TSCA CBI
Protection Manual
United States
^t Environmental Protection Agency
*%
Office of Pollution Prevention and Toxics
Washington, DC 20460 (7407 M)
October 20, 2003
7700 A1
-------�
TSCA CBI PROTECTION MANUAL
This page intentionally left blank.
-------�
5?
o4
o
l-h
O
O
3
rr
(D
3
-------�
TSCA CBI PROTECTION MANUAL
Table of Contents
- Summary -
[See Detailed Contents below]
Page
PREFACE -xv-
GUIDING PRINCIPLES -xvii-
CHAPTER 1
References
Ll ABBREVIATIONS AND ACRONYMS -1-
L2 GLOSSARY -3-
13 LIST OF APPENDICES -7-
CHAPTER 2
TSCA CBI Access
2.0 INTRODUCTION -9-
2.1 TSCA CBI ACCESS FOR FEDERAL EMPLOYEES: CERTIFICATION,
MAINTENANCE, SUSPENSION, AND TERMINATION -10-
2.2 TSCA CBI ACCESS FOR CONTRACTORS AND CONTRACTOR
EMPLOYEES: CERTIFICATION, MAINTENANCE, TERMINATION
AND INDUSTRY NOTICE -16-
2.3 TSCA CBI ACCESS CERTIFICATION FOR OTHER FEDERAL
AGENCIES
-25-
Table of Contents -i- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2A REQUESTS FROM CONGRESS OR THE GENERAL ACCOUNTING
OFFICE (GAO) -28-
CHAPTER 3
TSCA CBI Responsibilities
3.0 INTRODUCTION -31-
3.1 EMPLOYEE RESPONSIBILITIES -31-
3.2 MANAGER RESPONSIBILITIES -33-
3.3 DCO RESPONSIBILITIES -34-
3.4 EAD AND IMD ANNUAL REVIEW -44-
CHAPTER 4
TSCA CBI Document Management
4.0 INTRODUCTION -47-
4.1 RECEIPT OF TSCA CBI -47-
4.2 DOCUMENT TRACKING SYSTEM (DTS) REQUIREMENTS -50-
4.3 STORING TSCA CBI -53-
4.4 TSCA CBI DOCUMENTS -60-
4,5 REPRODUCING TSCA CBI -63-
4.6 TRANSFERRING, TRANSFER £CORD-KEEPING, AND
TRANSMITTING TSCA CBI -64-
4.7 USING AND HANDLING TSCA CBI -71-
4.8 USING COMPUTERS TO WORK WITH TSCA CBI -73-
Tabte of Contents ^ October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.9 DESTRUCTION OF TSCA CBI -76-
CHAPTER 5
Procedures Violations, Missing Documents and Unauthorized
Disclosures
5.0 INTRODUCTION -79-
5.1 EMPLOYEE REPORTING PROCEDURES -79-
5.2 REPORT OF VIOLATIONS TO TSS -80-
5.3 CORRECTIVE ACTION AND PENALTY GUIDELINES -82-
5.4 OPPT DIRECTOR AS ARBITER -85-
Tabte of Contents -i ii- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
This page intentionally left blank.
Table of Contents -iv- October 20, £003
-------�
TSCA CBI PROTECTION MANUAL
Table of Contents
- Detailed --
Page
PREFACE -xv-
GUIDING PRINCIPLES -xvii-
CHAPTER1
References
Ll ABBREVIATIONS AND ACRONYMS -1-
1.2 GLOSSARY -3-
L3 LIST OF APPENDICES -7-
CHAPTER 2
TSCA CBI Access
2.0 INTRODUCTION -9-
2J. TSCA CBI ACCESS FOR FEDERAL EMPLOYEES: CERTIFICATION,
MAINTENANCE, SUSPENSION, AND TERMINATION -10-
2.1.1 Re-Certification For Federal Employees -11-
2.1.1.1 Document Audit -11-
2.1.1.2 Time For Re-Certifvine : -12-
2.1.2 Failure to Maintain Access Certification -12-
Table of Contents -v- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.1.2.1 Suspension and Termination -12-
2.1.3 Suspension of Log-Out Privileges -13-
2.1.4 EPA Employee Transfers -13-
2.1.4.1 Supervisors^ Respgnsibj]'' y When Employee Transfers ... -13-
2.1.5 TSCA CBI Access Terminatio* Federal Employees -13-
2.7.5.7 TSCA CBI Access Termi? ion Procedures: Federal Employees
-14-
(a) DCO And Supervisor Responsibilities For cess Termination
-15-
(b) OPPT DCO Responsibilities For Access Termination: .. -15-
2.1.6 Unaccounted For Documents -15-
2.2 TSCA CBI ACCESS FOR CONTRACTORS AND CONTRACTOR
EMPLOYEES: CERTIFICATION, MAINTENANCE, TERMINATION
AND INDUSTRY NOTICE -16-
2.2.1 Determination of TSCA CBI Access for Contractors -16-
2.2.2 Approval for TSCA CBI Access or Expedited Approval for Immediate
Access -17-
2.2.3 Rules for Contractors -17-
2.2.4 Notice to Affected Businesses Prior To Granting Access ....... -18-
2.2.5 Requirement for Contractor DCO -19-
2.2.6 TSCA CBI Certification for Contractor Employees -19-
2.2.7 Initial Certification for Contractor Employees -20-
2.2.8 National Agency Check & Inquiries (NACI) -21-
2.2.9 TSCA CBI Re-Certification for Contractor Employees -21-
2.2.9.7 Document Audit -21-
2.2.P.2 Time for Re-Certifvme -22-
2.2.10 Failure to Maintain Access Certification for Contractor Employees
-22-
Table of Contents -vT- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.2.11 TSCA CBI Access Termination: Contractor Employees -23-
2.2.11.1 TSCA CBI Access Termination Procedures: Contractor
Employees -23-
2.2.11.2 Unaccounted For Documents -25-
2.2.12 Change in Corporate Status -25-
23 TSCA CBI ACCESS CERTIFICATION FOR OTHER FEDERAL
AGENCIES -25-
2.3.1 Procedures for Other Federal Agencies to Obtain TSCA CBI Access
-26-
2.3.2 Notice to Affected Businesses -27-
2.3.3 Security Requirements at Other Federal Agencies -28-
2A REQUESTS FROM CONGRESS OR THE GENERAL ACCOUNTING
OFFICE (GAO) -28-
CHAPTER 3
TSCA CBI Responsibilities
3.0 INTRODUCTION -31-
3.1 EMPLOYEE RESPONSIBILITIES -31-
3.1.1 Personal Accountability -31-
3.1.2 Assuring Adequate TSCA CBI Protection -31-
3.1.3 Reporting Procedural Violations -31-
3.1.4 Document Accountability -32-
3.1.5 TSCA CBI Procedure Accountability -32-
Table of Contents "5m- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
3.1.6 Return TSCA CBI Document -32-
3.1.7 Determination of TSCA CBI -32-
3.1.8 Receipt of Possible CBI -33-
3.2 MANAGER RESPONSIBILITIES -33-
3.2.1 Assigning DCO and ADCO -33-
3.3 DCO RESPONSIBILITIES -34-
3.3.1 DCOs and Alternate DCOs -34-
3.3.2 Maintaining a Document Tracking System (DTS) -34-
3.3.3 Transfer of TSCA CBI -34
33.4 Receiving TSCA CBI -35-
33.5 Proper Storage of TSCA CBI -35-
3.3.6 Records of Lock-Combinations -35-
3.3.7 Conditions For Changing Lock Combinations -36-
3.3.8 Updating The TSCA CBI Authorized Access List -36-
3.3.9 Monitoring And Controlling Release of TSCA CBI -36-
3.3.10 Overdue Materials: Monitoring And Notification -37-
3.3.11 DCO Guidance In Identifying And Sanitizing CBI Documents .. -38-
3.3.12 TSCA CBI Audits -38-
3.3.12.1 Federal DCOs And The Confidential Business Information
Center (CBIC) -38-
(a) Comprehensive Audits of Entire Collection -38-
(b) Transaction Audits ,-. ,.. -40-
£cl DCO Transition Audits -41-
Tabte of Contents -viii- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
3.3.12.2 Contractor DCOs -42-
(a) Comprehensive Audits of Entire Collection -42-
(b) Contract close-out Audits -43-
3.3.13 Termination Of Employment Or Status For DCO -44-
3.4 EAD AND IMD ANNUAL REVIEW -44-
CHAPTER 4
TSCA CBI Document Management
/
4.0 INTRODUCTION -47-
4,1 RECEIPT OF TSCA CBI -47-
4.1.1 Incoming TSCA CBI ... -47-
4.1.2 Personal File Copies - New Chemicals Program (OPPT-CCD) .. -48-
4.1.3 Supplemental Filings - New Chemicals Program (OPPT-CCD) .. -48-
4.1.4 Processing Newly Received TSCA CBI -48-
4.1.4.1 CBI Fax Transmission From Industry -49-
4.1.5 TSCA CBI Claims That Appear Unwarranted -50-
4.2 DOCUMENT TRACKING SYSTEM (DTS) REQUIREMENTS -50-
4.2.1 Use of an Automated Document Tracking System (DTS) -50-
4.2.2 Use of a Manual Document Tracking System (DTS) -51-
4.2.2.1 Receipt Los -52-
4.2.2.2 Inventory Los -52-
43 STORING TSCA CBI -53-
Table of Contents -ix- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4J ; Secure Storage Areas (SSAs) -53-
4.3.1.1 Entering An SSA With An Electronic Access Card (EAC) . . . -54-
4.3.1.2 Entering an SSA Without An Electronic Access Card -54-
4.3.1.3 Entering An SSA With Expired Certification -54-
4.3.1.4 Grantees And Interns In SSAs -54-
4.3.1.5 Visitors In SSAs -55-
4.3.1.6 Custodian, Maintenance and Delivery Persons in SSAs .... -55-
4.3.1.7 DCOs And SSAs -55-
4.3.1.8 Usine TSCA CBI Outside An SSA -56-
4.3.2 Required Storage Containers -56-
4.3.3 Storing TSCA CBI At Other Locations -56-
4.3.3.1 Storine Of TSCA CBI While Traveling -57-
4.3.3.2 Storine and Working with TSCA CBI in a Personal Residence
_57_
4.3.4 Employee Absence and Storage of TSCA C;»I -6<
4.4 TSCA CBI DOCUMENTS -60-
4.4.1 New CBI Documents -60-
4.4.2 WorkingPapers -60-
4.4.2.1 When Working Pavers Become Subject to Tracking -61-
4.4.2.2 Destroying Working Papers -61-
4.43 When CBI Documents Are No Longer CBI -61-
4.4.4 Aggregatmg CBI -62-
4.4.5 Declassifymg CBI Documents -62-
4.4.6 TSCA CBI Document Submitters: Dropping a Claim -63
4.5 REPRODUCING TSCA CBI -63-
4.5.1 Managing TSCA CBI Copies -63-
4.5.2 Copying CBI Outside SSAs .-*> -64-
Tabie of Contents ^ ~~ October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.6 TRANSFERRING, TRANSFER RECORD- KEEPING, AND
TRANSMITTING TSCA CBI -64-
4.6.1 Transferring Hard Copy TSCA CBI -64-
4.6.1.1 Procedures For Sending Or Receiving TSCA CBI -64-
4.6.1.2 Preparing CBI For Mailing -65-
4.6.1.3 Transferring TSCA CBI to Another Facility -65-
4.6.1.4 Transferring TSCA CBI to Industry -66-
4.6.2 Hard Copy TSCA CBI Transfer Record-Keeping -66-
4.6.2.1 Record-Keeping For Permanent Transfer -66-
4.6.2.2 Record-Keeping For Temporary Transfers Within A Facility -67-
4.6.3 Transmitting TSCA CBI Electronically -68-
4.6.3.1 Transmittine TSCA CBI By Telephone -68-
4.6.3.2 Transmittine TSCA CBI by Fax -69-
4.6.3.3 Transmittine TSCA CBI By E-mail -70-
4.6.3.4 Transmittine TSCA CBI By Tele-Video Conference -70-
4/7 USING AND HANDLING TSCA CBI -71-
4.8 USING COMPUTERS TO WORK WITH TSCA CBI -73-
4.8.1 Prohibition -73-
4.8.2 TSCA CBI Computers Must Be Separate From Public Networks -73-
4.8.3 Registration is Required to Use CBI Computer Systems -73-
4.8.4 Using Portable Computers (Laptops and Handheld Devices) .... -74-
4.8.5 Disposing of Computers Formerly Used for TSCA CBI -74-
4.8.6 Modems -75-
4.8.7 TSCA CBI Data Processed Only Within SSAs -75-
4.8.8 Printing CBI Information -75-
4.8.9 Storing CBI on Magnetic Media' ;-... -75-
Table of Contents ^ October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.8.10 Disposing of TSCA CBI Computer Disks -75-
4.8.11 Security for TSCA CBI Data Stored on Contractor's Off-site
Computer -76-
4.9 DESTRUCTION OF TSCA CBI -76-
4.9.1 Procedures for Destroying TSCA CBI -76-
4.9.2 Destruction Methods -77-
4.9.3 Destruction Record-Keeping -77-
4.9.4 Disposition of CBI Cover Sheets -77-
4.9.5 Contracts Involving TSCA CBI -77-
CHAPTER 5
Procedures Violations, Unaccounted For Documents and
Unauthorized Disclosures
5.0 INTRODUCTION -79-
5.1 EMPLOYEE REPORTING PROCEDURES -79-
5.1.1 Oral Report -79-
5.1.2 Written Report -80-
5.2 REPORT OF VIOLATIONS TO TSS - 80-
5.2.1 TSS Investigation -80-
5.2.2 Oral Notice to Submitter -81-
Tabte of Contents ^xIT October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
5.2.3 Report of Investigation (ROI) -81-
5.2.4 Company Notification of Improper Disclosure: EAD Director ... -81-
5.2.5 Company Notification of Documents Unaccounted for: EAD Director
-82-
5.2.6 Referral to the Inspector General -82-
5.2.7 Annual Security Report -82-
53 CORRECTIVE ACTION AND PENALTY GUIDELINES - 82-
5.3.1 Responsibility for Monitoring Compliance With Protection Manual
-82-
5.3.2 Violations by Federal Employees -83-
5.3.3 Violations by Contractor Employees -85-
5.4 OPPT DIRECTOR AS ARBITER -85-
Table of Contents -xili- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
This page intentionally left blank
Table of Contents -xi v- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
PREFACE
This Manual applies to all federal employees, contractors, and contractor
employees with access to information claimed as Toxic Substances Control
Act (TSCA) Confidential Business Information (CBI) in connection with
either their official duties or with a TSCA-related government contract, as
stated in Section 14(a) of TSCA.
This Manual does not apply to other persons, including submitters to the
Agency of TSCA CBI, nor purport hi any way to set rules regarding how
information must be submitted to the Agency or otherwise handled by
those persons.
The following general subjects correspond to the chapters in this Manual:
• Steps necessary to become authorized for access to TSCA CBI.
• Relative roles and responsibilities regarding TSCA CBI.
• Steps for use and protection of TSCA CBI.
• Procedures in cases of lost or improperly disclosed TSCA CBI.
The provisions in this Manual are designed to protect the confidential
information entrusted to the Federal Government, and to ensure that
employees and contractors are aware of the importance of adhering to the
procedures of handling TSCA CBI, their personal responsibilities in doing so,
and the consequences for failing to do so. When situations and circumstances
not specifically addressed in this Manual arise, the obligation to protect TSCA
CBI materials entrusted to EPA continues and must be ensured. For these
unspecified instances, additional protections may be recommended or required
at the appropriate time.
Most TSCA CBI is stored and handled at Environmental Protection Agency
(EPA) Headquarters in the TSCA Confidential Business Information Center
(CBIC). When necessary, EPA approves storing and handling of CBI at other
Headquarters locations as well as facilities such as EPA Regional Offices,
other federal agencies, and contractor facilities. Some differences in security
and control procedures may be necessary depending on local circumstances.
Any such differences, however, must be approved in writing by the Director
of the EPA's Office of Pollution Prevention and Toxics (OPPT) Information
-w~- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
Management Division (IMD).
Information coming to the Agency pursuant to the Lead-Based Paint Real
Estate Notification and Disclosure Rule (40 C.F.R. Part 745, Subpart F) will
be exempted from the requirements of this Manual once a replacement security
plan has been developed and approved by the OPPT Director. This
replacement security plan may be accessed by contacting the OPPT DCO. A
replacement security plan approved by the OPPT Director is binding upon
Federal and contractor employees handling Residential Lead Disclosure CBI.
Please be aware that approval of a replacement security plan does not exempt
this information from the requirements of EPA confidentiality regulations at
40 CFR Part 2, Subpart B.
The provisions of this Manual are intended to apply in all situations. From
time to time, however, extraordinary circumstances may arise presenting the
need for a change from a prescribed procedure. In such cases, the appropriate
divisional or other regional managers may apply directly in writing to the IMD
Director for an exception. In examining the justification for the requested
exception, the IMD Director will, in his/her judgment, decide whether to it
the request, in full or in part, including any conditions deemed appropriate.
This Manual is a "living" document. That is, its development and
interpretation is continuing in nature and will be amended as the need arises.
This Manual may not appear to fit some situations, or the provisions within it
may not seem to include every scenario, contingency, or specialized case. In
these situations, please call the OPPT DCO or the OPPT IMD Attorney
Advisor for special guidance or clarification.
-xvi- Octobe-20,2003
-------�
TSCACBI PROTECTION MANUAL
GUIDING PRINCIPLES
You have a responsibility to protect the information claimed as TSCA CBI.
Any document that contains TSCA CBI which you receive, retain, create, or
give to another must be protected. This is integral to your work.
The Agency tracks all documents in its possession and you, as a TSCA CBI
cleared individual, are required to undergo an annual audit of all TSCA CBI
entrusted to you by the Agency. Working papers must be individually tracked
when not in direct possession of the creator and otherwise protected until
destroyed.
You can only discuss or disseminate TSCA CBI with persons you know are
authorized for access to TSCA CBI.
If you think you may have a TSCA CBI issue or problem, you should talk with
your manager about it immediately.
You must ensure through personal accountability that you will act consistently
with all guidelines established in this manual to protect TSCA CBI.
-xvii- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
This page intentionally left blank
-xviii- October 20,2003
-------�
Chapter 1
-------�
TSCACBI PROTECTION MANUAL
CHAPTER 1
Reference
1.1 ABBREVIATIONS AND
ACRONYMS
Provided below is a list of abbreviations and acronyms used in this manual:
ADCO Alternate DCO
CBIC Confidential Business Information Center
CBITS Confidential Business Information Tracking System
CCD Chemical Control Division, OPPT
CFR Code of Federal Regulations
DCN Document Control Number
DCO Document Control Officer
DOPO Delivery Order Project Officer
DTS Document Tracking System
EAC Electronic Access Cards
EAD Environmental Assistance Division, OPPT
ECO Environmental Careers Organization
EETD Economics, Exposure and Technology Division, OPPT
EPA Environmental Protection Agency
FMSD Financial Management and Services Division
FOIA Freedom of Information Act
ID Identification
IMD Information Management Division, OPPT
ISO Information Security Officer
LAN Local Area Network
NACI National Agency Check and Inquiries
NCIC Non-Confidential Information Center
NOWCC National Older Worker Career Center employee
OAM Office of Acquisition Management
OARM Office of Administration and Resources Management
OGC Office of General Counsel
OPPT Office of Pollution Prevention and Toxics
OMB Office of Management and Budget
PC Personal Computer
PMN Premanufacture Notification
Chapter 1: Reference
-1-
October20,2003
-------�
TSCA CBI PROTECTION MANUAL
PO Project Officer
RDMB Records and Dockets Management Branch, IMD
ROI Report of Investigation
SEE Senior Environmental Employment Program
SOW Contractor Statement of Work
SSA Secure Storage Area
TSCA Toxic Substances Control Act
TSCA CBI Information submitted in connection with TSCA and claimed
as confidential business information
TSS TSCA Security Staff
WAM Work Assignment Manager
Chapter 1: Reference -2- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
1.2
GLOSSARY
Agency
DCO
The lead document control officer for the
TSCA program at EPA (aka: OPPT DCO)
Alternate
Document
Control
Officer
(ADCO)
The OPPT DCO and other DCOs can
nominate ADCOs to assist them in
performing document control functions.
ADCOs can perform all functions of a DCO.
Annual Audit
Certification Report
Employees complete these reports on an annual basis to
indicate the status of any TSCA CBI logged out in their
name.
Authorized Access List
A list of people who are authorized for access to TSCA
CBI.
Certification
The process whereby federal and contractor employees
acquire administrative access to TSCA CBI.
Contractor DCO
The document control officer designated by the Project
Officer for a TSCA CBI cleared contract.
Contractors and
Subcontractors
Persons, including individuals or business entities, who
perform work under a contract with the United States
Government or a subcontract with a contractor.
Document Control
Officer (DCO)
DCOs oversee the receipt, storage, transfer, use,
reproduction and destruction of TSCA CBI by employees.
DCOs are responsible for assisting employees in requesting
and renewing TSCA CBI access authorization, as well as
managing the manual or automated Document Tracking
System (DTS) for TSCA CBI in their facility or office.
Document Tracking
System (DTS)
A Document Tracking System is used to track receipt of
and activity involving TSCA CBI within a facility. The
system may be manual or automated (electronic).
Automated systems are recommended for high-volume
facilities.
Chapter 1: Reference
-3-
October20,2003
-------�
TSCA CBI PROTECTION MANUAL
Environmental
Assistance Division
(BAD)
HAD is responsible for oversight of the TSCA Confidential
Business Information security function. This includes
enforcement of the procedures and provisions contained in
the TSCA CBI Protection Manual.
EPA Office
Organizational element of EPA, at any level or location.
EPA Project Officer
(also known outside this
Manual as "Contract
Level COR")
The Contracting Officer's primary representative on a basic
contract who oversees the delivery order, task order or
work assignment.
Facility
Any location where EPA, a government contractor or
another federal agency stores and uses TSCA CBI.
Specific procedures may vary from location to location, but
the general procedures in this Manual are in force at all
facilities.
Federal Employee
Generally, an employee of the federal government who has
a Standard Form (SF-52) on file with the Office of
Personnel Management (OPM).
Grantee
Person who performs work under a grant.
[Under TSCA, grantees are not authorized to handle TSCA
CBI. Contact the OPPT-DCO for more information].
Hard-Copy
Data (e.g., submissions, printouts, photographs) received c
generated on paper. Also, Magnetic Media (e.g., diskette,
video tapes), and other "physical" things which can hold or
contain CBI.
Information Management
Division (IMD) Director
Within the Office of Pollution Prevention and Toxics
(OPPT) the IMD director is responsible for the day-to-day
implementation of TSCA CBI and control programs,
including the development of policies for the use and
handling of TSCA CBI and operation of the EPA
headquarters-Confidential Business Information Center
(CBIC).
Office of Pollution
Prevention and Toxics
(OPPT) Director
The OPPT director has overall authority for managing
TSCA activities, including TSCA security programs.
Chapter 1: Reference
-4-
October20,2003
-------�
TSCACBI PROTECTION MANUAL
OPPT Confidential
Business Information
Center (CBIC)
The primary area for storing and using TSCA CBI is the
EPA CBIC at EPA headquarters in Washington, D.C. If
appropriate, EPA may authorize TSCA CBI access at other
facilities including EPA regional offices, other Federal
agency offices, and contractor facilities.
OPPT Document Control
Officer (OPPT DCO)
The OPPT DCO provides day-to-day support to other
Federal and Contractor DCOs nationwide. This includes
issuing the TSCA CBI authorized access list and processing
forms and records pertaining to requests for TSCA CBI
access authority for organizations and individuals. The
OPPT DCO manages the headquarters CBIC, oversees
other DCOs at headquarters, and provides training materials
and guidance to all DCOs on appropriate TSCA CBI
handling procedures.
Originator
An employee who is responsible for determining if
documents he/she creates contain CBI and stamping them
as such.
Requesting Official
This is (1) employee's immediate supervisor or higher
authority who nominates a Federal employee for TSCA
CBI access or (2) the EPA project officer who nominates a
contractor employee for TSCA CBI access. Requesting
officials' responsibilities include ensuring that their
employees renew their TSCA CBI access authority yearly,
determining when their employees no longer require access
authority, authorizing their employees to transfer TSCA
CBI using a courier or express mail, and initiating or
reviewing their employees' reports of violation of this
manual's procedures.
Sanitize
To remove TSCA CBI from a document.
Secure Storage Area
(SSA)
An area that is secured from persons not authorized for
access to TSCA CBI. Secure storage areas house the bulk
of an organization or facility's TSCA CBI records, or serve
as an organization or facility's primary TSCA CBI work
area, or both.
Temporary Transfer
Relinquishing custody of TSCA CBI from one person to
another in the same facility on a temporary basis.
Chapter 1: Reference
-5-
October20,2003
-------�
TSCA CBI PROTECTION MANUAL
TSCA CBI
TSCA CBI LAN
TSCA CBI Materials
TSCA Security Staff
Unauthorized Access
Working Papers
TSCA information claimed business-confidential under
EPA's confidentiality regulations at 40 CFR Part 2, Subpart
B.
The physically isolated Local Area Network (LAN)
located at EPA Headquarters dedicated exclusively to
TSCA CBI.
Documents or any other information-bearing media that
contain TSCA CBI.
The TSCA security staff (of EAD) responsible for security-
related activities including reviewing security procedures,
performing facility site inspections, and investigating
violations of the procedures contained in this manual.
Access to TSCA oy persons lacking administrative
clearance or wh« , Clearance has expired.
Temporary work product documents produced by a federal
or contractor employee containing TSCA CBI, which are
subject to special handling procedures.
Chapter 1: Reference
-6-
OctoDer20,2003
-------�
TSCA CBI PROTECTION MANUAL
1.3 LIST OF APPENDICES
Appendix A
Appendix B
Appendix C
Appendix D
Appendix E
Appendix F
Appendix G
Appendix H
Appendix I
Appendix J
Appendix K
Appendix L
Appendix M
Appendix N
Appendix O
Appendix P
Appendix Q
Appendix R
Appendix S
Appendix T
Appendix U
Appendix V
Appendix W
Appendix X
Appendix Y
Appendix Z
Form 7740-6: TSCA CBI Access Request, Agreement, and
Approval
Form 7740-25: TSCA CBI ADP User Registration
Request for EPA Identification Badge
Request for Building Pass
Form 7740-28: United StatesJEnvironmental Protection Agency
TSCA Confidential Business Information Document Reconciliation
Certification
Form 7710-17: Confidentiality Agreement for United States
Employees Upon Relinquishing TSCA CBI Access Authority
Form 3110-1: Employee Separation or Transfer Checklist
Form 7740-17: Request for Approval of Contractor Access to TSCA
Confidential Business Information
EPAAR 1552.235-78: Data Security for Toxic Substances Control
Act Confidential Business Information
EPAAR 1552.235-75: Access to Toxic Substances Control Act
Confidential Business Information
EPAAR 1552.235-76: Treatment of Confidential Business
Information (TSCA)
Form 7740-27: Contractor Information Sheet - Contractor TSCA
CBI Access/Transfer
Contractor Checklist For TSCA CBI Access
Contractor Employee Checklist For TSCA CBI Access
Form 86: Questionnaire for National Security Positions
Fingerprint Card "FD258 Application"
Procedures for Terminating Contractor Access to TSCA CBI
Form 7740-18: Confidentiality Agreement for Contractor Employees
Upon Relinquishing TSCA CBI Access Authority
Form 7740-24: Federal Agency, Congress, and Federal Court Sign
Out Log
Stamp to use when Material contains TSCA CBI
Form 7740-9: Confidential Business Information Cover Sheet
Form 7740-11: Inventory Log
Form 7740-10: Receipt Log
Form 7740-13: TSCA CBI Visitors Log
Form 7740-26: Permanent Transfer Receipt for TSCA Confidential
Business Information
Form 7740-12: Memorandum of TSCA CBI Telephone Conversation
Chapter 1: Reference
-7-
October20,2003
-------�
TSCACBI PROTECTION MANUAL
Appendix AA
Appendix BB
Appendix CC
Appendix DD
Appendix EE
Form 7740-14: Temporary Loan Receipt for TSCA Confidential
Business Information
Laptop Computer Agreement for the Confidential Business
Information Center (CBIC)
Amendment Through Voluntary Withdrawal
40 CFR 2.208, TSCA CBI substantive criteria for determining
confidentiality
Taking action on TSCA CBI claims that appear unwarranted
Chapter 1: Reference
-8-
October20,2003
-------�
Chapter 2
-------�
TSCACBI PROTECTION MANUAL
CHAPTER 2
TSCA CBI Access
2.0 INTRODUCTION
This section identifies persons entitled to TSCA CBI access and addresses requirements that
must be met in order to obtain, maintain, or terminate certification to work with TSCA CBI.
Legal access to TSCA CBI is dependent on meeting the conditions found in Section 14 of
TSCA. For federal employees, qualification for access is contingent on having federal
employment and a job-related need for access to TSCA CBI. For contractor employees,
qualification for access is contingent on employment with a TSCA-related federal
contractor, a job-related need for access to TSCA CBI, and maintaining up-to-date
administrative certification.
Federal and contractor employees who have an official job-related need for TSCA CBI
access are, however, required to complete an initial administrative certification when
receiving their new job assignment, prior to working with TSCA CBI. Moreover, these
employees are required to complete an annual re-certification process for each year thereafter
for as long as their jobs require access to TSCA CBI.
Administrative TSCA CBI access, in every case, is granted solely to further the needs
and the mission of the Government
Members of the following groups are not federal employees and, consequently, are not
eligible for TSCA CBI access:
• Volunteers (unpaid staff)
• Students (except those in the Student Temporary Employment Program (STEP) -
popularly known as Stay-in-Schools, who are federal employees)
• Student Interns who are placed in EPA facilities by the Environmental Careers
Organization (ECO) and other recipients of EPA grants and cooperative agreements
• Senior Environmental Employment (SEE) program enrollees
• National Older Worker Career Center (NOWCC) staff
• Grantees
Chapter 2: TSCA CBI Access -9- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.1 TSCA CBI ACCESS FOR FEDERAL
EMPLOYEES: CERTIFICATION,
MAINTENANCE, SUSPENSION, AND
TERMINATION
The following administrative procedures, which are necessary for access, apply to federal
employees who will work with TSCA CBI for the first time, or who have let their
certification lapse:
• View the Security briefing: A federal employee's immediate supervisor is responsible
for ensuring that the employee has read this manual and viewed the security briefing
on procedures for handling TSCA CBI. The briefing, either automated or on
videotape, is arranged by the OPPT Document Control Officer (DCO) or the
employee's DCO.
• Complete one or both of the following forms (depending on the extent of access
needed) and submit them to the DCO:
1. Form 7740-6: TSCA CBI Access Request, Agreement, and Approval. [See
APPENDIX A.]
[Note: Notwithstanding the Privacy Act statement which appears in the 9-92
version o/Form 7740-6, providing a Social Security Number is not required
under Section 14 of TSCA, and is not mandatory to obtain access to TSCA
CBI. Upon request at the time of initial access, an alternate generic number
may be assigned].
1. Form 7740-25: TSCA CBI Automated Data Processing (ADP) User Registration
Form (if online access to a TSCA CBI system or database is required). [See
APPENDIX B.]
• Employee's immediate supervisor ensures that the employee has read this TSCA CBI
Protection Manual and viewed the security briefing.
• Employee's immediate supervisor signs line 20 of Form 7740-6 (general access
request form) to signify approval of TSCA CBI access and forwards it to the DCO,
or disapproves access.
Chapter 2: TSCA CBI Access -10- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
DCO reviews forms for completeness and forwards them to the OPPT DCO. [In
general, the DCO assists employees with obtaining and maintaining TSCA CBI
certification.]
