National
Technical
AEPA
O-nni Europa, Chapel Hill, NC
August 10-22, 1996
-------�
TECHNICAL WORKSHOP
ON QUALITY ASSURANCE
IN INFORMATION MANAGEMENT
NOTEBOOK
TABLE OF CONTENTS
TAB CONTENTS
1. Meeting Agenda
2. Contact Lists
- Speakers
- Participants
- EPA's QA Community
- Office of Information Resources Management (IRM)
3. Key Federal IRM Statutes, Regulations & Policies
- EPA IRM Policies
4. IRM Policy Manual - Chapter 4: Software Management
5. IRM Policy Manual - Chapter 10: Records Management
6. IRM Policy Manual - Chapter 17: System Life Cycle Management
7. IRM Policy Manual - Chapter 18: Acquisition of Federal Information
Processing
8. IRM Policy Manual - Chapter 19: Information and Data Management
9. IRM Policy Manual - Appendix A: Glossary
10. MetaRecords of IRM Documents As Set Forth in EPAAR 1552.210-79
Status of IRM Policies and Procedures
11. Current Status of IM Sections of QA Guidance - EMAP Case History - Linda
Kirkland
-------�
12. QMP Addressing IM — Wendy Blake-Coleman
13. QAPP Addressing IM — Nancy Adams
IM Awareness Training
14. Information Technology Management Reform Act of 1996 — Joe Lentini
15. Information Technology/Information Resources Acquisition — Tom Fioramonti
16. System and Software Development Life Cycle Management -- Jerry Widdowson
17. Information and Data Management — Larry Fitzwater
18. Records Management — Mike Miller
Systems Development -- Life Cycle Management
19. STORET Modernization — Lee Manning
20. Models 3 — Joan Novak
21. Regional Laboratory Information Management Systems (LIMS) Use — Joe Eidelberg
Software Development — Life Cycle Management
22. Water Models — Bob Ambrose
23. Air Models - John Irwin/Joan Novak
24. Data Administration Supporting a Major Modeling Effort ~ Phil Strobel
Data Standards
25. Status of 2185, 2180.2, and Metadata Standards ~ Rick Johnson
26. Scientific Metadata Application — an EMAP Case History — Bob Shepanek
-------�
27. Geographical Information Systems ~ Andy Battin
28. Data Elements Standards — Larry Fitzwater
Auditing
29. Systems Audit ~ Jeff Worthington
30. GALP Audit - George Brilis/Rojeanne Liu
31. Data Audit - Marcus Kantz
-------�
National Technical Workshop
on Quality Assurance in Information Management
August 20-22,1996
London & Vienna-Brussels Ballroom
Agenda
Tuesday. August 20.1996
8:00 - 9:00 a.m.
9:00-9:15 a.m.
9:15-9:55 a.m.
9:55-10:10 a.m.
10:10-10:30 a.m.
10:30- 11:15 a.m.
11:15 a.m. - 12:00 noon
12:00 noon - 1:00 p.m.
1:00- 1:40 p.m.
1:40-2:20 p.m.
2:20-3:20 p.m.
3:20-3:40 p.m.
3:40-4:20 p.m.
4:20-5:00 p.m.
Registration
(Lobby Foyer)
Introduction and Welcome
Framework of the Meeting—Purpose and
Modus Operandi—Current Status of IM
Sections of QA Guidance Discussed in
Context of EMAP Case History
Invitation to Security Tool Demonstration
Break
Examples and Case Histories Which
Illustrate Application of Guidance
QMP Addressing IM
QAPP Addressing IM
Lunch
IM Awareness Training
Information Technology Management
Reform Act of 1996
Information Technology/ -
Information Resources Acquisition
System and Software Development
Life Cycle Management
Break
Information and Data Management
Records Management
Nancy W. Wentworth
Linda Kirkland
Rob LeVine
Wendy Blake-Coleman
Nancy H. Adams
Joseph C. Lentini
Tom Fioramonti
Jerry Widdowson
Lany A. Fitzwater
Michael L. Miller
1
-------�
Wednesday. August 21,1996
8:00-9:00 a.m.
9:00-9:40 a.m.
9:40-10:20 a.m.
10:20- 11:00 a.m.
11:00-11:20 a.m.
11:20 a.m. - 12:20 p.m.
12:20-1:20 p.m.
1:20-2:00 p.m.
2:00-2:40 p.m.
2:40-3:20 p.m.
3:20-3:40 p.m.
3:40-4:40 p.m.
Security Tool Demonstration
Systems Development Life Cycle
Management (Requirements Gathering,
Project Management, Records
Management, Operation and
Maintenance)—Case Histories
Models 3
STORET Modernization
Regional Laboratoiy Information
Management (LIMS) Use
Break
Discussion
Lunch
Software Development Life Cycle
Management (Focus on Scientific
Software)—Case Histories
Water Models
Air Models
Data Administration Supporting a
Major Modeling Effort
Break
Discussion
Rob LeVine
Joan H. Novak
Lee Manning
Joseph Eidelberg
Robert B. Ambrose, Jr.
John Irwin/Robin Denis
Phil Strobel
2
-------�
Thursday. August 22.1996
IS So
9:00 - 9:40 a.m.
(V1£
* 9:40 -10:20 a.m.
10:20- 11:00 a.m.
11:00-11:20 a.m.
I c5b
11:20 a.m. - 12:00 noon
12:00 noon - 12:30 p.m.
12:30-1:30 p.m.
110
1:30-2:10 p.m.
1:1^-2:50 p.m.
2:50-3:30 p.m.
3:30-3:50 p.m.
3:50-4:50 p.m.
4:50-5:00 p.m.
Data Standards (Status and Application)
Status of 2185, 2180.2, and
Metadata Standards
Scientific Metadata Application—
An EMAP Case History
Geographical Information Systems
Break
Data Elements Standards
Discussion
Lunch
Auditing Case Histories
Systems Audit
Good Automated Laboratory Practices
(GALP) Audit
Data Audit
Break
Discussion
Closing Remarks
Richard J. Johnson
Robert Shepanek
Q) David Catlin
Larry A. Fitzwater
Jeffrey Worthington
George M. Brilis/RoJeanne Liu
Marcus Kantz
Nancy W. Wentworth
3
-------�
NATIONAL TECHNICAL WORKSHOP 8/14/96
ON QUALITY ASSURANCE IN INFORMATION MANAGEMENT
August 20-22,1996
Speaker List
Nancy H. Adams, Ph.D.
Quality Assurance Officer
TSB/APPCD/NRMRL (MD-91)
U.S. Environmental Protection Agency
Research Triangle Park, NC 27711
(919) 541-5510
FAX: (919)541-0496
e-mail: adams.nancy@epamail.epa.gov
Robert B. Ambrose, Jr.
Environmental Engineer
NERL, EAD
U.S. Environmental Protection Agency
960 College Station Road
Athens, GA 30605
(706) 546-3323
FAX: (706)546-3636
e-mail: ambrose.robert@epamail.epa.gov
Wendy Blake-Coleman
Senior Management Analyst
Office of Water
U.S. Environmental Protection Agency
401 M Street, SW (4101)
Washington, DC 20460
(202) 260-5680
FAX: (202) 260-7926
George M. Brilis
Quality Assurance Scientist
U.S. Environmental Protection Agency
P.O. Box 93478
Las Vegas, NV 89193-3478
(702) 798-3128
FAX: (702)798-2233
David Catlin
Information Management Specialist
Enterprise Information Management
Office of Information Resources Management
U.S. Environmental Protection Agency
401 M Street, SW (3408)
Washington, DC 20460
(202) 260-3069
FAX: (202) 401-8590
e-mail: catlin.dave@epamail.epa.gov
Joseph Eidelberg
Quality Assurance Officer
U.S. Environmental Protection Agency
Region 9, P-3-2
75 Hawthorne Street
San Francisco, CA 94105
(415) 744-1536
FAX: (415)744-1476
e-mail: eidelberg.joe@epamail.epa.gov
Joseph B. Elkins
Quality Assurance Manager
Office of Air Quality Planning and Standards
(MD-14)
U.S. Environmental Protection Agency
Research Triangle Park, NC 27711
(919) 541-5653
FAX: (919)541-1903
e-mail: elkins.joe@epamail.epa.gov
Thomas Fioramonti
Computer Systems Analyst
Information Techonology Acquisition
OIRM/IRMPEP
U.S. Environmental Protection Agency
401 M Street, SW (3402)
Washington, DC 20460
(202) 260-8193
FAX: (202)260-3923
e-mail: tom.fiormonti@epamail.epa.gov
1
-------�
Larry A. Fitzwater
Computer Specialist
OIRM
U.S. Environmental Protection Agency
401 M Street, SW (3408)
Washington, DC 20460
(202) 260-3071
FAX: (202)401-8390
e-mai 1: fitzwater.larry@epamai 1 .epa.gov
John Irwin
Chief, Air Policy Support Branch
National Oceanic Atmospheric Administration
79 TW Alexander Drive, MD14
Research Triangle Park, NC 27711
(919) 541-5682
FAX: (919)541-0044
Richard J. Johnson
Management Analyst
U.S. Environmental Protection Agency
(MD-34)
Research Triangle Park, NC 27711
(919)541-1132
FAX: (919)541-1382
e-mail: johnson.rick@epamail.epa.gov
Marcus Kantz
Team Leader
Air and Water Quality Assurance Team
U.S. Environmental Protection Agency
Region II
2890 Woodbridge Avenue
Edison, NJ 08837-3679
(908)321-6690
FAX: (908)906-6824
Linda Kirkland
Environmental Scientist
NCERQA/QAD
U.S. Environmental Protection Agency
401 M Street, SW (8724)
Washington, DC 20460
(202) 260-5775
FAX: (202)401-7002
Joseph C. Lentini
Management Analyst
OIRM/IRMPED
U.S. Environmental Protection Agency
401 M Street, SW (3404)
Washington, DC 20460
(202) 260-2394
FAX: (202)260-3923
e-mail: lentini.joseph@epamaiI.epa.gov
Rob LeVine
Computer Specialist-Security
Enterprise Technology Services Division
U.S. Environmental Protection Agency
(MD-34)
Research Triangle Park, NC 27711
(919) 541-7924
FAX: (919) 541-0160
e-mail: levine.rob@epamail.epa.gov
RoJeanne Liu
Senior Evaluator/Computer Specialist
U.S. General Accounting Office
301 Howard Street, Suite 1200
San Francisco, CA 94105
(415)904-2000
FAX: (415)904-2111
email: liur.sfro@gao.gov
Lee Manning
AWPD
U.S. Environmental Protection Agency
401 M Street, SW(4503F)
Washington, DC 20460
(202)260-6082
FAX: (202) 260-7024
e-mail: manning.lee@epamail.epa.gov
Michael L. Miller
Agency Records Officer
OIRM/EIMD
U.S. Environmental Protection Agency
401 M Street, SW (3408)
Washington, DC 20460
(202)260-5911
FAX: (202)401-8390
e-mail: miller.michael-oirm@epamail.epa.gov
2
-------�
Joan H. Novak
Chief, Modeling Systems Analysis Branch
Atmospheric Modeling Division, NERL
U.S. Environmental Protection Agency
4201 Building
79 TW Alexander Drive
Research Triangle Park, NC 27711
(919)541-4545
FAX: (919) 541-1379
Robert Shepanek
Information Management Coordinator
U.S. Environmental Protection Agency
401 M Street, SW (8601)
Washington, DC 20460
(202) 260-3255
FAX: (202)260-0393
e-mai 1: shepanek.robert@epamail .epa.gov
Phil Strobel
Environmental Engineer
Great Lakes Program (6-93)
U.S. Environmental Protection Agency
77 West Jackson Boulevard
Chicago, IL 60604
(312)353-7996
FAX: (312)353-2018
email: strobel.philip@epamail.epa.gov
Nancy W. Wentworth
Director, Quality Assurance Division
U.S. Environmental Protection Agency
401 M Street, SW (8724)
Washington, DC 20460
(202) 260-5763
FAX: (202)401-7002
e-mail: wentworth-nancy@epamail.epa.gov
Jerry Widdowson
Acting Chief
Systems Support Branch
Enterprise Systems Division
U.S. Environmental protection Agency
401 M Street, SW (3409)
Washington, DC 20460
(703) 908-2660
FAX: (703) 908-2422
Jeffrey Worthington
Quality Assurance Manager
NRMRL
U.S. Environmental Protection Agency
26 West Martin Luther King Drive, Room G-77
Cincinnati, OH 45268
(513)569-7166
FAX: (513)569-7585
3
-------�
NATIONAL TECHNICAL WORKSHOP ON 8/14/96
QUALITY ASSURANCE IN INFORMATION MANAGEMENT
August 20-22, 1996
Participant List
Ernest L. Arnold
Regional Quality Assurance Manager
U.S. EPA - Region VII
25 Funston Road
Kansas City, KS 66115
Phone No.: (913)551-5194
Fax No.: (913) 551-5218
Lara Patterson Autry
Statistician
U.S. EPA
MD-19
RTP, NC 27711
Phone No.: (919) 541-5544
Fax No.: (919) 541-1039
E-Mail: autry.lara@epamail.epa.gov
Allan R. Batterman
Quality Assurance Manager
NHEERL, MED-Duluth
U.S. EPA
6201 Congdon Boulevard
Duluth, MN 55804
Phone No.: (218) 720-5733
Fax No.: (218) 720-5703
E-Mail: batterman.allan@epamail.epa.go
Thomas L. Baugh
Quality Assurance Coordinator
National Center for Environmental Assessment
U.S. EPA - NCEA
401 M Street, SW (8623)
Washington, DC 20460
Phone No.: (202) 260-8936
Fax No.: (202) 401-8533
William G. Benjey
Physical Scientist
U.S. EPA - NERL
AMD (MD-80)
RTP, NC 27711
Phone No.: (919) 541-0821
Fax No.: (919) 541-1379
E-Mail: benjey@hpcc.epa.gov
Dorothy Bertino
Quality Assurance Manager
U.S. EPA - NRMRL/SPRD
P.O. Box 1198
ADA, OK 74820
Phone No.: (405) 436-8997
Fax No.: (405) 436-8528
E-Mail: bertino.dorothy@epamail.epa.gov
Malcolm Bertoni
Senior Environmental Scientist
Research Triangle Institute
1615 M Street, NW, Suite 740
Washington, DC 20036
Phone No.: (202) 728-2067
Fax No.: (202) 728-2095
E-Mail: mjb@rti.org
Louis J. Blume
Quality Assurance Manager
Great Lakes National Program Office
U.S. EPA
77 W. Jackson Boulevard
Chicago, IL 60604-3590
Phone No.: (312) 353-2317
Fax No.: (312) 353-2018
1
-------�
Andrew E. Bond
Acting Chief
Quality Assurance Branch, AMRD
U.S. EPA - NERL
MD-77B, ERC Annex
79 West Alexander Drive
RTP.NC 27711
Phone No.: (919) 541-4329
Fax No.: (919) 541-7953
E-Mail: bond.andrew@epamail.epa.gov
Mollie D. Borden
Laboratory Automation Branch Manager
Texas Department of Health
1100 West 49th Street
Austin, TX 78756-3199
Phone No.: (512) 458-7111
Fax No.: (512) 458-7294
E-Mail: mborden@laba.tdh.state.tx.us
Milton Bowen
Engineering Technician
U.S. EPA - NERL
MD-76
RTP, NC 27711
Phone No.: (919)541-3128
Fax No.: (919) 541-3451
E-Mail: bowen.milton@epamai 1.epa.gov
James N. Braddock
Research Chemist
U.S. EPA
MD-46
RTP, NC 27711
Phone No.: (919) 541-3881
Fax No.: (919)541-1111
Martin W. Brossman
Quality Assurance Officer
U.S. EPA - OWOW
401 M. Street, SW
Washington, DC 20460
Phone No.: (202) 260-7023
Fax No.: (202) 260-1977
E-Mail: brossman.martin@epamail.epa.gov
Dwight A. Clay
Program Manager
U.S. EPA - OIRM/ETSD
MD 34
4201 Alexander Drive
RTP, NC 27711
Phone No.: (919) 541-0440
Fax No.: (919) 541-7670
E-Mail: clay.dwight@epamail.epa.gov
Brenda J. Combs
Applications Data Team Leader
U.S. EPA
999 18th Street - Suite 500
Denver, CO 80202
Phone No.: (303) 312-6531
Fax No.: (303) 312-6961
E-Mail: combs.brenda@epamail.epa.gov
Richard E. Cooney
Inspector
U.S. EPA
401 M Street, SW (2225A)
Washington, DC 20460
Phone No.: (202) 564-4202
Fax No.: (202) 564-0029
Brenda T. Culpepper
Quality Assurance Manager
U.S. EPA - NHEERL
86 Alexander Drive
RTP, NC 27711
Phone No.: (919)541-0153
Fax No.: (919) 541-5394
E-Mail: culpepper@herl45.herl.epa.gov
Mark Doehnert
Environmental Engineer/Quality Assurance
Manager
U.S. EPA - OAR/ORIA
401 M. Street, SW (6603J)
Washington, DC 20460
Phone No.: (202) 233-9386
Fax No.: (202) 233-9650
E-Mail: doehnert.mark@epamail.epa.gov
2
-------�
Brian K. Eder, Ph.D.
NOAA Meteorologist
Atmospheric Modeling Division (MD-80)
U.S. EPA - NERL
RTP, NC 27711
Phone No.: (919) 541-3994
Fax No.: (919) 541-1379
E-Mail: eder@hpcc.epa.gov
Richard L. Edmonds
Director
Quality Assurance Program
U.S. EPA - Region 8
999 18th Street, Suite 500
Denver, CO 80470-9208
Phone No.: (303) 312-6982
Fax No.: (303) 312-6067
Vance S. Fong
Quality Assurance Manager
U.S. EPA - Region 9
P-3-2, 75 Hawthorne Street
San Francisco, CA 94105
Phone No.: (415) 744-1492
Fax No.: (415) 744-1476
Mike Gage
Psychologist
U.S. EPA
86 Alexander-ERC
MD-70
RTP, NC 27711
Phone No.: (919) 541-2450
Fax No.: (919) 541-5394
E-Mail: gage@herlus.herl.epa.gov
Betsy Grim
Chemist
U.S. EPA
2029 Hunter Mill Road
Vienna, VA 22181
Phone No.: (703) 305-7634
Fax No.: (703) 305-6309
E-Mail: grim.betsy@epamail.epa.gov
Diane Harris
Environmental Protection Specialist
U.S. EPA - Region 7
25 Funston Road
Kansas City, KS 66115
Phone No.: (913)551-5185
Fax No.: (913) 551-5218
Terry Harrison
Environmental Engineer
SCGA, EMAD, OAQPS, OAR
U.S. EPA
MD-19, Emission Measurement Center
RTP, NC 27711
Phone No.: (919) 541-5233
Fax No.: (919) 541-1039
E-Mail: harrison.teny@epamail.epa.gov
Samuel L. Hayes
Quality Assurance Specialist
U.S. EPA, NRMRL/CI
26 W. Martin Luther King Drive (MSG-77)
Cincinnati, OH 45268
Phone No.: (513) 569-7514
Fax No.: (513) 569-7585
E-Mail: hayes.sam@dpamail.epa.gov
Barbara A. Hughes
Quality Assurance Coordinator
Denver Federal Center
U.S. EPA - NEIC
Building 53, Box 25227
Denver, CO 80222
Phone No.: (303) 236-5132
Fax No.: (303) 236-5116
E-Mail: hughes.barbara@epamail.epa.gov
Don Johnson
Quality Assurance Analyst
U.S. EPA - Region 6
1445 Ross Avenue
Dallas, TX 75202-2733
Phone No.: (214) 665-8343
Fax No.: (214) 665-2168
E-Mail: johnson.donald@epamail.epa.gov
3
-------�
Lora Johnson
Director
Quality Assurance Division
U.S. EPA - NERL
26 W. Martin Luther King Drive
Cincinnati, OH 45268
Phone No.: (513) 569-7299
Fax No.: (513) 569-7424
E-Mai 1: johnson.lora@epamai 1 .epa.gov
Charles Jones, Jr.
Regional Quality Assurance Officer
U.S. EPA, Region 3
841 Chestnut Building
Philadelphia, PA 19107
Phone No.: (215) 566-2782
Fax No.: (215) 566-2782
Gordon E. Jones
Environmental Scientist
U.S. EPA - Region 5
77 W. Jackson Boulevard
Mail Code AR-18J
Chicago, IL 60626
Phone No.: (312) 353-3115
Fax No.: (312) 336-5824
E-Mail: jones.gordon@epamail.epa.gov
Ann Kern
Quality Assurance Coordinator
U. S. EPA
26 W. Martin Luther King Drive
Cincinnati, OH 45268
Phone No.: (513) 569-7635
Fax No.: (513) 569-7585
E-Mail: leitzinger.ann@epamail.epa.gov
Sharon LeDuc
Physical Scientist
U.S. EPA - NERL/ASMD
MD-80
RTP.NC 27711
Phone No.: (919) 541-1335
Fax No.: (919) 541-1379
E-Mail: leduc@hpcc.epa.gov
Joseph A. LiVolsi, Jr.
Quality Assurance Officer
U.S. EPA - Atlantic Ecology Division
27 Tarzwell Drive
Narragansett, RI 02882
Phone No.: (401) 782-3163
Fax No.: (401) 782-3030
E-Mail: livolsi.joseph@epamail.epa.gov
Stewart Lombard
Quality Assurance Specialist
Washington Department of Ecology
P.O. Box 488
Manchester, WA 98353-0488
Phone No.: (360) 895-4649
Fax No.: (360) 895-4648
E-Mail: slom461@ecy.wa.gov
Susan Lumpkin
Physician Science Technician
U.S. EPA - NERL
MD-76
RTP, NC 27711
Phone No.: (919) 541-4292
Fax No.: (919) 541-3451
E-Mail: lumpkin.mary@epamail.epa.gov
Thomas Lumpkin
Environmental Engineer
U.S. EPA - NERL
MD-76
RTP, NC 27711
Phone No.: (919) 541-3611
Fax No.: (919) 541-3451
E-Mail: lumpkin.thomas@epamail.epa.gov
Jesse Mabellos
Quality Assurance Manager
RASD/SSTSB
U.S. EPA - NHEERL
MD-70
RTP, NC 27711
Phone No.: (919) 541-3743
Fax No.: (919) 541-5394
E-Mail: mabellos@herl45.herl.epa.gov
4
-------�
John Martinson
Deputy Quality Assurance Manager
U.S. EPA - ORD/NERL
26 W. Martin Luther King Drive (MS587)
Cincinnati, OH 45268
Phone No.: (513) 569-7564
Fax No.: (513) 569-7424
E-Mail: martinson.john@epamail.epa.gov
Don Matheny
Chemist
Quality Assurance & Data Unit, OEA
M.S.-OEA-095
U.S. EPA - Region 10
1200 6th Avenue
Seattle, WA 98101
Phone No.: (206) 553-2599
Fax No.: (206) 553-8210
E-Mail: matheny.Don@epamail.epa.gov
Ron Matheny
Operations Research Analyst
U.S. EPA, NERL
MD-75A
RTP, NC 27711
Phone No.: (919) 541-2983
Fax No.: (919) 541-0920
E-Mail: matheny@epamail.epa.gov
Kaye Mathews
Quality Assurance Representative
Information Branch
U.S. EPA - NEIC
Building 53, Box 25227
Denver Federal Center
Denver, CO 80225
Phone No.: (303) 236-5111
Fax No.: (303) 236-5116
E-Mail: mathews-kay@epamail.epa.gov
Doris L. Maxwell
Management Analyst
U.S. EPA - OAQPS/ESD
MD-13
RTP, NC 27711
Phone No.: (919) 541-5312
Fax No.: (919) 541-0072
Kim A. McClellan
Quality Assurance Coordinator
U.S. EPA
26 W. Martin Luther King Drive (MS-G-77)
Cincinnati, OH 45268
Phone No.: (513) 569-7214
Fax No.: (513) 569-7585
E-Mail: mcclellan.kim@epamail.epa.gov
Willie McLeod
Chemist
U.S. EPA - NERL
MD-76
RTP, NC 27711
Phone No.: (919)541-4124
Fax No.: (919) 541-3451
E-Mail: mcleod.willie@epamail.epa.gov
Daphne McMurrer
Program Specialist
OPPR
TX Natural Resource Conservation Commission
MC 112
P.O. Box 13087
Austin, TX 78711-3087
Phone No.: (512) 239-5920
Fax No.: (512) 239-3165
James B. Moore
Quality Assurance Coordinator
National Air & Environmental Radiation
U.S. EPA
540 South Morris Avenue
Montgomery, AL 36115-2601
Phone No.: (334) 270-3451
Fax No.: (334) 270-3454
E-Mail: moore.james@epamail.epa.gov
Jeanne Mourrain
NELAC Director
U.S. EPA - NERL
MD-75
RTP, NC 27711
Phone No.: (919)541-1120
Fax No.: (919)541-4101
E-Mail: mourrain.jeanne@epamail.epa.gov
5
-------�
W. Ray Murray
Environmental Quality Specialist
TX Natural Resource Conservation Commission
MC-129
P.O. Box 13087
Austin, TX 78711-3087
Phone No.: (512) 239-6877
Fax No.: (512) 239-6990
E-Mail: rmurray@smtpgate.tnrccstate.tx
David Musick
Quality Assurance Officer
Office of Air Quality Planning & Standards
Emissions, Monitoring, & Analysis Division
U.S. EPA - OAQPS
MD-14
RTP, NC 27711
Phone No.: (919) 541-2396
Fax No.: (919) 541-1903
E-Mail: musick.david@epamail.epa.gov
Brenda Odom
Statistician
Quality Assurance Division
U.S. EPA
401 M Street, SW (8724)
Washington, DC 20460
Phone No.: (202) 260-8194
Fax No.: (202) 401-7002
E-Mail: odom-brenda@epamail.epa.gov
Dale Pahl
Associate Lab Director
Division of Multimedia Research
U.S. EPA - NERL/OD
212 Catawba Building (MD-75)
RTP, NC 27704
Phone No.: (919) 541-1851
Fax No.: (919) 541-3615
Michael Papp
Environmental Scientist
U.S. EPA - OAQPS
MD-14
RTP, NC 27711
Phone No.: (919) 541-2408
Fax No.: (919) 541-1903
Ronald K. Patterson
Physical Science Administrator
Atmospheric Processes Research Division
U.S. EPA - ORD/NERL
MD-77
RTP, NC 27711
Phone No.: (919) 541-3779
FaxNo.: (919) 541-0239
E-Mail: patterson.ronald@epamail.epa.gov
Linda Pettit-Waldner
Computer Specialist
U.S. EPA - OIG
401 M Street, SW
Room 3606, MC 2421
Washington, DC 20460
Phone No.: (202) 260-7603
FaxNo.: (202) 260-1896
E-Mail: linda-pettit-waldner@epamail.epa.gov
John D. Pope
Quality Assurance Manager
U.S. EPA
College Station Road
Athens, GA 30605
Phone No.: (706) 546-2249
Fax No.: (706) 546-2459
E-Mail: pope.john@epamail.epa.gov
Linda F. Porter
Quality Assurance Manager
U.S. EPA
MD-75
RTP, NC 27711
Phone No.: (919) 541-2365
Fax No.: (919) 541-7588
E-Mail: porter.linda@epamail.epa.gov
Mike Ray
Quality Assurance Manager
U.S. EPA - NHEERL
86 Alexander Drive, (MD-58A)
RTP, NC 27711
Phone No.: (919) 966-0625
FaxNo.: (919) 966-6212
E-Mail: ray.mike@epamail.epa.gov
6
-------�
Stephen Remaley
Region 9 Tech. Project Officer
U.S. EPA - Region 9
P-3-2, 75 Hawthorne Street
San Francisco, CA 94105
Phone No.: (415) 744-1496
Fax No.: (415) 744-1476
William L. Richardson
Environmental Engineer
ORD/NHEERL/MED-Duluth/LLRS
U.S. EPA - NHEERL
9311 Gion Road
Grosse lie, MI 48138
Phone No.: (313) 692-7611
Fax No.: (313) 692-7603
E-Mail: wlr@lloyd.grl.epa.gov
Ron Rogers
Quality Assurance Manager
National Health & Environmental Effects
Research Laboratory
ORD/NHEERL/RASD/SSTSB
U. S. EPA
MD-70
RTP.NC 27711
Phone No.: (919) 541-2370
Fax No.: (919) 541-5394
E-Mail: rogers@herl45.herl.epa.gov
Roseanne Sakamoto
Environmental Scientist
U.S. EPA
75 Hawthorne Street, P-3-2
San Francisco, CA 94105
Phone No.: (415) 744-1535
Fax No.: (415) 744-1476
Edward S. Scarabin
Electronic Technician
U.S. EPA - NERL
MD-76
RTP, NC 27711
Phone No.: (919) 541-2508
Fax No.: (919) 541-3451
E-Mail: scarabin.steve@epamail.epa.gov
George C. Schupp
Quality Assurance Manager
U.S. EPA - Region 5
77 W. Jackson Boulevard
Mail Code M-14J
Chicago, IL 60564
Phone No.: (312) 886-6221
Fax No.: (312) 353-4342
E-Mail: schupp.george@epamail.epa.gov
Charles Sellers
Chemist
U.S. EPA
401 M. Street, SW
Washington, DC 20460
Fax No.: (703) 308-0511
Peter Zhongping Shen
Inorganic Branch Supervisor
Environmental Sciences Division
Texas Department of Health
1100 West 49th Street
Austin, TX 78756
Phone No.: (512) 458-7111
Fax No.: (512) 458-7757
E-Mail: pshen@labb.tdh.state.tx.us
Guy Simes
Quality Assurance Specialist
U.S. EPA - NRMRL/CI
26 W. Martin Luther King Drive (MSG77)
Cincinnati, OH 45268
Phone No.: (513) 569-7845
Fax No.: (513) 569-7585
E-Mail: simes.guy@epamail.epa.gov
Theresa Simpson
Environmental Scientist
Research & Science Branch
U.S. EPA
401 M Street, SW (2421)
Washington, DC 20460
Phone No.: (202) 260-3276
Fax No.: (202)260-3030
E-Mail: simpson-terry@epamail.epa.gov
7
-------�
A1 Smith
Regional Quality Assurance Manager
U.S. EPA - Region 6
1445 Ross Avenue
Dallas, TX 75202-2733
Phone No.: (214) 665-8347
Fax No.: (214) 665-2168
E-Mail: smith.alva@epamail.epa.gov
James T. Stemmle
Environmental Scientist
U.S. EPA - QAD
401 M Street, SW (8724)
Washington, DC 20460
Phone No.: (202) 260-7353
Fax No.: (202) 401-7001
E-Mail: stemmle.james@epamail.epa.gov
Jose Sune
Environmental Engineer
U.S. EPA - NERL
MD-76
RTP.NC 27711
Phone No.: (919)541-3127
Fax No.: (919) 541-3451
E-Mail: sune.jose@epamail.epa.gov
James L. Sutton
Quality Assurance Manager
U.S. EPA
86 Alexander-ERC
MD-70
RTP, NC 27711
Phone No.: (919) 541-7610
Fax No.: (919) 541-5394
E-Mail: sutton.james@epamail.epa.gov
Gene Tatsch
Environmental Scientist
Research Triangle Institute
P.O. Box 12194
RTP, NC 27709
Phone No.: (919) 541-6930
Fax No.: (919) 541-7215
E-Mail: cet@rti.org
Cheng-Wen Tsai
U.S. EPA - Region 5
22W181 Irving Park Road
Medinah, IL 60157
Phone No.: (312) 886-6234
Fax No.: (312) 353-4342
John Wall
Physician Science Technician
U.S. EPA - NERL
MD-76
RTP, NC 27711
Phone No.: (919)541-3108
Fax No.: (919) 541-3451
E-Mail: wall.john@epamail.epa.gov
Michael Zelenka
Meteorologist
U.S. EPA - NERL
MD-56
RTP, NC 27711
Phone No.: (919) 541-1326
Fax No.: (919) 541-1486
E-Mail: zelenka.michael@epamail.epa.gov
8
-------�
EPA's QA Community
(Note: The area code for all HQ Phone numbers with the "260-" exchange is 202)
Group Name Phone Mail Code Email Access Code Fax Number
QAD
QAD
DIXON, Tom
260-5780
8724 dixon-thomas
401-7002
QAD
HAEBERER, Fred
260-5785
8724 haeberer-fred
401-7002
QAD
JOHNSON, Gary
919/541-7612
MD-75A johnson-gary
919/541-4101
QAD
KIRKLAND, Linda
260-5775
8724 kirkland-linda
401-7002
QAD
LAFORNARA, Patricia
908/906-6988
MS-104 lafornara-patricia
908/321-6640
QAD
MAISONNEUVE, Betty
260-5781
8724 maisonneuve.betty
260-0929
QAD
ODOM, Brenda
260-8194
8724 odom-brenda
401-7002
QAD
RENARD, Esperanza
908/321-4355
MS-104 renard-esperanza
908/321-6640
QAD
PLOST, Charles
260-5796
8724 plost-charies
401-7002
QAD
STEMMLE, James
260-7353
8724 stemmle-james
401-7002
QAD
WARREN, John
260-9464
8724 vrarren-john
401-7002
QAD
WENTWORTH, Nancy
260-5763
8724 wentworth-nancy
401-7002
OAR
National Program Offices
OARM
OECA
OPPE
OPPTS
OSWER
OW
AA QA rep
RIORDAN, Courtney
260-5956
6102
riordan-courtney
260-5155
OAP
LIEBERMAN, Elliot
202/233-9136
6204J
lieberman-elliot
202/233-9585
OAQPS
ELKINS, Joe
919/541-5653
MD-14
elkins-joe
919/541-1903
PAPP, Michael
919/541-2408
MD-14
papp-michael
919/541-1903
WAITE, Rand/
919/541-5447
MD-14
waite-randy
919/541-1903
AUTRY, Lara
919/541-5544
MD-14
autry- lara
919/541-1039
MUSICK, David
919/541-2396
MD-14
musick-david
919/541-1903
OMS
GRUNDLER, Christopher
313/668-4207
grundler-christopher
313-668-4531
ORIA
DOEHNERT, Mark
233-9386
6601J
doehnert-mark
233-9650
MOORE, Jim (NAREL)
334/270-3451
moore-james
334/270-3454
LEVY, Richard (LV)
702/798-2466
levy-richard
702/798-2465
AAQA rep
OA
PASTORE, Tom
260-2084
3201
pastore-tom
260-6591
DAVIDSON, Jeff
260-1650
3207
davidson-jeff
260-0215
FFEO
FRANKLIN, Don
564-2463
2261A
OC
BROZENA, Steve
202/564-4126
2225A
564-0029
OCEFT
TOPPER, Martin
564-2564
2231A
hughes-barba'ra
501-0599
HUGHES, Barbara (QAM)
303/236-5132x276
303/236-5116
MATHEWS, Kaye
-5111x285
mathews-kaye
"
YARBROUGH, Kenna
-3636x532
yarbrough-kenna
303/236-7692
ALEYNIKOV, Marina
-5132x212
aleynikov-marina
303/238-5116
RECKTENWALL, Wendy
-3636X265
recktenwall-wendy
•
OEJ
GAYLORD, Clarice
564-2515
2201A
gaylord-clarice
501-0740
OFA
BIGGS, B. Katherine
564-7144
2252A
biggs-katherine
564-0072
ORE
OLESON, Don
564-5558
2243
564-0054
OSRE
JOJOKIAN, Jack
564-6058
2271A
jojokian-jack
AA QA rep
OSPED
GARETZ, William
260-2684
2163
garetz-william
260-4968
AA QA rep
UHLIG, Marylouise
260-2906
7101
uhlig-marylouise
260-1847
OPP
GRIM, Betsy (co-QAM)
703/305-7634
7507C
grim-betsy
703/305-6309
SHAMIM, Mah (co-QAM)
703/305-5205
7507C
shamim-mah
703/305-6309
JENKINS, Jean (QAO for Reg )
703/305-7443
7505C
703/305-5786
BYRNE. Christian (MS Lab)
601/688-3213
7503W
cbyrne@nrcssc.navy.mil
601/688-3536
WRIGHT, Dallas(MD Lab) "
301/504-8225
7403
wright-dailas
301/344-8060
OPPT
GLATZ, Jay
260-3990 *
7401
glatz-joseph
260-6704
AA QA rep
JOVER, Tony
260-2387
5101
jover-tony
260-6754
OERR
GEUDER, Duane (QAM)
703/603-8891
5201G
geuder-duane
703/603-9132
COAKLEY, Bill
908/321-8921
5204
coakley-william
908/906-6921
WAETJEN, Hans
703/603-8906
5201 G waetjen-hans
703/603-9133
OSW
SELLERS. Charles
260-3282
5304
sellers-charles
260-1381X
OUST
DEPONT, Lynn
703/603-7148
5401G
depont-lynn
703/603-9163
AAQA rep
COLEMAN, Wendy Blake
260-5680
4101
coleman-wendy
260-7923
OGWDW
CLARK, Steve (QAM)
260-7575
4603
clark-stephen
260-3762
MADDING, Carol
513/569-7402
madding-caroline
513-684-7191
SMITH, Bob
260-5559
4602
smith-robert-e
260-0732
SEXTON. Jeff
260-7276
4604
sexton-jeff
OST
TELLIARD, Bill
260-7134
4303
telliard-william
260-7185
OWM
WALKER, John (QAM)
260-7283
4204
walker-john
260-1827
BELL, Brian
260-6057
4203
bell-brian
260-1460
OWOW
BROSSMAN, Martin
260-7023
4503
brossman-martin
260-1977
PAN, Paul
260-9111
4504F
pan-paul
260-9960
SIPPLE, William
260-6066
4502F
sipple-william
260-8000
Date of printout: 08:43/06Aug96
-------�
Group
Name
Phone
Mail Code Email Access Code
Fax Number
Regional Offices
Region 1
BARMAKIAN, Nancy
617/860-4684
barmakian
617/860-4397
Region 2
RUNYON, Bob
908/321-6645
runyon-robert
908/906-6824
Region 3
JONES, Charles Jr. (QAM)
215/566-2734
3ES00 jones-chariie
215/566-2782
SIMS, Diann
410/573-2748
3ES30 sims-dtann
410/573-6888
METZGER, Cynthia
410/573-2735
metzger-cynthia
410/573-2771
Region 4
BENNETT,Gary
706/546-3287
bennett-gary
706/546-3375
Region 5
SCHUPP, George
312/886-6221
schupp-george
312/353-4342
Region 6
SMITH, Alva
214/665-8347
6EN-XQ smith-alva
214/665-2186
DOUCET, Lisa
713/983-2129
feldmarv4isa
713/983-2124 or 2248
Region 7
ARNOLD, Ernie
913/551-5194
amoW-emie
913/551-5218
Region 8
EDMONDS, Rick
303/312-6982
edmonds.richard
303/312-6067
Region 9
FONG, Vance
415/744->492
fong-vance
415/744-1476
Region 10
TOWNS, Barry
206/553-1675
ES-095 towns-barry
206/553-8210
ORD
NCERQA
PARRY, Nan
260-0900
8721
parry-nan
260-0929
NCEA
NOLAN, Melvin (QAM)
260-5975
nolan-melvin
260-0393
Washington
BAUGH, Tom
260-8936
8603
baugh-thomasl
202/260-1722
a
WILLIAMS, Doug
513/569-7361
MD-185 williams-doug
513/569-7475
RTP
RAY, Diane
919/541-3637
MD-52
ray-diane
919/541-1818
NHEERL
ROGERS, Ronald
919/541-2370
MD-70
rogers-ron
919/541-5394
CULPEPPER,Brenda (ETD)
919/541-0153
MD-70
culpepper-brenda
919/541-5394
MABELLOS, Jesse (ECD)
919/541-3743
MD-70
mabeiios-jesse
919/541-5394
RAY, Mike (HSD)
919/966-0625
MD-58A
ray-mike
919/966-6212
SUTTON, Jim (ND)
919/541-7610
MD-70
sutton-james
919/541-5394
GED (GB)
MOORE, James C.
