Office of Pollution 7700
United States Prevention and Toxics April 1995 Edition
Environmental Protection Washington, DC 20460
Agency , , , (7407)
Business Information
Security Manual
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
TABLE OF CONTENTS
LIST OF APPENDICES . i
CONTACTS in
GLOSSARY OF ACRONYMS ; v
BACKGROUND ON TERMINOLOGY AND EPA OFFICES vii
CHAPTER 1
INTRODUCTION 1
A. GUIDING PRINCIPLES FOR SITUATIONS OUTSIDE OF THE
MANUAL 1
B. MANUAL UPDATES AND REVISIONS TO PROCEDURES 2
CHAPTER 2
HOW TO AUTHORIZE FEDERAL EMPLOYEES, CONTRACT
EMPLOYEES AND CONGRESS FOR ACCESS TO TSCA CBI 3
A. STEPS TO TSCA CBI ACCESS FOR EPA EMPLOYEES 4
1. AUTHORIZING ACCESS 4
a. Completing and submitting the forms 4
b. Forms required to obtain computer access to
TSCA CBI data 4
c. Individual access files 4
d. Security briefing 5
e. Approval for TSCA CBI access or waiver for
immediate access 5
f. TSCA CBI authorized access list 5
Recycled/Recyclable
T~\ ¦Cs Printed with Soy/Canola Ink on paper thai
contains at least 50% recycled fiber
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
2. REQUIREMENTS FOR MAINTAINING ACCESS 6
a. General information 6
b. Document audit procedure 6
c. Scheduling an annual security briefing 6
d. Failure to reconcile document audit report or
attend annual security briefing 6
e. Effect of suspension of access 7
f. Reapplying for TSCA CBI access 7
g. Employee transfers within EPA 7
B. STEPS TO TERMINATING TSCA CBI ACCESS FOR
EPA EMPLOYEES . . . 7
1. GENERAL INFORMATION . : 7
2. REQUIREMENTS FOR TERMINATING ACCESS 8
a. Form 7740-16 8
b. Document audit procedure . 8
c. DCO responsibilities after document audit
is completed 8
d. Missing documents 9
e. Employee responsibilities . 9
C. STEPS TO TSCA CBI ACCESS FOR CONTRACTORS
AND SUBCONTRACTORS 10
AUTHORIZING ACCESS 10
1. Determining whether access to TSCA CBI
is necessary 10
2. Secure environment for handling and storing
TSCA CBI 10
3. Site inspection 11
4. Required contract language 11
5. Notice to affected businesses 11
6. Facility DCO at the contractor's site 12
7. How to assign a DCO . . : 13
8. Identifying contractor employees for clearance 13
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
D. HOW TO OBTAIN TSCA CBI AUTHORIZATION
FOR EMPLOYEES OF CONTRACTORS
AND SUBCONTRACTORS ....... 13
1. AUTHORIZING ACCESS 13
a. Completing and submitting the forms 13
b. Minimum Background Investigation (MBI) 14
c. Individual Access Files 14
d. Security briefing 15
e. Approval for TSCA CBI access or waiver for
immediate access 15
f. TSCA CBI authorized access list ......... . 15
2. REQUIREMENTS FOR MAINTAINING ACCESS 16
a. General information 16
b. Document audit procedure 1 . 16
c. Scheduling an annual security briefing 16
d. Failure to attend an annual security briefing 16
e. Reapplying for TSCA CBI access 17
E. PROCEDURES FOR TERMINATING ACCESS TO TSCA
CBI FOR CONTRACTOR EMPLOYEES 17
1. GENERAL INFORMATION 17
2. REQUIREMENTS FOR TERMINATING ACCESS 18
a. Form 7740-18 18
b. Document audit procedure 18
c. Missing documents . . 18
d. DCO responsibilities after document audit is completed ... 19
e. Contractor employee responsibilities 19
F. PROCEDURES FOR TERMINATING ACCESS TO TSCA
CBI FOR CONTRACTORS 19
TERMINATING ACCESS TO TSCA CBI WHEN
A CONTRACT ENDS 19
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
G. AUTHORIZING OTHER FEDERAL AGENCIES FOR
ACCESS TO TSCA CBI 20
1. GENERAL PROCEDURES FOR EPA OFFICES TO
DISCLOSE TSCA CBI TO ANOTHER FEDERAL
AGENCY PERFORMING WORK FOR EPA 20
a. Agreement not to disclose TSCA CBI 21
b. Exceptions to agreement . . . . 21
c. TSCA CBI access at EPA facilities 21
d. TSCA.CBI access at other Federal agencies 21
e. How to assign a DCO 21
2. PROCEDURES FOR ANOTHER FEDERAL AGENCY
TO REQUEST ACCESS TO TSCA CBI 22,
a. Submit a written request . 22
b. Agreement not to disclose TSCA CBI 22
c. Exceptions to agreement 22
d. Notice to affected businesses 23
3. EPA'S PROCESS FOR APPROVING TSCA CBI ACCESS
FOR OTHER FEDERAL AGENCIES 23
a. TSCA CBI access at EPA facilities ........ . ....... 24
b. TSCA CBI access at other Federal agencies 24
4. REQUESTS FOR ACCESS TO TSCA CBI FROM CONGRESS
OR THE GENERAL ACCOUNTING OFFICE 25
Notice to affected businesses 25
CHAPTER 3
RESPONSIBILITIES . 27
A. EMPLOYEE RESPONSIBILITIES 27
1. EPA HOLDS EMPLOYEES PERSONALLY ACCOUNTABLE
FOR PROTECTING TSCA CBI 27
2. DOCUMENT AUDIT PROCEDURES 28
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
3. CHECKING OUT TSCA CBI DOCUMENTS 28
Overdue materials 28
4. DETERMINING WHETHER A DOCUMENT
CONTAINS TSCA CBI 28
5. RECEIPT OF MAIL CONTAINING TSCA CBI MATERIAL ... 29
6. CHALLENGING TSCA CBI CLAIMS DURING
AND AFTER INSPECTIONS 29
a. Informal inquiries 29
b. Formal challenges 30
c. Procedure when performing 30
B. MANAGER RESPONSIBILITIES 30
IN GENERAL 30
C. DOCUMENT CONTROL OFFICER (DCO) RESPONSIBILITIES 31
1. IN GENERAL 31
2. MAINTAINING A DOCUMENT TRACKING SYSTEM 31
a. Automated document tracking systems . 32
b. Manual tracking systems 33
3. MAINTAINING THE INVENTORY LOG 34
4. DELIVERING AND RECEIVING TSCA CBI MATERIALS .... 34
a. Reviewing documents for completeness 34
b. Maintaining a receipt log 35
5. STORAGE OF TSCA CBI MATERIALS 35
6. MAINTAINING RECORDS OF LOCK COMBINATIONS 36
7. CONDITIONS FOR CHANGING LOCK COMBINATIONS .... 36
8. UPDATING THE TSCA CBI AUTHORIZED ACCESS LIST . . . 37
9. MONITORING AND CONTROLLING WHO OBTAINS
TSCA CBI MATERIALS . 37
10. MONITORING OVERDUE TSCA CBI MATERIALS 37
11. ASSISTING EMPLOYEES EST DETERMINING
WHETHER DOCUMENTS CONTAIN TSCA CBI
AND IN SANITIZING DOCUMENTS FOR PUBLIC
DISCLOSURE 38
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
12. SUPERVISING THE REPRODUCTION AND
DESTRUCTION OF TSCA CBI MATERIALS 38
13. CONTROLLING THE TRANSFER OF TSCA CBI
MATERIALS BETWEEN FACILITIES 38
Packaging and Arranging Transfer of TSCA CBI
Material 39
14. ASSISTING EMPLOYEES WITH OBTAINING AND
MAINTAINING TSCA CBI ACCESS AUTHORITY 39
15. ASSISTING EMPLOYEE DOCUMENT AUDITS .......... 39
16. PERFORMING AN INVENTORY OF HARD-COPY
TSCA CBI DOCUMENTS 39
17. WHEN DCOS TERMINATE THEIR EMPLOYMENT
OR RELINQUISH THEIR DCO RESPONSIBILITIES 40
CHAPTER 4
PROCEDURES FOR USING AND PROTECTING TSCA CBI MATERIALS ... 43
A. MARKING MATERIALS AS TSCA CBI N. . . 43
1. TSCA CBI COVER SHEETS 43
2. TSCA CBI STAMP . ! . . . . 43
B. PROCEDURES FOR USING TSCA CBI DOCUMENTS INSIDE OR
OUTSIDE OF SECURE STORAGE AREAS 43
1. EMPLOYEE RESPONSIBILITIES, IN GENERAL 43
2. PROCEDURES FOR USING TSCA CBI DOCUMENTS
OUTSIDE OF SECURE STORAGE AREAS 44
a. Two types of containers are approved . 44
b. Open/close signs . 44
c. More than one person can use a storage
container 44
3. PROCEDURES FOR USING TSCA CBI DOCUMENTS
INSIDE SECURE STORAGE AREAS 45
Unauthorized persons inside secure storage areas 45
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
C. HOW TO OBTAIN APPROVAL FOR ESTABLISHING A
SECURE STORAGE AREA 45
D. SECURING AN AREA 46
SECURE STORAGE AREA REQUIREMENTS 46
(
1. Maintaining security of lock combinations 46
2. Electronic card keys 46
E. PROCEDURES FOR OBTAINING TSCA CBI 47
1. HOW TO OBTAIN TSCA CBI FROM THE CBIC
OR OTHER CENTRALIZED STORAGE FACILITY 47
a. Safeguarding TSCA CBI documents 47
b. Obtaining a receipt for returned documents 48
c. Transferring TSCA CBI materials between a DCO
and people under his or her supervision in a
centralized secure storage area 48
2. HOW TO OBTAIN TSCA CBI FROM ANOTHER
EMPLOYEE WITHIN THE SAME FACILITY . 48
Keeping records on transfers 49
F. PROCEDURES FOR TRANSFERRING TSCA CBI TO
ANOTHER FACILITY 49
1. IN GENERAL 49
2. PROCEDURES FOR TRANSFERRING TSCA CBI
MATERIALS 49
a. Procedures for sending or receiving TSCA CBI
materials through the U.S. Postal Service 50
b. Procedures for hand delivery of TSCA CBI materials .... 50
c. Procedures for transmitting TSCA CBI materials by
courier or U.S. Postal Service Express Mail 51
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
G. PROCEDURES FOR RECEIVING AND SENDING FACSIMILES
(FAXES) THAT CONTAIN TSCA CBI ... ; 52
1. PROCEDURES FOR SENDING OR RECEIVING FAXES
BETWEEN PERSONS AUTHORIZED FOR ACCESS TO
TSCA CBI 52
2. WHEN INDUSTRY OFFICIALS OR INDUSTRY
SUBMITTERS REQUEST THAT TSCA CBI BE
FAXED TO THEM 53
3. WHEN AN INDUSTRY OFFICIAL OR INDUSTRY
SUBMITTER ASKS TO FAX TSCA CBI TO EPA 53
4. WHEN INDUSTRY REQUESTS EPA TO FAX TSCA
CBI TO FROM EPA TO THEIR LOCATION 54
H. DISCUSSING TSCA CBI ON THE TELEPHONE 54
1. TELEPHONE CALLS WITH PERSONS
AUTHORIZED FOR TSCA CBI ACCESS 54
2. TELEPHONE CALLS WITH SUBMITTERS 54
Telephone Logs 55
3. VOICE MAIL CANNOT BE USED TO TRANSMIT
TSCA CBI 55
I. ELECTRONIC MAIL CANNOT BE USED TO TRANSMIT
TSCA CBI 55
J. USE OF TSCA CBI AT TELE-VIDEO CONFERENCES 55
K. PROCEDURES FOR HANDLING DOCUMENTS AND
OTHER MATERIALS PRODUCED BY EMPLOYEES
USING TSCA CBI DOCUMENTS 56
1. NEW TSCA CBI DOCUMENTS 56
2. NEW NON-CONFIDENTIAL DOCUMENTS 56
3. PERSONAL WORKING PAPERS 57
a. Transferring personal working papers to another
employee 57
b. Keeping records on transfers 57
c. Photocopying personal working papers 57
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
d. Transferring personal working papers to a typist ....... 57
e. Procedures for storing personal working papers 58
f. Procedures for destroying personal working
papers 58
L. CREATING NON-CONFIDENTIAL MATERIALS FROM
TSCA CBI DOCUMENTS . 58
1. IN GENERAL 58
2. NON-CONFIDENTIAL DOCUMENTS 59
a. When TSCA CBI data are replaced with
non-confidential data or descriptive terms 59
b. When a submitting company drops its claim
of confidentiality 59
M. PROCESS FOR DECLASSIFYING TSCA CBI
MATERIALS 59
HOW TO DECLASSIFY TSCA CBI MATERIALS 59
N. REPRODUCTION OF TSCA CBI MATERIALS 60
1. IN GENERAL 60
2. EMPLOYEE'S ROLE 60
3. DCO RESPONSIBILITIES 61
a. Control of copies 61
b. Distributing copies to other employees 61
c. Authorizing use of other photocopying machines
when machines in secure locations break
down 61
O. PROCEDURES FOR DESTROYING TSCA CBI
MATERIALS . 62
1. IN GENERAL 62
2. WHO IS PERMITTED TO DESTROY TSCA CBI
MATERIALS 62
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
a. EPA and Federal employees 62
b. Contractor employees 62
3. DESTRUCTION METHODS 62
4. DOCUMENTING DESTRUCTION 63
P. USE OR DISCUSSION OF TSCA CBI DURING
MEETINGS . . : 63
1. WHAT IS CONSIDERED A MEETING? 63
2. PROCEDURES FOR CIRCULATING DOCUMENT COPIES
AT A MEETING 63
a. Personal working papers 63
b. Documents that have been logged out
to an employee 64
3. PROCEDURES FOR DISCUSSING TSCA CBI
DURING MEETINGS . 65
a. Meeting chairperson's duties 65
b. Records of meeting containing CBI must
be treated as TSCA CBI 65
Q. TRAVELING WITH TSCA CBI MATERIALS 65
1. IN GENERAL 65
2. MAINTAINING SECURITY FOR TSCA CBI
MATERIALS WHILE TRAVELING 66
a. Storing TSCA CBI materials while
traveling 66
b. Transferring possession of TSCA CBI
materials while traveling : 66
R. WORKING WITH TSCA CBI AT A PERSONAL
RESIDENCE 66
S. WORKING WITH TSCA CBI MATERIALS ON
COMPUTERS 67
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
1. IN GENERAL 67
2. SETTING UP A LOCAL-AREA NETWORK (LAN) 67
3. USING PERSONAL COMPUTERS (PCS) TO
WORK WITH TSCA CBI DATA 67
a. Procedures for using TSCA CBI data on a PC
outside of a secure storage area . 67
b. Processing and storing TSCA CBI data on
floppy and hard disks 67
c. Maintaining security for floppy and detachable
hard diskettes containing TSCA CBI data 68
d. Terminating a TSCA CBI PC session for PCs
located outside secure storage areas 68
e. Security procedures for PC printouts of
TSCA CBI data 69
4. MINICOMPUTERS 69
Security controls for TSCA CBI data on mini computers . . 69
5. SECURITY FOR TSCA, CBI DATA STORED
ON CONTRACTOR'S COMPUTERS . 70
T. DEVELOPMENT OF PHOTOGRAPHIC MATERIALS . 70
1. PHOTOGRAPHS CAN BE CLAIMED AS TSCA CBI ....... . 70
2. VIDEO TAPES CAN BE CLAIMED AS TSCA CBI 70
CHAPTERS
REPORTING AND INVESTIGATION OF VIOLATIONS OF
PROCEDURES, LOST DOCUMENTS, AND UNAUTHORIZED
DISCLOSURES 71
A. EMPLOYEE REPORTING PROCEDURES 71
1. ORAL REPORT MUST BE MADE WITHIN
ONE WORKING DAY 71
2. WRITTEN REPORT MUST BE MADE WITHIN
TWO WORKING DAYS 71
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
Employee's division director or project officer's
duties .72
B. REVIEW AND INVESTIGATION OF EMPLOYEE'S REPORT . 72
1. WHEN POSSIBLE VIOLATION OF TfflS MANUAL'S
SECURITY PROCEDURES HAS OCCURRED 72
2. WHEN TSCA CBI MATERIALS CANNOT BE ACCOUNTED
FOR . 73
Notification to the submitting company . 73
3. WHEN UNAUTHORIZED DISCLOSURE OF TSCA CBI
MATERIALS MAY HAVE OCCURRED 73
a. Notification to the submitting company 73
b. EPA Office of Inspector General 73
C. PENALTY GUIDELINES FOR VIOLATION OF THIS
MANUAL'S PROCEDURES 74
1. DETERMINING THAT A VIOLATION HAS OCCURRED .... 74
2. DETERMINING AN APPROPRIATE REMEDY 74
3. CORRECTIVE ACTIONS 75
4. ADMINISTRATIVE PENALTIES 76
5. CRIMINAL PENALTIES . . 77
6. OPME DIRECTOR CAN ALSO RECOMMEND THAT
NO ACTION BE TAKEN 77
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
LIST OF APPENDICES
Appendix Title
1 TSCA CBI Access Request, Agreement, and Approval
2 TSCA CBI ADP User Registration
3 Standard Form 86: Questionnaire for Sensitive Positions
4 Fingerprint Chart
5 Request for Building Pass
6 Request for Approval of Contractor Access to TSCA Confidential
Business Information
7 Contractor Information Sheet
8 Procurement Policy Notice 93-07 dated August 1993
9 Confidentiality Agreement for United States Employees Upon
Relinquishing TSCA CBI Access Authority
10 Confidentiality Agreement for Contractor Employees Upon
Relinquishing TSCA CBI Access Authority
11 EPA Form 3110-1: Employee Separation or Transfer Checklist
12 TSCA CBI Stamp
13 TSCA CBI Cover Sheet
14 TSCA CBI Visitors Log
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
15 Receipt Log
16 Inventory Log
17 Temporary Loan Receipt for TSCA Confidential Business
Information
18 Permanent Transfer Receipt for TSCA CBI.
19 Memorandum of TSCA CBI Telephone Conversation
20 Federal Agency, Congress, and Federal Court Sign-out Log
21 Revision Transmittal Sheet
22 Document Reconciliation/Annual Certification
23 Sample of TSCA CBI Labels
24 Project Officer Checklist
ii
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
CONTACTS
Questions about the procedures in this manual should be directed to
• Chief, TSCA Information Management Branch
Information Management Division
Office of Pollution Prevention and Toxics (7407)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-0425
Other sources for information are
• OPPT Document Control Officer
Office of Pollution Prevention and Toxics (7407)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-1532 Fax: (202) 260-9555
• TSCA Security Staff
Office of Pollution Prevention and Toxics (7401)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-6475
• Director
Information Management Division
Office of Pollution Prevention and Toxics (7407)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-3938
iii
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
Director
Office of Program Management and Evaluation
Office of Pollution Prevention and Toxics (7401)
Environmental Protection Agency
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-1761
iv
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
GLOSSARY OF ACRONYMS
ADTS
Automated Document Tracking System
CBI
Confidential Business Information
CBIC
Confidential Business Information Center
CBITS
Confidential Business Information Tracking System
CFR
Code of Federal Regulations
DCO
Document Control Officer
DCA
Document Control Assistant
EPA
United States Environmental Protection Agency
FAX
Facsimile Transmission
FMSD
Facilities Management and Services Division
FRC
Federal Records Center
IG
Inspector General
IMD
<
Information Management Division
LAN
Local-Area Network
MBI
Minimum Background Investigation
OAM
Office of Acquisition Management
OGC
Office of General Counsel
OPME
Office of Program Management and Evaluation
v
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
OPPT Office of Pollution Prevention and Toxics
OPPT DCO Office of Pollution Prevention and Toxics Document
Control Officer
PC Personal Computer
PMN Premanufacture Notification
PO Project Officer
TIMB TSCA Information Management Branch
TSCA Toxic Substances Control Act
vi
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
BACKGROUND ON TERMINOLOGY AND EPA OFFICES
Authorized access list: A list of people who are authorized for access to TSCA CBI.
Contractors and subcontractors: Individuals who perform work under a contract with the
United States government.
Document control assistants (DCAs): The OPPT DCO and facility DCOs can nominate
DCAs to assist them in performing document control functions. If a procedure in this
manual requires that a document be taken to the DCO, the document may be taken to either
the facility DCO or DC A.
Employee document control officer (DCO): At facilities where there are multiple facility
DCOs, each DCO will be assigned responsibility for a number of individual employees.
In this role, the facility DCO assists each employee in requesting and renewing TSCA CBI
access authorization.
EPA project officer: An EPA employee who monitors the technical aspects of a contract
that authorizes TSCA CBI access.
Facility: Any location where EPA, a government contractor, or another Federal agency
stores and uses TSCA CBI. Different security procedures are required at facilities outside
of EPA headquarters and at contractor sites; however, the same general procedures are in
force at all facilities.
Facility document control officer (DCO): The facility DCO is responsible for managing
the collection of records and document tracking system for the site where he or she is
employed. The number of employees at a facility determines how many facility DCOs
there are. For instance, about 30 facility DCOs are assigned to EPA headquarters. The
facility DCO also has oversight authority for the receipt, storage, transfer, use, reproduction
and destruction of TSCA CBI in his or her organization or facility.
Hard-copy: Data (i.e. submissions, printouts, photographs, etc) received or generated on
paper.
Information Management Division (IMD) director: The IMD director is responsible for
day-to-day implementation of TSCA CBI and control programs, including developing
policies for the use and handling of TSCA CBI and operating the EPA headquarters
Confidential Business Information Center (CBIC).
vii
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
Office of Program Management and Evaluation (OPME): The OPME Director is
responsible for oversight of the TSCA Confidential Business Information security function.
This includes enforcement of the procedures and provisions contained in the TSCA
Confidential Business Information Security Manual. The OPME Director also provides
oversight of computer security programs for protection of TSCA CBI.
Office of Pollution Prevention and Toxics (OPPT) director: The OPPT director has
overall authority for managing TSCA activities, including TSCA security programs.
OPPT Confidential Business Information Center (CBIC): The primary area for storing
and using TSCA CBI is the EPA CBIC, at EPA headquarters, in Washington, D.C. If
appropriate, EPA may authorize TSCA CBI access at other facilities, including EPA
regional offices, other Federal agency offices, and contractor facilities.
OPPT document control officer (OPPT DCO): The OPPT DCO provides day-to-day
support to other Federal and contractor DCOs nationwide. This includes issuing the TSCA
CBI authorized access list and processing forms and records pertaining to requests for
TSCA CBI access authority for organizations and individuals. He or she manages the
headquarters CBIC, oversees other DCOs at headquarters, and provides training materials
and guidance to all DCOs on appropriate TSCA CBI handling procedures.
Requesting official: This is (1) the employee's immediate supervisor or higher authority
who nominates a Federal employee for TSCA CBI access or (2) the EPA project officer
who nominates a contractor employee for TSCA CBI access. Requesting officials' responsi-
bilities include ensuring that their employees renew their TSCA CBI access authority yearly,
determining when their employees no longer require access authority, authorizing their
employees to transfer TSCA CBI using a courier or express mail, and initiating or
reviewing their employees' teports of violations of this manual's procedures.
Secure storage area (SSA): An area that is secured from persons not authorized for access
to TSCA CBI. Secure storage areas house the bulk of an organization or facility's TSCA
CBI records or serve as an organization or facility's primary TSCA CBI work area, or
both.
TSCA CBI: Information claimed business confidential under EPA's confidentiality
regulations at 40 CFR Part 2.
TSCA CBI materials are documents or any other information-bearing media that contain
TSCA CBI.
TSCA security staff: The TSCA security staff is responsible for security-related activities,
including reviewing security procedures, performing facility site inspections, and
investigating violations of the procedures contained in this manual.
viii
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
CHAPTER!
INTRODUCTION
This manual sets forth procedures for Environmental Protection
Agency (EPA) employees, other Federal employees, Contractors, and
contractor employees to follow in handling information claimed as confidential
business information (CBI) under ..Section 1.4 of the Toxic Substances Control
Act (TSCA) (15 U.S.C. §2613). That section of TSCA requires EPA to
protect from public disclosure CBI obtained under TSCA, and it imposes
criminal penalties for the knowing and willful unauthorized release or
disclosure of such information. EPA has issued regulations (40 CFR Part 2)
that implement TSCA's confidentiality provisions. The procedures in this
manual supplement those set forth in TSCA and in 40 CFR Part 2. Where this
manual and 40 CFR Part 2 Susbpart B conflict, the CFR shall take precedence.
Sections 14(a)(1) and (2) of TSCA permits EPA to authorize Federal
employees, contractors and contractor employees access to TSCA CBI when
such access is necessary to perform work in connection with the agency's
duties under a health or environmental protection statute or for specific law
enforcement purposes.
Most TSCA CBI access occurs at EPA Headquarters, where the
primary storage and use of TSCA CBI is in the EPA Confidential Business
Information Center (CBIC). As required, EPA may authorize CBI access at
other facilities, including EPA Regional Offices, other Federal agency offices,
and contractor facilities. Procedures for handling, using, and storing TSCA
CBI are generally uniform at all facilities. However, some differences in
security procedures are required at facilities outside of EPA Headquarters, and
at contractor sites.
1
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
A. GUIDING PRINCIPLES FOR
SITUATIONS OUTSIDE
OF THE MANUAL
EPA recognizes that situations not covered by this manual may arise.
In such cases, each Federal and contractor employee who is granted TSCA
CBI access will act under the following guiding principles:
• Each user of TSCA CBI will ensure through personal conduct
and accountability that he or she will act consistently with all
guidelines established by EPA, contractors, or other Federal
agencies to protect, to the best of his or her ability, all TSCA
CBI.
• Each user will support management and other employees in
carrying out their responsibilities for the protection, control,
and security of TSCA CBI.
B. MANUAL UPDATES AND REVISIONS TO
PROCEDURES
Whenever procedures change for the control; storage, security, and
handling of TSCA CBI, EPA will update the relevant pages in this manual.
A change transmittal sheet will be issued with each set of revised pages. It is
suggested that the change transmittal sheets be filed in the back of the manual
in sequential order. This manual includes a security manual update transmittal
sheet (Appendix 21), which should be used to record revisions.
2
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
CHAPTER 2
HOW TO AUTHORIZE FEDERAL EMPLOYEES,
CONTRACT EMPLOYEES, AND CONGRESS FOR
ACCESS TO TSCA CBI
To obtain clearance for TSCA CBI access, employees of EPA, other
Federal agencies, and contractors must fill out EPA Form 7740-6, "TSCA CBI
Access Request, Agreement, and Approval" (Appendix 1). In addition, a
separate form is sometimes required for obtaining computer access to TSCA
CBI.
• Federal employees can obtain the forms from the EPA Form
Distribution Centers. If the distribution centers are out of
stock, the forms can be obtained from the OPPT DCO.
• Contractors can obtain the forms from their EPA project
officer. If necessary, contractors can also obtain the forms
from the OPPT DCO.
• Volunteers (non-paid), Law Clerks, students, interns (who are
working for academic credit), and others are not Federal
employees and are not eligible for TSCA CBI clearance and
access. Under no circumstance should any volunteers receive
access to information claimed as TSCA CBI.
• Senior Environmental Employment Program (SEEP) or
American Association of Retired Persons (AARPs) staff are not
Federal employees and are not eligible for TSCA CBI clearance
and access. Under no circumstances should SEEP or AARP
staff receive access to information claimed as TSCA CBI.
3
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
A. STEPS TO TSCA CBI ACCESS FOR EPA EMPLOYEES
1. AUTHORIZING ACCESS.
a. Completing and submitting the forms. The first step for EPA
employees to obtain TSCA CBI access is the completion of Form 7740-6. The
employee must submit the form to the facility DCO.
The DCO reviews the form for completeness and accuracy before
forwarding it to the employee's immediate supervisor, to whom this manual
will hereafter refer as the employee's requesting official. The requesting
official will review the completed form. If the requesting official approves the
form, he or she signs line 20 and returns it to the facility DCO. By signing
the form, the requesting official verifies that the individual has attended a
Security Briefing. The facility DCO will forward the form to the OPPT DCO
for review and final approval.
b. A SEPARATE FORM IS REQUIRED TO OBTAIN COMPUTER ACCESS TO
TSCA CBI DATA. Employees who require online access to TSCA CBI data
stored on mini computers, or computers linked by local area network must
submit Form 7740-25, "TSCA CBI ADP User Registration Form" (Appendix
2) to the DCO on site, who will forward the form to the OPPT DCO for
processing.
c. Individual access files. A DCO is responsible for establishing
an access file for each employee in his or her organization who is granted
authority to access TSCA CBI. The file must contain a copy of all forms or
other documentation related to the employee's TSCA CBI clearance. If
required by personnel regulations, the "SF 86 Questionnaire For Sensitive
Positions" (Appendix 3) should be kept in the employee's official personnel
file. The files must be maintained in alphabetical order by employee name.
