Supporting Statement for Paperwork Reduction Act Submissions
Title:
OMB Control Number: 1670-0014
Chemical-Facility Anti-Terrorism Standards
Supporting Statement A
A. Justification
1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.
The CFATS Program identifies and regulates the security of high-risk chemical facilities using a risk-based approach. The Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014, Public Law 113-254) and also codified the CFATS program into the Homeland Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Public Law 116-136, Sec. 16007 (2020).The Department implemented the CFATS Program through rulemaking and issued an Interim Final Rule (IFR) on April 9, 2007 and a final rule on November 20, 2007. See 72 FR 17688 and 72 FR 65396.
Pursuant to 6 U.S.C. 623, the CFATS regulations allows, and sometimes requires, facilities to communicate or notify CISA of specific information that is not otherwise collected through the primary CFATS information collection no.1670-0007.
This information collection (1670-0014) will expire on December 31, 2021.1
History of the Currently Approved Information Collection
In January 2010, the Department submitted an ICR to OMB to establish four new instruments. This request was approved by OMB on March 19, 2010.
In March 2013, the Department submitted an ICR to OMB, to extend the authorization to use the four instruments without change. This request was approved by OMB on September 13, 2014.
In August 2017, the Department submitted an ICR which: (a) revised the burden of the collection, (b) revised the existing four instruments, and (c) added a new instrument. This request was also approved by OMB on December 19, 2018.
This ICR requests a revision of the Information Collection and subsequent approval to collect information for an additional three years.
Reasons for Revisions
CISA requests that OMB extend this information collection with the following revisions:
Minor revisions to all five instruments that reflect the passage of the Cybersecurity and Infrastructure Security Act of 2018, 6 U.S.C. §§ 651-74, such as updating the Agency name to conform with the Agency’s new designation as CISA, as well as provide clearer descriptions of the scope of each instrument. CISA is not proposing changes to the scope of any instrument.
Updated the number of respondents for all instruments based on historical data collected related to these instruments between CY2018 and CY2021.
Updated the number of responses per respondent for two instruments (i.e., Request for an Extension and Compliance Assistance) based on historical data collected between CY2018 and CY2020.
An increase of the annual reporting and recordkeeping hour and cost burden due to an increase in the respondent wage rate from $79.75/hour to $85.82/hour, which is based on updated Bureau of Labor Statistics (BLS) data.
An increase of the overall total annual operating cost to the Federal Government for this collection from $957,562 to $1,001,189 based on the projected costs for Government Full-time Equivalent (FTE) salaries that is reflected in the Office of Personnel Management’s (OPM) 2020 General Schedule Locality Pay Table.
2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.
The instruments that comprise this collection are as follows:
Request for Redetermination
Request for an Extension
Top-Screen Update
Compliance Assistance
Declaration of Reporting Status
All information collected supports CISA’s effort to reduce the risk of a successful terrorist attack against high-risk chemical facilities. This collection directly and indirectly supports the affected chemical facilities’ requirements to submit data under the CFATS Act of 2014 and CFATS, 6 CFR Part 27.
Request for Redetermination
Pursuant to 6 CFR § 27.205(b), a covered facility that has been previously determined to present a high level of security risk that has materially altered its operations may seek a redetermination from CISA by completing this instrument. In many instances, a request for redetermination may be submitted by a facility concurrent with its submission of a Top-Screen as a result of a material modification pursuant to 6 CFR § 27.210(d). Whether or not a Top Screen is submitted, this instrument also provides a facility with the opportunity to provide an explanation supporting why CISA should grant the redetermination request. Under 6 CFR § 27.205(b), CISA is required to respond within 45 calendar days of receipt of a redetermination request. This instrument allows the covered facility to notify CISA of a reduced quantity of chemical(s) of interest or to notify of the removal of a chemical(s) of interest. The instrument will collect the supporting information needed to verify the reason for the request for redetermination.
The information is primarily collected electronically by this instrument.
Request for an Extension
Pursuant to 6 CFR § 27.210(c), CISA has authority to modify the submission schedule for Top Screens, Security Vulnerability Assessments (SVA), Site Security Plans (SSP), and Alternative Security Programs (ASPs). Facilities that require additional time to submit information may request an extension from CISA using this instrument. By completing this instrument CISA will consider extending the submission deadline for a particular facility.
The information is primarily collected electronically by this instrument.
Top-Screen Update
Pursuant to 6 CFR § 27.210, a facility will use this instrument when it needs to submit a revised Top Screen based on closure or sale of the facility, addition of a new Chemical of Interest (COI), and elimination or changes to the amount of existing COI. This instrument also covers the resubmission of a Top Screen pursuant to the schedule provided in 6 CFR § 27.210(b).
The information is primarily collected electronically by this instrument.