904/934-9236
moore-jim
904/934-9201
BORTHWICK, Patrick
904/934-9357
borthwick-patrick
904/934-9201
MCED (Duluth)
BATTERMAN, Allen
218/720-5733
batterman-allen
218/720-5539
(Grosse lie)
RYGWELSKI, Ken
313-692-7641
rygwelski-kenneth
313/692-7603
WED (Cotvaliis)
MCFARLANE, Craig (QAM)
503/754-4670
mcfarlane-craig
503/754-4614
HENDRICKS, Charles
503/754-4718
hendricks-chartes
503/754-4614
RATSCH, Hitman
503/754-4635
ratsch, hilman
503/754-4614
(Newport)
RANDALL. Robert (ret)
503/867-4026
randali-bob
503/867-4049
AED (Narragan.)
LIVOLSI, Joe
401/782-3163
livolsi-joseph -
401/782-3030
NRMRL (Cinti) WORTHINGTON, Jeff
513/569-7166
G-77
worthington-jeffrey
513/569-7585
HAYES, Sam
513/569-7514
G-77
hayes-sam
513/569-7585
LEITZINGER Ann
513/569-7635
G-77
ieitzinger-ann
513/569-7585
McCLELLAN, Kim
513/569-7214
G-77
mcclellan-ktm
513/569-7585
PETERSON, Garth
513/569-7560
G-77
peterson-garth
513/569-7585
SIMES, Guy
513/569-7845
G-77
8imes-guy
513/569-7585
APPCD (RTP)
ADAMS, Nancy (QAM)
919/541-2510
MD-49
adams-nancy
919/541-1536
FORD, Judith
919/541-2550
MD-49
ford-judy
919/541-1536
WASSON, Shirley
919/541-1439
MD-49
wasson-shirtey
919/541-1536
RYAN, Jeff
919/541-1437
MD-49
ryan-jeff
919/541-1536
SHORES, Richard
919/541-4983
MD-49
shores-richard
919/541-1536
SPSD (Ada)
BERTINO, Dorothy
405/436-8997
bertino-dorothy
405/436-8529
NERL
JOHNSON, Lora
513/569-7299
MS587
johnson-lora
513/569-7424
MARTINSON, John
513/569-7564
MS587
martinson-john
513/569-7424
APRD (RTP)
PORTER, Linda
919/541-2365
MD-78A porter-linda
919/541-0920
ERD (Athens)
SWANK, Robert (QAM)
706/546-3128
swank-robe rt
706/546-2018
POPE, John
706/546-2247
pope-john
706/546-2018
CRD (LV)
WILLIAMS, Llewellyn
702/798-2138
williams-llewetyn
702/798-2233
BRILIS, George
702/798-3128
brillis-george
702/798-2233
I
1
Other QA People
EMMC MOURRAIN, Jeanne
919/541-1120
MD-77B mourrain-jeanne
919/541-7953
ORO FLETCHER, Bettina
260-4731
1503
fletcher-bettina
260-2159
GLNPO BLUME, Louis.
312/353-2317
blume-touis
312/353-2018
OIRM JOHNSON, Rick
919/541-1132
MD-34
johnson-rick
919/541-1191
hip
IJ!!
Mlii
IVIjlK'SiKliiisli'llMlililB liijllilliiii.:: ill. ,.1-ru
Togeta' copyiof thecurrentlist
Piiiiimi! rcniEi* mil Iimii !•: iiU'iiiiilniiriiii:.:, ir
!!!ll!i!!!l
.. mil.
-•'I'iMi1!!!!!!!
IMMlFifl
....
I lil'lillilllili'iiiilliiiiPi
i t 'I H: E! i v 21 i i i i M i i i r 1 ¦' [ t H t < h i i i! I m 11111 r m 111 i i
ontomakeanycorr
IUIUIIIIIIIII'IIImIiIIII
ctions;iiii>ii»nL
llllllllll!lllli!l!l||!IUI!
'Wfrfisv. a . a?. . .¦I'.vJrfX'X'M'l I
Date of printout: 17:03/05Aug96
-------�
QFE1CE OP INFORMATION RESOURCES MANAGEMENT
MANAGEMENT TEAM
Office Director, (Acting)
Paul Wohlleben
202-260-4465
202-260-5419
W1123
Deputy Director, OIRM (Acting)
Kathy
Petruccelli
202-260-4465
202-260-5419
W1123
Administrative Support Team (AST)
Terry Forrest
202-260-2411
202-260-2393
NE1301
Director, Policy and Evaluation
Division (TRMPED)
Michele Zenon
202-260-5916
202-260-3923
M2003
Director, IRM Planning Division
(IRMPD)
Mark Day
202-260-8672
202-260-2393
NE1301
Director, Enterprise Information
Management Division (EIM)
Rick Martin
202-260-2810
202-401-8390
NE1209
Director, Enterprise Systems
Division (ESD)
Sandy Martin
202-260-5220
202-260-0735
NE1301
-Chief, Central Systems Branch
Orlando Plater
202-260-5149
202-260-0735
NE1304
-Chief, Desktop Systems Branch
(Acting)
Connie Dwyer
202-260-5300
202-260-0735
NE1304
-Chief, Systems Support Branch
Jerry
Widdowson
703-908-2660
703-908-2422
SDC
Director, Enterprise Technology
Services Division (Acting)
Jerry Slaymaker
919-541-3483
919-541-0896
RTP-338
-Chief, Enterprise Computing
Services Branch
Walter
Shackelford
919-541-1190
919-541-0896
RTP-342
-Chief, Enterprise Network
Services Branch (Acting)
Bruce Almich
919-541-3306
919-541-0950
RTP-337
-Chief, Information Technology
Support and Acquisition Branch
Ted Harris
919-541-2538
919-541-5091
RTP-343
-Chief, Headquarters Services
Branch (Acting)
George Kranich
202-260-3602
202-260-7871
WTCA-25
T
Updated August 5,1996
-------�
IRM POLICY AND EVALUATION DIVISION (IRMPED)
Offices Located In M2003
Mail Coder-3404> 3.4-CQ
IRMPED FAX 260-3923
List Updated: August 5,1996
STAFF
TELEPHONE NUMBER
Suzanne Annand
Pgm.Revs. & Audits
260-6939
Mike Carpentier
Policy
260-2415
Tom Fioramonti
Acquisition/Delegations
260-8193
Linda Garrison
Pgm.Revs. & Audits
260-1705
Bill Gill
Secuirty
260-9380
Ariadne Goerke
Privacy Act
260-8298
Joe Lentini
Training
260-2394
Don McGinnis
Security
260-8671
Louise McLaurin
AARP
260-9491
Shirley Wolfe
AARP
260-5914
Michele Zenon
IRMPED Dir.
260-5916
-------�
OFFICE OF INFORMATION RESOURCES MANAGEMENT
SERVICES AND CONTACTS LISTING
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
Community-based Environmental
Protection (TRM)
Jacques Kapuscinski
202-260-3129
202-260-2393
Contracts, IRM
—Desktop Acquisition
Carolyn Chamblee
919-541-2553
919-541-5091
—GIS Software Contract
John Shirey
919-541-5730
919-541-7670
—Information Technology
Architectural Support (ITAS)
Tom Clemmer
919-541-1057
919-541-5091
—Library Contract
Irv Weiss
202-260-9388
202-260-3923
—MOSES Contract
Margarette Shovlin
Dwayne Aydlett
703-908-2405
703-908-2408
703-908-2422
703-908-2422
—Personal Computer Contract
Deb Singer
919-541-1487
919-541-5091
—Public Information Center
(PIC) Contract, HQ
Irv Weiss
202-260-9388
202-260-3923
—Public Information Center
Regional/Field Network
Gloris Butler
202-260-3639
202-260-7864
—Records Management Contract
Sharon Becker
202-260-2384
202-260-3923
—Systems Development Contract
Margarette Shovlin
Dwayne Aydlett
703-908-2405
703-908-2408
703-908-2422
703-908-2422
—Telecommunications Contract
Gregory Wadsworth
919-541-3668
919-541-0950
Data Management/Standards
Bruce Bargmeyer 6 !
J-arry Fitzwater i, ^ 1. ^
-Mike Holman
Beveriy Gregory
GcofT Steele
202-260-5306
202-260-3p7>,
202-260-3104
301-899-5913
202-260-5636
202-401-8390
202-401-8390
202-401-8390
301-899-5913
202-401-8390
Delegations, IRM
Tom Fioramonti
202-260-8193
202-260-3923
1
-------�
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
Disaster Recovery (Mainframe)
Janet Downey
919-541-3101
919-541-0160
Distributed Systems Support
(Windows/DOS/UNIX)
John McQuaid
Libby Smith
Timothy Hinds
919-541-7679
919-541-2795
919-541-3584
9! 9-541-0950
919-541-0950
919-541-7670
Earth Vision
Lynne Petterson
919-541-3582
919-541-7670
E-mail
Tommie Rogers
919-541-2377
919-541-0950
Envirofacts
Jeff Byron
Pat Garvey
202-260-3067
202-260-3103
202-401-8390
202-401-8390
Executive Steering Committee (ESQ
forIRM
Pam Shenefiel
Monica Lawson
202-260.5635
202-260-2406
202-260-2393
202-260-2393
Forms:
—Forms Officer
Mary Buckman
202-260-2866
202-260-2393
—Next Generation Electronic Forms
Tony Studer
Chris Bullock
202-260-5621
202-260-3298
202-260-0735
202-260-0735
—Office Forms facilitator (OFF)
Tony Studer
Lawrence Lee
Karen Phillips
202-260-5621
202-260-1042
202-260-4306
202-260-0735
202-260-0735
202-260-0735
Facility/Key Identifier
Jeff Byron
Pat Garvey
202-260-3067
202-260-3103
202-401-8390
202-401-8390
Gateway
Bill Muldrow
202-260-3628
202-260-0735
Geographic Information Systems
(CIS)
Andrew Battin
Dave Wolf
Ed Partington
Dave Catlin
202-260-3061
202-260-3075
202-260-3106
202-260-3069
202-401-8390
202-401-8390
202-401-8390
202-401-8390
IBM Systems
George LaForest
919-541-7905
919-541-7670
Information Resources Acquisitions
Tom Fioramonti
202-260-8193
202-260-3923
Information Services Team
Emma McNamara
202-260-1522
202-401-8390
Infoterra
Emma McNamara
202-260-1522
202-401-8390
2
-------�
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
Internet Data Management
Joe Anderson
Mike Weaver
Rachel VanWingen
Jonda Byrd
202-260-3016
202-260-3109
202-260-9709
513-569-7183
202-260-3091
202-401-8390
202-401-8390
202-401-8390
513-569-7186
202-401-8390
Internet Service Management
Stepher.Fogarty
919-541-5127
919-541-7670
LAN Applications (HQ)
George Hesselbacher
Thom ShurtlefT
202-260-2408
202-260-8625
202-260-0735
202-260-0735
LAN Support:
—HQ LAN Support
—LAN Program Coordinator
-LAN Services
—Oracle, Notes & Distributed LAN
Applications Support
Nancy Smith
Libby Smith
Sherrie Jameson
John McQuaid &
Libby Smith
202-260-8345
919-541-2795
919-541-4436
919-541-7679
919-541-2795
202-260-6636
919-541-0950
919-541-0950
919-541-0950
919-541-0950
Library:
-HQ
Irv Weiss
202-260-9388
202-260-3923
—Regional/Field Network
Jonda Byrd
513-569-7183
202-260-3091
513-569-7186
202-401-8390
Locator (Employee)
Dwight Rodgers
202-260-2082
202-260-7871
Macintosh Systems Support
Timothy Hinds
919-541-3584
919-541-7670
National Computer Center:
—Client Services
Ernie Watson
919-541-2143
919-541-0160
—Data Base Administration
Jim Obenschain
-919-541-2693
919-541-5091
—NCC Operations
Tom Birk
919-541-3533
919-541-7670
"NOTES" Applications
George Hesselbacher
202-260-2408
202-260-0735
Ombudsman, OERM
William Hooks
919-541-2817
919-541-1382
3
-------�
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
Planning:
—Architecture Plancing/Tecbnicai
Architecture
Francine Yoder
Don Worley
202-260-3250
919-541-2740
202-260-2393
919-541-5091
—Budget, Agencywide IRM
Pam Shenefiel
Shirley Station
202-260-5635
202-260-4503
202-260-2393
202-260-2393
—Central Processing/Capacity
Planning
John Gibson
919-541-0112
919-541-5091
—Program Office Multi-Year IRM
Planning
Phil Paparodis
Barbara Chancey
202-260-93*7
202-260-2247
202-260-2393
202-260-2393
—Strategic Planning for IRM
Pam Shenefiel
202-260-5635
202-260-2393
Policies, IRM
Mike Carpentier
202-260-2415
202-260-3923
Program Reviews & Audit
Coordination, IRM
Linda Garrison
Suzanne Annand
202-260-1705
202-260-6939
202-260-3923
202-260-3923
Privacy Act
Ariadne Goerke
202-260-8298
202-260-3923
Public Access
Rachel VanWingen
202-260-9709
202-401-8390
Public Information Center, HQ
Irv Weiss
202-260-9388
202-260-3923
Records Management
Michael-OIRM Miller
Harold Webster
Tammy Boulware
202-260-5911
202-260-5912
202-260-5142
202-260-3923
202-260-3923
202-260-3923
Remote Sensing
Tom Mace
919-541-2710
919-541-7670
Scientific Visualization
Lynne Petterson
919-541-3582
919-541-7670
Secure Communications Center
Bettie Botts
202-260-2077
202-260-7871
Security:
m,u
-OIRM National Applications
Sandra Hill
202-260-6304
202-260-0735
—Information Security Policies
Don McGinnis
202-260-8671
202-260-3923
—Information Security Program
Technical Issues
William GUI
202-260-9380
202-760-3923
4
-------�
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
—Network Security Audits and
Planning
Robert Lewis
919-541-4013
919r541-0160
Systems Development Center
Jerry Widdowson
703-908-2660
703-908-2422
Systems (Development/Support):
—Combined Payroll Redistribution
System (CPARS)
Keith Lewis
202-260-5238
202-260-5865
—Contracts Delivery Order
Tracking System (CDOTS)
Ken Schifter
202-260-8284
202-260-5865
—Contracts Information System
(CIS)
Ken Schifter
202-260-8284
202-260-5865
-Correspondence Tracking &
Information Management System
(CTTMS and NCTIMS)
Connie Dwyer
Pournima Soman
202-260-5300
202-260-4305
202-260-0735
202-260-0735
—Delivery Order Tracking System
(DOTS)
Sandra Hill
202-260-6304
202-260-0735
—EPA Payroll/Personnel System
(EPAYS and TAPP)
Dan Graves
202-260-8120
202-260-0735
—Facilities Index System (FINDS)
Daisy Beriingeri
202-260-1786
202-260-5865
-Freedom of Information
Management and Tracking
System (FOIMATS)
Connie Dwyer
Pournima Soman
202-260-5300
202-260-4305
202-260-0735
202-260-0735
—Grants Information and Control
System (GICS)
Connie Dwyer
Chris Clark
Betty McCIaugherty
202-260-5300
202-260-5022
202-260-5308
202-260-0735
202-260-0735
202-260-0735
—Government Information Locator
System (GILS)
Steve Huflbrd 9 j „
202-260-9732
202-401-8390
—Integrated Financial Management
System (TFMS)
Bill Grabsch
Phyllis Kozub
202-260-5151
202-260-2388
202-260-5865
202-260-5865
—Management Accounting and
Reporting System (MARS)
Bob Farmer
Joanne Grose
202-260-5148
202-260-4213
202-260-5865
202-260-5865
5
-------�
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
—Management Audit Tracking
System (MATS)
Thom ShurtlefT
202-260-8625
202-260-0735
—Personal Property Accountability
System (PPAS)
Ken Schifter
202-260-8284
202-260-0735
—Personnel/Payroll Reporting
System (PPRS)
Janice Kern
202-260-8123
202-260-0735
—Superfund Cost Recovery Image
Processing System (SCRIPS)
Susan Joan Smiley
Baker (Susan Smiley)
919-541-3993
919-541-5091
Supercomputing Center
Art Cullati
William Wallace
517-894-7695
517-894-7716
517-894-7777
517-894-7777
Taxonomy Standards and Database
Development
Barbara Lamborne
202-260-3643
202-401-8390
Telecommunications:
—Federal Telephone Services (FTS)
Support
Linda Ritch
919-541-7541
919-541-4444
—HQ Telephones and
Telecommunications
Nancy Smith
202-260-8345
202-260-6636
—Network Engineering
Bruce Almich
919-541-3306
919-541-0950
—Network Management
Myra Ezell
919-541-0780
919-541-0950
—Radio Frequency Management
George Kranich
202-260-3602
202-260-7871
—Regional Support for
Telecommunications
Linda Ritch
919-541-7541
919-541-4444
—Telecommunication Service
Requests (TSRs) - HQ
Nancy Smith
202-260-8345
202-260-6636
—Telecommunication Service
Requests (TSRs) - National
Bruce Almich
919-541-3306
919-541-0950
—Telecommunications Service
Contract
Dwight Rodgers
202-260-2082
202-260-7871
—Teleconferencing - Audio
Bettie Botts
202-260-2077
202-260-7871
—Teleconferencing - Video
Linda Ritch
919-541-7541
919-541-4444
6
-------�
Service
Contact Person/
E-mail Address
Telephone
Number
FAX
Number
Telephone Directories
Dwight Rodgers
202-260-2082
202-260-7871
Training Coordination, IRM
Joseph Lentini
202-260-2394
202*260-3923
UNIX:
—Desktop Applications
John Shirey
919-541-5730
919-541-7670
—Desktop Systems Support
Timothy Hinds
919-541-3584
919-541-7670
VAX Operations
Dwight Clay
919-541-0440
919-541-7670
Voice Mail Support:
—HQ Customers
Nancy Smith
202-260-8345
202-260-6636
—RTP & National Customers
Linda Ritch
919-541-7541
919-541-4444
Washington Information Center
(WIC) & Satellite Offices
Denny Daniel
202-260-7788
202-260-6636
Wide Area Network (WAN)
Bruce Almich
Myra Ezell
919-541-3306
919-541-0780
919-541-0950
919-541-0950
Working Capital Fund (WCF) for
IRM
Ellen Tvrdy
Durward Jones
919-541-7773
919-541-5043
919-541-0160
919-541-0160
7
-------�
KEY FEDERAL IRM STATUTES,
REGULATIONS & POLICIES
-------�
last update: 4/25/96
KEY FEDERAL IRM STATUTES/ REGULATIONS & POLICIES
ISM LAWS;
Paperwork. Reduction Act (P.L. 96-511), 1980 - The primary objective of this
Act is to reduce paperwork and enhance the economy and efficiency of the
government and private sector by improving Federal information policy
development and implementation. It established a new management structure for
the government's information activities. The structure is composed of (1) an
CMB Office of Information and Regulatory Affairs to develop and implement
consistent information policy and (2) senior officials appointed within each
agency to ensure effective and efficient management of the agency's
information resources. Hie following broad objectives for improving the
management of Federal information resources were also established:
a. Coordinating, integrating and, to the extent practicable and
appropriate, making uniform Federal information policies and
practices.
b. Minimizing the Federal paperwork burden for individuals, State and
local governments, and others.
c. Minimizing the cost to the Federal government of collecting,
maintaining, using and disseminating information.
d. Making maximum use of information collected by the Federal
government.
e. Ensuring that automatic data processing and telecorrrnunications
technologies are acquired and used by the Federal government in a
manner that improves service delivery and program management,
increases productivity, reduces waste and fraud, and reduces the
information processing burden for the Federal government and for
persons who provide information to the Federal government.
f. Ensuring that the collection, maintenance, use and dissemination
of information by the Federal government is consistent with
applicable laws relating to confidentiality and privacy.
Paperwork Reduction Reauthorization Act (P.L. 99-500), 1986 - The
Reauthorization Act reinforced the need to improve information management and
imposed on agencies three new requirements to: implement applicable
Government-wide policies and standards for information resource activities;
evaluate and improve data and records; develop a five-year plan for meeting
the agency's information technology needs. The Act also significantly expands
the Brocks Act definition of automatic data processing equipment (ADPE) to
reflect the merging of automatic data processing, caimunicaticns and related
technology.
Paperwork Reduction Act of 1995 - This legislation strengthens the previous
law. The focus is still an reducing the paperwork burden imposed by the
Federal government an individuals and small businesses, state and local
governments. It sets a government-wide paperwork reduction goal of %10 in
each of the first two years of the law and 5% from FY 1998 through 2001. It
reauthorizes 0MB's Office of Information and Regulatory Affairs for a 6 year
period. There is an increased focus on the Government's obligation to make
information more accessible to the public.
1
-------�
Brooks Act (P.L. 89-306), 1965 - This Act was the primary law governing the
overall Federal acquisition and management of automatic data processing CADP)
equipment. The Act required Federal agencies to purchase, lease, maintain,
operate and utilize ADP equipment in an economical and efficient manner. The
Act also provided for coordinated government-wide ADP management with specific
roles for the General Services Administration (GSA), the Department of
Conmerce and the Office of Management and Budget (0MB). This law has been
rescinded by the Information Technology Management Reform Act of 1996, whose
provisions bzccne effective in August 8, 1996.
Federal Records Management Amendments (P.L. 94-575), 1976 - The amendments
require the establishment of standards and procedures to ensure efficient and
effective Federal records management practices. Specific goals are (1)
accurate and complete documentation of the policies and transactions of the
Federal government; (2) control of the quantity and quality of records
produced; (3) establishment and maintenance of control mechanisms to prevent
the creation of unnecessary records, and to prevent ineffective and
uneconomical agency operations; (4) simplified activities, systems and
procedures for records creation, maintenance and use; (5) judicious
preservation and disposal of records; and (6) continuous attention to
records—from creation to disposition—with emphasis on the prevention of
paperwork.
Freedom of Information Act (P.L. 89-487), 1966, as amended by P.L. 93-502,
1974, mwrnded Nov/Dec.1986 - The Act allows the public to inspect and copy
certain general agency information, agency rules, opinions, orders and
proceedings. The 1974 amendments established: (1) time limits for agency
determinations; (2) index publications; (3) uniform fees for search and
duplication; and (4) requirements for annual agency report. In memoranda
issued en October 4, 1993 by President Clinton and the Attorney General, a
clear message was sent to heads of Departments and Agencies that, in order to
comply with both the letter and the spirit of this Act, each agency must
assume a proactive stance in disseminating information to the public, rather
than sinply responding to requests.
Privacy Act (P.L. 93-579), 1974 - The Act provides certain safeguards for
individuals against an invasion of personal privacy by requiring agencies to
identify what records are being collected, maintained, used or disseminated an
an individual; provide access and copies of such records; and ensure the
lawful purpose and prevent misuse of such records. The Act imposes criminal
penalties directly on individuals if they violate certain provisions of the
Act.
Ccnpetitian in Contracting Act of 1984, Public Law 98-369 - The Competition in
Contracting Act considerably strengthened the regulations governing all
procurements. It requires each agency to designate a "ccnpetitian advocate,"
and requires full ana open ccnpetitian in as many procurements as possible.
Significantly, the Act considers both "competitive negotiation" ana purchases
from negotiated schedule contracts (e.g., the GSA schedules for computer
equipment and software) as full and open ccnpetitian. The Act prescribes
exceptions that justify noncompetitive procurements.
In addition, the Act establishes a special procedure to resolve disputes
between agencies and vendors of ADP equipment. Under this procedure, the
Board of Contract Appeals at GSA is given authority to suspend procurement
authority if necessary, and to issue a decision on the protest within 45
working days after the protest is filed.
2
-------�
Computer Security Act (P.L. 100-235), 1987 - The Act amended several laws to
provide provisions relating to the protection of computer-related data (e.g.,
hardware, software and data). The Act assigns responsibility for the
development of computer security guidelines and standards to the National
Institute of Standards and Technology (NIST). The Act also requires Federal
agencies to identify systems that contain sensitive information and to develop
plans to safeguard them.
Ocnputer Matching and Privacy Protection Act (P.L. 100-503), 1988 - The Act
amends the Privacy Act of 1974 to establish procedural safeguards affecting
agencies' use of Privacy Act records in performing certain types of
computerized matching programs. The Act requires agencies to conclude written
agreements specifying the terms under which matches are to be performed. It
also provides due process rights for record subjects to prevent agencies from
taking adverse actions unless they have independently verified the results of
a match and given the subject 30 days advance notice. The Act requires that
agencies establish internal boards to approve their matching activity.
Chief Financial Officers Act of 1990 - This Act is directed at inproving
accounting, financial management, and internal controls of agencies. It
mandated audi table agency financial statements and functionally oriented fixed
asset accountability systems.
High Performance Ccnputing Act (P.L. 102-94), 1991 - This Act was introduced
by Vice President Gore when he served in the Senate. It established a program
which funds research and development to create more powerful supercomputers,
faster computer networks including the first national high speed network, and
more sophisticated software. The network will be constructed by the private
sector and encouraged by Federal policy and technology developments. In
addition, it is providing scientists and engineers with the tools and training
they need to solve major challenges and research problems such as modeling for
globcil warming.
Energy Policy Act (P.L. 102-486), 1992 - This legislation covers a
broad range of equipment and services. Section 161 mandates that the GSA
undertake a program to include energy-efficient products in carrying out their
procurement and supplies. Executive Order 12845, signed by President Clinton
on April 21, 1993, requires that all acquisitions by Federal agencies of
microcomputers, "including personal computers, monitors and printers, meet EPA
Energy Star requirements for energy efficiency."
Government Performance and Results Act of 1993 - establishes expectations for
agencies to plan strategically and achieve better mission outcomes. Beginning
in FY 1999, each agency is required to prepare an annual performance plan
covering each program activity in the budget; the plan shall establish
performance goals and performance indicators to measure relevant outputs,
service levels, and outcomes. Not later than 3/31/2000 and yearly thereafter,
each agency head must prepare and submit to CMB and the Congress reports on
program performance for the previous year.
Information Technology Management Reform Act of 1996 - Key features of this
law include the need for each agency head to designate a Chief Information
Officer (CIO), whose primary duty is IBM, including the need to provide advice
to the agency head an the agency's information technology investments, develop
an effective IT architecture, and promote effective IRM processes. This law
also requires each agency to implement a Capital Planning and Investment
Control Board. The Board's responsibilities include integrating the agency's
budget, financial and program process and prioritize projects using a return
on investment criteria. The law also requires each agency to implement
performance and results-based management processes and establish policies and
procedures to ensure accountability so that investments in IT are clearly
demonstrating a return an investment and directly support the agency's
3
-------�
mission. This law has a significant impact on the government's IT procurement
policies since it rescinds the Brocks Act and the Federal Property and
Administrative Services Act, laws which were in effect for many years.
Traditionally the General Services Administration played a key role in IT
procurement hut the nMRA repeals the central authority of the Administrator
of GSA.
Federal Information Resource Management Regulations (FIKMR) (GSA),
1 CFR Chapter 201 - Regulations published by the General Services
Administration to provide guidance for the procurement, utilization and
disposition of ADP resources and equipment by each Federal agency. The FIKMR
are vised in conjunction with the general procurement and contracting
regulations contained in the Federal Acquisition Regulations (EAR) . The
recently enacted Information Technology Management Reform Act of 1996 FIRMR
rescinds the FIRMR effective August 8, 1996. Currently there la a Gbvernznent-
wide Task Force which is examining the FIRMR to determine which parts will be
incorporated into the Federal Acquisition Regulations (EAR), which will be
issued as CUB policy and which will be eliminated.
Federal Acquisition Regulations (FAR), established in 1984, is the primary
regulation used by Executive agencies for the acquisition of supplies and
services with appropriated funds. It was developed in accordance with the
requirements of the Office of Federal Procurement Policy Act of 1974, as
amended by Public Law 96-83, to. consolidate the procurement regulations of
GSA, DoD, and NASA into a single regulation.
National Archives and Records Administration Regulations (36 CFR 1220 and 41
CFR 201-22) - Regulations issued by the National Archives and Records
Administration (NARA) to establish standard records management practices
throughout the Federal government.
b'iMiDRRDS s
Federal Information Processing Standards (FTPS) (Dept. of CcomerceJ - A series
of documents issued by the National Bureau of Standards in accordance with the
Brooks Act of 1965, Public Law 89-306. The FIPs contain standards and
guidelines concerned with the standardization of computer hardware, software
(data representations, operative systems, prograitming languages) and systems.
Many of the FIPs are mandatory for Federal agencies.
rMR PnHry fS-rraila-m.
0MB Circular A-130, Management of Federal Information Resources, revised 7/94
- Issued by CMB to implement the Papenrork Reduction Act, the Circular
establishes policy that Federal agencies must follow when acquiring, vising,
and distributing government information. The July 1994 revisions to the
Circular emphasized improved dissemination of government information to the
public, increased use of electronic collection and dissemination of
information, proper management of electronic records, and the need for
increased consideration of the impact of Federal IKM activities on State and
local governments. This Circular will be revised to reflect changes imposed
by Information Technology Management Reform Act of 1996.
CMB Circular A-11, Preparation and Submission of Budget Estimates - The
Circular provides guidance for the preparation and submission of annual
budgets and associated materials concerning the budget process for Federal
agencies. Section 43 of the Circular requires submission of data on the
acquisition, operation, and use of information technology systems. We can
4
-------�
expect changes to this circular as a result of new requirements imposed by the
Information Technology Management Reform Act of 1996.
CMB Circular A-76, Policies for Acquiring Ocmaarcial or Industrial Services
Needed ly the Government - This Circular establishes the general policy that
"the government's business is not to be in business" and that government
agencies should rely on the private sector to obtain commercial or industrial
goods and services. Government commercial or industrial activities are
allowed only an a very limited exception basis, which recognizes that certain
activities are inherently governmental and should be performed by Federal
employees.
CMB Circular A-121, Cost Accounting, Cost Recovery, and Interagency Sharing of
Data Processing Facilities - The Circular establishes policies to promote
effective and efficient management and use of certain data processing
facilities.
CMB Circular A-123, Internal Control Systems - This Circular prescribes
policies and standards to be followed by Federal agencies in establishing,
maintaining, evaluating, improving and reporting on internal controls in their
program ana administrative activities.
CMB Circular A-127, Financial Management Systems - The Circular prescribes
policies and procedures to be followed by Federal agencies in develcping,
operating, evaluating and reporting an financial management systems. The
Circular also requires agencies to establish and maintain a single, integrated
financial management system, which may be supplemented by subsidiary systems.
GMB Circular A-131, Value Engineering - The Circular requires Federal agencies
to establish value engineering programs, and to use value engineering
techniques, where appropriate, to reduce nonessential procurement and program
cost. Value engineering is an organized effort to analyze the functions of
systems, equipment, facilities, services, and supplies for the purpose of
achieving the essential functions at the lowest life-cycle cost, consistent
with required performance, reliability, quality and safety.
5
-------�
IRM POLICY
The Office of Information Resources Management (OIRM) is leading an ongoing project to
reengineer EPA's information resources management (IRM) policies.
Project Background: Executive Order 12861 requires all Federal agencies to eliminate by at
least 50% all internal, non-statutory mandates (e.g., policies and directives) by September, 1996.
The goals for this initiative are to eliminate unnecessary, duplicative, and outdated internal
mandates; to consolidate and revise, as appropriate, those remaining internal mandates; and to
make all of these documents available to Agency clients electronically. Within the past year, EPA
has formed an agencywide Task Force to Reduce Internal Mandates (TRIM) to help implement
Executive Order 12861 and its goals.
In the spirit of the TRIM initiative, OIRM has initiated its own internal reengineering project with
similar, high-level goals to streamline and improve IRM policies. Specifically, the OIRM Policy
Reengineering project is intended to shape an agencywide culture that supports our IRM Strategic
Plan and goals, as well as sound business practices. Our policies must reflect clear, concise
statements of principles that are outcome-based, measurable, and easy to use. We must also make
these policies customer oriented and easily accessible.
The OIRM Policy Reengineering project will also consider a number of Office of Inspector
General (OIG) audit recommendations in the policy arena. OIG audit reports criticized OIRM for
not having a sufficient number of IRM policies and procedures, emphasizing a need for
performance-based policies.
Progress To Date: OIRM's Policy Reengineering Project is still in its early stages. The project
officially began with a two-day IRM Policy Reengineering Working Session on May 21 and 22,
1996. This workshop invited OIRM representatives and representatives from EPA program and
regional offices to identify needed IRM policies needed to support the Vision Elements in the
Agency's IRM Strategic Plan, prioritize these needs, establish a workplan, and to begin
discussions on performance metrics.
The Workgroup determined that ten major policy areas were needed to support the IRM Strategic
Plan. The ten major policy areas included planning, cost effectiveness, IRM stewardship, data and
information management, information collection, public access, exchange of electronic data, tools
to do the job, standards, and accountability. Workshop results were distributed to a wider IRM
community for review and comment. Comments received were very favorable.
TRIM'S Next Steps: The TRIM effort's next steps include:
O coordination with OPPE to streamline the IRM policy review process by using the
Executive Steering Committee for IRM (ESC/IRM) to facilitate obtaining all
necessary reviews and signatures required by the Agency's directives process, thus
accelerating the overall review time.
-------�
O starting discussions on ways to develop performance metrics which will support new
IRM policies.
O expanding the detail of our workplan and finalizing policy priorities.
O starting work on policies with highest priority.
O identification and use of Information Mapping tools to improve the readability and
usefulness of all reengineered policies.
Policy Point-of Contact: Office of Information Resources Management
IRM Policy and Evaluation Division
Project Leader: Michael Carpentier
Phone: (202) 260-2415
FAX: (202) 260-3923
Internet: carpentier. michael@epamaiL epa.gov
-------�
May 13/ 1996
NOTE TO BETTY
SUBJECT: Amendment to EPAAR
FROM: Ed Chambers
The attached final rule will amend the EPAAR tu provide for
electronic access to EPA information resource management (IRM)
policies for Agency contractors.
EPA's IRM policies are currently contained in a clause which
we update periodically. However, because of the dynamic nature
of IRM, the directives reflected in any contract will shortly
become outdated, and will become even less relevant as
performance moves into later option periods.
The final rule resolves this problem by requiring
contractors to check for the applicable directives electronically
before performing a work request. EPA maintains a list and full
text of its IRM directives which may be accessed through either
the Internet or a dial-up modem.
The proposed ihile was published in the Federal Register of
July 11, 1995. No comments were received.
We haviB made only minor edits in the final rule to clarify
the nature and protocols of the electronic access, based on
consultation with the Office of Information Resources Management
(OIRM).
We have planned to issue the final rule in February, but
have had to await the resolution of technical issues by OIRM on
accessing the Internet.
-------�
ENVIRONMENTAL PROTECTION AGENCY
48 CFR Part 1552
Acquisition Regulation
AGENCY: Environmental Protection Agency
ACTION: Final Rule.
