United Stales
Environmental Protection
Agency
Offci oi Pollution
PievtriTion ono "(oxics
Wa;;hinoton DC 20460
(TS 793)
700
wuary 1993 Edition
749R92001
TSCA Confidential
Business information
Security Manual
-------�
749R92001
TSCA CBI Security Manual 7700
1/93
TABLE OF CONTENTS
LIST OF APPENDICES i
CONTACTS iii
GLOSSARY OF ACRONYMS iv
BACKGROUND ON TERMINOLOGY AND EPA OFFICES vi
CHAPTER 1
INTRODUCTION 1
A. GUIDING PRINCIPLES FOR SITUATIONS OUTSIDE OF
THE MANUAL 1
B. MANUAL UPDATES AND REVISIONS TO PROCEDURES . 2
CHAPTER 2
HOW TO AUTHORIZE FEDERAL EMPLOYEES, CONTRACT
EMPLOYEES AND CONGRESS FOR ACCESS TO TSCA CBI 3
A. STEPS TO TSCA CBI ACCESS FOR EPA EMPLOYEES ... 3
1. AUTHORIZING ACCESS 3
f yi 5'S a. Completing and submitting the forms 3
Q •<
2. b. Forms required to obtain computer access to
TSCA CBI data ...................... 4
c. Individual access files .................. 4
d. Security briefing ...................... 4
e. Approval for TSCA CBI access or waiver for
immediate access ..................... 4
f. TSCA CBI authorized access list ............ 5
2. REQUIREMENTS FOR MAINTAINING ACCESS .... 5
a. General information .................... 5
b. Document audit procedure ................ 5
c. Scheduling an annual security briefing ........ 6
d. Failure to attend an annual security briefing ..... 6
-------�
TSCA CBI Security Manual 7700
1/93
e. Reapplying for TSCA CBI access 6
f. Employee transfers within EPA 6
B. STEPS TO TERMINATING TSCA CBI ACCESS FOR
EPA EMPLOYEES 6
1. GENERAL INFORMATION 6
2. REQUIREMENTS FOR TERMINATING ACCESS .... 7
a. Form 7740-16 7
b. Document audit procedure 7
c. DCO responsibilities after document audit is
completed 7
d. Missing documents 8
e. Employee responsibilities 8
C. STEPS TO TSCA CBI ACCESS FOR CONTRACTORS
AND SUBCONTRACTORS 9
AUTHORIZING ACCESS 9
1. Determining whether access to TSCA CBI is
necessary 9
2. Secure environment for handling and storing
TSCA CBI 9
3. Site inspection 10
4. Required contract language 10
5. Notice to affected businesses 10
6. Facility DCO at the contractor's site 11
7. How to assign a DCO 11
8. Identifying contractor employees for clearance . . 12
D. HOW TO OBTAIN TSCA CBI AUTHORIZATION FOR
EMPLOYEES OF CONTRACTORS AND
SUBCONTRACTORS 12
1. AUTHORIZING ACCESS 12
a. Completing and submitting the forms 12
b. Minimum Background Investigation (MBI) 13
-------�
TSCA CBI Security Manual 7700
1/93
c. Individual Access Files 13
d. Security briefing 13
e. Approval for TSCA CBI access or waiver for
immediate access 14
f. TSCA CBI authorized access list 14
2. REQUIREMENTS FOR MAINTAINING ACCESS ... 14
a. General information 14
b. Document audit procedure 14
c. Scheduling an annual security briefing 15
d. Failure to attend an annual security briefing .... 15
e. Reapplying for TSCA CBI access 15
E. PROCEDURES FOR TERMINATING ACCESS TO TSCA
CBI FOR CONTRACTOR EMPLOYEES 16
1. GENERAL INFORMATION 16
2. REQUIREMENTS FOR TERMINATING ACCESS ... 16
a. Form 7740-18 16
b. Document audit procedure 16
c. Missing documents 17
d. DCO responsibilities after document audit is
completed 17
e. Contractor employee responsibilities 17
F. PROCEDURES FOR TERMINATING ACCESS TO TSCA
CBI FOR CONTRACTORS 18
TERMINATING ACCESS TO TSCA CBI WHEN
A CONTRACT ENDS 18
G. AUTHORIZING OTHER FEDERAL AGENCIES FOR
ACCESS TO TSCA CBI 18
1. GENERAL PROCEDURES FOR EPA OFFICES TO
DISCLOSE TSCA CBI TO ANOTHER FEDERAL
AGENCY PERFORMING WORK FOR EPA 18
-------�
TSCA CBI Security Manual 7700
1/93
a. Agreement not to disclose TSCA CBI 19
b. Exceptions to agreement 19
c. TSCA CBI access at EPA facilities 19
d. TSCA CBI access at other Federal agencies .... 20
e. How to assign a DCO 20
2. PROCEDURES FOR ANOTHER FEDERAL AGENCY
TO REQUEST ACCESS TO TSCA CBI 20
a. Submit a written request 20
b. Agreement not to disclose TSCA CBI 20
c. Exceptions to agreement 21
d. Notice to affected businesses 21
3. EPA'S PROCESS FOR APPROVING TSCA CBI
ACCESS FOR OTHER FEDERAL AGENCIES 22
a. TSCA CBI access at EPA facilities 22
b. TSCA CBI access at other Federal agencies .... 22
4. REQUESTS FOR ACCESS TO TSCA CBI FROM
CONGRESS OR THE GENERAL ACCOUNTING
OFFICE 23
Notice to affected businesses 23
CHAPTERS
RESPONSIBILITIES 25
A. EMPLOYEE RESPONSIBILITIES 25
1. EPA HOLDS EMPLOYEES PERSONALLY
ACCOUNTABLE FOR PROTECTING TSCA CBI ... 25
2. DOCUMENT AUDIT PROCEDURES 26
3. CHECKING OUT TSCA CBI DOCUMENTS 26
Overdue materials 26
4. DETERMINING WHETHER A DOCUMENT
CONTAINS TSCA CBI 26
5. RECEIPT OF MAIL CONTAINING TSCA CBI
MATERIAL 27
-------�
TSCA CBI Security Manual 7700
1/93
6. CHALLENGING TSCA CBI CLAIMS DURING
AND AFTER INSPECTIONS 27
a. Informal inquiries 27
b. Formal challenges 27
c. When considering a challenge 28
B. MANAGER RESPONSIBILITIES 28
IN GENERAL 28
C. DOCUMENT CONTROL OFFICER (DCO)
RESPONSIBILITIES 29
1. IN GENERAL 29
2. MAINTAINING A DOCUMENT TRACKING
SYSTEM 29
a. Automated document tracking systems 30
b. Manual tracking systems 31
3. MAINTAINING THE INVENTORY LOG 31
4. DELIVERING AND RECEIVING TSCA CBI
MATERIALS 32
a. Reviewing documents for completeness 32
b. Maintaining a receipt log 32
5. STORAGE OF TSCA CBI MATERIALS 33
6. MAINTAINING RECORDS OF LOCK
COMBINATIONS 33
7. CONDITIONS FOR CHANGING LOCK
COMBINATIONS 34
8. UPDATING THE TSCA CBI AUTHORIZED
ACCESS LIST 34
9. MONITORING AND CONTROLLING WHO
OBTAINS TSCA CBI MATERIALS 34
10. MONITORING OVERDUE TSCA CBI
MATERIALS 35
-------�
TSCA CBI Security Manual 7700
1/93
11. ASSISTING EMPLOYEES IN DETERMINING
WHETHER DOCUMENTS CONTAIN TSCA CBI
AND IN SANITIZING DOCUMENTS FOR
PUBLIC DISCLOSURE 35
12. SUPERVISING THE REPRODUCTION AND
DESTRUCTION OF TSCA CBI MATERIALS 35
13. CONTROLLING THE TRANSFER OF TSCA
CBI MATERIALS BETWEEN FACILITIES 36
Packaging and Arranging Transfer of TSCA CBI
Material 36
14. ASSISTING EMPLOYEES WITH OBTAINING
AND MAINTAINING TSCA CBI ACCESS
AUTHORITY 36
15. PERFORMING EMPLOYEE DOCUMENT AUDITS . 36
16. PERFORMING AN INVENTORY OF HARD-COPY
TSCA CBI DOCUMENTS 37
17. WHEN DCOS TERMINATE THEIR EMPLOYMENT
OR RELINQUISH THEIR DCO RESPONSIBILITIES . 37
CHAPTER 4
PROCEDURES FOR USING AND PROTECTING TSCA CBI
MATERIALS 39
A. MARKING MATERIALS AS TSCA CBI 39
1. TSCA CBI COVER SHEETS 39
2. TSCA CBI STAMP 39
B. PROCEDURES FOR USING TSCA CBI DOCUMENTS
INSIDE OR OUTSIDE OF SECURE STORAGE AREAS ... 39
1. EMPLOYEE RESPONSIBILITIES, IN GENERAL ... 39
2. PROCEDURES FOR USING TSCA CBI DOCUMENTS
OUTSIDE OF SECURE STORAGE AREAS 40
a. Two types of containers are approved 40
b. Open/close signs 40
c. More than one person can use a storage
container 40
-------�
TSCA CBI Security Manual 7700
1/93
3. PROCEDURES FOR USING TSCA CBI
DOCUMENTS INSIDE SECURE STORAGE
AREAS 40
Unauthorized persons inside secure storage areas 41
C. HOW TO OBTAIN APPROVAL FOR ESTABLISHING
A SECURE STORAGE AREA 41
D. SECURING AN AREA 42
SECURE STORAGE AREA REQUIREMENTS 42
1. Maintaining security of lock combinations 42
2. Electronic card keys 42
E. PROCEDURES FOR OBTAINING TSCA CBI 43
1. HOW TO OBTAIN TSCA CBI FROM THE CBIC OR
OTHER CENTRALIZED STORAGE FACILITY .... 43
a. Safeguarding TSCA CBI documents 43
b. Obtaining a receipt for returned documents .... 43
c. Transferring TSCA CBI materials between a
DCO and people under his or her
supervision in a centralized secure
storage area 43
2. HOW TO OBTAIN TSCA CBI FROM ANOTHER
EMPLOYEE WITHIN THE SAME FACILITY 44
Keeping records on transfers 44
F. PROCEDURES FOR TRANSFERRING TSCA CBI TO
AN EMPLOYEE AT ANOTHER FACILITY 45
1. IN GENERAL 45
2. PROCEDURES FOR TRANSFERRING TSCA CBI
MATERIALS 45
-------�
TSCA CBI Security Manual 7700
1/93
a. Procedures for sending or receiving TSCA CBI
materials through the U.S. Postal Service 45
b. Procedures for hand delivery of TSCA CBI
materials 46
c. Procedures for transmitting TSCA CBI
materials by courier or U.S. Postal
Service Express Mail 46
G. PROCEDURES FOR RECEIVING AND SENDING
FACSIMILES (FAXES) THAT CONTAIN TSCA CBI .... 47
1. PROCEDURES FOR SENDING OR RECEIVING
FAXES BETWEEN EMPLOYEES AUTHORIZED
FOR ACCESS TO TSCA CBI 47
2. WHEN INDUSTRY OFFICIALS OR INDUSTRY
SUBMITTERS REQUEST THAT TSCA CBI BE
FAXED TO THEM 48
3. WHEN AN INDUSTRY OFFICIAL OR INDUSTRY
SUBMITTER ASKS TO FAX TSCA CBI TO EPA ... 48
H. DISCUSSING TSCA CBI ON THE TELEPHONE 49
1. TELEPHONE CALLS WITH EMPLOYEES
AUTHORIZED FOR TSCA CBI ACCESS 49
2. TELEPHONE CALLS WITH SUBMITTERS 49
Telephone Logs 50
I. ELECTRONIC MAIL CANNOT BE USED TO
TRANSMIT TSCA CBI 50
J. USE OF TSCA CBI AT TELE-VIDEO CONFERENCES ... 50
K. PROCEDURES FOR HANDLING DOCUMENTS AND
OTHER MATERIALS PRODUCED BY EMPLOYEES
USING TSCA CBI DOCUMENTS 51
1. NEW TSCA CBI DOCUMENTS 51
2. NEW NON-CONFIDENTIAL DOCUMENTS 51
3. PERSONAL WORKING PAPERS 51
-------�
TSCA CBI Security Manual 7700
1/93
a. Transferring personal working papers to another
employee 52
b. Keeping records on transfers 52
c. Transferring personal working papers to a typist . 52
d. Procedures for storing personal working papers . . 53
e. Procedures for destroying personal working
papers 53
L. CREATING NON-CONFIDENTIAL MATERIALS FROM
TSCA CBI DOCUMENTS 53
1. IN GENERAL 53
2. NON-CONFIDENTIAL DOCUMENTS 53
a. When TSCA CBI data are replaced with non-
confidential data or descriptive terms 54
b. When a submitting company drops its claim
of confidentiality 54
M. PROCESS FOR DECLASSIFYING TSCA CBI
MATERIALS 54
HOW TO DECLASSIFY TSCA CBI MATERIALS ... 54
N. REPRODUCTION OF TSCA CBI MATERIALS 55
1. IN GENERAL 55
2. EMPLOYEE'S ROLE 55
3. DCO RESPONSIBILITIES 55
a. Control of copies 56
b. Distributing copies to other employees 56
c. Authorizing use of other photocopying machines
when machines in secure locations break
down 56
O. PROCEDURES FOR DESTROYING TSCA CBI
MATERIALS 57
1. IN GENERAL 57
-------�
TSCA CBI Security Manual 7700
1/93
2. WHO IS PERMITTED TO DESTROY TSCA CBI
MATERIALS 57
a. EPA and Federal employees 57
b. Contractor employees 57
3. DESTRUCTION METHODS 57
4. DOCUMENTING DESTRUCTION 57
P. USE OR DISCUSSION OF TSCA CBI DURING
MEETINGS 58
1. WHAT IS CONSIDERED A MEETING? 58
2. PROCEDURES FOR CIRCULATING DOCUMENT
COPIES AT A MEETING 58
a. Personal working papers 58
b. Documents that have been logged out to an
employee 59
3. PROCEDURES FOR DISCUSSING TSCA CBI
DURING MEETINGS 59
a. Meeting chairperson's duties 59
b. Records of meeting must be treated as
TSCA CBI 60
Q. TRAVELING WITH TSCA CBI MATERIALS 60
1. IN GENERAL 60
2. MAINTAINING SECURITY FOR TSCA CBI
MATERIALS WHILE TRAVELING 60
a. Storing TSCA CBI materials while traveling .... 60
b. Transferring possession of TSCA CBI materials
while traveling 61
R. WORKING WITH TSCA CBI AT A PERSONAL
RESIDENCE 61
-------�
TSCA CBI Security Manual 7700
1/93
S. WORKING WITH TSCA CBI MATERIALS ON
COMPUTERS 62
1. IN GENERAL 62
2. AUTHORIZATION TO OBTAIN ACCESS TO
TSCA CBI DATA STORED ON THE
MAINFRAME COMPUTER 62
Obtaining authorization to access the TSCA CBI
mainframe from a remote site 62
3. SETTING UP A LOCAL-ARE A NETWORK (LAN) . . 62
4. USE OF WIDE-AREA NETWORKS (WANS) IS
NOT PERMITTED 62
5. USING PERSONAL COMPUTERS (PCS) TO
WORK WITH TSCA CBI DATA 63
a. Procedures for using TSCA CBI data on a PC
outside of a secure storage area 63
b. Processing and storing TSCA CBI data on
floppy and hard disks 63
c. Maintaining security for floppy and detachable
hard diskettes containing TSCA CBI data 64
d. Terminating a TSCA CBI PC session for PCs
located outside secure storage areas 64
e. Security procedures for PC printouts of
TSCA CBI data 64
6. USING THE TSCA CBI MAINFRAME COMPUTER . 65
a. Obtaining printouts of TSCA CBI data from the
mainframe computer 65
b. Security procedures for printouts from the
TSCA CBI mainframe computer 65
7. MINI COMPUTERS 66
Security controls for TSCA CBI data on mini
computers 66
-------�
TSCA CBI Security Manual 7700
1/93
8. SECURITY FOR TSCA CBI DATA STORED
ON CONTRACTOR'S COMPUTERS 66
T. DEVELOPMENT OF PHOTOGRAPHIC MATERIALS .... 66
1. PHOTOGRAPHS CAN BE CLAIMED AS
TSCA CBI 66
2. VIDEO TAPES CAN BE CLAIMED AS
TSCA CBI 67
CHAPTERS
REPORTING AND INVESTIGATION OF VIOLATIONS OF
PROCEDURES, LOST DOCUMENTS, AND UNAUTHORIZED
DISCLOSURES 69
A. EMPLOYEE REPORTING PROCEDURES 69
1. ORAL REPORT MUST BE MADE WITHIN
ONE WORKING DAY 69
2. WRITTEN REPORT MUST BE MADE WITHIN
TWO WORKING DAYS 69
Employee's division director or project officer's
duties 70
B. REVIEW AND INVESTIGATION OF EMPLOYEE'S
REPORT 70
1. WHEN POSSIBLE VIOLATION OF THIS
MANUAL'S SECURITY PROCEDURES
HAS OCCURRED 70
2. WHEN TSCA CBI MATERIALS CANNOT BE
ACCOUNTED FOR 71
Notification to the submitting company 71
3. WHEN UNAUTHORIZED DISCLOSURE OF
TSCA CBI MATERIALS MAY HAVE
OCCURRED 71
-------�
TSCA CBI Security Manual 7700
1/93
a. Notification to the submitting company 71
b. EPA Office of General Counsel 71
C. PENALTY GUIDELINES FOR VIOLATION OF THIS
MANUAL'S PROCEDURES 71
1. DETERMINING THAT A VIOLATION HAS
OCCURRED 72
2. DETERMINING AN APPROPRIATE REMEDY .... 72
3. ADMINISTRATIVE PENALTIES 73
4. CRIMINAL PENALTIES 73
5. CORRECTIVE ACTIONS 74
6. IMD DIRECTOR CAN ALSO RECOMMEND
THAT NO ACTION BE TAKEN 74
-------�
TSCA CBI Security Manual 7700
1/93
LIST OF APPENDICES
Appendix Title
1 TSCA CBI Access Request, Agreement, and Approval
2 TSCA CBI ADP User Registration
3 Standard Form 86: Questionnaire for Sensitive
Positions
4 Fingerprint Chart
5 Request for Building Pass
6 Request for Approval of Contractor Access to TSCA
Confidential Business Information
7 Contractor Information Sheet
8 EPAAR Contract Clauses
9 Confidentiality Agreement for United States Employees
Upon Relinquishing TSCA CBI Access Authority
10 Confidentiality Agreement for Contractor Employees
Upon Relinquishing TSCA CBI Access Authority
11 EPA Form 3110-1: Employee Separation or Transfer
Checklist
12 TSCA CBI Stamp
13 TSCA CBI Cover Sheet
-------�
TSCA CBI Security Manual 7700
1/93
14 TSCA CBI Visitors Log
15 Receipt Log
16 Inventory Log
17 Temporary Loan Receipt for TSCA Confidential
Business Information
18 Permanent Transfer Receipt for TSCA CBI.
19 Memorandum of TSCA CBI Telephone Conversation
20 Federal Agency, Congress, and Federal Court Sign-out
Log
21 Revision Transmittal Sheet
22 Document Reconciliation/Annual Certification
11
-------�
TSCA CBI Security Manual 7700
1/93
CONTACTS
Questions about the procedures in this manual should be directed to
• Chief, TSCA Information Management Branch
Information Management Division
Office of Pollution Prevention and Toxics (TS-793)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-0425
Other sources for information are
• Document Control Officer
Office of Pollution Prevention and Toxics (TS-790)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-1532
• TSCA Security Staff
Office of Pollution Prevention and Toxics (TS-792-A)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-6475
• Director
Information Management Division
Office of Pollution Prevention and Toxics (TS-793)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-3938
111
-------�
TSCA CBI Security Manual
GLOSSARY OF ACRONYMS
7700
1/93
ADTS Automated Document Tracking System
CBI Confidential Business Information
CBIC Confidential Business Information Center
CBITS Confidential Business Information Tracking System
CFR Code of Federal Regulations
DAPSS Document and Personnel Security System
DCO Document Control Officer
DCA Document Control Assistant
OPPT DCO Office of Pollution Prevention and Toxics Document
Control Officer
EPA United States Environmental Protection Agency
FAX Facsimile Transmission
FMSD Facilities Management and Services Division
TIME TSCA Information Management Branch
IMD Information Management Division
LAN Local-Area Network
MBI Minimum Background Investigation
OAM Office of Acquisition Management
IV
-------�
TSCA CBI Security Manual
OGC Office of General Counsel
OPPT Office of Pollution Prevention and Toxics
PMN Premanufacture Notification
PC Personal Computer
TSCA Toxic Substances Control Act
WAN Wide-Area Network
7700
1/93
-------�
TSCA CBI Security Manual 7700
1/93
BACKGROUND ON TERMINOLOGY AND EPA OFFICES
Office of Pollution Prevention and Toxics (OPPT) director: The
OPPT director has overall authority for managing TSCA activities, including
TSCA security programs.
Information Management Division (IMD) director: The IMD director
is responsible for day-to-day implementation of TSCA CBI and control
programs, including developing policies for the use and handling of TSCA CBI
and operating the EPA headquarters Confidential Business Information Center
(CBIC).
TSCA security staff: The TSCA security staff is responsible for
security-related activities, including reviewing security procedures, performing
facility site inspections, and investigating violations of the procedures con-
tained in this manual.
OPPT document control officer (OPPT DCO): The OPPT DCO
provides day-to-day support to other Federal and contractor DCOs nationwide.
This includes issuing the TSCA CBI authorized access list and processing
forms and records pertaining to requests for TSCA CBI access authority for
organizations and individuals. The OPPT DCO is assigned to the Information
Management Division. He or she manages the headquarters CBIC, oversees
other DCOs at headquarters, and provides training materials and guidance to
all DCOs on appropriate TSCA CBI handling procedures.
Facility document control officer (DCO): The facility DCO is
responsible for managing the collection of records and document tracking
system for the site where he or she is employed. The number of employees
at a facility determines how many facility DCOs there are. For instance,
about 30 facility DCOs are assigned to EPA headquarters. The facility DCO
also has oversight authority for the receipt, storage, transfer, use, reproduction
and destruction of TSCA CBI in his or her organization or facility.
Employee document control officer (DCO): At facilities where there
are multiple facility DCOs, each DCO will be assigned responsibility for a
VI
-------�
TSCA CBI Security Manual 7700
1/93
number of individual employees. In this role, the facility DCO assists each
employee in requesting and renewing TSCA CBI access authorization.
Document control assistants (DCAs): The OPPT DCO and facility
DCOs can nominate DCAs to assist them in performing document control
functions. If a procedure in this manual requires that a document be taken to
the DCO, the document may be taken to either the facility DCO or DC A.
Requesting official: This is (1) the employee's immediate supervisor
or higher authority who nominates a Federal employee for TSCA CBI access
or (2) the EPA project officer who nominates a contractor employee for TSCA
CBI access. Requesting officials' responsibilities include ensuring that their
employees renew their TSCA CBI access authority yearly, determining when
their employees no longer require access authority, authorizing their employees
to transfer TSCA CBI using a courier or express mail, and initiating or
reviewing their employees' reports of violations of this manual's procedures.
EPA Confidential Business Information Center (CBIC): The primary
area for storing and using TSCA CBI is the EPA CBIC, at EPA headquarters,
in Washington, D.C. If appropriate, EPA may authorize TSCA CBI access
at other facilities, including EPA regional offices, other Federal agency offic-
es, and contractor facilities.
Facility: Any location where EPA, a government contractor, or another
Federal agency stores and uses TSCA CBI. Different security procedures are
required at facilities outside of EPA headquarters and at contractor sites;
however, the same general procedures are in force at all facilities.
Secure storage area (SSA): An area that is secured from persons not
authorized for access to TSCA CBI. Secure storage areas house the bulk of
an organization or facility's TSCA CBI records or serve as an organization or
facility's primary TSCA CBI work area, or both.
Contractors and subcontractors: Individuals who perform work under
a contract with the United States government.
Authorized access list: A list of people who are authorized for access
to TSCA CBI.
Vll
-------�
TSCA CBI Security Manual 7700
1/93
EPA project officer: An EPA employee who monitors the technical
aspects of a contract that authorizes TSCA CBI access.
TSCA CBI: Information claimed business confidential under EPA's
confidentiality regulations at 40 CFR Part 2. TSCA CBI materials are
documents or any other information-bearing media that contain TSCA CBI.
Most TSCA CBI materials and/or documents consist only partially of
confidential business information.
Vlll
-------�
TSCA CBI Security Manual 7700
1/93
CHAPTER 1
INTRODUCTION
This manual sets forth procedures for Environmental Protection
Agency (EPA) employees, other Federal employees, contractors, and
contractor employees to follow in handling information claimed as confidential
business information (CBI) under Section 14 of the Toxic Substances Control
Act (TSCA) (15 U.S.C. §2613). That section of TSCA requires EPA to
protect from public disclosure CBI obtained under TSCA, and it imposes
criminal penalties for the knowing and willful unauthorized release or
disclosure of such information. EPA has issued regulations (40 CFR Part 2)
that implement TSCA's confidentiality provisions. The procedures in this
manual supplement those set forth in TSCA and in 40 CFR Part 2.
Section 14(a)(l) of TSCA permits EPA to authorize Federal
employees, contractors and contractor employees for access to TSCA CBI
when such access is necessary to perform work in connection with the
agency's duties under a health or environmental protection statute or for
specific law enforcement purposes.
Most TSCA CBI access occurs at EPA Headquarters, where the
primary storage and use of TSCA CBI is in the EPA Confidential Business
Information Center (CBIC). If required, EPA may authorize CBI access at
other facilities, including EPA Regional Offices, other Federal agency offices,
and contractor facilities. Procedures for handling, using, and storing TSCA
CBI are generally uniform at all facilities. However, some differences in
security procedures are required at facilities outside of EPA Headquarters, and
at contractor sites.
A. GUIDING PRINCIPLES
FOR SITUATIONS OUTSIDE OF THE MANUAL
EPA recognizes that situations not covered by this manual may arise.
In such cases, each Federal and contractor employee who is granted TSCA
CBI access will act under the following guiding principles:
• Each user of TSCA CBI will ensure through personal conduct
and accountability that he or she follows all guidelines
-------�
TSCA CBI Security Manual 7700
1/93
established by EPA, contractors, or other Federal agencies to
protect to the best of his or her ability all TSCA CBI
documents.
• Each user will support management and other employees in
carrying out their responsibilities for the protection, control,
and security of TSCA CBI.
B. MANUAL UPDATES AND REVISIONS TO PROCEDURES
Whenever procedures change for the control, storage, security, and
handling of TSCA CBI, EPA will update the relevant pages in this manual.
A change transmittal sheet will be issued with each set of revised pages. It is
suggested that the change transmittal sheets be filed in the back of the manual
in sequential order. This manual includes a security manual update transmittal
sheet (Appendix 21), which should be used to record revisions.
-------�
TSCA CBI Security Manual 7700
1/93
CHAPTER 2
HOW TO AUTHORIZE FEDERAL EMPLOYEES,
CONTRACT EMPLOYEES, AND CONGRESS FOR
ACCESS TO TSCA CBI
To obtain clearance for TSCA CBI access, employees of EPA, other
Federal agencies, and contractors must fill out EPA Form 7740-6, "TSCA CBI
Access Request, Agreement, and Approval" (Appendix 1). In addition, a
separate form is sometimes required for obtaining computer access to TSCA
CBI.
• Federal employees can obtain the forms from the EPA Form
Distribution Centers. If the distribution centers are out of
stock, the forms can be obtained from the OPPT DCO.
• Contractors can obtain the forms from their EPA project
officer. If necessary, contractors can also obtain the forms
from the OPPT DCO.
A. STEPS TO TSCA CBI ACCESS FOR EPA EMPLOYEES
1. AUTHORIZING ACCESS.
a. COMPLETING AND SUBMITTING THE FORMS. The first step for EPA
employees to obtain TSCA CBI access is the completion of Form 7740-6. The
employee must submit the form to the facility DCO on site.
The DCO reviews the form for completeness and accuracy before
forwarding it to the employee's immediate supervisor, to whom this manual
will hereafter refer as the employee's requesting official. The supervisor will
review the completed form. If the supervisor approves the form, he or she
signs line 20 and returns it to the facility DCO. By signing the form, the
supervisor verifies that the individual has attended a Security Briefing. The
facility DCO will forward the form to the OPPT DCO for review and final
approval.
-------�
TSCA CBI Security Manual 7700
1/93
b. A SEPARATE FORM IS REQUIRED TO OBTAIN COMPUTER ACCESS TO
TSCA CBI DATA. Employees who require online access to TSCA CBI data
stored on the mainframe computer, mini computers, or computers linked by
local area network must submit Form 7740-25, "TSCA CBI ADP User
Registration Form" (Appendix 2) to the DCO on site, who will forward the
form to the OPPT DCO for processing.
c. INDIVIDUAL ACCESS FILES. A DCO is responsible for establishing
an access file for each employee in his or her organization who is granted
authority to access TSCA CBI. The file must contain a copy of all forms or
other documentation related to the employee's TSCA CBI clearance. If
required by personnel regulations, the "SF 86 Questionnaire For Sensitive
Positions" (Appendix 3) can be kept in the employee's official personnel file.