Compliance Assistance
A chemical facility of interest may submit a written request to initiate consultations or seek technical assistance from CISA. This instrument may be used by a facility to request such consultation and/or technical assistance. If requested, CISA may provide assistance with submission of a TS, SVA, SSP, or ASP; assist a facility with registration; or answer additional questions, as necessary; allow an inspector to visit a potentially non-compliant facility; verify material modifications during the redetermination process; or follow-up on security issues or results of a recent incident. This instrument requires that the facility specify a reason for the request and their desired outcome.
The information is primarily collected electronically by this instrument.
Declaration of Reporting Status
Pursuant to 6 CFR Part 27, this instrument will be used by a chemical facility to identify that it is not required to submit a Top Screen. The facility must specify a reason for the request and the facility’s desired outcome. This information will be used by CISA to assist in its efforts to identify chemical facilities of interest.
The information is primarily collected electronically by this instrument.
3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.
CISA collects information primarily in electronic format through the CSAT system to enhance access controls and reduce the paperwork burden for chemical facilities. CISA collects information covered by the Compliance Assistance instrument from chemical facilities primarily through email requests.
Table 1: Medium Information Is Collected In
Name of Instrument |
Medium Collection |
Request for Redetermination |
The information is primarily collected electronically by this instrument. |
Request for an Extension |
The information is primarily collected electronically by this instrument. |
Top-Screen Update |
The information is primarily collected electronically by this instrument. |
Compliance Assistance |
The information is primarily collected electronically by this instrument. |
Declaration of Reporting Status |
The information is primarily collected electronically by this instrument. |
4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.
CFATS is authorized by the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (also known as the CFATS Act of 2014, Pub. L. No. 113-254) which codified the CFATS program into the Homeland Security Act of 2002. See 6 U.S.C. 621 et seq., as amended by Pub. L. No. 116-136, Sec. 16007 (2020).
As a unique chemical security program it does not duplicate any current collection activities.
5. If the collection of information impacts small businesses or other small entities (Item 5 of OMB Form 83-I), describe any methods used to minimize.
No unique methods will be used to minimize the burden to small businesses.
6. Describe the consequence to Federal/DHS program or policy activities if the collection of information is not conducted, or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
The frequency of collection is largely dictated by regulation, specifically 6 CFR part 27. Failure to conduct this collection, or to conduct collection less frequently would hinder a facilities’ ability to comply with the regulation and CISA’s ability to enforce compliance with the regulation.
7. Explain any special circumstances that would cause an information collection to be conducted in a manner:
(a) Requiring respondents to report information to the agency more often than quarterly.
(b) Requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it.
(c) Requiring respondents to submit more than an original and two copies of any document.
(d) Requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years.
(e) In connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study.
(f) Requiring the use of a statistical data classification that has not been reviewed and approved by OMB.
(g) That includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use.
(h) Requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information’s confidentiality to the extent permitted by law.
No special circumstances are involved with this collection.
8. Federal Register Notice:
a. Provide a copy and identify the date and page number of publication in the Federal Register of the agency’s notice soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.
b. Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.
c. Describe consultations with representatives of those from whom information is to be obtained or those who must compile records. Consultation should occur at least once every three years, even if the collection of information activities is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.
Table 2: Listing of Federal Register Notices
|
Date of Publication |
Volume # |
Number # |
Page # |
Comments Addressed |
60-Day Federal Register Notice: |
3/23/2021 |
86 |
54 |
15490 |
YES |
30-Day Federal Register Notice |
6/23/2021 |
86 |
118 |
32953 |
N/A |
CORRECTION to 30-Day Federal Register Notice |
6/29/2021 |
86 |
122 |
34267 |
|
A 60-day public notice for comments was published in the Federal Register on March 23, 2021 at 86 FR 15490.2
A 30-day public notice for comments was published in the Federal Register on June 23, 2021 at 86 FR 32953.3
A correction to the 30-day public notice for comments was published in the Federal Register on June 29, 2021 at 86 FR 34267.4
9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.
No payment or gift of any kind is provided to any respondents.
10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.
No assurance of confidentiality is provided to the respondents. However, some information may be protected from disclosure by CISA under the designation CVI. CVI is a Sensitive but Unclassified designation authorized under Pub. Law 107-296 and implemented in 6 CFR 27.400.
6 U.S.C. 623(d) states that “in any proceeding to enforce this section, vulnerability assessments, site security plans, and other information submitted to or obtained by the Secretary under this section, and related vulnerability or security information, shall be treated as if the information were classified material.” In addition, 6 CFR § 27.400(h) specifies the circumstances under which access to CVI may be provided by CISA in the context of an administrative enforcement proceeding.