SUMMARY: This final rule amends—the Environmental Protection
Agency Acquisition Regulation (EPAAR) coverage on Information
Resources Management (IRM) by providing electronic access to EPA
IRM policies for the Agency's contractors. Electronic access is
available through the Internet or a dial-up modem. Agency
contractors will be required to review the Internet or access the
dial-up modem when receiving a work request (i.e. delivery order
or work assignment) to ascertain the applicable IRM policies.
The intended effect of this rule is to ensure that contractors
perform IRM related work in accordance with current EPA policies.
EFFECTIVE DATE: This rule is effective fifteen (15) days after
publication in the Federal Register.
FOR FURTHER INFORMATION CONTACT: Edward N. Chambers at
(202) 260-6028.
SUPPLEMENTARY INFORMATION:
A. Background
The required EPA Information Resource Management (IRM)
policies are currently referenced in a clause- contained in all
1
-------�
Agency solicitations and contracts. While this clause provides
for revised and riNew directives through attachments to contracts/
because of the rapid changes in the IRM field, EPA may still be
at risk for requiring compliance with outdated directives. By
providing the references and the full text of all required IRM
policies on the Internet, or through a dial-up modem/ EPA will be
able to update this information as changes occur to ensure
contractor compliance with current IRM policies. This effort to
provide electronic access is consistent with the Federally
mandated Government Information Locator Service (GILS), a key
initiative of the National Performance Review (NPR).
This regulation was published as a proposed rule in the
Federal Register on July 11, 1995. No comments were received.
Minor edits have been made to clarify the nature and
protocols of the,., electronic access. While the proposed rule
referenced a dial-up modem bulletin board service (BBS), EPA has
subsequently decided that this mode of electronic access does not
qualify as a BBS. Therefore/ the final rule drops the reference
to a BBS.
B. Executive Order 12866
This is not a significant regulatory action under Executive
Order 12866; therefore, no review is required by the Office of
Information and Regulatory Affairs.
2
-------�
C. Paperwork Reduction Act
The Paperwork Reduction Act does not apply because this rule
does not contain information collection requirements thafc require
the approval of the Office of Management and Budget (OMB) under
44. U.S.C. 3501, et. seq.
D. Regulatory Flexibility Act
The rule is not expected to have a significant impact on a
substantial number of small entities within the meaning of the
Regulatory Flexibility Act, U.S.C. 601 et seq.
The Internet and dial-up modems are widely available
mechanisms to access information, used commonly in the conduct of
business by both small and large entities. Compliance with this
requirement will require minimal cost or effort for any entity,
large or small.
E. Unfunded Mandates Reform Act
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA)
P.L. 104-4, establishes requirements for Federal agencies to
assess their regulatory actions on State, local, and tribal
governments and the private sector.
EPA has determined that this rule does not contain a Federal
mandate that may result in expenditures of $100 million or more
I
for State, local, and tribal governments, in the aggregate, or
3
-------�
the private sector in any one year. Private sector costs for
this action relate to expenditures that are far below the level
established for OMRA applicability.v Thus, the rule is not
subject to the requirements of section 202 and 205 of the UMRA.
F. Regulated Entities
EPA contractors are entities potentially regulated by this
action.
Category
Regulated Entities
Industry
EPA contractors
Questions regarding the applicability of this action to a
particular entity# should be directed to the person listed in the
preceding "FOR FURTHER INFORMATION CONTACT" section.
List of Subjects in-48 CFR Part 1552
Government Procurement, Specifications, Standards, and other
Purchase Descriptions, Solicitation Provisions and Contract
Clauses.
For reasons set out in the preamble, Chapter 15 of Title 48
Code of Federal Regulations is amended as set forth below:
1. The authority citation for 48 CFR Part 1552 continues
to read as follows:
Authority: Section 205(c), 63 Stat. 390, as amended, 40 U.S.C.
486(c).
4
-------�
2. Section 1552.210-79 is amended by revising paragraphs
(b),(c)/ and (d); and by removing paragraphs (e) and (f) to read
as follows:
1552.210-79 Compliance with EPA Policies for Information
Resources Management
COMPLIANCE WITH EPA POLICIES FOR INFORMATION RESOURCES MANAGEMENT
(JUNE - 1996)
+ * * * *
(b) General. The Contractor shall perform any IRM related
work under this contract in accordance with the IRM policies,
standards and procedures set forth in this clause and noted
below. Upon receipt of a work request (i.e. delivery order or
work assignment), the Contractor shall check this listing of
directives (see paragraph (d) for electronic access). The
applicable directives for performance of the work request are
those in effect on the date of issuance of the work request.
(1) IRM Policies, Standards and Procedures. The 2100
Series (2100-2199) of the Agency's Directive System contains the
majority of the Agency's IRM policies, standards and procedures.
(2) Groundwater Program IRM Requirement. A contractor
performing any work related to collecting Groundwater data; or
developing or enhancing data bases containing Groundwater quality
data shall comply with EPA Order 7500.1A - Minimum Set of Data
'Elements for Groundwater.
5
-------�
(3) EPA Computing and Telecommunications Services. The
Enterprise Technology Services Division (ETSD) Operational
Directives Manual contains procedural information about the
operation of the Agency's computing and telecommunications
services. Contractors performing work for the Agency's National
Computer Center or those who are developing systems which will be
operating on the Agency's national platforms must comply with
procedures established in the Manual. (This document is only
available through electronic access.)
(c) Printed Documents. Documents listed in (b)(1) and (b)(2)
may be obtained from:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division
Distribution Section
Mail Code: 3204
401 M Street, S.W.
Washington, D.C. 20460
Phone: (202) 260-5797
(d) Electronic Access.
(1) Internet. A complete listing, including full text, of
documents included in the 2100 Series of the Agency's Directive
System, as well as the two, other EPA documents noted in this
clause, is maintained on the EPA Public Access Server on the
6
-------�
Internet. Gopher Access: gopher.epa.gov is the address to
access the EPA Gopher. Select "menu keyword search' from the
menu and search on the term *IRM Policy'. Look for IRMPolicy,
Standards and Guidance. World Wide Web Access: http: //www. epa. gov is
the address for the EPA's www homepage. From the homepage,
search on the term IRM Policy' and look for IRM Policy, Standards and
Guidance.
(2) Dial-Up Modem. All documents/ including the listing,
are available for browsing and electronic download through a
dial-up modem. Dial (919) 558-0335 for access to the menu that
contains the listing for EPA policies. Set the communication
parameters to 8 data bits, no parity, 1 stop bit (8,N,1) Full
Duplex, and the emulator to VT-100. The information is the same
whether accessed through dial-up or the Internet. For technical
assistance, call 1-800-334-2405.
(End of Clause)
Date Betty L. Bailey, Director
Office of Acquisition Management
7
-------�
IRM Policy Worksheets
-------�
SOLID IRM FOUND A TION
IRM Strategic
Plan
Vision Element
Solid IRM
Foundation
EPA will establish a solid IRM foundation to efficiently meet the
Agency's evolving mission and program needs
• '* ' • ' /
Operating
Principles
Information
Stewards
EPA accepts stewardship responsibility for information
Data Standards
EPA will standardize its data
v >.v.¦ <•;.. •• ••• . • •
Balanced
Approach
EPA will pursue a balanced approach to the competing needs of
efficiency and flexibility
Stay the
Course
EPA will consistently support long-term goals
Core
Implementation
Integrated
Planning
EPA will integrate IRM planning with the budget process
ilillSBiillllllllll
Strategies
Performance
Measurements
EPA will establish performance measures
.... •
^ **' i
••• • ••.
• .. / * • ;vw. •
::-
> $i *
Senior
Management
Attention
EPA will increase senior level management attention to IRM
; *+ '
Staffing for
IRM
EPA will strive to ensure adequate Agency staffing for ERM
Current Federal
IRM Laws &
Regulations
Paperwork Reduction Act of 1995, Privacy Act of 1974, Computer Security Act of 1987, Federal Records
Act of 1950, as amended, Freedom of Information Act as amended, Information Technology Management
and Reform Act of 1996, OMB Circular A-130, FIPS, Government Performance and Results Act
1
-------�
Current EPA
IRM Policies &
Procedures
••• .• f
IRM Management Controls/Review and Approval (Ch. 1), Mission Based Planning Policy ( Ch. 2), Software
Management Policy (Ch. 5), ADP Management Policy (Ch. 6), Telecommunications Policy (Ch. 7),
Information Security Policy (Ch. 8), Information Collection Policy (Ch. 9), Records Management
Policy (Ch. 10), Privacy Act Policy (Ch. 11), Locational Data Policy (Ch. 13), System Life Cycle Management
Policy (Ch. 17), Acquisition ofFDP Resources Policy (Ch. 18), Information and Data Management Policy
(Ch. 19), EPA Data Standards.
Comments: e.g„
gaps In current policy
framework, need to
rescind/revl»e current
document^), link* to
OIRM AAgcncy
lnHlttM»)
mjmM 1 -
• s - % |
' i r
- Hardware/Software Standardization Policy (DRAFT)
- Closure needed on Hardware/Software Stds. Program.
- Closure needed on technical architecture
- IRM Management and Controls should be revised to address our new evaluation and review program.
- Policy on FIP Management will need to change in view of ITMRA rescinding FIRMR.
- Privacy issues becoming more important as we experience more demand for public access.
- Executive Steering Committee for ERM has increased visibility of IRM issues for senior managers -
investments supported by Committee should help strengthen IRM infrastructure.
Workspace
;
'' ' V '$
it;
-
< i
• :'
f , t f*'
i^WiP ¦
2
-------�
REDUCE REPORTING BURDEN
1RM Strategic
Plan
Vision Element
Reduce
Reporting
Burden
EPA will improve its data collection quality and reduce reporting
burdens through innovative methods
Operating
Principles
Customer
Focus
EPA will focus on customer needs
¦¦ ¦
w£0mmmm i=
Data Standards
EPA will standardize its data
x mm
Core
Implementation
Strategies
Electronic
Data
Collection
EPA will expand the use of electronic methods to receive data from
providers
Current Federal
IBM Laws &
Regulations
Paperwork Reduction Act of 1995, Information Technology Management Reform Act of 1996, OMB Circular
A-130
Current EPA
IRM Policies,
Procedures, and
Initiatives
• •. •,. * .:.• *•
Information Collection Policy (Ch.9), Locational Data Policy (Ch. 13), Information and Data Management
(Ch. 1$), EPA Internal Electronic Signature Policy (Ch.16), Data Standards for the Electronic Transmission
of Laboratory Measurement Results (2180.2), Facility ID Data Standard (2180.3), Policy on Electronic
Reporting (FR Notice, 1990), IM/DA Metadata Standards, One Stop Project
3
-------�
Comments: «.g.»
gap! Iti current policy
framework, need to
rescind/revise current
documeitt(«), link* to
OIRM AAgency
initiative(s)
- EDI Policy (in draft),
- Need to revisit data standards - recent OERM sponsored study recommended rescinding Lab Standard
- Facility ED Standard will be impacted by results of One-stop project.
- EDI Policy confined to regulatory compliance - does not address electronic signature requirements for
administrative/financial transactions - we'll need to follow progress of FACNET, the Government-wide
initiative.
Workspace
,,A ' •:
i?j® •:• •'
. ' A
-------�
ENVIRONMENTAL INFORMATION
IRM Strategic
Plan
Vision Element
Environmental
Information
EPA will effectively collect and manage the information that the Agency
and its partners require in order to manage for environmental results
. \
Operating
Principles
Customer
Focus
EPA will focus on customer needs
Strategic Asset
EPA will manage information as a strategic asset
. , , ¦ - . .
|J || |
Information
Stewards
EPA accepts stewardship responsibility for information
liiillililpif:' '. < > .
Data Standards
EPA will standardize its data
!il!®Biili|
:• ::;:;:;:;^k5?k?®:::::' ::'
Core
| Implementation
Information
Locator
EPA will establish an information locator for the Agency's information
S% i ' \
mmmm • s •
: 1
| Strategies
Key Identifier
Standards
EPA will implement key identifier data standards
-:-:^:-:-:-:-:-x-:-i- • •• *• / /
Targeted
Training
EPA will establish a targeted IRM training and orientation program
, 1
Data
Requirements
EPA will define data requirements, gaps, and alternative sources
::|l:ll|i;iii;iili ;fi:| |$ |
/ $ 5*5$ • •"¦ I
'.;'vX;X;X;t;X;X;XyJ;!;!;Xf.v;vX^;X;Xv';I;i;-;-;-vtvX;X;.vXv
/X'X-XvX'ffl'X-JiSfS ; . . / .
External
Connectivity
EPA will establish the necessary connections to external partners and
other sources to access needed data
Integrated
Planning
EPA will integrate IRM planning with the budget process
5
-------�
Current Federal
CRM Laws &
Regulations
Paperwork Reduction Act of 1995, Information Technology Management Reform Act of 1996, OMB Circular
A-130, Federal Information Processing Standards
Current EPA
mM Policies &
Procedures
Data Standards Policy (Ch. 5), Information and Data Management Policy (Ch. 19), Locational Data Policy
(Ch. 13), State/EPA Data Management Policy (Ch. 3), Systems Life Cycle Management Policy (Ch. P), EPA
issued data standards: Chemical Abstract Service Registry Data Std. (2180.1), Data Stds for the Electronic
Transmission of Laboratory Measurement Results (2180.2), Facility ID Data Std (2180.3), Minimum Set of
Data Elements for Groundwater (7500.1), IM/DA's Metadata Stds, FR Policy on Electronic Reporting.
Comments: eg.,
gapi in current policy
framework, need to
rescind/revise current
document^}, link* to
OIRM AAgencj
inHlatfve(g) .
v 1 /
- EPA's decisions and actions need to be grounded in the facts. We need to improve our ablility to analyze
environmental problems from a holistic, cross-media perspective that accounts for the interdependencies
within an eco-system.
- Single-media, stove-pipe information management systems do not facilitate comprehensive environmental
management.
- EPA's geographic initiatives have provided excellent opportunities to better manage data. Environmental
managers are recognizing that geographic-based programs generate clients and constituencies. These
groups actively monitor how well the Agency meets its promises to reduce risks and improve the quality of
their local environment.
- Sharing of information and data with all organizations and individuals working for protection of the
environment enhances the effectiveness of EPA and its partners.
Workspace
gpi:00m ,.:
•il ' ff ••Vvi V '• ':• ' J •
! •! \i.
•*•: :•:'•!< •; :<¦
' •'::'''" '.'
6
-------�
DATA INTEGRATION
IRM Strategic
Plan
Vision Element
Data
Integration
EPA will ensure its data can be integrated to support comprehensive
environmental protection and public access to environmental information
p|
Operating
Principles
Customer
Focus
EPA will focus on customer needs
'
Strategic
Asset
EPA will manage information as a strategic asset
,
<
| II* 1
Information
Stewards
EPA accepts stewardship responsibility for information
•," • • ~ '•
»• - - .i; s
Data
Standards
EPA will standardize its data
apMffla^g: $: £
:$fi#jj3K83Kj^
:"x::::-:-:
Core
Implementation
Key Identifier
Standards
EPA will implement key identifier data standards
%
', ¦
: -
Strategies
Spatial
Analysis
Systems
EPA will provide its employees with the capabilities to analyze location-
specific, multi-media problems and manage geographic initiatives
^ll;:ililliii-i
-------�
Current EPA
IRM Policies &
Procedures
WzM$0MSm
Data Standards Policy (Ch. 5), Information and Data Management Policy (Ch. 19), Locational Data Policy
(Ch. 13), State/EPA Data Management Policy (Ch. 3), System Life Cycle Management Policy (Ch. 17),
Federal Register Policy on Electronic Reporting, EPA- issued data standards: Chemical Abstract Service
Registry Number Data Std.(2180.1), Data Stds. for the Electronic Transmission of Laboratory Measurement
Results (2180.2), Facility ID Data Standard (2180.3) Minimum Set of Data El jments for Groundwater
(7500.1), EM/DA's Metadata Standards.
Comments: e.g.*
gaps In current policy
framework, need to
rescind/revise current
document^), llnki to
OBRM AAgency
initiative^)
¦ i piiii i
- New authority vested in Chief Information Officer to approve, halt and veto systems initiatives should
reinforce the need among developers to focus more on data integration.
- Challenges posed by implementing YR 2000 date standard are quite impressive.
- Compliance with data standards is key to success of Agency's data integration initiative.
- EPA's traditional decentralized culture (do your own thing) makes data integration a major challenge.
- One-Stop Project directly supports data integration.
- Managers need integrated data to make sound decisions.
Workspace
: :
,
„< '
'
v, :•.-. . •
8
-------�
PUBLICACCESS
IRM Strategic
Plan
Vision Element
Public Access
EPA will actively disseminate and provide access to its information to
educate and empower its partners and the public
Operating
Principles
Customer
Focus
EPA will focus on customer needs
Strategic
Asset
EPA will manage information as a strategic asset
•§:<* s •" * '^4 • 1
Information
Stewards
EPA accepts stewardship responsibility for information
Data
Standards
EPA will standardize its data
:
• , > '
* ; v ,*
Core
Implementation
Public Access
Strategy
EPA will establish a policy and strategy for public access
'' ?
Strategies
Public Access
Methods
EPA will establish a targeted set of methods for public access to EPA
information
ll^^plll
Information
Locator
EPA will establish an information locator for the Agency's information
'• ' ' ' •:'•
Key Identifier
Standards
EPA will implement key identifier data stan dards
• •• '•' ; .'. .j.-.'x-:- • •*
Targeted
Training
EPA will establish a targeted IRM training and orientation program
0
§ound IRM
Infrastructure
EPA will maintain and update its infrastructure, as necessary, to support
the IRM vision strategies
9
-------�
Current Federal
tRM Laws <&
Regulations
Paperwork Reduction Act of 1995, Privacy Act of 1974, Freedom of Information Act, as amended, Computer
Security Act of 1987, OMB Circular A-130.
Current EPA
IRM Policies &
Procedures
State/EPA Data Management Policy (Ch. 3), Records Management Policy (Ch. 10), Privacy Act
Policy (Ch. 9), Information Security Policy (Ch. 8), Rulemaking Docket Policy (Ch. 14).
Comments: e.g.,
gap* in current policy
framework, need to
rescind/revise current
document^), links to
OIRM&Agency
initiative^)
llHWilllll!
8!lpHISM!ii
a/ •? / 'A':i
: ;
;• - Public Access Policy (DRAFT).
- Public Access Policy initiative was sponsored by Executive Steering Committee for IRM.
- Revised Records Management Policy stresses the importance of using standard filing systems to support
ease of access.
- Electronic Records Management issues are significant.
- There is work underway to support a consolidated Agency docket system.
- Principles in State/EPA Data Management Policy are still valid, but we should revisit policy in view of
references to a formal program which is no longer extant.
- Internet has become major avenue to share EPA information with the public.
- Information Security and Privacy Act requirements need to be addressed in context of public access
- EPA's 1-800 Project, Customer Service Standards, and Envirofacts/Gateway are important public access
initiatives.
- National Performance Review and National Information Infrastructure clearly reinforce need for public
access.
Workspace
'
10
-------�
EPA ACCESS
ERM Strategic
Plan
Vision Element
EPA Access
EPA employees will have the technical resources and means to access the
information needed to perform their duties
111181! lllltttl ¦ • •
$:£" £ + '
Operating
Principles
Customer
Focus
EPA will focus on customer needs
¦¦ ¦¦: .
'' • M : ~
Information
Stewards
EPA accepts stewardship responsibility for information
'•" :1« '&/ $$§ -
•: :• •; •;" *| ••'
•Xv;vX;;\vX;X;X;^yf\-Xv:-;vXvX-X"X*t'X'XvX'.-'vX-X;/:
Core
Implementation
Information
Locator
EPA will establish an information locator for the Agency's information
1
Strategies
Key Identifier
Standards
EPA will implement key identifier data standards
Targeted
Training
EPA will establish a targeted IRM training and orientation program
i^ii&£SiiSSil'
1 i
Desktop
Capabilities
EPA will provide its employees with the essential set of desktop
capabilities
•' iii
1 ftillill
Data
Requirements
EPA.will define data requirements, gaps, and alternative sources
Current Federal
IRM Laws &
Regulations
Paperwork Reduction Act of 1995, OMB Circular A-130
11
-------�
Current EPA
IRM Policies &
Procedures
ADP Resources Management Policy (Ch. 6), Telecommunications Policy (Ch. 7), Records Management
Policy (Ch. 10), Library Services Policy (Ch. 12), Electronic Office Equipment Access for the
Disabled (Ch. 15).
Comments:
gap* In current policy
framework* need to
reacind/revlie current
document(s),Dnki to
OBRM AAgency
initiative^)
- Revisit ADP Resources Management Policy to factor-in the operation of the Working Capital Fund.
- Re-evaluate Library Services Policy in light of the changing roles of the Library Network.
- Rapid changes in technology and new statutory requirements reinforce need for a strong IRM training
program.
- Decentralized approach to procuring technology at EPA presents challenges to OIRM to deliver integrated,
compatible applications - recent concerns raised by union highlight this issue.
- Expansion of EPA's Flexiplace Program reinforces the need to provide employees with appropriate
technology.
- Many of the features in technology which were designed for the disabled also serve an aging workforce.
- Administrative Reform initiatives promote improved EPA access.
Workspace
iill^ wli
• . *
SifS&s&iS
-
. :>
12
-------�
ELECTRONIC MANAGEMENT
IRM Strategic
Plan
Vision Element
Electronic
Management
EPA will manage electronically to empower staff, reduce cost, and
improve management results
Operating
Principles
Customer
Focus
EPA will focus on customer needs
Strategic Asset
EPA will manage information as a strategic asset
< , s
-------�
Comirtents:e.g.t
gap# In current policy
framfework, need to
rescind/revise current
document^), llnkf to
OIRM&Ageacj
lnltlatlve(s)
- Forms Management Policy (under development),
- EDI policy (DRAFT)
- Paper-less Office campaign, Administrative Reform, One-Stop Reporting, Performance Partnerships, and
Budget Restructuring TRIM initiatives all promote electronic management
- Privacy and Security requirements are very important in electronic management.
- Electronic records management is being used in administrative and programmatic areas.
- EPA is receiving proposed comments on rules via Internet.
- Next Generation Forms Project very helpful in saving time and resources.
Workspace
14
-------�
COMMUNICATIONS
IRM Strategic
PI an
Vision Element
Communications
EPA will enable "People-to-People" electronic communications
Operating
Principles
Customer Focus
EPA will focus on customer needs
- .}' .
Strategic Asset
4
EPA will manage information as a strategic asset
Illllllll
¦
Core
Implementation
Targeted
Training
EPA will establish a targeted training and orientation program
1
i-.
Strategies
Desktop
Capabilities
EPA will provide its employees with the essential set of desktop
capabilities
Current Federal
IRM Laws &
Regulations
Paperwork Reduction Act of 1995, Information Technology Management Reform Act of 1996,
Telecommunications Reform Act of 1996, OMB Circular A-130
Current EPA
IRM Policies &
Procedures
Telecommunications Policy (Ch.7), various ETSD Operational Directives
Comments: e.g.»
gapi in current policy
framework, need to
rescind/revise current
document^), links to
OIRM And Agency
inltlatlve(s)
: +
- Is there a need for a Paperless Office policy?
Public Access Policy (DRAFT).
- There is much speculation about the ultimate impact of the Telecommunications Reform Act.
- HW/SW Standards Policy (comment resolution phase).
- Standards play a key role in supporting desktop capabilities.
15
-------�
Workspace
-------�
PARKING LOT ISSUES
Comments: «.g.,
gaps to current policy
framework, need to
rescind/revise current
document^), links to
OIRM&Agency
initiativc(s)
V <
• > .• .•
- Working Capital Fund will mean a new way of doing business for OIRM and its customers.
- New rules governing FIP acquisition still in a state of flux.
Workspace
17
-------�
EPA IBM POLICIES
EPA XRM Policy Manual (Directive 2100) - currently contains an
introduction and 16 chapters. Following is a surrmary of main message in each
chapter:
Chapter 1 - Management and Controls - describes delegations of authority and
general requirements governing IRM planning, budgeting, acquisition, data
management and IRM evaluation activities.
Chapter 2 - Mission-Based Planning - provides basic principles governing IRM
planning at EPA. Key concepts include the idea that information is an asset
and, as such, EPA must plan for its investment and management; IRM planning
must be connected to the Agency's mission and the planning process must be
tied to the budget process; strategic IRM plans cover a 3-5 year horizon; and
plans are updated annually to reflect real-time changes in each national
program. Roles and responsibilities for implementing these principles are
defined. The Agency's Five-Year IRM Strategic Plan is issued under separate
cover.
Chapter 3 - State/EPA Data Management - establishes principles governing the
management and sharing of data among EPA and State environmental agencies, and
the information systems that handle those data. Key concepts include the
ideas that EPA will assure timely and reliable State access to any Agency
information system that contains data obtained from States; and Agency
information systems should promote integration of data across EPA and State
program lines.
Chapter 4 - Software Management - establishes basic principles governing
management of Agency software resources. Key concepts include promoting the
use of existing Government and connercially available software; promotion of
joint acquisition and sharing of software among EPA offices and staff;
reinforcement of the need to observe copyright laws; reinforcement of the need
to adhere to Federal standards and to manage the costs of software from point
of initiation to termination of its use. The System Design and Development
Guidance, the Operation and Maintenance Manual and flnmran Uaer Interface
Guidelines provide more detailed information about software management at EPA.
Chapter 5 - Data Standards - establishes principles on data standards and
assigns organizational responsibilities for implementing and administering
carman data sets. Key concepts include the need to adhere to Federal and
Agency data standards when designing and implementing information systems in
order to promote data integration. Current EPA-specific data standards
include the following:
• Facility Identification Data Standard
• " Chffmical Abstract Registry Number Data Standard
• Minimum Set of Data Elements for Groundwater
• Data Standard for the Electronic Transmission of
Laboratory Measurement Results
Chapter 6 - ADP Resources Management - promotes the principle that the Agency
will plan, budget, maintain and operate ADP resources in a cost-effective
manner consistent with Federal standards and in line with the needs of Agency
programs. The policy presents the National Computing Center as a centrally-
managed computing facility. It reinforces the principle that technology
provided to EPA employees and contractors is to be used for official business
only. The ETSD Operational Directives Manual (formerly the NDPD Operational
Directives Manual) provides more .detailed information about the management of
6
-------�
the Agency's computing resources under the jurisdiction of OIRM.
Chapter 7 - Voice Ccmnunicatlans - deals with policies governing the
selection, installation, use, maintenance and administration of the Agency's
phone systems. This policy is limited in scope to phones and will be replaced
by a more expansive policy addressing the broader topic of telecortntunications.
Chapter 8 - Information Security - promotes the principles to safeguard the
Agency's .information resources, both manual and automated. Key concepts
include the idea that responsibility for implementing an effective information
security program is decentralized and that information security is a three-
fold issue encompassing confidentiality, integrity and availability. The
Information Security Manual is issued under separate cover and provides more
detail. Risk Analysis Guideline Jfenual is another important procedural
document related to information security.
Chapter 9 - Information. Collection - establishes the objectives and
responsibilities for preparation, review and clearance of Agency efforts to
collect or obtain information from the public in support of the Agency
mission. Key concepts include the ideas that the data requirements must be
clearly dictated by program need; the cost of the collection effort must be
justified and the method of collection must be the least costly alternative.
Instructions for Preparing Information Collection Requests is a manual issued
under separate cover.
Chapter 10 - Records Management - prescribes the objectives, responsibilities
and general procedures governing the Agency's records management program. Key
concepts include the principle that records created or acquired by an Agency
employee in the course of conducting Government business are the property of
the Government and must be managed according to Federal regulations and
Agency-specific procedures. The policy is supplemented by a Records
Management Manual, which provides more detailed, information:
Chapter 11 - Privacy - establishes the principles for protecting the privacy
of individuals who are identified in the Agency's information systems and
informs Agency employees and officials of their rights and responsibilities
under the Privacy Act. The Privacy Act Manual, issued under separate cover,
provides procedural information to implement the policy.
Chapter 12 - Library Services - presents principles governing the library
network. This policy recognizes the importance of the network in serving the
Agency, its State partners, and the public by providing information about the
Agency's mission and the environment at large. Access EPA is a directory of
EPA and other public sector environmental information resources. It is a
pathfinder to many areas including major EPA databases, scientific models,
records management programs, dockets, libraries, clearinghouses, hotlines, and
documents.
Chapter 13 - Locatlonal Data - establishes the principles for collecting and
documenting latitude/longitude coordinates for facilities, sites, and
monitoring and observation points regulated or tracked under Federal
environmental programs within the jurisdiction of EPA. The intent of the
policy is to extend environmental analyses and allow data to be integrated
based on location, thereby promoting the enhanced use of the Agency's
extensive data resources for cross-media environmental analyses and management
decisions. This policy is supplemented by Locatlonal Data Policy
Implementation Guidance.
Chapter 14 - EPA Rulemaking Docket Policy - establishes the principles and
defines the roles and responsibilities that govern the Agency's rulemaking
dockets. Key concepts include the idea that dockets shall contain complete
and accurate documentation of rulemaking activity. The policy addresses the
7
-------�
need for security and integrity of docket records as well as the need for
docket staff to respond to requests in a timely manner. Hie policy is
supplemented by the EPA Rulemaking Docket Manual.
Chapter 15 - Electronic Accessibility for the Disabled - outlines EPA's
responsibilities, in compliance with Federal laws and regulations, to provide
disabled employees with access to electronic office equipment and
telecommunication devices equivalent to that which is provided for non-
disabled employees.
Chapter 16 - Electronic Signature Policy - establishes the criteria for the
use and validity of electronic signatures associated with internal electronic
transactions within the Agency. The objective is to provide a uniform
approach that is consistent across the J^jency and also compatible with the
practices of other government agencies and tne regulated public. This
approach is intended to encourage cost effectiveness and the potential for
future connectivity and integration of enterprise-wide electronic processing
applications.
Chapter 17 - System Life Cycle Management Policy - establishes the
requirements of EPA's automated information application systems. These
requirements are designed to meet Federal requirements, ensure management
involvement at key decision points, obtain and sustain corporate corrmitmsnt
for information systems and coordinate system-related activities.
Chapter 18 - Acquisition of Federal Information Processing (FTP) Policy -
establishes the requirements and defines the roles and responsibilities that
govern the acquisition of Agency FIP resources (includes equipment, software,
services, support services and related supplies and systems). Key point made
in policy is that EPA shall plan, budget, and acquire FIP resources in a cost-
effective manner consistent with Federal and Agency IRM regulations. The FTP
Resources Acquisition Guide is issued under separate cover and provides more
detailed information.
Chapter 19 - Information and Data Management - establishes principles for
EPA's management of information and data; it establishes a formal program to
implement the policy and to enable integration of information and data across
environmental programs.
PLEASE NOTE; THE EPA IBM FOLIC? MANUAL (DIRECTIVE 2100 AMD MA8Y OP
THE OTHER DOCUMENTS WHICH SUPPORT EPA'S IRM POLICIES ARE AVAILABLE
ELECTRONICALLY ON THE EPA PUBLIC ACCESS SERVER CN INTERNET, ON LOTUS
NOTES AND ON THE AGENCY'S VALUE-ADDED BACKBONE (VABS)
8
-------�
Electronic Access To IRM Policy and
Guidance Documents
Videotex
Look for IRM policy and guidance documents in Videotex. They can
be found under the Policies and Procedures section of the
Videotex menu on All-in-One
electronic mail and on the
Value-Added Backbone Service
(VABS) under Videotex
Library.
EPA's Public Access
Server
Many IRM policy and guidance
documents can also be found
through Internet on EPA's
Public Access Server. Look
for IRM Policy, Standards
and Guidance by searching on
the term 'IRM Policy'.
Lotus Notes
If you have access to Lotus Notes, look for IRM Policies and
Guidance on the DC__APPS1 server under the subdirectory APPS.
For more information on how to access electronic copies of IRM
documents, please call (202) 260-5914.
-------�
http://www.epa.gov/docs/irmj3olman/chaptr04.txthtml
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 4 - SOFTWARE MANAGEMENT
1. PURPOSE. This policy establishes the principles and requirements that govern the planning,
acquisition, development, maintenance and use of Agency software resources. This policy also
defines the roles and responsibilities for implementing these principles and requirements.
2. SCOPE AND APPLICABILITY. This policy applies to all EPA organizations and their
employees. It also applies to the personnel of agents (including State agencies, contractors and
grantees) of EPA who are involved in the design, develop- ment, acquisition, operation and
maintenance of Agency software, data and information systems. The requirements of this policy
apply to existing as well as new or modified/ enhanced software systems.
3. BACKGROUND.
a. Directly or indirectly, most EPA managers are involved with automated information systems or the
information resources management process. This involvement can be with the information itself and
related resources, e.g., personnel, equipment, funds, systems and technology (hardware and software). As
agencies become increasingly dependent on information technology to accomplish their basic missions, it
is essential that these technologies be acquired and used in a rational way.
b. The EPA software management program is needed to manage and protect EPA information as a
valuable national resource; promote cross-media analysis and information interchange for environmental
results; reduce costs while maximizing benefits for program management and improve the quality,
uniformity and maintenance of software products.
c. The objectives of EPA's software management program include the following:
(1) Secure EPA's investment in information collection, processing, dissemination, use, storage and
disposition.
(a) Much of EPA's software investment is custom software (i.e., developed by in-house or contractor
staff), as opposed to software commercially marketed or developed by other government agencies.
(b) It is important that systems development, operation and maintenance be managed to ensure that this
investment yields software products which are sound, maintainable and not subject to disruption.
(2) Improve the quality, uniformity and maintenance of software systems.
(a) Decisions regarding the selection of such items as computer environment, programming languages,
processing techniques, ergonomic screen design, terminal key functions and documentation products have
been left up to the individual project officer, contractor or in-house developers.
(b) This has resulted in some successful systems, while others have difficulties attributed to the lack of an
effective software management program.
(3) Improve the cost-effective acquisition, development, maintenance and ongoing operation of software
systems.
1 of 6
06/21/96 12:29:25
-------�
http://www.epa.gov/docs/irm_polman/chaptr04.txt.html
(a) HPA spends a significant amount of its information resource dollars on custom software development,
maintenance and ongoing operation of information systems.
(b) Improving the cost-eifectiveness of these efforts can be achieved by standardizing techniques,
methods, products and tools for systems engineering for all phases of the information systems life cycle
and by the acquisition and use of commercial software where appropriate.
(4) Promote inter-agency cooperation and sharing of software and data.
(5) Improve the end-user computing environment and access to EPA's information resources.
(a) EPA is increasingly relying on end-user computing. The key to end-user computing is the availability
of easy-to-use software tools and ready-to-go" applications software.
(b) This can be achieved through several measures, including standardizing and supporting software tools
for the end-user computing environment; providing training, software revisions and user support;
expanding the "information center" approach to support the end-user computing environment; promoting
access by Agency staff to information systems and resources; and developing and disseminating systems
engineering standards and guidelines for all software life cycle phases of end-user developed applications.
(6) Develop plans for future software investments in areas with high payoff for the Agency's mission.
(a) While tools such as fourth generation languages have measurable benefits and significant productivity
gains, there are future areas of software investment which promise even greater benefits and gains.
(b) These include greater reliance on generic, off-the-shelf software applications, as opposed to
developing custom software; office automation software with greater levels of integration of functions,
features and capabilities; expert systems or artificial intelligence applications for EPA mission and
program goals; geographic information systems for environmental analysis; and the development and
enforcement of software engineering standards to gain a greater degree of discipline and rigor in the
software process.
d. The policies described in the remainder of this chapter a framework for establishing this software
management program.
4. AUTHORITIES.
a. OMB Circular No. A-130, Management of Federal Information Resources, December 12, 1985.
b. NBS FIPS PUB 38, Guidelines for the Documentation of Compute. Programs and Automated Data
Systems, February 15, 1976.
c. NBS FIPS PUB 64, Guidelines for Documentation of Computer Programs and Automated Data
Systems for the Initiation Phase, August 1, 1979.
d. NBS FIPS PUB 105, Guidelines for Software Documentation Management, June 6, 1984.
e. NBS FIPS PUB 106, Guidelines on Software Maintenance.
f. NBS FIPS PUB 101, Guidelines for Lifecycle Validation, Verification and Testing of Computer
2 of 6
06/21/96 12:29:32
-------�
http://www.epa.gov/docs/iiTO_po1man/chaptr04.txthtml
Software.
g. EPA Office Systems Feasibility Study, Implementation and Operational Guidelines, January 198S
(OIRM).
h. EPA AD ABAS Application Development Procedures Manual, October 17, 1984 (revised December 2,
1985), NDPD.
