United States Office of Information EPA/220/B-92/002
Environmental Protection Resources Management March 1992
Agency Washington, DC 20460
v>EPA 2100
Information Resources
Management Policy Manual
-------�
6 EPA
Classification No.:
Approval Date:
2100
7/21/87
Addressee
INFORMATION RESOURCES MANAGEMENT
POLICY MANUAL - 1987 Edition
1. PURPOSE; This Transmittal provides the new Information
Resources Management Policy Manual.
2. EXPLANATION; The IRM Policy Manual establishes a policy
framework for the Information Resources Management Program in
EPA.
3. SUPERSESSION; The ADP Manual and all its changes.
4. FILING INSTRUCTIONS; Post receipt of date of this
Transmittal on the Checklist in front of the Manual. File
the attached material in a three ring binder.
Kathy PeiJruccelli, Director
Management and Organization Division
Originator
EPA Form 1315-12 (5-86)
Information Management and Services Division/OIRM
U.S. Environmental Protection Agency
Region 5, Library (PL-12J)
77 West Jackson Boulevard, 12th Floor
Chicago, IL 60604-3590
Printed on Recycled Paper
-------�
CHECKLIST OF EPA TRANSMITTALS
TITLE
INFORMATION RESOURCES MANAGEMENT POLICY MANUAL
Vhen kept current, this checklist permits the user to see at a glance wh'<~h transmiltals have been filed.
SERIES
NUMBER
2100
DATE
7/21/87
INI-
TIAL
SERIES
NUMBER
DATE
INI-
TIAL
SERIES
NUMBER
DATE
j
INI-
TIAL
1
»
i
EPA F«nn 1315-4 (R«v. 7-73)
PREVIOUS EDITIONS ARE OBSOLETE.
-------�
IRM POLICY MANUAL 2100
7/21/87
TABLE OF CONTENTS
CHAPTER CHAPTER
TITLES NUMBERS
INTRODUCTION
IRM Management Controls/Review and Approval 1
Mission-Based Planning 2
State/EPA Data Management 3
Software Management 4
Data Standards 5
ADP Resources Management 6
Voice Communications 7
Information Security 8
Information Collection 9
Records Management 10
Privacy 11
Library Services 12
APPENDICES
Glossary A
Primary IRM Laws and Regulations B
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
INTRODUCTION
1. PURPOSE. This manual establishes a policy framework for the
Information Resources Management (IRM) Program in the U.S.
Environmental Protection Agency (EPA) (also referred to as
the Agency). Information Resources Management means planning,
budgeting, organizing, directing, training and controlling
information. It encompasses both information itself and
related resources such as personnel, equipment, funds arid
technology. This document is intended to provide EPA with a
structure for the implementation of the Brooks Act of 1965,
the Paperwork Reduction Act of 1980, the Privacy Act of 1974,
the Freedom of Information Act of 1966, as amended in 1974
and 1986, the Federal Records Management Amendments of 1976
and policies and regulations issued by the Office of Manage-
ment and Budget (OMB) and the General Services Administration
(GSA), the two primary oversight agencies for Federal IRM
programs.
In addition, this manual establishes the authorities and
responsibilities under which the IRM Program will function at
EPA. The manual is limited to the IRM policy domain in order
to provide the primary documents in a concise and consolidated
manner. Detailed procedures and operating guidelines such as
the EPA Freedom of Information Act, Privacy Act and Records
Management Manuals are issued separately.
2. SCOPE AND APPLICABILITY. This manual applies to all EPA
organizations and their employees. It also applies to the
facilities and personnel of agents (including State agencies,
contractors and grantees) of the EPA who are involved in IRM
related activities.
3. BACKGROUND. The Paperwork Reduction Act of 1980 (P.L. 96-511),
herein referred to as the "Act," introduced Information
Resources Management to the Federal Government, emphasizing
information as a resource with associated costs and values.
The Act established a broad mandate for agencies to perform
their information activities in an efficient, effective
manner. Concepts advanced by the Act through the IRM approach
include the life cycle management of information activities
(i.e., creation, collection, and use); information functions
(i.e., automatic data processing, records management, reports
management, and telecommunications); the integrated approach
to managing information resources (i.e., total systems concept)
and the promotion and use of new technologies to improve the
effective use and dissemination of information.
-------�
IRM POLICY MANUAL 2100
1/21/81
The objectives of this Act are to reduce costs, improve the
efficiency and effectiveness of information systems and
information technology in the Federal Government and to
provide specific mechanisms to control and reduce the paperwork
burden on the public.
The Act requires each agency head to designate a senior
official to carry out the agency's information management
activities in an effective and efficient manner and in full
compliance with the information policies and guidelines
prescribed by the Director of OMB.
Among other things, the Act requires each agency to:
0 Develop and maintain an inventory of its information
systems and review periodically its information management
activities
0 Ensure its information systems do not overlap with each
other or duplicate the systems of other agencies
0 Assign to the designated senior official the responsibility
for the conduct of and accountability for any acquisitions
made pursuant to delegations of authority from GSA.
The Act also states that the Director of OMB, with the advice
and assistance of the Administrator of GSA, shall selectively
review, at least once every three years, the information
management activities of each Federal agency.
4. FEDERAL AUTHORITIES. A number of Federal laws, regulations
and policies prescribe, recommend or suggest policies, proce-
dures and reporting requirements for managing information
resources in all Federal agencies. Specific references will
be made in the subsequent chapters of this manual. A compen-
dium of key legislation, directives and regulations is found
in Appendix B of this manual. The exhibit on the following
page presents a structural framework for Information Resources
Management in EPA.
5. EPA IRM AUTHORITIES AND ORGANIZATION. The primary
responsibility for managing EPA's IRM Program is shared by
the Office of Policy, Planning and Evaluation (OPPE) and the
Office of Administration and Resources Management's Office
of Information Resources Management (OIRM). Other Offices
listed on pages iv-vi are also involved with supporting the
Agency's IRM Program.
11
-------�
FRAMEWORK FOR EPA INFORMATION RESOURCES
MANAGEMENT MANAGEMENT POLICIES
PRIMARY
LEGISLATION
BROOKS ACT
OF 1965
PAPERWORK
REDUCTION ACT
OF 1980
PRIMARY
FEDERAL
POLICY
SECONDARY
FEDERAL
POLICY/
GUIDANCE
H-
H-
INSTTTUTIONAL i r IBM POLICY
FREEDOM OF
INFORMATION
ACT OF 1966
FEDERAL RECORDS
ACT OF 1950
J
FEDERAL
ACQUISITION
REGULATIONS
(GSA)
GENERAL
ACCOUNTING
OFFICE
REPORTS
NATIONAL
ARCHIVES I
RECORDS
ADMMSTRATION
GUIDANCE
INFORMATION SYSTEMS AND , ,TKHNOLOGY MANAGEMENT
INFORMATION MANAGEMENT
EPA IRM
POLICY
EXAMPLES OF
EPA IRM POLICY
GUIDELINES ft
PROCEDURES
-------�
IRM POLICY MANUAL 2100
7/21/87
a. Office of Policy, Planning and Evaluation. The Assistant
Administrator for Policy, Planning and Evaluation (OPPE)
is the Senior Official responsible for directing and
overseeing the Agency's activities administered under the
Paperwork Reduction Act of 1980. The Assistant Adminis-
trator of OPPE has delegated much of the Act's authority
to the the Director, Office of Information Resources
Management (OIRM). However, the Assistant Administrator
of OPPE has retained authority for managing and developing
policy for EPA's IRM Program in regulatory situations,
reviewing all Agency rules, regulations and other data
collection instruments to ensure that the Agency does
not impose an unnecessary paperwork burden on the public.
This Assistant Administrator also retains authority for
managing the clearing process for data collection instru-
ments. The vehicle for this activity is the Information
Collection Request (ICR) clearance process. OPPE is
also responsible for collecting, preparing and submitting
the Agency's Information Collection Budget (ICB) to the
Office of Management and Budget (OMB).
b. Office of Information Resources Management. The Director,
OIRM, has the primary functional responsibility for IRM
policy development and overall management of the Agency's
IRM Program. This includes the planning, development
and operation of information systems and services in
support of the Agency's administrative, programmatic and
research functions. It also includes administering
Agency programs for library systems and services, records
management, information security as well as implementing
the requirements of the Privacy Act. OIRM is also
responsible for:
0 Acquisition management of office automation hardware
and software
0 Review and approval of technical specifications for
software requested by OARM, ORD and the program
offices
0 Management of Agency-wide ADP support contracts.
IV
-------�
IRM POLICY MANUAL 2100
7/21/87
c. Office of Administration and Resources Management, RTF
(OARM-RTP) and the National Data Processing Division
(NDPD-RTP). The Director, OIRM, has delegated to the
Director/ Office of Administration and Resources Manage-
ment-RTP (OARM-RTP), functional responsibility for the
acquisition, management and operation of ADP resources
including telecommunications resources as defined in
Chapters 6 and 7 of this Manual. The Director, OIRM has
delegated to the Director, OARM-RTP, authority to
approve requisitions for ADP equipment, computer services
and telecommunications. The Director, National Data
Processing Division (NDPD), is responsibile for implementing
these functions. In particular, this includes:
0 Acquisition management of hardware not delegated to
the Senior IRM Officials
0 Acquistion of general purpose, non-application
specific software such as operating systems, data
base management systems, etc.
0 Approval of system-oriented proprietary software.
d. Office of General Counsel. The Office of General Counsel
provides legal opinions, legal counsel and litigation
support for the Agency's implementation of the requirements
of the Privacy Act and the Freedom of Information Act.
e. Office of the Administrator. In coordination with the
Office of General Counsel, the Office of the Administrator
manages the implementation of the requirements of the
Freedom of Information Act.
f. Office of External Affairs. The Office of External
Affairs (OEA) manages EPA's press services, serves as
congressional liaison and coordinates communications with
State and local governments. OEA also has responsibility
for the review and clearance of proposed legislation and
reports on current and pending legislation.
g. Assistant Administrators, Associate Administrators,
Regional Administrators, Heads of Headquarters Staff
Offices, the General Counsel and the Inspector General.
These senior managers are responsible for ensuring that
activities carried out by their respective organizations
-------�
IRM POLICY MANUAL 2100
7/21/87
comply with Federal and EPA IRM policies and regulations.
To assist them in meeting their IRM responsibilities, the
General Counsel and the Inspector General and each Assis-
tant Administrator, Associate Administrator and Regional
Administrator have designated a Senior Information Resources
Management Official (SIRMO), whose responsibilities are
described in the following section. It should be noted
that the SIRMO in the Office of Executive Support for
the Office of the Administrator serves the two Associate
Administrators as well as all of the Staff Offices in
the Office of the Administrator.
h. Senior Information Resources Management Official. Senior
Information Resources Management Officials (SIRMOs) are
responsible for directing and managing office-wide
information resources planning and budgeting and for
assuring that the information systems and information
technology acquisitions within their organizations comply
with Federal and EPA policies and regulations.
i. IRM Steering Committee. The IRM Steering Committee is
chaired by the Director, OIRM, and has members representing
EPA national and Regional programs, the EPA research
community and the States. The Committee is responsible
for advising OIRM concerning IRM policies, resources and
priorities and assisting OIRM in communicating and
implementing these policies and priorities within EPA.
The Committee assists OIRM in conducting periodic reviews
of the Agency's information resources and the policies
and programs for managing these resources and in designing
improvements where needed.
6. OBJECTIVES. The objectives of EPA's IRM Program are to:
a. Support program and administrative components in the
fulfillment of their responsibilities by providing them
with high-quality information services in the most
efficient and cost-effective manner.
b. Use effectively the capabilities afforded through rapidly
evolving information related resources and technologies
in support of the Agency's mission and implementation of
EPA's basic programs, with a focus on achieving environ-
mental results.
vi
-------�
IRM POLICY MANUAL 2100
7/21/87
c. Ensure that EPA information, goals, policies^ plans and
strategies comply with Federal IRM laws and regulations
and that they support Agency missions.
d. Facilitate the integration and coordination of information
systems across media, functional and program lines.
e. Provide adequate security for proprietary or privileged
information maintained in EPA information systems.
f. Minimize unnecessary duplication of information systems
and data bases.
g. Reduce the Federal information collection burden on
members of the public and on State and local governments.
h. Promote data sharing with States and other Federal
agencies to achieve environmental results.
i. Provide effective automated data processing systems,
computing and telecommunications resources and facilities.
j. Promote productive utilization of EPA's human resources
in support of the Agency's mission.
vii
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 1 - IRM MANAGEMENT CONTROLS/REVIEW AND APPROVAL
1. PURPOSE. This policy establishes the principles and
requirements that govern the management controls over EPA's
IRM Program. This policy also defines the general delegations
of authority which reflect the decentralized management
structure of the IRM program. The framework of this policy
draws from the basic management functions of planning,
budgeting, acquisition, data management and evaluation to
present a comprehensive management overview of EPA's IRM
Program.
2. SCOPE AND APPLICABILITY. This policy applies to all EPA
organizations and their employees. It also applies to the
facilities and personnel of agents (including State agencies,
contractors and grantees) of EPA who are involved in IRM
activities.
3. BACKGROUND.
a. As noted in Section 5-c of this chapter, the Office of
Information Resources Management (OIRM) has been delegated
primary responsibility for managing EPA's IRM Program.
However, the decentralized nature of this program requires
the involvement and cooperation of all organizational
units on an Agencywide basis.
b. The delegations of authority in EPA's IRM Program reflect
the decentralized management structure of the Agency.
c. Management controls involved with EPA's IRM Program
reflect a combination of internal Agency organizational
requirements as well as those imposed on all Federal
agencies by Congress and oversight agencies.
4. AUTHORITIES. (See Appendix B for further detail.)
a. OMB Circulars A-130, A-ll, A-76, A-127, A-123, OMB
Bulletins 86-12 and 86-19.
b. Federal Information Processing Standards Publications
(FIPS PUBS).
c. Federal Information Resources Management Regulations
(FIRMRS).
1-1
-------�
IRM POLICY MANUAL 2100
7/21/87
d. The Brooks Act (P.L. 89-306).
e. The Paperwork Reduction Act of 1980 (P.L. 96-511).
f. GSA Bulletins.
5. DELEGATIONS OF AUTHORITY.
a. As noted in the introduction of this manual, the EPA
Administrator has designated the Assistant Administrator
for Policy, Planning and Evaluation (OPPE) as the Senior
Official responsible for directing and overseeing EPA's
activities administered under the Paperwork Reduction Act
of 1980.
b. While the Assistant Administrator for OPPE has delegated
much of the authority under the Act, he retained authority
for managing and developing policy for EPA's IRM Program
in regulatory situations, reviewing all Agency rules and
regulations and other data collection instruments to
ensure that the Agency does not impose an unnecessary
paperwork burden on the public. The Assistant Adminis-
trator for OPPE also retains authority for managing the
clearance process for data collection instruments. The
vehicle for this activity is the Information Collection
Request (ICR) clearance process. OPPE is also responsible
for collecting, preparing and submitting the Agency's
Information Collection Budget (ICB) to OMB. The Assistant
Administrator for OPPE has delegated authority to
manage other functions related to EPA's IRM Program to
the Assistant Administrator for Administration and
Resources Management (OARM) who in turn has redelegated
the authority in this area to the Director, OIRM.
c. The Director, OIRM, has primary functional responsibility
for IRM policy development and overall management of the
Agency's IRM Program. This includes the planning, develop-
ment and operation of information systems and services
in support of the Agency's administrative, programmatic
and research functions. It also includes administering
Agency programs for library systems and services, records
management, information security and implementation of
the requirements of the Privacy Act.
1-2
-------�
IRM POLICY MANUAL 2100
7/21/87
d. EPA's Delegations Manual (Delegation 1-10) on automatic
data processing (ADP), a copy of which is found in
Exhibit 1-A of this chapter, cites the authorities which
were originally delegated to the Assistant Administrator
for Administration and Resources Management (OARM) and
which have been subsequently redelegated to the Director,
OIRM. This includes the authority to approve requisitions
for ADP equipment, telecommunications, studies and services,
including the authority to determine and approve:
(1) The ADP technical content of solicitation packages.
(2) The evaluation criteria to be used for evaluation of
ADP components of proposals.
(3) Preaward procedures for ADP components of proposals,
including nominations for membership on the evaluation
panel, contractor demonstrations and benchmarks and
facility reviews as required.
(4) Postaward procedures for ADP components of procurements
including acceptance testing and site inspection.
ADP supplies (i.e., diskettes, tape, paper, cables) are
considered as normal office supplies. They are exempt
from the management controls applied to EPA's IRM program.
The authority to approve requisitions for ADP equipment,
computer services and telecommunications was redelegated
by the Director, OIRM, to the Director, OARM-RTP. A
further delegation has been made to the Director, NDPD.
e. Subject to certain conditions, the authority to approve
acquisitions for microcomputer equipment, software and
support services that conform to Agency standards has
been delegated by the Director, OIRM, to:
(1) Assistant Administrators
(2) Associate Administrators
(3) Inspector General
(4) General Counsel
(5) Regional Administrators
1-3
-------�
IRM POLICY MANUAL 2100
7/21/87
As noted in this delegation, which is found in Exhibit 1-B of
this chapter, the officials specified above may further
redelegate their authority in this area to their Senior
Information Resources Management Officials (SIRMOs), provided
that formal notification is provided to the Director, OIRM.
6. CONTROLS RELATED TO BASIC MANAGEMENT FUNCTIONS. The following
sections describe management controls for IRM planning,
budgeting, acquisition, data management and evaluation of
IRM activities and requirements.
a. IRM Planning.
(1) Mission-based Planning. EPA is highly dependent on
its information resources to carry out program and
administrative functions in a timely, efficient and
accountable manner. Because of the expensive and
capital intensive nature of information and informa-
tion technology, it is Federal policy that all
managers plan effectively for the acquisition and
management of information and information technology
through the annual preparation of mission-based IRM
plans. (Reference Chapter 2 of this manual). In
EPA, all national program managers and Regional
offices submit their plans to the Director, OIRM,
who is responsible for reporting the contents of
the plans to the Administrator and other senior EPA
management officials. Mission-based IRM plans are
tied to the budget process and are used to support
investment decisions made during the budget
preparation process.
(2) Planning Requirements for Acquiring and Managing
Personal Computers (PCs). The basic purpose of the
PC Plan is to ensure that appropriate provisions
are made to provide effective management and support
of this technology. All Headquarters and Regional
offices must submit a PC Plan and qualify for a
delegation of PC approval authority in order to
acquire personal computer hardware or software.
Delegations will be made to those offices that have
(1) designated a SIRMO to exercise the delegation
on behalf of the Assistant or Regional Administrator,
(2) received OIRM approval for their PC Plan and
(3) designated and arranged appropriate training
for a PC Site Coordinator(s) to manage PC ordering,
1-4
-------�
IRM POLICY MANUAL 2100
7/21/87
processing and user support and develop security
provisions for safeguarding these resources. Plans
must be approved by the SIRMO in order to receive
consideration by OIRM. Delegated officials, including
PC Site Coordinators, will review PC procurement
requests in light of approved plans and may then
submit approved procurement requests to PCMD for
placement/issuance of PC orders under the contract.
(3) Information Collection. The principles governing
the information collection planning process are
described in greater detail in Chapter 9 of this
manual. From a management control perspective, it
is important that Agency managers determine, before
the information collection is initiated, that data
are not already available elsewhere in the program,
Agency or external sources. It is also necessary in
the planning stage to design statistically valid
sampling and collecting efforts and to determine
that the cost of collecting the data does not exceed
the value of the data to the program and EPA mission
accomplishment.
(4) OMB Bulletin for Federal Information Systems and
Technology Planning - OMB issues a bulletin on an
annual basis which requires all Federal agencies to
submit their strategic plans for information systems
and technology. This plan contains the following
kinds of information: a description of the agency's
program priorities and a discussion of how informa-
tion technology is being used to meet those priorities;
a list of the agency's major information systems;
and a description of significant information technology
initiatives.
(5) OMB Bulletin for Management Review/Management
Improvement Planning - The Office of the Comptroller
is responsible for coordinating and reporting EPA's
management improvement plan to OMB. OIRM contributes
to the Agency's plan by reporting milestones for
initiatives which will improve the overall management
of the Agency from an IRM perspective.
1-5
-------�
IRM POLICY MANUAL 2100
7/21/87
b. Budgeting.
(1) Section 43 of OMB Circular A-ll, "Preparation and
Submission of Budget Estimates" - In EPA, this
reporting requirement is referred to as "Short-Term
ADP Planning." This report identifies and documents
the Agency's information technology activities, the
cost of those activities and the program initiatives
that the technology supports. OIRM is responsible
for coordinating the collection and reporting of
this information for the Agency.
(2) Timeshare Budget - OARM-RTP with the assistance of
OIRM, and in consultation with Agency components,
prepares and submits the Agency timeshare budget.
