xvEPA
         United Stateb
         Environmental Protection
         Agency
        Office of Pollution
        Prevention and Toxics
        Washington, DC 20460
        (TS-793)
7700
January 1993 Edition
TSCA Confidential
Business Information
Security Manual

-------
TSCA CBI Security Manual                                7700
                                                     1/93

                    TABLE OF CONTENTS

LIST OF APPENDICES	  i

CONTACTS	 iii

GLOSSARY OF ACRONYMS	 iv

BACKGROUND ON TERMINOLOGY AND EPA OFFICES .	vi

CHAPTER 1
 INTRODUCTION  	  1

    A.   GUIDING PRINCIPLES FOR SITUATIONS OUTSIDE OF
         THE MANUAL 	  1
    B.   MANUAL UPDATES AND REVISIONS TO PROCEDURES .  2

CHAPTER 2
  HOW TO AUTHORIZE FEDERAL EMPLOYEES, CONTRACT
  EMPLOYEES AND CONGRESS FOR ACCESS TO TSCA CBI	  3

    A.   STEPS TO TSCA CBI ACCESS FOR EPA EMPLOYEES ...  3

         1.  AUTHORIZING ACCESS 	  3

             a.   Completing and submitting the forms	  3
             b.   Forms required to obtain computer access to
                  TSCA CBI data	  4
             c.   Individual access files  	  4
             d.   Security briefing	  4
             e.   Approval for TSCA CBI access or waiver for
                  immediate access  	  4
             f.   TSCA CBI authorized access list	  5

         2.  REQUIREMENTS FOR MAINTAINING ACCESS .... 5

             a.   General information	  5
             b.   Document audit procedure	  5
             c.   Scheduling an annual security briefing 	 6
             d.   Failure to attend an annual security briefing	 6

-------
TSCA CBI Security Manual'  ,                               7700
              \     ซ...  .  '                             1/93
              e.    Reapplying for TSCA CBI access	  6
              f.    Employee transfers within EPA 	  6

    B.   STEPS TO TERMINATING TSCA CBI ACCESS FOR
         EPA EMPLOYEES  	  6

         1.    GENERAL INFORMATION	  6
         2.    REQUIREMENTS FOR TERMINATING ACCESS ....  7

              a.    Form 7740-16	  7
              b.    Document audit procedure	  7
              c.    DCO responsibilities after document audit is
                   completed	  7
              d.    Missing documents	  8
              e.    Employee responsibilities 	  8

    C.   STEPS TO TSCA CBI ACCESS FOR CONTRACTORS
         AND SUBCONTRACTORS	  9

              AUTHORIZING ACCESS  	  9

              1.    Determining whether access to TSCA CBI is
                   necessary	  9
              2.    Secure environment for handling and storing
                   TSCA CBI	  9
              3.    Site inspection	   10
              4.    Required contract language  	   10
              5.  .  Notice to affected businesses 	   10
              6.    Facility DCO at the contractor's site  	   11
              7.    How to assign a DCO  	   11
              8.    Identifying contractor employees for clearance  . .   12

    D.   HOW TO OBTAIN TSCA CBI AUTHORIZATION FOR
         EMPLOYEES OF CONTRACTORS AND
         SUBCONTRACTORS	   12

         1.    AUTHORIZING ACCESS  	   12

              a.    Completing and submitting the forms	   12
              b.    Minimum Background Investigation (MBI)	   13

-------
TSCA CBI Security Manual                                 7700
                                                      1/93

             c.   Individual Access Files	  13
             d.   Security briefing	  13
             e.   Approval for TSCA CBI access or waiver for
                  immediate access 	  14
             f.    TSCA CBI authorized access list	  14

         2.   REQUIREMENTS FOR MAINTAINING ACCESS ...  14

             a.   General information	  14
             b.   Document audit procedure	  14
             c.   Scheduling an annual security briefing  	  15
             d.   Failure to attend an annual security briefing ....  15
             e.   Reapplying for TSCA CBI access	  15

    E.   PROCEDURES FOR TERMINATING ACCESS TO TSCA
         CBI FOR CONTRACTOR EMPLOYEES	  16

         1.   GENERAL INFORMATION	  16
         2.   REQUIREMENTS FOR TERMINATING ACCESS ...  16

             a.   Form 7740-18	  16
             b.   Document audit procedure	  16
             c.   Missing documents	  17
             d.   DCO responsibilities after document audit is
                  completed	  17
             e.   Contractor employee responsibilities	  17

    F.   PROCEDURES FOR TERMINATING ACCESS TO TSCA
         CBI FOR CONTRACTORS	  18

             TERMINATING ACCESS TO TSCA CBI WHEN
             A CONTRACT ENDS 	  18

    G.   AUTHORIZING OTHER FEDERAL AGENCIES FOR
         ACCESS TO TSCA CBI	  18

         1.   GENERAL PROCEDURES FOR EPA OFFICES TO
             DISCLOSE TSCA CBI TO ANOTHER FEDERAL
             AGENCY PERFORMING WORK FOR EPA  	  18

-------
TSCA CBI Security Manual                                 7700
                                                      1/93

             a.   Agreement not to disclose TSCA CBI	   19
             b.   Exceptions to agreement	   19
             c.   TSCA CBI access at EPA facilities  	   19
             d.   TSCA CBI access at other Federal agencies  ....   20
             e.   How to assign a DCO	   20

         2.   PROCEDURES FOR ANOTHER FEDERAL AGENCY
             TO REQUEST ACCESS TO TSCA CBI  	   20

             a.   Submit a written request	   20
             b.   Agreement not to disclose TSCA CBI .	   20
             c.   Exceptions to agreement	   21
             d.   Notice to affected businesses  	   21

         3.   EPA'S PROCESS FOR APPROVING TSCA CBI
             ACCESS FOR OTHER FEDERAL AGENCIES	   22

             a.   TSCA CBI access at EPA facilities  	   22
             b.   TSCA CBI access at other Federal agencies  ....   22

         4.   REQUESTS FOR ACCESS TO TSCA CBI FROM
             CONGRESS OR THE GENERAL ACCOUNTING
             OFFICE 	   23

             Notice to affected businesses	   23

CHAPTERS
 RESPONSIBILITIES	   25

     A.  EMPLOYEE RESPONSIBILITIES 	   25

         1.   EPA HOLDS EMPLOYEES PERSONALLY
             ACCOUNTABLE FOR PROTECTING TSCA CBI ...   25
         2.   DOCUMENT AUDIT PROCEDURES	   26
         3.   CHECKING OUT TSCA  CBI DOCUMENTS	   26
             Overdue materials	   26
         4.   DETERMINING WHETHER A DOCUMENT
             CONTAINS TSCA CBI	   26
         5.   RECEIPT OF MAIL CONTAINING TSCA CBI
             MATERIAL	   27

-------
TSCA CBI Security Manual                                7700
                                                    1/93

        6.    CHALLENGING TSCA CBI CLAIMS DURING
             AND AFTER INSPECTIONS	  27

             a.   Informal inquiries	  27
             b.   Formal challenges	  27
             c.   When considering a challenge  	  28

    B.   MANAGER RESPONSIBILITIES  	  28

             IN GENERAL  	  28

    C.   DOCUMENT CONTROL OFFICER (DCO)
        RESPONSIBILITIES  	  29

        1.    IN GENERAL  	  29
        2.    MAINTAINING A DOCUMENT TRACKING
             SYSTEM	  29

             a.   Automated document tracking systems  	  30
             b.   Manual tracking systems	  31

        3.    MAINTAINING THE INVENTORY LOG	  31
        4.    DELIVERING AND RECEIVING TSCA CBI
             MATERIALS	  32

             a.   Reviewing documents for completeness	  32
             b.   Maintaining a receipt log  	  32

        5.    STORAGE OF TSCA CBI MATERIALS	  33
        6.    MAINTAINING RECORDS OF LOCK
             COMBINATIONS  	  33
        7.    CONDITIONS FOR CHANGING LOCK
             COMBINATIONS  	  34
        8.    UPDATING THE TSCA CBI AUTHORIZED
             ACCESS LIST 	  34
        9.    MONITORING AND CONTROLLING WHO
             OBTAINS TSCA CBI MATERIALS	  34
         10.  MONITORING OVERDUE TSCA CBI
             MATERIALS	  35

-------
TSCA CBI Security Manual                               7700
                                                   1/93

         11.   ASSISTING EMPLOYEES IN DETERMINING
             WHETHER DOCUMENTS CONTAIN TSCA CBI
             AND IN SANITIZING DOCUMENTS FOR
             PUBLIC DISCLOSURE	  35
         12.   SUPERVISING THE REPRODUCTION AND
             DESTRUCTION OF TSCA CBI MATERIALS  	  35
         13.   CONTROLLING THE TRANSFER OF TSCA
             CBI MATERIALS BETWEEN FACILITIES	  36
             Packaging and Arranging Transfer of TSCA CBI
             Material 	  36
         14.   ASSISTING EMPLOYEES WITH OBTAINING
             AND MAINTAINING TSCA CBI ACCESS
             AUTHORITY	  36
         15.   PERFORMING EMPLOYEE DOCUMENT AUDITS  .  36
         16.   PERFORMING AN INVENTORY OF HARD-COPY
             TSCA CBI DOCUMENTS	  37
         17.   WHEN DCOS TERMINATE THEIR EMPLOYMENT
             OR RELINQUISH THEIR DCO RESPONSIBILITIES .  37

CHAPTER 4
 PROCEDURES FOR USING AND PROTECTING TSCA CBI
 MATERIALS	  39

    A.   MARKING MATERIALS AS TSCA CBI	  39

         1.    TSCA CBI COVER SHEETS 	  39
         2.    TSCA CBI STAMP	  39

    B.   PROCEDURES FOR USING TSCA CBI DOCUMENTS
         INSIDE OR OUTSIDE OF SECURE STORAGE AREAS ...  39

         1.    EMPLOYEE RESPONSIBILITIES, IN GENERAL ...  39
         2.    PROCEDURES FOR USING TSCA CBI DOCUMENTS
             OUTSIDE OF SECURE STORAGE AREAS	  40

             a.   Two types of containers are approved	  40
             b.   Open/close signs	  40
             c.   More than one person can use a storage
                 container 	  40

-------
TSCA CBI Security Manual                                 7700
                                                     1/93

         3.   PROCEDURES FOR USING TSCA CBI
             DOCUMENTS INSIDE SECURE STORAGE
             AREAS	   40

             Unauthorized persons inside secure storage areas	   41

    C.    HOW TO OBTAIN APPROVAL FOR ESTABLISHING
         A SECURE STORAGE AREA 	   41
    D.    SECURING AN AREA	   42

             SECURE STORAGE AREA REQUIREMENTS .....   42

             1.    Maintaining security of lock combinations	   42
             2.    Electronic card keys  	   42

    E.  PROCEDURES FOR OBTAINING TSCA CBI	   43

         1.   HOW TO OBTAIN TSCA CBI FROM THE CBIC OR
             OTHER CENTRALIZED STORAGE FACILITY ....   43

             a.    Safeguarding TSCA CBI documents	   43
             b.    Obtaining a receipt for returned documents  ....   43
             c.    Transferring TSCA CBI materials between a
                  DCO and people under his or her
                  supervision in a centralized secure
                  storage area  	   43

         2.   HOW TO OBTAIN TSCA CBI FROM ANOTHER
             EMPLOYEE WITHIN THE SAME FACILITY	   44

             Keeping records on transfers	   44

    F.    PROCEDURES FOR TRANSFERRING TSCA CBI TO
         AN EMPLOYEE AT ANOTHER FACILITY	   45

         1.   IN GENERAL  	   45
         2.   PROCEDURES FOR TRANSFERRING TSCA CBI
             MATERIALS	   45

-------
TSCA CBI Security Manual                                7700
                                                   1/93

            a.   Procedures for sending or receiving TSCA CBI
                 materials through the U.S. Postal Service  	  45
            b.   Procedures for hand delivery of TSCA CBI
                 materials 	  46
            c.   Procedures for transmitting TSCA CBI
                 materials by courier or U.S. Postal
                 Service Express Mail	  46

    G.   PROCEDURES FOR RECEIVING AND SENDING
        FACSIMILES (FAXES) THAT CONTAIN TSCA CBI  ....  47

        1.   PROCEDURES FOR SENDING OR RECEIVING
            FAXES BETWEEN EMPLOYEES AUTHORIZED
            FOR ACCESS TO TSCA CBI	  47
        2.   WHEN INDUSTRY OFFICIALS OR INDUSTRY
            SUBMITTERS REQUEST THAT TSCA CBI BE
            FAXED TO THEM 	  48
        3.   WHEN AN INDUSTRY OFFICIAL OR INDUSTRY
            SUBMITTER ASKS TO FAX TSCA CBI TO EPA ...  48

    H.   DISCUSSING TSCA CBI ON THE TELEPHONE	  49

        1.   TELEPHONE CALLS WITH EMPLOYEES
            AUTHORIZED FOR TSCA CBI ACCESS	  49
        2.   TELEPHONE CALLS WITH SUBMITTERS  	  49

            Telephone Logs   	  50

    I.   ELECTRONIC MAIL CANNOT BE USED TO
        TRANSMIT TSCA CBI	  50

    J.   USE OF TSCA CBI AT TELE-VIDEO CONFERENCES ...  50

    K.   PROCEDURES FOR HANDLING DOCUMENTS AND
        OTHER MATERIALS PRODUCED BY EMPLOYEES
        USING TSCA CBI DOCUMENTS	  51

        1.   NEW TSCA CBI DOCUMENTS	  51
        2.   NEW NON-CONFIDENTIAL DOCUMENTS	  51
        3.   PERSONAL WORKING PAPERS  	  51

-------
TSCA CBI Security Manual                                   7700
                                                         1/93

              a.    Transferring-personal working papers to another
                   employee	   52
              b.    Keeping records on transfers	   52
              c.    Transferring personal working papers to a typist  .   52
              d.    Procedures for storing personal working papers . .   53
              e.    Procedures for destroying personal working
                   papers	   53

    L.   CREATING NON-CONFIDENTIAL MATERIALS FROM
         TSCA CBI DOCUMENTS	   53

         1.   IN GENERAL  	   53
         2.   NON-CONFIDENTIAL DOCUMENTS	   53

              a.    When TSCA CBI data are replaced with non-
                   confidential data  or descriptive terms	   54
              b.    When a submitting company drops its claim
                   of confidentiality  	   54

    M.  PROCESS FOR DECLASSIFYING TSCA CBI
         MATERIALS	   54

              HOW TO DECLASSIFY TSCA CBI MATERIALS  ...   54

    N.  REPRODUCTION OF TSCA CBI MATERIALS	   55

         1.   IN GENERAL  	   55
         2.   EMPLOYEE'S ROLE	   55
         3.   DCO RESPONSIBILITIES	   55

              a.    Control of copies	   56
              b.    Distributing copies to other employees  	   56
              c.    Authorizing use of other photocopying machines
                   when machines in secure locations break
                   down   	   56

     O.  PROCEDURES FOR DESTROYING TSCA CBI
         MATERIALS	   57

         1.   IN GENERAL  	   57

-------
TSCA CBI Security Manual                                 7700
                                                      1/93

         2.   WHO IS PERMITTED TO DESTROY TSCA CBI
             MATERIALS	   57

             a.    EPA and Federal employees  	   57
             b.    Contractor employees	   57

         3.   DESTRUCTION METHODS 	   57
         4.   DOCUMENTING DESTRUCTION  	   57

    P.    USE OR DISCUSSION OF TSCA CBI DURING
         MEETINGS	   58

         1.   WHAT IS CONSIDERED A MEETING?	   58
         2.   PROCEDURES FOR CIRCULATING DOCUMENT
             COPIES AT A MEETING	   58

             a.    Personal working papers	   58
             b.    Documents that have been logged out to an
                  employee	   59

         3.   PROCEDURES FOR DISCUSSING TSCA CBI
             DURING MEETINGS	   59

             a.    Meeting chairperson's duties  	   59
             b.    Records of meeting must be treated as
                  TSCA CBI	   60

    Q.    TRAVELING WITH TSCA CBI MATERIALS	   60

         1.   IN GENERAL  	   60
         2.   MAINTAINING SECURITY FOR TSCA CBI
             MATERIALS WHILE TRAVELING	   60

             a.    Storing TSCA CBI materials while traveling ....   60
             b.    Transferring possession of TSCA CBI materials
                  while traveling	   61

    R.    WORKING WITH TSCA CBI AT A PERSONAL
         RESIDENCE	   61

-------
TSCA CBI Security Manual                                   7700
                                                         1/93

    S.    WORKING WITH TSCA CBI MATERIALS ON
         COMPUTERS  	  62

         1.    IN GENERAL  	  62
         2.    AUTHORIZATION TO OBTAIN ACCESS TO
              TSCA CBI DATA STORED ON THE
              MAINFRAME COMPUTER	  62

                   Obtaining authorization to access the TSCA CBI
                   mainframe from a remote site	  62

         3.    SETTING UP A LOCAL-ARE A NETWORK (LAN) . .  62
         4.    USE OF WIDE-AREA NETWORKS (WANS) IS
              NOT PERMITTED	  62
         5.    USING PERSONAL COMPUTERS (PCS) TO
              WORK WITH TSCA CBI DATA	  63

              a.    Procedures for using TSCA CBI data on a PC
                   outside of a secure storage area  	  63
              b.    Processing and storing TSCA CBI data on
                   floppy and hard disks	   63
              c.    Maintaining security for floppy and detachable
                   hard diskettes containing TSCA CBI data  	   64
              d.    Terminating a TSCA CBI PC session for PCs
                   located outside secure storage areas	   64
              e.    Security procedures for PC printouts of
                   TSCA CBI data	   64

         6.    USING THE TSCA CBI MAINFRAME COMPUTER .   65

              a.    Obtaining printouts of TSCA CBI data from the
                   mainframe computer 	   65
              b.    Security procedures for printouts from the
                   TSCA CBI mainframe computer	   65

         7.    MINI COMPUTERS	   66

                   Security controls for TSCA CBI data on mini
                   computers	   66

-------
TSCA CBI Security Manual                              7700
                                                 1/93

        8.   SECURITY FOR TSCA CBI DATA STORED
            ON CONTRACTOR'S COMPUTERS	  66

    T.   DEVELOPMENT OF PHOTOGRAPHIC MATERIALS ....  66

        1.   PHOTOGRAPHS CAN BE CLAIMED AS
            TSCA CBI	  66
        2.   VIDEO TAPES CAN BE CLAIMED AS
            TSCA CBI	  67

CHAPTERS
 REPORTING AND INVESTIGATION OF VIOLATIONS OF
 PROCEDURES, LOST DOCUMENTS, AND UNAUTHORIZED
 DISCLOSURES	  69

    A.   EMPLOYEE REPORTING PROCEDURES 	  69

        1.   ORAL REPORT MUST BE MADE WITHIN
            ONE WORKING DAY	  69
        2.   WRITTEN REPORT MUST BE MADE WITHIN
            TWO WORKING DAYS	  69

                 Employee's division director or project officer's
                 duties  	  70

    B.   REVIEW AND INVESTIGATION OF EMPLOYEE'S
        REPORT	  70

        1.   WHEN POSSIBLE VIOLATION OF THIS
            MANUAL'S SECURITY PROCEDURES
            HAS OCCURRED	  70
        2.   WHEN TSCA CBI MATERIALS CANNOT BE
            ACCOUNTED FOR	  71

                 Notification to the submitting company	  71

        3.   WHEN UNAUTHORIZED DISCLOSURE OF
            TSCA CBI MATERIALS MAY HAVE
            OCCURRED 	  71

-------
TSCA CBI Security Manual                               7700
                                                   1/93

             a.   Notification to the submitting company	  71
             b.   EPA Office of General Counsel  	  71

    C.   PENALTY GUIDELINES FOR VIOLATION OF THIS
        MANUAL'S PROCEDURES  	  71

        1.    DETERMINING THAT A VIOLATION HAS
             OCCURRED  	  72
        2.    DETERMINING AN APPROPRIATE REMEDY	  72
        3.    ADMINISTRATIVE PENALTIES 	  73
        4.    CRIMINAL PENALTIES	  73
        5.    CORRECTIVE ACTIONS  	  74
        6.    IMD DIRECTOR CAN ALSO RECOMMEND
             THAT NO ACTION BE TAKEN	  74

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

                         LIST OF APPENDICES
Appendix                   Title

  1                   TSCA CBI Access Request, Agreement, and Approval

  2                   TSCA CBI ADP User Registration

  3                   Standard Form 86:  Questionnaire for Sensitive
                     Positions

  4                   Fingerprint Chart

  5                   Request for Building Pass

  6                   Request for Approval of Contractor Access to TSCA
                     Confidential Business Information

  7                   Contractor Information Sheet

  8                   EPAAR Contract Clauses

  9                   Confidentiality Agreement for United States Employees
                     Upon Relinquishing TSCA CBI Access Authority

  10                 Confidentiality Agreement for Contractor Employees
                     Upon Relinquishing TSCA CBI Access Authority

  11                 EPA Form 3110-1:  Employee Separation or Transfer
                     Checklist

  12                 TSCA CBI Stamp

  13                 TSCA CBI Cover Sheet

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 14                  TSCA CBI Visitors Log

 15                  Receipt Log

 16                  Inventory Log

 17                  Temporary Loan Receipt for TSCA Confidential
                     Business Information

 18                  Permanent Transfer Receipt for TSCA CBI.

 19                  Memorandum of TSCA CBI Telephone Conversation

 20                  Federal Agency, Congress, and Federal Court Sign-out
                     Log

 21                  Revision Transmittal Sheet

 22                  Document Reconciliation/Annual Certification
                                  11

-------
 TSCA CBI Security Manual                                        7700
                                                                 1/93

                              CONTACTS

Questions about the procedures in this manual should be directed to

•    Chief, TSCA Information Management Branch
     Information Management Division
     Office of Pollution Prevention and Toxics (TS-793)
     Environmental Protection Agency
     401 M Street, S.W.
     Washington, D.C.  20460
     Phone: (202) 260-0425

Other sources for information are

•    Document Control Officer
     Office of Pollution Prevention and Toxics (TS-790)
     Environmental Protection Agency
     401 M Street, S.W.
     Washington, D.C.  20460
     Phone: (202) 260-1532

•    TSCA Security Staff
     Office of Pollution Prevention and Toxics (TS-792-A)
     Environmental Protection Agency
     401 M Street, S.W.
     Washington, D.C.  20460
     Phone: (202) 260-6475

•    Director
      Information Management Division
     Office of Pollution Prevention and Toxics (TS-793)
      Environmental Protection Agency
     401 M Street, S.W.
      Washington,  D.C. 20460
      Phone: (202) 260-3938
                                   in

-------
TSCA CBI Security Manual
7700
1/93
                    GLOSSARY OF ACRONYMS
     ADTS      Automated Document Tracking System
     CBI        Confidential Business Information
     CBIC       Confidential Business Information Center

     CBITS      Confidential Business Information Tracking System

     CFR       Code of Federal Regulations

     DAPSS     Document and Personnel Security System
     DCO       Document Control Officer
     DCA       Document Control Assistant

     OPPT DCO Office of Pollution Prevention and Toxics Document
                Control Officer

     EPA       United States Environmental Protection Agency

     FAX       Facsimile Transmission

     FMSD     Facilities Management and Services Division

     TIME      TSCA Information Management Branch

     IMD       Information Management Division
     LAN       Local-Area Network
     MBI       Minimum Background Investigation

     OAM     Office of Acquisition Management
                                 IV

-------
TSCA CBI Security Manual
     OGC

     OPPT

     PMN

     PC

     TSCA

     WAN
                                              7700
                                              1/93
Office of General Counsel
Office of Pollution Prevention and Toxics
Premanufacture Notification
Personal Computer
Toxic Substances Control Act
Wide-Area Network

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93
       BACKGROUND ON TERMINOLOGY AND EPA OFFICES
       Office of Pollution Prevention and Toxics (OPPT)  director:  The
 OPPT director has overall authority for managing TSCA activities, including
 TSCA security programs.

       Information Management Division (IMD) director: The IMD director
 is responsible for  day-to-day implementation of TSCA CBI  and control
 programs, including developing policies for the use and handling of TSCA CBI
 and operating the EPA headquarters Confidential Business Information Center
 (CBIC).

       TSCA  security staff:  The TSCA security staff is  responsible for
 security-related activities, including reviewing security procedures, performing
 facility site inspections,  and investigating violations of the procedures  con-
 tained in this  manual.

       OPPT  document  control officer  (OPPT  DCO):   The OPPT DCO
 provides day-to-day support to other Federal and contractor DCOs nationwide.
 This  includes issuing  the TSCA CBI authorized access  list and processing
 forms and records pertaining to requests for TSCA CBI access authority for
 organizations and individuals.  The OPPT DCO is assigned to the Information
 Management Division.  He or she  manages the headquarters CBIC, oversees
 other DCOs at headquarters, and provides training materials and guidance to
 all DCOs on appropriate TSCA CBI handling procedures.

       Facility document control officer  (DCO):   The  facility DCO is
 responsible for managing the collection  of  records and document tracking
 system for the site  where he or she is employed.   The number of employees
 at a facility determines  how many facility DCOs there  are.  For instance,
 about 30 facility DCOs are assigned to EPA headquarters. The facility DCO
 also has oversight authority for the receipt, storage, transfer, use, reproduction
 and  destruction of TSCA CBI in his or her organization or facility.

       Employee document  control officer (DCO): At facilities where there
 are multiple facility DCOs,  each DCO will be assigned responsibility for a
                                   VI

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 number of individual employees. In this role, the facility DCO assists each
 employee in requesting and renewing TSCA CBI access authorization.

      Document control assistants (DCAs):   The OPPT DCO and facility
 DCOs  can nominate DCAs to assist them in performing document control
 functions. If a procedure in this manual requires that a document be taken to
 the DCO, the document may be taken to either the facility DCO or DCA.

      Requesting official: This is (1) the employee's immediate supervisor
 or higher authority who nominates a Federal employee for TSCA CBI access
 or (2) the EPA project officer who nominates a contractor employee for TSCA
 CBI access. Requesting officials' responsibilities include ensuring that their
 employees renew their TSCA CBI access authority yearly, determining when
 their employees no longer require access authority, authorizing their employees
 to transfer TSCA  CBI using a courier or express mail,  and initiating or
 reviewing their employees' reports of violations of this manual's procedures.

      EPA Confidential Business Information Center (CBIC): The primary
 area for storing and using TSCA CBI is the EPA CBIC, at EPA headquarters,
 in Washington, D.C.  If appropriate, EPA may authorize TSCA CBI access
 at other facilities, including EPA regional offices, other Federal agency offic-
 es, and contractor facilities.

      Facility: Any location where EPA, a government contractor, or another
 Federal agency stores and uses TSCA CBI.  Different security procedures are
 required  at facilities outside of EPA headquarters  and at  contractor sites;
 however, the same general procedures are in force at all facilities.

      Secure storage area (SSA): An area that is secured from persons not
 authorized for access to TSCA CBI.  Secure storage areas house the bulk of
 an organization or facility's TSCA CBI records or serve as an organization or
 facility's primary TSCA CBI work area, or both. •

      Contractors and subcontractors: Individuals who perform work under
 a contract with the United States government.

      Authorized access list: A list of people who are authorized for access
 to TSCA CBI.
                                  vn

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

      EPA  project officer:  An EPA employee who monitors the technical
 aspects of a contract that authorizes TSCA CBI access.

      TSCA CBI:  Information claimed business confidential under EPA's
 confidentiality regulations at  40 CFR Part 2.  TSCA CBI materials are
 documents or any other  information-bearing media that contain TSCA CBI.
 Most  TSCA  CBI  materials  and/or  documents consist  only  partially of
 confidential business information.
                                 vin

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

                           CHAPTER 1
                       INTRODUCTION

          This manual sets  forth procedures for Environmental  Protection
 Agency  (EPA)  employees,  other  Federal  employees,  contractors, and
 contractor employees to follow in handling information claimed as confidential
 business information (CBI) under Section 14 of the Toxic Substances Control
 Act (TSCA) (15 U.S.C.  ง2613).  That section of TSCA requires EPA to
 protect from public  disclosure  CBI obtained under TSCA,  and  it imposes
 criminal  penalties for  the  knowing and  willful  unauthorized  release  or
 disclosure of such information.  EPA has issued regulations (40 CFR Part 2)
 that implement TSCA's confidentiality  provisions.  The procedures in this
 manual supplement those set forth in TSCA and in 40 CFR Part 2.

          Section  14(a)(l) of  TSCA permits  EPA  to  authorize Federal
 employees, contractors and  contractor employees for access to TSCA CBI
 when such access is  necessary to perform work  in  connection with the
 agency's duties under a  health or  environmental  protection statute or for
 specific law enforcement purposes.

          Most TSCA CBI  access occurs  at EPA  Headquarters,  where the
 primary storage and use of TSCA CBI is in the EPA Confidential Business
 Information Center (CBIC).   If required, EPA may authorize CBI access at
 other facilities, including EPA Regional Offices, other Federal agency offices,
 and contractor facilities.   Procedures for handling,  using, and storing TSCA
 CBI are generally uniform  at all facilities.  However,  some differences in
 security procedures are required at facilities outside of EPA Headquarters, and
 at contractor sites.

                      A. GUIDING PRINCIPLES
            FOR SITUATIONS OUTSIDE OF THE MANUAL

          EPA recognizes that situations not covered by this manual may arise.
 In such cases, each  Federal and contractor employee who is granted TSCA
 CBI access will act under the following guiding principles:

          •    Each user of  TSCA CBI will ensure through personal conduct
               and accountability  that he or   she  follows  all   guidelines

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

               established'by EPA, contractors, or other Federal agencies to
               protect to the best  of his or  her  ability  all TSCA CBI
               documents.

          •    Each user will support management and  other employees in
               carrying out their responsibilities for the  protection, control,
               and security of TSCA CBI.

      B.  MANUAL UPDATES AND REVISIONS TO PROCEDURES

          Whenever procedures change for the control, storage, security, and
 handling of TSCA CBI, EPA will update the relevant pages in this manual.
 A change transmittal sheet will be issued with each set of revised pages. It is
 suggested that the change transmittal sheets be filed in the back of the manual
 in sequential order. This manual includes a security manual update transmittal
 sheet (Appendix 21), which should be used to record revisions.

-------
TSCA CBI Security Manual                                    7700
                                                          1/93

                        CHAPTER 2
   HOW TO AUTHORIZE FEDERAL EMPLOYEES,
   CONTRACT  EMPLOYEES, AND CONGRESS FOR
                  ACCESS TO TSCA CBI

         To obtain clearance for TSCA CBI access, employees of EPA, other
 Federal agencies, and contractors must fill out EPA Form 7740-6, "TSCA CBI
 Access Request, Agreement, and Approval"  (Appendix 1).  In addition, a
 separate form is sometimes required for obtaining computer access to TSCA
 CBI.

         •    Federal employees can obtain the forms from the EPA Form
             Distribution Centers. If the distribution centers are out of
             stock, the forms can be obtained  from the OPPT DCO.

         •    Contractors can obtain  the forms from their  EPA  project
             officer. If necessary, contractors can also obtain the forms
             from  the OPPT DCO.

      A. STEPS TO TSCA CBI ACCESS FOR EPA EMPLOYEES

 1.   AUTHORIZING ACCESS.

      a.  COMPLETING AND SUBMITTING THE FORMS.  The first step for EPA
 employees to obtain TSCA CBI access is the completion of Form 7740-6. The
 employee must submit the form to the facility DCO on site.