5. POLICY. It is EPA policy to enhance the management of software throughout its life cycle. It is also
EPA policy that software developed by or acquired for the Agency will use EPA standard software tools
and adhere to EPA standards and guidelines.
a. The use of existing government and commercially available and tested software application packages is
required wherever technically and economically feasible.
b. Whenever custom programming is required, maximum use of automated tools for software design,
development, testing and maintenance will be made.
c. EPA offices and staff will jointly acquire and share software resources wherever possible. This applies
to the acquisition of proprietary software products and development of software under contract or with
in-house resources. Software that has the potential for being shared will be developed or acquired after an
evaluation of the general requirements of interested offices.
d. Copyright laws and other measures designed to protect legitimate proprietary interests in software and
data must be rigidly enforced. Classified and unclassified data and software must be protected from
improper access, use, alteration, manipulation or unauthorized disclosure as a result of criminal,
fraudulent or other improper actions.
e. In the absence of overriding efficiency considerations, all software resources must: satisfy functional
require- ments; provide interfaces consistent with users' needs and skill levels; meet users' availability
needs; provide data integrity; provide response times acceptable to users under routine and unusual
conditions (i.e., peak workloads, equipment failure); and meet users' security requirements.
f. EPA program officials will adhere to Federal Information Processing Standards (FIPS) and guidelines
as published or adapted for the Agency in developing, documenting, maintaining and using software
applications.
g. EPA program officials managing the development or ongoing operation of software applications are
responsible for the management of life cycle costs, conformance to software standards and data base
administration procedures, training, operations maintenance and user support and evaluation.
h. The development or all application systems will conform to the Agency's system development life cycle
methodology.
i. The use of fourth generation or other non-procedural languages and tools is recommended in lieu of
third generation, procedural language-based custom development efforts. Customized third generation or
procedural languages and tools may be required to meet functional requirements for reasons of security,
portability and efficiency. The use of assembler languages is restricted to exceptional situations, such as
when modifying an existing program written in assembler language, writing a program for an operating
system and an application requiring the use of assembler language.
3 of 6
06/21/96 12:29:38
-------�
http://www.epa.gov/docs/irm_polman/chaptr04.txt.html
j. All EPA applications systems development efforts must use the Agency's standard application
programming languages.
k. Applications should be designed to require the least possible amount of computer operator and
programmer support for execution.
1. EPA program officials will periodically review all software resources to determine and prevent
obsolescence of software. Indicators of obsolescence include: dependence on obsolete peripherals;
running in an emulation mode; inadequate operating system or documentation and more than S
years since the last substantial redesign.
m. Information technology provided to EPA employees and their agents is to be used for official business
only. EPA managers and supervisors are responsible for ensuring appropriate use of this technology by
their employees.
6. RESPONSIBILITIES.
a. The Office of Information Resources Management (OIRM) is responsible for:
(1) Managing information resources, functions and activities within EPA, in accordance with the
Paperwork Reduction Act of 1980 (P L. 96-511), Federal Information Processing Standards (FIPS),
OMB Circular No. A-130 (Management of Federal Information Resources) and other Federal
regulations.
(2) Defining EPA software management/engineering policies, standards and guidelines in the interests of
standardization, productivity and effective management of software and information resources.
(3) Review and approval of technical specifications for software requested by OARM, ORD and the
program offices.
(4) Publishing plans and guidance for administrative, program and research/laboratory systems.
(5) Conducting compliance reviews.
b. The Assistant Administrators, Associate Administrators, Regional Administrators, Laboratory
Directors, Headquarters Staff Directors, General Counsel and Inspector General are responsible for:
(1) Ensuring compliance with software management policies, standards and guidelines.
(2) Managing the software life cycle, process and products within their program(s).
c. The Senior IRM Officials are responsible for:
(1) Approving microcomputer proprietary software.
(2) Initially approving requisitions for acquisitions of information technology prior to their review by
NDPD and/or OIRM.
d. The Director, National Data Processing Division, is responsible for:
4 of 6
06/21/96 12:29:44
-------�
http://www.epa.gov/docs/irm_polman/chaptr04.txt.html
(1) Acquiring all general purpose, non-application specific software such as operating systems, data base
management systems, etc.
(2) Approving system-oriented proprietary software.
e. The Procurement and Contracts Management Division and the Grants Administration Division are
responsible for:
(1) Ensuring that all policy, standards and guidelines specified
by OIRM are incorporated in Requests for Proposals (RFPs), Interagency Agreements (IAGs),
Cooperative Agreements, Grants, Contracts and Sub-Contracts.
f. Each EPA Manager, Supervisor, or Project Officer engaged in information resources management
activities is responsible for:
(1) Conforming to the software management/engineering program policies, methods, standards,
guidelines and techniques contained in this and related documents.
g. Each EPA employee, contractor and grantee engaged in information resources management activities
is responsible for:
(1) Conforming to Agency software management/engineering program policies, methods, standards,
guidelines and techniques.
7 DEFINITIONS
a. "Application Software" means software specifically produced for the functional use of a computer
system, e.g., payroll, inventory control, environmental monitoring and scientific modeling.
b. "Artificial Intelligence, Expert, or Knowledge-based Systems refers to a class of systems that employ
decision rules developed through human experience and from human knowledge to solve problems that
require a high degree of human expertise.
c. Data Base Management System (DBMS)" is the software product that provides data structure
containing unrelated data stored, so as to optimize accessibility, control redundancy and offer multiple
views of the data to multiple application programs.
d. "Documentation" refers to information to support the effective design, management, operation,
maintenance and transferability of ADP resources, and to facilitate the interchange of information.
Documentation includes analysis, technical documents and specifications which are produced in the
software life cycle (e.g., project request, feasibility study, cost/benefit, functional requirements, data
requirements, system/subsystem specifications, program specifications, data base specifications, test plan,
user's manual, operations manual, test reports and maintenance procedures).
e. Fourth Generation (4GL) Programming Language refers to modern programming languages (e.g.,
INFO, FOCUS) designed for end-users or to increase programmer productivity, which have a number of
tools such as English language syntax, dictionaries, screen builders and reference to data by name. These
languages tend to be dependent on specific computer architectures and are not usually transportable.
5 of 6
06/21/96 12:29:49
-------�
http://www.epa.gov/docs/irm_polman/chaptr04.txt.html
They usually imply a proprietary Data Base Management System (DBMS) or Data Management System
(DMS).
f. "Geographic Information System (GIS)n is a system that combines geographic and/or cartographic
analysis capabilities with a computer data base system that can support data entry, data management, data
manipulation and data display.
g. "Non-procedural Language" see definition for Fourth Generation (4GL) Programming Language under
"e".
h. "Procedural or High Order Language" see definition for Third Generation Language (3GL) under "o".
i. "Software means computer programs, procedures, rules and possibly associated documentation and
data pertaining to the operation of a computer system.
j. "Software Engineering" refers to the discipline of applying software tools, techniques and
methodologies to promote software quality and productivity.
k. "Software Life Cycle" is the period of time beginning when a software product is conceived and ending
when the product no longer performs the functions for which it was designed. The software life cycle is
typically broken into phases, such as requirements, design, programming and testing, installation and
operation and maintenance.
1. "Software Maintenance" means the performance of those activities required to keep a software
system operational and responsive after it is accepted and placed into operation. It is the set of
activities which result in changes to the originally accepted (baseline) product. These changes
consist of modifications required to: (1) insert, delete, extend and enhance the baseline system
(perfective maintenance); (2) adapt the system to changes in the processing environment (adaptive
maintenance) and (3) fix errors (corrective maintenance).
m. "Software Tools refers to packaged, often commercial, computer program(s) used to help develop,
test, analyze or maintain computer programs, data and information systems. Examples include statistical
software such as SAS, SPSS, sort systems, etc.
n. "Testing" refers to examining the behavior of a program by executing the program on sample data sets.
o. Third Generation (3GL) Programming Language is a programming language that usually includes
features such as nested expressions and parameter passing, that can run on a variety of different computer
systems and are independent of machine architecture (e.g., COBOL, BASIC, FORTRAN, PL/I). It is a
problem oriented language that facilitates the expression of a procedure as an explicit algorithm. In
contrast to fourth generation programming language, third generation programming language is usually
independent of a data base management system and is transportable between different computer
architectures.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines for the Agency's software
management program will be issued under separate cover.
4-10
6 of 6
06/21/96 12:29:56
-------�
http://www.epa.gov/docs/irm_polman/chaptr10.txthtml
IRM POLICY MANUAL 2100
7/21/87
CHAPTER 10 - RECORDS MANAGEMENT
1. PURPOSE. This policy prescribes objectives, responsibilities and procedures for the conduct of
the Agency's records/information management program.
2. SCOPE AND APPLICABILITY. This policy applies Agencywide to both program and
administrative records.
3. BACKGROUND. Records created or acquired by an official or employee of the Agency in the
course of conducting Government business are the property of the United States Government.
Persons who create or acquire custody or possession of official records by virtue of their positions
as officials or employees do not necessarily attain a proprietary interest in such records. Official
records are public records and belong to the Government rather than to the employee. The
penalties for the willful and unlawful destruction, removal from files and private use of official
records are contained in 18 U.S.C. 2071. All EPA employees are responsible for reporting any
actual or threatened unlawful loss or removal of official records to the Agency Records
Management Officer, Information Management and Services Division.
Detailed information on records management procedures and guidance are contained in the EPA Records
Management Manual.
4. AUTHORITIES.
a. Federal Records Act of 1950, as amended (44 U.S.C. 3101-3107)-
b. 36 CFR 1220 and 41 CFR 201-22.
c. Paperwork Reduction Act of 1980.
d. OMB Circular A-130, Management of Federal Information Resources.
5. POLICY.
a. The Agency shall make and preserve records to provide adequate and proper documentation of the
organization, functions, policy decisions, procedures and essential transactions; and to protect the legal
and financial rights of the Government and of persons directly affected by Agency activities.
b. As required by law, the official records of the Agency shall not be destroyed without the prior approval
of the National Archives and Records Administration. This approval authority is provided in the form of
EPA Records Control Schedules. These schedules list official records of the Agency (including many
non-official records) and prescribe the periods of authorized retention. All EPA employees are
responsible for insuring that records disposal actions agree with these schedules.
c. Records (of all media, paper, electronic, audiovisual, maps, etc.) shall be retained in accordance with
Agency retention schedules. After the specified record retention period, records shall be disposed of or
forwarded to the Federal Records Center per Agency procedures.
d. The Agency shall preserve and protect information that is vital to the essential functions of the Agency
during a national emergency or that is essential to the legal rights and interests of individual citizens and
1 of 5
07/10/96 13:08:43
-------�
http://www.epa.gov/docs/irm_polman/chaptr10.txt.html
the Government.
e. The Agency shall apply, whenever practicable, appropriate standards and file structures to facilitate
efficient filing, storage and retrieval of records.
f. The acquisition and use of state-of-the-art information storage and retrieval systems (e.g., microform,
electronic digital image, computer assisted retrieval), shall be approved when technically feasible,
cost-effective and when it most appropriately satisfies program needs.
g. The Agency shall establish uniform criteria for the acquisition of information storage and retrieval
technologies.
h. Machine-readable and audiovisual records (i.e., microform records) shall be maintained and protected
in accordance with applicable statutes and regulations.
i. The acquisition of filing equipment and supplies for use within the Agency shall be as economical as
possible to meet filing requirements. Filing equipment is not to be requested solely to improve
appearance, office decor, elevate status nor because of a desire for the latest design. Letter-size
equipment shall be used unless there is a requirement for legal-size. Used or reconditioned equipment
shall be used when available. As equipment becomes excess to local needs, it shall be turned into the
Property Office for further disposition.
j. The integrity of the Agency's official files shall be insured at all times, so that all official records relating
to the operations of the Agency are documented in the official files.
6. RESPONSIBILITIES.
a. The Assistant Administrators, Inspector General, General Counsel, Associate Administrators, Regional
Administrators, Laboratory Directors and Headquarters Staff Office Directors shall provide for the
implementation of the records/ information management program within their respective areas. They
shall:
(1) Assure that the objectives of the EPA records management program are achieved. These objectives
include the following:
(a) Prevent the creation of unnecessary records in any media.
(b) Promote the application of filing systems and structures for the efficient organization, maintenance
and use of records to facilitate retrieval and use.
(c) Ensure that records of continuing value are preserved but that valueless or non-current information
are disposed of or transferred to storage in a timely manner in accordance with Agency records control
and disposition schedules.
(d) Ensure that the acquisition and use of all direct paper to microform systems and equipment or
electronic digital image are technically feasible, cost-effective and most appropriately satisfy program
needs.
(e) Ensure that appropriate criteria justifying the acquisition of information storage equipment are
applied.
2 of 5
07/10/96 13:08:51
-------�
http://www.epa.gov/docs/irTr_polman/chaptr10.txthtml
(f) Preserve and protect information that is vital to the essential functions of the Agency during a national
emergency or that is essential to the legal rights and interests of individual citizens and the Government.
(g) Provide for the Agencywide management of machine-readable and audiovisual records in accordance
with applicable statutes and regulations.
(2) Designate individuals within their respective areas to act as Records Management Officers and Vital
Records Officers.
(3) Assure that file custodians are designated within their area of responsibility.
(4) Assure that records control schedules are applied to the records in their area.
b. The Director, Information Management and Services Division shall provide overall supervision and
policy guidance in records management on an Agencywide basis.
c. Records Management Officers.
(1) The Agency Records Management Officer in the Information Management and Services Division,
shall:
(a) Develop policy, directives, instructional materials governing the organization, maintenance and
disposition of all records, including machine-readable and audiovisual.
(b) Provide staff advice, guidance, assistance and training in all aspects of the records/information
management program.
(c) Coordinate program efforts and evaluate program effectiveness by making periodic surveys of
information systems.
(d) Coordinate the review and approval of requests for source document micrographics/electronic image
storage and retrieval systems, equipment and services.
(e) Review and approve acquisition of records storage equipment at Headquarters.
(f) Plan and coordinate the EPA Vital Records Program.
(g) Coordinate the retirement and retrieval of Headquarters records to the Federal Records Center.
(2) Records Management Officers at Headquarters shall serve as coordinators of the records program in
their areas.
(3) Records Management Officers in Regional offices and laboratories, when designated, shall perform
responsibilities corresponding to those of the Agency Records Management Officer (see subparagraph
c(l) above) in their areas.
7. DEFINITIONS.
a. "Administrative Records" are the records which reflect routine, transitory, and internal housekeeping
3 of 5
07/10/96 13:08:55
-------�
http://www.epa.gov/docs/irm_polman/chaptr10.txt.html
activities relating to subjects and functions common to all offices.
b. "Agency Records Management Officer" is the title of the designated staff official whose responsibility
is to plan, develop and coordinate the Agency records management program.
c. "Electronic Digital Image Storage and Retrieval Systems" is the technology that converts and stores
images and information in digital form.
d. "Federal Records Centers" are the depositories established by the National Archives and Records
Administration for the housing of non-current, inactive or permanent records pending ultimate disposition
in accordance with the Agency Record Control Schedules.
e. "Filing Equipment" refers to any equipment used to provide storage for information e.g., lateral,
vertical, mechanized and ADP.
f. "Filing Supplies" are items such as folders, guides, cross-reference sheets and charge-out cards.
g. "Information Management" describes the processes necessary for the creation, use and disposal of
information regardless of the media on which it is recorded.
h. "Maintenance of Records" refers to the grouping, filing, storing and safeguarding of records.
i. "Micrographics" refers to the science and technology of document and information microfilming and
associated microform systems including the following:
(1) "Microfilm" is a high resolution film containing an image or images greatly reduced in size from the
original which is recorded on the film.
(2) "Microfiche" is a sheet of film containing multiple microimages in a grid pattern. It usually contains a
heading or title which can be read without magnification.
(3) "Microform" is any form containing microimages.
(4) "Microimages" refers to information, such as a page of text or a drawing, too small to be read without
magnification.
j. "Program Record" refers to records created, received and maintained by an agency in the conduct of
the mission functions for which it is responsible. The term is used in contrast with administrative,
housekeeping or facilitative records.
k. "Records" are recorded information of continuing administrative, fiscal, legal, historical or
informational value, including published materials, papers, maps, photographs, microfilm, audiovisual,
machine-readable materials (ADP tapes/disks) or other documentary material, regardless of physical form
or characteristics, made or received by the agency that evidences organization, functions, policies,
decisions, procedures, operations or other activities of the Government.
(1) "Classified Records" are records designated as "Top Secret," "Secret" or "Confidential" which are
restricted to processing or use by cleared individuals and require special protection.
(2) "Current Records" are records or files presently in the physical custody of organizational units, the
4 of 5
07/10/96 13:09:00
-------�
http://www.epa.gov/docs/irm_polman/chaptr10.txthtml
maintenance of which is required for the conduct of current work.
(3) "Nonrecord Material" includes blank forms, library materials and working papers of fleeting value
such as drafts, worksheets, informal notes, slips, etc.
(4) "Official Record File" refers to documentation including all background material resulting from
specific transactions, operations or processes which are accumulated and maintained in file equipment. It
may include any media such as film, microform, cards, papers and magnetic tapes and disks.
(5) "Permanent Records" refers to records of continuing value which are considered to be so valuable or
unique in documenting the history of the agency or for informational content that they should be
preserved "forever" as part of the National Archives of the United States.
(6) "Confidential Business Information" means any information in any form received by EPA from any
person, firm, partnership, corporation, association or local, State or Federal agency or foreign
government which contains trade secrets or commercial or financial information, and which has been
claimed as confidential by the person submitting it and has not been determined to be non-confidential
under the procedures in 40 CFR Part 2.
(7) "Semi-active and Inactive Records" refers to records worthy of preservation, have long term
permanent value and will be retired from expensive office space and equipment to the area Federal
Records Center for storing, servicing, and ultimate disposition in accordance with EPA records control
schedules.
(8) "Temporary Records" are records created incidental to performance of the mission. They are
"operational", "support" and "service type records which are considered to be of temporary value to the
Agency and will be destroyed at some tie.
1. "Records Control Schedules" refers to a list for systematic disposition of agency records, including their
retention, transfer, retirement or destruction, performed in accordance with approved disposition
authority from the United States Archivist, National Archives and Records Services.
m. "Records Management Officer" is the title of designated staff officials whose responsibilities are to
assist the Agency Records Management Officer by carrying out the policies of the records management
program in their respective organizational units.
n. "Records Management" describes the management of the media on which information is recorded.
o. "Vital Records" refers to records critical to the continued operation of the agency and records essential
to the preservation of the legal rights and interests of employees and individual citizens, in wartime or
disaster.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines are issued under separate cover in
the EPA Records Management Manual EPA Directive 2160.
5 of 5
07/10/96 13:09:07
-------�
The information system manager (program manager} is responsible
for overseeing the creation ana use of electronic records m
keeping with federal regulations and Agency policy. This
includes coordination with the records officer to establish a
retention period, and to implement authorized disposition
instructions for system information. The system manager also
coordinates with the records officer ..nd information technology
officer to develop a Information Resource Management plar. to rr.ee:
future system information needs.
The ADP or Information Technology Manager is responsible for
managing ADP resources, as well as notifying the system manager
and records officer of technology changes that would affect
access, retention, or disposition of system records.
-------�
http://www.epa.gov/docs/irm_polman/chaptr17.txt html
CHAPTER 17 - SYSTEM LIFE CYCLE MANAGEMENT
1. PURPOSE. This policy establishes the life cycle requirements of EPA's automated information
application systems. Roles and responsibilities for implementing these requirements are also
delineated. Observance of these requirements will ensure full value is obtained from Agency
investments in data and information systems.
2. SCOPE AND APPLICABILITY. All automated information application systems that are
developed, produced or maintained by or for the EPA are subject to this policy. Formal review
requirements vary according to system category (see Exhibit 17-A). This policy applies to all EPA
organizational units and their employees. It also applies to agents of the EPA who support the
initiation, analysis, design, development, operation and retirement of Agency information systems.
3. BACKGROUND.
a. The Agency depends on information to accomplish its mission. EPA's data and information systems are
among its most valuable assets and are critical to the Agency's ability to provide the public with access to
environmental information.
b. Development of information systems is difficult, and often complex and expensive. Agency system life
cycle management requirements are designed to meet applicable Federal requirements, ensure
management involvement at key decision points, obtain and sustain corporate commitment for
information systems, and coordinate information systems-related activities.
c. System life cycle management promotes involvement by users, program managers and information
resource managers in system development and enhancement efforts. It establishes a process by which
Agency managers are directly accountable for making key decisions about how resources are expended
for system development and enhancement efforts.
d. EPA relies frequently upon contractors and other agents for assistance in building and operating its
information systems. System life cycle management establishes practices and periodic review
requirements that mitigate the uncertainties involved in using extramural support.
e. EPA is committed to managing its information systems in a cost effective manner and ensuring its
systems meet mission needs. Using guidance provided by oversight agencies including the Office of
Management and Budget (OMB), the General Services Administration (GSA), and the General
Accounting Office (GAO), the Agency conducts periodic reviews to assess how well its systems are
meeting these key objectives.
4 AUTHORITIES.
a. 44 U.S.C. Chapter 35, Paperwork Reduction Act of 1986.
b. EPA Hardware and Software Standards.
c. Federal Records Act of 1950, as amended (44 U.S.C. Chapter 3101-3107, Records Management by
Federal Agencies).
d. OMB Circular No. A-l 1, Exhibit 43, Data on Acquisition, Operation, and Use of Information
Technology Systems, May 28,1986.
e. OMB Circular No. A-130, Management of Federal Information Resources, June 25, 1993.
1 of 12
07/10/96 12:58:14
-------�
http://www.epa.gov/docs/irm_polman/chaptr17.txt.html
f. FIRMR 201-2, Designated Senior Officials.
g. FIRMR Subchapter B, Management and Use of Information and Records, Part 201-6, Predominant
Considerations.
h. FIRMR Subchapter C, Management and Use of FIP Resources, 201-17, Predominant Considerations.
i. FIRMR 201-22, Review and Evaluation.
5 POLICY.
a. All information systems shall support the mission of the Agency. Plans for information systems shall be
included in Agency and organizational budget and planning processes as appropriate (see Chapter 2 on
Mission-Based Planning).
b. System life cycle management at EPA is based on a set of generic stages in a typical system
development or enhancement project. EPA does not require use of a specific system life cycle
methodology, as this would be unduly restrictive when uniformly applied across the wide range of EPA's
varied information systems development and enhancement projects.
c. The generic information system life cycle at EPA consists of eight major stages:
(1) Initiation - a request for the development of a system to meet a need for information or to solve a
problem for the individual making the request.
(2) Requirements analysis - determination of what is required to automate the fiinction(s) identified by the
organization.
(3) Design - the stage that specifies the automated and manual functions and procedures, the computer
programs, and data storage techniques that meet the requirements identified and the security and control
techniques that assure the integrity of the system.
(4) Programming - coding of the program modules that implement the design.
(5) Testing and quality assurance - ensuring that the system works as intended and that it meets
applicable organization standards of performance, reliability, integrity and security.
(6) Installation and Operation - incorporation and continuing use of the new system by the organization.
(7) Maintenance/enhancement - Resolving problems not detected during testing, improving the
performance of the product and modifying the system to meet changing requirements. (Full-scale
enhancements require full life cycle analysis.)
(8) Retirement - the stage which ends use of the system.
New systems development and enhancement/replacement projects must go through these eight major
stages noted above. Systems may cycle through various stages multiple times. Developers of EPA
information systems shall consult with the intended user community throughout the systems' life cycle to
ensure the system is meeting mission needs.
2 of 12
07/10/96 12:58:22
-------�
http://www.epa.gov/docs/irm_polman/chaptr17.txthtml
d. The way a specific methodology is applied to the generic life cycle must be documented (see section
5.e (2)d).
e. Appropriate levels of management shall review and approve or disapprove system development or
enhancement\replacement projects. These reviews by management shall occur, at a minimum, at the end
of each stage of the generic life cycle as implemented for the chosen methodology. These management
decisions shall be documented by means of signatures on formal decision papers. For new system
development or enhancement projects, the first two decision papers have special characteristics.
(1) The System Charter decision paper, which is developed during the initiation stage of a new system
development or enhancement project, shall document:
a) the information management and mission
need(s) to be met;
b) the intended user community;
c) the sponsoring organization(s);
d) the projected time frame for the project;
e) the likely system category, based on expected
scope and cost (see Exhibit 17-A) ;
f) a preliminary estimate of the range of
potential life cycle costs;
g) the appropriate management levels for review
and approval of decision papers; and
h) the manager of the system.
(2) The System Management Plan (SMP) decision paper shall be produced at the conclusion of the
analysis stage and shall be updated as the project progresses. Exhibit 17-A sets forth required Agency
management review levels for SMPs. The SMP shall subsume the System Charter and shall include at a
minimum:
a) the system's purpose, mission need, and
goals;
b) the system's scope, including the system's
funding organization(s), intended primary and
secondary user community and any known or
intended interactions with other systems;
c) assumptions and constraints influencing the
3 of 12
07/10/96 12:58:26
-------�
http://www.epa.gov/docs/irm _polman/chaptr17.txt.html
system;
d) the life cycle methodology to be used in
managing the system's life cycle and its key
decision points;
e) the appropriate levels of management review
and approval;
f) the projected date to begin operation and an
estimate of total system life from initiation
to retirement;
g) an estimate of total life cycle costs, broken
out by stages;
h) an acquisition strategy and alternatives;
i) a cost-benefit analysis including an analysis
of technical alternatives;
j) a description of the system's architectural
context, technical requirements, anticipated
security issues, platform and network
capacity needs; and
k) the system's data architecture, in
compliance with Agency and Federal data
standards.
(3) Following are the minimum contents required for formal decision papers other than those produced
for the Charter and the System Management Plan:
a) the current status of the system;
b) an estimate of the cost of the next stage(s)
for which approval is sought in the decision
paper and an assessment of projected vs.
actual costs to date;
c) a description of the work to be accomplished
in the next stage(s) of the system
development or enhancement project;
d) identification of any programmatic policy or
4 of 12
07/10/96 12:58:32
-------�
http://www.epa.gov/docs/irm_polman/chaptr17.txthtinl
procedural decisions needed to address
constraints influencing the success of the
next stage(s); and
e) an analysis of appropriate alternatives.
(4) System Management Plans shall link appropriately with Agency and Organizational IRM Strategic
and Multi-Year Implementation Plans.
(5) No more than 15% of the estimated cost of the next stage or $250,000, whichever is less, may be
expended prior to approval of the formal decision paper.
(6) The SMP shall be updated to reflect actual and planned changes as new system decision papers are
approved and a baseline version of the SMP shall be retained for reference.
(7) Throughout the life cycle of the system, management of the system shall be conducted in accordance
with the SMP, as updated.
f. EPA personnel shall develop all decision papers to ensure government control over system decisions.
EPA staff may use any and all available source material, including contractor-generated material, in the
development of formal decision papers.
g. The EPA Executive Steering Committee for Information Resources Management (IRM) and all other
EPA managers involved in reviewing system decision papers shall provide decisions within 30 days of
receipt of the decision paper.
h. All systems shall be categorized in one of the following four types:
(1) Major Agency Systems,
(2) Major AAship/Regional Systems,
(3) Significant Program Office Systems, and
(4) Local Office or Individual Use Systems.
Each category reflects a combination of factors such as the system's cost and organizational scope. See
Exhibit 17-A for the specific thresholds which determine a system's category.
i. The level of detail for decision papers shall be appropriate to the category of the system. The approving
managers may establish more extensive decision point requirements for individual systems than required
by this policy.
j. All information systems shall comply with appropriate Federal and Agency IRM policies, standards, and
procedures throughout their life cycles. Recognizing that legacy systems may not conform completely
with current Agency architectures and standards, system enhancement projects shall move into
conformance with these architectures and standards, as appropriate, as projects proceed.
k. To maximize the return on the Agency's investment in its information systems, sufficient
documentation is needed at each stage of the life cycle to support effective management of Agency
5 of 12
07/10/96 12:58:36
-------�
http://www.epa.gov/docs/irm_polman/chaptr17.txt.html
resources and to facilitate the interchange of information among managers, developers, programmers,
operators and users.
The following are key documents (in addition to the
system charter, system management plan, and decision papers) produced at different stages of the system
life cycle:
(I) needs statement and initiation request (2) feasibility study
(3) risk analysis
(4) cost/benefit analysis
(5) functional requirements analysis (6) functional security and internal control requirements analysis
(7) data requirements analysis (8) data management plan
(9) quality assurance plan
(10) system/subsystem, program and database specifications
(II) validation, verification and testing plan and specifications
(12) system acceptance plan
(13) schedules for each phase and records of schedule changes
(14) user manual
(15) operations/maintenance manual (16) installation conversion plan (17) test analysis and security
evaluation report (18) software maintenance plan (19) post implementation review plan (20) evaluation
and assessment of information system obsolescence
(21) change control memos or forms (22) system security plan
(23) disaster recovery plan
6. RESPONSIBILITIES.
a. The Designated Senior Official (DSO) for IRM is responsible for establishing policies and procedures
to implement all Federal IRM mandates including, but not limited to, the Paperwork Reduction Act of
1980 and its amendments (P.L. 96-511), Federal Information Processing Standards (FIPS), Federal IRM
Regulations (FIRMR), OMB Circular No. A-130 (Management of Federal Information Resources), OMB
Circular No. A-11 (Data on Acquisition, Operation, and Use of Information Technology Systems) and
other Federal regulations.
b EPA's Executive Steering Committee for IRM is responsible for review and approval/disapproval of
System Management Plans for systems which meet any of the following criteria:
(1) Mission critical for multiple AAships;
(2) Mission critical for multiple Regions;
(3) Agency core financial system;
(4) Estimated costs exceed $25 million over the life of the system;
(5) Estimated costs exceed $5 million in one year.
c. The Assistant Administrators, Associate Administrators, Regional Administrators, Laboratory
Directors, Headquarters Staff Directors, General Counsel, and the Inspector General are responsible for:
6 of 12
07/10/96 12:58:43
-------�
http://www.epa.gov/docs/irmj3olman/chaptr17.txt.html
(1) Ensuring compliance with system life cycle management policies, procedures and standards.
(2) Managing the system life cycle, process and products within their organizations in compliance with
Agency and Federal policy.
(3) Reviewing and approving/disapproving System Management Plans for systems sponsored by their
organization which meet any of the following criteria:
a) Mission critical for their AA/ship or a joint
mission critical project with another AAship
or Region;
b) Agency core financial system;
c) Estimated to exceed $10 million throughout
the lifecycle or $1 million in annual costs.
d. The Senior IRM Officials (SIRMOs) for the organization(s) funding the project(s) are responsible for:
(1) Reviewing and approving/disapproving System Management Plans for systems sponsored by their
AAship or Region;
(2) Coordinating all reviews and approvals outside the Office Directorship, such as the Executive
Steering Committee for IRM, Assistant or Regional Administrator, and Director of the Office of
Information Resources Management (OIRM).
e. The Director, OIRM is responsible for:
(1) Reviewing and approving/disapproving System Management Plans for projects meeting any of the
following the criteria before they go to the Executive Steering Committee for IRM:
(a) Mission critical for one or more AAships or
Regions;
(b) Agency core financial system;
(c) Estimated to exceed $25 million over the
life of the system or $5 million in annual
costs.
(2) Conducting, at his/her discretion, additional system life cycle management reviews to complement the
reviews required to be conducted periodically by system sponsors.
f. The Director, National Data Processing Division is responsible for providing technical consultation to
reviewers of System Management Plans concerning the description of the system's architectural context,
technical requirements, anticipated security issues, platform and network capacity needs to ensure
conformance with the Agency's technology architecture.
7 of 12
07/10/96 12:58:50
-------�
http://www. epa. gov/docs/irm _polman/chaptr1 7 .txt. html
g. System Sponsors are responsible for:
(1) Reviewing and approving/disapproving system decision papers.
(2) Conducting periodic system life cycle management reviews to evaluate costs and efficiency of
operation, and ensure the system is continuing to meet mission needs.
h. System Managers are responsible for:
(1) Managing the system's life cycle process and products within their program(s) in compliance with
Agency and Federal policy.
(2) Preparing System Management Plans and other decision papers.
(3) Obtaining review and approval of all decision papers.
i. The Office of Acquisition Management and the Office of Grants and Debarment are responsible for
ensuring that this policy is incorporated, as appropriate, in Requests for Proposals, contracts, interagency
agreements, cooperative agreements, and grants.
j. Each EPA employee engaged in system life cycle management activities is responsible for conforming
to this policy, and related procedures and standards.
7. DEFINITIONS.
a. "Agents of EPA" refers to anyone who is directed to use EPA resources.
b. "Applications system" refers to an information system composed of one or more units of software
supported by automated data processing equipment (ADPE) and automating the work methods and
procedures to collect, store, process and disseminate information to support specific agency missions.
c. "Application systems life cycle management" is the process of administering an application system over
its entire life cycle, from the time span between the establishment of a need for a system to the end of its
operational use. The life cycle is divided into discrete phases with formal milestones established as points
of management controls.
d. "Appropriate level of management" is the first level of management whose scope of responsibility
includes the Agency major user and funding organization(s). For example, if a system is used or funded
by multiple AAships and/or Regions, those AAs and RAs sponsoring the project and the Executive
Steering Committee for IRM are the appropriate level of management. If its use and funding is restricted
to one organization, that organization's manager is the appropriate level of management.
e. "Decision papers" describe system activities which require management approval. The complexity and
formality of the decision papers should be appropriate to the system's category.
f. "Decision points" refer to specific points in a system's life cycle. The generic decision points in a life
cycle are at the junctures between each of the six stages identified in the generic life cycle.
g. "Decision Threshold" refers to the level of system review and approval authority required for system
decisions as determined by the category of information system.
8 of 12
07/10/96 12:58:57
-------�
http://www.epa.gov/docs/irm_polman/chaptr17.txt.html
h. "Guidance" refers to a recommended approach that promotes compliance with policies and procedures.
It includes hints, examples, and lessons-learned.
i. "Information" refers to any communication or reception of knowledge (e.g., facts, data or opinions) in
any medium or form, including textual, numerical, graphic, cartographic, narrative or audiovisual forms.
j. "Information Application System" refers to the organized collection, processing, maintenance,
transmission, and dissemination of information in accordance with defined procedures. Models are
included in this definition.
k. "Information resources management activities" refers to
planning, budgeting, organizing, directing, training, and administrative control associated with
government information resources. The term encompasses both information itself and the related
resources, such as personnel, equipment, funds, and information technology.
1. "Information system category" refers to the manner in which systems are classified according to a
combination of factors including the system's type, cost, and organizational scope in terms of use and
funding. All systems are categorized in one of the following four categories:
(1) Major Agency Systems;
(2) Major AAship/Regional Systems;
(3) Significant Program Office Systems;
(4) Local Office or Individual Use Systems.
See Exhibit 17-A for the specific thresholds which determine a system's category.
m. "Major information system" refers to a system that requires special continuing management attention
because of its importance to an agency mission; its high development, operating or maintenance costs; or
its significant impact on the administration of agency programs, finances, property, or other resources.
n. "Mission critical" refers to a system whose operation is essential to the organization's mission.
o. "Procedures" refer to instructions on how to perform work in order to meet the established standards.
They should explain in detail the method to complete a task or job. Forms and work flows are considered
procedures.
p. "Standards" refer to the measures by which implementation of policy can be determined. They provide
a basis of comparison, and are objective, clear, concise, technical descriptions. They are usually
determined externally (e.g., Federal Information Processing Standards).
q. "System" refers to an organized set of functions, data, procedures, hardware, software,
communications and/or documentation which enables an organization to solve a specific information
management problem. A system need not be automated, but most instances of life cycle management
apply to automated systems.
9 of 12
07/10/96 12:59:06
-------�
http://www.epa.gov/docs/irm_polman/chaptr17 txt.html
r. "System Charter" documents the information management problem to be resolved, the scope of the
problem in terms of the user, sponsoring and funding organization(s), the time frame, the likely system
category, the appropriate level of management for review and approval, and manager of the system.
s. "System development or enhancement project" refers to the creation of new systems, enhancement of
an existing system, or perfective, adaptive, corrective maintenance of an existing system, for which the
estimated cost of would exceed $100,000. A system development or enhancement project typically
encompasses all eight stages of the generic information system life cycle.
t. "System life cycle" refers to the complete time span of a system from the origin of the idea that leads to
the creation of the system to the end of its useful life. The stages of the life cycle are as defined in section
5.c. of this policy. There is obviously variance in life cycle periods among systems. To calculate total life
cycle costs, a defined life cycle period needs to be established for each system development/modification
project. Twelve years is cited in a number of references as an average system life cycle period.
u. "System life cycle costs" refers to sum total of the direct, indirect, recurring, nonrecurring, and other
related costs incurred, or estimated to be incurred, in the design, development, production, operation,
maintenance, and support of a system over its anticipated useful life span. Costs include but are not
limited to equipment, software, personnel (both Agency and contractor), timeshare, and
telecommunications.
v. "System life cycle methodology" refers to the formal documentation of the phases of an information
system, beginning with the initiation through to the retirement phase. The methodology describes the
precise objectives for each phase and the results required for each phase before the next one can
commence. It may provide specialized forms for the presentation of the documentation throughout each
phase.
w. "System Management Plan" (SMP) is the key document which provides the overall framework for the
management of the system. Basic components of the SMP are addressed in Section 5.f(2) of this policy.
x. "System sponsor" refers to the manager of any EPA organizational unit which funds an information
system. Generally, the system sponsor will be the same as the appropriate level of management for
decision paper approval.
8. PROCEDURES, STANDARDS AND GUIDANCE. The Office of Information Resources
Management will issue procedures, standards and guidance for Agency system life cycle management
under separate cover. Other relevant Federal and Agency guidance documents which should be followed
are noted below.
a. FIPS PUB 38, Guidelines for the Documentation of Computer Programs and Automated Data
Systems, February 15, 1976.
b. FIPS PUB 64, Guidelines for Documentation of Computer Programs and Automated Data Systems for
the Initiation Phase, August 1, 1979.
c. FIPS PUB 65, Guideline for ADP Risk Analysis, August 1, 1979.
d. FIPS PUB 73, Guidelines for Security of Computer Applications, June 30, 1980.
e. FIPS PUB 101, Guidelines for Life Cycle Validation, Verification and Testing of Computer Software,
10 of 12
07/10/96 12:59:13
-------�
http://www. epa.gov/docs/irm_polman/chaptr 17 .txt. html
June 6, 1983.
f. FIPS PUB 102, Guideline for Computer Security Certification and Accreditation, Sept. 27, 1983.
g. FIPS PUB 105, Guidelines for Software Documentation Management, June 6, 1974.
h. FIPS PUB 106, Guidelines on Software Maintenance, June 15, 1984.
i. FIPS PUB 124, Guideline on Functional Specifications for Database Management Systems, Sept. 30,
1986.
j. OMB Circular 94, Guidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs,
October 29, 1992.
k. OMB Circular 109, Major Systems Acquisitions, April 5, 1976.