Contractors' access files are kept by the DCOs at their facilities; the OPPT
DCO maintains all EPA headquarters employees' access files.
4
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
d. Security briefing is required. It is the responsibility of
requesting officials to ensure that their employees (1) read this manual and (2)
attend a security briefing (video or oral) on procedures for handling TSCA
CBI documents. Employees must attend a briefing on CBI security procedures
before they are allowed access to TSCA CBI. The briefing, on video, is
presented weekly by the OPPT DCO. It can also be presented by a facility
DCO; DC As can perform this same functions as a DCO. The DC A can give
the DCO the required annual briefing and sign EPA Form 7740-28. If
management has not appointed a DCA, the DCO's supervisor (minimum
Branch chief level) must certify that the DCO has been briefed (viewed the
video) and sign the EPA Form 7740-28. The certification, a memorandum,
should be attached to the signed Form 7740-28 and forwarded to the OPPT
DCO.
e. Approval for TSCA CBI access or waiver for immediate
ACCESS. The OPPT DCO will add the employee's name to the TSCA CBI
authorized access list when the employee is approved for TSCA CBI access.
The OPPT DCO will notify the employee's DCO of approval by sending him
or her the TSCA CBI authorized access list. The employee has 10 days to
comply with the OPPT DCO's requirements before final approval is granted.
Facility DCOs must notify the OPPT DCO by the 15th of each
month of additions or deletions that must be made to the TSCA CBI authorized
access list.
A requesting official may allow an employee access to TSCA CBI
before receiving final approval from the OPPT DCO under the following
conditions: The requesting official has determined that immediate access is
necessary, the required forms have been completed and submitted to the OPPT
DCO, and the employee has attended the security briefing.
f. TSCA CBI authorized ACCESS list. After EPA employees are
approved for TSCA CBI access, they are listed on the TSCA CBI authorized
access list. EPA's CBIC uses the list, with the automated Confidential
Business Information Tracking System (CBITS), to control access to TSCA
CBI materials. The list includes the names of employees cleared for TSCA
CBI computer access and the expiration date for their access. The OPPT DCO
provides copies of the access list monthly to DCOs and can answer inquiries
about whether an employee is authorized for access to TSCA CBI.
5
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
2. REQUIREMENTS FOR MAINTAINING ACCESS.
a. General information. Each year, EPA employees who are
authorized for access to TSCA CBI must follow certain procedures to maintain
their access.
b. Document audit procedure. The DCO will furnish the employee
with a report listing all documents that the DCO's manual or automated
inventory log reflects are charged out to that employee. The employee must
reconcile the report by (1) verifying that he or she (employee) has the listed
documents in his or her (employee) possession and signing the Document
Reconciliation Certification (Appendix 22), (2) notifying the DCO that he or
she (employee) does not have the documents in his or her (employee)
possession and so indicating on the Document Reconciliation Certification, or
(3) indicating on the Document Reconciliation Certification that no documents
are charged out. If the employee fails to locate the documents, he or she
(employee) must follow the procedures discussed in Chapter 5. Once a report
is submitted, as required by Chapter 5, the DCO (after receiving written
approval from the employee's requesting official) may renew the employee's
access.
After the DCO reviews the Document Reconciliation Certification, a
copy of the certification form will be filed in the employee's Individual Access
File.
c. Scheduling an annual security briefing. After the Document
Reconciliation Certification process is completed, the next step is for the
employee to attend a security briefing. The facility DCO is responsible for
scheduling annual security briefings for employees. If employees attend a
briefing presented by a facility DCO, it is the facility DCO's responsibility to
provide their names to the OPPT DCO.
6
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
d. Failure to reconcile document audit report or attend an
ANNUAL SECURITY briefing. The OPPT DCO will suspend the access
authority of any employee who fails to reconcile their audit report or attend a
security briefing within a year of his or her last briefing. The OPPT DCO
will notify the employee's requesting official of the suspension. If the
employee does not attend an annual security briefing within 30 days from the
date his or her access expired, the OPPT DCO will on the 31st day terminate
the employee's TSCA CBI authorization and deactivate the employee's
electronic card key for accessing TSCA CBI secure storage areas, along with
all computer access authorization, including user identifications and passwords.
e. Effect of Suspension of Access. Employees who have failed to
maintain access to TSCA CBI in accordance with manual procedures are in
violation of TSCA security procedures and will have their TSCA CBI access
suspended. Such persons may be subject to the penalties identified in Chapter
5. An employee's access to TSCA CBI in his or her possession at the time of
suspension does not constitute unauthorized disclosure of CBI as that term is
utilized in Chapter 5. However, any disclosure of TSCA CBI to an employee
whose access has been suspended does constitute an unauthorized disclosure
of CBI.
f. Reapplying for TSCA CBI access. If an employee has been
removed from the TSCA CBI authorized access list, he or she must reapply
for TSCA CBI access. Employees who must reapply for TSCA CBI access
must follow the procedures in section A.l of this chapter. Contact the OPPT
DCO for specific instructions before submitting renewal forms.
g. Employee transfers within EPA. The OPPT DCO must be
notified when an employee transfers to another branch, division, or office if
the new position requires TSCA CBI access. It is the responsibility of the
employee's former requesting official to notify the OPPT DCO of the transfer
so the employee's current access authorization can be cancelled. If the
employee's new position requires TSCA CBI access, his or her new requesting
official is responsible for submitting a completed Form 7740-6 "TSCA CBI
Access Request, Agreement, and Approval."
7
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
B. STEPS TO TERMINATING TSCA CBI ACCESS
FOR EPA EMPLOYEES
1. GENERAL INFORMATION. Authorization for access to TSCA CBI
must be terminated when:
• The employee stops working at EPA.
• The employee transfers to a new position in EPA that does not
require access to CBI.
• The employee fails to attend the annual security briefing.
• The employee receives an administrative penalty suspending his
or her authority to access TSCA CBI.
2 REQUIREMENTS FOR TERMINATING ACCESS.
a. Form 7740-16. When an employee's TSCA CBI clearance is
relinquished or revoked, he or she must complete EPA Form 7740-16,
"Confidentiality Agreement for United States Employees Upon Relinquishing
TSCA CBI Access Authority" (Appendix 9). The employee's requesting
official and facility DCO are responsible for ensuring that the employee
completes the form within five days after the employee's TSCA CBI access
authority is canceled.
The employee must submit the completed form to his or her
requesting official, who sends it to the OPPT DCO. The requesting official
must also send a copy of the completed form to the facility DCO for placement
in the employee's TSCA CBI Access File.
b. Document Audit Procedure, After receiving Form 7740-16, the
facility DCO will furnish the employee with a report listing all the documents
that the CBITS system and the facility DCO's manual or automated inventory
log show as being in the employee's possession. The DCO is responsible for
assisting the employee in returning these documents. All of the returned
documents must be re-entered into the collection of records before any
individual TSCA CBI document charged out to a terminating employee can be
reissued to another TSCA CBI-cleared employee.
8
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
c. DCO Responsibilities AfterDocument Audit is Completed.
After the document reconciliation is complete, the facility DCO will:
• Request that the OPPT DCO remove the employee's name
from the TSCA CBI authorized access list.
• Inform the employee DCO that the employee is no longer
authorized for CBI access.
• Request that the OPPT DCO instruct the Facilities Management
and Services Division (FMSD), Office of Administration, to
invalidate the employee's electronic entry card access for EPA
headquarters TSCA CBI secure storage areas.
• Change the combinations to locks for any TSCA CBI secure
storage containers to which the employee had access. At EPA
headquarters, the facility DCO can request that a security
representative of FMSD' s Security Management Section change
the lock combinations for any TSCA CBI storage containers or
secure storage areas.
The OPPT DCO will direct IMD's TSCA Systems Section to
invalidate the employee's TSCA CBI computer user identification code and
passwords for all mini or micro computer systems to which the employee had
access. When the TSCA Systems Section completes the invalidation, the
section will provide written confirmation to the OPPT DCO.
d. MISSING DOCUMENTS. The facility DCO must assume that a TSCA
CBI document is missing when it is not received within 30 days of issuing the
employee the list of items charged out to him or her. The procedures for
reporting these documents as missing are in Chapter 5 of this manual.
9
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
e. Employee responsibilities. Employees who are relinquishing
their TSCA CBI access authority are responsible for returning all TSCA CBI
documents and magnetic media in their possession to the facility's DCO.
Employees who are terminating their employment must return to FMSD all
electronic entry cards for EPA headquarters facilities. Regional or laboratory
employees who have electronic entry cards for secure storage areas must
relinquish those cards to the issuing office prior to signing Form 7740-16,
"Confidentiality Agreement for United States Employees Upon Relinquishing
TSCA CBI Access Authority." EPA headquarters employees who are
terminating their employment must obtain signatures from the OPPT DCO and
FMSD on the "Employee Separation or Transfer Checklist", EPA Form
3110-1 (Appendix 11) when relinquishing their TSCA CBI clearance.
( "
C. STEPS TO TSCA CBI ACCESS
FOR CONTRACTORS AND SUBCONTRACTORS
AUTHORIZING ACCESS.
1. Determining whether access to TSCA CBI is necessary. It
is EPA's responsibility to decide whether access to TSCA CBI is necessary for
a contractor to successfully perform the conditions of a contract with the U.S.
government. Depending on the contract, the EPA project officer, the EPA
delivery order project officer, or the EPA work assignment manager (in the
case of GSA zone contracts) will evaluate the need for TSCA CBI access.
(The Project Officers Checklist, appendix 24, will assist project officers in
compiling all information required for contractor access to TSCA CBI.)
If it is determined that access is necessary, the EPA project officer
(PO), EPA delivery order project officer (DOPO), or the EPA work
assignment manager (WAM) must complete EPA Form 7740-17, "Request for
Approval of Contractor Access to TSCA Confidential Business Information"
(Appendix 6). Form 7740-17 should be submitted as early in the contracting
process as possible.
• For new contracts, Form 7740-17 should be submitted to the
IMD director with the initial procurement package.
10
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• For existing contracts, a delivery order will probably be
necessary to modify the contract. Form 7740-17 should be
submitted to the IMD director prior to the modification request.
The EPA project officer must forward the form to his or her division
director or a supervisor of equivalent authority, who will sign the form as the
requesting official and forward it to the IMD director for final approval and
publication in the Federal Register.
2. EPA CONTRACTORS WHO RECEIVE TSCA CBI MUST SET UP A
SECURE ENVIRONMENT FOR HANDLING AND STORING TSCA CBI. In
establishing a secure environment, contractors are bound by (1) the conditions
and terms of their contracts with EPA and (2) the requirements of this manual.
Each contractor must maintain TSCA CBI in a secure environment that meets
or exceeds the requirements contained herein. In addition to the physical
security procedures set forth in Chapter 4, a two-barrier system must be used
to protect TSCA CBI at any contractor's storage site that is not located within
an EPA or other Federal Agency facility.
Barrier 1 must consist at a minimum of perimeter walls that are
constructed from "slab to slab" and do not have false ceilings that would
permit entry into the contractor's work space by simply climbing over a
corridor wall. Doors that provide ingress or egress must have pin tumbler
deadbolt locks installed (unless the door is for emergency egress, in which
case it would have a crash bar with an audible alarm). All doors providing
ingress or egress that have hinge pins exposed to public corridors must be
pinned or constructed in such a way so as to prevent removal of the hinge pin.
Barrier 2 must consist of any of the approved storage containers
listed in Chapter 4. Contractors should contact the TSCA Security Staff if they
have any questions about establishing or maintaining the security of TSCA
CBI.
3. Site inspection. After the contractor has established a secure
environment for TSCA CBI, the TSCA security staff must inspect the site.
TSCA CBI access will not be authorized at the contractor's site without the
approval of the TSCA Security Staff.
11
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
4. Required contract language. All contracts that are approved
by the IMD director for TSCA CBI access must contain the following contract
clauses from the Procurement Policy Notice No. 93-07 of August 1993: Data
Security for TSCA CBI (EP52.235-120) (Appendix 8); Access to TSCA
Confidential Business Information (EP52.235-100) (Appendix 8a); Control and
Security of TSCA Confidential Business Information (EP52.235-105)
(Appendix 8b); and Treatment of Confidential Business Information (1552.235-
71) (DEVIATION) (Appendix 8c). The EPA project officer is responsible for
(1) notifying EPA's Office of Acquisition Management (OAM) contracting
officer that the required TSCA CBI language is necessary and (2) forwarding
Form 7740-17 to OAM, after the IMD director has signed it.
5. Notice to affected businesses. Pursuant to 40 CFR Part
2.306(j), EPA must notify affected businesses prior to allowing TSCA CBI
access to a contractor or subcontractor. IMD will prepare the notice and, at
its discretion will (1) publish it in the Federal Register or (2) send it to
individual businesses by letter via certified mail, return receipt requested or (3)
be notified by telegram. The affected business must have at least 5 working
days of notice (40 CFR 2.306(j)(3) before access is granted. This means that
the contractor cannot be granted access until 5 days after the Federal Register
notice is published or the telegram or certified mail is received.
The EPA project officer must initiate the notice process at least 60
days before the date that TSCA CBI access is to begin. The first step is to
complete a Contractor Information Sheet (Appendix 7), which the OPPT DCO
uses to prepare the notice. The IMD director signs the notice, which signifies
that the contractor(s) identified in the notice is authorized for access to TSCA
CBI.
The notice must contain the following:
• The identity of the contractor or subcontractor to which TSCA
CBI is to be disclosed.
• The contract number.
• An explanation of why access to TSCA CBI is necessary for
satisfactory performance of the contract.
12
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• Whether access is authorized only on EPA premises or also at
the contractor's or subcontractor's facilities.
• The type of information to be disclosed.
• The period of time for which access to TSCA CBI is
authorized.
6. Facility DCO at the contractor's site. The contractor DCO
(1) serves as the liaison between EPA and the contractor on issues relating to
TSCA CBI, (2) assists the EPA facility DCO in requesting and maintaining
TSCA CBI access authorization for individual contractor employees (see
Chapter 3), and (3) assists in TSCA CBI handling. The contractor DCO
serves this function even when contractor employee access to TSCA CBI will
occur at EPA facilities. Each contractor with TSCA CBI access must have a
contractor DCO.
7. How TO ASSIGN A DCO. The EPA project officer is responsible
for identifying two qualified contractor employees to act as the contractor
DCO and the alternate DCO. The EPA project officer must nominate the
employees to the OPPT DCO. The nomination, submitted in writing, must
include the employees' names, telephone numbers, electronic mail numbers,
fax numbers, and mailing addresses. The contractor DCO must be in place
before the contractor is allowed access to TSCA CBI. (See Chapter 3 for
information about the nomination process.)
8. Identifying contractor employees for clearance. After
completion of the above requirements, the EPA project officer, EPA delivery
order project officer, or the EPA work assignment manager is responsible for
conferring with contractor officials to determine which contractor employees
require TSCA CBI access authorization. The EPA project officer will request
access authorization for these individuals in the manner described in section
D of this chapter.
13
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
D. HOW TO OBTAIN TSCA CBI AUTHORIZATION
FOR EMPLOYEES OF CONTRACTORS AND SUBCONTRACTORS
After a contractor is authorized for access to TSCA CBI, the
contractor's employees must individually request TSCA CBI access authority.
All necessary forms are available from the EPA project officer. If
necessary, the forms can also be obtained from the OPPT DCO.
1. AUTHORIZING ACCESS.
a. Completing and submitting the forms. Each contractor
employee who is applying for TSCA CBI access must complete the following
forms:
1) Form 7740-6, "TSCA CBI Access Request, Agreement, and
Approval" (Appendix 1).
2) SF-86, "Questionnaire for Sensitive Positions" (Appendix 3).
3) FD-258, fingerprint chart (two originals) (Appendix 4).
4) Form 7740-25, "TSCA CBI ADP User Registration Form," if
online access to a TSCA CBI system or data base is required
(Appendix 2).
The completed forms must be submitted to the contractor DCO.
After reviewing the forms for accuracy and completeness, the contractor will
forward the forms to the EPA project officer. The EPA project officer will
review the forms and forward them to the OPPT DCO.
The project officer will either sign line 20 of the general access
request form to signify approval of TSCA CBI access or will disapprove
access. The project officer will submit the approved forms to the OPPT DCO
for review and approval. After completing the review, the OPPT DCO will
sign the forms and may submit them to the TSCA security staff and the IMD
director for final approval.
14
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
b. Minimum Background Investigation (MBI). All contractor
employees who are granted access to TSCA CBI will be required to
successfully complete an MBI to maintain TSCA CBI clearance. MBI
investigations are conducted by the U.S. Office of Personnel Management at
the request of the EPA Inspector General. The EPA project officer or work
assignment manager must ensure the MBI investigation requirement is placed
in the official statement of work.
c. Individual Access Files. The contractor's facility DCO is
responsible for establishing an access file for each contractor employee in his
or her organization who is granted authority to access TSCA CBI. The file
will contain a copy of all forms or other documentation related to the employe-
e's TSCA CBI clearance. If required by personnel regulations, a copy of the
SF 86, "Questionnaire For Sensitive Positions" should be kept in the
employee's official personnel file. The access files will be maintained in
alphabetical order by employee name and stored with the TSCA CBI collection
of records. The OPPT DCO will maintain the Individual Access Files for
contract employees who are located at EPA headquarters.
d. Security briefing is required. It is the responsibility of the
requesting official to ensure that employees (1) read this manual and (2) attend
a security briefing on procedures for handling TSCA CBI documents.
Employees must attend a briefing on TSCA CBI security procedures before
they are allowed access to TSCA CBI. The briefing, given orally or presented
on video, is presented weekly by the OPPT DCO, or it can also be presented
by a facility DCOs. If employees attend a briefing presented by a facility
DCO, it is the facility DCO's responsibility to provide their names to the
OPPT DCO.
e. Approval for TSCA CBI access or waiver for immediate
ACCESS. The OPPT DCO will add the contractor employee's name to the
TSCA CBI authorized access list when the contractor employee is approved
for CBI access. The OPPT DCO will notify the contractor employee's DCO
of approval by sending the contractor DCO the TSCA CBI authorized access
list.
15
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
A waiver may be granted by the Director, Information Management
Division which will allow a contractor and/or contractor employee(s) access
to TSCA CBI before receiving final approval from the OPPT DCO when all
of the following conditions are met: the requesting official has determined that
immediate access is necessary, the required form(s) have been completed and
submitted to the OPPT DCO, the employee(s) have attended the security
briefing, the facility at which the employee(s) is working has been inspected
and approved by the TSCA security staff, and the Federal Register Notice has
been submitted for publication.
f. TSCA CBI AUTHORIZED ACCESS LIST. After contractor employees
are approved for TSCA CBI access, they are listed on the TSCA CBI
authorized access list. The list provides the names of people cleared for TSCA
CBI access, including TSCA CBI computer access, and the date on which their
access expires. Questions about whether a particular person has TSCA CBI
access that can not be answered by consulting the Authorized Access List
should be directed to the OPPT DCO. The OPPT DCO provides copies of the
access list monthly to DCOs.
2. REQUIREMENTS FOR MAINTAINING ACCESS.
a. General information. Each year, contractor employees who are
authorized to access TSCA CBI must follow certain procedures to maintain
their access. The procedures are listed below in the order in which they must
occur.
b. Document audit procedure. The contractor DCO will furnish the
contractor employee with a report listing all documents that the DCO's manual
or automated inventory log shows as charged out to that employee. The
employee must reconcile the report by (1) verifying that he or she has the
listed documents in his or her possession and signing the Document
Reconciliation Certification (Appendix 22), (2) notifying the DCO that he or
she does not have the documents and indicating on the Document
Reconciliation Certification that the documents are not in his or her possession,
or (3) indicating on the Document Reconciliation Certification that no
documents are charged out. If the DCO fails to locate any documents, he or
she must follow the procedures discussed in Chapter 5.
16
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
After the DCO reviews the Document Reconciliation Certification,
he or she will file a copy of the certification form in the employee's Individual
Access File.
c. Scheduling an annual security briefing. After the document
audit procedure is completed, the next step is for the employee to attend a
security briefing. The contractor's facility DCO is responsible for scheduling
annual security briefings for employees; the DCA is authorized to give the
DCO the required briefing and sign the EPA Form 7740-28. If management
has not appointed a DCA, the project officer must certify (by memorandum to
the OPPT DCO) that the DCO has read the security manual briefing materials
or viewed the TSCA CBI training video and sign the EPA Form 7740-28.
d. Failure to attend an annual security briefing. Contractor
employees will lose their authorization for access to TSCA CBI if they fail to
attend a security briefing within a year of their last briefing. The OPPT DCO
will notify an employee's requesting official of the suspension. If the
employee does not attend an annual security briefing within 30 days from the
date the suspension notice was issued, the OPPT DCO will on the 30th day
terminate the employee's TSCA CBI authorization and deactivate the
employee's electronic card key for accessing TSCA CBI secure storage areas,
along with all computer access authorization, including user identifications and
passwords. It is the responsibility of the requesting official to ensure that the
employee completes the paperwork connected with TSCA CBI termination (see
section E of this chapter).
e. Reapplying for TSCA CBI ACCESS. If an employee has been
removed from the TSCA CBI authorized access list, he or she must reapply
for TSCA CBI access. To reapply, the employee must follow the procedures
in section D.l of this chapter. Contact the OPPT DCO for specific
instructions before submitting renewal forms.
17
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
E. PROCEDURES FOR TERMINATING ACCESS TO
TSCA CBI FOR CONTRACTOR EMPLOYEES
1. GENERAL INFORMATION. Authorization to access TSCA CBI must
be terminated when:
• The contract is completed, terminated or in suspense.
• Employment of the contractor employee is terminated.
• Contractor employee's duties that require access to TSCA CBI
are terminated.
• The contractor employee fails to attend the annual security
briefing.
• The contractor employee breaches the terms of the
Confidentiality Agreement of EPA Form 7740-6, "TSCA CBI
Access Request, Agreement, and Approval. "
• The MBI provides information about the contractor employee
based on which the IMD director determines that access will
not be granted.
2. REQUIREMENTS FOR TERMINATING ACCESS.
a. Form 7740-18. When a contractor employee's TSCA CBI
clearance is suspended, relinquished, or revoked, he or she must complete
EPA Form 7740-18, "Confidentiality Agreement for Contractor Employees
Upon Relinquishing TSCA CBI Access Authority" (Appendix 10). The
employee's requesting official and DCO are responsible for ensuring that the
employee completes the form within five days after the employee's TSCA CBI
access authority is canceled.
The employee must submit the completed form to his or her
requesting official, who sends it to the OPPT DCO. The requesting official
must also send a copy of the completed form to the facility DCO for placement
in the employee's TSCA CBI Access File.
18
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
b. Document audit procedure. After receiving Form 7740-18, the
facility DCO will furnish the contractor employee with a report listing all the
documents that the CBITS system, DAPSS system, and the facility DCO's
inventory log show as being in the contractor employee's possession. The
contractor employee is responsible for returning these documents. All of the
returned documents must be re-entered into the collection of records before
any individual TSCA CBI document charged out to the terminating employee
can be reissued to another TSCA CBI-cleared employee.
C. DCO RESPONSIBILITIES AFTER DOCUMENT AUDIT IS COMPLETED.
After the document reconciliation is complete, the facility DCO will:
• Request that the OPPT DCO remove the employee's name
from the TSCA CBI authorized access list.
• Inform the employee's DCO that the employee is no longer
authorized for TSCA CBI access.
• Request the OPPT DCO to invalidate the employee's electronic
entry card access for EPA headquarters TSCA CBI secure
storage areas.
• Change the combinations to locks for any TSCA CBI secure
storage containers to which the employee had access.
d. Missing DOCUMENTS. The facility DCO must assume a TSCA CBI
document is missing when it is not received within 30 days of issuing the
contractor employee the list of items charged out to him or her. The
procedures for reporting these documents as missing are in Chapter 5.
The OPPT DCO will direct IMD's TSCA Systems Section to
invalidate the employee's TSCA CBI computer user identification code and
passwords for all mini, or micro computer systems to which the employee had
access. When the TSCA Systems Section completes the invalidation, the
section must provide written confirmation to the OPPT DCO.
19
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
e. Contractor employee responsibilities. Employees who are
relinquishing their TSCA CBI access authority are responsible for returning all
TSCA CBI documents and magnetic media in their possession to the facility
DCO. Employees who are terminating their employment must return to the
OPPT DCO all electronic entry cards for EPA headquarters facilities. EPA
project officers are responsible for ensuring that all electronic entry cards
issued to contractor employees are returned to the OPPT DCO.
F. PROCEDURES FOR TERMINATING ACCESS
TO TSCA CBI FOR CONTRACTORS
TERMINATING ACCESS TO TSCA CBI WHEN A CONTRACT ENDS.
On the day a contract is completed or access to TSCA CBI ends
under the contract's terms, the contractor DCO must inventory the TSCA CBI
materials that the CBITS system, DAPSS system, and the DCO's manual or
automated inventory log show as being at the contractor's facility. The
contractor DCO must provide the written inventory to the EPA project officer
within 30 calendar days. The EPA project officer must provide a copy of the
results to the OPPT DCO and the TSCA security staff. The contractor DCO
must collect all TSCA CBI materials and document control materials, including
logs and cover sheets, that are in the company's possession. The contractor
must transfer the materials to the TSCA CBI cleared project officer (or other
cleared official, i.e. DOPO, WAM) within 30 calendar days. The EPA
Project Officer will forward the reconcilled documents to the OPPT DCO
within 30 days for inclusion into the official Agency file.
The EPA project officer will review the materials and reconcile the
returned materials with the inventory provided by the contractor DCO. The
EPA project officer then transfers the materials to the OPPT DCO with
instructions for appropriate disposition.
20
-------�
TSCA CBZ SECURITY MANUAL
7000
4/95
G. AUTHORIZING OTHER FEDERAL AGENCIES
FOR ACCESS TO TSCA CBI
TSCA provides that under cetain circumstances other Federal
agencies may receive access to TSCA data. Specifically disclosure of TSCA
CBI to another Federal agency is permitted when the information is necessary
for the other agency (1) to perform work for EPA, (2) to perform its duties
under any law for the protection of health or the environment, or (3) for
specific law enforcement purposes. All persons contemplating disclosure of
TSCA CBI to Federal agencies should review 40 CFR §§ 2.209 and 2.306.
1. GENERAL PROCEDURES FOR EPA OFFICES TO DISCLOSE TSCA
CBI TO ANOTHER FEDERAL AGENCY PERFORMING WORK FOR EPA.
When an EPA office is having another Federal agency perform work that
requires access to TSCA CBI, EPA generally takes the initiative in arranging
to disclose the information to the other agency. The first step to allow
disclosure is for the EPA office that is involved to contact the IMD director.
The IMD director will notify the other agency that (1) the
information that will be disclosed is CBI and was acquired under the authority
of TSCA and that (2) any unauthorized disclosure of the information may
subject the other agency's employees to the criminal penalties in Section 14(d)
of TSCA (see Chapter 5 of this manual).
When EPA discloses TSCA CBI to another agency to perform work
on behalf of EPA as described in 40 CFR §§ 2.209(c) and 2.306(h), no notice
to affected businesses is required. The IMD director will notify the agency
performing the work whether access is approved.
a. Agreement not to disclose TSCA CBI. The agency that will
receive TSCA CBI must provide a written agreement that it will not disclose
TSCA CBI.
b. Exceptions to agreement not to disclose TSCA CBI. A
Federal agency does not have to provide a written agreement that it will not
disclose TSCA CBI under any one of the following circumstances:
21
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• The agency has statutory authority both to compel production
of the information and to make the proposed disclosure, and it
has furnished affected businesses with at least the same notice
that EPA would provide under EPA's regulations.
• The agency has obtained the consent of each affected business
prior to the proposed disclosure.
• The agency has obtained a written statement from the EPA
general counsel or an EPA regional counsel that disclosure of
the information would be proper under EPA regulations.
c. TSCA CBI ACCESS AT EPA FACILITIES. Once approval for access
has been granted, designated employees of the other Federal agency can obtain
access to specified TSCA CBI on EPA premises. The procedures for
individual employees to obtain clearance for TSCA CBI access are explained
in sections A and B of this chapter.
d. TSCA CBI access at other Federal agencies. When a Federal
agency is allowed access to TSCA CBI on its premises, the Federal agency
must appoint a facility DCO and must provide a secure environment before
documents will be transferred.
e. How to assign A DCO. The requesting official or the facility
manager in charge of the facility to which TSCA CBI will be transferred must
nominate a facility DCO and an alternate DCO. The nomination, submitted
in writing to the OPPT DCO, must include the name, telephone number,
electronic mail number, fax number, and mailing address of both nominees.
The OPPT DCO will decide whether to approve the nomination. The
requesting official or the facility DCO can also nominate document control
assistants (DCAs) to assist the DCO in his or her day-to-day duties. DCAs
can perform the same duties and responsibilities as the DCOs (i.e. DCAs can
annually brief the DCO and sign the EPA Form 7740-28).