         The DCO reviews the form for completeness and accuracy before
 forwarding it to the employee's immediate supervisor, to whom this  manual
 will hereafter refer as the employee's requesting official.  The supervisor will
 review the completed form. If the supervisor approves  the form,  he or she
 signs line 20 and returns it to the facility DCO.  By signing the  form, the
 supervisor verifies that the individual has attended a Security Briefing. The
 facility DCO will forward the form to  the OPPT DCO for review and final
 approval.

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

      b.  A SEPARATE FORM IS REQUIRED TO OBTAIN COMPUTER ACCESS TO
 TSCA CBI DATA.  Employees who require online access to TSCA CBI data
 stored on the mainframe computer, mini computers, or computers linked by
 local area network must  submit  Form 7740-25,  "TSCA CBI ADP User
 Registration  Form" (Appendix 2) to the DCO on site, who will forward  the
 form to the OPPT DCO for processing.

      c.  INDIVIDUAL  ACCESS FILES.  A DCO is responsible for establishing
 an access file for each employee in his or her organization who  is  granted
 authority to access TSCA CBI.  The file must contain a copy of all forms or
 other  documentation  related to the employee's TSCA CBI clearance.   If
 required by  personnel regulations,  the "SF 86 Questionnaire For Sensitive
 Positions" (Appendix  3) can be kept in the employee's official personnel file.
 The  files must be maintained  in  alphabetical order by employee name.
 Contractors' access files are kept by the DCOs at their facilities;  the OPPT
 DCO maintains all EPA headquarters employees' access files.

      d.  SECURITY  BRIEFING  is  REQUIRED.    It  is the responsibility of
 requesting officials to  ensure that their employees (1) read this manual and (2)
 attend a security briefing on procedures for handling TSCA CBI documents.
 Employees must attend a briefing on CBI security procedures before they are
 allowed access to TSCA CBI.  The briefing, on video, is presented  weekly by
 the OPPT DCO.  It can also be presented by a facility DCO.

      e.  APPROVAL  FOR  TSCA CBI ACCESS OR  WAIVER FOR IMMEDIATE
 ACCESS.  The  OPPT  DCO will add the employee's name to the TSCA CBI
 authorized access list  when the employee is approved for TSCA CBI access.
 The OPPT DCO will  notify the employee's DCO of approval by sending him
 or her the TSCA CBI authorized access list.

          Facility DCOs must notify the OPPT DCO by the 15th  of each
 month of additions or deletions that must be made to the TSCA CBI authorized
 access list.

          A requesting official may allow an employee access to TSCA CBI
 before  receiving  final approval from the  OPPT DCO under the  following
 conditions:   The requesting official has determined that immediate access is
 necessary, the required forms have been completed and submitted to the OPPT

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

 DCO,  and  the  employee has attended  the  security  briefing.   Access is
 permitted for 10 days.

      f.  TSCA CBI AUTHORIZED ACCESS LIST.  After EPA employees are
 approved for TSCA CBI access, they are listed on the TSCA CBI authorized
 access  list.  EPA's  CBIC uses the list, with the automated Confidential
 Business Information Tracking System (CBITS), to control  access to TSCA
 CBI materials. The list includes the names of employees cleared for TSCA
 CBI computer access and the expiration date for their access.  The OPPT DCO
 provides copies of the access list monthly to DCOs and can  answer inquiries
 about whether an employee is authorized for access to  TSCA CBI.

 2.    REQUIREMENTS FOR MAINTAINING ACCESS.

      a.  GENERAL INFORMATION.    Each  year,  EPA employees who are
 authorized for access to TSCA CBI must follow certain procedures to maintain
 their access.

      b.  DOCUMENT AUDIT PROCEDURE. The DCO will furnish the employee
 with a report listing all documents  that the DCO's  manual or  automated
 inventory log shows  as charged out to that employee.  The employee  must
 reconcile the report by (1) verifying that he or she has the listed documents in
 his or her possession and signing the Document Reconciliation Certification
 (Appendix  22), (2)  notifying the  DCO that he  or  she doesn't have the
 documents  in his or her possession and  so indicating  on the  Document
 Reconciliation Certification, or (3) indicating on the Document Reconciliation
 Certification that no documents are charged out.  If the DCO  fails to locate the
 documents,  he or she must follow  the procedures discussed in Chapter 5.
 Once a report is submitted, as required by Chapter 5, the DCO after receiving
 written  approval from  the employee's  requesting official  may  renew the
 employee's access.

          After the DCO reviews the Document Reconciliation Certification,
 he or she will file a copy of the certification form in the employee's Individual
 Access File.

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

      c.  SCHEDULING AN ANNUAL SECURITY BRIEFING.  After the Document
 Reconciliation Certification process is completed,  the next step is for the
 employee to attend a security briefing.  The facility DCO is responsible for
 scheduling annual security briefings for employees.  If employees attend a
 briefing presented by a facility DCO, it is the facility DCO's responsibility to
 provide their names to the OPPT DCO.

      d.  FAILURE TO ATTEND AN ANNUAL SECURITY BRIEFING.  The OPPT
 DCO will suspend the access authority of any employee who fails to attend a
 security briefing within a year of his or her last briefing.   The OPPT DCO
 will notify the  employee's requesting  official of the suspension.  If the
 employee does not attend an annual security briefing within 30 days from the
 date his or her access expired, the OPPT DCO will on the 30th day terminate
 the employee's  TSCA CBI  authorization and deactivate the employee's
 electronic card key for accessing TSCA CBI secure storage areas, along with
 all computer access authorization, including user identifications and passwords.
       e.  REAPPLYING FOR TSCA CBI ACCESS.  If an employee has been
 removed from the TSCA CBI authorized access list, he or she must reapply
 for TSCA CBI access.  Employees who must reapply for TSCA CBI access
 must follow the procedures in section A.I of this chapter. Contact the OPPT
 DCO for specific instructions before submitting renewal forms.

       f.  EMPLOYEE TRANSFERS WITHIN EPA.   The OPPT DCO must be
 notified when an employee transfers to another branch, division, or office if
 the new position requires  TSCA CBI access.  It is the responsibility of the
 employee's former requesting official to notify the OPPT DCO of the transfer
 so the employee's current access authorization  can be cancelled.   If the
 employee's new position requires TSCA CBI access, his or her new requesting
 official is responsible for submitting a completed Form 7740-6  "TSCA CBI
 Access Request, Agreement, and Approval."

           B.  STEPS TO TERMINATING TSCA CBI ACCESS
                       FOR EPA EMPLOYEES

 1.    GENERAL INFORMATION.  Authorization  for access to TSCA CBI
 must be terminated when

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

          •    The employee stops working at EPA.
          •    The employee transfers to a new position in EPA that does not
              require access to CBI.
          •    The employee fails to attend the annual security briefing.
          •    The employee receives an administrative penalty suspending his
              or her authority to access TSCA CBI.

 2.    REQUIREMENTS FOR TERMINATING ACCESS.

       a.  FORM 7740-16.  When an employee's TSCA CBI clearance is
 relinquished  or revoked, he or  she  must complete EPA Form 7740-16,
 "Confidentiality Agreement for United States Employees Upon Relinquishing
 TSCA CBI Access Authority" (Appendix 9).  The employee's requesting
 official and  facility DCO are responsible for ensuring that the employee
 completes the form within five days after the employee's TSCA  CBI access
 authority is canceled.

          The  employee  must submit the completed  form to  his  or her
 requesting official, who sends it to the OPPT DCO.  The requesting official
 must also send a copy of the completed form to the facility DCO for placement
 in the employee's TSCA CBI Access File.

       b.  DOCUMENT AUDIT PROCEDURE. After receiving Form 7740-16, the
 facility DCO will furnish the employee with a report listing all the documents
 that the CBITS system, DAPSS system, and the facility DCO's manual or
 automated inventory log show as being in the employee's possession.  The
 employee is  responsible for returning these documents.  All of the returned
 documents must be re-entered  into the collection  of  records  before any
 individual TSCA CBI document charged out to a terminating employee can be
 reissued to another TSCA CBI-cleared employee.

       C.  DCO RESPONSIBILITIES AFTER  DOCUMENT AUDIT IS COMPLETED.
 After the document reconciliation is complete, the facility DCO will

          •   Request that the  OPPT DCO remove the  employee's name
              from the TSCA CBI authorized access list.

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          •   Inform the employee  DCO that the employee  is no longer
              authorized for CBI access.

          •   Request that the OPPT  DCO instruct the Facilities Management
              and Services  Division  (FMSD), Office of Administration, to
              invalidate the employee's electronic entry card  for  EPA
              headquarters TSCA CBI secure storage areas.

          •   Change the combinations to locks  for any TSCA CBI secure
              storage containers to which the employee had access. At EPA
              headquarters, the facility DCO can request that a security
              representative of FMSD's Security Management Section change
              the lock combinations for any TSCA CBI storage containers or
              secure storage areas.

          The OPPT DCO  will  direct IMD's TSCA  Systems  Section to
 invalidate the employee's TSCA CBI computer user identification code and
 passwords for all mainframe, mini, or micro computer  systems to which the
 employee had access.  When the TSCA  Systems Section completes the
 invalidation, the section will provide written confirmation to the OPPT DCO.
       d.  MISSING DOCUMENTS. The facility DCO must assume that a TSCA
 CBI document is missing when it is not received within 30 days of issuing the
 employee the list  of items charged out to him or her.  The procedures for
 reporting these documents as missing are in Chapter 5 of this manual.

       e.  EMPLOYEE RESPONSIBILITIES.    Employees who are relinquishing
 their TSCA CBI access authority are responsible for returning all TSCA CBI
 documents and  magnetic media in their  possession  to the facility's DCO.
 Employees who are terminating their employment must return to FMSD all
 electronic entry  cards for EPA headquarters facilities. Regional or laboratory
 employees who have electronic entry cards for secure storage areas  must
 relinquish those cards to the issuing  office  prior to signing Form 7740-16,
 "Confidentiality Agreement for  United States Employees Upon Relinquishing
 TSCA CBI  Access Authority."   EPA  headquarters  employees who are
 terminating their employment must obtain signatures from the OPPT DCO and
                                   8

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

 FMSD on the "Employee Separation or Transfer Checklist", EPA Form
 3110-1 (Appendix 11) when relinquishing their TSCA CBI clearance.

                  C.  STEPS TO TSCA CBI ACCESS
            FOR CONTRACTORS AND SUBCONTRACTORS

 AUTHORIZING ACCESS.

       1.  DETERMINING WHETHER ACCESS TO TSCA CBI is NECESSARY.  It
 is EPA's responsibility to decide whether access to TSCA CBI is necessary for
 a contractor to successfully perform the conditions of a contract with the U.S.
 government.  Depending on the contract,  the EPA project  officer, the EPA
 delivery order project officer, or the EPA work assignment manager (in the
 case of GSA zone contracts) will evaluate the need for TSCA CBI access.

          If it is determined that access is necessary, the EPA project officer,
 EPA delivery order project officer, or the EPA work assignment manager must
 complete EPA Form 7740-17, "Request for Approval of Contractor Access to
 TSCA Confidential  Business Information" (Appendix 6).   Form 7740-17
 should be submitted  as early in the contracting process as possible.

          •   For new contracts, Form 7740-17 should  be submitted to the
              IMD  director with the initial procurement  package.

          •   For  existing contracts, a  delivery order will probably  be
              necessary to modify the contract.  Form  7740-17 should  be
              submitted to the IMD director prior to the modification request.

          The EPA project officer must forward the form to his or her division
 director or a supervisor of equivalent authority, who will  sign the form as the
 requesting official and forward it to the IMD director  for final approval.
 When the IMD director signs the form, TSCA CBI access, under the contract,
 is effective.  However, before access is permitted at a contractor's site, the
 contractor must set up a secure environment for handling and  storing TSCA
 CBI.

       2. EPA CONTRACTORS WHO  RECEIVE  TSCA CBI  MUST SET UP A
 SECURE ENVIRONMENT FOR HANDLING AND STORING TSCA CBI. In

-------
TSCA CBI Security Manual                                         7700
                                                                   1/93

 establishing a secure environment, contractors are bound by (1) the conditions
 and terms of their contracts with EPA and (2) the requirements of this manual.
 Each contractor must maintain TSCA CBI in a secure environment that meets
 or exceeds the requirements  contained herein.   In addition to the physical
 security procedures set forth in Chapter 4, a two-barrier system must be used
 to protect TSCA CBI at any contractor's storage site that is not located within
 an EPA or other Federal Agency  facility.   Barrier 1 would consist at a
 minimum of perimeter walls that are constructed from "slab to slab" and do
 not have false ceilings that would permit entry into the contractor's work space
 by simply climbing over a corridor wall. Doors that provide ingress or egress
 must have pin  tumbler  deadbolt locks  installed (unless the door is  for
 emergency egress, in which case  it would have a crash bar with an audible
 alarm).  All doors providing ingress or egress that have hinge pins exposed to
 public corridors must be pinned or constructed in such a way so as to prevent
 removal of the hinge pin.  Barrier 2 consists of any of the storage containers
 listed in Chapter 4. Contractors should contact the TSCA security staff if they
 have any questions about establishing or maintaining the  security of TSCA
 CBI.

      3. SITE INSPECTION.   After  the contractor has  established a secure
 environment for TSCA CBI,  the TSCA security staff must inspect the site.
 TSCA CBI access will not be authorized at the contractor's site without  the
 approval of the TSCA Security Staff.

      4. REQUIRED CONTRACT LANGUAGE.  All contracts that are approved
 by the IMD director for TSCA  CBI access must contain one  or more of  the
 following appropriate  contract clauses:   EPAAR 1552.235-70,  EPAAR
 1552.235-71, and EP 52.235-120, November, 1992 (Appendix 8).  The EPA
 project officer is responsible  for  (1) notifying EPA's Office of Acquisition
 Management (OAM) contracting officer that the required TSCA CBI language
 is necessary and (2)  forwarding  Form 7740-17  to OAM, after the  IMD
 director has signed it.

      5.  NOTICE TO AFFECTED  BUSINESSES.    Pursuant to  40  CFR Part
 2.306(j), EPA must notify affected  businesses prior to allowing TSCA CBI
 access to a contractor or subcontractor. IMD will prepare the notice and, at
 its discretion will (1) publish it  in the Federal Register or  (2)  send  it to
 individual businesses by letter via certified mail, return receipt requested. The
                                   10

-------
TSCA CBI Security Manual                                          7700
                                                                   1/93

 notice must be given at least  10 calendar days before access takes place by
 Federal Register notice, telegram, or certified mail (return receipt requested).

          The EPA project officer must initiate the notice process at least 60
 days before the date that TSCA CBI access is to begin.  The first step is to
 complete a Contractor Information Sheet (Appendix 7), which the OPPT DCO
 uses to prepare the notice.  The IMD director signs the notice, which signifies
 that the contractor(s) identified in the notice is authorized for access to TSCA
 CBI.

          The notice must contain the following:

          •  The identity of the contractor or subcontractor to which TSCA
              CBI is to be disclosed.

          •  The contract number.

          •  An explanation of why  access to TSCA CBI is necessary for
              satisfactory performance of the contract.

          •  Whether access is authorized only on EPA premises or also at
              the contractor's or subcontractor's facilities.

          •  The type of information to be disclosed.

          •  The period  of  time for  which access  to TSCA  CBI  is
               authorized.

       6. FACILITY DCO AT THE CONTRACTOR'S SITE. The contractor DCO
 (1) serves as  the liaison between EPA and the contractor on issues relating to
 TSCA CBI, (2)  assists the EPA facility DCO in requesting and maintaining
 TSCA  CBI access authorization  for  individual contractor employees (see
 Chapter 3), and  (3)  assists in TSCA  CBI  handling.   The contractor DCO
 serves this function even when contractor employee access to TSCA CBI will
 occur at EPA facilities.

       7.  HOW TO ASSIGN A DCO. The EPA project officer is responsible
 for identifying  two qualified  contractor employees to act  as the contractor
 DCO and  the alternate DCO.  The EPA project officer must nominate the

                                   11

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 employees to the OPPT DCO.  The nomination, submitted in writing, must
 include the employees' names, telephone numbers, electronic mail numbers,
 fax numbers, mailing addresses, and qualifications. The contractor DCO must
 be in  place before  the contractor is allowed access to TSCA CBI.  (See
 Chapter 3 for information about the nomination process.)

       8.  IDENTIFYING  CONTRACTOR  EMPLOYEES FOR  CLEARANCE.  After
 completion of the above requirements, the EPA project officer, EPA delivery
 order project officer, or the EPA work assignment manager is responsible for
 conferring with contractor officials to determine which contractor employees
 require TSCA CBI access authorization. The EPA project officer will request
 access authorization for these individuals in the manner described in section
 D of this  chapter.

          D. HOW TO OBTAIN TSCA CBI AUTHORIZATION
   FOR EMPLOYEES OF CONTRACTORS AND SUBCONTRACTORS

          After a contractor is authorized for access to TSCA CBI, the
 contractor's employees must individually request TSCA CBI access authority.

          All necessary forms are available from the EPA project officer. If
 necessary, the forms can also be obtained from the OPPT DCO.

 1.    AUTHORIZING ACCESS.

       a.  COMPLETING AND SUBMITTING  THE  FORMS.   Each contractor
 employee who is applying for TSCA CBI access must complete the following
 forms:

          1) Form 7740-6,  "TSCA CBI  Access  Request,  Agreement,  and
            Approval" (Appendix 1).

          2) SF-86, "Questionnaire for Sensitive Positions" (Appendix 3).

          3) FD-258, fingerprint chart (two originals) (Appendix 4).
                                 12

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

          4) Form 7740-25, "TSCA CBI ADP User Registration Form," if
             online access to a TSCA CBI system or data base is required.

          The completed forms must be submitted to  the contractor DCO.
 After reviewing the forms for accuracy and completeness, the contractor will
 forward the forms to the EPA project officer.  The EPA project officer will
 review the  forms and forward  them to his  or her division  director  or
 supervisor of equivalent authority.

          The division director will either sign line 20 of the general access
 request form to  signify approval of TSCA  CBI access or  will disapprove
 access.  The division director will submit the approved forms to the OPPT
 DCO for review  and approval. After completing the review, the OPPT DCO
 will sign the forms and may submit them to the TSCA security staff and the
 IMD director for final approval.

       b.   MINIMUM BACKGROUND  INVESTIGATION (MBI).   All contractor
 employees who   are granted  access  to TSCA  CBI  will  be  required  to
 successfully complete  an  MBI  to  maintain TSCA CBI  clearance.   MBI
 investigations are conducted by the U.S. Office of Personnel Management at
 the request of the EPA Inspector General. The EPA project officer or  work
 assignment manager must ensure the MBI investigation requirement is placed
 in the official statement of work.

       c.   INDIVIDUAL ACCESS FILES.   The contractor's  facility DCO is
 responsible  for establishing an access  file for each employee in his or her
 organization who is  granted authority  to access  TSCA CBI.  The  file will
 contain a  copy of all forms or other documentation related to the employee's
 TSCA CBI clearance.  If required by personnel regulations,  the SF 86,
 "Questionnaire For Sensitive Positions" can be kept in the employee's official
 personnel file.  The  access files will be maintained in alphabetical order by
 employee name  and  stored with the TSCA CBI  collection of records.  The
 OPPT DCO will maintain the Individual Access Files for contract employees
 who are located  at EPA headquarters.

       d.   SECURITY  BRIEFING  is  REQUIRED.   It  is the responsibility of  the
 requesting official to ensure that employees (1) read this manual and (2) attend
 a security briefing on procedures for handling TSCA CBI documents.
                                   13

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

 Employees must attend a briefing on TSCA CBI security procedures before
 they are allowed access to TSCA CBI. The briefing, on video, is presented
 weekly by the OPPT DCO.  It can also be presented by a facility DCO.  If
 employees attend a briefing presented by a facility DCO, it is the facility
 DCO's responsibility to provide their names to the OPPT  DCO.

      e.  APPROVAL FOR TSCA CBI ACCESS OR WAIVER FOR IMMEDIATE
 ACCESS.  The OPPT  DCO will add the contractor employee's name to the
 TSCA  CBI authorized access list when the employee is  approved for CBI
 access.  The OPPT DCO will notify the employee's DCO  of approval by
 sending him or her the TSCA CBI authorized  access list.

          A requesting official may allow a contractor employee access to
 TSCA CBI before receiving final approval from the OPPT DCO when all of
 the following conditions  are met:  the requesting official has determined that
 immediate access is necessary, the required form(s) has been completed and
 submitted to the OPPT DCO, the employee has attended the security briefing,
 and the facility at which the employee is working has been inspected and
 approved by the TSCA security staff.  Access is permitted for 10 days.

      f.  TSCA CBI AUTHORIZED ACCESS LIST. After contractor employees
 are approved  for TSCA CBI access, they  are listed on the TSCA  CBI
 authorized access list.  The list provides the names of people cleared for TSCA
 CBI access, including TSCA CBI computer access, and the date on which their
 access expires.  Questions about whether  a particular person has TSCA CBI
 access that can not be answered by consulting  the Authorized Access List
 should be directed to the OPPT DCO.  The OPPT DCO provides copies of the
 access list monthly to  DCOs.

 2.    REQUIREMENTS FOR MAINTAINING ACCESS.

      a.  GENERAL INFORMATION.  Each year, contractor employees who are
 authorized to access TSCA  CBI must follow certain procedures to maintain
 their access. The procedures are listed below in the order in which they  must
 occur.

      b.  DOCUMENT AUDIT PROCEDURE. The contractor DCO will furnish the
 contractor employee with a report listing all documents that the DCO's manual
                                 14

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 or automated inventory log shows as charged out  to that  employee.   The
 employee must reconcile the report by (1) verifying that he or she has  the
 listed documents  in  his  or  her  possession  and  signing the Document
 Reconciliation Certification (Appendix 22), (2) notifying the DCO that he or
 she doesn't have the documents and indicating on the Document Reconciliation
 Certification that the  documents are not in his  or her possession, or  (3)
 indicating on the Document Reconciliation Certification that no documents are
 charged out. If the DCO fails to locate any documents, he or she must follow
 the procedures discussed in Chapter 5.

          After the DCO reviews the  Document Reconciliation Certification,
 he or she will file a copy of the certification form in the employee's Individual
 Access File.

       c.  SCHEDULING AN ANNUAL SECURITY BRIEFING.  After the document
 audit procedure is completed, the next step is  for the employee to  attend a
 security briefing.  The contractor's facility DCO is responsible for scheduling
 annual security briefings for employees.

       d.  FAILURE TO ATTEND AN ANNUAL  SECURITY BRIEFING.  Contractor
 employees will lose their authorization for access to  TSCA CBI if they fail to
 attend a security briefing within a year of their last briefing.  The OPPT DCO
 will notify  an employee's requesting  official of  the  suspension.   If the
 employee does not attend an annual security briefing within  30 days from the
 date the suspension notice was issued, the OPPT  DCO will on the 30th  day
 terminate the  employee's TSCA CBI  authorization  and  deactivate  the
 employee's electronic card key for accessing TSCA CBI secure storage areas,
 along with all computer access authorization, including user identifications and
 passwords.  It is the responsibility of the requesting  official  to ensure that the
 employee completes the paperwork connected with TSCA CBI termination (see
 section E of this chapter).

       e.   REAPPLYING  FOR TSCA CBI ACCESS.  If an employee has been
 removed from the TSCA CBI authorized access list, he or  she must reapply
 for TSCA CBI access.  To reapply, the employee  must follow the procedures
 in  section D.I  of this  chapter.   Contact the  OPPT  DCO for  specific
 instructions before submitting renewal forms.
                                   15

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

         E.  PROCEDURES FOR TERMINATING ACCESS TO
            TSCA CBI FOR CONTRACTOR EMPLOYEES

 1.    GENERAL INFORMATION. Authorization to access TSCA CBI must
 be terminated when

         •    The contract is completed.
         •    Employment of the contractor employee is terminated.
         •    Contractor employee's duties that require access to TSCA CBI
              are terminated.
         •    The contractor employee fails to  attend the annual security
              briefing.
         •    The  contractor  employee  breaches   the  terms  of  the
              Confidentiality Agreement of EPA Form 7740-6, "TSCA CBI
              Access Request, Agreement, and Approval."
         •    The MBI provides information about the contractor employee
              based on which the IMD director determines that access will
              not be granted.

 2.    REQUIREMENTS FOR TERMINATING ACCESS.

    •  a. FORM  7740-18.  When  a  contractor  employee's TSCA CBI
 clearance is suspended, relinquished,  or revoked, he or she must complete
 EPA Form 7740-18,  "Confidentiality  Agreement for Contractor Employees
 Upon Relinquishing TSCA CBI Access Authority" (Appendix 10).  The
 employee's requesting  official and DCO are responsible for ensuring that the
 employee completes the form within five days after the employee's TSCA CBI
 access authority is  canceled.

         The  employee must submit the completed  form to  his or her
 requesting official, who sends it to the OPPT DCO. The requesting official
 must also send a copy of the completed form to the facility DCO for placement
 in  the employee's TSCA CBI Access File.

      b. DOCUMENT AUDIT PROCEDURE. After receiving Form 7740-18, the
 facility DCO will furnish the contractor employee with a report listing all the
 documents that the CBITS system, DAPSS system, and the facility DCO's
 inventory log show as being in the contractor employee's possession. The
                                 16

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

 contractor employee is responsible for returning these documents.  All of the
 returned documents must be re-entered into the collection of records before
 any individual TSCA CBI document charged out to the terminating employee
 can be reissued to another TSCA CBI-cleared employee.

      c. MISSING DOCUMENTS.  The facility DCO must assume a TSCA CBI
 document is missing when  it is not  received within 30 days of issuing the
 contractor  employee the list of items  charged  out to him or her.   The
 procedures for reporting these documents as missing are in Chapter 5.

      d. DCO RESPONSIBILITIES AFTER DOCUMENT AUDIT  IS COMPLETED.
 After the document reconciliation is complete, the facility DCO will

         •    Request that the OPPT DCO  remove the employee's  name
              from the TSCA CBI authorized access list.

         •    Inform the employee's DCO that  the employee is no longer
              authorized for TSCA CBI access.

         •    Request the OPPT DCO to invalidate the employee's electronic
              entry card for EPA headquarters  TSCA CBI secure storage
              areas.

          •    Change the combinations to locks for any TSCA CBI secure
              storage containers to which the employee had access.

         The OPPT  DCO will direct  IMD's  TSCA Systems Section  to
 invalidate the employee's TSCA CBI computer user identification code and
 passwords for all mainframe, mini, or micro computer systems to which the
 employee had access.   When the  TSCA Systems Section completes the
 invalidation, the section must provide written confirmation to  the OPPT DCO.

      e.  CONTRACTOR EMPLOYEE RESPONSIBILITIES.   Employees who are
 relinquishing their TSCA CBI access authority are responsible for returning all
 TSCA  CBI documents and  magnetic media in their possession to the facility
 DCO.  Employees who are terminating  their employment must return to the
 OPPT DCO all electronic entry cards for EPA headquarters facilities.  EPA
                                  17

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

 project officers are responsible for ensuring that all electronic entry cards
 issued to contractor employees are returned to the OPPT DCO.

           F.  PROCEDURES FOR TERMINATING ACCESS
                 TO TSCA CBI FOR CONTRACTORS

 TERMINATING ACCESS TO TSCA CBI WHEN A CONTRACT ENDS.

         On the day a  contract is completed or access to TSCA CBI ends
 under the contract's terms, the contractor DCO must inventory the TSCA CBI
 materials that the CBITS system, DAPSS system, and the DCO's manual or
 automated  inventory log show as being at the  contractor's facility.  The
 contractor DCO must provide the written inventory to the EPA project officer
 within 30 calendar days.  The EPA project officer must provide a copy of the
 results to the OPPT DCO and the TSCA security staff. The contractor DCO
 must collect all TSCA CBI materials and document control materials, including
 logs and cover sheets, that are in the company's possession.  The contractor
 must transfer the materials to the OPPT DCO within 30 calendar days. The
 OPPT DCO will provide them to the EPA project officer.

         The EPA project officer will review the materials and reconcile the
 returned materials with the inventory provided by the contractor DCO.  The
 EPA project officer then transfers the materials to  the OPPT DCO with
 instructions for appropriate disposition.

          G. AUTHORIZING OTHER FEDERAL AGENCIES
                    FOR ACCESS TO TSCA  CBI

         EPA regulations (40 CFR part 2) allow disclosure of TSCA CBI to
 another Federal agency when the information is necessary for the other agency
 (1) to perform work for  EPA, (2) to perform its duties under any law for the
 protection of health or the environment, or (3) for specific law enforcement
 purposes.

 1.    GENERAL PROCEDURES FOR EPA OFFICES TO DISCLOSE TSCA
 CBI TO ANOTHER FEDERAL AGENCY PERFORMING WORK FOR EPA.
 When an EPA office is  having another Federal  agency perform work that
 requires access to TSCA CBI, EPA generally takes the initiative in
                                18

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 arranging to disclose the information to the other agency.  The first step to
 arrange disclosure is for the EPA office that is involved to contact the IMD
 director.

          The IMD  director will  notify  the other  agency  that (1) the
 information that will be disclosed is CBI and was acquired under the authority
 of TSCA and that (2)  any unauthorized disclosure of the information may
 subject the other agency's employees to the criminal penalties in Section 14(d)
 of TSCA (see Chapter 5 of this  manual).

          When EPA discloses TSCA CBI to another agency to perform work
 on behalf of EPA,  no  notice to affected businesses is required.  Notice  is
 required in all other circumstances.  The IMD  director will notify the agency
 performing the work whether access is approved.

       a. AGREEMENT NOT TO DISCLOSE TSCA CBI.   The agency that will
 receive TSCA CBI must provide a written agreement that it will not disclose
 TSCA CBI.

       b.  EXCEPTIONS  TO AGREEMENT NOT TO  DISCLOSE TSCA CBI.   A
 Federal agency does not have to provide a written agreement that it will not
 disclose TSCA CBI under any one of the following circumstances:

           •    The agency has statutory authority both to compel production
               of the information and to make  the proposed disclosure, and it
               has furnished affected businesses with at least  the same notice
               that EPA would provide under EPA's regulations.

           •    The agency has obtained the consent of each affected business
               prior to  the proposed disclosure.

           •    The  agency has  obtained a written statement from the EPA
               general counsel or an EPA regional counsel that disclosure of
               the information would be proper under  EPA regulations.

       c.  TSCA  CBI ACCESS AT EPA FACILITIES. Once approval for access
 has been granted, designated employees of the other Federal agency can obtain
 access to specified TSCA CBI on EPA premises.  The procedures for
                                   19

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

 individual employees to obtain clearance for TSCA CBI access are explained
 in sections A and B of this chapter.

      d.  TSCA CBI ACCESS AT OTHER FEDERAL AGENCIES. When a Federal
 agency is allowed access to TSCA CBI on its premises, the Federal agency
 must appoint a facility DCO and must provide a secure environment before
 documents will be transferred.

      e.  HOW TO ASSIGN A DCO.  The requesting official  or  the facility
 manager in charge of the facility to which TSCA CBI will be transferred must
 nominate a facility DCO and an alternate DCO.  The nomination, submitted
 in writing to the OPPT DCO,  must include the name, telephone number,
 electronic mail number, fax number, and mailing address of both nominees.
 The OPPT DCO will decide whether to approve the  nomination.  The
 requesting official or  the facility DCO can also nominate document control
 assistants (DCAs) to assist the DCO in his or her day-to-day duties.