This is a privacy sensitive system. A Privacy Threshold Analysis has been adjudicated by the DHS Privacy Office which resulted in a determination that PIA coverage is provided by DHS/NPPD/PIA-009(a) Chemical Facility Anti-Terrorism Standards August 12, 2016. SORN coverage is provided by DHS/ALL-002-Department of Homeland Security (DHS) Mailing and Other Lists System, November 25, 2008, 73 FR 71659, DHS/ALL-004-General Information Technology Access Account Records System (GITAARS), November 27, 2012, 77 FR 70792.
Notwithstanding the Freedom of Information Act (FOIA) (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws in accordance with 6 U.S.C. 623(c) and 6 CFR § 27.400(g), records containing CVI are not available for public inspection or copying, nor does CISA release such records to persons without a need to know. See 6 CFR 27.400(g)(1).
If a record contains both CVI and non-CVI information, the latter information may be disclosed in response to a FOIA request, provided that the record is not otherwise exempt from disclosure under FOIA and that it is practical to redact the protected CVI from the requested record. See 6 CFR 27.400(g)(2).
CISA’s primary IT design requirement is ensuring data security. CISA acknowledges that a non-zero risk exists, both to the original transmission and the receiving transmission, when requesting data over the Internet. CISA has weighed the risk to the data collection approach against the risk to collecting the data through paper submissions and concluded that the web-based approach was the best approach given the risk and benefits.
CISA has taken a number of steps to protect both the data that will be collected through the CSAT Program and the process of collection. The security of the data has been the number one priority of the system design. The site that CISA uses to collect submissions is equipped with hardware encryption that requires Transport Layer Security (TLS), as mandated by the latest Federal Information Processing Standard (FIPS). The encryption devices have full Common Criteria Evaluation and Validation Scheme (CCEVS) certifications. CCEVS is the implementation of the partnership between the National Security Agency and the National Institute of Standards (NIST) to certify security hardware and software.
11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.
The instrument described in this collection does not request any information of a personally sensitive nature.
12. Provide estimates of the hour burden of the collection of information. The statement should:
a. Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. Unless directed to do so, agencies should not conduct special surveys to obtain information on which to base hour burden estimates. Consultation with a sample (fewer than 10) of potential respondents is desired. If the hour burden on respondents is expected to vary widely because of differences in activity, size, or complexity, show the range of estimated hour burden, and explain the reasons for the variance. Generally, estimates should not include burden hours for customary and usual business practices.
b. If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.
c. Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories. The cost of contracting out or paying outside parties for information collection activities should not be included here. Instead, this cost should be included in Item 14.
CISA assumes that the majority of individuals who will complete this instrument are SSOs, although a smaller number of other individuals may also complete this instrument (e.g., Federal, State, and local government employees and contractors). For the purpose of this notice, CISA maintains this assumption. Therefore, to estimate the total annual burden, CISA multiplied the annual burden of 575 hours by the average hourly wage rate of SSOs of $85.82 per hour. The SSOs’ average hourly wage rate was based on an average hourly wage rate of $58.88 with a benefits multiplier of 1.4575.5
The instrument burden estimates are summarized in the table below:
Table 3: Instrument Burden Estimate
Instrument |
# of Respondents |
Responses per Respondent |
Average Burden per Response (in hours) |
Total Annual Burden (in hours) |
Total Annual Burden (in dollars) |
|
(a) |
(b) |
(c) |
(d) = (a) x (b) x (c) |
(e) = (d) x $85.82 |
Request for Redetermination |
250 |
1 |
0.25 |
62.5 |
$5,364 |
Request for an Extension |
400 |
1.25 |
0.083 |
41.7 |
$3,576 |
Top-Screen Update |
2,500 |
1.5 |
0.083 |
312.5 |
$26,818 |
Compliance Assistance |
1,600 |
1 |
0.083 |
133.3 |
$11,443 |
Declaration of Reporting Status |
100 |
1 |
0.25 |
25 |
$2,145 |
Total |
4,850 |
6,200 |
|
575 |
$49,346 |
Accordingly, the annual total estimate for reporting, recordkeeping, and cost burden, under this collection, is $49,346.
13. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14.)
The cost estimate should be split into two components: (1) a total capital and start-up cost component (annualized over its expected useful life); and (b) a total operation and maintenance and purchase of services component. The estimates should take into account costs associated with generating, maintaining, and disclosing or providing the information. Include descriptions of methods used to estimate major cost factors including system and technology acquisition, expected useful life of capital equipment, the discount rate(s), and the time period over which costs will be incurred. Capital and start-up costs include, among other items, preparations for collecting information such as purchasing computers and software; monitoring, sampling, drilling and testing equipment; and record storage facilities.
If cost estimates are expected to vary widely, agencies should present ranges of cost burdens and explain the reasons for the variance. The cost of purchasing or contracting out information collection services should be a part of this cost burden estimate. In developing cost burden estimates, agencies may consult with a sample of respondents (fewer than 10), utilize the 60-day pre-OMB submission public comment process and use existing economic or regulatory impact analysis associated with the rulemaking containing the information collection as appropriate.
