Supporting Statement for Form SSA-120

Application for Access to SSA Systems

20 CFR 401.45

OMB No. 0960-0791

A. Justification

1. Introduction/Authoring Laws and Regulations

Section 205(a) of the Social Security Act (Act) provides the Commissioner of Social Security the authority to establish procedures for verifying identity. 20 CFR 401.45 of the Code of Federal Regulations, Subpart B provides procedures for verifying identity.

The Social Security Administration (SSA) collects this information by authority of the Privacy Act of 1974, at 5 U.S.C. 552A (e)(10), of the United States Code which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Sub-section 5 U.S.C. 552A (f)(2)&(3) requires agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. Executive Order (E.O.) 10450 authorizes the collection of the data SSA requires on Form SSA-120. In addition, E.O. 9397, 26 CFR 31.6011(b)2, and 26 CFR 31.61091 provide specific authority for the use of Social Security numbers. 44 U.S.C. 3553 of the Federal Information Security Modernization Act of 2014 amends the 44 U.S.C. 3543 of the Federal Information Security Management Act (FISMA) of 2002, state the authority and functions of the Director and the Secretary for developing and overseeing the implementation of policies, principles, standards, and guidelines on information security.

2. Description of Collection

SSA uses Form SSA-120 and the accompanying electronic version to allow authorized users to apply for access to SSA’s information systems. SSA requires supervisory approval, and local or component security officer review, prior to granting access. The respondents are SSA employees and non-Federal employees (contractors) who require access to SSA systems to fulfill their jobs.

Note: Because SSA employees are Federal workers exempt from the requirements of the Paperwork Reduction Act, the burden we list in #12 below is only for SSA contractors.

2. Use of Information Technology to Collect the Information

Form SSA-120 is available as a print-only PDF on SSA’s website. SSA created an electronic version system called Systems Access Management (SAM). We use SAM to collect approximately 68 percent of the data we use. SAM is a process for initial access, access granting, access approval, access continuation, and access removal under the agency’s Government Paperwork Elimination Act (GPEA).

2. Why We Cannot Use Duplicate Information

The nature of the information we collect and the manner in which we collect it preclude duplication. SSA does not use another collection instrument to obtain similar data.

5. Minimizing Burden on Small Respondents

This collection does not affect small businesses or other small entities.

6. Consequence of Not Collecting Information or Collecting it Less Frequently

If SSA did not use Form SSA-120, or the Systems Access Management (SAM) application, we would not have a way to track an individual’s access to SSA’s information systems and resources, nor would we be able to assure the confidentiality, integrity, and availability of SSA’s information technology resources. Because we only collect the information on an as needed basis, we cannot collect it less frequently. There are no technical or legal obstacles to burden reduction.

7. Special Circumstances

There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.

8. Solicitation of Public Comment and Other Consultations with the Public

The 60-day advance Federal Register Notice published on May 30, 2017, at 82 FR 24767, and we received no public comments. The 30-day FRN published on August 29, 2017 at 82 FR 41085. If we receive any comments in response to this Notice, we will forward them to OMB.

8. Payment or Gifts to Respondents

SSA does not provide payments or gifts to the respondents.

8. Assurances of Confidentiality

SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.

8. Justification for Sensitive Questions

The information collection does not contain any questions of a sensitive nature.

8. Estimates of Public Reporting Burden

Modality of Collection	Number of Respondents	Frequency of Response	Average Burden Per Response (minutes)	Estimated Total Annual Burden (hours)
SSA-120 (paper version)	685	1	2	23
SSA-120 (Internet version)	1,482	1	1.5	37
Totals	2,167			60

The total burden for this ICR is 60 hours. We based these figures on current management information data. We did not calculate a separate cost burden.

13. Annual Cost to the Respondents (Other)

This collection does not impose a known cost burden to the respondents.

14. Annual Cost To Federal Government

The annual cost to the Federal Government is approximately $1,027. This estimate accounts for costs from the following areas: (1) designing, printing, and distributing the form; (2) SSA employee (e.g., field office, 800 number, DDS staff) information collection and processing time; and (3) systems development, updating, and maintenance costs.

15. Program Changes or Adjustments to the Information Collection Request

The decrease in burden hours from 109 to 60 hours stems from a decrease in the number of contractors hired by SSA. We decreased the number of respondents for this ICR from 3,253 to 2,167, as we are hiring fewer contractors due to budget constraints. The estimate of burden per response has not changed.

16. Plans for Publication Information Collection Results

SSA will not publish the results of the information collection.

17. Displaying the OMB Approval Expiration Date

SSA is not requesting an exception to the requirement to display the OMB approval expiration date.

18. Exceptions to Certification Statement

SSA is not requesting an exception to the certification requirements in 5 CFR 1320.9 and related provisions in 5 CFR 1320.8(b) (3).

B. Collections of Information Employing Statistical Methods

SSA does not use statistical methods for this information collection.