1652-0056 Pipeline CSR SS_1.31.2020

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information. (Annotate the CFR parts/sections affected).

The Transportation Security Administration (TSA) has broad responsibility and authority for “security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.” 49 U.S.C. 114(d). In addition to carrying out the security responsibilities in paragraph (d), TSA is responsible for “assess[ing] threats to transportation” and “develop[ing] policies, strategies, and plans for dealing with threats to transportation security.” 49 U.S.C. 1114(f)(2) and (3). Section 1557 of the Implementing Recommendations of the 9/11 Commission Act (Pub. L. 110-53; 121 Stat. 475; Aug. 3, 2007), as codified at 6 U.S.C. 1207, requires TSA to conduct assessments of pipeline security systems.

In order to assess current industry security practices, TSA implemented its Pipeline Corporate Security Review (PCSR) program. The PCSR is a voluntary, face-to-face visit with a pipeline owner/operator during which TSA discusses the company’s corporate level security planning and also completes the PCSR Form, which includes 210 questions concerning the owner/operator’s corporate level security planning, covering security topics such as physical and cyber security, vulnerability assessments, training, and emergency communications. TSA also follows up on results of each PCSR. TSA is seeking OMB approval for extension of this information collection in order to continue reviewing security planning and plan implementation in the pipeline mode, determine baseline security standards for the industry, and identify areas of security weakness and improvement.

2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.

As required by 6 U.S.C. 1207, TSA has used the information collected during the PCSR process to determine baseline security standards and areas of security weakness in the pipeline mode. This data and interaction with stakeholders informs the agency’s Pipeline Security Guidelines and Pipeline Security Best Practice Observation documents.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.

The collection is conducted by means of a site visit to a pipeline owner/operator’s headquarters location. During the site visit, TSA discusses the owner/operator’s security planning, and all information captured during the visit is later recorded electronically by TSA onto the PCSR Workbook. This collection workbook is secured and retained electronically by TSA upon completion and used for analysis in determining industry baseline standards. The intent of the PCSR program is to verify that the owner/operator is implementing its security program through an onsite review of its security plan as well as to provide a means for TSA to build stakeholder relations through a face-to-face discussion on security planning, a goal which is not readily achievable or practicable if an electronic reporting option were available to the owner/operator as an alternative to the onsite visit.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose(s) described in Item 2 above.

TSA works closely with its partners at the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) to coordinate security initiatives. Since 2006, the two agencies have operated under an annex to the memorandum of understanding (MOU) between DOT and the Department of Homeland Security. This annex specifically addresses the respective roles and responsibilities of TSA and PHMSA as well as coordination processes. There is no other similar information collection currently in place at PHMSA that specifically targets corporate-level security planning and plan implementation in the pipeline mode of transportation.

5. If the collection of information has a significant impact on a substantial number of small businesses or other small entities (Item 5 of the Paperwork Reduction Act submission form), describe the methods used to minimize burden.

This information collection should not have a significant impact on small businesses or other small entities. While there are over 2,200 pipeline owner/operators in the United States, the PCSR primarily focuses on the nation’s top 100 pipeline systems, as determined by energy throughput. These top 100 systems are operated by approximately 85 companies, and account for 85 percent of all hazardous liquids and natural gas transported in the United States. These companies are often large, corporate operations with business ventures across the world, and as such, employ hundreds if not thousands of employees. By focusing the PCSR on the top 100 pipeline systems in the United States, TSA is aligning its mission and resources with DHS’s risk-based security approach. It is possible that TSA will visit pipeline systems outside the top 100, but only as circumstances dictate (e.g., intelligence information indicates a smaller system is the target of a credible threat, or smaller systems are of critical importance to national defense). Given that the PCSR program only visits a maximum of 20 out of 2,200 owner/operators a year, and the owner/operators visited often represent the largest pipeline companies in the United States, there should be no significant impact on a substantial number of small pipeline owner/operators in any given year of the program.

6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

If the PCSR collection were to be discontinued, this would impede TSA’s ability to remain current on minimum security standards being voluntarily employed in the industry, as well as diminish its ability to identify areas of security weakness, two activities that are critical to the agency in carrying out its transportation security mission. Without means of collecting this information, TSA would be unable to confidently identify security gaps and weakness in the pipeline mode and, consequently, would not be able to effectively identify areas to develop programs to better strengthen modal security.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d)(2).

There are no special circumstances that would require the collection to be conducted in a manner inconsistent with the general information collection guidelines in 5 CFR 1320.5(d) (2).

8. Describe efforts to consult persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d) soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of this collection of information. See 84 FR 31895 (July 3, 2019). A 30-day notice was also published. See 84 FR 52524 (October 2, 2019). Consistent with the requirements of Executive Order (E.O.) 13771, Reducing Regulation and Controlling Regulatory Costs, and E.O. 13777, Enforcing the Regulatory Reform Agenda, the notices included a specific request for comments on the extent to which this request for information could be modified to reduce the burden on respondents. No comments were received in response to the notices.

9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.

No payment or gift will be provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

No assurances of confidentiality were provided to respondents; however, to the extent information collected is deemed Sensitive Security Information (SSI), TSA will handle as required by 49 CFR parts 15 and 1520. In addition, Privacy Impact Assessment (PIA) coverage is provided under the DHS/ALL/PIA-006 General Contact Lists PIA. (June 15, 2007).

11. Provide additional justification for any questions of sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.

No personal questions of a sensitive nature will be posed during the information collection.

12. Provide estimates of hour and cost burden of the collection of information.

TSA anticipates completing 20 PCSRs annually. Each PCSR places an 8-hour burden on a respondent, and an additional 1-3 hours to follow-up on results of each PCSR, for an annual hour burden of 9-11 hours; the annual hour burden for the entire collection of 180-220 hours. TSA uses a fully-loaded wage rate¹ of $91.90 for a Corporate Security Manager.² TSA estimates an annual hour burden cost to the public of $16,542 - $20,218. Table 1 summarizes these results.

13. Provide an estimate of annualized capital and start-up costs. (Do not include the cost of any hour burden shown in Items 12 and 14).

TSA does not estimate a cost to the pipeline industry beyond the hour burden detailed in answer 12.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, and other expenses that would not have been incurred without this collection of information.

A PCSR is conducted by one (1) representative from TSA; either a Senior Analyst (J Band) or a Junior Analyst (I Band). Each review takes approximately 8 hours per employee. Following the review, an additional 32 hours are devoted to completing the form, which is split equally between two analysts, for an annual hour burden of 800 hours. TSA I-Band employees have a fully-loaded wage rate of $66.79. TSA J-Band employees have a fully-loaded wage rate of $78.65. TSA uses a simple average wage rate of $72.72 to estimate the hour burden costs, for an annual hour burden cost of $58,176. Table 2 summarizes these estimates.

In addition, TSA expends an estimated $24,000 in travel costs to support the PCSR process. This brings the total TSA annual costs $82,176.

14. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I.

The public hour burden of this collection has increased slightly due to the inclusion of the follow-ups as part of the burden calculation.

14. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.

Security information collected during the PCSR will not be published or shared. To the extent information collected via the PCSR process is considered to be SSI, it will be protected from disclosure and publication, and will be handled as described in 49 CFR parts 15 and 1520.

14. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

Not applicable.

14. Explain each exception to the certification statement identified in Item 19, “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.

No exceptions noted.