Supporting Stmt 0704-0460 SPOT-ES 2016-10-17

SUPPORTING STATEMENT – PART A

Synchronized Predeployment and Operational Tracker Enterprise Suite (SPOT-ES)

OMB Control Number 0704-0460

A.  JUSTIFICATION

1.  Need for the Information Collection

The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2008, Public Law 110-181, Section 861, requires a common database between the Department of State (DoS), Department of Defense (DoD) and the United States Agency for International Development (USAID) to serve as the repository of information on contracts and contractor personnel performing in Iraq and Afghanistan. A 2010 Memorandum of Understanding between DoS, DoD and USAID designates the Synchronized Predeployment and Operational Tracker (SPOT) as that common database. Public Law 110-181, Section 862, requires a process for registering, processing, accounting for, and keeping appropriate records of personnel performing private security functions in an area of combat operation. Again, SPOT was selected as the common database for compliance. DoD Instruction 3020.41, Operational Contractor Support (OCS), states: “In applicable contingency operations, contractor visibility and accountability shall be maintained through a common joint database, the Synchronized Predeployment and Operational Tracker (SPOT).”

DoDI 3020.41 further requires SPOT to assist Combatant Commanders (CCDR) in maintaining awareness of the nature, extent, and potential risks and capabilities associated with OCS in support of contingency operations, humanitarian or peacekeeping operations, or military exercises designated by the CCDR. To ensure accountability, visibility, force protection, medical support, personnel recovery, and other related support can be accurately forecasted and provided, DoDI 3020.41 outlines procedures for establishing, maintaining, and validating the common joint database, currently designated as SPOT.

Government contract companies are required to enter their employee’s data into SPOT before contractors are deployed outside of the United States. SPOT is also used during Homeland Defense and Defense Support of Civil Authority Operations within the United States. This data collection on contractors is a condition of DoD contracts when DFARS 252.225-7040, Contractor Personnel Authorized to Accompany U.S. Armed Forces Deployed Outside the United States, is incorporated. This clause applies when contractors are authorized to accompany U.S. Armed Forces deployed outside of the United States in contingency, humanitarian or peacekeeping operations or other military operations/exercises when designated by the Combatant Commander. Any persons who choose not to have data collected will not be entitled to employment opportunities which require this data to be collected.

Contractor personnel are required to have a Letter of Authorization (LOA) in their possession at all times when deployed, and SPOT is the only system that provides the LOA. The LOA is required to process through a deployment center and to travel to, from, or within designated operational areas. The LOA is required for access to authorized Government Services (AGS) which are assigned by the responsible Contracting Officer for each individual contractor IAW their contract as a part of the automated LOA process in SPOT. If the data is not collected to generate the LOA, contractors would not be able to obtain AGS in their deployed locations, including access to meals and lodging - limiting their ability to obtain critical life support. In their 2004 Memo, the Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA(ALT)) directed that their military, Department of Defense (DoD) civilians and government contractors are to be centrally managed and have chosen SPOT for this purpose. Information is collected on all three categories for this subset of DoD.

2.  Use of the Information

In accordance with appropriate acquisition policy and regulations, DoS and USAID funded contractors supporting operations in Iraq and Afghanistan and all DoD awarded contracts that may potentially support contingency operations worldwide shall input employee data and maintain by-name accountability of contractor personnel in a designated database as specified in their contract. Currently, SPOT is the named system in these contractual requirements. Contractors are responsible for knowing the general location of their employees and ensuring the database contains up-to-date, near real-time information reflecting all personnel deployed or to be deployed in support of contingency, humanitarian, peacekeeping or disaster relief operations or as designated by the cognizant Combatant Commander. Prime contractors are responsible for ensuring the database, SPOT, or its successor, contains up-to-date, real-time information regarding their subcontractors at all tiers.

