Improving 911 Reliability; Reliability and Continuity of Communications 3060-1202
Including Networks, Broadband Technologies September 2020
Supporting Statement
A. Justification:
The Public Safety and Homeland Security Bureau (PSHSB) seeks the renewal of an existing information collection, requiring covered 911 service providers to submit annual certifications attesting to the reliability of their 911 networks under the Commission’s Section 9.19 rules.1 This information collection serves as a way of verifying that covered 911 service providers have implemented backup power, circuit diversity, and network auditing measures, or reasonable alternatives, with respect to their critical 911 assets. By requiring covered 911 service providers to attest that they have implemented these reliability measures, this information collection helps ensure the resiliency of 911 networks, and their continued availability to the public.
The Commission adopted these certification requirements in 2013, after the June 2012 derecho storm left millions of Americans without full 911 access for periods ranging from a few hours to several days.2 In its December 2013 Report and Order, the Commission concluded that a purely voluntary approach to 911 reliability has not been sufficiently effective to ensure Americans’ access to 911.3 Preventable 911 network failures during the June 2012 derecho put lives and property at risk and revealed that service providers had not consistently implemented vital best practices voluntarily despite repeated reminders.4 In light of this experience and substantial evidence in the record of this proceeding, the Commission concluded that it would no longer rely exclusively on a voluntary approach, and that additional action was warranted with respect to critical 911 communications.
The Commission specifically rejected the suggestion that Commission action to improve 911 reliability would disrupt the development of best practices and adopted a certification approach in the Report and Order intended to be both flexible and encouraging of innovation.
The rules adopted in 2013 require certain 911 service providers5 to certify annually whether they implement specific best practices or reasonable alternative measures to mitigate the risk of failure. This process included an initial certification of 50 percent compliance on October 15, 2015,6 one year after the rules became effective on October 15, 2014,7 and a full, annual certification every year thereafter. The annual certification is contained in 47 C.F.R. § 9.4(c) and covers three substantive areas: critical 911 circuit diversity, central office backup power, and diverse network monitoring. Service providers that have implemented every element of the certification may simply certify compliance at each covered facility without attaching additional information. If a service provider does not meet one or more certification requirements, it must provide a brief explanation of the alternative measures it has implemented in that area, or of why that element of the certification is not applicable to its network. Service providers must retain records to support their certification responses for two years.8 As discussed below, however, the Commission anticipates that such records already will have been generated and retained in the normal course of business as part of the certification process, making any additional recordkeeping burden minimal.
This supporting statement renews the annual information collection required by 47 C.F.R. § 9.19(c).
The statutory authority for this collection of information is contained in sections 1, 4(i), 4(j), 4(o), 201(b), 214(d), 218, 251(e)(3), 301, 303(b), 303(g), 303(r), 307, 309(a), 316, 332, 403, 615a-1, and 615c of the Communications Act of 1934, as amended, 47 U.S.C. §§ 151, 154(i)-(j) & (o), 201(b), 214(d), 218, 251(e)(3),301, 303(b), 303(g), 303(r), 307, 309(a), 316, 332, 403, 615a-1, and 615c.
This information collection does not implicate any of rules or obligations of the Privacy Act.
The Bureau will collect the information via an electronically filed annual certification from each covered 911 service provider, in which the provider will indicate whether it has implemented specified best practices promoting 911 reliability. The Commission will deem providers that are able to certify that they are implementing those best practices to have satisfied the “reasonable measures” requirement in the rules. Providers that are unable to certify fully may certify instead that that they have taken reasonably sufficient alternative measures in light of particular facts and circumstances, so long as the providers briefly describe such measures and provide supporting documentation to the Commission upon request. Similarly, service providers may respond that a particular certification element is not applicable to their networks, but they must include a brief explanation as to why such particular certification elements are not applicable.