Timeshare requests are represented as a program
element (PE) in the Agency's budget which is submitted
to OMB. Once the budget is approved by Congress,
OIRM administers the timeshare budget throughout
the Agency in accordance with the needs and requests
of Agency components and OARM-RTP guidance.
(3) Environmental Monitoring Budget Special Analysis -
The purpose of this periodic analysis is to evaluate
the investments supporting the Agency's environmental
monitoring strategies. All major program offices
are required to provide their individual monitoring
analysis with their budget submissions. OPPE is
responsible for assessing these reviews. The final
product evaluates the resource requirements and
priorities for monitoring activities across the
Agency.
(4) Information Collection Budget - During the third
quarter of each fiscal year, OMB issues a bulletin
which requires that agencies submit their projected
reporting burden on the public for the forthcoming
fiscal year. OPPE is responsible for coordinating
and reporting the information collection budget for
EPA.
1-6
-------�
IRM POLICY MANUAL 2100
7/21/87
c. Procurement/Acquisition.
(1) Acquisitions are evaluated to meet GSA and other
applicable regulations. . Policies on EPA's IRM
acquisitions are enforceable by OIRM, the Grants
Administration Division (GAD) and the Procurement
and Contracts Management Division (PCMD).
(2) From a management control perspective, PCMD inserts
language into contracts to ensure that the contractors
adhere to certain standards. Some of these standards
are mandated by the Federal Information Resources
Management Regulations (FlRMRs), Federal Standards
and the Federal Information Processing Standards
(FIPS). Other standards are developed by OIRM and
NDPD. They are responsible for determining what
standards apply to a particular procurement.
(3) OIRM provides ADP support services through centrally
managed and administered contracts; program offices
may submit procurement requests for such services to
OIRM. OIRM provides guidance on effective utiliza-
tion of these contracts and prepares the required
delivery orders which are issued by PCMD.
d. Data Management. In the operation of any of EPA's
automated systems there are a number of controls which
are imposed in order to maintain efficiency and effective-
ness. The following is a brief list of principal controls
that program and system managers need to observe in the
development, operation and maintenance of their systems:
(1) Data Standards - Organizations responsible for
system management are responsible for conforming
with established Agency data standards. OIRM is
responsible for establishing the data standards for
the Agency and ensuring that those standards meet
the Agency objective of promoting data sharing.
Chapter 5 of the EPA Policy Manual provides further
information on this subject.
(2) Systems Documentation - It is Agency policy that
adequate documentation must be developed for all EPA
automated systems. This is important to ensure
management control and continuity of service. Without
adequate documentation, full utilization of a system
cannot be realized.
1-7
-------�
IRM POLICY MANUAL 2100
7/21/87
(3) Acceptance Testing - Prior to implementing a system,
appropriate acceptance testing must be conducted.
Such activity serves to determine the reliability of
functions as well as identify problems, both in the
documentation and in the actual operation of the
system. Acceptance testing must include proper
documentation of test results.
(4) Systems Security - As stated in Chapter 8 of this
manual, "It is EPA policy to protect adequately
sensitive information and sensitive applications
from improper use, alteration or disclosure, whether
accidental or deliberate. Information and applica-
tions will be protected to the extent required by
applicable law and regulations in accordance with
the degree of their sensitivity in order to ensure
the cost-effectiveness of the security program."
(5) User Support and Training - To ensure optimally
efficient operation of Agency information systems,
it is critical that EPA managers provide their
staff adequate user support and training.
e. IRM Evaluations. The following evaluations and reviews
are conducted to help the Agency assess the adequacy of
its information systems and resources:
(1) Special Studies and Management Reviews - A variety
of special studies and reviews are conducted by
OIRM alone or in concert with Agency program offices.
The scope of such reviews may vary depending on the
subject matter and the goals and objectives
established for the review or study.
(2) ADP Reviews - These reviews are conducted by OIRM
as well as program managers. All ADP review activity
must be coordinated with the Office of the Inspector
General which has the lead responsibility to perform
independent reviews of EPA's activities. An ADP
review is an evaluation of an information system,
ADP equipment, operations or an ADP organization,
to determine if the intended or expected functions
are being accomplished. The general purpose of
such a review is to improve management of information
resources by ensuring that ADP systems and services
are being managed in compliance with standards,
1-8
-------�
IRM POLICY MANUAL 2100
7/21/87
operating procedures and policies. (Specific guidance
on conducting this type of review is found in the
Agency's Directives System - EPA 2115 Guide for ADP
Review).
(3) Contract Performance Reviews - OIRM, in concert with
PCMD, conducts regular (three times per year) reviews
of contractor performance through meetings with
delivery order project officers and the contractor
under the ADP support contracts managed by OIRM.
These meetings provide a forum to share information
about experiences during delivery order performance
that relate to key performance and contract
administration issues.
(4) Risk Analyses - OMB Circular A-130 requires that all
automated installations undergo a periodic risk
analysis to ensure that appropriate/ cost-effective
safeguards are in place. This risk analysis will
be conducted on new installations, on existing
installations undergoing significant change and on
existing installations at least every 5 years.
(5) GSA Triennial Review - This review is a government-
wide three-year planning and reporting cycle set
forth to meet the requirements established by the
Paperwork Reduction Act of 1980. Agencies are
required to perform reviews of their information
resources management activities and prepare synopses
and updates of these reviews to GSA on a yearly
basis for a three-year duration. The objective of
the Triennial Review Program is to ensure that
agencies are carrying out their information manage-
ment activities in an efficient, effective and
economical manner. OIRM is responsible for managing
the review process with input from the program
offices.
f. IRM Reporting Requirements.
(1) External - The following is a list of external
reporting requirements related to EPA's IRM program:
(a) OMB Bulletin for Federal Information Systems and
Technology Planning
(b) OMB Bulletin for Management Review/Management
Improvement Planning
1-9
-------�
IRM POLICY MANUAL 2100
7/21/87
(c) Section 43 of OMB Circular A-ll
(d) GAO Systems Inventory
(e) ADP Equipment Data Systems to GSA
(f) Information Collection Budget
(g) Information Security Program Data to GSA
(h) Privacy Act Annual Report to OMB
(2) Internal - The following is a list of internal
reporting requirements relating to EPA's IRM program:
(a) Mission-Based Plans
(b) PC Plans
(c) Information System Inventory Updates
(d) Timeshare Budget
(e) Special IRM Budget Analysis (Addendum)
(f) Environmental Monitoring Budget Special Analysis
1-10
-------�
IRM POLICY MANUAL 2100
7/21/87
EXHIBIT 1-A
DELEGATIONS 1200 TN95
3/26/84
GENERAL, ADMINISTRATIVE AND MISCELLANEOUS
1-10. ADP
1. AUTHORITY. To approve requisitions for ADP equipment,
telecommunications, studies, and services, including the
authority to determine and approve:
a. The ADP technical content of solicitation packages
b. The evaluation criteria to be used for evaluation of ADP
components of proposals
c. Preaward procedures for ADP components of proposals,
including membership on the evaluation panel, contractor
demonstrations and benchmarks, and facility reviews as
required
d. Postaward procedures for ADP components of procurements
including acceptance testing and site inspection.
2. TO WHOM DELEGATED. The Assistant Administrator for
Administration and Resources Management.
3. REDELEGATION AUTHORITY. These authorities are redelegated
to the Director, Office of Information Resources Management.
The authority to approve requisitions for ADP equipment,
computer services, and telecommunications is further
redelegated to the Director, Office of Administration and
Resources Management, RTP. All of the above authorities may
be redelegated further.
-------�
-------�
OIRM DELEGATION 2100
EXHIBIT 1-B 7/21/87
MICROCOMPUTER REQUISITIONS
4/24/87
OIRM 1-1QA
1. AUTHORITY
To approve requisitions for microcomputer equipment, software
and support services.
2. TO WHOM DELEGATED
a) Assistant Administrators
b) Associate Administrators
c) Inspector General
d) General Counsel
e) Regional Administrators
3. REDELEGATION AUTHORITY
a) The officials specified above may further redelegate
this authority to a Senior Information Resources
Management Official designated by them to have full
responsibility for information resources management
matters within their purview, provided that formal
notification of this designation and redelegation is
provided to the Director, Office of Information
Resources Management.
b) The Senior Information Resources Management Officials
designated by the above named officials may redelegate
this authority to the heads of major EPA field installa-
tions, provided that there is prior notification to and
approval by the Director, Office of Information Resources
Management.
4. LIMITATIONS
a) The authorities delegated and redelegated herein may be
exercised only upon approval of the organization's
Personal Computer Acquisition and Management Plan by the
Director, Office of Information Resources Management,
and only in a manner that conforms to the provisions of
the approved Plan.
-------�
2100
7/21/87
- 2 -
b) Microcomputer equipment and software are to be obtained
from contracts established by the Office of Information
Resources Management unless the required items are not
available from those contracts or the ordering organiza-
tion first documents that it is in the interest of the
Agency to obtain these products from another source, and
such documentation has been reviewed and approved by the
Senior Information Resources Management Official or/ in
the event that further redelegation has been made, by
the field installation head.
c) Individual requisitions for microcomputer equipment and
software that are to be obtained from sources other than
the contracts established by the Office of Information
Resources Management may not exceed $50,000 without
prior approval by the Director, Office of Information
Resources Management.
d) Requisitions for microcomputer equipment and software
that do not conform to Agency standards may not exceed
the following dollar limits in any single fiscal year
without prior approval by the Director, Office of
Information Resources Management:
(1) $50,000 by each Assistant Administrator, Associate
Administrator, the General Counsel, the Inspector
General, Regional Administrator or their designated
Senior Information Resources Management Official.
(2) $10,000 for each major field site that has been
redelegated authority to approve microcomputer
requisitions pursuant to paragraph b) of Section 3.
above.
e) Requisitions that require synopsis in the Commerce
Business Daily (i.e., sole source requisitions for
specified make and model equipment costing $10,000 or
more, for open market purchases costing $25,000 or more,
and purchases from GSA Schedule contracts costing
$50,000 and more) require approval by the Director,
Office of Information Resources Management prior to
publication of the synopsis.
f) Requisitions for local area network equipment or software
must have prior approval from the Director, National
Data Processing Division.
-------�
2100
7/21/87
- 3 -
g) Requisitions approved pursuant to the authorities
delegated and redelegated hererin may not exceed the
limits of the ADP procurement authority delegated to the
Environmental Protection Agency by the General Services
Administration.
Eidwafd J. Hanley
Director, Office of Information
Resources Management
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 2 - MISSION-BASED PLANNING
1. PURPOSE. This policy establishes the principles that govern
Agencywide planning for EPA's investments in and management
of information resources and technology. This policy also
defines roles and responsibilities for implementing these
principles.
2. SCOPE AND APPLICABILITY. This policy applies to all EPA
national program managers and Regional offices.
3. BACKGROUND.
a. Information is an Agency asset, just as property, funds
and personnel are Agency assets. EPA is highly dependent
upon its information resources to carry out program and
administrative functions in a timely, efficient and
accountable manner.
b. Information and information technology represent an
expensive and capital intensive investment of EPA's
human and other operational resources. It is essential,
therefore, that EPA plan for its investment and manage-
ment of information resources.
c. As a result, an Agencywide Information Resources Management
(IRM) planning p.rocess must be established. Furthermore,
as required by OMB Circular A-130, planning must be based
in programs and missions to ensure that the acquisition
and use of information resources support the requirements
of EPA's program and administrative functions.
d. Investment decisions on the acquisition and use of
information resources can be made only through the budget
process. Planning must be tied to the budget so that
budget decisions are derived from plans and, conversely,
so that budgetary constraints are reflected in the plans.
e. The management, control and responsibility for information
resources within EPA is decentralized. Consequently,
planning for information investments and management is
also decentralized. The value of a decentralized process
is that it engages the active participation of EPA managers
in the decision-making process and allows them to respond
to environmental as well as administrative priorities
as they change over time.
2-1
-------�
IRM POLICY MANUAL 2100
7/21/87
4. AUTHORITIES.
a. OMB Circular A-130, Management of Federal Information
Resources.
5. POLICY. It is EPA policy to plan effectively for the
acquisition and management of information and information
technology through the annual preparation of mission-based
information resource management (IRM) plans.
a. Mission-based IRM plans are strategic in nature covering
a three-to-five year period and updated annually to
reflect real-time changes in each major national program
office.
b. Mission-based IRM plans are linked to the Agency's Priority
List which defines the Agency's mission and to the Agency's
Operating Guidance which specifies IRM priorities and
actions over a one-to-two year period.
c. The plans will be tied to the budget process and will be
completed in time to support investment decisions made
during the budget preparation process.
d. Mission-based IRM planning explicitly evaluates information
requirements necessary to achieve EPA and program missions
and priorities. These requirements are assessed in the
context of existing and planned resources and Agencywide
policies and standards governing the effective management
of information and information technology.
e. Planning for significant investments in and management of
information must be supported by analyses of the life
cycle of the information requirement from the initial
stages of information system design through operational
stages of system start-up and maintenance. Consideration
must be given to the full range of information support
needs from data collection and entry to ongoing training,
user support, quality control and system administration.
e. Mission-based IRM plans must be evaluated periodically to
ensure that EPA and program missions and priorities are
fully supported. In particular, any planning for signifi-
cant investments must be evaluated through such analyses
as information requirements studies, benefit-cost
assessments and life cycle planning studies.
2-2
-------�
IRM POLICY MANUAL 21QO
7/21/87
6. RESPONSIBILITIES.
a. The Office of Information Resources Management is
responsible for:
(1) Developing and issuing guidance for the development
of mission-based information resources management
plans in accordance with OMB Circular A-130.
(2) Determining, in consultation with the IRM Steering
Committee and Senior IRM Officials, which major
national programs are responsible for preparing and
updating mission-based IRM plans.
(3) Developing and issuing guidance for an Agencywide
review of information investments.
(4) Providing guidance to the Administrator and EPA's
senior management on EPA's investment in and manage-
ment of information resources and technology.
(5) Responding to OMB and other external requests on
EPA's plans and budgets for the acquisition and use
of information technology.
b. The Assistant Administrators, Associate Administrators/
General Counsel, Inspector General and Regional Adminis-
trators are responsible for:
(1) Appointing a Senior IRM Official who is responsible
for management and oversight of the information
resource management program in his/her respective
organization. The Senior IRM Official in the Office
of Executive Support for the Office of the Adminis-
trator serves the two Associate Administrators as
well as all of the Staff Offices in the Office of
the Administrator.
c. Senior IRM Officials for major national programs are
responsible for:
(1) Ensuring the development of mission-based resource
management plans responsive to EPA and program
information requirements.
2-3
-------�
IRM POLICY MANUAL 2100
7/21/87
(2) Ensuring that these plans are integrated into budgets
for information investments which are reflected in
formal planning and budgeting submissions.
(3) Establishing an information resource management
program consistent with the organizational mission,
organizational information plans and Agency policy.
c. The National Data Processing Division is responsible
for:
(1) Translating the mission-based plan into specific
ADP resources requirements.
(2) Developing the actual Timeshare Budget required to
provide the ADP resource requirements identified by
(1).
7. DEFINITIONS.
a. "Mission-based Planning" refers to the planning for an
agency's investments and management of information
resources and technology that are required to achieve
the agency's missions and priorities. These plans are
tied to the budget process and are used to support invest-
ment decisions made during the budget preparation process.
These plans are strategic in scope but are updated annually
to reflect progress in implementation, program changes,
changes that affect information requirements and advances
in technology.
b. "Life Cycle Costs" means the sum total of all the direct,
indirect, recurring, nonrecurring and other related costs
incurred or predicted to be incurred in the formulation
of requirements and feasibility studies, and in the
design, development, production,•operation, maintenance
and support of an information system throughout its
useful life.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines for the
Agency's Mission-based Planning Program will be issued on an
annual basis under separate cover.
2-4
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 3 - STATE/EPA DATA MANAGEMENT
1. PURPOSE. This policy establishes the principles that govern
the management and sharing of data between EPA and State
environmental agencies and the information systems that
handle these data. This policy also defines roles and
responsibilities for implementing and ensuring adherence to
these principles.
2. SCOPE AND APPLICABILITY. This policy is applicable to all
EPA programs and Regional offices that develop and operate
information systems that are used by the States or that
contain data reported to EPA by States.
3. BACKGROUND.
a. The underlying rationale for EPA's policy on State
delegation includes a recognition that more effective
environmental protection results when Federal goals and
regulations are implemented in a fashion that is respon-
sive to the diversity of local conditions. EPA's policies
on information management must reflect this same balance
of compliance with Federal statutes and priorities and
responsiveness to local diversity.
b. Federal policy, as most recently set forth in OMB Circular
A-130, specifies that Federal agencies may "not require
Federal information systems that unduly restrict the
prerogatives of heads of State and local government
units..."
c. EPA remains responsible and accountable to the President,
the Congress and the public for progress toward meeting
national goals and for ensuring that Federal statutes
are adequately enforced. In accordance with "EPA Policy
on Oversight of Delegated Environmental Programs," April
4, 1984, the Agency has the responsibility to oversee
the conduct of delegated inter-governmental programs, to
enhance State capabilities to administer environmental
protection programs and to analyze the status of State,
regional and national environmental quality through
ongoing monitoring and data collection efforts.
d. EPA's policy of delegating program implementation
responsibility to States means that the ultimate
effectiveness of the Agency depends, to a very large
3-1
-------�
IRM POLICY MANUAL 2100
7/21/87
extent, on the effectiveness of State program managers.
Among the several factors that determine the success of
State program managers is their capacity to obtain and
use management and environmental information.
e. EPA's ability to oversee and support State performance
of delegated programs, and to report on these programs
to the President, the Congress and the public, is also
heavily dependent upon accurate and timely State
information resources and systems.
f. EPA seeks to improve environmental decisions by more
consistent and reliable estimation of health risk based
on sound data and analysis methods and by integrating
permitting, regulatory and compliance efforts across
program lines. Improvement in the information management
systems will result in more timely, quality assured data,
a more integrated risk assessment and overall better
State/EPA program management.
g. Although each has requirements that differ in detail and
emphasis, there are substantial benefits to EPA and to
State agencies if both have timely, reliable access to
the same basic management and environmental information.
h. Most EPA programs have developed data systems to receive
State reports and to provide the reports and analysis
required by national program managers. There are substan-
tial benefits to EPA when States agree to meet Agency
reporting requirements by entering data directly into
these systems. In at least some cases. States also
benefit by gaining access to data and information systems
capabilities that they cannot develop on their own.
However, the benefits to States from using EPA information
systems to report or to process data depend on several
factors:
(1) The existing State investment in its own information
systems
(2) The accessibility and reliability of the EPA systems
for both entering and retrieving data
(3) The reliability and quality of EPA user support
3-2
-------�
IRM POLICY MANUAL 2100
7/21/87
(4) The extent to which EPA systems contribute to State
management objectives as the integration of environ-
mental and management data, both across programs
delegated from EPA and other State programs
(5) The costs in using such systems both in actual
dollars and resources necessary for use.
4. AUTHORITIES.
a. OMB Circular A-130, Management of Federal Information
Resources.
5. POLICY. It is EPA policy that Agency reporting requirements
and information systems will be responsive to the information
needs of State environmental agencies and will take into
account the diversity among States in terms of organization,
resources and program responsibilities. EPA systems that
process and store data obtained from States will adhere to
data management policies that avoid duplication of data and
effort and promote integrated environmental program planning
and management, both within States and between States and
EPA. EPA will assure timely and reliable State access to
any Agency information system that contains data obtained
from States in response to EPA reporting requirements.
a. As required by OMB Circular A-130, EPA will adhere to
reporting and information systems policies that do not
unduly restrict State prerogatives to plan and manage
information resources in response to State policy and
management priorities.
b. EPA information systems that process and store data
provided by States in response to EPA reporting require-
ments will, insofar as practical, be developed and operated
to accommodate State management needs. More specifically:
(1) EPA will ensure that States are afforded an active
role in developing, improving and modifying informa-
tion systems through the establishment of user
groups, policy groups and other mechanisms which
promote continuing State/Federal interaction.
(2) EPA will, insofar as practical, design such systems
with the flexibility to accommodate State needs for
related data standards that facilitate State informa-
tion systems planning and the integration of data
across EPA and State program lines.
3-3
-------�
IRM POLICY MANUAL 2100
7/21/87
(3) EPA will develop such systems in adherence to
technology and data standards that facilitate State
information systems planning and the integration
of data across EPA and State program lines.
(4) EPA will design such systems to accept direct,
electronic transmission of data from States that
operate their own information systems.
(5) EPA will design such systems to support direct,
electronic transmission of data to States from EPA
systems to support local data analysis.