The SPOT-ES Information Collection begins with the announcement of a named contingency, humanitarian, peacekeeping or disaster relief mission or when designated by the Combatant Commander. Companies with contracts to provide support respond by documenting their employees who will deploy to the geographical area of responsibility (AOR) being impacted using their internal databases or company forms and the Department of Homeland Security’s United States Citizenship and Immigration Services (USCIS) Form I-9, Instructions for Employment Eligibility Verification. This data is then entered into the SPOT-ES Database, located at https://spot.dmdc.milhttps://spot.dmdc.mil/. Screen shots and dropdown options have been provided as part of the OMB Package. The Assistant Secretary of the Army for Acquisition Logistics and Technology (ASA(ALT)) also populates the SPOT-ES Database with their civilian and military members who travel as individuals supporting a specific program rather than as a military unit. Categories of individuals covered by the SPOT-ES System of Records Notice (SORN) are those supporting military exercises, events, contingency, humanitarian assistance, peacekeeping, and disaster relief operations, and other activities, missions or scenarios that require contractor support within and outside of the United States (U.S.) as follows:

1. Department of Defense (DoD) military personnel

2. DoD civilian employees

3. DoD contractor personnel

4. Department of State (DOS) contractor personnel

5. DOS civilian employees supporting contingency operations led by DoD or the DOS Office of Security Cooperation outside of the U.S.

6. United States Agency for International Development (USAID) contractor personnel

7. USAID civilian employees supporting contingency operations led by DoD or the DOS Office of Security Cooperation outside of the U.S.

8. Government civilian and contractor personnel of other Federal Agencies, e.g., the Department of Interior, Department of Homeland Security, Department of Treasury, Department of Justice, Department of Health and Human Services, Environmental Protection Agency, Department of Transportation, Department of Energy, and General Services Administration

9. Civilian organizations and private citizens, including first responders, who are in the vicinity, are supporting, or are impacted by operations, e.g., contingency, humanitarian assistance, or disaster relief, and transit through a location where a Joint Asset Movement Management System (JAMMS) workstation is deployed.

The SORN also describes who, what, and why information regarding this data collection is required per the Privacy Act because SPOT-ES collects personally identifiable information (PII). This collection action is indicated in Figure 1 by the graphic showing hands on a computer labeled SPOT in the top left corner. The data collection fields are accessed by authorized users via the web and the responses are entered directly into the unclassified SPOT graphical user interface (GUI). There is a Privacy Act Statement portrayed on the web site as part of the login process every time any of the SPOT-ES products are accessed. Each SPOT User must confirm their agreement before they are allowed to proceed to the system. The information then collected is stored in the central contractor repository database as indicated by the SPOT NIPRNET database in the top center of Figure 1, below.

Figure 1 – SPOT-ES Information Collection Flow

The records stored in the SPOT database are then transported to the classified side (SIPR) where black programs may use existing data and enter additional data as required. As noted in Paragraph 1, the reason for collecting this information in the SPOT application is because Public Law 110-181, Section 861, requires a single central repository of contract and contractor information for deployees to Iraq and Afghanistan to be used by DoD, DOS and USAID. These three Agencies have designated SPOT as the single repository and authoritative source for contract and contractor information related to the Iraq and Afghanistan contingencies. Additionally, in their January 2008 memo, the Department of Defense provided time-phased implementation guidance for input of contractor data into SPOT such that all contractors employed on DoD-funded contracts being performed in support of contingency operations anywhere in the world be entered into SPOT by 30 September 2008 and continuing thereafter. ASA(ALT) uses this application so that they have a single source for visibility of all their deployed personnel assets (military, DoD civilians and contractors).