PSHSB will collect the information for review and analysis to verify that covered 911 service providers are taking reasonable measures to ensure a reliable 911 network, as demonstrated by their implementation of specified best practices or reasonable alternative measures. The Commission has delegated authority to PSHSB to review certification information and follow up with service providers as appropriate to address deficiencies revealed by the certification process. In certain cases, based on the information included in the certifications and subsequent contact with the provider, the Bureau, acting on delegated authority, may ultimately require remedial action to correct vulnerabilities in a service provider’s 911 network if it determines that (a) the service provider has not, in fact, adhered to the elements of the certification, or (b) in the case of providers employing alternative measures, that those measures were not reasonably sufficient to mitigate the associated risks of failure.
The information generated by this information collection will assist the Commission in promoting more reliable 911 communications nationwide by requiring covered service providers to take reasonable measures to maintain reliable service, as evidenced by the annual certification. The Commission expects the certification requirement to continue to bring the importance of 911 reliability to the attention of corporate leadership and ensure that adequate funds are budgeted for needed improvements in network infrastructure.
The Commission anticipates that all certifications will be filed either directly electronically or sent to the FCC via email as Excel files. Companies can bundle their submissions onto an Excel file in order to file multiple reports at a time. If the covered provider certifies that it has taken the same reasonably sufficient alternative measures in multiple cases, the covered provider may easily copy from its first certification report to subsequent ones. The Commission adopted this method to reduce the burden on covered providers of writing up the alternative measure for each report.
This agency does not impose a similar information collection on the respondents, and there is no similar data available from other sources. The reporting requirement has been carefully designed to require reporting of only that data needed for the Commission to achieve its objective of assuring the reliability and security of 911 networks and services.
In conformance with the Paperwork Reduction Act of 1995, the Commission made an effort to minimize the burden on all respondents, regardless of size. In the 2013 Report and Order, the Commission concluded that overriding public safety concerns require its rules to apply equally to all covered 911 service providers. Observing that 911 is no less a critical public service in any part of the nation, the Commission declined to establish two tiers of 911 reliability based on economics or geography. The Commission notes, however, that the certification approach and the option of certifying alternative measures allow flexibility for small or rural providers to comply with Commission rules in the manner most appropriate for their networks.
While all providers that meet the definition of covered 911 service provider are required to file a certification, many of the requirements, by their nature, apply only to larger providers, as very few smaller providers operate Critical 911 Circuits, as defined in the Report and Order, and/or have regional aggregation points for network monitoring. The most likely scenario for smaller providers that fall within the definition of covered 911 service provider is that they provide administrative lines, but not Critical 911 Circuits or selective routing capabilities, to one or more Public Safety Answering Points (PSAPs). In such cases, the provider must complete the backup power portion of the certification but may respond that the elements for circuit auditing and network monitoring are not applicable.
Additionally, the 2013 rules were intended to complement and strengthen, not to replace, the Commission’s longstanding approach of encouraging service providers to voluntarily implement best practices, then measuring compliance through mandatory outage reporting. Thus, with respect to everyday commercial communications that do not impact public safety as much as 911, small entities with limited resources will continue to enjoy the benefits of the current framework, including a general focus on network performance and reliability rather than specific design requirements.
If this information is not collected, the Commission will have extremely limited ability to gauge the reliability of the nation’s 911 networks. The Commission, acting under its statutory obligation to promote the safety of life and property, determined that the status quo was unacceptable in light of preventable 911 outages affecting millions of Americans during the June 2012 derecho.
The Commission initially considered various reporting periods before determining that an annual certification is necessary to ensure that covered 911 service providers are fulfilling their obligation to take reasonable measures to provide reliable 911 service. In order to reduce the immediate burden, the 2013 rules required all covered 911 service providers to file an initial, one-time certification on October 15, 2015,9 one year after the rules became effective on October 15, 2014,10 showing that they have made substantial progress toward meeting the standard of the full certification. To allow service providers time to implement the best practices reflected in the certification, the Commission defined “substantial progress” in the Report and Order as at least 50 percent compliance with each of the three substantive certification requirements.11 The Commission delegated to the Bureau authority to implement this initial certification. In 2016, covered 911 service providers completed the remaining certification requirements. For 2017 and thereafter, all covered 911 service providers will file a 911 reliability certification on an annual basis.
This collection of information is consistent with the guidelines in sections 5 C.F.R. 1320.5(d)(2) & 1320.6.