2. PROCEDURES FOR ANOTHER FEDERAL AGENCY TO REQUEST
ACCESS TO TSCA CBI. These procedures must be followed by Federal
agencies that are requesting access to TSCA CBI (1) to perform duties under
any law for the protection of health or the environment or (2) for a specific
law enforcement purpose.
22
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
a. Submit a written request. To obtain access to TSCA CBI, a
Federal agency must submit a written request to the IMD director at least one
month before access is needed. The request must state the specific information
to which access is requested, why access is necessary (this is the official
purpose and will be one of the two reasons stated in the preceding paragraph),
and provide supporting details. The request must be signed by an agency
official whose authority is at least equivalent to that of an EPA division
director.
b. Agreement not to disclose TSCA CBI. The agency that will
receive TSCA CBI must provide a written agreement that it will not disclose
TSCA CBI.
c. Exceptions to agreement not to disclose TSCA CBI. A
Federal agency does not have to provide a written agreement that it will not
disclose TSCA CBI under any one of the following circumstances:
• The agency has statutory authority both to compel production
of the information and to make the proposed disclosure, and it
has furnished affected businesses with at least the same notice
that EPA would provide under EPA's regulations.
• The agency has obtained the consent of each affected business
prior to the proposed disclosure.
• The agency has obtained a written statement from the EPA
general counsel or an EPA regional counsel that disclosure of
the information would be proper under EPA regulations.
d. Notice to affected businesses. Before EPA allows another
Federal agency access to TSCA CBI, EPA must provide written notice to
affected businesses except as stated in section G.l above. The notice must be
given at least 10 calendar days before access takes place by Federal Register
notice, telegram, or certified mail (return receipt requested). IMD will
prepare the notice, which must include
• The identity of the agency to which TSCA CBI access is being
allowed.
23
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• The official purpose for the access.
• Whether access is authorized only on EPA premises or also at
the other agency's facilities (see section 3 of this chapter).
• The type of information that will be disclosed.
• The period of time for which access to TSCA CBI is being
authorized.
3. EPA'S PROCESS FOR APPROVING TSCA CBI ACCESS FOR
OTHER FEDERAL AGENCIES. The IMD director will review requests for
TSCA CBI access from other Federal agencies and will notify the agencies'
requesting officials whether TSCA CBI access is approved. If access is
approved, the IMD director will notify the other agency that (1) the
information that will be disclosed is CBI and was acquired under the authority
Of TSCA, and that (2) any unauthorized disclosure of the information may
subject the other agency's employees to criminal penalties allowed under
Section 14(d) of TSCA.
a. TSCA CBI ACCESS AT EPA FACILITIES. EPA prefers that TSCA
CBI materials remain on EPA premises. When this is not practical. EPA will
consider allowing access at another agency's facility.
Once approval for access has been granted, designated employees of
the other Federal agency can obtain access to specified TSCA CBI on EPA
premises. The procedures for individual employees to obtain clearance for
TSCA CBI access are explained in sections A and B of this chapter.
Employees of other Federal agencies are not allowed to remove from EPA
premises any documents, notes, or correspondence containing TSCA CBI and
must not discuss TSCA CBI with individuals not authorized for TSCA CBI
access. TSCA CBI must be transferred from an EPA DCO to a
Facility/Agency DCO.
24
-------�
T8CA CBI SECURITY MANUAL
7000
4/95
b. TSCA CBI access at other Federal agencies. Before EPA will
grant access at another agency's facility, a facility DCO must be in place. The
requesting official or the facility manager in charge of the facility to which
TSCA CBI will be transferred must nominate a facility DCO and an alternate
DCO. The nomination, submitted in writing to the OPPT DCO, must include
the name, telephone number, electronic mail number, fax number, and mailing
address of both nominees. The OPPT DCO will decide whether to approve
the nomination. The requesting official or the facility DCO can also nominate
document control assistants (DCAs) to assist the DCO in his or her day-to-day
duties. Other provisions that must be in effect are the following:
• The Federal agency must have security procedures and
standards in place that equal or surpass those set forth in this
manual.
• EPA's TSCA security staff must inspect and approve the TSCA
CBI storage facilities at the Federal agency. The inspection is
to be arranged by the official requesting TSCA CBI clearance
for his or her agency.
• The Federal agency must appoint a facility DCO before
documents will be transferred.
• The official requesting TSCA CBI access authority for his or
her agency must provide a written statement of the agency's
security procedures for handling TSCA CBI. The statement
should state whether (1) the security procedures in this manual
have been adopted by the agency without change or (2) how the
security procedures being used at the agency differ from those
set forth in this manual. The written statement must be
provided to the TSCA security staff.
25
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
4. REQUESTS FOR ACCESS TO TSCA CBI FROM CONGRESS OR
THE GENERAL ACCOUNTING OFFICE. EPA, Federal and contractor
employees must notify the IMD director immediately when they receive a
request from Congress or the General Accounting Office for information that
requires access to TSCA CBI. Pursuant to 40 CFR 2.209, TSCA CBI access
is allowed only when the request is made by the Speaker of the House, the
President of the Senate, a chairman of a committee or subcommittee, or the
Comptroller General. All document access will be provided by the OPPT
DCO, who will record all transactions on a Federal Agency, Congress, and
Federal Court Sign Out Log (Appendix 20).
NOTICE TO AFFECTED BUSINESSES. Before EPA allows access to TSCA
CBI by Congress or the General Accounting Office, EPA must provide written
notice to affected businesses. The notice must be given at least 10 calendar
days before access takes place by Federal Register notice, telegram, or
certified mail (return receipt requested). IMD will prepare the notice, which
must include:
• Whether access is authorized only on EPA premises or also at
the other agency's facilities.
• The type of information that will be disclosed.
• The period of time for which access to TSCA CBI is being
authorized.
26
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
CHAPTER 3
RESPONSIBILITIES
A. EMPLOYEE RESPONSIBILITIES
1. EPA HOLDS EMPLOYEES PERSONALLY ACCOUNTABLE FOR
PROTECTING TSGA CBI. Proper protective controls must be followed by
employees of EPA, other Federal agencies, and Federal contractors who have
access to TSCA CBI whenever they handle, store, or transfer any TSCA CBI.
EPA holds every employee who has custody of TSCA CBI personally
responsible for following proper handling and security procedures.
• Each employee who has access to TSCA CBI is required to (a)
immediately inform management if he or she discovers that any
procedure contained in this manual does not provide the proper
level of protection for TSCA CBI and (b) suggest changes that
will strengthen those weaknesses.
• Each employee who has access to TSCA CBI is required to
immediately report in writing any violations of this manual's
procedures to his or her immediate supervisor, the TSCA
security staff, and if applicable, the contractor project officer.
Employees who have access to TSCA CBI are
• Accountable for all TSCA CBI documents that they receive
through a DCO or any other employee cleared for TSCA CBI.
• Required to support the programs established by their
management and DCO for protecting and handling TSCA CBI.
• Required to attend an annual security briefing prior to renewing
their TSCA CBI clearance and to stay informed of TSCA CBI
handling controls and security programs.
27
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• Required to complete an annual audit of all TSCA CBI
documents charged out to them through a DCO prior to
completing the annual security briefing and to sign the
Document Reconciliation Certification (Appendix 22) after
reconciling the documents listed on the report.
• Required to maintain TSCA CBI in a responsible manner that
will not permit access to the data by anyone who has not been
properly authorized to view TSCA CBI.
2. DOCUMENT AUDIT PROCEDURES. Each year, every employee is
required to account for the hard copy TSCA CBI documents in his or her
possession. This procedure is always the first step of the annual process to
recertify employees for TSCA CBI clearance.
The facility DCO will furnish the employee with a list of documents
that the DCO's manual or automated inventory log shows the employee has in
his or her possession. The employee must certify that the documents are in his
or her possession by signing die certification statement inscribed on the
document list. The employee must contact the facility DCO immediately if he
or she does not have any of the documents on the list.
3. CHECKING OUT TSCA CBI DOCUMENTS. Employees are
permitted to check out TSCA CBI documents from their facility DCO and to
keep the documents for up to a year. However, employees should return
TSCA CBI to the facility DCO as soon as the material is no longer needed.
Overdue materials. TSCA CBI materials cannot be kept for more
than one year. Any material kept longer than a year is considered overdue,
and the facility DCO will notify the responsible employee. Materials that are
not returned to the DCO within 30 days of notification are presumed lost. The
DCO must notify his or her division director of lost materials, pursuant to the
procedures in Chapter 5.
28
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
4. DETERMINING WHETHER A DOCUMENT CONTAINS TSCA CBI.
When an employee produces a document, it is that employee's responsibility
to decide whether the document contains TSCA CBI. An employee who is
unable to determine whether something is confidential should consult with his
or her supervisor or DCO. If the issue remains unresolved, the employee
should consult the chief of the IMD TSCA Information Management Branch.
5. RECEIPT OF MAIL CONTAINING TSCA CBI MATERIAL. If
employees receive materials in the mail that are believed to be TSCA CBI,
even if they are unlabeled, those materials must be taken immediately to the
facility's DCO for proper entry into the document tracking system.
6. REVIEWING AND CHALLENGING TSCA CBI CLAIMS. An
employee who encounters a TSCA CBI claim that appears to be invalid should
bring the issue to the attention of the proper office in EPA.
• EPA employees and Federal employees should contact IMD's
TSCA Information Management Branch, which routinely
conducts program challenges pursuant to CFR 2.204.
• EPA regional employees should contact the TSCA Information
Management Branch or the Office of General Counsel.
• Contractor employees should contact IMD' s TSC A Information
Management Branch with any questions about TSCA CBI
claims.
a. INFORMAL inquiries. EPA employees are permitted to conduct
informal inquiries concerning TSCA CBI claims consistent with 40 CFR
2.204. When an EPA employee believes it to be appropriate, he or she can
request substantiation of a TSCA CBI claim from a submitter. The request
should be made by letter.
EPA employees, especially compliance inspectors, are encouraged
to obtain guidance for CBI reviews and challenges from the TSCA Information
Management Branch. In addition, employees are encouraged to become
familiar with the substantive criteria used to determine confidentiality, which
are found at 40 CFR 2.208.
29
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
b. Formal challenges. The Office of General Counsel is responsible
for making final determinations concerning challenges to TSCA CBI claims,
pursuant to 40 CFR 2.205, with two exceptions. Before acting under these
two exceptions, contact the TSCA Information Management Branch or the
Office of General Counsel for advice.
• The first exception allows an EPA office to take certain actions
if the office determines that the TSCA CBI claim is clearly not
entitled to confidential treatment. The exception is defined in
40 CFR 2.204(d)(2); "EPA office" is defined in 40 CFR
2.201(m); the possible actions are defined in 40 CFR 2.205(f).
• The second exception allows the Office of General Counsel to
delegate its authority to make final determinations concerning
TSCA CBI challenges to any EPA attorney in accordance with
40 CFR 2.205(i).
c. Procedures performing a challenge. It is incumbent upon those
who challenge TSCA CBI claims to act consistently with all TSCA regulations
—- particularly 40 CFR 2.201 through 40 CFR 2.205, 40 CFR 2.208, and 40
CFR 2.306—and relevant Federal Register notices. The validity of a TSCA
CBI claim must be carefully considered before an EPA employee asks a
submitting company to substantiate the claim. IMD and Office of General
Counsel attorneys should be consulted if any questions or problems arise on
TSCA CBI issues or challenges.
B. MANAGER RESPONSIBILITIES
IN GENERAL. All managers who are responsible for programs involving
access to TSCA CBI must ensure that their staff members follow this manual's
procedures and any other directive that deals with protection of TSCA CBI.
Managers must also ensure that
• Adequate personnel are available to carry out the DCO
responsibilities under the manager's supervision.
30
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• Proper physical control measures are implemented in areas
where TSCA CBI is maintained.
• Subordinate project officers (POs), delivery order project
officers (DOPOs), and work assignment managers (WAMs)
follow proper TSCA CBI security procedures while
administering contracts.
• Thiey meet quarterly with contractor project officers to ensure
that contractor staff are following TSCA CBI security
procedures.
• That all employees under their supervision who are required
to have access to TSCA CBI maintain a current clearance for
TSCA CBI access.
C. DOCUMENT CONTROL OFFICER (DCO)
RESPONSIBILITIES
1. IN GENERAL. DCOs manage their facilities' document tracking
systems and oversee the receipt, storage, transfer, and use of TSCA CBI by
employees in their facilities. All facilities that are authorized for access to
TSCA CBI are required to have a facility DCO and an alternate DCO, who
will assume the facility DCO's responsibilities during his or her absence.
Facility DCOs must be approved and trained before TSCA CBI can
be transferred to any facility. The OPPT DCO is responsible for providing
training materials and guidance on appropriate document handling procedures
to all DCOs.
2. THE DCO MAINTAINS A DOCUMENT TRACKING SYSTEM. The
receipt, usage, and transfer of TSCA CBI is tracked through a document
tracking system. All TSCA CBI materials submitted to EPA, and those
produced by Federal and contractor employees (except as described in Chapter
4, section K), are monitored through this system.
31
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
The DCO is responsible for his or her facility's document tracking
system. The DCO must ensure that:
• All manual or automated logs are properly maintained, updated
and securely stored.
• Document control numbers or unique numerical identifiers are
assigned to the documents requiring them.
• Proper procedures are followed when using TSCA CBI
materials.
The IMD director has approved several manual and automated
tracking systems for use by Federal or contractor DCOs. Use of one of these
systems, which are described below, is mandatory. Contact the OPPT DCO
for additional information about these tracking systems.
a. Automated document tracking systems. EPA recommends
that DCOs who oversee a high volume of documents and transactions use
automated systems to track documents. These systems allow the DCO to track
a document's movement from the time it is assigned a document control
number or received at EPA until the time it is destroyed or transferred to
another TSCA CBI-cleared facility.
At EPA headquarters, the OPPT DCO uses an automated system to
track TSCA CBI documents: The Confidential Business Information Tracking
System (CBITS). Other DCO(s) use.a second automated tracking system, the
Automated Document Tracking System (ADTS), to track documents at field
installations.
32
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
1) Machine-readable bar codes. CBITS tracking system uses a
machine-readable bar code to track TSCA CBI documents. The
bar code is affixed to each TSCA CBI document controlled
through the headquarters CBIC. Bar codes are also affixed to the
electronic entry identification cards of employees with TSCA CBI
access authorization. The OPPT DCO uses these bar codes to
verify through, CBITS that employees are authorized for access
to TSCA CBI documents. The OPPT DCO also uses these bar
codes to produce annual audit certification reports for employees'
completion;
2) Backup for automated document tracking systems. When
an automated TSCA CBI document tracking system is used, the
facility DCO must make a backup disk whenever on a regular
basis. The backup media is TSCA CBI data and should be
protected as such. Any manual logs that are converted into an
automated system must be retained until an audit by the TSCA
security staff verifies the accuracy of the conversion.
EPA also suggests securing a duplicate set of media (document
tracking system) off site to allow for recovery of accountability of
documents charged out, if a disaster such as a flood, fire, or other
natural disaster strikes. Contact the OPPT DCO and the TSCA
Security Staff for assistance in establishing a program.
3) ADTS extends monitoring capability. ADTS runs on an
IBM-compatible PC and provides automated tracking,
accountability, and records-management capabilities for TSCA
CBI documents stored outside the purview of the OPPT DCO.
ADTS is available from the OPPT DCO.
33
-------�
T8CA CBI SECURITY MANUAL
7000
4/95
b. Manual tracking systems. Manual tracking systems are
appropriate for DCOs who are responsible for a low volume of documents and
transactions. Certain EPA forms must be used in implementing a manual
tracking system. These forms establish the minimum tracking and control
requirements for TSCA CBI assigned to facility DCOs. The forms are EPA
Form 7740-10, "Receipt Log for TSCA Confidential Business Information,"
EPA Form 7740-11, "Inventory Log for TSCA Confidential Business
Information," and EPA Form 7740-24, "Federal Agency, Congress, and
Federal Court Sign Out Log" (see Appendices 15, 16, and 20, respectively).
3. THE DCO MAINTAINS THE INVENTORY LOG. Each DCO must
maintain an inventory log for TSCA CBI transactions at his or her facility.
The inventory log must contain the following information:
• The document control number.
• The date on which a document is checked out from the DCO
and the date on which it is returned.
• The identity of the individual checking out the document.
• If the document will be destroyed, the entry in the disposition
block of the log must include the date of destruction and the
identity of the person who will destroy it.
• If the requesting employee plans to transfer the document
outside the DCO's jurisdiction, the disposition block of the log
must include the date and destination of the transfer.
4. DELIVERING AND RECEIVING TSCA CBI MATERIALS. All TSCA
CBI materials sent by EPA employees or contractors through the mail or by
courier must be addressed to and received by a DCO. TSCA CBI materials
that are hand carried to a facility or generated by employees at the facility
must be taken immediately to the DCO (see Chapter 4).
34
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
a. The DCO must review documents for completeness. The
DCO must review all materials received to determine whether they appear
complete.
• If the documents do not appear to be complete, the DCO must
immediately contact the submitter to determine whether there
is an omission.
• If the materials appear to be complete, the DCO must stamp
the document as TSCA CBI (Appendix 12). The stamp is
applied to at least the first page (or the cover, if the document
has one) and the back of the last page (or back cover, if the
document has one). The DCO then assigns a document control
number to the document, if one has not already been assigned,
and attaches a TSCA CBI cover sheet (Appendix 13) to the
front of the document. The DCO must write the document
control number on the first page of the document.
b. The DCO must maintain a receipt LOG. Each document received
by a DCO must be recorded in an automated or manual receipt log (Appendix
15). The DCO must record the following items in the receipt log:
• The document's document control number (if a document
control number has not been assigned, the copy number
assigned by the DCO should be recorded).
• The date on which the document was received by the DCO.
• The submitter's name if the document was received directly
from the submitter, the author's name if the document was
generated by a Federal or contractor employee, or the facility
DCO's name if the document was received from another
facility authorized for TSCA CBI access.
• The number of pages contained in the document.
35
-------�
T8CA CBI SECURITY MANUAL
7000
4/95
• A brief description of the document (e.g., "an engineering
report on PMN-Y" or "letter from company X on PMN-W").
5. STORAGE OF TSCA CBI MATERIALS. DCOs are responsible for
ensuring that employees at their facilities are storing documents properly. This
manual establishes storage procedures in Chapter 4, section B.
The DCO supervises the storage of TSCA CBI materials in secure
storage containers or in a centralized secure storage area (e.g., the CBIC at
EPA headquarters). The sole exception to this is when an employee's duties
require that he or she be assigned individual responsibility for a specific secure
storage container(s) (i.e. Mosler safe) within an office.
6. MAINTAINING RECORDS OF LOCK COMBINATIONS. The facility
DCO must maintain a record of the lock combinations on rooms and containers
in which TSCA CBI materials are stored. The DCO must also store each
combination individually in a sealed envelope. These envelopes should be
opened only in emergencies.
At EPA headquarters, there are a number of facility DCOs. Their
recordkeeping responsibilities break down as follows:
• Each division in OPPT has a DCO who is responsible for
keeping a list of combinations for TSCA CBI storage containers
and rooms controlled by the division.
• The OPPT DCO maintains a list of combinations (1) for
containers and rooms assigned to IMD and (2) for all
containers and rooms in OPPT that don't fall under any specific
division's control.
• At EPA headquarters, DCOs in offices other than OPPT
maintain a list of combinations for TSCA CBI storage
containers and rooms controlled by their offices.
36
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• FMSD keeps a master list of combinations for all TSCA CBI
locks at EPA headquarters.
7. CONDITIONS FOR CHANGING LOCK COMBINATIONS. The DCO
is required to change lock combinations (1) every 12 months, (2) each time a
person who knows a combination relinquishes his or her TSCA CBI access
authority, (3) when a container is put into or taken out of operation, and (4)
if there is a known or possible compromise of TSCA CBI data in the
container. At EPA headquarters, DCOs notify FMSD, which changes the
combinations.
8. UPDATING THE TSCA CBI AUTHORIZED ACCESS LIST. Each
DCO bears responsibility for keeping the TSCA CBI authorized access list
current. By the 15th of each month, facility DCOs must notify the OPPT
DCO of any employees within their jurisdictions who should be added or
deleted from the list.
9. THE DCO MONITORS AND CONTROLS WHO OBTAINS TSCA CBI
MATERIALS. The steps for obtaining TSCA CBI materials are described
below:
• The employee requests a specific TSCA CBI document from
his or her DCO.
• The DCO locates the document in the TSCA CBI storage files
or obtains it from a another DCO, employee, contractor, or
submitter.
• The DCO notifies the employee that the document is available.
• When the employee arrives to pick up the document, the DCO
verifies that the requesting employee is authorized for access to
the document.
• The DCO logs the document out to the employee using an
automated or manual inventory log.
37
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
10. THE DCO MONITORS OVERDUE TSCA CBI MATERIALS. TSCA
CBI materials may not be checked out from a centralized TSCA CBI storage
facility for more than one year. DCOs must monitor the inventory log for
TSCA CBI materials that have not been returned within the one-year period.
The DCO is responsible for notifying employees and their supervisors of
overdue materials. This is done by distributing to the employee and his or her
supervisor a list of all TSCA CBI documents charged out to the employee
before the annual security briefing and TSCA CBI access recertification are
accomplished.
If the employee does not return the overdue materials to the DCO
within 30 days after notification, the DCO must assume the materials cannot
be located. The DCO must notify his or her division director that the materials
are lost, pursuant to the procedures in Chapter 5.
11. THE DCO ASSISTS EMPLOYEES IN DETERMINING WHETHER
DOCUMENTS CONTAIN TSCA CBI AND IN SANITIZING DOCUMENTS
FOR PUBLIC DISCLOSURE. The responsibility for determining whether
documents contain TSCA CBI rests with the document's author (see Chapter
4, section L). The DCO's role is to provide guidance to the author in making,
the determination. Employees who are unable to determine whether something
is confidential should consult with their supervisor or DCO. If the issue
remains unresolved, the employee should consult the chief of the IMD TSCA
Information Management Branch. The DCO also instructs document authors
in how to sanitize a TSCA CBI document if the document is going to be
released to the public.
12. THE DCO SUPERVISES THE REPRODUCTION AND
DESTRUCTION OF TSCA CBI MATERIALS. The DCO is responsible for
controlling and documenting the reproduction and destruction of TSCA CBI
materials. TSCA CBI materials except for working papers as discussed in
Chapter 4. can be reproduced or destroyed only by the DCO or by a DCA
assigned to the task bv the DCO. In the latter case, the DCO must supervise
the activity. Specific procedures for reproduction and destruction are set forth
in Chapter 4, sections N and O.
38
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
13. THE DCO CONTROLS THE TRANSFER OF TSCA CBI MATERIALS
BETWEEN FACILITIES. Two procedures exist for transferring TSCA CBI
materials between facilities. The first applies to materials that are already
recorded in the document tracking system. If the document is in an
employee's possession, the employee must first return the document to his or
her facility DCO. The DCO records the date the document is being sent and
the name of the DCO who will receive it in the Inventory Log. The DCO also
inserts a transfer receipt in the second envelope. The transfer receipt identifies
the package's contents. The recipient DCO will sign the transfer receipt and
return it to the sender.
The second procedure applies to new materials that are not recorded
in the document tracking system. In these cases, the document's author must
stamp the document as TSCA CBI and attach a TSCA CBI cover sheet to it.
The author then takes the document to his or her DCO who (1) logs the
document into the receipt log, (2) assigns it a document control number, and
(3) records the date the document is being sent and the name of the DCO who
will receive it.
Packaging and arranging transfer of TSCA CBI materials.
Specific information on packaging and arranging transfer of TSCA CBI
materials is provided in Chapter 4, section F.
14. THE DCO ASSISTS EMPLOYEES WITH OBTAINING AND
MAINTAINING TSCA CBI ACCESS AUTHORITY. DCOs are responsible
for assisting employees with their TSCA CBI access authority. Procedures for
this are set forth in Chapter 2.
15. THE DCO IS RESPONSIBLE FOR ASSISTING WITH EMPLOYEE
DOCUMENT AUDITS. When an employee is undergoing TSCA CBI
recertification or is terminating his or her access to TSCA CBI, the DCO must
give the employee a report listing all the documents that the CBITS system,
DAPSS system, and the automated or manual inventory log show as being in
the employee's possession. All of the returned documents must be re-entered
into the collection of records.
39
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
16: EACH YEAR, THE CONTRACTOR DCO MUST PERFORM AN
INVENTORY OF HARD-COPY TSCA CBI DOCUMENTS. Before July 31
of each year, each contractor DCO must inventory all hard-copy TSCA CBI
materials in the DCO's document tracking system.
• The DCO must compare the TSCA CBI documents in the
receipt log with the transactions listed in the inventory log.
This is accomplished by comparing the document control
numbers.
• The DCO must inventory the documents in his or her
possession. These documents are listed in the receipt log, but
not in the inventory log.
• The DCO must review the status (e.g., destroyed or transferred
outside the DCO's facility) and location (e.g., checked out to
an employee) of materials listed in the inventory log.
• The DCO must locate any documents that have been checked
out for more than one year.
• The DCO must review the status of documents indicated in the
inventory log as having been destroyed.
• Prior to October 1 of each year, the DCO must submit a
written inventory to his supervisor. By October 1, the
supervisor must submit the report to the TSCA security staff.
NOTE: The procedures in Chapter 5 must be followed if there are any TSCA
CBI materials that cannot be located.
17. WHEN DCOS TERMINATE THEIR EMPLOYMENT OR RELINQUISH
THEIR DCO RESPONSIBILITIES. The procedure that must be followed
when DCOs terminate their employment or relinquish DCO responsibilities are
the same for DCOs at EPA headquarters, regional offices, other Federal
agencies and contractor facilities.
40
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
TSCA CBI MATERIALS MUST BE inventoried. The outgoing DCO and
the incoming DCO must jointly perform an inventory of TSCA CBI materials
in the outgoing DCO's collection of records. Both parties must certify the
inventory before the outgoing DCO departs. The incoming DCO should retain
a copy of the inventory for audit purposes and forward a copy to the OPPT
DCO. If any TSCA CBI materials cannot be located during the audit, the
incoming DCO must follow the procedures in Chapter 5.
41
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
CHAPTER 4
PROCEDURES FOR USING AND
PROTECTING TSCA CBI MATERIALS
All procedures discussed in this chapter apply to employees of EPA,
other Federal agencies, and contractors, unless otherwise specified.
A. MARKING MATERIALS AS TSCA CBI
1. TSCA CBI COVER SHEETS MUST BE PLACED ON MATERIALS.
A TSCA CBI cover sheet, EPA Form 7740-9 (Appendix 13), must be affixed
to all TSCA CBI hardcopy materials. All other materials (i.e. diskettes,
samples, etc.1 must have TSCA CBI labels attached (Appendix 23).
2. THE PHRASE TSCA CBI MUST BE STAMPED ON MATERIALS.
TSCA CBI materials must be marked with a stamp that identifies the materials
as TSCA CBI (Appendix 12). The author of the materials is responsible for
stamping the document. The stamp must be placed on the front of the first
page (or on the cover, if the document has one) and on the back of the last
page (or back cover, if the document has one). The author may choose to
stamp additional pages of the document. If the document is a copy or is
received from outside EPA, the DCO is responsible for stamping the
document.
42
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
B. PROCEDURES FOR USING TSCA CBI DOCUMENTS
INSIDE OR OUTSIDE OF SECURE STORAGE AREAS
1. EMPLOYEE RESPONSIBILITIES, IN GENERAL. Employees using
TSCA CBI are responsible for ensuring that no unauthorized disclosure of that
information occurs. One way of guarding against this is for employees to use
TSCA CBI only in secure storage areas (described below). If employees take
TSCA CBI outside of the secure storage areas, they must (1) maintain constant
control over the TSCA CBI documents in their possession, (2) return the
TSCA CBI documents to the DCO, or (3) store the documents in a TSCA
CBI-approved storage container.
2. PROCEDURES FOR USING TSCA CBI DOCUMENTS OUTSIDE OF
SECURE STORAGE AREAS. Employees who are using TSCA CBI
documents outside of secure storage areas must never leave the documents
where people not authorized for TSCA CBI access might gain access to them.
When a TSCA CBI document outside a secure storage area is in an employee's
possession and is not in use, the employee must place the document in an
approved storage container.
a. Two TYPES OF CONTAINERS ARE APPROVED. Two types of
containers are approved for TSCA CBI storage:
• Metal file cabinets with locking bars and three-way changeable
combination locks.
• GSA-approved Class 6 security containers.
b. Open/close signs. The employee must affix a magnetic open/close
sign to each container so the status of the security container is visible at all
times. The employee must place the "open" sign on a container when it is
opened and the "close" sign on a container when it is closed.