(6) EPA will strive to achieve consistency in design
and access methods consistent with current industry
technology.
c. New EPA systems and data bases developed to process and
store data obtained from State environmental agencies
shall be designed to support timely and reliable State
access to these data. Existing EPA systems that contain
State data should allow for timely and reliable State
access. Timely and reliable State access will vary
according to the nature of the data and the system;
however, for EPA's major national systems and data bases,
it means:
(1) Direct, on-line State access to current data files
(2) The use of software and data communications techno-
logies that adhere to Agency standards and that
support efficient State access for reporting and
retrieval of data
(3) The provision of documentation and user assistance
to State users on a consistent and current basis.
d. For those States which agree to meet EPA reporting
requirements by directly entering data into EPA systems,
the Agency will regard such data as the official State
record of the delegated program. EPA will not unilaterally
change these data, since doing so would force the State
to maintain a separate system of records.
e. EPA will allow the States at their option to enter data
regarding non-delegated programs into the EPA systems.
3-4
-------�
IRM POLICY MANUAL 2100
7/21/87
However, States are not mandated to meet the same
requirements in the non-delegated programs that they are
obliged to meet for the delegated ones.
f. EPA will support the use of State grant funds to develop
State information resources and technology to the extent
that doing so is consistent with the purposes for which
these funds were appropriated. EPA will seek State
proposals which assign funds from one or more EPA grants
for information resources and technology that:
(1) Promote the integration of environmental planning
and management across State and EPA program lines
(2) Foster improved data sharing between EPA and the
State.
g. EPA will design and manage its computing and data
communications network to support timely and reliable
State access to EPA systems and data bases. EPA's pursuit
of this goal will be based on the following assumptions:
(1) The achievement of this goal is dependent on the
constraints of available resources.
(2) EPA does not seek to be the primary or the "first
choice" computing resource for any State environmental
agency.
(3) EPA does not seek to provide computing and
telecommunications services to States in lieu of
or in competition with either State or commercial
sources.
h. EPA recognizes one of the advantages of sharing data is
reduced reporting by the States. Therefore, if a State
is entering data directly into the EPA system, EPA will,
insofar as practicable, adhere to data management policies
that avoid duplication of data and effort and not require
that the State report this information in additional
formats.
6. RESPONSIBILITIES.
a. The Office of Information Resources Management shall:
(1) Develop guidelines and programs to ensure that
3-5
-------�
IRM POLICY MANUAL 2100
7/21/87
Agency reporting requirements and information systems
are defined and implemented in accord with this
policy.
(2) Provide guidance and assistance to Assistant
Administrators, Associate Administrators and Regional
Administrators in implemen' -'ng the requirements
of this policy.
(3) Plan and oversee the acquisition, deployment and
use of information technology within EPA to ensure
support for effective management and sharing of
data by EPA and State environmental agencies.
(4) Ensure EPA compliance with Federal statutes and
regulations governing the acquisition, operation
and use of information technology employed to share
data between EPA and State agencies.
(5) Evaluate and report on the effectiveness of Agency
activities in achieving the goals of this policy.
b. National Data Processing Division shall:
(1) Design and manage the acquisition and operation of
data processing and telecommunications resources to
support effective management and exchange of data
between EPA and State environmental agencies.
(2) Develop standards for EPA data processing and
telecommunications technology services that support
the goals of this policy.
(3) Provide technical advice and assistance to EPA and,
upon request, to State environmental agencies
concerning the acquisition and implementation of
information technology to achieve the goals of this
policy.
c. Assistant Administrators and Associate Administrators
shall assure:
(1) That State agency requirements for information and
information technology are addressed in the design
and implementation of EPA programs.
3-6
-------�
IRM POLICY MANUAL 210°
7/21/87
(2) That the information systems and data management
practices of programs and activities under their
direction are in accord with this policy.
(3) Effective State participation in the design and
operation of national information systems and data
bases that contain data reported by States and
provide timely and reliable access by States to
such data bases.
d. Regional Administrators shall assure that:
(1) State requirements for information and information
technology are effectively addressed in State delega-
tion agreements. State grants and other agreements
between EPA and States.
(2) Regional procedures for handling and validating
State-reported data guarantee the integrity and
accessibility of such data as required by this
policy.
(3) The Regional Office has an effective program to
foster and support State/EPA data management and
sharing that meets at a minimum EPA Federal reporting
requirements.
e. The Office of Administration shall:
(1) Develop and implement policies and procedures to
assure that information collection and processing
activities performed by EPA contractors and grantees
comply with this policy.
7. DEFINITIONS.
a. "Data" refers to a collection of unorganized facts that
have not yet been processed into information.
b. "Data Base" is a collection of integrated data that can
be used for a variety of applications.
c. "Data Communications" refers to computer-to-computer,
computer-to-device, device-to-computer communications
and other communications such as a record, tele-processing
and telemetry.
3-7
-------�
IRM POLICY MANUAL 2100
7/21/87
d. "Information Technology" refers to the hardware and
software used in connection with government information,
regardless of the technology involved, whether computers,
telecommunications, micrographics or others.
e. "Software" refers to computer programs, procedures,
rules and associated documentation pertaining to the
operation of a computer system.
f. "Telecommunications" is the transmission and/or reception
of information by telephone, telephone lines, telegraph,
radio or other methods of communication over a distance.
The information may be in the form of voice, pictures,
text and/or encoded data.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines will
be issued under separate cover.
3-8
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 4 - SOFTWARE MANAGEMENT
1. PURPOSE. This policy establishes the principles and
requirements that govern the planning, acquisition, develop-
ment, maintenance and use of Agency software resources.
This policy also defines the roles and responsibilities for
implementing these principles and requirements.
2. SCOPE AND APPLICABILITY. This policy applies to all EPA
organizations and their employees. it also applies to the
personnel of agents (including State agencies, contractors
and grantees) of EPA who are involved in the design, develop-
ment, acquisition, operation and maintenance of Agency
software, data and information systems. The requirements of
this policy apply to existing as well as new or modified/
enhanced software systems.
3. BACKGROUND.
a. Directly or indirectly, most EPA managers are involved
with automated information systems or the information
resources management process. This involvement can be
with the information itself and related resources, e.g.,
personnel, equipment, funds, systems and technology
(hardware and software). As agencies become increasingly
dependent on information technology to accomplish their
basic missions, .it is essential that these technologies
be acquired and used in a rational way.
b. The EPA software management program is needed to manage
and protect EPA information as a valuable national resource;
promote cross-media analysis and information interchange
for environmental results; reduce costs while maximizing
benefits for program management and improve the quality,
uniformity and maintenance of software products.
c. The objectives of EPA's software management program
include the following:
(1) Secure EPA's investment in information collection,
processing, dissemination, use, storage and
disposition.
4-1
-------�
IRM POLICY MANUAL 2100
7/21/87
(a) Much of EPA's software investment is "custom"
software (i.e., developed by in-house or
contractor staff), as opposed to software
commercially marketed or developed by other
government agencies.
(b) It is important that systems development,
operation and maintenance be managed to ensure
that this investment yields software products
which are sound, maintainable and not subject
to disruption.
(2) Improve the quality, uniformity and maintenance of
software systems.
(a) Decisions regarding the selection of such
items as computer environment, programming
languages, processing techniques, ergonomic
screen design, terminal key functions and
documentation products have been left up to the
individual project officer, contractor or
in-house developers.
(b) This has resulted in some successful systems,
while others have been hampered by maintenance
difficulties attributed to the lack of an
effective software management program.
(3) Improve the cost-effective acquisition, development,
maintenance and ongoing operation of software systems.
(a) EPA spends a significant amount of its information
resource dollars on custom software development,
maintenance and ongoing operation of information
systems.
(b) Improving the cost-effectiveness of these efforts
can be achieved by standardizing techniques,
methods, products and tools for systems
engineering for all phases of the information
systems life cycle and by the acquisition and
use of commercial software where appropriate.
(4) Promote inter-agency cooperation and sharing of
software and data.
4-2
-------�
IRM POLICY MANUAL 2100
7/21/87
(5) Improve the end-user computing environment and
access to EPA's information resources.
(a) EPA is increasingly relying on end-user
computing. The key to end-user computing is
the availability of easy-to-use software tools
and "ready-to-go" applications software.
(b) This can be achieved through several measures,
including standardizing and supporting software
tools for the end-user computing environment;
providing training, software revisions and user
support; expanding the "information center"
approach to support the end-user computing
environment; promoting access by Agency staff
to information systems and resources; and
developing and disseminating systems engineering
standards and guidelines for all software life
cycle phases of end-user developed applications.
(6) Develop plans for future software investments in
areas with high payoff for the Agency's mission.
(a) While tools such as fourth generation languages
have measurable benefits and significant
productivity gains, there are future areas of
software investment which promise even greater
benefits and gains.
(b) These include greater reliance on generic,
off-the-shelf software applications, as opposed
to developing custom software; office automation
software with greater levels of integration of
functions, features and capabilities; expert
systems or artificial intelligence applications
for EPA mission and program goals; geographic
information systems for environmental analysis;
and the development and enforcement of software
engineering standards to gain a greater degree
of discipline and rigor in the software process.
d. The policies described in the remainder of this chapter
provide a framework for establishing this software management
program.
4-3
-------�
IRM POLICY MANUAL 2100
7/21/87
4. AUTHORITIES.
a. OMB Circular No. A-130, Management of Federal Information
Resources, December 12, 1985.
b. NBS PIPS PUB 38, Guidelines for the Documentation of
Computer Programs and Automated Data Systems, February 15,
1976.
c. NBS FIPS PUB 64, Guidelines for Documentation of Computer
Programs and Automated Data Systems for the Initiation
Phase, August 1, 1979.
d. NBS FIPS PUB 105, Guidelines for Software Documentation
Management, June 6, 1984.
e. NBS FIPS PUB 106, Guidelines on Software Maintenance.
f. NBS FIPS PUB 101,' Guidelines for Lifecycle Validation,
Verification and Testing of Computer Software.
g. EPA Office Systems Feasibility Study, Implementation and
Operational Guidelines, January 1985 (OIRM).
h. EPA ADABAS Application Development Procedures Manual,
October 17, 1984 (revised December 2, 1985), NDPD.
5. POLICY. It is EPA policy to enhance the management of software
throughout its life cycle. It is also EPA policy that software
developed by or acquired for the Agency will use EPA standard
software tools and adhere to EPA standards and guidelines.
a. The use of existing government and commercially available
and tested software application packages is required
wherever technically and economically feasible.
b. Whenever custom programming is required, maximum use of
automated tools for software design, development, testing
and maintenance will be made.
c. EPA offices and staff will jointly acquire and share
software resources wherever possible. This applies to
the acquisition of proprietary software products and
development of software under contract or with in-house
resources. Software that has the potential for being
shared will be developed or acquired after an evaluation
of the general requirements of interested offices.
4-4
-------�
IRM POLICY MANUAL 2100
7/21/87
d. Copyright laws and other measures designed to protect
legitimate proprietary interests in software and data
must be rigidly enforced. Classified and unclassified
data and software must be protected from improper access,
use, alteration, manipulation or unauthorized disclosure
as a result of criminal, fraudulent or other improper
actions.
e. In the absence of overriding efficiency considerations,
all software resources must: satisfy functional require-
ments; provide interfaces consistent with users' needs
and skill levels; meet users' availability needs; provide
data integrity; provide response times acceptable to
users under routine and unusual conditions (i.e., peak
workloads, equipment failure); and meet users' security
requirements.
f. EPA program officials will adhere to Federal Information
Processing Standards (PIPS) and guidelines as published
or adapted for the Agency in developing, documenting,
maintaining and using software applications.
g. EPA program officials managing the development or ongoing
operation of software applications are responsible for
the management of life cycle costs, conformance to soft-
ware standards and data base administration procedures,
training, operations maintenance and user support and
evaluation.
h. The development of all application systems will conform
to the Agency's system development life cycle methodology,
i. The use of fourth generation or other non-procedural
languages and tools is recommended in lieu of third
generation, procedural language-based custom development
efforts. Customized third generation or procedural
languages and tools may be required to meet functional
requirements for reasons of security, portability and
efficiency. The use of assembler languages is restricted
to exceptional situations, such as when modifying an
existing program written in assembler language, writing
a program for an operating system and an application
requiring the use of assembler language.
j. All EPA applications systems development efforts must
use the Agency's standard application programming
languages.
4-5
-------�
IRM POLICY MANUAL 2100
7/21/87
k. Applications should be designed to require the least
possible amount of computer operator and programmer
support for execution.
1. EPA program officials will periodically review all
software resources to determine and prevent obsolescence
of software. Indicators of obsolescence include:
dependence on obsolete peripherals; running in an emulation
mode; inadequate operating system or documentation and
more than 5 years since the last substantial redesign.
m. Information technology provided to EPA employees and
their agents is to be used for official business only.
EPA managers and supervisors are responsible for ensuring
appropriate use of this technology by their employees.
6. RESPONSIBILITIES.
a. The Office of Information Resources Management (OIRM) is
responsible for:
(1) Managing information resources, functions and
activities within EPA, in accordance with the Paper-
work Reduction Act of 1980 (P.L. 96-511), Federal
Information Processing Standards (FIPS), OMB Circular
No. A-130 (Management of Federal Information Resources)
and other Federal regulations.
(2) Defining EPA software management/engineering policies,
standards and guidelines in the interests of
standardization, productivity and effective management
of software and information resources.
(3) Review and approval of technical specifications for
software requested by OARM, ORD and the program
offices.
(4) Publishing plans and guidance for administrative,
program and research/laboratory systems.
(5) Conducting compliance reviews.
4-6
-------�
IRM POLICY MANUAL 2100
7/21/87
b. The Assistant Administrators, Associato Administrators,
Regional Administrators, Laboratory Directors, Headquarters
Staff Directors, General Counsel and Inspector General
are responsible for:
(1) Ensuring compliance with software management policies,
standards and guidelines.
(2) Managing the software life cycle, process and products
within their program(s).
c. The Senior IRM Officials are responsible for:
(1) Approving microcomputer proprietary software.
(2) Initially approving requisitions for acquisitions
of information technology prior to their review by
NDPD and/or OIRM.
d. The Director, National Data Processing Division, is
responsible for:
(1) Acquiring all general purpose, non-application
specific software such as operating systems, data
base management systems, etc.
(2) Approving system-oriented proprietary software.
e. The Procurement and Contracts Management Division and
the Grants Administration Division are responsible for:
(1) Ensuring that all policy, standards and guidelines
specified by OIRM are incorporated in Requests for
Proposals (RFPs), Interagency Agreements (lAGs),
Cooperative Agreements, Grants, Contracts and
Sub-Contracts.
f. Each EPA Manager, Supervisor, or Project Officer engaged
in information resources management activities is
responsible for:
(1) Conforming to the software management/engineering
program policies, methods, standards, guidelines
and techniques contained in this and related
documents.
4-7
-------�
IRM POLICY MANUAL 2100
7/21/87
g. Each EPA employee, contractor and grantee engaged in
information resources management activities is responsible
for:
(1) Conforming to Agency software management/engineering
program policies, methods, standards, guidelines
and techniques.
7. DEFINITIONS
n
Application Software" means software specifically produced
for the functional use of a computer system, e.g., payroll,
inventory control, environmental monitoring and scientific
modeling.
b. "Artificial Intelligence, Expert, or Knowledge-based
Systems" refers to a class of systems that employ decision
rules developed through human experience and from human
knowledge to solve problems that require a high degree
of human expertise.
c. "Data Base Management System (DBMS)" is the software
product that provides data structure containing unrelated
data stored, so as to optimize accessibility, control
redundancy and offer multiple views of the data to multiple
application programs.
d. "Documentation" refers to information to support the
effective design, management, operation, maintenance and
transferability of ADP resources, and to facilitate
the interchange of information. Documentation includes
analysis, technical documents and specifications which
are produced in the software life cycle (e.g., project
request, feasibility study, cost/benefit, functional
requirements, data requirements, system/subsystem
specifications, program specifications, data base specifi-
cations, test plan, user's manual, operations manual,
test reports and maintenance procedures).
e. "Fourth Generation (4GL) Programming Language" refers to
modern programming languages (e.g., INFO, FOCUS) designed
for end-users or to increase programmer productivity,
which have a number of tools such as English language
4-8
-------�
IRM POLICY MANUAL 2100
7/21/87
syntax, dictionaries, screen builders and reference to
data by name. These languages tend to be dependent on
specific computer architectures and are not usually
transportable. They usually imply a proprietary Data
Base Management System (DBMS) or Data Management System
(DMS).
f. "Geographic Information System (CIS)" is a system that
combines geographic and/or cartographic analysis capabi-
lities with a computer data base system that can support
data entry, data management, data manipulation and data
display.
g. "Non-procedural Language" see definition for Fourth
Generation (4GL) Programming Language under "e".
h. "Procedural or High Order Language" see definition for
Third Generation Language (3GL) under "o".
i. "Software" means computer programs, procedures, rules
and possibly associated documentation and data pertaining
to the operation of a computer system.
n
Software Engineering" refers to the discipline of applying
software tools, techniques and methodologies to promote
software quality and productivity.
"Software Life Cycle" is the period of time beginning
when a software product is conceived and ending when
the product no longer performs the functions for
which it was designed. The software life cycle is
typically broken into phases, such as requirements,
design, programming and testing, installation and
operation and maintenance.
"Software Maintenance" means the performance of those
activities required to keep a software system operational
and responsive after it is accepted and placed into
operation. It is the set of activities which result
in changes to the originally accepted (baseline)
product. These changes consist of modifications
required to: (1) insert, delete, extend and enhance
the baseline system (perfective maintenence); (2)
adapt the system to changes in the processing environment
(adaptive maintenance) and (3) fix errors (corrective
maintenance).
4-9
-------�
IRM POLICY MANUAL 2100
7/2V87
m. "Software Tools" refers to packaged, often commercial,
computer program(s) used to help develop, test, analyze
or maintain computer programs, data and information
systems. Examples include statistical software such
as SAS, SPSS, sort systems, etc.
n. "Testing" refers to examining the behavior of a program
by executing the program on sample data sets.
o. "Third Generation (3GL) Programming Language" is a
programming language that usually includes features such
as nested expressions and parameter passing, that can
run on a variety of different computer systems and are
independent of machine architecture (e.g., COBOL, BASIC,
FORTRAN, PL/I). It is a problem oriented language
that facilitates the expression of a procedure as an
explicit algorithm. In contrast to fourth generation
programming language, third generation programming
language is usually independent of a data base
management system and is transportable between different
computer architectures.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines for
the Agency's software management program will be issued
under separate cover.
4-10
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 5 - DATA STANDARDS
1. PURPOSE. This policy establishes the EPA Data Standards
Program. The purpose of this program is to provide consistent
definition of data and to facilitate cross-media use of data.
This policy sets forth Agency principles on data standards
and assigns organizational responsibilities for implementing
and administering common data standards.
2. SCOPE AND APPLICABILITY. This policy applies to all
Environmental Protection Agency (EPA) organizations and
their employees. It also applies to the facilities and
personnel of agents (including contractors and grantees) of
EPA who design, develop, operate or maintain Agency information
and information systems. This policy applies to automated
and manual systems developed for programs or administrative
purposes. The requirements of this policy apply to existing
data elements as well as new data elements.
3. BACKGROUND.
a. Integration of information and data bases is difficult
because program offices use disparate formats and names
for similar data elements.
b. There is a need to make and support decisions based on
standard information and data collected that cuts across
the Agency's programs.
c. Specific programs, such as the Ground-water program,
have an increasing need to share data from other programs,
other agencies, States and local governments. This adds
credence to the need for acceptable data standards to
facilitate exchange of information.
d. Information technology has reached a point at which the
sharing of data among automated systems is technically
feasible.
e. The Agency has implemented standards for hardware and
software that facilitate the sharing of data among programs.
f. To support effectively the use of common definitions of
environmental data with State programs, EPA must have
common definitions for data elements and an intra-agency
capability to share data.
5-1
-------�
IRM POLICY MANUAL 2100
7/21/87
g. Organizations outside EPA have been establishing data
standards which are accepted nationally or internationally.
These pre-existing standards, such as Chemical Abstract
Service (CAS) registry numbers, may serve as the best
data standard for certain data elements.
h. There is a growing need for agreement on the definition
of Agencywide parametric data entities such as "site"
and "facility."
i. The Agency has a facilities inventory system that lists
facilities regulated by the various programs in EPA.
The inventory includes the different names and addresses
for a single facility. This system will be a critical
part of the Agency data standards effort.
j. At a minimum, there are six major areas which would
benefit from the use of data standards: data used in
more than one program, facilities and site data, geographic
data, measurement data, health and environmental effects
data and core office systems data.
4. AUTHORITIES.
a. 15 CFR, Part 6 Subtitle A, Standardization of Data Elements
and Representations.
b. OMB Circular A-1.30, Management of Federal Information
Resources.