Subject to the oversight of the IMD Director, the OPPT DCO reviews and approves
access and adds the employee's name to the TSCA CBI Authorized Access List.
[The OPPT DCO provides monthly updated lists to DCOs and can verify which
employees are on the latest list. The CBIC uses the list in conjunction with the
Confidential Business Information Tracking System (CBITS) to verify access.]
2.1.1 Re-Certification For Federal Employees
The OPPT DCO notifies DCOs of persons whose certifications are about to expire. Federal
employees who need TSCA CBI access in connection with their official duties must renew
their certification every year by:
1. Viewing the security briefing videos and
2. Completing the document audit procedure.
2.1.1.1 Document Audit
The following steps must be taken:
1. Employee's DCO provides list of all documents logged out to the employee. The
federal employee's immediate supervisor ensures the Document Audit is
completed.
2. Employee reconciles the document list by following the steps below:
• Verify that he/she has the listed documents in his or her possession, OR
• Return logged-out documents which are overdue to the DCO, AND
• Notify the DCO of any unaccounted for documents, and report them on the
Document Reconciliation Certificate (see APPENDIX E), OR
• Indicate on the Document Reconciliation Certificate that no documents are
Chapter 2: TSCA CBI Access TT October 20,2003
-------�
TSCACBI PROTECTION MANUAL
logged out, AND
• Sign the Document Reconciliation Certificate, to be placed in the employee's
access file for future audit.
3. If the employee fails to locate a unaccounted for documents, he or she must
follow the procedures in CHAPTER 5 concerning unaccounted-for documents.
All returned documents must be re-entered into the collection of records.
2.1.1.2 Time For Re-Certifying
The time for re-certifying access to TSCA CBI is no more than 30 days prior to an
employee's anniversary date. Employees who re-certify within this period will retain
their anniversary dates. Re-certifying prior to the 30 day window or after the anniversary
date will result in a new corresponding anniversary date.
2.1.2 Failure to Maintain Access Certification
Federal employees who miss their annual deadline to re-certify under the TSCA CBI
protection program and who continue to have access to TSCA CBI as pan of their official
responsibilities are in violation of these procedures and are subject to the correct!ve actions
and administrative penalties outlined in CHAPTER 5. [This violation of administrative
procedure is not, however, reportable to the information submitter as_an unauthorized
disclosure under Section 14 of TSCA].
2.1.2.1 Suspension and Termination
Employees who are 29 or fewerdays late in renewing their certification are suspended from
receiving access to TSCA CBI. Employees who are 30 days or more late in renewing their
certification are terminated from receiving access to TSCA CBI as part of their official
duties.
Employees who have had their access terminated must repeat initial certification, not simply
re-certification, hi order to once again receive official access.
Chapter 2: TSCA CBI Access -12- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
2.1.3 Suspension of Log-Out Privileges
If logged-out documents are overdue or are not returned or accounted for as required during
the annual Document Audit procedure (see Section 2.1. IX an employee's privilege to log out
CBI documents from secured reference areas such as the CBIC may be suspended. Once the
documents at issue are returned or accounted for, borrowing privileges will be restored.
2.1.4 EPA Employee Transfers
The OPPT DCO must be notified when an EPA employee officially transfers to another
branch, division, or office, if the new position requires TSCA CBI access. The employee
will be required to perform a document reconciliation and return all CBI documents to the
CBIC prior to receiving access for the new position. Upon completion of these two
requirements, complete access to CBI materials will be available.
2.1.4.1 Supervisors' Responsibilities When
Employee Transfers
It is the responsibility of the employee's former supervisor or DCO to notify the OPPT DCO
of the transfer. In addition, the new supervisor or DCO must submit a new Form 7740-6
(Appendix A) for the employee.
2.1.5 TSCA CBI Access Termination for Federal
Employees
TSCA CBI access terminates when the official need for access terminates, as in the following
examples:
• When a federal employee leaves federal service
• When a federal employee transfers to a new federal position
• When a federal employee receives an administrative penalty, suspending employment
or reassigning the employee to another federal position that does not require official
need for TSCA CBI
Chapter 2: TSCA CBI Access I13: October 20,2003
-------�
TSCACBI PROTECTION MANUAL
When a federal employee's duties change, and no longer require TSCA CBI access
When a federal employee fails within 30 days from the anniversary date to reconcile
the document audit report and attend the annual security briefing
2.1.5.1 TSCA CBI Access Termination Procedures:
Federal Employees
To terminate TSCA CBI access, an employee must follow the Document Audit procedure
described in the steps below. The employee receives a list of all their logged out
documents from the DCO. From that list, the terminating employee must reconcile all
documents in his/her possession by doing the following:
(Both the employee 's supervisor and DCO are responsible for ensuring that these steps
are taken)
• Either:
1. Return logged-out documents and magnetic media to the DCO (see
APPENDIX E), notify the DCO of any unaccounted for documents, and
report them on the Document Reconciliation Certificate, OR
2. Indicate on the Document Reconciliation Certificate that no documents are
logged out.
• In addition, sign the Document Reconciliation Certificate, to be placed in the
employee's access file for future audit.
(If the employee fails to locate unaccounted for documents within 5 business days
of the issuance to the employee of the list of items logged out to him/her, he/she
must follow the procedures in CHAPTER 5 concerning unaccounted-for
documents.)
• Receive from the DCO a copy of the Confidentiality Agreement the employee
signed when first assigned or hired to work with TSCA CBI. Sign and receive a
copy of a receipt for the form entitled, "Confidentiality Agreement for United
States Employees Upon Relinquishing TSCA CBI Access Authority. " [See
APPENDIX F],
• Complete EPA Form 7710-17? "Confidentiality ^Agreement for United State*
Employees upon Relinquishing TSCA CBI Access Authority. " [See APPENDIX
F].
Chapter 2: TSCA CBI Access ^ October 20, 2003
-------�
TSCA CBI PROTECTION MANUAL
2.1.5.1(a) DCO And Supervisor Responsibilities For
Access Termination
The DCO will take action on unaccounted for documents. In the case of a dispute
between the employee and DCO about whether a document is logged out, the
document will be considered possibly unaccounted for, and will be reported as such
in accordance with the Manual Procedures in CHAPTER 5.
The DCO must change the lock combinations for storage containers to which the
employee had access and remove any CBI from the employee's desk area before any
new staff arrive.
2.1.5.1(b) OPPT DCO Responsibilities For Access
Termination:
• Upon notice from the employee's DCO, remove the employee's name from the
TSCA CBI Authorized Access List.
• Arrange with IMD to invalidate the employee's TSCA CBI computer user IDs and
passwords for all TSCA CBI-related computer systems. IMD is responsible for
notifying the OPPT DCO in writing when the employee's passwords are
invalidated.
• Make immediate arrangements to invalidate the employee's electronic entry ID
card for TSCA CBI Secure Storage Areas (SSA's).
2.1.6 Unaccounted For Documents
The Facility DCO must assume that a TSCA CBI document is unaccounted for if it is not
received within 5 business days of issuing the employee the list of items logged out to
nun/her and report the document as unaccounted for according to the procedures in
CHAPTER 5.
Chapter 2: TSCA CBI Access -15- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.2 TSCA CBI ACCESS FOR CONTRACTORS
AND CONTRACTOR EMPLOYEES:
CERTIFICATION, MAINTENANCE,
TERMINATION AND INDUSTRY NOTICE
The EPA Project Officer (PO) determines if, under TSCA Section 14(a), a contractor
requires access to TSCA CBI.
2.2.1 Determination of TSCA CBI Access for
Contractors
To establish access for a contractor the PO submits Forr^ 7740-17: Request for Approval of
Contractor Access to TSCA CBI (APPENDIX H) to appropriate division director (or
equivalent supervisor) for signature, then forwards it to the IMD Director who issues final
approval in the form of a notice (as described in Section 2.2.4.}.
For new contracts (or to modify an existing contract) Fovm 7740-17 must be submitted to the
IMD Director 20 busine days before access is to begin. Form 7740-17 is submitted to the
IMD Director prior to the modification request.
The PO also must complete the following:
* Notify EPA's Office of Acquisition Management (OAM) contracting officer r
required TSCA CBI language, including the following contract clauses from the BPA
Acquisition Regulation 1901 (9/12/2000):
- Data Security for TSCA CBI (EPAAR 1552.235-78) (see APPENDIX I)
- Access to TSCA CBI (EPAAR 1552.235-75) (see APPENDIX J)
- Treatment of CBI (EPAAR 1552.235-76) (see APPENDIX K);
• Forward Form 7740-17 to OAM after the IMD Director has signed it; and
• At least 60 days prior to the date access is to begin complete a Contractor Information
Sheet, Form 7740-27 (see APPENDIX L) and forward it to the OPPT DCO.
Chapter 2: TSCA CBI Access -16- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
2.2.2 Approval for TSCA CBI Access or Expedited
Approval for Immediate Access.
The OPPT DCO will add a contractor's name to the TSCA CBI Authorized Access List
when the contractor is approved for CBI access. For contractor employees, the OPPT DCO
will notify the contractor DCO of the approval of an employee by sending the contractor
DCO the TSCA CBI Authorized Access List.
When a programmatic need can be demonstrated, expedited approval may be granted by the
IMD Director which will allow a contractor and/or contractor employee access to TSCA CBI
without having to wait 60 days after Form 7740-27 is submitted to_the OPPT DCO.
Expedited approval does not waive the requirement for the advance notice provided in
Section 2.2.4.
See APPENDIX M for a Contractor Checklist for TSCA CBI Access.
2.2.3 Rules for Contractors
Contractors who receive TSCA CBI must:
• Adhere to the terms of their contracts regarding site requirements for receiving and
maintaining TSCA CBI.
• Maintain TSCA CBI in a secure environment that meets or exceeds the requirements
in CHAPTER 4.
• Maintain the "two-barrier" system described below for establishing any TSCA CBI
storage site not located at a federal agency facility:
Barrier 1:
- Perimeter walls must be constructed "slab to slab," and must not have false
ceilings that would permit entry into the contractor's workspace from over a
corridor wall.
- Entry and exit doors must have pin-tumbler deadbolt locks or equivalents
installed (unless the. door is for emergency exit in which case it must have a
crash bar with an audible alarm).
Chapter 2: TSCA CBI Access "^T- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
- Entry and exit doors must have exposed hinge pins that are pinned or
otherwise constructed to prevent removal of the pins.
Barrier 2:
- Must have approved storage containers as described in Section 4.3.3.
• Arrange for a site inspection by TSS. TSCA CBI access will not be authorized at the
contractors site without TSS approval. TSS will communicate its approval to the
OPPT DOC (Contractors should contact TSS if they ha\c any questions about
establishing or maintaining TSCA CBI security.)
2.2.4 Notice to Affected Businesses Prior To Granting
Access
1) HOW
IMD wiH notify affected businesses in one of the following ways prior to granting TSCA
CBI access to contractors:
• Publishing a notice in the Federal Register
• Sending an individual Notice by certified mail-return receipt requested
• Sending an individual Notice by telegram
• Using any other means to give actual notice, and documenting the fact that such
notice was received.
The Notice process:
• OPPT DCO uses the Contractor Information Sheet from the PO to prepare the Notice
• IMD Director signs the Notice, authorizing access for the contractor.
2) WHEN
IMD must wait at least 5 business days following receipt or publication of the Notice before
granting access in order to allow the affected business an opportunity to comment.
Chapter 2: TSCA CBI Access ^8~- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3) WHAT
The Notice must include the following:
• Contractor company's identity
• Contract number
• Explanation of why TSCA CBI access is necessary for the performance of the
contract
• Where access is authorized (on EPA premises and/or at the contractor's facility)
• Types of information to be disclosed
• Period of time for which TSCA CBI access is authorized
2.2.5 Requirement for Contractor DCO
Each contractor with TSCA CBI access at either the contractor's facility or an EPA facility
must have a contractor DCO who must be designated before the contractor is allowed access
to TSCA CBI.
The contractor must nominate one DCO and one Alternate DCO, and notify the EPA PO of
their names. The EPA PO nominates the employees and forwards then" names, telephone and
fax numbers and e-mail and mailing addresses to the OPPT DCO. [See 3.2.11
2.2.6 TSCA CBI Certification for Contractor
Employees
Following certification of TSCA CBI access for contractor companies, contractor employees
must obtain individual access certification. All certification forms are available through the
OPPT DCO. See APPENDIX N for a Contractor Employee Checklist for TSCA CBI
Access.
After completing the above requirements (sections 2.2.1. 2.2.2. 2.2.3. 2.2.4. 2.2.5X the EPA
PO, EPA Delivery Order Project Officer (DOPO), or the EPA WAM confers with contractor
officials to determine which contractor employees require TSCA CBI access certification.
The EPA PO will request access certification for these individuals.
Chapter 2: TSCA CBI Access 9- October 20, 2003
-------�
TSCA CBI PROTECTION MANUAL
After contractor employees are certified for TSCA CBI access, they are listed on the TSCA
CBI Authorized Access List. The list provides the names of people cleared for TSCA CBI
access, including TSCA CBI computer access, and the date on which their access expires.
The OPPT DCO provides monthly copies of the updated list to DCOs. If after consulting
the list questions remain about a person's TSCA CBI certification, consult the OPPT DCO.
2.2.7 Initial Certification for Contractor Employees
Contractor employees acquire initial certification according to the process described below:
• The employee views the security briefing on procedures for handling TSCA CBI.
The contractor DCO is responsible for ensuring that contractor employees read this
Manual and view the security briefing. The briefing is arranged by the OPPT DCO
or any DCO.
• The employee completes the flowing forms and submits them to the contractor
DCO:
- Form 7740-6: TSCA CBI Access Request, Agreement, and Approval [see
APPENDIX A].
rNote: Notwithstanding the Privacy Act statement which appears in the 9-92
version of Form 7740-6, providing a Social Security Number is not required
under Section 14 of TSCA, and is not mandatory to obtain access to TSCA CBI.
Upon request at the time of initial access, an alternate generic number may be
assigned].
- Form 86: Questionnaire for National Security Positions (see APPENDIX O).
- FD-258: Fingerprint card (two originals) (see APPENDIX P).
- Form 7740-25: TSCA CBI ADP User Registration Form (for online access to a TSCA
CBI system or database) (see APPENDIX B).
• The contractor DCO reviews forms for completeness and forwards them to the EPA PO.
• The EPA PO either signs line 20 of the general access request form, indicating approval, or
disapproves access.
• The EPA PO submits the approved forms to the OPPT DCO for review and approval on that
level.
[See APPENDIX N for a Contractor Employee Checklist for.TSCA CBI Access.]
Chapter 2: TSCA CBI Access -20- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.2.8 National Agency Check & Inquiries (NACI)
All contractor employees who are granted access to TSCA CBI must successfully pass a
NACI background check to maintain TSCA CBI clearance. NACI investigations are
conducted by the U.S. Office of Personnel Management at the request of the EPA Office of
Administration and Resource Management, usually several weeks following the contractor
employee's grant of access. The EPA PO or WAM must ensure the NACI investigation
requirement is placed in the official Statement Of Work (SOW).
2.2.9 TSCA CBI Re-Certification for Contractor
Employees
The OPPT DCO notifies DCOs of persons whose certifications are about to expire.
Contractor employees who continue to require TSCA CBI access in connection with their
job-related duties must renew their certification every year by:
1. Viewing the security briefing videos, and
2. Completing the document audit procedure below.
2.2.9.1 Document Audit
The following steps must be taken:
1. The Contractor DCO provides a list of all documents logged out to the contractor
employee.
2. The Contractor employee reconciles the DCO document list by following the
procedures below:
• Return logged-out documents listed on the Document Reconciliation Certificate
to the Facility DCO (see APPENDIX E), AND
• Notify the DCO of any unaccounted for documents, and report them on the
Document Reconciliation Certificate, OR
• Indicate on the Document Reconciliation Certificate that no documents are logged
out.
• Sign" the Document Reconciliation Certificate, to be placed in the contractor
employee's access file for future audit.
Chapter 2:TSCA CBI Access ~^\- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3. If the employee fails to locate the documents, he/she must follow the procedures in
CHAPTER 5 concerning unaccounted for documents.
All returned documents must be re-entered into the collection of records.
2.2.9.2 Time for Re-Certifying
The time for re-certifying TSCA CBI is no more than 30 days prior to an employee's
anniversary date. If an employee re-certifies within this period, Jhe employee will retain
the same anniversary date. Re-certifying either prior to the 30 day window or following
the anniversary date will result hi a new corresponding anniversary date.
2.2.10 Failure to Maintain Access Certification for
Contractor Employees
Contractor employees who miss their annualjleadlines to re-certify under the TSCA CBI
security program and who continue to have access to TSCA CBI are in violation of these
procedures, and subject themselves to disciplinary or corrective action by their contractor
employer.
Contractor employees who have not re-certified for TSCA CBI access within the past year
must pass initial certification, not re-certification. EPA may suspend the access of any
contractor employee if in the Agency's judgment doing so is necessary to protect TSCA CBI
against some credible threat of loss or wrongful disclosure. For contractor employees a lapse
in certification access may result in an unauthorized disclosure reportable to the submitter
as described in CHAPTER 5.
There is no need, however, to obtain a new NACI or to be re-fingerprinted, if the employee
never left the contractor's employment. This provision applies when both of the following
conditions are true:
• The contractor continues to hold a TSCA-related contract.
• The contractor employee's job requires access to TSCA CBI.
Chapter 2: TSCA CBI Access -22- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
2.2.11 TSCA CBI Access Termination: Contractor
Employees
TSCA CBI access terminates for a contractor employee under various conditions. For
example:
• When the contract ends.
• When a contractor employee leaves the contractor's employ.
• When a contractor employee transfers to a new position which does not require TSCA
CBI access.
• When a contractor employee receives an administrative penalty from the contractor
suspending employment or the contractor employee is reassigned within the company
to another position which does not require TSCA CBI access.
• When a contractor employee's job duties change and he/she no longer requires TSCA
CBI access.
• When EPA suspends TSCA CBI access for a contractor employee under CHAPTER
5 of this Manual.
• When a contractor no longer needs access for the successful completion of an Agency
Task.
2.2.11.1 TSCA CBI Access Termination Procedures:
Contractor Employees
To terminate access to TSCA CBI, the contractor employee must follow the Document
Audit procedure described in the steps below. See APPENDIX Q for a Checklist of
Procedures for Terminating Contractor Access to TSCA CBI.
• The contractor DCO provides a list of all documents logged out to the contractor
employee. From that list, the contractor employee must reconcile all documents in
his/her possession by doing the following:
- Either return logged-out documents listed on the Document Reconciliation
Certificate to the contractor DCO (see APPENDIX E), notifying the contractor
Chapter 2: TSCA CBI Access "-23- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
DCO of any unaccounted for documents, and report them on the Document
Reconciliation Certificate, OR
- Indicate on the Document Reconciliation Certificate that no documents are logged
out.
- In addition, sign the Document Reconciliation Certificate, to be placed in the
contractor employee's access file for future audit.
If the contractor employee fails to locate any of the listed documents within 5 business
days of the issuance to the employee of the list of items logged out to him/her, he/she
must follow procedures for reporting lost documents in CHAPTER 5. Both the
contractor employer and the contractor DCO are responsible under the terms of the
contract for assuring this procedure is completed. In addition, Prior to termination of
the TSCA contract, contractor DCOs are responsible for reconciling TSCA CBI 14
calendar days before the termination date.
The Contractor DCO must also:
• Request that the OPPT DCO remove the contractor employee's name from the
TSCA CBI Authorized Access List.
• Make immediate arrangements to invalidate the contractor employee' s electronic
entry ID card for TSCA CBI.
• Change the combinations to locks for any TSCA CBI storage containers to which
the contractor employee had access.
• Provide contractor employee with copy of Confidentiali ty Agreement (Form 7740-
6) signed at the inception of assignment and obtain the contractor employee's
signature on the "Confidentiality Agreement for Contractor Employees Upon
Relinquishing TSCA CBI Access Authority" Form 7740-18. (See APPENDIX
R.)
• Remove any CBI from the contractor employee's desk area before new staff
occupies the desk.
The OPPT DCO must arrange with MD to invalidate the contractor employee's TSCA
CBI computer user ID code and passwords for all TSCA CBI-related computer systems
to which the contractor employee had access. IMD is responsible for notifying ihe OPPT
DCO in writing when the contractor employee's passwords are invalidated.
Chapter 2: TSCA CBI Access 44- October 20, 2003
-------�
TSCACBI PROTECTION MANUAL
2.2.11.2 Unaccounted For Documents
The contractor DCO must assume that a TSCA CBI document is unaccounted for when
it is not received within 5 business days of issuing the contractor employee the list of
items logged out to him/her, and report this fact under the procedures in CHAPTER 5.
2.2.12 Change In Corporate Status
When a contractor or subcontractor with access to TSCA CBI is acquired by or merged into
another company (or otherwise alters its corporate status by associating in some way with
another company) it shall provide notice to EPA prior to the transaction. EPA will allow the
contractor or subcontractor 30 days from the time of notice to complete the corporate and
employee TSCA CBI clearance procedures discussed in this section 2.2 above. If the
required notice is not given within 90 days of the transaction, then access during that time
will be considered unauthorized, and the Agency will follow the unauthorized disclosure
procedures in Chapter 5.
2.3 TSCA CBI ACCESS CERTIFICATION
FOR OTHER FEDERAL AGENCIES
Access to TSCA CBI data may be granted to other federal agencies under the following
circumstances:
• When TSCA CBI data is required to perform work for EPA.
• When TSCA CBI data is required to perform the other agency's legal duties
to protect health or the environment.
• When TSCA CBI data is^required for specific law enforcement purposes.
All persons contemplating disclosure of TSCA CBI to other federal agencies should review
the regulations at 40 CFR Sections 2.209(c) and 2.306.
Chapter 2: TSCA CBI Access -25- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.3.1 Procedures for Other Federal Agencies to
obtain TSCA CBI Access
Other federal agencies may obtain access to TSCA CBI by following the applicable
requirements outlined in 40 CFR 2.209(c), and ncluding taking the following steps:
An authorized agency representative must submit a written request to the IMD Directo;
preferably at least one month before access is to begin. The request must specify the
following:
• Information to which access is requested.
• Reason(s) why access is necessary (including the official purpose).
• Supporting details.
The request must be signed by an agency official whose authority is at least equivalent to that
of an EPA division director.
The IMD Director reviews the TSCA CBI access request and notifies the agency' s requesting
official of his/her decision. If access is approved, the IMD Director informs the agency of
the following stipulations:
• TSCA CBI is being disclosed under TSCA authority
• Unauthorized disclosure of the information may subject the agency's
employees to criminal penalties in Section 14(d) of TSCA (see CHAPTER 5)
• The agency seeking TSCA CBI access must provide written agreement that it
will not disclose TSCA CBI, except in any one of the following situations:
(i) The agency has statutory authority both to compel production of
the information and to make the proposed disclosure, and it has
furnished affected businesses with at least the same notice that
EPA would provide under EPA regulations.
(ii) The agency has obtained the consent of each affected business
prior to the proposed disclosure.
Chapter 2: TSCA CBI Access -26- October 20,2005
-------�
TSCA CBI PROTECTION MANUAL
(iii) The agency has obtained a written statement from the EPA
general counsel, or an EPA regional counsel, that disclosure of
the information is authorized under EPA regulations.
[Note: If the other federal agency is obtaining access to TSCA CBI for purposes not on
behalf of EPA, notice must first be provided to affected businesses as provided in Section
2.3.2 just belowl.
Once access has been granted, designated employees of the other federal agency can obtain
access to specified TSCA CBI on EPA premises. The procedures for individual employees
to obtain certification for TSCA CBI access are explained in Section 2.1 of this Manual.
Employees of other federal agencies are not allowed to remove from EPA premises any
documents, notes, or correspondence containing TSCA CBI and must not discuss TSCA CBI
with unauthorized individuals. Only a DCO may remove TSCA CBI from EPA premises.
TSCA CBI must therefore be transferred from an EPA DCO to a Facility Agency DCO.
When a programmatic need can be demonstrated (and when the other federal agency needs
TSCA CBI access to perform a function on behalf of EPA) expedited approval may be
granted by the IMD Director which will allow a federal agency access to TSCA CBI before
receiving final approval from the OPPT DCO.
2.3.2 Notice to Affected Businesses
Before granting TSCA CBI access to another agency, in order to do work not on behalf of
EPA, IMD provides written Notice to affected businesses. The Notice must be given at least
10 calendar days before access can be granted via publication in the Federal Register,
telegram, or certified mail (return receipt requested). No Notice to affected businesses is
required however, when EPA discloses TSCA CBI to another agency to perform work for
EPA (as described in 40 CFR Sections 2.209(c) and 2.306(h)).
IMD will prepare the Notice, which must include the following:
• Identity of the agency to which TSCA CBI access is granted.
• Official purpose for the access.
• If access is authorized on EPA premises or at the other agency' s facilities (see
Section 2.3.3).
• Types of information to be disclosed.
• Period of time for which access to TSCA CBI is authorized.
Chapter 2: TSCA CBI Access ^27~- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
2.3.3 Security Requirements at Other Federal
Agencies
In order for the other agency to obtain access to TSCA CBI on its own premises, the
requesting official to whom TSCA CBI is to be transferred, must nominate at least two
people as a DCO and an Alternate DCO (ADCO). The nomination, submitted in writing to
the OPPT DCO for approval, must include the names, telephone and fax numbers, and e -mail
and mailing addresses of the nominees. The requesting official or the DCO can also
nominate ADCOs to assist the DCO in day-to-day operations. ADCOs can perform the same
duties as DCOs (including signing EPA Form 7740-28).
The following are required for TSCA CBI access on the other agency's premises:
• Agency security procedures and standards that equal or surpass those set forth
in this manual. The requesting official must provide to TSS a written
statement of the agency's security procedures for handling TSCA CBI. The
statement should state that the security procedures in this Manual have been
adopted, or how the security procedures used by the agency differ from those
in this Manual.
• EPA TSS inspection and approval of the agency's TSCA CBI storage
facilities. The inspection is ; be arranged by the requesting official.
[NOTE: TSS will not be required to inspect facilities in other federal agencies where CBI
is stored in approved storage containers as referenced in Section 4.3.3.1
2.4 REQUESTS FROM CONGRESS OR THE
GENERAL ACCOUNTING OFFICE (GAO)
EPA, federal, and contractor employees mu*;t notify the IMD Director immediately when
they receive a request from Congress or f " AO for information that requires access to
TSCA CBI. Pursuant to 40 CFR 2.209, TS . ^BI access is allowed only when the request
is made by the Speaker of the House of Representatives, the President of the Senate, a
chairman of a Congressional committee or subcommittee, or the Comptroller General. All
document access will be provided by the OPPT DCO, who will record all transactions on the
Federal Agency, Congress, and Federal Court Sign-Out Log, Form 7740-24 (see
APPENDIX S).
• When EPA allows access to TSCA CBJ by Congress or. the GAO, EPA must
provide written notice to affected businesses at least 10 calendar days prior to
disclosure unless Congress or GAO directs otherwise or does not give
Chapter 2: TSCA CBI Access &- .October 20, 2003
-------�
TSCACBI PROTECTION MANUAL
sufficient time. In the latter case, notice shall be given as promptly as possible
[see 40 CFR 2.209(b)(2)]. Such notice may be given via publication of a
Notice in the Federal Register, or via telegram or certified mail (return receipt
requested). IMD will prepare the Notice, which must include:
- Whether access is authorized on EPA premises or at the other agency' s
facilities
Type of information to be disclosed
- Period of time for which need for access to TSCA CBI is expected.
-29- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
This page intentionally left blank
-30- October 20,2003
-------�
Chapter 3
-------�
TSCA CBI PROTECTION MANUAL
CHAPTER 3
TSCA CBI Responsibilities
3.0 INTRODUCTION
Proper protective controls must be followed by employees of EPA, other federal agencies,
and contractors with access to TSCA CBI who handle, store, or transfer any TSCA CBI.
3.1 EMPLOYEE RESPONSIBILITIES
3.1.1 Personal Accountability
EPA holds every employee with access to TSCA CBI access personally responsible for
adhering to the handling and security procedures in this Manual.
3.1.2 Assuring Adequate TSCA CBI Protection
Each employee with TSCA CBI access is required to inform management immediately if
he/she discovers that any procedure in this manual does not provide adequate protection for
TSCA CBI. In addition, those employees are encouraged to suggest changes to improve
protection.
3.1.3 Reporting Procedural Violations
Each employee who has access to TSCA CBI is required to report immediately in writing
any potential violations of these procedures to his/her immediate supervisor, and if
applicable, the Contractor PO (see Section 5.1).
Chapter 3: TSCA CB! Responsibilities -31- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.1.4 Document Accountability
Employees are accountable for all TSCA CBI received from a DCO or other TSCA
CBI-authorized employee, printed from the TSCA CBI LAN, or recorded on magnetic,
optical, or other storage medium.
3.1.5 TSCA CBI Procedure Accountability
Employees are required to adhere to the procedures established by management and their
DCO for protecting and handling TSCA CBI to prevent disclosure to anyone not authorized
under TSCA Section 14 for access to CBI.
3.1.6 Return TSCA CBI Document
Employees are permitted to log out TSCA CBI documents from their DCO and to keep the
documents in an approved storage container as defined in Section 4.3.3. or approved SSA
as defined in Section 4.3.1. for up to a year. Employe? must return TSCA CBI to the DCO
as soon as the material is no longer needed.
Any material kept longer than a year is considered overdue; the DCO will notify the
employee responsible. Materials that are not returned to the DCO within 14 days of
notification are presumed to be unaccounted for. The DCO must notify his/her division
director of unaccounted for materials, pursuant to the procedures in CHAPTER 5. If the
employee does not return overdue materials to the DCO within 14 days of notification, the
employee's access to TSCA CBI may be suspended. Once the documents at issue are
returned or accounted for, CBI access will be restored.
3.1.7 Determination of TSCA CBI
It is an employee's responsibility to decide if an existing document submitted to the Agency,
or a document newly created by the mployee, contains TSCA CBI. An employee who is
unable to determine if a document is CBI should consult with his/her supervisor or DCO.
If the issue remains unresolved, the employee should consult the chief of the IMD Records
and Dockets Management Branch (RDMB), or equivalent.
Chapter 3: TSCA CBI Responsibilities -32- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.1.8 Receipt of Possible CBI
If an employee receives materials (labeled or unlabeled CBI) via mail or other means which
appear to be TSCA CBI, he/she must immediately take those materials to the DCO for
assessment and, if warranted, entry into the Document Tracking System (DTS). [See Section
4.1.11.
3.2 MANAGER RESPONSIBILITIES
Program and office managers must continually ensure the following:
• Adequate personnel are available to carry out the DCO and ADCO
responsibilities under the manager's supervision
• Proper physical control measures are implemented in areas where TSCA CBI
is maintained and tracked
• Subordinate POs.DOPOs, and WAMs follow TSCA CBI security procedures
while administering contracts
• Quarterly meetings are held with contractor POs to ensure that contractor
employees are following TSCA CBI security procedures
• Employees under their supervision who require TSCA CBI access maintain
current certification.
3.2.1 Assigning a DCO and ADCO
The EPA manager (or Project Officer for the contractor DCO - see 2.2.5). is responsible for
nominating two employees to act as the DCO and alternate DCO, respectively. The manager
(or Project Officer) must submit this nomination to the OPPT DCO. The nomination,
submitted in writing, must include each nominee's name, telephone number, e-mail address,
fax number, and mailing address. The contractor DCO must be in place before the contractor
is allowed access to TSCA CBI.
Chapter 3: TSCA CBI Responsibilities -33- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.3 DCO RESPONSIBILITIES
DCOs manage their facilities' Document Tracking Systems (DTS) and oversee the receipt,
storage, transfer, and use of TSCA CBI by employees in their facilities.
3.3.1 DCOs and Alternate DCOs
All facilities authorized for TSCA CBI access must have at least one DCO and an ADCO;
other ADCOs may be assigned.