43
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
If the container has multiple drawers with separate combinations,
each drawer must have an open/close sign affixed to it, to show the individual
condition of each drawer. The facility DCO is responsible for reviewing all
containers under his or her purview to ensure that the proper sign is affixed
to them.
c. More than one person can use a storage container. A
storage container may be used by more than one person to store TSCA CBI
materials. In these cases, each person using the storage container must be
authorized for access to all types of TSCA CBI stored in the container. Each
person should be assigned a separate storage space within the storage container
and is responsible for any TSCA CBI that he or she stores there.
3. PROCEDURES FOR USING TSCA CBI DOCUMENTS INSIDE
SECURE STORAGE AREAS. Facilities in which a large volume of TSCA
CBI is used will usually contain one or more secure storage areas. For
example, at EPA headquarters, the CBIC is a secure storage area. Secure
storage areas are used as TSCA CBI work areas, storage areas for TSCA CBI,
or both. Only employees who are authorized for access to TSCA CBI are
allowed to enter secure storage areas; personnel who are not cleared for access
to TSCA CBI must be escorted (at all times) by an employee who is cleared
for access to TSCA CBI. When an employee is working in a secure storage
area, it is recommended that TSCA CBI be stored in an approved container
while not in use, but it is not required. The TSCA security staff is required
to maintain a record of the locations of all TSCA CBI secure storage areas.
TSCA CBI-cleared employees must accompany unauthorized
persons INSIDE SECURE STORAGE areas. If persons not authorized for access
to TSCA CBI must enter a secure storage area for any reason, they must sign
a visitor's log and be accompanied at all times by a TSCA CBI-cleared
employee.
44
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
C. HOW TO OBTAIN APPROVAL
FOR ESTABLISHING A SECURE STORAGE AREA
The IMD director can designate secure storage areas in EPA facilities,
other Federal facilities, or contractor facilities when the volume and frequency
of TSCA CBI use justifies it. The steps to obtaining approval for a secure
storage area are:
1. The facility DCO establishes a secure storage area that meets the security
requirements established in this manual.
2. The facility DCO writes a memorandum to the OPME director asking
that the TSCA security staff inspect the secure storage area and that it be
approved for use. The memorandum is submitted to the DCO's division
director, who sends it to the OPME director.
3. The TSCA security staff inspects the secure storage area. The staff will
require security improvements, if needed.
4. After the TSCA security staff approves the secure storage area, the
facility DCO must designate an employee to assume responsibility for the
secured area. This employee is usually the DCO or a DCA. This
employee's responsibilities include monitoring the area to ensure that only
employees authorized for TSCA CBI access have access to it and
ensuring that the devices that secure the area are operating properly.
5. If the secured area functions as a centralized storage area, the facility
DCO will maintain the document tracking system for the materials stored
in the area. (The OPPT Confidential Business Information Center
(CBIC) is the central repository for TSCA CBI documents maintained at
Headquarters; the CBIC is a contract operation.)
D. SECURING AN AREA
SECURE STORAGE AREA REQUIREMENTS. Secure storage areas must
be secured by (1) a pin tumbler lock, (2) an intrusion alarm, and (3) an
electronic card entry system or a changeable push-button door lock.
45
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
1. Maintaining security of lock combinations. DCOs are
responsible for controlling access to lock combinations (see Chapter 3, section
C.6). DCOs are allowed to disclose combinations only to employees with
TSCA CBI access authorization and a need to review the TSCA CBI materials
stored in the containers or rooms.
2. Electronic card keys can be used to access secure storage
areas. Card keys are often used to ingress secure storage areas. The DCO
can issue card keys to employees with TSCA CBI access authorization and a
need to review the TSCA CBI materials in the secure storage area.
• Employees must use their card keys each time they enter the
secure area, even if they enter the room at the same time as
others. They are prohibited from loaning their card keys to
other employees.
• If an employee needs to enter the secure storage area and does
not have a card key or does not have it with him or her, the
DCO or DCA must determine whether the individual is
authorized for access to TSCA CBI. To do this, the DCO
consults the TSCA CBI authorized access list. If the employee
is authorized for access, the DCO must require the employee
to sign a visitors' log (Appendix 14) before entry. The DCO
must retain all visitors' logs for future reference.
• A person who is not authorized for access to TSCA CBI may
gain entry to a secure storage area after he or she signs the
visitors' log and is escorted at all times by a TSCA CBI cleared
person.
46
-------�
TSCA CBI SECURITY MANUAL
E. PROCEDURES FOR OBTAINING TSCA CBI
An employee who is authorized for access to TSCA CBI can obtain a TSCA
CBI document
• From the CBIC or other centralized storage facility by
contacting the DCO.
• From another employee within the same facility.
• From another facility through the DCO.
1. HOW TO OBTAIN TSCA CBI FROM THE CBIC OR OTHER
CENTRALIZED STORAGE FACILITY. An employee who wants to obtain
TSCA CBI materials from the CBIC (OPPT cleared employees only, other
cleared personnel must have their DCO obtain the required TSCA CBI
materials from the CBIC) or other centralized TSCA CBI storage facilities
must do so through his or her DCO. The DCO will verify that the employee
is authorized for access to TSCA CBI, and will then retrieve the requested
documents from the storage facility and log them out to the requestor through
the facility's document tracking system. TSCA CBI documents can be kept
for up to one year or the expiration of the employee's clearance, whichever
comes first. However, employees are encouraged to return documents as soon
as they are no longer needed.
a. Safeguarding TSCA CBI documents. Employees must safeguard
all TSCA CBI documents in their possession. To meet this mandate, they are
required to (1) return the TSCA CBI documents to the centralized storage
facility at the end of each day, (2) store the TSCA CBI documents in an
approved storage container, or (3) work in and maintain the documents in a
secure storage area.
7000
4/95
47
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
b. Obtaining a receipt for returned documents. It is not the
responsibility of the DCO or DCA to generate a log-in receipt. When
returning TSCA CBI documents, an employee can prepare a receipt (an
employee may fill out EPA Form 7740-26 for this purpose and mark out the
word permanent in the title of the form) for the DCO to sign and return to the
employee or to the employee's designee. These receipts can smooth the
reconciliation of document records that is required during the annual audit
prior to TSCA CBI recertification. (Reminder to DCOs/DCAs: If you sign
a receipt for documents, you must ensure that you have received the
documents indicated on the form before signing.)
c. Transferring TSCA CBI materials between a DCO and
persons under his or her supervision in a centralized secure storage
area. Transfers inside a secure storage area between a DCO and anyone
whom he or she supervises are exempt from document transfer logging and
loan receipt requirements provided the TSCA CBI material does not leave the
centralized secure storage area.
2. HOW TO OBTAIN TSCA CBI FROM ANOTHER EMPLOYEE
WITHIN THE SAME FACILITY. Employees who want to obtain a TSCA
CBI document from its author or owner located in the same facility can request
the documents directly. The author or owner must verify that the intended
recipient is authorized for access to TSCA CBI. To verify TSCA CBI access,
the author or owner should consult the TSCA CBI authorized access list,
which is available from the facility DCO. The author or owner can transfer
the materials by hand delivery or through his or her facility DCO. Materials
that are delivered by hand must be given directly to the recipient. Inter-office
mail must never be used for such transfers. TSCA CBI materials must
never be left unattended in an in-box or on the recipient's desk, unless within
a secured storage area.
NOTE: Contractor employees are restricted to transferring TSCA CBI
documents through their facility DCOs.
48
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
Keeping records on transfers. If a transfer is made through the facility
DCO, the DCO will record the transfer in the document tracking system. If
a transfer is made by hand delivery, the owner or author of the transferred
document can choose to obtain a signed loan receipt indicating that the transfer
was completed (Appendix 17). These loan receipts should be retained until the
documents are returned. If a document is transferred and no loan receipt is
obtained, the owner or author of the document will be held responsible and
accountable for the document.
Transfers between DCOs for different organizations within the same
facility, e.g., transfers from the OPPT DCO to an OPPT division DCO, must
be recorded in the document tracking system.
F. PROCEDURES FOR TRANSFERRING TSCA CBI
TO AN EMPLOYEE AT ANOTHER FACILITY
1. IN GENERAL. TSCA CBI materials can be transferred to an employee
at another facility as long as that employee is authorized for access to TSCA
CBI. These transfers of TSCA CBI materials must be conducted through
facility DCOs, in accordance with the procedures set forth below. This
ensures that the materials are properly logged out by the DCO. Before any
TSCA CBI materials mav be transferred to another facility, the facility DCO
must notify the receiving DCO that the materials will be sent.
2. PROCEDURES FOR TRANSFERRING TSCA CBI MATERIALS.
TSCA CBI materials can be transferred to an employee at another facility in
one of four ways:
• The DCO can send the materials certified mail through the
U.S. Postal Service, return receipt requested.
• The DCO can appoint a TSCA CBI-cleared employee to deliver
the materials directly to the facility DCO.
• The DCO can arrange delivery by a courier or by the U.S.
Postal Service Express Mail when approved by the immediate
supervisor.
49
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• The DCO can transfer the materials via facsimile (see section
G of this chapter).
a. Procedures for sending or receiving TSCA CBI materials
through THE U.S. POSTAL SERVICE. An employee who wants to mail TSCA
CBI material to ah EPA or Federal employee must provide the material to his
or her DCO. The exception to this is that OPPT employees who are mailing
TSCA CBI material to a contractor employee must work through the OPPT
DCO. The DCO will send the TSCA CBI material certified mail, return
receipt requested. Regular first class mail must never be used to transfer
TSCA CBI.
1) TSCA CBI materials must be double-wrapped. The DCO
must double-wrap TSCA CBI'that will be delivered by the U.S.
Postal Service. The DCO must label the inner wrapping with the
recipient DCO's name and the statement, "TSCA Confidential
Business Information — To Be Opened by Addressee Only." The
DCO must label the outer wrapper with the name and address of
the recipient DCO and a return address. The outer wrapper
should be free of any indications that the package contains TSCA
CBI.
2) Receipt of contents. The DCO must include a receipt
(Appendix 18) identifying the contents of the package. The
Permanent Transfer Receipt for TSCA Confidential Business
Information (Appendix 18), when used properly, will not contain
TSCA CBI information; therefore, the DCO has the option of
either placing the form on the outside of the inner envelope or
within the inner envelope. This form can also be used as a
temporary transfer receipt for multiple documents; line out the
word permanent and write temporary in its place. The recipient
DCO will sign the receipt of contents and return it to the sender
within five days of receipt.
b. Procedures for hand delivery of TSCA CBI materials.
TSCA CBI material must be provided to the DCO for proper logging
(including the preparation of EPA Form 7740-26, Permanent Transfer Receipt
of TSCA Confidential Business Information) before a TSCA CBI-cleared
person is permitted to hand carry the material to its destination. The person
50
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
carrying the materials must protect it at all times in accordance with the
security procedures for transferring TSCA CBI as set forth in this chapter.
The receiving DCO must sign EPA Form 7740-26 and return a copy to the
sending DCO.
C. PROCEDURES FOR TRANSMITTING TSCA CBI MATERIALS BY COURIER
or U.S. Postal Service Express Mail. With the approval of an
employee's requesting official, the DCO can use a courier service or the U.S.
Postal Service Express Mail to transfer TSCA CBI materials. The general
guideline for use of these services is that time must be of the essence. Unlike
certified mail, neither of these services requires each person handling the
package to sign for it as it changes hands.
• TSCA CBI materials must be double-wrapped. The DCO
must double-wrap TSCA CBI that will be delivered by a
courier service or by the U.S. Postal Service. The DCO must
label the inner wrapping with the recipient DCO's name and
the statement, "TSCA Confidential Business Information — To
Be Opened by Addressee Only." The DCO must label the
outer wrapper with the name and address of the recipient DCO
and a return address. The outer wrapper should be free of anv
indications that the package contains TSCA CBI.
• Receipts are necessary. The DCO must include a receipt
identifying the contents of the package (see page 50). The
recipient DCO will sign the receipt and send it back to the
sender to verify receipt and contents. The DCO must also
obtain a receipt from the courier service employee who picks
up the package. All receipts should be retained by the sending
DCO for auditing.
51
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
d. Transfer of TSCA CBI to Industry. There will be occasions
that industry will request a copy of their submission to the Agency which
contains TSCA CBI. In order to received a copy, industry must submit a
notarized letter on corporate stationary which is signed by a corporate officer
indicating the person authorized to received the copy. The submission must
be double wrapped as described above and is sent certified mail via the U.S.
Postal Service, certified mail (indicating the person to receive the copy) return
receipt requested. The Agency may also initiate correspondence with industry
which includes TSCA CBI. The same procedures are required except for the
notarized letter.
G. PROCEDURES FOR RECEIVING AND SENDING
FACSIMILES (FAXES) THAT CONTAIN
TSCA CBI
1. PROCEDURES FOR SENDING OR RECEIVING FAXES BETWEEN
PERSONS AUTHORIZED FOR ACCESS TO TSCA CBI. The following
security transmission provisions must be followed when transmitting any
TSCA CBI by facsimile equipment:
• Only a DCO or DCA is permitted to send a fax containing
TSCA CBI, and only a DCO or DCA is permitted to receive
the transmission.
• Before a DCO or DCA sends a fax containing TSCA CBI to
another DCO or DCA, the sender must verify the employee's
access authority by consulting the TSCA CBI authorized access
list.
• During transmission, the DCOs sending and receiving the
document must completely control the fax machine. They must
ensure that no one who is not cleared for TSCA CBI views the
document.
• Fax machines that contain internal memory are authorized for
transmission of TSCA CBI between EPA, its contractors, and
other Federal agencies. After transmission is completed, the
sending and receiving DCO must turn off the fax machines in
order to ensure that no TSCA CBI data remains in memory.
52
-------�
TSCA CBZ SECURITY MANUAL
7000
4/95
• Transmission of TSCA CBI is restricted to individually-
controlled fax machines. Fax machines located inside secure
storage areas are preferred. Central fax receiving centers are
not authorized to receive TSCA CBI.
• The DCO sending the fax is responsible for ensuring that the
number dialed is correct by verifying the number on the fax
transmission confirmation receipt. He or she must attach the
receipt to the document that was faxed and place the document
in the official document file.
2. WHEN INDUSTRY OFFICIALS OR INDUSTRY SUBMITTERS
REQUEST THAT TSCA CBI BE FAXED TO THEM. Employees of EPA
and of EPA contractors who are cleared for TSCA CBI can transmit TSCA
CBI documents to industry officials or submitters. Prior to transmission, the
employee must verify that the recipient is authorized to receive a company's
TSCA CBI (industry must submit a notarized letter on corporate stationary
which is signed by a corporate officer indicating the person authorized to
received the copy).
The employee must notify the recipient prior to transmission that the
confidentiality of the fax transmission cannot be guaranteed, that EPA's trans-
mission lines are not secure, and that the message will not be scrambled by
encryption equipment.
The employee sending the fax must completely control the fax
machine and ensure that the transmission is not viewed by anyone not cleared
for TSCA CBI. The sender must confirm that the fax transmission was
completed successfully by obtaining the fax transmission confirmation receipt
and attaching it to EPA Form 7740-12, "Memorandum of TSCA CBI
Telephone Conversation" (Appendix 19). The employee must send all of these
documents to the facility DCO for the official document file.
53
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
3; WHEN AN INDUSTRY OFFICIAL OR INDUSTRY SUBMITTER
ASKS TO FAX TSCA CBI TO EPA. When someone external to EPA wants
to send TSCA CBI via fax transmission, he or she must be notified that EPA
can not guarantee the confidentiality of the transmission. At or prior to
transmission, the employee who will receive the transmission must notify the
sender that EPA's transmission lines are not secure and that no encryption
equipment will be used to scramble the message. Immediately upon receiving
the fax, the employee must provide it to the facility DCO for entry into the
receipt log.
4. WHEN AN INDUSTRY OFFICIAL OR INDUSTRY SUBMITTER
REQUESTS EPA TO FAX TSCA CBI TO THEIR LOCATION. When
an industry official (including the technical contact) requests the Agency to fax
TSCA CBI to their location, it is the responsibility of the sender (Agency) to
notify industry (receiver) that EPA's transmission lines are not secure; that no
encryption equipment will not be used to scramble the message; and that
industry is responsible for guaranteeing the proper procedures have been take
for safeguarding the TSCA CBI on the receiving end.
H. DISCUSSING TSCA CBI ON THE TELEPHONE
1. TELEPHONE CALLS WITH EMPLOYEES AUTHORIZED FOR TSCA
CBI ACCESS. Federal employees and contractor employees with TSCA CBI
access authority are allowed to discuss TSCA CBI on the telephone with other
Federal employees or contractor employees with TSCA CBI access authority.
Both parties to a telephone call are responsible for verifying that the other is
authorized for TSCA CBI access. To do so, the employees should consult the
TSCA CBI authorized access list. The individual who initiates a discussion
that includes TSCA CBI must indicate that the conversation involves TSCA
CBI.
2. TELEPHONE CALLS WITH SUBMITTERS. Federal and contractor
employees with TSCA CBI access authority are allowed to discuss TSCA CBI
on the telephone with a submitter employee when all of the following
conditions are met:
54
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
• The Federal or contractor employee must verify that the
submitter employee is authorized by his or her company to
discuss TSCA CBI. This can be done by checking the PMN
technical contact block or other written documentation.
• The Federal or contractor employee must verify the identity of
the submitter employee to whom he or she is speaking.
• The Federal or contractor employee must inform the submitter
employee that the telephone lines are not secured.
• The Federal or contractor employee must verify that all Federal
and contractor employees on the line are cleared for TSCA CBI
access and relay that information to the submitter employee.
• The Federal or contractor employee must state to the submitter
employee that discussion of TSCA CBI with a TSCA CBI-
cleared Federal or contractor employee on the telephone does
not constitute a waiver of any claim of confidentiality.
• The Federal or contractor employee must inform the submitter
employee that any further information provided in the telephone
conversation can be claimed as confidential.
Telephone LOGS. Federal and contractor employees must keep a
telephone log of all phone calls with submitters. The phone log must be kept
on EPA Form 7740-12, "Memorandum of TSCA CBI Telephone Conversation
(Appendix 19). After every conversation with a submitter, Federal and
contractor employees must provide their telephone logs to the DCO, who will
log them into the document tracking system. All headquarters telephone logs
for individual TSCA CBI materials must be inserted into the CBIC's official
file for PMN chemicals and existing chemicals.
3. VOICE MAIL SYSTEMS ARE NOT SECURE. The Federal or
contractor employee must under no circumstances leave messages containing
TSCA CBI on voice mail.
55
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
I. ELECTRONIC MAIL CANNOT BE USED TO
TRANSMIT TSCA CBI
Use of the EPA electronic mail system or any other electronic mail
system to transmit TSCA CBI information is not authorized.
J. USE OF TSCA CBI AT TELE-VIDEO CONFERENCES
TSCA CBI can be displayed and discussed during tele-video
conferences conducted between EPA headquarters and EPA regional offices.
The employee who arranges or schedules the tele-video conference is
responsible for ensuring that all TSCA CBI security procedures are followed
during the conference. These procedures include the following:
• The employee must verify that everyone who attends the tele-
video conference is cleared for TSCA CBI.
• The employee must ensure that both conference rooms are
secured to prevent unauthorized persons from entering the
conference rooms during the tele-video conference.
• The employee must arrange for use of compressed video
encryption during transmission, if it is available. For
information about tele-video encryption, contact the Security
Officer of the EPA National Data Processing Division;
telephone (919) 541-4013.
56
-------�
TSCA CBI SECURITY MANUAL
70.00
4/95
K. PROCEDURES FOR HANDLING DOCUMENTS
AND OTHER MATERIALS PRODUCED BY
EMPLOYEES USING TSCA CBI DOCUMENTS
1. NEW TSCA CBI DOCUMENTS. Documents and other materials produ-
ced by Federal and contractor employees using TSCA CBI documents
frequently contain TSCA CBI themselves. If a newly created document
contains TSCA CBI data, the document's author must stamp it as TSCA CBI,
cover it with a TSCA CBI cover sheet (EPA Form 7740-9), and take it to the
facility DCO to be logged into the document tracking system at the employee's
facility. Personal working papers are sometimes exempt from the logging
requirement (see subsection 3 of this section). The DCO will assign the new
TSCA CBI document a document control number, which must be written on
front of the TSCA CBI cover sheet (EPA Form 7740-9) and on the front of the
first page of the document. The DCO will then enter the document into the
receipt log and log the document out or retain it for storage.
2. NEW NON-CONFIDENTIAL DOCUMENTS. An employee who
plans to produce a non-confidential document by sanitizing TSCA CBI
must arrange for the chief of IMD's TSCA Information Management
Branch to review the document. The employee should contact the
chief at least 10 working days prior to release of the document. It is
the responsibility of the TSCA Information Management Branch chief
to ensure that the sanitization techniques maintain the confidentiality
of the TSCA CBI data sources. (For more information, see section L
of this chapter.)
3. PERSONAL WORKING PAPERS. The notes, outlines, and drafts
belonging to an employee who is working with TSCA CBI are considered his
or her personal working papers. As long as these papers remain in the
employee's possession, they are exempt from logging requirements. When an
employee transfers his or her personal working papers to another employee,
however, certain security procedures must be followed.
57
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
a. Transferring personal working papers to another employee.
Before allowing another employee within the same facility to acquire a
document that is a personal working paper, the author must take the document
to his or her facility DCO. The DCO will assign a document control number
to the document and log it into the document tracking system. Once the
document has been logged into the system, the author can transfer it by hand
delivery or through the DCO. A document that is delivered by hand must be
given directly to the recipient. Inter-office mail must never be used for such
transfers. TSCA CBI materials must not be left unattended in an in-box or
on the recipient's desk, unless in a secure storage area.
NOTE: Contractor employees are restricted to transferring TSCA CBI
documents through their facility DCOs.
b. Keeping RECORDS ON TRANSFERS. If the transfer was made through
the facility DCO, the DCO will record the transfer in the document tracking
system. If the transfer was made by hand delivery, the owner or author of the
transferred document can choose to obtain a signed loan receipt (Appendix 17)
indicating that the transfer was completed. These loan receipts should be
retained until the documents are returned. If a document is transferred and no
loan receipt is obtained, the owner or author of the document will be held
responsible and accountable for the document.
c. Photocopying Personal Working Papers. See N. 2. of this
chapter.
d. Transferring personal working papers to a typist. A
document can be provided to a typist without being logged into the document
tracking system if the typist is in the author's division or equivalent office and
is authorized for access to TSCA CBI. When the typist completes the job, he
or she must return the typed and the original document to the author.
If the author sends the document to a typist outside of his or her
division, the transfer must be logged into the document tracking system by the
facility DCO. If the typist sends the document to anyone other than the
author, the transfer must be logged into the document tracking system by the
facility DCO.
58
-------�
T8CA CBI SECURITY MANUAL
7000
4/95
• The author must keep a record of transfers to typists until all
personal working papers and TSCA CBI materials transferred
are returned.
• All the materials used in typing documents containing TSCA
CBI, including word processing disks, ribbons, carbons, and
waste paper, must be treated as TSCA CBI. TSCA CBI
procedures must be used to store these materials and to destroy
them.
e. Procedures for storing personal working papers. Personal
working papers must be stamped as TSCA CBI, covered with a TSCA CBI
cover sheet (EPA Form 7740-9), and otherwise used, stored, and handled like
any other TSCA CBI document. The exception to this is that personal
working papers are exempt from logging requirements as long as they remain
in the possession of their author.
f. Procedures for destroying personal working papers. The
author of a personal working paper is authorized to destroy such TSCA CBI
documents that have never been assigned a document control number. The
procedures for destroying TSCA CBI are discussed in section O of this
chapter.
L. CREATING NON-CONFIDENTIAL MATERIALS
FROM TSCA CBI DOCUMENTS
1. IN GENERAL. The responsibility for determining whether documents
contain TSCA CBI rests with the document's author. Until the determination
is made, the author must treat materials produced from TSCA CBI documents
as TSCA CBI.
2. NON-CONFIDENTIAL DOCUMENTS. Documents that meet any of the
following conditions may be non-confidential:
• TSCA CBI data are not included in a new document or are
deleted from an existing document.
• TSCA CBI data are replaced with non-confidential data or
59
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
descriptive terms (masked or aggregated data).
• The data or terms used are derived from TSCA CBI data but
are not themselves confidential.
• The submitting company has dropped its claim of confidenti-
ality for the information in the document or EPA has
determined that the claim is not valid.
a. When TSCA CBI data are replaced with non-confidential
data OR descriptive terms. An employee who plans to produce a non-
confidential document by aggregating TSCA CBI must arrange for the chief
of IMD's TSCA Information Management Branch to review the document.
The employee should contact the chief 10 working days prior to release of the
document. It is the responsibility of the TSCA Information Management
Branch chief to ensure that the aggregating techniques maintain the
confidentiality of the TSCA CBI data sources.
b. When a submitting company drops its claim of
CONFIDENTIALITY. When a company drops its claim that information submitted
to EPA is TSCA CBI, documents containing that information can be made
available to the public. Before making a document publicly available, the
document's author or his or her facility DCO must obtain a written statement
from the company that the claim has been dropped and the document must be
declassified (see section M of this chapter).
M. PROCESS FOR DECLASSIFYING TSCA CBI
MATERIALS
HOW TO DECLASSIFY TSCA CBI MATERIALS. The process for
declassifying TSCA CBI materials consists of five steps:
1. The employee determines that materials are no longer confidential.
2. The employee brings the materials to his or her DCO and presents
the DCO with evidence that they contain no TSCA CBI. If the employee has
determined from studying a document that it contains no TSCA CBI, he or she
must provide a written explanation to the DCO. If the submitting company
has dropped its TSCA CBI claim, the employee should present the DCO with
60
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
the submitter's written relinquishment of the claim. Further questions about
whether a document contains TSCA CBI should be brought to the chief of
IMD's TSCA Information Management Branch for resolution.
3. After being presented with evidence that a document contains no
TSCA CBI, the DCO must cross out all TSCA CBI markings on the document
and remove the document cover sheet.
4. The DCO must inscribe the document with the statement "Contains
no TSCA CBI," sign the document, and date it.
5. The DCO must log the document out of the document tracking
system. In the disposition box on the inventory log, the DCO must enter that
the document contains no TSCA CBI.
N. REPRODUCTION OF TSCA CBI MATERIALS
1. IN GENERAL. Only a DCO or an employee acting under the supervision
of a DCO is allowed to photocopy TSCA CBI materials. Photocopying of
TSCA CBI materials should be limited to the maximum extent possible.
TSCA CBI materials can be reproduced only at copying machines located in
secure storage areas or in non-secure locations that the TSCA security staff has
approved for TSCA CBI duplication.
2. EMPLOYEE'S ROLE. Employees are permitted to photocopy (at a
machine which has been approved by the DCO) their personal working papers
and documents for use at meetings (see section P of this chapter). In all other
cases, employees must present the materials they want photocopied to the DCO
or DC A. The DCO or DC A will photocopy the materials for the employee.
3. DCO RESPONSIBILITIES. The DCO is responsible for photocopying
materials for employees. The DCO is responsible for obtaining the TSCA
security staffs approval for any non-secure TSCA CBI photocopy locations at
the DCO's facilities. The DCO is responsible for destroying excess or
unusable copies (see section O of this chapter).
a. CONTROL OF copies. The DCO is responsible for the control of all
copies of a TSCA CBI document. The cover sheet on the original must not
61
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
be copied for use with the copy. The copies must be stamped by the DCO as
TSCA CBI and covered with a TSCA CBI cover sheet (EPA Form 7740-9).
The DCO must log the copies into the document tracking system and
assign document control numbers or copy numbers to the copies. The copies
should be marked with the same document control number as the original and
with a copy number, e.g., 1 of 3, 2 of 3, 3 of 3, etc. The exception to this
are personal working papers that are being photocopied for use in a meeting.
(Personal working papers are discussed in section K of this chapter.)
b. Distributing copies to other employees. Two options exist for
distributing copies of TSCA CBI documents to other employees. The first
option is that the DCO will log each copy out to the individual who is
receiving it. The second option is that the DCO will log all of the copies out
to the originator; the originator then loans the copies to other employees and
obtains signed loan receipts (Appendix 17) indicating that the transfers were
completed. These loan receipts should be retained until the documents are
returned. If a document is transferred and no loan receipt is obtained, the
owner or author of the document will be held responsible and accountable for
the document.
c. Authorizing use of other photocopying machines when
machines in secure locations break down. The DCO can authorize the
photocopying of TSCA CBI materials at machines outside of secure locations
if all machines in locations approved for duplicating TSCA CBI materials are
inoperable. During the photocopying of TSCA CBI materials, the non-secured
machine must be dedicated to the task, and the DCO or DCA must directly
supervise the machine. Only employees with TSCA CBI access may be
present while TSCA CBI materials are being photocopied. After copying is
finished, the operator must pass three blank copies through the machine to
ensure that any impressions on the image surfaces of the machine have been
erased. If a machine in a non-secure location malfunctions while TSCA CBI
materials are being copied, the facility DCO must ensure that the machine is
directly supervised by an employee with TSCA CBI access until it is repaired
or that an employee with TSCA CBI access inspects the machine's paper path
and image surfaces to retrieve any materials containing TSCA CBI that are
caught in the machine.