1. EPA Information Technology Architecture Road Map. Exhib
1. SYSTEM CATEGORY: Major Agency System
THRESHOLD CRITERIA SCOPE (System category is determined by the highest threshold reached
under either the scope OR cost criteria ): Mission Critical for Multiple AAships or Regions; or Agency
Core Financial System
THRESHOLD CRITERIA COST: >$25 million throughout the lifecycle or $5 Million annually.
SYSTEM MANAGEMENT PLAN(SMP)MUST BE REVIEWED BY: Funding Org. AA/RA, Dir.
OIRM, Exec. Steering Committee for IRM.
2. SYSTEM CATEGORY. Major AAship or Regional System
THRESHOLD CRITERIA SCOPE: Mission Critical for 1 AAship or Regional Office
THRESHOLD CRITERIA COST: >$10 million throughout the lifecycle or >$1 million annually
SYSTEM MANAGEMENT PLAN(SMP)MUST BE REVIEWED BY: Funding Org. SIRMO(s) &
AA/RA
3. SYSTEM CATEGORY: Significant Program Office System
THRESHOLD CRITERIA SCOPE: Mission Critical in Program Office
THRESHOLD CRITERIA COST: >$2 million throughout the lifecycle or >$100,000 annually
SYSTEM MANAGEMENT PLAN(SMP)MUST BE REVIEWED BY. Funding Org. SIRMO(s)
4. SYSTEM CATEGORY: Local Office or Individual Use System
THRESHOLD CRITERIA SCOPE: Systems Below Category 3 Thresholds
11 of 12
07/10/96 12:59:22
-------�
http://www.epa.gov/docs/irmj3olmarv/chaptr17.txt.html
THRESHOLD CRITERIA COST: <$100,000 annually for one project
SYSTEM MANAGEMENT PLAN(SMP)MUST BE REVIEWED BY: SIRMO or official designee
12 of 12
07/10/96 12:59:26
-------�
Acquisition of Fed. Information Processing Resources
http://www.epa.gov/docs/irmj3olman/chaptr18.txthtml
CHAPTER 18 - ACQUISITION OF FEDERAL INFORMATION PROCESSING
RESOURCES
PURPOSE. This policy establishes principle:
Agency Federal Information Processing
responsibilities for implementing these pri
management accountability.
SCOPE AND APPLICABILITY. ThiJKOTy ap
employees. It also applies to personnoBSft are in
Agency.
BACKGROUND.
1.
2.
3.
a. The Federal Information Resoun
governing the acquisition of FIP r<
b. FIP resources include the fol
(including maintenance), and
kents that govern the acquisition of
so defines the roles and
nts to ensure appropriate
rganizations and their
isition of FIP resources for the
.) i^^krincipal regulation
, support services
c. Acquisition, as defined a
requirements analysis and 10 satisfy
the requirement. This cyclical set of activities is designed to provide the Government with efficient and
effective technology and services to support information needs.
ipport information needs.
d. Acquisition, as defined in FIRMR Part 2D1 -20~also incIudes"b6tairiIngTTP resources from sources
external to the Agency (e.g., through contracts issued by other Federal agencies), and through in-house
sources (e.g., using in-house Agency employees or existing Agency contracts) or development (e.g.,
re-engineering existing software).
e. The General Services Administration (GSA), the Federal oversight agency which issues the FIRMR,
has primary authority to contract for FIP resources. GSA redelegates this authority to individual agencies
through a Delegation of Procurement Authority (DPA) to each agency's Designated Senior Official
(DSO) for Information Resources Management (IRM). An agency's ability to retain its DPA from GSA
depends on how well it manages this delegation. GSA makes this determination through its IRM Review
Program.
4. AUTHORITIES.
a. Public Law 89-306, Brooks Act, vests in the Administrator of the GSA the authority and responsibility
to provide for the economic and efficient purchase, lease, maintenance, operation and utilization of
automated data processing (ADP) resources by Federal departments and agencies.
b. Public Law 98-369, Competition in Contracting Act, requires, among other things, that full and open
competition be utilized in the acquisition of supplies and services, and that specifications not be
unnecessarily restrictive of competition.
c. The Office of Federal Procurement Policy Act contains provisions regarding inherently governmental
functions and procurement integrity that apply to contractors and government officials involved with
Federal procurements.
1 of 6
07/10/96 13:01:30
-------�
Acquisition of Fed. Information Processing Resources
http://www.epa.gov/docs/irm_polman/chaptr18.txt.html
d. 44 U.S.C. Chapter 35, Paperwork Reduction Act of 1986, significantly expands the Brooks Act
definition of automatic data processing equipment (ADPE) to reflect the merging of ADP,
communications, and related technologies.
e. The Administrator of GSA redelegates the authority to contract for FIP resources to agency heads
through Delegations of Procurement Authority (DP A).
f. 41 CFR, Chapter 201.20 and 201.39, FIRMR, provides Government-wide policies, procedures and
guidelines pertaining to the acquisition and management of FIP resources. Chapter 201-18 addresses the
requirement for FIP acquisitions to be consistent with agency IRM plans.
g. 48 CFR, Chapter 15, EPA Acquisition Regulation (EPAAR), codifies the policies and procedures of
EPA which implement and supplement the FAR.
h. Executive Order 12845, issued April 1993, requires agencies to purchase energy-efficient computer
equipment.
i. Office of Management and Budget (OMB) Circular A-l 1, Section 43, includes a requirement for
agencies to submit information on acquisition plans for information technology, including
telecommunication systems.
j. OMB Circular A-76, Policies for Acquiring Commercial or Industrial Products and Services Needed by
the Government, contains policies and procedures for determining whether functions should be performed
by outside sources (such as contractors) or by Government personnel. The Circular also includes
requirements for performance-based statements of work.
k. OMB Circular A-109, issued August 1976, in part describes the cycle for the ADP Systems
Acquisition Process.
1. OMB Circular A-130, Management of Federal Information Resources, establishes policy for the
management of Federal information resources. Among other requirements, it addresses the need for
agencies to conduct IRM planning, with special focus on the information lifecycle.
5 POLICY.
a. EPA shall plan, budget and acquire all FIP resources in a cost-effective manner consistent with the
FAR, FIRMR, and EPAAR, as well as applicable Executive Orders, and other Federal and EPA
IRM-related regulations and policies. FIP resources shall meet and support the documented
mission-related needs of EPA Program and Regional Offices, and Laboratories, and shall be consistent
with the Agency's IRM Plans, and technology and information architectures.
b. Delegations of Procurement Authority are redelegated to Program and Regional Offices and
Laboratories based on those organizations' demonstrated competence in IRM. Some factors
demonstrating competence include an organization's compliance with Federal and Agency IRM and
procurement policies, procedures, standards, and conformance with approved IRM Plans. Other factors
include effective organizational structure, adequate resources, well-trained staff, and effective
performance in IRM functional areas as well as procurement management.
c. EPA organizations shall ensure that, when applicable, acquisition of FIP resources complies with the
2 of 6
07/10/96 13:01:38
-------�
Acquisition of Fed. Information Processing Resources
http://www.epa.gov/docs/irm_polman/chaptr18.txt.html
FIRMR requirements for Requirements Analysis, Analysis of Alternatives, and development of an
Implementation Plan. These analyses and the planning documents must be commensurate with the size
and complexity of the FIP resources needed.
d. EPA organizations shall acquire FIP resources in a manner that minimizes total lifecycle costs and
avoids duplication of effort and resources.
e. EPA organizations shall ensure that acquisition of their computer equipment is compliant with energy
efficient requirements as stipulated by Executive Order 12845.
f. EPA organizations shall consider the needs of persons with disabilities in the acquisition of FIP
resources. These persons may include employees, contractor personnel and members of the public who
may use, develop, maintain or operate a proposed system.
g. Appropriate information security requirements will be incorporated into specifications for the
acquisition of FIP resources.
h. EPA organizations shall track FIP resource estimates and actual costs according to Federal and
Agency planning, budgeting and procurement requirements. In addition, EPA organizations shall ensure
that all FIRMR-applicable FIP resource-related contract costs are tracked against the specific ceiling
established by the contract.
6. RESPONSIBILITIES.
a. The Assistant Administrator for Administration and Resources Management (OARM) is the
Designated Senior Official (DSO) responsible for the conduct of and accountability for acquisition of FIP
resources made under a DPA from GSA. The DSO may redelegate GSA's exclusive authorities for FIP
resources to qualified Agency officials. However, such redelegation does not relieve the DSO from
responsibility and accountability for acquiring FIP resources.
b. The Director, Office of Information Resources Management (OIRM) is responsible for:
(1) Organizing and managing an Agency-wide IRM planning process which integrates FIP resources
acquisition activities with IRM planning and budgeting.
(2) Providing guidance and direction to client organizations involved in procurement of FIP resources.
(3) Negotiating and managing the redelegation process of FIP acquisition authority to client
organizations.
(4) Reviewing and approving procurement packages for FIP equipment, software, services and/or
support services where this authority for review and approval has not been further redelegated.
(5) Resolving FIRMR applicability issues in procurement actions.
(6) Recommending, when appropriate, alternative acquisition methods or sources, and promoting
coordination with other research, programmatic and/or Regional IRM efforts.
(7) Developing, in consultation with the client organization, Implementation Plans for acquisitions of FIP
resources to ensure conformance and compatibility with the Agency's technology architecture.
3 of 6
07/10/96 13:01:43
-------�
Acquisition of Fed. Information Processing Resources
http://www.epa.gov/docs/irmj5olman/chaptr18.txt.html
(8) Reviewing and approving, if appropriate, waiver requests to purchase non-energy efficient computer
equipment and/or non-standard hardware and software.
(9) Approving and forwarding FIP resource acquisition Agency Procurement Requests (APRs) to GSA
for approval when a DP A is required.
(10) Coordinating and forwarding progress reports to GSA, as required in DP As.
c. The Office of the Administrator, Assistant Administrators, Associate Administrators, Regional
Administrators, General Counsel, and Inspector General are responsible for providing effective
implementation of this policy within their respective organizations.
d. Senior IRM Officials are responsible for consulting with their Senior Resource Officials and other key
management and technical personnel to review and approve all applicable FIP resource acquisitions and
associated documents to:
(1) Ensure compliance with Federal, EPA and Program/Regional Office policies, standards, directives,
regulations, approved IRM plans, and planning and budgeting requirements and processes.
(2) Ensure that FIP resource requirements are not fragmented into separate procurements in an attempt
to circumvent the delegated thresholds.
(3) Identify, resolve or justify potentially duplicative procurement activities, as well as opportunities to
"share" FIP resources, within their organizations and/or with other Agency organizations.
e. Client organization managers and staff who originate requirements for acquisition of FIP resources
(System Managers, Project Officers, etc.) are responsible for:
(1) Adhering to the Federal and Agency policies and procedures governing the acquisition of FIP
resources.
(2) Documenting the initial determination of FERMR applicability.
(3) Determining if a DPA is required for their procurement action and developing an APR, if needed.
(4) Developing the Requirements Analysis, the Analysis of Alternatives, and Implementation Plan (if
appropriate) to ensure that the acquisition is cost effective and fully meets their mission needs.
(5) Verifying the adequacy and soundness of technical content, and accuracy and completeness of
documentation.
(6) Obtaining appropriate review and approval from their organization's Senior IRM Official and other
key officials noted in this policy.
(7) Categorizing and tracking FIP resource estimates and actual costs according to Federal and Agency
planning, budgeting and procurement requirements.
(8) Tracking FIRMR-applicable FIP resource costs in contracts to ensure the DPA is not exceeded and to
allow appropriate budgetary reporting.
4 of 6
07/10/96 13:01:49
-------�
Acquisition of Fed. Information Processing Resources
http:/Avww.epa.gov/docs/irm_polman/ch aptr18.txt.html
(9) Submitting progress reports to OIRM, as required by the DPA.
f. The Office of Acquisition Management (OAM) is responsible for:
(1) The acquisition of the Agency's central information processing resources, including
telecommunications (voice, video and data.)
(2) Providing client organizations with technical assistance on Federal and Agency procurement laws,
regulations, and policies.
(3) Performing final quality assurance, review, and approval of all Agency FIP resource acquisitions.
(4) Ensuring that the procurement of FIP resources includes a well-documented audit trail.
(5) Ensuring that all procurements of FIP resources comply with Federal and Agency procurement laws,
regulations and policies.
7. DEFINITIONS.
a. Acquisition, as defined in FIRMR Part 201-20, consists of a series of steps beginning with a
requirements analysis and ending with the implementation of the most advantageous alternative to satisfy
the requirement (e.g., actual award of the contract). Acquisition also includes obtaining FIP resources
from sources external to the Agency, and through in-house sources or development.
b. Acquisition Lifecycle is the period covering all acquisition-related activities. The lifecycle begins when
Agency needs are established and ends with the disposal of the FIP resources.
c. Agency Procurement Request (APR) is a request to GSA by an agency for contracting authority above
their regulatory or specific agency delegation.
d. Analysis of Alternatives is the process of identifying, analyzing and documenting feasible alternatives
that satisfy requirements for FIP resources.
e. Automated Data Processing (ADP) refers to the production, conversion, reduction, destruction,
storage, transfer or communication of data by electronic digital computers and related peripheral devices.
The term "electronic data processing" (EDP) and ADP are frequently used interchangeably with no
significant distinction. Automated data processing may be performed by a stand-alone unit or by several
connected units.
f. Delegation of Procurement Authority (DPA) is the authority provided by the GSA to Federal agencies
which allows them to contract for FIP resources above the dollar ceilings found in regulatory or specific
agency delegations.
g. Federal Information Processing (FIP) Equipment is any equipment or interconnected system or
subsystem of equipment used in the automatic acquisition, storage, manipulation, management,
movement, control, display, switching, interchange, transmission, or reception of data or information.
h. Federal Information Processing (FIP) Resources include equipment, software, services, support
services (including maintenance), and related supplies and systems.
5 of 6
07/10/96 13:01:55
-------�
Acquisition of Fed. Information Processing Resources
http://www.epa.gov/docs/irm_polman/chaptr18.txt.html
i. Federal Information Processing (FIP) Software is any software, including firmware, specifically
designed to make use of and extend the capabilities of FIP equipment.
j. Federal Information Processing (FIP) Supplies are any consumable item designed specifically for use
with FIP equipment, software, services, or support services.
k. Federal Information Processing (FIP) Support Services are any commercial, non-personal services,
including FIP maintenance, used in support of FIP equipment, software, or services.
1. Implementation Plan describes the tasks, responsibilities, resources and schedules necessary to ensure
successful implementation of the FIP acquisition.
m. Information architecture refers to the technologies, interfaces, and geographical locations of functions
involved within an agency's information activities.
n. Life Cycle Costs refers to the sum total of the direct, indirect, recurring, nonrecurring, and other
related costs incurred, or estimated to be incurred, in the design, development, production, operation,
maintenance, and support of a system over its anticipated useful life span. Costs include, but are not
limited to, equipment software, personnel (both agency and contractor), timeshare and
telecommunications.
o. Requirements Analysis is the process of determining and documenting an agency's requirements for
FIP resources.
p. Technology architecture refers to the configuration of the Agency's hardware platforms, software tools
and data communications that together to form the infrastructure within which the Agency's information
systems operate.
8. PROCEDURES AND GUIDELINES. Procedures and guidelines regarding EPA acquisition of FEP
resources will be issued under separate cover. The GSA publishes an Acquisition Guide Series to help
promote effective and efficient acquisition of FIP resources. These Guides are available from the GSA
IRM Reference Center, 18th and F Streets, NW, Washington, DC 20405; telephone (202) 501-4860. See
Chapter 17 of the EPA IRM Policy Manual for the Agency's policy on system life cycle management.
6 of 6
07/10/96 13:02:02
-------�
Information and Data Management
http://www.epa.oov/docs/irm_polman/chaptr19.txt html
Chapter 19 - INFORMATION AND DATA MANAGEMENT
1. PURPOSE. The purpose of this chapter of the Environmental Protection Agency's (EPA's) IRM
Policy Manual is to:
a. Assure the utility of EPA's information and data in meeting legislative and mission requirements.
b. Establish principles for EPA's management of information and data.
c. Implement those components of Federal information management policy relating to information and
data management as articulated in OMB Circular A-130, Management of Federal Information Resources.
d. Assign organizational responsibilities for EPA's management of information and data.
e. Establish the EPA Information and Data Management Program to implement this policy and to enable
integration of information and data across environmental programs.
2. SCOPE AND APPLICABILITY.
a. This policy applies to all EPA employees and their agents involved in EPA's information and data
management activities. These activities include management of information and data from planning,
through creation, processing, dissemination, use, and storage to disposition. They also include all
activities related to sharing and integration of information and data.
b. This policy explicitly applies to the implementation of any information or data management related
requirement in any EPA enabling legislation or regulation.
c. This policy explicitly applies to all information or data management related activities encountered in the
preparation of proposed legislation and regulations by EPA officials and staff.
3 AUTHORITIES.
a. The Paperwork Reduction Act of 1980 (44 U.S.C. Chapter 35) as amended.
b. Office of Management and Budget Circular A-130, Management of Federal Information Resources.
4. BACKGROUND.
a. The Environmental Protection Agency, like other governmental agencies and private organizations
working to protect the environment worldwide, relies upon the availability of accurate information in
fulfilling its mission. Some information used by EPA is created by the Agency itself. Other information,
equally critical to EPA's mission, is created by State and local governments or private industry and
submitted to or shared with EPA according to agreements.
Fulfillment of EPA's environmental mission requires the active, coordinated efforts of partners within
government, private industry and the public. Sharing of information and data with all organizations and
individuals working for protection of the environment enhances the effectiveness of EPA and its partners
in fulfilling that mission. EPA information once considered of interest to only one media area (such as
water or air) is now understood to be of importance Agencywide. Identification and documentation of
Agency information requirements will help make integration and sharing of information and data feasible,
1 of 6
07/10/96 13:03:42
-------�
Information and Data Management
http://www.epa.gov/docs/irm_polman/chaptr19.txt.html
effective and efficient.
b. The Paperwork Reduction Act established a broad mandate for agencies to perform their information
management activities in an efficient, effective, and economical manner. It also assigned the Director of
the Office of Management and Budget responsibility for maintaining a comprehensive set of information
resources management policies, and for promoting the application of information technology to improve
the use and dissemination of information in the operation of Federal programs. To fulfill these
responsibilities, OMB issued and maintains Circular No. A-130, Management of Federal Information
Resources.
Circular A-130 requires agency heads to develop and implement internal agency information policies that
conform to the policies set forth in the Circular. These Circular A-130 policies address the twofold
definition of information resources management as stated in the Circular (i.e., information itself and the
resources associated with information). These policies are further titled "Information Management" - the
management of Federal information; and "Information Systems and Information Technology
Management" - the planning, acquisition, operation, and management of Federal information systems and
technology.
Further, Circular A-130 assigns to the Department of Commerce responsibility for the development and
issuance of Federal Information Processing Standards and guidelines necessary to ensure the efficient and
effective management and use of information technology. Those standards and guidelines are published
by the National Institute of Standards and Technology.
This chapter of the IRM Policy Manual addresses information and data management aspects of EPA's
internal management practices for information, information activities, information systems, and
information technology as specified in Circular A-130. It is responsive to the following broad objectives:
(1) managing information as a valuable strategic resource, as important as financial and personnel
resources,
(2) enhancing the value of data by assuring its accuracy, integrity and availability;
(3) performing information and data management activities in an integrated, efficient, effective, and
economical manner;
(4) maximizing the usefulness of information and data, improving service delivery to the public, reducing
information collection burden on the public, and lowering the cost of program administration; and
(5) recognizing changes in the technical, legal and operational environment EPA faces when managing
information technology.
c. This policy is intended to be read in the context of the entire IRM Policy Manual. It is not
comprehensive in covering the requirements of Circular A-130, and it is not intended to be considered in
isolation from other EPA IRM policies articulated in this manual.
5. POLICY.
a. EPA information and data resources will support Agency missions and programs as agreed upon in
Agency strategic plans. EPA shall collect or create only that information and data necessary for the
proper performance of agency functions and which has practical utility. Practical utility is understood to
2 of 6
07/10/96 13:03:49
-------�
Information and Data Management
http://www.epa.gov/docs/irm_polman/chaptr19.txt.html
include such qualities of information as accuracy, adequacy, and reliability.
b. EPA information and data resources will be treated as Agency resources and managed in a reasonable,
efficient, effective, and economical manner. EPA will plan in an integrated manner for managing
information and data throughout its life cycle. Agency information and data management plans will
consider the creation, collection, processing, dissemination, use, storage, and disposition of information
and data resources.
c. EPA information and data requirements will be identified, defined, and documented. Agency
information and data requirements, including appropriate security requirements, will be identified and
defined in the routine course of system development, re-engineering, or enhancement. The information
requirements that each information system is intended to meet will be documented.
d. Information and data collected and stored by EPA will be identified, defined and documented. EPA
will maintain an inventory of the information and data in Agency information systems.
e. Documentation of EPA information and data requirements and collections will be shared. To the extent
permitted by the confidentiality requirements of Federal law, regulation, and policy, EPA will share
Agency metadata in order to improve the compatibility and efficiency of Agency information systems and
improve access to Agency information and data resources for all potential users, including the public.
f. Documentation of EPA information and data requirements and collections will address the quality of
the data. To enable the fullest use of EPA information and data resources, all necessary steps will be
taken to ensure that data are of known and specified quality. Quality is understood to include such
characteristics as accuracy, adequacy, and reliability.
g. EPA will promote information and data exchange and sharing. To the extent permitted by the
confidentiality requirements of Federal law, regulation, and policy, the Agency will support efficient use
and effective stewardship of information and data resources by exchanging and sharing information and
data both within and outside the Agency.
h. EPA will use Agency-wide standards to establish essential information and data resources management
controls. The Agency will adopt applicable international, national and Federal Information Processing
Standards for data where appropriate or required. When needed, Agency-specific standards will be
developed. All preparation of legislation and regulations as well as information system designs,
developments, redesigns, modernizations, implementations, and life cycle management will comply or
ensure compliance with Agency data standards.
i. EPA employees will be adequately trained to effectively manage and use information and data
resources. Decentralization of information technology has placed the management of information and
information technology directly in the hands of nearly all EPA personnel. The Agency will ensure that
EPA employees who work with EPA information and data resources have appropriate knowledge of how
to manage and use information and data.
6. RESPONSIBILITIES.
a. The EPA Designated Senior Official for IRM shall:
(1) Ensure that the Agency Strategic Plan addresses information management, including information and
data sharing, and includes high-level information requirements.
3 of 6
07/10/96 13:03:55
-------�
Information and Data Management
http://www.epa.gov/docs/irm_polman/chaptr19.txt.html
(2) Organize and lead the ongoing development of an Agencywide information architecture identifying
the information and data required to support Agency missions.
(3) Lead the compilation and ensure the availability of an inventory of information and data in Agency
information systems.
(4) Lead the development and promulgation of Agencywide standards to establish essential management
controls for information and data.
(5) Implement this policy by establishing and supporting an EPA Information and Data Management
Program and appoint an Information and Data Management Officer for EPA who shall be responsible for
administration of the Program.
(6) Ensure the coordination required for development of training responsive to the specific needs of the
EPA Information and Data Management Program.
b. The Information and Data Management Officer shall:
(1) Administer the Information and Data Management Program.
(2) Participate in the IRM strategic planning and budgeting process and work to see that sufficient funds
are allocated for information and data management activities through the budget process.
(3) Develop and promulgate Agencywide standards and management controls for data resources,
working with the National Institute of Standards and Technology, other Federal agencies, and nonFederal
organizations, as appropriate, in the development of data standards.
(4) Direct efforts to develop those components of an information architecture focusing on data.
(5) Develop and oversee centralized coordination of mission-related data standardization efforts
Agencywide.
(6) Create a repository to manage and control essential Agency metadata resources and make these
resources easily accessible within and outside the Agency.
c. Each EPA Primary Organization Head (see definition) shall:
(1) Ensure active and appropriate participation of the Primary Organization in development of the
Agency IRM Strategic Plan.
(2) Ensure that the Primary Organization Strategic Plan addresses information management, including
information and data sharing, and includes highlevel, Primary Organization information requirements.
(3) Sponsor and support the ongoing development of a Primary Organization information architecture
identifying the information and data required to support Primary Organization missions.
(4) Implement the EPA Information and Data Management Program within the Primary Organization and
ensure that information and data management activities performed for the Primary Organization by
contractors adhere to Agency information and data management policy and program requirements.
4 of 6
07/10/96 13:04:02
-------�
Information and Data Management
http://www.epa.gov/docs/irm _polman/chaptr19.txt.html
(5) Contribute to the development of standards by directing appropriate Primary Organization
management and staff to actively participate in such development efforts.
(6) Share documentation of information and data requirements and collections of the Primary
Organization with other EPA Primary Organizations.
(7) Ensure that documentation of EPA information and data requirements and collections addresses the
quality of the data.
(8) Ensure that Primary Organization employees are appropriately trained to effectively manage and use
information and data resources.
7. DEFINITIONS. All definitions are taken from Office of Management and Budget's Circular A-130 or
the National Institute of Standards and Technology's Special Publication S00-208 (March 1993) unless
otherwise noted.
a. Data. Facts or figures from which a conclusion can be drawn. Representation of facts, concepts, or
instructions in a formalized manner suitable for communication, interpretation, or processing by humans
or by automatic means. Any representations such as characters or analog quantities to which meaning is,
or might be, assigned.
b Data (Resources) Management. The responsibilities for planning and controlling the data resources and
functions of an organization which relate to collecting, cataloging, processing, storing, communicating,
and disposing of data consistent with the overall goals and objectives of an enterprise.
c. Data Requirement. A documented need, determined through analysis, for data resources to meet an
agency's information requirements. (Adapted from "A Guide for Requirements Analysis and Analysis of
Alternatives," Information Resources Management Service, U.S. General Services Administration,
January 1990)
d. Data Resources. All data created manually or by automated means that an enterprise treats as a
resource for information used in decision making and problem solving. (Adapted)
e. Designated Senior Official for IRM. An agency official with broad responsibility and accountability for
information resources management as defined by the Office of Management and Budget in Circular
A-130. Within EPA that official is the Assistant Administrator for Administration and Resources
Management. (EPA Delegations Manual, Chapter 1-84. Information Resources Management, 1200 TN
343, 11/29/93.)
f. Information. Any communication or representation of knowledge such as facts, data, or opinions in any
medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual forms.
g. Information Architecture. A collection of logical constructs used to define and control the integration
of information systems.
h. Information Life Cycle. The stages through which information passes, typically characterized as
creation or collection, processing, dissemination, use, storage, and disposition.
i. Information Management. The application of general management principles including planning,
5 of 6
07/10/96 13:04:08
-------�
Information and Data Management
http://www.epa.gov/docs/irm_polman/chaptr19.txthtml
budgeting, directing, and controlling the processing, the handling, and the uses of an organization's
information.
j. Information Requirement. A documented need, determined through analysis, for information resources
to perform an agency's mission. (Adapted from "A Guide for Requirements Analysis and Analysis of
Alternatives," Information Resources Management Service, U.S. General Services Administration,
January 1990)
k. Information Resources. All information created manually or by automated means that an enterprise
treats as a resource for decision making and problem solving.
1. Information System. The organized collection, processing, maintenance, transmission, and
dissemination of information in accordance with defined procedures, whether automated or manual.
m. Metadata. Information about an organization's information and data activities. This includes the
characteristics, resources, usage, activities, systems, and holdings of data.
n. Primary Organization. A component of EPA managed by a Primary Organization Head (namely, the
EPA Deputy Administrator, Assistant Administrator, Regional Administrator, the Inspector General and
the General Counsel.) (Derived from EPA Order 1000.24)
o. Primary Organization Head. The EPA Deputy Administrator, Assistant Administrators, Regional
Administrators, the Inspector General and the General Counsel. (Derived from EPA Order 1000.24)
8. STANDARDS AND PROCEDURES: EPA data standards and procedures implementing this policy
will be issued under separate cover.
6 of 6
07/10/96 13:04:15
-------�
http://www.epa.gov/docs/irm_polman/glossary.txthtnil
IRM POLICY MANUAL 2100
7/21/87
APPENDIX A - GLOSSARY
1. Administrative Records - The records which reflect routine, transitory, internal housekeeping
activities relating to subjects and functions common to all offices.
2. Agency Records Management Officer - The title of the designated staff official whose
responsibility is to plan, develop and coordinate the agency records management program.
3. Application Security - The set of controls that makes an information system perform, in an
accurate and reliable manner, only those functions it was designed to perform. The set of controls
includes the following: programming, access, source document, input data, processing, storage,
output and audit trail.
4. Application Software - Software specifically produced for the functional use of a computer
system, e.g., payroll, inventory control, environmental monitoring and scientific modeling.
5. Artificial Intelligence, Expert, or Knowledge-based Systems
~ A class of Systems that employs decision rules developed through human experience and
from human knowledge to solve problems that require a high degree of human expertise.
6. Automatic Data Processing - The production, conversion, reduction, destruction, storage, transfer
or communication of data by electronic digital computers and related peripheral devices. The term
"electronic data processing" (EDP) and "automatic data processing" (ADP) are frequently used
interchangeably with no significant distinction. Automatic data processing may be performed by a
stand alone unit or by several connected units.
7. Automatic Data Processing Equipment - Electronic components and equipment regardless of use,
size, capacity or price that are designed to be applied to the solution or processing of a variety of
problems or applications.
8. Central Processing Unit (CPU) - That part of a computer that interprets and executes program
instruction and communicates with the input, output and storage devices. It consists of the control
unit and the arithmetic/logic unit.
9. Classified Records - Records which are restricted to processing or use by cleared individuals and
require special protection, e.g., "top secret," "secret" or "confidential."
10 Commercially Available Software - Software that is available through lease or purchase in the
commercial market from a concern representing itself to have ownership or marketing rights in the
software. Software that is furnished as part of the ADP system but that is separately priced is
included.
11. Confidential Business Information - This type of information includes trade secrets, proprietary
and commercial/financial information. Business information is entitled to confidential treatment if:
(I) business asserts a confidential claim, (2) business shows it has taken its on measures to protect
the information, (3) the information is not publicly available or (4) disclosure is not required by
statute and the disclosure would either cause competitive harm or impair the Agency's ability to
obtain, necessary information in the future.
12. Core Systems Standards - The EPA term for a set of standards for end-user interface, software
engineering, data interchange and documentation for general purpose computer software to
perform functions which are common to many different offices (e.g., project tracking or
correspondence control). Core systems are targeted for the personal computer (PC) and office
automation computer systems.
13. Current Records - Records or files presently in the physical custody of organizational units, the
maintenance of which is required in the conduct of current work.
14. Data - Collection of unorganized facts that have not yet been processed into information.
15. Data Base - Collection of integrated data that can be used for a variety of applications.
16. Data Base Management - A systematic approach to storing, updating and retrieval of information
1 of 7
07/10/96 13:06:17
-------�
http://www.epa.gov/docs/irm_polman/glossary.txt.html
stored as data items, usually in the form of records in a file.
17. Data Base Management System (DBMS) - The software product that provides a data structure
containing unrelated data stored so as to optimize accessibility, control redundancy and offer
multiple views of the data to multiple application programs.
18. Data Communications - Computer-to-computer, computer-to-device and device-to-computer
communications and other communications such as a record, tele-processing and telemetry.
19. Data Element - A unit of information used to describe data, data characteristics and attributes,
e.g., eyes - blue or BL.
20. Data Standards - Standards used generally, but not exclusively, for automated systems to ensure
that one type of data is defined the same way in all systems.
21. Designated Senior Official - The individual appointed by the head of an agency who has
responsibility for directing the agency's activities administered under the Paperwork Reduction Act
of 1980.
22. Distributed Processing - Involves the use of computers or intelligent terminals at a number of sites
that share the control, storage and/or computing functions of the central computing system, thus
giving the end-user data processing capabilities. The various stations, or network nodes, are
connected by telecommunications lines.
23. Distributed Network - This term refers to a network architecture in which nodes, or
communications processors, are connected directly or indirectly to each other and share the
communications processing functions.
24. Documentation - Information to support the effective design, management, operation, maintenance
and transferability of ADP resources, and to facilitate the interchange of information.
Documentation includes analysis, technical documents and specifications which are produced in the
software life cycle (e.g., project request, feasibility study, benefit/cost analysis, functional
requirements, data requirements, system/subsystem specifications, test plan, users' manual,
operations manual, test reports and maintenance procedures).
25. Electronic Digital Image Storage and Retrieval Systems The technology that converts and stores
images and information in digital form.
26. Electronic Mail - A generic term describing the use of digital computer and other technologies
(e.g., facsimile) in the generation and transmission or distribution of messages.
27. End-Users - The ultimate customers or recipients of computer services.
28. Essential Elements of Information (EEIs) - This term is modeled after the Department of Defense
and National Aeronautics and Space Administration Data Item Descriptions (DIDs). The EEIs
represent the set of information for a given system's life cycle products (e.g., software management
plan, software design document) that are required for a specific systems development project or for
an existing system's operation. EEIs are required for the successful management of a project.
29. Federal Records Centers - The depositories established by the National Archives and Records
Administration for the housing of non-current, inactive or permanent records pending ultimate
disposition in accordance with the Agency Record Retention and Control Schedules.
30. Filing Equipment - Any equipment used to provide storage for information, e.g., lateral, vertical,
mechanized and ADP.
31. Filing Supplies - Items such as folders, guides,cross-reference sheets and charge-out cards.
32. Fourth Generation (4EL) Programming Language - The term refers to modern programming
languages (e.g., INFO, FOCUS) designed for end-users or to increase programmer productivity,
which, have a number of tools such as English language syntax, dictionaries, screen builders and
reference to data by name. These languages tend to be dependent on specific computer
architectures and are not usually transportable. They usually imply a proprietary database
management system (DBMS) or data management system (DMS).
33. Geographic Information System (GIS) - A computer-based system that combines geographic
and/or cartographic analysis capabilities with a computer data base system that can support data
2 of 7
07/10/96 13:06.27
-------�
http://www.epa.gov/docs/inrij3olman/glossary.txthtml
entry, data management, data manipulation and data display capabilities.
34. Hardware - Physical equipment such as the computer and its related peripheral devices, tape
drives, disk drives, printers, etc.
35. Highly Sensitive Information - Information whose loss wold seriously affect the agency's ability to
function, threaten the national security or jeopardize human life and welfare. Specifically,
information of this type includes National Security Information, information critical to the
performance of a primary agency mission, information that is life critical and financial information
related to check issuance, funds transfer and similar asset accounting/control functions.
36. Host Computer - Central computer to which computers or other input/output devices are
connected in a distributed data processing environment.
37. Information - Any communication or reception of knowledge such as facts, data or opinions,
including numerical, graphic or narrative forms, whether oral or maintained in any medium,
including computerized data bases, paper, microform or magnetic tape.
38. Information Collection Budget (ICB) - An annual submission to the Office of Management and
Budget (OMB) of burden on the public related to information that Federal agencies propose to
collect from non-Federal sources during a fiscal year. ("Burden" includes, but is not limited to, the
estimated time required to read instructions and generate, review, report and keep records on
information in response to Federal requests or requirements.) The ICB is similar to EPA's fiscal
budget except that it deals in burden hours rather than dollars and is not submitted to Congress.
39. Information Management - The processes necessary for the creation, use and disposal of
information regardless of the media on which it is recorded.
40. Information Processing - To cop, exchange, read, combine mathmetically or logically, record,
store, transmit or write information from one medium or format to another.
41. Information Resources Management (IRM) - The planning, budgeting, organizing, directing,
training and controls associated with information. The term encompasses both information itself
and related resources such as personnel, equipment, funds and technology.
42. IRM Steering Committee - At EPA this group is chaired by the Director, Office of Information
Resources Management (OIRM) and has members representing EPA national and Regional
programs, the EPA research community and the States. The Committee is responsible for advising
OIRM concerning IRM policies, resources and priorities and assisting OIRM in communicating
and implementing these policies and priorities within EPA. The Committee assists OIRM in
conducting periodic reviews of the Agency's information resources and the policies and programs
for managing these resources and in designing improvements where needed.
43. Information Security - This term encompasses three different types of security: applications
security, installation security and personnel security. In total, information security involves the
precautions taken to protect the confidentiality, integrity and availability of information.
44. Information System - The organized collection, processing, transmission and dissemination of
information in accordance with defined procedures, whether automated or manual.
45. Information Systems Inventory (ISI) - A collection of descriptive data regarding the Agency's
automated and manual information systems. The data base for EPA's ISI resides on an IBM PC/AT
and provides for the retrieval of over 500 manual and automated information systems and
applications which have been identified by administrative and program offices.
46. Information Technology - The hardware and software used in connection with government
information, regardless of the technology involved, whether computers, telecommunications,
micrographics or others.
47. Installation - The physical location of one or more information systems, whether automated or
manual. An automated installation consists of one or more computer or office automation systems,
including related peripheral and storage units, central processing units, telecommunications and
operating and support system software. Automated installations may range in size from large
centralized computer centers to stand-alone personal computers.
