Supporting Statement 0626 (final)

Supporting Statement 0626 (final).docx

Integration Registration Services (IRES) System

OMB: 0960-0626

Document [docx]
Download: docx | pdf



Supporting Statement for Integrated Registration Services (IRES) System

20 CFR 401.45

OMB No. 0960-0626

  1. Justification


  1. Introduction/Authoring Laws and Regulations

The Integrated Registration Services (IRES) system is an electronic authentication process by which the Social Security Administration (SSA) registers and authenticates users of our online business services. IRES will eventually become part of the SSA’s Public Credentialing and Authentication Process (see OMB Clearance No. 0960-0789); however, for now we are maintaining it as a separate authentication system. Section 205 of the Social Security Act, as amended; the Government Paperwork Elimination Act (Pub.L. 105-277); and the Federal Information Security Modernization Act of 2014 allows SSA to collect this information to grant access to our online services. Procedures for verifying identity are set forth in the agency’s Regulations at 20 CFR 401.45.


  1. Description of Collection

SSA uses the information from this collection to verify the identity of individuals, businesses, organizations, entities, and government agencies who use our secured Internet and telephone applications for requesting and exchanging business data with SSA. We collect the personal information one time only when the individual registers to use our online business services.


IRES is an Internet-based application that replaces the respondent’s handwritten paper‑based signature with a user identification number (User ID) and a password. IRES provides registration, authentication, and authorization gateway services for Business‑to‑Government (B2G) suites of services, including, but not limited to:


  1. Business Services Online (BSO)

  • Electronic Wage Reporting (EWR) (OMB # 0960-0596)

  • Third party Bulk Filing

  • Verification of Social Security Numbers (SSNVS)

(OMB # 0960-0660)

  • Claimant Representative Services

  • Representative Payee Services


  1. Government Services Online (GSO) (OMB#0960-0757)

  • Office of Child Support Enforcement (OCSE) Services

  • Secure exchange of information between SSA and third parties in support of SSA and other federal government-supported programs


  1. Customer Support Application (CSA)

  • CSA provides customer support service for IRES. CSA allows users to complete the registration process via a telephone interview with a Social Security customer service representative.


To register for a User ID, we first need to verify the user’s identity. We will ask the user to give us some personal information, such as:


  • Name

  • Date of birth

  • Social Security Number

  • Home address

  • Home telephone number

  • Email address


Once we verify this information, we issue the respondents a User ID. In addition, we ask the user to create a password, select security questions and answers for password reset.


Respondents are employers; employees; third party submitters of wage data business entities providing taxpayer identification information; appointed representatives; representative payees; and data exchange partners conducting business in support of SSA programs.


  1. Use of Information Technology to Collect the Information

This is a fully electronic information collection. The respondent keys and transmits identifying information to SSA over the Internet or through an automated telephone system, then SSA compares the data in real time to existing electronic records. If the information keyed and transmitted matches SSA records, we provide the respondent with a User ID and password.


  1. Why We Cannot Use Duplicate Information

Most of the information collected through these screens is data SSA already collected and posted to SSA’s master electronic records; however, SSA asks it again for comparison and verification. Currently, there is no existing alternative means for the agency to verify identity electronically through use of a User ID and password when the request to access our BSO is user-initiated over the internet or by telephone. As stated above, we will eventually migrate IRES to the my Social Security platform behind the SSA’s Public Credentialing and Authentication Process (0960-0789). Once we complete that migration, we will discontinue this information collection.


  1. Minimizing Burden on Small Respondents

This collection does not significantly affect small businesses or other small entities.


  1. Consequence of Not Collecting Information or Collecting it Less Frequently

Failure to verify the respondent’s identity would result in SSA’s not being able to respond to these internet or telephone requests. Making this service available electronically saves the respondents the effort of mailing their forms to SSA, phoning a SSA TeleService Center, or visiting an SSA field office to obtain name, or SSN information. In addition, it saves SSA staff time. Since SSA only requests this information on an as needed basis, we cannot collect the information less frequently. There are no technical or legal obstacles to burden reduction.