62
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
O. PROCEDURES FOR DESTROYING TSCA CBI
MATERIALS.
1. IN GENERAL. The procedures for destruction of TSCA CBI materials
apply to all materials containing TSCA CBI, e.g., draft documents, telephone
records, typewriter ribbons, computer printouts, diskettes, tapes, microfiche,
and any other TSCA CBI materials logged into a document tracking system.
The procedures do not apply to personal working papers that are in the
possession of their author.
2. WHO IS PERMITTED TO DESTROY TSCA CBI MATERIALS.
a. EPA and Federal employees. Only the facility DCO or OPPT
DCO is permitted to destroy TSCA CBI materials. Federal employees wishing
to have TSCA CBI materials destroyed must take them to their facility's DCO.
b. Contractor employees. Contractor DCOs are allowed to destroy
TSCA CBI materials after obtaining written permission from their EPA project
officer.
3. DESTRUCTION METHODS. TSCA CBI materials such as papers,
documents, or printouts must be shredded. All other materials, including
microfiche, typewriter ribbons, and magnetic media must be burned,
degaussed, or chemically destroyed. If EPA regional and field office DCOs
are unable to meet these requirements for destruction of microfiche, magnetic
media, and typewriter ribbons, they must institute a memorandum of
understanding (MOU) with another Federal Agency who can meet the
requirements or contract out the function indicating the requirements in the
statement of work or work assignment.
4. DOCUMENTING DESTRUCTION. The destruction of a TSCA CBI
document that has been entered into the document tracking system must be
documented. The DCO must enter information about the destruction of the
document into the inventory log (Appendix 16) and mark through the original
entry in the receipt log (Appendix 15). (At one time, the DCO was required
63
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
to keep a destruction log, but that requirement has been dropped. For your
convenience.during audits, you may want to annotate in your receipt log that
the document was destroyed, i.e. shredded).
The TSCA CBI cover sheets in use prior to May 1993 must be
inscribed by the DCO with (1) the destruction date, (2) the location at which
the document is destroyed, and (3) the DCO's name. The TSCA CBI cover
sheets must then be placed in the appropriate file for storage (e.g., at EPA
headquarters a cover sheet should be placed in the CBIC file for that
document). The process does not apply to the TSCA CBI cover sheets that
have become effective with publication of the revised manual (dated 1/93).
P. USE OR DISCUSSION OF TSCA CBI DURING
MEETINGS
1. WHAT IS CONSIDERED A MEETING? The procedures discussed here
apply to scheduled gatherings of five or more people at which TSCA CBI is
discussed. The procedures do not apply to informal discussions between a
supervisor and an employee or between fewer than five employees working on
a matter concerning TSCA CBI.
2. PROCEDURES FOR CIRCULATING DOCUMENT COPIES AT A
MEETING.
a. Personal working papers. The author of a TSCA CBI document
may circulate photocopies of the document at a meeting without logging the
document into the document tracking system if all of the following conditions
are met:
• The author attends the meeting, ensures all personnel attending
the meeting are cleared for access to TSCA CBI, and is present
when the document is discussed.
• The author collects all copies of the document at the end of the
meeting.
• The author submits all copies of the document for destruction
after the meeting.
64
-------�
T8CA CBI SECURITY MANUAL
7000
4/95
• The author numbers the copies (i.e., 1 of 6, 2 of 6, etc.)
before distributing them and checks to make sure that all copies
are returned at the end of the meeting.
b. Documents that have been logged out to an employee. An
employee who has possession of a TSCA CBI document is permitted to
photocopy the document and circulate the photocopies at a meeting (see section
N of this chapter) if all of the following conditions are met:
• The employee attends the meeting and is present when the
document is discussed.
• The employee collects all copies of the document at the end of
the meeting.
• The employee submits all copies of the document for
destruction after the meeting.
• The employee numbers the copies (i.e., 1 of 6, 2 of 6, etc.)
before distributing them and checks to make sure that all copies
are returned at the end of the meeting.
• TSCA CBI materials can be reproduced only at copying
machines located in secure storage areas or in non-secure
locations that the TSCA security staff has approved for TSCA
CBI duplication.
3. PROCEDURES FOR DISCUSSING TSCA CBI DURING MEETINGS.
a. Meeting chairperson's duties. The meeting chairperson is
usually the person who has scheduled and organized the meeting. If a
chairperson has not been identified, one must be selected at the beginning of
the meeting. The chairperson is responsible for ensuring that only people
cleared for TSCA CBI access are in the room during discussion involving
TSCA CBI. If necessary, the chairperson should consult the TSCA CBI
authorized access list to verify TSCA CBI clearance.
The chairperson must also secure the room at the end of the meeting.
This includes cleaning all chalkboards, taking any unneeded TSCA CBI
65
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
materials to the DCO for destruction (except personal working papers), and
clearing the room of any information that could lead to disclosure of TSCA
CBI.
b. Records of meeting must be treated as TSCA CBI. The
chairperson must remind those who attend the meeting that they must treat as
confidential any notes which contain TSCA CBI taken at the meeting. Notes
taken at the meeting are considered personal working papers. They do not
have to be logged into the document tracking system as long as they remain
in their originator's possession. However, if the originator wants to transfer
possession of the notes to someone else, the notes must be submitted to the
DCO, who will assign them a document control number and log them into a
document tracking system.
A meeting attendee must obtain permission from the chairperson to tape
record a meeting. Such recordings may contain TSCA CBI and must be
treated like any other TSCA CBI materials.
Q. TRAVELING WITH TSCA CBI MATERIALS
1. IN GENERAL. It is sometimes necessary for a Federal or contractor
employee authorized for TSCA CBI access to carry TSCA CBI materials while
traveling. If it is impractical to return to work to pick up the materials before
departure or to drop them off after return, the employee can obtain permission
from his or her immediate supervisor to take the materials home.
2. MAINTAINING SECURITY FOR TSCA CBI MATERIALS WHILE
TRAVELING. Any employee who travels with TSCA CBI materials is
responsible for maintaining proper security for the materials. The facility
DCO must log the materials out to the employee before the employee leaves
the facility.
a. Storing TSCA CBI materials while traveling. While traveling
by plane or other public conveyance, the employee must keep the TSCA CBI
materials in his or her possession. TSCA CBI materials cannot be checked
with luggage.
If the employee is traveling by car, he or she should store TSCA
CBI materials in the locked trunk en route. However, TSCA CBI materials
66
-------�
TSCA CBI SECURITY MANUAL
must never be left in the car overnight.
7000
4/95
The most secure place to store TSCA CBI materials while traveling
is with the facility DCO at the location that the employee is visiting. When
this is not possible, the employee is permitted to store TSCA CBI materials
overnight in a hotel safe, if the employee obtains a receipt from the hotel
management. TSCA CBI materials placed in a hotel safe must be in a sealed
envelope with no indications on the outside that the envelope contains TSCA
CBI. If no receipt is available, the employee must keep the TSCA CBI in his
or her possession.
b. Transferring possession of TSCA CBI materials while
TRAVELING. Sometimes, an employee will be assigned to carry TSCA CBI
materials for transfer to another location. After logging out the materials, the
DCO at the employee's facility must double-wrap the materials for transfer
(see section F.2.a. of this chapter). Immediately upon arrival at the
destination, the employee must take the wrapped TSCA CBI materials to the
facility DCO. The DCO will unwrap the materials and log them into the
document tracking system.
R. WORKING WITH TSCA CBI AT A PERSONAL
RESIDENCE
Normally, employees are not permitted to take TSCA CBI materials to
their homes. Under special circumstances, such as recuperation from a long-
term illness, a division director or a supervisor of equivalent authority may
grant permission for an EPA employee to use TSCA CBI materials at home.
The supervisor must provide a complete justification supporting the action to
the IMD director. A plan for protecting the TSCA CBI materials while at the
employee's residence must also be provided to the IMD director. All normal
security precautions in this manual must be followed, and the TSCA security
staff will inspect and approve the residence before any TSCA CBI materials
are sent there.
67
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
S. WORKING WITH TSCA CBI MATERIALS ON
COMPUTERS
1. IN GENERAL. EPA takes appropriate precaution to safeguard TSCA
CBI materials that are entered into or manipulated by computers. In addition
to meeting the security requirements of this manual, EPA follows agency
information security protection guidelines in protecting TSCA CBI materials.
Any computer security plan developed for TSCA CBI information must, at a
minimum, meet the requirements found in this manual.
2. SETTING UP A LOCAL-AREA NETWORK (LAN). A LAN, linking
the personal computers of a small workgroup, can be used in the processing
and storage of TSCA CBI data. For further information contact the OPPT
TSCA Security Staff.
3. USING PERSONAL COMPUTERS (PCs) TO WORK WITH TSCA
CBI DATA. TSCA CBI-cleared EPA employees, Federal employees, and
contractor employees can use TSCA CBI data on a PC, subject to the
restrictions in this manual.
a. Procedures for using TSCA CBI data on a PC. The employee
must retain exclusive control over the operation of a PC and printer while
working on a PC. The employee must ensure that the PC screen is not viewed
by anyone who is not authorized for access to TSCA CBI. If the employee
leaves the PC for any reason, he or she must terminate the computer session
as described in (d) below.
b. Processing and storing TSCA CBI data on diskettes and
detachable hard DISKS. Diskettes and detachable hard disks are preferred
for storage of TSCA CBI data. Employees can obtain diskettes for TSCA CBI
storage from a local supply source using the Government credit card. An
employee can use any diskette to store TSCA CBI information after labeling
(see appendix 23 for label examples, the OPPT DCO will provide the label
format in WordPerfect upon request) it as containing TSCA CBI.
68
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
Hard disks can be used to process and store TSCA CBI data under
limited conditions:
• TSCA CBI data can be processed on a PC's fixed hard disk
when the PC is located in a secure storage area.
• If an employee is working with TSCA CBI data on a PC with
a fixed hard disk in an unsecured area, the employee must
erase the hard disk at the end of each session and verify the
erasure. To erase the hard disk, the employee must use an
approved utility program at the end of each session. Contact
the TSCA security staff for a list of approved utility programs.
• Detachable hard disks can be used to store TSCA CBI data,
and their use is encouraged. The hard disks must be removed
from the PC after each session, unless the PC is located in a
secure storage area.
c. Maintaining security for diskettes, magnetic media, optical
DISK, AND DETACHABLE HARD DISKS CONTAINING TSCA CBI DATA. The
procedures for storing TSCA CBI hard-copy materials apply to storage of
diskettes, magnetic media (magnetic tape and data cartridge), optical disk, and
detachable hard disks (see section B of this chapter). When disks are no
longer needed or are damaged, they should be given to the DCO for
destruction (see section O of this chapter).
d. TERMINATING a TSCA CBI PC SESSION for PCs located outside
SECURE storage areas. Proper termination of a PC session involving TSCA
CBI data consists of the following steps:
1) The employee should transfer the TSCA CBI data to a diskette,
magnetic media, optical disk or detachable hard disk.
2) The employee should verify that the transfer was completed.
3) The employee should ensure that a backup file does not exist for the
TSCA CBI that was processed during the session.
69
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
4) The employee should remove the diskette, magnetic media, optical
disk or detachable hard disk from the PC.
5) The employee should erase the data from the hard disk using an
approved program.
6) The employee should verify that the erasure has taken place.
7) The employee should turn off the PC.
e. Security procedures for PC printouts of TSCA CBI data.
The security procedures for storing TSCA CBI hard-copy materials apply to
storage of TSCA CBI data that is printed on a PC printer and to storage of the
printer's ribbon (see section B of this chapter). An employee using a printer
with internal memory, such as a laser printer, must turn off the printer
after each TSCA CBI printing session and verify that no TSCA CBI data
remain in the printer's memory cache or buffer.
4. MINI COMPUTERS. Mini computers can be used to process TSCA CBI
data if they are approved by the TSCA security staff. To obtain approval, the
facility DCO must prepare a security plan describing (a) how TSCA CBI data
would be protected during processing and (b) how access to the mini computer
would be restricted. The plan should be submitted to the TSCA security staff.
Security controls for TSCA CBI Data on Mini Computers. At
a minimum, the mini computer must be located inside a TSCA CBI secure
storage area. Additional hardware and software controls should supplement
the physical security controls. No dial-in access to this type of computer will
be approved unless proper software or hardware encryption devices are in
place. The security plan must adhere to all requirements of this manual. For
further details, contact the TSCA security staff.
5. SECURITY FOR TSCA CBI DATA STORED ON CONTRACTOR'S
COMPUTERS. EPA contractors cannot place TSCA CBI on a mainframe
computer system, mini computer system, or shared-logic computer system
without written authorization from EPA. A contractor's computer system and
site must be inspected and approved by the TSCA security staff before the data
can be transferred.
70
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
Authorized EPA contractors who use TSCA CBI must follow all
computer security requirements established for EPA. Contractors are allowed
to use standalone PCs for processing TSCA CBI by adhering to the procedures
contained in this manual.
T. DEVELOPMENT OF PHOTOGRAPHIC
MATERIALS
1. PHOTOGRAPHS CAN BE CLAIMED AS TSCA CBI. When a
company claims that photographs taken during EPA inspections and plant visits
are TSCA CBI, the film must be shipped to the OPPT DCO for processing
and development. Processing or development by a private or commercial
laboratory is prohibited.
The film should be labeled as TSCA CBI, double-wrapped, and
prepared for shipment following the same procedures used for shipment of any
other TSCA CBI media (see section F of this chapter). It should be sent to
OPPT DCO, Information Management Division, (7407) EPA, 401 M St.
S.W., Washington, D.C. 20460. The OPPT DCO will arrange for
development and return photographs and negatives to employees within 30
days. If faster turnaround is required, the OPPT DCO should be contacted to
arrange special handling.
2. VIDEO TAPES CAN BE CLAIMED AS TSCA CBI. If an EPA
employee utilizes video equipment during an inspection or plant visit, and the
company wishes to claim the tape as TSCA CBI, the tape should be handled
and controlled as any other TSCA CBI material.
71
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
CHAPTER 5
REPORTING AND INVESTIGATION OF
VIOLATIONS OF PROCEDURES, LOST
DOCUMENTS AND UNAUTHORIZED
DISCLOSURES
All employees who are authorized for TSGA CBI access are required
to follow this manual's procedures, which secure TSCA CBI from
unauthorized public disclosure. They are responsible for reporting (1) possible
violations of security procedures, (2) the loss or misplacing of TSCA CBI
materials, and (3) any unauthorized disclosure of TSCA CBI materials.
The security procedures in this manual are enforceable by
administrative penalties, set forth in this chapter. The OPME director advises
the employee's division as to the applicability of these penalties.
A. EMPLOYEE REPORTING PROCEDURES
1. ORAL REPORT MUST BE MADE WITHIN ONE WORKING DAY.
a. Any TSCA CBI-cleared employee of EPA or another Federal agency
must provide oral notice to his or her division director within one working day
if he or she thinks it is possible that
• TSCA CBI security procedures have been violated.
• TSCA CBI materials have been lost or misplaced.
• An unauthorized person has obtained access to TSCA CBI data.
b. Contractor employees must provide oral notice of the above to their
project officer.
72
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
2. WRITTEN REPORT MUST BE MADE WITHIN TWO WORKING
DAYS. Within two working days, the employee must follow up the oral
report with a written report. EPA or Federal employees must provide the
written report to their division director. Contractor employees must provide
the written report to their project officer.
The written report must describe (1) the possible violation of
procedures, (2) the unauthorized disclosure of TSCA CBI, or (3) the materials
believed lost or misplaced. It must also include a description of any relevant
circumstances or facts known by the employee.
The employee or his or her supervisor may examine files and discuss
the matter with other individuals to try to determine what occurred. However,
only the TSCA security staff is authorized to conduct interviews, review logs,
and carry out a detailed investigation.
Employee's division director or project officer's duties. The
employee's division director or project officer must review the employee's
report and provide any additional comments or information that may be
relevant. The division director or project officer must forward the report to
the OPME director within two working days of receiving it. If the division
director or project officer reviews the employee's report and determines that
no violation of procedures, loss of TSCA CBI, or unauthorized disclosure has
occurred, the division director or project officer is not required to forward the
report to the OPME director.
B. REVIEW AND INVESTIGATION OF EMPLOYEE'S
REPORT
The OPME director will review the employee's written report and
unless the OPME director concludes that no violation of procedures, loss of
TSCA CBI or unathorized disclosure has occurred, will request an
investigation by the TSCA security staff.
73
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
1. WHEN POSSIBLE VIOLATION OF THIS MANUAL'S SECURITY
PROCEDURES HAS OCCURRED. The OPME director must notify the
TSCA security staff of any alledged violation of this manual's procedures. In
such a case, the OPME director will (1) direct the TSCA security staff to
investigate the reported violation, and (2), after the investigation, notify the
supervisors of the affected employee(s) of the range of appropriate sanctions.
Supervisors are responsible for imposing sanctions.
The OPME director will also confer with the affected employee(s)
supervisor(s) to identify procedures for handling, using, or storing TSCA CBI
materials that will prevent recurrence of violations.
2. WHEN TSCA CBI MATERIALS CANNOT BE ACCOUNTED FOR.
The OPME director will immediately review the employee's report of lost or
misplaced TSCA CBI documents and decide whether evidence indicates that
the TSCA security staff should begin an investigation.
Notification to the submitting company. The OPME director must
notify the IMD director that TSCA CBI data is missing. The OPME director
must provide a written notice to the company within four working days of
receiving the employee's report. The written notice must identify the lost or
misplaced document and state the date on which it was discovered to be lost
or misplaced.
3. WHEN UNAUTHORIZED DISCLOSURE OF TSCA CBI MATERIALS
MAY HAVE OCCURRED. The OPME director will immediately review the
employee's report that TSCA CBI may have been disclosed to someone who
is not authorized for access to it. He or she will determine whether evidence
indicates that the TSCA security staff should begin an investigation.
a. Notification to the submitting company. If the TSCA
security staffs investigation determines that it was likely an unauthorized
disclosure occurred, the OPME Director must notify the affected company.
The OPME director must provide a written notice to the company within four
working days of receiving the TSCA Security Staffs report. The written
notice must contain a description of the TSCA CBI that may have been
disclosed and the date of the disclosure.
74
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
b. Notification Not Required. If the TSCA Security Staffs
investigation determines that it was unlikely that an unauthorized disclosure
occurred, no notice is required.
c. EPA Office of Inspector General. If the TSCA security
staffs investigation reveals any evidence of a knowing and willful
unauthorized disclosure of TSCA CBI, the matter must be immediately
transferred to the EPA Office of Inspector General.
C. PENALTY GUIDELINES FOR VIOLATION OF THIS
MANUAL'S PROCEDURES
The OPME director is responsible for enforcing the procedures in
this chapter. It is up to him or her to assess the possible breach of TSCA CBI
security or procedures and determine an appropriate action, which can include
recommending administrative penalties or referral for criminal charges.
Responsibility for implementing the OPME's recommended action rests with
the division director of an EPA or Federal employee or, for contractor
employees, with the division director who requested TSCA CBI access for the
contractor.
The purpose of the penalties described in this chapter is to prevent
or discourage the recurrence of violations. Penalties imposed or actions taken
must be fair, consistent, and well-reasoned.
1. DETERMINING THAT A VIOLATION HAS OCCURRED. The
OPME director reviews the employee's written report and the TSCA security
staffs report on its investigation to determine whether an employee has
violated this manual's procedures, lost TSCA CBI or disclosed TSCA CBI to
an unauthorized person.
2. DETERMINING AN APPROPRIATE ACTION. If a violation has
occurred, the OPME director must notify the individual's division
director that a violation has occurred and explain the potential
administrative penalties and corrective actions. Actions can include
one or both of the following: (1) administrative penalties and (2)
corrective actions.
75
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
To determine an appropriate action the relevant Director must
weigh:
• The seriousness of the violation and the potential for
unauthorized disclosure of TSCA CBI because of the
violation.
• The degree of the employee's error.
• Whether the individual has previously committed a
similar violation.
• Whether the individual has previously committed any
other violation.
• The frequency with which the individual uses or handles
TSCA CBI in the course of fulfilling his or her duties.
3. CORRECTIVE ACTIONS. The OPME director should recommend
corrective actions when (1) an administrative penalty would be too
severe a remedy and (2) the corrective action is likely to prevent or
discourage future violations either by the individual or by other
individuals.
76
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
4. ADMINISTRATIVE PENALTIES. The OPME director should
recommend that an administrative penalty is appropriate if an
individual was grossly negligent or if the individual has previously
incurred a prior violation, even if the violation was not serious.
Administrative penalties are listed below.
Nature of
Offense
1st Offense
2d Offense
3d Offense
CBI is not
compromised
and breach is
unintentional
counseling by
supervisor to
oral reprimand
Oral reprimand
to written
suspension
within same
calendar year
as 1 st offense
1-day
suspension to
removal
within same
calendar year
as 2nd
offense
CBI is
compromised
but breach is
unintentional
oral or written
reprimand to
5-day
suspension
1-day to 5-day
suspension
within same
calendar year
as 1st offense
7-day
suspension to
removal
within same
calendar year
as 2nd
offense
Deliberate
procedural
violation*
30-day
suspension to
removal
removal
* This category covers only deliberate procedural violations that do
not result in the unauthorized disclosure of TSCA CBI. If OPME's
investigation reveals any evidence of the knowing and willful
unauthorized disclosure of TSCA CBI, the matter will be immediately
referred to the EPA Office of Inspector General.
77
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
5. CRIMINAL PENALTIES. The OPME director must notify the EPA
Inspector General if an individual willfully disclosed TSCA CBI to any
person not authorized to receive it. The individual who disclosed
TSCA CBI may be liable under Section 14(d) of TSCA (15 U.S.C.
2613(d) for a fine of up to $5,000 and/or imprisonment for up to one
year. In addition, disclosure of TSCA CBI or violation of the
procedures cited above may subject an individual to disciplinary action
with penalties ranging up to and including dismissal.
The purpose of taking a corrective action is to prevent or dis-
courage future violations. Corrective actions may be procedural,
instructional, or disciplinary in nature. Such actions include training,
revision of work procedures, removal of the individual's name from
the TSCA CBI authorized access list, and other options.
6. OPME DIRECTOR CAN ALSO RECOMMEND THAT NO ACTION
BE TAKEN. The OPME director has the option of recommending that
no action be taken if fault cannot be ascribed to any individual or a
modification of TSCA CBI handling procedures would yield no greater
level of protection to TSCA CBI.
78
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
INDEX
administrative penalties 7-8,71-77
aggregation of TSCA CBI 38,58-60
annual briefing 6,7,15,16,27
audit of documents ii,6-9,16-20,27-28,32-33,39,41,47
Authorized Access List 5-8,15,17,37,46,48-49,52-53,54,65,76
automated document tracking systems 5,8,16,19,31-33
backup for automated document tracking systems 33
bar codes 32-33
broken reproduction machines 61-62
CBIC v,vii,viii,l,5,32-33,36,44,45,46,47,55,63
CBITS 5,8,18-19,32,39
certified mail 49-52
challenging TSCA CBI claims 29-30,59-60
computer access authority 3-7,9,15-17,62,67-70
Congressional access 25
Congressional Access Log 25, Appendix 20
Contractors and Contractor employees i,vii, 1,10-20,27-31,35,37,43,48,50,54-
55,62,70,71,74
copies 60-64
copy numbers 61,64
corrective actions 74-77
79
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
couriers vii,34,49-52
creating new TSCA CBI documents 28-29,38,56-58
creating TSCA non-CBI documents 38,56,58-59
criminal penalties 1,20,23,74-77
DCO relinquishes responsibilities 40-41
declassifying TSCA CBI materials 59-60
destruction of TSCA CBI materials vii,34,38,62-63,65
Destruction Log 63
Director, Office of Pollution Prevention and Toxics vii
Division Director 10,14,22,28,38,45,67,71-74
Diskettes 43,62,67-69
Document Control Assistants v,vii,29,31-33,38-40,46-47,49,55-58,60-63,65-66
Document Control Officers (DCOs) v,vi,viii,3-9,12-22,24-25,27-41,43-53.55-63,65-
66,68-70
document control numbers 32,40,61
document tracking system v,vii,29,31-33,38-40,46-47,49,55-58,60-63,65-66
double-wrapping TSCA CBI materials 50-52,66,70
electronic entry cards 9,19
electronic mail 13,21,24,55
facsimiles containing TSCA CBI, sending and receiving 52
final confidentiality determination 29-30,38,60
80
-------�
TSCA CBI SECURITY MANUAL
7000
4/95
forms
TSCA CBI Access Request, Agreement and Approval,
7740-6: 3,7,17, Appendix 1
TSCA CBI ADP User Registration, 7740-25: 4,14, Appendix 2
Standard Form 86: Questionnaire for Sensitive Positions: i,4,14, Appendix 3
Fingerprint chart, FD-258: 14, Appendix 4
Request for Approval of Contractor Access to TSCA CBI,
7740-17: 10, Appendix 6
Contractor Information Sheet: i, 12, Appendix 7
Confidentiality Agreement for US Employees Upon
Relinquishing TSCA CBI Access Authority,
7740-16: 8-9, Appendix 9
Confidentiality Agreement for Contractor Employees Upon
Relinquishing TSCA CBI Access Authority,
7740-18: 18, Appendix 10
Employee Separation or Transfer Checklist,
3110-1: 9, Appendix 11
Receipt Log for TSCA CBI, 7710-10: i,33,35,39,40,53,56,63, Appendix 15
Inventory log Log for TSCA CBI, 7710-11 i,6,8,16,18-20,28,33-34,37,39-
40,60,63, Appendix 16
Federal Agency, Congress, and Federal Court Sign-out
Log, 7710-13: 25, Appendix 20
guiding principle 1-2
hand delivery 48-50,57
hard disks 67-68
hard-copy TSCA CBI vii,39-40,68-69
hotel safe, storage of TSCA CBI in 66
IMD Director iii,vii, 10-12,14,17,20,23,25,32,45,67,73
individual access files 4,6,14,16
Inventory; inventory log Log for TSCA CBI i,6,8,16,18-20,28,33-34,37,39-
40,60,63, Appendix 16
language, required contract 11, Appendix 8
loan receipts ii,49,57,61
81
-------�
TSCA CBI SECURITY MANUAL
local area network 67
lock combinations 9,36,46
lost documents (materials) 28,38,71-73
luggage, storage of TSCA CBI in 66
mailing TSCA CBI 13,21,24^50
maintaining access authorization 3-8,13-16,31,38-39
managers' responsibilities 30
manual tracking systems 33
manual updates 2, Appendix 21
meetings 60,63,65
meeting chairperson 65
mini computers 4,69
Minimum Background Investigation v,14
missing documents 9,19
monthly access listing 5,15
new documents 28,34-35,56
notice to affected businesses 11,20,23,25
OPPT DCO vi,vii,viii,4-10,12,14-21,31-33,36-37,49,62,68,70
other agencies, authorizing for TSCA CBI 2-3,20-24,27,40,43,52
overdue documents (materials) 28,37-38
PCs 4,67-68,70
personal working papers 56-58,60-63,65
photographic materials 70
82
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
printouts 62,69
project officer ii,vii,viii, 10-14,16,19-20,72
Receipt Log i,33,35,39,40,53,56,63, Appendix 15
relinquishing TSCA CBI access authority i,8-9,18-19
reporting violations 8-9,27,71,75
reproduction of TSCA CBI materials vii,38,60-61,64
requesting officials viii,4-8,10,15-18,21-22,24
residences, use of TSCA CBI in 66-67
return of TSCA CBI to a DCO 8-9,18-20,28,43,48
return receipts 12,23,25,49-50,52
ribbons and microfiche 58,62,69
sanitizing documents 38,56
secure storage areas viii,7,9,17-18,36,43-48,52,57,60,64,68-69
security briefing 4-8,15-17,27-28,38
storage containers 9,11,19,36,43-44,48
storage of TSCA CBI materials 1,2,7,11,31,35-37,45,63,67-69
subcontractors vii, 10-13
submitter drops claim 29-30,60
telephone discussion of TSCA CBI 53-55
telephone logs ii,53-55, Appendix 19
tele-video conferences 55-56
termination of access i,6-9,16-19,39
terminology vii-x
83
-------�
TSCA CBI SECURITY MANUAL 7000
4/95
transfer of TSCA CBI between employees 7,17,48-49,57-58,65
traveling with TSCA CBI materials 65-66
TSCA CBI Labels Appendix 23
TSCA CBI Stamp i,35,39,43,56,58,61
TSCA CBI Cover Sheets i,35,39,43,56,58,60-61,63
TSCA Security Staff iii,ix, 10-23,41,55,57,61-63,65,66,69,7011,14-15,19,24-
25,27,33,40,45-46,60-61,64,67-70,72-74
typing TSCA CBI materials 58
unaccounted for TSCA CBI materials 6,9,16,19,28,38,49,57,62,71-72
unauthorized disclosure of TSCA CBI materials 7,20,23,43,71-74,76
video-tapes 5,15-16,70
violations of this manual's procedures viii,ix,7,27,71-72,74,77
Visitors Log i,45,47
waiver for immediate access 5,15
84
-------�
TSCA CBI Security Manual
Appendix 1
Ptoa*ejead_Prjvac]jto^tatemen^ndlnitnictjon^nrewai2ejbeitoi^omgletjn^thl2r[^
_ Washington, DC 20460
-------�
TSCA CBI Security Manual
Paperwork Reduction Act Notice
The public reporting burden for Ihil collection of information i> estimated to average .84 hours per response. This estimate includes time for reviewing instuctions,
gathering and maintaining the needed data, and completing and reviewing the collection of information. Send comments regarding the burden estimate or any other aspect
of this collection of information to the Chief, Information Policy Branch (PM-223), US Environmental Protection Agency, 401 M Street, SW, Washington! DC 20460, and
to the Office of Information and Regulauxy Affain, Office of Management and Budget, Washington, DC 20503, marked ATTENTION: Desk Officer for EPA.