DCOs and Alternate DCOs must be approved by the OPPT DCO before transfer of CBI to
any facility. In addition, the OPPT DCO is responsible for providing guidance to all DCOs
and ADCOs on appropriate document handling procedures.
3.3.2 Maintaining a Document Tracking System
(DTS)
The DCO is responsible for implementing and maintaining a Document Tracking System
for his/her respective facility, to track the receipt, use, and transfer of TSCA CBI. All TSCA
CBI submitted to EPA, and any produced by federal and contractor employees (except as
described in Section 4.4), are monitored through a facility DTS (See Section 4.2 on the
requirements for a DTS).
3.3.3 Transfer of TSCA CBI
A DCO must approve the transfer of TSCA CBI to a federal or contractor facility according
to procedures in CHAPTER 4. In order to transfer a copy of a TSCA CBI submission to a
requesting submitter, the submitter must provide to EPA a letter on corporate stationery
which is signed by a designated corporate official indicating the person authorized to receive
the copy (unless a designated representative is already on file). This letter should be
submitted to the OPPT DCO.
The DCO may send TSCA CBI by courier or certified mail (with return receipt) in
accordance with procedures in CHAPTER 4 of this manual. The DCO must notify the
receiving DCO before sending the TSCA CBI.
Chapter 3: TSCA CBI Responsibilities &T-October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.3.4 Receiving TSCA CBI
The receiving DCO must review incoming TSCA CBI for completeness. If the documents
appear incomplete, the DCO must immediately contact the submitter to determine if there
was an omission. If the materials appear to be complete, the DCO will do the following:
1. Stamp the document as TSCA CBI (see APPENDIX T). The stamp is applied
to the front page, and the blank back page (if not blank, the blank back cover).
2. Assign a DCN, if one has not already been assigned.
3. Attach a TSCA CBI cover sheet (see APPENDIX U) to the front of the
document. The DCO must write the DCN on the cover sheet and first page of
the document unless the document is transferred to the CBIC.
3.3.5 Proper Storage of TSCA CBI
DCOs are responsible for ensuring that employees at their facilities are storing documents
properly. [Procedures on storing TSCA CBI can be found in Section 4.3].
If an employee who works in an SSA will be out of the office for more than 7 calendar days,
all TSCA CBI in his/her possession must be locked away in an approved TSCA CBI storage
container. If the employee is unable to do this due to illness or other reason, the employee's
supervisor or DCO will ensure the materials are stored in accordance with procedure. [See,
specifically, Section 4.3.4, Employee Absence and Storage of TSCA CBI and Section 4.3.1.8,
Using TSCA CBI outside an SSA].
The DCO supervises the storage of TSCA CBI in secure storage containers or in a
centralized secure TSCA CBI storage area (Section 43). The responsibilities of the DCO
and employee apply to CBI stored on paper or in digital form on magnetic disks, optical
disks, or other medium. One exception to this requirement is when an employee's duties
require that he/she be assigned individual responsibility for a specific secure storage
container within an office (such as a Mosler safe or bar lock cabinet).
3.3.6 Records of Lock-Combinations
DCOs and other designated persons have the following responsibilities in maintaining
records of lock combinations for rooms and containers in which TSCA CBI is stored:
Chapter 3: TSCA CBI Responsibilities October 20, 2003
-------�
TSCACBI PROTECTION MANUAL
DCOs must maintain a list of combinations for TSCA CBI storage containers
and rooms controlled by a particular division, facility, program, or office
The OPPT DCO must maintain a list of combinations for containers and rooms
assigned to IMD, and for all containers and rooms in OPPT not' r any
specific division's control
Facilities Management Services Division must maintain a master list of
combinations for all TSCA CBI locks at EPA Headquarters.
3.3.7 Conditions For Changing Lock Combinations
The DCO is required to change lock combinations annually or if any of the following occurs:
• Each time a person who knows a combination relinquishes his/her TSCA CBI
access authority
• When a storage container is put into, or taken out of operation
• If there is a known or possible compromise of TSCA CBI data in the storage
container.
If any of the above three events occur, DCOs at EPA Headquarters must notify FMSD,
which is responsible for changing the lock combinations.
3.3.8 Updating The TSCA CBI Authorized
Access List
Each DCO bears responsibility for keeping the TSCA CBI Authorized Access List current.
By the 15th of each month DCOs must notify the OPPT DCO of any for whom they are
responsible who should be added to or deleted from the list.
3.3.9 Monitoring And Controlling Release of
TSCA CBI
DCO steps for providing TSCA CBI are described below:
• The DCO receives a request from an employee for a specific TSCA CBI
Chapter 3: TSCA CBI Responsibilities October 20, 2003
-------�
TSCA CBI PROTECTION MANUAL
document.
• The DCO locates the document and notifies the requesting employee.
• When the employee is ready to receive the document, the DCO verifies the
requesting employee's TSCA CBI certification by checking the TSCA CBI
Authorized Access List.
• The DCO logs the document out to the employee using an automated or
manual document Inventory Log. See APPENDIX V.
3.3.10 Overdue Materials: Monitoring And
Notification
The DCO monitors TSCA CBI, and notifies employees and supervisors when it becomes
overdue. DCOs must monitor the Inventory Log for TSCA CBI materials which have not
been returned within the required one-year period. The DCO will notify employees and
their supervisors of overdue materials by distributing to each a list of all TSCA CBI
documents logged out to the employee before the annual security briefing and TSCA CBI
re-certification are accomplished. Any material kept longer than a year is considered
overdue; the DCO will notify the employee responsible. Materials that are not returned to
the DCO within 5 days of notification are presumed unaccounted for. The DCO must notify
his/her division director of unaccounted-for materials pursuant to the procedures in
CHAPTER 5. If the employee does not return overdue materials to the DCO within 14 days
of notification, the employee's access to TSCA CBI may be suspended. Once the documents
at issue are returned or accounted for, CBI access will be restored. [See also sections 3.1.6
Return TSCA CBI Documents, and 2.1.3 Suspension of Log-out Privileges].
In general, TSCA CBI may not be logged out from a centralized TSCA CBI storage facility
for more than one year without renewal. Exceptions to this rule include the following:
• Regional DCOs may receive documents as permanent log-outs
• Contractor DCOs may receive documents as permanent logouts through the
end of then* contract
• The OPPT DCO in certain circumstances may grant permanent log-out status
to other DCO collections on an as-needed basis*
Chapter 3: TSCA CBI Responsibilities -37- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.3.11 DCO Guidance In Identifying And
Sanitizing CBI Documents
The DCO assists employees in determining whether documents contain TSCA CBI and in
sanitizing documents for public disclosure.
The responsibility for determining whether documents contain TSCA CBI rests with the
document's originator (see Section 4.1). Employees who are unable to determine if
something is confidential should consult with their supervisor or DCO. If the issue remains
unresolved, the employee should consult the chief of MD RDMB. The DCO also instructs
document originators on how to sanitize a TSCA CBI document if the document is going to
be released to the public.
The DCO controls and documents the reproduction and destruction of TSCA CBI. TSCA
CBI (except for working papers as discussed hi CHAPTER 4) are reproduced or destroyed
only by a DCO or ADCO. Specific procedures for reproduction and destruction are set forth
in CHAPTER 4.
3.3.12 TSCA CBI Audits
The following section describes the requirements to audit TSCA CBI for federal and
contractor entities:
3.3.12.1 Federal DCOs And The Confidential Business
Information Center (CBIC)
[NOTE: This section applies to all Federal TSCA CBI collections and the CBIC, which is managed
under contract by the OPPT DCO.]
3.3.12.1(a) Comprehensive Audits of Entire
Collection
By April 1, 2004, -ach DCO must conduct an audit of all TSCA CBI in the
DCO's collection as of December 31, 2003. This step must be performed
every fourth year subsequent .to the completion of the first comprehensive
audit. For the intervening years, an annual transaction audit shall be
conducted as outlined in Section 3.3.12. Kb). As an example, the next
Chapter 3: TSCA CBI Responsibilities :38:October 20,2003
-------�
TSCACBI PROTECTION MANUAL
comprehensive audit would be conducted by April 1, 2007 for all TSCA CBI
in the DCO's collection as of December 31,2006.
Each DCO must take the following steps in performing the comprehensive
CBIaudit:
1) Audit all CBI documents in the Receipt Log or equivalent automated
tracking system, comparing the physical document collection with the
information in the log or tracking system.
2) Reconcile the TSCA CBI documents in the Receipt Log with the
transactions listed in the Inventory Log (e.g., shred, transferred, logged
out, declassified).
3) Locate any documents logged out for more than 1 year.
4) Verify the status of documents indicated in the Inventory Log or
tracking system as having been shredded. The TSCA CBI cover sheet
must be used to verify that CBI documents have been destroyed.
[NOTE: TSCA CBI cover sheets must be retained until the next
comprehensive audit cycle is complete.]
5) Certify that the tracking system has been updated to reflect the results
of the audit.
Prior to April 1, 2004, and for every fourth year thereafter, the DCO must
submit a final report to his/her supervisor or contract manager. This report
must contain, at a minimum:
• Description of the audit methodology
• Total number of documents audited
• Description of any documents not located
• The tracking number (document control number) of any documents not
located
The final audit report will be forwarded by the supervisor or contract manager
to the OPPT DCO and TSS. If any TSCA CBI documents cannot be located
during the audit, the DCO must follow the procedures outlined in CHAPTER
5 for reporting potential violations.
Chapter 3: TSCA CBI Responsibilities -39- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.3.12.1 (b) Transaction Audits
Before April 1 of each year for which a comprehensive audit (as described in
3.3.12.1(aV) is not required, ea<~h DCO must conduct an annual audit of TSCA
CBI in the DCO's collection ;.,at consists of:
1) All documents initial'- received by the DCO between January 1 and
December 31 of the previous calendar year.
2) All documents that were logged out and then returned to the DCO
between January 1 and December 31 of the previous calendar year.
Each DCO must also:
3) Locate any documents. Bogged out for more than 1 year
4) Verify the status of ' cuments indicated in the tracking system or
Inventory Log as shi :d. The TSCA CBI cover sheet must be used
to verify that CBI doc ML x.nts have been destroyed. [NOTE: TSCA CBI
cover sheets must be retained until the next comprehensive audit cycle
is complete.]
5) Certify that the tracking system has been updated to reflect the results
of the audit.
Prior to April 1, the DCO must submit a final report to his/her supervisor or
contract manager. This report must contain, at minimum:
• Description of the audit methodology
• Total number of documents audited
• Description of any documents not located
• The tracking number (document control number) of any documents not
located
The final audit report will be forwarded by the supervisor or contract manager
to the OPPT DCO and TSS. If any TSCA CBI documents cannc IDC located
during the audit, the DCO must follow the procedures outlined in CHAPTER
5 for reporting potential violations.
Chapter 3: TSCA CBI Responsibilities -40- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
3.3.12.1(c) DCO Transition Audits
This procedure must be followed when DCOs terminate their employment or
relinquish DCO responsibilities. The outgoing DCO must perform the
following steps prior to transferring any TSCA CBI to a new DCO:
1) Audit all CBI documents in the .Receipt Log or equivalent automated
tracking system, comparing the physical document collection with the
information in the log or tracking system.
2) Reconcile the TSCA CBI documents in the Receipt Log with the
transactions listed in the Inventory Log (e.g., shredded, transferred,
logged out, declassified).
3) Locate any documents logged out for more than 1 year.
4) Verify the status of documents indicated in the Inventory Log or
tracking system as shredded. The TSCA CBI cover sheet must be used
to verify that CBI records have been destroyed. [NOTE: TSCA CBI
cover sheets must be retained until the next comprehensive audit cycle
is complete.]
5) Certify that the tracking system has been updated to reflect the results
of the audit.
Prior to transferring the collection to the incoming DCO, the outgoing DCO
must submit a final report to his/her supervisor or contract manager. This
report must contain, at a minimum:
• Description of the audit methodology
• Total number of documents audited
• Description of any documents not located
• The tracking number (document control number) of any documents not
located
The final audit report will be forwarded by the supervisor or contract manager
to the OPPT DCO and TSS. If any TSCA CBI documents cannot be located
during the audit, the incoming DCO must follow the procedures outlined in
CHAPTER 5 for reporting potential violations.
Chapter 3: TSCA CBI Responsibilities 4\- October 20, 2003
-------�
TSCA CBI PROTECTION MANUAL
3.3.12.2 Contractor DCOs
FNOTE: This section applies to all contractor TSCA CBI collections.]
3.3.12.2(a) Comprehensive Audits of Entire
Collection
By April 1, 2004, each contractor DCO must conduct an audit of all TSCA
CBI in the DCO's collection > of December 31, 2003. This comprehensive
au '.'t shall be conducted for each year thereafter for all TSCA CBI in the
DLO's collection as of December 31 of the previous year.
The DCO must take the following steps in performing the CBI audit:
1) Audit all CBI documents in the Receipt Log or equivalent tracking
system, comparing the physical document collection with the
information in the log or tracking system.
2) Reconcile the TSCA CBI documents in the Receipt Log wit}, Lie
transactions listed in the Inventory Log (e.g., shredded, transferred,
logged out, declassified).
3) Locate any documents logged out for more than 1 year.
4) Verify the status of documents indicated in the Inventory Log or
tracking system as shred. The TSCA CBI cover sheet must be used to
verify that CBI documents have been destroyed. [NOTE: TSCA CBI
cover sheets must be retained until the next comprehensive audit cycle
is complete.]
5) Certify that the tracking system has been updated to reflect the results
of the audit.
Prior to April 1, the DCO must submit a final report to his/her supervisor or
contract manager. This report must contain, at a minimum:
• Description of the audit methodology
• Total number of documents, audited
• Description of any documents not located
Chapter 3: TSCA CBI Responsibilities ^42^ October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
• The tracking number (document control number) of any documents not
located
The final audit report will be forwarded by the supervisor or contract manager
to the OPPT DCO and TSS. If any TSCA CBI documents cannot be located
during the audit, the incoming DCO must follow the procedures outlined in
CHAPTER 5 for reporting potential violations.
3.3.12.2(b) Contract closeout Audits
Prior to contract closeout, the contractor DCO must perform a comprehensive
audit of all TSCA CBI in the DCO's collection. The contractor DCO must
take the following steps in performing the CBI Audit:
1) Audit all CBI documents in the Receipt Log or equivalent tracking
system, comparing the physical document collection with the
information in the log or tracking system.
2. Reconcile the TSCA CBI documents in the Receipt Log with the
transactions listed in the Inventory Log (e.g., shredded, transferred,
logged out, declassified).
3) Locate any documents logged out for more than 1 year.
4) Verify the status of documents indicated in the Inventory Log or
tracking system as 'shredded'. The TSCA CBI cover sheet must be
used to verify that CBI documents have been destroyed.
[NOTE: TSCA CBI cover sheets must be retained until the next
comprehensive audit cycle is complete.]
5) Certify that the tracking system has been updated to reflect the results
of the audit.
Two weeks prior to contract closeout, the DCO must submit a final report
to his/her supervisor or contract manager. This report must contain, at a
minimum:
Chapter 3: TSCA CBI Responsibilities -43- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
• Description of the audit methodology
• Total number of documents audited
• Description of any documents not located
• The tracking number (document control number) of any documents not
located
The final audit report will be forwarded by the supervisor or contract manager
to the OPPT DCO and TSS. If any TSCA CBI documents cannot be located
during the audit, the DCO must follow the procedures outli ned in CHAPTER
5 for reporting potential violations.
3.3.13 Termination Of Employment Or Status For
DCO
The following procedures must be followed when a DCO terminates his/her employment.
or relinquishes DCO responsibilities. They are the same for those of a DCO at EF
Headquarters, regional offices, other federal agencies, and contractor facilities.
At termination of employment or DCO status, TSCA CBI under a DCO's authority must be
inventoried. The outgoing DCO and the incoming DCO must jointly perform an inventory
of TSCA CBI in the outgoing DCO's collection of records. Both parties must confirm the
inventory before the outgoing DCO departs. The incoming DCO should retain a copy of the
inventory for audit purposes and forward a copy to the OPPT DCO.
NOTE: The CB1C DCO is not required to perform a collection audit if the
contractor operating the Center does not change.
3.4 EAD AND IMD ANNUAL REVIEW
On an annual basis, the Office of Pollution Prevention and Toxics Information Management
Division (IMD) and the Environmental Assistance Division (EAD) will report on state of the
security of TSCA CBI.
The report will summarize security activities*, training, and issues that may have arisen over
the preceding twelve months, including violations and vulnerabilities.
Chapter 3: TSCA CBI Responsibilities 44- October 20, 2003
-------�
TSCA CBI PROTECTION MANUAL
Consistent with EAD's TSCA Security Staff (TSS) charge, the HAD portion will summarize
violations, the overall state of security procedures and practices, vulnerabilities, and security
activities. IMD will describe policy issues, training, future needs and other related matters.
This report will be sent to the director of OPPT by January 31st of each calendar year. To
create this report, in addition to reviewing reports and other generated materials, IMD and
BAD will interview representatives of the major users of TSCA CBI for information on the
state of TSCA security, policy and procedural issues (including opportunities for security
improvements).
Chapter 3: TSCA CBI Responsibilities -45- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
This page intentionally left blank
Chapter 3: TSCA CBI Responsibilities -46- October 20,2003
-------�
Chapter A
-------�
TSCACBI PROTECTION MANUAL
CHAPTER 4
TSCA CBI Document Management
4.0 INTRODUCTION
DCOs are vital to the effective management of TSCA CBI documents. DCOs manage their
facilities' DTSs (Document Tracking Systems) and oversee the receipt, storage, transfer, and
use of TSCA CBI by employees in their facilities.
4.1 RECEIPT OF TSCA CBI
TSCA CBI submitters should be directed to send incoming TSCA CBI to a DCO only.
TSCA CBI sent between organizations must be sent from one DCO to another DCO.
4.1.1 Incoming TSCA CBI
While TSCA CBI sent to OPPT (e.g., by U.S. mail, courier, or fax transmission) may be
addressed to either an EPA or contractor DCO, preferably it would be addressed to the
Confidential Business Information Center (CBIC). In either case, TSCA CBI must be
received in accordance with the requirements of this Manual. TSCA CBI sent or otherwise
misdirected to other Agency personnel should be taken immediately, to the extent
practicable, to a DCO for tracking. Practical reasons may extend the time for delivering the
misdirected item to the CBIC for up to 3 business days. However, the documents must be
provided to the CBIC as soon as possible for incorporation into the Agency's official file.
In the case of TSCA CBI mailed from one DCO to another, a receipt must be sent back to
the sending DCO identifying the contents of the package. The recipient DCO must sign the
receipt of contents and return the original to the sender within 5 business days and maintain
a copy of the receipt for his/her files. The receipt of contents must include the following
information:
DCN
• Description of the CBI
• Naine and signature of the sending DCO and the date sent!
• Name and signature of the receiving DCO and the date received.
Chapter 4: TSCA CBI Document Management -47-October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.1.2 Personal File Copies - New Chemicals
Program (OPPT-CCD)
New Chemicals Program (NCP) staff in the OPPT Chemical Control Division (CCD) may
make and keep personal file copies of documents sent by submitters to the CCD DCO before
the documents go to the CBIC. The CCD DCO ;11 maintain a log which will track all
copies made and distributed with an assigned nun .for each copy. When each copy is no
longer needed, the document will be shred under the supervision of the CCD DCO, who will
ensure proper logging of the shredded data.
4.1.3 Supplemental Filings - New Chemicals
Program (OPPT-CCD)
NCP staff in OPPT CCD may scan supplemental documents sent by submitters to the CCD
DCO, and place them on the TSCA CBI LAN for distribution in 'read-only' format before
the documents go to the CBIC within the timeframe specified in section 4.1.1 above. When
review is complete, the CCD DCO will ensure the scanned documents are deleted fror *he
TSCA CBI LAN.
{NOTE: As indicated, the paragraph above refers only to supplemental information
submissions. Initial filings are not to be directed to the CCD DCO, but rather processed
through the CBIC.}
4.1.4 Processing Newly Recer ed TSCA CBI
(applies to all DCOs and the CBIC)
The procedure below must be followed when receiving TSCA CBI [see also, generally,
Section 4.6.Ion transferring TSCA CBI1:
The receiving DCO should be notified in advance of what CBI is being sent.
Review and Acceptance:
Upon receipt of a document, the receiving DCO must complete the following
steps:
(i) Review any Transfer Slip to ensure that all listed information is
included.
(ii) Log the document into the Receipt Lx)g. See APPENDIX W.
Chapter 4: TSCA CBI Document Management -48- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
• Stamp:
A federal or contractor employee who creates a document js responsible for
stamping the document as TSCA CBI (when the document contains
information claimed as TSCA CBI)_or non-CBI (as appropriate)_(see
APPENDIX T for examples of each type of stamp). The stamp is applied to
the front page and the blank back page (if there is no blank page, then a blank
back cover). If a document appears as though it may contain CBI, treat it as
CBI until its status can be verified with the author.
• Cover Sheets:
All TSCA CBI documents must have a cover sheet, Form 7740-9 (see
APPENDIX U), that adheres to the following guidelines:
(i) The cover sheet must be green, clearly signifying that the
attached document contains TSCA CBI, and be attached to the
front of the document.
(ii) The DCN (written or bar code) and the date must appear on
both the cover sheet and the first page of the document.
(iii) The originator's DCO must complete the cover sheet.
• DCN Assignment:
The Headquarters DCN should be used (or cross-referenced to any regional
DCN assigned).
• Notification:
Notify the OPPT DCO, or other TSCA CBI cleared addressee(s), of the TSCA
CBI submission's availability for review and/or pickup.
4.1.4.1 CBI Fax Transmission From Industry
When an external submitter wants to send TSCA CBI via fax transmission, he/she
must be notified that EPA cannot guarantee the confidentiality of the transmission.
The recipient of the transmission must:
• Notify the sender that EPA's transmission lines are not secure and that no
encryption equipment will be used to scramble the transmission.
Chapter 4: TSCA CBI Document Management -49- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
• Remain by the fax machine until the transmission is complete, if the receiving
fax machine is outside an SSA.
• Notify the sender of a successful fax transmission.
• Provide the fax to the DCO for entry into the tracking system immediately
upon receipt.
4.1.5 TSCA CBI ClaimsJThat Appear
Unwarranted
Any employee who discovers a TSCA CBI claim which appears .unwarrantedjnay exercise
independent discretion in choosing whether to refer the matter to IMD, or take any action at
all (including contacting the submitter directly). Employees should follow the guidance in
Appendix EE.
4.2 DOCUMENT TRACKING SYSTEM
(DTS) REQUIREMENTS
DCOs must ensure the following regarding use of a Document Tracking System (DTS):
• All manual or automated document logs are properly maintained, updated, and
stored securely
• DCNs or unique alphanumeric identifiers are assigned to documents
• Proper procedures are followed when accessing TSCA CBI.
4.2.1 Use of an Automated Document Tracking
System (DTS)
Use of a DTS is mandatory. The IMD Director has approved several automated DTSs.
Contact the OPPT DCO for additional information about these DTSs.
EPA strongly recommends an automated DTS for a DCO who oversees a high volume of
documents and transactions. An automated DTS allows the DCO to track a document's
movement from the time it is assigned a DCN, or is received at EPA, until the time it is
destroyed or transferred to another TSCA CBI-cleared facility.
Chapter 4: TSCA CBI Document Management 5Q- October 20, 2003
-------�
TSCACBI PROTECTION MANUAL
At EPA Headquarters, the OPPT DCO uses CBITS, an automated DTS, to track TSCA CBI
documents. An automated DTS has the following required and optional characteristics:
Required:
• Backup of automated DTSs: When an automated DTS is used, the DCO must
back up the TSCA CBI on the DTS at the end of each day, if data are added
or deleted. The backup media contain TSCA CBI data and must be protected
as such.
• Record maintenance: Any manual document logs that are converted by an
automated DTS must be retained until an audit by TSS verifies the accuracy
of the conversion.
Optional:
• Machine-readable bar codes: CBITS uses machine-readable barcodes to track
TSCA CBI documents. The bar code is affixed to each TSCA CBI document
controlled through the CBIC. Bar codes are also affixed to the electronic entry
ID cards of employees using TSCA CBI. The OPPT DCO uses these bar
codes to verify, through CBITS, that employees are on the TSCA CBI
Authorized Access List. The OPPT DCO also uses these bar codes to produce
Annual Audit Certification Reports for employees' completion.
• Secure off-site duplicate records: EPA also recommends securing a duplicate
set of media DTS off-site to allow for recovery of documents logged out, in
the event that a natural disaster such as a flood or fire occurs. Contact the
OPPT DCO and TSS for assistance in establishing a disaster recovery program
for your records.
4.2.2 Use of a Manual Document Tracking
System (DTS)
Manual systems may be used to record CBI transactions for small CBI collections.
However, automated databases allow a greater degree of flexibility and search capabilities.
The following forms establish the tracking and control requirements for TSCA CBI:
EPA Form 7740-10: Receipt Log for TSCA Confidential Business
Information.
• EPA Form 7740-11: Inventory Log for TSCA Confidential Business
Chapter 4: TSCA CBI Document Management -51- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
Information.
• EPA Form 7740.24: Federal Agency, Congress, and Federal Court Sign-Out
Log.
[See APPENDIX W, V, and S, respectively for copies of these forms.]
4.2.2.1 Receipt Log
A Receipt Log is used to record the receipt of all incoming CBI documents into the
DCO's domain.
Each document received by a DCO must be recorded in an automated or manual
receipt log (APPENDIX W). The DCO must record the following information in the
Receipt Log:
• DCN; if a DCN has not been assigned, the copy number assigned by
the DCO should be recorded.
• Date on which the document was received by the DCO.
• Submitter's name (if the document was received directly from the
submitter), the author's name (if the document was generated by a
federal or contractor employee), or the facility DCO's name (if the
document was received from another facility authorized for TSCA CBI
access).
• Number of pages contained in the document.
• Brief description of the document. For example, "an engineering report
on PMN-Y," or "letter from company X on PMN-W").
4.2.2.2 Inventory Log
An Inventory Log is used to log documents in or out to employees or contractors of
EPA. It is the official record of all in/out transactions of CBI documents in the
DCO's jurisdiction and is used to record the final disposition of these documents
(e.g., permanent transfer, shredding).
DC Os may develop their own tracking and logging forms as long as they contain, at
a minimum, the information outlined in Section 4.2.2 above.
Chapter 4: TSCA CBI Document Management -52- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
Each DCO must maintain an inventory log, Form 7740-11 (see APPENDIX V), for
TSCA CBI transactions at his/her facility. The inventory log must contain the
following information:
DCN.
• Dates on which a document is logged out from, and returned to, the
DCO.
• Identity of the individual logging out the document.
• If the document is to be destroyed, the entry in the disposition block of
the log must include the date of destruction and the identity of the
person who will destroy it.
• If the requesting employee plans to transfer the document outside the
DCO's jurisdiction, the disposition block of the log must include the
date and destination of the transfer.
4.3 STORING TSCA CBI
4.3.1 Secure Storage Areas (SSAs)
Secure Storage Areas (SSAs) are spaces that meet the security requirements identified below
and are used as TSCA CBI work and storage areas. Division directors can request that SSAs
be designated; the SSAs must be approved by the IMD Director. After approval, the IMD
Director will request that TSS inspect the SSAs for adherence to the following security
requirements:
• Pin-tumbler door lock or equivalent
• A monitored intrusion alarm, OR
• Either an electronic entry ID card system or a changeable push-button door
lock.
Chapter 4: TSCA CBI Document Management -53- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.3.1.1 Entering An SSA With An Electronic Access
Card (EAC)
Electronic ID card holders are required to present their cards to the reader the first
; iine they enter a specific SSA each day, even if entering with a group of card holders.
Thereafter, they would not need > use their card (for example, when leaving and re-
entering the SSA to use the restroom, go to lunch, etc.) if they should re-enter the
SSA with another person who opens the door.
Employees are not permitted to loan their entry cards to other employees.
4.3.1.2 Entering an SSA Without An Electronic
Access Card
Federal and contractor employees entering an Si \ who do not have their entry cards
are required to sign a Visitor's Log, Form 7740-13(see APPENDIX X), upon initial
entry. Employees may obtain a temporary card from their DCO. If the card has been
lost, the loss must be reported to the OPPT DCO who will provide paperwork for the
re-issuance of a new card and the deactivation of the lost card.
4.3.1.3 Entering An SSA With Suspended or
Terminated Certification
A federal employee whose certification has been suspended, yet who still has an
official need for access to TSCA CBI, may continue to enter SSAs and view TSCA
CBI but will be prohibited from logging out documents until certification has been
renewed. A federal employee whose certification has been terminated may not enter
an SSA, and must again pass initial certification, not recertification, in order to again
enter an SSA and view TSCA CBI. [See 2.1.2.1}
4.3.1.4 Grantees And Interns In SSAs
At EPA Headquarters, certain persons, such as grantees (e.g., NOWCC employees)
and some interns, may work within SSAs but are prohibited from having access to
TSCA CBI. They must, nevertheless, complete the certification process.
Grantees and approved interns must be "supervised" or "monitored" within an SSA
by following these guidelines:
Chapter 4: TSCA CBI Document Management -54- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
A grantee or intern:
• Cannot deliver, locate, file, copy, type or otherwise handle or view TSCA
CBI.
• Cannot be the first employee to arrive or the last employee to leave an SSA
and must never be the only person in an SSA.
• Cannot have any conversations with company representatives about
information that has been claimed, or may be claimed, TSCA CBI.
4.3.1.5 Visitors In SSAs
Visitors to SSAs who do not have TSCA CBI certification must sign the Visitor's Log
the first time each day they enter and re-enter the SSA and must be escorted while
they are within the area.
y
4.3.1.6 Custodian. Maintenance and Delivery
Persons in SSAs
Custodial, maintenance, mail, and other delivery personnel who routinely and
frequently enter an SSA, and who are known generally to EPA staff, may be
supervised while conducting their regular business. Such persons who are not known
to EPA staff, however, must be escorted.
4.3.1.7 DCOs And SSAs
In general, DCOs are responsible for monitoring activities within SSAs and ensuring
adherence of requirements set forth in this manual. DCOs have the following
responsibilities:
• Maintain Visitor's Log entries for one year
• Safeguard lock combinations and disclose combinations only to authorized
individuals
• Ensure that lock combinations are changed annually, or whenever anyone
possessing a combination terminates her/his access, or the combination is
otherwise compromised. At EPA Headquarters, DCOs should request a
combination change from,the FMSD in the,Office of Administration and
Resources Management (OARM).
Chapter 4: TSCA CBI Document Management -55- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.3.1.8 Using TSCA CBI outside an SSA
Employees who are using TSCA CBI documents outside SS As must retain possession
of them, and never leave the documents anywhere that unauthorized persons may gain
access to them. When a TSCA CBI document is not in use it must be locked up by
the employee in an approved storage container.
4.3.2 Required Storage Containers
The following are approved storage containers for TSCA CBI:
• Metal file cabinets with locking bars and three-way changeable combination
locks
• GSA-approved Class 6 security containers (safes), or
• Other secure storage containers, as approved by the IMD Director in
consultation with TSS, on a case-by-case basis.
A storage container may be used by more than one person to store TSCA CBI, provided each
person is certified for access to TSCA CBI and has separately labeled his/her respective
space within the container. The employee must affix a magnetic "Open"/"Close" sign to
each container so that the status of the security container is visible at all times.
4.3.3 Storing TSCA CBI At Other Locations
TSCA CBI may be stored at locations other than an SSA with certain restrictions:
• Contractor sites must be inspected and approved by TSS before TSCA CBI
may be transferred to the site (see Section 2.2.1).
• If traveling with TSCA CBI, it must be kept in the employee's possession, in
a hotel safe, or with the host DCO. TSCA CBI may be stored at home, if TSS
has approved the employee's plan for using TSCA CBI at his/her personal
residence.