3 of 7
07/10/96 13:06:36
-------�
http://www.epa.gov/docs/inn_polman/glossary.txt.htiTil
48. Installation Security - The use of locks, badges and similar measures to control access to the
installation and the measures required for the protection of the structure housing the installation
from accident, fire and environmental hazards. In addition to the above physical security measures,
installation security also involves ensuring continuity of operations through disaster planning.
49. Life Cycle - The complete time span of a system from the origin of the idea that leads to the
creation of the system to the end of its useful life.
50. Life Cycle Costs - The sum total of all the direct, indirect, recurring, nonrecurring and other
related costs incurred or predicted to be incurred in the formulation of requirements and feasibility
studies, and in the design, development, production, operation, maintenance and support of an
information system throughout its useful life.
51. Mainframe - This term connotes a large computer.
52. Maintenance of Records - This term refers to the grouping, filing, storing and safeguarding of
business records.
53. Major Information System - An information system that requires special continuing management
attention because of its importance to an agency mission; its high development, operating or
maintenance costs; or its significant impact on administration of agency programs, finances,
property or other resources. In this context, high development, operating or maintenance cost
means either (1) the cost of initial development from conception through implementation exceeds
one million dollars or (2) the cost of operating and maintaining the system in any fiscal year
exceeds 500 thousand dollars.
54. Management Information System (MIS) - A computer-based or manual information system having
applications in support of management activities.
55 Microcomputer - One of a large variety of general purpose computers manufactured utilizing one
or more microprocessors. Microcomputers can range from computers with relatively small amounts
of memory to computers with large amounts of random access memory and several peripheral
devices. Typically, an end-user microcomputer is of desktop size and requires no special
environmental site preparation.
56. Microfilm - High resolution film containing an image or images greatly reduced in size from the
original that is recorded on the film.
57. Microfiche - A sheet of film containing multiple microimages in a grid pattern. It usually contains a
heading or title which can be read without magnification.
58. Microform - Any form containing microimages.
59. Micrographics - The science and technology of document and information microfilming and
associated microform systems including microfilm, microfiche and microimages.
60. Minicomputer - A computer somewhere in size between a microcomputer and a mainframe. These
units are characterized by higher performance than microcomputers, richer instruction sets, higher
price and a proliferation of high-level languages, operating systems and networking methodologies.
61. Mission-based Planning - The process of planning for an agency's investments in and management
of information resources and technology that are required to achieve the agency's missions and
priorities. At EPA all national program managers and Regional offices are responsible for
developing mission-based plans for their respective organizations. Mission-based plans are tied to
the budget process and are used to support investment decisions made during the budget
preparation process. These plans are strategic or long range in scope but are updated annually to
reflect progress in implementation, program changes, changes that affect information requirements
and advancements in technology.
62. National Security Information - Information that is classified as "Top Secret," "Secret" or
"Confidential" under Executive Order 12356 or predecessor orders.
63. Network - Computer system using data communications equipment to connect two or more
computers.
64. Non-procedural Language - See definition for Fourth Generation (4GL) Language.
07/10/96 13:06:45
-------�
http://www.epa.gov/docs/irm_polman/glossary.txthtml
65. Official Record File - Used in the context of records management, this term refers to
documentation including all background material resulting from specific transactions, operations or
processes which are accumulated and maintained in files equipment. They may include any media
such as film, microfilm, cards, papers and magnetic tapes and disks.
66. Operating System - Software that controls and supports the execution o computer programs and
contributes to optimal use of the computing system. An operating system may provide services
such as resource allocation, scheduling, input/output control, error recovery and data management.
Although operating systems are predominantly software, partial or complete firmware
implementations are possible.
67. Permanent Records - Records of continuing value which are considered to be so important or
unique in documenting the history of the Agency or for informational content that they should be
preserved "forever" as part of the National Archives of the United States.
68. Personal Computer - Microcomputer used by individuals for various personal uses in the home or
office.
69. Procedural or High Order Language - See definition for Third Generation Language (3GL).
70. Program - Step-by-step set of instructions that directs the computer to perform certain operations.
71. Program Records - Records created, received and maintained by an agency in the conduct of the
mission functions for which it is responsible. The term is used in contrast with administrative or
facilitative records.
72. Proprietary - Any item, usually commercial software or a specialized data base, for which the
Government or public does not have unlimited rights.
73. Privacy - The right of an individual to control the collection, storage and dissemination of
information about himself/herself to avoid the potential for substantial harm, embarassment,
inconvenience or unfairness.
74. Records - In records management parlance, this term refers to recorded information of continuing
administrative, fiscal, legal, historical or informational value, including published materials, papers,
maps, photographs, microfilm, audiovisual, machine-readable materials (ADP tapes/disks) or other
documentary material, regardless of physical form or characteristics, made or received by the
agency that evidences organization, functions, policies, decisions, procedures, operations or other
activities of the Government.
75. Records Control Schedules - This term refers to the list of scheduled reviews of agency records to
determine their disposition.
76. Records Management - This term describes the management of the media on which information is
recorded and the control of all the agency's program and administrative records.
77. Records Management Officer - The title of the designated staff officials whose responsibilities are
to assist the operating Agency Records Management Officer by carrying out the policies of the
records management program in their respective organizational units.
78. Risk Analysis - A means of measuring and assessing the relative vulnerabilities and threats to a
collection of sensitive data and the people, systems and installations involved in storing and
processing that data. Its purpose is to determine how security measures can be effectively applied
to minimize potential loss. Risk analyses may vary from an informal, quantitative review of a
microcomputer installation to a formal review of a major computer center.
79. Semi-active Records - This term refers to records worthy of preservation, that have long term
permanent value and will be retired from expensive office space and equipment to the area Federal
Records Center for storing, servicing and ultimate disposition in accordance with Agency Records
Control Schedules.
80. Senior Information Management Official (SIRMO) - At EPA this term has been used to designate
those individuals who are responsible for directing and managing information resources planning
and budgeting and for assuring that the information systems and information technology
acquisitions within their organizations comply with Federal and EPA policies and regulations.
5 of 7
07/10/96 13:06:54
-------�
http://VAVW.epa.gov/docs/irm_polman/glossary.txt.html
81. Sensitive Application Systems - Systems that process sensitive information and require protection
because or the loss or harm which could result from the improper operation or deliberate
manipulation of the application itself. Automated decision-making application systems are highly
sensitive if the wrong decision could cause serious loss.
82. Sensitive Information - Information that requires protection due to the risk and magnitude of loss
or harm that could result from inadvertent or deliberate disclosure, alteration or destruction of the
information.
83. Service Level Agreement - A Service Level Agreement is a documented contract between the
National Data Processing Division (NDPD) and any client organization which describes the
services which will be provided by NDPD to the client. There are two types of Service Level
Agreements. One is a generic documented service description which applies to all with an
individual client organization. The latter is developed primarily where the level of service requested
is beyond the normal service levels contained in the generic service agreement. Service Level
Agreements generally contain a description of availability, capacity, workload, performance,
reliability and cost.
84. Software - Computer programs, procedures, rules and associated documentation pertaining to the
operation of a computer system.
85. Software Engineering - This term refers to the discipline of applying software tools, techniques
and methodologies to promote software quality and productivity.
86. Software Life Cycle - The period of time beginning when a software product is conceived and
ending when the product no longer performs the function, for which it was designed. The software
life cycle is typically broken into phases such as requirements, design, programming and testing,
installation and operation and maintenance.
87. Software Maintenance - The performance of those activities required to keep a software system
operational and responsive after it is accepted and placed into operation. It is the set of activities
which result in changes to the originally accepted (baseline) product. These changes consist of
modifications required to: (1) insert, delete, extend and enhance the baseline system (performance
maintenance); (2) adapt the system to changes in the processing environment (adaptive
maintenance); and (3) fix errors (corrective maintenance).
88. Software Tools - This term refers to packaged, often commercial computer program(s) used to
help develop, test, analyze or maintain computer programs, data and information systems.
Examples include statistical software such as SAS, SPSS, sort systems, etc.
89. System - The organized set of procedures used to collect, process and array information whether
automated or manual.
90. Telecommunications - The transmission and/or reception of information by telephone, telephone
lines, telegraph, radio or other methods of communication over a distance. The information may be
in the form of voice, pictures, text and/or encoded data.
91 Telecommunications Network - An interconnected set of locations or devices linked by
communications facilities, including telephone lines and microwave and satellite connections.
92. Temporary Records - Records created incidental to performance of the mission of the agency and
considered to be of short term value.
93. Testing - This term refers to the examination of the behavior of a program by executing the
program on sample data sets.
94 . Third Generation (3GL) Programming Language - A programming language that usually includes
features such as nested expressions and parameter passing, that can run on a variety of different
computer systems and are independent of machine architecture (e.g., COBOL, BASIC,
FORTRAN, PL/1). It is a problem oriented language that facilitates the expression of a procedure
as an explicit algorithm. In contrast to fourth generation programming language, third generation
programming language is normally independent of a data base management system and is
transportable between different computer architectures.
07/10/96 13:07:02
-------�
http://www.epa.gov/docs/irm_polnian/glossary.txt.html
95. Threshold - A point, usually expressed in dollars, above which specific actions are required. For
instance, a solesource procurement of data processing equipment having an estimated value below
the $250,000 threshold does not require a delegation of procurement authority from the General
Services Administration, while a procurement above that threshold does require a delegation.
96. Timeshare - This procedure allows many users to access and use simultaneously the resources of a
central computer through remote terminals. Access privileges are usually purchased by (or charged
back to) the user, based on a formula of various unit prices. The chargeback formula may include
charges for use of the computer's central processing unit, adding or altering data on a computer
storage disk, computer tape handling and storage and the amount of time a user has interacted with
the computer (connect time). Other items may be included in the chargeback formula which are
inherent in delivering the computer services to the user.
97. Triennial Review - This review is a government-wide three-year planning and reporting cycle set
forth to meet the requirements established by the Paperwork Reduction Act of 1980. Agencies are
required to perform reviews of their information resources management activities and prepare
synopses and updates of these reviews to GSA on a yearly basis for a three-year duration. The
objective of the Triennial Review Program is to ensure that agencies are carrying out their
information management activities in an efficient manner. In EPA OIRM is responsible for
managing the review process with input from the program offices.
98 Vital Records - Records essential to the continued operation of the Agency and to the preservation
of the legal rights and interests of employees and individual citizens, in wartime and disaster.
99 Voice Communications - The transmission and switching of voice traffic by public and private
facilities. The public-switched network is an example of a public facility; private branch exchanges
(PBX) and private voice lines exemplify private facilities.
100. Word Processing - Computer-based system for inputting, editing, storing and printing of
documents.
07/10/96 13:07:11
-------�
List of IRM Documents in EPAAR 1552.210.-79
http://www.epa.gov/docs/epaar/epaartsttxLhtml
making Docket Manual
2182 EPA System Design
easurement Results
Set of Data
LIST OF IRM DOCUMENTS AS SET FORTH IN EPAAR 1552.210-79 effective as of October, 1995
EPA Acquisition Regulation
PART 1522.210-79
(b) IRM Policies, Data Standards, and Procedural |s, standards, and procedures are
currently set forth in the Directives noted belo
(1) Agency Directives.
2100 Information Resources ManagemefflBffificy Man
2160 Records Management Manual 2J®Eg|perations
and Development Guidance 2190 PqSlffict Mani
2180.1 EPA Order - Chemical AbsgffipServices Rei
2180.2 EPA Order - Data Standjaftaitf the Electn
2180.3 EPA Order - Facility Ickra^tion Standari
Elements for Groundwater
(2) National Data Processing
NDPD Operational Directives Manual. This document contains procedural information about the
operation of the Agency's computing and telecommunications services.
EPA Hardware and Software Standards~T^Me ^anda^l^avl^win'MaBl's^iQ^o ensure that the
Agency's information technology components integrate properly into its technological infrastructure.
(d) Distribution.
Hardcopy distribution: Documents listed in Section (1) above may be obtained from:
U.S. Environmental Protection Agency Printing Services and Mail Management Branch Mail Code: 3204
401 M Street, S.W.
Washington, DC 20460
Phone: (202) 260-5797
Electronic distribution: All documents listed under (1) and (2) are also available on the EPA Public
Access Server (where this listing is located) under EPA Initiatives, Policy and Strategy Documents/IRM
Policies, Standards and Guidance.
1 of 1
07/10/96 13:22:50
-------�
MetaRecord for IRM Policy Manual
http://www.epa.gov/docs/irm_polman/polmnmtd.trt.html
1. TITLE. Information Resources Management Policy Manual
2. IDENTIFICATION NUMBER: EPA Directive Number 2100
3. ABSTRACT: This manual establishes a policy framework for the Information Resources
Management (IRM) Program in the U.S. Environemntal Protection Agency (EPA). The manual
encompasses both information itself and related resources such as personnel, equipment, funds and
technology. This document conveys the authorities and responsibilities under which the IRM
Program will function at EPA. The manual is limited to the IRM policy domain in order to provide
the promary documents in a concise and consolidated manner. Detailed procedures and operationg
guidelines such as the EPA Freedom of Information Act, Privacy Act, and Records Management
Manual are issued separately. This manual applices to all EPA organizations and their employees. It
also applices to the facilities and personnel of agents (including State agencies, contractors and
grantees) of the EPA who are involved in IRM related activities.
Contents of the manual are as follows:
CHAPTERS
~ IRM Management Controls/Review and Approval
~ Mission-Based Planning
~ State/EPA Data Management
~ Software Management
~ Data Standards
~ ADP Resources Management
~ Voice Communications
~ Information Security
~ Information Collection
~ Records Management
~ Privacy
~ Libray Services
~ Locational Data
~ EPA Rulemaking Docket
~ Electronic Office Equipment Access for the Disabled
~ EPA Internal Electronic Signatures Policy
~ System Life Cycle Management
~ Acquisition of Frderal Information Processing Resources
~ Information and Data Management
APPENDICES
~ Glossary
~ Primary IRM Laws and Regulations
~ PURPOSE: Establishes a framework for the Information Resources Management (IRM) Program
in the EPA.
~ ORIGINATOR:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
~ PUBLICATION DATE: Manual was last updated on July 24, 1995.
~ ACCESS CONSTRAINTS: N/A.
~ Availability: Copies of the manual may be obtained by contacting:
1 of 2
07/10/96 13:27:42
-------�
MetaRecord for IRM Policy Manual
http://www.epa.gov/docs/irm _polman/polmnmtd.txt.html
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone: (202)260-5797
9. COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE: The manual is current.
11 POINT OF CONTACT FOR FURTHER INFORMAITON:
U.S. Environmental Protection Agency
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
401 M Street, S.W., Washington, DC 20460
12. CATALOGUING SOURCE:
Suzanne Annand
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
13. DATE OF CREATION: 7/24/95
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
15. AGENCY SUPPLEMENTAL INFORMATION: None.
2 of 2
07/10/96 13:27:51
-------�
http://www.epa.gov/docs/irm_unifdocket/unifdmtd.txt.html
1. TITLE: EPA ORDER - UNIFORM RULEMAKING DOCKET
2. IDENTIFICATION NUMBER: EPA Directive Number 2140
3. ABSTRACT: This guidance manual addresses Agency-wide policy issues that pertain to EPA
dockets. Most of the information defines the general legal framework in which the dockets operate.
Procedures and requirements specific to a program or statute are not addressed in this document.
The final section of the manual summarizes Agency records management practices that relate to
material contained in the public docket.
4. PURPOSE: The Uniform Rulemaking Docket Manual provides a working tool for improved
coordination of EPA dockets to facilitate better information service. The Manual provides guidance
to promote improved integrity and consistency of dockets as well as improved user access and
understanding of docket procedures. In addition, this guidance serves to document Agency-wide
docket policy and procedure. The manual is intended for the public as well as EPA staff. For the
public, this document helps to assure comprehensive, convenient public access to regulatory
information. For EPA staff, the manual is a tool to assist in managing and developing dockets.
5. ORIGINATOR:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
6. PUBLICATION DATE: April 20, 1993
7. ACCESS CONSTRAINTS: N/A.
8. Availability: Hardcopies of the manual may be obtained by contacting:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone: (202)260-5797
9. COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE: The manual is current.
11. POINT OF CONTACT FOR FURTHER INFORMATION:
Office of Information Resources Management
Information Management and Services Division Information Management Branch
Mail Code 3404
12. CATALOGUING SOURCE:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
13. DATE OF CREATION: 8/31/94
1 of 2
07/10/96 13:30:16
-------�
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
15. AGENCY SUPPLEMENTAL INFORMATION: None
http://www.epa. gov/docs/irm_unifdocket/unifdmtd.txt html
07/10/96 13:30:22
-------�
MetaRecord for Records Management Manual
http://www.epa.gov/docs/recmgmt/recmgmttxthtml
1. TITLE: RECORDS MANAGEMENT MANUAL
2. IDENTIFICATION NUMBER: EPA Directive Number 2160
3. ABSTRACT: This Manual prescribes objectives, responsibilities, and procedures for the conduct
of the Agency's records/information management program.
4. PURPOSE: This purpose of this Manual is to ensure that records created or acquired by an official
or employee of the Agency in the course of conducting Government business are managed and
maintained in accordance with Federal regulations and Agency-specific policy and procedures.
5. ORIGINATOR:
Office of Information Resources Management Information Management and Services Division
Information Access Branch
Mail Code 3404
6. PUBLICATION DATE: Last Update, July 13, 1984. The manual is currently under revision on several
chapters.
7. ACCESS CONSTRAINTS: N/A.
8. Availability: Hardcopies of the Manual may be obtained by contacting:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone:(202)260-5797
9. COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE. The Manual is current but several chapters are being revised.
Contact the EPA Records Officer at the address below for the most up-to-date information.
11. POINT OF CONTACT FOR FURTHER INFORMATION:
Records Officer
Office of Information Resources Management Information Management and Services Division
Information Access Branch
Mail Code 3404
401 M Street, S.W.,
Washington, DC 20460
12. CATALOGUING SOURCE:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
13. DATE OF CREATION: 10/24/95
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
1 of 2
07/11/96 10:35:12
-------�
MetaRecord for Records Management Manual — - http://www.epa.gov/docs/recmgmt/recmgmttxthtml
15. AGENCY SUPPLEMENTAL INFORMATION: Note: Very few of the graphics, tables and
examples of forms are available in this electronic version.
2 of 2
07/11/96 10:35:18
-------�
http://www.epa.gov/docs/irm_privacyact/privmtd.txthtml
1. TITLE: PRIVACY ACT MANUAL
2. IDENTIFICATION NUMBER: EPA Directive Number 2190
3. ABSTRACT. The Privacy Act Manual sets forth the policy and procedures to ensure that EPA 1)
safeguards personal privacy in its collection, maintenance, use and dissemination of information
about individuals and 2) makes such information available to the individual in accordance with the
requirements of the Privacy Act.
4. PURPOSE: This Manual establishes policy and procedures for protecting the privacy of
individuals who are identified in the EPA information systems and informs Agency employees and
officials of their rights and responsibilities under the Privacy Act (5. U.S.C. 552a).
5. ORIGINATOR:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
6. PUBLICATION DATE: January 28, 1986
7. ACCESS CONSTRAINTS: N/A.
8. AVAILABILITY: Hardcopies of the manual may be obtained by contacting:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone: (202)260-5797
9. COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE: The manual is current.
11. POINT OF CONTACT FOR FURTHER INFORMATION:
U. S. Environmental Protection Agency
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
401 M Street, SW
Washington; D C. 20460
12. CATALOGUING SOURCE:
Suzanne Annand
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
13. DATE OF CREATION: 9/26/94
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
1 of 2
07/10/96 13:33:10
-------�
http://www.epa.gov/docs/irm _privacyact/pnvmtd.txthtml
15. AGENCY SUPPLEMENTAL INFORMATION: None.
07/10/96 13:33:16
-------�
http://www.epa.gov/docs/irm_casstandard/ca8smtd.txt.htinl
1. TITLE: EPA ORDER - CHEMICAL ABSTRACT SERVICE REGISTRY NUMBER DATA
STANDARD
2. IDENTIFICATION NUMBER: EPA Directive Number 2180.1
3. ABSTRACT: This Order establishes the policy and responsibilities related to the use of registry
data, specifically the Registry Number, from the Chemical Abstracts Service (CAS) Division of the
American Chemical Society in automated information systems containing data/information on
specific, definable chemical substances. This standard applies to all EPA organizations and their
employees as well as the facilities and personnel of agents of EPA who design, develop, operate or
maintain Agency information and information systems having to do with specific, definable
chemical substances.
4. PURPOSE: This Order communicates EPA's policy in regards to the use of registry data to EPA
staff and agents of the agency, to ensure compliance with this EPA data standard.
5. ORIGINATOR:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
6. PUBLICATION DATE: June 26, 1987
7. ACCESS CONSTRAINTS: N/A.
8. Availability: Hardcopies of the Order may be obtained by contacting:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone:(202)260-5797
9. COVERAGE. N/A.
10. TIME PERIOD OF COVERAGE: The Order is current.
11. POINT OF CONTACT FOR FURTHER INFORMATION:
U. S. EPA
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
401 M Street, SW
Washington, D C. 20460
12. CATALOGUING SOURCE:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
1 of 2
07/10/96 13:25:50
-------�
http://www.epa.gov/docs/irm_casstandard/cassmtd.txt.html
13. DATE OF CREATION: 9/25/94
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
15. AGENCY SUPPLEMENTAL INFORMATION: None.
2 of 2
07/10/96 13:25:56
-------�
http://www.epa.gov/docs/irmJabmeas/labmmtd.txthtiTil
1. TITLE: EPA ORDER - DATA STANDARDS FOR THE ELECTRONIC TRANSMISSION OF
LABORATORY MEASUREMENT RESULTS
2. IDENTIFICATION NUMBER: EPA Directive Number 2180.2
3. ABSTRACT: This Order applies to laboratories that supply measurement data for Agency,
Regional or program office decisions.
4. PURPOSE: The purpose of this Order is to issue standards for the electronic transmission of
environmental measurement results from laboratories to EPA programs. These standards will
provide a consistent definition of laboratory data and will facilitate cross-media use of laboratory
data.
5. ORIGINATOR.
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
6. PUBLICATION DATE: December 10,1987
7. ACCESS CONSTRAINTS: N/A.
8. Availability: Hardcopies of the manual may be obtained by contacting:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone.(202)260-5797
9. COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE: The manual is current.
11. POINT OF CONTACT FOR FURTHER INFORMATION:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
12. CATALOGUING SOURCE:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
13. DATE OF CREATION: 1/25/95
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
15. AGENCY SUPPLEMENTAL INFORMATION: None.
1 of 1
07/10/96 13:36:20
-------�
MetaRecord for ETSD Operational Directives
http://www.epa.gov/docs/etsdop/etsdmtd.txt.html
1. TITLE: Enterprise Technology and Services Division (ETSD) Operational Directives Manual
(ETSD was formerly known as the National Data Processing Division NDPD. The document is
often referred throughout as the NDPD Operational Directives)
2. IDENTIFICATION NUMBER: N/A
3. ABSTRACT: This manual contains the management, operational telecommunications and
National Environmental Supercomputing Center (NESC) directives applicable to all EPA and
contractor staff personnel who manage the operation of ETSD computer systems, who operate
systems controlled by ETSD, or who use computing resources provided by ETSD.
4. PURPOSE: This manual establishes a framework for defining and publishing senior management
direction related to the operation of Agency timesharing resources under the jurisdiction of the
Enterprise Technology and Services Division (ETSD).
5. ORIGINATOR:
U.S. EPA
Office of Information Resources Management Enterprise Technology and Services Division (ETSD)
Research Triangle Park, NC 27711
6. PUBLICATION DATE: Individual directives are updated as needed.
7. ACCESS CONSTRAINTS: N/A.
8. AVAILABILITY: 1) The NDPD Operational Directives Manual is included in the EPADOC
CD-ROM. Copies are available from:
Government Printing Office
Superintendent of Documents
Washington, D.C. 20402-9325
Phone: 202-512-1800
Credit cards are accepted by the Government Printing Office.
2) In addition, the Manual is maintained on the EPA Public Access Server on the Internet under the IRM
Policy, Standards and Guidance section. The address is gopher.epa.gov or www.epa.gov - search under
the term 'IRM POLICY.
9 COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE: The Directives are current and are constantly updated.
11. POINT OF CONTACT FOR FURTHER INFORMATION:
U.S. EPA
Office of Information Resources
Management
Enterprise Technology and Services Division (NDPD) Research Triangle Park, NC 27711
12 CATALOGUING SOURCE:
1 of 2
07/10/96 13:14:10
-------�
MetaRecord for ETSD Operational Directives
http://www.epa.gov/docs/etsdop/etsdmtd.txt.html
Office of Information Resources Management Information Resources Management Policy and Evaluation
Division Mail Code 3404
13. DATE OF CREATION: April 5, 1996.
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
15. AGENCY SUPPLEMENTAL INFORMATION: None.
2 of 2
07/10/96 13:14:16
-------�
http://www.epa.gov/docs/irmJdp/madmeta.txthtnril
TITLE: EPA Method, Accuracy, and Description Codes for Latitude and Longitude, Version 6.1
IDENTIFICATION NUMBER: None
ABSTRACT: On April 8, 1991 the Deputy Administrator signed the Agency's Locational Data Policy
(LDP), IRM Policy Manual 2100 Chapter 13, requiring geographic coordinates and associated method,
accuracy, and description codes (MAD) for all environmental measurements collected by EPA
employees, contractors and grantees (Appendix A.). A key premise of this policy is that secondary use of
these data in geographic information systems (GIS) and statistical mapping programs are significant to
the overall mission of the Agency. To facilitate the integration of data into these systems it is important
that coding of geographic coordinates and associated attributes be standardized.
PURPOSE: This document presents the information coding (MAD version 6.1) standards for 1) the nine
required fields and 2) nine additional recommended fields.
REQUIRED LOCATIONAL DATA FIELDS
1. Latitude
2. Longitude
3. Method of collection
4. Accuracy value & unit
5. Description category
6. Vertical Measure
7. Horizontal Datum
8. Source Scale
9. Point-Line-Area
RECOMMENDED/OPTIONAL LOCATIONAL DATA FIELDS
1. Date of collection
2. Source
3. Description Comments
4. Vertical Measure Method of Collection
5. Vertical Measure Accuracy
6. Vertical Datum
7. Verification
8. Data-Point-Sequence
9. Description-Sequence
ORIGINATOR: Office of Information Resources Management Program Systems Division, 3405R
Washington, D C. 20460
PUBLICATION DATE: November 7, 1994
ACCESS CONSTRAINTS. None
AVAILABILITY.
A. DISTRIBUTOR: Dave Catlin
1 of 2
07/11/9610:41:26
-------�
http://www.epa.gov/docs/irm_ldp/madmeta.txthtml
Program Systems Division, 3405R
401 M. St. S.W.
Washington, D.C. 20460
B. ORDER PROCESS: If for some reason you can not obtain electronically contact Dave Catlin - (703)
235-5575.
C. TECHNICAL PREREQUISITES: To be used as metadata for latitudes and longitudes.
D. AUTOMATED LINKAGE: Also available through the EPA VABS. Use the Information Services
Icon
COVERAGE: None
TIME PERIOD COVERAGE: Will be updated periodically. Time period is unknown at present, perhaps
every six months to a year.
POINT OF CONTACT: Office of Information Services Program Systems Division, 3405RDave Catlin
401 M St. S.W.
Washington D.C. 20460
CATALOGUING SOURCE: Office of Information Services
Program Systems Division, 3405R
Dave Catlin
401 M St. S.W.
Washington D.C. 20460
ELEMENTS FOR INFORMATION SOURCES:
A. AGENCY PROGRAM: MAD Codes are to be untilized as documentation for lat/longs collected to
support all programs.
B. SOURCES OF DATA: MAD codes were developed by the Locational Data Policy Work Group. This
group is associated with the GIS Regional Work Group. The National Geodetic Survey, USGS, and
other EPA elements have assisted in their development.
AGENCY SUPPLEMENTAL INFORMATION: Locational Data Policy Implementation Guidance -
Guide to the Policy, March 1992
2 of 2
07/11/96 10.41:31
-------�
http://www.epa.gov/docs/irm_gwstnd/ordernitd.txthtml
1. TITLE: EPA ORDER - DEFINITIONS FOR MINIMUM SET OF DATA ELEMENTS (MSDE)
FOR GROUND WATER QUALITY
2. IDENTIFICATION NUMBER: EPA Directive Number 7500.1A
3. ABSTRACT: This policy statement establishes the minimum set of data elements for ground water
quality (MSDE) to be collected and managed by the Environmental Protection Agency (EPA)
ground water collection activities.
4. PURPOSE: The underlying purpose of the MSDE is to more efficiently manage and share data
within the ground water community, including States, local governments, the regulated community,
EPA, and other Federal agencies. This policy applies to all groundwater data collection activities
directly carried out by EPA staff and its contractors including those involved in research and
development and enforcement activities.
5. ORIGINATOR:
Office of Water
Mail Code 4602
6. PUBLICATION DATE: July 1992
7 ACCESS CONSTRAINTS: N/A.
8. Availability: Hardcopies of the manual may be obtained by contacting:
U.S. Environmental Protection Agency
Office of Administration
Facilities Management and Services Division Distribution Section
401 M Street, S.W., Washington, DC 20460 Mail Code: 3204
Phone:(202)260-5797
9. COVERAGE: N/A.
10. TIME PERIOD OF COVERAGE: The Order is current.
11. POINT OF CONTACT FOR FURTHER INFORMATION.
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
12. CATALOGUING SOURCE:
Office of Information Resources Management Information Management and Services Division
Information Management Branch
Mail Code 3404
13. DATE OF CREATION: 11/9/94
14. ELEMENTS FOR INFORMATION SYSTEMS: N/A.
15. AGENCY SUPPLEMENTAL INFORMATION: None.
1 of 1
07/11/96 10:32:07
-------�
Quality Assurance (QA) for
Information Management
(IM)
Purpose of QA for IM workshop
- Linda Kirkland (QAD)
An overview of current QA for IM guidance
A QA manager's perspective -
Environmental Monitoring and Assessment
Program
gilt?:.
-------�
AMERICAN NATIONAL
STANDARD ,
¦ ¦ ¦
ANSI/ASQC E4-1994 [
Adds Documents and Records to Quality
Systems for Environmental Data Collection
and Environmental Technology Programs
Adds Computer Hardware and Software to
Quality Systems for Environmental Data
Collection and Environmental Technology
Programs
-------�
I:
iliiiili!
!•
WmBmm::
jlllllgil
r
IB :;:i
Sufficient records to reflect required quality
achieved shall be maintained and retrievable
Specifications for establishing procedures to
control quality documentation and records
including approval and retention schedules
Records shall be protected from damage,
loss and deterioration
• v>
'£
-------�
i
m
wm^m.
m
- - - --Z-
, // ¦ //.'/ /=•/ o / z. Z- =:::
i a
Wsmwi
'mm
Policies should be established for
availability and access for printed and
electronic media
Documents may include QMPs, QAPPs,
workplans, SOPs, designs, & data sheets
Records may include assessments, QC data,
sampling & analytical data, calculations &
usability results
¦¦¦•.¦¦..¦ .. ¦ ¦:•:¦ .
11
n
s
-------�
Software & hardware/software
configurations shall be installed, tested,
used, maintained, controlled, and
documented to meet user requirements
Software & hardware/software
configurations shall conform to E4 and all
applicable consensus standards and/or data
management criteria
-------�
siilt
!pl:5
mm
Mfli
w;
fli
1 -
MaBj
Mi
Hardware & software configurations shall
be tested prior to use and the results
documented and maintained
Changes to hardware/software
configurations shall be assessed for impact
and, if changes are made, retested and re-
documented
-------�
Acceptance criteria should be established
for commercially acquired software
Custom software should be developed using
an approved software development
methodology and be independently
validated, verified and documented
according to the intended use
-------�
' ='= /
iililiitl
iwwm
X. -
eii i - i wmmmmmmmrnrntm
mm
ill!
£:•: =¦:• •:•:¦:•
Includes specifications for describing
processes for identifying, approving,
handling, preserving and accessing quality-
relate documentation and records
Includes a discussion of roles and
responsibilites for management and staff
,Sf«
ISwlg:. : :x
-------�
«¦
ilii
grappa
mmmm
Wmm
¦ m ¦¦ \
=
4
Interim QMP Requirements
niii
wmmm
W&Mm
iS2
ll
111
Includes specifications for describing
processes for ensuring hardware & software
meet program requirements including
purchased software
Includes specifications for describing the
process for ensuring data and information
produced meet applicable information
resource management requirements
Wwwim
-------�
These descriptions shall include the roles
and responsibilities assigned to management
and staff
Computer programs include designs,
models for environmental processes and
conditions, operation and process control,
data bases & document control registers
-------�
| ;
§ -
-'V
I
\Y.Y/S.Yr
W>M%
mam
mm
}::x:::x::::;-
1 ' ¦
m&
3«3g
flit
Willi!
pliilllir
mmmm.
I
FPA OA/R-S
V^r\-/ av
MSB
= / //$$$&
S8S
S
HH
iillpiiilili
Includes specifications to describe:
— the pro] ect data management scheme from data
generation to final use or storage;
- procedures to process, compile and analyze the
data;
- hardware/software requirements and procedures
to demonstrate acceptability; &
— control mechanisms for preventing data loss.
m
-------�
gaiiiilllli
-------�
Information Management * > QA
Systems
Development
Life
Cycle
Continuous
Improvement
POC Development Life Cycle
Planning
Quality Assurance Management
r~
t V
• \ Second Order Users
Analysis \
b poc _
' Workshops ^
j x
on;
Quality
Assurance
DQOs
DQA -
Construction
I
First Order Users • Resource Groups
Procedures
DQA Reports
\
QA/IM Policy
QA/IM Standards
DQA Procedures
Metadata
IM Architecture
Data Quality and Integrity
— rnmam
QMP
\
Policy
Development
~t
Procedures
Development
t
Evaluation
I
EMAP Quality
System
Development
-------�
COMPUTER
SYSTEMS SECURITY
AT EPA
Robert LeVine, ETSD
919-541-7924
levine.rob@epamail.epa.gov
SECURITY PROGRAM
GOALS
EPA SECURITY MANUAL-
EPA Directive 2195;
STANDARDS OF BEHAVIOR-
OIRM 6/25/96;
IRM POLICY MANUAL-
EPA Directive 2100, ch. 8
contact:
Don McGinnis, OIRM
202/260-5914
M Integrity
Confidentiality
Prevent Information Corruption ;
Computer Security
Organization at EPA
EPA
Security Prognm
ETSO/NCC Security
EPA Information Security Officers (ISO)
Assigned to each Region and Program Office
¦
USER SECURITY
i All policy references place ultimate
security responsibility on the user
and data owner
i PC Security Directive 270.04
i Standards of Behavior Document
i Local Procedures are Needed
¦ EPA has Standard VIRUS Protection
i Computer Emergency Response
.Team, (CERT).
HOW IMPORTANT IS
SERVER AND WORK-
STATION SECURITY?
' ETSD Security Topics
Layer Active Project Planning
j Internet
-------�
SECURITY OBJECTIVE
FOR SERVERS
DIRECTIVES, STANDARDS AND CONTROLS
t can Operating Systems, Procedures, and Management DO for Security?
\RE DIRECTIVES
HOW WELL ARE CONTROLS IMPLEMENTED?
ROLE AND RESPONSIBILITY OF@.1 1
COMPLIANCE
MONITORING AT EPA
¦ ETSD can provide services in security: We want to
expand the use of automated tools to collect data from
many systems and format report to one GUI
¦ Help solve outstanding issues: government oversight,
technical training for security contacts, security
resource issues
¦ ETSD is utilizing an Enterprise security product which
can interoperate on UNIX, VMS, NT, AND NOVELL (by
one GUI)
¦ ETSD is making the Enterprise Security Manager
(ESM) software available for free until we run ou^pf
8 „ * # » « m i* * » '
licenses
¦ ¦¦¦¦¦¦ ¦¦¦
EPA's ENTERPRISE
SECURITY MANAGEMENT
. SOFTWARE IS MANAGER & AGENT
. WE WANT TO INSTALL A SECURITY MANAGER TO
EVERY SECURITY ROLE
, AGENT INSTALLED ON MULTI-USER SYSTEMS
. MANAGER CAN RUN PERIODIC JOBS TO MANAGE
SECURITY COMPLIANCE FOR AN ENTIRE SITE
. AFTER MAKING INITIAL CORRECTIONS, THIS
PROCESS BECOMES EXCEPTION MONITORING
. MODEL: ETSD AND NCC WILL MANAGE ALL ITS
NATIONWIDE CENTRAL SUPPORT SERVERS (UNIX
AND NOVELL) FROM ONE PC GRAPHICAL
INTERFACE
ENTERPRISE
SECURITY
MANAGER
PRODUCT
DEMONSTRATION
WED. 8-9 AM
SERVER
-------�
Notes for the presentation by...