Privacy Act Statement
Collection of the information on this form is authorized by lection 14 of the Toxic Substances Control Act (TSCA) 15 USC 2613. EPA uses this information
to maintain a record of those persons cleared for access to TSCA Confidential Business Information (CBI) and to maintain the security of TSCA CBI.
Disclosure of this information may be made to Office of Pollution Prevention (OPPT) contractors in order to carry out functions for EPA compatible with purpose
for which this information is collected; to other Federal agencies when they possess TSCA CBI and need to verify clearance to EPA and EPA contractor employees for access;
to the Department of Justice when related to litigation or anticipated litigation involving the records or the subject matter of the records; to the appropriate Federal, State or
local agency charged with enforcing a statue or regulation, violation of which is indicated by a record in this system; where necessary, to a State, Federal,
-------�
Tit
TSCA CBI Security Manual Appendix 2 ^
PLEASE READ THE INSTRUCTIONS ON THE REVERSE SIDE BEFORE COMPLETING THIS FORM;
(Please Print or Type • Do not mark in shaded areas)
f/EPA
EmWWHUI PfOiHbM AQM|f
W«htf*on. D.C. 20440
TSCA CBI ADP USER REGISTRATION
Section I ~ Aetlon*ChecfcaBappropr1ateboxer
| ] Assign new userid and password
| j Add User to Systems
{ j Update User Intormatfon
[ ] Delete User from Specific Accounts
| j Delete Users from All Systems
(Complete aO hems In Section II, except 2 and 15. Complete Section IV.)
(Complete all items In Section II, except 15. Complete Sections III and IV.)
(Complete aO applicable information in Section II, including item 2. Complete Section IV.)
(Complete items 1,2. and 3 in Section II only. Complete Sections III and IV.)
(Complete items 1,2, and 15 In Section II. Complete Section IV.)
Section II • Users Assigned to System (See instructions onreverse skle) ^
1. User Name (last First, Ml)
2. Userid
3. Company or Employer
4. Office/Division/Branch/Section (For EPA employees only)
5. Address (Street or P.O. Box)
6. Telephone Number (include area code)
7. City
8. EPA Region 9. EPA Mafl Code
10. State
11. ZpCode'
12. User Status * Check one: [ ) EPA ( ] EPA Contractor [ ] Federal Non-EPA
13. TSCA CBI Security Briefing Date / ./ ) Cirde TSCA clearance: Sections (ALL]-or-[3] |4| (5) (6] |B| (13) [20] [21]
14. Check the type of ( ] Database Administrator | ] Data Entry Staff | ] Technical Consultant ( ] Developer
work to be performed: j j RTP Operations/Systems Staff [ ] Retrieval Staff [ ] Query (Read Data)
15. Enter the access termination date of the user identified above: (Month: Date: Year: 19 )
'-r Section III - TSCA Systems (see Instructions oil back * Do not mark in shaded areas) : ; ; ^ '¦
16. Mainframe Hardware Code:
r&our* tNl >,
Naiurai(Dalr' /'/ ^^
16a. Mainframe System to Access (Bst one):
17. Mainframe Hardware Code:
Account: T90 M (N) '.C*
***^
NaiunH (Dale: L-J—J
17a. Mainframe System to Access (Bst one):
18. LAN Hardware Code:
19. LAN Hardware Coda:
^'fSfiifctlort TlvJr. SIq ri^uj^. Authority '(Required before'"'C-
20. Requesting Official Name
fTvoe or Prlntt:
22. Request Date:
23. Phone Number
21. Signature ol Requesting Offiaal (Required)
24. Document Control Officer Name (Type or Print):
26. Date Signed:
27. Phone Number
25. Signature of Document Control Officer (Required)
RETURN AU REQUESTS TO; U& ENVIRONMENTAL PROTECTION AQENCV, 0FFKJ60F POLLUTION PREVENTION AND TOXICS,
¦ . MAINFRAUE/LANCOORDiNATOR,(T8-7M), 401 MSTREET,S.W., WASWHOTON, 0,C. 20480 . , - - "T-,
, v Section V-Signature(for Mainframe and LAN Coordinator's Use) -V,,
28. Ifebftame or LAN Coordnatoff fifgrtaiura: " - % ^
29.0a* Received: x
30. Daa Processed:• .
SI. Date Consisted; 'Vv>- ^ *¦
-------�
TSCA CBI Security Manual
7700
1/93
Section VI - Instructions
GENERAL INSTRUCTIONS;
This registration form is used to request user access to data or removal of privfiegee
previously grartfed lo users oft the Mainframe and the LAN. All forms must be signs** in
iSectfoi*
Section I: Action • Chock all appropriate bom
This section gives the user an explanation of each action.
[ ] Assign New Id and Initial Password
Check this Ham I the applicant does not hava Mainframe or LAN access.
Complete all I ems In Section II, except 2 and 15. For Mainframe aocess.
the user must a bo request access to at least one system: there lore 'Add
User to Accounts* must also be checked. The desired system(s) which the
user needs aoceaa should be Identified In Section III.
(] Add User to Acoounts
Check this Rem I the user already has access to the Mainframe.
Complete afl lema In Section II. except 14. The desired systems) which
the user needs access should be identified In Section III.
[ ] Update User Information
Check this Hem I the user needs to ipdate employment Information.
Complete aH information in Section II, including Hem 2. Items
13,14, and 19, in Section II need not be oompleted.
(j Delete User from Accounts
Check this Hem I the user no longer needs acoess to specific system(s).
The user wll not be deleted from the hardware, but wll be deleted from
the systems identified in Section III. Therefore, complete Section III and
items 1, 2, and 3 in Section II.
[ ] Delete User from al Systems
Check this item I the user no longer needs aocess to the Mairrframe and
LAN hardware. This should be checked when a person terminates
employment or no longer needs
acoess to any TSCA system.
Section I: Users Assigned to
This section refers to the applicant's actual employment duty station, (i.e. If the applicant
ia a contractor and works at an EPA faclHy, the address information is the EPA ste.)
Hem 1: Erter the name of the users to be added to, or
deleted
-------�
TSCA CBI Security Manual
Standard Form 86
Revised December 1990 Appendix 3
U.S.Office of Personnel Management
FPM Chapter 732
Questionnaire for Sensitive Positions (For National Security)
Read this information carefully. Follow the instructions fully or we cannot process your form.
Form approved:
O.M.B. No. 3206-0007
NSN 7S40-00-634-4036
86-110
Why do we need the information you will give us and how
will we use it?
The U.S. Government has conducted background investigations
for over 50 years. It does this to establish that applicants for or
incumbents in sensitive positions, either employed by the Gov-
ernment or working for the Government under contract, are
eligible for a required security clearance or for performing
sensitive duties. We use the information from this form
primarily as the basis for an investigation that will be used to
determine your eligibility for a national security position.
The information you give us is for Official Use Only, we will
protect it from unauthorized disclosure. Authorized disclosures
include the Privacy Act Routine Usee shown on this form. The
information you provide in response to question 25a on use of
illegal drugs will not be provided for use in any criminal pro-
ceedings against you.
Giving us the information we ask for is voluntary. However, we
may not be able to complete your investigation, or complete it in
a timely manner, if you don't give us each item of information we
request. This may affect your placement or clearance prospects.
What authority do we have to ask you for the Information
requested on this form?
If your investigation requires a Personal Subject Interview, you
will be contacted in advance by telephone or mail to arrange a
time and location for the interview. It is important that the
interview be conducted as soon as possible after you are con-
tacted. Postponements will delay the processing of your inves-
tigation. Declining an interview may result in your investigation
being delayed or canceled.
You will be asked to bring identification with your picture on it,
such as a valid State driver's license, to the interview. There are
other documents you may be asked to bring to verify your
identity as well. Theee include: documentation of any legal name
change; Social Security card; and/or hjrth certificate.
Documents that verify any significant claims or activities may
also be requested, for example: alien registration; naturalization
certificate; originals or certified copies of college transcripts or
degrees; high school diploma; professional licensed) or
certificated); military discharge certificated) (DD Form 214);
marriage certificated); passport; and/or business licensed). You
also may be asked to bring documents that pertain to
information provided in your answers to questions on the form
or other matters requiring specific attention. These matters
include: termination or discharge from employment; delinquent
loans or taxes, bankruptcy, judgments, liens, or other financial
obligations; and arrests, convictions, probation and/or parole.
The U.S. Government is authorized to ask for this information Who makes a final determination?
under Executive Order 10450; section 2166 of title 42, U.S. Code;
parta 5,732. and 736 of Title 5, Code of Federal Regulations, and Final determination on your eligibility for a national security
other statutes authorizing background investigations. We ask for position and your being granted a clearance is the responsibility
your Social Security number to keep our records accurate, of the OPM or the Federal agency that requested your
because other people may have the same name and birth date. investigation. You maybe provided the opportunity to personally
Executive Order 9397 also asks Federal agencies to use this explain, refute, or clarify any information before a final decision
number to help identify individuals in agency records. is made.
What is the investigative process? How is this form organized?
Background investigations for national security are conducted to This form has two parts. Part 1 asks for background
develop information to show whether or not a person is reliable, information, including where you have lived, gone to school, and
trustworthy, of good conduct and character, and loyal to the worked. Part 2 asks about your activities and such matters as
United States. ¦ The information you provide on this form, firingB from a job, criminal history record, use of illegal druga and
including any specific agency instructions of Question 14c., and alcohol consumption. In answering Part 2, you should keep in
any other special instructions, is confirmed by investigation. mind that your answers to questions are considered together
Your current employer must be contacted, even if you indicated with the information obtained in the investigation to reach an
on your SF 171, or other form, that you do not want the present appropriate adjudication for a sensitive position,
employer contacted. In addition to the questions on this form,
inquiry also is made about a person's adherence to security What are the penalties for inaccurate or false statements?
requirements, mental or health disorders, dishonest conduct,
sexual misconduct, vulnerability to blackmail or coercion, The U.S. Criminal Code provides that knowingly falsifying or
falsification, misrepresentation and any other behavior, activities, concealing a material fact is a felony which may result in fines
or associations that tend to show the person is not reliable, of up to $10,000, or 5 years imprisonment, or both. In addition,
trustworthy, or loya). Federal agencies generally fire, do not grant clearance, or
disqualify individuals who have materially and deliberately falsi-
An interview with you is a normal part of the investigative fied theee forms, and this remains a part of our permanent
process. This Personal Subject Interview is generally the first record for future placements. Because the position for which you
step in the investigation, and is conducted under oath, affir- are being considered is a sensitive one, your trustworthiness is
mation, or unsworn declaration. It provides you the opportunity a very important consideration in deciding your eligibility for
to update, clarify, and explain more completely information on security clearance. Your prospects of placement or clearance are
your form, which often helps to complete your investigation fast- better if you answer all questions truthfully and completely. In
er. the course of an interview with a Federal official you will have
-------�
TSCA CBI Security Manual
n<4aqnnfa> opportunity to «*pl«in any information you give us on
the form and make your comments part of the record.
How is the SF171 used with this form?
For competitive civil service positions, a copy of the Application
for Federal Employment (SF 171), or a form provided to you, will
be attached to the SF 86. For certain other and contractor
positions, the SF 171 is not required. You will be advised by the
office assisting you.
How is this form filled out?
1. Follow the instructions of the person who gave you the form
and any other supplementary information famished by that
person to assist you in completion of the form. Find out how
many copies of the form you are to turn in. You must sign and
date, in ink, the original and each copy you submit.
2. You will need a continuation sheets), SF 86A, if in the last 15
yean you have lived in more than 6 residences, attended more
than 3 schools, or had more than 7 employmentafeelf-employ-
mentsAinempIoyments.
If additional space is needed, use a blank piece of paper. Each
blank piece of paper you use must contain your name and Social
Security number at the top of the page.
7700
1/93
3. Type or legibly print your answers. We cannot accept your
form if it is not legible.
4. You must use the State codes (abbreviations) listed in the box
below when you fill out your form.
5. The 5-digit postal ZIP codes are needed to speed the processing
of your investigation. The office that provided you with the form
will assist you in completing the ZIP codes.
6. Whenever "City (Country)" is shown in an address block, also
provide in that block the name of the country when the address
is outside the United States.
7. When providing dates, you may use numbere 1-12 to indicate
months if you don't believe you have enough space to write the
month; and for the same reason, for year you may show the last
two numben in the year. For example, June 8,1967, could be
shown as 6/8/67, or January 1984 could be shown as 1/84.
If you have any questions, call the office that gave you the form.
Be sure to sign and date the certification statement on page 9
and complete the release on page 10. Any forms that are not
completed according to these instructions will be returned. This
will delay the processing of your case.
Alabama
AL
Hawaii
HI
Massachusetts
MA
New Mexico
NM
South Dakota
SO
Alaska
AK
Idaho
10
Michigan
Ml
New York
NY
Tennessee
TN
Arizona
AZ
Illinois
1
Minnesota
MN
North Carolina
NC
Texas
TX
Arkansas
AR
Indiana
M
Mississippi
MS
North Dakota
NO
Utah
UT
California
CA
Iowa
IA
Missouri
MO
Ohio
OH
Vermont
VT
Colorado
CO
Kansas
KS
Montana
MT
Oklahoma
OK
Virginia
VA
Connecticut
CT
Kentucky
KY
Nebraska
NE
Oregon
OR
Washington
WA
Delaware
DE
Louisiana
LA
Nevada
NV
Pennsylvania
PA
Wisconsin
Wl
Florida
FL
Maine
ME
New Hampshire
NH
Rhode Island
Rl
West Virginia
WV
Georgia
OA
Maryland
MO
New Jersey
NJ
South Carolina
SC
Wyoming
WY
American Samoa
AS
Diet of Columbia
DC
Guam
GU
Northern Marianas
CM
Puerto Rico
PR
Trust Territory
TT
Virgin Islands
VI
PRIVACY ACT ROUTINE USES
This record and information in Ms record may be uMd In tftdofng Information:
- To designated officers and employees of agendat.onoM, and ofwreaablshmenti
in tie exacutke, legislative, snd juddtf branches of tie Federal Gcverrwnera. having a
need to evalua» quaMtcatons, suhabiHr, and toyrtv to the United Sates Government
andflr a security clearance or acosss determination;
• To designated officer* and employees of agencies, offices, and Oher eaaMshmena
in ihe executive, legislative, and juddal brandies of tie Federal Government, and tie
Datrict of Columbia Government, when such agency, office, or osattshmsnt conducts
an investigation of tie indfcridual tor purposes of grafting a security clearance, or for the
pupoae ol making a determination of qualifications, stability, or loyalty to tie United
Stales Government, or access to daaslted Information or leatricted areas;
• To designated, officers and employees of agencies, offices, and otwr esubishments
in tie executive, judicial, or legislate brandies of tie Federal Government, hming tie
responsfcilty to gram clearances, to make a determination regardng access to dassited
information or restricted areas, or to evaluaB qualiScations, sutabihy. or loyalty to tie
Uniad Stales Government. In connection with performance of a service B tie Fdderal
Government under a contact or other agreement
• To rlBligence agenaes tar use in intelligence activities;
¦ To any source from which information is requested in the ooine of an irwestigation.
to the extent neoeesary to identify the indwidual, inform the source of tie reue and
pvpoee d tie investigation, and B identify tie type of information requessd;
- To tie Federal, Smb. or local agency responsfole lor investigating, prosecuting,
enforcing, or implementing a sa&Jle, nie. regulation, or order where
there is an indication of a violation or potontial violation of civil or criminal law or
regulation;
- To an agency, office, or other establishment In the executive, legislate, or
ludoal branches of tie Federal Government, or tie Otsrta of Columbia Government,
m response B its request in connector with tie hiring or resnton of an employee,
the issuanae of a security dearance, tie conducting of a security or suitabifty
imestgatcn ol an individual, tie classifying of jobs, tie letting of a contact, or the
issuance of a license, pant, or otier benefit by tie requesting egency:
• To Federal agencies as a data source tor management Information through tie
producwn of summary deecriptive statistics and analytical sudies in sipport of the
tircDone for «Mch tie records are mainnined or tor related studies;
• To a congressional office in response B an inqjry made at the request olthai
individual;
¦ In litigation before a court or in an admiftttrafre proceeting being conducted by
a Federal agency,
- To tie National Archives and Records Administration tor records management
inspecsons;
¦ To tie Office ol Menagement end Budget in connection with prfcatB relief
legislation;
¦ To respond B a request tor discovery or for appearance of a witless; and
• To tie Merit Systems Protection Board, tie Office of Special Cotnsel, the Equal
Employment Opportunity Commission, or tie Federal Labor Relations Authority, in
cormecaon wit) functions vested in those agencies.
PuMc Burden IntonnaUon
ftfttic burden reporting tar Me crtecdon at rumination is estimated B vary from 30 minutes BISO rriniM per response, induing time for reviewing imtructtona, searding
existing data sotroes, gatiering and maintaining he data needed, and completing and rwiewing the collection of intonation. Send comments regardng tie burden estimate or
any ofter aspect of Ms collection of information, inducing suggestions tor reducing tin burden to Reports and Forms Management Offioer. U S Office of Personnel Management.
1900 E Steet, N.W., Room 6410, Waaliington, DC. 20415; and to tie Offioe of Management and Budget, Paperwork Reduction Project (320*0007), Wasfingun, D C. 20503.
Do not send yotr oomplead form B tfie eddreseee in tiis box.
-------�
TSCA CBI Security Manual
Standard Form 86
Revised December 1990
U.S.Office of Personnel Management
FPM Chapter 732
~3PH
QUESTIONNAIRE FOR
SENSITIVE POSITIONS
(For National Security)
7700
1/93
Form apprwed:
O.M.B. No. 3206-0007
NSN 75*0-0G-634-4036
66-110
Part 1
CodM"
USE
ONLY
Agency Use Only (Complete items A through P using instructions in FPM Supplement 296-33)
A Type of
G Geographic (
Location
IB Extra
I Coverage
III!
IC Sensitivity
Level
D Access,
IE Nature ot
Action Code
IF Date of | Monm | Yeai
I Action | | | | | |
H Position.
Code
I Position
Tide
J
SON
I I I
K Location of Offi-
cial Personnel
Folder
—
None
NPRC
At SON
Other Address
ZIP Code
I I I I
L
M Location
None
Other Address
ZIP Code
o> Security
At SOI
SOI
I i I
Folder
NPI
I I I I
lOPAC-ALC
Number
Lame
' 1 1 1
and Title
I I I
Accounting Data and/or.
Agency Case Number
Si
Telephone Number fts( ( Dale
!< >
P Requesting
Official
ignature
I Persons completing this form should begin with the questions below. Please type or print your answers. I
1 FULL • If you have only initials in your name, use them and State (IO).
NAME • If you have no middle name, enter "NMN."
• If you are a "Jr.* "Sr.," "II," etc., enter this in the box after
your middle name.
2 DATE OF
BIRTH
Last Nam* " ^
First Name
Middle Name
jJr.. II. etc
Month Day Year
I I J I I
3 PLACE OF BIRTH • Use the two letter code for the State.
4 SOCIAL SECURITY NUMBER
City . ...
^County
State
I i I
^Country tH not In the United Slates)
I I |-| | |.| I I I |
5 OTHER NAMES USED
Give other names you used and the period of time you used them (for example: your maiden name. name(s} by a former marriage, former name(sl. alas[esj, or nichname{sD. I'
the other name is your maiden name, put "nee" in front of iL
Name
. MontfVYear Month/Year
To
Name Month/Year MontWYear
| To
Name
Month/Year Month/Year
To
Name MonWYear MonOVYear
I
IDENTIFYING
INFORMATION
g«A (KNVH WW MM/
[ [Female | [Male
7 TELEPHONE Work (include Area Code and extension)
Home (include Area Code)
NUMBERS
( )Day |( ) Day
( ) NlgM ( ) |( ) Night ( )
8 CITIZENSHIP
g Mark the box at the right that
applies to you and follow the
instructions next to the box you
marked.
I am a U.S. citizen by birth in the U.S.
Answer Items b and d
t) Your Mother's Maiden Name
I am a U.S. citizen, but I was NOT born in the U.S.
Answer Items b, e, and d
I am not a U.S. citizen.
Answer Items b and •
C UNITED STATES CITIZENSHIP If you are a U.S. Citizen, but were not born in the U.S.. provide information about one or more of the following proofs of your citizenship.
Naturalization Certificate (When wen you naturalized?)
Court
City
State
,
Certificate Number MonttVDay/Year Issued
1 1 1 1 1 1 1 1 1 [
1
1
£
i
1
5
s
City
Stale
i
Certificate Number
i i i i i i i i i
MontlVDay/Year Issued
State Department Form 240 • Report ot Birth Abroad of a Citizen ot the United Stetee
Give the date (he form was Month/Day/Yeor
prepared and give an
explanation if needed. |
Explanation
U.S. Passport
This may be either a current or previous U.S. Passport.
Passport Number
1 1 1 1 1 1 1 1 1
MonttvOay/Year Issued
DUAL CITIZENSHIP If you are (or were) a dual citizen of the United States and another
country, provide the name of that oountry in the space to the right.
Country
ALIEN If you c
ire an alien, provide the following information:
Place You
Entered the
United States:
City
State
1
Date Y
Month
1
xi Entei
Day
1
ed U.S.
Year
1
Alien Registration Number
1 1 1 1 1 1 1 1 1
Country of Citizenship
Page 1
-------�
TSCA CBI Security Manual 7700
^^1/93
Fill in your full address for every place you have lived beginning with the present (#1) and working backward 15 years.
• If you attended school away from your permanent residence, list the address you lived at while attending school.
• For any address in the past 3 years:
- List a person who knew you at that address, preferably someone who still lives in that area.
- If address listed is "General Delivery," a Rural Route, or Star Route, provide directions for locating the residence on an attached
continuation sheet, and show the block #.
Month/Year Month/Year
Present To
Street Address Apt. 0
City (Country)
State
1 1 L
ZIP Code
1 1 1 1
Name ot Person Who Knows You
Street Add'ess Apt. * City (
Country)
State
I
ZIP Code
I I I I
Teleph
(
one Number
Month/Year MontlVYear
03
To
Street Address Apt. *
City (Country)
State
1
ZIP Code
1 1 1 1
Name ol Person Wta Knows You
Street Address Apt.» City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
MonttVYear Month/Year
#3
To
Street Address Apt. *
City (Country)
State
, 1 L
ZIP Code
1 1 1 1
Name ol Person Who Knows You
Street Address Apt. * City (Country)
Slate
I
ZIP Code
I I I I
Tel eph
(
one Number
Month/Year Month/Year
#4
To
Street Address Apt. #
City (Country)
State
1
ZIP Code
1 1 1 1
Name ot Person Who Knows You
Street Address Apt. » City (Country)
State
I
ZIP Code
I I I I
Teleph
(
one Number
MontrvYear MonltvYear
*5
To
Street Address Apt. »
City (Country)
State
, ! L
ZIP Code
1 1 1 1
Name of Person Who Knows You
Street Address Apt. * ¦ City (Country)
State
I
ZIP Code
I I I I
Teleph
(
one Number
Month/Year Month/Year
#6
To
Street Address Apt. *
City (Country)
State
1
ZIP Code
1 1 1 1
Name of Person Who Knows You
Street Address Apt.» City (Country)
State
|
ZIP Code
I I I I
Telephone Number
( )
¦|0 WHERE YOU WENT TO SCHOOL
Fill In information about schools you have attended, beyond Junior High School, beginning with the most recent (#1) and working
backward 15 years. Also list College or University degrees received beyond 15 years.
• For schools you attended in the past 3 years, list a person who knew you at school (such as an instructor or a student).
• For correspondence schools and extension classes, list records location address.
• In the "Code" block, use one of these codes: 1 • High School 2 - College/University 3 - Vocational/Trade School
Month/Year Month/Year
#1
To
Code
Name ot School
Degree/Diploma/Other (shot* eacn degree
and date received il Code 2)
MontrvYea/
Street Address and City (Country) o
School
State
|
ZIP Code
i i i i
Name of Person Who Knew You
Street Address and City (Country)
State
1
ZIP Code
1 1 1 1
Teleph
(
one Number
Month/Year Month/Year
*2
To
Code
Name of School
Degree/DiplomarOther (show each degree
and date received il Code 2)
Month/Year
Street Address and City (Country) o
School
State
|
ZIP Code
Mil
Name ot Person Who Knew You
Street Address and City (Country)
State
1
ZIP Code
1 1 1 1
Teleph
(
one N iber
tJhonWIear MonttVYear
#3
To
Code
Name of School
Degree/Diploma/Other (show each degree
and date received if Code 2)
Month/Year
Street Address and City (Country) o
School
State
1
ZIP Code
1 1 1 1
Name of Person Who Knew You | Street Address and City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Enter your Social Security Number before going to the next page
| |
• 1 • 1 1 1
Page 2
-------�
TSCA CBI Security Manual
7700
1/93
11 YOUR EMPLOYMENT ACTIVITIES
Fill In your employment activities, beginning with the present (#1) and working backward 15 years. INCLUDE:
• all full-time work • all paid work • self-employment
• all part-time work • active military duty • all periods of unemployment
IN THE NUMBERED ACTIVITY SECTION USE ONE OF THESE CODES IN THE CODE BLOCK:
1 - Active military duty stations E • State Government (Non- 7 - Unemployment (Enter name
2 • National Guard/Reserve Federal) employment of person who can verify)
3 - U.S.P.H.S. Commissioned Corps 6 • Self-employment (Enter 8 • Federal Contractor (list Con-
4 - Other Federal employment business name and/or name tractor, not Federal agency)
of person who can verify)
9 • Other
FOR EACH ACTIVITY SECTION, provide information requested. For example, If you had worked at XY Plumbing in Denver, CO, for 3
separate periods of time, you would enter dates and Information concerning the most recent period of employment first, and provide dates,
position titles, and supervisors for the two previous periods of employment in the appropriate blocks below that information. (For location*
outside (he U.S., (how city and country.)