 2.   PROCEDURES FOR ANOTHER FEDERAL AGENCY TO REQUEST
 ACCESS TO TSCA CBI. These procedures  must be followed  by Federal
 agencies that are requesting access to TSCA CBI (1) to perform duties under
 any law for the protection of health or the environment or (2) for a specific
 law enforcement purpose.

      a.  SUBMIT A WRITTEN REQUEST.  To obtain access to  TSCA CBI, a
 Federal agency must submit a written request to the IMD director at least one
 month before access is needed. The request must state the specific information
 to which access is  requested, why access is necessary (this  is the official
 purpose and will be one of the two reasons stated in the preceding paragraph),
 and provide supporting details.   The request must  be signed by an agency
 official whose  authority is at least equivalent to that of an  EPA division
 director.

      b.  AGREEMENT NOT TO DISCLOSE TSCA CBI. The agency that will
 receive TSCA CBI must provide a written agreement that it will not disclose
 TSCA CBI.
                                 20

-------
TSCA CBI Security Manual                                         7700
                                                                   1/93

       c.  EXCEPTIONS TO AGREEMENT NOT  TO DISCLOSE  TSCA CBI.  A
 Federal agency does not have to provide a written agreement that it will not
 disclose TSCA CBI under any one of the following circumstances:

          •    The agency has statutory authority both to compel production
               of the information and to make the proposed  disclosure, and it
               has furnished affected businesses with at least the same notice
               that EPA would provide under EPA's regulations.

          •    The agency has obtained the consent of each affected business
               prior to the proposed disclosure.

          •    The agency has  obtained a written  statement from the EPA
               general counsel or an EPA regional counsel  that disclosure of
               the information would be proper under EPA regulations.

       d. NOTICE TO  AFFECTED BUSINESSES.  Before EPA allows  another
 Federal agency access to TSCA CBI, EPA  must provide  written notice to
 affected businesses except as stated in section G.I above.  The notice must be
 given at least  10 calendar days before  access takes place by Federal Register
 notice,  telegram, or  certified mail (return  receipt requested).   IMD  will
 prepare the notice, which must include

          •    The identity of the agency to which TSCA CBI access is being
               allowed.

          •    The official purpose for the access.

          •    Whether access is authorized only on EPA premises or also at
               the other agency's facilities (see section 3  of this chapter).

          •    The type of information that will be disclosed.

          •    The period  of time for which access to TSCA CBI is being
               authorized.
                                   21

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

 3.    ERA'S PROCESS  FOR APPROVING TSCA CBI ACCESS FOR
 OTHER FEDERAL AGENCIES. The IMD director will review requests for
 TSCA CBI access from other Federal agencies and will notify the agencies'
 requesting officials whether TSCA CBI access  is approved.  If access is
 approved, the IMD  director  will  notify  the  other  agency that  (1)  the
 information that will be disclosed is CBI and was acquired under the authority
 of TSCA, and that (2) any unauthorized disclosure of the information may
 subject the other  agency's employees to criminal penalties  allowed under
 Section 14(d) of TSCA.

       a.  TSCA CBI ACCESS AT EPA FACILITIES.  EPA prefers that TSCA
 CBI materials remain on EPA premises. When this is not practical. EPA will
 consider allowing  access at another agency's facility.

          Once approval for access has been granted, designated employees of
 the other Federal  agency can obtain access to specified TSCA CBI on EPA
 premises.  The procedures for individual employees to obtain clearance  for
 TSCA CBI  access  are explained in sections  A  and B  of this chapter.
 Employees of other Federal agencies are not allowed  to remove from EPA
 premises any documents, notes, or correspondence containing TSCA CBI and
 must not  discuss TSCA CBI with individuals not authorized for TSCA CBI
 access.

       b.  TSCA CBI ACCESS AT OTHER FEDERAL AGENCIES. Before EPA will
 grant access at another agency's facility, a facility DCO must be in place. The
 requesting official or the facility manager in  charge of the facility to which
 TSCA CBI will be transferred must nominate  a facility DCO and an alternate
 DCO. The nomination, submitted in writing to the OPPT DCO, must include
 the name, telephone number, electronic mail number, fax number, and mailing
 address of both nominees. The OPPT DCO will decide whether to approve
 the nomination. The requesting official or the facility DCO can also nominate
 document control assistants (DCAs) to assist the DCO in his or her day-to-day
 duties. Other provisions that must be in effect are the following:

          •   The Federal  agency  must have  security procedures and
              standards in place that equal or surpass those set forth in this
              manual.
                                  22

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          •    EPA's TSCA security staff must inspect and approve the TSCA
              CBI storage facilities at the Federal agency.  The inspection is
              to be arranged by the official requesting TSCA CBI clearance
              for his or her agency.

          •    The Federal  agency must appoint  a facility DCO before
              documents will be transferred.

          •    The official requesting TSCA CBI access authority for his or
              her agency must provide  a written statement of the agency's
              security procedures for handling TSCA CBI.  The statement
              should state whether (1) the security procedures in this manual
              have been adopted by the agency without change or (2) how the
              security procedures being  used at the  agency differ from those
              set forth in this manual.  The  written statement must be
              provided to the TSCA security staff.

 4.    REQUESTS FOR ACCESS TO TSCA CBI FROM CONGRESS OR
 THE GENERAL ACCOUNTING  OFFICE.   EPA,  Federal and contractor
 employees must notify the IMD director immediately when they receive a
 request from Congress or the General Accounting Office for information that
 requires access to TSCA CBI. Pursuant to 40 CFR 2.209, TSCA CBI access
 is allowed only when the  request is made by the Speaker of the  House, the
 President of the Senate, a chairman of a committee or subcommittee, or the
 Comptroller General.  All document access will be provided by the OPPT
 DCO,  who will record all transactions on a Federal Agency, Congress, and
 Federal Court Sign Out Log (Appendix 20).

       NOTICE TO AFFECTED BUSINESSES.  Before EPA allows access to TSCA
 CBI by Congress or the General Accounting Office, EPA must provide written
 notice  to affected businesses. The notice must be given at least 10 calendar
 days before access  takes place by  Federal  Register notice,  telegram, or
 certified mail (return receipt requested).  IMD will prepare the notice, which
 must include

          •   Whether access is authorized only on EPA premises or also at
              the other agency's facilities.
                                  23

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

          •    The type of information that will be disclosed.

          •    The period of time for which access to TSCA CBI is being
              authorized.
                                  24

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

                          CHAPTER 3
                     RESPONSIBILITIES

                 A.  EMPLOYEE RESPONSIBILITIES

 1.   EPA HOLDS EMPLOYEES PERSONALLY ACCOUNTABLE FOR
 PROTECTING TSCA CBI. Proper protective controls must be followed by
 employees of EPA, other Federal agencies, and Federal contractors who have
 access to TSCA CBI whenever they handle, store, or transfer any TSCA CBI.
 EPA holds  every employee who has  custody of TSCA CBI personally
 responsible for following proper handling and  security procedures.

          •    Each employee who has access to TSCA CBI is required to (a)
              immediately inform management if he or she discovers that any
              procedure contained in this manual does not provide the proper
              level of protection for TSCA CBI and (b) suggest changes that
              will strengthen those weaknesses.

          •    Each employee who has  access to TSCA CBI is required to
              immediately report in writing any violations of this  manual's
              procedures to his  or her immediate  supervisor, the  TSCA
              security  staff, the contractor project  officer,  and the IMD
              director.

 Employees who have access to TSCA CBI are

          •    Accountable for all TSCA CBI documents that  they receive
              through a DCO or any other employee cleared for TSCA CBI.

          •    Required to support  the  programs  established  by  their
              management and DCO for protecting and handling TSCA CBI.

          •    Required to attend an annual security briefing prior to renewing
              their TSCA CBI clearance and to stay  informed of TSCA CBI
              handling controls and security programs.

          •    Required to  complete an  annual audit of all  TSCA  CBI
              documents charged out  to  them  through a DCO prior to

                                25

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

              completing  the  annual  security  briefing and  to  sign  the
              Document Reconciliation Certification (Appendix 22) after
              reconciling the documents listed on the report.

          •    Required to maintain TSCA CBI in a responsible manner that
              will not permit access to the data by anyone who has not been
              properly authorized to view TSCA CBI.

 2.   DOCUMENT AUDIT  PROCEDURES.  Each year, every employee is
 required to  account for  the hard copy TSCA CBI documents in his or her
 possession.  This procedure is always the first step of the annual process to
 recertify employees for TSCA CBI clearance.

          The facility DCO will furnish the employee with a list of documents
 that the DCO's manual or automated inventory log shows the employee has in
 his or her possession. The employee must certify that the documents are in his
 or her possession by signing  the certification  statement inscribed  on the
 document list. The employee must contact the facility DCO immediately if he
 or she does not have any of the documents on the list.

 3.   CHECKING  OUT  TSCA  CBI  DOCUMENTS.   Employees  are
 permitted to check out TSCA CBI documents from  their facility DCO and to
 keep the  documents for up to a year.  However,  employees should return
 TSCA CBI  to the facility DCO as soon as the material is no longer needed.

      OVERDUE MATERIALS.  TSCA CBI materials cannot be kept for more
 than one year. Any material kept longer than a  year is considered overdue,
 and the facility DCO will notify the responsible employee. Materials that are
 not returned to the DCO  within 30 days of notification are presumed lost. The
 DCO must notify his or her division director of lost materials, pursuant to the
 procedures in Chapter 5.

 4.   DETERMINING WHETHER A DOCUMENT CONTAINS TSCA CBI.
 When an  employee produces  a document, it is that  employee's responsibility
 to decide whether the document contains TSCA  CBI. An employee who is
 unable to  determine whether something is confidential should consult with his
 or her supervisor or DCO.  If the  issue remains unresolved, the employee
 should consult the chief of the IMD TSCA  Information Management Branch.
                                 26

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

 5.  RECEIPT OF MAIL  CONTAINING TSCA CBI  MATERIAL.   If
 employees receive materials in the mail that are believed to be TSCA CBI,
 even if they are unlabeled, those materials must be taken  immediately to the
 facility's DCO for proper entry into the document tracking system.

 6.  CHALLENGING  TSCA CBI  CLAIMS DURING  AND  AFTER
 INSPECTIONS.   An  employee  who  encounters a TSCA CBI  claim that
 appears to be invalid should bring the issue to the attention of the proper office
 in EPA.

          •   EPA headquarters  employees and Federal employees should
              contact IMD's TSCA Information Management Branch, which
              routinely conducts program challenges pursuant to CFR 2.204.

          •   EPA regional employees should contact the Chief, Compliance
              Branch, Office of Compliance Monitoring, who will coordinate
              the challenge  with an  attorney  from the TSCA Information
              Management Branch or the Office of General Counsel.

          •   Contractor employees should contact IMD's TSCA Information
              Management Branch with any  questions  about TSCA CBI
              claims.

       a.  INFORMAL INQUIRIES.  EPA employees are permitted to conduct
 informal  inquiries concerning TSCA CBI claims consistent  with  40  CFR
 2.204. When an EPA employee believes it to  be appropriate, he or she can
 request substantiation of a TSCA CBI claim from a submitter. The request
 should be made by letter.

          EPA employees, especially compliance inspectors, are encouraged
 to obtain guidance from the TSCA Information Management Branch.  In
 addition, employees are encouraged to become familiar with the substantive
 criteria used to determine confidentiality, which are found at 40 CFR 2.208.

       b.  FORMAL CHALLENGES. The Office of General Counsel is responsible
 for making final determinations concerning challenges to  TSCA CBI claims,
 pursuant to 40 CFR 2.205, with two exceptions. Before acting under  these
 exceptions, contact attorneys in IMD or the Office of General Counsel for
 advice.
                                  27

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          •   The first exception allows an EPA office to take certain actions
              if the office determines that the TSCA CBI claim is not entitled
              to confidential treatment. The exception is defined in 40 CFR
              2.204(d)(2); what is meant by "EPA office" is defined in 40
              CFR 2.201(m); and the possible actions are defined in 40 CFR
              2.205(f).

          •   The second exception allows the Office of General Counsel to
              delegate its authority to make final determinations concerning
              TSCA CBI challenges to any EPA attorney or regional counsel.

      c.  WHEN CONSIDERING A CHALLENGE. It is incumbent upon those who
 challenge TSCA CBI claims to act consistently with all TSCA regulations-
 particularly 40 CFR 2.201 through 40  CFR 2.205, 40 CFR 2.208, and 40
 CFR 2.306-and relevant Federal Register notices.  The validity of a TSCA
 CBI claim must be carefully considered before an EPA  employee asks a
 submitting company to substantiate the claim.  IMD and Office of General
 Counsel attorneys should be consulted if any questions or problems arise on
 TSCA CBI issues or challenges.

                   B. MANAGER RESPONSIBILITIES

 IN GENERAL.   All managers who are responsible for programs involving
 access to TSCA CBI must ensure that their staff members follow this manual's
 procedures and  any other directive that deals with protection of TSCA CBI.
 Managers must  also ensure that

          •   Adequate  personnel are available  to carry out the DCO
              responsibilities under the manager's supervision.

          •   Proper  physical control  measures are  implemented  in areas
              where TSCA CBI is maintained.

              Their project officer, work assignment manager, and delivery
              order project  officer follow  proper  TSCA CBI  security
              procedures while administering contracts.
order project  onicer rollow proper  l
procedures while administering contracts.
                                  28

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

          •    They meet quarterly with contractor project officers to ensure
              that  contractor  staff  are  following  TSCA  CBI  security
              procedures.

   C.  DOCUMENT CONTROL OFFICER (DCO) RESPONSIBILITIES

 1.    IN GENERAL.   DCOs manage their facilities' document tracking
 systems and oversee the receipt, storage, transfer, and use of TSCA CBI by
 employees in their facilities.  All facilities that are authorized for access to
 TSCA CBI are required to have a facility DCO and an alternate DCO, who
 will assume the facility DCO's responsibilities during  his or her absence.

          Facility DCOs must be approved and trained before TSCA CBI can
 be transferred to any facility.  The OPPT  DCO is responsible for providing
 training materials and guidance on appropriate document handling procedures
 to all  DCOs.

 2.    THE  DCO MAINTAINS A DOCUMENT TRACKING SYSTEM.  The
 receipt, usage, and  transfer of TSCA CBI  is  tracked through a document
 tracking  system.   All  TSCA  CBI  materials submitted to  EPA,  and those
 produced by Federal and contractor employees (except as described in Chapter
 4, section K), are monitored through this system.

          The DCO  is responsible for his or her facility's document tracking
 system. The DCO must ensure that

          •   All manual or automated logs are properly maintained, updated
              and securely stored.

          •   Document control numbers or unique numerical identifiers are
              assigned to the documents requiring them.

          •   Proper  procedures are  followed  when  using TSCA  CBI
              materials.

          The IMD director has approved  several manual and  automated
 tracking systems for use by Federal or contractor DCOs. Use of one of these
                                  29

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 systems, which are described below, is mandatory. Contact the OPPT DCO
 for additional information about these tracking systems.

      a. AUTOMATED  DOCUMENT TRACKING SYSTEMS.  EPA  recommends
 that DCOs who oversee a high volume of documents and  transactions use
 automated systems to track documents. These systems allow the DCO to track
 a document's  movement  from the time it is  assigned a document control
 number or received at  EPA until the time it is destroyed or transferred to
 another TSCA CBI-cleared facility.

      ,  At EPA headquarters, the OPPT DCO uses two automated systems
 to track TSCA CBI documents:  The Confidential  Business Information
 Tracking System (CBITS) and the Document and Personnel  Security System
 (DAPSS).  The DCO uses a third automated tracking system, the Automated
 Document Tracking System (ADTS), to track documents at field  installations.

         1) Machine-readable bar codes.  CBITS and DAPSS tracking
            systems  both use a machine-readable bar code to  track TSCA
            CBI documents.  The bar code is affixed to each TSCA CBI
            document controlled through the headquarters CBIC.  Bar codes
            are also affixed to  the electronic  entry  identification cards of
            employees with TSCA CBI access authorization.  The OPPT
            DCO uses these bar codes to verify through CBITS or DAPSS
            that  employees  are  authorized  for access  to  TSCA CBI
            documents.  The OPPT DCO also uses these bar  codes to
            produce annual  audit  certification reports   for  employees'
            completion.

         2) Backup for automated document tracking systems. When
            an automated TSCA CBI document tracking system is used, the
            facility DCO must make a backup  disk  whenever  additions,
            deletions, or corrections are made to the system.  The backup
            media is TSCA CBI data and should be protected as such. Any
            manual logs that are converted into an automated system must be
            retained until an  audit by the TSCA security staff verifies the
            accuracy of the conversion.
                                 30

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

            EPA also suggests securing a duplicate set of media (document
            tracking system) off site to allow for recovery of accountability of
            documents charged out, if a disaster such as a flood, fire, or other
            natural disaster strikes.  Contact the OPPT DCO and the TSCA
            security staff for assistance in establishing a program.

          3) ADTS extends  monitoring  capability.  ADTS runs on an
            IBM-compatible   PC   and   provides   automated  tracking,
            accountability, and records-management capabilities for TSCA
            CBI documents stored outside the purview  of the OPPT DCO.
            ADTS is available from the OPPT DCO.

      b.  MANUAL TRACKING SYSTEMS.   Manual  tracking systems are
 appropriate for DCOs who are responsible for a low volume of documents and
 transactions.  Certain EPA forms must be used in implementing a manual
 tracking system.  These forms establish the minimum tracking and control
 requirements for TSCA CBI assigned to facility DCOs.  The forms are EPA
 Form 7740-10,  "Receipt Log  for TSCA Confidential Business Information,"
 EPA Form  7740-11,  "Inventory  Log  for  TSCA Confidential  Business
 Information," and  EPA Form 7740-24,  "Federal Agency, Congress, and
 Federal Court Sign Out Log"  (see Appendices  15, 16, and 20, respectively).

 3.   THE DCO MAINTAINS THE INVENTORY LOG.  Each DCO must
 maintain  an inventory log for TSCA CBI transactions at his or her facility.
 The inventory log must contain the following information:

          •   The document control number.

          •   The date on which a document  is checked out from the DCO
              and the date on which it is returned.

          •   The identity of the individual checking out the document.

          •   If the document will be destroyed, the entry in the disposition
              block of the log must include the date of destruction and the
              identity of the person who will destroy it.
                                  31

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

          •    If  the requesting employee plans to  transfer the document
              outside the DCO's jurisdiction, the disposition block of the log
              must include the  date and destination of the transfer.

 4.   DELIVERING AND RECEIVING TSCA CBI MATERIALS. All TSCA
 CBI materials sent through  the mail or by courier must be addressed to and
 received by a DCO.  TSCA CBI materials that are hand carried to a facility
 or generated by employees  at the facility must be taken immediately to  the
 DCO (see Chapter 4).

      a.  THE DCO  MUST  REVIEW  DOCUMENTS FOR COMPLETENESS.  The
 DCO must  review all materials received to determine  whether they appear
 complete.

          •    If the documents do not appear to be complete, the DCO must
              immediately  contact the submitter to determine whether there
              is an omission.

          •    If the materials appear to be  complete, the DCO must stamp
              the document as  TSCA CBI (Appendix 12).  The stamp is
              applied to at  least the first page (or the cover, if the document
              has one) and the  back of the last page (or back  cover, if the
              document has one). The DCO then assigns a document control
              number to the document, if one has not already been assigned,
              and attaches  a TSCA CBI cover sheet (Appendix  13) to  the
              front of the  document.  The DCO must write the document
              control number on the first page of the document.

      b.  THE DCO MUST MAINTAIN A RECEIPT LOG. Each document received
 by a DCO must be recorded in an automated or manual receipt log (Appendix
 15).  The DCO must record the following items in the receipt log:

          •    The document's  document control number  (if  a document
              control number has  not been  assigned, the copy number
              assigned by the DCO should be recorded).

          •    The date on which the document was received by the DCO.


                                 32

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          •    The submitter's name if the document was received directly
              from the submitter, the  author's name if the document was
              generated by a Federal or contractor employee, or the facility
              DCO's  name  if the document was received  from another
              facility authorized for TSCA CBI access.

          •    The number of pages contained in the document.

          •    A brief description of the document  (e.g.,  "an  engineering
              report on PMN-Y" or "letter from company X on PMN-W").

 5.  STORAGE OF TSCA CBI MATERIALS.   DCOs are responsible for
 ensuring that employees at their facilities are storing documents properly. This
 manual establishes storage procedures in Chapter 4, section B.

          The DCO supervises the storage of TSCA CBI materials in secure
 storage containers or in a centralized secure storage area (e.g., the CBIC at
 EPA headquarters).  The sole  exception to this is when  completion of an
 employee's duties requires that he or she be assigned responsibility for specific
 secure storage containers.

 6.  MAINTAINING RECORDS OF LOCK COMBINATIONS.  The facility
 DCO must maintain a record of the lock combinations on rooms and containers
 in which TSCA CBI materials  are stored.   The DCO must also store each
 combination individually  in a sealed envelope. These envelopes should be
 opened only in emergencies.

          At EPA headquarters, there are a number of facility DCOs. Their
 recordkeeping responsibilities break down as follows:

          •   Each division in OPPT  has  a DCO who is  responsible for
              keeping a list of combinations for TSCA CBI storage containers
              and rooms controlled by the division.

          •   The OPPT DCO  maintains  a list of combinations (1) for
              containers  and  rooms  assigned  to IMD  and  (2)  for  all
              containers and rooms in OPPT that don't fall under any specific
              division's control.

                                  33

-------
TSCA CBI Security Manual                                     7700
                                                             1/93

         •    At  EPA headquarters, DCOs in offices  other than OPPT
              maintain a list of  combinations  for  TSCA CBI storage
              containers and rooms controlled by their offices.

         •    FMSD keeps a master list of combinations for all TSCA CBI
              locks at EPA headquarters.

 7.   CONDITIONS FOR CHANGING LOCK COMBINATIONS. The DCO
 is required to change lock combinations (1) every 12 months, (2) each time a
 person who  knows a combination relinquishes his or her TSCA CBI access
 authority, (3) when a container is put into or taken out of operation, and (4)
 if there  is  a  known or possible  compromise  of  TSCA CBI data in  the
 container.  At EPA  headquarters,  DCOs  notify FMSD,  which changes  the
 combinations.

 8.   UPDATING  THE TSCA CBI AUTHORIZED ACCESS LIST.  Each
 DCO bears  responsibility for  keeping the TSCA CBI authorized access  list
 current.  By the 15th of each month, facility DCOs must notify the OPPT
 DCO of any employees  within their jurisdictions who should be  added or
 deleted from the list.

 9.   THE DCO MONITORS AND CONTROLS WHO OBTAINS TSCA CBI
 MATERIALS.  The steps for obtaining TSCA CBI materials are described
 here.

         •    The employee requests a specific TSCA CBI document from
              his or her DCO.

         •    The DCO locates the document in the TSCA CBI storage files
              or obtains it from a another DCO, employee, contractor, or
              submitter.

         •    The DCO notifies the employee that the document is available.

         •    When the employee arrives to pick up the document,  the DCO
              verifies that the requesting employee is authorized for access to
              the document.
                                34

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

         •    The DCO logs  the document out to the employee using an
              automated or manual inventory log.

 10. THE DCO MONITORS OVERDUE TSCA CBI MATERIALS.  TSCA
 CBI materials may not be checked out from a centralized TSCA CBI storage
 facility for more than one year. DCOs must monitor the inventory log for
 TSCA CBI materials that have not been returned within the one-year period.
 The DCO  is responsible  for notifying  employees and their supervisors of
 overdue materials.  This is done by distributing to the employee and his or her
 supervisor  a list of all TSCA  CBI documents charged out to the employee
 before the  annual security briefing and TSCA CBI access recertification are
 accomplished.

         If the employee does not return the overdue materials to the DCO
 within 30 days after notification, the DCO must assume the materials cannot
 be located. The DCO must notify his or her division director that the materials
 are lost, pursuant to the procedures in Chapter 5.

 11. THE DCO  ASSISTS EMPLOYEES IN DETERMINING WHETHER
 DOCUMENTS CONTAIN TSCA CBI AND IN SANITIZING DOCUMENTS
 FOR PUBLIC DISCLOSURE.  The  responsibility for determining whether
 documents contain TSCA CBI  rests with the document's author (see Chapter
 4, section L). The DCO's role is to provide guidance to the author in making
 the determination.  Employees who are unable to determine whether something
 is confidential should consult  with their supervisor  or DCO.  If the issue
 remains unresolved, the employee should consult the chief of the IMD TSCA
 Information Management Branch.  The DCO also instructs document authors
 in how to  sanitize a TSCA CBI document  if the document is going to be
 released to the public.

 12. THE    DCO   SUPERVISES    THE   REPRODUCTION    AND
 DESTRUCTION OF TSCA CBI MATERIALS. The DCO is responsible for
 controlling and documenting the reproduction and destruction of TSCA CBI
 materials.  TSCA CBI materials can be reproduced or destroyed only by the
 DCO or by a DCA assigned to the task by the DCO. In the latter case, the
 DCO must supervise the activity. Specific procedures for reproduction and
 destruction are set forth in Chapter 4, sections N and O.
                                 35

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

 13.  THE DCO CONTROLS THE TRANSFER OF TSCA CBI MATERIALS
 BETWEEN FACILITIES. Two procedures exist for transferring TSCA CBI
 materials between facilities.   The first applies to materials that are already
 recorded in .the document tracking  system.  If the document is in  an
 employee's possession, the employee must first return the document to his or
 her facility DCO. The DCO records the date the document is being sent and
 the name of the DCO who will receive it in the Inventory Log. The DCO also
 inserts a transfer receipt in the second envelope. The transfer receipt identifies
 the package's contents.  The recipient DCO will sign the transfer receipt and
 return it to the sender.

         The second procedure applies to new materials that are not recorded
 in the document tracking system. In these cases, the document's author must
 stamp the document as TSCA CBI and attach a TSCA CBI cover sheet to it.
 The author then takes the document to his or her  DCO who (1) logs the
 document into the receipt log, (2) assigns it a document control number, and
 (3) records the date the document is being sent and the name of the DCO who
 will receive it.

      PACKAGING AND ARRANGING  TRANSFER OF TSCA CBI MATERIALS.
 Specific information on packaging  and  arranging  transfer of TSCA CBI
 materials is provided in Chapter 4, section F.

 14.  THE  DCO  ASSISTS   EMPLOYEES  WITH   OBTAINING AND
 MAINTAINING TSCA CBI ACCESS AUTHORITY.  DCOs are responsible
 for assisting employees with their TSCA CBI access authority. Procedures for
 this are set forth in Chapter 2.

 15.  THE  DCO  IS RESPONSIBLE FOR  PERFORMING  EMPLOYEE
 DOCUMENT  AUDITS.  When an employee  is undergoing TSCA CBI
 recertification or is terminating his or her access to TSCA CBI, the DCO must
 give the employee a report listing all the documents that the CBITS system,
 DAPSS system, and the automated or manual inventory log show as being in
 the employee's possession. All of the returned documents must be re-entered
 into the collection of records.
                                36

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

 16. EACH YEAR, THE CONTRACTOR DCO MUST PERFORM AN
 INVENTORY OF HARD-COPY TSCA CBI DOCUMENTS.  Before July 31
 of each year, each contractor DCO must inventory all hard-copy TSCA CBI
 materials in the DCO's document tracking system.

         •  The DCO  must compare the TSCA  CBI documents in the
             receipt log with the transactions listed in the  inventory log.
             This  is accomplished  by  comparing  the  document  control
             numbers.

         •  The  DCO must  inventory  the  documents  in  his  or  her
             possession. These documents are listed in the receipt log, but
             not in the inventory log.

         •  The DCO must review the status (e.g., destroyed or transferred
             outside the DCO's facility) and location (e.g.,  checked out to
             an employee) of materials listed in the inventory log.

         •  The DCO must locate any documents  that have been checked
             out for more than one year.

         •  The DCO must review the status of documents indicated in the
             inventory log as having been destroyed.

         •  Prior to  October  1 of each year,  the DCO  must submit a
             written inventory  to  his  supervisor.   By October  1, the
             supervisor must submit the report to the TSCA security staff.
 NOTE: The procedures in Chapter 5 must be followed if there are any TSCA
 CBI materials that cannot be located.

 17. WHEN DCOS TERMINATE THEIR EMPLOYMENT OR RELINQUISH
 THEIR DCO RESPONSIBILITIES.   The procedure that must be followed
 when DCOs terminate their employment or relinquish DCO responsibilities is
 the same for DCOs at EPA headquarters, regional offices, other Federal
 agencies and contractor facilities.
                                 37

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

      TSCA CBI MATERIALS MUST BE INVENTORIED. The outgoing DCO and
 the incoming DCO must jointly perform an inventory of TSCA CBI materials
 in the outgoing DCO's collection of records.  Both parties must certify the
 inventory before the outgoing DCO departs. The incoming DCO should retain
 a copy of the inventory for audit purposes and forward a copy to the OPPT
 DCO.  If any TSCA CBI materials cannot be located during the audit, the
 incoming DCO must follow the procedures in Chapter 5.
                                 38

-------
TSCA CBI Security Manual                                    7700
                                                          1/93

                        CHAPTER 4
             PROCEDURES FOR USING AND
         PROTECTING TSCA CBI MATERIALS
         All procedures discussed in this chapter apply to employees of EPA,
 other Federal agencies, and contractors, unless otherwise specified.

             A.  MARKING MATERIALS AS TSCA CBI

 1.    TSCA CBI COVER SHEETS MUST BE PLACED ON MATERIALS.
 A TSCA CBI cover sheet, EPA Form 7740-9 (Appendix 13), must be affixed
 to all TSCA CBI materials.  Magnetic media are the sole exception to this
 rule.

 2.   TSCA CBI INDICIA MUST BE STAMPED ON MATERIALS. TSCA
 CBI materials must be marked with a  stamp that identifies the materials as
 TSCA CBI (Appendix 12).  The author of the materials is responsible for
 stamping the document.  The stamp must be placed on the front of the first
 page (or on the  cover, if the document has one) and on the back of the last
 page (or back cover, if the document has  one).  The author may choose to
 stamp additional pages of the document.  If the  document is a copy or is
 received from outside  EPA, the DCO  is  responsible for  stamping the
 document.

       B. PROCEDURES FOR USING TSCA CBI DOCUMENTS
        INSIDE OR OUTSIDE OF SECURE STORAGE AREAS

 1.    EMPLOYEE RESPONSIBILITIES, IN  GENERAL.  Employees using
 TSCA CBI are responsible for ensuring that no unauthorized disclosure of that
 information occurs. One way of ensuring this is for employees to use TSCA
 CBI only in secure storage areas  (described below). If employees take TSCA
 CBI  outside of  the secure storage areas, they must (1) maintain constant
 control over the TSCA CBI documents in their  possession, (2) return the
 TSCA CBI documents to the DCO, or (3) store the documents in a TSCA
 CBI-approved storage container.
                               39

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 2.   PROCEDURES FOR USING TSCA CBI DOCUMENTS OUTSIDE OF
 SECURE STORAGE  AREAS.   Employees who are using  TSCA CBI
 documents outside of secure storage areas must never leave the documents
 where people not authorized for TSCA CBI access might gain access to them.
 When a TSCA CBI document that is in an employee's possession is not in use,
 the employee must place the document in an approved storage container.

      a. TWO TYPES  OF  CONTAINERS ARE APPROVED.   Two types  of
 containers are approved for TSCA CBI storage:

         •    Metal file cabinets with locking bars and three-way changeable
              combination locks.

         •    GSA-approved Class 6 security containers.

      b. OPEN/CLOSE SIGNS. The employee must affix a magnetic open/close
 sign to each container so the status of the security  container is visible at all
 times.  The employee must place the "open" sign on a container when it is
 opened and the "close"  sign on  a container when it  is closed.

         If the container has multiple drawers with separate combinations,
 each drawer must have an open/close  sign affixed to it, to show the individual
 condition of each drawer.  The facility DCO is responsible for reviewing all
 containers under his or her purview to ensure that the proper sign is affixed
 to them.