Wendy Blake-Coleman
-------�
United States
Environmental Protection
Agency
r/EFA Office Of Water
Quality Management Plan
Office Of Water
(4102)
EPA 800-R-95-001
June 1995
-------�
TABLE OF CONTENTS
Chapter 1 Introduction - 1_1
1.1 Purpose of Che Office of Water Quality Management Plan . . 1-1
1.2 Organization of the Office of Water Quality 1-2
Chapter 2 Quality Management Policy and Organization . 2-1
2.1 Introduction co EPA Quality Assurance Policy 2-1
2.2 Office of Water Quality Assurance Policy 2-2
2.3 Office of Water Mission and Organization 2-7
2.3.1 OW Mission 2-7
2.3.2 OW Organizational Structure 2-8
2.4 Office of Water Quality Assurance Organization and
Responsibilities of Quality Assurance Staff 2-8
2.4.1 OW Quality Assurance Organization- 2-8
2.4.2 Responsibilities of OW QA Staff 2-11
2.4.2.1 OW QA Manager 2-11
2.4.2.2 Senior Information Resources Management
Official 2-14
2.4.2.3 Records Officer . . . 2-16
2.4.2.4 Quality Assurance Officers 2-16
2.4.2.5 QA Coordinators . . .¦ 2-18
2.5 Responsibilities of Program Managers, Line Managers,
Supervisors, Project Officers and Work Assignment
Managers 2-19
2.5.1 Assistant Administrator/Deputy Assistant
Administrator . 2-19
2.5.2 Office Directors ¦ 2-19
2.5.3 Division Directors 2-20
2.5.4 Branch, Section Chiefs, and Work Unit Leaders . '2-20
2.5.5 Work Assignment Managers and Project Officers . 2-21
2.6 Responsibilities Outside of the EPA Headquarters
Structure 2-22
2.6.1 EPA Regional Offices 2-22
2.6.2 Delegated States, Tribal, Local, and Other
Governmental Bodies 2-24
2.7 Responsibilities for Assuring that Quality Assurance
.System is Communicated, Understood, and Implemented . . 2-24
Chapter 3 Definition"of Environmentally Related Data
and Scope of the Office of Water Quality
Management Plan 3-1
3.1 Definition Of Environmentally Related Data 3-1
3.2 Types of Data Collection Activities and Office of Water
Programs Covered by the Quality Management Plan 3-1
3.3 Office of Water Programs Covered by the Quality
Management Plan 3-3
i
-------�
TABLE OF CONTENTS
3.4 Functional Areas within Office of Water Programs Covered
by the Quality Management Plan 3-4
3.4.1 Development of Policies, Standards, Criteria,
Guidance or Regulations that Involve Data
Collection Activities 3-8
3.4.2 Development of Methods or Protocols 3-12
3.4.3 Analytical Method Validation 3-15
3.4.4 Monitoring 3-17
3.4.5 Laboratory Activities . 3-19
3.4.6 Data Assessments 3-20
3.4.7 Information Management 3-23
3.4.8 Permitting 3-26
3.4.9 Enforcement and Compliance 3-27
3.4.10 Research . 3-29
3.4.11 Procurement of Supplies and Services 3-31
3.4.12 Oversight 3-32
Chapter 4 Quality Assurance Practices and Tools . . . 4-1
4.1 Quality Management Plans 4-1.
4.2 Data Quality Objectives 4-2
4.3 Quality Assurance Project Plans 4-4
4.4 Standard Operating Procedures 4-8
Chapter 5 Quality Assurance Personnel Qualifications
and Training Policies 5-1
Chapter 6 Procurement Policies 6-3
6.1 Procurement of Items 6-3
6.2 Contracts 6-3
6. 3 Grants 6-6
6.4 Intergovernmental Agreements . . . 6-7
Chapter 7 Quality Documentation and Records Policy . . 7-1
7.1 Records Management Program 7-1
7.2 Quality • Documentation 1 7-2 .
7.2.1 Documentation of Projects 7-3
Chapter 8 Information Resources Management Policy . . 8-1
8 .1 Hardware and Software Standards 8-1
8.2 Information Management System Development and Operational
Standards 8-2
8.3 Data Standards 8-3
Chapter 9 Quality Planning Policy .... 9-1
9.1 Office-wide Planning 9-1
9.2 Program-Specific Planning 9-2
9.3 Project Level Planning 9-4
ii
-------�
TABLE OF CONTENTS
Chapter 10 Quality Implementation Policy 10-1
10" 1 Office-wide Policy 10-1
10.2 Program Implementation 10-1
10.3 Project Level Implementation '10-2
Chapter 11 Quality Assessment and Response Policy 11-1
11.1 Annual Review of the Quality Management Plan 11-1
11.2 Quality Assurance Annual Report and Workplan 11-1
11.3 Audits " 11-4
11.3.1 Management Systems Reviews 11-5
11.3.2 Technical Systems Audits 11-7
11.3.2.1 Audit Plan 11-8
11.3.2.2 Audit Implementation . . 11-9
11.3.2.3 Audit Reporting 11-9
11.3.2.4 Response Actions 11-10
11.3.3 Data Quality Assessments 11-11
11.4 Laboratory and Field Performance Evaluations 11-13
Chapter 12 Quality Improvement Policy 12-1
12.1 Office of Water-wide Reviews 12-1
12.2 Program Review 12-2
12.3 Project Reviews . 12-2
Appendix A -- Index of Quality Assurance Terms . . . . . A-l
Appendix B -- Glossary of Quality Assurance Terms .... B-l
Appendix C -- Acronyms B-l
Appendix D -- Office of Water Quality Assurance Staff . . D-l
Appendix E -- Office of Water Office and Program Mission
Statements E-l
Appendix F -- Preliminary Implementation Plan E-l
Appendix G -- List of Referenced Guidance Documents . . . E-l
iii
-------�
Off±ca of Wat or Quality Mana&omanc Plan
CiupCar 2
May 12. 1995
Pacra 2-10
Exhibit 3
Organizational Structure of QA in the Office of Water
Key
QAM . - Quality Assurance Manager —~ Direct Reporting Authority
QAO - Office Level Quality Assurance Officer
QAC - Oivision Level Quality Assurance Coordinator - -*¦ Informal Delegated Reporting u-ooi-sf
Authority
-------�
Off tea of Waear Quality Manaffamant Plan
Chapter 2
May 12, 1995
Paga 2-12
Exhibit 4
Office of Water QA Responsibility Matrix
Roto
Responsibflifes
Office of Water Quality Assurance Manager (QAM)
Coordinate all OW QA activities
Coordinate development ol OW QMP
Develop Office-wide QA policies ^nd procedures
Coordinate development of QAAftW
Oversee annual review process for all OW QA programs
Perform audits and MSRs
Serve as OW liaison to ORD/QAMS and interagency QA
workgroups
Senior Information Resources Management Official
(SIRMO)
Raise organizational awareness of the importance of IRM QA in
meeting OW mission needs
Oversee and review OW IRM activities and assist the OW QAM
with IRM aspects of the QAAWP
Review, approve, and monitor major system lifecycles, especially
those with cross-agency, State, local, tribal, and/or public access
implications
Serve as liaison to the OIRM
Develop and implement OW IRM policies and guidance to ensure
that information management supporting OWs and Agency's
mission is managed efficiently
Coordinate and monitor key IRM programs across the
organization, including records management, information security,
and information dissemination
Review IRM data requirements included in OW methods,
standards, and guidance to ensure consistency with IRM
requirements and conformity across programs
Review and approve contracts, grants, cooperative/interagency
agreements with IRM components
Office of Water Records Officer
Implement Agency and Federal Records Management regulations
and policies in OW
Coordinate all OW Records Management activities
Develop OW Records Management procedures
Seive as OW liaison to OIRM and other Agency workgroups
Quality Assurance Officers (QAOs)
Oversee QA activities within program office
Review and approve all QAPPs
Develop program-wide QA policies and guidance
Assist staff scientists and PMs with QA issues and implementation
Assist OW QAM in implementation of OW-wide QA
- Implement QA policies under the direction of the OW QAM
Contribute to QAARW
Coordinate interagency QA/QC concerns
Coordinate with RQAOs
Review and approve QA documents
Develop performance audit materials
Perform audits and' MSRs
Identify training needs
QA Coordinators (QACs)
Assist the QAO in implementation of OW-wide QA
Oversee day-to-day QA/QC activities within the division
Assist staff scientists and PMs with QA issues and implementation
-------�
Off 1cm of Mat or Quality Mmmpomazit Plan
Chapter- 2
Hay 12. 1995
P«g» 2-13
Exhibit 4
Office of Water QA Responsibility Matrix
Role
Reapagttfllles
Assistant Administrator (AAVDeputy Assistant
Administrator
Oversee implementation ol mandatory Agency QA requirements in
OW
Ensure OW QA plan implementation standards appear in QAM's
performance agreement
Ensure that all products meet customer, division, and Agency
quality requirements
Office Directors (ODs)
Oversee program office QA Program
Ensure OA as an identifiable activity within OW
Provide adequate resources to support QA program efforts
Ensure that all products meet customer, division, and Agency
quality requirements
Division. Directors
Oversee QA programs within {he division
Ensure QA planning is an identifiable activity within planning and
work plan documents
Provide adequate resources to accomplish Agency QA goals
Ensure that all products meet customer, division and Agency
quality requirements
Branch, Section Chiefs and Team Leaders
Ensure implementation of project-level QA requirements
Participate in the DQO process
Ensure that staff are appropriately trained to cany out QA/QC
responsibilities
Review and approve SOPs
Work Assignment Managers (WAMs) and Project Officers
(POs)
Ensure QA requirements in 40 CFR 30, 48 CFR 15 and the OW
QMP are met
Project or Program Staff
' Implement Agency QA requirements in projects
Develop and implement, with QAO, specialized project-level QA
.guidance
Implement QC and develop project-level SOPs
Information Resources Management (IRM) System
Manager
Incorporate Agency IRM and QA requirements into system design,
development, and operation
Perform data verification on OW databases
Assist SIRMO in evaluating and implementing hardware and
software changes and in maintaining IRM system security
Contractor
Prepare and implement QAPP
Assess and report data quality
-------�
offlcm of Vatmr Quality Manavammnt Plan
Chapet 3
May 12, 1995
Pagm 3-6
Exhibit 5
Summary of Office of Water Programs and Their Functions Involving QA Practices and Tools *
Office
Program
Development of Policies |
Development of Standards |
Development of Criteria |
Development of Guidance |
Development of Regulations |
Development of Methods or Prolocols |
Analytical Method Validation |
Monitoring |
Laboratory Activities |
Data Assessment |
Information Management |
Permitting |
Compliance & Enl. Support for OECA |
Research |
Procurement of Supplies and Services |
Oversight |
Training |
Office of
Ground
Wafer and
Drinking
Drmlung Water Standards
Program
~
~
~
~
~
~
~
~
~
~
~
Sole Source Aquifer Program
~
~
Water
(OGWDW)
Comprehensive State Ground
Water Protection Program
~
~
~
Undenpound Injection Control
Program
~
~
~
~
~
~
~
~
~
Public Water System Supervision
Program
~
~
~
~
~
~
~
~
~
~
~
WeUhead Protection Program
~
~
~
Office of
Human Risk Assessment
~
~
Science and
Technology
(OST)
Ecological Risk Assessment for
the Development of Water Quality
Cntena
~
~
~
Water Quality Standards Program
~
~
~
~
Effluent Gudefines Program
~
~
~
~
~
~
~
~
~
~
~
~
Office of
State Revolving Fund Program
~
~
~
~
Wastewater
Manage-
NPOES Program
~
~
~
ment (OWM)
Water Quality Management
(Section 106) Grants Program
~
Water Quality Cooperative
Agreements Program
~
~
~
~
~
~
Office of
Ocean Dumping Program
~
~
~
~
~
~
~
~
~
~
Wetlands.
Oceans and
Ocean Oisctiarge Program
~
-
~
~
~
~
~
Watersheds
(OWOW)
Discharge Waiver Program
~
~
~
~
~
~
Marine Debns Program
~
~
~
~
~
~
~
Mame Sanitation Devices'
Program
~
~
~
OSV Andersen Monitomg
Program
~
~
~
~
~
~
52-001-42C
-------�
offlco of water Quality Majiagomoat Plan
Chapter 3
Kay 12, 1995
Pasrm 3-7
Exhibit 5
Summary of Office of Water Programs and Their Functions Involving QA Practices and Tools
Office
Program
Development of Policies |
Development of Standards |
Development of Criteria |
Development of Guidance |
Development of Regulations |
Development of Methods or Protocols |
Analytical Method Validation |
Monitoring |
Laboratory Activities |
Data Assessment |
Information Management |
i
Compliance & Enf. Support for OECA |
Research |
Procurement of Supplies and Services 1
Oversight 1
Training |
Office of
Wetlands.
Oceans and
Watersheds
National Estuary Program
~
~
~
~
~
~
~
Section 404 (Dredge and Fffl)
Regulatory Program
~
~
~
~
~
~
~
~
(OWOW)
(confd)
Non-Regulatory We torts.
Protection Progams
~
~
~
~
~
~
Watershed Protection Program
~
~
~
~
~
~
~
Water Quality Monitoring Program
~
~
~
~
~
Nonpoint Source Monitoring
Program
~
~
~
~
~
~
~
~
Clean Lakes Program
~
~
~
~
~
~
~
~
~
State Water Quality Assessments
(Section 305(b) Reports) Program
~
~
~
~
~
Volunteer Monitoring Program
~
~
~
American
Indian Envi-
ronmental
Office
General Tribal Program
~
~
~
~
~
~
~
* Information resulting from a survey of OW program representatives conducted by the QAM in 1993. The survey involved interviews with 59
staff and managers representing all OW Offices and Divisions.
-------�
Oftiom o£ Mtw Qumlity
ehapcmr J
it PlU
JMr MM
rmam 3-1
CHAPTER 3
DHTINITION OF
Scops or
Tn Orrxca or WXtsr Qoilzti
¦e flaa
13. WW
3-20
3.4.6 Date JUai
Data assessments provide an objectiva
evaluation of the quality of data collected in
the.field or analyzed in the laboratory. The
assessment process can involve three stages o£
review:
• Data Review or Verification: checking data
completeness, and ensuring that all QC data
comply with the requirements of the QAFP;
-------�
Offico of Wat or Quality Xoi]«gaB«oC Plaxx
Chapter 3
May 12, 1995
Pag* 3-21
• Data Compliance Assessment: calculating the
achieved data quality indicators (e.g.,
precision, bias, and completeness) and
comparing them to determine that they are
consistent with the DQOs;
• Data Validation: determining that the data
satisfies the requirements as defined by the
data user; and
• Data Quality Assessment: determining that the
data are the correct type, quality arid quantity
for their intended use.
Each of these data assessment activities supplies
information about data quality and usefulness.
Important QA components for the DQA process to
ensure an accurate and consistent evaluation
include:
• Ensuring consistency with the approved QMP,
describing overall program QA policies and
practices, as well as specific QA protocols to
meet individual program requirements. A
comprehensive presentation of the required
elements of a QMP can be found in EPA
Requirements for Quality Management Plans
(Interim Final), EPA QA/R-2, July 1993;
• Developing and implementing approved QAPPs,
study plans, or other documents (e.g.,
contractual statement of work [SOW]) for data
assessment activities. Quality Assurance
Project Plans must specify: sampling location
and frequency; sample collection methods,
handling, preservation, storage and transport
procedures; chain-of-custody requirements;
analytical methods to be applied; QC
requirements; data documentation (i.e., how
representative the data are, how complete the
data set is, and how comparable the data are in
meeting the project objectives); and reporting
format and requirements. A comprehensive
presentation of the required elements of a QAPP
can be found in EPA Requirements for Quality
Assurance Project Plans (Interim Final), EPA
QA/R-5, July 1993;
-------�
Office of Watar Quality HUugaaenC Plan
ChapCsr 3
"ay- 13, 1995
?«g» 3-22
• Identifying project or program objectives and
associated DQOs establishing the intended data
uses and criteria for completeness, precision,,
and accuracy. A comprehensive presentation of
the required elements of DQOs can be found in
EPA Requirements for Data Quality Objectives
Process (Interim Draft), EPA QA/G-4, July 1994;
and
• Developing data assessment protocols to
evaluate data quality based on the QAPPs. This
protocol, at a minimum, must include: checking
data completeness and ensuring that all QC data
comply with the requirements of the analytical
methods and QA/QC documents.
The result of this process is to determine the
limitation on the quality and potential uses of
the data. During the initial assessment phase,
data are reviewed and validated to ensure that
sampling and analysis protocols specified in the
QAPP were followed and that the measurement
systems performed in accordance with the criteria
specified in the QAPP. The data review and
validation process is designed to detect
deviations from pre-specified performance goals
for the measurement system.
The data quality assessment process uses the
validated data to determine whether the study
objectives were achieved, and is primarily used to
evaluate environmental data sets in support of
environmental decision making activities. The
data quality assessment process is designed to
detect conditions under which the data user's DQOs
will not be satisfied regardless of whether these
conditions stem from measurement system problems
or natural variability in the population. This
ensures that data quality adequately supports
programmatic decisions. Factors that may cause
uncertainty in the data collected include sampling
design error and measurement error. Sampling
design ..error occurs due to natural variability.
Based on the severity of this variability, samples
may or may not be "representative" of the entire
population. Measurement errors may be introduced
during the sample handling and analysis
procedures. These potential errors will place
conditions and constraints on how the data must be
interpreted and used.
Quality Assurance Management Staff has issued a
draft guidance document for the DQA process
-------�
Ottica of Water Quality Maaagament Plan
Chapter 3
May 12. 1995
Page 3-23
entitled, Guidance for Data Quality Assessment
(External Working- Draft), EPA QA/G-9, March 1995.
The data quality assessment process, as defined by
QAMS, is explained further in Section 11.3.3.
This process provides the necessary steps for the
statistical analysis of data to determine whether
or not the data meet the DQOs and with what level
of confidence these data may be used. The five
steps of the DQA process include reviewing the
initial planning documentation (i.e., DQOs, QAPPs,
sampling and analysis plans), conducting a
preliminary review of the data, selecting a
statistical test, verifying the assumptions of the
statistical test, and performing the statistical
test to reach a conclusion to the question posed
during the planning phase of the study.
Data Quality Assessments establish that data meet
stated quality criteria or pre-established DQOs.
This ensures that the data can be used for the
intended programmatic decisions. The data quality
assessment process does not include an assessment
of subsequent data analyses or reporting.
Consequently, DQAs, in and of themselves, do not
ensure the reliability of analyses, conclusions,
or decisions made based on the data or the
accuracy of how the data are depicted.
Applications of environmental data, such as their
use in the development or calibration of
mathematical models or determination of methods,
for example, should include additional QA criteria
and documentation procedures to ensure that data
are used in ways that are consistent with their
known limitations and are portrayed accurately.
The Office of Water is addressing the need for QA
policies and practices related to consistency in
the use and reporting of water monitoring data
through the ITFM and other OW efforts such as the
National Water Quality Inventory (305(b))
Consistency Workgroup.
Information management encompasses the
administration of data and information systems
(automated and non-automated information
collection activities and records management).
EPA's OIRM is presently developing standards
applicable to information management activities
that will, be published and implemented following
Green Border Review. The Office of Water is
committed to implementing the information
Oats Standard*
Data validation
Docummatatloa
3.4.7 Info:
>znatioa Manag<
-------�
Ottlcm of Ma ear Quality MUMgrancnC Plan
ChapCar 3
May- 12, 1993
Pago 3-24
management/data administration standards when they
are published.
The systems management component of the OIRM
standards encompasses all aspects of system
design, maintenance, documentation, and data
entry, for both non-automated and automated
systems. For purposes of this QMP, the scope of
systems management activities includes paper file
systems, single-user, project-specific databases
(such as those generated to support development of
analytical methods for analysis of wastewater), or
multi-user national databases (such as STORET or
SIDWIS). Quality assurance activities for
information management include:
• Ensuring consistency with the approved QMP,
describing overall program QA policies and
practices, as well as specific QA protocols to
meet individual program requirements. A
comprehensive presentation of the required
elements of a QMP can be found in EPA
Requirements for Quality Management Plans
(Interim Final), EPA QA/R-2, July 1993;
• Developing and implementing approved QAPPs or
study plans for information management.
Quality Assurance Project Plans must specify:
compliance with Federal, EPA, and OW data
standards; standards for description of data
sets (e.g., source of data, purpose of
collection, types of field and laboratory
methods used,, precision, accuracy, and
completeness); and the minimum number of data
sets that must be presented before the data can
be include in an official information
management system and data dictionaries. A
comprehensive presentation of the required
elements of a QAPP can be found in EPA
Requirements for Quality Assurance Project
Plans (Interim Final), EPA QA/R-5, July 1993;
• Identifying project or program objectives and
associated DQOs for information management
programs establishing criteria for the
timeliness, completeness, precision, and
consistency of data entered into the
-------�
Otiicm of Watar Quality ft an a a am ant Plaxt
Chapter 3
H*y 12, 1995
Pago 3-25
information management system. A comprehensive
presentation of the required elements of DQOs
can be found in EPA Requirements for Data
Quality Objectives Process (Interim Draft), EPA
QA/G-4, July 1994;
• Adhering to EPA Order 2100 on Information
Resources Management (IRM) and its subsequent
implementation order. System development must
comply with EPA's Operations and Maintenance
Manual, EPA Directive 21.81, April 30/ 1993;
• Developing a system security plan consistent
with the requirements in the OIRM, June 3, 1994
draft of the EPA Information Security Manual;
• Developing users guides and training that
provides detailed instructions for entering
individual data sets, forms, and data
submissions;
• Developing guidance oh QC of data entry,
storage, access, transfer and retrieval
processes. This includes edit and update error
correction processes, internal reviews, and
database QCs;
• Working with regulation writers, permit
writers, and monitoring staffs to develop data
reporting and storage requirements;
• Validating software;
• Documenting system design specifications,
including technical systems audits (TSAs) to
ensure the quality" of the system development
and enhancement efforts (Office of
Administration and Resources Management [OARM]
System Design and Development Guidance, EPA
Directive 2182, dated April 30, i993). QA and
QC requirements for the information management
system should be included.in the systems
lifecycle management documentation;
• Documenting of systems and conformance to
document scope, purpose, and requirements
throughout the life-cycle. All documentation
needs to be complete and current; and
-------�
Offlea of Watar Quality Vui;ag«at Plan
Chaptar 3
May 12, 1993
Paam 3-36
• Developing data validation, data quality-
assessment, and audit protocols based on the
QAPPs to evaluate whether the data are of
sufficient quality to meet the DQOs of .the
program or project; to identify problems in
interpreting the data; and reporting and
disseminating the data to users and managers.
Data Quality 3.4.8 Permitting
Objmctlwm
Ouldanca
In the permitting program, the regulated .community
is required to submit facility monitoring data to
EPA or to authorized State, tribal, local, or
other governmental programs. Permit writers use
this monitoring data to support the development of
permits (e.g.,, set specifj.G permit limits) or to
determine appropriate permit reissuance.
Environmental data used in permitting activities
generally comes from monitoring studies or
facility compliance monitoring conducted by
permittees or others to comply with requirements
specified in permits and. Federal or State
regulations.
The principal QA components for a permitting QA
program are:
• Ensuring consistency with the approved QMP,
describing overall program QA policies and
practices, as well as specific QA protocols to
meet individual program requirements. A
comprehensive presentation of the required
elements of a QMP can be found in EPA
Requirements for Quality Management Plans
(Interim Final), EPA QA/R-2, July 1993;
• Developing and implementing approved QAPPs or
study plans for permitting activities. A
comprehensive presentation of the required
elements of a QAPP can be found in EPA
Requirements for Quality Assurance Project
Plans (Interim Final), EPA QA/R-5, July 1993;
• Identifying project or program objectives and
associated DQOs for the collection of data to
support permit limitations and to demonstrate
compliance with these limits. A comprehensive
presentation of the required elements of DQOs.
-------�
Offtea of tfatar Quality Managamant plan
Chapeor 8
May 12, 1995
Paga 8-1
Chapter 8
Information Resources Management Policy
OW will comply with all Federal and EPA standards and
regulations pertaining to hardware, software, system
development, and data. It is an OW goal to achieve
consistency in the way data are generated, compiled,
stored, and disseminated across all EPA water
programs. This is to ensure more complete and
adequate data with which to make management
decisions.
cootmtiinney 8.1 Hardware and Software Standards
Senior Information
Rmoutcm
tuuugmwit The OIRM and the National Data Processing Division
official (NDPD) are responsible for managing the hardware,
software, and communications components that are
the foundation of the Agency's information
technology. As part of their role, NDPD, in
conjunction with OIRM, has established hardware and
software standards with which Agency program offices
must conform. The Office of Water SIRMO is
responsible for coordinating the official OW
review/comment on proposed hardware/software
standards and OW compliance and implementation with
the subsequent official Agency standard.
OW managers and staff will comply with all hardware
and software standards delineated in the National
Data Processing Division Guidance on Hardware and
Software Standards (Draft), U.S. EPA Office of
Information and Resources Management, dated November
8, 1993. This document is applicable for the personal
computer (PC) platform, local area network and server
platforms, open systems platforms. Agency Electronic
Mail Service (EMAIL), IBM Compatible Mainframe
Platform, and the Supercomputer (Cray) Platform.
These standards address:
• Compatibility;
• Hardware;
• Operating system;
• Communication;
• Database Management;
• User Interface/Printer Interface;
• Application Development; and
• Applications.
-------�
Offlea of VaCar Quality Nojiagaaant Plan
Chapter 8
May 12, 199S
Paga 8-2
OW will procure Agency-approved hardware and software
chat conforms with Agency-wide information management
architecture. Significant changes in Agency hardware
and software policy will be assessed by the OW SIRMO
to determine the impact of the change. If changes are
required, the SIRMO will work with the OW System
Managers to plan and implement the most efficient
approach.
In some cases an OW program office will buy or
develop application software that is not on the
Agency contract. All such software will be evaluated
prior to purchase. Only vendors that comply with
Agency standards in the OIRM National Data Processing
Division Guidance on Hardware and Software Standards
(Draft), November 8, 1993, will be solicited. Office
of Water PC Site Coordinators and/or System Managers
will evaluate the software to determine its
performance capabilities and documentation. Software
will be selected upon minimum performance standards
and cost.
Symtam Damloo
Information
Bagiammrintr
MUodology
CaqpuCar
JUflftad
Symtmm
Evaluation
Toola
8.2 Information Management Systi
Development: and Operational Standards
All information management system development,
enhancement, and modernization efforts will comply
with OARM's System Design and Development
Guidance, EPA Directive 2182, dated April 30,
1993. This compliance should include a systematic
and comprehensive dialogue between the data
providers, data/system users, and system
developers, prior to the design of the system.
OW program offices are encouraged to use Information
Engineering Methodology (IEM) and/or Computer
Assisted System Evaluation (CASE) tools during system
development, enhancement, or modernization, to. ensure
extensive user participation in the design and a
systematic approach to the design. Office of Water
program offices using IEM and/or CASE tools must use
only Agency-approved methods and tools. Office of
Water program offices are also encouraged to use the
OIRM Systems Development Center (SDC), which has
staff that are expert in the use of IEM and CASE
tools. Use of the SDC by OW program offices
encourages synchronization of system development and
provides more compatibility across OW systems.
It is OW policy to work closely with the OIRM on all
phases of system development, enhancement, or
modernization. The appropriate staff from the Program
Systems Division in OIRM, as well as the OW SIRMO
will review and approve procurement requests (PRs)
-------�
Office of Water Quality Managamant Plan
Chapter 8
May 12. 1995
Paga 3-3
associated with system development, enhancement, and
modernization efforts. During the operational phases
of information management systems OW will comply with
requirements within OARM's Operations and Maintenance
Manual, EPA Directive 2181, April 30, 1993.
Compliance with the applicable IRM standards will
ensure that all hardware and software configurations
are tested prior to use to ensure they perform as
expected and meet user requirements.
federal
- Xaforaatioa
Procmaming
Stnnrtardm
Information
Hanagmmmnt
Stmmrlng
cammlttmm
Information
Managammnt Syat*
8.3 Data Standards
All Federal agencies are required to adhere to
Federally-mandated data standards and regulations.
The Agency's information data standards and
regulations appear in the Catalog of Data Policies
and Standards, U.S. EPA Office of Information and
Resources Management, July 1991. However, it is
the responsibility of each office to be aware of
the most current standards and regulations even if
they do not appear in the 1991 version of this
catalog. National Institute of Standards and
Technology develops standards and guidelines to
achieve more effective use of Federal information.
The FIPS are the Federal data standards for all data
exchange among agencies. It is OW policy to comply
with all applicable FIPS. Applicable FIPS are listed
in the draft EPA document "Agency Catalog of Data
Policies and Standards," 2IM-1019 July 1991. Copies
of this document are distributed to all OW IRM
personnel.
EPA's OIRM is responsible for the data standards
program. The EPA Data Standards Program is
established and documented in the Information
Resources Management Policy Manual (Chapter 5, Data
Standards). In general, EPA's data-related policies
apply to all EPA organizations and personnel,
including contractors and grantees who design,
implement, and maintain information management
systems for the EPA.
Therefore," OW will incorporate Agency data standards
into all data collection activities and into new or
modernized information management systems. All
applicable Agency data standards are listed.in the
Agency Catalogue of Data Policies and Standards
(Draft), 21M-1019, July 1991. Of critical importance
to the OW program are:
Chemical Abstract Service Registry Number Data
Standard, EPA Order 2180.1 , June 26, 1987;
-------�
OfCico oi Mat or Quality Managmaant Plan
Chaptar a
May 13, 1995
Pagm 0-4
• Data Standards for the Electronic Transmission of
Laboratory Measurement Results, EPA Order 2180.2,
December 10, 1987;
• The Minimum Set of Data Elements for Ground Water
Quality, Policy Order 74500.IA, ¦ September 11,
1989;
• Facility Identification Data Standard, U.S. EPA
Office of Administration and Resources Management,
Information Management and Services Division,
April 9, 1990;
• Locational Data Policy Implementation Guidance -
Guide to the Policy, U.S. EPA Office of
Information and Resources Management, March 1992;
Policy on Electronic Reporting, U.S. EPA Office of
Administration and Resources Management, July 30,
1990; and
• Locational Data Policy, IRM Policy Manual Chapter
13, April 1991.
In addition, OW intends to implement any future
Agency-wide data standards promulgated by OIRM.
The Office of Water Information Management Steering
Committee, comprised of senior managers from
Headquarters and the Regions, is responsible for
overseeing and coordinating information management
activities in the OW. This includes overseeing an
office-wide process for developing data standards,
and for ensuring that individual systems comply with
these standards. The Office of Water will actively
participate on EPA and intergovernmental committees
and/or workgroups, such as the ITFM, that actively
pursue the development of comparable data elements
and formats for data used by EPA water programs.
OW also requires that sufficient data documentation
be provided with a data set to assist secondary data
users when.evaluating the utility of the data set for
their purposes. This data documentation includes the
original information on DQOs associated with the data
as well as any supplementary information on the
direct application of the original data, known
restrictions, or cautions which will facilitate
secondary data use.
-------�
Notes for the presentation by...
Nancy Adams
-------�
Quality Assurance Planning
For
Software and Data Management
Projects
Appendix G
QA Procedures Manual
INTERNAL EPA REVIEW DRAFT
Do not distribute,
cite, or quote.
Revision 2
August 1996
Air Pollution Prevention and Control Division (APPCD)
Research Triangle Park, NC
National Risk Management Research Laboratory (NRMRL)
US Environmental Protection Agency
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
APPENDIX G
QUALITY ASSURANCE PLANNING FOR
SOFTWARE AND DATA MANAGEMENT PROJECTS
G.l INTRODUCTION
G. 1.1 Scope
This appendix provides QA guidelines for developing software and hardware/software
systems and for managing data in APPCD projects and tasks. Quality assurance is an important
element of all projects that support environmental decision making. Although this appendix uses
generic terms such as "software" and "systems," the principles described in this appendix are
applicable to many types of system development projects, not just those involving software
development or computer programming. Types of projects to which this appendix applies include
the following:
• software development,
• software/hardware systems development,
• data base design and maintenance, and
• data validation and verification systems.
The guidance given by this appendix complements the existing APPCD QA guidelines,
which concentrate on QA/QC applicable to physical measurements, sampling, and analysis. It
provides a set of alternative QA project plan (QAPP) elements more applicable to software
development and other computer-intensive projects. The intent is not to impose new, inflexible
guidelines but to provide an alternative approach to quality planning that better suits system
development projects. The Project Officer and QA Manager should determine the applicability of
QA criteria for individual projects.
The APPCD QA Office intends these guidelines to be useful to the project in the following
ways: by aiding project management and development, by providing important and useful
documentation, by providing backup in case of legal or technical challenge, and by promoting
software reuse on subsequent projects.
2
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
G.1.2 Rationale
Many studies in software engineering have shown that proper attention to management
and QA issues decreases a project's total effort, cost, and risk. However, the QA/QC practices
applicable to software development and data management projects differ in several important
respects from QA/QC practices for measurement programs. Software development and other
computer-related projects require more attention to management and testing issues, as compared
to instrument calibration, standards development, and statistical assessment where quantitative
measures are more readily available.
The QA and planning guidance for software development in this appendix does not
mandate a particular method for software development. Project managers should choose
software development and QA methods best suited to their individual projects within the
parameters set forth here.
Section G.2 provides a set of alternative QAPP elements for situations in which the
elements applicable to measurement projects are not appropriate. The applicability of different
elements is based on (1) the APPCD QA category and (2) the size or complexity of the task.
Section G.3 describes generally recognized types of software documentation. Section G.4
discusses testing considerations. G.5 discusses QA issues applicable to spreadsheets, database
management, and other specialized software. Section G.6 discusses training needs. The list of
references provided in Section G.7 contains software development guidelines and other relevant
information.
G.2 QA PLANNING
G.2.1 Identifying OA Requirements
The two key issues in assessing the QA/QC needs for a new program are the OA category
and the program's size and complexity. APPCD QA categories range between I and IV
according to defensibility requirements, with I being highest and IV lowest. Complexity depends
on the size of the system, its level of technical sophistication, the number of programmers
3
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
involved, and so on. Other considerations influencing QA/QC needs include the target user
audience and whether EPA will distribute the product outside the Laboratory.
For joint projects across different EPA offices, the guidelines developed by all involved
offices will apply. For example, if a program will be used on the National Computer Center
(NCC), it must meet the requirements of the Office of Administration and Resources Management
(OARM)/Office of Information Resources Management (OIRM). There are a series of documents
that describe OIRM standards (See items 24-31 in the Bibliography). Similarly, for interagency
projects, coordinating the requirements and guidelines from other government agencies may be
necessary.
Most APPCD projects require a QAPP. Table G-l provides recommended alternative
QAPP elements applicable to software development and other projects that do not involve talcing
measurements. Projects that involve both measurement and software/system development should
have plans addressing all applicable QA elements.
Flexibility in developing the QAPP is encouraged to meet the needs of individual projects.
The approach described here is modeled after proven software design and management principles.
The QAPP itself need not contain design and other details, but it should summarize key
requirements and objectives and briefly state how the project will be managed and documented. It
should also describe how testing will be done and what objective criteria the system will meet at
its completion. The Data Quality Objectives (DQO) process can be helpful in establishing
measurable goals for setting these criteria (See item 32 in Bibliography).
Table G-l lists QAPP elements applicable to system development projects. This outline
parallels the Quality Assurance Division's guidance document (See item 33 in Bibliography),
which lists the QAPP elements for measurement projects. Large and complex projects should
adopt more stringent management and control procedures than shown, based on the category.
Thus, a large Category III project might adopt Category II or even Category I QA guidelines to
more effectively manage the project. Similarly, some elements recommended in Table G-l are
optional for small tasks.
4
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
TABLE G-l
QA ELEMENTS FOR SOFTWARE AND DATA MANAGEMENT
QAPPS
QAPP Element
Cateqory Applicability
-
Title/Signature Page
I, II, III, IV
-
Table of Contents
I, II, III
1.
Project Description
a. Background
b. Intended Application for Software
c. Quality Objectives for Software
d. Scope of Work
e. Schedule and Milestones
f. Facilities Description
g. Experimental/Test Matrix Design
h. Planning Documents
I, II, III, IV
1, II, III, IV
1, II, III, IV
1, II, III
1, II, III, IV
1, II, III
1, ll\ III*
1, II*. Ill*
2.
Project Organization and
Responsibilities
1, II, III
3.
Functional Requirements
1, II, III
4.
System Design Overview
1, II, III
5.
Detailed Design
1, II'
6.
Implementation
a. Development of SOPs
b. QC for Implementation
i, n*
7.
Testing
a. Individual Module Tests
b. Integration Tests
c. System Tests
d. Retesting after Changes
e. Acceptance Testing (if applicable)
f. Beta Testing (if applicable)
1, II, III, IV#
8.
Data Validation and Verification
1, II, III, IV*
9.
Change Control and Configuration Management
1, II, III, IV*
10.
Audits and Reviews
i, ir, in*
11.
Maintenance and User Support
i, ii, in*
12.
System Documentation and Archiving
1, II, III, IV
13.
QA Progress Reports to Management
i
'These elements may not be applicable for all projects in the specific category.
5
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
QAPPs for projects that include both physical measurements and systems development
should address the applicable QA elements from the QAD guidance document on preparation of
QA Project Plans and G-l. A single QAPP is appropriate for such projects, to avoid redundancy.
If other project documents address these criteria, the QAPP need not repeat them - although it
should provide a reference to where the material can be found.
G.2.2 OA Project Plan Elements
The remainder of this section discusses the elements listed in Table G-l.
1. Project Description. This section provides an overview of the project, its rationale, its
objectives, the scope of work, the intended use for the project's product, and the means for
accomplishing its goals. The subsection, "Quality Objectives for Software," should describe the
minimum acceptable system quality in whatever way is most appropriate for the project. The
project description should state a computational model's specific quality objectives compared
with the results of an "exact" analytical calculation. A program used by the public might have a
quality objective related to user satisfaction with the interface. Real-time data acquisition systems
should have a quality objective specifying the maximum sampling rate that the system must
support. These specific quality objectives form the foundation for the testing criteria described
below.