01 MonttVYear Month/Year
Present To
Employer's NamarMlitary Service/Unemployment or Self-Employment Verifier
Your Position Tide
Employer's/Verifier's Street Address
City (Country)
State
1
ZIP Code
III 1
Telephone Number
( )
Street Address of Job Location (il different than Employer's Address)
City (Country)
State
1
ZIP Code
1. 1 1 1
Telephone Number
( )
Supervisor's Name ft Street Address (if different than Job Location)
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK f
: Month/Year Month/Year
Your Position Title ft Supervisor's Name
Month/Year Month/Year
Your Position Tide A Supervisor's Name
To
To '
To ¦
T° ¦
«2
T00f I
To
year
loyerOam^ilit^^eroce/OnOTpl^mw^^SPtmpI^mS^enner
Employer's/Verifier's Street Address
City (Country)
State
¦ 1
2IP Code
I I 1 1
Telephone Number
( )
Street Address of Job L oca Don (it different than Employers Address)
City (Countiy)
State
t
zip code
I I 1 1
Telephone Number
( )
Supervisor's Name ft Street Address (if different than Job Location)
City (Country)
Slate
1
ZIP Code
¦ 1 1 1 1
Telephone Number
( )
Your Position Tide
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION • IF CONTINUATION SHEET IS USED, SHOW BLOCK I
Month/Year MonttVYear
Your Position Tide ft Supervisor's Name
Month/Year MontfVYear
Your Position Tide ft Supervisor's Name
To
To
:' To
To
#3
Month/Year MontftYear
To
Code
Employer's NameiMilitary Service/Unemployment or Self-Employment Verifier
EmployerWerifier's Street Address
City (Countiy)
State
1
JflPCode
I I 1 1
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Countiy)
State
1
ZIP Code
I 1 1 1
Telephone Number
( )
Supervisor's Name ft Street Address (if different than Job Location)
City (Countiy)
State
1
ZIP Code
I I 1 1
Telephone Number
( )
Your Position Title
PREVIOUS PERIOOS OF THE SAME ACTIVITY AND LOCATION • IF CONTINUATION SHEET IS USED, SHOW BLOCK «
Month/Year Month/Year
Your Position Tide ft Supervisor's Name
MontrvYear Month/Year
Your Position Tide ft Supervisor's Name
To:
To
To
To
Enter your Social Security Number before going to the next page
-I
I i
Page 3
-------�
TSCA CBI Security Manual
7700
YOUR EMPLOYM
ENT AC"
riVITIES (Continued
MontfVYear Month/Year
#4
To
Code
Employer's tta'WM'htary Ser,'ca/Unempioyrr>en: or Seif-£mpioymeni verifier
Your Position
r it.®
Employer's/Verifier's Street Address
City (Country)
a:aie
-
ZIP Code
1 1 l'
T-iepnone Numoer
( ) '
Street Address of Job Location (it different than Employer's Ancrossi
C-ty -.Courifyj
s: i
Zir' Code
1 1 1
Te'Oono^e Numoer
t )
Supervisor's Name ft Street Address (if different fran .lob Location)
C'iy LQUf i'f)
SloV;
i
ZIP Code
1 1 i
To tpnone NunOer
( )
Previous PtftidxJS & Yh£ &am£ activity and location ¦ if continuation skeet'is used, show block •
MonthfYesr Month/Yea/ Your Position Tide & Supoivsor's Name
-Ifl_
To
MonrrvYsar Monih'Yaa- Your Posiiior: T.r.a S Supervisor's Name
To
#5
Month/Year MontfVYear
To
Code
Employer's Name/Military Service/Unemployment or Selt-Employmerii Venter
Employer's/Verifier's Street Address
City (Country)
Stale
J
ZlP Code
Mil
Telephone Number
( )
Street Address of Job Location (it different man fcmployer's Address)
City (Country)
Stale
1
ZIP Code
1 1 1 1
Telephone Number
( )
Supervisor's Name ft Street Address (if different than Job Location)
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Your Hos:tion Title
Month/Year Month/Year Your Position Tide 4 Supervisor's Name
MonttVYear Month/Year Your Position Tide ft Supervisor's Name
_IQ_
Ta
To
To
MontfVYear Month/Year
To
Employer's Name/Military Service/Unemployment or Self-Employment Venher
Your Position Tide
Employer's/Verifier's Street Address
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Country)
State
1
ZIP Code
1 II 1
Telephone Number
( )
Supervisor's Name ft Street Address (if different than Job Location)
City (Country)
State
1
ZIP Code
till
Telephone Number
( )
MontfVYear Month/Year Your Position Title ft Supervisor's Name
IB
MontfVYaar MonttVYear Your Position Tide ft Supervisor's Name
JSL.
To
To
Month/Year MonOVYear
#7 ;
Code
Employer's NamtfMlitary ServiottUnemploymerit or Self-Employment Verifier
Your Position Tide
EmployerWerifier's Street Ad
dress
City (Country)
State
J
ZIP Code
1 1 1 1
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Countiy)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Supervisor's Name ft Street Address (if different than Job Location)
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
PREVIOUS Periods of tHE SAME ACTIVfTV AND LbcATioN - if continuai
TON SHEET IS USED, SHOW BLOCK «
Month/Year MonOVYear
Your Position Title ft Supervisor's Name
MonOVYear Month/Year
Your Position Tide ft Supervisor's Name
To
To
To
To
Enter your Social Security Number before going to the next page
ii
¦in
-------�
TSCA CBI Security Manual
.7700
1/93
12 PEOPLE WHO KNOW YOU WELL
List two people who Know you well and live in the United States.
• Don't list spouse, other relatives, or former spouses. • Try not to list anyone mentioned in item 9, 10, or 11.
Name
#1
Number Years Known
Telephone Number:
( )
D*y( ) or Night ( )
Home Address
City (Country)
Stats
I
ZIP Code
I I I I
Name
<2
Number Years Known
Telephone Number:
( )
On ( )« KtgM ( )
Home Address
City (Country)
State
I
ZIP Code
I I I I
13 YOUR OUTSIDE ACTIVITIES
List any activities which you may wish to have considered as reflecting favorably on your reputation for leadership, responsibility, honesty,
and integrity in the last 15 years. (Response Optional)
Month/Year Month/Year
#1 : To
Activity
location of Activity
City (Country) .
State
I
#2 To
I
«3 To
I
14 YOUR FOREIGN ACTIVITIES
3. Do you have any foreign property, business connections, or financial interests?
Yes
No
b. Are you now or have you ever been employed by or acted as a consultant for a foreign government, firm, or agency?
C. In the last 15 years, have you had continuing contact with a national of any foreign country designated by the agency
instructing you to fill out this form? (NOTE: If the agency wants you to answer this question, it will provide you with
a list of countries.)
If you answered "Yes* to a, b, or c, explain in the space below:
15 FOREIGN COUNTRIES YOU HAVE VISITED
List foreign countries you have visited, beginning with the most current (*1) and working backward IS years.
• Do not Indude countries covered In items 9,10, and 11.
• In the "Code" block, use one of these codes: 1 • Business 2-Pleasure 3-Education
4 • Other
MontfYYear Month/Year
Code
Country
Month/Year MonttVYear
Code
Country
#1
#3 To
#2
To
-
•4 To
16
YOUR MILITARY HISTORY
Yes
No
a. Have you served in the United States military?
Have you served in the United States Merchant Marine? . .
• If your answer to either question is "Yes.* GO TO b.
Starting with the most current (#1) and working backward, enter information for all periods of active service into the table below.
• Mark "O" block for Officer or "E" block for Enlisted.
• In the "Code* block, use one of these codes:
1 - Air Force 2 • Army 3 - Navy 4 - Marine Corps S - Coast Guard 6 • Merchant Marine 7 • National Guard
V. ¦ MonttVYear MomtVYear
i-ih'yy'^ ::Tp;":..-.; .
Code
Service/Certificate #
0
Status (Mark "X* in appropriate blocks - use State Code lor National Guard)
None
Active Duty
Active Reserve
National Guard
(show State)
I
Inactive
Reserve
Retired
#2 To
I
#3 'V- ... To: . .
I
#4 To
I
¦
Enter your Social Security Number before going to the next page
-*
i i l-l i
Page 5
-------�
TSCA CBI Security Manual
7700
1/93
17
YOUR RELATIVES
Give full names and enter the correct code (or all relatives, living or dead, specified below:
1 - Mother (first) 4 - Stepfather 7 - Stepchild 10 - Stepbrother
2 • Father (second) 5 - Foster parent 8 - Brother 11 - Stepsister
12 - Half-brother
3 - Stepmother
6 • Child (adopted also) 9 ¦ Sister
13 - Half-sister
14 - Father-in-law
15 - Mother-in-law
16 - Guardian
Full Nam* (If dMMMd, chick iox on (nc /#ff
btfort mitring nm•)
Coda
Date o! Sinn
Month/Oty/Year
Country of Birth
Country of
Citizenship
Current Street Address and City
(country) of Living Relatives
State
U
1
|
LJ
2
I
U
|
L_J
|
U
|
U
I
1—'
|
U
|
LJ
|
L_l
18 YOUR MARITAL STATUS
Mark one of the following boxes to show your current marital status:
1 - Never married (go to question 19)
2 - Married
3 - Separated
4 - Legally Separated
—
5 - Divorced
6 • Widowed
Currant Spouaa Complete the folio wing about your current spouse.
Full Name
Date of Birth
Place of Birth (Include country il outside the U.S.)
Social Security Number
I I l-l I l-l I I I
Country of Citizenship
Date Married
If Separated, Oats of Separation (MoJDay/Yr.)
Place Married (Include country it outside the U.S.)
It Legally Separated, Where is me Record Located? City (Country)
State
Address of Current Spouse (Street, city, and country il outside the U.S.)
State
I
State ZIP Code
I I I I
Former Spou>e(«) Complete the following about your former spouse(s), use blank sheets if needed
Full Name
Date of Birth
Place ol Birth (Include country il outside the U.S.)
State
I I
Country of Citizenship
Date Married
Place Married (Indude country it outside the U.S.)
State
I I
Check One, Then Give Date
|~~| Divorced |~~| Widowed
Month/Day/Year
If Divorced. Where is the Record Located? City (Country)
¦
State
I
Address of Former Spouse (Street, city, and country it outside the U.S.;
State ZIP Code
19 PERSONS LIVING WITH YOU
Does the citizen of another country, or a United States citizen by other than birth, live at your residence? If "Yes," provide the
information required below. If a United States citizen by other than birth lives with you, show both "United States" and prior
country of citizenship below. Don't list your spouse or other relatives you provided in question 17.
Y08
No
Nam* of Peraon
Country of Citizenship
Relationship
TfiS55u^^^^^^R^Bm?T^5na^^Mff3^^onIinuaiion meets. or blank sheets to
complete any of the questions in Part 1. give the number for (hose questions in the space to the right:
Enter your Social Security Number before going to the next page
T
-------�
7700
TSCA CBI Security Manual 1/93
Standard Form 86 QUESTIONNAIRE: rCK (Vman
Revised December 1990 ck-ric-. w o.m.b No voeooo?
U.S.Office of Personnel Management bbN.:i.vt ^SlLONo nsn
fpm chapter 732 (For National Security)
20 YOUR SELECTIVE SERVICE RECORD
a. Are you a male born after December 31,1959? If "No," go to 21. If "Yes," go to b.
b. Have you registered with the Selective Service System? if "Yes," (jrovicia you: rayihi.-diioii number,
reason for your legal exemption below.
"No," show the
Yes
No
Registration Number
Legal Exemption Explanation
21 YOUR MILITARY RECORD
a. Have you ever received other than an honorable discharge from the military? If "Yes," provide:
Data of Discharge (Month and Year): Type of Discharge:
Yes
No
b. Have you ever been subject to court-martial or other disciplinary proceedings under the Uniform Code of Military Justice?
H "Yes," list any disciplinary proceedings in the last 15 years and all courts-martial. (Include non-judicial and Captain's
mast, etc.)
Month(Year
Charge or Specification / Action Taken
Place (Gty and county/country it outside the United States)
Stale
I
I
22 YOUR EM
Has any ol
backward,
PLOYMENT RECORD
the following happened to you in the last 15 years? If "Yes," begin with the most recent occurrence and go
providing date fired, quit, or left, and other information requested.
Yes
No
Use the following codes and explain the reason your employment was ended:
1 - Fired from a job 3 - Left a job by mutual agreement following allegations of misconduct
2 ¦ Quit a job after being told 4 - Left a job by mutual agreement following allegations of
you'd be fired unsatisfactory performance
5 ¦ Left a job for other reasons
under unfavorable circumstances
MonttVYear
Code
Specify Reason
Employer's Name and Address
Stan
I
ZIP Code
I I I I
I I I I
23 YOUR POLICE RECORD (Do not include anything that happened before your 16th birthday.)
a. Have you ever been charged with or convicted of any felony offense?
b. Have you ever been charged with or convicted of a firearms or explosives offense?
C.
Yes No
Are there currently any charges pending against you for any criminal offense?
d. Have you ever been charged with or convicted of any offense(s) related to alcohol or drugs?
0. In the last 5 years, have you been arrested for, charged with, or convicted for any offense(s) not listed in response to a, b,
c, or d above? (Leave out traffic fines of less than $100.)
If you answered "Yet" to a, b, c, d, or e above, explain your answer(s) in the space provided.
MontNYeer
Offense
Action Taken
Law Enforcement Authority or Court (City and county/country it outside the U.S.)
State
I
2lPCode
I I I I
I
I I I I
24 YOUR MEDICAL RECORD
8. Have you experienced problems on or off the job because of any emotional or mental condition?
Yes
No
b. Have you ever seen a health care professional for any of the types of problems mentioned above?
If you answered "Yes* to questions a or b, explain below.
Month/Year MonttVYear
to
Explanation
To
Enter your Social Security Number before going to the next page
^. .
¦ iti-iht rrf
Page 7
-------�
TSCA CBI Security Manual
7700
1/93
Yes
No
25 ILLEGAL DRUGS AND ALCOHOL
a. In the last 5 years, have you used, possessed, supplied, or manufactured any Illegal drugs? When used without a
prescription, illegal drugs include marijuana, cocaine, hashish, narcotics (opium, morphine, codeine, heroin, etc.), stimulants
(cocaine, amphetamines, etc.), depressants (barbiturates, methaqualone, tranquilizers, etc.), hallucinogenics (LSD, PCP,
etc.). (NOTE: The information you provide in response to this question will not be provided for use in any criminal
proceedings against you.)
b.
Have you experienced problems (disciplinary actions, evictions, formal complaints, etc.) on or off a job from your use of
illegal drugs or alcohol?
If you answered "Yes" to question a or b above, provide information relating to the types of substance(s), the nature of thi
any other details relating to your Involvement with illegal drugs or alcohol. Include any treatment or counseling received.
Explanation
and
MontfVYear Montrvrear
To
Type of Substance
To
Ti>
26 YOUR INVESTIGATIONS RECORD
a. Has the United States Government ever investigated your background? If "Yes," use the codes that follow to provide the
requested Information below. If "Yea," but you cant recall the investigating agency anchor the security clearance received,
enter "Other" agency code or clearance code, as appropriate, and "Don't know" or "Don't recall" under the "Other
Agency" heading, below. If your response is "No," or you don't know or can't recall if you were investigated and cleared,
check the "No" box.
Codes for Security Clearance Received
0 - Not Required 3 - Top Secret 6 - Q-Nonsensitive
1 ¦ Confidential 4 ¦ Sensitive Com partner ted Information 7 - L
2 - Secret S - Q-Sensitive S - Other
Yes
No
Codes tor Investigating Agency
1 - Defense Department 4 • FBI
2 ¦ State Department S • Treasury Department
3 - Office of Personnel Management • ¦ Other (Specify)
Montti/Yaer
Agency
Code
Other Agency
Clearance
Code
MontfVYear
Agency
Code
Other Agency
Clearance
Code
To your knowledge, have you ever had a clearance or access authorization denied, suspended, or revoked, or have you
ever been debarred from government employment? If "Yes," give date of action and agency.
Yes
No
MontfVYear
Department or Agency Taking Action
Month/Year
Department or Agency Taking Action
27 YOUR FINANCIAL RECORD
a. In the last 5 years, have you, or a company over which you exercised some control, filed for bankruptcy, been declared
bankrupt, been subject to a tax lien, or had legal Judgment rendered against you lor a debt? If you answered "Yes,"
provide date of Initial action and other Information requested below.
Yes
No
Moflttweer.
Type of Action
Name Action Occurred Under
Name/Address of Court or Agency Handling Case
Stats
I
zirt
i i
«de
1 1
1
i i i i
1
i i
1 1
Are you now over 180 days delinquent on any loan or financial obligation? Include loans or obligations funded or
guaranteed by the Federal Government (If an SF 171, Application for Federal Employment, will be attached, you do
not need to repeat Federal Government delinquencies. See the instructions headed, "How Is the SF 171 used with
this form?")
Yes
No
Month/Year
Type of Loan or Obligation
and Account f
Name/Address of Creditor or Obligee
State
1
2IPCode
1 1 1 1
1
1 1 1 1
1
1 1 1 1
Enter your Social Security Number before going to the next page
i i
i i
-------�
TSCA CBI Security ManuaJ
7700
1/93
28 YOUR ASSOCIATION RECORD
Yes
No
a. In the last 15 years, have you been an officer or a member or made a contribution to an organization dedcated to the
violent overthrow of the United States Government and which engages in illegal activities to that end, knowing that the
organization engages in such activities with the specific intent to further such activities?
b. In the last 15 years, have you knowingly engaged in any acts or activities designed to overthrow the United States
Government by force? If you answered "Yes* to a or b, explain in the space below:
Continuation Space -
Use the continuation sheat(s) (SF 86A) for additional answers to questions 9, 10, and 11. Use the space below to continue answers to all other
questions and any information you would like to add. II more space is needed than what is provided below, use a blank sheet(s) of paper. Start
each sheet with your name and Social Security Number. Before each answer, identify the number of the question.
After completing Parts 1 and 2 of this form and any attachments, you should review your answers to all questions to make sure the form is
complete and accurate, and then sign and date the following certification and sign and date the release on page 10. If you attach an SF 171,
Application for Federal Employment, make sure that it is updated and that any information added to the SF 171 is initialed and dated.
Certification That My Answers Are True
I read each question asked of me and understood each question. My statements on this form, and any attachments to ttv.
form, are true, complete, and correct to the best of my knowledge and belief and are made in good faith. I understand that
a knowing and willful false statement on this form can be punished by fine or imprisonment or both.
Signature (Sign ti Ink)
Data
Enter your Social Security Number before going to the next page
-¥
1 1 - 1
age 9
-------�
TSCA CBI Security Manual 7700
Ferm egprewed: ^93
O.M.B. No. 3BM007
NSN 7S4OOM3M03*
88-UO
UNITED STATES OF AMERICA
AUTHORIZATION FOR RELEASE OF INFORMATION
Carefully read this authorization to release information about you, then sign and date it in ink.
I Authorize any investigator, special agent, or other duly accredited representative of the U.S.
Office of Personnel Management, the Federal Bureau of Investigation, the Department of Defense,
and any authorized Federal agency, to obtain any information relating to my activities from
schools, residential management agents, employers, criminal justice agencies, retail business
establishments, or other sources of information. This information may include, but is not limited
to, my academic, residential, achievement, performance, attendance, disciplinary, employment
history, and criminal history record information.
I Understand that, for financial or lending institutions, medical institutions, hospitals, health
care professionals, and other sources of information, a separate specific release will or may be
needed, and I may be contacted for such a release at a later date.
I Further Authorize the U.S. Office of Personnel Management, the Federal Bureau of
Investigation, the Department of Defense, and any other authorized agency, to request criminal
record information about me from criminal justice agencies for the purpose of determining my
eligibility for, assignment to, or retention in, a sensitive position, in accordance with 5 U.S.C. 9101.
I Authorize custodians of records and sources of information pertaining to me to release such
information upon request of the investigator, special agent, or other duly accredited representative
of any Federal agency authorized above regardless of any previous agreement to the contrary.
I Understand that the information released by records custodians and sources of information is
for official use by the Federal Government only for the purposes provided in this Standard Form
86, and may be redisclosed by the Government only as authorized by law.
Copies of this authorization that show my signature are as valid as the original release signed by
me. This authorization is valid for two (2) years from the date signed.
Slgrwtura (Sign in Ink)
Full Nam* (Type or Print Ltglbly)
DattSignad
!
1
2
5
Soda) security Number
1 1 | • | 1 | ¦ | 1 1 1 |
Currant MW (Stnm, CKy)
Wat*
1
dp cod*
1 1 1 1
HOfM Tiliphoni Nufflbtf
ftnetod* Arm Cotto)
< )
Page 10
Standard Form M
Revfaad D«c*fflb«r 1000
U.S.Offlc® of Paraonnal Manag«rr*m
FPM Chapttr 732
-------�
TSCA CBI Security Manual 7700
Standard Form ma CONTINUATION SHEET FOR QUESTIONNAIRES 1/93
Revised December 1990 SF 86, SF 85P, AND SF 85 O.M.B. No. 3206-0007
U.S.Offlce of Personnel Management For use with the SF 86, Questionnaire (or Sensitive Positions (for National Security); nsn 7S40-oi-268-«828
FPM Chapter 736 .. SF 85P, Questionnaire for Public Trust Positions; 86-202
and SF 85, Questionnaire for Non-Sensitive Positions
INSTRUCTIONS: Use this torn to continue your answers to "Where You Have Lived" and/or "Your Employment Activities." Follow the instructions on the form lor the particular
questions you are answering and give information in the same sequence. Use as many continuation sheets as you need to furnish all the requested information.
Your Name
Your Social Security Number
I I I -I
I I"
-I I I I
WHERE YOU HAVE L
JVED (Continued)
Month/Year Month/Year
To
Street Address
Apt. *
City (Country)
State
I
ZIP Code
I I I I
Name of Person Who Knows You
Street Address
Apt.*
City (Country)
State
ZIP Code
I I I I
Telephone Number
( >
MonDVYear MonttVYear
To
Street Address
Apt. *
City (Country)
State
I
ZIP Code
[III
Name of Person Who Knew You
Street Address
Apt.*
City (Country)
State
ZIP Code
I I I I
Telephone Number
( )
Month/Year Month/Year
To
Street Address
Apt. *
City (Country)
State
ZIP Code
I I I I
Name of Person Who Knew You
Street Address
Apt.*
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
(
MonttVYear Month/Year
To
Street Address
Apt. *
City (Country)
State
ZIP Code
I I I I
Name of Person Who Knew You
Street Address
Apt*
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
(
Month/Year Month/Year
To
Street Address
Apt. •
City (Country)
State
ZIP Code
riii
Name of Person Who Knew You
Street Address
Apt.*
City (Country)
YOUR EMPLOYMENT ACTIVITIES (Continued)
State
ZIP Code
I I I I
Telephone Number
( )
Month/Year Month/Year
To '
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Your Position Title
Employer's/Verifier's Street Address
City (Country)
State
I
ZIP Code
-I I I I
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
PREVIOUS PERIOOS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK f
Month/Year Month/Year
To
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
To
Your Position Tide & Supervisor's Name
Month/Year MonthTYear
To
Code
Employer's Name/Military Service/Unemployment or Self-Employment Verifier
Your Position Title
EmployefvVerifier's Street Address
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
PREVIOUS PERIOOS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUATION SHEET IS USED, SHOW BLOCK «
Month/Year MontfVYear
To
Your Position Title & Supervisor's Name
Month/Year Month/Year
To
Your Position Tide & Supervisor's Name
T<»
To
-------�
TSCA CBI Security Manual
7700
1/93
YOUR EMPLOYMENT ACTIVITIESJContinue^
TSo^WYea/ Month/Year
To
Code
Employer's/Verifier's Street Address
City (Country)
State
I
ZIP Code
I I I I
r elephone Number
( )
Street Address ol Job Location (if different than Employer's Address)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
I
ZIP Code
I I I I
Telephone Number
( )
PREVIOUS t»ERIOOS OF THE SAME ACTIVITY ANO LOCATION - IF CONTINUA1
'ION SHEET IS USED, SHOW BLOCK •
Your Position Tide
MonttVYear Month/Year
Your Position Title & Supervisor's Name
MonttVYear MonttVYear
Your Posidon Title & Supervisor's Name
To
To
To
'
To
Month/Year MonttVYear
To
Code
Employer's Name/Military Service/Unemployment or Sell-Employment Venter
Your Position Tide
Employer's/Verifier's Street Address
City (Country)
State
1 '
ZlP Code
1 1 1 1
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Country)
State
i
ZIP Code
1 1 1 1
Telephone Number
( )
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
1
' ZIP Code
1 1 1 1
Telephone Number
( )
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION - IF CONTINUA1
riON SHEET IS USED, SHOW BLOCK *
MonttVYear MonttVYear
To
Your Position Tide & Supervisor's Name
MonttVYear Month/Year
To
Your Position Title & Supervisor's Name
To
To
MonttVYear Month/Y
To
ear
Code
Employer's Name/Military Service/Unemployme
nt or Selt-Employment Ven
ler
Your Posiuon Tide
Employor'iyVorifKjr's Street Address
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
0
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Supervisor's Name A Street Address (if different than Job Location)
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
MonttVYear MonttVYear
Your Position Tide & Supervisor's Name
MonttVYear MonttVYear
Your Position Tide & Supervisor's Name
To
To
To
To
Month/Year Month/Year
To
Code
Employer's Name/Military Service/Unemployment or Sell-Employment Venfier
Employer's/Verifier's Street Address
City (Country)
State
1
2lf> Code
1 1 1 1
Telephone Number
( )
Street Address of Job Location (if different than Employer's Address)
City (Country)
Slate
1
ZIP Code
till
Telephone Number
( )
Supervisor's Name & Street Address (if different than Job Location)
City (Country)
State
1
ZIP Code
1 1 1 1
Telephone Number
( )
Your Posidon Tide
PREVIOUS PERIODS OF THE SAME ACTIVITY AND LOCATION ¦ IP CONTINUATION SHEET IS USED, SHOW BLOCK #
MonttVYear MonttVYear
To
Your Position Tide & Supervisor's Name
MonttVYear MonttVYear
To
Your Posidon Title & Supervisor's Name
To
To
Enter your Social Security Number
- Mil
December 1990
-------�
TSCA CBI Security Manual
Appendix 4
7700
1/93
APPLICANT
leave blank
SiCNAfu*! O* ecatON nMOftMiiNric
ttSlOCNCt O* 1ISON (INCtDMlNTID
0AT|
SIGNAtuaf 0> OfKlAl TAKING HNC*«P«IN1i
funoru ano Aooaiss
atASON FiNCoaiNiic
TYPE OR PRINT All INFORMATION IN BIACX
lASTNAMi NAM «!*11 KAMI
LEAVf BLANK
Aiusn
AKA
CITIZINSMir cJT
reuiN* OCA
EBI
A (MID KMCiS Me
MNU
tOCLAl SKUaiTY NO. SQC
OFT!
Si! EF':. Fi
S£X 1 KAC1 1 MOt. I WOT 1 tY«
MlSaiLANIOUSNO.
MNU
LEAVE SUNK
HAH
OATIO^WTM pOB
PUCK
1 PQfl
1 l INQI9
3. i 0UPOU
IHT *OU* fINOftS TAKIN SIMUtTAM(OUSiT
i mm*
tK#HT fOUt FMCH1 f AKiN SUMA-TANtOUfcY
-------�
TSCA CBI Security Maaui
LOOP
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON. D.C. 20537
APPLICANT
THE LINES BETWEEN CENTER OF
LOOP AND DELTA MUST SHOA'
1. WHORL
THESE LINES RUNNING BETWEEN
DELTAS MUST 8E CLEAR
3. ARCH
ARCHkf HAVE NO DELTAS
Or.fAS
TO OBTAIN CLASSIFlAflLE F iNCWPdlNTS.
USE BLACK PRINTER S'NK
oismieurc ink ev*nl * on inking slab
WA$M AND ORY FINGERS THOROUGHLY
ROLL LINGERS FROM NAU ro NAII ANO AVOID ALLOWING LINGERS TO SUP.
BE SURE IMPRESSIONS ARE RECOROEO IN CORRECT ORDH.
IF AN amputation O* OEFORMiTY MAKES If IMPOSSIBLE TO MINT A f tNGH. MAKE A NOTATION TO THAT EFFECT
IN THE INOIVIOUAV PiNOfR BLOCK
IF SOME PHVVCAL CONO:TION makes it IMPOSSIBLE TO OBTAIN PERFfCT IMPRESSIONS, SUlMfT THf BfST THAT CAN Bl
OBTAINIO With a Mfwn STaPLEO TO TH( CaRO Explaining rHf C'«C'JVST ANCIS
EXAMINE THE COM»«.E rEO PRINTS TO SEC if THE* CAN 8t CLASSIFIED BEARING M MMO IMATMOST'fNGfftPR'NTS
FALL into the PATTCRNS SHOWN ON THiSCARO fOTHER PATTERNS OCCUR INFtEOUfNTIV ANO AM NOT SHOWN HERE)
THIS CARD FOR USE BY:
i LAW ENFORCEMENT AGENCIES IN FlNG€RPRlNTING APPLI-
CANTS FOR LAW ENFORCEMENT POSITIONS-•
2. OFFICIALS OF STATE ANO LOCAL GOVERNMENTS FOP PUR
POSES OF EMPLOYMENT LICENSING. ANO PERMITS AS AUTHOR
i2E0 Br STATE STATUTES ANO APPROVED Bv the ATTORNEY
GEN5RAL OF THE UN'*E0 STATES LOCAL ANO COUNTY ORDI-
NANCES unless s»c:-c'Callv >asso on applicable state
STArufCS oo NOT WSC* •HSiREQJ»REvEnT • •
UEAVC TflB PACE BLANK
3 U S GOVERNMENT AGENCIES ANQ OTHER ENTITIES REQUIRED
BY FEOERAl LAW '•
4 OFFQALS OF FESERALLY CHARTERED OR iNSORIQ BANK- '
,NG INST'-unpNS 'TO OROMQTE OR MAINTAIN THE SfCURlTY
OF THOSE INSTITUTIONS
INSTRUCTIONS:
t PRINTS MUST FIRST BE CHECKED THROUGH TH( APPRO-
eaiATE STATE'lOENNEiC ATlON BUREAU ANO ONiY THOSE, FINGER
PRINTS FOR WHICH NO DISQUALIFYING RECORO HAS BEEN FOUNO
IOCAU* SHOUlO BE SU6W'TTE0 FOR FBI SEARCH.