On July 20, 2020 pursuant to 5 C.F.R. Section 1320.8, a 60-Day Notice was published in the Federal Register (See 85 FR 43836) for the information collection requirements contained in this collection with comments due on or before July 20, 2020. The Commission did not receive any comments following publication of the Notice.
No payment or gift to respondents has been or will be made in connection to this information collection.
The rules provide that the following information obtained from initial and annual certifications will be treated as presumptively confidential and exempt from routine public disclosure under the federal Freedom of Information Act: (1) descriptions and documentation of alternative measures to mitigate the risks of nonconformance with certification standards; (2) information detailing specific corrective actions taken; and (3) supplemental information requested by the Commission or Bureau with respect to a certification.12 Examples of information the Commission will treat as presumptively confidential include circuit routes and diagrams, maintenance records, internal policies and procedures, and outage data. The Commission does not consider confidential the mere fact that a certification was (or was not) filed, or aggregated information summarizing a covered 911 service provider’s responses to each element of the certification.13 Accordingly, the Commission may periodically release reports summarizing high-level certification data without disclosing the confidential information noted above.
This collection of information does not address any matters of a sensitive nature.
Under the 2013 rules, all covered 911 service providers must take reasonable measures to provide reliable 911 service with respect to circuit diversity, central-office backup power, and diverse network monitoring. Performance of the elements of the certification in accordance with the rules shall be deemed to satisfy this requirement. If a covered 911 service provider cannot certify that it has performed a given element, the Commission may determine that the provider nevertheless satisfies this requirement based upon a showing that it is taking alternative measures with respect to that element that are reasonably sufficient to mitigate the risk of failure, or that one or more certification elements are not applicable to its network.
The 2013 rules require a collection of information in the following areas:
a. Physical diversity audit: Covered 911 service providers must certify annually whether they have, within the past year, audited the physical diversity of critical 911 circuits or equivalent data paths to each PSAP they serve, tagged those circuits to minimize the risk that they will be reconfigured at some future date, and eliminated all single points of failure between the selective router, automated location identification (ALI)/automated numbering identification (ANI) database (or equivalent Next Generation 911 (NG911) component) and the central office serving each PSAP. In lieu of eliminating single points of failure, they may describe why these single points of failure cannot be eliminated and the specific, reasonably sufficient alternative measures they have taken to mitigate the risks associated with the lack of physical diversity. Alternatively, covered 911 service providers may certify that they believe this element of the certification is not applicable to their network, but they must explain why it is not applicable. Covered 911 service providers must also retain records of circuit audits for confidential review by the Commission, upon request, for two years.
Regarding circuit tagging (an inventory management process whereby critical circuits are labeled or entered into databases to make it less likely that circuit rearrangements will compromise diversity), the Commission does not require a specific method or technology for tagging circuits, but does require service providers to take reasonable measures to prevent inadvertent rearrangement of diverse circuits over time. Based on commenters’ descriptions of current industry practice, the Commission believes that most covered 911 service providers already have some circuit inventory process in place. Furthermore, once providers conduct annual audits of critical 911 circuits, the incremental cost of tagging those circuits will be de minimis because keeping and updating circuit records is an essential part of the audit process.
Notwithstanding the explicit references above to the “physical diversity of critical 911 circuits” and also to “circuit tagging”, the Commission has always intended its 911 reliability rules to be technology-neutral and has made clear that functionally equivalent 911 capabilities should be treated consistently for purposes of the certification. Appropriate measures to preserve physical and logical diversity may differ between circuit-switched time division multiplexing (TDM) and IP-based networks (including but not limited to NG911 arrangements) because IP-based routing and, in the event of an outage, re-routing, can occur dynamically over many possible paths. The certification process is intended to be flexible to account for these types of technical considerations and to allow for alternative measures where appropriate.
In addition, covered 911 service providers may obtain services from other NG911 or IP-based service providers, and a physical diversity audit and tagging of these contractors’ networks may be effectively impossible. For this reason, the Commission permits providers of NG911 and other IP-based providers to certify the use of reasonable alternative measures, rather than certification of true circuit diversity, to mitigate the risks of 911 outages.