The files must be maintained in alphabetical order by employee name.
Contractors' access files are kept by the DCOs at their facilities; the OPPT
DCO maintains all EPA headquarters employees' access files.
d. SECURITY BRIEFING is REQUIRED. It is the responsibility of
requesting officials to ensure that their employees (1) read this manual and (2)
attend a security briefing on procedures for handling TSCA CBI documents.
Employees must attend a briefing on CBI security procedures before they are
allowed access to TSCA CBI. The briefing, on video, is presented weekly by
the OPPT DCO. It can also be presented by a facility DCO.
e. APPROVAL FOR TSCA CBI ACCESS OR WAIVER FOR IMMEDIATE
ACCESS. The OPPT DCO will add the employee's name to the TSCA CBI
authorized access list when the employee is approved for TSCA CBI access.
The OPPT DCO will notify the employee's DCO of approval by sending him
or her the TSCA CBI authorized access list.
Facility DCOs must notify the OPPT DCO by the 15th of each
month of additions or deletions that must be made to the TSCA CBI authorized
access list.
A requesting official may allow an employee access to TSCA CBI
before receiving final approval from the OPPT DCO under the following
conditions: The requesting official has determined that immediate access is
necessary, the required forms have been completed and submitted to the OPPT
-------�
TSCA CBI Security Manual 7700
1/93
DCO, and the employee has attended the security briefing. Access is
permitted for 10 days.
f. TSCA CBI AUTHORIZED ACCESS LIST. After EPA employees are
approved for TSCA CBI access, they are listed on the TSCA CBI authorized
access list. EPA's CBIC uses the list, with the automated Confidential
Business Information Tracking System (CBITS), to control access to TSCA
CBI materials. The list includes the names of employees cleared for TSCA
CBI computer access and the expiration date for their access. The OPPT DCO
provides copies of the access list monthly to DCOs and can answer inquiries
about whether an employee is authorized for access to TSCA CBI.
2. REQUIREMENTS FOR MAINTAINING ACCESS.
a. GENERAL INFORMATION. Each year, EPA employees who are
authorized for access to TSCA CBI must follow certain procedures to maintain
their access.
b. DOCUMENT AUDIT PROCEDURE. The DCO will furnish the employee
with a report listing all documents that the DCO's manual or automated
inventory log shows as charged out to that employee. The employee must
reconcile the report by (1) verifying that he or she has the listed documents in
his or her possession and signing the Document Reconciliation Certification
(Appendix 22), (2) notifying the DCO that he or she doesn't have the
documents in his or her possession and so indicating on the Document
Reconciliation Certification, or (3) indicating on the Document Reconciliation
Certification that no documents are charged out. If the DCO fails to locate the
documents, he or she must follow the procedures discussed in Chapter 5.
Once a report is submitted, as required by Chapter 5, the DCO after receiving
written approval from the employee's requesting official may renew the
employee's access.
After the DCO reviews the Document Reconciliation Certification,
he or she will file a copy of the certification form in the employee's Individual
Access File.
-------�
TSCA CBI Security Manual 7700
1/93
c. SCHEDULING AN ANNUAL SECURITY BRIEFING. After the Document
Reconciliation Certification process is completed, the next step is for the
employee to attend a security briefing. The facility DCO is responsible for
scheduling annual security briefings for employees. If employees attend a
briefing presented by a facility DCO, it is the facility DCO's responsibility to
provide their names to the OPPT DCO.
d. FAILURE TO ATTEND AN ANNUAL SECURITY BRIEFING. The OPPT
DCO will suspend the access authority of any employee who fails to attend a
security briefing within a year of his or her last briefing. The OPPT DCO
will notify the employee's requesting official of the suspension. If the
employee does not attend an annual security briefing within 30 days from the
date his or her access expired, the OPPT DCO will on the 30th day terminate
the employee's TSCA CBI authorization and deactivate the employee's
electronic card key for accessing TSCA CBI secure storage areas, along with
all computer access authorization, including user identifications and passwords.
e. REAPPLYING FOR TSCA CBI ACCESS. If an employee has been
removed from the TSCA CBI authorized access list, he or she must reapply
for TSCA CBI access. Employees who must reapply for TSCA CBI access
must follow the procedures in section A. 1 of this chapter. Contact the OPPT
DCO for specific instructions before submitting renewal forms.
f. EMPLOYEE TRANSFERS WITHIN EPA. The OPPT DCO must be
notified when an employee transfers to another branch, division, or office if
the new position requires TSCA CBI access. It is the responsibility of the
employee's former requesting official to notify the OPPT DCO of the transfer
so the employee's current access authorization can be cancelled. If the
employee's new position requires TSCA CBI access, his or her new requesting
official is responsible for submitting a completed Form 7740-6 "TSCA CBI
Access Request, Agreement, and Approval."
B. STEPS TO TERMINATING TSCA CBI ACCESS
FOR EPA EMPLOYEES
1. GENERAL INFORMATION. Authorization for access to TSCA CBI
must be terminated when
-------�
TSCA CBI Security Manual 7700
1/93
• The employee stops working at EPA.
• The employee transfers to a new position in EPA that does not
require access to CBI.
• The employee fails to attend the annual security briefing.
• The employee receives an administrative penalty suspending his
or her authority to access TSCA CBI.
2. REQUIREMENTS FOR TERMINATING ACCESS.
a. FORM 7740-16. When an employee's TSCA CBI clearance is
relinquished or revoked, he or she must complete EPA Form 7740-16,
"Confidentiality Agreement for United States Employees Upon Relinquishing
TSCA CBI Access Authority" (Appendix 9). The employee's requesting
official and facility DCO are responsible for ensuring that the employee
completes the form within five days after the employee's TSCA CBI access
authority is canceled.
The employee must submit the completed form to his or her
requesting official, who sends it to the OPPT DCO. The requesting official
must also send a copy of the completed form to the facility DCO for placement
in the employee's TSCA CBI Access File.
b. DOCUMENT AUDIT PROCEDURE. After receiving Form 7740-16, the
facility DCO will furnish the employee with a report listing all the documents
that the CBITS system, DAPSS system, and the facility DCO's manual or
automated inventory log show as being in the employee's possession. The
employee is responsible for returning these documents. All of the returned
documents must be re-entered into the collection of records before any
individual TSCA CBI document charged out to a terminating employee can be
reissued to another TSCA CBI-cleared employee.
C. DCO RESPONSIBILITIES AFTER DOCUMENT AUDIT IS COMPLETED.
After the document reconciliation is complete, the facility DCO will
• Request that the OPPT DCO remove the employee's name
from the TSCA CBI authorized access list.
-------�
TSCA CBI Security Manual 7700
1/93
• Inform the employee DCO that the employee is no longer
authorized for CBI access.
• Request that the OPPT DCO instruct the Facilities Management
and Services Division (FMSD), Office of Administration, to
invalidate the employee's electronic entry card for EPA
headquarters TSCA CBI secure storage areas.
• Change the combinations to locks for any TSCA CBI secure
storage containers to which the employee had access. At EPA
headquarters, the facility DCO can request that a security
representative of FMSD's Security Management Section change
the lock combinations for any TSCA CBI storage containers or
secure storage areas.
The OPPT DCO will direct IMD's TSCA Systems Section to
invalidate the employee's TSCA CBI computer user identification code and
passwords for all mainframe, mini, or micro computer systems to which the
employee had access. When the TSCA Systems Section completes the
invalidation, the section will provide written confirmation to the OPPT DCO.
d. MISSING DOCUMENTS. The facility DCO must assume that a TSCA
CBI document is missing when it is not received within 30 days of issuing the
employee the list of items charged out to him or her. The procedures for
reporting these documents as missing are in Chapter 5 of this manual.
e. EMPLOYEE RESPONSIBILITIES. Employees who are relinquishing
their TSCA CBI access authority are responsible for returning all TSCA CBI
documents and magnetic media in their possession to the facility's DCO.
Employees who are terminating their employment must return to FMSD all
electronic entry cards for EPA headquarters facilities. Regional or laboratory
employees who have electronic entry cards for secure storage areas must
relinquish those cards to the issuing office prior to signing Form 7740-16,
"Confidentiality Agreement for United States Employees Upon Relinquishing
TSCA CBI Access Authority." EPA headquarters employees who are
terminating their employment must obtain signatures from the OPPT DCO and
8
-------�
TSCA CBI Security Manual 7700
1/93
FMSD on the "Employee Separation or Transfer Checklist", EPA Form
3110-1 (Appendix 11) when relinquishing their TSCA CBI clearance.
C. STEPS TO TSCA CBI ACCESS
FOR CONTRACTORS AND SUBCONTRACTORS
AUTHORIZING ACCESS.
1. DETERMINING WHETHER ACCESS TO TSCA CBI is NECESSARY. It
is EPA's responsibility to decide whether access to TSCA CBI is necessary for
a contractor to successfully perform the conditions of a contract with the U.S.
government. Depending on the contract, the EPA project officer, the EPA
delivery order project officer, or the EPA work assignment manager (in the
case of GSA zone contracts) will evaluate the need for TSCA CBI access.
If it is determined that access is necessary, the EPA project officer,
EPA delivery order project officer, or the EPA work assignment manager must
complete EPA Form 7740-17, "Request for Approval of Contractor Access to
TSCA Confidential Business Information" (Appendix 6). Form 7740-17
should be submitted as early in the contracting process as possible.
• For new contracts, Form 7740-17 should be submitted to the
IMD director with the initial procurement package.
• For existing contracts, a delivery order will probably be
necessary to modify the contract. Form 7740-17 should be
submitted to the IMD director prior to the modification request.
The EPA project officer must forward the form to his or her division
director or a supervisor of equivalent authority, who will sign the form as the
requesting official and forward it to the IMD director for final approval.
When the IMD director signs the form, TSCA CBI access, under the contract,
is effective. However, before access is permitted at a contractor's site, the
contractor must set up a secure environment for handling and storing TSCA
CBI.
2. EPA CONTRACTORS WHO RECEIVE TSCA CBI MUST SET UP A
SECURE ENVIRONMENT FOR HANDLING AND STORING TSCA CBI. In
-------�
TSCA CBI Security Manual 7700
1/93
establishing a secure environment, contractors are bound by (1) the conditions
and terms of their contracts with EPA and (2) the requirements of this manual.
Each contractor must maintain TSCA CBI in a secure environment that meets
or exceeds the requirements contained herein. In addition to the physical
security procedures set forth in Chapter 4, a two-barrier system must be used
to protect TSCA CBI at any contractor's storage site that is not located within
an EPA or other Federal Agency facility. Barrier 1 would consist at a
minimum of perimeter walls that are constructed from "slab to slab" and do
not have false ceilings that would permit entry into the contractor's work space
by simply climbing over a corridor wall. Doors that provide ingress or egress
must have pin tumbler deadbolt locks installed (unless the door is for
emergency egress, in which case it would have a crash bar with an audible
alarm). All doors providing ingress or egress that have hinge pins exposed to
public corridors must be pinned or constructed in such a way so as to prevent
removal of the hinge pin. Barrier 2 consists of any of the storage containers
listed in Chapter 4. Contractors should contact the TSCA security staff if they
have any questions about establishing or maintaining the security of TSCA
CBI.
3. SITE INSPECTION. After the contractor has established a secure
environment for TSCA CBI, the TSCA security staff must inspect the site.
TSCA CBI access will not be authorized at the contractor's site without the
approval of the TSCA Security Staff.
4. REQUIRED CONTRACT LANGUAGE. All contracts that are approved
by the IMD director for TSCA CBI access must contain one or more of the
following appropriate contract clauses: EPAAR 1552.235-70, EPAAR
1552.235-71, and EP 52.235-120, November, 1992 (Appendix 8). The EPA
project officer is responsible for (1) notifying EPA's Office of Acquisition
Management (OAM) contracting officer that the required TSCA CBI language
is necessary and (2) forwarding Form 7740-17 to OAM, after the IMD
director has signed it.
5. NOTICE TO AFFECTED BUSINESSES. Pursuant to 40 CFR Part
2.306(j), EPA must notify affected businesses prior to allowing TSCA CBI
access to a contractor or subcontractor. IMD will prepare the notice and, at
its discretion will (1) publish it in the Federal Register or (2) send it to
individual businesses by letter via certified mail, return receipt requested. The
10
-------�
TSCA CBI Security Manual 7700
1/93
notice must be given at least 10 calendar days before access takes place by
Federal Register notice, telegram, or certified mail (return receipt requested).
The EPA project officer must initiate the notice process at least 60
days before the date that TSCA CBI access is to begin. The first step is to
complete a Contractor Information Sheet (Appendix 7), which the OPPT DCO
uses to prepare the notice. The IMD director signs the notice, which signifies
that the contractor(s) identified in the notice is authorized for access to TSCA
CBI.
The notice must contain the following:
• The identity of the contractor or subcontractor to which TSCA
CBI is to be disclosed.
• The contract number.
• An explanation of why access to TSCA CBI is necessary for
satisfactory performance of the contract.
• Whether access is authorized only on EPA premises or also at
the contractor's or subcontractor's facilities.
• The type of information to be disclosed.
• The period of time for which access to TSCA CBI is
authorized.
6. FACILITY DCO AT THE CONTRACTOR'S SITE. The contractor DCO
(1) serves as the liaison between EPA and the contractor on issues relating to
TSCA CBI, (2) assists the EPA facility DCO in requesting and maintaining
TSCA CBI access authorization for individual contractor employees (see
Chapter 3), and (3) assists in TSCA CBI handling. The contractor DCO
serves this function even when contractor employee access to TSCA CBI will
occur at EPA facilities.
7. HOW TO ASSIGN A DCO. The EPA project officer is responsible
for identifying two qualified contractor employees to act as the contractor
DCO and the alternate DCO. The EPA project officer must nominate the
11
-------�
TSCA CBI Security Manual 7700
1/93
employees to the OPPT DCO. The nomination, submitted in writing, must
include the employees' names, telephone numbers, electronic mail numbers,
fax numbers, mailing addresses, and qualifications. The contractor DCO must
be in place before the contractor is allowed access to TSCA CBI. (See
Chapter 3 for information about the nomination process.)
8. IDENTIFYING CONTRACTOR EMPLOYEES FOR CLEARANCE. After
completion of the above requirements, the EPA project officer, EPA delivery
order project officer, or the EPA work assignment manager is responsible for
conferring with contractor officials to determine which contractor employees
require TSCA CBI access authorization. The EPA project officer will request
access authorization for these individuals in the manner described in section
D of this chapter.
D. HOW TO OBTAIN TSCA CBI AUTHORIZATION
FOR EMPLOYEES OF CONTRACTORS AND SUBCONTRACTORS
After a contractor is authorized for access to TSCA CBI, the
contractor's employees must individually request TSCA CBI access authority.
All necessary forms are available from the EPA project officer. If
necessary, the forms can also be obtained from the OPPT DCO.
1. AUTHORIZING ACCESS.
a. COMPLETING AND SUBMITTING THE FORMS. Each contractor
employee who is applying for TSCA CBI access must complete the following
forms:
1) Form 7740-6, "TSCA CBI Access Request, Agreement, and
Approval" (Appendix 1).
2) SF-86, "Questionnaire for Sensitive Positions" (Appendix 3).
3) FD-258, fingerprint chart (two originals) (Appendix 4).
12
-------�
TSCA CBI Security Manual 7700
1/93
4) Form 7740-25, "TSCA CBI ADP User Registration Form," if
online access to a TSCA CBI system or data base is required.
The completed forms must be submitted to the contractor DCO.
After reviewing the forms for accuracy and completeness, the contractor will
forward the forms to the EPA project officer. The EPA project officer will
review the forms and forward them to his or her division director or
supervisor of equivalent authority.
The division director will either sign line 20 of the general access
request form to signify approval of TSCA CBI access or will disapprove
access. The division director will submit the approved forms to the OPPT
DCO for review and approval. After completing the review, the OPPT DCO
will sign the forms and may submit them to the TSCA security staff and the
IMD director for final approval.
b. MINIMUM BACKGROUND INVESTIGATION (MBI). All contractor
employees who are granted access to TSCA CBI will be required to
successfully complete an MBI to maintain TSCA CBI clearance. MBI
investigations are conducted by the U.S. Office of Personnel Management at
the request of the EPA Inspector General. The EPA project officer or work
assignment manager must ensure the MBI investigation requirement is placed
in the official statement of work.
c. INDIVIDUAL ACCESS FILES. The contractor's facility DCO is
responsible for establishing an access file for each employee in his or her
organization who is granted authority to access TSCA CBI. The file will
contain a copy of all forms or other documentation related to the employee's
TSCA CBI clearance. If required by personnel regulations, the SF 86,
"Questionnaire For Sensitive Positions" can be kept in the employee's official
personnel file. The access files will be maintained in alphabetical order by
employee name and stored with the TSCA CBI collection of records. The
OPPT DCO will maintain the Individual Access Files for contract employees
who are located at EPA headquarters.
d. SECURITY BRIEFING is REQUIRED. It is the responsibility of the
requesting official to ensure that employees (1) read this manual and (2) attend
a security briefing on procedures for handling TSCA CBI documents.
13
-------�
TSCA CBI Security Manual 7700
1/93
Employees must attend a briefing on TSCA CBI security procedures before
they are allowed access to TSCA CBI. The briefing, on video, is presented
weekly by the OPPT DCO. It can also be presented by a facility DCO. If
employees attend a briefing presented by a facility DCO, it is the facility
DCO's responsibility to provide their names to the OPPT DCO.
e. APPROVAL FOR TSCA CBI ACCESS OR WAIVER FOR IMMEDIATE
ACCESS. The OPPT DCO will add the contractor employee's name to the
TSCA CBI authorized access list when the employee is approved for CBI
access. The OPPT DCO will notify the employee's DCO of approval by
sending him or her the TSCA CBI authorized access list.
A requesting official may allow a contractor employee access to
TSCA CBI before receiving final approval from the OPPT DCO when all of
the following conditions are met: the requesting official has determined that
immediate access is necessary, the required form(s) has been completed and
submitted to the OPPT DCO, the employee has attended the security briefing,
and the facility at which the employee is working has been inspected and
approved by the TSCA security staff. Access is permitted for 10 days.
f. TSCA CBI AUTHORIZED ACCESS LIST. After contractor employees
are approved for TSCA CBI access, they are listed on the TSCA CBI
authorized access list. The list provides the names of people cleared for TSCA
CBI access, including TSCA CBI computer access, and the date on which their
access expires. Questions about whether a particular person has TSCA CBI
access that can not be answered by consulting the Authorized Access List
should be directed to the OPPT DCO. The OPPT DCO provides copies of the
access list monthly to DCOs.
2. REQUIREMENTS FOR MAINTAINING ACCESS.
a. GENERAL INFORMATION. Each year, contractor employees who are
authorized to access TSCA CBI must follow certain procedures to maintain
their access. The procedures are listed below in the order in which they must
occur.
b. DOCUMENT AUDIT PROCEDURE. The contractor DCO will furnish the
contractor employee with a report listing all documents that the DCO's manual
14
-------�
TSCA CBI Security Manual 7700
1/93
or automated inventory log shows as charged out to that employee. The
employee must reconcile the report by (1) verifying that he or she has the
listed documents in his or her possession and signing the Document
Reconciliation Certification (Appendix 22), (2) notifying the DCO that he or
she doesn't have the documents and indicating on the Document Reconciliation
Certification that the documents are not in his or her possession, or (3)
indicating on the Document Reconciliation Certification that no documents are
charged out. If the DCO fails to locate any documents, he or she must follow
the procedures discussed in Chapter 5.
After the DCO reviews the Document Reconciliation Certification,
he or she will file a copy of the certification form in the employee's Individual
Access File.
c. SCHEDULING AN ANNUAL SECURITY BRIEFING. After the document
audit procedure is completed, the next step is for the employee to attend a
security briefing. The contractor's facility DCO is responsible for scheduling
annual security briefings for employees.
d. FAILURE TO ATTEND AN ANNUAL SECURITY BRIEFING. Contractor
employees will lose their authorization for access to TSCA CBI if they fail to
attend a security briefing within a year of their last briefing. The OPPT DCO
will notify an employee's requesting official of the suspension. If the
employee does not attend an annual security briefing within 30 days from the
date the suspension notice was issued, the OPPT DCO will on the 30th day
terminate the employee's TSCA CBI authorization and deactivate the
employee's electronic card key for accessing TSCA CBI secure storage areas,
along with all computer access authorization, including user identifications and
passwords. It is the responsibility of the requesting official to ensure that the
employee completes the paperwork connected with TSCA CBI termination (see
section E of this chapter).
e. REAPPLYING FOR TSCA CBI ACCESS. If an employee has been
removed from the TSCA CBI authorized access list, he or she must reapply
for TSCA CBI access. To reapply, the employee must follow the procedures
in section D.I of this chapter. Contact the OPPT DCO for specific
instructions before submitting renewal forms.
15
-------�
TSCA CBI Security Manual 7700
1/93
E. PROCEDURES FOR TERMINATING ACCESS TO
TSCA CBI FOR CONTRACTOR EMPLOYEES
1. GENERAL INFORMATION. Authorization to access TSCA CBI must
be terminated when
• The contract is completed.
• Employment of the contractor employee is terminated.
• Contractor employee's duties that require access to TSCA CBI
are terminated.
• The contractor employee fails to attend the annual security
briefing.
• The contractor employee breaches the terms of the
Confidentiality Agreement of EPA Form 7740-6, "TSCA CBI
Access Request, Agreement, and Approval."
• The MBI provides information about the contractor employee
based on which the IMD director determines that access will
not be granted.
2. REQUIREMENTS FOR TERMINATING ACCESS.
a. FORM 7740-18. When a contractor employee's TSCA CBI
clearance is suspended, relinquished, or revoked, he or she must complete
EPA Form 7740-18, "Confidentiality Agreement for Contractor Employees
Upon Relinquishing TSCA CBI Access Authority" (Appendix 10). The
employee's requesting official and DCO are responsible for ensuring that the
employee completes the form within five days after the employee's TSCA CBI
access authority is canceled.
The employee must submit the completed form to his or her
requesting official, who sends it to the OPPT DCO. The requesting official
must also send a copy of the completed form to the facility DCO for placement
in the employee's TSCA CBI Access File.
b. DOCUMENT AUDIT PROCEDURE. After receiving Form 7740-18, the
facility DCO will furnish the contractor employee with a report listing all the
documents that the CBITS system, DAPSS system, and the facility DCO's
inventory log show as being in the contractor employee's possession. The
16
-------�
TSCA CBI Security Manual 7700
1/93
contractor employee is responsible for returning these documents. All of the
returned documents must be re-entered into the collection of records before
any individual TSCA CBI document charged out to the terminating employee
can be reissued to another TSCA CBI-cleared employee.
c. MISSING DOCUMENTS. The facility DCO must assume a TSCA CBI
document is missing when it is not received within 30 days of issuing the
contractor employee the list of items charged out to him or her. The
procedures for reporting these documents as missing are in Chapter 5.
d. DCO RESPONSIBILITIES AFTER DOCUMENT AUDIT IS COMPLETED.
After the document reconciliation is complete, the facility DCO will
• Request that the OPPT DCO remove the employee's name
from the TSCA CBI authorized access list.
• Inform the employee's DCO that the employee is no longer
authorized for TSCA CBI access.
• Request the OPPT DCO to invalidate the employee's electronic
entry card for EPA headquarters TSCA CBI secure storage
areas.
• Change the combinations to locks for any TSCA CBI secure
storage containers to which the employee had access.
The OPPT DCO will direct IMD's TSCA Systems Section to
invalidate the employee's TSCA CBI computer user identification code and
passwords for all mainframe, mini, or micro computer systems to which the
employee had access. When the TSCA Systems Section completes the
invalidation, the section must provide written confirmation to the OPPT DCO.
e. CONTRACTOR EMPLOYEE RESPONSIBILITIES. Employees who are
relinquishing their TSCA CBI access authority are responsible for returning all
TSCA CBI documents and magnetic media in their possession to the facility
DCO. Employees who are terminating their employment must return to the
OPPT DCO all electronic entry cards for EPA headquarters facilities. EPA
17
-------�
TSCA CBI Security Manual 7700
1/93
project officers are responsible for ensuring that all electronic entry cards
issued to contractor employees are returned to the OPPT DCO.
F. PROCEDURES FOR TERMINATING ACCESS
TO TSCA CBI FOR CONTRACTORS
TERMINATING ACCESS TO TSCA CBI WHEN A CONTRACT ENDS.
On the day a contract is completed or access to TSCA CBI ends
under the contract's terms, the contractor DCO must inventory the TSCA CBI
materials that the CBITS system, DAPSS system, and the DCO's manual or
automated inventory log show as being at the contractor's facility. The
contractor DCO must provide the written inventory to the EPA project officer
within 30 calendar days. The EPA project officer must provide a copy of the
results to the OPPT DCO and the TSCA security staff. The contractor DCO
must collect all TSCA CBI materials and document control materials, including
logs and cover sheets, that are in the company's possession. The contractor
must transfer the materials to the OPPT DCO within 30 calendar days. The
OPPT DCO will provide them to the EPA project officer.
The EPA project officer will review the materials and reconcile the
returned materials with the inventory provided by the contractor DCO. The
EPA project officer then transfers the materials to the OPPT DCO with
instructions for appropriate disposition.
G. AUTHORIZING OTHER FEDERAL AGENCIES
FOR ACCESS TO TSCA CBI
EPA regulations (40 CFR part 2) allow disclosure of TSCA CBI to
another Federal agency when the information is necessary for the other agency
(1) to perform work for EPA, (2) to perform its duties under any law for the
protection of health or the environment, or (3) for specific law enforcement
purposes.
1. GENERAL PROCEDURES FOR EPA OFFICES TO DISCLOSE TSCA
CBI TO ANOTHER FEDERAL AGENCY PERFORMING WORK FOR EPA.
When an EPA office is having another Federal agency perform work that
requires access to TSCA CBI, EPA generally takes the initiative in
18
-------�
TSCA CBI Security Manual 7700
1/93
arranging to disclose the information to the other agency. The first step to
arrange disclosure is for the EPA office that is involved to contact the IMD
director.
The IMD director will notify the other agency that (1) the
information that will be disclosed is CBI and was acquired under the authority
of TSCA and that (2) any unauthorized disclosure of the information may
subject the other agency's employees to the criminal penalties in Section 14(d)
of TSCA (see Chapter 5 of this manual).
When EPA discloses TSCA CBI to another agency to perform work
on behalf of EPA, no notice to affected businesses is required. Notice is
required in all other circumstances. The IMD director will notify the agency
performing the work whether access is approved.
a. AGREEMENT NOT TO DISCLOSE TSCA CBI. The agency that will
receive TSCA CBI must provide a written agreement that it will not disclose
TSCA CBI.
b. EXCEPTIONS TO AGREEMENT NOT TO DISCLOSE TSCA CBI. A
Federal agency does not have to provide a written agreement that it will not
disclose TSCA CBI under any one of the following circumstances:
• The agency has statutory authority both to compel production
of the information and to make the proposed disclosure, and it
has furnished affected businesses with at least the same notice
that EPA would provide under EPA's regulations.
• The agency has obtained the consent of each affected business
prior to the proposed disclosure.
• The agency has obtained a written statement from the EPA
general counsel or an EPA regional counsel that disclosure of
the information would be proper under EPA regulations.
c. TSCA CBI ACCESS AT EPA FACILITIES. Once approval for access
has been granted, designated employees of the other Federal agency can obtain
access to specified TSCA CBI on EPA premises. The procedures for
19
-------�
TSCA CBI Security Manual 7700
1/93
individual employees to obtain clearance for TSCA CBI access are explained
in sections A and B of this chapter.
d. TSCA CBI ACCESS AT OTHER FEDERAL AGENCIES. When a Federal
agency is allowed access to TSCA CBI on its premises, the Federal agency
must appoint a facility DCO and must provide a secure environment before
documents will be transferred.
e. HOW TO ASSIGN A DCO. The requesting official or the facility
manager in charge of the facility to which TSCA CBI will be transferred must
nominate a facility DCO and an alternate DCO. The nomination, submitted
in writing to the OPPT DCO, must include the name, telephone number,
electronic mail number, fax number, and mailing address of both nominees.
The OPPT DCO will decide whether to approve the nomination. The
requesting official or the facility DCO can also nominate document control
assistants (DCAs) to assist the DCO in his or her day-to-day duties.
2. PROCEDURES FOR ANOTHER FEDERAL AGENCY TO REQUEST
ACCESS TO TSCA CBI. These procedures must be followed by Federal
agencies that are requesting access to TSCA CBI (1) to perform duties under
any law for the protection of health or the environment or (2) for a specific
law enforcement purpose.
a. SUBMIT A WRITTEN REQUEST. To obtain access to TSCA CBI, a
Federal agency must submit a written request to the IMD director at least one
month before access is needed. The request must state the specific information
to which access is requested, why access is necessary (this is the official
purpose and will be one of the two reasons stated in the preceding paragraph),
and provide supporting details. The request must be signed by an agency
official whose authority is at least equivalent to that of an EPA division
director.
b. AGREEMENT NOT TO DISCLOSE TSCA CBI. The agency that will
receive TSCA CBI must provide a written agreement that it will not disclose
TSCA CBI.