Chapter 4: TSCA CBI Document Management -56- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.3.3.1 Storing TSCA CB1 While Traveling
It is sometimes necessary for a federal or contractor employee authorized for TSCA
CBI access to carry TSCA CBI while traveling on official business. If it is
impractical to return to work to pick up the materials before departure or to drop them
off after returning, the employee may obtain permission from his/her supervisor to
take the materials home for a defined, limited period and protect them in a reasonable
manner under the circumstances. This permission is related only to the storage of
CBI at home when traveling - not for permission to use CBI at home under such
circumstances as flexiplace, etc.
While traveling by plane or other public conveyance, employees must keep TSCA
CBI in their possession and may not check it with their luggage. The following
security measures apply:
• Car trunk storage. If the employee is traveling by car, he/she should store
TSCA CBI locked in the trunk while en route. TSCA CBI must never be left
in a car overnight.
• Hotel safe storage. TSCA CBI may be stored overnight in hotel safes, if a
receipt is obtained from the hotel management. If no receipt is available, the
employee must keep the TSCA CBI in his/her possession.
• Host DCO storage. Even if the traveler does not intend to transfer possession
of the TSCA CBI, he/she may temporarily store the materials with the DCO
at the location he/she is visiting.
4.3.3.2 Storing and Working with TSCA CBI in a
Personal Residence
Normally, employees are not permitted to take TSCA CBI to their homes. Under
special circumstances, such as recuperation from a long-term illness or under an
approved flexiplace work arrangement, the BMD Director may grant permission for
an EPA employee to use TSCA CBI at home.
Exceptional Circumstances: Home use of TSCA CBI is an exception and should be
permitted only on a case-by-case basis when circumstances warrant, and when doing
so serves the best interests of the Agency and promotes its mission. These criteria are
developed as interim requirements to be adhered.to in those exceptional situations
when TSCA CBI may be brought to, worked on and kept at the private residence of
an EPA employee.
Chapter 4: TSCA CBI Document Management -57-October 20,2003
-------�
TSCACBI PROTECTION MANUAL
IMP Director Approval: In every case where home use is requested, the IMD
Director or designee must first review the circumstances and the employee's plan for
home use of TSCA CBI before approving the arrangement.
Adherence to all Requirements: The procedures and requirements listed in this TSCA
CBI Protection Manual must be followed prior to the transfer of any TSCA^CBI to
an employee's residence.
These procedures and requirements include:
a. Review and approval of a plan for keeping and protecting TSCA CBI;
b. Provision of an approved TSCA CBI container (see below); and
c. Completion of a satisfactory site inspection by the TSCA Security Staff
(TSS).
Use Of TSCA CBI at Home Only When Necessary: An employee being granted
permission to use and maintain TSCA CBI at home may only do so when it is
absolutely necessary for the satisfactory performance of his/her iob. Stay at home or
flexiplace employees granted this permission are strongly encou aged to the greatest
extent feasible to make maximum use of sanitized, or non-TSCA CBI, documents.
In addition, employees should refrain from unnecessary loiig term home storage of
large volu -?s o? TSCA CBI _ -cuments; and instead should work with smaller
manageab^ amounts of TSCA -BI on a revolving basis where possible.
TSCA CBI Protection Manual: Any employee with permission to use and maintain
TSCA CBI at home must continue to adhere to all applicable portions of the TSCA
CBI Protection Manual.
Questions Regarding Home Use: Any question relating to home use and maintenance
of TSCA CBI should be addressed to the OPPT DCO.
MANDATORY CRITERIA FOR HOME USE:
The following are criteria for assessing the adequacy of any plan for home use of
TSCA CBI. In addition, the TSS site inspection will use these criteria in evaluating
the adequacy of the employee's home for the use and maintenance of TSCA CBI.
1. Employees who are using TSCA CBI in a personal residence must
never leave the documents where unauthorized persons might gain
access Jo or view TSCA CBI. When a TSCA CBI document in a
personal residence is not in use, the employee must place the document
in an approved storage container.
Chapter 4: TSCA CBI Document Management -58- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
a. The following storage containers are approved for TSCA CBI storage:
• Metal file cabinets with locking bars and three-way changeable
combination locks
• GSA-approved Class 6 security containers (safes), or
• Other secure storage containers, as approved by the IMD Director in
consultation with TSS, on a case by case basis.
b. Home use employees must affix a magnetic open/close sign to each container
so the status of the security container is visible at all times.
If the container has multiple drawers with separate combinations, each drawer
must have an open/close sign affixed to it to show the individual condition of
each drawer.
c. For each type of approved container which may be used at an employee's
residence the combination or a spare key must be kept by each of the
employees's Document Control Officers (DCOs).
d. The approved container used for storing TSCA CBI must be kept in a room in
the house or apartment which has a locking door and locking windows.
2. TSCA CBI may never be processed, created, or stored on computers connected
to - or capable of being connected to - the Internet, nor to any LAN not cleared
for CBI, nor on portable computers of any kind except as approved by the IMD
Director.
3. If persons not authorized for access to TSCA CBI must enter the approved room
in an employee's house for any reason while TSCA CBI is out while being
worked on, they must be accompanied at all times by the TSCA CBI approved
employee.
OPTIONAL CRITERIA:
i. Maintaining an alarm system in the house and/or designated TSCA CBI
workroom.
2. Keeping the approved container in a locked closet within the locked room
designated for use and storage of TSCA CBI.
3. All work on TSCA CBI performed in a room in the house or apartment which has
Chapter 4: TSCA CBI Document Management -59- :October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
a locked door and locking windows.
4.3.4 Employee Absence and Storage of TSCA CBI
If an employee who works in a Secure Storage Area will be out of the workplace for more
than one week (seven calendar days), all TSCA CBI materials in his/her possession must be
locked away in an approved TSC CBI storage container. If the employee is unable to do
this due to illness or other reason, the employee's supervisor or DCO will ensure the
materials are stored according to procedure. Division Directors may waive this requirement
in exceptional circumstances where not practical.
4.4 TSCA CBI DOCUMENTS
Federal employees using TSCA CBI documents and other materials frequently produce new
TSCA CBI from these sources (in the form of such documents as notes, outlines, and drafts)
or from documents printed from the TSCA CBI LAN. These works-in-progress are internal
documents that exist in paper or electronic form.
4.4.1 New CBI Documents
Except as provided in Section 4.4.2 below, newly created hardcopy CBI must be loggec 1
tracked by the originator, by following these steps:
• Stamp the document as'TSCA CBF. (See APPENDIX T)
• Cover the document with a TSCA CBI Green Cover Sheet, and include the
originator's name, phone number, and the date, ee APPENDIX U)
• Submit the document to the DCO for tracking.
4.4.2 Working Papers
New TSCA CBI documents which are "working papers" are exempt from logging procedures
as long as they remain in the possession and/or control of the originator, or in the possession
of a TSCA CBI-certified federal or contractor employee who works in an SSA or has an
approved storage container for storing the TSCA CBI when not hi use.
Federal and contractor employees may make multiple copies of a working paper (the copies
themselves then being "working papers") to distribute simultaneously to the members of a
review group, who will then comment and return the copies to the issuer. Staff must track
Chapter 4: TSCA CBI Document Management -60- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
any transfers of these multiple copies of working papers using their own personal tracking
system.
Working papers or other such works-in-progress must be protected from unauthorized
disclosure and handled like any other TSCA CBI document. Though working papers
generated by federal employees and contractors are exempt from logging, an employee who
generates them is responsible and accountable for safeguarding those copies, and is subject
to the administrative and civil penalties described in CHAPTER 5. A green cover sheet
must be applied to every working paper if the working paper is one sheet or multiple sheets
that are clipped or stapled. (Green cover sheets may be obtained from the DCO or
photocopied or printed on blank green paper.)
4.4.2.1 When Working Papers Become Subject to
Tracking
When a working paper becomes a final document (i.e. work on the document has been
completed or stopped) it must be taken to the DCO. The DCO must log it into the DTS
and assign it a DCN. At Headquarters, this final document must be taken to the CBIC
for incorporation into the official record.
When a working paper is sent to another facility, it must be tracked, assigned a DCN, and
transferred in accordance with the procedures for transferring TSCA CBI.
4.4.2.2 Destroying Working Papers
The originator of a working paper or the individual who prints the document from the
CBI LAN may destroy that working paper and any copies made, preferably by
shredding. (See also Section 49 on DESTRUCTION OF TSCA CBI).
4.4.3 When TSCA^CBI Documents Are No Longer
TSCA CBI
TSCA CBI documents are no longer TSCA CBI under any of the following circumstances:
• TSCAJTBI is not included in a new document
• TSCA^CBI is deleted (sanitized) from an existing document
• The TSCAJTBI that is used is masked or aggregated
• The data are derived from TSCA^CBI data but are not themselves TSCA^CBI
Chapter 4: TSCA CBI Document Management Q October 20, 2003
-------�
TSCACBI PROTECTION MANUAL
• The TSCA^CBI claim is dropped by the submitter
• EPA formally determines that the claim is not valid in accordance with procedures in
40 CFR part 2 subpart B.
4.4.4 Aggregating TSCA CBI
IMD must be consulted hi advance by any program office or enforcementjtaff who wish to
produce a non-confidential document by aggregating CBI in a new manner. IMD must
review and approve all nev Applications of aggregating techniques to ensure that appropriate
TSCA CBI protection has been maintained.
4.4.5 Declassifying CBI Documents
Employees may determine that materials are no longer confidential, but the declassification
may only be performed by a DCO. To declassify a TSCA CBI document:
• The employee must take the document to a DCO. If the document has been assigned
a DCN by CBITS, it must be taken to the OPPT DCO. Documents tracked using
other systems may be taken to the Facility DCO for declassification.
• Evidence must be presented to the DCO proving that the material no longer contains
any CBI. (See Section 4.1)
• The DCO must cross out all CBI markings on the document and remove the cover
sheet.
• The DCO must inscribe both the document and cover sheet with the statement
"Contains no TSCA CBI," and sign and date both the document and cover sheet.
• The OPPT DCO must change the document's status in the tracking system.
NOTE: A DOCUMENT MAY ONLY BE DECLASSIFIED IF ALL TSCA CBI
CLAIMS ASSOCIATED WITH THE RECORD ARE EITHER
WITHDRAWN BY THE SUBMITTER OR FINALLY DETERMINED BY
THE OFFICE OF GENERAL COUNSEL TO NOT CONSTITUTE TSCA
CBI.
Chapter 4: TSCA CBI Document Management -62- October 20,2- 3
-------�
TSCACBI PROTECTION MANUAL
4.4.6 TSCA CBI Document Submitters: Dropping a
Claim
A submitter can drop one or more claims of confidentiality for a document. To do so, an
authorized representative of the submitter must send a letter on company letterhead to the
OPPT DCO to drop the CBI claim. There may be other means of securing clear notice of
a submitter's withdrawal of a CBI claim as well. For further information contact the branch
chief of the TSCA Records and Dockets Management Branch, IMD. The steps outlined
above for declassification must then be followed.
4.5 REPRODUCING TSCA CBI
This section applies to all TSCA CBI except working papers.
s
Reproducing TSCA CBI should be limited to as few copies as possible. TSCA CBI must
be reproduced only at copying machines located in SSAs unless otherwise approved by the
OPPT DCO. With the exception of working papers, only DCOs and ADCOs are permitted
to photocopy TSCA CBI documents or print multiple copies from the CBI LAN.
4.5.1 Managing TSCA CBI Copies
The following rules apply to management of TSCA CBI copies:
• The cover sheet on the original document must not be copied. A new cover sheet
must be used for each document copy.
• Copies must be logged into the DTS and must be assigned unique DCNs/copy
numbers by the DCO.
• The originator may loan the copies to other employees and obtain signed transfer
receipts indicating that the transfers were completed. These transfer receipts must be
retained until the documents are returned. If a document is transferred and no transfer
receipt is obtained, the originator of the document will be held accountable for the
document.
Chapter 4: TSCA CBI Document Management -63- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.5.2 Copying CBI Outside SSAs
Copying machines outside SSAs may be used if all other machines in locations approved for
copying CBI are inoperable or unavailable nd as long as alternate machines or their use are
approved by the OPPT DCO. A non-st,... ed machine must be dedicated to the task and
located in a manner that makes copying activity secure from observation to the extent
practicable. After copying is finished, at least three blank copies must be passed through the
machine to ensure that any impressions on the image surfaces of the machine have been
erased.
In case of equipment failure, the operator must ensure that all CBI is removed from the
photocopy equipment before leaving the area.
4.6 TRANSFERRING, TRANSFER RECORD-
KEEPING, AND TRANSMITTING TSCA
CBI
4.6.1 Transferring Hard Copy TSCA CBI
Except for working papers (Section 4.4.2). TSCA CBI can only be transferred from one
employee to another through their respective DCOs (as long as the receiving employee has
been approved for TSCA CBI access). Transfers of TSCA CBI must be conducted through
DCOs in accordance with the procedures set forth in this manual. [See 3.3.3 and 3.3.41
On addition, see Section 4.14 on processing newly received TSCA CBI1
4.6.1.1 Procedures For Sending Or Receiving
TSCA CBI
An employee who requires TSCA CBI material to be mailed to a federal employee, a
contractor cleared for CBI access, or to a TSCA submitter must provide the material to
his/her DCO. All TSCA CBI which is being sent by OPPT to locations outside the
building must be mailed or shipped by the OPPT DCO, who has the option to
delegate mailouts to the CCD and EETD DCOs.
Chapter 4; TSCA CBI Document Management -64- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.6.1.2 Preparing CBI For Mailing
The DCO must double wrap TSCA CBI. The DCO must label the inner wrapping with
the recipient DCO's name and the statement, "TSCA Confidential Business Information
— To Be Opened by Addressee Only."
The DCO must label the outer wrapper with the name and address of the recipient and
a return address. The outer wrapper must be free of any indications that the package
contains TSCA CBI. (The materials may be prepared for mailing by the originator, but
the package must be left open for the DCOs review.)
4.6.1.3 Transferring TSCA CBI to Another
Facility
Before any TSCA CBI may be transferred to another facility, the sending DCO should notify the
receiving DCO by email and by telephone that the materials will be sent. (See also Section 4.6.2
below relating to CBI Transfer Record-keeping, and Section 4.1.4 on processing newly received
TSCA CBI.)
TSCA CBI may be transferred to an individual at another federal or contractor facility in one of
the following ways:
• DCO can send the materials certified mail through the U.S. Postal Service - "return
receipt requested", or by Federal Express or other commercial and approved overnight
delivery services which maintain routine tracking and receipt signature services. The
DCO may also use a private messenger or courier service provided they are pre-approved
by the IMD Director. Regular first class mail must never be used to transfer TSCA CBI.
• DCO can appoint a cleared employee to deliver the materials directly to another DCO.
• DCO can transfer the materials via fax. (See Section 4.6.3.2)
1) When sending TSCA CBI to another facility, the DCO must include a receipt identifying
the contents of the package inside the inner envelope. (See APPENDIX Y, Form 7740-26
"Permanent Transfer Receipt for TSCA CBI") When used properly, the transfer receipt
will not contain TSCA CBI information; therefore, the DCO has the option of either
placing the form on the outside of the inner envelope or in it. (This form can also be used
as a temporary transfer receipt for multiple documents; line out the word "permanent" and
write "temporary" in its place.) The receiving DCO must sign the receipt of contents and
return it to the sender within 5 business days. This form is not used when sending CBI
to a TSCA submitter (see Section 4.6.1.4).
Chapter 4: TSCA CBI Document Management -65- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.6.1.4 Transferring TSCA CBI to Industry
There may be occasions when a submitter will request a copy of its submission to the
Agency that contains TSCA CBI. Such a request must be in writing. However, in order
to receive a copy, the companyjnust provide a letter on corporate stationery which is
signed by a designated corporate official indicating the person is authorized to receive
the copy (unless a designated representative is already on file). This letter should be
submitted to the OPPT DCO or in the case of a Region to the Regional DCO.
The TSCA^CBI must be double-wrapped as described above and sent certified mail via
the U.S. Postal Service, (indicating the person to receive the information) return receipt
required. Couriers and private mail delivery systems may also be used. The tracking
numbers used by these private mail delivery system must be recorded in the appropriate
log.
The Agency may also initiate correspondence with industry which includes TSCA CBI.
In this case the same procedures are followed except for the requirement of a notarized
letter.
4.6.2 Hard Copy TSCA CBI Transfer Record-
Keeping
All permanent transfers mu -ne made through a DCO. The following rules also apply:
4.6.2.1 Rec< ^-Keeping For Permanent Transfer
• Keep records on transfer. If the transfer was made through a DCO, the DCO will
record the transfer in the Document Tracking System (DTS)
• Document Transfers. Transfers between DCOs can be documented on a TSCA CBI
Transfer Receipt, Form 7740-26 (see APPENDIX Y). Both the sending and receiving
DCO should retain re Hpts for audit purposes. Contractor DCOs should maintain
transfer receipts until n.s contract ends and all TSCA CBI is accounted for.
• Obtain a receipt for returned documents. When returning TSCA CBI documents, an
employee should prepare a receipt for the DCO to sign and return to the employee or
the employee's designee.
Chapter 4: TSCA CBI Document Manaosment -66- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.6.2.2 Record-Keeping For Temporary Transfers
Within A Facility
The following standards apply:
• Transferring Custody - Custody of CBI may be transferred from one employee
approved for TSCA CBI access to another within the same facility.
• Recording the Transaction - There must be a record indicating that the transfer
was completed.
• Obtaining Record Of Transfer - Transferors may use the Temporary Loan Receipt
for TSCA CBI, Form 7740-14 (see APPENDIX AA), or any other form that
records the transfer.
• Using Receipt Form - Hand delivery with a TSCA CBI Receipt form may be used
only for short-term TSCA CBI transfers.
• Delivering Bv Hand - If hand delivery is used, the TSCA CBI must be given
directly to the recipient or a TSCA CBI cleared employee.
• Monitoring Overdue TSCA CBI - TSCA CBI may not be logged out from a
centralized TSCA CBI storage facility for more man one year. DCOs must
monitor the DTS for TSCA CBI that have not been returned within one-year. The
DCO is responsible for notifying employees and their supervisor of overdue
materials.
If a transfer is made by hand delivery to another person within the same facility, the
owner or originator of the transferred document may choose to obtain a signed loan
receipt indicating that the document has been loaned. If a document is transferred and
no loan receipt is obtained, the owner or originator of the document will be held
responsible for any loss or unauthorized disclosure of the document.
Chapter 4: TSCA CBI Document Management -67- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.6.3 Transmitting TSCA CBI Electronically
4.6.3.1 Transmitting TSCA CBI By Telephone
CBI may be transmitted orally during telephone conversations.
NOTE: VOICEMAIL IS NOT SECURE. TSCA CBI MUST NEVER BE LEFT
IN A PERSON'S VOICEMAIL. [However, Case Numbers and PMN
numbers may be left on a submitter's voicemail if they have not first raised an
objection to EPA following receipt of an acknowledgment letter informing
them of this practice and their right to object.]
Authorized employees are allowed to discuss TSCA CBI on the telephone with other
authorized federal or contractor employees with TSCA CBI access. Both parties to a
telephone call are responsible for verifying that the other is authorized for TSCA CBI
access. To do so, the employees should consult the TSCA CBI Approved Access List
upon initial contact.
The individual who initiates a discussi< at includes TSCA CBI must indicate that the
conversation involves TSCA CBI.
Authorized employees are allowed to discuss TSCA CBI on the telephone with an
authorized representative of the submitter when all of the following conditions are met:
• The employee must verify that the person to whom he/she is speaking has been
previously identified by the company as an authorized contact to discuss TSCA
CBI. The authorized individual is normally the technical contact for the subject
submission. (In cases where the technical contact or other authorized
representative cannot be obtained from the document submitted to the Agency, the
employee should consult the OPPT DCO.)
• The employee must verify that all federal and contractor employees on the line are
cleared for TSCA CBI access and relay that information to the submitter.
• The employee must inform the submitter that any further information provided in
the telephone conversation can be claimed as confidential.
Authorized contractors may also discuss TSCA CBI on thejelephone_with submitters.
The contractor must begin the conversation by identifying that they are an EPA
contractor. The same procedures identified above for employees must be followed.
Chapter 4: TSCA CBI Document Management -68- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
EPA recommends that employees keep telephone logs of all calls with individuals located
outside then- organization during which TSCA CBI is discussed.
A telephone log should contain the following:
• Date and time of the call.
• Employee name and office.
• Name, number, and organization of the other party.
• Who initiated the call.
• Content of the conversation.
Telephone logs of conversations with TSCA CBI submitters should be kept when the call
results in changing the status of information in an industry submission: for example,
when information is requested from the submitter, when clarifications are provided to the
submitter of a substantive nature, etc. Telephone logs must be provided to the DCO for
incorporation into the DTS and to the CBIC if relevant to a TSCA submission, Form
7740-12 (See APPENDIX Z.)
4.6.3.2 Transmitting TSCA CBI by Fax
EPA and contractor DCOs may transfer and receive TSCA CBI materials via facsimile.
Faxing of TSCA CBI should be limited to situations where timely delivery would be
compromised by using other means (e.g., mail delivery, courier service).
The following security provisions must be followed when transmitting any TSCA CBI
by fax:
• Verify receiver. Before sending a fax containing TSCA CBI to an authorized
government or contractor recipient, the sender must verify that the recipient has
been certified for access to TSCA CBI by consulting the TSCA CBI Authorized
Access List. In addition, prior to sending a fax containing TSCA CBI to a
submitter of the information, the sender must verify that the recipient has been
identified as the company's authorized representative on the original submission
to EPA. Alternatively, the Agency must be in possession of a letter on corporate
stationery signed by a designated company official authorizing the transmission
to this recipient. Similarly, when a submitter requests that EPA fax its TSCA CBI
to a third party (e.g., lab director or attorney), the Agency must be in possession
of a letter on corporate stationery signed by a designated company official
authorizing the transmission to the specified third party.
Chapter 4: TSCA CBI Document Management :69:October 20,2003
-------�
TSCACBI PROTECTION MANUAL
• Control the fax equipment. During transmission of TSCACBI by employees and
Agency contractors, the DCOs sending and receiving the document must
completely control the fax machines. They must ensure that anyone not cleared
for TSCA CBI does not view the document being sent.
• Select the fax machine. Fax machines located inside SSAs are recommended.
Fax machines used outside SSAs may be used, but only with the utmost care.
• Verify the phone number. The employee sending the fax is responsible for
ensuring that the number dialed is correct by verifying the number on the fax
transmission confirmation receipt. Use extreme caution when dialing the number
to ensure that the correct number is entered. (If TSCA CBI is accidentally
transferred to a wrong number, TSS must be immediately notified.)
• Retain the receipt. The DCO must attach the fax transmission confirmation
receipt to the document that was faxed and place the document in the official
document file if applicable.
Authorization from the submitter to fax documents to third parties (e.g., lab directors)
must be obtained in writing and maintained in the DCO's files.
4.6.3.3 Transmitting TSCA CBI By E-mail
TSCA CBI cannot be transmitted via e-mail except on approved Local Area Networks
(LANs). (See Section 4.8 on using computers to work with TSCA CBI.) In the event
TSCA CBI is released on any other LAN or the jntemet, you must immediately report
this to your Office Information Security Officer (ISO) and immediate supervisor. For
further information, contact your ISO.
4.6.3.4 Transmitting TSCA CBI By Tele-Video
Conference
TSCA CBI may be displayed and discussed during tele-video conferences conducted
between EPA Headquarters and EPA regional offices. Employees who arrange or
schedule a tele-video conference are responsible for ensuring that all TSCA CBI security
procedures are followed. These procedures include the following:
• Verify that everyone who attends die tele-video conference is cleared fo^TSGA-
CBI.
Chapter 4: TSCA CBI Document Management -70- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
Ensure that both conference rooms are secured to prevent unauthorized persons
from entering the conference rooms during the tele-video conference.
Arrange for use of compressed video encryption during transmission, if available.
For information about tele-video encryption, contact the EPA Security Officer in
Research Triangle Park, at (919) 541-4013.
4.7 USING AND HANDLING TSCA CBI
Use TSCA CBI according to the following guidelines:
1) Employee Responsibilities
Employees using TSCA CBI are responsible for ensuring that no unauthorized disclosure
of that information occurs. If employees take TSCA CBI outside the SSAs, they must do
one or more of the following:
• Maintain constant control over the TSCA CBI documents in their possession
• Return the TSCA CBI documents to the DCO.
• Store the documents in a TSCA CBI-approved storage container.
2) Obtaining TSCA CBI
Except as provided in Section 4.4.2 (Working papers) and in Section 4.6.2.2 (Record-
Keeping For Temporary Transfers Within a Facility), to obtain TSCA CBI documents
follow the steps below:
• The employee requests a specific TSCA CBI document from his or her DCO.
• The DCO verifies that the employee is approved for access to the document.
• The DCO logs the document out to the employee.
3) Using or discussing TSCA CBI in meetings
To discuss TSCA CBI at meetings (scheduled gatherings), follow the steps below:
a. An employee may circulate personal working papers or other materials logged v
out to that employee at a meeting if the following conditions are met:
Chapter 4: TSCA CBI Document Management -TT- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
• The employee to whom the document belongs attends the meeting and is
present when the document is discussed.
• The owner employee collects all copies of the document at the end of the
meeting.
• The owner employee numbers the copies ("1 of 6", "2 of 6", and so forth)
before distributing them and checks to make sure that all copies are returned
at the end of the meeting.
• The owner employee destroys all copies of the document after the meeting.
b. To discuss TSCA CBI during meetings, a chairperson must be identified
beforehand.
1. The chairperson is responsible for ensuring that only people approved for
TSCA CBI access are in the room during discussion involving TSCA CBI.
The chairperson must also secure the room at the end of the meeting (by
cleaning all chalkboards, removing all TSCA CBI, etc.).
c. The chairperson must remind meeting attendees that they must treat as
confidential an\ notes taken at the meeting.
• Notes taken at the meeting^that contain TSCA CBI^are considered to be
personal working papers. To tape record a meeting, permission from the
chairperson must be obtained. Such recordings may contain TSCA CBI and
must be treated as TSCA CBI.
4) Developing TSCA CBI photographic materials
When photographs are claimed as TSCA CBI material, the Facility DCO must ship the
film to the Regional or OPPT DCO (as appropriate) for processing and development.
Processing or development by a private or commercial laboratory is prohibited unless
expressly approved by the EMD Director in consultation with TSS.
5) Claiming a videotape as TSCA CBI
If an EPA employee utilizes video equipment during an inspection or plant visit, and the
company wishes to claim the tape as TSCA CBI, the tape must be handled and controlled
like any other TSCA CBI material.
Chapter 4: TSCA CBI Document Management -72- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.8 USING COMPUTERS TO WORK WITH
TSCA CBI
4.8.1 Prohibition
TSCA CBI may not be processed, created, or stored on computers connected to the
Internet or to any LAN not approved for TSCA CBI, nor on portable computers of any
kind, except as approved by IMD after consultation with the TSCA Security Staff (TSS).
In the event TSCA CBI is released onany other JAN orthejnternet, you must immediately
report this to your Office Information Security Officer (ISO) and immediate supervisor. For
further information, contact your ISO.
4.8.2 TSCA CBI Computers Must Be Separate From
Public Networks
TSCA CBI may be created, processed, and stored ONLY:
• on computers which are permanently connected to a self-contained Local Area
Network (LAN) approved for TSCA CBIjmd not connected to the Internet
OR,
• on computers which are permanently disconnected from any network, Internet access,
or other technology which can pass data to another computer.
4.8.3 Registration is Required to Use CBI Computer
Systems
Employees who require access to TSCA CBI computer systems must complete the 'TSCA
CBI ADP User Registration Form" and submit it to the OPPT DCO. IMD will provide the
employee with a user ID and password to access the TSCA CBI network. (See APPENDIX
B, EPA Form Number 7740-25).
Chapter 4: TSCA CBI Document Management -73- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
4.8.4 Using Portable Computers (Laptops and
Handheld Devices)
Laptop computers may not be used to process TSCA CBI data unless they are approved by
IMD in consultation with TSS. To obtain approval, the DCO must prepare a security plan.
TSCA CBI use of laptops will be approved on a case-by-case basis by IMD to ensure that
proper procedures will be followed regarding their use. (See APPENDIX BB for an
example of the Laptop Computer User Agreement for the CBIC form.)
Handheld devices (such as Personal Digital Assistants) may not be used to process, create,
or store TSCA CBI.
Once a portable computer has been approved for TSCA CBI use,
• It must be conspicuously labeled as a TSCA CBI computer with distinctive
markings that are not visible when the computer is not in use. This can include
operating system and application software backgrounds, login screens, and other
reminders that the user is using a TSCA CBI-cleared computer.
• Any modem, network card, wireless port, or other computer-to-computer
communications device must be removed.
• The user is responsible for preventing the data from being disclosed to any
unauthorized person wh'1" traveling outside the Secure Storage Area in which the
portable computer is n* Jly stored while not in use.
4.8.5 Disposing of Computers Formerly Used for
TSCA CBI
If a computer which has been used to store or process TSCA CBI data is to be connected
to the administrative LAN and/or the Internet, or is to be discarded, its hard drive must be
destroyed or thoroughly erased by appropriate software. IMD must certify a computer as
having been cleaned of TSCA CBI immediately after the computer has been disconnected
from the TSCA CBI LAN or after its retirement from use as a TSCA CBI standalone
computer.
Chapter 4: TSCA CBI Document Management -74- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.8.6 Modems
OPPT prohibits both internal and external modems on all computers used for TSCA CBI.
Any exception to this general prohibition must be approved by IMD.
4.8.7 TSCA CBI Data Processed Only Within SSAs
TSCA CBI may be processed only on computers located within TSCA CBI approved Secure
Storage Areas, unless other arrangements are approved by TSS in consultation with the
OPPT ISO.
4.8.8 Printing TSCA CBI Information
Authorized employees are permitted to print out one copy of their working papers from the
TSCA CBI LAN for individual use. Multiple copies may be made only by the DCO/DCA.
[See Section 4.4.2 of this Manual for special requirements concerning personal working
papers].
All printouts from the TSCA CBI LAN are assumed to contain TSCA CBI unless the user
indicates otherwise in writing on the first page of the printout, with signature and date.
Printouts from the TSCA CBI LAN must be treated like any other TSCA CBI document and
protected accordingly.
The employee should promptly remove copies from the printer to reduce the likelihood that
the TSCA CBI information will be viewed by visitors. Once a session ends, the computer
must be re-booted or turned off.
4.8.9 Storing TSCA CBI on Magnetic Media
The procedures for storing TSCA CBI hard-copy materials apply equally to magnetic media
(diskettes, hard disks, magnetic tapes and data cartridges), optical disks, memory cards, and
to any other storage devices.
4.8.10 Disposing of TSCA CBI Computer Disks
When disks are no longer needed or are damaged, they should be destroyed in a manner
approved by MD, in consultation with TSS, or sent to IMD for destruction. At EPA
headquarters they may be given to IMD for destruction.
Chapter 4: TSCA CBI Document Management ^75~-October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.8.11 Security for TSCA CBI Data Stored on
Contractor's Off-site Computers
A contractor's site must be inspected and approved before any TSCA CBI may be
transferred, processed, or stored there (See Section 2.2.2). EPA contractors may not place
TSCA CBI on any computer system without written authorization from EPA.
Authorized EPA contractors who use TSCA CBI must follow all computer security
requirements established for EPA Contractors. Contractors are permitted to use
standalone PCs and laptops for processing TSCA CBI : adhering to the procedures
contained in this manual.