  1. Special Circumstances

There are no special circumstances that would cause SSA to conduct this information collection in a manner that is not consistent with 5 CFR 1320.5.


  1. Solicitation of Public Comment and other Consultations with the Public

The 60-day advance Federal Register Notice published on October 12, 2021, at

86 FR 56746, and we received no public comments. The 30-day FRN published on January 3, 2022 at 87 FR 139 and we received no comments. If we receive any comments in response to this Notice, we will forward them to OMB. We did not consult with the public in the revision this form.


  1. Payment or Gifts to Respondents

SSA does not provide payment or gift to the respondents.


  1. Assurances of Confidentiality

SSA protects and holds the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974) and OMB Circular No. A130.


In addition, our Privacy Policy protects information collected by SSA for internet services that ensures the confidentiality of all information provided by the requester. Our internet privacy policy is:


  • You do not need to give us personal information to visit our site.

  • We collect personally identifiable information (name, SSN, DOB or E-mail) only if specifically and knowingly provided by you.

  • We will use personally identifying information you provide only in conjunction with services you request as described at the point of collection.

  • We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.

  • We do not give, sell, or transfer any personal information to a third party.

  • We implement Tier 1 (Single session) and Tier 2 (Multi-session without PII) technologies using the text-based “cookie” technology. We use Tier 2 technology to help us analyze site use by identifying you as a new or returning visitor; this does nothing other than distinguish whether you have been to our site before. Our web measurement applications compare the behavior of new and returning visitors in the aggregate to help us identify work flows and trends and also resolve common problems on our site. We do not use this technology to identify you or any other person. We use Tier 2 web measurement technology to improve our website and provide a better user experience for our customers. This technology anonymously tracks how visitors interact with socialsecurity.gov, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site. The Social Security Administration also uses Tier 2 technology to obtain feedback and data on visitors’ satisfaction with the SSA website.


Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:


  • The Secure Socket Layer (SSL) security protocol will encrypt all electronic requests. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard, and is used by banks such as Wells Fargo and Bank of America for Internet banking.

  • IRES will give the requester adequate warnings that the Internet is an open system and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. SSA will advise them of alternative methods of requesting personal information, i.e., personal visit to a field office or a call to the 800 number.

  • Only upon verification of identity will IRES allow the requester access to additional

screens which allow requests for personal information from SSA.


  1. Justification for Sensitive Questions

We are asking questions of a sensitive nature in this Information Collection. The requester will supply basic information, for example, name, SSN, DOB, and address information. For authorization purposes, the EIN will be collected during the employer registration and appointed representatives using IRES in support of beneficiaries will be asked to submit additional information. We will ask the responder some “shared secret” questions. Before we ask for any information, the responders must read and agree to our “User Registration Attestation,” which will serve to acknowledge/indicate their consent to provide us with sensitive information. The “User Registration Attestation” explains SSA’s legal authority for collecting the information.


We will collect shared secrets from the individual to use as password reset questions in order to improve customer service and reduce workloads and costs. We will ask the individual to select and answer five password reset questions. If the individual loses or forgets his or her password, we will ask three questions randomly selected from the five we established with the individual during account setup when he or she originally created the User ID. The individual must provide correct answers, consistent with the answers on record to all three questions.











  1. Estimates of Public Reporting Burden


Modality of Completion

Number of Respondents

Frequency of Response

Average Burden Per Response (minutes)

Estimated Total Annual Burden (hours)

Average Theoretical Hourly Cost Amount (dollars)*

Total Annual Opportunity Cost

(dollars) **

IRES Internet Registrations

266,210

1

5

22,184

$33.66*

$746,413**

IRES Internet Requestors

14,472,710

1

2

482,424

$33.66*

$16,238,392**

IRES CS (CSA) Registrations

15,247

1

11

2,795

$33.66*

$94,080**

Total

14,754,167



507,403


$17,078,885**



* We based this figure on average U.S. citizen’s hourly salary, as reported by Bureau of Labor Statistics data (https://www.bls.gov/oes/current/oes_nat.htm#00-00000); hourly wages for Information and Record Keeping Analysts hourly salary, as reported by Bureau of Labor Statistics data. (https://www.bls.gov/oes/current/oes434199.htm); and average hourly wages for paralegals/legal assistants and lawyers as posted by the U.S. Bureau of Labor Statistics (https://www.bls.gov/oes/current/oes_nat.htm).


