Supporting Statement for PRA Submission
Chemical-terrorism Vulnerability Information
OMB Control Number 1670-0015
On October 4, 2006, the President signed the Department of Homeland Security Appropriations Act of 2007 (the Act), Public Law 109-295. Section 550 of the Act provides the Department of Homeland Security with the authority to regulate the security of high-risk chemical facilities.
The Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27, are the Department’s regulations under Section 550 governing security at high-risk chemical facilities. CFATS represents a national-level effort to minimize terrorism risk to such facilities. Its design and implementation balance maintaining economic vitality with securing facilities and their surrounding communities. The regulations were designed, in collaboration with the private sector and other stakeholders, to take advantage of protective measures already in place and to allow facilities to employ a wide range of tailored measures to satisfy the regulations’ Risk-Based Performance Standards (RBPS).
CFATS also establishes, in 6 CFR § 27.400, the requirements that covered persons must follow to safeguard certain documents and other information developed under the regulations. This information is identified as "Chemical-terrorism Vulnerability Information” (CVI) and by law receives protection from public disclosure and misuse.
History of the Collection
In January 2010, the department submitted an ICR for six instruments. The request was approved on March 23, 2010 and the collection is set to expire on March 31, 2013.
This request is submitted to extend a collection which is currently approved but not yet expired. This extension modifies the burden on some of the instruments based upon actual historical data collected between January 2009 and December 2011.
There are six instruments in this collection. These instruments will be used to manage the CVI program in support of CFATS. The instruments that comprise this collection are as follows:
Chemical-terrorism Vulnerability Information (CVI) is a Sensitive but Unclassified designation authorized under P.L. 109-295 and implemented in 6 CFR 27.400. CVI came into existence on June 8, 2007, when 6 CFR Part 27 became effective. It is essential to provide training in order to protect the sensitive data that will be provided to the government.
Pursuant to 6 CFR 27.400(e) (3), the Department may “make an individual’s access to CVI contingent upon … procedures and requirements for safeguarding CVI that are satisfactory to the Department.” Using this authority the department requires individuals to undergo CVI training. Specifically, the Department trains individuals on the appropriate maintenance, safeguarding, marking, disclosure, and destruction of CVI. The primary audiences for the training are (1) individuals employed or contracted by chemical facilities, and (2) Federal, State, local employees and contractors.
To obtain CVI authorization, an individual must check several CVI affirmation statements, complete a web-based CVI authorized user application, and provide responses to several identity verification questions. Upon completion of the application, the system transmits the individual’s information to the Department. The Department maintains a record for those individuals that has completed this training and provides a unique authorized user number to access CVI. Authorization for access to CVI does not constitute “need to know.” The concept for need to know is addressed in the CVI Training and is based upon 6 CFR 27.400(e).
Pursuant to 6 CFR § 27.400(b)(1)-(8), a high risk facility will use this instrument in the event a facility develops information that could, in the facility's judgment, compromise the facility’s security if publicly disclosed and this information is not currently considered CVI. DHS will communicate its final determination to the appropriate individual at the requesting facility. DHS will maintain a record of each request.
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…) and content.
Pursuant to 6 CFR § 27.400(e), this instrument will be used by a public official, or by any other CVI Authorized User, to request a determination by DHS that he/she has a need to know specific CVI prior to requesting access to, or disclosure of CVI from a high risk facility.
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…).
Pursuant to 6 CFR Part 27 under 6 CFR § 27.400(d) this instrument will be used by a CVI Authorized User to notify DHS of any unauthorized release of CVI. This instrument will ensure that appropriate mitigation actions are taken to protect the information disclosed.
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…).
Pursuant to 6 CFR Part 27, this instrument will be used by a CVI Authorized User in the event CVI is disclosed under emergency and exigent circumstances without standard precaution. Notifying DHS will ensure appropriate mitigation actions to take place to protect the disclosure of CVI.
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…). Further, the nature of the content collected under this instrument is unpredictable.
This instrument will be used to record relevant information about how, when, who, and to whom CVI that has been shared.
The information collected by this instrument may be paper or electronic. Attached is a standard DHS form that identifies key data that should be necessary for adequate CVI tracking.
Although most, but not all, of the instruments allow for the collection of data in multiple mediums it is the intention of DHS to reduce the overall paperwork burden associated with this collection through the use web-enabled interfaces as the primary data collection process.
Table 1: Medium Information Is Collected In
Name of Instrument |
Medium Collection |
CVI Authorization |
The information is collected electronically by this instrument. |
Determination of CVI |
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…) and content. |
Determination of a “Need to Know” by a Public Official |
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…). |
Disclosure of CVI |
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…). |
Notification of Emergency or Exigent Circumstances |
The information collected by this instrument will generally be electronic but may take other forms (e.g. paper, electronic, audio, video…). |
Tracking Log of CVI Received |
The information collected by this instrument may be paper or electronic. |
CVI is a unique information protection handling program authorized by Congress in P.L. 109-295. As a unique program it does not duplicate any current collection activities.