4.9 DESTRUCTION OF TSCA CBI
Only DCOs are permitted to destroy TSCA CBI (except working papers, as discussed in
Section 4.4.2.2). Federal employees wishing to have 1 CA CBI destroyed must take
these materials to their DCO. Contractor DCOs must obtain written permission from the
OPPT DCO before destroying TSCA CBI. CBITS-tracked documents may only be
destroyed with the approval of the OPPT DCO; however permanently logged-out
documc :its may be destroyed by a DCO.
Contractor DCOs may not destroy CBITS-tracked docuir ;ts. These documents must be
returned to the Project Officer at the end of the contract. The PO must ensure the return
of the documents to the CBIC for proper destruction.
4.9.1 Procedures for Destroying TSCA CBI
The procedures for destroying TSCA CBI apply to all media containing TSCA CBI
except working papers. (See Section 4.4.2 on working papers.)
[NOTE: This section, as written, does not apply in the special case of the CBIC
because of its unique function.]
Chapter 4: TSCA CBI Document Management -76- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
4.9.2 Destruction Methods
TSCA CBI such as papers, documents, or printouts must be shredded. Materials such as
microfiche, typewriter ribbons, and magnetic media must be burned, degaussed, or
chemically destroyed.
4.9.3 Destruction Record-Keeping
The destruction of a TSCA CBI document that has been entered into the DTS must be
recorded. The DCO must enter information about the destruction of the document into
both the Receipt Log, Form 7740-10 (see APPENDIX W), and the Inventory Log, Form
7740-11 (see APPENDIX V).
4.9.4 Disposition of CBI Cover Sheets
CBI cover sheets (see APPENDIX U) must be completed by the DCO with destruction
date, location where the document was destroyed, and DCO's name.
The TSCA CBI cover sheets must then be placed in the appropriate file for storage (e.g.,
at EPA Headquarters, a cover sheet would be placed in the CBIC file for that document).
Green cover sheets must be maintained for at least one complete audit cycle (see
Section 3.3.12.1(a)).
4.9.5 Contracts Involving TSCA CBI
The PO and DCO for the contract are responsible for ensuring that all TSCA CBI is
properly disposed of and accounted for at contract close-out. All logs and records used to
track and dispose of TSCA CBI must be submitted as part of the contract close-out. Any
unaccounted-for documents must be reported as required in CHAPTER 5.
Chapter 4: TSCA CBI Document Management -77- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
This page intentionally left blank
Chapter f; TSCA CBI Document Management -78- October 20,2003
-------�
Chapter 5
-------�
TSCA CBI PROTECTION MANUAL
CHAPTER 5
Procedures Violations, Unaccounted For Documents,
And Unauthorized Disclosures
5.0 INTRODUCTION
This Chapter details the reporting and investigative actions to be followed by TSCA CBI
authorized persons in the event of any possible violation of the requirements outlined in
this manual. Examples of such violations include cases of unaccounted for TSCA CBI
documents, as well as any disclosure of TSCA CBI to a person not authorized to receive
it under Section 14 of TSCA.
The protection procedures detailed in this Manual are enforceable by both the
administrative penalties and corrective actions set forth below. On policy issues, the
IMD Director should be consulted.
5.1 EMPLOYEE REPORTING
PROCEDURES
5.1.1 Oral Report
Any TSCA CBI-cleared employee of EPA or another Federal agency must provide oral
notice to his or her immediate supervisor within one working day if he or she thinks it is
possible that
• A TSCA CBI protection procedure has been violated.
• TSCA CBI is unaccounted for.
• TSCA CBI may have been disclosed to a person not authorized to receive it under
Section 14 of TSCA.
Contractor employees on the TSCA CBI Authorized Access List must provide oral notice
to their EPA Project Officer or PO designee within Lbusiness day if any of the above
situations occur. The EPA PO or PO designee must then report to the Division Director
(or equivalent manager in their organization).
Chapter 5: Procedures Violations -79"- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
5.1.2 Written Report
Federal and contractor employees must file a written report within 2 business days in any
of the same situations identified in Section 5.1.1 above (unless otherwise relieved of the
requirement by their management representative who is authorized to receive the report).
EPA and other federal employees must provide this written report to their Division
Director (or equivalent manager in their organization). Contractor employees must
provide the written report to their PO or PO designee.
The written report must include any relevant circumstances or facts known by the
employee, and describe any of the following:
• Possible violation of procedures.
• Possible unauthorized disclosure of TSCA CBI.
• Materials possibly unaccounted for.
To investigate what occurred, the employee and/or the employee's supervisor should
examine files and discuss the matter with other individuals who may have first-hand
knowledge of the facts.
The employee's division director (or equivalent) must revie\v the employee's report and
provide any additional comments or information. Within 2 business days of receiving the
report, the Division Director must refer the report to TSS. If the Division Director
re \iews the employee's report and determines there was no violation of procedures, loss
of TSCA CBI, or unauthorized disclosure, the report need not be referred.
5.2 REPORT OF VIOLATIONS TO TSS
This section applies in the case of a report referred to TSS by an employee's supervisor
alleging a possible violation of the procedures contained in this manual, possible
unaccounted for TSCA CBI documents, or possible disclosure of TSCA CBI to a person
not authorized to receive it under Section 14 of TSCA.
5.2.1 TSS Investigation
Following review of the written report referred to TSS in the situations identified above,
TSS will conduct an investigation if it determines one is necessary. If, after reviewing the
written report, TSS determines that the facts do not warrant an investigation, TSS will
notify the employee's Division Director in writing of this finding.
Chapter 5: Procedures Violations -80- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
5.2.2 Oral Notice to Submitter
If TSS conducts an investigation and determines the likelihood of either an improper
disclosure of TSCA CBI under Section 14 of TSCA or the loss of a submitter's TSCA
CBI, with the approval of the BAD Director TSS will notify the submitter by telephone
within 2 working days.
5.2.3 Report of Investigation (ROI)
Once the investigation is complete, TSS will provide the HAD Director with an ROI,
which will contain the following:
• A recitation of the factual circumstances of the violation.
• Conclusions, including:
- Probability that an improper violation occurred.
- Nature and degree of any violation.
- Recommendations for remedial action or mitigation, including a report
forwarded to the affected employee and supervisor identifying procedures for
handling, using, and storing TSCA CBI.
The length and detail of this report is determined by the nature, degree and circumstances
of the alleged violation.
5.2.4 Company Notification of Improper Disclosure:
EAD Director
After receiving an ROI, the EAD Director will authorize issuance of a written notice to
the affected company within 4 business daysjmless the EAD Director believes that the
reported disclosure did not occur. If it is determined that an improper disclosure probably
did occur, the written notice must identify the improperly disclosed document and the
date upon which such disclosure was deemed to have occurred. JThe EAD Director will
ensure that the submitter is contacted in writing and advised of the fact that it is unlikely
that the reported disclosure occurred, and take no further action.
Chapter 5: Procedures Violations -81 - October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
5.2.5 Company Notification of Documents
Unaccounted for: EAD Director
Following receipt of an ROI notifying the EAD Director of an unaccounted for CBI
document, the EAD Director will issue a written notice to the affected company within 4
business days if the document is not accounted for in that time. The written notice must
identify the lost or misplaced document and state the date on which it was deemed lost or
misplaced. If the EAD Director believes that the document in question is not
unaccounted for, she/he will ensure that the submitter is contacted in writing and advised
of this fact and take no further action.
5.2.6 Referral to the Inspector General
Upon consideration of the ROI, if there is any substantial evidence of a knowing or
willful disclosure of TSCA CBI, the EAD Director will immediately refer the matter to
the EPA Office of Inspector General.
5.2.7 Annual Security Report
On a fiscal year basis, TSS will provide a report to be distributed to the OPPT Director,
the EAD Director, the OPPT DCO, and others upon request, identifying the previous
year's security violations by type and discussing trends, recognized vulnerabilities, and
other matters that may be of interest.
5.3 CORRECTIVE A CTION AND PENALTY
GUIDELINES
The corrective actions and penalties described in the Chapter are intended to prevent or
discourage violations of this manual, and thereby better protect TSCA CBI. Penalties
imposed or actions taken must be fan-, consistent, and well-reasoned.
5.3.1 Responsibility for Monitoring Compliance With
Protection Manual
The responsibility for monitoring compliance with the procedures hi this manual belongs
to the EAD Director. The Director will review the facts in a given case and, where
appropriate, recommend specific action, Including the imposition of corrective actions,
Chapter 5: Procedures Violations "3S2-October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
administrative penalties or referral for criminal charges. Responsibility for implementing
the BAD Director's recommended action, or devising and implementing an alternative
action, rests with the Division Director (or equivalent) of the EPA or federal employee
involved.
Nothing in this section should be construed to limit the Agency's ability to end an
individual's access to TSCA CBI any time it is viewed as necessary to protect
confidential data entrusted to the Agency or TSCA CBI access is viewed as no longer
necessary for the satisfactory performance of the person's assigned duties.
5.3.2 Violations by Federal Employees
After a finding of a likely violation of the rules in this manual, the BAD Director will
notify the EPA or federal employee's Division Director (or equivalent) and discuss the
structure of any administrative penalties and corrective actions. The BAD Director may
recommend that the employee's Division Director select and impose ail appropriate
penalty chosen from the ones identified in this section after weighing the totality of
circumstances in each case (see Figure 5-1X In consultation with the BAD Director, the
employee's Division Director must consider the following:
• Seriousness of the violation.
• Potential for unauthorized disclosure of TSCA CBI because of the violation.
• Nature of the employee's error (e.g., accidental, willful, or grossly negligent).
• If the employee has previously committed any other TSCA CBI violation.
• How often the employee uses or handles TSCA CBI while performing his/her
official duties.
Corrective actions may be procedural,j?r instructional, and may include training, revision
of work procedures, removal of the individual's name from the TSCA CBI Authorized
Access List, and other options.
The employee's Division Director (or other appropriate authority in the employee's
organization)jjhould select, upon the EAD Director's recommendation, an administrative
penalty when the employee was grossly negligent or previously incurred a prior violation,
even if the violation were not serious. A table of suggested administrative penalties
appears below. _
Chapter 5: Procedures Violations -83- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
NOTE: The Terms "SUSPENSION" and "REMOVAL" in the table below relate
only to TSCA CBI access, and not to federal employment.
Nothing in this Section prevents the employee's supervisor from imposing
other penalties in addition to those discussed hi the table below.
Figure 5-1. JO)MIN1STRATIVE PENALTIES
i Nature of
1 Offense
.'CBI is not
f „ '- f * *
^compromised '*
S breach is
itentional.
(CBIis
fbut breachis ..
I . fc ., - - , _ , ^ - -»*. '
|unintentionaL
i ',v,r"*'C'"s' -- * "
Deliberate
fprocedure ,.*,
Iviolation. «^,', ---
*
; 1st Offense
i
'' Counseling by
supervisor to
oral reprimand.
Oral or written
rpnnmfinH to
5-day
I suspension.
Reprimand to
Removal.
2nd Offense (in
same calendar
; year as 1st
,. , offense) ,....,.
Oral reprimand to
written
suspension.
1-day to 5-day
si i snpn ;i**i!«*:<«,->«w»«»*«i-.5B«
3rd Offense (in
same calendar
year as 2nd :
„ : .^offense)
1-day suspension to "
removal.
7-day suspension to
rpmnval
t*t^3: ^SSfSXii *3<2-£2!&t&®f^?$SS!$r-<*' 4
• These penalties cover only deliberate procedural violations that do not result in the
unauthorized disclosure of TSCA CBI. If EAD's investigation reveals any
evidence of the knowing and willful unauthorized disclosure of TSCA CBI, the
matter will be immediately referred to the EPA Office of Inspector General. The
suggested penalties in the above table do not replace or supersede the existing
authority of the IMD Director to suspend the TSCA CBI access of any employee
for the purpose of protecting TSCA CBI.
A federal employee who has been found to have willfully disclosed TSCA CBI to a
person not authorized under Section 14 of TSCA may be liable under Section 14(d) of the
Act, 15 U.S.C. 2613(d), for a fine of up to $5,000 and/or imprisonment for up to one
year.
Chapter 5: Procedures Violations
-84-
October20,2003
-------�
TSCACBI PROTECTION MANUAL
The HAD Director has the option of recommending that no action, or a different action,
be taken if, for example,
• fault cannot be ascribed to any individual or
• a modification of TSCA CBI handling procedures would yield no greater level of
protection to TSCA CBI.
5.3.3 Violations by Contractor Employees
A contractor imposes corrective or disciplinary measures on its employees. ^Although the
particulardisciplinary action a contractor chooses to impose is a matter for the contractor
to decide, a failure on the part of a contractor employee to follow the procedures in this
manual may be considered a material breach of the contract if the contractor does not take
adequate and appropriate disciplinary and corrective actions.
The IMD Director may suspend the TSCA CBI access of a contractor employee to protect
against imminent threat to TSCA CBI security. The IMD Director maintains the right to
suspend the TSCA CBI access of any contractor employee without consultation with the
contractor or going through the contract administrative process if there is imminent cause
for doing so which relates directly to the government's mandate of protecting TSCA CBI.
A contractor employee who is found to have willfully disclosed TSCA CBI to a person
not authorized under Section 14 of TSCA may be liable under Section 14(d) of the Act,
15 U.S.C. 2613(d), for a fine of up to $5,000 and/or imprisonment for up to one year.
5.4 OPPT DIRECTOR AS ARBITER
Where disagreements arise between Headquarters divisions, or between Headquarters
divisions and Regional offices, regarding objective assessments of violations, the OPPT
Director will arbitrate all time-sensitive matters within 24 hours of referral. Other matters
not facing legal time limits will be arbitrated within a reasonable time.
Chapter 5: Procedures Violations -85- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
This page intentionally left blank
Chapter 5: Procedures Violations -86- October 20,2003
-------�
Index/Contacts
-------�
TSCA CBI PROTECTION MANUAL
INDEX
Access Certification 19
Access Certification for Contractor Employees 22
Access Certification For Other Federal Agencies 25
Access for Contractors 16
Access For Contractors And Contractor Employees 16
Access List, Approved 68
Access Termination 14, 23
Access Termination Procedures: Contractor Employees 23
Access Termination - DCO and Supervisor Responsibilities 15
Access Termination for Federal Employees 13
Access Suspended 32
Access Restored 32
ADCO > 1, 3, 33, 34, 38
Administrative Certification 9
Administrative Penalties 12, 13, 82
Administrative Procedures 10
Alternate DCO 1
Alternate Document Control Officer 3
Anniversary Date 22
Annual Audit 40
Annual Audit Certification 51
Annual Document Audit Procedure 13
Annual Re-Certification Process 9
Annual Review 44
Annual Security Report 82
Approval For TSCA CBI Access 17
Arbitration (OPPT Director) 85
Audits 3, 11, 12, 21, 38, 41, 42, 43,44
Authorized Access List 3, 11, 19, 23,24, 36, 37, 51, 79, 83, 85, 94
Automated Receipt Log 52
Automated Tracking System 39,41
Bar Codes 51
Bar Lock Cabinet 35
CBIC 1, 5, 38,47, 69
CBI LAN 6
CBITS .,,,.. 1, 11, 51, 76
CCD 1, 64
Chapter 5: Procedures Violations -87- 'October 20,2003
-------�
TSCACBI PROTECTION MANUAL
Certification 3
Certification for Contractor Employees 19
Certification to Work With TSCA CBI 9
Change hi Corporate Status (Mergers and Acquisitions) 25
Chemical Control Division 1, 48
Claims for TSCA CBI That Appear Unwarranted 50
Company Notification 81
Comprehensive Audit 38, 40,42,43
Comprehensive Audit Cycle 39
Computer-To-Computer Communications 74
Computers Formerly Used for TSCA CBI 74
Computer User ID Code and Passwords 24
Confidential Business Information Tracking System 1,11
Confidential Business Information Center 1, 5, 38, 68, 47
Confidentiality Agreement for Contractor Employees 24
Confidentiality Agreement for United States Employees 14
Congress and the General Accounting Office 28
Contract Closeout Audits 43
ContractLevel COR 4
Contract Manager 40, 42
Contractor Checklist for TSCA CBI Access 17
Contractor DCO 3,19, 21, 24, 37,42, 76
Contractor Employees, Certification For 19
Contractor Employee Checklist 19
Contractor Employees 21,23
Contractor Information Sheet, Form 7740-27 16
Contractor's Off-site Computers 76
Copying CBI Outside SSAs 64
Copying Machines Located hi SSAs 63
Corrective Action and Penalty Guidelines 82
Corrective Actions 12, 82, 83
Cover Sheets 35, 39,49
Criminal Charges 82
Criminal Penalties 26
Criteria for Home Use 58
Custodian, Maintenance and Delivery Persons in SSAs ; 55
DCN 35, 47,49, 53
DCO 1, 3, 11, 32, 38,44,47, 61,69, 74, 76, 77
DCO Responsibilities 34
DCO Terminates His/Her Employment ; 44
Chapter 5: Procedures Violations -88- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
DCO Transition Audits 41
DCOs And SSAs 55
Declassifying CBI Documents 62
Delivering By Hand 67
Delivery Order Project Officer 19
Destroying Working Papers 61
Destruction of TSCA CBI 76
Determination of TSCA CBI 32
Disclosures 79
Disposing of TSCA CBI Computer Disks '..75
Division Director 80, 83
Document Accountability 32
Document Audit 11, 21
Document Control Number 43,44
Document Control Officer 1,3
Document Logs 50
Document Management 47
Document Reconciliation 13
Document Reconciliation Certificate 11, 14, 21, 23
Document Tracking System 1, 3, 34, 47, 50, 63
Document Transfers 66
Dropping a TSCA CBI Claim 63
DTS 1, 3, 34, 47, 50, 51, 69
E-mail 70
EAC 1
BAD 1,4, 44, 81, 83, 84
Economics, Exposure and Technology Division 1
EETD 1. 64
Electronic Access Cards 1
Electronic Entry ID Card 24, 53
Employee Responsibilities 31, 71
Encryption 71
Entering an SSA with an Electronic Access Card (EAC) 54
Environmental Assistance Division 1, 4,44
EPAPO 19,20
EPA WAM 19
Expedited Approval 17, 27
Failure to Maintain Access Certification 12
Fax 65, 69
Fax Transmission 50
Chapter 5: Procedures Violations -89- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
Fax Transmission From Industry 49
Federal Agency Access to TSCA CBI 27
Federal Employees 4,14
Federal Express 65
Final Audit Report 39
Form 7740-25 10
Form 7740-6 10,13, 20, 24
General Accounting Office and Congress 28
Grantees 4, 9, 54
Green Cover Sheet 61
Hand Delivery 67
Handheld Devices 74
Hard-Copy 4
Home Use 58
ID Code and Passwords, For Computer Users 24
IMD (Information Management Division) 1,4, 24, 32,44,45, 74, 84, 85
IMD Director 11,16, 27, 58, 84
Incoming DCO 41
Incoming TSCA CBI 47
Information Security Officer 1, 70, 73
Initial Certification 22
Initial Certification for Contractor Employees 20
Inspector General 82, 84
Interns 54
Inventory Log 37,42, 51,52
ISO 1, 70, 73
Job-Related Need For Access to TSCA CBI 9
LAN 1, 6, 70, 73
Lapse in Certification 22
Laptop Computer User Agreement 74
Laptops 74
Legal Access to TSCA CBI 9
Local Area Network , 1, 70,73
Lock-Combhiations 24, 35
Magnetic Media 75
Mailing 65
Manager 33
Manager Responsibilities 33
Manual Document Tracking System 51
Material Kept Longer-Than a Year -.. 32
Chapter 5: Procedures Violations -90- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
Meetings 71
Modems 74, 75
Monitored Intrusion Alarm 53
Monitoring Compliance With Protection Manual 82
Mosler Safe 35
NACI 1, 21, 22
National Agency Check and Inquiries (see "NACI")
National Older Worker Career Center 9
Natural Disaster 51
Network Card 74
New CBI Documents 60
Non-Confidential Information Center 1
Notice in the Federal Register 19
Notice to Affected Businesses 18, 27
Notice to Submitter 81
Notify Affected Businesses < 18
NOWCC 54
OAM 16
Obtaining TSCA CBI : 71
Office of General Counsel 1
OGC 1
OPPT DCO 3, 5,11, 24, 27, 28, 37, 39,40,49, 51, 64, 76, 82
OPPT Director 82
OPPT Director as Arbiter 85
OPPT Document Control Officer 5
Other Federal Agencies 25, 26, 28, 65
Outgoing DCO '41
Overdue Materials 37
Overdue TSCA CBI 67
Passwords and ID Codes for Computer Users 24
PC ...... 1
Personal Accountability 31
Personal Computer 1
Personal Digital Assistants • . • • 74
Personal File Copies 48
Personal File Copies - New Chemicals Program (OPPT-CCD) 48
Personal Residence (Working With TSCA CBI at Home) 57
Personal Working Papers 71
Photocopy TSCA CBI 63
Photographic Materials 72
Chapter 5: Procedures Violations -91 - October 20,2003
-------�
TSCACBI PROTECTION MANUAL
PO 1, 16, 76, 77, 79, 80
Portable Computers 74
Printing TSCACBI ... 75
Private Messenger 65
Procedure Accountability 32
Procedures Violations 79
Project Officer 1,4, 33
Publishing a Notice in the Federal Register 18
Questionnaire for National Security Positions 20
Receipt Form 67
Receipt Log 39,41,43, 51, 52
Receipt of TSCACBI 35, 47
Re-Certification for Contractor Employees 21
Record-Keeping 67
Records and Dockets Management Branch 32
Regional DCOs 37
Regular First Class Mail 65
Release of TSCA CBI 36
Relinquishing DCO Responsibilities 44
Report of Investigation 81, 82
Reporting Procedures 79
Reporting Potential Violations 40,44
Reporting Procedural Violations 31
Reproducing TSCA CBI 63
Requests From Congress or the General Accounting Office 28
Responsibilities 31
Returned Documents 66
ROI 81, 82
Rules for Contractors 17
Sanitizing CBI Documents 38
Secure Storage Areas (see "SSA") 2, 5, 53
Secure Storage Container 35
Security 56,70
Security Briefing 10
Security Plan 74
Sending or Receiving TSCA CBI 64
Senior Environmental Employment (SEE) 9
Short-TermTSCA CBI Transfers 67
Sign-OutLog 52
Site Inspection by TSS 18
Chapter 5: Procedures Violations -&£ October 20,2003
-------�
TSCACBI PROTECTION MANUAL
Social Security Number 20
SSA 2, 5, 35, 50, 53, 54, 75
Storage Containers 18, 35, 56, 59
Storing TSCACBI 35, 53, 56, 57, 59, 60
Student Interns 9
Students 9
Submitters 47
Supervisor 35, 37, 39,42, 70
Supervisors' Responsibilities 13
Supplemental Filings - New Chemicals Program (OPPT-CCD) 48
Suspended or Terminated Certification 12, 54
Suspension of Log-out Privileges 37
Tele-Video Conference 70
Telephone Logs 69
Temporary Loan Receipt 67
Temporary Transfers 5, 67
Termination of Employment 44
Termination of the TSCA Contract 24
Time For Re-Certifying Access ; 12, 22
Tracking Number 43, 44
Tracking System 39,41,43, 50
Transfer of TSCA CBI 34
Transfer Record-Keeping 66
Transferring Custody 67
Transferring TSCA CBI to Another Facility 65
Transferring TSCA CBI to Industry 66
Transferring, Transfer Record-Keeping, and Transmitting TSCA CBI 64
Transition Audits 41
Transmitting TSCA CBI by E-mail 70
Transmitting TSCA CBI by Fax 69
Transmitting TSCA CBI By Tele-Video Conference 70
Transmitting TSCA CBI By Telephone 68
Transmitting TSCA CBI Electronically 68
Traveling with TSCA CBI 57
TSCA CBI Documents 60
TSCA CBI LAN 6
TSCA CBI Materials 6
TSCA CBI Outside an SSA 56
TSCA CBI Responsibilities 31
TSCA CBI Storage 59
Chapter 5: Procedures Violations -93- October 20,2003
-------�
TSCACBI PROTECTION MANUAL
TSCA Security Staff (see 'TSS") 2, 6,44, 58
TSCA-Related Contract 22
TSS 2, 39,40,44, 51, 58, 74, 80, 82
TSS Investigation 80
U.S. Office of Personnel Management 21
U.S. Postal Service 65
Unaccounted-For Documents 12,14,15, 21, 25, 32, 79
Unaccounted-For Materials 32, 37
Unauthorized Access 6
Unauthorized Disclosure 22, 79, 83
Unauthorized Disclosure Procedures 25
Using and Handling TSCA CBI 71
Using Computers to Work With TSCA CBI 73
Verifying Access 11
Videotape 72
Violations 79
Violations by Contractor Fjnployees 85
Violations by Federal Employees 83
Violations of this Manual's Procedures 83
Visitors in SSAs 55
Visitor's Log 54
Voicemail 68
Volunteers 9
Working Papers 6, 60, 61, 76
Chapter 5: Procedures violations -94- October 20,2003
-------�
TSCA CBI PROTECTION MANUAL
CONTACTS
Questions about the procedures in this Manual should be directed to:
Director, Information Management Division
Office of Pollution Prevention and Toxics (7407M)
Environmental Protection Agency
1200 Pennsylvania Avenue, NW
Washington, DC 20004
(202) 564-0970
Other sources for information are:
OPPT, Document Control Officer
Records and Documents Management Branch
Information Management Division
Office of Pollution Prevention and Toxics (7407M)
Environmental Protection Agency
1200 Pennsylvania Avenue, NW
Washington, DC 20004
(202) 564-0970
Chief, Records and Documents Management Branch
Office of Pollution Prevention and Toxics (7407M)
Environmental Protection Agency
1200 Pennsylvania Avenue, NW
Washington, DC 20004
(202) 564-0970
Chief, TSCA Security Staff
Environmental Assistance Division
Office of Pollution Prevention and Toxics (7408M)
Environmental Protection Agency
1200 Pennsylvania Avenue, NW
Washington, DC 20004
(202)564-8170
Director
Office of Pollution Prevention and Toxics (7401M)
Environmental Protection Agency
1200 Pennsylvania Avenue, NW
Washington, DC 20004
(202) 564-3810
Chapter 5: Procedures Violations -95- October 20,2003
-------�
Appendices
-------�
\ Please read Privacy Act Statement and Instructions on reverse before completing this form. OMB No. 2070-0075
United States Environmental Protection Agency
Washington, DC 20460
TSCA CBI Access Request, Agreement, and Approval
Section I. - Access Request
1. Name (Last, First, Ml)
4. Requestor (Agency/Office/Division/Branch)
2. 9-Digit ID Number (e.g.. SSN)
5. Document Control Officer (DCO)
3. Telephone Number
6. DCO Telephone Number
7. TSCA Sections for which access is
required. Check all that apply. Use blank
space to request other sections not listed.
ALL
-OR-
4 5 6 8 12
13
21
8. Justification for TSCA CBI access.
Select appropriate code from instructions on
reverse side. (Check one for all that apply). A
Other
List Justification on reverse side
Section II. - Contract Information - Contractor Employees Only
9. Employer's Name
11. Contract Number
10a. Employer's Address
lOb. City
12. EPA Project Officer
10c. ST
10d. Zipcode
13. EPA Project Officer Telephone
Section III. - OPPT Secure Storage Area Access - HQ Federal and HQ Contractor Employees Only
14. Check if EPA ID Badge is required.
| | Yes (New) | | Need Replacement | | No (List Present EPAlD Badge Number ( )
15. List OPPT Restricted areas by Division to which physical access is required.
Home Division (24 hour access)
Other Divisions (6A.M. - 6P.M. only)
Access to CBIC Only
IMD (DCO and IMD Computer Rms.)
16. List OPPT areas by Division and Room Number for which Alarm Activation/Deactivation Authority is requested.
Section IV. - Confidentiality Agreement
I understand that I will have access to certain Confidential Business Information submitted under the Toxic Substances Control Act (TSCA, 15 USC
2601 et seq.). This access has been granted in accordance with my official duties relating to Environmental Protection Agency programs.
I understand that TSCA CBI may be used only in connection with my official duties and may not be disclosed except as authorized by TSCA and
Agency regulations. I have received a copy of, and understand the procedures set forth in, the TSCA CBI Protection Manual. I agree that I will treat
any TSCA CBI furnished to me as confidential and that I will follow these procedures.
I understand that under section 14(d) of TSCA (15 USC 2513(d)), I am liable for a possible fine of up to $5,000 and/or imprisonment for up to one year
if I willfully disclose TSCA CBI to any person not authorized to receive it. In addition, I understand that I may be subject to disciplinary action for
violation of this agreement with penalties ranging up to and including dismissal.
I understand that my obligation to protect TSCA CBI, which has been disclosed to me as part of my official job duties, continues after either termination
of my assignment or termination of my employment.
I certify that the statements I have made on this form and all attachments thereto are true, accurate, and complete. I acknowledge that any knowingly
false or misleading statement may be punishable by fine or imprisonment or both under applicable law.
17. Signature of Employee
18. Date
Section V. - Requesting Official Approval
19. TSCA CBI Security Briefing
22. Date Received
DCO Code «
Barcode
Date
20. Name and Signature of Requesting Official. (Immediate Supervisor - EPA Project Officer for
Contractors) As the immediate supervisor of (or the EPA Project Officer for) the above mentioned
employee. 1 certify he/she has successfully completed a TSCA CBI Security Briefing on the date shown.
Name
Signature
23. Approved (TSCA Security Official Signature)
Status Code
Alarm Zones
21. Date
24. Approval Date
Data Entry Date and Initials
1. 2.
EPA Form 7740-6 (Rev. 10-03). Replaces previous version of 7740-6 and 7740-6A.
-------�
Paperwork Reduction Act Notice
The public reporting burden for the collection of information is estimated to average 1 .6 hours per response. This t- includes time for
reviewing instructions, gathering and maintaining the needed data, and completing and reviewing the collection of informatic: -id comments
regarding the burden estimate or any other aspect of this collection of information to the Chief, Policy and Guidance Branch, ^<>33T), US
Environmental Protection Agency, Ariel Rios Bldg., 1200 Pennsylvania Ave., NW. Washington OC 20460, and to the Office of Information and
Regulatory Affairs, Office of Management and Budget, Washington, DC 20503, marked ATTENTION: Desk Officer for EPA.
Privacy Act Statement
Furnishing your Social Security Number is voluntary, but encouraged. The information on this form is used by EPA to maintain a record of
those persons cleared for access to TSCA Confidential Business Information (CBI) and to maintain the security of TSCA CBI.
Disclosure of information from this form may be made to the Office of Pollution Prevention and Toxics (OPPT) contractors in order to carry out
functions for EPA compatible with the purpose for which this information is collected; to other Federal agencies when they possess TSCA CBI and
need to verify clearance to EPA and EPA contractor employees for access; to the Department of Justice when related to litigation or anticipated
litigation involving the records or the subject matter of the records; to the appropriate Federal, State or local agency charged with enforcing a statute or
regulation, violation of which is indicated by a record in this system; where necessary, to a State, Federal or local agency maintaining information
pertinent to hiring, retention, or clearance of an employee, letting of a contract, or issuance of a grant or other magistrate or adm> .^trative tribunal; in
the course of litigation under TSCA; and to a member of Congress acting on behalf of an individual to whom records in this s> ertain.
Instructions for Form Completion
Section I - To be completed by all
1. List Full Name
2. List 9-Digit ID (e.g., SSN)
3. List Telephone number of person in item 1
4. List Full Acronym of Requesting Office (i.e. EPA Office in which the
individual works or for contractor employees, the EPA Office with whom
the contract is with)
5. List the immediate Document Control Officer for the office in which the
individual works
6. List the telephone number of the Document Control Officer
7. Check the TSCA Sections for which access is requested or check ALL
if applicable
8. Circle the appropriate Access Justification Code
A Employee is an EPA employee or EPA contractor employee whose
work assignments involve the New and/or Existing Chemical Programs of
TSCA. Hence access to the TSCA sections listed in item 7 of this form is
required in performance of his/her duties.