20
-------�
TSCA CBI Security Manual 7700
1/93
c. EXCEPTIONS TO AGREEMENT NOT TO DISCLOSE TSCA CBI. A
Federal agency does not have to provide a written agreement that it will not
disclose TSCA CBI under any one of the following circumstances:
• The agency has statutory authority both to compel production
of the information and to make the proposed disclosure, and it
has furnished affected businesses with at least the same notice
that EPA would provide under EPA's regulations.
• The agency has obtained the consent of each affected business
prior to the proposed disclosure.
• The agency has obtained a written statement from the EPA
general counsel or an EPA regional counsel that disclosure of
the information would be proper under EPA regulations.
d. NOTICE TO AFFECTED BUSINESSES. Before EPA allows another
Federal agency access to TSCA CBI, EPA must provide written notice to
affected businesses except as stated in section G.I above. The notice must be
given at least 10 calendar days before access takes place by Federal Register
notice, telegram, or certified mail (return receipt requested). IMD will
prepare the notice, which must include
• The identity of the agency to which TSCA CBI access is being
allowed.
• The official purpose for the access.
• Whether access is authorized only on EPA premises or also at
the other agency's facilities (see section 3 of this chapter).
• The type of information that will be disclosed.
• The period of time for which access to TSCA CBI is being
authorized.
21
-------�
TSCA CBI Security Manual 7700
1/93
3. ERA'S PROCESS FOR APPROVING TSCA CBI ACCESS FOR
OTHER FEDERAL AGENCIES. The IMD director will review requests for
TSCA CBI access from other Federal agencies and will notify the agencies'
requesting officials whether TSCA CBI access is approved. If access is
approved, the IMD director will notify the other agency that (1) the
information that will be disclosed is CBI and was acquired under the authority
of TSCA, and that (2) any unauthorized disclosure of the information may
subject the other agency's employees to criminal penalties allowed under
Section 14(d) of TSCA.
a. TSCA CBI ACCESS AT EPA FACILITIES. EPA prefers that TSCA
CBI materials remain on EPA premises. When this is not practical. EPA will
consider allowing access at another agency's facility.
Once approval for access has been granted, designated employees of
the other Federal agency can obtain access to specified TSCA CBI on EPA
premises. The procedures for individual employees to obtain clearance for
TSCA CBI access are explained in sections A and B of this chapter.
Employees of other Federal agencies are not allowed to remove from EPA
premises any documents, notes, or correspondence containing TSCA CBI and
must not discuss TSCA CBI with individuals not authorized for TSCA CBI
access.
b. TSCA CBI ACCESS AT OTHER FEDERAL AGENCIES. Before EPA will
grant access at another agency's facility, a facility DCO must be in place. The
requesting official or the facility manager in charge of the facility to which
TSCA CBI will be transferred must nominate a facility DCO and an alternate
DCO. The nomination, submitted in writing to the OPPT DCO, must include
the name, telephone number, electronic mail number, fax number, and mailing
address of both nominees. The OPPT DCO will decide whether to approve
the nomination. The requesting official or the facility DCO can also nominate
document control assistants (DCAs) to assist the DCO in his or her day-to-day
duties. Other provisions that must be in effect are the following:
• The Federal agency must have security procedures and
standards in place that equal or surpass those set forth in this
manual.
22
-------�
TSCA CBI Security Manual 7700
1/93
• EPA's TSCA security staff must inspect and approve the TSCA
CBI storage facilities at the Federal agency. The inspection is
to be arranged by the official requesting TSCA CBI clearance
for his or her agency.
• The Federal agency must appoint a facility DCO before
documents will be transferred.
• The official requesting TSCA CBI access authority for his or
her agency must provide a written statement of the agency's
security procedures for handling TSCA CBI. The statement
should state whether (1) the security procedures in this manual
have been adopted by the agency without change or (2) how the
security procedures being used at the agency differ from those
set forth in this manual. The written statement must be
provided to the TSCA security staff.
4. REQUESTS FOR ACCESS TO TSCA CBI FROM CONGRESS OR
THE GENERAL ACCOUNTING OFFICE. EPA, Federal and contractor
employees must notify the IMD director immediately when they receive a
request from Congress or the General Accounting Office for information that
requires access to TSCA CBI. Pursuant to 40 CFR 2.209, TSCA CBI access
is allowed only when the request is made by the Speaker of the House, the
President of the Senate, a chairman of a committee or subcommittee, or the
Comptroller General. All document access will be provided by the OPPT
DCO, who will record all transactions on a Federal Agency, Congress, and
Federal Court Sign Out Log (Appendix 20).
NOTICE TO AFFECTED BUSINESSES. Before EPA allows access to TSCA
CBI by Congress or the General Accounting Office, EPA must provide written
notice to affected businesses. The notice must be given at least 10 calendar
days before access takes place by Federal Register notice, telegram, or
certified mail (return receipt requested). IMD will prepare the notice, which
must include
• Whether access is authorized only on EPA premises or also at
the other agency's facilities.
23
-------�
TSCA CBI Security Manual 7700
1/93
• The type of information that will be disclosed.
• The period of time for which access to TSCA CBI is being
authorized.
24
-------�
TSCA CBI Security Manual 7700
1/93
CHAPTER 3
RESPONSIBILITIES
A. EMPLOYEE RESPONSIBILITIES
1. EPA HOLDS EMPLOYEES PERSONALLY ACCOUNTABLE FOR
PROTECTING TSCA CBI. Proper protective controls must be followed by
employees of EPA, other Federal agencies, and Federal contractors who have
access to TSCA CBI whenever they handle, store, or transfer any TSCA CBI.
EPA holds every employee who has custody of TSCA CBI personally
responsible for following proper handling and security procedures.
• Each employee who has access to TSCA CBI is required to (a)
immediately inform management if he or she discovers that any
procedure contained in this manual does not provide the proper
level of protection for TSCA CBI and (b) suggest changes that
will strengthen those weaknesses.
• Each employee who has access to TSCA CBI is required to
immediately report in writing any violations of this manual's
procedures to his or her immediate supervisor, the TSCA
security staff, the contractor project officer, and the IMD
director.
Employees who have access to TSCA CBI are
• Accountable for all TSCA CBI documents that they receive
through a DCO or any other employee cleared for TSCA CBI.
• Required to support the programs established by their
management and DCO for protecting and handling TSCA CBI.
• Required to attend an annual security briefing prior to renewing
their TSCA CBI clearance and to stay informed of TSCA CBI
handling controls and security programs.
• Required to complete an annual audit of all TSCA CBI
documents charged out to them through a DCO prior to
25
-------�
TSCA CBI Security Manual 7700
1/93
completing the annual security briefing and to sign the
Document Reconciliation Certification (Appendix 22) after
reconciling the documents listed on the report.
• Required to maintain TSCA CBI in a responsible manner that
will not permit access to the data by anyone who has not been
properly authorized to view TSCA CBI.
2. DOCUMENT AUDIT PROCEDURES. Each year, every employee is
required to account for the hard copy TSCA CBI documents in his or her
possession. This procedure is always the first step of the annual process to
recertify employees for TSCA CBI clearance.
The facility DCO will furnish the employee with a list of documents
that the DCO's manual or automated inventory log shows the employee has in
his or her possession. The employee must certify that the documents are in his
or her possession by signing the certification statement inscribed on the
document list. The employee must contact the facility DCO immediately if he
or she does not have any of the documents on the list.
3. CHECKING OUT TSCA CBI DOCUMENTS. Employees are
permitted to check out TSCA CBI documents from their facility DCO and to
keep the documents for up to a year. However, employees should return
TSCA CBI to the facility DCO as soon as the material is no longer needed.
OVERDUE MATERIALS. TSCA CBI materials cannot be kept for more
than one year. Any material kept longer than a year is considered overdue,
and the facility DCO will notify the responsible employee. Materials that are
not returned to the DCO within 30 days of notification are presumed lost. The
DCO must notify his or her division director of lost materials, pursuant to the
procedures in Chapter 5.
4. DETERMINING WHETHER A DOCUMENT CONTAINS TSCA CBI.
When an employee produces a document, it is that employee's responsibility
to decide whether the document contains TSCA CBI. An employee who is
unable to determine whether something is confidential should consult with his
or her supervisor or DCO. If the issue remains unresolved, the employee
should consult the chief of the IMD TSCA Information Management Branch.
26
-------�
TSCA CBI Security Manual 7700
1/93
5. RECEIPT OF MAIL CONTAINING TSCA CBI MATERIAL. If
employees receive materials in the mail that are believed to be TSCA CBI,
even if they are unlabeled, those materials must be taken immediately to the
facility's DCO for proper entry into the document tracking system.
6. CHALLENGING TSCA CBI CLAIMS DURING AND AFTER
INSPECTIONS. An employee who encounters a TSCA CBI claim that
appears to be invalid should bring the issue to the attention of the proper office
in EPA.
• EPA headquarters employees and Federal employees should
contact IMD's TSCA Information Management Branch, which
routinely conducts program challenges pursuant to CFR 2.204.
• EPA regional employees should contact the Chief, Compliance
Branch, Office of Compliance Monitoring, who will coordinate
the challenge with an attorney from the TSCA Information
Management Branch or the Office of General Counsel.
• Contractor employees should contact IMD's TSCA Information
Management Branch with any questions about TSCA CBI
claims.
a. INFORMAL INQUIRIES. EPA employees are permitted to conduct
informal inquiries concerning TSCA CBI claims consistent with 40 CFR
2.204. When an EPA employee believes it to be appropriate, he or she can
request substantiation of a TSCA CBI claim from a submitter. The request
should be made by letter.
EPA employees, especially compliance inspectors, are encouraged
to obtain guidance from the TSCA Information Management Branch. In
addition, employees are encouraged to become familiar with the substantive
criteria used to determine confidentiality, which are found at 40 CFR 2.208.
b. FORMAL CHALLENGES. The Office of General Counsel is responsible
for making final determinations concerning challenges to TSCA CBI claims,
pursuant to 40 CFR 2.205, with two exceptions. Before acting under these
exceptions, contact attorneys in IMD or the Office of General Counsel for
advice.
27
-------�
TSCA CBI Security Manual 7700
1/93
• The first exception allows an EPA office to take certain actions
if the office determines that the TSCA CBI claim is not entitled
to confidential treatment. The exception is defined in 40 CFR
2.204(d)(2); what is meant by "EPA office" is defined in 40
CFR 2.201(m); and the possible actions are defined in 40 CFR
2.205(f).
• The second exception allows the Office of General Counsel to
delegate its authority to make final determinations concerning
TSCA CBI challenges to any EPA attorney or regional counsel.
c. WHEN CONSIDERING A CHALLENGE. It is incumbent upon those who
challenge TSCA CBI claims to act consistently with all TSCA regulations-
particularly 40 CFR 2.201 through 40 CFR 2.205, 40 CFR 2.208, and 40
CFR 2.306-and relevant Federal Register notices. The validity of a TSCA
CBI claim must be carefully considered before an EPA employee asks a
submitting company to substantiate the claim. IMD and Office of General
Counsel attorneys should be consulted if any questions or problems arise on
TSCA CBI issues or challenges.
B. MANAGER RESPONSIBILITIES
IN GENERAL. All managers who are responsible for programs involving
access to TSCA CBI must ensure that their staff members follow this manual's
procedures and any other directive that deals with protection of TSCA CBI.
Managers must also ensure that
• Adequate personnel are available to carry out the DCO
responsibilities under the manager's supervision.
• Proper physical control measures are implemented in areas
where TSCA CBI is maintained.
• Their project officer, work assignment manager, and delivery
order project officer follow proper TSCA CBI security
procedures while administering contracts.
28
-------�
TSCA CBI Security Manual 7700
1/93
• They meet quarterly with contractor project officers to ensure
that contractor staff are following TSCA CBI security
procedures.
C. DOCUMENT CONTROL OFFICER (DCO) RESPONSIBILITIES
1. IN GENERAL. DCOs manage their facilities' document tracking
systems and oversee the receipt, storage, transfer, and use of TSCA CBI by
employees in their facilities. All facilities that are authorized for access to
TSCA CBI are required to have a facility DCO and an alternate DCO, who
will assume the facility DCO's responsibilities during his or her absence.
Facility DCOs must be approved and trained before TSCA CBI can
be transferred to any facility. The OPPT DCO is responsible for providing
training materials and guidance on appropriate document handling procedures
to all DCOs.
2. THE DCO MAINTAINS A DOCUMENT TRACKING SYSTEM. The
receipt, usage, and transfer of TSCA CBI is tracked through a document
tracking system. All TSCA CBI materials submitted to EPA, and those
produced by Federal and contractor employees (except as described in Chapter
4, section K), are monitored through this system.
The DCO is responsible for his or her facility's document tracking
system. The DCO must ensure that
• All manual or automated logs are properly maintained, updated
and securely stored.
• Document control numbers or unique numerical identifiers are
assigned to the documents requiring them.
• Proper procedures are followed when using TSCA CBI
materials.
The IMD director has approved several manual and automated
tracking systems for use by Federal or contractor DCOs. Use of one of these
29
-------�
TSCA CBI Security Manual 7700
1/93
systems, which are described below, is mandatory. Contact the OPPT DCO
for additional information about these tracking systems.
a. AUTOMATED DOCUMENT TRACKING SYSTEMS. EPA recommends
that DCOs who oversee a high volume of documents and transactions use
automated systems to track documents. These systems allow the DCO to track
a document's movement from the time it is assigned a document control
number or received at EPA until the time it is destroyed or transferred to
another TSCA CBI-cleared facility.
At EPA headquarters, the OPPT DCO uses two automated systems
to track TSCA CBI documents: The Confidential Business Information
Tracking System (CBITS) and the Document and Personnel Security System
(DAPSS). The DCO uses a third automated tracking system, the Automated
Document Tracking System (ADTS), to track documents at field installations.
1) Machine-readable bar codes. CBITS and DAPSS tracking
systems both use a machine-readable bar code to track TSCA
CBI documents. The bar code is affixed to each TSCA CBI
document controlled through the headquarters CBIC. Bar codes
are also affixed to the electronic entry identification cards of
employees with TSCA CBI access authorization. The OPPT
DCO uses these bar codes to verify through CBITS or DAPSS
that employees are authorized for access to TSCA CBI
documents. The OPPT DCO also uses these bar codes to
produce annual audit certification reports for employees'
completion.
2) Backup for automated document tracking systems. When
an automated TSCA CBI document tracking system is used, the
facility DCO must make a backup disk whenever additions,
deletions, or corrections are made to the system. The backup
media is TSCA CBI data and should be protected as such. Any
manual logs that are converted into an automated system must be
retained until an audit by the TSCA security staff verifies the
accuracy of the conversion.
30
-------�
TSCA CBI Security Manual 7700
1/93
EPA also suggests securing a duplicate set of media (document
tracking system) off site to allow for recovery of accountability of
documents charged out, if a disaster such as a flood, fire, or other
natural disaster strikes. Contact the OPPT DCO and the TSCA
security staff for assistance in establishing a program.
3) ADTS extends monitoring capability. ADTS runs on an
IBM-compatible PC and provides automated tracking,
accountability, and records-management capabilities for TSCA
CBI documents stored outside the purview of the OPPT DCO.
ADTS is available from the OPPT DCO.
b. MANUAL TRACKING SYSTEMS. Manual tracking systems are
appropriate for DCOs who are responsible for a low volume of documents and
transactions. Certain EPA forms must be used in implementing a manual
tracking system. These forms establish the minimum tracking and control
requirements for TSCA CBI assigned to facility DCOs. The forms are EPA
Form 7740-10, "Receipt Log for TSCA Confidential Business Information,"
EPA Form 7740-11, "Inventory Log for TSCA Confidential Business
Information," and EPA Form 7740-24, "Federal Agency, Congress, and
Federal Court Sign Out Log" (see Appendices 15, 16, and 20, respectively).
3. THE DCO MAINTAINS THE INVENTORY LOG. Each DCO must
maintain an inventory log for TSCA CBI transactions at his or her facility.
The inventory log must contain the following information:
• The document control number.
• The date on which a document is checked out from the DCO
and the date on which it is returned.
• The identity of the individual checking out the document.
• If the document will be destroyed, the entry in the disposition
block of the log must include the date of destruction and the
identity of the person who will destroy it.
31
-------�
TSCA CBI Security Manual 7700
1/93
• If the requesting employee plans to transfer the document
outside the DCO's jurisdiction, the disposition block of the log
must include the date and destination of the transfer.
4. DELIVERING AND RECEIVING TSCA CBI MATERIALS. All TSCA
CBI materials sent through the mail or by courier must be addressed to and
received by a DCO. TSCA CBI materials that are hand carried to a facility
or generated by employees at the facility must be taken immediately to the
DCO (see Chapter 4).
a. THE DCO MUST REVIEW DOCUMENTS FOR COMPLETENESS. The
DCO must review all materials received to determine whether they appear
complete.
• If the documents do not appear to be complete, the DCO must
immediately contact the submitter to determine whether there
is an omission.
• If the materials appear to be complete, the DCO must stamp
the document as TSCA CBI (Appendix 12). The stamp is
applied to at least the first page (or the cover, if the document
has one) and the back of the last page (or back cover, if the
document has one). The DCO then assigns a document control
number to the document, if one has not already been assigned,
and attaches a TSCA CBI cover sheet (Appendix 13) to the
front of the document. The DCO must write the document
control number on the first page of the document.
b. THE DCO MUST MAINTAIN A RECEIPT LOG. Each document received
by a DCO must be recorded in an automated or manual receipt log (Appendix
15). The DCO must record the following items in the receipt log:
• The document's document control number (if a document
control number has not been assigned, the copy number
assigned by the DCO should be recorded).
• The date on which the document was received by the DCO.
32
-------�
TSCA CBI Security Manual 7700
1/93
• The submitter's name if the document was received directly
from the submitter, the author's name if the document was
generated by a Federal or contractor employee, or the facility
DCO's name if the document was received from another
facility authorized for TSCA CBI access.
• The number of pages contained in the document.
• A brief description of the document (e.g., "an engineering
report on PMN-Y" or "letter from company X on PMN-W").
5. STORAGE OF TSCA CBI MATERIALS. DCOs are responsible for
ensuring that employees at their facilities are storing documents properly. This
manual establishes storage procedures in Chapter 4, section B.
The DCO supervises the storage of TSCA CBI materials in secure
storage containers or in a centralized secure storage area (e.g., the CBIC at
EPA headquarters). The sole exception to this is when completion of an
employee's duties requires that he or she be assigned responsibility for specific
secure storage containers.
6. MAINTAINING RECORDS OF LOCK COMBINATIONS. The facility
DCO must maintain a record of the lock combinations on rooms and containers
in which TSCA CBI materials are stored. The DCO must also store each
combination individually in a sealed envelope. These envelopes should be
opened only in emergencies.
At EPA headquarters, there are a number of facility DCOs. Their
recordkeeping responsibilities break down as follows:
• Each division in OPPT has a DCO who is responsible for
keeping a list of combinations for TSCA CBI storage containers
and rooms controlled by the division.
• The OPPT DCO maintains a list of combinations (1) for
containers and rooms assigned to IMD and (2) for all
containers and rooms in OPPT that don't fall under any specific
division's control.
33
-------�
TSCA CBI Security Manual 7700
1/93
• At EPA headquarters, DCOs in offices other than OPPT
maintain a list of combinations for TSCA CBI storage
containers and rooms controlled by their offices.
• FMSD keeps a master list of combinations for all TSCA CBI
locks at EPA headquarters.
7. CONDITIONS FOR CHANGING LOCK COMBINATIONS. The DCO
is required to change lock combinations (1) every 12 months, (2) each time a
person who knows a combination relinquishes his or her TSCA CBI access
authority, (3) when a container is put into or taken out of operation, and (4)
if there is a known or possible compromise of TSCA CBI data in the
container. At EPA headquarters, DCOs notify FMSD, which changes the
combinations.
8. UPDATING THE TSCA CBI AUTHORIZED ACCESS LIST. Each
DCO bears responsibility for keeping the TSCA CBI authorized access list
current. By the 15th of each month, facility DCOs must notify the OPPT
DCO of any employees within their jurisdictions who should be added or
deleted from the list.
9. THE DCO MONITORS AND CONTROLS WHO OBTAINS TSCA CBI
MATERIALS. The steps for obtaining TSCA CBI materials are described
here.
• The employee requests a specific TSCA CBI document from
his or her DCO.
• The DCO locates the document in the TSCA CBI storage files
or obtains it from a another DCO, employee, contractor, or
submitter.
• The DCO notifies the employee that the document is available.
• When the employee arrives to pick up the document, the DCO
verifies that the requesting employee is authorized for access to
the document.
34
-------�
TSCA CBI Security Manual 7700
1/93
• The DCO logs the document out to the employee using an
automated or manual inventory log.
10. THE DCO MONITORS OVERDUE TSCA CBI MATERIALS. TSCA
CBI materials may not be checked out from a centralized TSCA CBI storage
facility for more than one year. DCOs must monitor the inventory log for
TSCA CBI materials that have not been returned within the one-year period.
The DCO is responsible for notifying employees and their supervisors of
overdue materials. This is done by distributing to the employee and his or her
supervisor a list of all TSCA CBI documents charged out to the employee
before the annual security briefing and TSCA CBI access recertiflcation are
accomplished.
If the employee does not return the overdue materials to the DCO
within 30 days after notification, the DCO must assume the materials cannot
be located. The DCO must notify his or her division director that the materials
are lost, pursuant to the procedures in Chapter 5.
11. THE DCO ASSISTS EMPLOYEES IN DETERMINING WHETHER
DOCUMENTS CONTAIN TSCA CBI AND IN SANITIZING DOCUMENTS
FOR PUBLIC DISCLOSURE. The responsibility for determining whether
documents contain TSCA CBI rests with the document's author (see Chapter
4, section L). The DCO's role is to provide guidance to the author in making
the determination. Employees who are unable to determine whether something
is confidential should consult with their supervisor or DCO. If the issue
remains unresolved, the employee should consult the chief of the IMD TSCA
Information Management Branch. The DCO also instructs document authors
in how to sanitize a TSCA CBI document if the document is going to be
released to the public.
12. THE DCO SUPERVISES THE REPRODUCTION AND
DESTRUCTION OF TSCA CBI MATERIALS. The DCO is responsible for
controlling and documenting the reproduction and destruction of TSCA CBI
materials. TSCA CBI materials can be reproduced or destroyed only by the
DCO or by a DC A assigned to the task by the DCO. In the latter case, the
DCO must supervise the activity. Specific procedures for reproduction and
destruction are set forth in Chapter 4, sections N and O.
35
-------�
TSCA CBI Security Manual 7700
1/93
13. THE DCO CONTROLS THE TRANSFER OF TSCA CBI MATERIALS
BETWEEN FACILITIES. Two procedures exist for transferring TSCA CBI
materials between facilities. The first applies to materials that are already
recorded in the document tracking system. If the document is in an
employee's possession, the employee must first return the document to his or
her facility DCO. The DCO records the date the document is being sent and
the name of the DCO who will receive it in the Inventory Log. The DCO also
inserts a transfer receipt in the second envelope. The transfer receipt identifies
the package's contents. The recipient DCO will sign the transfer receipt and
return it to the sender.
The second procedure applies to new materials that are not recorded
in the document tracking system. In these cases, the document's author must
stamp the document as TSCA CBI and attach a TSCA CBI cover sheet to it.
The author then takes the document to his or her DCO who (1) logs the
document into the receipt log, (2) assigns it a document control number, and
(3) records the date the document is being sent and the name of the DCO who
will receive it.
PACKAGING AND ARRANGING TRANSFER OF TSCA CBI MATERIALS.
Specific information on packaging and arranging transfer of TSCA CBI
materials is provided in Chapter 4, section F.
14. THE DCO ASSISTS EMPLOYEES WITH OBTAINING AND
MAINTAINING TSCA CBI ACCESS AUTHORITY. DCOs are responsible
for assisting employees with their TSCA CBI access authority. Procedures for
this are set forth in Chapter 2.
15. THE DCO IS RESPONSIBLE FOR PERFORMING EMPLOYEE
DOCUMENT AUDITS. When an employee is undergoing TSCA CBI
recertification or is terminating his or her access to TSCA CBI, the DCO must
give the employee a report listing all the documents that the CBITS system,
DAPSS system, and the automated or manual inventory log show as being in
the employee's possession. All of the returned documents must be re-entered
into the collection of records.
36
-------�
TSCA CBI Security Manual 7700
1/93
16. EACH YEAR, THE CONTRACTOR DCO MUST PERFORM AN
INVENTORY OF HARD-COPY TSCA CBI DOCUMENTS. Before July 31
of each year, each contractor DCO must inventory all hard-copy TSCA CBI
materials in the DCO's document tracking system.
• The DCO must compare the TSCA CBI documents in the
receipt log with the transactions listed in the inventory log.
This is accomplished by comparing the document control
numbers.
• The DCO must inventory the documents in his or her
possession. These documents are listed in the receipt log, but
not in the inventory log.
• The DCO must review the status (e.g., destroyed or transferred
outside the DCO's facility) and location (e.g., checked out to
an employee) of materials listed in the inventory log.
• The DCO must locate any documents that have been checked
out for more than one year.
• The DCO must review the status of documents indicated in the
inventory log as having been destroyed.
• Prior to October 1 of each year, the DCO must submit a
written inventory to his supervisor. By October 1, the
supervisor must submit the report to the TSCA security staff.
NOTE: The procedures in Chapter 5 must be followed if there are any TSCA
CBI materials that cannot be located.
17. WHEN DCOS TERMINATE THEIR EMPLOYMENT OR RELINQUISH
THEIR DCO RESPONSIBILITIES. The procedure that must be followed
when DCOs terminate their employment or relinquish DCO responsibilities is
the same for DCOs at EPA headquarters, regional offices, other Federal
agencies and contractor facilities.
37
-------�
TSCA CBI Security Manual 7700
1/93
TSCA CBI MATERIALS MUST BE INVENTORIED. The outgoing DCO and
the incoming DCO must jointly perform an inventory of TSCA CBI materials
in the outgoing DCO's collection of records. Both parties must certify the
inventory before the outgoing DCO departs. The incoming DCO should retain
a copy of the inventory for audit purposes and forward a copy to the OPPT
DCO. If any TSCA CBI materials cannot be located during the audit, the
incoming DCO must follow the procedures in Chapter 5.
38
-------�
TSCA CBI Security Manual 7700
1/93
CHAPTER 4
PROCEDURES FOR USING AND
PROTECTING TSCA CBI MATERIALS
All procedures discussed in this chapter apply to employees of EPA,
other Federal agencies, and contractors, unless otherwise specified.
A. MARKING MATERIALS AS TSCA CBI
1. TSCA CBI COVER SHEETS MUST BE PLACED ON MATERIALS.
A TSCA CBI cover sheet, EPA Form 7740-9 (Appendix 13), must be affixed
to all TSCA CBI materials. Magnetic media are the sole exception to this
rule.
2. TSCA CBI INDICIA MUST BE STAMPED ON MATERIALS. TSCA
CBI materials must be marked with a stamp that identifies the materials as
TSCA CBI (Appendix 12). The author of the materials is responsible for
stamping the document. The stamp must be placed on the front of the first
page (or on the cover, if the document has one) and on the back of the last
page (or back cover, if the document has one). The author may choose to
stamp additional pages of the document. If the document is a copy or is
received from outside EPA, the DCO is responsible for stamping the
document.
B. PROCEDURES FOR USING TSCA CBI DOCUMENTS
INSIDE OR OUTSIDE OF SECURE STORAGE AREAS
1. EMPLOYEE RESPONSIBILITIES, IN GENERAL. Employees using
TSCA CBI are responsible for ensuring that no unauthorized disclosure of that
information occurs. One way of ensuring this is for employees to use TSCA
CBI only in secure storage areas (described below). If employees take TSCA
CBI outside of the secure storage areas, they must (1) maintain constant
control over the TSCA CBI documents in their possession, (2) return the
TSCA CBI documents to the DCO, or (3) store the documents in a TSCA
CBI-approved storage container.
39
-------�
TSCA CBI Security Manual 7700
1/93
2. PROCEDURES FOR USING TSCA CBI DOCUMENTS OUTSIDE OF
SECURE STORAGE AREAS. Employees who are using TSCA CBI
documents outside of secure storage areas must never leave the documents
where people not authorized for TSCA CBI access might gain access to them.
When a TSCA CBI document that is in an employee's possession is not in use,
the employee must place the document in an approved storage container.
a. TWO TYPES OF CONTAINERS ARE APPROVED. Two types of
containers are approved for TSCA CBI storage:
• Metal file cabinets with locking bars and three-way changeable
combination locks.
• GSA-approved Class 6 security containers.
b. OPEN/CLOSE SIGNS. The employee must affix a magnetic open/close
sign to each container so the status of the security container is visible at all
times. The employee must place the "open" sign on a container when it is
opened and the "close" sign on a container when it is closed.
If the container has multiple drawers with separate combinations,
each drawer must have an open/close sign affixed to it, to show the individual
condition of each drawer. The facility DCO is responsible for reviewing all
containers under his or her purview to ensure that the proper sign is affixed
to them.
C. MORE THAN ONE PERSON CAN USE A STORAGE CONTAINER. A
storage container may be used by more than one person to store TSCA CBI
materials. In these cases, each person using the storage container must be
authorized for access to all types of TSCA CBI stored in the container. Each
person should be assigned a separate storage space within the storage container
and is responsible for any TSCA CBI that he or she stores there.