Generally, estimates should not include purchases of equipment or services, or portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory compliance with requirements not associated with the information collection, (3) for reasons other than to provide information to keep records for the government, or (4) as part of customary and usual business or private practices.
CISA provides access to CSAT free of charge and assumes that each respondent already has computer hardware and access to the internet for basic business needs. No other annualized capital or start-up costs are incurred by chemical facilities of interest or high-risk chemical facilities for this information collection.
14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing and support staff), and any other expense that would have been incurred without this collection of information. You may also aggregate cost estimates for Items 12, 13, and 14 in a single table.
Federal Government costs can be divided between the cost associated with collection of information and the cost associated with managing and responding to the submitted data. The cost associated with collecting the information is essentially the cost of operating and maintaining the collection instruments within CSAT. The annual Operating and Maintenance (O&M) costs for the instruments with CSAT are estimated at $0.4M. The cost associated with managing and responding to the submitted data is the management equivalent to the cost of employing 3 FTE at the GS-14, Step 5 level.6
Table 3: Estimates of Annualized Costs for the Collection of Data
Expense Type |
Expense Explanation |
Annual Costs (in dollars) |
Direct Costs to the Federal Government |
Three FTEs (GS-14, Step 5) |
$601,189 |
CSAT O&M |
Costs for O&M of CSAT Application |
400,000 |
Total |
|
$1,001,189 |
In sum, the estimated total annual operating cost to the U.S. Government for this collection is $1,001,189.
15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I. Changes in hour burden, i.e., program changes or adjustments made to annual reporting and recordkeeping hour and cost burden. A program change is the result of deliberate Federal Government action. All new collections and any subsequent revisions of existing collections (e.g., the addition or deletion of questions) are recorded as program changes. An adjustment is a change that is not the result of a deliberate Federal Government action. These changes that result from new estimates or actions not controllable by the Federal Government are recorded as adjustments.
There are no program changes or adjustments reported items 13 or 14. The minor revisions to the burden estimates described in question 1 of this document and again here:
Minor revisions to all five instruments that reflect the passage of the Cybersecurity and Infrastructure Security Act of 2018, 6 U.S.C. §§ 651-74, such as updating the Agency name to conform with the Agency’s new designation as CISA, as well as provide clearer descriptions of the scope of each instrument. CISA is not proposing changes to the scope of any instrument.
Updated the number of respondents for all instruments based on historical data collected related to these instruments between CY2018 and CY2021.
Updated the number of responses per respondent for two instruments (i.e., Request for an Extension and Compliance Assistance) based on historical data collected between CY2018 and CY2020.
An increase of the annual reporting and recordkeeping hour and cost burden due to an increase in the respondent wage rate from $79.75/hour to $85.82/hour, which is based on updated Bureau of Labor Statistics (BLS) data.
An increase of the overall total annual operating cost to the Federal Government for this collection from $957,562 to $1,001,189 based on the projected costs for Government Full-time Equivalent (FTE) salaries that is reflected in the Office of Personnel Management’s (OPM) 2020 General Schedule Locality Pay Table.
16. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.
No plans exist for the use of statistical analysis or to publish this information.
17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain reasons that display would be inappropriate.
The expiration date will be displayed in the instruments.
18. Explain each exception to the certification statement identified in Item 19 “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.
No exceptions have been requested.
1 The current information collection (IC No. 1670-0014) may be viewed at https://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=201704-1670-001.
2 The 60-day notice may be viewed at https://www.regulations.gov/document/CISA-2021-0003-0001
3 The 30-day notice may be viewed at https://www.regulations.gov/document/CISA-2021-0003-0003
4 The correction to the 30-day notice may be viewed at https://www.regulations.gov/document/CISA-2021-0003-0004
5 The above Average Hourly Wage Rate is the May 2019 Bureau of Labor Statistics average wage for “Management Occupations (Major Group (11-0000))” of $58.88 times the wage rate benefit multiplier of 1.4575 (to account for fringe benefits) equaling $85.82. The benefits multiplier is estimated by dividing total compensation of $38.26 by salaries and wages of $26.25, based on Employer Cost for Employee Compensation, September 2020 data, released December 17, 2020 (https://www.bls.gov/news.release/ecec.nr0.htm).
6 Using the FY20 (Washington-Baltimore-Northern Virginia) GS pay scale, the fully-loaded wage rate for a GS14, Step 5 is $ 96.34 ($ 137,491 annual salary/2080 = $66.10 base wage rate x 1.4575 benefit multiplier = $ 96.34 fully-loaded wage rate). https://www.bls.gov/news.release/pdf/ecec.pdf September 2020 data, released December 17, 2020.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Supporting Statement A - CVI |
Author | fema user |
File Modified | 0000-00-00 |
File Created | 2021-07-30 |