8. Employee is an EPA employee or EPA contractor employee whose
work entails the administration of computer systems housing TSCA CBI.
Hence access to toe TSCA sections listed in
item 7 of this form is required.
C. Employee is an EPA employee or EPA contractor employee whose
work entails physical security or maintenance for TSCA CBI secure
storage areas. Although employee will not actually
work with any TSCA CBI materials, access to lite TSCA sections fsted in
item 7 of this form is required.
D. List Justification here
Section II - To be completed by Contractor
Employees only
9. List Employer's name
lOa-d. List Employer's address
11. List Contract number
12. List EP* Project Officers name
13. List EPA Project Officer's telephone number
Section III - To be completed by HQ Federal
and HQ Contractor employees only
NOTE: These procedures apply only to employees requiring access to
OPPT Secure Storage areas. All others follow standard Agency
procedures.
14. Check either box a, b. c or (c&d) for EPA ID badge or Contractor
Building Pass. If box c is checked, write in badge number.
a. Yes - Check if new employee getting first EPA ID Badge. (New
programmed badge)
b. Need Replacement - Check if replacement ID Badge is needed
(replacement badge)
c. No - Existing badge needs programming. List ID Badge no.
15. Check and list OPPT secured areas for which access (via electronic
door control system) is required. List Division acrrivms for the requested
areas.
Home Division - List Division in which employe1 works
Other Divisions - List other OPPT Divisions for which unrestricted
daytime access is requested
CBIC Only - To be checked for those who only need to access the
Confidential Business Information Center.
IMD Areas - Employees who need to regularly access the IMD Document
Control Office Suite should circle DCO in the fourth block. Only IMD staff
and contractors who work in IMD computer rooms should circle IMD
Computer Rooms.
16. List OPPT areas by Division and Room numbers for which Alarm
Activation/DeactivatJon authority is requested. Generally, this is
employees home Division only.
Section IV - To be completed by all
17. Employee Signature (must be original)
18. Signature Date
Section V - To be completed by all
19. Ente date employee attended TSCA CBI Security Briefing
20. Immti.ate Supervisor/EPA Project Officers name and sign.
21. Date of signature
Section VI - To be completed by OPPT Security
-------�
TSCA CBI Protection Manual
Appendix B
PLEASE READ THE INSTRUCTIONS ON THE REVERSE SIDE BEFORE COMPLETING THIS FORM.
(Please Print or Type - Do not mark In shaded areas)
A CQJV WMMngm. O.C. 20MO
H7\ TSCA CBI ADP USER |
onAgmy
REGISTRATION
i"* "''j>\* -,- ,- ^^^^^^^^^^'^Yfin^t^^L^^i^i^^'^^^^'' '^^ '•- f- ">s - "* "*
^5 f'*-',-if~. •.-,**-' .y^ ™-z-\ ;",^^s!ri;'-'rS'"!5y'W1^*'wt;*s'T**^'*'^*- >V*1W$* tei&ji*!j4tt$tfe^^ - ", :""'
1. User Name (Last, First Ml)
4. Office/Division/Branch/Section (For EPA employees only)
6. Telephone Number (include area code)
8. EPA Region 9. EPA Mail Code
2. Userid 3. Company or Employer
5. Address (Street or P.O. Box)
7. City
10. State 11. Zip Code
12. User Status - Check one: [ ] EPA [ | EPA Contractor [ ] Federal Non-E PA
13. TSCA CBI Security Briefing Date ( 1 I ) Circle TSCA clearance: Sections [ALL! -or- [31 [41 [5] 16) [81 [13) [201 121)
14. Check the type of { ] Database Administrator [ ] Data Entry Staff [ ] Technical Consultant | ] Developer
work to be performed: [ RTP Operations/Systems Staff | ] Retrieval Staff | ] Query (Read Data)
15 Enter the access termination date of the user identified above: (Month: Date: Year: 19 )
* Sect ton III - TSCA Syst^s (see Instnjtt^
16. Mainframe Hardware Code:
16a. Mainframe System to Access (list one):
17. Mainframe Hardware Coda:
17a. Mainframe System to Access (list one):
IB. LAN Hardware Code:
'AaettBik* > "$ 'V' '" '^ao' |YHnfK£*"""'t i
;jfaturait fuate:?, , .,/,^,., 1,. ibv-.:- ^ ^ / >*%
'•ACCOfiB^t'* ''X, '•, TSO M *fl:s
^^^»^LL^^^' -- <--' \
19. LAN Hardware Code:
< SectJOw n^» signature «OiwiRr{f*witt"W iwiow rrocwssiinii -.'";.
JO. Requesting Official Name (Type or Print):
21. Signature of Requesting Official (Required)
24 Document Control Officer Name (Tyoe or Print):
25. Signature of Document Control Officer (Required)
,- ' ,,-,,*, ::.-;,,?, - - , _. %5 ^ ,
RETORNTAtLfiiatESTSTO; && B*VTHONIIEWrA^PrTOTCCTK»*CENCy,OI
. , " -- , w^»Mmj&<^mww^i&i&kM*u$
22. Request Date:
23. Phone Number:
26. Date Signed:
27. Phone Number
FW^OFPCrtiUTKWPflCTENT^^ ? „
rftEEt^-W^WASWWtON,!^ 20480 '- "f
' , . : -, SecUonV -Signature (For Mat^^ ; . ; ; : ':,-
28. MalnfrarrworiANCoordriartor'sSigrtaiurB: "r'": " -
-
*&.&&&«*£«£. \: - """ -
30. Date Processed; - ~
-^DateCompte^ , "
HA r-orm //4u-iiD (iu/aii)
Printed on Recycled Paper
-------�
Section I: Action - Chock an appropriate bi
TNs section gives the user in explanation of each action.
[) Assign New U and tnttal Password
Check this torn I the applicant doaa not have Mainframe or LAN access.
Complete ad (ems in Suction II. except 2 and 15. For Mainframe access.
the ua*r muat akto request access to at toast em system; therefore 'Add
Uaar to Accounts' muat also ba chocked. The desired systam(s) which tha
uaar naada access should ba Identified In Sactlon III.
|] AddUseVtoAccounts
Cheek this Hem I the user already has access to the Mainframe.
Complete afl lema In^eaion It. except 14. The desired system(s) which
the user needs access should be Identified in Section III.
[] Update User Information
Check this Hem I the user needs to update employment Information.
Complete al appRcabte Information In Section II. Including Hem Z kerns
13.14. and IS. hi Section II need not be completed.
(] Delete User from Accounts,
Check this Hem I the user no longer needs accesa to specific systom(s).
Tha user wil not be deleted from the hardware, but wH be deleted from
tha systems Identified In Section III. Therefore, complete Section III and
Hems 1.2. and 3 hi Section H.
[) Delete User from al Systems
Check this tern I the user no longer needs access to the Mainframe and
LAN hardware. Thia should be checked whan a person l«rminalea
empbyment or no longer needs accesa to any TSCA system.
Section •: Users Assigned to
This section raters to the appllcanfa actual employment duty station. (I.e. If the applicant
la a cutiutlui and works at an EPA fadtty. the address information is the EPA sie.)
Enter the name of the users to be added to. or deleted from the system.
Dae the last name, first name, and middle initial format.
For mainframe users, enter the three character userid assigned to the user
identified In lam 1 above. If the user needs a userid. leave this Hem
blank. Uaerkte are not required for LAN users.
Enter the user's employer or company name.
Enter the office, dMsfcn, branch, and section of the user. This applies to
EPA employees only.
Enter the user's mailing address.
Enter the user's telephone number.
Enter the user's actual mailing city.
Enter the user's Region.
Enter the user's mail code.
Enter the user's 2-digit maiBng stale abbreviation.
Enter the user's 5 or 9-dgt mailing ZK> code.
Sett-explanatory
Enter last briefing date. Circle at) sections of TSCA which the user is
authorized to access.
Cheek the bbck which describes the task the user will perform.
Enter the dale on which the user wfl no longer need access.
Hem 4:
Hem 5:
Item 9:
Hem 7:
Item ft
Item ft
Hem 10:
Hem 11:
Item T2:
Item 13:
Mem 14:
Hem 15:
accttenlfc TSCA Systems - This section oonttAw a eolectlon of hardware and systems to access. Each registration form aBows users to request access to two
tUrtames and two LANs. Each hardware type to (dammed by a cod. which should be entered k, tN.s-c.ton Use the Hst below to assist In aetecTno th« desired
TSCA hardware and systems to accesa.
Items 16 a 17:
Items I6a A I7a:
Rama 18 • ifc
Er^O»M«inrran»rMflMam<9ode to wt^accm is requested. Only one coda shook) ba entered per Item. To obtain access to the IBM 4381
Coflfider*M(C8l) Production, enter 00* A. To obtain access to the BM ES9000 NorvConfldertial (NC8I) Producton and Development. enter
code B.
Enter the Mainframe system to which access la requested CMy one system should be entered per Mem. The systems on the IBM 4381 CBI
MaMrame are: CICISCCID FaeHy (CCF), CAIH. CCtO. CHEMD. CIOS. CUS. DAPSS, DMIS, PENTA. SATS. TUPS. Level 8(a). and Batch
nsMrisMaif (Brty
The systems on the ES90DO NCR Production are: CECATS. CICIS, Batch Retrieval (BR) and MITS.
The systems on the ES9000 NCBI Development are: CICIS/CCID FacHy (CCF). CAia CCID, CHEMD, CICIS. CUS. DAPSS DMIS PENTA.
SATS, TUPS. Level 8(a). MITS. CECATS. and Botch Retrieval (BR). '
Ef^tfw LAN hanfwaraoode to which acnes Is requested. Only one code should be entered. To obtain access to Ihe CBITS LAN enter code C
To obtain acceas to the AdmMetratfve LAN. enter code D. To obtain acceea to the Image Processing LAN. enter code E. To obtam access to the
New Chemical LAN, enter code f.
For NCC and Operations Staff: To obtain maMrame
System to Accesa (Hat one)' field.
~toatr»aporaDriater>ardwareaxteandertertr»fc^
Section IV - Signature Authority (Raquln
tore Processing): No request wfl be propcesssd without the proper ckjnaturea.
top* Mifhrough and 23 should to be completed by tr» r^uesting Omdal wt» te autr»rbed to approve request. This person should be the supervisor of the applcant
fe-jj n tom 1 of G
-------�
I TSCA CBI Protection Manual Appendix C
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON, D.C. 20460
^^ OFFICE OF
MEMORANDUM PREVENTION. PESTICIDES AND
TOXIC SUBSTANCES
SUBJECT: Request for EPA Identification Badge
FROM: Carolyn Thornton
OPPT Document Control Officer
Information Management Division
Records and Docket Management Branch (7407)
TO: C. Steve Ziegler
Acting Branch Chief
Security and Property
Management Branch
Facilities Management and
Services Division (3204)
The following FEDERAL/GRANTEE/AARP/ON-SITE CONTRACTOR
employee with TSCA CBI access authorization has requested:
New/Replacement Photo I.D. Badge
~^^^_ New/Replacement RUSCO CARD
Activation/Reactivation of existing RUSCO CARD
~~~~ Fingerprints be taken for background investigation
Requester, please complete the information below to assist
IMD's Records and Docket Management Branch and FMSD's Security
Support Staff in processing your request.
EMPLOYEE NAME:
SOCIAL SECURITY NO.
RUSCO CARD NUMBER:
(BADGE NUMBER NEEDED IF YOU REQUEST
ACTIVATION OF EXISTING RUSCO CARD)
STATUS CODE(s): __
AUTHORITY TO ARM/DISMARM (YES ) (NO
TSCA CBI ZONE
BAR CODE:
AUTHENTICATED BY:
ACTIVATION DATE:
Security Support Signature and Date
Return completed form to:Pam Moseley
TSCA CBI Access Coordinator
OPPT/IMD/RDMD (7407)
internet Address (URL) • http://www.epa.gov
Recyctod/Racyclabto • Printed with Vegetable O» Based Inks on Recycled Paper (Minimum 20% Postconsumer)
-------�
MEMORANDUM
SUBJECT: Request for Building Pass
FROM:
Project Officer/ Federal SEE Monitor
TO: Joyce Stewart
Security Management Staff
I request that the below listed personnel be issued a Building Pass. The following data is
furnished:
NAME DATE OF BIRTH ROOM/TELEPHONE*
COMPANY/GRANTEE:
CONTRACT/GRANT NUMBER;
NORMAL HOURS OF WORK: EXPIRATION DATE:
SPECIAL ACCESS: After 6:30 pm Weekends Holidays
LOCATION: WSM CM-2 FAIRCHILD CRYSTAL STATION
501 14THST ROSSLYN CRYSTAL GATEWAY"
ARIEL RIOS RONALD REAGAN GLOVER(RIGGS)
FRANKLIN COURT
RUSCO CARD NEEDED: YES NO ROOM* MAIL CODE
As Project Officer/Federal SEE Monitor, I certify I have read the memorandum on
instructions for building passes dated 7-8-99 and understand I am responsible for retrieving the
ab-ive building pass(es) should:
1. The individual(s) transfer or terminate and no longer require access.
2. The individual(s) need for access to EPA be changed to less than
24-hours per week.
3. The contract/grant expires.
SIGNATURE TELEPHONE# MAIL CODE
PROJECT OFFICER/FEDERAL SEE MONITOR
EPA ID CARD NUMBER of the DIVISION DATE
PROJECT OFFICER/ FEDERAL SEE MONITOR
(Revised 07/99— all others are obsolete)
-------�
CO
O
>
United States Environmental Protection Agency 0
TSCA Confidential Business Information
Document Reconciliation Certification 3
(D
a
o'
Nanie:__ Organization: Date:
ID Number:. Mail Code: D Federal & Contractor' I
THE TSCA CBI DOCUMENT TRACKING SYSTEM(S) INDICATED THAT THE DOCUMENTS LISTED BELOW
HAVE BEEN LOGGED OUT IN YOUR NAME. PLEASE INVENTORY THESE DOCUMENTS AND INDICATE
THEIR CURRENT STATUS.
Document Logout Login :§
Control Number BarCode Date Date Status |
x'
m
I HEREBY CERTIFY:
D THAT I HAVE INVENTORIED THE DOCUMENT(S) LISTED ABOVE; THE STATUS OF EACH
DOCUMENT IS INDICATED ABOVE.
Q ANNIVERSARY / BRIEFING DATE (circle one).
I ATTENDED MY ANNUAL TSCA CBI TRAINING ON .
SIGNATURE DATE DOCUMENT CONTROL OFFICER DATE
EPA Form 7740-28 (rev. 10-03) $& Printed on Recycled Pape'
-------�
I TSCA CBI Protection Manual Appendix F
Confidentiality Agreement for United States Employees
Upon Relinquishing TSCA CBI Access Authority
In accordance with my official duties as an employee of the United States, I have
had access to Confidential Business Information under the Toxic Substances
Control Act (TSCA, 15 U.S.C. 2601 et seq.). I understand that TSCA Confidential
Business Information may not be disclosed except as authorized by TSCA or
Agency regulations.
I certify that I have returned all copies of any materials containing TSCA
Confidential Business Information in my possession to the appropriate docu-
ment control officer specified in the procedures set forth in the TSCA Con-
fidential Business Information Security Manual.
I agree that I will not remove any copies of materials containing TSCA
Confidential Business Information from the premises of the Agency upon my
termination or transfer. I further agree that I will not disclose any TSCA
Confidential Business Information to any person after my termination or
transfer.
I understand that as an employee of the United States who has had access to
TSCA Confidential Business Information, under section 14(d)of TSCA(15 U.S.C.
2613(d)) I am liable for a possible fine of up to $5,000 and/or imprisonment for
up to one year if I willfully disclose TSCA Confidential Business Information to
any person.
If I am still employed by the United States, I also understand that I may be subject
to disciplinary action for violation of this agreement.
I am aware that I may be subject to criminal penalties under 18 U.S.C. 1001 if I
have made any statement of material facts knowing that such statement is false
or if I willfully conceal any material fact.
Nsme ffl»»s» typt or print)
Signature
EPA 10 Number
Data
EPA Form 7740-16(10-85) Replaces EPA Form 7710-17. COPY 1 — TSCA SECURITY STAFF
which is obsolete.
-------�
TSCA CBI Protection Manual
Appendix G
6BFA
Employ** N*VD«
Wasnington. OC 20460 aoaw ^teur.ty N^mo«f
Employee Separation or Transfer Checklist
Part 1.
To Bt Completed by Emolovt* "" '
Currant Organization ana Locauon ' EHcetiv* 6ata ~~
Mdr aulftrwaroing or mat o» gam
-------�
Privacy Act Statement
Authority
Social Security Number Executive Order 9397 dated November 22,1943.
Forwarding Address: Reorganization Plan Number 3 of December 2.1970.
Purposes and Uses
Social Security Number Disclosure by you of your Social Security Number (SSN) is voluntary. It will
be used to properly identity your records on file with the US. EPA in various program areas from which
you are obtaining certification of clearance. The information gathered will be used only as needed to
complete the clearance process as required by EPA Order 31UX5A.
Forwarding Address: Disclosure by you of your forwarding address is voluntary. It will be used in
forwarding official papers or appropriate information, and to mail documents to you or to a gaining
Government unit or agency.
Effects of Nondisclosure
Social Security Number Withholding the SSN wil cause a delay in the separation process or may result
in your not being cleared for separation.
Forwarding Address Withholding the forwarding adaYeawiO cause a delay m the separation process
or may deter your receipt of outstanding paychecks or other authorized documents.
EPA Form 9110-1 (Rev. 2-81)
-------�
TSCA CBI Protection Manual
Appendix H
United States Environmental Protection Agency
Washington. D.C. 20460
Request for Approval of Contractor Access
to TSCA Confidential Business Information
Requesting Official
Signature
Date
Title and Office
Contractor and contract number (if modification)
I. Brief description of contract, including purposes, scope, length, and other important details. (Continue on the back of this form
if necessary)
II. What TSCA CBI will be required, and why? (Continue on back if necessary)
III. Will computer access to TSCA CBI be required by the contract? If so, explain why end to what extent on the back of this form.
If you approve this request, this office wilt initiate procedures to ensure compliance with the "TSCA-CBI Security Manual"
Approval of the Director. OPPT Information Management Division
Approved (Signature)
Date
EPA Form 774O-17 (Rev. 9-92). Replaces EPA Form 771O-15*, which is obsolete.
-------�
TSCA CBI Protection Manual Appendix I
SPA ACQUISITION REGULATION
1901
09/12/00
1552.235-78 Data Security for Toxic Substances Control Act
Confidential Business Information (Dec 1997).
As prescribed in 1535.007-70(e), insert the following
clause:
DATA SECURITY FOR TOXIC SUBSTANCES CONTROL ACT
CONFIDENTIAL BUSINESS INFORMATION (DECEMBER 1997)
The Contractor shall handle Toxic Substances Control Act
(TSCA) confidential business information (CBI) in accordance with
the contract clause entitled "Treatment of Confidential Business
Information" and "Screening Business Information for Claims of
Confidentiality."
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose TSCA CBI to the contractor necessary to carry our the
work required under this contract. The Contractor shall protect
all TSCA CBI to which it has access (including CBI used in its
computer operations) in accordance with the following
requirements:
(1) The Contractor and Contractor's employees shall
follow the security procedures set forth in the TSCA
CBI Security Manual. The manual, may be obtained from
the Director, Information Management Division (IMD),
Office of Pollution Prevention and Toxics (OPPT), U.S.
Environmental Protection Agency (EPA), Ariel Rios
Building, 1200 Pennsylvania Avenue, Washington, DC
20460. Prior to receipt of TSCA CBI by the Contractor,
the Contractor shall ensure that all employees who will
be cleared for access to TSCA CBI have been briefed on
the handling, control, and security requirements set
forth in the TSCA CBI Security Manual.
(2) The Contractor shall permit access to and
inspection of the Contractor's facilities in use under
this contract by representatives of EPA's Assistant
Administrator for Administration and Resources
Management, and the TSCA Security Staff in the OPPT, or
by the EPA Project Officer.
(3) The Contractor Document Control Officer (DCO) shall
obtain a signed copy of EPA Form 7740-6, "TSCA CBI
Access Request, Agreement, and Approval," from each of
the Contractor's employees who will have access to the
information before the employee is allowed access. In
addition, the Contractor shall obtain from each
employee who will be cleared for TSCA CBI access all
information required by EPA or the U.S. Office o'f
Personnel Management for EPA to conduct a Minimum
Background Investigation.
-------�
BPA ACQUISITION REGULATION
1901
09/12/00
(b) The Contractor agrees that these requirements concerning
protection of TSCA CBI are included for the benefit of, arid shall
be enforceable by, both EPA and any affected business having a
proprietary interest in the information.
(c) The Contractor understands that CBI obtained by EPA
under TSCA may not be disclosed except as authorized by the Act,
and that any unauthorized disclosure by the Contractor or the
Contractor's employees may subject the Contractor and the
Contractor's employees to the criminal penalties specified in
TSCA (15 U.S.C. 2613(d)). For purposes of this contract, the
only disclosures that EPA authorizes the Contractor to make are
those set forth in the clause entitled "Treatment of Confidential
Bus iness Information.*
(d) The Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant tn this contract that require the furnishing of CBI to
the subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor ahall return to the EPA PO or his/her designee, all
documents, logs, and magnetic media which contain TSCA CBI. In
addition, each Contractor employee who has received TSCA CBI
clearance will sign EPA Form 7740-18, "Confidentiality Agreement
for Contractor Employees Upon Relinquishing TSCA CBI Access
Authority." The Contractor DCO will also- forward those
agreements to the EPA OPPT/IMD, with a copy to the CO, at the end
of the contract.
(f) If, subsequent to the date of this contract, the
Government changes the security requirements, the CO shall
equitably adjust affected provisions of this contract, in
accordance with the "Changes* clause, when:
(1) The Contractor submits a timely written request for
an equitable adjustment; and,
(2) The facts warrant an equitable adjustment.
(End of clause)
-------�
TSCA CBI Protection Manual Appendix J
EPA ACQUISITION REGULATION
1901
09/12/00
1552.235-75 Access to Toxic Substances Control Act Confidential
Business Information (Apr 1996).
As prescribed in 1535.007(b), insert the following provision:
ACCESS TO TOXIC SUBSTANCES CONTROL ACT
CONFIDENTIAL BUSINESS INFORMATION (APR 1996)
In order to perform duties under the contract, the
Contractor will need to be authorized for access to Toxic
Substances Control Act (TSCA) confidential business information
(CBI). The Contractor and all of its employees handling CBI
while working under the contract will be required to follow the
procedures contained in the security manual entitled "TSCA
Confidential Business Information Security Manual." These
procedures include applying for TSCA CBI access authorization for
each individual working under the contract who will have access
to TSCA CBI, execution of confidentiality agreements, and
designation by the Contractor of an individual to serve as a
document Control Officer. The Contractor will be required to
abide by those clauses contained in EPAAR 1552.235-70, 1552.235-
71, and 1552.235-78 that are appropriate to the activities set
forth in the contract.
Until EPA has inspected and approved the Contractor's
facilities, the Contractor may not be authorized for TSCA CBI
access away from EPA facilities.
(End of provision)
-------�
TSCA CBI Protection Manual Appendix K
EPA ACQUISITION REGULATION
1901
09/12/00
1552.235-76. Treatment of Confidential Bu»in««» Information
(TSCA) (Apr 1996).
As prescribed in 1535.007-70(c), insert the following
clause:
TREATMENT OF CONFIDENTIAL BUSINESS INFORMATION (TSCA) (APR 1996)
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose confidential business information (CBI) to the
Contractor necessary to carry out the work required under this
contract. The Contractor agrees to use the CBI only under the
following conditions:
(1) The Contractor and Contractor's employees shall (i)
use the CBI only for the purposes of carrying out the
work required by the contract; (ii) not disclose the
information to anyone other than properly cleared EPA
employees without the prior written approval of the
Assistant General Counsel for Information Law or
his/her designee; and (iii) return the CBI to the PO or
his/her designee, whenever the information is no longer
required by the Contractor for performance of the work
required by the contract, or upon completion of the
contract.
(2) The Contractor shall obtain a written agreement to
honor the above limitations from each of the
Contractor's employees who will have access to the
information before the employee is allowed access.
(3) The Contractor agrees that these contract
conditions concerning the use and disclosure of CBI are
included for the benefit of, and shall be enforceable
by, both EPA and any affected businesses having a
proprietary interest in the formation.
(4) The Contractor shall not use any CBI supplied by
EPA or obtained during performance hereunder to compete
with any business to which the CBI relates.
(b) The Contractor agrees to obtain the written consent of
the CO, after a written determination by the appropriate program
office, prior to entering into any subcontract that will involve
the disclosure of CBI by the Contractor to the subcontractor.
The Contractor agrees to include this clause, including this
paragraph (b) , in all subcontracts awarded pursuant to this
contract that require the furnishing of CBI to the subcontractor.
(End of clause)
-------�
jndix L
CONTRACTOR INFORMATION SHEET
CONTRACTOR TSCA CBI ACCESS/TRANSFER
1. Contractor Name (fatal subcontractor on separata contractor inteniMtion«hMti)
2. Contract
Number
3. Prime,
Sub
4. Corporate Address
5. Site Address (where TSCA CBI Witt be stored)
6. List Previous Contract Number if renewal
a) Name
b) Soc. Sec. No.
c) Telephone
d) Address/Mail Code
7. EPA Project
Officer
8. EPA DOPO/WAM
9. EPA Task Mgr.
10. Contractor
Project Officer
11. Contractor DCO
12. Contractor Alt.
DCO
13. Description of duties to be performed by contractor that require TSCA CBI access (use attachment if necessary):
14. By Section of TSCA, type(s) of data to be accessed:
!5a. Will CBI be
transferred off EPA
site under contract?
(Y/N)
I5b. If CBI will transferred to
a site other than listed in
Hern 5 above. Pst site.
16a. Has a contractor Security
Certification Statement been
approved by TSCA Security Staff?
(Y/N)
16b. TSCA Security Staff
Facility Inspection Date.
17. Desired Date for
access to commence
18. Access desired until
what date?
19. Contract Expiration Date
20. Is contract
renewable?
21. EPA Project Officer Signature and Date
Please return this form with a copy of:
1. Statement of Work, 2. EPA form 7740-17,3. CBI Clause from contract, and 4. Security Certification Statement
to: U.S. EPA, TSCA CBI Access Staff, TS-790,401 M Street, SW, Washington, DC 20460
(202-260-1532)
EPA Form 7740-27 (10)92)
Printed on Recycled Paper
-------�
Privacy Act Statement
Collection of the information on this form is authorized by Section 14 of the Toxic
Substances Control Act (TSCA), 15 USC 2613. EPA uses this information to maintain
a record of those persons cleared for access to TSCA Confidential E siness Information
(CBI) and to maintain the security of TSCA CBI.
Disclosure of this information may be made to Office of Pollution Prevention and Toxics
(OPPT) contractors in order to carry out functions for EPA compatible with the purpose
for which this information is collected; to other Federal agencies ien they possess
TSCA CBI and need to verity clearance of EPA and EPA contra^or employees for
access; to the Department of Justice when related to litigation or anticipated litigation
involving the records or the subject matter of the records; to the appropriate Federal.
State, or local agency charged with enforcing a statute or regulation, violation of which
is indicated by a record in this system; where necessary, to a State, Federal, or local
agency maintaining information pertinent to hiring, retention or clearance of an employee,
letting of a contract, or issuance of a grant or other magistrate or administrative tribunal;
to opposing counsel in the course of settlement negotiations; and to a member of
Congress acting on behalf of an individual to whom records in the system pertain.
Furnishing the information on this form, including your Social Security Number, ;s
voluntary but may prevent the contracting organization from being given access to TSCA
CBI and may therefore make impossible the performance of any task which requires
access to TSCA CBI.
-------�
TSCA~ CBI Protection Manual
Appendix M
CHECKLIST #1
PAGE 1 OF 3
CONTRACTOR CHECKLIST FOR
TSCA CBI ACCESS
ITION MUST BE SUBMITTED BY THE EPA PROJEC
TO THE TSCA CBI ACCESS COORDINATOR)
OFFICER
Yes_
Yes_
Yes_
Yes
_/No_
_/No_
_/No_
/No
Will this contract expire within 90 days?
CONTRACT EXPIRATION DATE
Will this be a new or recompeted contract?
Are you the PRIME CONTRACTOR?
Will you have a SUBCONTRACTOR(s)? If yes, you will have to submit all the
below required forms on them. They will be printed under one Federal Register
Notice with their Prime Contractor.
Memo requesting "TSCA CBI Access Authorization** for the CONTRACTOR, from
your Division Director to:
Director
Information Management Division (7407M)
Office of Pollution Prevention & Toxics
1200 Pennsylvania Ave., NW
Washington, D.C. 20460
SITE INSPECTION MEMO (If the site is new, and will be maintaining CBI, they must be
inspected/approved in writing by the TSCA Security Staff (TSS) of BAD. If this is a
recompete and the same site is being used, and there is a gap of more than 1 month between
the expired and start of the new contract, that facility must be reinspected and verified in
writing by TSS also. Address your memo to request a site inspection as follows:
Memo from your Division Director to;
Director
Environmental Assistance Division (7408M)
Office of Pollution Prevention & Toxics
1200 Pennsylvania Ave., NW
Washington, D.C. 20460
-------�
CHECKLIST #1 PAGE 2 OF 3
CONTRACTOR CHECKLIST FOR
TSCA CBI ACCESS
(Continued)
EPA Fm 7740-17 (REQUEST FOR APPROVAL OF CONTRACTOR ACCESS TO
TSCA CBI)
EPA Fm 7740-27 (CONTRACTOR INFORMATION SHEET - CONTRACTOR
TSCA CBI ACCESS/TRANSFER)
SOW
PERIOD OF PERFORMANCE dates (START & END DATES) for the Base and Four
Option Year.
Yes /No TSCA CBI CLAUSES (From the 1996 version of the EPAAR) included or by
reference? If these are not in the approved & signed contract, the EPA Project
Officer must have a modification to contract that will add these clauses. TSCA
CBI clearance cannot be granted to either the contractor or its employees,
without these clauses in the contract.
LIST OF STAFF (Those who will have access under this contract to TSCA CBI.
WAIVER LETTER (Immediate access to CBI can only be granted by the IMD/DD via a
waiver prior to publication in the FR. If you feel one is needed, you must provide a very
strong justification for the IMD Division Director)
SUBJECT: Request Approval for Interim Access to TSCA CBI for CONTRACTOR
COMPANY NAME) under Contract #
FROM: Office Manager's Name and Title
Branch and Division Name (MAIL CODE)
TO: Director
Information Management Division (7407M)
Office of Pollution Prevention & Toxics
1200 Pennsylvania Ave., NW
Washington, DC 20460
Draft FRN (TSCA CBI ACCESS COORDINATIOR WILL TAKE CARE OF THIS)
-------�
CHECKLIST #1 PAGE 3 OF 3
CONTRACTOR CHECKLIST FOR
TSCA CBI ACCESS
(Continued)
ACCESS is normally granted to the contractor 5 days after publication date in the
REGISTER, unless an approved waiver for immediate access has been approved by the
IMD/DD. Contractor Employees cannot be granted access to TSCA CBI prior to the approval
of the Contractor. Forward all completed packages to:
U.S. EPA
ICC Building, Room 6104
IMD/RDMB (7407M)
1200 Pennsylvania Ave., NW
Washington, D.C. 20460
Attn: Pam Moseley
202-564-8956
-------�
TSCA CBI Protection Manual Appendix N
PAGE 1 OF 2
CHECKLIST #2
CONTRACTOR EMPLOYER CHECKLIST FOR
TSCA CBI ACCESS
(ALL INFORMATION MUST BE SUBMITTED BY THE EPA PROJECT OFFICER
TO THE TSCA CBI ACCESS COORDINATOR)
Request for Building Pass memo (From the PO or FM, addressed to the Security
Management Staff) The original must go with you to get your photo I.D., IF
APPLICABLE
Request for EPA Identification Badge (From the OPPT DCO) The original must go
with you to get your photo I.D., IF APPLICABLE
EPA Fm 7740-06 (TSCA CBI ACCESS REQUEST, AGREEMENT AND
APPROVAL) A copy of this must go with you to get your photo I.D.