5. POLICY. It is EPA policy to create and maintain consistency
in the form of data elements that have more than one applica-
tion within the Agency. This consistency will permit the
cross media approach necessary to achieve environmental
results. The data standards will reflect the Agency's program
priorities.
a. As required by OMB Circular A-130, EPA will adhere to
Federal Information Processing Standards (PIPS), except
where it can be demonstrated that the costs of using a
standard exceed the benefits of the standard or will
impede the Agency in accomplishing its mission.
b. All organizational components of EPA, their contractors
or grantees will promote the full utilization of Federal
and Agency data standards and representations in the
design and development of information systems.
5-2
-------�
IRM POLICY MANUAL 2100
7/21/87
c. Data elements, codes and representations already in use
by the Agency will be evaluated and adopted as Agency
standards wherever practicable.
d. Data elements, codes and representations may be recommended
for standardization by any program office within EPA.
e. Geographical information systems developed by the Agency
must conform to an established set of appropriate data
standards which permit the use of the system by all
relevant programs and State agencies.
f. All relevant facilities or sites data must be stored in
the Agency's facility or site inventory systems.
6. . RESPONSIBILITIES.
a. The Office of Information Resources Management (OIRM)
shall:
(1) Provide effective leadership in developing,
promulgating and enforcing the policies of the
Agency data standards program.
(2) Coordinate the evaluation and approval process of
all data standards with the Assistant Administrators,
Regional Administrators, Office Directors and Senior
Information Resources Management Officers.
(3) Exercise final approval authority for the adoption
of data standards. Grant waivers to the implementa-
tion of approved Agency data standards.
(4) Support other EPA data administration efforts, e.g.,
encourage cross reference files for non-standard
information. Encourage the use of data element
dictionaries.
(5) Propose and apply effectively data elements or
representations for use by more than one organizational
component of EPA as Agency standards.
(6) Publish and promulgate approved Agency standards in
an EPA Data Standards Catalog.
b. Assistant Administrators, Associate Administrators,
Regional Administrators, Laboratory Directors, Headquarters
Staff Office Directors, General Counsel, Inspector General,
and SIRMOs shall:
5-3
-------�
IRM POLICY MANUAL 2100
7/21/87
(1) implement approved Agency data standards that are
published under the provisions of this policy.
(2) Establish an organization-wide data standards work
group which reviews and provides information and
comments on proposed data standards.
(3) Propose the adoption of data standards for Agency
use within the environmental community.
(4) Submit requests for waivers or deferments to the use
of Agency data standards to OIRM.
7. DEFINITIONS.
a. "Data Element" is a unit of information used to describe
data characteristics and attributes, e.g., eyes - blue or
BL.
b. "Data Standards" are standards used generally, but not
exclusively, for automated systems to ensure that one
type of data is defined the same way in all systems. A
similar definition means having the same name, the same
number of maximum characters and the same type and content
of data in all systems where a specific data item appears.
c. "Information Technology" refers to the hardware and
software used in connection with government information,
regardless of the technology involved, whether computers
telecommunications, micrographics or others.
d. "Media" means Water, Air, Hazardous Waste and Pesticides
and Toxic Substances program offices.
e. "System" is the organized set of procedures used to
collect, transmit and disseminate information whether
automated or manual.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines for the
Agency data standards program will be issued under separate
cover.
5-4
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 6 - ADP RESOURCES MANAGEMENT
1. PURPOSE. To establish policies pertaining to the acquisition,
management and operation of Agency automated data processing
(ADP) resources.
2. SCOPE AND APPLICABILITY. This policy applies to all Agency
national programs and Regional offices. Within this policy,
ADP resources are defined as the following:
a. Large-scale, mainframe computers located at the National
Computer Center, RTP.
b. Distributed processors located anywhere in the Agency.
c. Microcomputers used as desktop computing resources located
anywhere in the Agency.
d. Data communications equipment including switching,
concentration and front-end processors located anywhere
in the Agency.
e. Data facilities used as intra-office, inter-office or
wide-band network circuits.
f. Operating system software, telecommunications software,
multi-user, third party application software.
3. BACKGROUND. The OMB and GSA require that each Federal Agency
establish internal policies and procedures for the efficient
management of ADP resources. The National Data Processing
Division, OARM-RTP, within the authority of the Office of
Information Resources Management, provides the following:
a. Computing and telecommunications services to Agency
allowance holders at a pre-determined level as defined in
general or specific Service Level Agreements.
b. Planning, oversight, management, operation and acquisition
of all automated data processing resources in the Agency.
c. Assessment and introduction of new computing and
telecommunications resources as appropriate to maintain
effective and efficient delivery of automated data
processing services.
6-1
-------�
IRM POLICY MANUAL 2100
7/21/87
4. AUTHORITIES.
a. Public Law 89-306, The Brooks Act, which provides for
the economic and efficient purchase, lease, maintenance,
operation and utilization of ADP resources by Federal
departments and agencies.
b. Public Law 98-369, Competition in Contracting Act, which
requires, among other things, that full and open
competition be utilized in the acquisition of supplies
and services and that specifications not be unnecessarily
restrictive of competition.
c. OMB Circular A-130, Management of Federal Information
Resources, which establishes policy for the management
of Federal information resources.
d. FIRMR, 41 CFR, Chapter 201, which provides Government-wide
policies, procedures and guidelines pertaining to the
procurement and management of ADP resources.
5. POLICY.
a. EPA will plan, budget, acquire, maintain and operate all
ADP resources in a cost-effective manner consistent with
applicable Federal standards and regulations and which meet
the documented mission needs of the various programs within
the Agency.
b. EPA will operate the National Computer Center as a
computing and telecommunications facility designed to
provide large mainframe computing services to EPA
employees and contractors.
c. EPA will operate the National Data Communications
System which will provide terminal access and host-to-host
communications between and among all computing resources
in the Agency.
d. EPA will provide management oversight, including procedures
operating policy and change control for minicomputers
and microcomputers located anywhere in the Agency.
e. Information technology provided to EPA employees and their
agents is to be used for official business only. EPA
managers and supervisors are responsible for ensuring
appropriate use of this technology by their employees.
6-2
-------�
IRM POLICY MANUAL 2100
7/21/87
6. RESPONSIBILITIES.
a. Office of Information Resources Management is responsible
for:
(1) Providing management guidelines and planning oversight
for all Agency ADP resources.
(2) Managing a planning process which identifies the ADP
requirements of the various programs in the Agency.
(3) Acquisition management of office automation.
(4) Acquisition of information technology supporting
scientific and technical applications.
b. The National Data Processing Division is responsible
for:
(1) Planning and acquisition management of hardware
not delegated to the Senior IRM Officials.
(2) The operation and maintenance of all centralized,
mainframe ADP resources.
(3) Delegation, where appropriate, for the operation
and maintenance of Agency ADP resources (distributed
processors and microcomputers) to other programs
within the Agency.
(4) Compliance with all applicable Federal regula-
tions addressing acquisition, operation and
accounting (including full-costing and chargeback)
of ADP resources.
(5) Preparing procedures and guidance for the operation,
maintenance and use of Agency ADP resources.
(6) Administering the Agency's timeshare accounting
and billing systems and procedures.
(7) Developing and managing the Agency's ADP security
and facility disaster recovery procedures.
(8) Providing ADP training and user support.
6-3
-------�
IRM POLICY MANUAL 2100
7/2 V87
c. The Assistant Administrators, Associate Administrators
Regional Administrators, Headquarters Staff Office
Directors, Laboratory Directors, General Counsel, and
Inspector General are responsible for:
(1) Ensuring compliance with the policies, standards
and guidance for the use of Agency ADP resources.
(2) Developing mission-based requirements for ADP
resources e.g., computer capacity planning.
(3) Operating and maintaining, as defined by NDPD, all
delegated resources.
(4) Administering the Agency's timeshare accounting for
their organization.
(5) Providing ADP training and user support for their
organization.
d. The Senior Information Resources Management Officials
(SIRMOs) are responsible for:
(1) Initial approval of requisitions for acquisition
of information technology prior to their review by
NDPD and/or OIRM.
7. DEFINITIONS.
a. "Automated Data Processing" (ADP) refers to the production,
conversion, reduction, destruction, storage, transfer or
communication of data by electronic digital computers
and related peripheral devices. The term "electronic
data processing" (EDP) and ADP are frequently used inter-
changeably with no significant distinction. Automated
mated data processing may be performed by a stand-alone
unit or by several connected units.
b. "Automated Data Processing Equipment" refers to electronic
components and equipment regardless of use, size, capacity
or price that are designed to be applied to the solution
or processing of a variety of problems or applications.
c. "Central Processing Unit (CPU)" is that part of a computer
that interprets and executes program instructions and
communicates with the input, output and storage devices.
It consists of the control unit and the arithmetic/logic
unit.
6-4
-------�
IRM POLICY MANUAL 2100
7/2V87
d. "Data Communications" refers to computer-to-computer,
computer-to-device and device-to-computer communications
and other communications such as a record, tele-processing
and telemetry.
e. "Distributed Processing" involves the use of computers
of intelligent terminals at a number of sites that share
the control/ storage and/or computing functions of the
central computing system, thus giving the end user data
processing capabilities. The various stations, or network
nodes, are connected by telecommunications lines.
f. "Hardware" refers to physical equipment such as the
computer and its related peripheral devices, tape drives,
disk drives, printers, etc.
g. "Mainframe" connotes a large computer.
h. "Microcomputer" is one of a large variety of general
purpose computers manufactured utilizing one or more
micro-processors. Microcomputers can range from computers
with relatively small amounts of memory to computers
with large amounts of random access memory and several
peripheral devices. Typically, an end user microcomputer
is of desktop size and requires no special environmental
site preparation.
i. "Minicomputer" refers to a computer somewhere in size
between a microcomputer and a mainframe. These units
are characterized by higher performance than microcomputers,
richer instruction sets, higher price and a proliferation
of high-level languages, operating systems and networking
methodologies.
j. "Network" is a computer system using data communications
equipment to connect two or more computers.
k. "Operating System" refers to software that controls and
supports the execution of computer programs and contributes
to optimal use of the computing system. An operating
system may provide services such as resource allocation,
scheduling, input/output control, error recovery and
data management. Although operating systems are
predominantly software, partial or complete firmware
implementations are possible.
6-5
-------�
IRK POLICY MANUAL 2100
7/21/87
1. "Service Level Agreement" refers to a documented contract
between the National Data Processing Division (NDPD) and
any client organization which describes the services
which will be provided by NDPD to the client. There are
two basic types of Service Level Agreements. One is a
generic documented service description which applies to
all client organizations and the other is a specific
agreement with an individual client organization. The
latter is developed primarily where the level of service
requested is beyond the normal service levels contained
in the generic service agreement. Service Level Agreements
generally contain a description of availability, capacity/
workload, performance, reliability and cost.
m. "Telecommunications" refers to the transmission and/or
reception of information by telephone, telephone lines,
telegraph, radio or other methods of communications over
a distance. The information may be in the form of voice,
pictures, text and/or encoded data.
n. "Timeshare" is a procedure that allows many users to
simultaneously access and use the resources of a central
computer through remote terminals.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines regarding
the management of the Agency's ADP resources will be issued
under separate cover.
6-6
-------�
IRM POLICY MANUAL
2100 CHG 1
6/6/88
CHAPTER 7 - VOICE COMMUNICATIONS
1. PURPOSE. To establish policies governing the selection,
installation, use, maintenance and administration of telephone
systems in the Environmental Protection Agency.
2. SCOPE AND APPLICABILITY. These policies apply to the
management of telephone and associated services for all
locations' and programs.
3. BACKGROUND. The Brooks Act, P.L. 89-306, establishes the
General Services Administration (GSA) as the overseer of
telecommunications facilities and services used by most
elements of the Federal Government, including the Environmental
Protection Agency. The following policies are provided as
guidance for telecommunications planning and operation within
the overall framework of GSA regulations.
Detailed information on telecommunications authority,
responsibility, services, administration, equipment and
service guidelines, locators and directories, teleconferencing,
record communications and radio services is provided in "EPA
Volume 4820-1, Telecommunications."
4. AUTHORITIES. Federal Information Resources Management
Regulations: Title 41, Subtitle E, Chapter 201, Parts 6, 8,
11, 21, 23, 38, 39, 40, and 41.
5. POLICY.
a. General
(1) Each EPA program will be provided the telephone
service it requires to function effectively. Agency
telecommunications staff will identify and implement
the most cost-effective solutions commensurate
with the demands of operational requirements and
the applicable Federal Information Resources
Management Regulations (FIRMRs).
(2) Telephone services provided to EPA employees are to
be used for official business only. EPA managers
and supervisors are responsible for controlling
use of these services by their employees.
7-1
-------�
IRM POLICY MANUAL 2100 CHG 1
6/6/88
b. Cost Planning and Control
(1) Each designated official whose program has a budget
for telephone service will develop annual projections
for telecommunications expenses, which can be used
to identify variations from expected cost/expenditure
levels.
(2) Each designated official whose program has a budget
'for telephone service will include in new or revised
cost tracking systems the capability of allocating
costs to their major operating elements.
(3) Each designated official whose program receives a
bill for telephone services will review the billing
for accuracy and completeness, determining that the
charges represent services received or equipment
actually in place.
(4) Each bill will be certified for payment by an official
who has knowledge of its accuracy and completeness.
c. Use of Long Distance Telephone Services
(1) The Federal Telecommunications System (FTS)
long distance network and other Government provided
long distance services are to be used to conduct
official business only. Official business may include
personal emergency calls and calls determined by a
supervisor to be necessary in the interest of the
government.
(2) Examples of calls which can be authorized as being
necessary in the interest of the government include:
a brief (e.g. 2-3 minutes) daily call to locations
within the local commuting area (the area from which
the employee reguarly commutes) to speak with spouse
or minor children or to those responsible for them,
to see how they are; brief calls to locations within
the local commuting area to arrange for emergency
repairs to an employee's residence or automobile;
a brief (e.g. 8-10 minutes) daily call to employee's
own residence if an employee is traveling for more
than one night on Government business in the U.S.;
calls to notify family, doctor, etc., when an employee
is injured on the job; calls to notify family of a
7-2
-------�
IRM POLICY MANUAL 2100 CHG 1
6/6/88
schedule change when an employee is traveling on
Government business; calls to notify family of a
schedule change when an employee is required to work
overtime without advance notice; calls to locations
within the local commuting area that can be reached
only during working hours, such as a local government
agency or physican.
(3) Personal calls that must be made during working hours
fCan be placed from government phones using the
commercial long distance network provided there is no
expense to the government. These calls must either
be placed to an 800 toll free number, charged to a
non-government number (e.g. third party or collect),
or charged to a personal telephone credit card.
(4) Personal emergency calls, calls of a personal nature
which are authorized by a supervisor to be necessary
in the interest of the government, and other authorized
personal calls that must be placed during working
hours must not adversely affect the performance of
official duties, should be of reasonable duration
and frequency, and must be such that they could not
have reasonably been made at another time.
d. Control of Long Distance Telephone Usage
(1) All long distance telephone charges to EPA are
subject to supervisory review. Where possible,
employees will be asked to review records of calls
placed from their assigned lines or extensions, to
verify that calls were placed for official business.
(2) Making unauthorized calls at government expense, even
if the caller intends to reimburse the government, is
prohibited by federal law (31 U-S.C. 1348(b)).
Employees who place unauthorized calls at government
expense will be required to pay for the cost of the
calls and will be subject to disciplinary action
according to the EPA Order No. 3120.1, "Conduct and
Discipline." Repeated abuse may result in suspension
or dismissal.
7-3
-------�
IRM POLICY MANUAL 2100 CHG 1
6/6/88
(3) Call detail reports as maintained by EPA are subject
to the requirements of the Privacy Act. All EPA
locations and programs operating a system to generate
call detail reports must comply with the provisions
of the Privacy Act, including publication, disclosure,
and record security provisions.
e. Equipment Standards
(1) Telephone equipment procured for use at EPA locations
must meet Agency standards for technical compatibility,
These standards, which are defined by the Telecommuni-
cations Manager, are designed to promote connectivity,
flexibility, ease of maintenance and possible system
growth or redesign.
(2) Each EPA location will establish a standard pattern
of telephone equipment and lines for its various
types of work stations: managerial, supervisory,
technical, clerical and laboratory. This pattern
will be designed to provide appropriate service for
the installation at least cost and will conform to
national technical standards.
(3) In addition to technical merit and life cycle cost,
telephone systems will be evaluated for user control
over installation, relocation, repair, cost of use
and system administration. Evaluation credit will
be given for system features that allow moves and
changes to be made easily by EPA employees and that
provide information on troubles, traffic, trunk use
and other areas which have direct cost implications.
Evaluation criteria used for selection of contractors
must appear in the associated RFP and will be
approved by the appropriate procurement authority
prior to use.
f. Procurement Approvals
(1) All telephone system and service procurements and
changes that require GSA approval under the FIRMR
will be submitted to the Central Telecommunications
Staff in the planning or early procurement stage
for review and coordination with the GSA Authoriza-
tions Staff. Actions requiring approval are detailed
in "EPA Manual 4820-1, Telecommunications."
7-4
-------�
2100 CHG 1
IRM POLICY MANUAL 6/6/88
(2) All requirements for use of radio frequencies,
including purchase of radio equipment and inauguration
or change in the use of any frequency, will be
submitted to the Central Telecommunications Staff for
review and coordination with the National Telecommuni-
cations and Information Administration's Frequency
Assignment Sub-committee.
(3) rAll procurements of telephone equipment or services
by EPA locations or programs will be submitted to
to the Central Telecommunications Staff for technical
clearance, to insure compatibility with other
telephone and facsimile equipment, dial tone to
data interface units, approved building wiring
specifications and general technical standards.
g. Inventory of Telephone Assets
(1) Each EPA location will maintain a record of telephone
lines, equipment and features which can be used to
to support review and validation of monthly vendor
billings and the annual inventory of telephone assets
required by the FIRMR.
h. Voice Telephone Monitoring
(1) Listening to and recording telephone conversations
without specific legal authorization is prohibited.
No unannouced telephone recording devices of any
kind shall be installed or used in EPA.
(2) An exception to the prohibition of use of telephone
recording devices may be made with the approval of
the EPA Administrator to accommodate a handicapped
employee who may require recording equipment in order
to perform required job functions.
i- Building Wiring
(1) All new telephone wiring installed by EPA locations
and programs will conform to standards established
and updated by the Central Telecommunications Staff.
These standards will permit efficient installation
and relocation of both voice and data terminals
and transmission equipment.
7-5
-------�
IRM POLICY MANUAL 2100 CHG 1
6/6/88
6. RESPONSIBILITIES.
a. The Director, National Data Processing Division, is
responsible for:
CD Development of telecommunications policy and practices
for both voice and integrated voice-data systems.
(2) Review and approval of all telecommunication changes
and procurements subject to Federal Information
Resources Management Regulation review.
(3) National and Headquarters telecommunication operations
(e.g., facsimile networking, radio frequency manage-
ment, off-premise FTS terminations).
(4) Providing telecommunications assistance to all
field locations.
b. Regional Administrators and Laboratory Directors are
responsible for:
(1) Regional office and laboratory telephone operations,
not otherwise assigned to NDPD.
7-6
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 8 - INFORMATION SECURITY
1. PURPOSE. This document establishes a comprehensive, Agency-
wide security program to safeguard Agency information resources,
This document sets forth the Agency's information security
policy for both manual and automated systems and assigns
individual and organizational responsibities for implementing
and administering the program.
2. SCOPE AND APPLICABILITY. This document applies to all EPA
organizations and their employees. It also applies to the
facilities and personnel of agents (including contractors and
grantees) of the EPA who are involved in designing, developing,
operating or maintaining Agency information and information
systems.
3. BACKGROUND.
a. Information is an Agency asset, just as property, funds
and personnel are Agency assets. The EPA is highly
dependent upon its information resources to carry out
program and administrative functions in a timely, efficient
and accountable manner.
b. The EPA relies on its information collection authority
under various enabling statutes to fulfill effectively
its environmental missions. The willingness of the
regulated community and State and local agencies to
supply requested information in a cooperative and timely
fashion depends on their confidence that the information
will be adequately protected.
c. The Agency's information resources are exposed to potential
loss and misuse from a variety of accidental and deliberate
causes. This potential loss and misuse can take the form
of destruction, disclosure, alteration, delay or undesired
manipulation. Moreover, the Agency can be subject to
acute embarrassment and litigation if certain business or
personal information is inadvertently or maliciously
disclosed.
d. As a result, it is essential that an overall program be
established to preserve and adequately protect the Agency's
information resources. At the same time, it is equally
essential that the program not unnecessarily restrict
information sharing with other Federal agencies,
8-1
-------�
IRM POLICY MANUAL 2100
7/21/87
universities, the public and State and local environmental
authorities. Such information sharing has historically
played a vital role in the overall fulfillment of the
Agency environmental mission.
e. The management, control and responsibility for information
resources within EPA are decentralized. Consequently,
the management and responsibility for information security
are also decentralized. An important example of this is
the expanding use of personal computers, networking,
distributed data bases and telecommunications. These
trends place new responsibilities on office managers,
research personnel and others not previously considered
information processing professionals. The "computer
center" can not be relied upon to protect Agency operations
Controls must be implemented and maintained where they
are most effective.
f. In determining responsibilities for information security,
it is useful to define a framework of owner/custodian/
user. Owners are those who create or maintain information.