? PRIVACY ACT OF '074 (Pi. 99-SW REOUiRES that FEOERAL
STATE OR LOCAL AGfOES INFORM INDIVIDUALS WHO* sOC'Al
SECURITY NUMBER >S REQUESTED WHETHER SUCH OlSClOSuRt IS
MANDATORY OR VOLUNTARY BASIS OF AUTHORITY HDR Sl>CH
SOLICITATION ANO USES WHICH WILL BE MAOE OF IT
•J. IDENTITY OF PRIVATE CONTtACTORS SHOULO BE SHOWN
•N SPACE EMPLOYER anO AODRESS THE CONTRIBUTOR
-------�
TSCA CBI Security Manual
Appendix 5
7700
1/93
UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
WASHINGTON 0 C 20460
JAN 18 I9BI
MmommoM
SUBJECT: Request for Building Pass
FROM:
Ann M. Lir
Security and Property Management Branch
Project Officers
TO
Building passes are intended only to identify contractors
entering one of the EPA Headquarters buildings and are not intended
for contractors to use as identification to cash checks, enter
other governaent facilities, obtain airline tickeits, rent vehicles
or obtain hotel reservations.
Building passes will be issued only to contractor employees
who work on-site for 24 hours or sor* a week. Management personnel
who periodically visit on-site personnel shall not be issued
Building Passes. Project Officers whose personnel are on-site less
than 24 hours a week oust provide a menorahdur explaining the need
for a building pass.
Couriers shall not be issued building passes.
All information must be typed or neatly printed on the request
forn. If the printed name of the Project Officer cannot be read,
the form will be returned without action.
The Pass and 10 Office is open from 8:30 an to 3:30 pm, Monday
through Friday and operates on a first come first serve basis.
Individuals requiring building passes should either bring the
Request for Building Pass with them or mail it to the Security
Office (PM-219). Forms will be maintained in a suspense file for
30 days aftar it is received and then returned to sender indicating
that no action was taken. If a request for a building pass is
handcarried by the applicant, it shall be valid only for 30 days
from the date it is signed by the Project Officer.
Questions should be addressed to the Security Management
Section at 382-6352.
-------�
TSCA GBI Security Manual
1/93
SUBJECT: Request for Building Pass
FROM:
Projset Officer
TO: H. Brooks Haalin, Chief
Security Management Section
I request that the below listed personnel be issued a Building
Pass. The following data is furnished:
HUi dm or ntw MOiymiiioM I
co*wunr mum
CONTRACT NUMBERS . EXPIRATION D^TS
NORMAL HOURS OF VOUt
8VICZAL ACCESSs After <»30 ps Weekend Holiday
LOCATION! VIM CM-2 PAXRC1XLD CRYSTAL STATION
I understand as Project Officer, I am responsible for
retrieving the above building pass(es) should:
1. The individual(s) transfer or terminate and no longer
requires access.
2. The individual(s) need for access to CPA be changed to
less than 24-hours a week.
3. TIM contract expires.
PROJECT OFFICER'S SI ON ATTIRE TELEPHONE • MAIL CODE
PO'S ID NUMBER
PO'S DIVISION DATE
-------�
TSCA CBI Security Manual
Appendix 6
7700
1/93
United State* Environmental Protection Agency
Washington, D.C. 20460
Request for Approval of Contractor Access
to TSCA Confidential Business Information
Requesting Official
Signature
Date
Title and Office
Contractor and contract number (if modification)
I. Brief description of contract, including purposes, scope, length, and other important details. (Continue on the back of this form
if necessary)
I. What TSCA CBI will be required, and why? (Continue on back if necessary)
III. Will computer access to TSCA CBI be required by the contract? If so, explain why and to what extent on the back of this form.
If you approve thia request, thia office will initiate procedurea to ensure compliance with the "TSCA-CBI Security Manual"
Approval of the Director, OPPT Information Management Division
Approved (Signature)
Date
EPA Form 7740-17 (Rev. 9-92). Replacea EPA Form 7710-15a, which ia obsolete.
12-7/w*
-------�
TSCA CBI Security Manual Appendix 7 77#)
a l-OA CONTRACTOR INFORMATION SHEET
OEITH CONTRACTOR TSCA CBI ACCESS/TRANSFER
1. Contractor Name (list an subcontractors on separate contractor information sheets)
2. Contract
Number
3. Prime
Sub
4. Corporate Address
5. Site Address (where TSCA CBI will be stored)
6. List Previous Contract Number if renewal
a) Name
b) Soc. Sec. No.
c) Telephone
d) Address/Mail Code
7. EPA Project
Officer
8. EPA DOPO/WAM
9. EPA Task Mgr.
10. Contractor
Project Officer
11. Contractor DCO
12. Contractor Alt.
DCO
13. Description of duties to be performed by contractor that require TSCA CBI access (use attachment if necessary):
14. By Section o! TSCA, type(s) of data to be accessed:
15a. Will CBI be
transferred off EPA
site under contract?
(Y/N)
15b. If CBI will transferred to
a site other than listed in
item 5 above, list site.
*
16a. Has a contractor Security
Certification Statement been
approved by TSCA Security Staff?
(Y/N)
16b. TSCA Security Staff
Facility Inspection Date.
17. Desired Date for
access to commence
18. Access desired until
what date?
19. Contract Expiration Date
20. Is contract
renewable?
21. EPA Project Officer Signature and Date
Please return this form with a copy of:
1. Statement of Work, 2. EPA form 7740-17,3. CBI Clause from contract, and 4. Security Certification Statement
to: U.S. EPA, TSCA CBI Access Staff, TS-790,401 M Street, SW, Washington, DC 20460
(202-260-1532)
EPA Form 7740-27 (10/92)
-------�
Appendix 8
DATA SECURITY FOR TSCA CONFIDENTIAL BUSINESS INFORMATION
(EP52.235-120) (AUG 1993)
s The Contractor shall handle Toxic Substances Control Act
(TSCA) confidential business information (CBI) in accordance with
the contract clause entitled "Treatment of Confidential Business
Information" and "Screening Business Information for Claims of
Conf identiality."
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose TSCA CBI to the contractor necessary to carry out the
work required under this contract. The Contractor shall protect
all TSCA CBI to which it has access (including CBI used in its
computer operations) in accordance with the following
requirements:
(1) The Contractor and Contractor's employees shall
follow the security procedures set forth in the TSCA CBI Security
Manual. The manual may be obtained from the Director,
Information Management Division (IMD), Office of Pollution
Prevention and Toxics (OPPT), U.S. Environmental Protection
Agency, 401 M Street, SW, Washington, DC 20460. Prior to receipt
of TSCA CBI by the Contractor, the Contractor shall submit a
certification statement to the Director of the EPA IMD, with a
copy to the Contracting Officer (CO), certifying that all
employees who will be cleared for access to TSCA CBI have been
briefed on the handling, control, and security requirements set
forth in the TSCA CBI Security Manual.
(2) The Contractor shall permit access to and
inspection of the Contractor's facilities in use under this
contract by representatives of EPA's Assistant Administrator for
Administration and Resources Management, and the TSCA Security
Staff in the OPPT, or by the EPA Project Officer.
(3) The Contractor Document Control Officer (DCO)
shall obtain a signed copy of EPA Form 7740-6, "TSCA CBI Access
Request, Agreement, and Approval" from each of the Contractor's
employees who will have access to the information before the
employee is allowed access. In addition, the Contractor shall
obtain from each employee who will be cleared for TSCA CBI access
all information required by EPA or the U.S. Office of Personnel
Management for EPA to conduct a Minimum Background Investigation.
(b) The Contractor agrees that these requirements
concerning protection of TSCA CBI are included for the benefit
of, and shall be enforceable by, both EPA and any affected
business having a proprietary interest in the information.
(c) The Contractor understands that CBI obtained by EPA
under TSCA may not be disclosed except as authorized by the Act,
-------�
and that any unauthorized disclosure by the Contractor or the
Contractor's employees may subject the Contractor and the
Contractor's employees to the criminal penalties specified in
TSCA (15 U.S.C. 2613(d)). For purposes of this contract, the
only disclosures that EPA authorizes the Contractor to msrice are
those set forth in the clause entitled "Treatment of Confidential
Business Information."
(d) The; Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant to this contract that require the furnishing of CBI to
the subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor shall return to the EPA PO ,or his/her designee, all
documents, logs, and magnetic media which contain TSCA CBI. In
addition, each Contractor employee who has received TSCA CBI
clearance will sign pTA Form 7740-18, "Confidentiality Agreement
for Contractor Employees Upon Relinquishing TSCA CBI Access
Authority". The Contractor DCO will also forward those
agreements to the EPA IMD, with a copy to the CO, at the end of
the contract.
(f) If, subsequent to the date of this contract, the
Government changes the security requirements, the CO shall
equitably adjust affected provisions of this contract, in
accordance with the "Changes" clause when:
(1) The Contractor submits a timely written request
for an equitable adjustment; and
(2) The facts warrant an equitable adjustment.
-------�
Section L
Appendix. 8(a)
L.XX ACCESS TO TSCA CONFIDENTIAL BUSINESS INFORMATION
(EP52.235-100) (AUG 1993)
In order to perform duties under the contract, the
Contractor will need to be authorized for access to Toxic
Substances Control Act (TSCA) Confidential Business Information
(CBI). The Contractor and some or all of its employees working
under the contract will be required to follow the procedures
contained in the security manual entitled "TSCA Confidential
Business Information Security Manual". These procedures include
applying for TSCA CBI access authorization for each individual
working under the contract who will have access to TSCA CBI,
execution of confidentiality agreements, and designation by the
Contractor of an individual to serve as a Document Control
Officer. The Contractor will be required to abide by those
clauses contained in EPAAR 1552.235-70, 1552.235-71, and
EP52.235-120 that are appropriate to the activities set forth in
the contract.
Until EPA has inspected and approved the Contractor's
facilities, the Contractor may not be authorized for TSCA CBI
access away from EPA facilities.
-------�
Appendix 8(b)
Section K
K.XX CONTROL AND SECURITY OF TSCA CONFIDENTIAL BUSINESS
INFORMATION
(EP52.235-105) (AUG 1993)
The offeror certifies that—
— the Contractor and its employees have read and are
familiar with the requirements for the control and security of
TSCA CBI contained in the manual entitled "TSCA Confidential
Business Information Security Manual". (See also EP52.235-120
elsewhere in this solicitation.)
-------�
Appendix 8(c)
TREATMENT OF CONFIDENTIAL BUSINESS INFORMATION
(1552.235-71) (DEVIATION) (AUG 1993)
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose confidential business- information (CBI) to the
Contractor necessary to carry out the work required under this
contract. The Contractor agrees to use the CBI only under the
following conditipns:
(1) The Contractor and Contractor's employees shall
(i) use the CBI only for the purposes of carrying out the work
required by the contract; (ii) not disclose the information to
anyone other than properly cleared EPA employees without the
prior written approval of the Assistant General Counsel for
Contracts and Information Law; and (iii) return the CBI to the PO
or his/her designee, whenever the information is no longer
required by the Contractor for performance of the work required
by the contract, or upon completion of the contract.
(2) The Contractor shall obtain a written agreement to
honor the above limitations from each of the Contractor's
employees who will have access to the information before the
employee is allowed access.
(3) The Contractor agrees that these contract
conditions concerning the use and disclosure of CBI are included
for the benefit of, and shall be enforceable by, both EPA and any
affected businesses having a proprietary interest in the
information.
(4) The Contractor shall not use any CBI supplied by
EPA or obtained during performance hereunder to compete with any
business to which the CBI relates.
(b) The Contractor agrees to obtain the written consent of
the CO, after a written determination by the appropriate program
office, prior to entering into any subcontract that will involve
the disclosure of CBI by the Contractor to the subcontractor.
The Contractor agrees to include this clause, including this
paragraph (b), in all subcontracts awarded pursuant to this
contract that require the furnishing of CBI to the subcontractor.
-------�
TSCA CBI Security Manual
Appendix 9
7700
1/93
Confidentiality Agreement for United States Employees
Upon Relinquishing TSCA CBI Access Authority
In accordance with my off icial duties as an employee of the United States, I have
had access to Confidential Business Information under the Toxic Substances
Control Act (TSCA, 15 U.S.C. 2601 et seq.). I understand that TSCA Confidential
Business Information may not be disclosed except as authorized by TSCA or
Agency regulations.
I certify that I have returned all copies of any materials containing TSCA
Confidential Business Information in my possession to the appropriate docu-
ment control officer specified in the procedures set forth in the TSCA Con-
fidential Business Information Security Manual.
I agree that I will not remove any copies of materials containing TSCA
Confidential Business Information from the premises of the Agency upon my
termination or transfer. I further agree that I will not disclose any TSCA
Confidential Business Information to any person after my termination or
transfer.
I understand that as an employee of the United States who has had access to
TSCA Confidential Business Information, under section 14(d) of TSCA (15 U.S.C.
2613(d)) I am liable for a possible fine of up to $5,000 and/or imprisonment for
up to one year if I willfully disclose TSCA Confidential Business Information to
any person.
If I am still employed by the United States, I also understand that I may be subject
to disciplinary action for violation of this agreement.
I am aware that I may be subject to criminal penalties under 18 U.S.C. 1001 if I
have made any statement of material facts knowing that such statement is false
or if I willfully conceal any material fact.
Name (Please type or print1
EPA 10 Number
Signature
Date
EPA Form 7740-16 (10-85) Replaces EPA Form 7710-17,
which is obsolete.
COPY 1 - TSCA SECURITY STAFF
-------�
TSCA CBI Security Manual
7700
1/93
Privacy Act Statement
Collection of the information on this form is authorized by Section 14 of the Toxic
Substances Control Act (TSCA), 15 USC 2613. EPA uses this information to maintain
a record of those persons cleared for access to TSCA Confidential Business Information
(CBI) and to maintain the security of TSCA CBI.
Disclosure of this information may be made to Office of Pollution Prevention and Toxics
(OPPT) contractors in order to carry out functions for EPA compatible with the purpose
for which this information is collected; to other Federal agencies when they possess
TSCA CBI and need to verify clearance of EPA and EPA contractor employees for
access; to the Department of Justice when related to litigation or anticipated litigation
involving the records or the subject matter of the records; to the appropriate Federal,
State, or local agency charged with enforcing a statute or regulation, violation of which
is indicated by a record in this system; where necessary, to a State, Federal, or local
agency maintaining information pertinent to hiring, retention or clearance of an employee,
letting of a contract, or issuance of a grant or other magistrate or administrative tribunal;
to opposing counsel in the course of settlement negotiations; and to a member of
Congress acting on behalf of an individual to whom records in the system pertain.
Furnishing the information on this form, including your Social Security Number, is
voluntary but may prevent the contracting organization from being given access to TSCA
CBI and may therefore make impossible the performance of any task which requires
access to TSCA CBI.
-------�
TSCA CBI Security Manual
Appendix 10
Pfraaa r—d Frnrocy Act Smomont on rawaraa btfon emry'nftg tttis form.
7700
1/93
AEPA
Unitad SIMM Environmantai Pnxaction towcy
Washington. DC 20440
Confidentiality Agreement for Contractor Employees
Uoon Relinquishing TSCA CBI Access Authority
Nam* of Gmptovw
Contractor
Subcontractor
Contract Number
As an employee of the contractor/subcontractor named above per-
forming work for the United States, I have been authorized access to
confidential business information (CBI) submitted under the Toxic
Substances Control Act (TSCA) (15 USC Section 2601 et seq.). This
access authority was granted to me in order to perform my work under
the contract number cited above.
I understand that TSCA CBI to which I have had access under the
contract may be used only for the purposes of performing the contract. I
also understand that TSCA CBI may not be disclosed except as autho-
rized by TSCA or EPA regulation.
I certify that I have returned all copies of TSCA CBI materials in my
possession to either the appropriate document control officer specified
in the EPA-approved security plan in effect at my company or an EPA
TSCA document control officer.
I agree that I will not remove any copies of materials containing TSCA
CBI from the premises of my company or from EPA premises upon my
relinquishment of TSCA CBI access authority. I further agree that I will
not disclose any TSCA CBI to any person after my relinquishment of
TSCA CBI access authority.
I understand that as a contractor employee who has been authorized
access to TSCA CBI, under Section 14(d) of TSCA (15 USC 2613(d)) I am
liable for a possible fine of up to $5,000 and/or imprisonment for up to
one year if I willfully disclose TSCA CBI to any person.
If I am still employed by the contractor, I also understand that I may be
subject to disciplinary action for violation of this agreement.
I am aware that I may be subject to criminal penalties under 18 USC
Section 1001 if I have made any statement of material facts knowing
that such statement is false or I willfully conceal any material fact.
Nam* f^lNM rypa or print)
Signature
9betal Saeunty Numbar
Data
CPA Form 7740*11 (1-M) Replaces EPA Form 7710-43. written xoMoiata
-------�
TSCA CBI Security Manual \ppendix 11 7700
Please read Privacy Act Statement on reverse before completing.
United States Environmental Protection Agency
A PRA Washington, DC 20460
iS'tnrV Employee Separation or Transfer Checklist
Social Security Number
Part 1. To Be Completed by Employee
Employee Name
Current Organization and Location
1
Effective Oate
Typi
s of Action
Separation from Government
Transfer to Other Government Unit
Address (Forwarding or that of gaining Government unit or agency)
Reason for Leaving
Part 2. Responsible Officials Must Complete All items in this Part
Please clear the above-named employee. Final salary payment and application for retirement will be delayed until clearance is completed.
Item
Clearance
Signature and Oate
Vet
No
Payroll/Travel
Advance Leave
LWOP/Health Benefits
Outstanding Travel Advance
Outstanding Travel Voucher
GTR/Airline Ticket
Diners' Club (TM) Credit Card
Permanent Change of Station Requirements
Imprest Fund
Jury Duty Fees
Salary Checks
Personnel
Training Termination Statements
Completion of Employment Agreements
Other
Library Issuances
Security Termination Statements
Security/
Facilities
Audiovisual Equipment
EPA ID Card
Keys
Parking Permit
Special Credentials
Part 3. Certification and Clearance
The Administrative Officer/Supervisor must certify that the above-named employee has accounted for the items listed below.
Item
Clearance
Item
Clearance
Ye»
No
v«
HQ
Personal property
CBI documents
Telephone credit cards
NCC computer user ID
Property pass(es)
U.S.-Government-Issued Credit Card(s)
SF-44, Purchase Orders
Official Passport (If yes, phone OlA/Passport Office)
Cleared
Not Cleared (Explain under Remarks)
Signature of Administrative Officer or Supervisor
Remarks
Certification
I certify that the statements i have made on this form and all attachments thereto are true, accurate, and complete. I acknowledge
that any knowingly false or misleading statement may be punishable by fine or imprisonment or both under applicable law.
Employee Certification
1 certify that ail U.S. Government property (including an official passport) and records have been returned (Signature)
Oate
Personnel Office Affirmation of Clearance
Signature of Servicing Personnel Office
Title
Oate
EPA Form 3110-1 (Rev. 2-88) Previous editions are obsolete. Original — Personnel
Codv Pavroil
-------�
Privacy Act Statement
Authority
Social Security Number Executive Order 9397 dated November 22,1943.
Forwarding Address: Reorganization Plan Number 3 of December 2, 1970.
Purposes and Uses
Social Security Number. Disclosure by you of your Social Security Number (SSN) is voluntary. It will
be used to properly identify your records on file with the U.S. EPA in various program areas from which
you are obtaining certification of clearance. The information gathered will be used only as needed to
complete the clearance process as required by EPA Order 3110.5A.
Forwarding Address: Disclosure by you of your forwarding address is voluntary. It will be used in
forwarding official papers or appropriate information, and to mail documents to you or to a gaining
Government unit or agency.
Effects of Nondisclosure
Social Security Number Withholding the SSN will cause a delay in the separation process or may result
in your not being cleared for separation.
Forwarding Address: Withholding the forwarding address wiil cause a delay in the separation process
or may deter your receipt of outstanding paychecks or other authorized documents.
EPA Form 3110-1 (Rev. 2-88)
-------�
TSCA CBI Security Manual
7700
1/93
Appendix 12
m MHflAL
raas wasm
DOES NOT CONTAIN NATIONAL
9FCURITY INFORMATION (E.O. 12065'
-------�
nin
! i! 11 i
iilil!
IIIMI
;; 11
1 J )
III
iiilihll
jiiiilill
i i: {I i: {
i!!!jji!
M:h ii.
lii
Ml!
ill!
II!!
ill! Ill
iilii!
¦Mil
iliiil!
Hii II!
::: t
Hi
11!!.,.
; 1111 i i
! 1 i!!!! I!!
! Ii
M
: > : i
i : j i
Mil
ill
-ill
: j i j i!! |! ! I i 1
s m; :l I ;
iililjji!
Ilil!!
> m i : >
liiijii
• mi
hiii
¦!!)))
ii!i
•Hi!
¦ Ml!
ill:!
HUL
: : I i »i
: i j i 11
iiiih
mm
MM
H H
II!
ill!
i i I
ilili!
Iilil
III !
iliiilli
!! I
! J j 1
III!
! t ) i ! ) i I
: u : n ; i
Ml jliifi iilil!;
! j!i ! jIHi'i
ill III I III!
TSCA CBI Security Manual
ilHi
nil!
111111! I!!)! j
) ] H I : 1 I i : I i |
' ii! Iilil
iili'
Ii!
! > ' I I a
I! j! I
Will
?! 1 > ! : i n ill II i ?
i ! i ! | ! 1
: : i i ! i t
i i: i! i I
! i i : i I i i I I | i : ; i
l!i!ijli!
Appendix 13
I H . I • I I I I I I I I I • I ..Ml < 1 I • I I I . I » I I I t i ¦ i
ill!llllllilili!l Hill llillilllllll !l!l
1111
MM
Ilil
7700
1/93
Enter Document Control Number or
BarCode
I ! I
I i I! i! i! I
.III
United States Environmental Protection Agency
Washington, DC 20460
Document Description
Date
CONFIDENTIAL
TOXIC SUBSTANCES CONTROL ACT
CONFIDENTIAL BUSINESS INFORMATION
Does not contain National Security Information (E.O. 12065)
The attached document contains Confidential Business Information obtained
under the Toxic Substances Control Act (TSCA 15 U.S.C. 2601 et seq.)
TSCA Confidential Business Information may not be disclosed further or
copied by you except as authorized in the procedures set forth in the TSCA
Confidential Business Information Security Manual.
If you willfully disclose TSCA Confidential Business Information to any
person not authorized to receive it, you may be liable under section 14(d) of
TSCA (15 U.S.C. 2613(d)) for a possible fine up to $5,000 and/or imprison-
ment for up to one year. In addition, disclosure of TSCA Confidential
Business Information or violation of the procedures cited above may subject
you to disciplinary action with penalties ranging up to and including dis-
missal.
CONFIDENTIAL
Miii
Hii
"Hi
iiliiiiiiiSliiliiii
iiiliimiii
III
EPA Form 7740-9 (rev. 10/92) Previous edition is obsolete
hiiiiHij
• ; j j : | ! J ! !
iim
111
III
I! I I j! i 111: i I j : : i : i
] iiiliiiiliiiiiiiiii!
lii!
Miii
I I i i
ir
i:
I!!!!!!
: i j i 11 : } i
lliiii
-------�
TSCA CBI Security Manual
Appendix 14
7700
1/93
United States Environmental Protection Agency
_ Washington. OC 20460
EPA TSCA CBI Visitors Loa
Individual's Name
Organization
Date
Time
Purpose of Visit
-
'
I
I
I
-
I
I
i
i
EPA Form 7740-13 (10-85)
-------�
T3
C
8.
o.
<
•c
3
8
CO
09
U
<
U
(/>
H
United States Environmental Protection Agency „ ' .....
May be tsca cbi 0 . . . Does not contain National
When Filed In KGC6ipt Log Security Information (E.O. 12065)
TSCA Confidential Business Information
Date
Received
Document Control Number/
Copy Number
Number
of Pages
Received From
(Enter Company/EPA Office. City, and State)
Description
Audit
EPAForm 7740-10 (10/92) Previous version is obsolete.
-------�
T3
C
4>
O.
O.
<
3
S
S
c
3
3
00
CQ
u
<
u
(/I
H
United States Environmental Protection Agency „ .....
. . Does not contain National
Inventory Log Security information (E.O. 12065)
TSCA Confidential Business Information
Date
Checked Out
Document Control Number/
Copy Number
User Information
Date
Returned
DCO
Initial
Disposition
Audit
EPA ID Number
User's Name
EPA Form 7740-11 (10/92) Previous version is obsolete.
-------�
TSCA CBI Security Manual
Appendix 17
7700
1/93
United States Environmental Protection Agency
Washington. DC 20460
mP DA Temporary Loan Receipt for TSCA
Confidential Business Information
1 acknowledge receipt of the following documents containing
TSCA Confidential Business Information.
1. DCN/Copy Number
Description
2. DCN/Copy Number
Description
3. DCN/Copy Number
Description
4. DCN/Copy Number
Description
5. DCN/Copy Number
Description
6. DCN/Copy Number
Description
7. DCN/Copy Number
Description
Date Loaned
Name of Lender
Name of Recipient
Signature of Recipient
Instructions
1. To be used only for temporary transfer of TSCA
CBI. Transfers for more than thirty (30) days must
be made through a DCO.
2. The lender must keep the original of this form
after it has been completed and signed by the recip-
ient, and give the copy to the recipient.
3. The lender must give his or her copy of this form
to the recipient when the recipient returns the doc-
uments) to the lender. The recipient should destroy
both copies.
EPA Form 7740-14 (10-8S) Replaces EPA Form 7710-44, which is obsolete
-------�
TSCA CBI Security Manual
Appendix 18
7700
1/93
United States Environmental Protection Agency
Washington, DC 20460
SrEPA
Permanent Transfer Receipt for TSCA
Confidential Business Information
I acknowledge receipt of the following documents containing
TSCA Confidential Business Information.
1. DCN/Copy Number
Description
2. DCN/Copy Number
Description
3. DCN/Copy Number
Description
4. DCN/Copy Number
Description
5. DCN/Copy Number
Description
6. DCN/Copy Number
Description
7. DCN/Copy Number
Description
8. DCN/Copy Number
Description
Date of transfer
Name of Sending DCO/DCA
Name of Recipient
Signature of Recipient DCO/DCA
INSTRUCTIONS
1. To be used only for permanent transfer of TSCA CBI. Transfers must be made by a
DCO/DCA.
2.The sending DCO/DCA must keep the original of this form after it has been signed and
returned by the recipient DCO/DCA. The Recipient DCO/DCA must keep a copy of the
receipt after returning the original to the sending DCO/DCA.
EPA Form 7740-26 (10/92)
-------�
TSCA CBI Security Manual
Appendix 19
1100
1/93
United States Environmental Protection Agency
4^ _ Washington. DC 20460
K5*EPA Memorandum of TSCA CBI Telephone Conversation
I. EPA Employee Identification
Name of Employee
Date
Organization
Time
II. Second Party Identification
Call Is:
~ To D From
Name
Number
Organization
III. Concerning what TSCA CBI?
IV. Content
¦
EPA Form 7740-12 (10-85)
-------�
United States Environmental Protection Agency Does noi contain National
PDA Federal Agency, Congress, and Federal Court Sign Out Log se^rHJSm"uonfEo. noes)
MaybeTSCACBi TSCA Confidential Business Information,
mmmm m m When Filed In
Date -
Logged Out
Document Control Number/
Copy Number
Number
of Pages
Description
Federal Agency, Congress,
or Court
Recipient
DCO
Initial
Receipt
Date
Returned
DCO
Initial
¦ •
.....
•
r '
{
i '
-' *> ?
; >
; !
1
i
?
:
f: • 'v«.
1 - - \"r
! - .
\ 1
i i
•
-
: :
;
• i
'
¦
'
¦i :1 *
^ ' /
;
i
i
, }
fc
;
u
•
EPA Form .7740-24 (10/92) Replaces EPA Form 7710-13 which is obsolete.
-------�
TSCA CBI Security Manual
Appendix 21
7700
1/93
United States Environmental Protection Agency
Washington, DC 20460
TSCA CBI Security Manual Update Transmittal Sheet
Transmittal Number
Date Received
Page(s) Replaced
Date and initials
EPA Form 7740-23 (10/92)
-------�
Q CPJK United States Environmental Protection Agency
TSCA Confidential Business Information
Document Reconciliation Certification
Name: __ Organization: Date:
SSN: Mail Code: [ ] Federal [ ] Contractor
THE TSCA CBI DOCUMENT TRACKING SYSTEM(S) INDICATED THAT THE DOCUMENTS USTED BELOW
HAVE BEEN LOGGED OUT IN YOUR NAME. PLEASE INVENTORY THESE DOCUMENTS AND INDICATE
THEIR CURRENT STATUS.
Document Logout Login
Control Number Bar Code Date Date Status
I HEREBY CERTIFY:
[ ] THAT I HAVE INVENTORIED THE DOCUMENT(S) USTED ABOVE; THE STATUS OF EACH
DOCUMENT IS INDICATED ABOVE.
[ ] I ATTENDED MY ANNUAL TSCA CBI BRIEFING ON
SIGNATURE DATE DOCUMENT CONTtf&L OFFICER DATE
EPA Form 7740-26 (10/92)
-------� |