EPA Fm 7740-25 (TSCA CBI ADP USER REGISTRATION) IF APPLICABLE
SF86_(QUESTIONNAIRE FOR NATIONAL SECURITY POSITIONS)
Must be the "Revised Sep 95" version
Any cross-outs must be initialled by the applicant
— The Social Security Number must be at the bottom of each page as
noted.
There must not be any gaps in "Residence"
There must not be any gaps in "Employment"; even if you are
unemployed, you must show the periods of unemployment within
the flow of your employment record.
— If you were not bom in the U.S. (Naturalized, etc.) you must
provide the "Place of Birth"
- Any one you list in ITEMs 13 and 14, whose "Country of Birth" or
"Country of Citizenship" is not the U.S.A, you must provide their
"certificate/registration" in ITEM 15.
Make sure you sign andHate pages "9", "10", and the "Medical
Release Form"
Fingerprint Cards- "FD258 Applicant" version (2) (These must go with you
when you get your photo I.D. Completed cards must be returned to TSCA CBI
Access Coordinator)
IF YOUR SECURITY OFFICE WILL BE SUBMITTING PAPERWORK FOR
THE MBIs OR NACIs, PLEASE SUPPLY DOCUMENTATION AS TO WHEN
THE MBI/NACI REQUEST WAS INITIATED OR COMPLETED FAVORABLY.
-------�
PAGE 2 OF 2
CHECKLIST #2
)R EMPLOYEE CHECICLTST FOR
TSCA CBI ACCESS
(continued)
Watch the TSCA CBI Security Video. Make arrangements through your DCO or
call 202-564-8956. Obtain a copy of the TSCA CBI Security Manual.
_____ QPM Fm 147-4 (Reimbursement of OPM Invest.): The fee is $375.00; Contact the
OPPT/DCO, or contact the TSCA CBI ACCESS COORDINATOR at 202-564-8956.
BADGE ISSUE: On-site contractor must to take the following papers to the West
Tower I.D. Desk for EPA Badges:
-Original "Request for Bldg Pass Memo"
-Original "Request for EPA I.D. Badge Memo1*
-Copy of EPA Form 7740-6
TSCA CBI ACCESS COORDINATOR FILES: The following must be filed in the
individual's i ess files:
-Copy of "Re c-st for Building Pass Memo"
-Copy of "Request for EPA I.D. Badge Memo"
-Original EPA Form 7740-6
-Copy of EPA Form 7740-25
ADP USER ACCESS; (For access to the CBI LAN) Provide an original copy of
EPA Form 7740-25 to the CHIEF, INFORMATION TECHNOLOGY AND
SUPPORT BRANCH of 1MB.
NOTE; All of the above actions (with the exception of the hist item) must be completed
and submitted to the TSCA CBI Access Coordinator, prior to granting contractor
employees access to TSCA CBI. Contractor Employees cannot be granted access to TSCA
CBI prior to the approval of the Contractor. Forward all completed packages to;
U.S. EPA
ICC Building, Room '104
IMD/RDMB (7407M,
1200 Pennsylvania Ave, NW
Washington, D.C. 20460
Attn; Pam Moseley
202-564-8956
-------�
I TSCA CBI Protection Manual
Appendix O
Standard Form 86
Revised September 1995
U.S. Office of Personnel Management
5 CFR Parts 731, 732, and 736
Fonn •ppravtct:
O.M.& No. 32064007
NSN7S40-OM344036
80-111
Questionnaire for National Security Positions
Follow instructions fully or we cannot process your form. Be sure to sign and date the certification statement on page 9 and
the release on page 10. If you have any questions, call the office that gave you the form.
Purpose of this Form
The U.S. Government conducts background investigations and
reinvestigations to establish that military personnel, applicants for
or incumbents in national security positions, either employed by
the Government or working for Government contractors.
licensees, certificate holders, and grantees, are eligible for a
required security clearance. Information from this form is used
primarily as the basis for investigation for access to classified
information or special nuclear information or material. Complete
this form only after a conditional offer of employment has been
made for a position requiring a security clearance.
Giving us the information we ask for is voluntary. However, we
may not be able to complete your Investigation, or complete It In a
timely manner. If you dont give us each Item of Information we
request This may affect your placement or security clearance
prospects.
Authority to Request this Information
Depending upon the purpose of your Investigation, the U.S.
Government Is authorized to ask for this Information under
Executive Orders 10450.10865,12333. and 12356: sections 3301
and 9101 of title 5, U.S. Code; sections 2165 and 2201 of title 42.
U.S. Code; sections 781 to 887 of title 50, U.S. Code; and parts 5.
732. and 736 of Title 5, Code of Federal Regulations.
Your Social Security number is needed to keep records accurate,
because other people may have the same name and birth date.
Executive Order 9397 also asks Federal agencies to use this
number to help identify individuals in agency records.
The Investigative Process
Background investigations for national security positions are
conducted to develop information to show whether you are
refable, trustworthy, of good conduct and character, and loyal to
the United States. The information that you provide on this form
is confirmed during the investigation. Investigation may extend
beyond the time covered by this form when necessary to resolve
issues. Your current employer must be contacted as part of the
investigation, even if you have previously indicated on
applications or other forms that you do not want this.
In addition to the questions on this form, inquiry also is made
about a person's adherence to security requirements, honesty and
integrity, vulnerability to exploitation or coercion, falsification.
misrepresentation, and any other behavior, activities, or
associations that tend to show the person is not reliable,
trustworthy, or loyal.
Your Personal Interview
Some investigations wiN include an interview with you as a
normal part of the investigative process. This provides you the
opportunity to update, clarify, and explain information on your
form more completely, which often helps to complete your
investigation faster. It is important that the interview be conducted
as soon as possible after you are contacted. Postponements will
delay the processing of your investigation, and declining to be
interviewed may result in your investigation being delayed or
canceled.
You will be asked to bring identification with your picture on it,
such as-a valid State driver's license, to the interview. There are
other documents you may be asked to bring to verify your identity
as well. These include documentation of any legal name change.
Social Security card, and/or birth certificate.
You may also be asked to bring documents about information
you provided on the form or other matters requiring specific
attention. These matters include alien registration, delinquent
loans or taxes, bankruptcy, judgments, liens, or other financial
obligations, agreements involving child custody or support.
alimony or property settlements, arrests, convictions, probation,
and/or parole.
Organization of this Form
This form has two parts. Part 1 asks for background
information, including where you have lived, gone to school, and
worked. Part 2 asks about your activities and such matters as
firings from a job. criminal history record, use of-illegal drugs.
and abuse of alcohol.
In answering all questions on this form, keep in mind that your
answers are considered together with the information obtained in
the investigation to reach an appropriate adjudication.
Instructions for Completing this Form
1. FoUow the instructions given to you by the person who gave
you the form and any other clarifying instructions furnished by
that person to assist you in completion of the form. Find put how
many copies of the form you are to turn in. You must sign and
date, in black' ink, the original and each copy you submit. You
should retain a copy of the completed form for your records.
2. Type or legibly print your answers in black ink (if your form is
not legible, it will not be accepted). You may also be asked to
submit your form in an approved electronic format.
3. AH questions on this form must be answered. If no response
is necessary or applicable, indicate this on the form (for example,
enter "None" or "N/A"). If you find that you cannot report an
exact date, approximate or estimate the date to the best of your
ability and indicate this by marking "APPROX.* or •EST."
4. Any changes that you make to this form after you sign it must
be initialed and dated by you. Under certain limited
circumstances, agencies may modify the form consistent with
your intent
5. You must use the State codes (abbreviations) listed on the
back of this page when you fill out this form. Do not abbreviate
the names of cities or foreign countries.
6. The 5-digit postal ZIP codes are needed to speed the
processing of your investigation. The office that provided the
form will assist you in completing the ZIP codes.
7. All telephone numbers must include area codes.
8. All dates provided on this form must be in Month/Day/Year or
Month/Year format. Use numbers (1-12) to indicate months. For
example, June 8,1978. should be shown as 6/8/78.
9. Whenever "City (Country)11 is shown in an address Mock, also
provide in that block the name of the country when the address is
outside the United States.
«.
10. If you need additional space to list your residences or
empioyments/self-employments/unemployments or education.
you should use a continuation sheet. SF 86A. If additional space
is needed to answer other items, use a blank piece of paper.
Each blank piece of paper you use must contain your name and
Social Security Number at the top of the page.
-------�
Final Determination on Your Eligibility
Final determination on your eligibility for access to classified
Information is the responsibility of the Federal agency that
requested your Investigation. You may be provided the
opportunity personally to explain; refute, or clarify any
Information before a final decision is made.
Penalties for Inaccurate or False Statements
The U.S. Criminal Code (title 18. section 1001) provides that
knowingly falsifying or concealing a material fact is a felony
which may result in fines of up to $10.000. and/or 5 years
imprisonment, or both. In addition, Federal agencies generally
fire, do not grant a security clearance, or disqualify individuals
who have materially and deliberately falsified these forms, and
this remains a part of the permanent record for future
placements. Because the position for which you are being
considered is a sensitive one. your trustworthiness is a very
important consideration in deciding your eligibility for a security
clearance. Your prospects of placement or security clearance
are better if you answer all questions truthfully and completely.
You will have adequate opportunity to explain any Information
you give us on the form and to make your comments part of the
record.
Disclosure of Information
The information you give us Is for the purpose of Investigating you
for a national security position; we will protect It from unauthorized
disclosure. The collection, maintenance, and disclosure of
background investigative Information Is governed by the Privacy
Act The agency which requested the investigation and the agency
which conducted the Investigation have published notices In the
Federal Register describing the systems of records in which your
records will be maintained. You may obtain copies of the relevant
notices from the person who gave you this form. The Information
on this form, and Information we collect during an investigation may
be disclosed without your consent as permitted by the Privacy Act
(5 USC 552a (b)) and as follows:
PRIVACY ACT ROUTINE USES
nt t
of; or
1. To fie Department of Juettoo where (a)tho agency or any comp
(b) any employee of Vw agency In hie or tar official capacity; or (c) any employee of
the agency to Ma or har Individual capacity where the Department of Jurtoe haa
ttlgatlon or haa Maraat ki weh ttfcjatton. and by caraU review, tie agoncy
datarmlnaa vtvt Via racoroa ara boot rawvant MM naoaasary to Via ittQatton and Via
uaa of Midi racoroa fay tha DapareTnant of ihjatlca to Viaratora daaroad by tna apjoncy
tobefarapurpeoofliella cornpett^v^lwipurpoee tor which fteeBencycolected
5. To a Federal. Stale. local, foreign, Meal, or other puMe authority tha tact that tht»
«yi ki nature, and whether arWng by general ctatule. particular program
staue, raguMtan. rule, or order laaued punuant (hereto, tha relevant rocorde may be
iproprjada anaiaa or IndMduala. or
toraign govamnanta. in ordar ID
anatato an imaMgane* agancy » cany out tta raaponafclllilet undar tna National
Sacurty Act o« t947 aa amandad. tha CIA Ad of W4» aa amandad. Exacuft* Ordar
mnorany »uecaaaer ordar. appteabto radonal aaarty oTraeavaa. or eU*aNad
^_^ ___ Slala.^Jocal^ tnbal. or otMrpubNc
authorty raaponaMa IDT antordnpj^ InvaaVQaVnQ or proaacuanQ aucti violation or
cnarpjad vAh antorcino or vnpMHiianvnQ Via mtietaj rula( rapjulatlon, or oidar.
pfooaduraa approvad by Via AOomay Qanafal and promulQatad
purauanl to auch itatutaa, ordara or dkactfvaa.
9« To a Marnbar of Conpjraaa or to a ConQfaaaional Mtul mambar hi raaponaa to an
4. To any i
coma of an kwaadpjaoon conoatfvnQ Via IwInQ or latanvon of an antptoyaa or otfiar
paraoimal acVon, or Via laaukiQ or ratanaon of a aacuniy daaranca, contract, pjranc
•canaap or oViar banaax to Vta axtant naoaaaary to (danwy Via IndMduai, Infonn Via
tourcaof Ota natira and purpoaa of *• invartgation. and » Uantty ttatypaot
information ivojuaatadL
Written Viafacord la fnkintBinaow
Ip-Toiha National Archlvaa and Racorda AdmWatraBon for racorda management
11. To the Office of Management and Budget when nacaaaary to tw review of private
raMlegleladoa
STATE CODES (ABBREVIATIONS)
Mabama
Ataaka
Artana
CaMonva
Colorado
Connacocut
Georgia
American Samoa
Trust Tenttory
AL Ha«Ml
AK
AZ
AH
CA
CO
CT Kankjcky
DE LouWara
FL Makw
GA Maryland
AS OkjLofColumbki
TT Virgin I
HI
D
L
M
IA
KS
KY
LA
ME
MO
DC
VI
Mkmeaota
Nevada
Naw HampaMra
Naw Jaraay
Guam
M New York
MN NonhCaroikw
MS North Dakota
MO Onto
MT Oklahoma
NE Oregon
NH
NJ
GU
Rhode Wand
SoufiCaroma
aUMaeia^HMai JJairlamaiai
nonnvni wmtiew
NY
NC
NO
OH
OK
OR
PA
n
sc
CM
South Dakota
Taxaa
Utah
Virginia
Wasninpjton
Waal Virginia
Puerto Mco
TN
TX
UT
VT
VA
WA
WV
Wl
WY
PR
PUBLIC BURDEN INFORMATION
Pufaicbufo^n^)ortirqfortnBicolettionrf *ne for reviewing instructions, aaarehing
erfe^ o^ a««a* cohering a^ maMfjnin^ Sand comments regard*^ «*>
burdan «Umaj» or ny ottwr upact of thia ooOecBon rt Wormatioa including iuf^
UAOfncectPMCTnalMeMgamart, 1900EStrMtN.W..ReamCW-50aWiahingttin.B.C.20418. ~ ' ' "'
-------�
Standard Form 86
Revised September 1995
U.S. Office of Personnel Management
SCFR Parts 731.732. and 736
QUESTIONNAIRE FOR
NATIONAL SECURITY POSITIONS
Fonti •pprovod?
O.M.B. NO. 32084007
NSN 7340-00-634-4036
86-111
Part 1
Agency Use Only (Complete Items A through P using Instructions provided by the Investigating agency).
A7""*
Iniimlgitmn I
Location i
B ExM
Coverage |
JSON
LSOI
if Location of Offl-
^ cWPenomel
VrUtm,
M Locauon
of Security
Fakur
U PofOion
Cod* 1
—
—
None
NPRC
At SON
Norw
At Sol
NPI
C SenttMty QAcc*M C Natur
Uvel | | fc Actta
I Portion
Tin*
Other Aoaren
Other AddroM
• of C OlMot Month Day Yev
nCode | Action | | |
ZlPCodo
ZIP Cod*
PmSSSSSim^^
Requeuing
Q Accounting Data and/or
Au*ncv Caie Number
Official
Name end Tide
I
Slgratura
TMepftorw Number
( )
Persons completing this form should begin with the Questions below.
FULL • B you have only IniSaJa in yc«r name, use them and state (10).
NAME* * you have no middle name, enter IUIN.*
• II you area 'Jr..''Sr.."II,-etc.. enter thl» in the box after
your middle name.
-55T
I DATE OF
BIRTH
Last Name First Name
Middle Name
_
Jr.. II. etc.
Month
Day
Year
PLACE OF BIRTH e Use the two letter code lor the State.
SOCIAL SECURITY NUMBER
City
County
Slate Country (a net m me Unnd St*tf$)
OTHER NAMES USED
Give other names you used end (he period of time you used them (tar example: yotrmaitteo name, narne^oya former marrutp*. former name/s;. afias/es/. or
fl. V ttie other name Is your maiden name, put 'nee* In front of it.
n
#2
B
a
Name
Name
IDENTIFYING
INFORMATION
) TELEPHONE
NUMBERS
Month/Year Month/Year
To
Month/Year Month/Year
To
Height (1»ot ana inehts) Weight (pounds)
Work
( )
( )
(includf Ar«u Code and exfansiOrV
NIoM ( >
Name
«3
Name
M
Hair Color
Home {include Area Coc
|( ) Day .
If ) Nlaht *
Month/Year Month/Year
To
Month/Year Month/Year
To
Eye Color Sex (mirk or* box)
I (Female ( |s4ate
*•;
)
a
©
CITIZENSHIP
Mark the box at the right
that reflects your current
citizenship status, and
follow its instructions.
1 am a U.S. citizen or national by birth In the U.S. or U.S.terrttory/possesston. •
Answer Items b and d
Answer Items b, c, and d
Answer Items b and e
fT)Your Mother** Maiden
Name
UNITED STATES CITIZENSHIP " you are a U.S. Citizen, but were not bom in the U.S.. provide information about one or more of the following proofs of your citizenship.
Naturalization Certificate (Whtn were you ntturtllnd?)
Court
r
State
Certificate Number
Month/Dsy/Ysar Issued
Citizenship Certificate (Wh»n n*« the eertrffeafe l*tu»a?)
City
Slate
Certificate Number
Month/Oay/Yaar Issued
State Department Form 240 • Report of Birth Abroad of a Citizen of the United States
Give the date the form
was prepared and give
Month/Day/Year
Explanation
US. Passport
This may be either a current or previous U.S. Passport
Passport Number
MonlhrDay/Year Issued
DUAL CITIZENSHIP Kyouare^ovHwr*; a dual cfflzan of the United States and another
country, provide the name of that country In the space »the right
country
@ ALIEN If you are an alien, provide the following Information:
Place You
Entered the
Unfted States:
Oty State
Month Day Year
1 I
rage i
-------�
WHERE YOU HAVE 1 VED
u» BIO pwco* wnere you nova iwa. neojnni
at a »chod attract, etc. B* sure to specify
hrnM rtrart ¥« i ITMW mTkft tennrkfsww mXtwis
you ived overseas.
Fa any address in the last 5 years, ist a par
completely outside tMa 5-veer period, and dc
•General Oelvary.* a Rural or Star Route, or
Month/Veer Month/Veer
™ fa PltMMflt
ng wnn me moei recent (*i) ana won
ssidence: do not use a post office box
your locate aactoariyaapoeabla: 1
duly locations under 90 days .;*styoui
son who knew you at that address, an
jngDecKZyaars. ADperio
as an address, do not list
or example, do not list only
d who prefen
or other rate
ablystUlivesi
fives). Alsofc
stingtheresid
ds must be accounte- rormyourfir. .sure to
a permanent address when you wen> r^jually iving
your base or ship, ist your barracks number or
id), and you should use your APO/FPO addraea H
n that area (do not Eat people for residences
r addresses in the last five years, if the address is
ance on an attached continuation sheet
Street Address Apt* I CKy {County)
Name ol Parson Who Knows You
MontYYoer MonaVYoar
Street AddrM* AOL*
dty(Coumy)
^MIMl nOQTO&S Aflt. 9
Name ol Person Who Knew You
Month/Year Month/Year
* TO
Street Address Apt*
Sate
ZIP Code
CKy (Country)
Cty (Country)
Apt.
Name ol Person Who Knew You
94 TO
Street Address Apt*
State
ZIP Cod*
CKy (County)
CBy (Country)
State
ZIP Coda
SteetAddress /Mg I CKy (County)
1
Name el Person Who knew You
15 To
Apt*
CKy (County)
State
ZPCod*
Steel Address Apt* 1 CKy (Country)
Name ol Person Who Knew You
Street Address Apt*
CKy (Country)
Stale
ZIP Cod*
Stale
ZIP Code
Tctaphonv NufntMr
Stat*
ZPCode
T*taphon* Number
State
ZIP Code
Telephone Number
State
ZIP Code
Telephone Number
State
ZIP Code
Telephone Number
39 WHERE YOU WENT TO SCHOOL
Ljstt^schoole you ha^attano^ beyond Jurey UstCotegeor
Ujver^d^gmeaandt^ckk*t^we«rec«Code
Month/Year Awarded
ZIP Code
"•fopnono NiNnoor
( >
Page 2
-------�
YOUR EMPLOYMENT ACTIVITIES
UatyourmiploymertMtlvt^ You should list aflhJ-tirr* wort, part-time work, mitary
aMvic^tanporavmiatyQ^ TheenSn»7^B«periodr«3l
aeoounM for without breaks. but you need not IM employments befora your16fc birthday. EXCEPTION: Show aUFederal dvSan serviaTwhettait
occurred within the last 7 yaen or not
• Cod*. Use one of the codes listed betow to identify the type tf employment
1- Acttvemffltory duty stations 5- State Qcrvemmert(Non-Pe
Page 3
-------�
YOUR EMPLOYMENT ACTIVITIES (CONTINUED)
•4 To
Employer's/Verifier's Street Adc
Ires*
EmptayeWerifler Name/MUtary Duty 1 ocatton
Street Address of Job Location (if afferent than Employer's Address)
Supervisor's Name & Street Address (if different than Job Location)
•BIS tarth/Vev MonoVYeer
Ejljl Month/Year MonWYear
§Sjla Month/Year Month/Year
#5 TO
City (Country)
City (Country)
City (Country)
Position Title
Position Tito
Position Title
Your Position Titte/Miltary Rank
State
State
State
ZIP Co*
ZIP Coda
ZIP Code
T«bphon«NwniMr
( )
T6tephono NumtMf
( >
TfMphorwNumlMr
( )
Supervisor
Supervisor
Supervisor
Employer/Verifier Name/MMtary Duty Location
Employer's/Verifier's Street Address
Sbwl AdoVtu of Job liOflftMon (If olffen
mt than Employer's Address)
Supervisor1* Name & Street Address (if different then Job Location)
•• MonWYear Month/Year
B^R^B MOnWTMf MonttVTMT
m **amWYe» MorarirYeiir
Month/Year MonttvYoer 1
•8 To 1
City (Country)
City (Country)
Oly (Country)
Position Tide
romon ime
Position TOe
Code
Your Position Titte/MiEtary Rank
State
State
State
ZIP Coda
ZIP Coda
ZIP Coda
Ttlephor* Number "
( )
TMphon* Number
( )
Telephone Number
( )
Supervisor
Supervisor
EmployerA/orifer NameyMiitaiy Duty Location
Employer's/Venter's Street Address
Street Address of Job Location (if dmerent than Employer's Address)
Supervisor's Nsme& Street Address (If difterent than Job location)
••• MentWVMr hiendWMr
IjQ MontWw MenlhrY«er
^^^ UorAWev Hontrvreir
Ctty (Country)
City (Country)
City (Country)
Position Title
PosifionTide
PosHon Tide
Your Position Titfa/MiHaiy Rank
State
State
State
ZIP Code
ZIP Code
ZIP Code
( )
T«tephon» Number
( )
TMSpflOnv NURstWf
( )
Supervisor
Supervisor
Supervisor
t|m PEOPLE WHO KNOW YOU WELL
anyone vrtio is Istnci elsewrfiere on Otis tarn.
Name
Date* Known
Month/Year Month/Year
To
Home or Work Addrees
C«y (Country)
ZIP Code
12
Name
To
Telephone Number
Home or Work Address
city (gounuy)
13
Name
To
Telephone Number
Homo of Wort Address
City (Country)
State
ZIP Code
Enter your Social Security Number before going to the next page
Page 4
-------�
fc YOUR SPOUSE
w Mark one box to show your current marital sta
B 1- Never married
2 -Married
tus and provide Information about your spouse(s) In items a, and/orb.
B 3- Separated Hs-Oh/crced
4- Lagrty Separated De-Widowed
Ful Name Date of Birth Place of Birth (Incluat country II outtU» trig U.S.) Sodal Security
Other Name* Used ffipccty ma4oen name, na/naa 0y olrW fnamaoe*. ctt^ and Countyfli
Date Married
Place Married (InctuOa country If oufsMvtfwUSJ
If Laoatty Separated. Wham la the Record Located? Oy (Country)
Address of Current Spout*. H different than your current address (Street dry, and country ffoucstieMeUSJ s
Number
«)ofCHt»n»hlp
State
State
tate ZIP Code
Former Spouaafr) Complete the toOovving about your former «pous«(s).uae blank sheets if needed.
Ful Name
CountryO**) of auzerwhlp
Check On*. Then Otve Date
| | Divorced | | WMowed
Date of Birth
Date Married
Montrrt3ay/Y*ar
Place of Birth (InOuO* country Uouttlota* U.S.)
Place Married pnOudf country *outsH*lh»U.SJ
H Divorced. Whar* li the Record Located? Oty (Country)
Address of Former Spouse (Stn»t.aty.*nd country If oualdttntU.SJ
State ZlPCode
State
SUte
State
Tctophofw Number
YOUR RELATIVES AND ASSOCIATES
Give the ful name, correct code, and other requested Wormattonfw each of your relatrves and
1 - Mother (lint) 5 - Foster parent 9-Sister 13 - HatWstar
2-Father (second!) 6-ChUd(adoptedalso) 10-Stepbrother 14-Father-ovlaw
3-Stepmother 7-Stepchttd 11 - Stepsister 15 - Mother-in-law
4-Stepfather 8-Brother 12' Hatf-brother 16-Guardian
King ore
&spc
17- Other Rafcrn*/**
18-Associate*
19 - Aduft Currently LMng With You
• Code 17 (Other Rel8trve)-lncluoe onry foreign national rrtatKmrrt listed In 1-16 w»i whom you w your spouse m
and continuing contact Code 18 (Associates) • Include only foreign national associates with v»hom you or your spouse are toond by affection, obtaatton.
or dose and continuing contact
FuD Name (Hdaeaaaad. cheek box on the
u
u
u
u
u
u
u
u
u
u
u
u
Cod*
1
2
Date of Birth
Month/Day/Veer
Country of Birth
Country(les) of
Citizenship
Current Street Addraa* and Ctty
(Gountfy/ off uvtnQ nttetlVM
Enter your Social Security Number before going to the next page -*
Slat*
Pages
-------�
CITIZENSHIP OF YOUR RELATIVES AND ASSOCIATES
Ityour mother, father. sister, brother, chad, or current spouse or parson with whom you have a spouse-fike relationship la a U.S. citizen by other than birth, or ar
afiireskflnfl Infte I^S.. provide thenatfe of the IndhnduK rebttewMp to you (s£x«.. Spo^ice. Mother. etc.)7and the IndMduarVname and dateof birtr
on the first Vne (Vfe nfcrmatbn « needed to par X aceuratary with Momotion initams 1^ and 14).
On the second irte.jyovldethejr»jtvkluaftrial^^ identify proof of
citizenship statue. Provide additional norrnatlon on thai fine as recjuestsd.
1. NaturalHatlon Certificate: Provide the date
issued and the location when the person VMS
naturafaad (Court. Cly and State).
2. Citizenship Certificate: Provide the«
location lamed (Cky and State).
3. Allen Registration; Provide the date
Md picUS wAwro ttw p6fson entered
the US. (Oty and State).
4. Othen Provide an explanation tot the
Association
fl
Certifcata/Reglslratlon •
AMOdaflon
•2
Ceftfcata/Registralian »
f|^ YOUR MILITARY HISTORY
ID Have you served In the United Stan
Hunt
Documtnt'CoS
Nanw
Document Code
Aodioonasi infofiiieHion
Dale of Birth (MonttVDay/YMf)
Dato of Birth (MontttfDay/Y^ ,
Add^Mormrfon
wmnaiy?
•?
YM No
List al of your mlttaiyservlca below. Including service In Resense. National Guard, and US. Merchart Marine. Start vyttitha most recent period of service
(»1) and work backward. » you had a break hi service, each -^parate period should be fisted.
• Code. Use one of the codes Istedbetow to Wen» jt branch of service:
1-Air Force 2-Army 3-Navy 4- -IneCorps 5-CoastQuard ••Merchant Marine 7 - National Guard
• CVE. Mark'O" block for Officer or'£' block tor Enh«ed.
• Statue. *X* the appropriate block for the status of your service during tie time that you served. If your service was In the National Guard, donotu
an -X^ use the two-letter coda tor the state to mark the bkx*.
• Country. H your service was wlh other than the US. Armed R»e«t.lc^r«ly ^country to wWch you sawed.
MontVYear MoitfvYear
To
Code
(SUM!
County
To
YOUR FOREIGN ACTiVmES
) Do you heve any torelgn property. b>
mnecttons. orflnancW Intorests?
Yes
No
Are you now or have you i
nptoye^byoractada««ccf««1antteratonjignoovenYnBnt1lnn.oracje^
Q Hav« you ever had ary contact wtt a foreleg government Its estabasr^^
Bs >epn»eritalK/edr»earaboro*andr>everna(teshort(one
need to bt each trip. Instead, provide the time period, the code, thecountry. and a note fMany Short TrlpO.
• Do not repeat MveJ covered In Rome 9.10, or 11.
MonDVYear MenlVYew
il To
« TO
Cod*
County
Month/Year MonttvYear
•3 Tr
M re
This eondudM Parti of thtofann. H you haveusedPage «. eontinuation sheets, or blank sheets to complete
any of th» quMtfont hi Part 1 . give *• number tor those questkns In the space to the right
Code
County
Enter your Social Security Number before going to the next page
Page 6
-------�
Standard Form M
Revised September 1995
U.S. Office of Personnel Management
5 CFR Parts 731.732. and 738
QUESTIONNAIRE FOR
NATIONAL SECURITY POSITIONS
Form approved:
O.M.R No. 32064007
NSN 754040434-4038
86-111
Part 2
I ONLY
YOUR MILITARY RECORD
Have you ever received other than an honorable discharge *om the rnWary?
.' provide tr» (late of dtecharge and type of
Yea No
MontvYear
Type of Discharge
YOUR SELECTIVE SERVICE RECORD
{£) AM you a mate bom after December 31.1959? If'No/go to 21. If "Yea," go to b.
Q) Have you registered wtth the Selective Service System? If "Yea,' provide your registration number. If'No,'show the
(Bsson tor your toQttl 6K6fnptton bo&ow.
Yes
No
Registration Number
Legal Exampl
OYOUR MEDICAL RECORD
In the last 7 years, have you consulted with a mental health professional (psychiatrist, psychologist, counselor, etc.) or have you consulted
iuHh nnntrmr hoiiHh mm rynulrtor nhnit a miwttnl hanllh ndatori nwfltim?
Yes
No
If you answered "Yes', provide the dates of treatment and the name and actfress of the therapist «dc«tor below, unless the consulted
involved only marital, famly, or grief counseling, not related to violence by you
Month/Year MonHVYaer
Ta
V**
€f* YOUREMPLO
^^ Has any of the to
backward, provkJ
Name/Address of Therapist or Doctor
WENT RECORD
Bowing happened to you In the last 7 years? If "Yea/ begin with the most recent occurrence and go
Ing data fired, quit, or left, and other Information requested.
State
ZIP Code
Yes
No
Use the Mowing codes and explain the reason your employment was ended:
1- Fired torn • job 3- Left a job by mutual agreamertfoBow^ allegations of misconduct
2- Quit a Job after being told 4. i^aJobbymutualagreememfolovringaHegationsof
you'd be fired unsatisfactory performance
5 • Left a job tor other reasons
under unfavorable circumstances
MonttVYear
RfcYOU
^^ Forth
Code
RPOU
Is tern, i
Specify Reason
CE RECORD
nrwt InfcTrmatinn ramtfrilfm nf MMtMittMif stw rivnrd
Tn0 Stnpv UNCVfJUUn iw VMS lOHunvmomia H* ^WIBMI wwt»vfwwii«
expungement order under the authority of 21 U.S.C. 844 or 18U
O Have you ever been charged \Mthorconvtetedofanyfelony
Employer^ Name and Address (Indudf city/Country Houtsid* U.S.)
