filed, or aggregated information summarizing a Covered 911 Service Provider’s responses to each element of the certification. Accordingly, the Commission may periodically release reports summarizing high-level certification data without disclosing the confidential information noted above.

11. Provide additional justification for any questions of a sensitive nature.

This collection of information does not address any matters of a sensitive nature.

12. Provide estimates of the hour burden of the collection of information. The statement should: indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. If the hour burden on respondents is expected to vary widely because of differences in activity, size, or complexity, show the range of estimated hour burden, and explain the reasons for the variance.

Under the new rules, all Covered 911 Service Providers must take reasonable measures to provide reliable 911 service with respect to circuit diversity, central-office backup power, and diverse network monitoring. Performance of the elements of the certification in accordance with the rules shall be deemed to satisfy this requirement. If a Covered 911 Service Provider cannot certify that it has performed a given element, the Commission may determine that the provider nevertheless satisfies this requirement based upon a showing that it is taking alternative measures with respect to that element that are reasonably sufficient to mitigate the risk of failure, or that one or more certification elements are not applicable to its network.

The new rules require a collection of information in the following areas:

1) Physical diversity audit: Covered 911 Service Providers must certify annually whether they have, within the past year, audited the physical diversity of critical 911 circuits or equivalent data paths to each PSAP they serve, tagged those circuits to minimize the risk that they will be reconfigured at some future date, and eliminated all single points of failure between the selective router, automated location identification (ALI)/automated numbering identification (ANI) database (or equivalent NG911 component) and the central office serving each PSAP. In lieu of eliminating single points of failure, they may describe why these single points of failure cannot be eliminated and the specific, reasonably sufficient alternative measures they have taken to mitigate the risks associated with the lack of physical diversity. Alternatively, Covered 911 Service Providers may certify that they believe this element of the certification is not applicable to their network, but they must explain why it is not applicable. Covered 911 Service Providers must also retain records of circuit audits for confidential review by the Commission, upon request, for two years.

Regarding circuit tagging (an inventory management process whereby critical circuits are labeled or entered into databases to make it less likely that circuit rearrangements will compromise diversity), the Commission does not require a specific method or technology for tagging circuits, but does require service providers to take reasonable measures to prevent inadvertent rearrangement of diverse circuits over time. Based on commenters’ descriptions of current industry practice, the Commission believes that most Covered 911 Service Providers already have some circuit inventory process in place. Furthermore, once providers conduct annual audits of critical 911 circuits, the incremental cost of tagging those circuits will be de minimis because keeping and updating circuit records is an essential part of the audit process.

We estimate that no more than 1,000 entities serving roughly 7,000 PSAPs will be considered Covered 911 Service Providers under the rules. If every PSAP nationwide is audited each year, those service providers will perform 7,000 audits annually. Based on our experience and on the record in this proceeding, each audit will require approximately 23 hours of labor by one technician earning $80.00 hourly. Thus, the total in-house cost and hour burden for circuit auditing is the following:

Burden Hours: 7,000 audits x 23 hours/audit = 161,000 hours

In-House Cost: 7,000 audits x 23 hours/audit x $80/hour = $12,880,000.00

2. Central Office Backup Power: Covered 911 Service Providers must certify annually whether they have sufficient, reliable backup power in any central office that directly serves a PSAP to maintain full service functionality, including network monitoring capabilities, for at least 24 hours at full office load. Additionally, especially critical central offices that host selective routers must be equipped with at least 72 hours of backup power at full office load. If that level of backup power is not feasible at a particular central office that directly serves a PSAP or hosts a selective router, the service provider must briefly state why it is not feasible and describe the specific alternative measures it has taken to mitigate the risk associated with backup power configurations that fail to satisfy the certification standard. Covered 911 Service Providers may also certify that they believe this element of the certification is not applicable to their network, although they must explain why it is not applicable.

Service providers must also certify whether they: (1) test and maintain all backup power equipment in all central offices directly serving PSAPs in accordance with the manufacturer’s specifications; (2) adhere to best practices regarding fully automatic, non-interdependent generators that can be started manually if necessary; and (3) design and operate backup generators in any central office equipped with more than one generator as stand-alone units that do not depend on each other for reliable operation. Covered 911 Service Providers must retain records of backup power deployment and maintenance for confidential review by the Commission, upon request, for two years. If the specified standards related to testing, operation, and tandem generator configurations cannot be met, the service provider must briefly state why it is not feasible to meet them and describe the specific alternative measures it has taken to mitigate the risk associated with the failure to satisfy the certification standards.

