SUPPORTING STATEMENT
U.S. Department of Commerce
National Technical Information Service
Limited Access Death Master File
Accredited Conformity Assessment Body
Application for Firewalled Status
OMB Control No. 0692-XXXX
A. JUSTIFICATION
This is a new information collection associated with a final rulemaking (Certification Program for Access to the Death Master File/RIN 0692-AA21).
1. Explain the circumstances that make the collection of information necessary.
The National Technical Information Service (NTIS) Limited Access Death Master File Accredited Conformity Assessment Body Application for Firewalled Status (Firewalled Status Application Form) is used to collect information related to the implementation of Section 203 of the Bipartisan Budget Act of 2013 (Pub. L. 113-67) (Act). Section 203 of the Act prohibits disclosure of Limited Access Death Master File (Limited Access DMF) information during the three-calendar-year period following death unless the person requesting the information has been certified under a program established by the Secretary of Commerce. The Act directs the Secretary of Commerce to establish a certification program for such access to the Limited Access DMF. The Secretary of Commerce delegated the authority to carry out the DMF certification program to the Director, NTIS.
Initially, on March 26, 2014, NTIS promulgated an interim final rule, establishing a temporary certification program for persons who seek access to the Limited Access DMF (79 FR 16668). Subsequently, on December 30, 2014, NTIS issued a notice of proposed rulemaking (79 FR 78314). NTIS adjudicated the comments received, and, on June 1, 2016, published a final rule (81 FR 34882). The final rule requires that, in order to become certified, a Person or Certified Person must submit a written attestation from an “Accredited Conformity Assessment Body” (ACAB), as defined in the final rule, concluding that such Person or Certified Person has information security systems, facilities and procedures in place to protect the security of the Limited Access DMF, as required under Section 1110.102(a)(2) of the final rule. A Certified Person also must periodically provide a written attestation for renewal of its certification as specified in the final rule. The ACAB must be independent of the Person or Certified Person seeking certification, unless it is a third party conformity assessment body which qualifies for “firewalled status” pursuant to Section 1110.502 of the final rule.
An ACAB seeking “firewalled status” must apply for such status using the Firewalled Status Application Form. Using the form, the ACAB certifies that it satisfies specific requirements for “firewalled status” and provides information necessary for NTIS to process the application, such as the identity of the Person or Certified Person that would be the subject of the attestation and the basis upon which the certifications were made, information required pursuant to Section 1110.502(b) of the final rule.
2. Explain how, by whom, how frequently, and for what purpose the information will be used. If the information collected will be disseminated to the public or used to support information that will be disseminated to the public, then explain how the collection complies with all applicable Information Quality Guidelines.
All ACABs seeking “firewalled status” under the final rule, which will allow them to provide a written attestation in lieu of an independent ACAB’s attestation, must submit the Firewalled Status Application Form. NTIS intends to use the information collected to evaluate whether a particular ACAB qualifies for “firewalled status.” Although the “firewalled status” concept was not discussed in the notice of proposed rulemaking, comments received in response to the notice of proposed rulemaking addressed the issue and were taken into consideration. These comments helped NTIS determine that the final rule must provide for circumstances where an ACAB is not independent of a Person or Certified Person but is nevertheless capable of providing equal or greater assurance that the Person or Certified Person has the requisite information security systems, facilities and procedures in place to protect the Limited Access DMF than an independent ACAB and other requirements set forth in Section 1110.502(b) of the final rule. The Firewalled Status Application Form collects information to establish that the applicant has established procedures to ensure that its attestations and audits are protected from undue influence from the Person or Certified Person and to ensure allegations of undue influence may be reported confidentially to NTIS to the extent permitted by federal law. The information collected will not be disseminated to the public.
3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological techniques or other forms of information technology.
Beginning on November 28, 2016, the date when the final rule becomes effective, NTIS will make the Firewalled Status Application Form available online on its website. On November 28, 2016, NTIS will accept Firewalled Status Application Forms that Persons and Certified Persons have completed and submitted online through the NTIS website. NTIS encourages Persons and Certified Persons to make use of the online form, but will continue to accept forms submitted through other means, including via fax, mail or as email attachments.
4. Describe efforts to identify duplication.
The certifications and supporting information collected via the Firewalled Status Application Form are unique to this program, as the certifications are related to requirements set forth in the legislation specific to this program.
5. If the collection of information involves small businesses or other small entities, describe the methods used to minimize burden.
Small businesses or other small entities may submit Firewalled Status Application Forms, but NTIS lacks information about the types and sizes of entities impacted by the rule. NTIS included in its notice of proposed rulemaking a request for information from the public about the types of entities impacted by this rule, whether those are small or large entities under the Small Business Administration size standards, and the level of or a description of the type of impacts that the rule will have on those entities. NTIS received a few comments addressing these issues. These comments were taken into consideration in drafting the Firewalled Status Application Form.
