1652-0056 Pipeline CSR SS (08.17.2016)

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

The Transportation Security Administration (TSA) has broad responsibility and authority for “security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.” 49 United States Code (U.S.C.) 114(d). In addition to carrying out the security responsibilities in paragraph (d), TSA is responsible for “assess[ing] threats to transportation” and “develop[ing] policies, strategies, and plans for dealing with threats to transportation security.” 49 U.S.C. 114(f)(2) and (3). Within TSA, the Office of Security Policy and Industry Engagement/Surface Division/Pipeline Security Branch (Pipeline Branch) has the lead for all pipeline security matters, including the responsibility to conduct assessments under 6 U.S.C. 1207.

In order to assess current industry security practices, the Pipeline Branch has implemented its Pipeline Corporate Security Review (PCSR) program. The PCSR is a voluntary, face-to-face visit with a pipeline owner/operator during which TSA discusses the company’s corporate level security planning and also completes the PCSR Form, which includes 218 questions concerning the owner/operator’s corporate level security planning, covering security topics such as physical security, vulnerability assessments, training, and emergency communications. TSA is seeking OMB approval for renewal of this information collection in order to continue reviewing security planning and plan implementation in the pipeline mode, determine baseline security standards for the industry, and identify areas of security weakness and improvement.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

As required by 6 U.S.C. 1207, TSA has used the information collected during the PCSR process to determine baseline security standards and areas of security weakness in the pipeline mode. This data and interaction with stakeholders informed the agency’s Pipeline Security Guidelines and Pipeline Security Best Practice Observation documents.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden. [Effective 03/22/01, your response must SPECIFICALLY reference the Government Paperwork Elimination Act (GPEA), which addresses electronic filing and recordkeeping, and what you are doing to adhere to it. You must explain how you will provide a fully electronic reporting option by October 2003, or an explanation of why this is not practicable.]

The collection is conducted by means of a site visit to a pipeline owner/operator’s headquarters location. During the site visit, TSA discusses the owner/operator’s security planning, and all information captured during the visit is later recorded electronically by TSA onto the PCSR Form. This collection form is secured and retained electronically within TSA’s Pipeline Security Branch upon completion and used for analysis in determining industry baseline standards. The PCSR program intent is to verify that the owner/operator is implementing its security program through an onsite review of its security plan as well as to provide a means for TSA to build stakeholder relations through a face-to-face discussion on security planning, a goal which is not readily achievable or practicable if an electronic reporting option were available to the owner/operator as an alternative to the onsite visit.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose(s) described in Item 2 above.

TSA works closely with its partners at the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) to coordinate security initiatives. Since 2006, the two agencies have operated under an annex to the memorandum of understanding (MOU) between DOT and the Department of Homeland Security. This annex specifically addresses the respective roles and responsibilities of TSA and PHMSA as well as coordination processes. There is no other similar information collection currently in place at PHMSA that specifically targets corporate-level security planning and plan implementation in the pipeline mode of transportation.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

This information collection should not have a significant impact on small businesses or other small entities. While there are over 2,200 pipeline owner/operators in the U.S., the PCSR primarily focuses on the nation’s top 100 pipeline systems, as determined by energy throughput. These top 100 systems are operated by approximately 65 companies, and account for 85% of all hazardous liquids and natural gas transported in the United States. These companies are often large, corporate operations with business ventures across the world, and as such, employ hundreds if not thousands of employees. By focusing the PCSR on the top 100 pipeline systems in the U.S., TSA is aligning its mission and resources with DHS’s risk-based security approach. It is possible that TSA will visit pipeline systems outside the top 100, but only as circumstances dictate (e.g., intelligence information indicates a smaller system is the target of a credible threat, or smaller systems are of critical importance to national defense). Given that the PCSR program only visits a maximum of 15 out of 2,200 owner/operators a year, and the owner/operators visited often represent the largest pipeline companies in the U.S., there should be no significant impact on a substantial number of small pipeline owner/operators in any given year of the program.

6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

If the PCSR collection were to be discontinued, this would impede TSA’s ability to remain current on minimum security standards being voluntarily employed in the industry, as well as diminish its ability to identify areas of security weakness, two activities that are critical to the agency’s carrying out its transportation security mission. Without means of collecting this information, TSA would be unable to confidently identify security gaps and weakness in the pipeline mode and, consequently, would not be able to effectively identify areas to develop programs to better strengthen modal security.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d) (2).

There are no special circumstances that would require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d) (2).

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of this collection of information. See 81 FR 26243 (May 2, 2016). A 30-day notice was also published. See 81 FR 41982 (June 28, 2016). No comments were received in response to the notices.

9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

No payment or gift will be provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

The collection is deemed Sensitive Security Information (SSI) and will be handled as required by 49 CFR Parts 15 and 1520. In addition, this collection is covered by Privacy Impact Assessment (PIA) for the DHS General Contact Lists. See, DHS/ALL/PIA-006 June 15, 2007.

11. Provide additional justification for any questions of sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.

No personal questions of a sensitive nature will be posed during the information collection.

12. Provide estimates of hour and cost burden of the collection of information.

There are approximately 2,200 pipeline companies in the United States. TSA estimates that a pipeline owner/operator’s Corporate Security Manager or equivalent will spend an average of 8 hours to participate in the PCSR process. Assuming that TSA were able to visit every company in the pipeline mode, the potential burden would be 17,600 hours (2,200 companies x 8 hours) annually. However, given time and staffing constraints, TSA is normally able to complete only 15 PCSRs in any given calendar year. Thus, the potential burden to the pipeline owner/operators is estimated to be 120 hours (15 companies x 8 hours) annually. Based on the pipeline owner/operator’s Corporate Security Manager’s average hourly loaded wage rate of $88.20¹, TSA estimates a total cost of $10,584.00 (120 hours x $88.20 per hour) annually to the pipeline owner/operators.

13. Provide an estimate of annualized capital and start-up costs. (Do not include the cost of any hour burden shown in Items 12 and 14).

TSA does not estimate a cost to the pipeline industry beyond the hour burden detailed in answer 12.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

A PCSR is conducted by two (2) representatives from TSA; a Senior Analyst (J Band) assisted by a Junior Analyst (I Band). Each review takes approximately 8 hours per employee. Following the review, an additional 4 days of labor (32 hours) is devoted to completing the form, which is split equally between both analysts. The entire PCSR process for TSA takes 24 hours per TSA employee. Based on a TSA Senior Analyst average hourly loaded wage rate of $71.80² and a Junior Analyst average hourly loaded wage rate of $58.88³, TSA estimates a total labor cost of $47,044.80 [(24 hours x 15 PCSRs x $71.80 per hour) + (24 hours x 15 PCSRs x $58.88 per hour)] annually to the Federal Government. Additionally, TSA estimates a total travel cost of $36,000.00 (2 employees x 15 companies x $1,200 per trip) annually to the Federal Government. TSA estimates a total cost of $83,044.80 (labor plus travel) annually to the Federal Government for 15 PCSRs.

14. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

The cost to the Federal Government has changed due to the decrease of federal employees conducting the PCSR. In 2013, 3 representatives conducted the review. Today, only 2 employees conduct the review. The cost to the Federal Government has thereby decreased from $86,742.00 to $83,044.80 (labor plus travel) annually.

14. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

Security information collected during the PCSR will not be published or shared. To the extent information collected via the PCSR process is considered to be SSI, it will be protected from disclosure and publication, and will be handled as described in 49 CFR Parts 15 and 1520.

14. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

Not applicable.

14. Explain each exception to the certification statement identified in Item 19, “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.

No exceptions noted.