3. PROCEDURES FOR USING TSCA CBI DOCUMENTS INSIDE
SECURE STORAGE AREAS. Facilities in which a large volume of TSCA
CBI is used contain a secure storage area. For example, at EPA headquarters,
the CBIC is a secure storage area. Secure storage areas are used as TSCA
CBI work areas, storage areas for TSCA CBI, or both. Only employees who
40
-------�
TSCA CBI Security Manual 7700
1/93
are authorized for access to TSCA CBI are allowed to enter secure storage
areas. When an employee is working in a secure storage area, it is
recommended that TSCA CBI be stored in an approved container while not in
use, but it is not required. The TSCA security staff is required to maintain a
record of the locations of all TSCA CBI secure storage areas.
TSCA CBI-CLEARED EMPLOYEES MUST ACCOMPANY UNAUTHORIZED
PERSONS INSIDE SECURE STORAGE AREAS. If persons not authorized for access
to TSCA CBI must enter a secure storage area for any reason, they must sign
a visitor's log and be accompanied by a TSCA CBI-cleared employee.
C. HOW TO OBTAIN APPROVAL
FOR ESTABLISHING A SECURE STORAGE AREA
The IMD director can designate secure storage areas in EPA facilities,
other Federal facilities, or contractor facilities when the volume and frequency
of TSCA CBI use justifies it. The steps to obtaining approval for a secure
storage area are:
1. The facility DCO establishes a secure storage area that meets the security
requirements established in this manual.
2. The facility DCO writes a memorandum to the IMD director asking that
the TSCA security staff inspect the secure storage area and that it be
approved for use. The memorandum is submitted to the DCO's division
director, who sends it to the IMD director.
3. The TSCA security staff inspects the secure storage area. The staff will
require security improvements if needed.
4. After the TSCA security staff approves the secure storage area, the
facility DCO must designate an employee to assume responsibility for the
secured area. This employee is usually the DCO or a DCA. This
employee's responsibilities include monitoring the area to ensure that only
employees authorized for TSCA CBI access have access to it and
ensuring that the devices that secure the area are operating properly.
5. If the secured area functions as a centralized storage area, the facility
DCO will maintain the document tracking system for the materials stored
in the area.
41
-------�
TSCA CBI Security Manual 7700
1/93
D. SECURING AN AREA
SECURE STORAGE AREA REQUIREMENTS. Secure storage areas must
be secured by (1) a pin tumbler lock, (2) an intrusion alarm, and (3) an
electronic card entry system or a changeable push-button door lock.
1. MAINTAINING SECURITY OF LOCK COMBINATIONS. DCOs are
responsible for controlling access to lock combinations (see Chapter 3, section
C.6). DCOs are allowed to disclose combinations only to employees with
TSCA CBI access authorization and a need to review the TSCA CBI materials
stored in the containers or rooms.
2. ELECTRONIC CARD KEYS CAN BE USED TO ACCESS SECURE STORAGE
AREAS. Card keys are often used to ingress secure storage areas. The DCO
can issue card keys to employees with TSCA CBI access authorization and a
need to review the TSCA CBI materials in the secure storage area.
• Employees must use their card keys each time they enter the
secure area, even if they enter the room at the same time as
others. They are prohibited from loaning their card keys to
other employees.
• If an employee needs to enter the secure storage area and does
not have a card key or does not have it with him or her, the
DCO or DCA must determine whether the individual is
authorized for access to TSCA CBI. To do this, the DCO
consults the TSCA CBI authorized access list. If the employee
is authorized for access, the DCO must require the employee
to sign a visitors' log (Appendix 14) before entry. The DCO
must retain all visitors' logs for future reference.
• A person who is not authorized for access to TSCA CBI may
gain entry to a secure storage area after he or she signs the
visitors' log.
Unauthorized persons must be escorted at all times by someone who
has TSCA CBI access authorization while in the secure storage area.
42
-------�
TSCA CBI Security Manual 7700
1/93
E. PROCEDURES FOR OBTAINING TSCA CBI
An employee who is authorized for access to TSCA CBI can obtain a TSCA
CBI document
• From the CBIC or other centralized storage facility by
contacting the DCO.
• From another employee within the same facility.
• From another facility through the DCO.
1. HOW TO OBTAIN TSCA CBI FROM THE CBIC OR OTHER
CENTRALIZED STORAGE FACILITY. An employee who wants to obtain
TSCA CBI materials from the CBIC or other centralized TSCA CBI storage
facilities must do so through his or her DCO. The DCO will verify that the
employee is authorized for access to TSCA CBI, and will then retrieve the re-
quested documents from the storage facility and log them out to the requestor
through the facility's document tracking system. TSCA CBI documents can
be kept for up to one year. However, employees are encouraged to return
documents as soon as they are no longer needed.
a. SAFEGUARDING TSCA CBI DOCUMENTS. Employees must safeguard
all TSCA CBI documents in their possession. To meet this mandate, they are
required to (1) return the TSCA CBI documents to the centralized storage
facility at the end of each day, (2) store the TSCA CBI documents in an
approved storage container, or (3) work and maintain the documents in a
secure storage area.
b. OBTAINING A RECEIPT FOR RETURNED DOCUMENTS. When returning
TSCA CBI documents, an employee can prepare a receipt for the DCO to sign
and return to the employee or to the employee's designee. These receipts can
smooth the reconciliation of document records that is required during the
annual audit prior to TSCA CBI recertification.
c. TRANSFERRING TSCA CBI MATERIALS BETWEEN A DCO AND
PEOPLE UNDER HIS OR HER SUPERVISION IN A CENTRALIZED SECURE STORAGE
AREA. Transfers inside a secure storage area between a DCO and anyone
43
-------�
TSCA CBI Security Manual 7700
1/93
whom he or she supervises are exempt from document transfer logging and
loan receipt requirements.
2. HOW TO OBTAIN TSCA CBI FROM ANOTHER EMPLOYEE
WITHIN THE SAME FACILITY. Employees who want to obtain a TSCA
CBI document from its author or owner located in the same facility can request
the documents directly. The author or owner must verify that the intended
recipient is authorized for access to TSCA CBI. To verify TSCA CBI access,
the author or owner should consult the TSCA CBI authorized access list,
which is available from the facility DCO. The author or owner can transfer
the materials by hand delivery or through his or her facility DCO. Materials
that are delivered by hand must be given directly to the recipient. Inter-office
mail must never be used for such transfers. TSCA CBI materials must
never be left unattended in an in-box or on the recipient's desk.
NOTE: Contractor employees are restricted to transferring TSCA CBI
documents through their facility DCOs.
KEEPING RECORDS ON TRANSFERS. If the transfer was made through the
facility DCO, the DCO will record the transfer in the document tracking
system. If the transfer was made by hand delivery, the owner or author of the
transferred document can choose to obtain a signed loan receipt indicating that
the transfer was completed (Appendix 17). These loan receipts should be
retained until the documents are returned. If a document is transferred and no
loan receipt is obtained, the owner or author of the document will be held
responsible and accountable for the document.
Transfers between DCOs for different organizations within the same
facility, e.g., transfers from the OPPT DCO to an OPPT division DCO, must
be recorded in the document tracking system.
44
-------�
TSCA CBI Security Manual 7700
1/93
F. PROCEDURES FOR TRANSFERRING TSCA CBI
TO AN EMPLOYEE AT ANOTHER FACILITY
1. IN GENERAL. TSCA CBI materials can be transferred to an employee
at another facility as long as that employee is authorized for access to TSCA
CBI. Transfers of TSCA CBI materials must be conducted through facility
DCOs, in accordance with the procedures set forth below. This ensures that
the materials are properly logged out by the DCO. Before any TSCA CBI
materials may be transferred to another facility, the facility DCO must notify
the receiving DCO that the materials will be sent.
2. PROCEDURES FOR TRANSFERRING TSCA CBI MATERIALS.
TSCA CBI materials can be transferred to an employee at another facility in
one of four ways:
• The DCO can send the materials certified mail through the
U.S. Postal Service, return receipt requested.
• The DCO can appoint a TSCA CBI-cleared employee to deliver
the materials directly to the facility DCO.
• The DCO can arrange delivery by a courier or by the U.S.
Postal Service Express Mail when approved by the immediate
supervisor.
• The DCO can transfer the materials via facsimile (see section
G of this chapter).
a. PROCEDURES FOR SENDING OR RECEIVING TSCA CBI MATERIALS
THROUGH THE U.S. POSTAL SERVICE. An employee who wants to mail TSCA
CBI material to an EPA or Federal employee must provide the material to his
or her DCO. The exception to this is that OPPT employees who are mailing
TSCA CBI material to a contractor employee must work through the OPPT
DCO. The DCO will send the TSCA CBI material certified mail, return
receipt requested. Regular first class mail must never be used to transfer
TSCA CBI.
45
-------�
TSCA CBI Security Manual 7700
1/93
1) TSCA CBI materials must be double-wrapped. The DCO
must double-wrap TSCA CBI that will be delivered by the U.S.
Postal Service. The DCO must label the inner wrapping with the
recipient DCO's name and the statement, "TSCA Confidential
Business Information ~ To Be Opened by Addressee Only." The
DCO must label the outer wrapper with the name and address of
the recipient DCO and a return address. The outer wrapper
should be free of any indications that the package contains TSCA
CBI.
2) Receipt of contents. Inside the inner envelope, the DCO must
include a receipt identifying the contents of the package. The
recipient DCO will sign the receipt of contents and return it to
the sender.
b. PROCEDURES FOR HAND DELIVERY OF TSCA CBI MATERIALS.
TSCA CBI material must be provided to the DCO for proper logging before
a TSCA CBI-cleared person is permitted to hand carry the material to its
destination. The person carrying the materials must protect it at all times in
accordance with the security procedures for transferring TSCA CBI as set
forth in this chapter.
c. PROCEDURES FOR TRANSMITTING TSCA CBI MATERIALS BY COURIER
OR U.S. POSTAL SERVICE EXPRESS MAIL. With the approval of an
employee's requesting official, the DCO can use a courier service or the U.S.
Postal Service Express Mail to transfer TSCA CBI materials. The general
guideline for use of these services is that time must be of the essence. Unlike
certified mail, neither of these services requires each person handling the
package to sign for it as it changes hands.
• TSCA CBI materials must be double-wrapped. The DCO
must double-wrap TSCA CBI that will be delivered by a
courier service or by the U.S. Postal Service. The DCO must
label the inner wrapping with the recipient DCO's name and
the statement, "TSCA Confidential Business Information — To
Be Opened by Addressee Only." The DCO must label the
outer wrapper with the name and address of the recipient DCO
46
-------�
TSCA CBI Security Manual 7700
1/93
and a return address. The outer wrapper should be free of any
indications that the package contains TSCA CBI.
• Receipts are necessary. Inside the inner envelope, the DCO
must include a receipt identifying the contents of the package.
The recipient DCO will sign the receipt and send it back to the
sender to verify receipt and contents. The DCO must also
obtain a receipt from the courier service employee who picks
up the package. All receipts should be retained by the sending
DCO for auditing.
G. PROCEDURES FOR RECEIVING AND SENDING FACSIMILES
(FAXES) THAT CONTAIN TSCA CBI
1. PROCEDURES FOR SENDING OR RECEIVING FAXES BETWEEN
EMPLOYEES AUTHORIZED FOR ACCESS TO TSCA CBI. The following
security transmission provisions must be followed when transmitting any
TSCA CBI by facsimile equipment:
• Only a DCO or DCA is permitted to send a fax containing
TSCA CBI, and only a DCO or DCA is permitted to receive
the transmission.
• Before a DCO or DCA sends a fax containing TSCA CBI to
another DCO or DCA, the sender must verify the employee's
access authority by consulting the TSCA CBI authorized access
list.
• During transmission, the DCOs sending and receiving the
document must completely control the fax machine. They must
ensure that no one who is not cleared for TSCA CBI views the
document.
• Fax machines that contain internal memory are not authorized
for transmission of TSCA CBI between EPA, its contractors,
and other Federal agencies.
47
-------�
TSCA CBI Security Manual 7700
1/93
• Transmission of TSCA CBI is restricted to individually-
controlled fax machines. Fax machines located inside secure
storage areas are preferred. Central fax receiving centers are
not authorized to receive TSCA CBI.
• The DCO sending the fax is responsible for ensuring that the
number dialed is correct by verifying the number on the fax
transmission confirmation receipt. He or she must attach the
receipt to the document that was faxed and place the document
in the official document file.
2. WHEN INDUSTRY OFFICIALS OR INDUSTRY SUBMITTERS
REQUEST THAT TSCA CBI BE FAXED TO THEM. Employees of EPA
and of EPA contractors who are cleared for TSCA CBI can transmit TSCA
CBI documents to industry officials or submitters. Prior to transmission, the
employee must verify that the recipient is authorized to receive a company's
TSCA CBI. This can be done by checking the premanufacture notice (PMN)
technical contact block or other written documentation.
The employee must notify the recipient prior to transmission that the
confidentiality of the fax transmission cannot be guaranteed, that EPA's trans-
mission lines are not secure, and that the message will not be scrambled by
encryption equipment.
The employee sending the fax must completely control the fax
machine and ensure that the transmission is not viewed by anyone not cleared
for TSCA CBI. The sender must confirm that the fax transmission was
completed successfully by obtaining the fax transmission confirmation receipt
and attaching it to EPA Form 7740-12, "Memorandum of TSCA CBI
Telephone Conversation" (Appendix 19). The employee must send all of these
documents to the facility DCO for the official document file.
3. WHEN AN INDUSTRY OFFICIAL OR INDUSTRY SUBMITTER
ASKS TO FAX TSCA CBI TO EPA. When someone external to EPA wants
to send TSCA CBI via fax transmission, he or she must be notified that EPA
can not guarantee the confidentiality of the transmission. At or prior to
transmission, the employee who will receive the transmission must notify the
sender that EPA's transmission lines are not secure and that no encryption
48
-------�
TSCA CBI Security Manual 7700
1/93
equipment will be used to scramble the message. Immediately upon receiving
the fax, the employee must provide it to the facility DCO for entry into the
receipt log.
H. DISCUSSING TSCA CBI ON THE TELEPHONE
1. TELEPHONE CALLS WITH EMPLOYEES AUTHORIZED FOR TSCA
CBI ACCESS. Federal employees and contractor employees with TSCA CBI
access authority are allowed to discuss TSCA CBI on the telephone with other
Federal employees or contractor employees with TSCA CBI access authority.
Both parties to a telephone call are responsible for verifying that the other is
authorized for TSCA CBI access. To do so, the employees should consult the
TSCA CBI authorized access list. The individual who initiates a discussion
that includes TSCA CBI must indicate that the conversation involves TSCA
CBI.
2. TELEPHONE CALLS WITH SUBMITTERS. Federal and contractor
employees with TSCA CBI access authority are allowed to discuss TSCA CBI
on the telephone with a submitter employee when all of the following
conditions are met:
• The Federal or contractor employee must verify that the
submitter employee is authorized by his or her company to
discuss TSCA CBI. This can be done by checking the PMN
technical contact block or other written documentation.
• The Federal or contractor employee must verify the identity of
the submitter employee to whom he or she is speaking.
• The Federal or contractor employee must inform the submitter
employee that the telephone lines are not secured.
• The Federal or contractor employee must verify that all Federal
and contractor employees on the line are cleared for TSCA CBI
access and relay that information to the submitter employee.
49
-------�
TSCA CBI Security Manual 7700
1/93
• The Federal or contractor employee must state to the submitter
employee that discussion of TSCA CBI with a TSCA CBI-
cleared Federal or contractor employee on the telephone does
not constitute a waiver of any claim of confidentiality.
• The Federal or contractor employee must inform the submitter
employee that any further information provided in the telephone
conversation can be claimed as confidential.
TELEPHONE LOGS. Federal and contractor employees must keep a
telephone log of all phone calls with submitters. The phone log must be kept
on EPA Form 7740-12, "Memorandum of TSCA CBI Telephone Conversation
(Appendix 19). After every conversation with a submitter, Federal and
contractor employees must provide their telephone logs to the DCO, who will
log them into the document tracking system. All headquarters telephone logs
for individual TSCA CBI materials must be inserted into the CBIC's official
file for PMN chemicals and existing chemicals.
I. ELECTRONIC MAIL CANNOT BE USED TO TRANSMIT
TSCA CBI
Use of the EPA electronic mail system or any other electronic mail
system to transmit TSCA CBI information is not authorized.
J. USE OF TSCA CBI AT TELE-VIDEO CONFERENCES
TSCA CBI can be displayed and discussed during tele-video
conferences conducted between EPA headquarters and EPA regional offices.
The employee who arranges or schedules the tele-video conference is
responsible for ensuring that all TSCA CBI security procedures are followed
during the conference. These procedures include the following:
• The employee must verify that everyone who attends the tele-
video conference is cleared for TSCA CBI.
• The employee must ensure that both conference rooms are
secured to prevent unauthorized persons from entering the
conference rooms during the tele-video conference.
50
-------�
TSCA CBI Security Manual 7700
1/93
• The employee must arrange for use of compressed video
encryption during transmission, if it is available. For
information about tele-video encryption, contact the Security
Officer of the EPA National Data Processing Division;
telephone (919) 541-4013.
K. PROCEDURES FOR HANDLING DOCUMENTS AND
OTHER MATERIALS PRODUCED BY EMPLOYEES USING
TSCA CBI DOCUMENTS
1. NEW TSCA CBI DOCUMENTS. Documents and other materials produ-
ced by Federal and contractor employees using TSCA CBI documents
frequently contain TSCA CBI themselves. If a newly created document
contains TSCA CBI data, the document's author must stamp it as TSCA CBI,
cover it with a TSCA CBI cover sheet (EPA Form 7740-9), and take it to the
facility DCO to be logged into the document tracking system at the employee's
facility. Personal working papers are sometimes exempt from the logging
requirement (see subsection 3 of this section). The DCO will assign the new
TSCA CBI document a document control number, which must be written on
front of the TSCA CBI cover sheet (EPA Form 7740-9) and on the front of the
first page of the document. The DCO will then enter the document into the
receipt log and log the document out or retain it for storage.
2. NEW NON-CONFIDENTIAL DOCUMENTS. An employee who plans
to produce a non-confidential document by aggregating TSCA CBI must
arrange for the chief of IMD's TSCA Information Management Branch to
review the document. The employee should contact the chief at least 10
working days prior to release of the document. It is the responsibility of the
TSCA Information Management Branch chief to ensure that the application of
the aggregating techniques maintains the confidentiality of the TSCA CBI data
sources. (For more information, see section L of this chapter.)
3. PERSONAL WORKING PAPERS. The notes, outlines, and initial drafts
belonging to an employee who is working with TSCA CBI are considered his
or her personal working papers. As long as these papers remain in the
employee's possession, they are exempt from logging requirements. When an
51
-------�
TSCA CBI Security Manual 7700
1/93
employee transfers his or her personal working papers to another employee,
however, certain security procedures must be followed.
a. TRANSFERRING PERSONAL WORKING PAPERS TO ANOTHER EMPLOYEE.
Before allowing another employee within the same facility to review a
document that is a personal working paper, the author must take the document
to his or her facility DCO. The DCO will assign a document control number
to the document and log it into the document tracking system. Once the
document has been logged into the system, the author can transfer it by hand
delivery or through the DCO. A document that is delivered by hand must be
given directly to the recipient. Inter-office mail must never be used for such
transfers. TSCA CBI materials must not be left unattended in an in-box or
on the recipient's desk.
NOTE: Contractor employees are restricted to transferring TSCA CBI
documents through their facility DCOs.
b. KEEPING RECORDS ON TRANSFERS. If the transfer was made through
the facility DCO, the DCO will record the transfer in the document tracking
system. If the transfer was made by hand delivery, the owner or author of the
transferred document can choose to obtain a signed loan receipt (Appendix 17)
indicating that the transfer was completed. These loan receipts should be
retained until the documents are returned. If a document is transferred and no
loan receipt is obtained, the owner or author of the document will be held
responsible and accountable for the document.
c. TRANSFERRING PERSONAL WORKING PAPERS TO A TYPIST. A
document can be provided to a typist without being logged into the document
tracking system if the typist is in the author's division or equivalent office and
is authorized for access to TSCA CBI. When the typist completes the job, he
or she must return the typed and the original document to the author.
If the author sends the document to a typist outside of his or her
division, the transfer must be logged into the document tracking system by the
facility DCO. If the typist sends the document to anyone other than the
author, the transfer must be logged into the document tracking system by the
facility DCO.
52
-------�
TSCA CBI Security Manual 7700
1/93
• The author must keep a record of transfers to typists until all
personal working papers and TSCA CBI materials transferred
are returned.
• All the materials used in typing documents containing TSCA
CBI, including word processing disks, ribbons, carbons, and
waste paper, must be treated as TSCA CBI. TSCA CBI
procedures must be used to store these materials and to destroy
them.
d. PROCEDURES FOR STORING PERSONAL WORKING PAPERS. Personal
working papers must be stamped as TSCA CBI, covered with a TSCA CBI
cover sheet (EPA Form 7740-9), and otherwise used, stored, and handled like
any other TSCA CBI document. The exception to this is that personal
working papers are exempt from logging requirements as long as they remain
in the possession of their author.
e. PROCEDURES FOR DESTROYING PERSONAL WORKING PAPERS. The
author of a personal working paper is authorized to destroy such TSCA CBI
documents that have never been assigned a document control number. The
procedures for destroying TSCA CBI are discussed in section O of this
chapter.
L. CREATING NON-CONFIDENTIAL MATERIALS
FROM TSCA CBI DOCUMENTS
1. IN GENERAL. The responsibility for determining whether documents
contain TSCA CBI rests with the document's author. Until the determination
is made, the author must treat materials produced from TSCA CBI documents
as TSCA CBI.
2. NON-CONFIDENTIAL DOCUMENTS. Documents that meet any of the
following conditions may be non-confidential:
• TSCA CBI data.are not included in a new document or are
deleted from an existing document.
53
-------�
TSCA CBI Security Manual 7700
1/93
• TSCA CBI data are replaced with non-confidential data or
descriptive terms (masked or aggregated data).
• The data or terms used are derived from TSCA CBI data but
are not themselves confidential.
• The submitting company has dropped its claim of confidenti-
ality for the information in the document or EPA has
determined that the claim is not valid.
a. WHEN TSCA CBI DATA ARE REPLACED WITH NON-CONFIDENTIAL
DATA OR DESCRIPTIVE TERMS. An employee who plans to produce a non-
confidential document by aggregating TSCA CBI must arrange for the chief
of IMD's TSCA Information Management Branch to review the document.
The employee should contact the chief 10 working days prior to release of the
document. It is the responsibility of the TSCA Information Management
Branch chief to ensure that the aggregating techniques maintain the
confidentiality of the TSCA CBI data sources.
b. WHEN A SUBMITTING COMPANY DROPS ITS CLAIM OF
CONFIDENTIALITY. When a company drops its claim that information submitted
to EPA is TSCA CBI, documents containing that information can be made
available to the public. Before making a document publicly available, the
document's author or his or her facility DCO must obtain a written statement
from the company that the claim has been dropped and the document must be
declassified (see section M of this chapter).
M. PROCESS FOR DECLASSIFYING TSCA CBI MATERIALS
HOW TO DECLASSIFY TSCA CBI MATERIALS. The process for
declassifying TSCA CBI materials consists of five steps:
1. The employee determines that materials are no longer confidential.
2. The employee brings the materials to his or her DCO and presents
the DCO with evidence that they contain no TSCA CBI. If the employee has
determined from studying a document that it contains no TSCA CBI, he or she
54
-------�
TSCA CBI Security Manual 7700
1/93
must provide a written explanation to the DCO. If the submitting company
has dropped its TSCA CBI claim, the employee should present the DCO with
the submitter's written relinquishment of the claim. Disputes about whether
a document contains TSCA CBI should be brought to the chief of IMD's
TSCA Information Management Branch for resolution.
3. After being presented with evidence that a document contains no
TSCA CBI, the DCO must cross out all TSCA CBI markings on the document
and remove the document cover sheet.
4. The DCO must inscribe the document with the statement "Contains
no TSCA CBI," sign the document, and date it.
5. The DCO must log the document out of the document tracking
system. In the disposition box on the inventory log, the DCO must enter that
the document contains no TSCA CBI.
N. REPRODUCTION OF TSCA CBI MATERIALS
1. IN GENERAL. Only a DCO or an employee acting under the supervision
of a DCO are allowed to photocopy TSCA CBI materials. Photocopying of
TSCA CBI materials should be limited to the maximum extent possible.
TSCA CBI materials can be reproduced only at copying machines located in
secure storage areas or in non-secure locations that the TSCA security staff has
approved for TSCA CBI duplication.
2. EMPLOYEE'S ROLE. Employees are permitted to photocopy their
personal working papers and documents for use at meetings (see section P of
this chapter). In all other cases, employees must present the materials they
want photocopied to the DCO or DCA. The DCO or DCA will photocopy the
materials for the employee.
3. DCO RESPONSIBILITIES. The DCO is responsible for photocopying
materials for employees or appointing the DCA to do so. The DCO is
responsible for obtaining the TSCA security staffs approval for any
non-secure TSCA CBI photocopy locations at the DCO's facilities. The DCO
is responsible for destroying excess or unusable copies (see section O of this
chapter).
55
-------�
TSCA CBI Security Manual 7700
1/93
a. CONTROL OF COPIES. The DCO is responsible for the control of all
copies of a TSCA CBI document. The cover sheet on the original must not
be copied for use with the copy. The copies must be stamped by the DCO as
TSCA CBI and covered with a TSCA CBI cover sheet (EPA Form 7740-9).
The DCO must log the copies into the document tracking system and
assign document control numbers or copy numbers to the copies. The copies
should be marked with the same document control number as the original and
with a copy number, e.g., 1 of 3, 2 of 3, 3 of 3, etc. The exception to this
are personal working papers that are being photocopied for use in a meeting.
(Personal working papers are discussed in section K of this chapter.)
b. DISTRIBUTING COPIES TO OTHER EMPLOYEES. Two options exist for
distributing copies of TSCA CBI documents to other employees. The first
option is that the DCO will log each copy out to the individual who is
receiving it. The second option is that the DCO will log all of the copies out
to the originator; the originator then loans the copies to other employees and
obtains signed loan receipts (Appendix 17) indicating that the transfers were
completed. These loan receipts should be retained until the documents are
returned. If a document is transferred and no loan receipt is obtained, the
owner or author of the document will be held responsible and accountable for
the document.
c. AUTHORIZING USE OF OTHER PHOTOCOPYING MACHINES WHEN
MACHINES IN SECURE LOCATIONS BREAK DOWN. The DCO can authorize the
photocopying of TSCA CBI materials at machines outside of secure locations
if all machines in locations approved for duplicating TSCA CBI materials are
inoperable. During the photocopying of TSCA CBI materials, the non-secured
machine must be dedicated to the task, and the DCO or DCA must directly
supervise the machine. Only employees with TSCA CBI access may be
present while TSCA CBI materials are being photocopied. After copying is
finished, the operator must pass three blank copies through the machine to
ensure that any impressions on the image surfaces of the machine have been
erased.
If a machine in a non-secure location malfunctions while TSCA CBI
materials are being copied, the facility DCO must ensure that the machine is
directly supervised by an employee with TSCA CBI access until it is repaired
56
-------�
TSCA CBI Security Manual 7700
1/93
or that an employee with TSCA CBI access inspects the machine's paper path
and image surfaces to retrieve any materials containing TSCA CBI that are
caught in the machine.
O. PROCEDURES FOR DESTROYING TSCA CBI MATERIALS.
1. IN GENERAL. The procedures for destruction of TSCA CBI materials
apply to all materials containing TSCA CBI, e.g., draft documents, telephone
records, typewriter ribbons, computer printouts, diskettes, tapes, microfiche,
and any other TSCA CBI materials logged into a document tracking system.
The procedures do not apply to personal working papers that are in the
possession of their author.
2. WHO IS PERMITTED TO DESTROY TSCA CBI MATERIALS.
a. EPA AND FEDERAL EMPLOYEES. Only the facility DCO or OPPT
DCO is permitted to destroy TSCA CBI materials. Federal employees wishing
to have TSCA CBI materials destroyed must take them to their facility's DCO.
b. CONTRACTOR EMPLOYEES. Contractor DCOs are allowed to destroy
TSCA CBI materials after obtaining written permission from their EPA project
officer.
3. DESTRUCTION METHODS. TSCA CBI materials such as papers,
documents, or printouts must be shredded. All other materials, including
microfiche, typewriter ribbons, and magnetic media must be burned,
degaussed, or chemically destroyed. If EPA regional and field office DCOs
are unable to meet these requirements for destruction of microfiche, magnetic
media, and typewriter ribbons, they must send their materials to EPA
headquarters for destruction. The procedures for delivery of TSCA CBI
materials by certified mail, by Express Mail or by courier should be followed
(see section F of this chapter). The materials should be addressed to OPPT
DCO; attention TSCA Security Staff.
4. DOCUMENTING DESTRUCTION. The destruction of a TSCA CBI
document that has been entered into the document tracking system must be
documented. The DCO must enter information about the destruction of the
document into the receipt log and the inventory log (Appendices 15 and 16).