      C. MORE THAN  ONE PERSON  CAN USE A STORAGE  CONTAINER.  A
 storage container may be used by more than one person to store TSCA CBI
 materials.  In these cases, each person using the storage container must be
 authorized for access to all types of TSCA CBI stored in the container.  Each
 person should be assigned a separate storage space within the storage container
 and is responsible for any TSCA CBI that he or she stores there.

 3.  PROCEDURES FOR USING  TSCA  CBI  DOCUMENTS  INSIDE
 SECURE STORAGE AREAS.   Facilities in which a large volume of TSCA
 CBI is used contain a secure storage area. For example, at EPA headquarters,
 the CBIC is a secure storage area.  Secure storage areas are used as TSCA
 CBI work areas, storage areas for TSCA CBI, or both.  Only employees who
                                 40

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 are authorized for access to TSCA CBI are allowed to enter secure storage
 areas.   When  an employee  is working in  a secure storage area,  it is
 recommended that TSCA CBI be stored in an approved container while not in
 use, but it is not required.  The TSCA security staff is required to maintain a
 record of the locations of all TSCA CBI secure storage areas.

          TSCA CBI-CLEARED EMPLOYEES MUST ACCOMPANY UNAUTHORIZED
 PERSONS INSIDE SECURE STORAGE AREAS. If persons not authorized for access
 to TSCA CBI must enter a secure storage area for any reason, they must sign
 a visitor's log and be accompanied by a TSCA CBI-cleared employee.

                   C. HOW TO OBTAIN APPROVAL
           FOR ESTABLISHING A SECURE STORAGE AREA

       The IMD director can designate secure storage areas in EPA facilities,
 other Federal facilities, or contractor facilities when the volume and frequency
 of TSCA CBI use justifies it.  The steps to obtaining approval for a secure
 storage area are:

 1.   The facility DCO establishes a secure storage area that meets the security
      requirements established in this manual.

 2.   The facility DCO writes a memorandum to the IMD director asking that
      the  TSCA security staff inspect the secure storage area and  that  it be
      approved for use.  The memorandum is submitted to the DCO's division
      director, who sends it to the IMD director.

 3.   The TSCA security staff inspects the secure storage area. The staff will
      require security improvements if needed.

 4.   After the  TSCA security staff approves the secure storage  area, the
      facility DCO must designate an employee to assume responsibility for the
      secured area.  This employee is usually the DCO or a  DC A.  This
      employee's responsibilities include monitoring the area to ensure that only
      employees authorized for TSCA  CBI  access have access  to it and
      ensuring that the devices that secure the area are operating properly.

 5.   If the secured area functions as a centralized storage area, the facility
      DCO will maintain the document tracking system for the materials stored
      in the area.

                                   41

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

                      D. SECURING AN AREA

 SECURE STORAGE AREA REQUIREMENTS.  Secure storage areas must
 be secured  by (1) a pin tumbler lock, (2)  an  intrusion alarm,  and (3) an
 electronic card entry system or a changeable push-button door lock.

       1.  MAINTAINING SECURITY  OF LOCK COMBINATIONS.   DCOs  are
 responsible  for controlling access to lock combinations (see Chapter 3, section
 C.6).  DCOs are allowed to disclose combinations only to employees with
 TSCA CBI  access authorization and a need to review the TSCA CBI materials
 stored in the containers or rooms.

       2.  ELECTRONIC CARD KEYS CAN BE USED TO ACCESS SECURE STORAGE
 AREAS.  Card keys are often used to ingress secure storage areas.  The DCO
 can issue card keys to employees with TSCA CBI access authorization and a
 need to review the TSCA CBI materials in the secure storage area.

          •    Employees  must use their card keys each time they enter  the
              secure area, even if they enter the room at the same time as
              others.  They are prohibited from loaning their card keys to
              other employees.

          •    If an employee needs to enter the secure storage area and does
              not have a card key or does not have it with him  or her,  the
              DCO  or DCA  must  determine  whether  the individual is
              authorized for access to TSCA CBI.  To do this, the DCO
              consults the TSCA CBI authorized access list.  If the employee
              is authorized for access, the DCO must require the employee
              to sign a visitors' log (Appendix 14) before entry.  The DCO
              must retain all visitors' logs for future reference.

          •    A person who is not authorized for access to TSCA CBI may
              gain entry to a secure  storage area after he or she signs  the
              visitors' log.

          Unauthorized persons must be escorted at all times by someone who
          has TSCA CBI access authorization while in the secure storage area.
                                 42

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

            E.  PROCEDURES FOR OBTAINING TSCA CBI

 An employee who is authorized for access to TSCA CBI can obtain a TSCA
 CBI document

          •    From  the  CBIC or other centralized storage  facility  by
              contacting the DCO.

          •    From another employee within the same facility.

          •    From another facility through the DCO.

 1.  HOW  TO OBTAIN TSCA CBI  FROM  THE CBIC  OR OTHER
 CENTRALIZED STORAGE FACILITY.  An employee who wants to obtain
 TSCA CBI  materials from the CBIC or other centralized TSCA CBI storage
 facilities must do so through his or her DCO. The DCO will verify that the
 employee is authorized for access to TSCA CBI, and will then retrieve the re-
 quested documents from the storage facility and log them out to the requestor
 through the facility's document tracking system.  TSCA CBI documents can
 be kept for up to one year.  However, employees are encouraged to return
 documents as soon as they are no longer  needed.

      a.  SAFEGUARDING TSCA CBI DOCUMENTS. Employees must safeguard
 all TSCA CBI documents in their possession. To meet this mandate, they are
 required to (1) return the TSCA CBI documents  to  the centralized storage
 facility at the end of each day, (2) store the  TSCA CBI documents in an
 approved storage container, or (3) work and  maintain the documents in a
 secure storage area.

      b.  OBTAINING A RECEIPT FOR RETURNED DOCUMENTS. When returning
 TSCA CBI documents,  an employee can prepare a receipt for the DCO to sign
 and return to the employee or to the employee's designee.  These receipts can
 smooth the reconciliation of document records that is required during the
 annual audit prior to TSCA CBI recertification.

       c.  TRANSFERRING TSCA  CBI MATERIALS BETWEEN  A DCO  AND
 PEOPLE UNDER HIS OR HER SUPERVISION IN A CENTRALIZED SECURE STORAGE
 AREA.  Transfers inside a secure storage area between a DCO and  anyone
                                 43

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

 whom he or she supervises are exempt from document transfer logging and
 loan receipt requirements.

 2.  HOW  TO OBTAIN TSCA CBI  FROM  ANOTHER  EMPLOYEE
 WITHIN THE SAME FACILITY.  Employees who want to obtain a TSCA
 CBI document from its author or owner located in the same facility can request
 the documents directly.  The author or owner must verify that the intended
 recipient is authorized for access to TSCA CBI. To verify TSCA CBI access,
 the author or owner  should consult the TSCA CBI authorized  access list,
 which is available  from the facility DCO.  The author or owner can transfer
 the materials by hand  delivery or through his or her facility DCO. Materials
 that are delivered by hand must be given directly to the recipient. Inter-office
 mail must never  be  used for such transfers.  TSCA CBI materials must
 never be left unattended in an in-box or on the recipient's desk.

 NOTE:   Contractor  employees are restricted to transferring TSCA CBI
 documents through their facility DCOs.

 KEEPING RECORDS ON TRANSFERS.   If the  transfer was made through the
 facility DCO,  the DCO  will record the transfer in the  document tracking
 system.  If the transfer was made by hand delivery, the owner or author of the
 transferred document can choose to obtain a signed loan receipt indicating that
 the transfer was completed (Appendix 17).  These loan receipts should be
 retained until the documents are returned.  If a document is transferred  and no
 loan receipt is obtained,  the owner or author of the document will be held
 responsible and accountable for the document.

          Transfers between DCOs for different organizations within the same
 facility,  e.g., transfers from the OPPT DCO to an OPPT division DCO, must
 be recorded in the document tracking system.
                                 44

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

         F.  PROCEDURES FOR TRANSFERRING TSCA CBI
            TO AN EMPLOYEE AT ANOTHER FACILITY

 1.  IN GENERAL. TSCA CBI materials can be transferred to an employee
 at another facility as long as that employee is authorized for access to TSCA
 CBI.  Transfers of TSCA CBI materials must be conducted through facility
 DCOs, in accordance with the procedures set forth below.  This ensures that
 the materials are properly logged out by the DCO. Before any TSCA CBI
 materials may be transferred to another facility, the facility DCQ must notify
 the receiving DCO that the materials will be sent.

 2.  PROCEDURES FOR  TRANSFERRING TSCA CBI  MATERIALS.
 TSCA CBI materials can be transferred to an employee at another facility in
 one of four ways:

          •    The DCO can send the  materials certified mail through  the
              U.S. Postal Service, return receipt requested.

          •    The DCO can appoint a TSCA CBI-cleared employee to deliver
              the materials directly to the facility DCO.

          •    The DCO can arrange delivery by a courier or by the U.S.
              Postal Service Express Mail when approved by the immediate
              supervisor.

          •    The DCO can transfer the materials via facsimile (see section
              G of this chapter).

       a.  PROCEDURES FOR SENDING OR RECEIVING TSCA CBI  MATERIALS
 THROUGH THE U.S. POSTAL SERVICE. An employee who wants to mail TSCA
 CBI material to an EPA or Federal employee must provide the material to his
 or her DCO. The exception to this is that OPPT employees who are mailing
 TSCA CBI material to a contractor employee must work through the OPPT
 DCO. The  DCO will send the TSCA CBI  material certified mail, return
 receipt requested.  Regular first class mail must never be used to transfer
 TSCA CBI.
                                 45

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          1) TSCA CBI materials must be double-wrapped.  The DCO
            must double-wrap TSCA CBI that will be delivered by the U.S.
            Postal Service. The DCO must label the inner wrapping with the
            recipient DCO's name and the statement,  "TSCA Confidential
            Business Information -- To Be Opened by Addressee Only." The
            DCO must label the outer wrapper with the name and address of
            the recipient  DCO and a return address.  The outer wrapper
            should be free of any indications that the package contains TSCA
            CBI.

          2) Receipt of contents. Inside the inner envelope, the DCO must
            include  a receipt identifying the contents of the package.  The
            recipient DCO will sign the receipt of contents and return it to
            the sender.

      b.  PROCEDURES FOR HAND DELIVERY  OF  TSCA CBI MATERIALS.
 TSCA CBI material  must be provided to the DCO for proper logging before
 a TSCA  CBI-cleared person  is permitted to hand carry the material to  its
 destination. The person carrying the materials must protect it  at all times in
 accordance with  the security  procedures for transferring TSCA CBI as set
 forth in this chapter.

      c.  PROCEDURES FOR TRANSMITTING TSCA CBI MATERIALS BY COURIER
 OR  U.S.  POSTAL SERVICE  EXPRESS  MAIL.   With  the approval of  an
 employee's requesting official, the DCO can use a courier service or the U.S.
 Postal Service Express Mail to transfer TSCA CBI materials.  The general
 guideline for use of these services is that time must be of the essence.  Unlike
 certified  mail, neither of  these services requires each  person handling the
 package to sign for it as it changes hands.

          •   TSCA CBI materials must be double-wrapped.  The DCO
              must  double-wrap  TSCA CBI that will be  delivered by a
              courier service or by the U.S. Postal Service.  The DCO must
              label the inner wrapping with the recipient DCO's name and
              the statement, "TSCA Confidential Business Information ~ To
              Be Opened by Addressee Only."  The DCO must label the
              outer wrapper with the name and address of the recipient DCO
                                  46

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

              and a return address. The outer wrapper should be free of any
              indications that the package contains TSCA CBI.

         •    Receipts are necessary.  Inside the inner envelope, the DCO
              must include a receipt identifying the contents of the package.
              The recipient DCO will sign the receipt and send it back to the
              sender to verify receipt and contents.  The DCO must also
              obtain a receipt from the courier service employee who picks
              up the package.  All receipts should be retained by the sending
              DCO for auditing.

   G. PROCEDURES FOR RECEIVING AND SENDING FACSIMILES
                 (FAXES) THAT CONTAIN TSCA CBI

 1.  PROCEDURES  FOR SENDING OR  RECEIVING FAXES BETWEEN
 EMPLOYEES AUTHORIZED FOR ACCESS TO TSCA CBI. The following
 security transmission provisions must be  followed when  transmitting any
 TSCA CBI by facsimile equipment:

         •    Only a DCO or  DCA is permitted to send a fax containing
              TSCA CBI, and only  a DCO or  DCA is permitted to receive
              the transmission.

         •    Before a DCO or DCA sends a fax containing TSCA CBI to
              another DCO or DCA, the sender must verify the employee's
              access authority by consulting the TSCA CBI authorized access
              list.

         •    During transmission,  the DCOs sending and receiving the
              document must completely control the fax machine. They must
              ensure that no one who is not cleared for TSCA CBI views the
              document.

         •    Fax machines that contain internal memory are not authorized
              for transmission of TSCA CBI between EPA, its contractors,
              and other Federal agencies.
                                 47

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

          •    Transmission  of TSCA  CBI  is restricted  to  individually-
              controlled fax machines.  Fax machines located inside secure
              storage areas are preferred. Central fax receiving centers are
              not authorized to receive TSCA CBI.

          •    The DCO sending the fax is responsible for ensuring that the
              number dialed is correct by verifying the number on the fax
              transmission confirmation receipt.  He or she must attach the
              receipt to the document that was faxed and place the document
              in the official document file.

 2.  WHEN INDUSTRY OFFICIALS  OR INDUSTRY SUBMITTERS
 REQUEST  THAT TSCA CBI  BE FAXED TO THEM.  Employees of EPA
 and of EPA contractors who are cleared for  TSCA CBI can transmit TSCA
 CBI documents to industry officials or submitters.  Prior to transmission, the
 employee must verify that the recipient is authorized to receive a company's
 TSCA CBI. This can be done by checking the premanufacture notice (PMN)
 technical contact block or other written documentation.

          The employee must notify the recipient prior to transmission that the
 confidentiality of the fax transmission cannot be guaranteed, that EPA's trans-
 mission lines are not secure, and that the message will not be scrambled by
 encryption equipment.

          The employee sending the fax  must  completely control the fax
 machine and ensure that the transmission is not viewed by anyone not cleared
 for TSCA CBI.  The  sender  must  confirm  that the fax  transmission was
 completed successfully by obtaining the fax transmission confirmation receipt
 and attaching it to EPA Form 7740-12,  "Memorandum of TSCA CBI
 Telephone Conversation" (Appendix 19). The employee must send all of these
 documents to the facility DCO  for the official document file.

 3.  WHEN AN INDUSTRY OFFICIAL OR  INDUSTRY  SUBMITTER
 ASKS TO FAX TSCA CBI TO EPA. When someone external to EPA wants
 to send TSCA CBI via fax transmission, he or she must be notified that EPA
 can not guarantee the  confidentiality of the  transmission.  At or prior to
 transmission, the employee who will  receive the transmission must notify the
 sender that EPA's transmission lines  are not secure and that no encryption
                                 48

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 equipment will be used to scramble the message. Immediately upon receiving
 the fax, the employee must provide it to the facility DCO for entry into  the
 receipt log.

          H. DISCUSSING TSCA CBI ON THE TELEPHONE

 1.  TELEPHONE CALLS WITH EMPLOYEES AUTHORIZED FOR TSCA
 CBI ACCESS. Federal employees and contractor employees with TSCA CBI
 access authority are allowed to discuss TSCA CBI on the telephone with other
 Federal employees or contractor employees with TSCA CBI access authority.
 Both parties to a telephone call are responsible for verifying that the other is
 authorized for TSCA CBI access.  To do so, the employees should consult the
 TSCA CBI authorized access list.  The individual who initiates a discussion
 that includes TSCA CBI must indicate that the conversation involves TSCA
 CBI.

 2.  TELEPHONE CALLS WITH SUBMITTERS.  Federal and contractor
 employees with TSCA CBI access authority are allowed to discuss TSCA CBI
 on the  telephone with a  submitter employee when all of the following
 conditions are met:

          •    The Federal or contractor employee must verify  that  the
              submitter employee is authorized by  his or  her company to
              discuss TSCA CBI.  This can be done by checking the PMN
              technical contact block or other written documentation.

          •    The Federal or contractor employee must verify the identity of
              the submitter employee to whom he or she is speaking.

          •    The Federal or contractor employee must inform the submitter
              employee that the telephone lines are not secured.

          •   The Federal or contractor employee must verify that all Federal
              and contractor employees on the line are cleared for TSCA CBI
              access and relay that information to the submitter employee.
                                  49

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

          •    The Federal or contractor employee must state to the submitter
              employee that  discussion of TSCA CBI with a TSCA CBI-
              cleared Federal or contractor employee on the telephone does
              not constitute a waiver of any claim of confidentiality.

          •    The Federal or contractor employee must inform the submitter
              employee that any further information provided in the telephone
              conversation can be claimed as confidential.

      TELEPHONE LOGS.  Federal  and contractor employees must keep a
 telephone log of all phone  calls with submitters.  The phone log must be kept
 on EPA Form 7740-12, "Memorandum of TSCA CBI Telephone Conversation
 (Appendix 19).   After every conversation with  a submitter, Federal and
 contractor employees must provide their telephone logs to the DCO, who will
 log them into the document tracking system. All headquarters telephone logs
 for individual TSCA CBI  materials must be inserted into the CBIC's official
 file for PMN chemicals and existing chemicals.

      I. ELECTRONIC MAIL CANNOT BE USED TO TRANSMIT
                             TSCA CBI

          Use of the EPA  electronic mail system or any other electronic mail
 system to transmit TSCA CBI information is not authorized.

       J.  USE OF TSCA CBI AT TELE-VIDEO CONFERENCES

          TSCA CBI  can be displayed  and discussed during  tele-video
 conferences conducted between EPA headquarters  and EPA regional offices.
 The  employee  who arranges or  schedules the  tele-video  conference  is
 responsible for ensuring that all TSCA CBI security procedures are followed
 during the conference.  These procedures include the following:

          •    The employee must verify that everyone who attends the tele-
              video conference is cleared  for TSCA CBI.

          •    The employee  must ensure that both  conference rooms are
              secured  to  prevent unauthorized persons from entering the
              conference  rooms during the tele-video conference.
                                 50

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

         •    The employee must arrange for use of compressed video
              encryption  during  transmission, if it  is  available.    For
              information about tele-video encryption, contact the Security
              Officer of the EPA  National Data  Processing  Division;
              telephone (919) 541-4013.

       K.  PROCEDURES FOR HANDLING DOCUMENTS AND
      OTHER MATERIALS PRODUCED BY EMPLOYEES USING
                      TSCA CBI DOCUMENTS

 1.   NEW TSCA CBI DOCUMENTS. Documents and other materials produ-
 ced by  Federal  and contractor employees using TSCA CBI documents
 frequently  contain TSCA CBI  themselves.  If a newly created document
 contains TSCA CBI data, the document's author must stamp it as TSCA CBI,
 cover it with a TSCA CBI cover sheet (EPA Form 7740-9), and take it to the
 facility DCO to be logged into the document tracking system at the employee's
 facility.  Personal working papers are sometimes  exempt from the logging
 requirement (see subsection 3 of this section).  The DCO will assign the new
 TSCA CBI document a document control number,  which must be written on
 front of the TSCA CBI cover sheet (EPA Form 7740-9) and on the front of the
 first page of the document.  The DCO will then enter the document into the
 receipt log and log the document out or retain it for storage.

 2.   NEW NON-CONFIDENTIAL DOCUMENTS. An employee who plans
 to  produce  a  non-confidential document  by  aggregating TSCA  CBI must
 arrange  for the chief of IMD's TSCA Information Management Branch to
 review the document.  The  employee should  contact  the chief at least 10
 working days prior to release of the document. It  is the responsibility of the
 TSCA Information Management Branch chief to ensure that the application of
 the aggregating techniques maintains the confidentiality of the TSCA CBI data
 sources. (For more information, see section L of this chapter.)

 3.  PERSONAL WORKING PAPERS. The notes, outlines, and initial drafts
 belonging to an employee who is working with  TSCA CBI are considered his
 or  her personal working papers.   As long as these papers  remain in the
 employee's possession, they are exempt from logging requirements. When an
                                 51

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 employee transfers his or her personal working papers to another employee,
 however, certain security procedures must be followed.

       a.  TRANSFERRING PERSONAL WORKING PAPERS TO ANOTHER EMPLOYEE.
 Before allowing another employee  within  the same facility to review  a
 document that is a personal working paper, the author must take the document
 to his or her facility DCO. The DCO will assign a document control number
 to the document and log it into the document  tracking system.  Once the
 document has been logged into the system, the author can transfer it by hand
 delivery or through the DCO.  A document that is delivered by hand must be
 given directly to the recipient. Inter-office mail must never be used for such
 transfers.  TSCA CBI materials must not be left unattended in an in-box or
 on the recipient's desk.

 NOTE: Contractor employees are restricted  to transferring TSCA CBI
 documents through their facility DCOs.

       b.  KEEPING RECORDS ON TRANSFERS.  If the transfer was made through
 the facility DCO, the DCO will record the transfer in the document tracking
 system.  If the transfer was made by hand delivery, the owner or author of the
 transferred document can choose to obtain a signed loan receipt (Appendix 17)
 indicating  that the transfer was completed.  These loan receipts should be
 retained until the documents are returned. If a document is transferred and no
 loan receipt is obtained, the owner  or author of the document will be held
 responsible and accountable for the document.

       c.  TRANSFERRING  PERSONAL  WORKING  PAPERS TO A TYPIST.   A
 document can be provided to a typist without being logged into the document
 tracking system if the typist is in the author's  division or equivalent office and
 is authorized for access to TSCA CBI. When the typist completes the job, he
 or she must return the typed and the  original document to the author.

          If the author sends the document to a typist outside of his or her
 division, the transfer must be logged into the document tracking system by the
 facility DCO.   If the typist sends the document to anyone  other than the
 author, the transfer must be logged into the document tracking system by the
 facility DCO.
                                  52

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

         •    The author must keep a record of transfers to typists until all
              personal working papers and TSCA CBI materials transferred
              are returned.

         •    All the materials used in typing documents containing TSCA
              CBI, including word processing disks, ribbons, carbons, and
              waste paper,  must be treated as TSCA CBI.  TSCA CBI
              procedures must be used to store these materials and to destroy
              them.

      d. PROCEDURES FOR STORING PERSONAL WORKING PAPERS.  Personal
 working papers must be stamped as TSCA CBI, covered with a TSCA CBI
 cover sheet (EPA Form 7740-9), and otherwise used, stored, and handled like
 any other TSCA CBI document.  The exception to this is that personal
 working papers are exempt from logging requirements as long as they remain
 in the possession of their author.

      e. PROCEDURES FOR DESTROYING PERSONAL WORKING PAPERS.  The
 author of a personal working paper is authorized to destroy such TSCA CBI
 documents that have never been assigned a document control number.  The
 procedures for destroying TSCA CBI are discussed in section O of this
 chapter.

         L.  CREATING NON-CONFIDENTIAL MATERIALS
                    FROM TSCA CBI DOCUMENTS

 1.   IN  GENERAL. The responsibility for determining whether documents
 contain TSCA CBI rests  with the document's author. Until the determination
 is made, the author must treat materials produced from TSCA CBI documents
 as TSCA CBI.

 2.   NON-CONFIDENTIAL DOCUMENTS. Documents that meet any of the
 following conditions may be non-confidential:

          •    TSCA CBI data are not included in a new document or are
              deleted from an existing document.
                                 53

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

          •    TSCA CBI data are replaced with non-confidential  data or
              descriptive terms (masked or aggregated data).

          •    The data or terms used are derived from TSCA CBI data but
              are not themselves confidential.

          •    The submitting company has dropped its claim of confidenti-
              ality  for  the information  in  the  document or  EPA has
              determined that the claim is not valid.

      a.  WHEN TSCA CBI DATA ARE REPLACED WITH NON-CONFIDENTIAL
 DATA OR DESCRIPTIVE TERMS.  An employee who plans to produce a non-
 confidential document by aggregating TSCA CBI must arrange for the chief
 of IMD's TSCA Information Management Branch to review the document.
 The employee should contact the chief 10 working days prior to release of the
 document.  It is the responsibility of  the TSCA Information Management
 Branch  chief to  ensure  that  the  aggregating techniques  maintain the
 confidentiality of the TSCA CBI data sources.

      b.  WHEN  A  SUBMITTING   COMPANY  DROPS   ITS  CLAIM   OF
 CONFIDENTIALITY. When a company drops its claim that information submitted
 to EPA is TSCA CBI, documents containing that information can be  made
 available to the  public.  Before making a document publicly available, the
 document's  author or his or her facility DCO must obtain a written statement
 from the company that the claim has been dropped and the document  must be
 declassified (see section M of this chapter).

     M.  PROCESS FOR DECLASSIFYING TSCA CBI MATERIALS

 HOW  TO  DECLASSIFY  TSCA  CBI MATERIALS.   The process for
 declassifying TSCA CBI materials consists of five steps:

       1.  The employee determines  that materials are no longer confidential.

      2.  The employee brings the materials to his or her DCO and presents
 the DCO with evidence that they contain no TSCA CBI.  If the employee has
 determined from studying a document that it contains no TSCA CBI, he or she
                                 54

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 must provide a written explanation to the DCO.  If the submitting company
 has dropped its TSCA CBI claim, the employee should present the DCO with
 the submitter's written relinquishment of the claim.  Disputes about whether
 a document contains TSCA CBI should be brought  to the chief of IMD's
 TSCA Information Management Branch for resolution.

      3. After being presented with evidence that a document contains no
 TSCA CBI, the DCO must cross out all TSCA CBI markings on the document
 and remove the document cover sheet.

      4. The DCO must inscribe the document with the statement "Contains
 no TSCA CBI," sign the document, and date it.

      5. The DCO must  log the  document out of  the document tracking
 system.  In the disposition box on the inventory log, the DCO must enter that
 the document contains no TSCA CBI.

          N.  REPRODUCTION  OF TSCA CBI MATERIALS

 1.  IN GENERAL. Only a DCO or an employee acting under the supervision
 of a DCO are allowed to photocopy TSCA CBI materials.  Photocopying of
 TSCA CBI materials should  be limited  to the maximum  extent possible.
 TSCA CBI  materials can be reproduced only at copying machines located in
 secure storage areas or in non-secure locations that the TSCA security staff has
 approved for TSCA CBI duplication.

 2.  EMPLOYEE'S ROLE.   Employees are  permitted  to  photocopy their
 personal working papers and documents for use at meetings (see section P of
 this chapter).  In all other cases, employees must present the materials they
 want photocopied to the DCO or DCA. The DCO or DCA will photocopy the
 materials for the employee.

 3.  DCO RESPONSIBILITIES. The DCO is responsible for photocopying
 materials for  employees or appointing the  DCA to do so.  The DCO is
 responsible  for obtaining  the  TSCA  security  staffs approval  for  any
 non-secure TSCA CBI photocopy locations at the DCO's facilities. The DCO
 is responsible for destroying excess or unusable copies (see section O of  this
 chapter).
                                 55

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

      a.  CONTROL OF COPIES. The DCO is responsible for the control of all
 copies of a TSCA CBI document.  The cover sheet on the original must  not
 be copied for use with the copy.  The copies must be stamped by the DCO as
 TSCA CBI and covered with a TSCA CBI cover sheet (EPA Form 7740-9).

          The DCO must log the copies into the document tracking system and
 assign document control numbers or copy numbers to the copies.  The copies
 should be marked with the same document control number as the original and
 with a copy number,  e.g., 1 of 3, 2 of 3, 3 of 3, etc.  The exception to this
 are personal working papers that are being photocopied for use in a meeting.
 (Personal working papers are discussed in section K of this chapter.)

      b.  DISTRIBUTING COPIES TO OTHER EMPLOYEES.  Two options exist for
 distributing copies  of TSCA  CBI documents to  other employees.   The first
 option  is that  the  DCO  will log each  copy out to the individual who is
 receiving it. The second option is that the DCO  will log all of the copies  out
 to the originator; the  originator then loans the copies to other employees and
 obtains signed  loan receipts (Appendix 17) indicating that the transfers, were
 completed.  These loan receipts should be retained until the documents  are
 returned.  If a document is transferred and no loan receipt is obtained,  the
 owner or author of the document will be held responsible and accountable for
 the document.

       c.  AUTHORIZING  USE OF  OTHER  PHOTOCOPYING  MACHINES WHEN
 MACHINES IN SECURE LOCATIONS BREAK DOWN.  The DCO can authorize the
 photocopying of TSCA CBI materials  at machines outside of secure locations
 if all machines in locations approved for duplicating TSCA CBI materials  are
 inoperable. During the photocopying of TSCA CBI materials, the non-secured
 machine must be dedicated to the task, and the DCO or DC A must directly
 supervise  the machine.   Only employees with  TSCA  CBI access may be
 present while TSCA CBI materials are being photocopied.  After copying is
 finished,  the operator must pass three blank copies through the machine to
 ensure that any impressions on the image surfaces of the machine have been
 erased.

          If a machine in a non-secure location malfunctions while TSCA CBI
 materials are being copied, the facility DCO must ensure that the machine is
 directly supervised by an employee with TSCA CBI access until it is repaired
                                 •56

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 or that an employee with TSCA CBI access inspects the machine's paper path
 and image surfaces to retrieve any materials containing TSCA CBI that are
 caught in the machine.

    O. PROCEDURES FOR DESTROYING TSCA CBI MATERIALS.

 1.  IN GENERAL.  The procedures for destruction of TSCA CBI materials
 apply  to all materials containing TSCA CBI, e.g., draft documents, telephone
 records, typewriter ribbons, computer printouts, diskettes, tapes, microfiche,
 and any other TSCA CBI materials logged into a document tracking system.
 The procedures do not apply  to personal  working papers that are  in the
 possession of their author.

 2.  WHO IS PERMITTED TO DESTROY TSCA CBI MATERIALS.

       a.  EPA AND FEDERAL EMPLOYEES.  Only the facility DCO or OPPT
 DCO  is permitted to destroy TSCA CBI materials. Federal employees wishing
 to have TSCA CBI materials destroyed must take them to their facility's DCO.

       b.  CONTRACTOR EMPLOYEES.  Contractor DCOs are allowed to destroy
 TSCA CBI materials after obtaining written permission from their EPA project
 officer.

 3.  DESTRUCTION  METHODS.  TSCA CBI materials such  as papers,
 documents, or printouts must be shredded.  All other materials,  including
 microfiche,  typewriter ribbons, and  magnetic  media  must  be burned,
 degaussed, or chemically destroyed.  If EPA regional and field office DCOs
 are unable to meet these requirements for destruction of microfiche, magnetic
 media, and  typewriter ribbons, they  must send their materials to EPA
 headquarters for destruction.   The procedures for delivery  of TSCA CBI
 materials by certified mail, by Express Mail or by courier should be followed
 (see section F of this chapter).  The materials should be addressed to OPPT
 DCO; attention TSCA  Security Staff.

 4.   DOCUMENTING DESTRUCTION. The destruction of a TSCA CBI
 document that has been entered into the document tracking system must be
 documented.  The DCO must enter information about the destruction of the
 document into the receipt log and the inventory log (Appendices 15 and 16).
                                  57

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

 (At one time, the DCO was required to keep a destruction log, but that
 requirement has been dropped.)

         The TSCA CBI cover sheets in use prior to the effective date of this
 manual must be inscribed by the DCO with (1) the destruction date, (2) the
 location at which the document is destroyed, and (3) the DCO's name. The
 TSCA CBI cover sheets must then be placed in the appropriate file for storage
 (e.g., at EPA headquarters a cover sheet should be placed in the CBIC file for
 that document).  The process does not apply to the new TSCA CBI cover
 sheets that have become effective with publication of this manual.

