Supporting Statement for PRA Submission

Chemical-terrorism Vulnerability Information

OMB Control Number 1670-0015

A. JUSTIFICATION

1. Circumstances that make the collection of information necessary

On October 4, 2006, the President signed the Department of Homeland Security Appropriations Act of 2007 (the Act), Public Law 109-295. Section 550 of the Act provides the Department of Homeland Security with the authority to regulate the security of high-risk chemical facilities.

The Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27, are the Department’s regulations under Section 550 governing security at high-risk chemical facilities. CFATS represents a national-level effort to minimize terrorism risk to such facilities. Its design and implementation balance maintaining economic vitality with securing facilities and their surrounding communities. The regulations were designed, in collaboration with the private sector and other stakeholders, to take advantage of protective measures already in place and to allow facilities to employ a wide range of tailored measures to satisfy the regulations’ Risk-Based Performance Standards (RBPS).

CFATS also establishes, in 6 CFR § 27.400, the requirements that covered persons must follow to safeguard certain documents and other information developed under the regulations. This information is identified as "Chemical-terrorism Vulnerability Information” (CVI) and by law receives protection from public disclosure and misuse.

History of the Collection

In January 2010, the department submitted an ICR for six instruments. The request was approved on March 23, 2010 and the collection is set to expire on March 31, 2013.

Reason for Extension

This request is submitted to extend a collection which is currently approved but not yet expired. This extension modifies the burden on some of the instruments based upon actual historical data collected between January 2009 and December 2011.

2. By whom, how, and for what purpose the information is to be used

There are six instruments in this collection. These instruments will be used to manage the CVI program in support of CFATS. The instruments that comprise this collection are as follows:

Chemical-terrorism Vulnerability Information (CVI) Authorization

Chemical-terrorism Vulnerability Information (CVI) is a Sensitive but Unclassified designation authorized under P.L. 109-295 and implemented in 6 CFR 27.400. CVI came into existence on June 8, 2007, when 6 CFR Part 27 became effective. It is essential to provide training in order to protect the sensitive data that will be provided to the government.

Pursuant to 6 CFR 27.400(e) (3), the Department may “make an individual’s access to CVI contingent upon … procedures and requirements for safeguarding CVI that are satisfactory to the Department.” Using this authority the department requires individuals to undergo CVI training. Specifically, the Department trains individuals on the appropriate maintenance, safeguarding, marking, disclosure, and destruction of CVI. The primary audiences for the training are (1) individuals employed or contracted by chemical facilities, and (2) Federal, State, local employees and contractors.

To obtain CVI authorization, an individual must check several CVI affirmation statements, complete a web-based CVI authorized user application, and provide responses to several identity verification questions. Upon completion of the application, the system transmits the individual’s information to the Department. The Department maintains a record for those individuals that has completed this training and provides a unique authorized user number to access CVI. Authorization for access to CVI does not constitute “need to know.” The concept for need to know is addressed in the CVI Training and is based upon 6 CFR 27.400(e).

Determination of CVI

Pursuant to 6 CFR § 27.400(b)(1)-(8), a high risk facility will use this instrument in the event a facility develops information that could, in the facility's judgment, compromise the facility’s security if publicly disclosed and this information is not currently considered CVI. DHS will communicate its final determination to the appropriate individual at the requesting facility. DHS will maintain a record of each request.

The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…) and content.

Determination of a “Need to Know” by a Public Official

Pursuant to 6 CFR § 27.400(e), this instrument will be used by a public official, or by any other CVI Authorized User, to request a determination by DHS that he/she has a need to know specific CVI prior to requesting access to, or disclosure of CVI from a high risk facility.

The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…).

Disclosure of CVI Information

Pursuant to 6 CFR Part 27 under 6 CFR § 27.400(d) this instrument will be used by a CVI Authorized User to notify DHS of any unauthorized release of CVI. This instrument will ensure that appropriate mitigation actions are taken to protect the information disclosed.

The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…).

Notification of Emergency or Exigent Circumstances

Pursuant to 6 CFR Part 27, this instrument will be used by a CVI Authorized User in the event CVI is disclosed under emergency and exigent circumstances without standard precaution. Notifying DHS will ensure appropriate mitigation actions to take place to protect the disclosure of CVI.

The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…). Further, the nature of the content collected under this instrument is unpredictable.

Tracking Log for CVI Received

This instrument will be used to record relevant information about how, when, who, and to whom CVI that has been shared.

The information collected by this instrument may be paper or electronic. Attached is a standard DHS form that identifies key data that should be necessary for adequate CVI tracking.