57
-------�
TSCA CBI Security Manual 7700
1/93
(At one time, the DCO was required to keep a destruction log, but that
requirement has been dropped.)
The TSCA CBI cover sheets in use prior to the effective date of this
manual must be inscribed by the DCO with (1) the destruction date, (2) the
location at which the document is destroyed, and (3) the DCO's name. The
TSCA CBI cover sheets must then be placed in the appropriate file for storage
(e.g., at EPA headquarters a cover sheet should be placed in the CBIC file for
that document). The process does not apply to the new TSCA CBI cover
sheets that have become effective with publication of this manual.
P. USE OR DISCUSSION OF TSCA CBI DURING MEETINGS
1. WHAT IS CONSIDERED A MEETING? The procedures discussed here
apply to scheduled gatherings of five or more people at which TSCA CBI is
discussed. The procedures do not apply to informal discussions between a
supervisor and an employee or between fewer than five employees working on
a matter concerning TSCA CBI.
2. PROCEDURES FOR CIRCULATING DOCUMENT COPIES AT A
MEETING.
a. PERSONAL WORKING PAPERS. The author of a TSCA CBI document
may circulate photocopies of the document at a meeting without logging the
document into the document tracking system if all of the following conditions
are met:
• The author attends the meeting and is present when the docu-
ment is discussed.
• The author collects all copies of the document at the end of the
meeting.
• The author submits all copies of the document for destruction
after the meeting.
58
-------�
TSCA CBI Security Manual 7700
1/93
• The author numbers the copies (i.e., 1 of 6, 2 of 6, etc.)
before distributing them and checks to make sure that all copies
are returned at the end of the meeting.
b. DOCUMENTS THAT HAVE BEEN LOGGED OUT TO AN EMPLOYEE. An
employee who has possession of a TSCA CBI document is permitted to
photocopy the document and circulate the photocopies at a meeting (see section
N of this chapter) if all of the following conditions are met:
• The employee attends the meeting and is present when the
document is discussed.
• The employee collects all copies of the document at the end of
the meeting.
• The employee submits all copies of the document for
destruction after the meeting.
• The employee numbers the copies (i.e., 1 of 6, 2 of 6, etc.)
before distributing them and checks to make sure that all copies
are returned at the end of the meeting.
• TSCA CBI materials can be reproduced only at copying
machines located in secure storage areas or in non-secure
locations that the TSCA security staff has approved for TSCA
CBI duplication.
3. PROCEDURES FOR DISCUSSING TSCA CBI DURING MEETINGS.
a. MEETING CHAIRPERSON'S DUTIES. The meeting chairperson is
usually the person who has scheduled and organized the meeting. If a
chairperson has not been identified, one must be selected at the beginning of
the meeting. The chairperson is responsible for ensuring that only people
cleared for TSCA CBI access are in the room during discussion involving
TSCA CBI. If necessary, the chairperson should consult the TSCA CBI
authorized access list to verify TSCA CBI clearance.
59
-------�
TSCA CBI Security Manual 7700
1/93
The chairperson must also secure the room at the end of the meeting.
This includes cleaning all chalkboards, taking any unneeded TSCA CBI
materials to the DCO for destruction (except personal working papers), and
clearing the room of any information that could lead to disclosure of TSCA
CBI.
b. RECORDS OF MEETING MUST BE TREATED AS TSCA CBI. The
chairperson must remind those who attend the meeting that they must treat as
confidential any notes taken at the meeting. Notes taken at the meeting are
considered personal working papers. They do not have to be logged into the
document tracking system as long as they remain in their originator's
possession. However, if the originator wants to transfer possession of the
notes to someone else, the notes must be submitted to the DCO, who will
assign them a document control number and log them into a document tracking
system.
A meeting attendee must obtain permission from the chairperson to
tape record a meeting. Such recordings may contain TSCA CBI and must be
treated like any other TSCA CBI materials.
Q. TRAVELING WITH TSCA CBI MATERIALS
1. IN GENERAL. It is sometimes necessary for a Federal or contractor
employee authorized for TSCA CBI access to carry TSCA CBI materials while
traveling. If it is impractical to return to work to pick up the materials before
departure or to drop them off after return, the employee can obtain permission
from his or her immediate supervisor to take the materials home.
2. MAINTAINING SECURITY FOR TSCA CBI MATERIALS WHILE
TRAVELING. Any employee who travels with TSCA CBI materials is
responsible for maintaining proper security for the materials. The facility
DCO must log the materials out to the employee before the employee leaves
the facility.
a. STORING TSCA CBI MATERIALS WHILE TRAVELING. While traveling
by plane or other public conveyance, the employee must keep the TSCA CBI
materials in his or her possession. TSCA CBI materials cannot be checked
with luggage.
60
-------�
TSCA CBI Security Manual 7700
1/93
If the employee is traveling by car, he or she should store TSCA
CBI materials in the locked trunk en route. However, TSCA CBI materials
must never be left in the car overnight.
The most secure place to store TSCA CBI materials while traveling
is with the facility DCO at the location that the employee is visiting. When
this is not possible, the employee is permitted to store TSCA CBI materials
overnight in a hotel safe, if the employee obtains a receipt from the hotel
management. TSCA CBI materials placed in a hotel safe must be in a sealed
envelope with no indications on the outside that the envelope contains TSCA
CBI. If no receipt is available, the employee must keep the TSCA CBI in his
or her possession.
b. TRANSFERRING POSSESSION OF TSCA CBI MATERIALS WHILE
TRAVELING. Sometimes, an employee will be assigned to carry TSCA CBI
materials for transfer to another location. After logging out the materials, the
DCO at the employee's facility must double-wrap the materials for transfer
(see section F.2.a. of this chapter). Immediately upon arrival at the
destination, the employee must take the wrapped TSCA CBI materials to the
facility DCO. The DCO will unwrap the materials and log them into the
document tracking system.
R. WORKING WITH TSCA CBI AT A PERSONAL RESIDENCE
Normally, employees are not permitted to take TSCA CBI materials
to their homes. Under special circumstances, such as recuperation from a
long-term illness, a division director or a supervisor of equivalent authority
may grant permission for an EPA employee to use TSCA CBI materials at
home. The supervisor must provide a complete justification supporting the
action to the IMD director. A plan for protecting the TSCA CBI materials
while at the employee's residence must also be provided to the IMD director.
All normal security precautions in this manual must be followed, and the
TSCA security staff will inspect and approve the residence before any TSCA
CBI materials are sent there.
61
-------�
TSCA CBI Security Manual 7700
1/93
S. WORKING WITH TSCA CBI MATERIALS ON COMPUTERS
1. IN GENERAL. EPA takes every precaution to safeguard TSCA CBI
materials that are entered into or manipulated by computers. In addition to
meeting the security requirements of this manual, EPA follows agency
information security protection guidelines in protecting TSCA CBI materials.
Any computer security plan developed for TSCA CBI information must at a
minimum meet the requirements found in this manual.
2. EMPLOYEES MUST OBTAIN AUTHORIZATION TO OBTAIN
ACCESS TO TSCA CBI DATA STORED ON THE MAINFRAME
COMPUTER. Separate authorization is required for employees to obtain
online access to the TSCA CBI mainframe database (see Chapter 2). Online
access allows employees to read, change, manipulate, or obtain data from the
mainframe computer depending on the access rights granted the employee.
Employees do not need authorization to use TSCA CBI on their PCs.
OBTAINING AUTHORIZATION TO ACCESS THE TSCA CBI MAINFRAME
FROM A REMOTE SITE. If an EPA employee, a Federal employee, or a
contractor employee outside of EPA headquarters requires access to TSCA
CBI data stored on the headquarters mainframe, the employee must submit a
complete justification to the IMD director. Prior to permitting telecommuni-
cations access, the TSCA security staff must inspect the requester's site to
ensure proper security protocols are in effect.
3. SETTING UP A LOCAL-AREA NETWORK (LAN). A LAN, linking
the personal computers of a small workgroup, can be used in the processing
and storage of TSCA CBI data. A LAN security plan that adheres to all
requirements of this manual must be developed. The TSCA security staff and
EPA's Office of Information Resource Management must approve the plan
before any TSCA CBI data can be placed on a LAN. Proper software or
hardware encryption devices must be utilized before dial-in access will be
approved.
4. USE OF WIDE-AREA NETWORKS (WANS) IS NOT PERMITTED.
The use of WANs is not authorized to store, process, or transfer TSCA CBI
data. Contact the TSCA security staff regarding any questions about WANs.
62
-------�
TSCA CBI Security Manual 7700
1/93
5. USING PERSONAL COMPUTERS (PCS) TO WORK WITH TSCA
CBI DATA. TSCA CBI-cleared EPA employees, Federal employees, and
contractor employees can use TSCA CBI data on a PC, subject to the
restrictions in this manual.
a. PROCEDURES FOR USING TSCA CBI DATA ON A PC OUTSIDE OF A
SECURE STORAGE AREA. The employee must retain exclusive control over the
operation of a PC and printer while working on a PC outside of a secure
storage area. The employee must ensure that the PC screen is not viewed by
anyone who is not authorized for access to TSCA CBI. If the employee leaves
the PC for any reason, he or she must terminate the computer session as
described in (d) below.
b. PROCESSING AND STORING TSCA CBI DATA ON FLOPPY AND HARD
DISKS. Floppy and detachable hard disks are preferred for storage of TSCA
CBI data. Employees can obtain green floppy disks for TSCA CBI storage
from IMD's TSCA Information Management Branch. If green floppy disks
are not available, the employee can use any diskette to store TSCA CBI
information after stamping it as containing TSCA CBI data.
Hard disks can be used to process and store TSCA CBI data under
limited conditions:
• TSCA CBI data can be processed on a PC's fixed hard disk
when the PC is located in a secure storage area.
• If an employee is working with TSCA CBI data on a PC with
a fixed hard disk in an unsecured area, the employee must
erase the hard disk at the end of each session and verify the
erasure. To erase the hard disk, the employee must use an
approved utility program at the end of each session. Contact
the TSCA security staff for a list of approved utility programs.
• Detachable hard disks can be used to store TSCA CBI data,
and their use is encouraged. The hard disks must be removed
from the PC after each session, unless the PC is located in a
secure storage area.
63
-------�
TSCA CBI Security Manual 7700
1/93
c. MAINTAINING SECURITY FOR FLOPPY AND DETACHABLE HARD
DISKETTES CONTAINING TSCA CBI DATA. The procedures for storing TSCA
CBI hard-copy materials apply to storage of floppy and detachable hard
diskettes (see section B of this chapter). When disks are no longer needed or
are damaged, they should be given to the DCO for destruction (see section O
of this chapter).
d. TERMINATING A TSCA CBI PC SESSION FOR PCs LOCATED OUTSIDE
SECURE STORAGE AREAS. Proper termination of a PC session involving TSCA
CBI data consists of the following steps:
1) The employee should transfer the TSCA CBI data to the floppy or
detachable hard disk.
2) The employee should verify that the transfer was completed.
3) The employee should ensure that a backup file does not exist for the
TSCA CBI that was processed during the session.
4) The employee should remove the floppy or detachable hard disk
from the PC.
5) The employee should erase the data from the hard disk using an
approved program.
6) The employee should verify that the erasure has taken place.
7) The employee should turn off the PC.
e. SECURITY PROCEDURES FOR PC PRINTOUTS OF TSCA CBI DATA.
The security procedures for storing TSCA CBI hard-copy materials apply to
storage of TSCA CBI data that is printed on a PC printer and to storage of the
printer's ribbon (see section B of this chapter). An employee using a printer
with internal memory, such as a laser printer, must turn off the printer
after each TSCA CBI printing session and verify that no TSCA CBI data
remain in the printer's memory cache or buffer.
64
-------�
TSCA CBI Security Manual 7700
1/93
6. USING THE TSCA CBI MAINFRAME COMPUTER. EPA stores and
processes TSCA CBI on a dedicated mainframe computer, which is not
networked with any other computers. TSCA CBI data cannot be stored on any
other mainframe computer without approval from the IMD director and
certification by the TSCA security staff. For information about the necessary
security for such systems, contact the TSCA security staff.
a. PROCEDURES FOR EMPLOYEES TO OBTAIN PRINTOUTS OF TSCA CBI
DATA FROM THE MAINFRAME COMPUTER. All Federal employees who are
authorized for access to TSCA CBI are permitted to use printouts from the
TSCA CBI mainframe computer and to view a computer screen that contains
TSCA CBI. Employees who want to obtain a printout should submit a
computer search request form to the OPPT DCO (unless they are networked
via encryption), no matter what facility they work in.
b. SECURITY PROCEDURES FOR PRINTOUTS FROM THE TSCA CBI
MAINFRAME COMPUTER. Not all data on the TSCA CBI mainframe computer
are confidential. However, all printouts from the mainframe computer must
be assumed to be TSCA CBI until the employee who has obtained the printout
determines whether it contains TSCA CBI. The employee is required to make
this determination in consultation with the OPPT or facility DCO. The same
procedure applies to information displayed on a computer screen and copied
by an employee. The security procedures are summarized here.
• The DCO must log the printout into the document tracking sys-
tem, stamp it as TSCA CBI, assign a document control
number, cover the document with a TSCA CBI cover sheet,
and treat it like any other TSCA CBI document.
• If a printout contains no TSCA CBI, the employee must certify
that fact by signing and dating the front page of the printout.
• If the employee initially determines that a printout contains
TSCA CBI and later reverses that decision, he or she must sign
and date the front page of the printout, initial the TSCA CBI
cover sheet, remove the TSCA CBI cover sheet, and notify the
DCO of the new decision so the document tracking system can
be updated.
65
-------�
TSCA CBI Security Manual 7700
1/93
7. MINI COMPUTERS. Mini computers can be used to process TSCA CBI
data if they are approved by the TSCA security staff. To obtain approval, the
facility DCO must prepare a security plan describing (a) how TSCA CBI data
would be protected during processing and (b) how access to the mini computer
would be restricted. The plan should be submitted to the TSCA security staff.
SECURITY CONTROLS FOR TSCA CBI DATA ON MINI COMPUTERS. At
a minimum, the mini computer must be located inside a TSCA CBI secure
storage area. Additional hardware and software controls should supplement
the physical security controls. No dial-in access to this type of computer will
be approved unless proper software or hardware encryption devices are in
place. The security plan must adhere to all requirements of this manual. For
further details, contact the TSCA security staff.
8. SECURITY FOR TSCA CBI DATA STORED ON CONTRACTOR'S
COMPUTERS. EPA contractors cannot place TSCA CBI on a mainframe
computer system, mini computer system, or shared-logic computer system
without authorization from EPA. A contractor's computer system and site
must be inspected and approved by the TSCA security staff before the data can
be transferred.
Authorized EPA contractors who use TSCA CBI must follow all
computer security requirements established for EPA. Contractors are allowed
to use standalone PCs for processing TSCA CBI by adhering to the procedures
contained in this manual.
T. DEVELOPMENT OF PHOTOGRAPHIC MATERIALS
1. PHOTOGRAPHS CAN BE CLAIMED AS TSCA CBI. When a
company claims that photographs taken during EPA inspections and plant visits
are TSCA CBI, the film must be shipped to the OPPT DCO for processing
and development. Processing or development by a private or commercial
laboratory is prohibited.
The film should be labeled as TSCA CBI, double-wrapped, and
prepared for shipment following the same procedures used for shipment of any
other TSCA CBI media (see section F of this chapter). It should be sent to
OPPT DCO, Information Management Division, (TS-790) EPA, 401 M St.
66
-------�
TSCA CBI Security Manual 7700
1/93
S.W., Washington, D.C. 20460. The OPPT DCO will arrange for
development and return photographs and negatives to employees within 30
days. If faster turnaround is required, the OPPT DCO should be contacted to
arrange special handling.
2. VIDEO TAPES CAN BE CLAIMED AS TSCA CBI. If an EPA
employee utilizes video equipment during an inspection or plant visit, and the
company wishes to claim the tape as TSCA CBI, the tape should be handled
and controlled as any other TSCA CBI material.
67
-------�
TSCA CBI Security Manual 7700
1/93
CHAPTER 5
REPORTING AND INVESTIGATION OF
VIOLATIONS OF PROCEDURES, LOST
DOCUMENTS AND UNAUTHORIZED
DISCLOSURES
All employees who are authorized for TSCA CBI access are required
to follow this manual's procedures, which secure TSCA CBI from
unauthorized public disclosure. They are responsible for reporting (1) possible
violations of security procedures, (2) the loss or misplacing of TSCA CBI
materials, and (3) any unauthorized disclosure of TSCA CBI materials.
The security procedures in this manual are enforceable by
administrative penalties, set forth in this chapter. The IMD director will
decide when to apply these penalties.
A. EMPLOYEE REPORTING PROCEDURES
1. ORAL REPORT MUST BE MADE WITHIN ONE WORKING DAY.
Any TSCA CBI-cleared employee of EPA or another Federal agency must
provide oral notice to his or her division director within one working day if
he or she thinks it is possible that
• TSCA CBI security procedures have been violated.
• TSCA CBI materials have been lost or misplaced.
• An unauthorized person has obtained access to TSCA CBI data.
Contractor employees must provide oral notice to their project officer.
2. WRITTEN REPORT MUST BE MADE WITHIN TWO WORKING
DAYS. Within two working days, the employee must follow up the oral
report with a written report. EPA or Federal employees must provide the
written report to their division director. Contractor employees must provide
the written report to their project officer.
69
-------�
TSCA CBI Security Manual 7700
1/93
The written report must describe (1) the possible violation of
procedures, (2) the unauthorized disclosure of TSCA CBI, or (3) the materials
believed lost or misplaced. It must also include a description of any relevant
circumstances known by the employee.
The employee or his or her supervisor may examine files and discuss
the matter with other individuals to try to determine what occurred. However,
only the TSCA security staff is authorized to conduct interviews, review logs,
and carry out a detailed investigation.
EMPLOYEE'S DIVISION DIRECTOR OR PROJECT OFFICER'S DUTIES. The
employee's division director or project officer must review the employee's
report and provide any additional comments or information that are relevant.
The division director or project officer must forward the report to the IMD
director within two working days of receiving it. If the division director
reviews the employee's report and determines that no violation of procedures,
loss of TSCA CBI, or unauthorized disclosure has occurred, the division
director is not required to forward the report to the IMD director.
B. REVIEW AND INVESTIGATION OF EMPLOYEE'S REPORT
The IMD director will review the employee's written report and may
request an investigation by the TSCA security staff.
1. WHEN POSSIBLE VIOLATION OF THIS MANUAL'S SECURITY
PROCEDURES HAS OCCURRED. The IMD director must notify the TSCA
security staff of any alleged violation of this manual's procedures. In such a
case, the IMD director will (1) direct the TSCA security staff to investigate the
reported violation, (2) determine what administrative penalties, if any, are
appropriate, and (3) recommend sanctions to the supervisors of the affected
employees. Supervisors are responsible for imposing sanctions.
The IMD director will also confer with the affected employees'
supervisors to identify procedures for handling, using, or storing TSCA CBI
materials that will prevent recurrence of violations.
70
-------�
TSCA CBI Security Manual 7700
1/93
2. WHEN TSCA CBI MATERIALS CANNOT BE ACCOUNTED FOR.
The IMD director will immediately review the employee's report of lost or
misplaced TSCA CBI documents and decide whether evidence indicates that
the TSCA security staff should begin an investigation.
NOTIFICATION TO THE SUBMITTING COMPANY. The IMD director must notify
the affected company that its TSCA CBI data is missing. The IMD director
must provide a written notice to the company within four working days of
receiving the employee's report. The written notice must identify the lost or
misplaced document and state the date on which it was discovered to be lost
or misplaced.
3. WHEN UNAUTHORIZED DISCLOSURE OF TSCA CBI MATERIALS
MAY HAVE OCCURRED. The IMD director will immediately review the
employee's report that TSCA CBI may have been disclosed to someone who
is not authorized for access to it. He or she will determine whether evidence
indicates that the TSCA security staff should begin an investigation.
a. NOTIFICATION TO THE SUBMITTING COMPANY. If the TSCA security
staffs investigation determines that unauthorized disclosure did occur, the
IMD director must notify the affected company. The IMD director must
provide a written notice to the company within four working days of receiving
the employee's report. The written notice must contain a description of the
TSCA CBI that was disclosed and the date of the disclosure.
•
b. EPA OFFICE OF INSPECTOR GENERAL. If the TSCA security staffs
investigation reveals any evidence of a knowing and willful unauthorized
disclosure of TSCA CBI, the matter must be immediately transferred to the
EPA Office of Inspector General.
C. PENALTY GUIDELINES FOR VIOLATION
OF THIS MANUAL'S PROCEDURES
The IMD director is responsible for enforcing the procedures in this
manual. It is up to him or her to assess the possible breach of TSCA CBI
security or procedures and determine an appropriate action, which can include
administrative penalties or criminal charges. Responsibility for implementing
the IMD's recommended action rests with the division director of an EPA or
71
-------�
TSCA CBI Security Manual 7700
1/93
Federal employee or, for contractor employees, with the division director who
requested TSCA CBI access for the contractor.
The purpose of the penalties described in this chapter is to prevent
or discourage the recurrence of violations. Penalties imposed or actions taken
must be fair, consistent, and well-reasoned. The security procedures in this
manual are enforceable by administrative penalties.
1. DETERMINING THAT A VIOLATION HAS OCCURRED. The IMD
director reviews the employee's written report and the TSCA security staffs
report on its investigation to determine whether an employee has violated this
manual's procedures.
2. DETERMINING AN APPROPRIATE REMEDY. If a violation has
occurred, the IMD director must recommend to the individual's supervisor an
appropriate remedy. Remedies can include one or a combination of the
following: (1) administrative penalties, (2) criminal penalties, and (3)
corrective actions.
To determine an appropriate remedy the IMD Director must weigh
• The seriousness of the violation and the potential for
unauthorized disclosure of TSCA CBI because of the violation.
• The degree of the employee's negligence.
• Whether the individual has previously committed a similar
violation.
• Whether the individual has previously committed any other
violation of this manual's procedures.
• The frequency with which the individual uses or handles TSCA
CBI in the course of fulfilling his or her duties.
72
-------�
TSCA CBI Security Manual
7700
1/93
3. ADMINISTRATIVE PENALTIES. The IMD director should recommend
an administrative penalty if an individual was grossly negligent or if the
individual had previously incurred a similar violation, even if the violations
were not serious. Administrative penalties are listed here.
Nature of Offense
1st Offense
2nd Offense
3rd Offense
CBI is not compro-
mised and breach
is unintentional
counseling
by supervisor
to oral
reprimand
oral reprimand
to written
suspension
1-day
suspension
to removal
CBI is compromised
but breach is
unintentional
Deliberate
procedural
violation *
oral or written 1-day to
reprimand to 5-day
5-day suspension suspension
7-day
suspension
to removal
30-day
suspension
to removal
removal
* This category covers only deliberate procedural violations that
do not result in the unauthorized disclosure of TSCA CBI. If
IMD's investigation reveals any evidence of the knowing and
willful unauthorized disclosure of TSCA CBI, the matter will be
immediately referred to the EPA Office of Inspector General.
4. CRIMINAL PENALTIES. The IMD director should recommend a
criminal penalty if an individual willfully disclosed TSCA CBI to any person
not authorized to receive it. The individual who disclosed TSCA CBI may be
liable under Section 14(d) of TSCA (15 U.S.C. 2613(d)) for a fine of up to
$5,000 and/or imprisonment for up to one year. In addition, disclosure of
TSCA CBI or violation of the procedures cited above may subject an
individual to disciplinary action with penalties ranging up to and including
dismissal.
73
-------�
TSCA CBI Security Manual 7700
1/93
5. CORRECTIVE ACTIONS. The IMD director should recommend
corrective actions when (1) an administrative penalty would be too severe a
remedy and (2) the corrective action is likely to prevent or discourage future
violations either by the individual or by other individuals. Corrective actions
recommended by the IMD Director should fit the individual characteristics of
each violation.
The purpose of taking a corrective action is to prevent or discourage
future violations. Corrective actions may be procedural, instructional, or
disciplinary in nature. Such actions include training, revision of work
procedures, removal of the individual's name from the TSCA CBI authorized
access list, and other options.
6. IMD DIRECTOR CAN ALSO RECOMMEND THAT NO ACTION BE
TAKEN. The IMD director has the option of recommending that no action be
taken if fault cannot be ascribed to any individual or a modification of TSCA
CBI handling procedures would yield no greater level of protection to TSCA
CBI.
74
-------�
TSCA CBI Security Manual 7700
1/93
INDEX
administrative penalties 7,68,69,70-73
aggregation of TSCA CBI 35,53-54
annual briefing 6,7,15,16,25
audit of documents 1,5,7,8,14-18,25-26,30,36,38,43
Authorized Access List 5,6,7,14,15,17,34,42,44,47,49,59,73
automated document tracking systems 5,7,15,18,29-31
backup for automated document tracking systems 30-31
bar codes 30
broken reproduction machines 56
CBIC vi,vii,l,5,30,33,40,43,50,58
CBITS 5,7,16,18,30,36
certified mail 45-47
challenging TSCA CBI claims 27-28,54-55
computer access authority 3-6,8,14,15,17,57,62-66
Congressional access 3,23-24
Congressional Access Log 23, Appendix 20
Contractors and Contractor employees i,vi,vii,l,9-
18,23,25,28,29,33,34,39,44-45,48,52,57,60,62,66,69,71
75
-------�
TSCA CBI Security Manual 7700
1/93
copies 55-57,58-59
copy numbers 56,59
corrective actions 71,72,73
couriers vii,32,45-47,57
creating new TSCA CBI documents 26,35,51-54
creating TSCA non-CBI documents 35,53-54
criminal penalties 1,19,22,71-72
DAPSS 7,16,18,30,36
DCO relinquishes responsibilities 37-38
declassifying TSCA CBI materials 54-55
destruction of TSCA CBI materials vi,31,35,57-59,64
Destruction Log 58
Director, Office of Pollution Prevention and Toxics vi
Division Director 9,13,20,26,35,41,61,68,69,71
Document Control Assistants vii,47,55
Document Control Officers (DCOs) iv,vi,vii,3-8,11-18,20,22,23,25-52,54-
61,64-67
document control numbers 29-32,36,51,56,60,65
76
-------�
TSCA CBI Security Manual 7700
1/93
document tracking system iv,vi,27,29-31,36,37,42-44,50-52,55-
58,60,61,65
double-wrapping TSCA CBI materials 46
electronic entry cards 8,18,42
electronic mail transmissions 50
facsimiles containing TSCA CBI, sending and
receiving 45,47-49
final confidentiality determination 26,27-28,35,55
floppy disks 63-64
forms
TSCA CBI Access Request, Agreement and Approval,
7740-6: 3,6,12,16, Appendix 1
TSCA CBI ADP User Registration, 7740-25: 4,13, Appendix 2
Standard Form 86: Questionnaire for Sensitive Positions: 4,12,13,
Appendix 3
Fingerprint chart, FD-258: 12, Appendix 4
Request for Approval of Contractor Access to TSCA CBI,
7740-17: 9, Appendix 6
Contractor Information Sheet: 11, Appendix 7
Confidentiality Agreement for US Employees Upon
Relinquishing TSCA CBI Access Authority,
7740-16: 7,8, Appendix 9
Confidentiality Agreement for Contractor Employees Upon
Relinquishing TSCA CBI Access Authority,
7740-18: 16, Appendix 10
Employee Separation or Transfer Checklist,
3110-1: 9, Appendix 11
77
-------�
TSCA CBI Security Manual 7700
1/93
Receipt Log for TSCA CBI, 7710-10: 31,32,36,37,51,57, Appendix
15
Inventory Log for TSCA CBI, 7710-11: 5,7,15,16,18,26,31,35-37,55,
57, Appendix 16
Federal Agency, Congress, and Federal Court Sign-out
Log, 7710-13: 23, Appendix 20
guiding principle 1-2
hand delivery 44,46,52
hard disks 63-64
hardcopy TSCA CBI 26,37,64,65
hotel safe, storage of TSCA CBI in 61
IMD Director vi,9-ll,13,16,19-23,25,29,41,61,62,65,68-73
individual access files 4,5,13,15
initial security briefing 4,5,13-14
inventory 5,7,14,15,18,25,26,30,35-37,55,57
Inventory Log 5,7,15,16,18,26,31,35-37,55,57
language, required contract 10, Appendix 8
loan receipts ii,44,52-56
local area networks 62
lock combinations 33-34,42
lost documents 5,8,15-17,35,37-38,68-70
luggage, storage of TSCA CBI in 60-61
78
-------�
TSCA CBI Security Manual 7700
1/93
mailing TSCA CBI vii, 10,11,20-23,27,32,44-46,50,52,57
mainframe computers 62,65
maintaining access authorization vii,5-6,14-15,25-26,36
managers' responsibilities 28-29
manual tracking systems 31
manual updates 2, Appendix 21
meetings 58-60
meeting chairperson 59-60
mini computers 66
Minimum Background Investigation 13,16
monthly access listing 4,34
new documents 26,35,51-54
notice to affected businesses 10-11,19,21,22,70
OPPTDCO iv,vi,vii,3-8,ll-18,20,22,23,29-31,33,34,38,44,45,57,65-67
other agencies, authorizing for TSCA CBI vii,l,2,3,18-24
overdue documents 26,35,37
PCs 4,63-64
personal working papers 51-53,56,57,58-59
79
-------�
TSCA CBI Security Manual 7700
1/93
photographic materials 66-67
printouts 57,64-65
project officer vii,viii,3,9-13,18,25,28,57,68,69
Receipt Log 30,31,32,36,37,51,56,57
relinquishing TSCA CBI access authority 7-9,16-18,37-38
reporting violations 25,68-70
reproduction of TSCA CBI materials vi,35,55-57
requesting officials vii,3,4,6,7,13-16,20,22,46
residences, use of TSCA CBI in 61
return of TSCA CBI to a DCO 7-8,16-18,43
return receipts 43,46-47
ribbons and microfiche 53,57
sanitizing documents 35,53-54
secure storage areas 8,17,33,39-43,63,64
security briefing 4-7,13-16,25-26,35
storage containers 39,40,41
storage of TSCA CBI materials 1,2,6,8,10,15,17,23,29,33-35,39-
44,48,51,55,58,60-64,66
subcontractors 10,11
80
-------�
TSCA CBI Security Manual 7700
1/93
submitter drops claim 54
telephone discussion of TSCA CBI ii,49-50
telephone logs 50, Appendix 19
tele-video conferences 50-51
termination of access 6-9,16-18,37-3 8
terminology vi-viii
transfer of TSCA CBI between employees 43,44,52-53,58-59,61
traveling with TSCA CBI materials 60-61
TSCA CBI Stamp 1,32,36,39,51,53,65
TSCA CBI Cover Sheets 1,32,36,39,51,53,55,58,65
TSCA Security Staff vi,10-23,41,55,57,61-63,65,66,69,70
typing TSCA CBI materials 52-53
unaccounted for TSCA CBI materials 5,8,15-17,35,37-38,68-70
unauthorized disclosure of TSCA CBI materials 19,22,39,68-72
videotapes 67
violations of this manual's procedures vii,25,68-73
Visitors Log i,42
waiver for immediate access 4-5,14
wide area networks 62-63
81
-------�
TSCA CBI Security Manual Appendix 1
Please read Privacy ActStatementandlnstmctignson^ Fonr^approved. OMB No. 2070-0075. Approval expires 01-31-95
United States Environmental Protection Agency
Washington, DC 20460
—^ ^•^•••^^•k ^K »» oai in iy IVM if u\* «.wuw
V>EPA TSCA CBI Access Request, Agreement and Approval
Section I.-Access Request
1. Name (Last, First, Ml)
4. Requestor (Agency/Office/Division/Branch)
2. Social Security Number
5. Document Control Officer (DCO)
3. Telephone Number
6. DCO Telephone Number
7. TSCA Sections for which access is
required. Check all that apply. Use blank
space to request other sections not listed.