     P.  USE OR DISCUSSION OF TSCA CBI DURING MEETINGS

 1.   WHAT IS CONSIDERED A MEETING? The procedures discussed here
 apply to scheduled gatherings of  five or more people at which TSCA CBI is
 discussed.  The procedures  do not apply to informal discussions between a
 supervisor and an employee or between fewer than five employees working on
 a matter concerning TSCA CBI.

 2.   PROCEDURES  FOR CIRCULATING DOCUMENT COPIES AT  A
 MEETING.

      a. PERSONAL WORKING PAPERS. The author of a TSCA CBI document
 may circulate photocopies of the  document at a meeting without logging the
 document into the document tracking system if all of the following conditions
 are met:

         •   The author attends the meeting and is present when the docu-
             ment is discussed.

         •   The author collects all copies of the document at the end of the
             meeting.

         •   The author submits all copies of the document for destruction
             after the  meeting.
                                58

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          •   The author numbers the copies (i.e.,  1  of 6, 2 of 6, etc.)
              before distributing them and checks to make sure that all copies
              are returned at the end of the meeting.

      b.  DOCUMENTS THAT HAVE BEEN LOGGED OUT TO AN  EMPLOYEE. An
 employee who has possession of  a TSCA CBI document  is permitted to
 photocopy the document and circulate the photocopies at a meeting (see section
 N of this chapter) if all of the following conditions are met:

          •   The employee attends the meeting and is present  when the
              document is discussed.

          •   The employee  collects all copies of the document at the end of
              the meeting.

          •   The  employee  submits  all  copies  of  the  document for
              destruction after the meeting.

          •   The employee numbers the copies (i.e., 1 of  6, 2 of 6, etc.)
              before distributing them and checks to make sure that all copies
              are returned at the end of the meeting.

          •   TSCA  CBI materials  can be reproduced only at copying
              machines located in secure storage areas  or in non-secure
              locations that the TSCA security staff has approved for TSCA
              CBI duplication.

 3.   PROCEDURES FOR DISCUSSING TSCA CBI DURING MEETINGS.

       a.  MEETING  CHAIRPERSON'S DUTIES.   The  meeting chairperson  is
 usually the  person  who has  scheduled  and  organized the  meeting.   If  a
 chairperson  has not been identified, one must be selected at the beginning of
 the meeting. The chairperson is  responsible for ensuring that only people
 cleared for  TSCA CBI access are in the room during  discussion involving
 TSCA CBI. If necessary, the chairperson should  consult  the TSCA CBI
 authorized access list to verify TSCA CBI clearance.
                                   59

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

          The chairperson must also secure the room at the end of the meeting.
 This includes cleaning  all chalkboards, taking  any unneeded TSCA CBI
 materials to the DCO for destruction (except personal working papers), and
 clearing the room of any information that could lead to disclosure of TSCA
 CBI.

      b.  RECORDS OF  MEETING MUST BE TREATED AS TSCA CBI.  The
 chairperson must remind those who attend the meeting that they must treat as
 confidential any notes taken at the meeting.  Notes taken at the meeting  are
 considered personal working papers.  They do not have to be logged into  the
 document tracking system  as  long  as  they  remain in  their originator's
 possession.   However, if the originator wants to transfer possession of  the
 notes to someone else,  the notes must be submitted to the  DCO, who will
 assign them a document control number and log them into a document tracking
 system.

          A meeting attendee must obtain permission from the chairperson to
 tape record a meeting.  Such recordings may contain TSCA CBI and must be
 treated like any other TSCA CBI materials.

            Q. TRAVELING WITH TSCA CBI MATERIALS

 1.  IN  GENERAL. It is sometimes necessary for a Federal or contractor
 employee authorized for TSCA CBI access to carry TSCA CBI materials while
 traveling. If it is impractical to return to work to pick up the materials before
 departure or to drop them off after return, the employee can obtain permission
 from his or her immediate supervisor to take the  materials home.

 2.  MAINTAINING  SECURITY FOR TSCA CBI MATERIALS  WHILE
 TRAVELING.   Any  employee who travels with  TSCA CBI  materials is
 responsible for  maintaining proper security  for the materials.  The facility
 DCO must log the materials out to the employee  before the employee leaves
 the facility.

      a.  STORING TSCA CBI MATERIALS WHILE TRAVELING. While traveling
 by plane or other public conveyance, the employee must keep the TSCA CBI
 materials in his or her possession.  TSCA CBI materials cannot be checked
 with luggage.
                                  60

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

          If the employee is traveling by car, he or she should store TSCA
 CBI materials in the locked trunk en route.  However, TSCA CBI materials
 must never be left in the car overnight.

          The most secure place to store TSCA CBI materials while traveling
 is with the facility DCO at the location that the employee is visiting.  When
 this is not possible,  the employee is permitted to store TSCA CBI materials
 overnight in a hotel safe, if the employee obtains a  receipt from the hotel
 management. TSCA CBI materials placed in a hotel safe must be in a sealed
 envelope with no indications on the outside that the envelope contains TSCA
 CBI.  If no receipt is available, the employee must keep the TSCA CBI in his
 or her possession.

       b.  TRANSFERRING  POSSESSION OF  TSCA  CBI  MATERIALS  WHILE
 TRAVELING.  Sometimes, an employee will be assigned to carry TSCA CBI
 materials for transfer to another location.  After logging out the  materials, the
 DCO at the  employee's facility must double-wrap the materials for  transfer
 (see section F.2.a.  of this chapter).   Immediately upon  arrival at  the
 destination, the employee must take the wrapped TSCA CBI materials to the
 facility DCO.   The DCO  will  unwrap the  materials  and log them  into the
 document tracking system.

    R.  WORKING WITH TSCA CBI AT A PERSONAL RESIDENCE

          Normally, employees are not permitted to take TSCA  CBI materials
 to their homes.  Under special circumstances, such as recuperation from a
 long-term illness, a division director or a supervisor  of equivalent authority
 may grant permission for an EPA employee to use TSCA CBI materials at
 home.  The supervisor must provide a complete justification supporting the
 action to the IMD director. A plan for protecting the TSCA CBI materials
 while at the employee's residence must also be provided to the IMD director.
 All normal security precautions in this manual must be followed,  and the
 TSCA security staff will inspect and approve the residence before any TSCA
 CBI materials are sent there.
                                   61

-------
TSCA CBI Security Manual                                      7700
                                                              1/93

    S. WORKING WITH TSCA CBI MATERIALS ON COMPUTERS

 1.   IN GENERAL.  EPA takes every precaution to safeguard TSCA CBI
 materials that are entered into or manipulated by computers. In addition to
 meeting  the security requirements of this manual, EPA  follows  agency
 information security protection guidelines in protecting TSCA CBI materials.
 Any computer security plan developed for TSCA CBI information must at a
 minimum meet the requirements found in this manual.

 2.   EMPLOYEES  MUST OBTAIN  AUTHORIZATION TO  OBTAIN
 ACCESS  TO  TSCA  CBI  DATA  STORED ON  THE MAINFRAME
 COMPUTER.  Separate authorization  is required for employees to  obtain
 online access to the TSCA CBI mainframe database (see Chapter 2).  Online
 access allows employees to read, change, manipulate, or obtain data from the
 mainframe computer depending on the access rights granted the employee.
 Employees do not need  authorization to use  TSCA  CBI on their PCs.

      OBTAINING AUTHORIZATION TO ACCESS THE TSCA CBI MAINFRAME
 FROM A REMOTE SITE.   If an EPA employee, a Federal  employee, or a
 contractor employee outside of EPA headquarters  requires access to  TSCA
 CBI data stored on the headquarters mainframe, the employee must submit a
 complete justification to the IMD director.  Prior to permitting  telecommuni-
 cations access, the TSCA security staff must inspect the requester's  site to
 ensure proper security protocols are in effect.

 3.   SETTING UP A LOCAL-AREA NETWORK  (LAN).  A  LAN, linking
 the personal computers  of a small workgroup, can  be used in the processing
 and storage of TSCA CBI data.   A LAN  security plan that adheres to  all
 requirements of this manual must be developed.  The TSCA security staff and
 EPA's Office of Information Resource Management must approve the plan
 before any TSCA  CBI  data can be placed on a LAN.  Proper software or
 hardware encryption devices  must be utilized before dial-in access  will  be
 approved.

 4.   USE OF WIDE-AREA NETWORKS (WANS) IS NOT PERMITTED.
 The use of WANs is not authorized to store, process, or transfer TSCA CBI
 data. Contact the TSCA security staff regarding any questions about WANs.
                                62

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

 5.  USING PERSONAL COMPUTERS (PCS) TO WORK WITH TSCA
 CBI DATA.  TSCA CBI-cleared EPA employees,  Federal employees, and
 contractor employees can use TSCA  CBI data on a PC, subject to the
 restrictions in this manual.

      a.  PROCEDURES FOR USING TSCA CBI DATA ON A PC OUTSIDE OF A
 SECURE STORAGE AREA. The employee must retain exclusive control over the
 operation of a PC and printer while working on a PC outside of a secure
 storage area.  The employee must ensure that the PC screen is not viewed by
 anyone who is not authorized for access to TSCA CBI.  If the employee leaves
 the PC for any reason, he or she must  terminate  the computer session as
 described in (d) below.

      b.  PROCESSING AND STORING TSCA CBI DATA ON FLOPPY AND HARD
 DISKS.  Floppy and detachable hard disks are preferred for storage of TSCA
 CBI data. Employees can obtain green floppy disks for TSCA CBI storage
 from IMD's TSCA Information Management Branch. If green floppy disks
 are not available, the employee  can use any diskette to  store TSCA CBI
 information after stamping it as containing TSCA CBI data.

          Hard disks can be used to process and store TSCA CBI data under
 limited conditions:

          •   TSCA CBI data can be processed on a PC's fixed hard disk
              when the PC is located in a secure storage area.

          •   If an employee is working with TSCA CBI data  on a PC with
              a  fixed hard disk  in an unsecured  area, the employee must
              erase the hard  disk at the  end of each session and verify the
              erasure.  To erase the hard  disk, the employee must use an
              approved utility program at the end of each session.  Contact
              the TSCA security staff for a list of approved utility programs.

          •   Detachable hard disks can be used to store TSCA CBI data,
              and their use is encouraged.  The hard disks must be removed
              from  the PC after each session, unless the PC is located in a
              secure storage  area.
                                  63

-------
TSCA CBI Security Manual                                       7700
                                                                1/93

      c.  MAINTAINING SECURITY  FOR  FLOPPY AND  DETACHABLE HARD
 DISKETTES CONTAINING TSCA CBI DATA. The procedures for storing TSCA
 CBI hard-copy  materials  apply to storage of floppy and detachable hard
 diskettes (see section B of this chapter).  When disks are no longer needed or
 are damaged, they should be given to the DCO for destruction (see section O
 of this chapter).

      d.  TERMINATING A TSCA CBI PC SESSION FOR PCs LOCATED OUTSIDE
 SECURE STORAGE AREAS.  Proper termination of a PC session involving TSCA
 CBI data consists of the following steps:

      1)  The employee should transfer the TSCA CBI data to the floppy or
          detachable hard disk.

      2)  The employee should verify that the transfer was completed.

      3)  The employee should ensure that a backup file does not exist for the
          TSCA CBI that was processed during the  session.

      4)  The employee should  remove the floppy or detachable hard disk
          from the PC.

      5)  The employee should  erase the data from the hard disk using an
          approved program.

      6)  The employee should verity that the erasure has taken place.

      7)  The employee should turn off the PC.

      e.  SECURITY PROCEDURES FOR PC PRINTOUTS OF TSCA CBI DATA.
 The security procedures for storing TSCA CBI hard-copy materials apply to
 storage of TSCA CBI data that is printed on a PC printer and to storage of the
 printer's ribbon (see section B of this chapter). An employee using a printer
 with internal memory, such as a laser printer, must turn off the printer
 after each TSCA CBI printing session and verify that no TSCA CBI data
 remain in the printer's memory cache or buffer.
                                  64

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 6.  USING THE TSCA CBI MAINFRAME COMPUTER.  EPA stores and
 processes TSCA CBI on  a dedicated mainframe computer,  which is not
 networked with any other computers. TSCA CBI data cannot be stored on any
 other  mainframe computer without approval from the IMD director and
 certification by the TSCA security staff. For information about the necessary
 security for such systems, contact the TSCA security staff.

       a.  PROCEDURES FOR EMPLOYEES TO OBTAIN PRINTOUTS OF TSCA CBI
 DATA FROM THE MAINFRAME  COMPUTER. All Federal  employees who are
 authorized for access to TSCA CBI are permitted to use printouts from the
 TSCA CBI  mainframe computer and to view a computer screen that contains
 TSCA CBI.  Employees who want to obtain a printout should  submit a
 computer search request form  to the OPPT DCO (unless they are networked
 via encryption), no matter what facility they work in.

       b.  SECURITY PROCEDURES  FOR PRINTOUTS  FROM THE TSCA CBI
 MAINFRAME COMPUTER. Not all data on the TSCA CBI mainframe computer
 are confidential.  However, all printouts from the mainframe computer must
 be assumed to be TSCA  CBI until the employee who has obtained the printout
 determines whether it contains TSCA CBI. The employee is required to make
 this determination in consultation with the OPPT or facility DCO. The same
 procedure applies to information displayed on a computer screen and copied
 by  an employee. The security procedures are summarized here.

          •   The DCO must log the printout into the document tracking sys-
              tem, stamp it  as TSCA  CBI, assign  a document  control
              number,  cover  the document with  a  TSCA CBI cover sheet,
              and treat  it like any other TSCA CBI document.

          •   If a printout contains no TSCA CBI, the employee must certify
              that fact by signing and dating the front page of the printout.

          •   If the employee initially determines that a printout contains
              TSCA CBI and later reverses that decision, he or she must sign
              and date  the front page of the printout, initial the TSCA CBI
              cover sheet, remove the TSCA CBI cover sheet, and notify the
              DCO of the new decision so the document tracking system can
              be updated.
                                 65

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 7.   MINI COMPUTERS. Mini computers can be used to process TSCA CBI
 data if they are approved by the TSCA security staff.  To obtain approval, the
 facility DCO must prepare a security plan describing (a) how TSCA CBI data
 would be protected during processing and (b) how access to the mini computer
 would be restricted. The plan should be submitted to the TSCA security staff.

      SECURITY CONTROLS FOR TSCA CBI DATA ON MINI COMPUTERS. At
 a minimum,  the mini computer must be located inside a TSCA CBI secure
 storage area.  Additional hardware and software controls should supplement
 the physical security controls.  No dial-in access to this type of computer will
 be approved unless proper software or hardware encryption devices are in
 place. The security plan must adhere to all requirements of this manual. For
 further details, contact the TSCA security staff.

 8.   SECURITY FOR TSCA CBI DATA STORED ON CONTRACTOR'S
 COMPUTERS.   EPA contractors cannot place TSCA CBI on a mainframe
 computer system, mini computer system, or shared-logic  computer system
 without authorization from EPA.   A contractor's computer system  and site
 must be inspected and approved by the TSCA security staff before the data can
 be transferred.

      Authorized  EPA contractors who use TSCA  CBI must follow all
 computer security requirements established for EPA. Contractors are allowed
 to use standalone PCs for processing TSCA CBI by adhering to the procedures
 contained in this manual.

        T. DEVELOPMENT OF PHOTOGRAPHIC MATERIALS

 1.   PHOTOGRAPHS CAN  BE  CLAIMED AS  TSCA  CBI.  When a
 company claims that photographs taken during EPA inspections and plant visits
 are TSCA CBI, the film must be shipped to the OPPT DCO for processing
 and development.  Processing or development  by a private or  commercial
 laboratory is prohibited.

         The film should be  labeled  as TSCA CBI, double-wrapped, and
 prepared for shipment following the same procedures used for shipment of any
 other TSCA CBI media (see section F  of this chapter).  It  should be sent to
 OPPT DCO, Information  Management Division, (TS-790)  EPA, 401 M St.
                                 66

-------
TSCA CBI Security Manual                                       7700
                                                               1/93

 S.W., Washington,  D.C.   20460.   The  OPPT DCO  will arrange for
 development and return photographs and negatives to employees within 30
 days.  If faster turnaround is required, the OPPT DCO should be contacted to
 arrange special handling.

 2.  VIDEO TAPES  CAN BE CLAIMED AS TSCA CBI.  If  an  EPA
 employee utilizes video equipment during an inspection or plant visit, and the
 company wishes to claim the tape as TSCA CBI, the tape should be handled
 and controlled as any other TSCA CBI material.
                                 67

-------
TSCA CBI Security Manual                                     7700
                                                            1/93
                               68

-------
TSCA CBI Security Manual                                    7700
                                                          1/93

                        CHAPTER 5
         REPORTING AND INVESTIGATION OF
         VIOLATIONS OF PROCEDURES, LOST
          DOCUMENTS AND UNAUTHORIZED
                       DISCLOSURES

         All employees who are authorized for TSCA CBI access are required
 to  follow  this  manual's procedures,  which  secure TSCA CBI  from
 unauthorized public disclosure. They are responsible for reporting (1) possible
 violations of security procedures, (2) the loss or misplacing of TSCA CBI
 materials, and (3) any unauthorized disclosure of TSCA CBI materials.

         The security procedures in  this manual are  enforceable  by
 administrative penalties, set forth in this chapter;  The IMD director will
 decide when to apply these penalties.

            A.  EMPLOYEE REPORTING PROCEDURES

 1.   ORAL REPORT MUST  BE MADE WITHIN ONE WORKING DAY.
 Any TSCA CBI-cleared employee of EPA or another Federal agency must
 provide oral notice to his or her division director within one working day if
 he or she thinks  it is possible that

      •  TSCA CBI security procedures have been violated.

      •  TSCA CBI materials have been lost or misplaced.

      •  An unauthorized person has obtained access to TSCA CBI data.

 Contractor employees must provide oral  notice to their project officer.

 2.   WRITTEN  REPORT MUST  BE MADE WITHIN TWO WORKING
 DAYS.  Within two working days, the employee must follow up the oral
 report with a written report.  EPA or Federal employees must provide the
 written report to their division director.  Contractor employees must provide
 the written report to their project officer.
                               69

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

          The  written report must describe (1)  the  possible violation of
 procedures, (2) the unauthorized disclosure of TSCA CBI, or (3) the materials
 believed lost or misplaced. It must also include a description of any relevant
 circumstances known by the employee.

          The employee or his or her supervisor may examine files and discuss
 the matter with other individuals to try to determine what occurred. However,
 only the TSCA security staff is authorized to conduct interviews, review logs,
 and carry out a detailed investigation.

 EMPLOYEE'S  DIVISION  DIRECTOR OR  PROJECT OFFICER'S  DUTIES.   The
 employee's division director or project officer  must review  the employee's
 report and provide any additional comments or information that are relevant.
 The  division director or  project officer must forward the report to the IMD
 director within two working days of receiving it.  If the division director
 reviews the employee's report and determines that no violation of procedures,
 loss  of TSCA CBI,  or  unauthorized disclosure has occurred, the division
 director is not required to forward the report to the IMD director.

    B. REVIEW AND INVESTIGATION OF EMPLOYEE'S REPORT

          The IMD director will review the employee's written report and may
 request an investigation by the TSCA security staff.

 1.   WHEN POSSIBLE VIOLATION OF THIS  MANUAL'S SECURITY
 PROCEDURES HAS OCCURRED.  The IMD director must notify the TSCA
 security staff of any alleged violation of this manual's procedures.  In such a
 case, the IMD director will (1) direct the TSCA security staff to investigate the
 reported  violation, (2) determine what administrative  penalties, if any, are
 appropriate, and (3) recommend  sanctions to the supervisors of the affected
 employees.  Supervisors are responsible for imposing sanctions.

          The  IMD director  will also  confer with the affected employees'
 supervisors to identify procedures for handling,  using,  or storing TSCA CBI
 materials that will prevent recurrence of violations.
                                  70

-------
TSCA CBI Security Manual                                        7700
                                                                1/93

 2.   WHEN TSCA CBI MATERIALS CANNOT BE ACCOUNTED FOR.
 The IMD director will immediately review the employee's  report of lost or
 misplaced TSCA CBI documents and decide whether evidence indicates that
 the TSCA security staff should begin an investigation.

 NOTIFICATION TO THE SUBMITTING COMPANY. The IMD director must notify
 the affected company that its TSCA CBI data is missing.  The IMD director
 must provide  a written notice to the company  within four  working days of
 receiving the employee's report.  The written notice must identify the lost or
 misplaced document and state the date on which it was discovered to be lost
 or misplaced.

 3.   WHEN UNAUTHORIZED DISCLOSURE OF TSCA CBI MATERIALS
 MAY HAVE  OCCURRED.   The IMD director will immediately review the
 employee's report that TSCA CBI may have been disclosed to someone who
 is not authorized for access to it.  He or she will determine whether evidence
 indicates that  the TSCA security staff should begin an investigation.

       a.  NOTIFICATION TO THE SUBMITTING COMPANY. If the TSCA security
 staffs investigation determines that unauthorized disclosure did occur, the
 IMD director must notify the affected company.  The IMD director must
 provide a written notice to the company within four working  days of receiving
 the employee's report. The  written notice must contain a description of the
 TSCA CBI that was disclosed and the date of the disclosure.
                                     •ซ

       b.  EPA OFFICE OF INSPECTOR GENERAL.  If the TSCA security staffs
 investigation  reveals any evidence of a knowing and willful unauthorized
 disclosure of  TSCA CBI, the matter must be immediately transferred to the
 EPA Office of Inspector General.

            C.  PENALTY GUIDELINES FOR VIOLATION
                 OF THIS  MANUAL'S PROCEDURES

          The IMD director is responsible for enforcing the procedures in this
 manual. It is up to him or  her to assess the possible breach of TSCA CBI
 security or procedures and determine an appropriate action, which can include
 administrative penalties or criminal charges.  Responsibility  for implementing
 the IMD's recommended action rests with the division director of an EPA or
                                  71

-------
TSCA CBI Security Manual                                        7700
                                                                  1/93

 Federal employee or, for contractor employees, with the division director who
 requested TSCA CBI access for the contractor.

          The purpose of the penalties described in this chapter is to prevent
 or discourage the recurrence of violations. Penalties imposed or actions taken
 must be fair, consistent, and well-reasoned.  The security procedures  in this
 manual are enforceable by administrative penalties.

 1.   DETERMINING THAT A VIOLATION HAS OCCURRED.  The IMD
 director reviews the employee's written report and  the TSCA security staffs
 report on its investigation to determine whether an employee has violated this
 manual's procedures.

 2.   DETERMINING  AN APPROPRIATE  REMEDY.   If a  violation has
 occurred, the IMD director must recommend to the  individual's supervisor an
 appropriate  remedy.  Remedies can include  one  or  a  combination  of the
 following:   (1) administrative penalties,  (2) criminal penalties, and (3)
 corrective actions.

       To determine an appropriate remedy the IMD Director must weigh

          •    The  seriousness  of  the  violation  and  the  potential for
               unauthorized disclosure of TSCA CBI because of the violation.

          •    The degree of the employee's negligence.

          •    Whether the individual has previously committed a similar
               violation.

          •    Whether the individual has previously committed  any other
               violation of this manual's procedures.

          •    The frequency with which the individual uses or handles TSCA
               CBI in the course of fulfilling his or her duties.
                                   72

-------
TSCA CBI Security Manual
                                           7700
                                           1/93
 3.   ADMINISTRATIVE PENALTIES. The IMD director should recommend
 an administrative penalty  if an individual was grossly negligent or if the
 individual had previously incurred a similar violation, even if the violations
 were not serious. Administrative penalties are listed here.
 Nature of Offense
1st Offense
 2nd Offense
3rd Offense
CBI is not compro-
mised and breach
is unintentional

counseling
by supervisor
to oral
reprimand
oral reprimand
to written
suspension

1-day
suspension
to removal

 CBI is compromised
 but breach is
 unintentional

 Deliberate
 procedural
 violation *
oral or written    1-day to
reprimand to      5-day
5-day suspension  suspension
                 7-day
                 suspension
                 to removal
30-day
suspension
to removal
removal
 *    This category covers only deliberate procedural violations that
 do not result in the unauthorized disclosure of TSCA CBI.  If
 IMD's investigation reveals any evidence of the knowing and
 willful unauthorized disclosure of TSCA CBI, the matter will be
 immediately referred to the EPA Office of Inspector General.

 4.   CRIMINAL  PENALTIES.  The IMD  director should recommend a
 criminal penalty if an individual willfully disclosed TSCA CBI to any person
 not authorized to receive it. The individual who disclosed TSCA CBI may be
 liable under Section 14(d) of TSCA (15  U.S.C. 2613(d)) for a fine of up to
 $5,000 and/or imprisonment for up to one year.  In addition,  disclosure of
 TSCA  CBI  or violation  of the procedures cited  above may subject an
 individual to disciplinary action with penalties ranging up to  and  including
 dismissal.
                                   73

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

 5.   CORRECTIVE ACTIONS.   The IMD  director  should  recommend
 corrective actions when (1) an administrative penalty would be too severe a
 remedy and (2) the corrective action is likely to prevent or discourage future
 violations either by the individual or by other individuals.  Corrective actions
 recommended by the IMD Director should fit the individual characteristics of
 each violation.

          The purpose of taking a corrective action is to prevent or discourage
 future  violations.   Corrective actions may be procedural,  instructional, or
 disciplinary  in  nature.   Such  actions include training, revision  of  work
 procedures, removal of the individual's name from the TSCA CBI authorized
 access  list, and other options.

 6.   IMD DIRECTOR CAN ALSO RECOMMEND THAT NO ACTION  BE
 TAKEN. The IMD director has the option of recommending that no action be
 taken if fault cannot be ascribed to any individual or a modification of TSCA
 CBI handling procedures would yield no greater level of protection to TSCA
 CBI.
                                  74

-------
TSCA CBI Security Manual  .                                        7700
                                                                   1/93

                                INDEX
 administrative penalties  7,68,69,70-73

 aggregation of TSCA CBI 35,53-54

 annual briefing 6,7,15,16,25

 audit of documents  i,5,7,8,14-18,25-26,30,36,38,43

 Authorized Access List  5,6,7,14,15,17,34,42,44,47,49,59,73

 automated document tracking systems  5,7,15,18,29-31

 backup for automated document tracking systems 30-31

 bar codes  30

 broken reproduction machines  56

 CBIC  vi,vii,l,5,30,33,40,43,50,58

 CBITS 5,7,16,18,30,36

 certified mail 45-47

 challenging TSCA CBI claims  27-28,54-55

 computer access authority 3-6,8,14,15,17,57,62-66

 Congressional access  3,23-24

 Congressional Access Log  23, Appendix 20

 Contractors and Contractor employees  i,vi,vii,l,9-

  18,23,25,28,29,33,34,39,44-45,48,52,57,60,62,66,69,71


                                   75

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 copies  55-57,58-59

 copy numbers 56,59

 corrective actions 71,72,73

 couriers  vii,32,45-47,57

 creating new TSCA CBI documents  26,35,51-54

 creating TSCA non-CBI documents 35,53-54

 criminal penalties 1,19,22,71-72

 DAPSS 7,16,18,30,36

 DCO relinquishes responsibilities 37-38

 declassifying TSCA CBI materials 54-55

 destruction of TSCA CBI materials vi,31,35,57-59,64

 Destruction Log  58

 Director, Office of Pollution Prevention and Toxics  vi

 Division Director 9,13,20,26,35,41,61,68,69,71

 Document Control Assistants vii,47,55

 Document Control Officers (DCOs)  iv,vi,vii,3-8,l 1-18,20,22,23,25-52,54-

 61,64-67

 document control numbers 29-32,36,51,56,60,65
                                  76

-------
TSCA CBI Security Manual                                        7700
                                                                 1/93

 document tracking system  iv,vi,27,29-31,36,37,42-44,50-52,55-

 58,60,61,65

 double-wrapping TSCA CBI materials  46

 electronic entry cards  8,18,42

 electronic mail transmissions  50

 facsimiles containing TSCA CBI, sending and

   receiving 45,47-49

 final confidentiality determination  26,27-28,35,55

 floppy disks  63-64

 forms

      TSCA CBI Access Request, Agreement and Approval,
        7740-6:  3,6,12,16, Appendix 1
      TSCA CBI ADP User Registration, 7740-25:  4,13, Appendix 2
      Standard Form 86:  Questionnaire for Sensitive Positions:  4,12,13,
      Appendix 3
      Fingerprint chart, FD-258:  12, Appendix 4
      Request for Approval of Contractor Access to TSCA CBI,
        7740-17:  9, Appendix 6
      Contractor Information Sheet:  11, Appendix 7
      Confidentiality Agreement for US Employees Upon
        Relinquishing TSCA CBI Access Authority,
        7740-16:  7,8, Appendix 9
      Confidentiality Agreement for Contractor Employees Upon
        Relinquishing TSCA CBI Access Authority,
        7740-18:  16,  Appendix 10
      Employee Separation or Transfer Checklist,
        3110-1:  9, Appendix 11
                                   77

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

      Receipt Log for TSCA CBI, 7710-10: 31,32,36,37,51,57, Appendix
      15
      Inventory Log for TSCA CBI, 7710-11:  5,7,15,16,18,26,31,35-37,55,
      57, Appendix 16
      Federal Agency, Congress, and Federal Court Sign-out
       Log, 7710-13: 23, Appendix 20

 guiding principle 1-2

 hand delivery  44,46,52

 hard disks  63-64

 hardcopy TSCA CBI 26,37,64,65

 hotel safe, storage of TSCA CBI in  61

 IMD Director  vi,9-ll,13,16,19-23,25,29,41,61,62,65,68-73

 individual access files  4,5,13,15

 initial security briefing  4,5,13-14

 inventory  5,7,14,15,18,25,26,30,35-37,55,57

 Inventory Log 5,7,15,16,18,26,31,35-37,55,57

 language, required contract  10, Appendix 8

 loan receipts  ii,44,52-56

 local area networks  62

 lock combinations  33-34,42

 lost documents  5,8,15-17,35,37-38,68-70

 luggage, storage of TSCA CBI in  60-61
                                  78

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 mailing TSCA CBI  vii,10,ll,20-23,27,32,44-46,50,52,57

 mainframe computers  62,65

 maintaining access authorization  vii,5-6,14-15,25-26,36

 managers' responsibilities  28-29

 manual tracking systems  31

 manual updates 2, Appendix 21

 meetings  58-60

 meeting chairperson  59-60

 mini computers 66

 Minimum Background Investigation  13,16

 monthly access listing 4,34

 new documents 26,35,51-54

 notice  to affected  businesses 10-11,19,21,22,70

 OPPTDCO  iv,vi,vii,3-8,ll-18,20,22,23,29-31,33,34,38,44,45,57,65-67

 other agencies, authorizing  for TSCA CBI vii, 1,2,3,18-24

 overdue documents 26,35,37

 PCs 4,63-64

 personal working  papers  51-53,56,57,58-59
                                   79

-------
TSCA CBI Security Manual                                          7700
                                                                    1/93

 photographic materials 66-67

 printouts  57,64-65

 project officer  vii,viii,3,9-13,18,25,28,57,68,69

 Receipt Log  30,31,32,36,37,51,56,57

 relinquishing TSCA CBI access authority  7-9,16-18,37-38

 reporting violations 25,68-70

 reproduction of TSCA CBI materials vi,35,55-57

 requesting officials  vii,3,4,6,7,13-16,20,22,46

 residences, use of TSCA CBI in 61

 return of TSCA CBI to a DCO 7-8,16-18,43

 return receipts  43,46-47

 ribbons and microfiche  53,57

 sanitizing  documents  35,53-54

 secure storage areas  8,17,33,39-43,63,64

 security briefing  4-7,13-16,25-26,35

 storage containers 39,40,41

 storage of TSCA  CBI materials 1,2,6,8,10,15,17,23,29,33-35,39-

 44,48,51,55,58,60-64,66

 subcontractors  10,11
                                   80

-------
TSCA CBI Security Manual                                         7700
                                                                  1/93

 submitter drops claim  54

 telephone discussion of TSCA CBI  ii,49-50

 telephone logs 50, Appendix 19

 tele-video conferences 50-51

 termination of access  6-9,16-18,37-38

 terminology vi-viii

 transfer of TSCA CBI between employees  43,44,52-53,58-59,61

 traveling with TSCA CBI materials 60-61

 TSCA CBI Stamp  i,32,36,39,51,53,65

 TSCA CBI Cover Sheets  i,32,36,39,51,53,55,58,65

 TSCA Security Staff vi,10-23,41,55,57,61-63,65,66,69,70

 typing TSCA CBI materials 52-53

 unaccounted for TSCA CBI materials 5,8,15-17,35,37-38,68-70

 unauthorized disclosure of TSCA CBI materials  19,22,39,68-72

 videotapes 67

 violations of this manual's procedures  vii,25,68-73

 Visitors Log i,42

 waiver for immediate access 4-5,14

 wide area networks 62-63
                                   81

-------
TSCA CBI Security Manual                      Appendix 1
 Please read Privacy Act Statement and Instructions on reverse before completing thit forni.     Form approved. OMB No. 2070-0075. Approval expires 01-31-95.
                                    United States Environmental Protection Agency
                                              Washington, DC 20460
                 TSCA  CBI  Access  Request,  Agreement and Approval
                                             Section I.-Access Request
1. Name (Last, Pint, Ml)
4. Requestor (Agency/Office/Division/Branch)
2. Social Security Number
5. Document Control Officer (DCO)
3. Telephone Number
6. OCO Telephone Number
7. TSCA Sections for which access is
   required. Check all that apply. Use blank
  space to request other sections not listed.
ALL
            -OR-
                                                    12
                                                          13
                                                                  21
8. Justification for TSCA CBI access.
  Select appropriate code from instructions on
  reverse side. (Check one or all that apply.)
                                                              Other
                                                              List Justification on
                                                              reverse side
                            Section II.  - Contract Information  - Contractor Employee. Only
9. Employer's Name
1 1 . Contract Number
10a. Employer's Address
10b. City
1 2. EPA Project Officer
lOc. ST
lOd. Zipcode
13. EPA Project Officer Telephone
         Section III. - OPPT Secure Storage Area Access - HQ Federal and HQ Contractor Employees Only
 14. Check if EPA ID Badge (RUSCO-71W. Badge is required.
         Yes (New)        [    |  Need Replacement
               No (List Present EPA ID Badge Number

                 (List Present OPPT Barcode	
                                                                                                    OR
Need
Barcode
1 5. List OPPT Restricted araac by Division to which Dhvsical access is raauirec
Home Division (24 hour access)
Other Divisions (6A.M.- 6P.M. only)


Access to CBIC only


IMD (DCO and IMD Computer Rms.
 16. List OPPT areas by Division and Room Number for which Alarm Activation/Deactivation Authority is requested.
                                     Section  IV. - Confidentiality Agreement
 I understand that I will have access to certain Confidential  Business Information submitted under the Toxic Substances Control  Act (TSCA, 16 USC
 2601 et seq.).  This access has been granted  in accordance with my official duties relating to the Environmental Protection  Agency programs.