Each Covered 911 Service Provider will need to check and certify the backup power status at each central office that directly serves a PSAP. As noted above, we estimate that there are roughly 7,000 PSAPs nationwide, meaning there will be about 7,000 central offices serving these facilities. Based on information in the record indicating that most Covered 911 Service Providers provision adequate backup power, we estimate that in 6,500 of those cases, the provider will have met the rule’s power requirements fully. We estimate it will take a technician earning $80.00/hour about 30 minutes to so certify. Thus, in those 6,500 situations which currently have the prescribed backup power levels, the paperwork burden is:

Burden Hours: 6,500 central office-served PSAPs x 30 minutes (0.50 hours)/certification = 3,250 hours

In-House Cost: 6,500 central office-served PSAPs x 30 minutes (0.50 hours)/certification x $80.00/hour = $260,000.00

In the remaining 500 cases, we anticipate that it will take a technician earning $80.00/hour some two hours to document and explain what alternative measure the Covered 911 Service Provider is taking in that location. Thus, in those 500 situations, the paperwork burden is:

Burden Hours: 500 central office-served PSAPs x 2 hours/case = 1,000 hours

In-House Cost: 500 central office-served PSAPs x 2 hours/case x $80.00/hour = $80,000.00

Thus, the total paperwork burden and in-house cost associated with the central office backup power rule is:

3,250 hours

1,000 hours

4,250 hours¹⁰

$260,000.00

$ 80,000.00

$340,000.00

We note that this number differs from the total cost of backup power requirements discussed in the Report and Order in that it reflects only the information collection burden of filing a certification, not any additional work that may be required to repair or replace backup power equipment.

3. Network monitoring: Covered 911 Service Providers must certify annually whether they have, within the past year: (1) audited the physical diversity of the aggregation points that they use to gather network monitoring data in each 911 service area¹¹ and the network monitoring links between such aggregation points and their network operations centers (NOCs); and (2) implemented physically diverse aggregation points for network monitoring data in each 911 service area and physically diverse links from such aggregation points to at least one NOC or, in light of the required audits, taken specific alternative measures reasonably sufficient to mitigate the risk of insufficient physical diversity. They may also certify that they believe this element of the certification is not applicable to their network, although they must explain why it is not applicable. Covered 911 Service Providers also must retain records of their network monitoring routes and capabilities for confidential review by the Commission, upon request, for two years.

For purposes of estimating the number of 911 service areas subject to network monitoring requirements, there are 366 metropolitan service areas (MSAs) in the United States. Generally, one Covered 911 Service Provider is responsible for network monitoring in each MSA, as all 911 calls in that area typically flow through that provider’s selective router. Based on information in the record indicating that most major 911 service providers that operate selective routers already have diverse network monitoring capabilities in place, we estimate that it will take a technician earning $80.00 per hour no more than two hours per MSA to complete the requirements of the certification, including any explanation of alternative measures.

We note that the cost estimate in the Report and Order for the network monitoring portion of the certification also included the cost of adding diverse monitoring points in each service area, not just the hour-burden of complying with the certification. Accordingly, we believe the paperwork burden associated with this rule is:

Burden Hours: 366 MSAs x 2 hours/certification = 732 hours

In-House Cost: 366 MSAs x 2 hours/certification x 1 technician earning $80.00/hour = $58,560.00

4. Certifying official: The rules require that, in order to ensure accuracy and accountability, each certification must be made by a corporate officer responsible for network operations in all relevant service areas. Thus, the certifying official must have supervisory and budgetary authority over a Covered 911 Service Provider’s entire 911 network, not merely certain regions or service areas.

The electronic certification system will allow each Covered 911 Service Provider to upload a letter signed by the certifying official attesting to the accuracy and completeness of the certification. As noted above, we expect there will be no more than 1,000 Covered 911 Service Providers required to submit a certification. We therefore estimate the paperwork burden of having a certifying official review and attest to the accuracy of each certification as follows:

Burden Hours: 1,000 potential reports x 4 hours to review = 4,000 hours

In-House Cost: 1,000 potential reports x 4 hours to review $200/hour = $800,000.00

5. Records maintenance: The rules state that Covered 911 Service Providers must make the records used in compiling certifications available to the Commission for two years after submission. We believe the expense of maintaining any such records will be de minimis, as the respondents most likely already maintain such records electronically at nominal cost. The Commission does not anticipate that respondents will need to incur new capital or start-up costs, or new operation and maintenance and purchase of services costs to comply with this requirement.