Custodians are typically suppliers of information services
who possess, store, process and transmit the information.
These roles are often not discrete; the owner is often the
principal custodian and user of the information.
4. AUTHORITIES.
a. OMB Circular A-130, Management of Federal Information
Resources.
5. POLICY. It is EPA policy to protect adequately sensitive
information and sensitive applications, maintained in any
medium (e.g., paper, computerized data bases, etc.), from
improper use, alteration or disclosure, whether accidental or
deliberate. Information and applications will bo protected
to the extent required by applicable law and regulation in
accordance with the degree of their sensitivity in order to
ensure the cost-effectiveness of the security program.
a. Information security measures will be applied judiciously
to ensure that automated systems operate effectively and
accurately and to ensure the continuity of operation of
automated information systems and facilities that support
critical agency functions.
8-2
-------�
IRM POLICY MANUAL 2100
7/21/87
b. As required by OMB Circular No. A-130, all automated
installations will undergo a periodic risk analysis to
ensure that appropriate, cost-effective safeguards are
in place. This risk analysis will be conducted on new
installations, on existing installations undergoing
significant change and on existing installations at
least every five years.
c. Appropriate administrative, physical and technical
safeguards shall be incorporated into all new ADP applica-
tion systems (including PC-based applications) and major
modifications to existing systems.
d. As required by OMB A-130, all new applications will
undergo a control review leading to formal certification.
Existing sensitive applications will be recertified every
three years.
e. Access to sensitive personnel information and employment
applications will be limited to appropriate personnel in
accordance with procedures established by the Office of
Personnel Management and monitored by the EPA Office of
the Inspector General.
f. Appropriate ADP security requirements will be incorporated
into specifications for the acquisition of ADP related
services and products.
g. An information security awareness and training program
will be established so that all Agency and contractor
personnel are aware of their information security
responsibilities.
h. Information security must be a major factor in evaluating
the use of microcomputers. Microcomputer systems software
is typically rudimentary and affords little or no protec-
tion to information and programs. Consequently, networked
microcomputers, the ability to download data from larger,
protected computers onto microcomputers and microcomputer
data processing, generally present problems in information
security (for example, problems of access control or
control over the dissemination of information). All EPA
employees and managers must be aware of the information
security implications of storing and processing sensitive
information on microcomputers, whether networked or
stand-alone.
8-3
-------�
IRM POLICY MANUAL 2100
7/21/87
i. Therefore, it is EPA policy to discourage the use of
microcomputers for storing or processing sensitive
information, unless cognizant EPA employees and managers
have made sure that adequate Information security measures
are in use. If adequate information security cannot be
maintained, an alternative system configuration must be
used.
j. Information security violations will be promptly reported
to appropriate officials, including the Inspector General.
6. RESPONSIBILITIES.
a. The Office of Information Resources Management is
responsible for:
(1) Developing and issuing an information security policy
in accordance with all applicable Federal laws,
regulations and executive orders.
(2) Ensuring that all Agency organizational units are
in compliance with the information security program.
(3) Establishing training criteria and coordinating the
development of an information security training and
awareness program.
(4) Providing guidance on selecting and implementing
safeguards.
(5) Participating as it deems appropriate, in management
and internal control reviews conducted by the Office
of the Comptroller to ensure compliance with the
information security program.
b. Each "Primary Organization Head" (defined by EPA Order
1000.24 as the Deputy Administrator, Assistant Administra-
tors, Regional Administrators, the Inspector General and
the General Counsel) is responsible for:
(1) Ensuring that sensitive information and applications
within the organization are adequately protected.
8-4
-------�
IRM POLICY MANUAL 2100
7/21/87
(2) Establishing an organization-wide program for
information security consistent with organizational
mission and Agency policy, including assigning
responsibility for the security of each installation
to a management official(s) knowledgeable in
information technology and security.
(3) Assuring annually the Assistant Administrator for
Administration and Resources Management that organiza-
tional information resources are adequately protected,
This will be done as part of the internal control
review process required under OMB Circular No. A-123
(revised) and implemented under EPA Order 1000.24.
(4) Making sure that all automated installations within
the organization undergo a periodic "risk analysis"
to ensure that appropriate, cost-effective safeguards
are in place.
(5) Ensuring the continuity of operations of automated
information systems and facilities that support
critical functions.
(6) Making sure that appropriate safeguards are
incorporated into all new organizational application
systems and major modifications to existing systems,
that all new organizational applications undergo an
information security review leading to formal certi-
fication and that existing sensitive applications
are recertified every three years.
(7) Making sure that Federal employees and contractor
personnel understand their security responsibilities
and that organizational security regulations are
properly distributed.
(8) Making sure that all organizational procurements of
ADP equipment, software and services incorporate
adequate security provisions.
c. The Director, Facilities Management and Services Division
(FMSD), is responsible for:
8-5
-------�
IRM POLICY MANUAL 2100
7/21/87
(1) Establishing and implementing physical security
standards, guidelines and procedures in accordance
with EPA information security policy.
(2) Establishing and implementing standards and procedures
for National Security Information in accordance with
EPA information security policy and all applicable
Federal laws, regulations and executive orders.
d. The Procurement and Contracts Management Division and the
Grants Administration Division are responsible for:
(1) Ensuring that Agency grant and contract policies,
solicitations and award documents contain provisions
concerning the information security responsibilities
of contractors and grantees that have been
promulgated by OIRM.
(2) Establishing procedures to ensure that contractors
and grantees are in compliance with their information
security responsibilities. Project Officers are
responsible for ensuring contractor compliance with
security requirements on individual contracts.
Violations shall be reported to the contracting
officer, Inspector General and appropriate OIRM
official. Specific violations involving National
Security Information shall be reported to the Director,
FMSD and the Contracting Officer.
e. The Office of the inspector General is responsible for:
(1) Establishing and implementing personnel security
standards, guidelines and procedures in accordance
with EPA information security policy and all applicable
Federal laws and regulations.
(2) Conducting or arranging investigations of known or
suspected personnel security violations as it deems
appropriate.
f. The Office of the Comptroller is responsible for:
(1) Allowing OIRM to review written internal control
reports so that OIRM is aware of the status of
information security weaknesses.
8-6
-------�
IRM POLICY MANUAL 2100
7/21/87
g. Each EPA Manager and Supervisor is responsible for:
(1) Making sure their employees are knowledgeable of
their information security responsibilities.
(2) Ensuring that their employees adhere to the
organizational information security program
established by the applicable Primary Organization
Head.
h. Each EPA Employee, Contractor and Grantee is responsible
for:
(1) Complying fully with his/her information security
responsibilities.
(2) Limiting his/her access only to information and
systems he/she is authorized to see and use.
(3) Adhering to all Agency and organizational information
security policies, standards and procedures.
(4) Reporting information security violations to
appropriate officials. Violations involving National
Security Information shall also be reported to the
Director, FMSD.
7. DEFINITIONS.
a. "Applications Security" means the set of controls that
makes an information system perform in an accurate and
reliable manner, only those functions it was designed to
perform. The set of controls includes the following:
programming, access, source document, input data, processing
storage, output and audit trail.
b. "Confidential Business Information" includes trade secrets,
proprietary, commercial/financial information, and other
information that is afforded protection from disclosure
under certain circumstances as described in statutes
administered by the Agency. Business information is
entitled to confidential treatment if: (1) business
asserts a confidentiality claim, (2) business shows it
has taken its own measures to protect the information,
(3) the information is not publicly available or
8-7
-------�
IRM POLICY MANUAL 7/21/87
(4) disclosure is not required by statute and the
disclosure would either cause competitive harm or impair
the Agency's ability to obtain necessary information in
the future.
c. "Information" means any communication or reception of
knowledge such as facts, data or opinions, including
numerical, graphic, or narrative forms, whether oral or
maintained in any medium, including computerized data
bases (e.g., floppy disk and hard disk), papers, microform
(microfiche or microfilm), or magnetic tape.
d, "Information Security" encompasses three different "types"
of security: applications security, installation security
and personnel security. In total, information security
involves the precautions taken to protect the confiden-
tiality integrity and availability of information.
e. "Information System" means the organized collection,
processing, transmission and dissemination of information
in accordance with defined procedures, whether automated
or manual.
f. "Installation" means the physical location of one or
more information systems, whether automated or manual.
An automated installation consists of one or more computer
or office automation systems including related peripheral
and storage units, central processing units, telecommuni-
cations and operating and support system software.
Automated installations may range in size from large
centralized computer centers to stand-alone personal
computers.
g. "Installation Security" includes the use of locks, badges
and similar measures to control access to the installation
and the measures required for the protection of the
structure housing the installation from accident, fire
and environmental hazards. In addition to the above
physical security measures, installation security also
involves ensuring continuity of operations through
disaster planning.
h. "National Security Information" means information that
is classified as Top Secret, Secret or Confidential
under Executive Order 12356 or predecessor orders.
8-8
-------�
IRM POLICY MANUAL
2100
7/21/87
i. "Personnel Security" involves making a determination of
an applicant's or employee's loyalty and trustworthiness
by ensuring that personnel investigations are completed
commensurate with position sensitivity definitions and
according to the degree and level of access to sensitive
information.
j. "Privacy" is the right of an individual to control the
collection, storage and dissemination of information
about himself/herself to avoid the potential for substan-
tial harm, embarrassment, inconvenience or unfairness.
k. "Risk Analysis" is a means of measuring and assessing
the relative vulnerabilities and threats to a collection
of sensitive data and the people, systems and installations
involved in storing and processing that data. Its purpose
is to determine how security measures can be effectively
applied to minimize potential loss. Risk analyses may
vary from an informal, quantitative review of a micro-
computer installation to a formal, fully quantified
review of a major computer center.
1. "Sensitive Information" means information that requires
protection due to the risk and magnitude of loss or harm
that could result from inadvertent or deliberate disclosure,
alteration or destruction of the information. For the
purposes of this program, information is categorized as
being either sensitive or not sensitive. Because sensi-
tivity is a matter of degree, certain sensitive information
is further defined as being "highly" sensitive.
Highly Sensitive:
This is information whose loss would
seriously affect the Agency's ability
to function, threaten the national
security or jeopardize human life and
welfare. Specifically, information of
this type includes National Security
Information, information critical to
the performance of a primary Agency
mission, information that is life
critical and financial information
related to check issuance, funds
transfer and similar asset accounting/
control functions.
8-9
-------�
IRK POLICY MANUAL 2100
7/21/87
Other Sensitive; This is information whose loss would
acutely embarrass the Agency, subject
the Agency to litigation or impair
the long-run ability of the Agency to
fulfill its mission. Information of
this type includes Privacy Act informa-
tion, Confidential Business Information,
enforcement confidential information,
information that the Freedom of
Information Act exempts from disclosure,
budgetary data prior to release by
OMB and information of high value to
the Agency or a particular organization
(see below).
The sensitivity if any, of all other information, shall
be determined by the organizational owner of the informa-
tion. While a precise set of criteria for determining
the sensitivity of this other information cannot be
provided, the cost of replacing the information and the
problems that would result from doing without the informa-
tion are primary factors to consider in determining
sensitivity.
m. "Sensitive Applications (or Systems)" are applications
which process highly sensitive or sensitive information
or are applications that require protection because of
the loss or harm which could result from the improper
operation or deliberate manipulation of the application
itself. Automated decision-making applications are
highly sensitive if the wrong automated decision could
cause serious loss.
8. PROCEDURES AND GUIDELINES. Standards, procedures and
guidelines for the Agency information security program will
be identified and issued under separate cover in the "Informa-
tion Security Manual." This manual will identify and reference,
as appropriate existing procedures in the information security
area, such as the "Privacy Act Manual," the "National Security
Information Security Handbook," and Confidential Business
Information manuals like the TSCA Security Manual.
8-10
-------�
IRM POLICY MANUAL 2100
7/21/87
9. PENALTIES FOR UNAUTHORIZED DISCLOSURE OF INFORMATION.
a. EPA employees are subject to appropriate penalties if
they knowingly, willfully or negligently disclose sensitive
information to unauthorized persons. Penalties may
include, but are not limited to, a letter of warning, a
letter of reprimand, suspension without pay, dismissal,
loss or denial of access to sensitive information
(including National Security Information), or other
penalties in accordance with applicable law and Agency
rules and regulations, which can include criminal or civil
penalties. Each case will be handled on an individual
basis with a full review of all the pertinent facts. The
severity of the security violation or the pattern of
violation will determine the action taken.
b. Non-EPA personnel who knowingly, willfully or negligently
disclose sensitive information to unauthorized persons
will be subject to appropriate laws and sanctions.
8-11
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 9 - INFORMATION COLLECTION
1. PURPOSE. This policy establishes objectives, responsibilities
and procedures for preparation, review and clearance of
Agency efforts to collect or obtain information from the
public in support of Agency missions.
2. SCOPE AND APPLICABILITY. This policy applies to all EPA
organizational units and their employees. It also applies
to agents of EPA (including State agencies, contractors and
grantees) who are involved in information collection activities
3. BACKGROUND.
a. The Paperwork Reduction Act of 1980 (P.L. 96-511) was
formulated to remedy deficiencies Congress perceived in
Federal information related activities, particulatly
related to the paperwork burden imposed by Government on
the public. The Act and resultant OMB and GSA policy
intend for the creation or collection of information to
be carried out within the context of efficient and
economical management.
b. EPA can be characterized as an 'information-based1 agency
in the sense that in developing and implementing its
programs, it constantly requires the collection or genera-
tion of data. Indeed, in many cases, this information
component plays the decisive role determining both the
resources that the Agency will need and the substantive
direction that its programs will take. Given its
importance to the organization, therefore, the decision
to collect information ought to reflect the policy
interests of the Agency.
c. This chapter presents those policy interests with respect
to information so that decisions to collect or generate
and maintain data can be made in a principled and
coordinated manner on an Agencywide basis.
d. The Agency's information policy rests on the following
two general premises:
9-1
-------�
IRM POLICY MANUAL 210°
7/21/87
(1) That justification for an information collection
must derive from the role that this information
plays in supporting a program mission of the Agency.
(2) That, given a number of acceptable options for
using information to support a program mission, an
information collection ought to represent the
most economical alternative in terms of both cost
to the Agency and burden on the public.
Sections 5-a through 5-c of this chapter expand on this
first premise. Sections 5-d through 5-f expand on the
second.
4. AUTHORITIES.
a. Paperwork Reduction Act of 1980 (Public Law 96-511).
b. OMB Regulation 5 CFR 1320, Controlling Paperwork and
Burden on the Public.
c. OMB Circular A-130, Management of Federal Information
Resources.
5. POLICY.
a. The data requirements of the information collection must
be clearly dictated by the need to support decisions
that serve an identifiable program mission. Data
requirements here include:
(1) The data elements being collected. Each data element
must be clearly relevant to the decisions to be
supported.
(2) The number of individuals about whom (and from
whom) these data elements are being collected.
This "quantity" of information must be appropriate
to what the decisions at hand require.
(3) The requirements for quantifiable levels of precision
in survey estimates. The level of precision chosen
must reflect the survey's intended role in a decision-
making process.
9-2
-------�
IRM POLICY MANUAL 2100
7/21/87
(4) The choice of individuals about whom (and from
whom) data elements are being collected in case
studies. The analysis plan for such a study must
explain why this approach is being taken and why
study of the individuals in questions is relevant
to the decisions to be made.
b. The provisions for collecting, storing and managing the
data must be appropriate to the decisions the information
will be used to support, taking into account:
(1) The data requirements themselves
(2) Who will be providing the data
(3) Who will be using the data
(4) The time frame within which that use will occur.
c. The cost of the information collection (in terms both of
resources expended by the Agency and of burden imposed
on the public) must be commensurate with both the
importance of the program mission in question and the
contribution that the information makes to decisions
that serve this mission. Specifically,
(1) Taking into account both the use of information
and the cost, the information collection should
result in a net social benefit—that is, whether or
not this can be quantified, in some clear sense the
information should be worth more than it costs to
collect
(2) The proportion of the Agency's resources (including
the amount of burden placed on the public) devoted
to the collection and use of the information should
reflect the relative priority of the program mission
being served.
d. The information collection must reflect the choice of
the least costly alternative that will satisfy the
decision-making needs to the given program mission. In
this context, "cost" represents the total of Agency and
public resources devoted to supplying, collecting,
processing, storing and using the information.
9-3
-------�
IRM POLICY MANUAL 2100
7/21/87
e. The information collection must not generate a body of
data that duplicates information already available to
the Federal government—bearing in mind that what counts
as "duplicate data" will be relative to the decision-making
needs which the data will be used to satisfy.
f. The information collection should be designed to maximize
its usefulness by ensuring that, so long as costs do not
rise disproportionately and program priority needs are
not compromised:
(1) The collection takes advantage of the opportunities
to serve multiple needs, both within and outside the
Agency
(2) The data are collected and maintained in a form that
is compatible with the broadest range of information
systems to which they are likely to be relevant.
6. RESPONSIBILITIES.
a. The Office of Policy, Planning and Evaluation is
responsible for:
(1) Overseeing Agency compliance with Federal information
collection policies and guidelines.
(2) Promulgating and maintaining Agency guidance for
compliance with Federal information collection
requirements under the Paperwork Reduction Act.
(3) Reviewing proposed legislation or regulations which
involve information collection requirements to
assess the costs to the Agency and the paperwork
burden imposed on the public.
(4) Providing training and technical assistance to
Agency personnel in the development and clearance
of information collection requests.
(5) Reviewing each information collection request to
ensure consistency with Federal policy and criteria
specified in Section 1320.4(b) of the Paperwork
Reduction Act that the collection of information:
9-4
-------�
IRM POLICY MANUAL 2100
7/2V87
(a) Is the least burdensome necessary for the
proper performance of the Agency functions to
comply with legal requirements and achieve
program objectives
(b) Is not duplicative of information otherwise
accessible to the Agency
(c) Has utility and good quality. The agency must
seek to minimize the cost to itself of collection,
processing, and using the information, but
shall not do so by means of shifting dispropor-
tionate costs or other burdeng onto the public.
(6) Coordinating OMB clearance of EPA information
collection requests including responding to inquiries
from OMB, maintaining records of transmittals and
clearances and notifying program offices of OMB
action.
(7) Coordinating the annual submission of an Information
Collection Budget for the Agency.
b. The Assistant Administrators, Associate Administrators,
General Counsel, Inspector General and Regional Adminis-
trators are responsible for:
(1) Implementing the guidelines required by the Office
of Management and Budget under the Paperwork Reduction
Act of 1980 within their offices.
(2) Ensuring that their information collection activities
within their offices shall have received prior OMB
clearance and the appropriate OMB control number.
(3) Reviewing and approving their offices' information
collection requests for submission to OMB.
(4) Ensuring that their information collections are not
duplicative, require as little burden from respondents
as possible and have practical utility.
9-5
-------�
IRM POLICY MANUAL 210°
7/21/87
7. DEFINITIONS.
a. "Burden" - refers to the total time, effort, or financial
resources expended by persons to provide information to
the Agency. This includes the time to read or hear,
develop, modify, construct or assemble; to conduct tests,
inspections, polls, observations necessary to obtain the
information; to organize, review, maintain, disclose, or
report the information; and to store, file or maintain
the information.
b. "Information Collection" - refers to obtaining or
soliciting facts or information by the Agency through
the use of written report forms, application forms,
schedules, questionnaires, reporting or recordkeeping
requirements, or other similar methods calling for either
answers to:
(1) Identical questions posed to, or identical reporting
or recordkeeping requirements imposed on, ten or
more persons, other than agencies, instrumentalities,
or employees of the United States
(2) Questions posed to agencies, instrumentalities, or
employees of the United States which are to be used
for general statistical purposes.
c. "Information Collection Request" - refers to the method
by which the Agency communicates the specifications for
a collection of information to potential respondents,
including a written report form, application form,
schedule, questionnaire, oral communication, reporting
or recordkeeping requirement or other similar method.
d. "Information Collection Budget" - refers to a limit
imposed annually by OMB allowing the Agency to conduct
information collection activities. The figure is expressed
in hours of burden on the public.
e. "Practical Utility" - refers to the ability of the Agency
to use the information it collects, particularly the
capability to process such information in a timely and
useful fashion.
9-6
-------�
IRM POLICY MANUAL 210°
7/21/87
f. "Recordkeeping Requirement" - is a requirement imposed
by the Agency on persons or businesses to maintain
specified records that are not customarily kept as
ordinary business records. These records are not
necessarily provided to the Agency.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines will
be issued under separate cover.
9-7
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 10 - RECORDS MANAGEMENT
1. PURPOSE. This policy prescribes objectives, responsibilities
and procedures for the conduct of the Agency's records/
information management program.