 I understand that TSCA CBI may be used only in connection with my official duties and may not be disclosed except as authorized by TSCA and
 Agency regulations.  I have mad and  understand the procedures set forth in the TSCA Confidential  Business  Information Security Manual. I agree that I
 will treat any TSCA CBI furnished  to me as confidential and that I will follow these procedures.

 I understand that under section 14(d) of TSCAI15 USC 2513(d|), I am liable for a possible fine of up to *5.OOO and/or imprisonment  for up to one year
 if I willfully disclose TSCA CBI to  any person not authorized to receive it. In addition, 1 understand that I may be subject to  disciplinary action for
 violation of this agreement with penalties ranging  up to and including dismissal.

 I certify that the statements I have made on this form and  all attachments thereto are true, accurate, and complete. I ecknowledge  that any knowlingly
 false or misleading statement may be punishable by fine or imprisonment or both under applicable law.
17.
Signature of Employee
18. Date
                                  Section  V.-  Requesting  Official  Approval
1 9. TSCA CBI Security Briefing Date
20. Name and Signature of Requesting Official. (Immediate Supervisor - EPA Project Officer for Contractors)
As the immediate supervisor of lor the EPA Project Officer for) the above mentioned employee, 1 certify he/she has
successfully completed a TSCA CBI Security Briefing on the date shown.
Neme Signature
21. Date
                                    Section  VI.- OPPT  Security  Approval
•22. Date Received
DCO Code
24. Approved (TSCA Security Official Signature)
Barcode
Status Code
Alarm Zones
25. Approval Date
Data Entry Onto and Initials
1. 2.
 EPA Form 7740-6 (Rev. 9-92). Replaces previous version of 7740-6 and 7740-6A.

-------
TSCA CBI Security Manual
77CO
1/93
Paperwork Reduction Act Notice
The public reporting burden for this collection of information is estimated to average .84 hours per response. This estimate includes time for reviewing instuctions,
gathering arid maintaining the needed data, and completing and reviewing the collection of information. Send comments regarding the burden estimate or any other aspect
of this collection of information to the Chief, Information Policy Branch (PM-223), US Environmental Protection Agency, 401 M Street, SW, Washington! DC 20460, and
to the Office of Information and Regulatory Affairs, Office of Management and Budget, Washington, DC 20503, marked ATTENTION: Desk Officer for EPA.
Privacy Act Statement
Collection of the information on this form is authorized by section 14 of the Toxic Substances Control Act (TSCA) 15 USC 2613. EPA uses this information
to maintain a record of those persons cleared for access to TSCA Confidential Business Information (CBI) and to maintain the security of TSCA CBI.
Disclosure of this information may be made to Office of Pollution Prevention (OPPT) contractors in order to carry out functions for EPA compatible with purpose
for which this information is collected; to other Federal agencies when they possess TSCA CBI and need to verify clearance to EPA and EPA contractor employees for access;
to the Department of Justice when related to litigation or anticipated litigation involving the records or the subject mailer of the records; to the appropriate Federal, State or
local agency charged with enforcing a statue or regulation, violation of which is indicated by a record in this system; where necessary, to a State, Federal, x>r local agency
maintaining information pertinent to hiring, retention, or clearance of an employee, letting of a contract, or issuance of a grant or other magistrate or administrative tribunal;
to opposing counsel in the course of settlement negotiations; and to a member of Congress acting on behalf of an indivdual to whom records in this system pertain.
Furnishing the information on this form, including your Social Security Number, is voluntary, but failure to do so will prevent you from being given access to
TSCA CBI and will therefore make impossible the performance of any task which requires access to TSCA CBI.
Instructions for Form Completion
Section I • To be completed by all
1. List Full Name
2. List Social Security Number
3. List Telephone number of person in item 1
4. List Full Acronym of Requesting Office (ie. EPA Office in
which the indivdual works or for contractor employees, the EPA
Office with whom the contract is with)
5. List the immediate Document Control Officer for the office in
which the individual works
6. List the telephone number of the Document Control Officer
7. Check the TSCA Sections for which access is requested or
check ALL if applicable
8. Cirlce the appropriate Access Justification Code
A. Employee is an EPA employee or EPA contractor employee
whose work assignments involve the New and/or Existing
Chemical Programs of TSCA. Hence access to the TSCA sections
listed in item 7 of this form is required in performance of his/her
duties.
B. Employee is an EPA employee or EPA contractor employee
whose work entails the administration of computer systems
housing TSCA CBI. Hence access to the TSCA sections listed in
item 7 of this form is required.
C. Employee is an EPA employee or EPA contractor employee
whose work entails physical security or maintenance for TSCA
CBI secure storage areas. Although employee will not actually
work with any TSCA CBI materials, access to the TSCA sections
listed in item 7 of this form is required.
D. List Justification here






Section II - To be completed by Contractor Employees only
9. List Employer's name
lOa-d. List Employer's address
11. List Contract number
12. List EPA Project Officer's name
13. List EPA Project Officer's telephone number
Section III - To be completed by HQ Federal and HQ
Contractor employees only
NOTE: These procedures apply only to employees requiring
access to OPPT Secure Storage areas. All others follow
standard Agency procedures.
14. Check either box a, b, c or (c&d) for EPA ID badge or
Contractor Building Pass. If box c is checked, write in badge
number.
a. Yes - Check if new employee getting first EPA ID Badge.
(New programmed badge and barcode)
b. Need Replacement - Check if replacement ID Badge is
needed (replacement badge and barcode)
c. No - Existing badge needs programming. List ID Badge no.
d. Need Barcode - Check if existing badge does not have an
OPPT barcode on it. (OPPT barcodes are for logging documents
out of the OPPT Confidential Business Information Center only)
15. Check and list OPPT secured areas for which access (via
"RUSCO" electronic door control system) is required. List
Division acronyms for the requested areas.
Home Division - List Division in which employee works
Other Divisions - List other OPPT Divisions for which
unrestricted daytime access is requested
CBIC Only - To be checked for those who only need to access
the Confidential Business Information Center.
IMD Areas - Employees who need to regularily access the IMD
Document Control Office Suite should circle DCO in the fourth
block. Only IMD staff and contractors who work in IMD
computer rooms should circle IMD Computer Rooms.
16. List OPPT areas by Division and Room numbers for which
Alarm Activation/Deactivation authority is requested. Generally,
this is emplovees home Division onlv.
Section IV - To be completed by all
17. Employee Signature (must be original)
18. Signature Date
Section V - To be completed by all
19. Enter date employee attended TSCA CBI Security Brieifing
20. Immediate Supervisor/EPA Project Officers name and sign.
21. Date of signature
Section VI - To be completed by OPPT Security


-------
TSCA CBI Security Manual                  Appendix 2
PLEASE READ THE INSTRUCTIONS ON THE REVERSE SIDE BEFORE COMPLETING THIS
                   (Please Print or Type - Do not mark in shaded areas)
                                                                              77W.
United SIMM Environmental Protection Agawy
^ Efง))BV Weshingttn. O.C. 20460
o^Elrn TSCA CBI ADP USER REGISTRATION
-\ %^T"^ :< Section 1* Action* Chock aft appropriate b v ,<•> < -''''-,'
[ Assign new userid and password (Complete all items in Section II, except 2 and IS. Complete Section IV.)
[ Add User to Systems (Complete ail items in Section II. except 15. Complete Sections III and IV.)
| Update User Information (Complete all applicable information in Section II, including Ham 2. Complete Section IV.)
[ Delete User from Specific Accounts (Complete items 1.2, and 3 in Section II only. Complete Sections III and IV.)
[ Delete Users from All Systems (Complete items 1, 2, and 15 in Section II. Complete Section IV.)
Section II - Users Assigned to System (see Instructions on reverse side)
1. User Name (Last, First, Ml)
4. Office/Division/Branch/Section (For EPA employees only)
6. Telephone Number (include area code)
8. EPA Region 9. EPA Mail Coda
2. Userid 3. Company or Employer
5. Address (Street or P.O. Box)
7. City
10. State' 11. Zip Code
12. User Status - Check one: [ ] EPA ( ] EPA Contractor ( ] Federal Non-EPA
13. TSCA CBI Security Briefing Date ( / / ) Circle TSCA clearance: Sections [ALL] -or- [3] [4] (5) [6] (8) |13] (20J (211
14. Check the type of ( Database Administrator ( ] Data Entry Staff ( ] Technical Consultant [ ] Developer
work to be performed: j RTP Operations/Systems Staff [ ] Retrieval Staff ( ] Query (Read Data)
15. Enter the access termination date of the user identified above: (Month: Date: Year: 19 	 )
', .. Section III - TSCA Systems (see Instructions on back - Do not mark in shaded areas) - "-4 -
16. Mainframe Hardware Code:
16a. Mainframe System to Access (list one):
17. Mainframe Hardware Code:
17a. Mainframe System to Access (list one):
18. LAN Hardware Code:
SS ซh*i> v >S W v v - ; - ' ^' '""
Acooumt* f- , <" ' •• "ซ - tSO JVJ -|NJ- / - ", v „*<>".$>,
Haiural t Date: ,„„/,„ .,/„-.) by '.. -.*,,
19. LAN Hardware Code:
:/ /SecttoR IV • Signal , ; '', "'
20. Requesting Official Name
(Tvoe or Printt:

21. Signature of Requesting Official (Required)
24. Document Control Officer Name (Type or Print):

25. Signature of Document Control Officer (Required)
22. Request Date:
23. Phone Number:
26. Date Signed:
27. Phone Number:
BETtmNAU:*eOue$TStO; UAOMBOHMENTALpROrcCTlONAO , .:ฃ,
tซAlNFBAMe^Hซ)OliDINATOR,fnV793J,401MซTRECT,S.W.tWASHINOtON>0,(X $0460 , "><
, ,.. ,,,,,'.,- Section V~ Signature (For Mainframe and LAN Coordinator's lisa) : ,.: .. /•"'%
28, Mainframe or LAN Coordinator** $^jrปarure: -
^^>ov.v^ ^>v* **ป- - ' .ป;* --', ---^ - ' %
29. Date Received; " ' > ' /X ,v-,<
30 Date Pfocesoed- ""* -'-"•'"•.*-< .

, 31 Date Comptelid; ,"^ \~^'\^\ .'^ \ . *< ^'
kPA l-orm /72KFZ5TTO791f)

-------
TSCA CBI Security Manual
                                                                          7700
                                                                          1/93
                                                         Section VI -instructions
  Section I:  Action • Cheek ill appropriate boxes.
  This section gives the user an explanation of each action.

  []  Assign New Id and Initial Password

  Check this Item K the applicant does not have Mainframe or LAN access.
  Complete all Hems In Section II, except 2 and 15.  For Mainframe access,
  the user must also request access to at least one system; therefore 'Add
  User to Accounts' must also be checked.  The desired system(s) which the
  user needs access should be identified in Section III.

  [)  Add User to Accounts

  Check this Hem If the user already has access to the Mainframe.
  Complete all tarns in Section II. except 14. The desired system(s) which
  the user needs access should be identified In Section III.

  [ ]  Update User Information

  Check this tern if the user needs to update employment information.
  Complete all applicable information in Section II, including item 2. Items
  13,14, and 15, in Section II need not be completed.

  [ ]  Delete User from Accounts

  Check this hem If the user no longer  needs access to specific system(s).
  The user wil not be deleted from the hardware, but will be deleted from
  the systems identified in Section III. Therefore, complete Section III and
  Hems 1, 2. and 3 in  Section II.

  [ ]  Delete User from al Systems

  Check this Hem If the user no longer  needs access to the Mainframe and
  LAN hardware. This should be checked when a person terminates
  employment or no longer needs
  access to any TSCA system.
Section H:  Users Assigned to
This section refers to the applicant's actual employment duty station, (i.e. If the applicant
is a contractor and works at an EPA facility, the address information is the EPA site.)

Item 1: Enter the name of the users to be added to, or
       deleted from the system. Use the last name,
       first name,-and middle initial formal.
Item 2: For mainframe users, enter the three character
       userld assigned to the user identified in Hem 1
       above. If the user needs a userid, leave this Hem
       blank. Userids are not required for LAN users.
Item 3: Enter the user's employer or company name.
Item 4: Enter the office, division, branch, and section of
       the user.  This applies to EPA employees only.
Item 5: Enter the user's maling address.
Item 6: Enter the user's telephone number.
Item 7: Enter the user's actual mailing city.
Item 8: Enter the user's Region.
Item 9: Enter the user's mal code.
Item 10:  Enter the user's 2-digiI mailing state
       abbreviation.
Item 11:  Enter the user's 5 or 9-digif mailing zip code.
Item 12:  Self-explanatory
Item 13:  Enter last briefing date.  Circle all sections of TSCA
           which the user is authorized to access.
Item 14:  Check the block which describes the task the user will perform.
Item 15:  Enter the date on which the user will no longer
       need access.
  Section HI:  TSCA  - TNs section contains a collection of hardware and systems to access. Each registration form allows users to request access to two Mainframe
  and two LAN .  Each hardware type is identified by a code which should be entered in this section. Use the list below to assist you in selecting the desired TSCA
  hardware and systems to access.

  Items 16 ft 17:        Enter the Mainframe hardware code to which access is requested. Only one code should be entered per Hem.  To obtain access to the IBM 4381
                      Confidential (CBI) Production, enter code A.  To obtain access to the IBM ES9000 Non-Confidential (NCBI) Production and Development, enter
                      codeB.

  Items 16a & 17a:     Enter the Mainframe system to which access is requested.  Only one system should be entered per Hem. The systems on the IBM 4381 CBI
                      Mainframe are:  CICIS/CCID Facility (CCF), CAIR, CCID, CHEMD, CICIS, CUS, DAPSS, DMIS, PENTA, SATS, TUPS, Level 8(a), and Batch
                      Retrieval (BR)

                      The systems on the ES9000 NCBI Production  are: CECATS. CICIS, Batch Retrieval (BR) and MITS.

                      The systems on the ES9000 NCBI Development  are: CICIS/CCID Facility (CCF), CAIR, CCID, CHEMD, CICIS, CUS, DAPSS, DMIS,  PENTA,
                      SATS, TUPS, Level 8(a). MITS. CECATS, and Batch Retrieval (BR).

  Items 18 & 19:        Enter the LAN hardware code to which access is requested. Only one code should be entered.  To obtain access to the CBITS LAN,  enter code C.
                      To obtain access to the Administrative LAN, enter code D.  To obtain access to the Image Processing LAN,  enter code E. To obtain access to the
                      New Chemical LAN, enter code F.

  For NCC and Operations Staff: To obtain mainframe access, select the appropriate hardware code and enter the four character account number in the "Mainframe
  System to Access (list one)* field.
  Section IV - Signature Authority (Required before Processing):  No request will be propoessed without the proper signatures.

  Items 20 through and 23 should to be completed by the Requesting Official who is authorized to approve request. This person should be the supervisor of the applicant
  listed in Dem 1 of Section II.

  Items 24 through 27 should to be completed by the Document Control Officer of the applicant listed in Hem 1 of Section II.
  Section V • Signature (For Mainframe end LAN Coordinator's Use): This section should be completed by the Mainframe and LAN Coordinator only.

-------
TSCA CBI Security Manual

Standard Form 86
Revised December 1990
U.S.Office of Personnel  Management
FPM Chapter 732
Appendix 3
Form approved:
O.M.B. No. 3206-0007
NSN 7540-00-634-4036
66-110
  Questionnaire  for Sensitive  Positions
  Read this information carefully.  Follow the instructions fully or we cannot process your form.
  Why do we need the information you will give us and how
  will we use it?

  The U.S. Government has conducted background investigations
  for over 50 years.  It does this to establish that applicants for or
  incumbents in sensitive positions, either employed by the Gov-
  ernment or working for the Government under contract, are
  eligible for a  required security clearance or for performing
  sensitive  duties.   We use the information  from this form
  primarily as the basis for an investigation that will be  used to
  determine your eligibility for a national security position.

  The information you give us is for Official Use Only,  we will
  protect it from unauthorized disclosure. Authorized disclosures
  include the Privacy Act Routine Uses shown on this form.  The
  information you provide in response to question 25a on use of
  illegal drugs will not be provided for use in any criminal pro-
  ceedings against you.

  Giving us the information we ask for is voluntary. However, we
  may not be able to complete your investigation, or complete it in
  a timely manner, if you don't give us each item of information we
  request This may affect your placement or clearance prospects.

  What authority do we have to ask you for the information
  requested on this form?

  The U.S. Government is authorized to ask for this information
  under Executive Order 10450; section 2165 of tide 42, U.S. Code;
  parts 5,732. and 736 of Title 5, Code of Federal Regulations, and
  other statutes authorizing background investigations. We ask for
  your  Social  Security number  to keep our records accurate,
  because other people may have the same name and birth date.
  Executive Order 9397 also asks Federal agencies to use this
  number to help identify individuals in agency records.

  What is the investigative process?

  Background investigations for national security are conducted to
  develop information to show whether or not a person is reliable,
  trustworthy, of good conduct  and character, and  loyal to the
  United States.  - The information you provide  on this form,
  including any specific agency instructions of Question 14c., and
  any other special instructions, is  confirmed by investigation.
  Your current employer must be contacted, even if you indicated
  on your SF 171, or other form, that you  do not want the present
  employer  contacted. In addition to the questions on this form,
  inquiry also is made about a person's adherence to security
  requirements,  mental or health disorders, dishonest conduct,
  sexual  misconduct, vulnerability to   blackmail or coercion,
  falsification, misrepresentation and any other behavior, activities,
  or associations that tend to show the person is not reliable,
  trustworthy, or loyal.

  An interview with you is a normal part of the investigative
  process. This Personal Subject Interview is generally the first
  step in the investigation, and is conducted under oath, affir-
  mation, or unsworn declaration. It provides you the opportunity
  to update, clarify, and explain more completely information on
  your form, which often helps to complete your investigation fast-
  er.
      If your investigation requires a Personal Subject Interview, you
      will be contacted in advance by telephone or mail to arrange a
      time and location for the interview.  It is important that the
      interview be conducted as soon as possible after you are con-
      tacted. Postponements will delay the processing of your inves-
      tigation. Declining an interview may result in your investigation
      being delayed or canceled.

      You will be asked to bring identification with your picture on it,
      such as a valid State driver's license, to the interview. There are
      other documents you may be asked to bring to verify your
      identity as well. These include: documentation of any legal name
      change; Social Security card; and/or birth certificate.

      Documents that verify any significant claims or activities may
      also be requested, for example: alien registration; naturalization
      certificate; originals or certified copies of college  transcripts or
      degrees;  high  school  diploma;   professional  license^)  or
      certificates); military discharge certificates) (DD Form 214);
      marriage certificates); passport; and/or business licenses). You
      also  may be  asked to  bring documents that  pertain  to
      information provided in your answers to questions on the form
      or other matters requiring specific attention.  These matters
      include: termination or discharge from employment; delinquent
      loans or taxes, bankruptcy, judgments, liens, or other financial
      obligations; and arrests, convictions, probation and/or parole.

      Who makes a final determination?

      Final determination  on your  eligibility for a national security
      position and your being granted a clearance is the responsibility
      of the 0PM or the  Federal agency  that  requested your
      investigation. You maybe provided the opportunity to personally
      explain, refute, or clarify any information before a final decision
      is made.

      How to this form organized?

      This  form has two parts.   Part  1  asks  for background
      information, including where you have lived, gone to school, and
      worked. Part 2 asks about your activities and  such matters as
      firings from a job, criminal history record, use of illegal drugs and
      alcohol consumption.  In answering Part 2, you should keep in
      mind that your answers to questions are considered together
      with the information obtained in the investigation to reach an
      appropriate adjudication for a sensitive position.

      What are the penalties for inaccurate or false statements?

      The  U.S. Criminal Code provides that knowingly falsifying or
      concealing a material fact is a felony which may result in fines
      of up to $10,000, or 5 years imprisonment, or both. In addition,
      Federal agencies generally fire,  do not grant clearance, or
      disqualify individuals who have materially and deliberately falsi-
      fied  these forms, and this remains a part  of our permanent
      record for future placements. Because the position for which you
      are being considered is a sensitive one, your trustworthiness id
      a very important consideration in deciding  your eligibility for
      security clearance. Your prospects of placement or clearance are
      better if you answer all questions truthfully and completely. In
      the course of an interview with a Federal official you will have

-------
TSCA CBI Security Manual

adequate opportunity to explain any information you give us on
the form and make your comments part of the record.

How is the SF 171  used with this form?

For competitive civil  service positions, a copy of the Application
for Federal Employment (SF 171), or a form provided to you, will
be attached to the SF  86.  For certain other and contractor
positions, the SF 171 is not required. You will be advised by the
office assisting you.

How is this form filled out?

1. Follow the instructions of the person who gave you the form
and  any other supplementary information furnished by that
person to assist you in completion of the  form.  Find out how
many copies of the form you are to turn in. You must sign and
date, in ink, the original and each copy you submit

2. You will need a continuation sheets), SF 86A, if in the last 15
years you have lived in more than 6 residences, attended more
than 3 schools, or had more than 7 employments/self-employ-
ments/unemployments.

If additional space is needed, use a blank  piece of paper. Each
blank piece  of paper you use must contain your name and Social
Security number at the top of the page.
                                                    7700
                                                    1/93
3. Type or legibly print your answers. We cannot accept your
form if it is not legible.

4. You must use the State codes (abbreviations) listed in the box
below when you fill out your form.

5. The 6-digit postal ZIP codes are needed to speed the processing
of your investigation. The office that provided you with the form
will assist you in completing the ZIP codes.

6. Whenever "City (Country)" is shown in an address block, also
provide in that block the name of the country when the address
is outside the United States.

7. When providing dates, you may use numbers 1-12 to indicate
months if you don't believe you have enough space to write the
month; and for the same reason, for year you may show the last
two numbers in the year.  For example, June 8,1967, could be
shown as 6/8/67, or January 1984 could be shown as 1/84.

If you have any questions, call the office that gave you the form.
Be sure to sign  and  date the certification statement on page 9
and complete the release on page  10.  Any forms that are not
completed according to these instructions will be returned. This
will delay the processing of your case.
Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
Delaware
Florida
Georgia
American Samoa
Trust Territory
AL
AK
AZ
AR
CA
CO
CT
DE
FL
GA
AS
TT
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana
Maine
Maryland
Dist. of Columbia
Virgin Islands
HI
to
11
IN
IA
KS
KY
LA
ME
MD
DC
VI
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
Guam

MA
Ml
MN
MS
MO
MT
NE
NV
NH
NJ
GU

New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
Northern Marianas

NM
NY
NC
ND
OH
OK
OR
PA
Rl
SC
CM

South Dakota
Tennessee
Texas
Utah
Vermont
Virginia
Washington
Wisconsin
West Virginia
Wyoming
Puerto Rico

SD
TN
TX
UT
VT
VA
WA
Wl
WV
WY
PR

PRIVACY ACT ROUTINE USES
This record and information in this record may be used in cf sctosng information:
• To designated officers and employees of agencies, offices, and other establishments
in the executive, legislative, and judkaal branches of the Federal Government, having a
need to evaluate qualifications, suitability, and loyalty to the United Slates Government
and/or a security clearance or access determination;
- To designated officers and employees of agencies, offices, and other estabishmens
in the executive, legislative, and judicial branches of the Federal Government, and the
District of Columbia Government, when such agency, office, or establishment conducts
an investigation of the individual tor purposes of granting a security clearance, or for the
purpose of making a determination of qualifications, suitability, or loyalty to the United
Slates Government, or access to classified information or restricted areas;
• To designated officers and employees of agencies, offices, and other establishments
in the executive, judicial, or legislative branches of (he Federal Government, having the
responsibility to grant clearances, to make a determination regarding access to classified
information or restricted areas, or to evaluate qualifications, suitability, or loyalty to the
United States Government, in connection with performance of a service to the Federal
Government under a contract or other agreement;
- To inteligence agencies for use in intelligence activities;
- To any source from which information is requested in the course of an investigation,
to the extent necessary to identity the individual, inform the source of the nature and
purpose of the investigation, and to identify the type of information requested;
- To (he Federal, Stale, or local agency responsible for investigating, prosecuting,
enforcing, or implementing a statute, rule, regulation, or order where
there is an indication of a violation or potential violation of civil or criminal law or
regulation;
• To an agency, office, or other establishment in the executive, legislative, or
judicial branches of the Federal Government, or the District of Columbia Government,
in response B its request, in connection with the hiring or retention of an employee,
the issuance of a security clearance, (he conducting of a security or suitabifty
investigation of an individual, the classifying of jobs, the letting of a contract, or the
issuance of a license, grant, or other benefit by the requesting agency;
- To Federal agencies as a data source tor management information through the
production of summary descriptive statistics and analytical studies in support of the
functions for which the records are maintained or tor related studies;
- To a congressional office in response to an inquiry made at the request of that
individual;
• In litigation before a court or in an administrative proceeding being conducted by
a Federal agency;
• To the National Archives and Records Administration tor records management
inspections;
• To the Office of Management and Budget in connection with private relief
legislation;
• To respond to a request tor discovery or for appearance of a witness; and
- To the Merit Systems Protection Board, the Office of Special Counsel, the Equal
Employment Opportunity Commission, or the Federal Labor Relations Authority, in
connection with functions vested in those agencies.

Public Burden Information
Public burden reporting tor this cdection of information is estimated B vary from 30 minutes B 180 minutes per response, induding lime for reviewing instructions, searching
existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding the burden estimate or
any other aspect of this collection of information, including suggestions for reducing this burden to Reports and Forms Management Officer. U.S. Office of Personnel Management.
1900 E Street, N.W., Room 6410, Washington, D.C. 20415; and to the Office of Management and Budget, Paperwork Reduction Project (3206-0007). Washington, D.C. 20503.
Do not send your completed form B the addresses in this box.

-------
TSCA CBI Security Manual
Standard Form 86 QUESTIONNAIRE FOR
Revised December 1990 QFNQITIVF POSITION**
U.S.Office of Personnel Management bENbl 1 1 Vt HUbl 1 lUNb
FPM chapter 732 (For National Security)
t
A Type of -
Investigation |
G Geographic
Location
J
SON ,
I
OPM CodM C*M fc
USE
ONLY
qyxtiiy iffฎ W*/j^(/f5}i!JtHf?
B Extra I
Coverage | 1 1 1 1 I 1
I I I I I I I
I I
L ,:••:.;:::•:-',
sฐ< M- ii
N OPAC-ALC
Number
P Requesting
Official
1 FULL
NAME •
I
K Location of Offi-
cial Personnel
Folder
Ml Location
of Security
Folder
(
1 1 1 1 1
hi Position
Code
None
NPRC
~ At SON
None
At SOI
~~ NPI
iimm/a
\iiuiLiyjj wiu-uiy ua-uauusaa-} w WM i egg.
C Sensitivity D Access E Nature of
1 Level | Action Code
1 Position
Title
Other Address
Other Address
J Accounting Data and/or
Agency Case Number
Name and Title
7700
1/93
Form approved:
O.M.B. No. 3206-0007
NSN 7540-00-634-4036
86-110
lumter
^lOnUil^flVfXS
F Date of Mo""1 ฐaป Year
I 1 Action | | |

ZIP Code
1 1 1
ZIP Code
1 1 1

Signature 1
If you have only initials in your name, use them and State (IO). • If you are a 'Jr.,' 'Sr.,' 'II ' etc., enter this
If you have no middle name, enter "NMN." your middle name.
Last Name :: .,.•••. : :
First Name

Middle Name
3 PLACE OF BIRTH • Use the two letter code for the State.
City :
:.,•, ' • .'• ' .•:••.:•• :, ' &
>unty

State Country (it not in the United States
'elephone Number FTS ( ) Date
I? Id/iliO fflSfflV ฃfifciYiSi&>
in the box after 2 DATE OF
BIRTH
f.. II. etc. Month Day Year
1 1 1
4 SOCIAL SECURITY NUMBER
il -| | |-| 1 1 1
5  OTHER NAMES USED
   Give other names you used and the period of time you used them (tor example: your maiden name, namefs] by a former marriage, former namefsj, aliasjes], or n/ckname[s]). If
   the other name is your maiden name, put "nee" in front of it.
Name
Name
Month/Year Month/Year
I To
Month/Year Month/Year
I *>
Name Month/Year MonttVYear
To
Name Month/Year Month/Year
To
fi  OTHER        .Height (leet and inches)
   IDENTIFYING
   INFORMATION
                                               Weight (pounds)
                                                                        Hair Color
                                 Eye Color
                                         Sex (mark one box)

                                           Ipemale I  I Male
7  TELEPHONE   Work (include Area Code and extension)
                Home (include Area Code)
NUMBERS
8 CITIZENSHIP
( )Day
( )NlgM ( )
3 Mark the box at the right that
applies to you and follow the
Instructions next to the box you
marked.
( )Dซy
( ) Night ( )
I am a U.S. citizen by birth in the U.S.
I am a U.S. citizen, but I was NOT born in the U.S.
I am not a U.S. citizen.