TOTAL CUMULATIVE BURDEN HOURS: Based on the above estimates, the information collection requirements contained in the rules will create a total burden of 169,982 hours annually.¹² If there are 1,000 Covered 911 Service Providers, each one will incur an average annual burden of approximately 170 hours.

TOTAL CUMULATIVE IN-HOUSE COST: Based on the above estimates, the rules will create a total in-house cost of $14,078,560 annually.¹³ If there are 1,000 Covered 911 Service Providers, each one will incur an average annual in-house cost of approximately $14,079.

TOTAL NUMBER OF RESPONDENTS: 1,000.

TOTAL NUMBER OF ANNUAL RESPONSES: 1,000.¹⁴

These burdens and costs may vary significantly among different service providers depending on how many PSAPs they serve, whether they operate a selective router or its functional equivalent, and the number of service areas in which they operate. For example, a large company that serves hundreds of PSAPs nationwide may require several thousand hours to audit all of its Critical 911 Circuits, while a small service provider that serves only one PSAP in a rural area may require only a few hours. Although all elements of the certification (i.e., circuit auditing, backup power, and network monitoring) will likely apply to large service providers, some requirements may not apply to smaller entities based on their network configurations and individual circumstances.

13. Provide estimate for the total annual cost burden to respondents or record keepers resulting from the collection of information.

The Commission does not anticipate that respondents will need to incur new capital or start-up costs, consulting fees, or new operation and maintenance or purchase of services costs to respond to this information collection. Respondents have indicated that, through appropriate records management practices, they already maintain the information to be collected in the normal course of business.

TOTAL ANNUAL COST BURDEN TO RESPONDENTS: $0.

14. Provide estimates of annualized costs to the Federal government. Also provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), and any other expenses that would not have been incurred without this collection of information.

We estimate the total annual cost to the Federal Government, based on the salaries of three engineers (GS-15 step 5), an engineer (GS-13 step 5), an attorney (GS-15 step 5), an attorney (GS 14 step 5), an attorney (GS 13-5), and an information technology (IT) developer (GS 15 step 5). We estimate that these employees will spend a total of 2,080 hours annually on this information collection (2,080 hours / 8 employees = 260 hours annually each). The hourly wage for each Federal employee (Washington/Baltimore Metropolitan Area) is from the 2014 Office of Personnel Management General Schedule:

(One) Attorney GS-15 step 5 at $67.88 $67.88 x 260 x 1 = $ 17,648.80

(One) Attorney GS-14 step 5 at $57.70 $57.70 x 260 x 1 = $ 15,002.00

(One) Attorney GS-13 step 5 at $48.83 $48.83 x 260 x 1 = $ 12,695.80

(Three) Engineers GS-15 step 5 at $67.88 $67.88 x 260 x 3 = $ 52,946.40

(One) IT Developer GS-15 step 5 at $67.88 $67.88 x 260 x 1 = $ 17,648.80

(One) Engineer GS-13 step 5 at $48.83 $48.83 x 260 x 1 = $ 12,695.80

TOTAL $128,637.60

TOTAL ANNUAL COST TO THE FEDERAL GOVERNMENT: $128,637.60

15. Explain the reasons for any program changes or adjustments for this information collection.

This is a new information collection which adds the following figures to OMB’s inventory: 1,000 to the number of respondents, 1,000 to the annual number of responses, 169,982 to the annual burden hours and $0 to the annual burden cost from the information collection requirements that were adopted in FCC 13-158.

16. For collections of information whose results will be published, outline plans for tabulation and publication.

The FCC has no specific plans to publish data from this information collection and notes that certain information received through the certification process will be presumed confidential and exempt from routine public disclosure. However, the Commission may at some point in the future publish periodic reports summarizing aggregated, non-confidential information from each certification period for the purpose of analyzing outage trends and informing PSAPs, service providers, and the public of the status of 911 network reliability nationwide.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

The Commission does not intend to seek approval not to display the expiration date of the information collection from OMB.

18. Explain any exceptions to the Certification Statement, “Certification of Paperwork Reduction Act Submissions.”

Recordkeeping is a requirement to this collection. The Commission does not believe that it will have an impact on the burden so the Commission merely assigned 1 to the hours as a place holder in ROCIS. This was done as a reminder that it is still a requirement to this collection. There are no other exceptions to the Certification Statement.

B. Collections of Information Employing Statistical Methods:

No statistical methods are employed.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	PRA Supporting Statement - General Instructions
Author	Christopher M. Gacek
File Modified	0000-00-00
File Created	2021-01-24