State
In your case has been "sealed* or otherwise stricken from the court record.
under the Federal Controlled Substances Act for which the court issued an
S.C.3607.
offense? (Include those under Uniform Code of Military Justice)
O HaMByoueverbeencr)«9^wnhora>mictedo(afireamra
Q Are there currertJy any charges pending against you for any criminal offense?
O Have you ever been chargedwith or convicted of any offense(s) rotated to alcohol or drugs?
A In the last 7 years, have you been subject to court martal or other disciplinary proce«dings under the WirtormC
-------�
«t^ YOUR USE OF ILLEGAL DRUGS AND DRUG ACTIVITY
rw information derived from your responses wl be used as •vaenoe against you in any subsaquert criminal proceed^
cocaine, crack cocaine, hashish, narcotics (opium, morphine, codeine, heroin, etc.), ampheuurwies. depressants (baittturatn.
rnethaqualona. tranquiaere. etc.). haJuonogentca (LSD. PCP. etc.). or prescription drugs?
•a Have you B*er •egaiy used • controwd substance wtue employed BS • uw eniocceiiiem onicef , prosecmor, or counroom omcuu, wnw
possessing a security clearance; or whie in a posBion directly and nunediately affecting the public safety?
© in the last 7 yens, have you been irnnlved in the legal purchase, nranu^
sale of any narcotic, depressant stimulant hallucinogen, or cannabis for your own intended profit or that of another?
Y*»
No
If you answered *Yes* to a or b above, provide the date(s). Identify the controlled substaree(s) and/or prescnption drugs used. a«< the number of
times each was used.
McrAVYMT MorAVYMr
TO
To
Controtad SuM«K*PrMcrlpllon Drug UMd
Number of Times Used
^^ YOUR USE OF ALCOHOL
to ttwtestT years.*
(such as for alcohol
abuse or ateohoRsm)?
YM
No
If you answered nres%piwidelhe dales <*tree«mer«8ixJ the n^ Donotrepeat
reported in response to Item 21 above.
Month/Yaw MonttvYMr
To
si-
BPCoda
YOUR INVESTIGATIONS RECORD
Has »eUn«ed States Government ever twestigated your bacfcpjoundandAy granted you a aecurty clearance? If "Yea,* use the cedes
thatfolowtopicwidelnereauastedlrrfbirnatlonaelow. If •Yea,'but you can-trees! the investigating agency and/or the security deemnce
•Other* aoeniy cooler ctsafarcecrjoX aaapprepr^
twejtwu* wieaeje wveev* weifveiMy wvww w* w*wei^*M^ WMM«I w«^ we»B**wfn*^^vt ^n* ^ ••• • •^••^ •• v> ^VH * * *»•• ^"^"" »»^ ^•»^n • *VV
heading, below. NyownMponeeia*No,*ory9u«)ntkix>wwcantiwallfyouwmir^^
No
CooMforfei
1 - Detenu
2 - Stale Deperknent
3 - Oflce of Personnel
4-rat
5 • Trenury Department
egen
Code* far Security (
0 - Not Required
1 'OonOdentW
2 - Secret
3 -TopSecret
4 -
S.Q
t • L
7 • Ottw
Menh/Year
Otier Agency
Month/Yev
Otter Agency
To your knowledge, have you ever had a
debarred torn government employ
termination of e
^ ^M^ ^
• not a
If •Yea," gto date of action and agency. Note: An adn* fctmttve downgrade or
Mamh/Yeer
Depemnent or Agency TeMngAcBon
Oepsrmen or Agency TeMng Acson
YOUR FVMNCIAL RECORD
In the last 7 yee««. have you Bed a petBon under am; chapter of the banhn^
No
In the last 7 years, have you had your wages garnished or had any property repossessed for any reason?
In the test 7 years, rave you hed a ienc4acadao^insl your property
to pay
or other debts?
In the last 7 years, nave you had any Judgments against you that have not been paid?
H you answered *Yee" to a. b.e. or d. provide the information requested betew:
MonWYeer
TypeofAdon
'Amount11'
Name Acaon Occurred Under
Name/Address of Court or Agency Handing Case
Enter your Social Security Number before going to the next page -+•
Ztf> Code
Pages
-------�
£|fc YOUR FINANCIAL DELINQUENCIES
Q lnthelast7yaanxhBv*youDaancvarl80da^deano^ieritOTanydeDt(s)?
Q Are you currently over 90 days delinquent on any debt(s)?
Y*s
No
If you answered "Yee* to • or b. provide the Information requested below:
MonttVVMr
GtUtfttd
Month/Y*ar
Amount
and Account Number
Nwn*/Addr*M at Creditor or ObUg**
^^ PUBLIC RECORD CIVIL COURT ACTIONS
In the last 7 yaw. haws you bean a party to any pubflc record cM court actions riot «sted elsewhere on this form?
State
ZIP Cod*
YM
No
If you answered •Yes.' provide the Information about UnpubBcrBeordcWI court action requested below.
MontrVYMr I Naturaol Action
RMU» of Action
Nam* of PartlM kwotad
Court frctud»C*r»ndoauttt»ia>un*ylloutttatU.SJ~
Slau
ZIP Cod*
YOUR ASSOCIATION RECORD
Havw >«jev«r been «iof«cefw a member a ma* a contribution
on dedicated to the violent overthrow of the United
States QcAmrnrriert and which engages In lep^ adiv«
specific Intent to further such acUvMet?
No
Have you ever Knowingly engaged In any acts or activities desiyied to o\«rtt»cw the Unfted States Qcv«nwert by foree?
If you answered "Yet* to a of b. explain In the space betow.
Continuation space
Usalhecorillnuadonaha^(a)(SF8eA)foraiM0
Enter your Social Security Number before going to the next page -»>
Oat*
Page 9
-------�
Standard Form 86
Revtoed September 1906
U.S. Office of Personnel Manager
5 CPR Parts 731.732, and 738
Form approved:
O.M.B.N0.320M007
NSN T540»00 fn
86-111
UNITED STATES OF AMERICA
AUTHORIZATION FOR RELEASE OF INFORMATION
Carefully read this authorization to release Information about you, then sign and date it in ink.
I Authorize any investigator, special agent, or other duly accredited representative of the authorized
Federal agency conducting my background investigation, to obtain any information relating to my
activities from individuals, schools, residential management agents, employers, criminal justice
agencies, credit bureaus, consumer reporting agencies, collection agencies, retail business
establishments, or other sources of information. This information may include, but is not limited to,
my academic, residential, achievement, performance, attendance, disciplinary, employment history,
criminal history record information, and financial and credit information. I authorize the Federal
agency conducting my investigation to -a determination of suitability or eligibility for a sec1 /
clearance.
I Understand that, for financial or lending institutions, medical institutions, hospitals, heeh- -.are
professionals, and other sources of information, a separate specific release will be neecmr. a I
may be contacted for such a release at a later date. Where a separate release is requesieu tor
information relating to mental health treatment or counseling, the release will contain a list of the
specific questions, relevant to the job description, which the doctor or therapist will be asked.
I Further Authorize any investigator, special agent, or other duly accredited representative of the
U.S. Office of Personnel Management, the Federal Bureau of Investigation, the Department of
Defense, the Defense Investigative Service, and any other authorized Federal agency, to request
criminal record information about me from criminal justice agencies for the purpose of determining
my eligibility for access to classified information and/or for assignment to, or retention ;-. a
sensitive National Security position, in accordance with 5 U.S.CV9101. I understand that i may
request a copy of such records as may be available to me under the law.
I Authorize custodians of records and other sources of information pertaining to me to release such
information upon request of the investigator, special agent, or other duly accredited representative
of any Federal agency authorized above regardless of any previous agreement to the contrary.
I Understand that the information released by records custodians and sources of information is for
official use by the Federal Government only for the purposes provided in this Standard Form 86,
and that it may be redisclosed by the Government only as authorized by law.
Copies of this authorization that show my signature are as valid as the original release signed by
me. This authorization is valid for five (5) years from the date signed or upon the termination of my
affiliation with the Federal Government, whichever is sooner. Read, sign and date the release on
the next page if you answered "Yes" to question 21.
Ful Nam (Typter Print LtgUM
Date Signed
Ofter Names Us
Social Security Number
Currant Acaress (Stntt. C*y)
Page 10
ZIP Coda
I loins Telepnons Numoer
(Include Ana Code)
-------�
Standard Form 86
Revised September 1995
U.S. Office of Personnel Management
5 CFR Parts 731. 732. and 736
Form approved:
O.M.B. No. 3206-0007
NSN 7540-00-634-4036
86-111
UNITED STATES OF AMERICA
AUTHORIZATION FOR RELEASE OF MEDICAL INFORMATION
Carefully read this authorization to release information about you, then sign and date it in ink.
Instructions for Completing this Release
This is a release for the investigator to ask your health practitioner(s) the three questions below
concerning your mental health consultations. Your signature will allow the practitioner(s) to answer
only these questions.
I am seeking assignment to or retention in a position with the Federal government which requires
access to classified national security information or special nuclear information or material. As part of
the clearance process, I hereby authorize the investigator, special agent, or duly accredited
representative of the authorized Federal agency conducting my background investigation, to obtain
the following information relating to my mental health consultations:
Does the person under investigation have a condition or treatment that could impair his/her
judgement or reliability, particularly in the context of safeguarding classified national security
information or special nuclear information or material?
If so, please describe the nature of the condition and the extent and duration of the impairment
or treatment.
What is the prognosis?
I understand the information released pursuant to this release is for use by the Federal Government
only for purposes provided in the Standard Form 86 and that it may be redisclosed by the Government
only as authorized by law.
Copies of this authorization that show my signature are as valid as the original release signed by me.
This authorization is valid for 1 year from the date signed or upon termination of my affiliation with the
Federal Government, whichever is sooner.
Signature (Sign in ink)
Full Name (Type or Print Legibly)
Date Signed
Other Names Used
Social Security Number
Current Address (Street. City)
State ZIP Code
Home Telephone Number
(Include Area Code)
-------�
TSCA CB! Protection Manual
Appendix P
APPUCANT
LEAVE BLANK
SIGNATURfOM
OATI
WGMATUtf Of OmOAl M
EMPlOVft AND ADMBS
TYPE OR PRINT All INFORMATION IN BLACK
LAST NAME
AUASB AKA
LEAVE BLANK
MNU
SOCIALSKUMTV NO.
LEAVE BLANK
OATIOFMTH [}Q»
MOT* 0«r^»'
CLASS
».«.M»OC)U
4.t.MMO
S.i.UTTU
1.1 tlN6
ie. t. imu
itfi rout imont TAKBI SHOIITAMIOUUT
LTHUM*
I. THUMB
tIGMT KXIt flMCan TAMH SWWTANfOUSlY
-------�
l.LOOP
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON. D.C. 20637
APPLICANT
THE LINES BETWEEN CENTER OF
LOOP AND DELTA MUST SHOW
2. WHORL
THESE LINES RUNNING BETWEEN
DELTAS MUST BE CLEAR
3. ARCH
ARCHES HAVF NO Df IT AS
TO OBTAIN OASUflAME f INGf RfRINTS
WASH AND OUT FINGERS THOROUGHLY
ROLL FINGERS FROM NAIL TO NAIL. AND AVOID ALLOWING FINGERS TO SLIP.
BE SURE IMPRESSIONS ARE RECORDED IN CORRECT ORDER.
IF AN AMPUTATION OR DEFORMITY MAKES IT IMPOSSIBLE TO PRINT A FINGER. MAKE A NOTATION
TO THAT EFFECT IN THE INDIVIDUAL FINGER SLOCK.
IF SOME PHYSICAL CONDITION MAKES IT IMPOSSIBLE TO ORTAIN PERFECT IMPRESSIONS SUtMIT
THE 5EST THAT CAN BE OBTAINED WITH A MEMO STAPLED TO THE CARD EXPLAINING THE CIR-
CUMSTANCES.
EXAMINE THE COMPLETED PRINTS TO SEE IF THEY CAN BE CLASSIFIED. BEARING IN MIND THAT
MOST FINGERPRINTS FALL INTO THE PATTERNS SHOWN ON THIS CARD (OTHER PATTERNS OCCUR
INFREQUENTLY AND ARE NOT SHOWN MERE).
THIS CARD FOR US€ BY:
I. LAW ENFORCEMENT AOtNCKS IN FINGERPRINTING Ami-
CANTS FCM LAW ENFORCEMENT POSITIONS •
1. OFFICIALS Of STATf AND IOCAI GOVERNMENTS FO» PUR.
POSCS OF EMPLOYMENT. LICENSING AND PERMITS AS AUTHOR
IZED IV STATE STATUTES ANP APPROVED IY THE ATTORNEY
GENERAL Of THE UNITED STARS iOCAl AND COUNTY ORO>.
NANCES. UHUSS SPECIFICALLY RASEO ON APPLICABLE STATE
STATUTES 00 NOT SATISFY THIS REQUIREMENT •
3 U.S. GOVERNMENT AOtNCliS AMD OTHER ENTITIES rtouuro
IV FEDERAL LAW "
' QFHCIA1S Of fEOMALLY CHARTERED Ot MSU«ID RANK.
IMP INSTITUTIONS TO PROMOTE OR MAWTAW THE SKURIT*
Of THOSE INSTITUTIONS
INSTRUCTIONS:
•1. PRINTS MUST FRTST M CHECKED THROUGH THf APPRO
PRIATI STATE IDfNT*(CATION MNKAU. AND ONI Y THOSf FINGER.
PRINTS rot WHICH NO onouAiirvMG MCORO HAS WIN FOUND
lOCAllY SHOUtD RE SURMITTEO FOR HI SEARCH
7 PRIVACY ACT O* M74 IP I. «-S7»| IEOUMES THAT fEDCRAl.
STATE. O* IOCAI ACfNCMS INfCWM INWVKXJAIS WHOSE SOCUU
SECURITY NUMMR IS REQUESTED WHETHER SUCH DISCLOSURt IS
MANDATORY OR VOLUNTARY IASIS Of AUTHORITY TOR SUCH
SOLICITATION »NO USES WHtCH Will M MADE Of IT
•3. IDiNTITY OF PMVATf CONTRACTORS SMOUIO If SHOWN
IN SPACE "EMPtOVfR AMD AOORESS". THE CONTRWUTOR IS THE
NAME Of TMI AGENCY SURMITTMC THI FWGERPWNT CARD TO
THEFRI.
4 W NUMHR If KNOWN. SHOULD ALWArt M FLMWSHfO IN
THE APPROPRIATE SPACI
MISCEUAHEOUS NO. RECORD: OTHER ARMED FORCES NO
PASSPORT NO (PP1. AltCN KOSTRATION NO (A*; PORT St
CURTTr CARD NO (PS) SElECTIvf SfRVKE NO l«! VETERANS'
AIMMNISTRATONCIAIMNO -VA'
i&ldenticator
LEAVE TNS SPACE KANR
Equivalent to FBI FD-258
-------�
TSCA CBI Protection Manual Appendix Q
CHECKLIST #4
PROCEDURES FOR TERMINATING
CONTRACTOR
ACCESS TO TSCA CBI
Yes /No Has the Contractor DCO completed an inventory of all TSCA
CBI materials that the CBITS system show as being at the
contractor's facility?
Yes /No Has the Contractor DCO provided a written inventory to their
EPA Project Officer within 30 days.
Yes /No Has the Contractor DCO collected all TSCA CBI materials
and document control materials (logs & cover sheets) that are
in the company's possession?
Yes /No Has the Contractor transferred these materials to the TSCA
CBI cleared EPA Project Officer (or other cleared official, i.e.
DOPO, WAM) within 30 days?
Yes /No Has the EPA Project Officer provided a copy of this written
inventory to the OPPT DCO and the TSCA Security Staff?
Yes /No Has the EPA PO forwarded the reconciled documents to the
OPPT DCO within 30 days for inclusion into the official
Agency File?
-------�
TSCA CBI Protection Manual Appendix R
UftrtX fr"^**?*''"*"'*"**1 *«M«i«i» <«incy' I
dE PA Confidentiality Agreement for Contractor Employees
Unon Relinquishing TSCA CBI Accats Authority
Contract Number
D
Contractor LJ Subcontractor
As an employee of the contractor/subcontractor named above per-
forming work for the United States. I have been authorized access to
confidential business information (CBI) submitted under the Toxic
Substances Control Act (TSCA) (15 USC Section 2601 ef seq.). This
access authority was granted to me in order to perform my work under
the contract number cited above.
I understand that TSCA CBI to which I have had access under the
contract may be used only for the purposes of performing the contract. I
also understand that TSCA CBI may not be disclosed except as autho-
rized by TSCA or EPA regulation.
I certify that I have returned all copies of TSCA CBI materials in my
possession to either the appropriate document control officer specified
in the EPA-approved security plan in effect at my company or an EPA
TSCA document control officer.
I agree that I will not remove any copies of materials containing TSCA
CBI from the premises of my company or from EPA premises upon my
relinquishment of TSCA CBI access authority. I further agree that I will
not disclose any TSCA CBI to any person after my relinquishment of
TSCA CBI access authority.
I understand that as a contractor employee who has been authorized
aceesstoTSCA CBI, under Section 14
-------�
United States Environmental Protection Agency P^ contain National
O EZD/V Federal Agency, Congress, and Federal Court Sign Out Log ^^MOW^^O. VMS)
\^ C^Jr^ **•" ** T9CA CBI TSCA Confidential Business Information
WIMII FH0O In
Date
loftpdOut
Document Control Number/
Copy Number
Number
ol Pages
Description
Federal Agency. Congress.
or Court
•x
Roopiont
DCO
Initial
HOOOIpt
Date
Returned
DCO
Initial
>
o
D
Tl
B
5'
a.
CO
EPA Form 7740-24. (10/92} Replaces EPA Form 7710-13 which ft obsolete.
-------�
TSCA CBI Protection Manual Appendix T
Stamp to Use when Material
contains TSCA CBI
TSCA CONFIDENTIAL
BUSINESS INFORMATION
— DOSS NOT CONTAIN NATIONAL —
SECURITY INFOWWATPON (E.G. 12065)
Stamp to Use when Material
conains No TSCA CBI
CONTAINS NO CBI
-------�
TSCA CBI Protection Manual
Appendix U
Enter Document Control Number or
Bar Code
United States Environmental Protection Agency
Washington, D.C. 20460
Document Description
Date
CONFIDENTIAL
TOXIC SUBSTANCES CONTROL ACT
CONFIDENTIAL BUSINESS INFORMATION
Does not contain National Security Information (E.0.12065)
The attached document contains Confidential Business Information
obtained under the Toxic Substances Control Act (TSCA 15 U.S.C.
2601 et seq.) TSCA Confidential Business Information may not be
disclosed further or copied by you except as authorized in the
procedures set forth in the TSCA Confidential Business Information
Protection Manual.
If you willfully disclose TSCA Confidential Business Information to
any person not authorized to receive it, you may be liable under
section 14(d) of TSCA (15 U.S.C. 2613(d) for a possible fine up to
$5,000 and/or imprisonment for up to one year. In addition,
disclosure of TSCA Confidential Business Information or violation
of the procedures cited above may subject you to disciplinary action
with penalties ranging up to and including dismissal.
If you are not authorized for TSCA confidential business information
(CBI) access, do not look at this document. If you find this document,
place it in a sealed envelope or other secure container and immediately
give it to your supervisor or a TSCA CBI Document Control Officer
for safekeeping and safe return.
EPA Form 7740-9 (rev. 10-03) Previous edition is obsolete
-------�
United States Environmental Protection Agency .. .....
4^ pBMp%ji i . | Does not contain National
5iM"!p\ inventory LOg Security information (E.0. 12065)
^^•"•* •* TSCA Confidential Business Information
Date
Checked Out
Document Control Number/
Copy Number
User Information
EPA ID Number
User's Name
Date
Returned
DCO
Initial
Disposition
Audit
5
O
ro
a
CD
a
o'
0>
Q.
X'
EPA Form 7740-11 (10/92) Previous version is obsolete.
-------�
US Environmental Protection Agency
&EPA JESS. Receipt Log •M2S?i^aSlSS1>JSU
TSCA Confidential Business Information
Date
Received
Document
Control Number
Number
of Pages
Received From
(Enter company, city, and State}
Description
Audit
Si
O
>
O
ro
cS
a
5'
T3
1
Q.
x'
EPA Form 7740-10 (10-85) Replaces EPA Form 7710-10. which is obsolete.
-------�
TSCA CB1 Protection Manual
Appendix X
d __ j-. j. Washington; DC 2O460 .
«>EPA TSCA CBI Visitors Lop
' Individual's Name
Organization
<
-
Date
Time
Purpose of Visit
-
1
1
i ...
. . _
EPA Form 7740-13 (10-85)
-------�
TSCA CBI Protection Manual
Appendix Y
United States Environmental Protection Agency
Washington, DC 20460
Permanent Transfer Receipt for TSCA
Confidential Business Information
I acknowledge receipt of the following documents containing
TSCA Confidential Business Information.
1. DCN/Copy Number Description
2. DCN/Copy Number
Description
3. DCN/Copy Number
Description
4. DCN/Copy Number
Description
5. DCN/Copy Number
Description
6. DCN/Copy Number
Description
7. DCN/Copy Number
Description
8. DCN/Copy Number
Description
Date of transfer
Name of Sending DCO/DCA
Name of Recipient
Signature of Recipient DCO/DCA
INSTRUCTIONS
1. To be used only for permanent transfer of TSCA CBI. Transfers must be made by a
DCO/DCA.
2.The sending DCO/DCA must keep the original of this form after it has been signed and
returned by the recipient DCO/DCA. The Recipient DCO/DCA must keep a copy of the
receipt after returning the original to the sending DCO/DCA.
Form 7740-26 (10/92)
•U.S. QPO: 1M3442-137/a0102
-------�
TSCA CBI Protection Manual Appendix Z
United States Environmental Protection Agency
Washington, DC 20460
Memorandum of TSCA CBI Telephone Conversation
I. EPA Employee Identification
Name of Employee
Date
Organization
Time
II. Second Party Identification
Call Is:
D
To I I From
Name
Number
Organization
III. Concerning what TSCA CBI?
IV. Content
EPA Form 7740-12 (10-85)
-------�
TSCA CBI Protection Manual
Appendix AA
United States Environmental Protection Agency
Washington. DC 20460
4>E PA Temporary Loan Receipt for TSCA
Confidential Business Information
I acknowledge receipt of the following documents containing
TSCA Confidential Business Information.
1 . OCN/Copy Number
2. OCN/Copy Number
3. OCN/Copy Number
4. DCN/Copy Number
5. DCN/Copy Number
6. OCN/Copy Number
7. OCN/Copy Number
Date Loaned
Name of Recipient
Description
Description
Description
Description
Description
Description
Description
Name of Lender
Signature of Recipient
Instructions
1 . To be used only for temporary transfer of TSCA
CBI. Transfers for more than thirty (30) days must
be made through a DCO.
2. The lender must keep the original of this form
after it has been completed and signed by the recip-
ient, and give the copy to the recipient.
3. The lender must give his or her copy of this form
to the recipient when the recipient returns the doc-
ument(s) to the lender. The recipient should destroy
both copies. -
EPA Form 7740-14 (1O-85) Replaces EPA Form 7710-44. which is obsolete
-------�
TSCA CBI Protection Manual Appendix BB
LAPTOP COMPUTER USER AGREEMENT FOR THE CONFIDENTIAL
BUSINESS INFORMATION CENTER (CBIC)
In order to use a laptop in the CBIC, you must read and sign the following user agreement
If you do not sign the agreement, your laptop will have to be secured during your visit to
the CBIC. By signing this user agreement, you certify that you are cleared to work with
Toxic Substances Control Act (TSCA) conGdential business information (CBI) and have
read and understand the following rules regarding the use of laptops in the CBIC and
agree to abide by these rules:
1. As a user of TSCA CBI, I will ensure through personal conduct and accountability that I will act
consistently with all guidelines established by EPA, contractors, or other Federal agencies to
protect, to the best of my ability, all TSCA CBI, as defined in the TSCA Confidential Business
Information Security Manual.
2. I understand that the TSCA Confidential Business Information Security Manual describes the
Agency's policies and procedures for maintaining confidentiality of business information. If I
have difficulty finding the proper guideline in a situation involving CBI, I will consult my
Document Control Officer or OPPT's TSCA Security Staff. I will treat the Security Manual as a
reference guide for protecting confidential business information, especially with regards to the
handling of working papers. I am familiar with the procedures that I am required to frequently
use.
3. I will retain exclusive control over the operation of this laptop. I understand that it is my
responsibility to ensure that a laptop with CBI data is properly secured.
4. I understand that diskettes and detachable hard disks are required for storage of TSCA CBI data
and that I should erase the CBI data from the fixed hard disk, if necessary, using an approved
program, before the laptop can be used by a person who is not cleared to work with CBI.
6. I will not use E-mail to send or receive CBI.
7. I will make sure that no one can see any CBI that may be on the laptop screen.
8. I will report any potential disclosures of CBI to my supervisor and the TSCA Security Staff.
9. I will ensure that when using word processing programs on the laptop, the default save feature will
be set to save data to the A drive and not the C drive.
Name (please print).
Company name (please print).
Signature.__ : . Date
-------�
TSCA CBI Protection Manual
Appendix CC
CONFIDENTIAL COMMUNICATION
BY CERTIFIED MAIL: RETURN RECEIPT REQUESTED
Company Address
Dear
I am writing to acknowledge your telephone conversation with of my office on
in which you discussed [Company's] claim of confidentiality with respect to
information contained within its submission of the TSCA section referenced
above. I understand from this discussion that [Company] wishes to voluntarily withdraw its
claim of confidentiality to the following information, thereby consenting to its immediate public
release:
[List numerically the items of information the company has agreed to release]
On behalf of [Company], please confirm that you consent to the above by signing and dating the
Agreement on page two of this letter, and returning the original to at your earliest
convenience.
Please feel free to contact at (202) 564- if you wish to discuss this matter
further. Thank you for your cooperation in the public release of this important (health and safety)
information.
Sincerely,
Director
Division
Office of Pollution Prevention and Toxics
-------�
TSCA CBI Protection Manual
Appendix DD
40 CFR 2.208
Substantive criteria for use in confidentiality determinations. Determinations issued under Sees.
2.204 through 2.207 shall hold that business information is entitled to confidential treatment for
the benefit of a particular business if—
(a) The business has asserted a business confidentiality claim which has not expired by its
terms, nor been waived nor withdrawn;
(b) The business has satisfactorily shown that it has taken reasonable measures to protect
the confidentiality of the information, and that it intends to continue to take such measures;
(c) The information is not, and has not been, reasonably obtainable without the business's
consent by other persons (other than governmental bodies) by use of legitimate means (other than
discovery based on a showing of special need in a judicial or quasi-judicial proceeding);
(d) No statute specifically requires disclosure of the information; and
(e) Either-
(1) The business has satisfactorily shown that disclosure of the information is
likely to cause substantial harm to the business's competitive position; or
(2) The information is voluntarily submitted information (see Sec. 2.201 (i)), and
its disclosure would be likely to impair the Government's ability to obtain necessary information
in the future.
-------�
TSCA CBI Protection Manual
Appendix EE
Taking action on TSCA CBI claims that appear unwarranted.
Under section 4.1.5, any employee who discovers a TSCA CBI claim that appears unwarranted may exercise
independent discretion in choosing whether to refer the matter to IMD, or communicate with the submitter. Employees
should follow these guidelines:
1. Communicate directly with the submitter. These communications are informabonly. Formal
actions (other than sending out the request for substantiation in accordance with 40 CFR
2.204(e)) are taken by OGC, except under bullet 4, below. In these informal communications,
employee should perform the following tasks:
(i) Record the statements and substance of the discussion with the submitter or its
representative, including the name and position of the person(s) contacted. Immediately
attach notes of the discussion to the claim file.
(ii) If the submitter agrees to amend its submission by withdrawing its claim, send the
submitter a short letter via regular mail, recounting the conversation and the submitter's
agreement to voluntarily amend its claim, and a request that it sign and return to EPA the
"Amendment through Voluntary Withdrawal" statement, (see APPENDIX CC).
(iii) Notify IMD if the submitter does not amend its claim.
2. EPA employees are permitted to conduct informal inquiries for TSCA CBI claims
consistent with 40 CFR 2.204. When an EPA program office believes it appropriate, it can
request substantiation of a TSCA CBI claim directly from a submitter. The request should be
made in writing, or by telephone with an immediate follow-up written communication. The EPA
program office making contact must instruct the submitter to reply in writing. A written request
for substantiation issued by a program office must be made in consultation with IMD or OGC,
and must be consistent with the requirements of 40 CFR part 2, subpart B, and the Paperwork
Reduction Act.
3. Federal employees and EPA program offices, especially Compliance Inspectors, are encouraged
to obtain guidance from IMD on CBI reviews. In addition, employees are encouraged to become
familiar with the substantive criteria used to determine confidentiality, found in 40 CFR 2.208
[See Appendix DD].
4. The Office of General Counsel (OGC) makes the final determinations concerning eligibility for
confidential treatment, pursuant to 40 CFR 2.205. However, an EPA office may deny the claim
if it determines that the information claimed as TSCA CBI is clearly not entitled to confidential
treatment Such denials are rare, and should not occur without first consulting with IMD, who
may in turn consult with OGC.
5. Follow Regulatory procedures in contacting a submitter regarding the validity of a CBI claim. It
is necessary to act consistently with all confidentiality regulations, particularly 40 CFR part 2,
subpart B; and relevant Federal Register notices. IMD or OGC attorneys should be consulted if
any problems arise on TSGA CBI issues.
-------�
UNITED STATES ENVIRONMENTAL PROTECTION
AGENCY
WASHINGTON D.C., 20460
December 17, 2003
OFFICE OF
PREVENTION. PESTICIDES AND
TOXIC SUBSTANCE
MEMORANDUM
SUBJECT: TSCA CBI Protection Manual, 2003 Edition
FROM: Carolynaomton C***?-'
TSCA Document Control Officer
Office of Pollution Prevention and Toxics
TO: TSCA CBI Document Control Officers
As many of you know, the TSCA Manual is revised and has completed Agency Directives
Review. Our manual is now ready to be implemented. The actual day of implementation (ie.,
the day which we have chosen the new Manual to become "effective") will be January 28,2004.
A copy of the new manual is attached to this mailing, for your review, together with a matrix of
changes.
The TSCA Confidential Business Information Protection Manual, though largely re-drafted and
re-codified, is similar in many ways to its predecessor, the TSCA Confidential Business
Information Security Manual (April, 1995). For example, if you look at the new table of
contents, you will notice it has similar chapters and some similar (but some new) sub-headings.
Yet though there are many topics which are the same, there are many substantive changes as well
(as reflected in the attached Matrix).
Prior to implementation, we anticipate holding several DCO/management briefing sessions.
We currently anticipate holding three of these orientation briefings — one live briefing at
headquarters on January 13,10:00 am -12:00 noon in room 6122 EPA East, and two
teleconference briefings for Regional and contractor DCO's on January 14 and 15,1:00 - 3:00
pm, respectively. A call-in number will be provided to you via email several days before the
scheduled teleconference briefings. Please review the attached materials prior to attending one
of these briefings. The briefings will orient you to the new document, highlighting changes,
modifications, new subjects and overall layout. Please come to your briefing prepared with any
questions and we will do our best to make this as easy and informative a process as possible.
-------�
-2-
As the DCO, and your shop's functional expert on TSCA security, it is most important that you
understand the new changes, that you can explain them to staff and management, and that you
will be able to incorporate the changes into your shop's procedures as necessary. If at any time
you have any questions either before or after the briefings, please feel free to contact me at your
convenience.
Finally, by January 5,2004, please provide me with an up-to-date number of users for whom you
will need hard copies. We will send them boxed for you to distribute.
Best of luck, and I look forward to speaking with you soon.
cc: TSCA Managers
Attachments: TSCA CBI Protection Manual
Matrix
-------� |