As a result, the Commission does not anticipate that the use of IP-based technologies, including NG911, will increase the burdens on covered 911 service providers.
We estimate that no more than 200 entities14 serving roughly 7,000 PSAPs will be considered covered 911 service providers under the rules. If every PSAP nationwide is audited each year, those service providers will perform 7,000 audits annually. Based on our experience and on the record in this proceeding, each audit will require approximately 23 hours of labor by one technician earning $85.00 hourly. Thus, the total in-house cost and hour burden for circuit auditing is the following:
Burden Hours: 7,000 audits x 23 hours/audit = 161,000 hours
In-House Cost: 7,000 audits x 23 hours/audit x $85/hour = $13,685,000.00
b. Central Office Backup Power: Covered 911 service providers must certify annually whether they have sufficient, reliable backup power in any central office that directly serves a PSAP to maintain full-service functionality, including network monitoring capabilities, for at least 24 hours at full office load. Additionally, especially critical central offices that host selective routers must be equipped with at least 72 hours of backup power at full office load. If that level of backup power is not feasible at a particular central office that directly serves a PSAP or hosts a selective router, the service provider must briefly state why it is not feasible and describe the specific alternative measures it has taken to mitigate the risk associated with backup power configurations that fail to satisfy the certification standard. Covered 911 service providers may also certify that they believe this element of the certification is not applicable to their network, although they must explain why it is not applicable.
Service providers must also certify whether they: (1) test and maintain all backup power equipment in all central offices directly serving PSAPs in accordance with the manufacturer’s specifications; (2) adhere to best practices regarding fully automatic, non-interdependent generators that can be started manually if necessary; and (3) design and operate backup generators in any central office equipped with more than one generator as stand-alone units that do not depend on each other for reliable operation. Covered 911 Service Providers must retain records of backup power deployment and maintenance for confidential review by the Commission, upon request, for two years. If the specified standards related to testing, operation, and tandem generator configurations cannot be met, the service provider must briefly state why it is not feasible to meet them and describe the specific alternative measures it has taken to mitigate the risk associated with the failure to satisfy the certification standards.
Each covered 911 service provider will need to check and certify the backup power status at each central office that directly serves a PSAP. There were approximately 5,000 unique central offices audited in 2019. Based on information from the 2019 audit, we estimate that in 4,700 of those cases, the provider will have implemented the specific back-up power measures described in rule.15 We estimate it will take a technician earning $85.00/hour about 30 minutes to so certify. Thus, in those 4,700 situations which currently have the prescribed backup power levels, the paperwork burden is:
Burden Hours: 4,700 central office-served PSAPs x 30 minutes (0.50 hours)/certification = 2,350 hours
In-House Cost: 4,700 central office-served PSAPs x 30 minutes (0.50 hours)/certification x $85.00/hour = $199,750.00
In the remaining 300 cases, we anticipate that it will take a technician earning $85.00/hour some two hours to document and explain what alternative measure the covered 911 service provider is taking in that location. Thus, in those 300 situations, the paperwork burden is:
Burden Hours: 300 central office-served PSAPs x 2 hours/case = 600 hours
In-House Cost: 300 central office-served PSAPs x 2 hours/case x $85.00/hour = $51,000.00
Thus, the total paperwork burden and in-house cost associated with the central office backup power rule is:
2,350 hours
6,00 hours
2,950 hours16
$199,750.00
$ 51,000.00
$250,750.00
We note that this number differs from the total cost of backup power requirements discussed in the Report and Order in that it reflects only the information collection burden of filing a certification, not any additional work that may be required to repair or replace backup power equipment.
c. Network monitoring: Covered 911 service providers must certify annually whether they have, within the past year: (1) audited the physical diversity of the aggregation points that they use to gather network monitoring data in each 911 service area17 and the network monitoring links between such aggregation points and their network operations centers (NOCs); and (2) implemented physically diverse aggregation points for network monitoring data in each 911 service area and physically diverse links from such aggregation points to at least one NOC or, in light of the required audits, taken specific alternative measures reasonably sufficient to mitigate the risk of insufficient physical diversity. They may also certify that they believe this element of the certification is not applicable to their network, although they must explain why it is not applicable. Covered 911 Service Providers also must retain records of their network monitoring routes and capabilities for confidential review by the Commission, upon request, for two years.