ALL
-OR-
12
13
21
8. Justification for TSCA CBI access.
Select appropriate code from instructions on
reverse side. (Check one or all that apply.)
Other
List Justification on
reverse side
Section II. - Contract Information - Contractor Employees Only
9. Employer's Name
1 1 . Contract Number
10a. Employer's Address
lOb. City
1 2. EPA Project Officer
10c. ST
10d. Zipcode
1 3. EPA Project Officer Telephone
Section III. - OPPT Secure Storage Area Access - HQ Federal and HQ Contractor Employees Only
14 Check if EPA ID Badge (RUSCO-TMl. Badge is required.
Yes (New) | | Need Replacement
No (List Present EPA ID Badge Number
(List Present OPPT Barcode
OR
Need
Barcode
1E
. List OPPT Restricted areas hy Di
Home Division (24 hour access)
visio
n to which physical access is requirar
Other Divisions (6A.M.- 6P.M. only)
Access to CBIC only
IMD (DCO and IMD Computer Rms.
16. List OPPT areas by Division and Room Number for which Alarm Activation/Deactivation Authority is requested.
Section IV. - Confidentiality Agreement
I understand that I will have access to certain Confidential Business Information submitted under the Toxic Substances Control Act (TSCA, 15 USC
2601 et seq.). This access has been granted in accordance with my official duties relating to the Environmental Protection Agency programs.
I understand that TSCA CBI may be used only in connection with my official duties and may not be disclosed except as authorized by TSCA and
Agency regulations. I have read and understand the procedures set forth in the TSCA Confidential Business Information Security Manual. I agree that I
will treat any TSCA CBI furnished to me as confidential and that I will follow these procedures.
I understand that under section 14(d) of TSCAM5 USC 2513(d)), I am liable for a possible fine of up to $5,000 and/or imprisonment for up to one year
if I willfully disclose TSCA CBI to any person not authorized to receive it. In addition, I understand that I may be subject to disciplinary action for
violation of this agreement with penalties ranging up to and including dismissal.
I certify that the statements I have made on this form and all attachments thereto are true, accurate, and complete. I acknowledge that any knowlingty
false or misleading statement may be punishable by fine or imprisonment or both under applicable law.
17.
Signature
of En
nployee
18. Date
Section V.- Requesting Official Approval
1 9. TSCA CBI Security Briefing Date
20. Name and Signature of Requesting Official. (Immediate Supervisor - EPA Project Officer for Contractors)
As the immediate supervisor of (or the EPA Project Officer for) the above mentioned employee, I certify he/she has
successfully completed a TSCA CBI Security Briefing on the date shown.
Name Signature
21. Date
Section VI.- OPPT Security Approval
22. Date Received
DCO Cade
24. Approved (TSCA Security Official Signature)
Barcode
Status Code
Alarm Zones
25 Approval Date
Data Entry Date and Initials
1. 2.
EPA Form 7740-6 (Rev. 9-92). Replaces previous version of 7740-6 and 7740-6A.
-------�
TSCA CBI Security Manual
7700
1/93
Paperwork Reduction Act Notice
The public reporting burden for this collection of information is estimated to average .84 hours per response. This estimate includes time for reviewing instuctions,
gathering and maintaining the needed data, and completing and reviewing the collection of information. Send comments regarding the burden estimate or any other aspect
of this collection of information to the Chief, Information Policy Branch (PM-223), US Environmental Protection Agency, 401 M Street, SW, Washington! DC 20460, and
to the Office of Information and Regulatory Affairs, Office of Management and Budget, Washington, DC 20503, marked ATTENTION: Desk Officer for EPA.
Privacy Act Statement
Collection of the information on this form is authorized by section 14 of the Toxic Substances Control Act (TSCA) 15 USC 2613. EPA uses this information
to maintain a record of those persons cleared for access to TSCA Confidential Business Information (CBI) and to maintain the security of TSCA CBI.
Disclosure of this information may be made to Office of Pollution Prevention (OPPT) contractors in order to carry out functions for EPA compatible with purpose
for which this information is collected; to other Federal agencies when they possess TSCA CBI and need to verify clearance to EPA and EPA contractor employees for access;
to the Department of Justice when related to litigation or anticipated litigation involving the records or the subject matter of the records; to the appropriate Federal, State or
local agency charged with enforcing a statue or regulation, violation of which is indicated by a record in this system; where necessary, to a State, Federal,/* local agency
maintaining information pertinent to hiring, retention, or clearance of an employee, letting of a contract, or issuance of a grant or other magistrate or administrative tnbunal;
to opposing counsel in the course of settlement negotiations; and to a member of Congress acting on behalf of an indivdual to whom records in this system pertain.
Furnishing the information on this form, including your Social Security Number, is voluntary, but failure to do so will prevent you from being given access to
TSCA CBI and will therefore make impossible the performance of any task which requires access to TSCA CBI.
Instructions for Form Completion
Section I - To be completed by all
1. List Full Name
2. List Social Security Number
3. List Telephone number of person in item 1
4. List Full Acronym of Requesting Office (ie. EPA Office in
which the indivdual works or for contractor employees, the EPA
Office with whom the contract is with)
5. List the immediate Document Control Officer for the office in
which the individual works
6. List the telephone number of the Document Control Officer
7. Check the TSCA Sections for which access is requested or
check ALL if applicable
8. Cirlce the appropriate Access Justification Code
A. Employee is an EPA employee or EPA contractor employee
whose work assignments involve the New and/or Existing
Chemical Programs of TSCA. Hence access to the TSCA sections
listed in item 7 of this form is required in performance of his/her
duties.
B. Employee is an EPA employee or EPA contractor employee
whose work entails the administration of computer systems
housing TSCA CBI. Hence access to the TSCA sections listed in
item 7 of this form is required.
C. Employee is an EPA employee or EPA contractor employee
whose work entails physical security or maintenance for TSCA
CBI secure storage areas. Although employee will not actually
work with any TSCA CBI materials, access to the TSCA sections
listed in item 7 of this form is required.
D. List Justification here
Section II - To be completed by Contractor Employees only
9. List Employer's name
lOa-d. List Employer's address
11. List Contract number
12. List EPA Project Officer's name
13. List EPA Project Officer's telephone number
Section HI - To be completed by HQ Federal and HQ
Contractor employees only
NOTE: These procedures apply only to employees requiring
access to OPPT Secure Storage areas. All others follow
standard Agency procedures.
14. Check either box a, b, c or (c&d) for EPA ID badge or
Contractor Building Pass. If box c is checked, write in badge
number.
a. Yes - Check if new employee getting first EPA ID Badge.
(New programmed badge and barcode)
b. Need Replacement - Check if replacement ID Badge is
needed (replacement badge and barcode)
c. No - Existing badge needs programming. List ID Badge no.
d. Need Barcode - Check if existing badge does not have an
OPPT barcode on it. (OPPT barcodes are for logging documents
out of the OPPT Confidential Business Information Center only)
15. Check and list OPPT secured areas for which access (via
"RUSCO" electronic door control system) is required. List
Division acronyms for the requested areas.
Home Division - List Division in which employee works
Other Divisions - List other OPPT Divisions for which
unrestricted daytime access is requested
CBIC Only - To be checked for those who only need to access
the Confidential Business Information Center.
IMD Areas - Employees who need to regularily access the IMD
Document Control Office Suite should circle DCO in the fourth
block. Only IMD staff and contractors who work in IMD
computer rooms should circle IMD Computer Rooms.
16. List OPPT areas by Division and Room numbers for which
Alarm Activation/Deactivation authority is requested. Generally,
this is employees home Division only.
Section IV - To be completed by all
17. Employee Signature (must be original)
18. Signature Date
Section V - To be completed by all
19. Enter date employee attended TSCA CBI Security Brieifing
20. Immediate Supervisor/EPA Project Officers name and sign.
21. Date of signature
Section VI - To be completed by OPPT Security
-------�
TSCA CBI Security Manual Appendix 2
PLEASE READ THE INSTRUCTIONS ON THE REVERSE SIDE BEFORE COMPLETING THIS
(Please Print or Type - Do not mark in shaded areas)
7701
1/93
Untrtd StUM Emnronrmntal Prelwlion A«*ncy
Wohinguxi. D.C. 20460
CBI ADP USER REGISTRATION
Section I - Action - Cheek aB appropriate boxes
) Assign new userid and password
] Add User to Systems
) Update User Information
] Delete User from Specific Accounts
j Delete Users from All Systems
(Complete all items in Section II, except 2 and 15. Complete Section IV.)
(Complete all items in Section II. except 15. Complete Sections III and IV.)
(Complete all applicable information in Section II, including Hem 2. Complete Section IV.)
(Complete items 1, 2, and 3 in Section II only. Complete Sections III and IV.)
(Complete items 1. 2, and 15 in Section II. Complete Section IV.)
Section It •Users Assigned to System {see Instructions on reverse side}
1. User Name (Last First, Ml)
2. Userid
3. Company or Employer
4. Office/Division/Branch/Section (For EPA employees only)
5. Address (Street or P.O. Box)
6. Telephone Number (include area code)
7. City
8. EPA Region
0. EPA Mail Code
10. State
11. Zip Code
12. User Status - Check one: [ ] EPA [ ] EPA Contractor
Federal Non-EPA
13. TSCA CBI Security Briefing Date
Circle TSCA clearance: Sections [ALL]-or-(3] [4] [5] [6] [8] [13] [20] [21]
14. Check the type of [ ] Database Administrator [ ] Data Entry Staff [ ] Technical Consultant [ ] Developer
work to be performed: [ j RTF Operations/Systems Staff ( ] Retrieval Staff [ ] Query (Read Data)
15. Enter the access termination date of the user identified above: (Month:
Date:
Year: 19
Section III - TSCA Systems (see Instructions on back-Do not mark In shaded areas)
ft.
16. Mainframe Hardware Code:
16a. Mainframe System to Access (list one):
Group:
Natural (Date: ..JLJLJ bjr
17. Mainframe HarcKvare Code:
17a. Mainframe System to Access (list one):
Accotttttr -' , - " TSO {Y| |NJ
Natural (D^'iJLJLJ »V
18. LAN Hardware Code:
10. LAN Hardware Code:
Section IV • Signature Authority (Required before Processing)
20. Requesting Official Name
(Type or Print):,
21. Signature of Requesting Official (Required)
22. Request Date:
23. Phone Number:
24. Document Control Officer Name (Type or Print):.
26. Date Signed:
27. Phone Number:
25 Signature of Document Control Officer (Required)
RETURN ALLftEQUESTStO; UJS. ENVlflONMENTAl. PROTECTION AQENCY, OFFICE Of pOU.UnON WEVENTjOfJ AND TOXICS,
I MAIMFRAME/tAN COORDINATOR, (TS-TSSJ, «01 M «TRECT» S.W., WASWNOfON, 0,CX 8Me»
Section y-Signature (For Matnframe and LAN Coordinator's Use)
28. Mainframe or LAN Coordinatof* Sljjnattire:
29. Date Receded:
30.
31, Date Com^etsd: "",
FA horm //4u-ijt)
-------�
TSCA CBI Security Manual
7700
1/93
Section VI - Instructions
INSTRUCTIONS; This rejgistratlbn iprm is used to request user access to data or removal of pdvSeges
previoysiygrsBitedio users on Ine Mainframe and Ihe IAN. Alf forms must to signed in
Sectten }V,: iflo rectiiest v«81» proeessedl *i*rliout ^» poper statures.
Section I: Action • Check ill appropriate boxes.
This section gives the user an explanation ol each action.
[ ] Assign New Id and Initial Password
Check this item if the applicant does not have Mainframe or LAN access.
Complete all Hems in Section II, except 2 and 15. For Mainframe access,
the user must also request access to at least one system; therefore 'Add
User to Accounts* must also be checked. The desired system(s) which the
user needs access should be identified in Section III.
[] Add User to Accounts
Check this Hem If the user already has access to the Mainframe.
Complete all Hems in Section II, except 14. The desired system(s) which.
the user needs access should be identified in Section III.
[ ] Update User Information
Check this item if the user needs to update employment information.
Complete all applicable information in Section II, including Kern 2. Items
13,14, and 15, in Section II need not be completed.
[ ] Delete User from Accounts
Check this item if the user no longer needs access to specific system(s).
The user wil not be deleted from the hardware, but will be deleted from
the systems identified in Section III. Therefore, complete Section III and
items 1, 2, and 3 in Section II.
[ ] Delete User from al Systems
Check this item if the user no longer needs access to the Mainframe and
LAN hardware. This should be checked when a person terminates
employment or no longer needs
access to any TSCA system.
Section N: Users Assigned to
This section refers to the applicant's actual employment duty station, (i.e. If the applicant
is a contractor and works at an EPA facility, the address information is the EPA site.)
Item 1: Enter the name of the users to be added to, or
deleted from the system. Use the last name,
first name, and middle initial format.
Item 2: For mainframe users, enter the three character
userid assigned to the user identified in Hem 1
above. If the user needs a userid, leave this Hem
blank. Userids are not required for LAN users.
Item 3: Enter the user's employer or company name.
Item 4: Enter the office, division, branch, and section of
the user. This applies to EPA employees only.
Item 5: Enter the user's maling address.
Item 6: Enter the user's telephone number.
Item 7: Enter the user's actual mailing city.
Item 8: Enter the user's Region.
Item 9: Enter the user's mail code.
Item 10: Enter the user's 2-digit mailing state
abbreviation.
Item 11: Enter the user's 5 or 9-digit mailing zp code
Item 12: Sett-explanatory
Item 13: Enter last briefing date. Circle all sections of TSCA
which the user is authorized to access.
Item 14: Check the block which describes the task the user will perform
Item 15: Enter the date on which the user will no longer
need access.
Section HI: TSCA - This section contains a collection of hardware and systems to access. Each registration form allows users to request access to two Mainframe
and two LAN . Each hardware type is identified by a code which should be entered in this section. Use the list below to assist you in selecting the desired TSCA
hardware and systems to access.
Items 16 & 17: Enter the Mainframe hardware code to which access is requested. Only one code should be entered per Hem. To obtain access to the IBM 4381
Confidential (CBI) Production, enter code A. To obtain access to the IBM ES9000 Non-Confidential (NCBI) Production and Development , enter
codeB
Items 16a & 17a: Enter the Mainframe system to which access is requested. Only one system should be entered per Hem. The systems on the IBM 4381 CBI
Mainframe are: CICIS/CCID Facility (CCF). CAIR, CCID, CHEMD, CICIS, CUS, DAPSS, DMIS, PENTA, SATS, TUPS, Level 8(a), and Batch
Retrieval (BR)
The systems on the ES9000 NCBI Production are: CECATS, CICIS, Batch Retrieval (BR) and MITS.
The systems on the ES9000 NCBI Development are: CICIS/CCID Facility (CCF). CAIR, CCID, CHEMD, CICIS, CUS, DAPSS, DMIS, PENTA,
SATS, TUPS, Level 8(a), MITS. CECATS, and Batch Retrieval (BR).
Items 18 & 19: Enter the LAN hardware code to which access is requested Only one code should be entered. To obtain access to the CBITS LAN, enter code C
To obtain access to the Administrative LAN, enter code D. To obtain access to the Image Processing LAN, enter code E To obtain access to the
New Chemical LAN, enter code F.
For NCC and Operations Staff: To obtain mainframe access, select the appropriate hardware code and enter the four character account number in the "Mainframe
System to Access (list one)" field
Section IV • Signature Authority (Required before Processing): No request will be propcessed without the proper signatures.
Items 20 through and 23 should to be completed by the Requesting Official who is authorized to approve request. This person should be the supervisor of the applicant
listed in t em 1 of Section II.
Items 24 through 27 should to be completed by the Document Control Officer of the applicant listed in item 1 of Section II.
Section V. Signature (For Mainframe and LAN Coordinator's Use): This section should be completed by the Mainframe and LAN Coordinator only.
-------�
TSCA CBI Security Manual
Standard Form 86
Revised December 1990
U.S.Otfice of Personnel Management
FPM Chapter 732
Appendix 3
Form approved:
O.M.B. No. 3206-0007
NSN 7540-00-634-4036
86-110
Questionnaire for Sensitive Positions
Read this information carefully. Follow the instructions fully or we cannot process your form.
Why do we need the information you will give us and how
will we use it?
The U.S. Government has conducted background investigations
for over 50 years. It does this to establish that applicants for or
incumbents in sensitive positions, either employed by the Gov-
ernment or working for the Government under contract, are
eligible for a required security clearance or for performing
sensitive duties. We use the information from this form
primarily as the basis for an investigation that will be used to
determine your eligibility for a national security position.
The information you give us is for Official Use Only; we will
protect it from unauthorized disclosure. Authorized disclosures
include the Privacy Act Routine Uses shown on this form. The
information you provide in response to question 25a on use of
illegal drugs will not be provided for use in any criminal pro-
ceedings against you.
Giving us the information we ask for is voluntary. However, we
may not be able to complete your investigation, or complete it in
a timely manner, if you don't give us each item of information we
request This may affect your placement or clearance prospects.
What authority do we have to ask you for the information
requested on this form?
The U.S. Government is authorized to ask for this information
under Executive Order 10450; section 2165 of title 42, U.S. Code;
parts 5,732. and 736 of Title 5, Code of Federal Regulations, and
other statutes authorizing background investigations. We ask for
your Social Security number to keep our records accurate,
because other people may have the same name and birth date.
Executive Order 9397 also asks Federal agencies to use this
number to help identify individuals in agency records.
What is the investigative process?
Background investigations for national security are conducted to
develop information to show whether or not a person is reliable,
trustworthy, of good conduct and character, and loyal to the
United States. - The information you provide on this form,
including any specific agency instructions of Question 14c., and
any other special instructions, is confirmed by investigation.
Your current employer must be contacted, even if you indicated
on your SF 171, or other form, that you do not want the present
employer contacted. In addition to the questions on this form,
inquiry also is made about a person's adherence to security
requirements, mental or health disorders, dishonest conduct,
sexual misconduct, vulnerability to blackmail or coercion,
falsification, misrepresentation and any other behavior, activities,
or associations that tend to show the person is not reliable,
trustworthy, or loyal.
An interview with you is a normal part of the investigative
process. This Personal Subject Interview is generally the first
step in the investigation, and is conducted under oath, affir-
mation, or unsworn declaration. It provides you the opportunity
to update, clarify, and explain more completely information on
your form, which often helps to complete your investigation fast-
er.
If your investigation requires a Personal Subject Interview, you
will be contacted in advance by telephone or mail to arrange a
time and location for the interview. It is important that the
interview be conducted as soon as possible after you are con-
tacted. Postponements will delay the processing of your inves-
tigation. Declining an interview may result in your investigation
being delayed or canceled.
You will be asked to bring identification with your picture on it,
such as a valid State driver's license, to the interview. There are
other documents you may be asked to bring to verify your
identity as well. These include: documentation of any legal name
change; Social Security card; and/or birth certificate.
Documents that verify any significant claims or activities may
also be requested, for example: alien registration; naturalization
certificate; originals or certified copies of college transcripts or
degrees; high school diploma; professional licenses) or
certificates); military discharge certificate^) (DD Form 214);
marriage certificate(s); passport; and/or business license(s). You
also may be asked to bring documents that pertain to
information provided in your answers to questions on the form
or other matters requiring specific attention. These matters
include: termination or discharge from employment; delinquent
loans or taxes, bankruptcy, judgments, liens, or other financial
obligations; and arrests, convictions, probation and/or parole.
Who makes a final determination?
Final determination on your eligibility for a national security
position and your being granted a clearance is the responsibility
of the OPM or the Federal agency that requested your
investigation. You may be provided the opportunity to personally
explain, refute, or clarify any information before a final decision
is made.
How is this form organized?
This form has two parts. Part 1 asks for background
information, including where you have lived, gone to school, and
worked. Part 2 asks about your activities and such matters as
firings from a job, criminal history record, use of illegal drugs and
alcohol consumption. In answering Part 2, you should keep in
mind that your answers to questions are considered togethei
with the information obtained in the investigation to reach an
appropriate adjudication for a sensitive position.
What are the penalties for inaccurate or false statements^
The U.S. Criminal Code provides that knowingly falsifying 01
concealing a material fact is a felony which may result in fines
of up to $10,000, or 5 years imprisonment, or both. In addition
Federal agencies generally fire, do not grant clearance, 01
disqualify individuals who have materially and deliberately falsi
fied these forms, and this remains a part of our permanerv
record for future placements. Because the position for which yoi
are being considered is a sensitive one, your trustworthiness i!
a very important consideration in deciding your eligibility foi
security clearance. Your prospects of placement or clearance an
better if you answer all questions truthfully and completely. Ii
the course of an interview with a Federal official you will have
-------�
TSCA CBI Security Manual
adequate opportunity to explain any information you give us on
the form and make your comments part of the record.
How is the SF 171 used with this form?
For competitive civil service positions, a copy of the Application
for Federal Employment (SF 171), or a form provided to you, will
be attached to the SF 86. For certain other and contractor
positions, the SF 171 is not required. You will be advised by the
office assisting you.
How is this form filled out?
1. Follow the instructions of the person who gave you the form
and any other supplementary information furnished by that
person to assist you in completion of the form. Find out how
many copies of the form you are to turn in. You must sign and
date, in ink, the original and each copy you submit
2. You will need a continuation sheetfs), SF 86A, if in the last 15
years you have lived in more than 6 residences, attended more
than 3 schools, or had more than 7 employments/self-employ-
ments/unemployments.
If additional space is needed, use a blank piece of paper. Each
blank piece of paper you use must contain your name and Social
Security number at the top of the page.
3. Type or legibly print your answers.
form if it is not legible.
7700
1/93
We cannot accept your
4. You must use the State codes (abbreviations) listed in the box
below when you fill out your form.
5. The 5-digit postal ZIP codes are needed to speed the processing
of your investigation. The office that provided you with the form
will assist you in completing the ZIP codes.
6. Whenever "City (Country)" is shown in an address block, also
provide in that block the name of the country when the address
is outside the United States.
7. When providing dates, you may use numbers 1-12 to indicate
months if you don't believe you have enough space to write the
month; and for the same reason, for year you may show the last
two numbers in the year. For example, June 8,1967, could be
shown as 6/8/67, or January 1984 could be shown as 1/84.
If you have any questions, call the office that gave you the form.
Be sure to sign and date the certification statement on page 9
and complete the release on page 10. Any forms that are not
completed according to these instructions will be returned. This
will delay the processing of your case.
Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
Delaware
Florida
Georgia
American Samoa
Trust Territory
AL
AK
AZ
AR
CA
CO
CT
DE
FL
GA
AS
TT
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana
Maine
Maryland
Ost. of Columbia
Virgin Islands
HI
ID
IL
IN
IA
KS
KY
LA
ME
MD
DC
VI
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
Guam
MA
Ml
MN
MS
MO
MT
NE
NV
NH
NJ
GU
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
Northern Marianas
NM
NY
NC
ND
OH
OK
OR
PA
Rl
SC
CM
South Dakota
Tennessee
Texas
Utah
Vermont
Virginia
Washington
Wisconsin
West Virginia
Wyoming
Puerto Rico
SD
TN
TX
UT
VT
VA
WA
Wl
WV
WY
PR
PRIVACY ACT ROUTINE USES
This record and ntormaDon in iris record may be used in disclosing intormaaon:
• To designated officers and employees of agencies, offices, and other establishments
in the executive, legislative, and judkaal branches of (he Federal Government having a
need to evaluate qualifications, auitabiity, and loyalty to the United States Government
and/or a security clearance or access determination;
- To designated officers and employees of agencies, offices, and other estabishments
in the executive, legislative, and judicial branches of the Federal Government, and the
Ostnct of Columbia Government, when such agency, office, or establishment conducts
an investigation of the individual for purposes of granting a security clearance, or for the
purpose of making a determination of qualifications, suitability, or loyalty to the Unfed
States Government, or access to classified information or restricted areas;
- To designated officers and employees of agencies, offices, and other establishments
in the executive, judicial, or legislative branches of the Federal Government, having the
responsibility ID grant clearances, to make a determination regarding access to classified
information or restricted areas, or to evaluate qualifications, suitability, or loyalty to the
United Stales Government, in connection with performance of a service to the Federal
Government under a contract or other agreement;
• To mtaligenoe agencies for use in intelligence activities-,
- To any source from which information is requested m the course of an investigation,
to the extent necessary to identify the individual, inform the source of the nature and
purpose of the investigation, and t> identify the type of information requested;
• To the Federal, State, or local agency responsible for investigating, prosecuting,
enforcing, or mptementmg a statute, rule, regulation, or order where
there is an indication of a viotanon or potential violation of civil or criminal law or
regulation;
- To an agency, office, or other establishment in the executive, legislative, or
judicial branches of the Federal Government or the District of Columbia Government
in response to its request m comecDon with the hmng or retention of an employee,
the issuance of a security clearance, the conducting of a security or suitatxity
investigation of an individual, the classifying of jobs, the letting of a contract or the
issuance of a license, grant or other benefit by the requesting agency;
- To Federal agencies as a data source for management information through the
production of summary descriptive statistics and analytical studies in support of the
functions for which the records are maintained or for related studies,
• To a congressional office in response to an inquiry made at the request of that
individual;
- In Iragatxxi before a court or m an administrative proceeding being conducted by
a Federal agency;
• To the National Archives and Records Administration for records management
inspections;
- To the Office of Management and Budget in connection with private relief
legislation;
- To respond to a request for discovery or for appearance of a witness; and
- To the Merit Systems Protection Board, the Office of Special Counsel, the Equal
Employment Opportunity Commission, or the Federal Labor Relations Authority, n
connection with functions vested in those agencies
Public Burden Information
Public burden reporting tor this cotectfon of information is estimated to vary from 30 minutes t> 180 mnuBBS per response, including time for reviewing instructions, searching
existing data sources, gathenng and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding the burden estimate or
any other aspect of this collection of information, deluding suggestions for reducing this burden to Reports and Forms Management Officer, U.S. Office of Personnel Management
1900 E Street, N.W., Room 6410, Washnolon, D.C. 20415; and to the Office of Management and Budget, Paperwork Reduction Propel (3206-0007), Washington. D.C. 20508.
Do not send your compteled form k> the addresses in this box.
-------�
TSCA
CBI Security Manual
Standard Form 86
Revised December 1 990
U.S.Office of Personnel Management
FPM Chapter 732
Part
••BBBBBBI npu
EL^B USE
• •^•V ONLY
QUESTIONNAIRE FOR
SENSITIVE POSITIONS
(For National Security)
CodM Caw Numtor
I I
7700
1/93
Form approved:
O.M.B. No. 3206-0007
NSN 7540-00-634-4036
86-110
Agency Use Only (Complete items A through P using instructions in FPM Supplement 296-33)
A Type of .