The Firewalled Status Application Form collects only information necessary for NTIS to conduct the program.
6. Describe the consequences to the Federal program or policy activities if the collection is not conducted or is conducted less frequently.
Pursuant to Section 203 of the Act, NTIS must audit, inspect and monitor persons certified under the program. This includes determining whether a Person or Certified Person has information security systems, facilities and procedures in place to protect the Limited Access DMF. The provision of a written attestation from an ACAB applying a nationally or internationally recognized auditing standard is a critical device for ensuring that the Person or Certified Person is in compliance with the Limited Access DMF safeguarding requirement. NTIS cannot determine whether an ACAB that is not independent of the Person or Certified Person which is the subject of attestation or audit should be permitted to provide this attestation without collecting the information in the Firewalled Status Application Form. NTIS requires all Persons seeking certification and all Certified Persons to periodically provide written attestation from an ACAB to ensure their continued compliance with Section 203 of the Act.
7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with OMB guidelines.
Not applicable.
8. Provide information of the PRA Federal Register Notice that solicited public comments on the information collection prior to this submission. Summarize the public comments received in response to that notice and describe the actions taken by the agency in response to those comments. Describe the efforts to consult with persons outside the agency to
obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.
A notice soliciting public comments was published in the Federal Register on September 6, 2016 (Vol. 81, Number 172, pages 61194-61195). No comments were received.
NTIS has been working closely with OMB and other relevant Federal agencies on requirements of the certification program.
9. Explain any decisions to provide payments or gifts to respondents, other than remuneration of contractors or grantees.
None.
10. Describe any assurance of confidentiality provided to respondents and the basis for assurance in statute, regulation, or agency policy.
None.
11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.
Not applicable.
12. Provide an estimate in hours of the burden of the collection of information.
The Firewalled Status Application Form is for the use of a conformity assessment body organizationally within the Person or Certified Person’s organization seeking firewalled status. NTIS estimates that it will take a senior auditor within the organization one hour to complete the form. NTIS expects that approximately 20% of the estimated 560 Persons and Certified Persons, or 112, will have ACABs within their organizations apply for firewalled status. As such, the total hours for the public will be 112 (112 Firewalled Status Application Forms x 1 hour each).
13. Provide an estimate of the total annual cost burden to the respondents or record-keepers resulting from the collection (excluding the value of the burden hours in
Question 12 above).
NTIS expects to receive approximately 112 Firewall Status Application Forms annually at a fee of $200 per application, for a total annual cost of $22,400 to respondents.
14. Provide estimates of annualized cost to the Federal government.
The cost to the Federal Government consists of the expenses associated with NTIS personnel reviewing and processing Firewalled Status Application Forms. NTIS estimates that NTIS personnel will require 645 hours to review and process the expected 112 forms, at an average hourly wage rate of $34.80, for a total estimated cost of $22,400.
15. Explain the reasons for any program changes or adjustments.
This is a new information collection associated with the publication of the final rule “Certification Program for Access to the Death Master File” (RIN 0692-AA21). The final rule requires that Persons and Certified Persons provide written attestations from an ACAB independent of the Person or Certified Person to ensure compliance with the requirements for safeguarding Limited Access DMF information, unless the ACAB qualifies for “firewalled status.” Although the “firewalled status” concept was not discussed in the notice of proposed rulemaking, comments received in response to the notice of proposed rulemaking addressed the “firewalled status” issue and were taken into consideration in drafting the final rule. These comments helped NTIS determine that the final rule must provide for circumstances where an ACAB is not independent of a Person or Certified Person but is nevertheless capable of providing equal or greater assurance that the Person or Certified Person has the requisite information security systems, facilities and procedures in place to protect the Limited Access DMF than an independent ACAB and other requirements set forth in Section 1110.502(b) of the final rule. The Firewalled Status Application collects information to establish that the applicant has established procedures to ensure that its attestations and audits are protected from undue influence from the Person or Certified Person and to ensure allegations of undue influence may be reported confidentially to NTIS to the extent permitted by federal law.
Please further note that Section 203(b)(3)(A) of the Act requires that the Secretary of Commerce “shall establish a program for the charge of fees sufficient to cover (but not exceed) all costs associated with evaluating applications for certification and auditing, inspecting and monitoring certified persons under the program.” Because of this requirement, NTIS will charge the costs associated with the review and processing of the Firewalled Status Application Forms only to the conformity assessment bodies seeking firewalled status.
16. For collections whose results will be published, outline the plans for tabulation and publication.
Not applicable.
17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons why display would be inappropriate.
Not applicable.
18. Explain each exception to the certification statement.
Not applicable.
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
Not applicable.
| File Type | application/msword |
| Author | Brian Lieberman (Fed) |
| Last Modified By | Yonder, Darla (Fed) |
| File Modified | 2016-11-14 |
| File Created | 2016-11-14 |