There were approximately 1,000 911 service areas certified in 2019. Most of these were from a single company which treated each large central office as a 911 service area. The 2019 911 certifications indicated that most companies have diverse network monitoring capabilities in place. As a result, we estimate that it will take a technician earning $85.00 per hour no more than two hours per 911 service area to complete the requirements of the certification, including any explanation of alternative measures.
We note that the cost estimate in the Report and Order for the network monitoring portion of the certification also included the cost of adding diverse monitoring points in each service area, not just the hour-burden of complying with the certification. Accordingly, we believe the paperwork burden associated with this rule is:
Burden Hours: 1,000 911 service areas x 2 hours/certification = 2,000 hours
In-House Cost: 1,000 911 service areas x 2 hours/certification x 1 technician earning $85.00/hour = $170,000.00
d. Certifying official: The rules require that, in order to ensure accuracy and accountability, each certification must be made by a corporate officer responsible for network operations in all relevant service areas. Thus, the certifying official must have supervisory and budgetary authority over a covered 911 service provider’s entire 911 network, not merely certain regions or service areas.
The electronic certification system will allow each covered 911 service provider to upload a letter signed by the certifying official attesting to the accuracy and completeness of the certification. In 2019, 177 covered 911 service providers submitted certifications. We therefore estimate the paperwork burden of having a certifying official review and attest to the accuracy of each certification as follows:
Burden Hours: 200 potential reports x 4 hours to review = 800 hours
In-House Cost: 200 potential reports x 4 hours to review x $210/hour = $168,000.00
e. Records maintenance: The rules state that covered 911 service providers must make the records used in compiling certifications available to the Commission for two years after submission. We believe the expense of maintaining any such records is de minimis, as the respondents most likely already maintain such records electronically at nominal cost. The Commission does not anticipate that respondents need to incur new capital or start-up costs, or new operation and maintenance and purchase of services costs to comply with this requirement.
TOTAL CUMULATIVE BURDEN HOURS: Based on the above estimates, the information collection requirements contained in the rules will create a total burden of 166,750 hours annually.18 If there are 200 covered 911 service providers, each one will incur an average annual burden of approximately 834 hours.
TOTAL CUMULATIVE IN-HOUSE COST: Based on the above estimates, the rules will create a total in-house cost of $14,273,750.00 annually.19 If there are 200 covered 911 service providers, each one will incur an average annual in-house cost of approximately $71,369.
TOTAL NUMBER OF RESPONDENTS: 200.
TOTAL NUMBER OF ANNUAL RESPONSES: 200.
These burdens and costs may vary significantly among different service providers depending on how many PSAPs they serve, whether they operate a selective router or its functional equivalent, and the number of service areas in which they operate. For example, a large company that serves hundreds of PSAPs nationwide may require several thousand hours to audit all of its critical 911 circuits, while a small service provider that serves only one PSAP in a rural area may require only a few hours. Although all elements of the certification (i.e., circuit auditing, backup power, and network monitoring) will likely apply to large service providers, some requirements may not apply to smaller entities based on their network configurations and individual circumstances.
The Commission does not anticipate that respondents need to incur new capital or start-up costs, consulting fees, or new operation and maintenance or purchase of services costs to respond to this information collection. Respondents have indicated that, through appropriate records management practices, they already maintain the information to be collected in the normal course of business.
TOTAL ANNUAL COST BURDEN TO RESPONDENTS: $0.
The Commission
does not expect to incur costs beyond the normal labor costs for
staff.
The Commission adjusts the cumulative burden hours for this collection from 167,550 to 166,750
(-800 hours). Out of these -800 burden hours, 200 hours were overstated in OMB’s Inventory and are being adjusted to correct the previous figures. There are no changes in the total number of respondents and total annual responses. These adjustments reflect the Commission’s most current available data on an increase in the number of unique central offices and a decrease in the number of 911 service areas.