Investigation |
G Geographic
Location
J
SON
L
SOI
I I
B Extra
Coverage
I I I I I
i i i
i
i i
I I
I I I
I
I I
H Position
Code
K Location of Offi- |
cial Personnel
Folder
M Location
of Security
Folder
N OPAC-ALC ,
Number
| i
I I
(
I I
~~
None
NPRC
At SON
None
At SOI
NPI
J Accounting
i
C Sensitiv ty . D Access IE Nature of , F D
Level I | | Action Code | I I A
ate of Month Day Year
ctoon | | |
I Position
Title
Other Address
Other Address
ZIP Code
I I I
ZIP Code
I I I
Data and/or.
Agency Case Number I
P Requesting Name and Title
Official
Signature
Telephone Number FTS ( ) pate
Persons completing this form should begin with the questions below. Please type or print your answers.
1 FULL
NAME
> If you have only initials in your name, use them and State (IO).
1 If you have no middle name, enter "NMN."
• If you are a "Jr.," "Sr.," "II," etc , enter this in the box after
your middle name.
2 DATE OF
BIRTH
Last Name
3 PLACE OF BIRTH
City
First Name
• Use the two letter code for the State.
County
rie Name Jr.. II. etc. Month Day Year
1 1 1 1 i
State Country (if not in tine United States!
i 1 1
4 SOCIAL SECURITY NUMBER
If -| | |.| 1 1 1
5 OTHER NAMES USED
Give other names you used and the period of time you used them (for example: your maiden name, namefs] by a former marriage, former namefs], aliasfes], or nicknamefs]). If
the other name is your maiden ram*, put "DM" in front of it.
Name
Name
6 OTHER
IDENTIFYING
INFORMATION
7 TELEPHONE
NUMBERS
8 CITIZENSHIP
Month/Year Month/Year
To
Month/Year Month/Year
To
Height (feet and inches) Weight (pounds) H<
Work (include Area Code and extension)
( )Day
( ) Night ( )
3 Mark the box at the right that |
instructions next to the box you
marked. '
Name
Name
)ir Color
Home (indue
( (Night
am a U.S. citizen by birth in the U.S.
am a U.S. citizen, but 1 was NOT born in the U.S.
am not a U.S. citizen.
Eye Color
le Area Code)
( )
Answer Items b and d b >
Answer Items b, c, and d
Answer Items b snd »
Month/Year Month/Year
To
Month/Year Month/Year
To
Sex (mark one box)
| [Female [ JMale
four Mother's Maiden Name
C UNITED STATES CITIZENSHIP If you are a U.S. Citizen, but were not born in the U S., provide information about one or more of the following proofs of your citizenship.
Naturalization Csrtificsts (When wen you naturalized?)
Court
City
State Certificate Number
| | I I I I I I I I I
Month/Day/Year Issued
Citizenship Certificate (Whtn tm the cwt//fc«te issued?)
City
State Certificate Number Month/Day/Year Issued
I I I I I I I I I I I I I
Stats Department Form 240 - Report ot Birth Abroad of • Citizen of tha United States
Give the date the form was
prepared and give an
explanation if needed.
Month/Day/Year
Explanation
U.S. Passport
TNs may be either a current or previous U.S. Passport.
(J DUAL CITIZENSHIP If you are (or were) a dual citizen of the United States and another
country, provide the name of that country in the space to the right.
Passport Number
1 1 1 I 1 1 1 1 1
Month/Day/Year Issued
Country
9 ALIEN If you are an alien, provide the following information:
Place You
Entered the
United States:
City
State
1
Date Y
Month
1
ou Ente
Day
1
edUS
Year
1
Alien Registration Number
1 1 1 1 1 1 1 1 1
Country of Citizenship
Pagel
-------�
TSCA CBI Security Manual
9 WHERE YOU HAVE LIVED
Fill In your full address for every place you have lived beginning with the present (#1) and working backward 15 years.
• If you attended school away from your permanent residence, list the address you lived at while attending school.
• For any address in the past 3 years:
- List a person who knew you at that address, preferably someone who still lives in that area.
- If address listed is "General Delivery," a Rural Route, or Star Route, provide directions for locating the residence on an attached
continuation sheet, and show the block #.
7700
' 1/93
•j 0 WHERE YOU WENT TO SCHOOL
Fill in information about schools you have attended, beyond Junior High School, beginning with the most recent (#1) and working
backward 15 years. Also list College or University degrees received beyond 15 years.
• For schools you attended in the past 3 years, list a person who knew you at school (such as an instructor or a student).
• For correspondence schools and extension classes, list records location address.
• In the "Code" block, use one of these codes: 1 - High School 2 - College/University 3 - Vocational/Trade School
^ Month/Year Month/Year
Present To
Street Address Apt #
Name of Person Who Knows You
Month/Year Month/Year
*2
To
City (Country)
Street Address Apt. # City (Country)
Street Address Apt #
Name of Person Who Knows You
Month/Year Month/Year
#3
To
State
I
ZIP Code
I I I I
City (Country)
Street Address Apt # City (Country)
Street Address Apt. #
Name of Person Who Knows You
Month/Year Month/Year
#4
To
State
I
ZIP Code
I I I I
City (Country)
Street Address Apt # City (Country)
Street Address Apt #
Name of Person Who Knows You
Month/Year Month/Year
#5
To
State
I
ZIP Code
I I I I
City (Country)
Street Address Apt # City (Country)
Street Address Apt #
Name of Person Who Knows You
Month/Year Month/Year
#6
To
State
I
ZIP Code
I I I I
City (Country)
Street Address Ap! * City (Country)
Street Address Apt #
Name of Person Who Knows You
State
I
ZIP Code
I i I I
City (Country)
Street Address Apt # City (Country)
State
I
ZIP Code
I I I I
State
I
ZIP Code
I I I I
Telephone Number
( )
State
I
ZIP Code
I I I I
Telephone Number
( )
State
I
ZIP Code
I I I I
Telephone Number
( )
State
I
ZIP Code
I I I I
Telephone Number
( )
State
I
ZIP Code
I I I I
Telephone Number
( )
State
I
ZIP Code
I I I I
Telephone Number
( )
Month/Year Month/Year
#1
To
Code
Name of School
Degree/Diploma/Other (show eacn degree
and date received if Code 2)
Street Address and City (Country) of School
Name of Person Who Knew You
Month/Year Month/Year
#2
To
Code
Street Address and City (Country) State
I
Name of School
ZIP Code
I I I I
State
I
Month/Year
ZIP Code
1 1 1 1
Telephone Number
( )
Degree/Diploma/Other (show each degree
and date received if Code 2)
Street Address and City (Country) of School
Name of Person Who Knew You
Month/Year Month/Year
#3
To
Code
Street Address and City (Country) State
I
Name of School
ZIP Code
I I I I
State
I
Month/Year
ZIP Code
till
Telephone h1 "nber
( )
Degree/Diploma/Other (show each degree
and date received it Code 2)
Street Address and City (Country) of School
Name of Person Who Knew You
Street Address and City (Country) State
I
ZIP Code
I I I I
Enter your Social Security Number before going to the next page ->
State
1
Month/Year
ZIP Code
1 1 1 1
Telephone Number
( )
1 1 l-l 1 l-l 1 1 1 1
Page 2
-------�
TSCA CBI Security Manual
7700
1/93
11 YOUR EMPLOYMENT ACTIVITIES
Fill in your employment activities, beginning with the present (#1) and working backward 15 years. INCLUDE:
• all full-time work • all paid work • self-employment
• all part-time work • active military duty • all periods of unemployment
IN THE NUMBERED ACTIVITY SECTION USE ONE OF THESE CODES IN THE CODE BLOCK:
1 - Active military duty stations £ - State Government (Non-
2 - National Guard/Reserve Federal) employment
3 - U.S.P.H.S. Commissioned Corps 6 • Self-employment (Enter
4 - Other Federal employment business name and/or name
of person who can verify)
7 - Unemployment (Enter name
of person who can verify)
8 - Federal Contractor (list Con-
tractor, not Federal agency)
9 - Other
FOR EACH ACTIVITY SECTION, provide information requested. For example, if you had worked at XY Plumbing in Denver, CO, for 3
separate periods of time, you would enter dates and information concerning the most recent period of employment first, and provide dates,
position titles, and supervisors for the two previous periods of employment in the appropriate blocks below that information. (For locations
outside the U.S , show aty and country)
^ Month/Year Month/Year
Present To
Employer's/Verifier's Street Address
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Tide
State
I
State
t
State
1
ZIP Code
lilt
ZIP Code
i 1 I 1
ZIP Code
1 1 I I
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year Your Position Tide & Supervisor's Name
To
Month/Year Month/Year Your Position Title & Supervisor's Name
To
To
To
#2
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Vender
Your Position Title
Employer's/Verifier's Street Address
City (Country)
State
ZIP Code
Telephone Number
Street Address of JobTocation (rTdiTferent than Employer's Address)
City (Country)
State
ZIP Code
I I I I
Telephone Number
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
ZIP Code
Telephone Number
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
#3
To
Employer's/Verifier's Street Address
Code^
Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name
Employer's Name/Military Service/Unemployment or Self-Employment Venfier
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
, 1
State
1
ZIP Code
1 1 1 1
ZIP Code
i I 1 t
ZIP Code
1 1 I t
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name
Enter your Social Security Number before going to the next page
Page 3
-------�
TSCA CBI Security
Manual
7700
YOUR EMPLOYMENT ACTIVITIES (Continued)
Month^earMonth/Year
#4
To
Employer's/Verifier's Street Ad
Code
dress
Employer's N3 Tie/Military Sendee/Unemployment or "Self-Employment verifier
Street Address of Job Location (if different than Employer's 4odross!
Supervisor's Name & Street Address (if different (ban job Location)
Your Position Title
City (Country) Staie
j [
City (Country,
City ,Cour ry/
ZIP Code
III!
$ a, • Zi-1 Code
: i I I 1 I
"Slav "
7IP Code
III!
Telephone Number
Te!ophone Number
Teleohone Number
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION ShEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position
Month/Year Month/Year
#5
To
Employer's/Verifier's Street Ad
Code
dress
Title & Supervisor's Name MonrtvYear Month'Yea' Your Posit on Title & Supervisor's Name
To
To
Employer's Name/Military Service/Unemployment or Self-Employment Vender
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
PREVIOUS PERIODS OF
Month/Year Month/Year
To
To
THE SAME ACTIVITY AND LOCATION - IF CONTINUA I
Your Position
Month/Year Month/Year
#6
To
Employer's/Verifier's Street Ad
Code
dress
City (Country)
City (Country)
City (Country)
Your Fos.ion Title
State
State
State
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
ZIP Code
i i : i
Telephone Number
Telephone Number
Telephone Number
ION SHEET IS USED, SHOW BLOCK *
Tide & Supervisor's Name Month/Year Month/Year Your Position Title & Supervisor's Name
To
To
Employer's Name/Military Service/Unemployment or Self-Employmentvenier^^^
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name S Street Address (if d fferent than Job Location)
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION • IF CONTINUA1
Month/Year Month/Year
To
To
Your Position
Month/Year Month/Year
#7
TO
Employer's/Verifier's Street Ad
Code
dress
City (Country)
City (Country)
City (Country)
Your Position Tide
State
1
State
1
State
t
ZIP Code
1111
ZIP Code
ill!
ZIP Code
1 1 1 1
Telephone Number
Telephone Number
Telephone Number
ION SHEET IS USED, SHOW BLOCK *
Title & Supervisor's Name Month/Year Month/Year Your Position Tide & Supervisor's Name
To
To
Employer's Name/Military Service/Unemployment or Self-Employment Vender
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
PREVIOUS PERIODS OF
THE SAME ACTIVITY AND LOCATION - IF CONTINUA1
City (Country)
City (Country)
City (Country)
Your Position Tide
'State
1
State
1
State
1
ZIP Code
i 1 1 i
ZIP Code
ill!
ZIP Code
ill!
Telephone Number
Telephone Number
Telephone Number
ION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year (Month/Year
To
To
Enter your Social Security Number before going to the next page
Your Position Tide & Supervisor's Name
-* 1 1 l-l 1 l-l 1 . 1
Page 4
-------�
TSCA CBI Security Manual
7700
1/93
12 PEOPLE WHO KNOW YOU WELL
List two people who know you well and live in the United States.
• Don't list spouse, other relatives, or former spouses.
• Try not to list anyone mentioned in item 9,10, or 11.
#1
Name
Home Address
#2
Number Years Known
City (Country)
Name
Home Address
Number Years Known
City (Country)
Telephone Number:
( )
D.y< ).rNl8M( )
State
I
ZIP Code
I I f I
Telephone Number:
( )
D.y( ) or Night ( )
State
I
ZIP Code
ill!
13 YOUR OUTSIDE ACTIVITIES
List any activities which you may wish to have considered as reflecting favorably on your reputation for leadership, responsibility, honesty,
and integrity in the last 15 years. (Response Optional)
#1
#2
#3
14
Month/Year Month/Year
To
To
To
Activity
YOUR FOREIGN ACTIVITIES
a. Do you have any foreign property,
b.
c.
Location of Activity
City (Country)
business connections, or financial interests?
Are you now or have you ever been employed by or acted as a consultant for a foreign government, firm, or agency?
In the last 15 years, have you had
instructing you to fill out this form?
a list of countries.)
continuing contact with a national of any foreign country designated by the agency
(NOTE: If the agency wants you to answer this question, it will provide you with
Yes
State
I
I
I
No
If you answered "Yes" to a, b, or c, explain in the space below:
15 FOREIGN COUNTRIES YOU HAVE VISITED
List foreign countries you have visited, beginning with the most current (#1) and working backward 15 years.
• Do not include countries covered in items 9,10, and 11.
• In the "Code" block, use one of these codes: 1 - Business 2 - Pleasure 3 - Education 4 - Other
Month/Year Month/Year
f1 To
#2 To
Code
1 6 YOUR MILITARY HISTO
3. Have you served i
Have you served i
• If your answer 1
• If your answer t
Country
HY
n the United States military9
Month/Year Month/Year
#3 To
#4 To
Code
Country
n the United States Merchant Marine? ...
o both questions is ".No/ GO TO QUESTION 17.
o either question is "Yes," GO TO b.
Yes
No
b. Starting with the most current (#1) and working backward, enter information for all periods of active service into the table below.
• Mark "O" block for Officer or "E" block for Enlisted.
• In the "Code" block, use one of these codes:
1 - Air Force 2 - Army 3 - Navy 4 - Marine Corps 5 - Coast Guard 6 - Merchant Marine 7 - National Guard
Month/Year Month/Year
#1 To
#2 To
#3 To
#4 To
Code
Service/Certificate #
O
E
Status (Mark "X* in appropriate blocks - use State Code for National Guard)
None
Active Duty
Active Reserve
National Guard
(show State)
I
I
I
I
Enter your Social Security Number before going to the next page •*
Inactive
Reserve
I I l-l I
Retired
I- I I I
Pages
-------�
TSCA CBI Security Manual
7700
1/93
17 YOUR RELATIVES
Give full names and enter the correct code for all relatives, living or dead, specified below:
1 - Mother (first) 4 - Stepfather 7 - Stepchild 10 - Stepbrother 13 - Half-sister
2 - Father (second) 5 • Foster parent 8 - Brother 11 - Stepsister 14 - Father-in-law
3 - Stepmother 6 - Child (adopted a/so) 9 - Sister 12 - Half-brother 15 - Mother-in-law
16 - Guardian
Full Nam* (II dtctfafd, check box on the left
btfon tntfting ntrra)
LJ
LJ
LJ
LJ
LJ
LJ
LJ
LJ
LJ
LJ
Cod*
1
2
ftaaigftatHfg^afi: •
Kit* oTBirth
Month/Day/Year
SBcraenuaanBisrans
Country of Birth
Country ot
Citizenship
Current Street Address and City
(country) of Living Relatives
State
I
I
I
I
I
I
I
I
I
I
18
YOUR MARITAL STATUS
Mark one of the following boxes to show
R1 - Never married (go to question 19)
2 • Married
your current marital status:
R3 - Separated P"] 5 - Divorced
4 - Legally Separated 6 - Widowed
Current Spouse Complete the following about your current spouse
Full Name
Date of Birth
Place of Birth /Include country if outside the U S,l Social Security Number
II -| I -| I I I
Other Names Used (Specify marten name, names byolrier marriages, etc., and show dates useoror eacfjnamej
Country of Citizenship
If Separated, Date of Separation (MoJDay/Yr.)
Date Married
Place Married (Include country it outside the U S.)
If Legally Separated, Where is the Record Located' City (Country)
Address of Current Spouse (Street, city, and country if outside the U S.)
State
I
ZIP Code
I I
State
I
State
I
I
Former Spouses) Complete the following about your former spouse(s), use blank sheets if needed
Full Name
Country of Citizenship
Check One, Then Give Date
PI Divorced |~~| Widowed
Oate oT Birth
"T5aTe~M"aTne
-------�
TSCA CBI Security Manual
Standard Form 86
Revised December 1990
U.S.Office of Personnel Management
FPM Chapter 732
7700
1/93
QUESTlOh^AiFit i-OK
SLNsr-j.vt rcjsrnON^
(For National Security)
Torrn apc'oveo
O M B No T206-0007
N5N 7-xM,-
86-110
Part 2
20 YOUR SELECTIVE SERVICE RECORD
3. Are you a male born after December 31 , 1959? If "No," 90 to 21. If "Yes," go to b.
j; teyisi.-di.of: number, if "No," show the
b. Have you registered with the Selective Service System?
reason for your legal exemption below.
"Yes," (jrovidu
Yes
No
Registration Number
Legal Exemption Explanation
21 YOUR MIUTARY RECORD
a. Have you ever received other than an honorable discharge from the military? If "Yes," provide:
Date of Discharge (Month and Year): Type of Discharge:
b. Have you ever been subject to court-martial or other disciplinary proceedings under the Uniform Code of Military Justice?
If "Yes," list any disciplinary proceedings in the last 15 years and all courts-martial. (Include non-judicial and Captain's
mast, etc.)
Month/Year
Charge or Specification / Action Taken
Place (City and county/country if outside the United States)
State
I
I
22 YOUR EMPLOYMENT RECORD
Has any of the following happened to you in the last 15 years? If "Yes," begin with the most recent occurrence and go
backward, providing date fired, quit, or left, and other information requested.
Use the following codes and explain the reason your employment was ended:
1 - Fired from a job 3 - Left a job by mutual agreement following allegations of misconduct 5 - Left a job for other reasons
2 - Quit a job after being told 4 - Left a job by mutual agreement following allegations of under unfavorable circumstances
you'd be fired unsatisfactory performance
Month/Year
Code
Specify Reason
Employer's Name and Address
State
I
I
23 YOUR POLICE RECORD (Do not include anything that happened before your 16th birthday.)
3. Have you ever been charged with or convicted of any felony offense?
b. Have you ever been charged with or convicted of a firearms or explosives offense?
C. Are there currently any charges pending against you for any criminal offense?
d. Have you ever been charged with or convicted of any offense(s) related to alcohol or drugs?
6. In the last 5 years, have you been arrested for, charged with, or convicted for any offense(s) not listed in response to a, b,
c, or d above? (Leave out traffic fines of less than $100.)
ZIP Code
I I I I
I I I I
Yes
No
If you answered "Yes" to a, b, c, d, or e above, explain your answer(s) in the space provided.
Month/Year
Offense
Action Taken
Law Enforcement Authority or Court (City and county/country il outside the U.S.)
State
I
I
24 YOUR MEDICAL RECORD
3. Have you experienced problems on or off the job because of any emotional or mental condition?
b. Have you ever seen a health care professional for any of the types of problems mentioned above?
ZIP Code
I I I I
I I I I
Yes
No
If you answered "Yes" to questions a or b, explain below.
Month/Year Month/Year
To
To
Explanation
Enter your Social Security Number before going to the next page -> ( ( - 1 i | - 1 i i i
Page?
-------�
TSCA CBI Security Manual
7700
1/93
25 ILLEGAL DRUGS AND ALCOHOL
a. In the last 5 years, have you used, possessed, supplied, or manufactured any illegal drugs? When used without a
prescription, illegal drugs include marijuana, cocaine, hashish, narcotics (opium, morphine, codeine, heroin, etc.), stimulants
(cocaine, amphetamines, etc.), depressants (barbiturates, methaqualone, tranquillizers, etc.), hallucinogenics (LSD, PCP,
etc.). (NOTE: The information you provide in response to this question will not be provided tor use in any criminal
proceedings against you.)
b.
Have you experienced problems (disciplinary actions, evictions, formal complaints, etc.) on or off a job from your use of
illegal drugs or alcohol?
If you answered "Yes" to question a or b above, provide information relating to the types of substance(s), the nature of the activity, and
any other details relating to your involvement with illegal drugs or alcohol. Include any treatment or counseling received.
Yes
No
Month/Year Month/Year
To
To
To
Type of Substance
Explanation
26 YOUR INVESTIGATIONS RECORD
a. Has the United States Government ever investigated your background? If "Yes," use the codes that follow to provide the
requested information below. If "Yes," but you can't recall the investigating agency and/or the security clearance received,
enter "Other" agency code or clearance code, as appropriate, and "Don't know" or "Don't recall" under the "Other
Agency" heading, below. If your response is "No," or you don't know or can't recall if you were investigated and cleared,
check the "No" box.
Yes
No
Codes tor Investigating Agency
1 - Defense Department 4 - FBI
2 - State Department 5 - Treasury Department
3 - Office of Personnel Management 6 - Other (Specify)
Month/Year
Agency
Code
Codes for Security Clearance Received
0 - Not Required 3 - Top Secret 6 - O-Nonsensitive
1 - Confidential 4 - Sensitive Compartmented Information 7 - L
2 - Secret 5 - Q-Sensitive 8 - Other
Other Agency
Clearance
Code
Month/Year
Agency
Code
Other Agency
b. To your knowledge, have you ever had a clearance or access authorization denied, suspended, or revoked, or have you
ever been debarred from government employment? If "Yes," give date of action and agency.
Month/Year
Department or Agency Taking Action
Month/Year
Clearance
Code
Yes
Department or Agency Taking Action
No
27 YOUR FINANCIAL RECORD
a. In the last 5 years, have you, or a company over which you exercised some control, filed for bankruptcy, been declared
bankrupt, been subject to a tax lien, or had legal judgment rendered against you for a debt? If you answered "Yes,"
provide date of initial action and other information requested below.
Month/Year
Type of Action
Name Action Occurred Under
Name/Address of Court or Agency Handling Case
State
I
I
Yes
No
ZIP Code
I I I
I
I I I I
Are you now over 180 days delinquent on any loan or financial obligation? Include loans or obligations funded or
guaranteed by the Federal Government. (If an SF 171, Application for Federal Employment, will be attached, you do
not need to repeat Federal Government delinquencies. See the instructions headed, "How is the SF 171 used with
this form?")
If you answered "Yes," provide the information requested below:
Yes
No
Month/Year
Type of Loan or Obligation
and Account f
Name/Address of Creditor or Obligee
Enter your Social Security Number before going to the next page
State
I
ZIP Code
I I I I
I I I
Pages
i i l-l i l-l i i i I
-------�
TSCA CBI Security Manual
7700
1/93
28 YOUR ASSOCIATION RECORD
a. In the last 15 years, have you been an officer or a member or made a contribution to an organization dedicated to the
violent overthrow of the United States Government and which engages in illegal activities to that end, knowing that the
organization engages in such activities with the specific intent to further such activities?
b. In the last 15 years, have you knowingly engaged in any acts or activities designed to overthrow the United States
Government by force? If you answered "Yes" to a or b, explain in the space below:
Yes
No
Continuation Space •
Use the continuation sheet(s) (SF86A) for additional answers to questions 9, 10, and 11. Use the space below to continue answers to all other
questions and any information you would like to add. If more space is needed than what is provided below, use a blank sheet(s) of paper. Start
each sheet with your name and Social Security Number. Before each answer, identify the number of the question.
After completing Parts 1 and 2 of this form and any attachments, you should review your answers to all questions to make sure the form is
complete and accurate, and then sign and date the following certification and sign and date the release on page 10. If you attach an SF 171,
Application for Federal Employment, make sure that it is updated and that any information added to the SF 171 is initialed and dated.
Certification That My Answers Are True
I read each question asked of me and understood each question. My statements on this form, and any attachments to th ,
form, are true, complete, and correct to the best of my knowledge and belief and are made in good faith. I understand that
a knowing and willful false statement on this form can be punished by fine or imprisonment or both.
Signature (Sign In Ink)
Date
Enter your Social Security Number before going to the next page •* i i I - 1 I I - 1
P
I I I I
age 9
-------�
TSCA CBI Security Manual
Standard Form 86
Revised December 1890
U.S.Offlce of Personnel Management
FPM Chapter 732
7700
Form approtMd: 1/93
O.M.B. No. 3206-0007
NSN 7540-OOO4-4036
86-110
UNITED STATES OF AMERICA
AUTHORIZATION FOR RELEASE OF INFORMATION
Carefully read this authorization to release information about you, then sign and date it in ink.
I Authorize any investigator, special agent, or other duly accredited representative of the U.S.
Office of Personnel Management, the Federal Bureau of Investigation, the Department of Defense,
and any authorized Federal agency, to obtain any information relating to my activities from
schools, residential management agents, employers, criminal justice agencies, retail business
establishments, or other sources of information. This information may include, but is not limited
to, my academic, residential, achievement, performance, attendance, disciplinary, employment
history, and criminal history record information.
I Understand that, for financial or lending institutions, medical institutions, hospitals, health
care professionals, and other sources of information, a separate specific release will or may be
needed, and I may be contacted for such a release at a later date.
I Further Authorize the U.S. Office of Personnel Management, the Federal Bureau of
Investigation, the Department of Defense, and any other authorized agency, to request criminal
record information about me from criminal justice agencies for the purpose of determining my
eligibility for, assignment to, or retention in, a sensitive position, in accordance with 5 U.S.C. 9101.
I Authorize custodians of records and sources of information pertaining to me to release such
information upon request of the investigator, special agent, or other duly accredited representative
of any Federal agency authorized above regardless of any previous agreement to the contrary.
I Understand that the information released by records custodians and sources of information is
for official use by the Federal Government only for the purposes provided in this Standard Form
86, and may be redisclosed by the Government only as authorized by law.
Copies of this authorization that show my signature are as valid as the original release signed by
me. This authorization is valid for two (2) years from the date signed.
Slgrwtur* (Sign M Ink)
Full Nairn (Typ» or Print Lrgibly)
Other NamM UMd
Gun-wit AddreM (Strut, CHy)
Suit*
1
ZIP Code
1 1 1 1
Social Sm
1 1
Date Signed
:urtly Number
-1 i l-li i <
Horn* Tatophon* Number
(Indotb Ant Cod*)
( )
page 10
-------�
TSCA CBI Security Manual
Standard Form 86A
Revised December 1990
U.S.Offlce of Personnel Management
FPM Chapter 736
7700
CONTINUATION SHEET FOR QUESTIONNAIRES FO™ approved: l/93
SF 86, SF 85P, AND SF 85 O.M.B. NO 320^007
For use with the SF 86, Questionnaire for Sensitive Positions (for National Security); NSN 7540-01 -268-4828
SF 85P, Questionnaire for Public Trust Positions; 86-202
and SF 85, Questionnaire for Non-Sensitive Positions
INSTRUCTIONS: Use this form to continue your answers to "Where You Have Lived" and/or "Your Employment Activities " Follow the instructions on the form for the particular
questions you are answering and give information in the same sequence. Use as many continuation sheets as you need to furnish all the requested information.