2. SCOPE AND APPLICABILITY. This policy applies Agencywide to
both program and administrative records.
3. BACKGROUND. Records created or acquired by an official or
employee of the Agency in the course of conducting Government
business are the property of the United States Government.
Persons who create or acquire custody or possession of official
records by virtue of their positions as officials or employees
do not necessarily attain a proprietary interest in such
records. Official records are public records and belong to
the Government rather than to the employee. The penalties
for the willful and unlawful destruction, removal from files
and private use of official records are contained in 18
U.S.C. 2071. All EPA employees are responsible for reporting
any actual or threatened unlawful loss or removal of official
records to the Agency Records Management Officer, Information
Management and Services Division.
Detailed information on records management procedures and
guidance are contained in the EPA Records Management Manual.
4. AUTHORITIES.
a. Federal Records Act of 1950, as amended (44 U.S.C. 3101-
3107).
b. 36 CFR 1220 and 41 CFR 201-22.
c. Paperwork Reduction Act of 1980.
d. OMB Circular A-130, Management of Federal Information
Resources.
5. POLICY.
a. The Agency shall make and preserve records to provide
adequate and proper documentation of the organization,
functions, policy decisions, procedures and essential
10-1
-------�
IRM POLICY MANUAL 2100
7/21/87
transactions; and to protect the legal and financial
rights of the Government and of persons directly affected
by Agency activities.
b. As required by law, the official records of the Agency
shall not be destroyed, without the prior approval of the
National Archives and Records Administration. This
approval authority is provided in the form of EPA Records
Control Schedules. These schedules list official records
of the Agency (including many non-official records) and
prescribe the periods of authorized retention. All EPA
employees are responsible for insuring that records
disposal actions agree with these schedules.
c. Records (of all media, paper, electronic, audiovisual,
maps, etc.) shall be retained in accordance with Agency
retention schedules. After the specified record retention
period, records shall be disposed of or forwarded to the
Federal Records Center per Agency procedures.
d. The Agency shall preserve and protect information that is
vital to the essential functions of the Agency during a
national emergency or that is essential to the legal rights
and interests of individual citizens and the Government.
e. The Agency shall apply, whenever practicable, appropriate
standards and file structures to facilitate efficient
filing, storage and retrieval of records.
f. The acquisition and use of state-of-the-art information
storage and retrieval systems (e.g., microform, electronic
digital image, computer assisted retrieval), shall be
approved when technically feasible, cost-effective and
when it most appropriately satisfies program needs.
g. The Agency shall establish uniform criteria for the
acquisition of information storage and retrieval
technologies.
h. Machine-readable and audiovisual records (i.e., microform
records) shall be maintained and protected in accordance
with applicable statutes and regulations.
i. The acquisition of filing equipment and supplies for use
within the Agency shall be as economical as possible to
meet filing requirements. Filing equipment is not to be
10-2
-------�
IRM POLICY MANUAL 2100
7/21/87
requested solely to improve appearance, office decor,
elevate status nor because of a desire for the latest
design. Letter-size equipment shall be used unless there
is a requirement for legal-size. Used or reconditioned
equipment shall be used when available. As equipment
becomes excess to local needs, it shall be turned into
the Property Office for further disposition.
j. The integrity of the Agency's official files shall be
insured at all times, so that all official records relating
to the operations of the Agency are documented in the
official files.
6. RESPONSIBILITIES.
a. The Assistant Administrators, Inspector General, General
Counsel, Associate Administrators, Regional Administrators,
Laboratory Directors and Headquarters Staff Office Directors
shall provide for the implementation of the records/
information management program within their respective
areas. They shall:
(1) Assure that the objectives of the EPA records
management program are achieved. These objectives
include the following:
(a) Prevent the creation of unnecessary records in
any media.
(b) Promote the application of filing systems and
structures for the efficient organization,
maintenance and use of records to facilitate
retrieval and use.
(c) Ensure that records of continuing value are
preserved but that valueless or non-current
information are disposed of or transferred to
storage in a timely manner in accordance with
Agency records control and disposition schedules.
(d) Ensure that the acquisition and use of all
direct paper to microform systems and equipment
or electronic digital image are technically
feasible, cost-effective and most appropriately
satisfy program needs.
10-3
-------�
IRM POLICY MANUAL 2100
7/21/8 7
(e) Ensure that appropriate criteria justifying
the acquisition of information storage equipment
are applied.
(f) Preserve and protect information that is vital
to the essential functions of the Agency during
a national emergency or that is essential to
the legal rights and interests of individual
citizens and the Government.
(g) Provide for the Agencywide management of
machine-readable and audiovisual records in
accordance with applicable statutes and
regulations.
(2) Designate individuals within their respective areas
to act as Records Management Officers and Vital Records
Officers.
(3) Assure that file custodians are designated within
their area of responsibility.
(4) Assure that records control schedules are applied to
the records in their area.
b. The Director, Information Management and Services Division
shall provide overall supervision and policy guidance in
records management on an Agencywide basis.
c. Records Management Officers.
(1) The Agency Records Management Officer in the Information
Management and Services Division, shall:
(a) Develop policy, directives, instructional materials
governing the organization, maintenance and
disposition of all records, including machine-
readable and audiovisual.
(b) Provide staff advice, guidance, assistance and
training in all aspects of the records/information
management program.
(c) Coordinate program efforts and evaluate program
effectiveness by making periodic surveys of
information systems.
10-4
-------�
IRM POLICY MANUAL 2100
7/21/87
(d) Coordinate the review and approval of requests
for source document micrographics/electronic
image storage and retrieval systems, equipment
and services.
(e) Review and approve acquisition of records storage
equipment at Headquarters.
(f) Plan and coordinate the EPA Vital Records Program.
(g) Coordinate the retirement and retrieval of
Headquarters records to the Federal Records
Center.
(2) Records Management Officers at Headquarters shall
serve as coordinators of the records program in their
areas.
(3) Records Management Officers in Regional offices and
laboratories, when designated, shall perform responsi-
bilities corresponding to those of the Agency Records
Management Officer (see subparagraph c(l) above) in
their areas.
7. DEFINITIONS.
a. "Administrative Records" are the records which reflect
routine, transitory, and internal housekeeping activities
relating to subjects and functions common to all offices.
b. "Agency Records Management Officer" is the title of the
designated staff official whose responsibility is to
plan, develop and coordinate the Agency records management
program.
c. "Electronic Digital Image Storage and Retrieval Systems"
is the technology that converts and stores images and
information in digital form.
d. "Federal Records Centers" are the depositories established
by the National Archives and Records Administration for
the housing of non-current, inactive or permanent records
pending ultimate disposition in accordance with the Agency
Record Control Schedules.
10-5
-------�
IRM POLICY MANUAL 2100
7/21/87
e. "Filing Equipment" refers to any equipment used to provide
storage for information e.g., lateral, vertical, mechanized
and ADP.
f.
"Filing Supplies" are items such as folders, guides,
cross-reference sheets and charge-out cards.
g. "Information Management" describes the processes necessary
for the creation, use and disposal of information regardless
of the media on which it is recorded.
h. "Maintenance of Records" refers to the grouping, filing,
storing and safeguarding of records.
i. "Micrographics" refers to the science and technology of
document and information microfilming and associated
microform systems including the following:
(1) "Microfilm" is a high resolution film containing an
image or images greatly reduced in size from the
original which is recorded on the film.
(2) "Microfiche" is a sheet of film containing multiple
microimages in a grid pattern. It usually contains
a heading or title which can be read without
magnification.
(3) "Microform" is any form containing microimages.
(4) "Microimages" refers to information, such as a page
of text or a drawing, too small to be read without
magnification.
j. "Program Record" refers to records created, received and
maintained by an agency in the conduct of the mission
functions for which it is responsible. The term is used
in contrast with administrative, housekeeping or
facilitative records.
k. "Records" are recorded information of continuing
administrative, fiscal, legal, historical or informational
value, including published materials, papers, maps,
photographs, microfilm, audiovisual, machine-readable
materials (ADP tapes/disks) or other documentary material,
10-6
-------�
IRM POLICY MANUAL
2100
7/21/87
regardless of physical form or characteristics, made or
received by the agency that evidences organization,
functions, policies, decisions, procedures, operations or
other activities of the Government.
(1) "Classified Records" are records designated as "Top
Secret," "Secret" or "Confidential" which are
restricted to processing or use by cleared individuals
and require special protection.
(2) "Current Records" are records or files presently in
the physical custody of organizational units, the
maintenance of which is required for the conduct of
current work.
(3) "Nonrecord Material" includes blank forms, library
materials and working papers of fleeting value such
as drafts, worksheets, informal notes, slips, etc.
(4) "Official Record File" refers to documentation
including all background material resulting from
specific transactions, operations or processes which
are accumulated and maintained in file equipment.
It may include any media such as film, microform,
cards, papers and magnetic tapes and disks.
(5) "Permanent Records" refers to records of continuing
value which are considered to be so valuable or
unique in documenting the history of the agency or
for informational content that they should be
preserved "forever" as part of the National Archives
of the United States.
(6) "Confidential Business Information" means any
information in any form received by EPA from any
person, firm, partnership, corporation, association
or local, State or Federal agency or foreign govern-
ment which contains trade secrets or commercial or
financial information, and which has been claimed
as confidential by the person submitting it and has
not been determined to be non-confidential under the
procedures in 40 CFR Part 2.
10-7
-------�
IRM POLICY MANUAL 2100
7/21/87
(7) "Semi-active and Inactive Records" refers to records
worthy of preservation, have long term permanent
value and will be retired from expensive office space
and equipment to the area Federal Records Center for
storing, servicing, and ultimate disposition in
accordance with EPA records control schedules.
(8) "Temporary Records" are records created incidental
to performance of the mission. They are "operational",
"support" and "service" type records which are
considered to be of temporary value to the Agency
and will be destroyed at some time.
1. "Records Control Schedules" refers to a list for systematic
disposition of agency records, including their retention,
transfer, retirement or destruction, performed in accordance
with approved disposition authority from the United
States Archivist, National Archives and Records Services.
m. "Records Management Officer" is the title of designated
staff officials whose responsibilities are to assist the
Agency Records Management Officer by carrying out the
policies of the records management program in their
respective organizational units.
n. "Records Management" describes the management of the
media on which information is recorded.
o. "Vital Records" refers to records critical to the continued
operation of the agency and records essential to the
preservation of the legal rights and interests of
employees and individual citizens, in wartime or disaster.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines are
issued under separate cover in the EPA Records Management
Manual EPA Directive 2160.
10-8
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 11 - PRIVACY
1. PURPOSE. This policy establishes Agency principles for
protecting the privacy of individuals who are identified in
the Environmental Protection Agency's information systems and
informs Agency employees and officials of their rights and
responsibilities under the Privacy Act (5 U.S.C. 552a). It
supplements the EPA regulations in Part 16, Title 40, Code of
Federal Regulations (CFR) and the Agency's Privacy Act Manual.
2. SCOPE AND APPLICABILITY. This policy applies to any records
under the control of the Agency from which information on a
subject individual is retrieved by a personal identifier
assigned to the individual. The identifier may be the name
of the individual, a number, a symbol or any other specific
retriever assigned to such individual. This policy applies
to such records maintained by the Agency in-house or maintained
by a contractor or grantee on behalf of the Agency to accomplish
an Agency function.
3. BACKGROUND. In order to protect individual privacy, Congress
passed the Privacy Act of 1974 (5 U.S.C. 552a) which sets
forth requirements for Federal agencies when they collect,
maintain or disseminate information about individuals. The
Act requires that Federal agencies respect the privacy of
individuals by (a) collecting a minimum of information neces-
sary on individuals, (b) safeguarding the information and
(c) allowing individuals to inspect and correct any erroneous
information. The EPA has developed this policy and the
Privacy Act Manual to implement these requirements.
4. AUTHORITIES.
a. The Privacy Act of 1974, 5 U.S.C. 552a, as amended.
b. OMB Circular No. A-130, Management of Federal Information
Resources.
c. OMB's Privacy Act Implementing Guidelines published at 40
Federal Register 28948.
d. 40 CFR Part 16, EPA's Privacy Act Regulations.
11-1
-------�
IRM POLICY MANUAL 2100
7/21/87
5. POLICY.
a. The Agency will safeguard personal privacy in its
collection, maintenance/ use and dissemination of informa-
tion about individuals and make such information available
to the individual in accordance with the requirements of
the Privacy Act.
b. To the greatest extent practicable, information about an
individual shall be collected directly from the individual
if the information may be used to make decisions with
respect to the individual's rights, benefits and privileges
under Federal programs.
c. Information that the Agency collects and maintains about
individuals shal] be relevant and necessary to the
accomplishment of the Agency's purpose as required by
statute or Executive Order. The office concerned shall
establish the relevancy of and need for the information,
as well as the authority to collect it.
d. The information that is maintained in a System of Records
shall be kept as accurate, relevant, current and complete
as possible to ensure fairness to the individual.
e. At least sixty days prior to creation of a new System of
Records or significant alteration to an existing System,
the Agency shall submit documentation to OMB and the
Congress and publish a notice of the System in the Federal
Register.
f. When EPA creates a new Privacy Act system of records, it
must prepare a written Privacy Act Statement. Each time
the Agency requests that an individual provide information,
including a social security number, to be maintained in
the Privacy Act system of records, the Privacy Act State-
ment shall be made available to the individual. The
Statement will inform the individual of the legal authority
for collecting the information, whether disclosure of
the information by the individual is mandatory or voluntary,
the purpose for which the information is being collected,
the routine uses which may be made of the information,
and the effects on the individual if the individual does
not provide the information. When EPA asks an individual
11-2
-------�
IRM POLICY MANUAL 2100
7/21/87
to provide his or her social security number and that
number is not to be incorporated into a Privacy Act
system of records, the Agency must, nevertheless, inform
the individual of the authority for collecting the social
security number, the uses to be made of the number, and
whether disclosure of the number by the individual is
voluntary or mandatory.
g. The Agency, upon written request from a subject individual,
shall notify the individual that it is maintaining a
record on him/her and must grant the individual access to
the record, unless the Agency has published a rule exempting
the System of Records from this requirement. In addition,
the Agency shall amend such record upon request, unless
the Agency has published a rule exempting the System from
this requirement, whenever the subject individual proves
that the record is not accurate, relevant, current or
complete. If the Agency does not grant access to or
amend an individual's record upon request, it shall
inform the individual of its refusal to grant access to
or amend such record and advise him/her of his/her appeal
rights.
h. The Agency must not disclose information from records
maintained in a System of Records to any person or agency,
except with the written consent of the individual to whom
the record pertains. There are, however, twelve exceptions
which permit disclosures without consent of the individual.
Any other disclosure of the records (other than to the
subject individual) is unauthorized. See the Privacy Act
Manual for further discussion of these exceptions.
i. Except for disclosures to EPA officials and employees
with an official need to know and disclosures required
to be made under the Freedom of Information Act, an
accounting of the disclosures that are made from a System
of Records must be maintained by the System Manager.
Each accounting must include the date, nature and purpose
of disclosure and the name and address of the person or
agency to whom the disclosure was made. The accounting
must be retained for the life of the record or for five
years after disclosure, whichever is longer.
6. RESPONSIBILITIES.
a. The Assistant Administrators, Inspector General, General
Counsel, Associate Administrators, Regional Administrators,
Laboratory Directors and Headquarters Staff Office
Directors are responsible for:
11-3
-------�
IRM POLICY MANUAL 21on
7/21/87
(1) Implementing the Privacy Act and the requirements
specified in this policy and the Privacy Act Manual
within their respective areas. They are responsible
for designating an appropriate EPA employee to serve
as System Manager for an existing or proposed System
of Records.
b. Director, Information Management and Services Division,
(IMSD), Office of Information Resources Management is
responsible for providing overall management and policy
guidance.
c. The Chief, Information Management Branch, IMSD, is the
Privacy Policy Officer and is responsible for policy,
procedures and oversight of the Act. He/she administers
activities related to establishment, alteration or
termination of Systems.
d. The General Counsel serves as the EPA Privacy Appeals
Officer and is responsibile for interpreting the Act,
reviewing Privacy Act notices, regulations, policy state-
ments and related documents for legal form and substance
and deciding all written appeals of negative determinations.
e. The Director, Personnel Management Division is responsible
for reviewing proposed or altered systems for personnel
management implications.
f. Each Manager and Supervisor is responsible for implementing
the provisions of this Manual and the Privacy Act Manual
within their respective areas.
g. The System Manager is responsible for:
(1) Applying approved Privacy Act policies and procedures
relating to an existing or proposed System of Records
and, when appropriate, implementing additional practices
and procedures to cover special conditions or situa-
tions that may arise within the System of Records.
In addition, the System Manager is responsible for:
(a) Preparing documentation required by the Privacy
Act, including notices of new, altered or termi-
nated System of Records for publication in the
Federal Register.
11-4
-------�
IRM POLICY MANUAL 2100
7/21/87
(b) Making initial decisions whether to grant an
individual access to his/her records or amend
such records and whether to extend the date of
initial determination concerning requests for
access to or amendment of records under the
Act.
(c) Safeguarding the System under his/her
jurisdiction.
(d) Informing employees having access to a System
of Record of the penalties under the Privacy
Act.
7. DEFINITIONS.
a. "Access" means availability of a record to a subject
individual.
b. "Disclosure" means the availability or release of a record
to anyone other than the subject individual.
c. "Individual" means a citizen of the U.S. or an alien
lawfully admitted for permanent residence. It does not
include businesses or corporations and, in certain
circumstances, may not include sole proprietorships,
partnerships or persons acting in a business capacity
identified by the name of one or more persons.
d. "Maintain" means to collect, use or disseminate when
used in connection with the term "record"; and, to have
control over or responsibility for a System of Records
when used in connection with the term, "System of Records."
e. "Personal identifier" is any individual number, symbol
or other identifying designation assigned to an individual,
but not a name, number, symbol or other identifying
designation that identifies a product, establishment or
action.
f. "Record" means any collection or grouping of information
about an individual that is maintained by the agency,
including but not limited to the individual's education,
financial transactions, medical history and criminal or
employment history and that contains his/her name or an
identifying number, symbol or other identifyier assigned
to the individual, such as a finger or voice print or
photograph.
11-5
-------�
IRM POLICY MANUAL 210°
7/21/87
g. "Routine use" means, with respect to the disclosure of a
record to a person or agency other than EPA, the use of
a record for a purpose which is compatible with the
purpose for which the record was collected. It includes
disclosures required to be made by statute other than
the Freedom of Information Act, 5 U.S.C. 552. It does
not include other disclosures which are permitted to be
made without the consent of the subject individual pursuant
to Section 552a(b) of the Privacy Act, such as disclosures
to EPA employees who have official need for the record,
to the Bureau of the Census, to the General Accounting
Office or to the Congress.
h. "Subject individual" is the individual to whom a record
pertains.
i. "System Manager" is the EPA employee designated as the
responsible manager of a System of Records.
j. "System of Records" within the meaning of the Privacy Act
is a group of any records under the control of the Agency
from which information is retrieved by an individual's
name or some personal identifier, such as a social security
number assigned to the individual.
8. PROCEDURES AND GUIDELINES. Procedures for carrying out the
provisions of this Chapter are found in the Privacy Act
Manual. Other guidance is found in:
a. Forms Management Manual, Chapter 1, for forms developed
in connection with the Privacy Act.
b. Federal Acquisition Regulations Subpart 24.1 and EPA
Acquisition Regulations Subpart 15-24.1 for contracts
involving collection and maintenance of information on
individuals.
c. Delegations Manual 1-33 for authority to make
determinations on appeals from the initial denial and
to make determinations on correction or amendment.
d. Reports Management Manual, Chapter 4, for policy on
collecting information from the public.
e. Records Management Manual, Chapters 1 and 3, for
management and disposal of records.
11-6
-------�
IRM POLICY MANUAL 2100
7/21/87
f. Freedom of Information Act Manual for Freedom of
Information procedures.
g. Federal Register Document Drafting Handbook for
preparation of Federal Register documents.
h. Facilities and Support Services Manual, Security Volume,
Part III, Chapter 13, for security requirements for
Privacy Act data.
9. PENALTIES. The Privacy Act imposes criminal penalties directly
on individuals if they violate certain provisions of the
Act. Any Federal employee, for instance, is subject to a
misdemeanor charge and a fine of not more than $5,000 whenever
such employee:
a. Knowing that disclosure is prohibited, willfully discloses
in any manner records in a System of Records to any person
or agency not entitled to access to such records.
b. Willfully maintains a System of Records without publishing
the prescribed public notice on the System in the Federal
Register.
c. Knowingly and willfully requests or obtains any record
from any System of Records under false pretenses. (The
penalty for violation of this provision is not limited
to Federal employees).
(The System Manager is responsible for making employees
working with a System of Records fully aware of these
provisions and the corresponding penalties.)