No unique methods will be used to minimize the burden to small businesses.
The frequency of collection under is regulation dictated by the 6 CFR 27.400. Reporting less frequently will substantially reduce the ability of the CVI program to ensure the smooth handling and safeguarding CVI. CVI is essential to implementing and regulating the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27. Improper handling or disclosure of CVI could release sensitive information to individuals and groups seeking information that would assist in the successful attack on a high-risk chemical facility.
There are no special circumstances that would cause the information collected to be conducted in a manner inconsistent with guidelines.
60 Day Comment Period: A 60-day public notice for comments was published in the Federal Register on December 17, 2012 at 77 FR 746851. One relevant comment was received and suggested the Department incorrectly calculated the burden estimates associated with the instrument “Chemical-terrorism Vulnerability Information Tracking Log.”
The commenter assumed that the number of responses per respondent for the instrument was one. However, the Department estimated that each respondent will on average respond 12 times but had not made the assumption explicit. The Department made this assumption explicit in the 30 day notice.
30 Day Comment Period: A 30-day public notice for comments was published in the Federal Register on March 18, 2013 at 78 FR 16698.2
No payment or gift of any kind is provided.
There is no assurance confidentiality provided to the respondents. However, some information may be protected under Chemical-terrorism Vulnerability Information (CVI) is a new Sensitive but Unclassified designation authorized under P.L. 109-295 and implemented in 6 CFR 27.400.
P.L. 109-295 further clarifies that CVI “in any proceeding to enforce this section, vulnerability assessments, site security plans, and other information submitted to or obtained by the Secretary under this section, and related vulnerability or security information, shall be treated as if the information were classified material.”
Notwithstanding the Freedom of Information Act (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a), and other laws, in accordance with Sec. 550(c) and 6 CFR § 27.400(g), records containing CVI are not available for public inspection or copying, nor does the Department release such records to persons without a need to know.
If a record contains both information that may not be disclosed under Section 550(c) of Public Law 109-295 and information that may be disclosed, the latter information may be provided in response to a FOIA request, provided that the record is not otherwise exempt from disclosure under FOIA and that it is practical to redact the protected CVI from the requested record.
There are no questions of sensitive nature in this collection.
The annual total estimate for reporting, recordkeeping and cost burden under this collection is $5,484,650. Individual burden estimates vary by instrument and are summarized in the table below:
Table 2: Instrument Burden Estimate
Instrument |
# of Respondents |
Responses per respondent |
Average Burden per Response (in hours) |
Total Annual Burden (in hours) |
Total Annual Burden (in dollars) |
CVI Authorization |
30,000 |
1 |
1 |
30,000 |
2,580,000 |
Determination of CVI |
300 |
1 |
0.25 |
75 |
6,450 |
Determination of a Need to Know |
14,200 |
1 |
0.25 |
3,550 |
305,300 |
Disclosure of CVI |
300 |
1 |
0.25 |
75 |
6,450 |
Notification of Emergency or Exigent Circumstances |
300 |
1 |
0.25 |
75 |
6,450 |
CVI Tracking Log |
30,000 |
12 |
0.08 |
30,000 |
2,580,000 |
There are no annualized capital or start-up costs for respondents due to this collection.
Federal government costs can be divided between the cost associated with collection of information and the cost associated with managing and responding to the submitted data. The cost associated with collecting the information is essentially the cost of operating and maintaining the collection instruments within CSAT. The annual Operating and Maintenance (O&M) costs for the instruments with CSAT are estimated at $0.4M. The cost associated with managing and responding to the submitted data the management is equivalent to the cost of employing two government employees at the GS-14 level.
Table 3: Estimates of Annualized Costs for the Collection of Data
Expense Type |
Expense Explanation |
Annual Costs (in dollars) |
Direct Costs to the Federal Government |
Two DHS Project Managers (GS-14) @ $165,900 |
331,800 |
CSAT O&M |
Costs for O&M of CSAT Application |
400,000 |
|
|
|
Total |
731,800 |
In sum, the estimated total annual operating cost to the United States Government for this collection is $731,800.00.
Changes to the burden estimates in this collection reflect a review of the historical data collected from January 2009 to December 2011. When compared to the previous IC this ICR reflects an increase of burden by $2,512,268.
There is no change in the information being collected.
No plans exist for the use of statistical analysis or to publish this information.
The expiration date will be displayed in the instruments when used within CSAT. .
No exceptions have been requested.
2 https://federalregister.gov/a/2013-06096
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Supporting Statement for Paperwork Reduction Act Submissions |
Author | ICF |
File Modified | 0000-00-00 |
File Created | 2021-01-29 |