Once deployed, contractors present their Common Access Card (CAC) or LOA at JAMMS workstations for scanning. Military and civilians also scan their CACs for access to dining facilities and at other locations. The JAMMS workstation records the date and time that the specific individual is at a certain location consuming associated government services, e.g., meals, flights, or billeting. This information is also fed into the unclassified SPOT system where it is stored until the interface with DEERS/RAPIDS is activated (several times daily). This process feeds the unique DoD ID number on each scanned CAC to DEERS/RAPIDS which returns personally identifiable information (PII), e.g., name and SSN to either build or append an existing person record and log the specific date and time the individual transited the JAMMS location. This information is also transferred to the classified network and stored in the SPOT SIPR database. TOPSS provides reports to authorized government users for planning and analysis. It is not currently accessible by contractor company representatives. Official notification for the information collection is not sent to the respondents. Applicable contracts contain DFARS Clause 252.225-7040, which prompts the companies to respond. This clause will be provided as part of the OMB Package. The 2004 ASA(ALT) Memorandum requiring the use of SPOT will also be in the OMB Package.

3.  Use of Information Technology

SPOT is a Web-based system. 100% of the information is collected electronically.

4.  Non-duplication

There is no duplication of data collection. SPOT is the authoritative contract and contractor database that was designated as the central repository for contract and contractor data by DoD, DoS and USAID for Iraq and Afghanistan contingencies as soon as the requirement was identified. SPOT was then leveraged to collect similar information for other countries, geographic Combatant Commands and other federal agencies specifically to avoid the cost and resources required to develop, populate and maintain separate data repositories for similar data collection purposes. SPOT shares the data it houses with other authoritative sources to reduce the likelihood of duplicate burdens of collection and reconciling information from more than a single source.

5.  Burden on Small Business

The information collection associated with small businesses is the minimum consistent with applicable laws, executive orders, regulations, and prudent business practices. In accordance with best business practices, this data collection does allow for company administrators working for the prime contractor to enter the data into SPOT for such small businesses that are their sub-contractors.

6.  Less Frequent Collection

The data is collected one-time for each deploying contractor for each deployment. As the situation regarding their deployment changes, the record is updated until the individual re-deploys, i.e., leaves the area of operations. All information is collected electronically to reduce the burden of maintaining paper copies in accordance with Public Law 96-511, Section 94 Statute 2812. If this data is not collected and updated there is a risk that contractor personnel will be without the ability to obtain life support or personnel recovery services when placed in harm’s way.

7.  Paperwork Reduction Act Guidelines

There are no special circumstances that require the collection to be conducted in a manner inconsistent with the guidelines in 5 CFR 1320.5 (d) (2). As stated in Paragraph 4, it avoids unnecessary duplication and as stated in Paragraph 5 it carries the least amount of burden on small companies. This data collection is necessary for agencies to comply with Public Law 110-181, Sections 861 and 862 to properly perform their functions. The National Archives and Records Administration has determined the retention periods for recordkeeping requirements of the SPOT data collection as described in NARA N1-au-07-0005. The office collecting the data makes appropriate use of information technology, continually enhancing performance to match IT advancements and defeat security vulnerabilities while increasing functionality to meet customer and stakeholder requirements that will enable rapid response to military operations and federal missions.

8.  Consultation and Public Comments

• Part A: PUBLIC NOTICE

The 60-day Federal Register notice was published May 24, 2016 in 81 FRN 32736. No comments have been received. The 30-day Federal Register notice was published on November 9, 2016 in 81 FRN 78793.

Every quarter the data collected is provided to the respondents for review, comment and updating. Requests for the data being collected are received on an ongoing basis from combatant commanders, law enforcement agencies, and private sector companies. Standard reports are provided on routine and ad hoc schedules to federal agencies, DoD entities and companies who use SPOT-ES. The SPOT-ES Configuration Control Board (CCB) members ingest and share information on consultations they have with the companies providing the data. The CCB meets quarterly and they consider this feedback when making decisions on continued use of the collected data for OMB 0704-0460 and when determining the priority of proposed enhancements to the existing software.