3. Consideration of the use of improved information technology

Although most, but not all, of the instruments allow for the collection of data in multiple mediums it is the intention of DHS to reduce the overall paperwork burden associated with this collection through the use web-enabled interfaces as the primary data collection process.

Table 1: Medium Information Is Collected In

4. Efforts to identify duplication

CVI is a unique information protection handling program authorized by Congress in P.L. 109-295. As a unique program it does not duplicate any current collection activities.

5. Methods to minimize the burden to small businesses if involved

No unique methods will be used to minimize the burden to small businesses.

6. Consequences to the Federal program if collection were conducted less frequently.

The frequency of collection under is regulation dictated by the 6 CFR 27.400. Reporting less frequently will substantially reduce the ability of the CVI program to ensure the smooth handling and safeguarding CVI. CVI is essential to implementing and regulating the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27. Improper handling or disclosure of CVI could release sensitive information to individuals and groups seeking information that would assist in the successful attack on a high-risk chemical facility.

7. Explain any special circumstances that would cause the information collection to be conducted in a manner inconsistent with guidelines.

There are no special circumstances that would cause the information collected to be conducted in a manner inconsistent with guidelines.

8. Consultation

60 Day Comment Period: A 60-day public notice for comments was published in the Federal Register on December 17, 2012 at 77 FR 74685¹. One relevant comment was received and suggested the Department incorrectly calculated the burden estimates associated with the instrument “Chemical-terrorism Vulnerability Information Tracking Log.”

The commenter assumed that the number of responses per respondent for the instrument was one. However, the Department estimated that each respondent will on average respond 12 times but had not made the assumption explicit. The Department made this assumption explicit in the 30 day notice.

30 Day Comment Period: A 30-day public notice for comments was published in the Federal Register on March 18, 2013 at 78 FR 16698.²

9. Explain any decision to provide any payment or gift to respondents.

No payment or gift of any kind is provided.

10. Describe any assurance of confidentiality provided to respondents.

There is no assurance confidentiality provided to the respondents. However, some information may be protected under Chemical-terrorism Vulnerability Information (CVI) is a new Sensitive but Unclassified designation authorized under P.L. 109-295 and implemented in 6 CFR 27.400.

P.L. 109-295 further clarifies that CVI “in any proceeding to enforce this section, vulnerability assessments, site security plans, and other information submitted to or obtained by the Secretary under this section, and related vulnerability or security information, shall be treated as if the information were classified material.”

Notwithstanding the Freedom of Information Act (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws, in accordance with Sec. 550(c) and 6 CFR § 27.400(g), records containing CVI are not available for public inspection or copying, nor does the Department release such records to persons without a need to know.

If a record contains both information that may not be disclosed under Section 550(c) of Public Law 109-295 and information that may be disclosed, the latter information may be provided in response to a FOIA request, provided that the record is not otherwise exempt from disclosure under FOIA and that it is practical to redact the protected CVI from the requested record.

11. Additional justification for any questions of a sensitive nature

There are no questions of sensitive nature in this collection.

12. Estimates of reporting and recordkeeping hour and cost burdens of the collection of information

The annual total estimate for reporting, recordkeeping and cost burden under this collection is $5,484,650. Individual burden estimates vary by instrument and are summarized in the table below:

Table 2: Instrument Burden Estimate

13. Estimates of annualized capital and start-up costs

There are no annualized capital or start-up costs for respondents due to this collection.

14. Estimates of annualized Federal Government costs

Federal government costs can be divided between the cost associated with collection of information and the cost associated with managing and responding to the submitted data. The cost associated with collecting the information is essentially the cost of operating and maintaining the collection instruments within CSAT. The annual Operating and Maintenance (O&M) costs for the instruments with CSAT are estimated at $0.4M. The cost associated with managing and responding to the submitted data the management is equivalent to the cost of employing two government employees at the GS-14 level.

Table 3: Estimates of Annualized Costs for the Collection of Data

Total Federal Government Costs

In sum, the estimated total annual operating cost to the United States Government for this collection is $731,800.00.

15. Explain the reasons for the change in burden.

Changes to the burden estimates in this collection reflect a review of the historical data collected from January 2009 to December 2011. When compared to the previous IC this ICR reflects an increase of burden by $2,512,268.

There is no change in the information being collected.

16. For collections of information whose results are planned to be published for statistical use, outline plans for tabulation, statistical analysis and publication.

No plans exist for the use of statistical analysis or to publish this information.

17. Explain the reasons for seeking not to display the expiration date for OMB approval of the information of collection.

The expiration date will be displayed in the instruments when used within CSAT. .

18. Explain each exception to the certification statement.

No exceptions have been requested.