The FCC has no specific plans to publish data from this information collection and notes that certain information received through the certification process will be presumed confidential and exempt from routine public disclosure. However, the Commission may at some point in the future publish periodic reports summarizing aggregated, non-confidential information from each certification period for the purpose of analyzing outage trends and informing PSAPs, service providers, and the public of the status of 911 network reliability nationwide.
The Commission is requesting a waiver of the requirement to display the OMB expiration date on the 911 Reliability Certification System because that would require updating each time this collection was submitted to OMB for review and approval. The Commission displays the OMB expiration date, title and OMB control number in 47 CFR 0.408 of the Commission’s rules.
When the Commission published the 60/30 Day Notices in the Federal Register on July 20, 2020 (85 FR 43836) and on September 25, 2020, respectively, the total annual burden hours were reported as 166,350. The total annual burden hours should have been reported as 166,750 which are reflected in this submission to OMB.
There are no other exceptions to the Certification Statement.
B. Collections of Information Employing Statistical Methods:
No statistical methods are employed.
1 See 47 C.F.R. § 9.19.
2 See FCC, Public Safety and Homeland Security Bureau, Impact of the June 2012 Derecho On Communications Networks and Services: Report and Recommendations at 1, 39 ( 2013), http://www.fcc.gov/document/derecho-report-and-recommendations (Derecho Report) .
3 See Improving 911 Reliability; Reliability and Continuity of Communications Networks, Including Broadband Technologies, PS Docket Nos. 13-75 and 11-60, Report and Order, 20 FCC Rcd 17476, 17487, para. 24 (2013) (911 Reliability Order).
4 911 Reliability Order, 20 FCC Rcd at 17487, para. 25.
5 The rules define covered 911 Service Providers as entities that provide 911, E911, or NG911 capabilities such as call routing, automatic location information (ALI), automatic number identification (ANI), or the functional equivalent of those capabilities, directly to a public safety answering point (PSAP), or that operate one or more central offices that directly serve a PSAP. See 47 C.F.R. § 9.19(a)(4).
6 See Public Safety and Homeland Security Bureau Announces the Effective Dates of 911 Reliability Certification and PSAP Notification Requirements, PS Docket Nos. 13-75, 11-60, Public Notice, DA 14-1664 (PSHSB Nov. 18, 2014).
7 911 Reliability Order, 20 FCC Rcd at 17501, para. 65.
8 See 47 C.F.R. §9.19(d)(3).
9 See Public Safety and Homeland Security Bureau Announces the Effective Dates of 911 Reliability Certification and PSAP Notification Requirements, PS Docket Nos. 13-75, 11-60, Public Notice, DA 14-1664 (PSHSB Nov. 18, 2014).
10 911 Reliability Order, 20 FCC Rcd at 17501, para. 65.
11 See No. 12 infra for more detailed discussion of the three substantive areas.
12 911 Reliability Order, 20 FCC Rcd at 17538, para. 156
13 Id. at 17537, para. 155.
14 In 2019, 177 separate entities filed certifications.
15 This includes cases where the company certified that the central office fully met the back-up power requirement or had a common alternative measure that was used for many other central offices.
16 This burden also includes the recordkeeping requirements, as we expect that service providers already retain, and will continue to retain, in the normal course of business any information on their backup power deployment and maintenance generated through the certification process.
17 Service providers typically collect network monitoring data through geographically distributed aggregation points, which may correspond to major metropolitan areas but may also vary in size and location by service provider. We intend the certification obligation in this section to ensure that large service providers have diverse access to monitoring data in each of the major service areas in which they are the major provider of 911 service, i.e., operate the selective routers or equivalent, but not necessarily to every end point in their networks.
18 161,000 hours for circuit audits, 2,950 hours for backup power, 2,000 hours for network monitoring, and 800 hours for review and attestation = 166,750 total burden hours.
19 $13,685,000for circuit audits, $250,750 for backup power, $170,000 for network monitoring, and $168,000 for review and attestation = $14,273,750 total in-house cost.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | PRA Supporting Statement - General Instructions |
Author | Christopher M. Gacek |
File Modified | 0000-00-00 |
File Created | 2021-01-13 |