• Part B: CONSULTATION

Representatives of the sponsoring Agency, Office of the Under Secretary of Defense (Acquisition, Technology & Logistics) for Program Support, attend Industry Conferences at least once a year to gather direct feedback on the SPOT-ES Program. This includes comments on the elements being gathered for this Information Collection as well as the capabilities and functionality of the SPOT-ES family of systems.

Each month the Help Desk receives over 1,000 contacts and more than 60% of these are from the contractor community who are responsible for providing the SPOT-ES information. The great majority are related to SPOT registration – asking for assistance with a new user registration, adding another role to an existing user account, inquiring about a problem with logging into the system, or requesting reactivation of an account because it had not been used for more than 90 days. The next highest category are related to requesting changes to the record of a company employee. Examples are: a deployment is changed from one location to another, a deployment ended and needs to be closed out or a person has changed from one company to another and needs to be released by the prior company. All of these take a small amount of time to resolve. Occasionally a Company User will provide an idea on how to improve the process of information collection, and these are documented as a change request (CR). These CRs are consolidated with changes recommended by Government Users. During 2014 a Usability Release Working Group reviewed 98 separate CRs. Some were found to be duplicative and were combined with others. Some were unfounded and discarded. Twenty-two of these were selected for implementation to improve the user experience. These proceeded through design, development, test and implementation resulting in a number of Usability Releases starting in March 2015 and continuing through 2016.

Information is initially collected for each person; once the record is built in SPOT only changes need to be added for subsequent deployments, e.g., location, time frame, purpose and contact information updates. A benefit to the Company for providing the requested information on their employees is that SPOT uses this collection to produce the Letter of Authorization (LOA) for each individual. This document must be carried by each contractor in the geographical area of responsibility (AOR) where they are to be deployed. The LOA allows the named employee access to the authorized government services to which they are entitled that are listed thereon. Without the LOA the person would not have access to critical life support in dangerous areas where they cannot be procured commercially by an individual, e.g., meals, lodging and transportation.

9.  Gifts or Payment

No payment or gift is provided to respondents.

10.  Confidentiality

A portion of the information in SPOT is considered as personally identifiable information (PII), i.e., personal or sensitive. Therefore, SPOT-ES contains built-in safeguards to limit access to and visibility of this information. SPOT is implementing attribute-based access control (ABAC) security so that any user only sees the information for their own organization and for which permission has been granted in accordance with existing laws and policies.

The current SPOT Privacy Act Statement (PAS) is displayed on the SPOT, JAMMS and TOPSS web sites. All respondents must consent to the PAS before gaining access to one of these SPOT-ES products.

The current Systems of Records Notice (SORN), DMDC 18 DoD, was updated and published on May 26, 2015 (80 FRN 30057). It is available to all respondents via the Internet at URL http://dpcld.defense.gov/Privacy/SORNsIndex/DOD-wide-SORN-Article-View/Article/570569/dmdc-18-dod/ .

The Privacy Impact Assessment (PIA) has been revised and is currently with the DMDC Privacy Office going through the signature process. Sections 1 & 2 of this approved draft have been included with this OMB package submitted for 2016.

Information is collected via secure entry (ssh port 43) on the web. The SPOT-ES systems are DIACAP certified having been subjected to and passed thorough security testing and evaluation by independent parties. The data collection meets safeguards specified by the Privacy Act of 1974. SPOT and TOPSS are hosted in secure DoD facilities.

The National Archives and Records Administration has determined the retention periods for recordkeeping requirements of the SPOT data collection as described in NARA N1-au-07-0005. Disposition instructions are to keep until an individual's deployment is terminated and no longer needed for conducting business, then retire to the Army Electronic Archives (AEA). The AEA will transfer the data to the National Archives for permanent retention when the record is 25 years old. Personnel information will be compiled and converted into statistical data to identify trends and determine judgement on claims and lawsuits; and used in research and studies that may prevent or fully support future litigations, contingencies, and the rights and interests of American citizens.