11-7
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 12 - LIBRARY SERVICES
1. PURPOSE. This policy establishes principles that govern the
operation of the EPA library network.
2. SCOPE AND APPLICABILITY. This policy applies to all EPA
employees and contractors responsible for providing informa-
tion/library services. It also applies to officials who
contribute to the Headquarters library official collection
of EPA reports.
3. BACKGROUND. Efficient and cost-effective access to information
and data about the environment and related scientific,
technical/ management, and policy information is critical to
the ability of the U.S. Environmental Protection Agency
(EPA) to carry out its mission. EPA recognized this when it
established a library network in the early 1970's to support
staff in EPA Headquarters, the 10 Regional Offices, and in
the 13 research laboratories and field sites across the
country. This approach is consistent with OMB Circular A-130,
"Management of Federal Information Resources", which states
that the collection of information by Federal agencies be
carried out within the context of efficient, effective, and
economical management.
4. AUTHORITIES. OMB Circular A-130, Management of Federal
Information Resources.
5. POLICY. It is EPA policy that the library network provide
EPA staff with access to high quality, cost-effective informa-
tion and data about environmental and related issues critical
to carrying out the Agency's mission. The librarians, as
information brokers, shall promote the available information
resources through outreach to EPA staff. The EPA libraries
shall provide State agencies and the general public with
access to the library collection. EPA program managers
shall provide the EPA library network with copies of final
technical reports and guidance. Copies of these documents
shall also be sent to the National Technical Information
Service (NTIS).
6. RESPONSIBILITIES. The Information Services Branch which is
part of the Information Management and Services Division,
Office of Information Resources Management, serves as the
12-1
-------�
IRM POLICY MANUAL 2/°l/»7
"National Program Manager" and is responsible for coordi-
nating the major activities of the EPA library network. In
the Regional Offices, responsibility for menacing the library
function is generally placed in the Regional Management
Divisions, although in a few Regions the libraries are the
responsibility of the Office of Public Affairs. In the
laboratories, responsibility for managing the libraries may
vary from site to site. The role of the National Program
Manager is to work with the library network and its managers
to provide the following services:
a. Assessment of EPA program staff needs for information and
provision of services to meet those needs.
b. Online searches of commercial databases and, as appropriate,
EPA databases, to supply EPA staff with needed information.
Where possible, provision of State environmental agencies
with relevant information services.
c. Access to the EPA library network collection of books,
journals, maps, and materials produced in microform.
d. Access to information resources of other federal, academic
and special libraries through interlibrary loan.
e. Development of specialized services, e.g., Hazardous
Waste Collection, guides to information resources,
including documents, databases, and directory information
and selective dissemination assistance.
f. Coordination with other related EPA functions.
g. Provision of translation services to EPA staff.
12-2
-------�
IRM POLICY MANUAL 2100
7/21/87
APPENDIX A - GLOSSARY
1. Administrative Records - The records which reflect routine,
transitory, internal housekeeping activities relating to
subjects and functions common to all offices.
2. Agency Records Management Officer - The title of the designated
staff official whose responsibility is to plan, develop and
coordinate the agency records management program.
3. Application Security - The set of controls that makes an
information system perform, in an accurate and reliable
manner, only those functions it was designed to perform.
The set of controls includes the following: programming,
access, source document, input data, processing, storage,
output and audit trail.
4. Application Software - Software specifically produced for
the functional use of a computer system, e.g., payroll,
inventory control, environmental monitoring and scientific
modeling.
5. Artificial Intelligence, Expert, or Knowledge-based Systems -
A class of systems that employs decision rules developed
through human experience and from human knowledge to solve
problems that require a high degree of human expertise.
6. Automatic Data Processing - The production, conversion,
reduction, destruction, storage, transfer or communication
of data by electronic digital computers and related
peripheral devices. The term "electronic data processing"
(EDP) and "automatic data processing" (ADP) are frequently
used interchangeably with no significant distinction.
Automatic data processing may be performed by a stand alone
unit or by several connected units.
7. Automatic Data Processing Equipment - Electronic components
and equipment regardless of use, size, capacity or price
that are designed to be applied to the solution or processing
of a variety of problems or applications.
8. Central Processing Unit (CPU) - That part of a computer that
interprets and executes program instruction and communicates
with the input, output and storage devices. It consists of
the control unit and the arithmetic/logic unit.
A-l
-------�
IRM POLICY MANUAL 2100
7/21/87
9. Classified Records - Records which are restricted to
processing or use by cleared individuals, and require special
protection, e.g., "top secret," "secret" or "confidential."
10. Commercially Available Software - Software that is available
through lease or purchase in the commercial market from a
concern representing itself to have ownership or marketing
rights in the software. Software that is furnished as part
of the ADP system but that is separately priced is included.
11. Confidential Business Information - This type of information
includes trade secrets, proprietary and commercial/financial
information. Business information is entitled to confidential
treatment if: (I) business asserts a confidential claim,
{2} business shows it has taken its own measures to protect
the information, (3) the information is not publicly available
or (4) disclosure is not required by statute and the disclosure
would either cause competitive harm or impair the Agency's
ability to obtain necessary information in the future.
12. Core Systems Standards - The EPA term for a set of standards
for end-user interface, software engineering, data interchange
and documentation for general purpose computer software to
perform functions which are common to many different offices
(e.g., project tracking or correspondence control). Core
systems are targeted for the personal computer (PC) and
office automation computer systems.
i3- Current Records - Records or files presently in the physical
custody of organizational units, the maintenance of which is
required in the conduct of current work.
14. Data - Collection of unorganized facts that have not yet
been processed into information.
15. Data Base - Collection of integrated data that can be used
for a variety of applications.
16. Data Base Management - A systematic approach to storing,
updating and retrieval of information stored as data items,
usually in the form of records in a file.
17. Data Base Management System (DBMS) - The software product
that provides a data structure containing unrelated data
stored so as to optimize accessibility, control redundancy
and offer multiple views of the data to multiple application
programs.
A-2
-------�
IRM POLICY MANUAL 2100
7/21/87
18. Data Communications - Computer-to-computer, computer-to-
device and device-to-computer communications and other
communications such as a record, tele-processing and telemetry.
19. Data Element - A unit of information used to describe data,
data characteristics and attributes, e.g., eyes - blue or
BL.
20. Data Standards - Standards used generally, but not
exclusively, for automated systems to ensure that one type
of data is defined the same way in all systems.
21. Designated Senior Official - The individual appointed by the
head of an agency who has responsibility for directing the
agency's activities administered under the Paperwork Reduction
Act of 1980.
22. Distributed Processing - Involves the use of computers or
intelligent terminals at a number of sites that share the
control, storage and/or computing functions of the central
computing system, thus giving the end-user data processing
capabilities. The various stations, or network nodes, are
connected by telecommunications lines.
23. Distributed Network - This term refers to a network
architecture in which nodes, or communications processors,
are connected directly or indirectly to each other and share
the communications processing functions.
24. Documentation - Information to support the effective design,
management, operation, maintenance and transferability of
ADP resources, and to facilitate the interchange of informa-
tion. Documentation includes analysis, technical documents
and specifications which are produced in the software life
cycle (e.g., project request, feasibility study, benefit/cost
analysis, functional requirements, data requirements, system/
subsystem specifications, test plan, users' manual, operations
manual, test reports and maintenance procedures).
25. Electronic Digital Image Storage and Retrieval Systems - The
technology that converts and stores images and information
in digital form.
26. Electronic Mail - A generic term describing the use of
digital computer and other technologies (e.g., facsimile) in
the generation and transmission or distribution of messages.
A-3
-------�
IRM POLICY MANUAL 2100
7/21/87
27. End-Users - The ultimate customers or recipients of computer
services.
28. Essential Elements of Information (EEIs) - This term is
modeled after the Department of Defense and National
Aeronautics and Space Administration Data Item Descriptions
(DIDs). The EEIs represent the set of information for a
given system's life cycle products (e.g., software management
plan, software design document) that are required for a
specific systems development project or for an existing
system's operation. EEIs are required for the successful
management of a project.
29. Federal Records Centers - The depositories established by
the National Archives and Records Administration for the
housing of non-current, inactive or permanent records pending
ultimate disposition in accordance with the Agency Record
Retention and Control Schedules.
30. Filing Equipment - Any equipment used to provide storage for
information, e.g., lateral, vertical, mechanized and ADP.
31. Filing Supplies - Items such as folders, guides, cross-
reference sheets and charge-out cards.
32. Fourth Generation (4GL) Programming Language - The term
refers to modern programming languages(e.g., INFO, FOCUS)
designed for end-users or to increase programmer productivity,
which have a number of tools such as English language syntax,
dictionaries, screen builders and reference to data by name.
These languages tend to be dependent on specific computer
architectures and are not usually transportable. They
usually imply a proprietary database management system
(DBMS) or data management system (DMS).
33. Geographic Information System (CIS) - A computer-based
system that combines geographic and/or cartographic analysis
capabilities with a computer data base system that can
support data entry, data management, data manipulation and
data display capabilities.
34. Hardware - Physical equipment such as the computer and its
related peripheral devices, tape drives, disk drives, printers,
etc.
A-4
-------�
IRM POLICY MANUAL 2100
7/21/87
35. Highly Sensitive Information - Information whose loss would
seriously affect the agency's ability to function, threaten
the national security or jeapardize human life and welfare.
Specifically, information of this type includes National
Security Information, information critical to the performance
of a primary agency mission, information that is life critical
and financial information related to check issuance, funds
transfer and similar asset accounting/control functions.
36. Host Computer - Central computer to which computers or
other input/output devices are connected in a distributed
data processing environment.
37. Information - Any communication or reception of knowledge
such as facts, data or opinions, including numerical, graphic
or narrative forms, whether oral or maintained in any medium,
including computerized data bases, paper, microform or
magnetic tape.
38. Information Collection Budget (ICB) - An annual submission
to the Office of Management and Budget (OMB) of burden on
the public related to information that Federal agencies
propose to collect from non-Federal sources during a fiscal
year. ("Burden" includes, but is not limited to, the estimated
time required to read instructions and generate, review,
report and keep records on information in response to Federal
requests or requirements.) The ICB is similar to EPA's
fiscal budget except that it deals in burden hours rather
than dollars and is not submitted to Congress.
39. Information Management - The processes necessary for the
creation, use and disposal of information regardless of the
media on which it is recorded.
40. Information Processing - To copi, exchange, read, combine
mathmetically or logically, record, stors, transmit or write
information from one medium or format to another.
41. information Resources Management (IRM) - The planning,
budgeting, organizing, directing, training and controls
associated with information. The term encompasses both
information itself and related resources such as personnel,
equipment, funds and technology.
A-5
-------�
IRM POLICY MANUAL 7/21/87
42. IRM Steering Committee - At EPA this group is chaired by the
Director, Office of Information Resources Management (OIRM)
and has members representing EPA national and Regional
programs, the EPA research community and the States. The
Committee is responsible for advising OIRM concerning IRM
policies/ resources and priorities and assisting OIRM in
communicating and implementing these policies and priorities
within EPA. The Committee assists OIRM in conducting periodic
reviews of the Agency's information resources and the policies
and programs for managing these resources and in designing
improvements where needed.
43. Information Security - This term encompasses three different
types of security:applications security, installation
security and personnel security. In total, information
security involves the precautions taken to protect the
confidentiality, integrity and availability of information.
44. Information System - The organized collection, processing,
transmission and dissemination of information in accordance
with defined procedures, whether automated or manual.
45. Information Systems Inventory (ISI) - A collection of
descriptive data regarding the Agency's automated and manual
information systems. The data base for EPA's ISI resides on
an IBM PC/AT and provides for the retrieval of over 500
manual and automated information systems and applications
which have been identified by administrative and program
offices.
46. Information Technology - The hardware and software used in
connection with government information, regardless of the
technology involved, whether computers, telecommunications,
micrographics or others.
47. Installation - The physical location of one or more information
systems, whether automated or manual. An automated installa-
tion consists of one or more computer or office automation
systems, including related peripheral and storage units,
central processing units, telecommunications and operating
and support system software. Automated installations may
range in size from large centralized computer centers to
stand-alone personal computers.
A-6
-------�
IRM POLICY MANUAL 210°
7/21/87
48. Installation Security - The use of locks, badges and similar
measures to control access to the installation and the
measures required for the protection of the structure housing
the installation from accident, fire and environmental
hazards. In addition to the above physical security measures,
installation security also involves ensuring continuity of
operations through disaster planning.
49. Life Cycle The complete time span of a system from the
origin of the idea that leads to the creation of the system
to the end of its useful life.
50. Life Cycle Costs - The sum total of all the direct, indirect,
recurring, nonrecurring and other related costs incurred or
predicted to be incurred in the formulation of requirements
and feasibility studies, and in the design, development,
production, operation, maintenance and support of an
information system throughout its useful life.
51. Mainframe - This term connotes a large computer.
52. Maintenance of Records - This term refers to the grouping,
filing, storing and safeguarding of business records.
53. Major Information System - An information system that requires
special continuing management attention because of its
importance to an agency mission; its high development,
operating or maintenance costs; or its significant impact on
administration of agency programs, finances, property or
other resources. In this context, high development, operating
or maintenance cost means either (1) the cost of initial
development from conception through implementation exceeds
one million dollars or (2) the cost of operating and main-
taining the system in any fiscal year exceeds 500 thousand
dollars.
54. Management Information System (MIS) - A computer-based or
manual information system having applications in support of
management activities.
55. Microcomputer - One of a large variety of general purpose
computers manufactured utilizing one or more microprocessors.
Microcomputers can range from computers with relatively small
amounts of memory to computers with large amounts of random
A-7
-------�
IRM POLICY MANUAL 2100
7/21/87
access memory and several peripheral devices. Typically, an
end-user microcomputer is of desktop size and requires no
special environmental site preparation.
56. Microfilm - High resolution film containing an image or
images greatly reduced in size from the original that is
recorded on the film.
57. Microfiche - A sheet of film containing multiple microimages
in a grid pattern. It usually contains a heading or title
which can be read without magnification.
58. Microform - Any form containing microimages.
59. Micrographics - The science and technology of document and
information microfilming and associated microform systems
including microfilm, microfiche and microimages.
60. Minicomputer - A computer somewhere in size between a
microcomputer and a mainframe. These units are characterized
by higher performance than microcomputers, richer instruction
sets, higher price and a proliferation of high-level languages,
operating systems and networking methodologies.
61. Mission-based Planning - The process of planning for an
agency's investments in and management of information
resources and technology that are required to achieve the
agency's missions and priorities. At EPA all national
program managers and Regional offices are responsible for
developing mission-based plans for their respective organiza-
tions. Mission-based plans are tied to the budget process
and are used to support investment decisions made during
the budget preparation process. These plans are strategic
or long range in scope but are updated annually to reflect
progress in implementation, program changes, changes that
affect information requirements and advancements in technology.
62. National Security Information - Information that is classified
as "Top Secret," "Secret" or "Confidential" under Executive
Order 12356 or predecessor orders.
63. Network - Computer system using data communications equipment
to connect two or more computers.
64. Non-procedural Language - See definition for Fourth Generation
(4GL) Language.
A-8
-------�
IRM POLICY MANUAL 2100
7/21/87
65. Official Record File - Used in the context of records
management/ this term refers to documentation including all
background material resulting from specific transactions,
operations or processes which are accumulated and maintained
in files equipment. They may include any media such as
film, microfilm, cards, papers and magnetic tapes and disks.
66. Operating System - Software that controls and supports the
execution of computer programs and contributes to optimal
use of the computing system. An operating system may provide
services such as resource allocation, scheduling, input/
output control, error recovery and data management. Although
operating systems are predominantly software, partial or
complete firmware implementations are possible.
67. Permanent Records - Records of continuing value which are
considered to be so important or unique in documenting the
history of the Agency or for informational content that
they should be preserved "forever" as part of the National
Archives of the United States.
68. Personal Computer - Microcomputer used by individuals for
various personal uses in the home or office.
69. Procedural or High Order Language - See definition for
Third Generation Language (3GL).
70. Program - Step-by-step set of instructions that directs the
computer to perform certain operations.
71. Program Records - Records created, received and maintained
by an agency in the conduct of the mission functions for
which it is responsible. The term is used in contrast with
administrative or facilitative records.
72. Proprietary - Any item, usually commercial software or a
specialized data base, for which the Government or public
does not have unlimited rights.
73. Privacy - The right of an individual to control the
collection, storage and dissemination of information about
himself/herself to avoid the potential for substantial
harm, embarassment, inconvenience or unfairness.
A-9
-------�
IRM POLICY MANUAL 2100
7/21/87
74. Records - In records management parlance, this term refers
to recorded information of continuing administrative, fiscal,
legal, historical or informational value, including published
materials, papers, maps, photographs, microfilm, audiovisual,
machine-readable materials (ADP tapes/disks) or other
documentary material, regardless of physical form or charac-
teristics, made or received by the agency that evidences
organization, functions, policies, decisions, procedures,
operations or other activities of the Government.
75. Records Control Schedules - This term refers to the list of
scheduled reviews of agency records to determine their
disposition.
76. Records Management - This term describes the management of
the media on which information is recorded and the control
of all the agency's program and administrative records.
77. Records Management Officer - The title of the designated
staff officials whose responsibilities are to assist the
operating Agency Records Management Officer by carrying out
the policies of the records management program in their
respective organizational units.
78. Risk Analysis - A means of measuring and assessing the
relative vulnerabilities and threats to a collection of
sensitive data and the people, systems and installations
involved in storing and processing that data. Its purpose
is to determine how security measures can be effectively
applied to minimize potential loss. Risk analyses may vary
from an informal, quantitative review of a microcomputer
installation to a formal review of a major computer center.
79. Semi-active Records - This term refers to records worthy of
preservation, that have long term permanent value and will
be retired from expensive office space and equipment to the
area Federal Records Center for storing, servicing and
ultimate disposition in accordance with Agency Records
Control Schedules.
80. Senior Information Management Official (SIRMO) At EPA this
term has been used to designate those individuals who are
responsible for directing and managing information resources
planning and budgeting and for assuring that the information
systems and information technology acquisitions within their
organizations comply with Federal and EPA policies and
regulations.
A-10
-------�
IRM POLICY MANUAL 2100
7/21/87
81. Sensitive Application Systems - Systems that process sensitive
information and require protection because of the loss or
harm which could result from the improper operation or
deliberate manipulation of the application itself. Automated
decision-making application systems are highly sensitive if
the wrong decision could cause serious loss.
82. Sensitive Information - Information that requires protection
due to the risk and magnitude of loss or harm that could
result from inadvertent or deliberate disclosure, alteration
or destruction of the information.
83. Service Level Agreement - A Service Level Agreement is a
documented contract between the National Data Processing
Division (NDPD) and any client organization which describes
the services which will be provided by NDPD to the client.
There are two types of Service Level Agreements. One is a
generic documented service description which applies to all
client organizations and the other is a specific agreement
with an individual client organization. The latter is
developed primarily where the level of service requested is
beyond the normal service levels contained in the generic
service agreement. Service Level Agreements generally
contain a description of availability, capacity, workload,
performance, reliability and cost.
84. Software - Computer programs, procedures, rules and associated
documentation pertaining to the operation of a computer
system.
85. Software Engineering - This term refers to the discipline
of applying software tools, techniques and methodologies to
promote software quality and productivity.
86. Software Life Cycle - The period of time beginning when a
software product is conceived and ending when the product
no longer performs the function for which it was designed.
The software life cycle is typically broken into phases
such as requirements, design, programming and testing,
installation and operation and maintenance.
87. Software Maintenance - The performance of those activities
required to keep a software system operational and responsive
after it is accepted and placed into operation. It is the
A-ll
-------�
IRM POLICY MANUAL 2100
7/21/87
set of activities which result in changes to the originally
accepted (baseline) product. These changes consist of
modifications required to: (1) insert, delete, extend and
enhance the baseline system (performance maintenance); (2)
adapt the system to changes in the processing environment
(adaptive maintenance); and (3) fix errors (corrective
maintenance).
88. Software Tools - This term refers to packaged, often
commercial computer program(s) used to help develop, test,
analyze or maintain computer programs, data and information
systems. Examples include statistical software such as SAS,
SPSS, sort systems, etc.
89. System - The organized set of procedures used to collect,
process and array information whether automated or manual.
90. Telecommunications - The transmission and/or reception of
information by telephone, telephone lines, telegraph, radio
or other methods of communication over a distance. The
information may be in the form of voice, pictures, text
and/or encoded data.
91. Telecommuncations Network - An interconnected set of locations
or devices linked by communications facilities, including
telephone lines and microwave and satellite connections.
i>2. Temporary Records - Records created incidental to performance
of the mission of the agency and considered to be of short
term value.
93. Testing - This term refers to the examination of the behavior
of a program by executing the program on sample data sets.