Answer Items b and d
Answer Items b, c, and d
Answer Items b and •
b Your Mother's Maiden Name
     UNITED STATES CITIZENSHIP  If you are a U.S. Citizen, but were not born in the U.S., provide information about one or more of the following proofs of your citizenship.
     Naturalization Certificate (Whfre wtro you natunllztd?)
     Court
                                                                  City
State  Certificate Number
|    |   |   I   I   I    I   I   I   I   I   I
                                                         Month/Day/
                                                         |
                                                                                                                                    i/Year Issued
     Citizenship Certificate (Whปre was thf certiOcttt lปปuปd?)
                                                                                     State  Certificate Number                 Month/Day/Year Issued
                                                                                     I   I   I    I   I   I   I   I    I   I   I   I    I
     State Department Form 240 • Report of Birth Abroad of a Citizen of the United State*
     Give the date the form was    Month/Day/Year
     prepared and give an
     explanation If needed.
Explanation
U.S. Paseport
This may be either a current or previous U.S. Passport.
d DUAL CITIZENSHIP If you are (or were) a dual citizen of the United States and another
country, provide the name of that country in the space to the right.
Passport Number
1 1 1 1 1 1 1 1 1
Month/Day/Year Issued
Country
Q ALIEN If you are an alien, provide the following information:
Place You
Entered the
United States:
City State Date You Entered U.S.
Month Day Year
1 1 1 1
Alien Registration Number
1 1 1 1 1 1 1 1 1
Country of Citizenship
                                                                                                                                         Pagel

-------
 TSCA CBI Security Manual
       WHERE YOU HAVE UVED
       Fill in your full address for every place you have lived beginning with the present (#1) and working backward 15 years.
        • If you attended school away from your permanent residence, list the address you lived at while attending school.
        • For any address in the past 3 years:
         - List a person who knew you at that address, preferably someone who still lives in that area.
         - If address listed is "General Delivery," a Rural Route, or Star Route, provide directions for locating the residence on an attached
          continuation sheet, and show the block #.
 7700
' 1/93
jfl Month/Year Month/Year
Present To
Street Address Apt. #
Name of Person Who Knows You
Month/Year Month/Year
*2
To
City (Country)
Street Addiess Apt. * City (Country)
Street Address Apt. ป
Name of Person Who Knows You
Month/Year Month/Year
#3
To
State
1
ZIP Code
1 1 1 1
City (Country)
Street Address Apt. # City (Country)
Street Address Apt. #
klame of Person Who Knows You
Month/Year MonthA'ear
#4
To
State
1
ZIP Code
1 1 1 1
City (Country)
Street Address Apt. ป City (Country)
Street Address Apt. #
Name of Person Who Knows You
MonthA'ear Month/Year
#5
To
State
1
ZIP Code
till
City (Country)
Street Address Apt. # City (Country)
Street Address Apt. ff
Name of Person Who Knows You
Month/Year MontE/Year
#6
•::,'••:,'..'...• • To
State
1
ZIP Code
1 1 1 I
City (Country)
Street Address Apt. # City (Country)
Street Address Apt. 0
Name of Person Who Knows You
State
1
ZIP Code
1 ! 1 1
City (Country)
Street Address Apt. t> City (Country)
State
|
ZIP Code
1 1 1 1
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
State
1
ZIP Code
1 I 1 1
Telephone Number
( )
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
State
1
ZIP Code
1 1 1 1
telephone Number
{ )
 •J 0  WHERE YOU WENT TO SCHOOL
      Fill in information about schools you have attended, beyond Junior High School, beginning with the most recent (#1) and working
      backward 15 years. Also list College or University degrees received beyond 15 years.
         • For schools you attended in the past 3 years, list a person who knew you at school (such as an instructor or a student).
         • For correspondence schools and extension classes, list records location address.
         • In the "Code" block, use one of these codes:  1 - High School        2 - College/University        3 - Vocational/Trade School
MonthA'ear Month/Year Code Name of School
#1
To
Degree/Diploma/Other (show each degree
and date received il Code 2)
Street Address and City (Country) of School
Name of Person Who Knew You Street Addr
Month/Year Month/Year Code Name of School
.:.-..-.:. . " To '
Street Address and City (Country) of School
Name of Person Who Knew You Street Addr
MonttVYear MonthA'ear Code Name of School
#3
To
Street Address and City (Country) of School
Name of Person Who Knew You Street Addr
BSS and City (Country) State
I
ZIP Code
I I I I
State
I
Month/Year
ZIP Code
I I I I
Telephone Number
Degree/Diploma/Other (show each degree
and date received il Code 2)

ปss and City (Country) State
I
ZIP Code
I I I I
State
I
Month/Year
ZIP Code
I I I I
Telephone !>'• •nber
Degree/Diploma/Other (show each degree
and date received il Code 2)

3SS and City (Country) State
I

ZIP Code
I I I I
Enter your Social Security Number before going to the next page •*
State
I
Month/Year
ZIP Code
I I I I
Telephone Number
| |
-I I l-l I I I I
Page 2

-------
TSCA CBI Security Manual
                                                     7700
                                                     1/93
11    YOUR EMPLOYMENT ACTIVITIES
      Fill in your employment activities, beginning with the present (#1) and working backward 15 years.  INCLUDE:
      • all full-time work                            • all paid work                              • self-employment
      • all part-time work                           • active military duty                         • all periods of unemployment
      IN THE NUMBERED ACTIVITY SECTION USE ONE OF THESE CODES IN THE CODE BLOCK:
      1 - Active military duty stations       5 - State Government (Non-
      2 - National Guard/Reserve             Federal) employment
      3 - U.S.P.H.S. Commissioned Corps  6 • Self-employment (Enter
      4 - Other Federal employment          business name and/or name
                                         of person who can verify)
7 - Unemployment (Enter name
   of person who can verify)
8 - Federal Contractor (list Con-
   tractor, not Federal agency)
9 - Other
      FOR EACH ACTIVITY SECTION, provide information requested. For example, if you had worked at XY Plumbing In Denver, CO, for 3
      separate periods of time, you would enter dates and information concerning the most recent period of employment first, and provide dates,
      position titles, and supervisors for the two previous periods of employment in the appropriate blocks below that information.  (For locations
      outside the U.S., show city and country.)
#1 Month/Year Month/Year Cod
Present To
Employer's/Verifier's Street Address
e Employer's Name/Military Service/Unemployment or Self-Employment Verifier

Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
.,:.-!
State
I
State
1 .
ZIP Code
1: 1 If
ZIP Code
1 1 .1 I-
ZIP Code
: \ J -\ :.!,;
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK ซ
Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name

Month/Year Month/Year
.'•• ' . TO ..:••.:,•.;•:
Tp
Your Position Title & Supervisor's Name

Month/Year Month/Year Cod
02
To
Employer's/Verifier's Street Address
e Employer's Name/Military Service/Unemployment or Self-Employment Verifier

Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Tide
'Slate
1
State
1
State
1
ZIP Code
I: 1 l,,l: •...
ZIP Code
1 III
ZIP Code
Jill
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION • IF CONTINUATION SHEET IS USED. SHOW BLOCK f
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name

Month/Year Month/Year Co3
#3
To
Employer's/Verifier's Street Address
e Employer's Name/Military Service/Unemployment or Self-Employment Verifier

Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
1
ZIP Code
1 ! 1 1
ZIP Code
:.!.,) 1, 1,
ZIP Code
lilt
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK ซ
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Enter your Social Security Number before going to the next page •* ( , | . | | . | , , ,
                                                                                                                    Pages

-------
 TSCA CBI Security Manual
                                                                     7700
                                                                     1/93
       YOUR EMPLOYMENT ACTIVITIES (Continued)
Month/Year Month/Year
#4
To
Employer's/Verifier's Street Ad
Code


rEmployer's Naiie/M'litary Service/Unemployment or Self-Employment Vender


dress

Street Address of Job Location (if different than Employer's Address)

Supervisor's Name & Street Address (if different than job Location)

City (Country)

City (Country)

City -vCoiiriry)

Your Position


ataie
J_
Siau,
!
Staw
	 I



-








Title


ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
ZIP Code
III!
Telephone Number
( )
Tel')phone Number
( )
To!ephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK ซ
  Month/Year Month/Year  Your Posidon Title & Supervisor's Name
          To
    Month/Year MomrvYea'   Your Position Title 3, Supervisor's Name
                                                                                 To
          To
                                                                                 To
  #5
      Month/Year Month/Year
              To
                          Code
                                  Employer's Name/Military Service/Unemployment or Self-Employment Verifier
                                                                                                      Your Position Title
Employer's/Verifier's Street Address
                                                                     City (Country)
                                                                                                       State
                                                                                                                 ZIP Code
                                                         Telephone Number
 Street Address of Job Location (if different than Employer's Address)
City (Country)
                                                                                                      Stale
                                                                                                        1
 ZIP Code
MM
elephone Number
 Supervisor's Name & Street Address (if different than Job Location)
City (Country)
                                                                                                      State
                                                                                                        1
                                                                                                                 ZIP Code
              Telephone Number
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION • IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position

Month/Year Month/Year
#6
To
Employer's/Verifier's Street Ao

Code
dress
Title & Supervisor's Name

Month/Year Month/Year
To
To
Employer's Name/Military Service/Unemployment or Self-Employment Veri

Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUA1
Your Position Tide & Supervisor's Name

fier
City (Country)
City (Country)
City (Country)
Your Position Tide
'State
1
State
.1
State
i
ZIP Code
1 1 II
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
Telephone Number
Telephone Number
Telephone Number
ION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position

Month/Year Month/Year
To

Code
Title & Supervisor's Name

Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (If different than Job Location)
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUAl
City (Country)
City (Country)
City (Country)
Your Position Tide
State
f
State
1
State
1
ZIP Code
MM
ZIP Code
III 1
ZIP Code
1 1 1 1
Telephone Number
Telephone Number
telephone Number
ION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Tide A Supervisor's Name

Month/Year Month/Year
To
To
Enter your Social Security Number before going to the next page
Your Position Title & Supervisor's Name

•* 1 1 l-l 1 l-l 1 1 1 1
Page 4

-------
TSCA CBI Security Manual
                                               7700
                                               1/93
 12   PEOPLE WHO KNOW YOU WELL
      List two people who know you well and live in the United States.
       • Don't list spouse, other relatives, or former spouses.
' Try not to list anyone mentioned in item 9, 10, or 11.
Name
#1
Home Address
Number Years Known
City (Country)
Name
#2
Home Address
Number Years Known
City (Country)
Telephone Number:
( )
Diy( ) of Might ( )
Slats
I
ZIP Code
till
Telephone Number:
( )
0ซy ( ) or Night ( )
State
I
ZIP Code
I I I I
 13     YOUR OUTSIDE ACTIVITIES
        List any activities which you may wish to have considered as reflecting favorably on your reputation for leadership, responsibility, honesty,
        and integrity in the last 15 years.  (Response Optional)
#1
#2
#3
14
Month/Year Month/Year
To


To
.' to • '
Activity


YOUR FOREIGN ACTIVITIES
a. Do you have any foreign property,
b.
c.
Location of Activity
City (Country)


business connections, or financial interests?
Are you now or have you ever been employed by or acted as a consultant for a foreign government, firm, or agency?
In the last 1 5 years, have you had
instructing you to fill out this form?
a list of countries.)
continuing contact with a national of any foreign country designated by the agency
(NOTE: If the agency wants you to answer this question, it will provide you with
Yes



State
I
I
I
No



       If you answered "Yes" to a, b, or c, explain in the space below:
 15   FOREIGN COUNTRIES YOU HAVE VISITED
      List foreign countries you have visited, beginning with the most current (#1) and working backward 15 years.
        • Do not include countries covered in items 9,10, and 11.
        • In the "Code" block, use one of these codes: 1 • Business            2 - Pleasure           3 - Education            4 - Other
Month/Year Month/Year
si ' ••" :,'l.:Tฐ . •, , :.,-
02 To
Code

Country

Month/Year Month/Year
#3 To
04 To
Code

Country

1 6 YOUR MILITARY HISTORY
a. Have you served i
Have you served i
• If your answer t
• If your answer t
n the United States military? 	
n the United States Merchant Marine? 	
o both questions is "No," GO TO QUESTION 17.
o either question is "Yes," GO TO b.
Yes


No



        b.   Starling with the most current (#1) and working backward, enter information for all periods of active service into the table below.
                • Mark "O" block for Officer or "E" block for Enlisted.
                • In the "Code" block, use one of these codes:
                 1 - Air Force  2 - Army   3 - Navy  4 - Marine Corps   5 - Coast Guard   6 • Merchant Marine   7 - National Guard
Month/Year Month/Year
ซ1 Jo
#2 • v'';Tb .;'.';; •
ซ3 To
#4 To
Code



Service/Certificate #



O



E



Status (Mark 'X' in appropriate blocks - use State Code for National Guard)
None



Active Duty



Active Reserve



National Guard
(show State)
I
I
I
I
Enter your Social Security Number before going to the next page •*
Inactive
Reserve



Retired



I I l-l I I- 1 I I I

-------
 TSCA CBI Security Manual
                                                                                                                                   7700
                                                                                                                                   1/93
 17   YOUR RELATIVES
       Give full names and enter the correct code for all relatives, living or dead, specified below:
       1 - Mother (first)     4-Stepfather              7 - Stepchild         10 - Stepbrother      13 • Half-sister           16-Guardian
       2 - Father (second)  5 - Foster parent           8 - Brother           11 - Stepsister        14 - Father-in-law
       3-Stepmother      6 - Child (adopted also)     9 - Sister            12 - Half-brother      15 - Mother-in-law
Pull Name (If dfcuisfd, chick box on thSlftt
btfon tntfring n*mป)
LJ
LJ
LJ
LJ
LJ
LJ
LJ
LJ
LJ
LJ
Cod*
1
2








mamaBtutmapssssHK
Dale oJ Birth
Month/Day/Year










Country of Birth










Country of
Citizenship










Current Street Address and Cily
(country) of Living Relatives










Statii
,
,
,
I
I
I
I
I
,
I
1 8
       YOUR MARITAL STATUS
       Mark one of the following boxes to show your current marital status:
      r~\ 1 - Never married (go to question 19)           ["""j 3 - Separated
          2 - Married                                        4 - Legally Separated
                                                                                                    R
                                           5 - Divorced
                                           6 - Widowed
      Current Spouse Complete the following about your current spouse.
Full Name
Date of Birth
Place of Birth (Include country if outside the U.S.I
Social Security Number
II -1 1 Ml
Other Names Used (Specify maiden name, names by ottier marriages, etc., and show dates used for each name)
' '

Country of Citizenship
If Separated, Date of Separation (MoJDay/Yr.)
Date Married
Place Married (Include country it outside the U.S.)
If Legally Separated, Where is trie Record Located? City (Country)
Address of Current Spouse (Street, city, and country it outside the U.S.)
State ZIP Code
I I I ^
State
I
State
I
I
      Former Spouse(s) Complete the following about your former spouse(s). use blank sheets il needed.
      Full Name
                                               Date of BirtfT
                                                              "lace of Birth (Include country if outside the U.S.)
                                                                                                                                     State

                                                                                                                                    _J
      Country or Citizenship
                                                Dale Married
                                                             Place Married (Include country if outside tfte U.Sj
                                                                        State
      Check One, Then Give Date
      [~] Divorced	Tl Widowed
                                             Month/Day/Year
If Divorced, Where is the Record Located?  City (Country)
                                                                                                                                      State
      Address of Former Spouse (Street, aty, and country if outside the U.S.)
                                                                                                                      State ZIP Code
                                                                                                                        I   I   I   I   I  I
 19   PERSONS LIVING WITH YOU
       Does the citizen of another country, or a United States citizen by other than birth, live at your residence?  If "Yes," provide the
       information required below.  If a United States citizen by other than birth lives with you, show both "United States" and prior
       country of citizenship below.  Don't list your spouse or other relatives you provided in question 17.
                                                                                                                              Yes
                                                                        No
Name of Person


Country of Citizenship


Relationship


This concludes Part 1 of this form. If you have used Page 9, continuation sheets, or blank sheets to .
complete any of the questions in Part 1 , give the number for those questions in the space to the right:
Enter your
Social Security Number before going to the
next page -ป

I I M I l-l I I I
Page6

-------
TSCA CBI Security Manual
Standard Form 86
Revised December 1990
U.S.Office of Personnel Management
FPM Chapter 732
                QUESTIONNAIRE rOH
                SENS!isVt POSITIONS
                (For National  Security)
             7700
             1/93

form npuroveo.
O.M.B No. 3P06-0007
NSN 7MO-00-634-4C36
86-110
   Part  2
20  YOUR SELECTIVE SERVICE RECORD
    a.  Are you a male born after December 31,1959? If "No," go to 21.  If "Yes," go to b.
    b.  Have you registered with the Selective Service System? if "Yes," provide youi reyisiidtiori number. I! "No," show the
        reason for your legal exemption below.
                                                                                      Yes
              No
    Registration Number
Legal Exemption Explanation
21  YOUR MIUTARY RECORD
     a.  Have you ever received other than an honorable discharge from the military? If "Yes," provide:
         Date of Discharge (Month and Year):                       Type of Discharge:
     b.  Have you ever been subject to court-martial or other disciplinary proceedings under the Uniform Code of Military Justice?
         If "Yes," list any disciplinary proceedings in the last 15 years and all courts-martial. (Include non-judicial and Captain's
         mast, etc.)
Month/Year

Charge or Specification / Action Taken

Place (City and county/country if outside the United States)

State
I
I
22  YOUR EMPLOYMENT RECORD
    Has any of the following happened to you in the last 15 years? If "Yes," begin with the most recent occurrence and go
    backward, providing date fired, quit, or left, and other information requested.

    Use the following codes and explain the reason your employment was ended:
    1 • Fired from a job           3 - Left a job by mutual agreement following allegations of misconduct   5 - Left a job for other reasons
    2 - Quit a job after being told  4 - Left a job by mutual agreement following allegations of                under unfavorable circumstances
       you'd be fired                unsatisfactory performance
: Month/Year

Code

Specify Reason

Employer's Name and Address

State
I
I
23 YOUR POLICE RECORD (Do not include anything that happened before your 16th birthday.)
a. Have you ever been charged with or convicted of any felony offense?
b. Have you ever been charged with or convicted of a firearms or explosives offense?
C. Are there currently any charges pending against you for any criminal offense?
d. Have you ever been charged with or convicted of any offense(s) related to alcohol or drugs?
G. In the last 5 years, have you been arrested for, charged with, or convicted for any offense(s) not listed in response to a, b,
c, or d above? (Leave out traffic fines of less than $100.)
ZIP Code
I I I I
I I
Yes





I I
No





        If you answered "Yes" to a, b, c, d, or e above, explain your answer(s) in the space provided.
Month/Year

Offense

Action Taken

Law Enforcement Authority or Court (City and county/country it outside the U.S.)

State
I
I
24 YOUR MEDICAL RECORD
a. Have you experienced problems on or off the job because of any emotional or mental condition?
b. Have you ever seen a health care professional for any of the types of problems mentioned above?
ZIP Code
I I I I
I I
Yes


I I
No


        If you answered "Yes" to questions a or b, explain below
Month/Year Month/Year
To
To
Explanation

Enter your Social Security Number before going to the next page •* i i - i - i i 1
                                                                                                                    Page?

-------
  TSCA CBI Security Manual
                                                                                                                     7700
                                                                                                                     1/93
 25  ILLEGAL DRUGS AND ALCOHOL
      8.  In the last 5 years, have you used, possessed, supplied, or manufactured any illegal drugs?  When used without a
          prescription, Illegal drugs Include marijuana, cocaine, hashish, narcotics (opium, morphine, codeine, heroin, etc.), stimulants
          (cocaine, amphetamines, etc.), depressants (barbiturates, methaqualone, tranquilizers, etc.), hallutinogenics (LSD, PCP,
          etc.). (NOTE: Tho Information you provide in response to this question will not be provided for use in any criminal
          proceedings against you.)
                                                                                                                 Yos
                                                      No
      b.
Have you experienced problems (disciplinary actions, evictions, formal complaints, etc.) on or off a job from your use of
illegal drugs or alcohol?
If you answered "Yes* to question a or b above, provide information relating to the types of substance(s), the nature of the activity, and
any other details relating to your involvement with illegal drugs or alcohol. Include any treatment or counseling received.
Month/Year Month/Year
To
To
to
Type of Substance


Explanation


 26  YOUR INVESTIGATIONS RECORD
      a.  Has the United States Government ever investigated your background?  If "Yes," use the codes that follow to provide the
          requested information below. If "Yes," but you can't recall the investigating agency and/or the security clearance received,
          enter "Other" agency code or clearance code, as appropriate, and "Don't know" or "Don't recall" under the "Other
          Agency" heading, below.  If your response is "No," or you don't know or can't recall if you  were investigated and cleared,
          check the "No" box.
                                                                                                                 Yes
                                                      No
      Codes for Investigating Agency
      1 - Defense Department           4 • FBI
      2 - State Department             5 - Treasury Department
      3 - Office of Personnel Management 6 - Other (Specify)
                                              Codes for Security Clearance Received
                                              0 - Not Required           3 - Top Secret                     6 - Q-Nonsensitive
                                              1 - Confidential            4 • Sensitive Compartmented Information  7 - L
                                              2 • Secret                5 - Q-Sensitive                     8 - Other
      Month/Year | Agency | Other Agency
                 Code
                                                     Clearance  Month/Year  Agency | Other Agency
                                                      Code               Code
                                                  Clearance
                                                    Code
     b.   To your knowledge, have you ever had a clearance or access authorization denied, suspended, or revoked, or have you
          ever been debarred from government employment?  If "Yes," give date of action and agency.
                                                                                                                 Yes   No
      Month/Year
                   Department or Agency Taking Action
                                                                        Month/Year
                                                                                              Department or Agency Taking Action
 27 YOUR FINANCIAL RECORD
      a.  In the last 5 years, have you, or a company over which you exercised some control, filed for bankruptcy, been declared
          bankrupt, been subject to a tax lien, or had legal judgment rendered against you for a debt?  If you answered "Yes,"
          provide date of initial action and other information requested below.
                                                                                                                 Yes
                                                      No
      Month/Year
          Type of Action    Name Action Occurred Under
Name/Address of Court or Agency Handling Case
                                                                                                                   State

                                                                                                                     I
ZIP Code

I   I   I  I
                                                                                                                     I
                                                                                                                            I
                                                                                                                          I
     b.   Are you now over 180 days delinquent on any loan or financial obligation?  Include loans or obligations funded or
          guaranteed by the Federal Government. (If an SF 171, Application for Federal Employment, will be attached, you do
          not need to repeat Federal Government delinquencies. See the instructions headed, "How is the SF 171 used with
          this form?")
          If you answered "Yes." provide the Information requested below:
                                                                                                                 Yes    No
Month/Yew




Type of Loan or Obligation
and Account *



Name/Address of Creditor or Obligee




State

1
1
1
ZIP Code

1 1 1 1
1 1 1 1
1 1 1 1
Enter your Social Security Number before going to the next page -fr i i I - 1 i | - 1 i i i |
Page 8

-------
 TSCA CBI Security Manual
     7700
     1/93
28 YOUR ASSOCIATION RECORD
8. In the last 15 years, have you been an officer or a member or made a contribution to an organization dedicated to the
violent overthrow of the United States Government and which engages In illegal activities to that end, knowing that the
organization engages In such activities with the specific intent to further such activities?
b. In the last 1 5 years, have you knowingly engaged in any acts or activities designed to overthrow the United States
Government by force? If you answered "Yes" to a or b, explain in the space below:
Yes


No


                                                    Continuation Space •
Use the continuation sheet(s) (SF86A) for additional answers to questions 9,10, and 11. Use the space below to continue answers to all other
questions and any information you would like to add.  If more space is needed than what is provided below, use a blank sheet(s) of paper.  Start
each sheet with your name and Social Security Number.  Before each answer, identify the number of the question.
After completing Parts 1 and 2 of this form and any attachments, you should review your answers to all questions to make sure the form is
complete and accurate, and then sign and date the following certification and sign and date the release on page 10. If you attach an SF 171,
Application for Federal Employment, make sure that it is updated and that any information  added to the SF 171 is initialed and dated.

                                    Certification That My Answers  Are True
I read each question asked of me and understood each question.  My statements on this form, and any attachments to thL
form, are true,.complete, and correct to the best of my knowledge and belief  and are made in good faith.  I understand that
a knowing and willful false statement on this form can be punished by fine  or imprisonment or both.
Signature (Sign In Irk)
                                                                                                Date
Enter your Social Security Number before going to the next page
                                                                                                    i  i
^1^^

-------
 TSCA CBI Security Manual
 Standard Form M
 Revised December 1990
 U.S.Offlce of Personnel Management
 FPM Chapter 732
         7700
         1/93
O.M.B. No. 3206-0007
NSN 7S4OCO-634-403I)
86-110
                     UNITED STATES OF AMERICA

                 AUTHORIZATION FOR RELEASE OF INFORMATION
           Carefully read this authorization to release information about you, then sign and date it in ink.

  I Authorize any investigator, special agent, or other duly accredited representative of the U.S.
  Office of Personnel Management, the Federal Bureau of Investigation, the Department of Defense,
  and any  authorized Federal agency, to obtain any information relating to my activities  from
  schools, residential management agents, employers, criminal justice agencies, retail business
  establishments, or other sources of information. This information may include, but is not limited
  to, my academic, residential, achievement, performance, attendance, disciplinary, employment
  history, and criminal history record information.

  I Understand that, for financial or lending institutions, medical institutions, hospitals, health
  care professionals, and other sources of information, a separate specific release will or may be
  needed, and I may be contacted for such a release at a later date.

  I Further Authorize the  U.S.  Office of Personnel  Management, the Federal Bureau of
  Investigation, the Department of Defense, and any other authorized  agency, to request criminal
  record information about me from criminal justice agencies for the purpose of determining my
  eligibility for, assignment to, or retention in, a sensitive position, in accordance with  5 U.S.C. 9101.

  I Authorize custodians of records and sources of information pertaining to me to release such
  information upon request of the investigator, special agent, or other duly accredited representative
  of any Federal agency authorized above regardless of any previous agreement to the contrary.

  I Understand that the information released by records custodians and sources of information is
  for official use by the Federal Government only for the purposes provided in this Standard Form
  86, and may be  redisclosed by the Government only as authorized by law.

  Copies of this authorization that show my signature are as valid as the original release signed by
  me. This authorization is valid for two (2) years from the date signed.
Signature (Sign In Ink)
Full Neme (Typ* or Print Liglbiy)
Other Name* UMd
Current Addreee (StrMt, CHy)
Stete
1
ZIP Cod*
1 1 1 1
Social Sซ
1 1
MM Signed
:urtty Number
•1 .1-1
1 1 1
(Indudt An* Codf)
Page 10

-------
 TSCA CBI Security Manual
Standard Form 86A
Revised December 1990
U.S.Office of Personnel Management
FPM Chapter 736
                                                                                    7700

     CONTINUATION SHEET FOR QUESTIONNAIRES       r***,***.  1/93
                  SF 86, SF 85P, AND SF 85                     OMB NO 3206*00?
For use with the SF 86, Questionnaire for Sensitive Positions (for National Security);  NSN 7540-01-268-4828
              SF 85P, Questionnaire for Public Trust Positions;                 86-202
             and SF 85, Questionnaire for Non-Sensitive Positions
INSTRUCTIONS: Use this form to continue your answers to "Where You Have Lived" and/or "Your Employment Activities." Follow the instructions on the form for the particular
questions you are answering and give information in the same sequence. Use as many continuation sheets as you need to furnish all the requested information.
Your Nปmป
WHERE YOU HAVE LIVED (Continued)
Month/Year Month/Year
To
Street Address
Name of Person Who Knows You
Month/Year Month/Year
To
Your Social Security Number

Apt.*
|

-I

-I
I

City (Country)
Street Address Apt.* City (Country)
Street Address
Name of Person Who Knew You
Month/Year Month/Year
To
Apt.*
State
I
2 ty (Country)
Street Address Apt.* City (Country)
Street Address
Name of Person Who Knew You
Month/Year Month/Year
To
Apt.*
ZIP Code
I I I I

State
I


ZIP Code
I I I I
City (Country)
Street Address Apt.* City (Country)
Street Address
Name of Person Who Knew You
Month/Year Month/Year
To
Apt.*
State
I
ZIP Code
I I I I
City (Country)
Street Address Apt.* City (Country)
Street Address
Name of Person Who Knew You
Apt.*
State
I
ZIP Code
I I I I
City (Country)
Street Address Apt.* City (Country)
State
I
ZIP Code
I I I I
State
I
ZIP Code
I I I I
Telephone Number
( )
State
I
Telephc
(
State
I
ZIP Code
I I I .:••
ne Number
ZIP Code
II II
Telephone Number
( )
State
I
ZIP Code
II I I
Telephone Number
( )
State
I
ZIP Code
I I I I
Telephone Number
( )
      YOUR EMPLOYMENT ACTIVITIES (Continued)
Month/Year Month/Year
To
Code
Employer's/ Verifier's Street Address
Employer's Name/Military Service/Unemployment or Self-Employment Verifier

Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Tide
State
[
State
I
State
I
ZIP Code
I I I I
ZIP Code
I I I I
ZIP Code
I I I I
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Month/Year Month/Year
To

Code

Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
I
State
I
State
I
ZIP Code
1 I I I
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
Telephone Number
( )
Telephone Number
( )
Telephone Number
( )
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name

Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name


-------
 TSCA CBI Security Manual
             77CO
             1/93
      YOUR EMPLOYMENT ACTIVITIES (Continued)
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
1
ZIP Code
MM
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
Telephone Number
Telephone Number
Telephone Number
 PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK t
/Month/Year Month/Year
To
To
Your Position
Title & Supervisor's Name

Month/Year Month/Year
To
Code
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Tide
State
1
State
1
State
1
ZIP Code
1 1 1 1
ZIP Code
MM
ZIP Code
1 1 1 1
Telephone Number
Telephone Number
Telephone Number
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
•Month/Year Month/Year
To
To
Your Position
Title & Supervisor's Name

Month/Year Month/Year
To
Code
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
ZIP Code
! 1 I 1
ZIP Code
1 1 1 1
ZIP Code
(Ml
Telephone Number
( )
Telephone Number
Telephone Number
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK *
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

•; Month/Year Month/Year
To
Code
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name

Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Employer's/Verifier's Street Address
Street Address of Job Location (if different than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUAT
City (Country)
City (Country)
City (Country)
Your Position Title
State
1
State
1
State
I
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
ZIP Code
1 1 1 1
Telephone Number
Telephone Number
Telephone Number
ION SHEET IS USED, SHOW BLOCK *
MonttVYear Month/Year
To
To
Your Position Title & Supervisor's Name