Your Name
WHERE YOU HAVE LIVED (Continued)
Month/Year Month/Year
To
Street Address
Name of Person Who Knows You
Month/Year Month/Year
To
Your Social Security Number
Apt #
-1 1 l-l
1
City (Country)
Street Address Apt* City (Country)
Street Address
Name of Person Who Knew You
Month/Year Month/Year
To
Apt. #
State
1
3ity (Country)
Street Address Apt.ff City (Country)
Street Address
Name of Person Who Knew You
Month/Year Month/Year
To
Apt #
ZIP Code
1 1 1 1
State
1
ZIP Code
1 1 1 1
City (Country)
Street Address Apt # City (Country)
Street Address
Name of Person Who Knew You
Month/Year Month/Year
TO
Apt. #
State
1
ZIP Code
1 1 1 1
City (Country)
Street Address Apt.# City (Country)
Street Address
Name of Person Who Knew You
Apt. #
State
1
ZIP Code
1 1 1 1
City (Country)
Street Address Apt.# City (Country)
State
1
ZIP Code
1 1 1 1
State
1
Teleph
/
State
1
ZIP Code
1 1 1 1
one Number
ZIP Code
fill
Telephone Number
State
1
ZIP Code
1 1 1 1
Telephone Number
State
1
ZIP Code
1 1 1 1
Telephone Number
State
1
ZIP Code
1 1 1 1
Telephone Number
YOUR EMPLOYMENT ACTIVITIES (Continued)
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
1
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year Month/Year Code
TO
Employer's/Verifier's Street Address
Month/Year Month/Year
To
To
Your Pos tion Title & Supervisor's Name
Employer's Name/Military Service/Unemployment or Self-Employment Venfier
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
1
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
-------�
TSCA CBI Security Manual
7700
1/93
YOUR EMPLOYMENT ACTIVITIES (Continued)
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Vender
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
1
ZIP Code
1 1 ! 1
ZIP Code
1 1 i 1
ZIP Code
1 1 t 1
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
Month/Year Month/Year I Your Position Title & Supervisor's Name
Month/Year Month/Year Your Position Title & Supervisor's Name
To
To
To
To
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Your Position Title
Employer's/Verifier's Street Address
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
{Street Address of Job Location (if different than Employer's Address)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
(SREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
To
Month/Year Month/Year Code Employer's Name/Military Service/Unemployment or Self-Employment Veri
To
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUA1
Your Position Title & Supervisor's Name
ler
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
1
ZIP Code
1 1 1 1
ZIP Code
1 I 1 1
ZIP Code
1 1 1 1
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
ION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
Your Position Title & Supervisor's Name
To
To
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Your Position Title
Employer's/Verifier's Street Address
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
Street Address of Job Location (if different than Employer's Address)
City (Country)
State
I
ZIP Code
Telephone Number
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
ZIP Code
I I I I
Telephone Number
PREVIOUS PERIODS OF THE SAME ACTIVITY ANDTOCATION - IF CONTINUATION SHEET IS USED;SHOW BLOCK*
Month/Year Month/Year
Tp
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Enter your Social Security Number -* i i I - i - i i i |
Standard Form 86A (Back)
December 1990
-------�
TSCA CBI Security Manual Appendix 4
7700
1/93
APPLICANT
LEAVE BLANK
SIGNATURE Of PERSON FINGERPRINTED
RESIDENCE OF PERSON FINGERPRINTED
DATE SIGNATURE OF OFFICIAL TAKING FINGERPRINTS
EMPLOYER AND ADDRESS
REASON FINGERPRINTED
TYPE ®R PRINT ALL INFORMATION IN BLACK
LASTNAMI NAM
FIRST NAME
MKXX.ENAMI
' AKA
ARMED FORCES NO MNU
SOCIAL SECURITY NO SOC
MISCELLANEOUS NO MNU
i :ff.:.*.l, I
EF':. F-
Eft LEAVE BLANK
CLASS
HAIR
OATEOFURTH
QQB
'
PtACEOFURTH
POB
LEAVE BLANK
LEFT FOUR FINGERS TAKEN SIMULTANEOUSLY
RIGHT FOUR FINGfUS TAKEN SIMULTANEOUSLY
-------�
TSCA CBI Security Manual
I. LOOP
THE LINES BETWEEN CENTER OF
LOOP AND DELTA MUST SHOW
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON, D.C. 20537
APPLICANT
2. WHORL
THESE LINES RUNNING BETWfcN
DELTAS MUST 8E CLEAR
3. ARCH
ARCH"-' HAVE NO DELTAS
=0-ZSI(rT». IZZMZt
ro OBTAIN CLASSIFIABLE FINGERPRINTS
I USE BLACK PRINTER S INK
1 DISTRIBUTE INK EVENLY ON INKING SLAB
3 WASH AND DRY FINGERS THOROUGHLY
» ROLL FINGERS FROM NAIL TO NAIL AND AVOID ALLOWING FINGERS TO SLIP
5 BE SURE IMPRESSIONS ARE RECORDED IN CORRECT ORDER
6 IF AN AMPUTATION O= DEFORMITY MAKES IT IMPOSSIBLE TO PRINT A FINGER WAKi A NOTATION TO THAT EFFECT
IN THE INDIVIDUAL FlNOER BLOCK
^ IF SOME PHYSICAL CONDITION MAKES IT IMPOSSIBLE TO OBTAIN PERFECT IMP«5SIONS SUBMIT THE BEST THA' CAN BE
OBTAINED WITH A MEWO STAPLED TO THE CARD EXPLAINING THE CmC'jMST ANCES
8 EXAWNE THE COMPLETED PRINTS TO SEE IF THEY CAN Bl CLASSIFIED Sf ASIMOIN MINOIMAT MOST WNGWRINTS
FALL INTO THE PATTERNS SHOWN ON THIS CARD (OTHER PATTERNS OCCUR IN*REQUENTIY AND ARE NOT SHOWN HERE
THIS CARD FOR USE BY:
1 LAW ENFORCEMENT AGENCIES IN FINGERPRINTING APPLI
CANTS FOR LAW ENFORCEMENT POSITIONS •
2 OFFICIALS OF STATE AND LOCAL GOVERNMENTS FOR PUR
POSES OF EMPLO/MEN' LICENSING AND PERMITS AS AUTHOR
IZED BY STATE STATUTES AND APPROVED BY THE ATTORNEY
GENERAL OF THE UNi'EO STATES LOCAL AND COUNTY OR01
NANCES UNLESS S°Et 'iCAgY BASED JN APPLICABLE STATE
STATUTES DO NOT SATIS" fHIS REOU.KEVENT '
5 US GOvER^'AENt AGENCIES ANO OTHER ENTITIES REQUIRED
BY FEDERAL LAW "
4 OFFICIALS OF fECERAUY CHARTERED O« INSURED 8ANK
rNG INSTITUtigNS TO PROMOTE OR MAINTAIN TH{ SECURITY
OF THOSE INSTITUTIONS
INSTRUCTIONS:
•I PRINTS MUST FIRST BE CHECKED THROUGH THE APPRO
OPIATE STATE IDENTIF.CATION BUREAU AND ONLY THOSE FINGER
"RINTS FOR WHICH NO DISQUALIFYING RECORD HAS BEEN FOUND
LOCALLY SHOULD BE SUBM'TTEO FOK FBI SEARCH
1 PRIVACY ACT OF ">74 INT CARD TO
'HE FBI
i FBI NUMBER IF KNOWN SHOULD ALWAYS BE FURNISHED IN
THE APPHOPRiAtt SPACE
MISCELLANEOUS NO RECORD OTHER ARMED FORCES NO
PASSBORT NO !PP! ALIEN REGISTRATION NO A*l PORT SE
CUBITY CARD NO iPSi SELECTIVE SERVICE NO 'S5| VETERANS
ADMINISTRATION CLAIM NO (VA)
LEAVE TMS SPACE BLANK
-------�
TSCA CBI Security Manual
Appendix 5 7700
1/93
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON OC 20460
JAN 18 (901
SUBJECT: Request for Building Pass
FROM: Ann M. Linnertz,£Chief
Security and Property Management Branch
TO: Project Officers
Building passes are intended only to identify contractors
entering one of the EPA Headquarters buildings and are not intended
for contractors to use as identification to cash checks, enter
other government facilities, obtain airline tickets, rent vehicles
or obtain hotel reservations.
Building passes will be issued only to contractor employees
who work on-site for 24 hours or mor* a week. Management personnel
who periodically visit on-site personnel shall not be issued
Building Passes. Project Officers whose personnel are on-site less
than 24 hours a week must provide a memoranda- explaining the need
for a building pass.
Couriers shall not be issued building passes.
All information must be typed or neatly printed on the request
form. If the printed name of the Project Officer cannot be read,
the form will be returned without action.
The Pass and 10 Office is open from 8:30 an to 3:30 pm, Monday
through Friday and operates on a first come first serve basis.
Individuals requiring building passes should either bring the
Request for Building Pass with them or mail it to the Security
Office (PM-215). Forms will be maintained in a suspense file for
30 days after it is received and then returned to sender indicating
that no action was taken. If a request for a building pass is
handcarried by the applicant, it shall be valid only for 30 days
from the date it is signed by the Project Officer.
Questions should be addressed to the Security Management
Section at 382-6352.
-------�
TSCA CBI Security Manual
/ /uu
1/93
SUBJECT: Request for Building Pass
FROM:
Project Officer
TO: H. Brooks Haalin, Chief
Security Management Section
I request that the below listed personnel be issued a Building
Pass. The following data is furnished:
DATl OF BIMM •OQML/'MMWOMl
CONTRACT NUMBER: EXPIRATION DAT!
NORMAL HOUR* OF WORKI
SPECIAL ACCESS: After <:30 pm Weekend Holiday
LOCATIONS WSM CM-2 FAIRC1ILD CRYSTAL STATION
I understand as Project Officer, I am responsible for
retrieving the above building pass(es) should:
1. The individual(s) transfer or terminate and no longer
requires access.
2. The individual(s) need for access to EPA be changed to
less than 24-hours a week.
3. The) contract expires.
PROJECT OFFICER'S SIGNATURE TELEPHONE t MAIL CODE
PC'S ID NUMBER PO'S DIVISION DATS
-------�
TSCA CBI Security Manual
Appendix 6
7700
1/93
United States Environmental Protection Agency
Washington. D.C. 20460
Request for Approval of Contractor Access
to TSCA Confidential Business Information
Requesting Official
Signature
Date
Title and Office
Contractor and contract number (if modification)
I. Brief description of contract, including purposes, scope, length, and other important details. (Continue on the back of this form
if necessary)
II. What TSCA CBI will be required, and why? (Continue on back if necessary)
I. Will computer access to TSCA CBI be required by the contract? If so, explain why and to what extent on the back of this form.
If you approve this request, this office will initiate procedures to ensure compliance with the "TSCA-CBI Security Manual".
Approval of the Director, OPPT Information Management Division
Approved (Signature)
Date
EPA Form 7740-17 (Rev. 9-92). Replaces EPA Form 7710-15a, which is obsolete.
-------�
TSCA CBI Security Manual Appendix 7 770°
1/Q3
A CDA CONTRACTOR INFORMATION SHEET
OtnH CONTRACTOR TSCA CBI ACCESS/TRANSFER
1 . Contractor Name (list all subcontractors on separate contractor information sheets)
2. Contract
Number
3. Prime
Sub
4. Corporate Address 5. Site Address (where TSCA CBI will be stored)
6. List Previous Contract Number if renewal
7. EPA Project
Officer
8. EPA DOPO/WAM
9. EPA Task Mgr.
10. Contractor
Project Officer
1 1 . Contractor DCO
12. Contractor Alt.
DCO
a) Name
b) Soc. Sec. No.
c) Telephone
d) Address/Mail Code
13. Description of duties to be performed by contractor that require TSCA CBI access (use attachment if necessary):
14. By Section of TSCA, type(s) of data to be accessed:
15a. Will CBI be
transferred off EPA
site under contract?
(Y/N)
17. Desired Date for
access to commence
15b. If CBI will transferred to
a site other than listed in
item 5 above, list site.
18. Access desired until
what date?
1 6a. Has a contractor Security
Certification Statement been
approved by TSCA Security Staff?
(Y/N)
19. Contract Expiration Date
16b. TSCA Security Staff
Facility Inspection Date.
20. Is contract
renewable?
21 . EPA Project Officer Signature and Date
Please return this form with a copy of:
1. Statement of Work, 2. EPA form 7740-17, 3. CBI Clause from contract, and 4. Security Certification Statement
to: U.S. EPA, TSCA CBI Access Staff, TS-790, 401 M Street, SW, Washington, DC 20460
(202-260-1532)
EPA Form 7740-27 (10/92)
-------�
TSCA CBI Security Manual APPendix 8
PROPOSED LANGUAGE
DATA SECURITY For TSCA CONFIDENTIAL BUSINESS
INFORMATION (EP 52.235-120 November 1992)
The Contractor shall handle Toxic Substances Control Act
(TSCA) confidential business information in accordance with the
contract clause entitled "Treatment of Confidential Business
Information" and "Screening Business Information for Claims of
Confidentiality."
(a) The Contracting officer, after a written determination by
the appropriate program office, may disclose TSCA confidential
business information to the Contractor necessary to carry out the
work required under this contract. The Contractor shall protect
the TSCA confidential business information and confidential
business information used in its computer operations (once approved
by EPA) in accordance with the following requirements:
(1) The Contractor and Contractor's employees shall
follow the security procedures set forth in the TSCA Confidential
Business Information Security Manual. The manual may be obtained
from the Director, Information Management Division, Office of
Pollution Prevention and Toxics, Environmental Protection Agency,
401 M St., S.W., Washington, D. C. 20460. Prior to receipt of TSCA
CBI by the Contractor, the Contractor will submit a certification
statement to the Director of the EPA, Information Management
Division, with a copy to the Contracting Officer, certifying that
all employees who will be cleared for access to TSCA confidential
business information have been briefed on the handling, control and
security requirements set forth in the TSCA Confidential Business
Information Security Manual.
(2) The Contractor shall, upon request by the contracting
officer, permit access to and inspection of the Contractor's
facilities in use under this contract by representatives of EPA's
Assistant Administrator for Administration and Resources Manage-
ment, and the TSCA Security Staff in the Office of Pollution
Prevention and Toxics, or by the EPA project officer.
(3) The Contractor Document Control Officer (DCO) shall
obtain a signed copy of EPA Form 7740-6, " TSCA CBI Access Request,
Agreement, and Approval" from each of the Contractor's employees
who will have access to the information before the employee is
allowed access. In addition, the Contractor will obtain from each
employee who will be cleared for TSCA CBI access all information
required by EPA or the U. S. Office of Personnel Management for EPA
to conduct a Minimum Background Investigation (MBI).
-------�
TSCA CBI Security Manual 7700
1/93
(b) The Contractor agrees that these requirements concerning
protection of TSCA confidential business information are included
for the benefit of, and shall be enforceable by, both EPA and any
affected business having a proprietary interest in the information.
(c) The Contractor understands that confidential business
information obtained by EPA under TSCA may not be disclosed except
as authorized by the Act, and that any unauthorized disclosure by
the Contractor or the Contractor's employees may subject the
Contractor and the Contractor's employees to the criminal penalties
specified in TSCA {15 U.S.C. 2613(d)}. For purpose of this
contract, the only disclosures that EPA authorizes the Contractor
to make are those disclosures set forth in the clause entitled
"Treatment of Confidential Business Information."
(d) The Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant to this contract that require the furnishing of confiden-
tial business information to the subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor shall return to EPA all documents, logs, and magnetic
media which contain TSCA CBI. In addition, each Contractor employee
who has received TSCA CBI clearance will sign EPA Form 7740-18,
"Confidentiality Agreement for Contractor Employees Upon Relin-
quishing TSCA CBI Access Authority". The Contractor DCO will also
forward those agreements to EPA at the end of the contract.
(f) If, subsequent to the date of this contract, the
Government changes the security requirements, the contracting
officer shall equitably adjust affected provisions of this contract
in accordance with the "Changes" clause when:
(1) The Contractor submits a timely written request for
an equitable adjustment; and
(2) The facts warrant an equitable adjustment.
-------�
TSCA CBI Security Manual Appendix 9 7700
1/93
Confidentiality Agreement for United States Employees
Upon Relinquishing TSCA CBI Access Authority
In accordance with my official duties as an employee of the United States, I have
had access to Confidential Business Information under the Toxic Substances
Control Act (TSCA, 15 U.S.C. 2601 et seq.). I understand that TSCA Confidential
Business Information may not be disclosed except as authorized by TSCA or
Agency regulations.
I certify that I have returned all copies of any materials containing TSCA
Confidential Business Information in my possession to the appropriate docu-
ment control officer specified in the procedures set forth in the TSCA Con-
fidential Business Information Security Manual.
I agree that I will not remove any copies of materials containing TSCA
Confidential Business Information from the premises of the Agency upon my
termination or transfer. I further agree that I will not disclose any TSCA
Confidential Business Information to any person after my termination or
transfer.
I understand that as an employee of the United States who has had access to
TSCA Confidential Business Information, under section 14(d) of TSCA (15 U.S.C.
2613(d)) I am liable for a possible fine of up to $5,000 and/or imprisonment for
up to one year if I willfully disclose TSCA Confidential Business Information to
any person.
If I am still employed by the United States, I also understand that I may be subject
to disciplinary action for violation of this agreement.
I am aware that I may be subject to criminal penalties under 18 U.S.C. 1001 if I
have made any statement of material facts knowing that such statement is false
or if I willfully conceal any material fact.
Name (Please type or print)
Signature
EPA ID Number
Date
EPA Form 7740-16 (10-85) Replaces EPA Form 7710-17, COPY 1 — TSCA SECURITY STAFF
which is obsolete.
-------�
TSCA CBI Security Manual 7700
1/93
Privacy Act Statement
Collection of the information on this form is authorized by Section 14 of the Toxic
Substances Control Act (TSCA), 15 USC 2613. EPA uses this information to maintain
a record of those persons cleared for access to TSCA Confidential Business Information
(CBI) and to maintain the security of TSCA CBI.
Disclosure of this information may be made to Office of Pollution Prevention and Toxics
(OPPT) contractors in order to carry out functions for EPA compatible with the purpose
for which this information is collected; to other Federal agencies when they possess
TSCA CBI and need to verify clearance of EPA and EPA contractor employees for
access; to the Department of Justice when related to litigation or anticipated litigation
involving the records or the subject matter of the records; to the appropriate Federal,
State, or local agency charged with enforcing a statute or regulation, violation of which
is indicated by a record in this system; where necessary, to a State, Federal, or local
agency maintaining information pertinent to hiring, retention or clearance of an employee,
letting of a contract, or issuance of a grant or other magistrate or administrative tribunal;
to opposing counsel in the course of settlement negotiations; and to a member of
Congress acting on behalf of an individual to whom records in the system pertain.
Furnishing the information on this form, including your Social Security Number, is
voluntary but may prevent the contracting organization from being given access to TSCA
CBI and may therefore make impossible the performance of any task which requires
access to TSCA CBI.
-------�
TSCA CBI Security Manual Appendix 10 7700
1/93
fjaaaa >»ad ftpvacy Act Sttttment on ravar*a oa/ar* coavbtmg (hit form.
unitad SUMS envwonmantal Protection Aaaocy
Washington. DC 20480
A f~ M A Washington. DC 2O460
t>t rA Confidentiality Agreement for Contractor Employees
Upon Relinquishing TSCA CBI Access Authority
Nama ot Emptoyar
D
Contractor LJ Subcontractor
Contract Numbar
As an employee of the contractor/subcontractor named above per-
forming work for the United States, I have been authorized access to
confidential business information (CBI) submitted under the Toxic
Substances Control Act (TSCA) (15 USC Section 2601 et seq.). This
access authority was granted to me in order to perform my work under
the contract number cited above.
I understand that TSCA CBI to which I have had access under the
contract may be used only for the purposes of performing the contract. I
also understand that TSCA CBI may not be disclosed except as autho-
rized by TSCA or EPA regulation.
I certify that I have returned all copies of TSCA CBI materials in my
possession to either the appropriate document control officer specified
in the EPA-approved security plan in effect at my company or an EPA
TSCA document control officer.
I agree that I will not remove any copies of materials containing TSCA
CBI from the premises of my company or from EPA premises upon my
relinquishment of TSCA CBI access authority. I further agree that I will
not disclose any TSCA CBI to any person after my relinquishment of
TSCA CBI access authority.
I understand that as a contractor employee who has been authorized
access to TSCA CBI, under Section 14
-------�
TSCA CBI Security Manual Appendix 11
Please read Privacy Act Statement on reverse before completing.
7700
1/93
AEPA
United States Environmental Protection Agency
Washington, DC 20460
Employee Separation or Transfer Checklist
Social Security Number
Part 1. To Be Completed by Employee
Employee Name
Current Organization and Location
Effective Date
Type of Action
Separation from Government
Transfer to Other Government Unit
Address (Forwarding or that of gaining Government unit or agency)
Reason for Leaving
Part 2. Responsible Officials Must Complete All Items in this Part
Please clear the above-named employee. Final salary payment and application for retirement will be delayed until clearance is completed.
Item
Clearance
Yes
Signature and Date
Payroll/Travel
Advance Leave
LWOP/Health Benefits
Outstanding Travel Advance
Outstanding Travel Voucher
GTR/Airline Ticket
Diners' Club (TM) Credit Card
Permanent Change of Station Requirements
Imprest Fund
Jury Duty Fees
Salary Checks
Personnel
Training Termination Statements
Completion of Employment Agreements
Other
Library Issuances
Security Termination Statements
Audiovisual Equipment
EPA ID Card
Security/
Facilities
Keys
Parking Permit
Special Credentials
Part 3. Certification and Clearance
The Administrative Officer/Supervisor must certify that the above-named employee has accounted for the items listed below.
Item
Clearance
Item
Clearance
Personal property
CBI documents
Telephone credit cards
NCC computer user ID
Property pass(es)
U.S.-Government-lssued Credit Card(s)
SF-44, Purchase Orders
Official Passport (If yes, phone QIA/Passport Office)
Cleared
Not Cleared (Explain under Remarks)
Signature of Administrative Officer or Supervisor
Remarks
Certification
I certify that the statements I have made on this form and all attachments thereto are true, accurate, and complete. I acknowledge
that any knowingly false or misleading statement may be punishable by fine or imprisonment or both under applicable law.
Employee Certification
I certify that all U.S. Government property (including an official passport) and records have been returned (Signature)
Date
Personnel Office Affirmation of Clearance
Signature of Servicing Personnel Office
Title
Date
EPA Form 3110-1 (Rev. 2-88) Previous editions are obsolete.
Original .... Personnel
Copy.... Payroll
-------�
Privacy Act Statement
Authority
Social Security Number: Executive Order 9397 dated November 22,1943.
Forwarding Address: Reorganization Plan Number 3 of December 2,1970.
Purposes and Uses
Social Security Number: Disclosure by you of your Social Security Number (SSN) is voluntary. It will
be used to properly identify your records on file with the U.S. EPA in various program areas from which
you are obtaining certification of clearance. The information gathered will be used only as needed to
complete the clearance process as required by EPA Order 3110.5A.
Forwarding Address: Disclosure by you of your forwarding address is voluntary. It will be used in
forwarding official papers or appropriate information, and to mail documents to you or to a gaining
Government unit or agency.
Effects of Nondisclosure
Social Security Number: Withholding the SSN will cause a delay in the separation process or may result
in your not being cleared for separation.
Forwarding Address: Withholding the forwarding address will cause a delay in the separation process
or may deter your receipt of outstanding paychecks or other authorized documents.
EPA Form 3110-1 (Rev. 2-88)
-------�
TSCA CBI Security Manual
1/93
Appendix 12
TSCA «5HRB2aiAL
E£;s}£M?J10
DOES NOT CONTAIN NATIONAL
^FCURITY INFORMATION (E.O. 12065'
-------�
iii"i<
!"
'"!
>'!
!"'
>> !'
1 n l|
ID EPA
United States Environmental Protection Agency
Washington, DC 20460
Document Description
Date
CONFIDENTIAL
TOXIC SUBSTANCES CONTROL ACT
CONFIDENTIAL BUSINESS INFORMATION
Does not contain National Security Information (E.O. 12065)
The attached document contains Confidential Business Information obtained
under the Toxic Substances Control Act (TSCA 15 U.S.C. 2601 et seq.)
TSCA Confidential Business Information may not be disclosed further or
copied by you except as authorized in the procedures set forth in the TSCA
Confidential Business Information Security Manual.
If you willfully disclose TSCA Confidential Business Information to any
person not authorized to receive it, you may be liable under section 14(d) of
TSCA (15 U.S.C. 2613(d)) for a possible fine up to $5,000 and/or imprison-
ment for up to one year. In addition, disclosure of TSCA Confidential
Business Information or violation of the procedures cited above may subject
you to disciplinary action with penalties ranging up to and including dis-
missal.
CONFIDENTIAI
'V!
! } i
1 ;
EPA Form 7740-9 (rev. 10/92) Previous edition is obsolete
111!
ill
-------�
TSCA CBI Security Manual Appendix 14 770°
1/93
United States Environmental Protection Agency
fl Washington, DC 20460
OC PA TSCA CBI Visitors Loa
Individual's Name
Organization
Date
Time
Purpose of Visit
EPA Form 7740-1 3 (10-85)
-------�
TSCA CBI Security Manual
Appendix 15
7700
1/93
3
o D
l$
§
3
?§
11
33
"" c
?f
(Q CT
CD CD
(rt ""•
"m
ct
O
O
TJ
| ^
m g
> 5-
O §.
I -
_CD 3
o 3
0)
a
w
s;
o
CD
q
T3'
o'
C
&
fi>
^^
m
sS
^^H^^^^
s
"n «
3g
3
H «'
£> g.
> 5?
n i?
o S
& 30 g1
o. m 3
CD '" *•
s o §•
E
O Cfp
3 2
3
O
CO O
§Q
(D
is
3 O
*J* ^J
^j «5
7 z
j^~
P 1.
1
-------�
TSCA CBI Security Manual
Appendix 16
7700
1/93
o
|o
o
o
o
2
3
O (D
0 3
•S o
z °
c 3
3 3
IT —
5 z
^ C
3
cr
o>
m
-0
6
z
c
3
o-
CD
C
tn
1
§
C £.
OT ??•
g5
O g
O ^^T ^3
""^i ^£ W
5. ** 2
g
o era
3 2
3
0
*-<
CO O
f» o
Q
S
-------�
TSCA CBI Security Manual
Appendix 17
7700
1/93
United States Environmental Protection Agency
Washington, DC 20460
cy P PA Temporary Loan Receipt for TSCA
Confidential Business Information
1 acknowledge receipt of the following documents containing
TSCA Confidential Business Information
1 . DCN/Copy Number
2. OCN/Copy Number
3. DCN/Copy Number
4. DCN/Copy Number
5. DCN/Copy Number
6. DCN/Copy Number
7. DCN/Copy Number
Date Loaned
Name of Recipient
Description
Description
Description
Description
Description
Description
Description
Name of Lender
Signature of Recipient
Instructions
1 . To be used only for temporary transfer of TSCA
CBI. Transfers for more than thirty (30) days must
be made through a DCO.
2. The lender must keep the original of this form
after it has been completed and signed by the recip-
ient, and give the copy to the recipient.
3. The lender must give his or her copy of this form
to the recipient when the recipient returns the doc-
ument^) to the lender. The recipient should destroy
both copies.
EPA Form 7740-14 (10-85) Replaces EPA Form 7710-44. which is obsolete
-------�
TSCA CBI Security Manual
Appendix 18
7700
1/93
United States Environmental Protection Agency
Washington, DC 20460
Permanent Transfer Receipt for TSCA
Confidential Business Information
I acknowledge receipt of the following documents containing
TSCA Confidential Business Information.
1. DCN/Copy Number Description
2. DCN/Copy Number
Description
3. DCN/Copy Number
Description
4. DCN/Copy Number
Description
5. DCN/Copy Number
Description
6TDCN/Copy Number
Description
7. DCN/Copy Number
Description
8. DCN/Copy Number
Description
Date of transfer
Name of Sending DCO/DCA
Name of Recipient
Signature of Recipient DCO/DCA
INSTRUCTIONS
1. To be used only for permanent transfer of TSCA CBI. Transfers must be made by a
DCO/DCA.
2.The sending DCO/DCA must keep the original of this form after it has been signed and
returned by the recipient DCO/DCA. The Recipient DCO/DCA must keep a copy of the
receipt after returning the original to the sending DCO/DCA.
EPA Form 7740-26 (10/92)
-------�
TSCA CBI Security Manual
Appendix 19
1/93
United States Environmental Protection Agency
Washington, DC 20460
Memorandum of TSCA CBI Telephone Conversation
I. EPA Employee Identification
Name of Employee
Date
Organization
Time
II. Second Party Identification
Call Is
DTO D
From
Name
Number
Organization
III. Concerning what TSCA CBI?
IV. Content
EPA Form 7740-12 (10-85)
-------�
TSCA CBI Security Manual
Appendix 20
7700
1/93
m
T3
s
«a O
a> 9>
P
O
0
8
3
§•§
||
""" c
3
o-
2, 2
"O 5
P) 3
(O ty
(D '
|o
3 m
Q.
5" O
s: o
a o
(o
m
fcJU
^^B^^^ta
m^^p
^^H^^^
•£ a
» 2"
= H
a *" Q.
= S (D
3_
(Q
Ig
i i %^^ ^~|*
" j ^« rt
/•^ ^^
!>• o ^
— i P
^ <3 o
3 T ^L
g —
g Q.^3
i— i
o c ^
3 "^ 3
•^ o
C/)^<
(5*
3
O
c
r-
o
(Q
^J O
2 o
O (D
i. ^
•< 0
If
2. 5'
i'f
T?i o
P S.
0
•52
-------�
TSCA CBI Security Manual
Appendix 21
7700
1/93
United States Environmental Protection Agency
Washington, DC 20460
V>EPA TSCA CBI Security Manual Update Transmittal Sheet
Transmittal Number
Date Received
Page(s) Replaced
Date and Initials
EPA Form 7740-23 (10/92)
-------�
TSCA CBI Security Manual
Appendix 22
SIGNA
RE
I
O
m
a H
o X
g£
HH W
n
G
W
z
H
E
00
W
O
W
H
ffi
W
00
O
w
>
O
ta
o
§
3
W
fa
n
o
o-
r o
CD" ^
c
CD Hi.
00
z u
c^ 2j
GO ^
2 3
f
_ D
^\ *"*
o "
o
J/93
C
H ^-
O oo 2
o O a
0 h 00
ill
l»i
H
~ » 2
^" o5 £«•
h^rf; ^^ L.^1 •
0 3 °
Is. >
o o cro
3 2
-------�
U.S. Environmental Protection Agency
Region 5, Li ' -V /L-12J)
77 West Jackvon Boulevarjd, 12th Floor
Chicago, 1L 60604-3590
-------� |