** This figure does not represent actual costs that SSA is imposing on recipients of Social Security payments to complete this application; rather, these are theoretical opportunity costs for the additional time respondents will spend to complete the application. There is no actual charge to respondents to complete the application.


We base our burden estimates on current management information data, which includes data from actual interviews, as well as from years of conducting this information collection. Per our management information data, we believe that an the 2, 5, or 11 minutes shown accurately shows the average burden per response for reading the instructions, gathering the facts, and answering the questions. Based on our current management information data, the current burden information we provided is accurate. The total burden for this ICR is 507,403 burden hours (reflecting SSA management information data), which results in an associated theoretical (not actual) opportunity cost financial burden of $17,078,885. SSA does not charge respondents to complete our applications.


  1. Annual Cost to the Respondents (Other)

This collection does not impose a known cost burden to the basic IRES or CSA respondents. However, there may be some cost to Appointed Representatives who access services, which require extra security. Each time the responder logs in to access SSA’s secured online services that require the extra security feature, we will send a text message to his or her cell phone; which he or she must then enter on the web page.


Storage Management Subsystem (SMS) cost code sent via text message from SMS to the individual user.


  • For the user who receives the SMS code and does not have a text plan, the current cost could range from 10 cents to 20 cents per message.

  • For the user who has a limited text plan, the cost would just be included as part of the plan. We have no way to estimate this cost.

  • For the user who has an unlimited text plan, there would be no charge. The user would have paid for this service as part of the plan. We have no way to estimate cost.


  1. Annual Cost to the Federal Government

The annual cost to the Federal Government is approximately $843,263. This estimate accounts for costs from the following areas

Description of Cost Factor

Methodology for Estimating Cost

Cost in Dollars*

Designing and Printing the Form

Design Cost + Printing Cost

$0*

Distributing, Shipping, and Material Costs for the Form

Distribution + Shipping + Material Cost

$0*

SSA Employee (e.g., field office, 800 number, DDS staff) Information Collection and Processing Time

GS-9 employee x # of responses x processing time

$15,247


Full-Time Equivalent Costs

Out of pocket costs + Other expenses for providing this service

$0*

Systems Development, Updating, and Maintenance

GS-9 employee x man hours for development, updating, maintenance

$828,016

Quantifiable IT Costs

Any additional IT costs

$0*

Total


$843,263

* We have inserted a $0 amount for cost factors that do not apply to this collection.


SSA is unable to break down the costs to the Federal government further than we already have. Since there is not standard form for this collection, we have no design, printing, or distribution costs. Because so many employees have a hand in each aspect of our forms, we use an estimated average hourly wage, based on the wage of our average field office employee (GS-9) for these calculations.  However, we have calculated these costs as accurately as possible based on the information we collect for creating, updating, and maintaining these information collections.



  1. Program Changes or Adjustments to the Information Collection Request

When we cleared this IC in 2018, the burden was 577,806 hours. However, we are currently reporting a burden of 507,403 hours. This change stems from the decrease in the number of respondents using IRES.


  1. Plans for Publication Information Collection Results

SSA will not publish the results of the information collection.


  1. Displaying the OMB Approval Expiration Date

SSA is not requesting an exception to the requirement to display the OMB approval expiration date.


  1. Exceptions to Certification Statement

SSA is not requesting an exception to the certification requirements at

5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).


  1. Collections of Information Employing Statistical Methods


SSA does not use statistical methods for this information collection.



3


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupporting Statement for Form SSA-1021
AuthorDiane Swift
File Modified0000-00-00
File Created2022-09-09

© 2024 OMB.report | Privacy Policy