Enter your Social Security Number
Month/Year Month/Year
To
To

Your Position Title & Supervisor's Name

-ป 1 1 l-l 1 l-l 1 1 1 1
Standard Form 86A (Back)
December 1990

-------
                    TSCA CBI Security Manual            Appendix 4
7700
1/93
    APPLICANT
                               LEAVE BLANK
SIGNATURE OF PERSON FINGERPRINTED
RESIDENCE Of PERSON FINGERPRINTED
DATE     SIGMA TUBE Of OFFICIAL TAKING FINGERPRINTS
EMPLOYER AND ADDRESS
REASON FINGERPRINTED
                                                              TYPE OR PRINT ALL INFORMATION IN BLACK
                                                       LAST NAME NAM
                                                                                FIRST NAMC
                                                                                                   MIOMEMAMI
                                                             ;AKA
                                                                               P
                                                                               h
                                                       CITIZENSHIP {
                                                       FWN<ป.
                                                       AHMED FORCES NO. MNU
                                                       SOCIAL SECURITY NO. SOC
                                                       MISCllLANEOUS NO. MNU
                                                                                    Opt-1
                                                                                                                  ฃ1!      LEAVE BLANK
                                                                                                        WGT.
                                                                                                                      HAIR
                                                                                                             LEAVE BLANK
                                                                                                                           OATiOFIUTH
                                                                                                                                       BQง
                                                                                                                                        ^
                                                                                                                            PlACEOf URTH
                                                                                                                                        PQB
                                                                                     CLASS
 I ซ TMUMt
                                                                                         4 ซ UNO
                                                                                           I. RING
                                                                                                                      10 I LITTLi
             LEFT FOUR FINGERS TAKEN SIMULTANEOUSLY
                                                                             R THUMt
                                                                                                      RIGHT FOUR FINGfRt TAKEN SIMULTANEOUSLY

-------
TSCA CBI Security Manual
          1. LOOP
    FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
                   WASHINGTON. D.C. 20537
                          APPLICANT
  THE LINES BETWEEN CENTER Of
  LOOP AND DELTA MUST SHOW
         2. WHORL
  THESE LINES RUNNING BETWEEN
      DELTAS MUST 8E CLEAR
          3. ARCH

          HAVE NO DELTAS
                                               TO OBTAIN CLASSIFIABLE FINGERPRINTS

                                               I  USE BLACK PRINTER SINK.
                                               1  DISTRIBUTE INK EVENLY ON INKING SLAB
                                               3  WASH AND OKI FINGERS THOROUGHLY
                                               4  ROll FINGERS FROM NAU TO NAIL ANO AVOID ALLOWING FINGERS TO SUP.
                                               5  BE SURE IMPRESSIONS ARE RECORDED IN CORRECT ORDER
                                               6  IF AN AMPUTATION Oป DEFORMITY MAKES IT IMPOSSIBLE TO PRINT A FINGE*. WAXI A NOTATION TO THAT EFFECT
                                                 IN THE INDIVIDUAL FINGER BIOCK
                                               ^  IF SOME PHYSICAL CONDITION MAKES IT IMPOSSIBLE TO OBTAIN PERFECT IMPASSIONS SUIMVT TM€ BEST THAT CAN BE
                                                 OBTAINED WITH A MEVO STAPLED TO THf CARO EXPLAINING THE CIRCUMSTANCES
                                               8  EXAMINE  THE COMPiE TED PRINTS TO SEE IF THEY CAN BE CLASSIFIED SCARING IN MIND THAT MOST FINGERPRINTS
                                                 FALL INTO THE PATTERNS SHOWN ON THIS CARD (OTHER PATTERNS OCCUR INFREOUtNTlY AND ARE NOT SHOWN HERE)
                 THIS CARD FOR USE BY:
                 i    LAW ENFORCEMENT AGENCIES  IN FINGERPRINTING APPll.
                 CANTS FOR LAW ENFORCEMENT POSITIONS •
                 1    OFFICIALS  OF  STATE ANO LOCAL GOVERNMENTS FOP PUR.
                 POSES OF EMPLOYMENT  LICENSING.  ANO PERMITS  AS AUTHOR
                 IZEO BY STATE STATUTES AND  APPROVED  BY  THE ATTORNEY
                 GENERAL  OF THE UN''EO STATES  LOCAL AND  COUNTY OROI
                 NANCES  UNLESS  WTi'lCALLY  BASED ON  APPLICABLE STATE
                 STAfurESOO NOT SซTISF< fHIS REQU.REV.ENT •
                 3    U.S GOVERNMENT AGENCIES ANO OTHER ENTITIES REQUIRED
                 8Y FEDERAL LAW ••
                 <    OFFICIALS  Of  FEDERALLY  CHARTERED Oป INSURED BANK
                 .NG  INSTITUTIONS  TO  PROMOTE OR MAINTAIN  THE SECURITY
                 OF THOSE INSTITUTIONS
                 INSTRUCTIONS:
                •I    PRINTS  MUST  FIRST  BE CHECKED THROUGH  THE APPRO
                 OPIATE STATE IDENTIFICATION BUREAU  AND ONLY THOSE FINGER
                 "RINTS FOR WHICH NO DISQUALIFYING RECORD HAS BEEN FOUND
                 LOCALLY SHOULD BE SUBMITTED FOR FBI SEARCH
                 I.  PRIVACY ACT OF lซ74 (P 1. W.579I REQUIRES THAT FEDERAL
                 STATE OR LOCAL AGENCIES INFORM INDIVIDUALS WHOSE N SPACE  EMPLOYER AND ADDRESS   THE CONTRIBUTOR iS THE
                 NAME OF THE AGENCY SUBMITTING  THE FINGERPRINT CARD TO
                 'HE FBI
                 I   FBI NUMBER IF KNOWN. SHOULD ALWAYS  BE FURNISHED IN
                 THE APPROPRIATE SPACE
                 MISCELLANEOUS  NO   RECORD  OTHER  ARMED  FORCES NO
                 "ASSPORT NO  !PP). ALIEN REGISTRATION NO  Aซl  PORT  SE
                 CURITY CARD NO  (PSI SELECTIVE SERVICE NO '55) VETERANS
                 ADMINISTRATION CLAIM NO. (VA).
                                                                                                           LEAVE TUB tWE BLANK
    =0-251 IRFV.1J2M2!

-------
TSCA CBI Security Manual
                               Appendix 5                            7700
                                                                  1/93

              UNITED STATES ENVIRONMENTAL PROTECTION AGENCY

                            WASHINGTON  OC 204CO
                                    18
SUBJECT:  Roquoot for Building Paoo


FROM:     Ann M. Linnortz,ฃchiof
          Security and Property Management Branch

TO:       Projoct Officers

     Building  paoooo  aro  intended  only to  identify contractors
entering ono of tho EPA Headquarters buildings and aro not intended
for  contractors to uoo  as identification to  cash chocks, enter
othor govomnont facilities, obtain airline tickets,  rent vohicloo
or obtain hotel rooorvations.

     Building paoooo will  bo issued only to contractor employees
who work on-oito for 24 houro or more a wook.  Hanagooont personnel
who  periodically vioit  on-oito  personnel   ohall  not  bo   ioouod
Building Paoooo. Projoct Officoro whooo personnel aro on-oito  loss
than 24 houro a wook muot provide a  moaorandur  explaining the  need
for a building pass.

     Couriers ohall not  bo  issuod building passoo.

     All information must bo typed or neatly printed on tho  request
form.  If tho printed name  of tho Projoct Officer  cannot be read,
tho form will bo returned  without action.

     Tho Paoo and 10 Office is open  from 8:30 an to 3:30 pm, Monday
through  Friday and operates on  a  firot  como  first servo basis.
Individuals  requiring building  passoo  should  either  bring  the
Request  for  Building Pass  with  thao or mail  it to the Security
Office (PKL-213).  Forms  will be  maintained  in  a  suspense  file for
30 dayo affco? it io received and then returned to sender indicating
that no  action was taken.   If a requoot  for  a building  pass is
handcarriod by tho applicant,  it shall bo valid only  for  30  days
from tho dato  it io signed by  tho  Projoct Officer.

     Questions  should  be  addressed  to  the  Security  Management
Section at 382-6352.

-------
 TSCA CBI Security Manual                                               7700

                                                                1/93
 SUBJECT:   Request for Building Pass

 FROM:

           Project Officer

 TO:        H.  Brooke Hamlin,  Chief
           Security Management Section

     I request that the below listed personnel be issued a Building
 Pass.  The following data is furnished:

                          0AT1 OF SIRTM       ROOMYTRLR
CONfJUIT KAMI I 	
CONTRACT NOMBlRl  	      EXPIRATIOM DATE
NORMAL HOUR! OF WORKI   	                           _
SPICIAL ACCESS*  After 4:30  pซ        Weekend       Holiday	
LOCATION!  Wf*	 CM-2	 FAZRCIXLO 	 CRYSTAL STATION	

     I  understand  as  Project  Officer,  I  am  responsible  for
retrieving the above  building pass(es)  should:

     1.   The individual(s)  transfer or terminate and no longer
          requires access.
     2.   The individual(s)  need for access to EPA be changed to
          less than 24-hours a week.
     3.   The contract expires.
PROJECT OFFICER'S  SIGNATURE   TELfPHONl I         MAIL CODE
PO • S~TD NUMBER                 POซS DIVISION       OATB

-------
TSCA CBI Security Manual
                                                Appendix 6
                                                         7700
                                                         1/93
                                    United States Environmental Protection Agency
 A  PDA                              Washington. D.C. 20460
ซjgy|  I V\       Request for Approval of  Contractor Access
                       to TSCA Confidential Business Information
Requesting Official
Signature
Date
Title and Office
Contractor and contract number (if modification)
   I. Brief description of contract, including purposes, scope, length, and other important details. (Continue on the back of this form
   if necessary)
   II. What TSCA CBI will be required, and why? (Continue on back if necessary)
 I. Will computer access to TSCA CBI be required by the contract? If so, explain why and to what extent on the back of this form.
   If you approve this request. thiซ office will initiate procedure* to ensure compliance with the "TSCA-CBI Security Manual"
                           Approval of the Director, OPPT Information Management Division
Approved (Signature)
Date
EPA Form 7740-17 (Rev. 9-92). Replaces EPA Form 7710-15*. which is obsolete.

-------
TSCA CBI Security Manual Appendix 7 770ฐ
1/93
A CDA CONTRACTOR INFORMATION SHEET 1
OttTH CONTRACTOR TSCA CBI ACCESS/TRANSFER |
1 . Contractor Name (list all subcontractors on separate contractor information sheets)
2. Contract
Number
3. Prime 1
Sub
4. Corporate Address 5. Site Address (where TSCA CBI will be stored)
6. List Previous Contract Number if renewal

7. EPA Project
Officer
8. EPA DOPO/WAM
9. EPA Task Mgr.
10. Contractor
Project Officer
1 1 . Contractor DCO
12. Contractor Alt.
DCO
a) Name






b) Soc. Sec. No.






c) Telephone






d) Address/Mail Code






13. Description of duties to be performed by contractor that require TSCA CBI access (use attachment if necessary):
14. By Section of TSCA, type(s) of data to be accessed:
15a. Will CBI be
transferred off EPA
site under contract?
(Y/N)
17. Desired Date for
access to commence
15b. If CBI will transferred to
a site other than listed in
item 5 above, list site.
18. Access desired until
what date?
I6a. Has a contractor Security
Certification Statement been
approved by TSCA Security Staff?
(Y/N)
19. Contract Expiration Date
16b. TSCA Security Staff
Facility Inspection Date.
20. Is contract
renewable?
21 . EPA Project Officer Signature and Date
Please return this form with a copy of:
1. Statement of Work, 2. EPA form 7740-17, 3. CBI Clause from contract, and 4. Security Certification Statement 1
to: U.S. EPA, TSCA CBI Access Staff, TS-790, 401 M Street, SW, Washington, DC 20460 I
(202-260-1532) I
EPA Form 7740-27 (10/92)

-------
TSCA CBI Security Manual           Appendix 8

                        PROPOSED LANGUAGE

           DATA  SECURITY  For  TSCA  CONFIDENTIAL BUSINESS
           INFORMATION (EP 52.235-120 November 1992)


     The  Contractor  shall handle Toxic  Substances  Control  Act
(TSCA) confidential  business information in  accordance  with the
contract  clause  entitled "Treatment  of  Confidential  Business
Information" and  "Screening  Business  Information for Claims of
Confidentiality."

     (a)  The Contracting officer, after a written determination by
the appropriate program office,  may disclose  TSCA confidential
business information to the Contractor necessary to carry out the
work required under  this  contract.   The Contractor shall protect
the  TSCA  confidential  business  information  and  confidential
business information used in its computer operations (once approved
by EPA) in accordance with the following requirements:

           (1)   The Contractor  and  Contractor's  employees  shall
follow the security procedures set forth in the TSCA Confidential
Business Information Security Manual.  The manual may be obtained
from  the   Director,  Information  Management  Division, Office of
Pollution  Prevention and Toxics,  Environmental Protection Agency,
401 M St., S.W., Washington,  D. C. 20460.  Prior to receipt of TSCA
CBI by the Contractor, the Contractor will submit a certification
statement  to  the  Director  of  the  EPA, Information Management
Division, with a copy to the Contracting Officer, certifying that
all employees who will be cleared for access to TSCA confidential
business information have been briefed on the handling, control and
security requirements set forth in the TSCA Confidential Business
Information Security Manual.

           (2)  The Contractor  shall, upon request by the contracting
officer,  permit  access  to  and  inspection  of the   Contractor's
facilities in use under this contract by representatives of EPA's
Assistant  Administrator  for  Administration  and Resources Manage-
ment,  and the  TSCA  Security Staff  in  the Office  of  Pollution
Prevention and Toxics, or by the  EPA project officer.

           (3) The Contractor Document  Control Officer (DCO) shall
obtain a signed copy  of EPA Form 7740-6, " TSCA CBI  Access Request,
Agreement, and  Approval"  from each  of  the Contractor's employees
who will  have  access to  the information before  the employee is
allowed access.  In addition, the  Contractor will obtain from each
employee who will be cleared for  TSCA  CBI access all information
required by EPA or the U. S. Office of Personnel Management for EPA
to conduct a Minimum Background Investigation  (MBI).

-------
TSCA CBI Security Manual                                             7?00
                                                              1/93
      (b)  The Contractor agrees that these requirements concerning
protection of TSCA confidential business  information are included
for the benefit of, and shall be enforceable by, both EPA and any
affected business having a proprietary interest in the information.

      (c)  The  Contractor  understands that confidential business
information obtained by EPA under TSCA may not  be disclosed except
as authorized by the Act, and that any unauthorized disclosure by
the  Contractor or  the  Contractor's  employees  may subject the
Contractor and the Contractor's employees to the criminal penalties
specified  in TSCA  {15 U.S.C.  2613(d)}.   For  purpose of  this
contract, the only disclosures that EPA authorizes the Contractor
to make  are  those disclosures  set forth  in the clause entitled
"Treatment of Confidential Business Information."

      (d)  The Contractor agrees to include the provisions of this
clause, including this paragraph (d),  in  all subcontracts awarded
pursuant to this contract that require the furnishing of confiden-
tial business information to the subcontractor.

      (e)  At the  request of EPA or at the end of  the contract, the
Contractor shall  return to  EPA all documents,  logs,  and magnetic
media which contain TSCA CBI. In addition,  each  Contractor employee
who has  received  TSCA CBI clearance will sign EPA Form 7740-18,
"Confidentiality  Agreement  for Contractor  Employees  Upon  Relin-
quishing TSCA CBI Access Authority".   The  Contractor DCO will also
forward those agreements to EPA at the end of  the contract.

      (f)    If,  subsequent to  the  date   of  this contract,  the
Government changes the  security  requirements,  the  contracting
officer shall equitably adjust affected provisions of this contract
in accordance with the "Changes" clause when:

           (1) The Contractor submits a timely  written request for
an equitable adjustment; and

           (2) The facts warrant an equitable  adjustment.

-------
 TSCA CBI Security Manual         Appendix 9                           7700
                                                                1/93


  Confidentiality Agreement for United States Employees
       Upon Relinquishing TSCA CBI Access Authority
In accordance with my official duties as an employee of the United States, I have
had access to Confidential Business Information under the Toxic Substances
Control Act (TSCA, 15 U.S.C. 2601 et seq.). I understand that TSCA Confidential
Business Information may not be disclosed except as  authorized by TSCA or
Agency regulations.
I certify that  I have returned all  copies of any materials containing TSCA
Confidential Business Information in my possession to the appropriate docu-
ment control  officer specified in the procedures set forth in the TSCA Con-
fidential Business Information Security Manual.
I agree  that  I will not remove any copies  of  materials containing TSCA
Confidential Business Information from the premises of the Agency upon my
termination or transfer. I further agree that I will not disclose any TSCA
Confidential  Business Information to any person  after  my termination or
transfer.
I understand that as an employee of the United States who has had access to
TSCA Confidential Business Information, under section 14(d)ofTSCA(15U.S.C.
2613(d)) I am  liable for a possible fine of up to $5,000 and/or imprisonment for
up to one year if I willfully disclose TSCA Confidential Business Information to
any person.
If I am still employed by the United States, I also understand that I may be subject
to disciplinary action for violation of this agreement.
I am aware that I may be subject to criminal penalties under 18 U.S.C. 1001 if I
have made any statement of material facts knowing that such statement is false
or if I willfully conceal any material fact.
Name (Please type or print)
Signature
EPA ID Number
Date
 EPA Form 7740-16 (10-85) Replaces EPA Form 7710-17,           COPY 1 — TSCA SECURITY STAFF
 which is obsolete.

-------
  TSCA CBI Security Manual                                                      7700
                                                                           1/93

                         Privacy Act Statement

Collection of the information  on this form is  authorized by Section 14 of the  Toxic
Substances Control Act (TSCA), 15 USC 2613. EPA uses this information to maintain
a record of those persons cleared for access to TSCA Confidential Business Information
(CBI) and to maintain the security of TSCA CBI.

Disclosure of this information may be made to Office of Pollution Prevention and Toxics
(OPPT) contractors in order to carry out functions for EPA compatible with the purpose
for which this information is collected; to  other Federal agencies when they possess
TSCA CBI and need to  verify clearance  of EPA and  EPA  contractor employees for
access; to the Department of Justice when related to litigation or anticipated litigation
involving  the records or the subject matter of the records; to the appropriate Federal,
State, or  local agency charged with enforcing a statute or regulation, violation of which
is indicated  by a record in this system; where necessary, to  a State, Federal, or local
agency maintaining information pertinent to hiring, retention or clearance of an employee,
letting of a contract, or issuance of a grant  or other magistrate or administrative tribunal;
to opposing counsel in the course  of  settlement negotiations; and to a member of
Congress acting on behalf of an individual to whom records in the system pertain.

Furnishing  the information  on this form,  including  your Social  Security Number, is
voluntary but may prevent the contracting organization from being given access to TSCA
CBI and  may  therefore make impossible the performance of any task which requires
access to TSCA CBI.

-------
 TSCA CBI Security Manual                Appendix 10                              7700

                                                                       1/93
 	?*•••• /eerf Privacy Act Sttttmtf* on rwwrMtefer* comvfct*M thit farm.
                               united SIMM Environmental Protection Agency
                                     Washington, DC 20460
A f— a** *                            Washington. DC 20440
VC PA      Confidentiality Agreement for Contractor Employees
                  i •	.. M _ !•__ __ _! _^_ •	 __ ซW4* ^* A ^feซ*ft A _ _ _   A  _ ซ*^  • .
                   Uoon
                        Relinguisnina TSCA CBI Access Authority
Name of Employer
                                                 Contract Numbar
                            D
                             Contractor  LJ Subcontractor
       As an employee of the contractor/subcontractor named above per-
       forming work for the United States, I have been authorized access to
       confidential  business  information (CBI) submitted under the Toxic
       Substances Control Act (TSCA) (15 USC Section 2601 et seq.). This
       access authority was granted to me in order to perform my work under
       the contract number cited above.

       I understand that TSCA CBI to which I have had access under the
       contract may be used only for the purposes of performing the contract. I
       also understand that TSCA CBI may not be disclosed except as autho-
       rized by TSCA or EPA regulation.

       I certify that I have returned all copies of TSCA CBI materials in my
       possession to either the appropriate document control officer specified
       in the EPA-approved security plan in effect at my company or an EPA
       TSCA document control officer.

       I agree that I will not remove any copies of materials containing TSCA
       CBI from the premises of my company or from EPA premises upon my
       relinquishment of TSCA CBI access authority. I further agree that I will
       not disclose any TSCA CBI to any person after my relinquishment of
       TSCA CBI access authority.

       I understand that as a contractor  employee who has been authorized
       access to TSCA CBI, under Section 14
-------
TSCA CBI Security Manual                        Appendix 11

  Please read Privacy Act Statement on reverse before completing.	
                                                                                               7700
                                                                                               1/93
 SEPA
                 United States Environmental Protection Agency
                          Washington, DC 20460
    Employee  Separation or Transfer Checklist
                                                                                                   Social Security Number
                                         Part 1.  To Be Completed by Employee
 Employee Name
                                     Current Organization and Location
                                                                                                   Effective Date
 Type of Action

    Separation from Government

    Transfer to Other Government Unit
                                     Address (Forwarding or that of gaining Government unit or agency)
 Reason for Leaving
                          Part 2. Responsible Officials Must Complete AH Items in this Part
 Pleas* clear the above-named employee. Final salary payment and application for retirement will be delayed until clearance is completed.
                                 Item
                                                                        Clearance
                                                                       Yes
                                                                          Signature and Dale
 Payroll/Travel
                    Advance Leave
                    LWOP/Health Benefits
                    Outstanding Travel Advance
                    Outstanding Travel Voucher
                     GTR/Airline Ticket
                     Diners' Club (TM) Credit Card
                     Permanent Change of Station Requirements
                     Imprest Fund
                     Jury Duty Fees
                     Salary Checks
 Personnel
                     Training Termination Statements
                     Completion of Employment Agreements
 Other
                     Library Issuances
                     Security Termination Statements
                     Audiovisual Equipment
                     EPA ID Card
 Security/
 Facilities
Keys
                     Parking Permit
                     Special Credentials
                                           Part 3.  Certification and Clearance
 The Administrative Officer/Supervisor must certify that the above-named employee has accounted for the items listed below.
                                                   Clearance
                      Item
                                                   Yes
                                                         No
                                                                                    Item
                                                                                            Clearance
                                                                                                                Yes
 Personal property
                                           CBI documents
 Telephone credit cards
                                           NCC computer user ID
 Property pass(es)
                                           U.S.-GovernmenMssued Credit Card(s)
 SF-44, Purchase Orders
                                           Official Passport (If yes, phone OlA/Passport Office)
     Cleared

     Not Cleared (Explain under Remarks)
                                                  Signature of Administrative Officer or Supervisor
 Remarks
                                                         Certification
        I certify that the statements I have made on this form and all attachments thereto are true, accurate, and complete. I acknowledge
        that any knowingly false or misleading statement may be punishable by fine or imprisonment or both under applicable law.
                                                     Employee Certification
 I certify that all U.S. Government property (including an official passport) and records have been returned (Signature)    Date
                                           Personnel Office Affirmation of Clearance
 Signature of Servicing Personnel Office
                             Title
                                                                                                    Date
 EPA Form 3110-1 (Rev. 2-88) Previous editions are obsolete.      i
                                                                       Original.... Personnel
                                                                       Copy	Payroll

-------
                           Privacy Act Statement
Authority
Social Security Number: Executive Order 9397 dated November 22,1943.
Forwarding Address: Reorganization Plan Number 3 of December 2,1970.
Purposes and Uses
Social Security Number: Disclosure by you of your Social Security Number (SSN) is voluntary. It will
be used to properly identify your records on file with the U.S. EPA in various program areas from which
you are obtaining certification of clearance. The information gathered will be used only as needed to
complete the clearance process as required by EPA Order 3110.5A.
Forwarding Address:  Disclosure by you of your forwarding address is voluntary. It will be used in
forwarding official papers or appropriate information, and to mail documents to you or to a gaining
Government unit or agency.
Effects of Nondisclosure
Social Security Number Withholding the SSN will cause a delay in the separation process or may result
in your not being cleared for separation.
Forwarding Address: Withholding the forwarding address will cause a delay in the separation process
or may deter your receipt of outstanding paychecks or other authorized documents.
EPA Form 3110-1 (Rev. 2-88)

-------
TSCA CBI Security Manual                                               _
                                                                / 'UU

                                                                1/93
                                Appendix 12
                            TSCA GGKRBenUUL


                         DOES NOT CONTAIN NATIONAL
                       SECURITY INFORMATION (E.O.  12065'

-------
   i :
i
   i i
      ill
      !!
      i
     i i i
   ! ii
       : p i i : :
       mm j
         mi M
         I !i !

TSCA CBI Security Manual
            iimu
                       !i;
                                !
               Appendix 13
                                    ... ,
                                    ;7700
                                     1/93
                              Enter Document Control Number or
                                    Bar Code
        v=/EPA
       United States Environmental Protection Agency
             Washington, DC 20460
        Document Description
                              Date
        CONFIDENTIAL
   TOXIC SUBSTANCES CONTROL ACT
 CONFIDENTIAL BUSINESS INFORMATION

   Does not contain National Security Information (E.O. 12065)
The attached document contains Confidential Business Information obtained
under the Toxic Substances Control Act (TSCA 15 U.S.C 2601 et seq.)
TSCA Confidential Business Information may not be disclosed further or
copied by you except as authorized in the procedures set forth in the TSCA
Confidential Business Information Security Manual.

If you willfully disclose TSCA Confidential Business Information to any
person not authorized to receive it, you may be liable under section 14(d) of
TSCA (15 U.S.C. 2613(d)) for a possible fine up to $5,000 and/or imprison-
ment for up to one year. In addition, disclosure of TSCA Confidential
Business Information or violation of the procedures cited above may subject
you to disciplinary action with penalties ranging up to and including dis-
missal.
         CONFIDENTIAL
   EPA Form 7740-9 (rev. 10/92) Previous edition is obsolete
           ! hl
           i iil
                         iiiiii
                             IHUi

-------
TSCA CBI Security Manual Appendix 14 7700
1/93
United States Environmental Protection Agency
fl Washington, DC 20460
OEPA TSCA CBI Visitors Loa
Individual's Name


















Organization


















Date


















Time


















Purpose of Visit


















EPA Form 7740-13 (10-85)

-------
8
United States Environmental Protection Agency „, , .. ,
fฑ •— r^JL MaybeTSCAcei n . . , Does not contain National
^^kUv% when Filed in KGCGIptLOg Security Information (E.0. 12065)
%^fc-l ^^* TSCA Confidential Business Information
Date
Received








Document Control Number/
Copy Number








Number
of Pages








Received From
(Enter Company/EPA Office, City, and State)








Description








Audit








 I
 8
      EPA Form 7740-10 (10/92) Previous version is obsolete.

-------
 I
United States Environmental Protection Agency ^
^^ ^MM^ ji i j. i Does not contain National
^•^H-|JjฃX inventory LOg Security Information (E.0. 12065)
^^ •"• ^ ^ TSCA Confidential Business Information
Date
Checked Out








Document Control Number/
Copy Number








User Information
EPA ID Number








User's Name








Date
Returned








DCO
Initial








Disposition








Audit








1
00
h-H
PQ
O
U
00
H
       EPA Form 7740-11 (10/92) Previous version is obsolete.

-------
TSCA CBI Security Manual
     Appendix 17
7700
1/93
                          United States Environmental Protection Agency
                                  Washington, DC 20460
           p PA  Temporary Loan Receipt for TSCA
                     Confidential Business Information
           I acknowledge receipt of the following documents containing
           TSCA Confidential Business Information.
       I. DCN/Copy Number     Description
       2. DCN/Copy Number
Description
       3. DCN/Copy Number
Description
       4. DCN/Copy Number
Description
       5. DCN/Copy Number
Description
       6. DCN/Copy Number
Description
       7. DCN/Copy Number
Description
       Date Loaned
Name of Lender
       Name of Recipient
Signature of Recipient
                             Instructions
           1. To be used only for temporary transfer of TSCA
           CBI. Transfers for more than thirty (30) days must
           be made through a DCO.
           2. The lender must keep the original of this form
           after it has been completed and signed by the recip-
           ient, and give the  copy to the recipient.
           3. The lender must give his or her copy of this form
           to the recipient when the recipient returns the doc-
           ument(s) to the lender. The recipient should destroy
           both copies.	
        EPA Form 7740-14 (10-85) Replaces EPA Form 7710-44. which is obsolete

-------
TSCA CBI Security Manual
Appendix 18
7700
1/93
United States Environmental Protection Agency
Washington, DC 20460
1ฃSrCpy\ Permanent Transfer Receipt for TSCA
Confidential Business Information
I acknowledge receipt of the following documents containing
TSCA Confidential Business Information.
1. DCN/Copy Number
2. DCN/Copy Number
3. DCN/Copy Number
4. DCN/Copy Number
5. DCN/Copy Number
6. DCN/Copy Number
7. DCN/Copy Number
8. DCN/Copy Number
Date of transfer
Name of Recipient
Description
Description
Description
Description
Description
Description
Description
Description
Name of Sending DCO/DCA
Signature of Recipient DCO/DCA
INSTRUCTIONS
1. To be used only for permanent transfer of TSCA CBI. Transfers must be made by a
DCO/DCA.
2.The sending DCO/DCA must keep the original of this form after it has been signed and
returned by the recipient DCO/DCA. The Recipient DCO/DCA must keep a copy of the
receipt after returning the original to the sending DCO/DCA.
EPA Form 7740-26 (10/92)

-------
 TSCA CBI Security Manual
                                   Appendix 19
                                                                                               1/93
                                  United States Environmental Protection Agency
                                          Washington, DC 20460
               Memorandum  of TSCA CBI Telephone Conversation
                                       I. EPA Employee Identification
    of Employee
                                                                       Date
Organization
                                                                       Time
                                       II. Second Party Identification
Call Is:
D
      To      From
                    Name
Slumber
          Organization
III. Concerning what TSCA CBI?
IV. Content
 EPA Form 7740-12 (10-85)

-------
 D.

<
United States Environmental Protection Agency
AMMBM^ fl* •- • • M *+. i *- • i **. **• *+. , • Does not contain National
w CD/V Federal Agency, Congress, and Federal Court Sign Out Log security information (EO. isoes)
\X Cl^rV "^tenHtaS CB' TSCA Confidential Business Information
Date
Logged Out








Document Control Number/
Copy Number


•





Number
of Pages








Description








Federal Agency, Congress,
or Court








Recipient








DCO
Initial








Receipt








Date
Returned








DCO
Initial








ง
in


3
o


u
     EPA Form 7740-24 (10/92) Replaces EPA Form 7710-13 which is obsolete.

-------
TSCA CBI Security Manual
Appendix 21
7700
1/93
United States Environmental Protection Agency
Washington. DC 20460
VvEPA TSCA CBI Security Manual Update Transmittal Sheet
Transtnittal Number
\-N
















,
Date Received









•







Page(s) Replaced

















Date and Initials

















 EPA Form 7740-23 (10/92)

-------
8
ts
•O

I
 1
 CO
 kH
 8
      vvEPA
     Name:
     SSN:
                   United States Environmental Protection Agency
                      TSCA Confidential Business Information
                       Document Reconciliation Certification
                                 Organization:.
                                 Mail Code:
                        Date:
             [  ] Federal  [  ] Contractor
THE TSCA CBI DOCUMENT TRACKING SYSTEM(S) INDICATED THAT THE DOCUMENTS LISTED BELOW
HAVE BEEN LOGGED OUT IN YOUR NAME. PLEASE INVENTORY THESE DOCUMENTS AND INDICATE
THEIR CURRENT STATUS.
Document                    Logout      Login
Control Number  Bar Code     Date        Date    Status
     I HEREBY CERTIFY:

     [  ]  THAT I HAVE INVENTORIED THE DOCUMENT(S) LISTED ABOVE; THE STATUS OF EACH
         DOCUMENT IS INDICATED ABOVE.

     [  ]  I ATTENDED MY ANNUAL TSCA CBI BRIEFING ON	
     SIGNATURE
   EPA Form 7740-28 (10/92)
                         DATE
DOCUMENT CONTROL OFFICER
DATE

-------