11.  Sensitive Questions

This information collection includes the social security number (SSN) as part of the individual contractor records. Use of the SSN within SPOT-ES falls under Acceptable Use 8, Computer Matching and Acceptable Use 11, Legacy System Interface. Each of the three SPOT-ES applications have manual or automated interfaces with authoritative systems that need SSN as part of their unique person validation process in accordance with current Interface Control Agreements (ICAs). Where possible the DoD ID Number (aka EDIPI) is used in lieu of the SSN. However, several of these interfaces are with legacy systems that are not able to accept the DoD ID and have no plans to modify their system to recognize and store the DoD ID based on cost limitations. A Social Security Number Justification Memo is included as part of the OMB submission package.

12.  Respondent Burden, and its Labor Costs

a. Estimation of Respondent Burden

b. Labor Cost of Respondent Burden

The cost to each respondent is based on the approximate salary of $36.00 per hour using Department of Labor statistics for the average of the hourly mean wages of Management of Companies & Enterprises and Federal Branch industries at http://www.bls.gov/oes/current/oes131071.htm.

13.  Respondent Costs Other Than Burden Hour Costs

There is not a specific startup cost nor an annual reporting and recordkeeping cost burden associated with this information collection as automated tools are accessible to authorized users via Internet connection for data submission. Completion is accomplished entirely through the SPOT web-based system.

14.  Cost to the Federal Government

The cost to the federal government is for review of the data that is collected from the private sector. The companies who employ contractors who deploy to contingency, humanitarian or peacekeeping operations enter data to build records. Because many contractors deploy on the same contract for the same company, information may be consolidated for collection. Similarly, government personnel are able to review the data in a consolidated fashion, averaging about 10 responses reviewed in 4 minutes. This is what is used to determine the cost to the federal government for the data collection. The hourly wage is based on the base rate of a GS-12, Step 5 as of January 2016.

The government has a responsibility to retain a repository of contracts and contractor personnel records related to specified operations in accordance with United States law and the Code of Federal Regulations. Operations and maintenance are funded by congressional appropriations. There is no cost to the federal government for equipment as each employee has access to an Internet connected computer as part of their work environment. This information collection uses automated tools that are accessible to registered government users via Internet connection with their CAC / PIN. Printing and postage are not relevant as all data is collected and reviewed within the application. Similarly, there is no software to purchase or licenses to hold beyond the CAC certificate, which is issued to Government employees via another program of record.

15.  Reasons for Change in Burden

This is a reinstatement of a previously approved collection for which approval has expired. There was a significant decrease in the number of U.S. Forces in Afghanistan based on the announced conclusion of combat operations at the end of 2014. There was a commensurate reduction in the number of contracts and contractors supporting those U.S. Forces and Government operations. This drove a three-fold decrease in the annual burden hours. While the U.S. Central Command (CENTCOM) burden was decreasing, during this same timeframe the use of SPOT as the centralized database grew in the other geographic Combatant Commands (COCOMs). This drove an overall increase to the number of respondents while the responses per respondent decreased by 75 per cent. The actual numbers for this 2016 collection and the last collection in 2013 are presented in the below Table.

16.  Publication of Results

There are no plans for this information collection to be formally tabulated or published. Doing so would violate the Privacy Act as it would publish personally identifiable information (PII) and potentially place deployed personnel in harm’s way.

17.  Non-Display of OMB Expiration Date

The expiration date of the OMB approval may be displayed; approval is not sought for avoiding display of the expiration date for OMB approval of the information collection.

18.  Exceptions to "Certification for Paperwork Reduction Submissions"

There are no exceptions to the certification accompanying this Paperwork Reduction Act submission. The collection of information encompassed by this request fully complies with the provisions of Title 5 - Administrative Personnel, of the Code of Federal Regulations, Part 1320 – Controlling Paperwork Burdens on the Public, Section 1320.9 - Agency certifications for proposed collections of information (5 CFR 1320.9).