94. Third Generation (3GL) Programming Language - A programming
language that usually includes features such as nested
expressions and parameter passing, that can run on a variety
of different computer systems and are independent of machine
architecture (e.g., COBOL, BASIC, FORTRAN, PL/1). It is a
problem oriented language that facilitates the expression
of a procedure as an explicit algorithm. In contrast to
fourth generation programming language, third generation
programming language is normally independent of a data base
management system and is transportable between different
computer architectures.
A-12
-------�
IRM POLICY MANUAL 21°°
7/21/87
95. Threshold - A point, usually expressed in dollars, above
which specific actions are required. For instance, a sole-
source procurement of data processing equipment having an
estimated value below the $250,000 threshold does not require
a delegation of procurement authority from the General
Services Administration, while a procurement above that
threshold does require a delegation.
96 Timeshare - This procedure allows many users to access and
use simultaneously the resources of a central computer
through remote terminals. Access privileges are usually
p^chased by (or charged back to) the user, based on a
formula of various unit prices. The chargeback formula may
include charges for use of the computer's central processing
unit, adding or altering data on a computer storage disk,
computer tape handling and storage and the amount of time a
user has interacted with the computer (connect time). Other
items may be included in the chargeback formula which are
inherent in delivering the computer services to the user.
97. Triennial Review - This review is a government-wide three-
year planning and reporting cycle set forth to meet the
requirements established by the Paperwork Reduction Act of
1980. Agencies are required to perform reviews of their
information resources management activities and prepare
synopses and updates of these reviews to GSA on a yearly
basis for a three-year duration. The objective of the
Triennial Review Program is to ensure that agencies are
carrying out their information management activities in an
efficient manner. In EPA OIRM is responsible for managing
the review process with input from the program offices.
98. Vital Records - Records essential to the continued operation
of the Agency and to the preservation of the legal rights
and interests of employees and individual citizens, in
wartime and disaster.
99. Voice Communications - The transmission and switching of
voice traffic by public and private facilities. The public-
switched network is an example of a public facility; private
branch exchanges (PBX) and private voice lines exemplify
private facilities.
100. Word Processing - Computer-based system for inputting,
editing, storing and printing of documents.
A-13
-------�
-------�
IRM POLICY MANUAL 2100 CHG 2
4/8/91
CHAFTER 13 - LOGATIONAL DATA
1. PURPOSE. This policy establishes the principles for
collecting and documenting latitude/longitude
coordinates for facilities, sites and monitoring and
observation points regulated or tracked under Federal
environmental programs within the jurisdiction of the
Environmental Protection Agency (EPA). The intent of
this policy is to extend environmental analyses and
allow data to be integrated based upon location, thereby
promoting the enhanced use of EPA's extensive data
resources for cross-media environmental analyses and
management decisions. This policy underscores EPA's
commitment to establishing the data infrastructure
necessary to enable data sharing and secondary data use.
2. SCOPE AND APPLICABILITY. _This policy applies to all
Environmental Protection Agency (EPA) organizations and
personnel of agents (including contractors and grantees)
of EPA who design, develop, compile, operate or maintain
EPA information collections developed for environmental
program support. Certain requirements of this policy
apply to existing as well as new data collections.
3. BACKGROUND.
a. Fulfillment of EPA's mission to protect and improve
the environment depends upon improvements in cross-
programmatic, multi-media data analyses. A need
for available and reliable location identification
information is a commonality which all regulatory
tracking programs share.
b. Standard location identification data will provide
a return yet unrealized on EPA's sizable investment
in environmental data collection by improving the
utility of these data for a variety of value-added
secondary applications often unanticipated by the
original data collectors.
c. EPA is committed to,implementing its locational
policy in accordance with the requirements
specified by the Federal Interagency Coordinating
Committee for Digital Cartography (FICCDC). The
FICCDC has identified the collection of
latitude/longitude as the most preferred coordinate
system for identifying location. Latitude and
longitude are coordinate representations that show
locations on the surface of the earth using the
earth's equator and the prime meridian (Greenwich,
England) as the respective latitude and longitude
origins.
13-1
-------�
IRM POLICY MANUAL 2100 CHG
4/8/91
d. The State/EPA Data Management Program is a
successful multi-year initiative linking State
environmental regulatory agencies and EPA in
cooperative action. The Program's goals include
improvements in data quality and data integration
based on location identification.
e. Readily available, reliable and consistent location
identification data are critical to support the
Agencywide development of environmental risk
management strategies, methodologies and
assessments.
f. OIRM is committed to working with EPA Programs,
Regions and Laboratories to apply spatially related
tools (e.'g., geographic information systems (GIS) ,
remote sensing, automated mapping) and to ensure
these tools are supported by adequate and accurate
location identification data. Effective use of
spatial tools depends on the appropriate collection
and use of location identifiers, and on the
accompanying data and attributes to be analyzed,
g. OIRM's commitment to effective use of spatial data
is also reflected in the Agency's comprehensive GIS
Program and OIRM's coordination of the Agency's
National Mapping Requirement Program (NMRP) to
identify and provide for EPA's current and future
spatial data requirements.
AUTHORITIES.
a. 15 CFR, Part 6 Subtitle A, Standardization of Data
Elements and Representations
b. Geological Survey Circular 878-B, A U.S. Geological
Survey Data Standard, Specifications for
Representation of Geographic Point Locations for
Information Interchange
c. Federal Interagency Coordinating Committee on
Digital Cartography (FICCDC)/U.S. Office of
Management and Budget, Digital Cartographic Data
Standards: An Interim Proposed Standard
d. EPA Regulations 40 CFR 30.503 and 40 CFR 31.45,
Quality Assurance Practices under EPA's General
Grant Regulations
13-2
-------�
IRM POLICY MANUAL 2100 CHG
4/8/91
5. POLICY.
It is EPA policy that latitude/longitude
("lat/long") coordinates be collected and
documented with environmental and related data.
This is in addition to, and not precluding, other
critical location identification data that may be
needed to satisfy individual program or project
needs, such as depth, street address, elevation or
altitude.
This policy serves as a framework for collecting and
documenting location identification data. It
includes a goal that a 25 meter level of accuracy be
achieved; managers of individual data collection
efforts determine the exact levels of precision and
accuracy necessary to support their mission within
the context of this goal. The use of global
positioning systems (GPS) is recommended to obtain
lat/longs of the highest possible accuracy.
To implement this policy, program data managers
must collect and document the following
information:
(1) Latitude/longitude coordinates in accordance
with Federal Interagency Coordinating
Committee for Digital Cartography (FICCDC)
recommendations. The coordinates may be
present singly or multiple times, to define a
point, line, or area, according to the most
appropriate data type for the entity being
represented.
The format for representing this information
is:
+/-DD MM SS.SSSS (latitude)
+/-DDD MM SS.SSSS (longitude)
where:
Latitude is always presented before
longitude
DD represents degrees of latitude;
a two-digit decimal number ranging
from 00 through 90
DDD represents degrees of
longitude; a three-digit decimal
number ranging from 000 through 180
13-3
-------�
IRM POLICY MANUAL 2100 CHG 2
4/8/91
• MM represents minutes of latitude
or longitude; a two-digit decimal
number ranging from 00 through 60
• SS.SSSS represents seconds of
latitude or longitude, with a format
allowing possible precision to the
ten-thousandths of seconds
• + specifies latitudes north of the
equator and longitudes east of the
prime meridian
• - specifies latitudes south of the
equator and longitudes west of the
prime meridian
(2) Specific method used to determine the lat/long
coordinates (e.g., remote sensing techniques,
map interpolation, cadastral survey)
(3) Textual description of the entity to which the
latitude/longitude coordinates refer (e.g.,
north-east corner of site, entrance to
facility, point of discharge, drainage ditch)
(4) Estimate of accuracy in terms of the most
precise units of measurement used (e.g., if
the coordinates are given to tenths-of-seconds
precision, the accuracy estimate should be
expressed in terms of the range of tenths-of-
seconds within which the true value should
fall, such as "+/- 0.5 seconds")
d. Recommended labelling of the above information is
as follows:
"Latitude"
• "Longitude"
"Method"
• "Description"
• "Accuracy."
e. This policy does not preclude or rescind more
stringent regional or program-specific policy and
guidance. Such guidance may require, for example,
additional elevation measurements to fully
characterize the location of environmental
observations.
f. Formats, standards, coding conventions or other
specifications for the method, description and
accuracy information are forthcoming.
13-4
-------�
IRM POLICY MANUAL 2100 CHG 2
4/8/91
6. RESPONSIBILITIES.
a. The Office of Information Resources Management
(OIRM) shall:
(1) Be responsible for implementing and supporting
this policy
(2) Provide guidance and technical assistance
where feasible and appropriate in implementing
and improving the requirements of this policy
b. Assistant Administrators, Associate Administrators,
Regional Administrators, Laboratory Directors and
the General Counsel shall establish procedures
within their respective organizations to ensure
that information collection and reporting systems
under their direction are in compliance with this
policy.
While the value of obtaining locational coordinates
will vary according to individual program
requirements, the method, description and accuracy
of the coordinates must always be documented. Such
documentation will permit other users to evaluate
whether those coordinates can support secondary
uses, thus addressing EPA data sharing and
integration objectives.
7. WAIVERS. Requests for waivers from specified provisions
of the policy may be submitted for review to the
Director of the Office of Information Resources
Management. Waiver requests must be based clearly on
data quality objectives and must be signed by the
relevant Senior IRM Official prior to submission to the
Director, OIRM.
8. PROCEDURES AND GUIDELINES. The Findings and
Recommendations of the Locational Accuracy Task Force
supplement this policy. More detailed procedures and
guidelines for implementing the policy are issued under
separate cover as the Locational Data Policy
Implementation Guidelines.
13-5
-------�
-------�
IRM POLICY MANUAL 2100
7/21/87
APPENDIX B - PRIMARY FEDERAL IRM STATUTES AND REGULATIONS
1. Brooks Act, Oct. 30f 1965, Public Law 89-306
This Act is the primary law governing the overall Federal
acquisition and management of automatic data processing
equipment. Passed in 1965, the Act requires Federal agencies
to purchase, lease, maintain, operate and utilize ADP equipment
in an economical and efficient manner. The Act also provides
for coordinated government-wide ADP management with specific
roles for the General Services Administration, the Department
of Commerce and the Office of Management and Budget.
2. Paperwork Reduction Act of 1980, Public Law 96-511
The primary objective of this Act is to reduce paperwork and
enhance the economy and efficiency of the government and
private sector by improving Federal information policy develop-
ment and implementation. It established a new management
structure for the government's information activities. The
structure is composed of (1) an OMB Office of Information
and Regulatory Affairs to develop and implement consistent
information policy and (2) senior officials appointed within
each agency to ensure effective and efficient management of
the agency's information resources. The following broad
objectives for improving the management of Federal information
resources were established:
a. Coordinating, integrating and, to the extent practicable
and appropriate, making uniform, Federal information
policies and practices.
b. Minimizing the Federal paperwork burden for individuals,
State and local governments and others.
c. Minimizing the cost to the Federal government of collecting,
maintaining, using and disseminating information.
d. Making maximum use of information collected by the Federal
government.
e. Ensuring that automatic data processing and
telecommunications technologies are acquired and used by
the Federal government in a manner that improves service
B-l
-------�
IRM POLICY MANUAL 2100
1/21/81
delivery and program management, increases productivity,
reduces waste and fraud and reduces the information
processing burden for the Federal government and for
persons who provide information to the Federal government.
f. Ensuring that the collection, maintenance, use and
dissemination of information by the Federal government
is consistent with applicable laws relating to
confidentiality and privacy.
3. Privacy Act of 1974, Public Law 93-579
The Act provides certain safeguards for individuals against
an invasion of personal privacy by requiring agencies to
identify what records are being collected, maintained, used
or disseminated on an individual; provide access and copies
of such records; ensure the lawful purpose and prevent misuse
of such records. The Act imposes criminal penalties directly
on individuals if they violate certain provisions of the
Act.
4. Freedom of Information Act of 1966, Public Law 89-487, as
amended by Public Law 93-502, Nov. 21, 1974, amended Nov/Dec.
1986
The Act allows the public to inspect and copy certain general
agency information, agency rules, opinions, orders and
proceedings. The 1974 amendments established: (1) time
limits for agency determinations, (2) index publications,
(3) uniform fees for search and duplication and (4) require-
ments for an annual report.
5. Federal Records Management Amendments of 1976, Public Law
94-575
The amendments required the establishment of standards and
procedures to ensure efficient and effective Federal records
management practices. Specific goals are (1) accurate and
complete documentation of the policies and transactions of
the Federal government; (2) control of the quantity and
quality of records produced; (3) establishment and maintenance
of control mechanisms to prevent the creation of unnecessary
records and to prevent ineffective and uneconomical agency
operations; (4) simplified activities, systems and procedures
for records creation, maintenance and use; (5) judicious
preservation and disposal of records; and (6) continuous
attention to records—from creation to disposition—with
emphasis on the prevention of paperwork.
B-2
-------�
IRM POLICY MANUAL
2100
7/21/87
6. Competition in Contracting Act of 1984, Public Law 98-369
The Competition in Contracting Act considerably strengthened
the regulations governing all procurements. It requires each
agency to designate a "competition advocate" and requires
full and open competition in as many procurements as possible.
Significantly, the Act considers both "competitive negotiation"
and purchases from negotiated schedule contracts as full and
open competition. The Act prescribes the following exceptions
that justify noncompetitive procurements:
a. The property or services are available from only one
reponsible source.
b. There is "unusual and compelling urgency."
c. It is desirable to award the contract to a particular
source in order to maintain the existence of a supplier
or to meet the terms of an international agreement.
d. Noncompetitive procurement is specifically authorized by
statute.
e. The disclosure of the agency's needs would compromise
national security.
f. The head of the agency determines that is it "necessary
in the public interest" to use noncompetitive procedures
and notifies Congress in writing 30 days before award of
the contract.
In addition, the Act established a special procedure to
resolve disputes between agencies and vendors of ADP equipment.
Under this procedure, the Board of Contract Appeals at GSA
is given authority to suspend procurement authority if neces-
sary, and to issue a decision on the protest within 45 working
days after the protest is filed.
7. OMB Circular A-130, Management of Federal Information Resources
Issued by OMB to implement the Paperwork Reduction Act, OMB
Circular A-130 supercedes several other circulars and provides
guidance for Federal agencies in adopting and implementing
the Information Resources Management (IRM) approach mandated
by the Act. Under Circular A-130, Federal agencies shall:
B-3
-------�
IRM POLICY MANUAL 2100
7/21/87
a. Establish multi-year strategic planning processes for
acquiring and operating information technology that meet
program and mission needs, reflect budget constraints
and form the basis for their budget requests.
b. Establish systems of management control that document
the requirements that each major information system is
intended to serve and provide for periodic review of
those requirements over the life of the system in order
to determine whether the requirements continue to exist
and whether the system continues to meet the purposes
for which it was developed.
c. Make the official whose program the information system
supports responsible and accountable for the products of
that system.
d. Meet information processing needs through interagency
sharing and from commercial sources, when it is cost-
effective, before acquiring new information processing
capacity.
e. Share available information processing capacity with
other agencies to the extent practicable and legally
permissible.
f. Acquire information technology in a competitive manner
that minimizes total life cycle costs.
g. Ensure that existing and planned major information systems
do not unnecessarily duplicate information systems
available from other agencies or from the private sector.
h. Acquire off-the-shelf software from commercial sources,
unless the cost-effectiveness of developing custom software
is clear and has been documented.
i. Acquire or develop information systems in a manner that
facilitates compatibility.
j. Assure that information systems operate effectively and
accurately.
B-4
-------�
IRM POLICY MANUAL 2100
7/21/87
k. Establish a level of security for all agency information
systems commensurate with the sensitivity of the informa-
tion and the risk and magnitude of loss or harm that
could result from improper operation of the information
systems.
1. Assure that only authorized personnel have access to
information systems.
m. Plan to provide information systems with reasonable
continuity of support, should their normal operations be
disrupted in an emergency.
n. Use Federal Information Processing and Telecommunications
Standards except where it can be demonstrated that the
costs of using a standard exceed the benefit or the
standard will impede the agency in accomplishing its
mission.
o. Not require program managers to use specific information
technology facilities or services unless it is clear
and is convincingly documented, subject to periodic
review, that such use is the most cost-effective method
for meeting program requirements.
p. Account for the full costs of operating information
technology facilities and recover such costs from
government users.
q. Not prescribe Federal Information system requirements
that unduly restrict the prerogatives of heads of State
and local government units.
r. Seek opportunities to improve the operation of government
programs or to realize savings for the government and
the public through the application of up-to-date informa-
tion technology to government information activities.
8. OMB Circular A-ll, Transmittal Memorandum No. 54, Preparation
and Submission of Budget Estimates, July 19, 1983
Circular No. A-ll provides instructions relating to the
annual budget process. It includes information on reviewing
estimates for new or expanding programs that reflect
determinations made pursuant to Executive Order No. 12291,
the Paperwork Reduction Act of 1980 and the "information
collection budget" process.
B-5
-------�
IRM POLICY MANUAL 2100
7/21/87
9. OMB Circular A-76, Policies for Acquiring Commercial or
Industrial Services Needed by Government, March 29, 1979
This Circular establishes the general policy that "the
government's business is not to be in business" and that
government agencies should rely on the private sector to
obtain commercial or industrial goods and services. Government
commercial or industrial activities are allowed only on a
very limited exception basis, which recognizes that certain
activities are inherently governmental and should be performed
by Federal employees. A Cost Comparison Handbook implements
the principles contained in the Circular. The handbook
provides detailed instructions for developing a comprehensive
and valid comparison of the estimated cost to the government
of acquiring a product or service by contract versus providing
it with in-house, government resources. The handbook attempts
to establish consistency, ensure that all substantive factors
are considered in making cost comparisons and achieve a
desirable level of uniformity among agencies in comparative
cost analyses.
10. OMB Circular A-121, Cost Accounting, Cost Recovery, and
Inter-agency Sharing of Data Processing Facilities,"
Sept. 16, 1980
This Circular establishes policies to promote effective and
efficient management and use of certain data processing
facilities. The policies prescribe business-like procedures
which require agencies to:
a. Account for the full cost of operating data processing
facilities.
b. Allocate all costs to users according to the service
they receive.
c. Share excess data processing capacity with other agencies.
d. Recover the cost of interagency sharing.
e. Evaluate interagency sharing as a means of supporting
major new data processing applications.
11. OMB Circular A-123, Internal Control Systems, Aug. 16, 1983
This Circular prescribes policies and standards to be followed
by executive departments and agencies in establishing,
maintaining, evaluating, improving and reporting on internal
B-6
-------�
IRM POLICY MANUAL 210°
7/21/87
controls in their program and administrative activities.
Agencies must maintain effective systems of accounting and
administrative control. All levels of management must
involve themselves in assuring the adequacy of controls.
New programs must be designed so as to incorporate effective
systems of internal control. All systems must be evaluated
on an ongoing basis and weaknesses, when detected, must be
promptly corrected. Reports are to be issued, as required
by the Federal Managers' Financial Integrity Act, on internal
control activities and the results of evaluations.
12. OMB Circular A-127, Financial Management Systems
This Circular prescribes policies and procedures to be
followed by executive departments and agencies in developing,
operating, evaluating and reporting on financial management
systems. The Circular establishes objectives for financial
management and accounting systems which all agencies are
required to meet. The objectives are concerned with ensuring
that financial management data are recorded, stored and
reported in a manner to facilitate systems operations (i.e.,
ensuring financial management data meet the criteria of
usefulness, timeliness, reliability, completeness, compara-
bility, consistency, efficiency and economy); systems
integrity; support for management and full financial
disclosure.
The Circular also requires agencies to establish and maintain
a single, integrated financial management system, which may
be supplemented by subsidiary systems. The intent of this
requirement is to ensure that data entered into the agency's
financial management system is entered only once and trans-
ferred automatically to appropriate accounts or other parts
of the system or systems. New or substantially revised
systems must be developed on an interagency basis and must
be designed to meet the needs of all participating agencies.
Agencies are allowed to expend funds only for financial
management systems that meet the requirements of Circular
A-127.
13. Federal Information Processing Standards (FIPS) (Dept. of
Commerce
A series of documents issued by the National Bureau of
Standards (DOC) in accordance with the Brooks Act of 1965,
Public Law 89-306. The FIPs contain standards and guidelines
concerned with the standardization of computer hardware,
B-7
-------�
IRM POLICY MANUAL 7/21/87
software (data representations, operative systems, programming
languages) and systems. FIPs are mandatory for each Federal
agency.
14. Federal Information Resource Management Regulations (FIRMR)
(GSA), 41 CFR Chapter 201
Regulations published by the General Services Administration
to provide guidance for the procurement, utilization and
disposition of ADP resources and equipment by each Federal
agency.
15. National Archives and Records Administration Regulation
36 CFR 1220 and 41 CFR 201-22
Regulations issued by the National Archives and Records
Administration to establish standard records management
practices throughout the Federal government.
B-8
-------� |