Developing and adhering to the "Schedule and Milestones" subsection is a key element in
managing any complex project. Therefore, these should be specified early in the project. Large
software projects can involve many interrelated steps, similar to building a house. Critical path
analysis can be helpful for scheduling the project and allocating resources. Planned schedules
often change as a program progresses, but these changes can often highlight important problems.
Recognizing and understanding the reasons for schedule delays is important as thev occur. Some
common causes for delays include the following:
• initial projections that are too optimistic,
• personnel who lack necessary training,
• defects in development software and hardware, and
• failure to control requirements and design change.
6
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
Whenever the project manager identifies a problem that affects the schedule, he or she must act as
soon as possible. Failure to do so can lead to situations such as large overruns and failure to
deliver a working product. The Project Manager should respond quickly and decisively to
schedule delays, overruns, communication problems and other significant management problems.
These problems always become worse with the passage of time.
The "Facilities Description" subsection should provide information about the computer
hardware and operating system environment. This section should highlight differences between
the development hardware and the hardware in targeted end-users' systems. Hybrid
hardware/software systems should describe all relevant equipment and facilities.
An "Experimental/Test Matrix Design" subsection may be applicable when the software
supports a measurement program. This subsection should also describe the limits of validity for
the ideas and valid operating conditions. This can provide valuable information for the testing
phase.
The "Planning Documents" subsection should list and describe the. specific development,
support, and maintenance documents planned as part of the proposed work. These documents
are used throughout the planning and development process to document requirements, design
decisions, etc. Planning documents should be regarded as tools to help in achieving a good
product. These documents are also critical in communicating instructions to users and
maintainers of the system. Document control formats will simplify long-term usability of these
documents over a period of years. See Section G.3 for more information about planning
documents.
2. Project Organization and Responsibilities. This section should provide relevant
information about the program participants. Personnel with design and programming
responsibilities must have training and/or experience with the proposed hardware and software
tools. Because of the pace of computer-related developments, a project may require the use of
new and untried support software or hardware. In such cases, a training period should be built
explicitly into the schedule, and specific personnel who will receive training should be named.
This section should discuss all important intramural and extramural project personnel and
should show the relationship between the development team and the personnel responsible for QA
7
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
and testing. Responsibilities are important to specify. In particular, the responsibilities for
making decisions about changes in schedule, requirements, and design should be clearly listed.
Another key responsibility is the tracking and control of changes. The individual responsible for
the change tracking or configuration management function should be specified. This section
should also identify backups for personnel who are critical to the success of the project. No
individual should be critical to the success of an important project. For example, the project's
expertise in the major computer language or database management system (DBMS), should not
lie with only one person.
3. Functional Requirements. This section provides a list of the most important functions
that the software system must address. The specific sources of each important functional
requirement should be identified. Sources of requirements might include research scientists and
engineers, regulators, or end users. Other sources of functional requirements include published
literature, laws, and regulations. "Unstated" functional requirements should not be overlooked.
Frequently overlooked issues include: system security, query/response tim.e, screen layout and
legibility, and hardware and software maintainability.
If the need to revise functional requirements arises later in the project, documentation of
the source and rationale for each requirement can be helpful. This allows the development team
to negotiate with the originator of the requirement and to decide its relative importance when
tradeoffs between requirements are necessary.
This section can also state any quantitative or qualitative data quality objectives (DQOs)
that might apply to the software. It is very helpful if requirements and DQOs are stated in terms
that allow specific tests to be developed.
4. System Design Overview (High-Level Design! A brief description of the system
design is all that is necessary in the QAPP, if additional design documentation is planned
(depending on the QA category). High-level design documentation describes the system's or
program's structure without going into detail. This documentation should include block diagrams
showing relationships between major program modules, hardware devices, data storage areas, and
data input/output. The text should provide on overview of the design and give the rationale for
selecting the proposed hardware and software tools.
8
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
5. Detailed Design. Complex projects and those with significant defensibility
requirements should have a detailed design document. This document is an essential resource
during both code development and testing. The project team can later reuse much of the material
from the detailed design document in developing the programmer's manual.
6. Implementation. Written standard operating procedures (SOPs) for software
development can be useful, especially for extremely large and complex software projects. If
formal SOPs are not available, the QAPP should briefly describe the implementation plan and any
proposed development standards that will be used. Limiting changes to requirements and design
is very important after implementation has begun. Changes that seem small can become
disproportionately expensive. It is important to recognize potential bottlenecks in the
development process. Critical pathway analysis can be very helpful in planning large projects.
Time and resource constraints should be considered in this analysis.
The "QC for Implementation" subsection describes the internal checks applied during the
development process. Examples include design and code reviews, configuration control
procedures, and change control procedures. Configuration control refers to tracking the versions
of different code, modules, and data sets to avoid cross-updates of code modules caused by
communication lapses between personnel.
7. Testing. The QAPP should outline the testing strategy that will be used. Even if a
separate test plan is to be written, the QAPP should provide information about the testing
techniques and a statement of quality goals. See Section G.4 for more discussion. Specific
quality goals (e.g., DQOs) defined at the beginning of a project should be explicitly tested.
8. Data Validation and Verification. Agency guidelines provide for verification and
validation of data used in environmental decision making. Where software generates data (e.g.,
by a model), this document must describe the means for checking their correctness. Standards for
data validation and verification depend on the QA category. Category I data must be documented
fully, validated thoroughly, and the chain of custody must meet requirements for legal
defensibility. Category II data must be thoroughly checked; however, the need for "legally
defensible" documentation should be determined for each project. Data in Categories III and IV
9
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
should be validated according to their end use. Category IV data may need only simple range and
reasonableness checking to satisfy the needs of the research in progress.
9. Change Control and Configuration Management. Any well-run engineering project,
including software development projects, must control and document all significant changes. This
is true whether the change originated in a design revision, a contract modification, or an error
found in testing. Additionally, hardware/software changes due to new versions of operating
systems and languages can affect code developed and tested under previous versions. Because
the need for changes can arise from many different sources, the change control system adopted by
a project must be flexible.
Related to change control is configuration management, i.e., control of modules under
development. Large projects with many developers need sophisticated systems for configuration
management. Developers working under contract should document all customer-initiated
requirement changes, because these frequently have adverse impacts on both schedule and cost.
The configuration management and change control system can provide this information if the
change tracking system is properly designed and used.
As with all APPCD-sponsored research, change control mechanisms should be described
in the QA plan. Change notices are forms used to identify the problem and its probable cause, to
rank it, and to document its completion. Forms developed for environmental measurement
projects can often be adapted for software projects with little modification. All projects should
have a designated person who is responsible for controlling and tracking change notices and other
documentation. Multiperson development projects may also benefit from special software to
control module check-in and check-out procedures. Many different tools and techniques are
available to accomplish this, and project teams should develop or adopt the system best suited to
the individual project.
10
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
10. Audits and Reviews. APPCD-sponsored research projects may be subject to
technical audits. Audit types applicable to measurement projects are also applicable to system
development projects. These include performance evaluation audits (PEAs), technical systems
audits (TSAs), technical assistance audits (TAAs), management systems audits or reviews
(MSAs/MSRs), and audits of data quality (ADQs). However, procedures for auditing
measurement and nonmeasurement projects may differ significantly, reflecting the importance of
organization and management issues in the latter. Additional types of reviews applicable to these
projects include peer reviews and beta testing. The QA manager will plan necessary audits and
reviews in consultation with the Project Leader. This section of the QAPP should provide the
types and numbers of anticipated audits and reviews.
An important means of testing software is by processing a test data set having known
characteristics. The data set used can consist of either measurement data or data generated by a
previously validated program. Models can be validated by comparison with results from
previously validated models and with actual measurement data. The DQQ process developed by
EPA's Quality Assurance Division (QAD) of the National Center for Extramural Research and
Quality Assurance (NCERQA) can be useful in designing statistically based comparison
procedures and criteria for acceptance (34, 35).
Peer review is applicable to documents, code, and test results. This technique can identify
requirements and standards that have been overlooked and can help ensure consistency between
components developed by different personnel.
Beta testing consists of distributing draft software to outside users. Errors, problems, and
suggestions for improvement are then communicated back to the developers. Beta testing should
be considered an integral part of the software development process. Limited release of software
for this purpose is not subject to EPA prepublication requirements; however, reviewers outside
the Agency may have to execute nondisclosure agreements at the discretion of the Program
Manager.
11. Maintenance and User Support. Where software or data generated by the project will
be distributed outside APPCD, maintenance and user support must be addressed. Some typical
issues include the following:
11
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
• What is the planned lifetime for the product after release?
• What period of user support is planned?
• What is the form of the support (telephone, e-mail)?
• Will further program development continue after the initial release (i.e., new
versions)?
• Is there a suitable user's manual?
• Is there a suitable programmer's manual?
Another maintenance and support issue is continued availability of critical third-party
software and other resources. For example, reliance on critical components or support from a
small, undercapitalized vendor can pose a significant risk that the QAPP should recognize and
address.
Technological obsolescence is also an important issue; project planners should recognize
dependence on the continued availability of a particular processor, storage medium, operating
system, or application program. Where the system under development will be used for several
years, the QAPP should explicitly address provisions for upgrading to changing technologies.
Software should receive periodic maintenance to keep up with evolutionary changes in computer
storage media and programs. A program that runs only on one type of computer may not be
recoverable if the obsolete host computer breaks down and cannot be repaired.
When hardware and data storage media undergo technological transitions, there is often a
limited "window of opportunity" during which the data can be easily transferred from one medium
to another. After that window of opportunity closes, the transfer can become very difficult or
expensive. Examples include the transition from punched cards to 9-track tape in the 1970's and
the transition from 5-1/4 inch to 3-1/2 inch floppy disks in the 1980's.
12. System Documentation and Archiving. Documentation is required for software
projects in all QA categories. Use of undocumented software is unacceptable at APPCD, and
undocumented software may not be used to generate reportable data or to develop summaries,
conclusions, or recommendations. Documentation requirements may be minimal if the data will
not be used outside the immediate project, and the code will not be distributed (e.g., some
12
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
Category IV projects). Table G-2 provides recommendations for system documentation by each
QA category.
Each branch or division should archive software information just like other types of
project data. Records of software development and testing should include the following:
• machine-readable source code for all software,
• final copies of all formal system documentation (either hardcopy or machine-
readable),
• notes documenting formal test results,
• test data sets and any special-purpose software required for testing, and
• references or schematic diagrams of any special computer hardware developed for the
project (e.g., controllers, analog-to-digital and digital-to-analog converters).
13. OA Progress Reports to Management. System development QA and QC results and
plans should be reported regularly, particularly in projects in Categories I and II and where
contractually required. The QAPP must specify the frequency and content of QA reporting.
Typical QA issues for reporting include the following:
• serious outstanding problems,
• numbers of change notices issued and completed,
• progress toward completion, and
• testing or validation summaries (number passed/failed).
13
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
TABLE G-2
RECOMMENDED DOCUMENTATION FOR ARCHIVING
BY QA CATEGORY
Document
OA Cateeorv
QA Project Plan
I, II, III, IV
Requirements Document
I, II, III*
Design Document
I, II, in*
Coding Standards or SOPs
I, II, III*
Source Code with In-line Comments
(archived)
I, II, III, IV
User's Manual
I, II, III
Command Summary or Instructions for Use
(in lieu of a formal user's manual)
IV
Maintenance Manual or Installation Instructions
(if source code is distributed outside EPA)
(if source code is not distributed)
I, II, III, IV
I, II*, III*
Data Dictionary
I, II, III
Testing and Validation Procedures and Results
I, II, III*
Backup Source Code and Build Procedures
on Computer-readable Media
I, II, III, IV
*Project Officer and QA Manager's option
14
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
G.3 DOCUMENTATION
Planning documents guide and control software development and provide useful
documentation. Depending on project needs, documentation can be provided either as part of the
QAPP or as separate documents. This section provides a brief discussion of generally recognized
software documents. This appendix does riot provide detailed instructions on developine project
documentation. Individual projects must develop or adopt their own standards based on more
exhaustive references such as the EPA/OIRM guidelines (1). The following section describes the
types of planning documentation appropriate for software projects.
Requirements Document - This defines all critical functions that the completed system
must support. In addition, frequently overlooked issues such as response time to user input,
security, and so on should be specified. DQOs identified in the QA plan should be reiterated in
the requirements document.
Design Document - High-level and detailed design documents are used to plan and
describe the structure of the computer program. These are particularly important in multi-
programmer projects in which modules written by different individuals must interact. Even in
small or single-programmer projects, a formal design document can be beneficial. It is helpful to
design the code to be modular and flexible by limiting the size and complexity of individual
modules. This makes testing easier and helps improve personnel flexibility, because each portion
is easier to understand and maintain.
Coding Standards or SOPs - These may apply to a single project or to an entire
organization. Uniform standards for code formats, subroutine calling conventions, and in-line
documentation can significantly improve the maintainability of the software. Projects involving
multiple tasks may choose to develop a set of SOPs applicable to all tasks.
Testing Plan - This document guides the several stages of testing. Testing must ultimately
address all the original requirements. Certain elements from the design documents may also
require testing. For example, the test plan should address a program design that
15
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
includes use of complex memory management routines during testing. See Section G.4 for more
discussion of testing.
Data Dictionary - A data dictionary provides both developers and users with information
needed to design and prepare new reports. The data dictionary is often developed before code is
written as part of the design process. However, the data dictionary need not be static; it should
be updated as necessary when new elements are added to the data structure. A data dictionary
need not be a separately written document. The record definition files required for many database
systems can serve this purpose with little extra work.
User's Manual - The user's manual can often borrow heavily from the requirements
document because all of the software's functions should be specified there. An abbreviated user's
manual suitable for a Category IV project might consist of a simple descriptive list of commands.
The scope of the user's manual should take into account the QA category, the intended user, the
complexity of the interface, and so on.
Maintenance Manual - The maintenance manual's purpose is to explain a program's logic
and organization for the maintenance programmer. The maintenance manual should also contain
crucial references documenting algorithms, numerical methods, and assumptions. Instructions on
how to rebuild the system from source code must be included.
Source Code - The actual source code need not be generated in hardcopy form unless
needed for a specific purpose. It is important to keep computer-readable copies of the source
code archived according to APPCD policy.
G.4 TESTING
The purpose of testing is not simply to detect errors but also to verify that the completed
software meets requirements, both stated and unstated. It is necessary to plan the test carefully to
confirm that all performance specifications and DQOs are met. In designing any test, the
"correct" or "acceptable" outputs should be known in advance, if possible. Testing should be
planned in an orderly, structured way. A phased approach to testing that is often employed is
described in this section.
16
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
Recognized types or phases of testing frequently used in software projects include the
following:
• individual module tests,
• integration tests,
• regression changes,
• system tests,
• acceptance testing (if applicable), and
• beta testing (if applicable).
Individual Module Tests exercise easily understood individual functions. For sequential
programming languages such as FORTRAN, BASIC, or C, individual modules might include
functions and subroutines. For other types of software (e.g., spreadsheets), defining a functional
module is more problematic, since the software may not be designed in a modular way. However,
well-planned design strategies, such as compartmentalized design, can ease the testing effort even
where subroutines and functions are not supported by the programming environment.
_ Integration Tests are done to check the interfaces between modules and to detect
unexpected interactions. Integration testing should be done in a hierarchical way, increasing the
number of modules tested and the subsystem complexity as testing proceeds. Each level of
subsystem integration should ideally correspond to a unified subset of system functions such as
the "user interface." Because all the elements may not be present, it may be necessary to develop
"test data sets" or program "test beds" to conduct the test.
When problems are encountered at any level of integration or system testing, it is
necessary to track the error back to its origin. Errors can originate in any development stage:
requirements, design, or implementation. Errors should be detected and fixed as early as possible.
Regression Testing involves repeating all tests involving the changed module, including all
involved integration tests. This practice reduces the chance that new "bugs" will be introduced
when the first one is fixed.
System Testing is the ultimate level of integration testing. For smaller projects, this may
be the final stage of testing. For larger or more critical projects, acceptance testing or beta testing
17
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
would follow. The system test should exercise all functions possible. Data sets used to
demonstrate the software should be as realistic as possible.
A "stress test" should be included in the system-level testing whenever a system might be
load-sensitive (e.g., real-time data acquisition and control systems). The stress test should
attempt to simulate the maximum input, output, and computational load expected during peak
usage. The specific rates of input, output, and so on for which the system is designed are
important criteria in the original requirements specification. The maximum load is a key quality
indicator and should have been specified early in planning. The load can be defined quantitatively
using criteria such as the frequency of inputs and outputs or the number of computations or disk
accesses per unit of time. Developing an artificial test bed to supply the necessary inputs may be
necessary. The test bed can consist of hardware, software, or a combination of the two that
presents the system with realistic inputs to be processed. The project team can write programs to
carry out this testing, or automated tools may be available commercially. Test data sets may be
necessary if the software needs external inputs to run.
Acceptance Testing refers to contractually required testing that must be done before
acceptance by the customer and final payment. Specific procedures and the criteria for passing
the acceptance test should be listed before the test is done. A stress test is a recommended part
of the acceptance test, along with thorough evaluation of the user interface and other contractual
requirements.
Beta Testing refers to a system-level verification in which copies of the software are
distributed outside the project group. Corrections to the software are expected to result from
beta testing. Beta testing is especially important for software that will be distributed to a wide
outside audience. In beta testing, the users typically do not have a supplied testing protocol to
follow; instead, they use the software as they would normally and record any anomalies
encountered. Users report these observations to the developers, who address the problems before
release of the final version. It is important to control the reported problems and document that
they have been corrected. See the previous discussion of change control.
18
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
G.5 QA FOR SPECIALIZED SOFTWARE
G.5.1 "Incidental" Software for Measurement Projects
Software documentation and testing are sometimes overlooked in measurement projects
for which software development is not the focus. However, even a simple spreadsheet or BASIC
program can contain errors capable of compromising a project's results. A few simple
reasonableness checks may be all that are necessary to test a simple program adequately.
However, any program, including spreadsheets, used for processing Category I and II data should
be thoroughly verified so that the investigator can support them in case of legal challenge.
Detailed testing records are also valuable when environmentally related conclusions must be
legally defensible.
Under current APPCD QA policies, software that is developed "casually" or as part of a
basic (Category IV) research effort is often not specifically identified in a QAPP and does not
require formal documentation or testing. However, if such software is later used by other
researchers or on a higher category project, it must be brought up to the appropriate QA level.
Existing, undocumented software should be identified in the QAPP, and the time and expense of
upgrading it should be planned into the new project.
Another issue that often arises while projects are underway is the need for software that
was not originally planned. The extra effort to document and test such unplanned software might
be considered a burden on the project. In such cases, the Project Officer and the QA Office should
agree on a course of action. The procedure might proceed as follows:
• Project leader meets with the QA Office representative and agrees on documentation
and testing that can be done within existing schedule and cost constraints.
• Write, document, and test the software as agreed.
• Note in the monthly report that an "unplanned" program had to be written. Describe
its function and testing results.
• Provide a summary of commands and instructions for installing the program to be
archived with project materials.
• If an audit of the project is planned, the program, its documentation, and test results
should be examined during the audit.
19
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
G.5.2 Spreadsheets
Spreadsheets are notoriously difficult to test. Trying to understand the detailed logic of a
complex spreadsheet can be virtually impossible for an auditor or other third party. Manually
examining or auditing cell formulas and macros is not usually an effective way to verify a
spreadsheet's correctness. When results are critical, testing should focus on the accuracy and
correctness of a spreadsheet's outputs instead of validating its logic in detail. Some tools for
auditing spreadsheets are available from commercial vendors; however, the usefulness and
capabilities of these tools vary widely.
Specific techniques that can be used for spreadsheet testing include the following:
• running a test data set with known results to verify that the spreadsheet gives the
correct results;
• using technical knowledge or judgment to assess the reasonableness of the
spreadsheet's results;
• reproducing portions of a spreadsheet's functions using another spreadsheet or other
types of computer programming tools, and comparing results;
• isolating portions of the spreadsheet and determining the accuracy of individual
functions; and
• rewriting the spreadsheet (or significant subsections) from scratch and comparing the
results of the two.
G.5.3 Database Management Systems CDBMSs)
DBMS control scripts, spreadsheets, record definition files, and automatic report
generator templates are all varieties of software. These must be planned, developed, documented,
and tested like other types of computer programs or systems. Most of the principles applicable to
planning, implementing, and testing software are also applicable to developing a new database
system.
It should be noted that widely available, off-the-shelf-applications such as SAS, dBase,
Oracle, and Adabase need not be tested by the user. The focus of concern is on processing
scripts, table definitions, etc. developed by the EPA-sponsored user. Occasionally, however, a
"bug" will be found in commercial software. Providing a solution to such a problem in a timely
way is not usually possible for the vendor. The most common and effective response is to "work
20
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
around" the problem. The "work around" should be noted prominently in the documentation,
including the programmers' manual, the users' manual, and the in-line comments. This will keep
future maintenance programmers from experiencing the same pitfall. Workarounds should be
rechecked when new versions of the commercial software are incorporated, since the "bug fix"
may affect the original workaround.
Important issues include data security and traceability of all data manipulations and
changes. Use an Audit Trail to document changes made to the data set. An audit trail should be
considered mandatory for Category I data as well as for data gathered under good laboratory
practices (GLPs), the Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA), and the
Toxic Substances Control Act (TSCA). An audit trail should record information such as the
following:
• the original data value,
• the changed (new) data value,
• the person responsible for the change,
• the reason for the change (codes may be used), and
• the date and time of the change.
Define the functions that the DBMS package must support before selecting which one to
use for a particular project. Establishing functional requirements can be critical in assessing
whether a commercial DBMS can support all the needed functions. Some areas to assess include
the following:
• data query capabilities,
• data manipulations and calculations,
• user interface support,
• database model used (e.g., relational, hierarchical),
• security features (passwords, etc.), and
• data input validation features (e.g., duplicate keystroke entry, range checks, statistical
checks, between-field checks).
Record the version of the software used to process each data set. This may become
important if the data must be reprocessed or if results must be defended. Special efforts may be
21
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
necessary to update and record version information because many software packages do not
automatically supply this function.
Archive the source code for all DBMS record definitions, control scripts, macros, report
generators, and so on. Make regular backups of data and code. Archive the final version of the
data set in machine-readable form along with the software used to process it. Plan for hardware
and software obsolescence. Make sure that data sets and associated processing programs receive
periodic maintenance to keep up with evolutionary changes in computer storage media and
programs. If this is not done, data may become unusable in the future.
G.5.4 Data Validation and Processing
Most current environmental measurement programs involve computerized data validation
and/or processing. The mechanism for processing the data may be computer programs, a DBMS
with user-developed procedures, spreadsheets, or another mechanism. Routines developed to
process measurement data must meet the general criteria for software set forth in this appendix.
That is, the routines must be documented and tested at a level appropriate to the QA category of
data being processed. Thus, software used to validate Category I data should be developed (or
retroactively documented/tested) to a Category I level of validity.
G.6 TRAINING
The project leader should ensure that each staff member working on software design,
programming, and data management activities has the necessary knowledge of both the technical
tools and the management procedures that are to be followed. Inexperienced personnel should
gain this understanding through recommended reading or training before the project begins.
G.6.1 Management Reference Materials
Several references on managing software and system development projects can be found
in Section G.7. However, the applicability of these documents depends on the individual project.
22
-------�
APPCD QA Procedures Manual Appendix G
Revision 2
August, 1996
Additional advice, guidelines, development strategies, programming methods, and so on are also
listed there, but this list is far from exhaustive.
G.6.2 Training Courses
Managers with little experience in directing software development projects can benefit
from formal courses and tutorials. A variety of formats (live, correspondence, computer-aided,
etc.) are available. Courses in software engineering and management can be helpful provided the
specific course is chosen with care.
G.7 BIBLIOGRAPHY
The publications provided in this section offer a cross-section of regulations, advice, and
guidance available from the Federal government and other sources. Many of the following are
either generic in scope or have a limited domain of applicability. Nevertheless, users with specific
needs may find the references useful. Documents by EPA's OIRM provide a good background
for working on projects that span two or more EPA offices or Federal agencies. Users planning
major software development efforts can survey several of the standards listed below to assist in
setting up the software development/management effort.
A few software development and QA documents from some other Federal agencies and
departments are listed as well. These may be used for comparison with EPA and Federal
guidelines. For joint projects, however, a full set of the other agency's standards should be
obtained. In most cases, the guidelines of different agencies will be largely compatible, and
reconciling them should not be difficult.
FEDERAL LAWS AND REGULATIONS
1. Federal Records Management Amendments of 1976, Public Law 94-575. This law
provides part of the legal basis for subsequent standards, guidelines, and policies for
various Federal agencies.
23
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
2. 41 CFR 201. "Federal Information Resource Management Regulations (FIRMR),"
General Services Administration. This document explains the extent to which FIRMR
applies to the creation, maintenance, and use of Federal information by Federal
agencies.
3. 36 CFR 1220. "National Archives and Records Administration Regulation." This CFR
section provides policy applicable to Federal agencies' record management programs.
4. Public Law 100-235. "Computer Security Act of 1987."
FEDERAL INFORMATION PROCESSING STANDARDS (FTPS)
The F1PS publications are often quite generic. They should be viewed as providing
guidance rather than as a detailed prescription for how to implement a software development
program.
5. Guidelines for Documentation of Computer Programs and Automated Data Systems:
FIPS PUB 38.U.S. Government Printing Office, Stock No. 003-03-1580-6, Washington,
D.C., 1976. Software documentation guidelines in use by the Federal government.
6. Guidelines for Documentation of Computer Programs and Automated Data Systems for
the Initiation Phase: FIPS PUB 64. U.S. Government Printing Office, Washington, D.C.,
August 1, 1979.
7. Guidelines for ADP Risk Analysis: FIPS PUB 64. U.S. Government Printing Office,
Washington, D.C., August 1, 1979.
8. Guidelines for Security of Computer Applications: FIPS PUB 73. U.S. Government
Printing Office, Washington, D.C., June 30, 1980.
9. Guidelines for Life Cvcle Validation. Verification and Testing of Computer Software:
FIPS PUB 101. U.S. Government Printing Office, Washington, D.C., June 6, 1983.
10. Guidelines for Communication Security Certification and Accreditation: FIPS PUB 102.
U.S. Government Printing Office, Washington, D.C., September 27, 1983.
11. Guidelines for Software Documentation Management: FIPS PUB 105. U.S. Government
Printing Office, Washington, D.C., June 6, 1984.
12. Guidelines for Software Maintenance: FIPS PUB 106. U.S. Government Printing Office,
Washington, D.C., June 15, 1984.
24
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
13. Guidelines on Functional Specifications for Database Management Systems: FIPS PUB
124. U.S. Government Printing Office, Washington, D.C., September 30,1986.
OTHER FEDERAL GUIDELINES
14. Computer Model Documentation Guide. NBS Special Pub. 500-73. U.S. Government
Printing Office, Washington, DC., 1980. This report provides guidance in planning for
the documentation of computer models. Four different types of mamtals that serve the
needs of managers, users, analysts, and computer programmers are outlined.
15. OMB Circular A-130. Federal Register, Vol. 50 No. 247, "Management of Federal
Information Resources." Office of Management and Budget, Washington, D.C., April 29,
1992.
U.S. FOOD AND DRUG ADMINISTRATION
16. U.S. Department of Health and Human Services, Public Health Service, Food and Drug
Administration, Office of Regulatory Affairs, Washington, D.C., "Technical Report:
Software Development Activities," Reference Materials and Training Aids for
Investigators, July 1987. A guide for FDA field personnel investigating toxicology
laboratories' development and management of software. A companion document,
"Guide to Inspection of Computerized Systems in Drug Processing, "provides an
overview of a complete computer processing system.
U.S. DEPARTMENT OF DEFENSE
17. Department of Defense, Washington, DC., MIL-STD-1521B (USAF), "Military
Standard, Technical Reviews and Audits for Systems, Equipment and Computer
Software," AMSC No. F3631. This document contains current technology and
management procedures to be used in conducting reviews and audits.
18. U.S. Department of Defense. Washington. DC.. DOD-STD-2168. "Military Standard.
Defense Systems Software Quality Program," AMSC No. A4389. This document
contains requirements for development, documentation, and implementation of software
quality programs.
25
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
U.S. ENVIRONMENTAL PROTECTION AGENCY
General Orders. Memoranda, and Guidance Documents
19. "Interim Guidelines and Specifications for Preparing Quality Assurance Project Plans,"
EPA QAMS-005/80, U.S. Environmental Protection Agency, Quality Assurance
Management Staff, Washington, D.C., December 1980. Widely used outline for
preparing project OA documentation in the Agency. Software QA and data validation
needs can be inferredfrom measurement quality goals.
20. Program and Policy Requirements to Implement the Mandatory Quality Assurance
Program. EPA Order 5360.1, U.S. Environmental Protection Agency, Washington, D.C.,
April 1984.
21. Information Resources Management Policy Manual. EPA/220/B-92-002. U.S.
Environmental Protection Agency, Office of Information Resources Management,
Washington, DC., 1992. This document is a framework for the EPA Information
Resources Management program including planning, budgeting, organizing training,
and controlling information.
22. Data Standards for the Electronic Transmission of Laboratory Measurement Results. EPA
Order 2180.2, Washington, D C., December 10, 1987. This document contains specific
file and recordformats to be used in transmitting chemical analysis records to the EPA.
23. "Memorandum: Official Records Policy," From: Charles L. Grizzele, Assistant
Administrator, Office of Administration and Resources Management, U.S. Environmental
Protection Agency, Washington, D.C., March 9, 1989. Includes guidelines for archival
and retention of scientific documents.
24. "System Design and Development Guidance," EPA 21M-1011, Washington, D.C., June
1989. This document provides design and development guidance in accordance with the
OIRM policy manual.
25. "Information Security Manual for Personal Computers," EPA 21M-1009, Washington,
D C., April 1993. This manual is issued by OARM in accordance with the EPA IRM
policy manual, Chapter 8.
26. "EPA Information Security Manual," (unnumbered), Washington, D.C., June 1994. The
second of two manuals dealing with information security in accordance with EPA IRM
policy.
26
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
27. "Operations and Maintenance Manual," EPA-21M-1010, Washington, D.C., April 1990.
This document provides guidance for managing a software system during the operation
and maintenance phases of the system's life cycle.
28. "Automated Laboratory Standards: Evaluation of the Use of Automated Financial System
Procedures," EPA/OIRM, Washington, D C., June 1990.
29. "System Design and Development Guidance, EPA/ADP, Application Guidance to
Hardware/Software Selection," EPA 21M-1012, Washington, D.C., April 1993.
30. "2185 - Good Automated Laboratory Practices: Principles and Guidance to Regulations
for Ensuring Data Integrity in Automated Laboratory Operations - 1995 Edition."
EPA/OIRM, Washington, D.C., August 10, 1995. This document applies principles from
GLPs to automated data handling.
31. EPA Federal Acquisition Requirements - 1552.210-79, Washington, D.C., "Compliance
with EPA Policies for Information Resources Management." This is a change notice
dated November 22, 1991, that summarizes compliance with EPA IRMpolicies. A list of
laws, Agency directives, OIRM directives, National Data Processing Division (NDPD)
directives, and EPA IRM policy documents.
32. "Guidance for Planning for Data Collection in Support of Environmental Decision Making
Using the Data Quality Objectives Process," EPA QA/G-4, U.S. Environmental
Protection Agency, Quality Assurance Management Staff (QAMS), Washington, D.C.,
September 1993. This is one member of a series of OA guidance documents being
developed by OAMS (now the Quality Assurance Division). Later documents in the
series will address software development.
33. "EPA Requirements for Quality Assurance Project Plans for Environmental Data
Operations," EPA QA/R-5, U.S. Environmental Protection Agency, Quality Assurance
Management Staff (QAMS), Washington, D.C., August 1994.
34. U.S. Environmental Protection Agency, NDPD Operational Policies Manual. EPA-208/9-
92-001, Office of Administration and Resource Management, National Data Processing
Division, Research Triangle Park, NC, 1993. This document is a framework for defining
and publishing direction related to the operation of EPA timesharing resources under
NDPD.
35. U.S. Environmental Protection Agency, Emissions Inventory OA System User's Manual
(Revised), Office of Air Quality Planning and Standards, Research Triangle Park, N.C.,
Prepared by TRC Environmental Corporation, EPA Contract No. 68-D9-0173,
September 1994. This document is a guide for the EIOA system.
27
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
NATIONAL ENVIRONMENTAL RESEARCH LABORATORY (NERLt
(formerly the Atmospheric Research and Exposure Assessment Laboratory)
36. U.S. Environmental Protection Agency, EPA Third-Generation Air Quality Modeling
System. Vol 1: Concept. EPA/600/R-95-082 (NTIS PB95-23980), Atmospheric
Research and Exposure Assessment Laboratory, Research Triangle Park, N.C., 1995.
37. U.S. Environmental Protection Agency, EPA Third-Generation Air Quality Modeling
System. Configuration Management User's Guide. M3-205-vl.0, Atmospheric Research
and Exposure Assessment Laboratory, Research Triangle Park, N.C., June 1994.
38. U.S. Environmental Protection Agency, EPA Third-Generation Air Quality Modeling
System. Vol 4: Project Verification and Validation. M3-204-vl.Q. Atmospheric Research
and Exposure Assessment Laboratory, Research Triangle Park, N.C., June 1994.
39. U.S. Environmental Protection Agency, EPA Third-Generation Air Quality Modeling
System. Vol. 5: Project Configuration Management. M3-210-vl.0, Atmospheric
Research and Exposure Assessment Laboratory, Research Triangle Park, N.C., June 1994.
CONSENSUS STANDARDS - NATIONAL AND INTERNATIONAL
40. American National Standard, "Quality Management and Quality Systems Elements -
Guidelines," ANSI/ASQC Q94-1987, American Society for Quality Control, Milwaukee,
WI. This document describes a basic set of elements by which a quality management
system can be developed and implemented internally.
41. Drug Information Association, Maple Glen, PA, "Computerized Data Systems for Non-
Clinical Safety Assessment, Current Concepts and Quality Assurance," September 1988.
A workbook developed to provide support in developing computer automation for
toxicology laboratories and to describe effective means for ensuring the quality of
computerized data systems.
42. IEEE, Piscataway, NJ, IEEE Standard 730.1-1989. "IEEE Standard for Software Quality
Assurance Plans," (Revision of ANSI/IEEE Standard 730-1984), October 19, 1989.
43. International Organization for Standardization, Geneva, Switzerland, Draft International
Standard ISO/PIS 9001. "Quality Systems ~ Model for Quality Assurance in Design,
Development, Production, Installation and Servicing." (Revision of ISO 9001:1987) 1993.
28
-------�
APPCD QA Procedures Manual
Appendix G
Revision 2
August, 1996
44. "Specifications and Guidelines for Quality Systems for Environmental Data Collection and
Environmental Technology," ANSI/ASQC E4-1994, American Society for Quality
Control, Milwaukee, WI, January 1995. Minimum quality management elements
required to conduct programs involving environmental data collection and evaluation,
technology design, construction, and operation.
45. International Organization for Standardization, Geneva, Switzerland, International
Standard ISO/PIS 14001. "Environmental Management System, Discussion Draft", 1996.
46. International Organization for Standardization, Geneva, Switzerland, International
Standard ISO 9000-3:1991 (El. "Quality Management and QA Standards, Part 3:
Guidelines for the Application of ISO 9001 to the Development, Supply and Maintenance
of Software."
ARTICLES AND PUBLICATIONS
47. Johnson, Gary L., Dean W. Wolfe, and Stanley M. Blacker, "QA Requirements for
Environmental Programs," Environmental Testing and Analysis. January/February 1994,
p. 49. Disaission of ANSI/ASOC E4-1994.
48. Sisk, Richard, "Reengineering Quality to Meet Customer Needs," American Laboratory.
p. 38-39. This article is a disaission of ISO 9000 certification as a global standard.
49. Brooks, Frederick P. The Mythical Man-Month : Essavs on Software Engineering.
Reading, MA: Addison-Wesley Publishing Company, 1975, 195 p. Computer
programming management. Includes bibliographical references and index.
50. Gibbs, W. Wayt, "Software's Chronic Crisis," Scientific American. September 1994,
p. 86.
51. Littlewood, Bev, and Lorenzo Strigini, "The Risks of Software," Scientific American.
pp.38-43, November 1992.
29
-------�
Notes for the presentation by...
Joe Lentini
-------�
Information
Technology
Management
Reform
Act
Effective August 8, 1996
-------�
Background
051^ ¦ Signed into law February 10, 1996.
¦ Repeals the Brooks Act.
^ ¦ Establishes new statutory scheme for
if IT acquisition and management within
^ the Executive branch.
-------�
Qk <£
Amends the PRA of 1995.
- Abolishes Designated Senior Official
(DSO) position.
- Establishes Chief Information Officer
(CIO) position.
Implemented August 8, 1996.
-------�
Why ITIY1RA?
-------�
Encourage incremental approach to
large scale system acquisitions.
Encourage cross-agency sharing of
IT-related expertise.
-------�
The New IT MR A
Management Paradigm
¦ Shift from bureaucratic to strategic
n|r business/mission focus.
¦ Capital Planning and investment linked
to budget, results, and performance-
based modular project management.
¦ Closer monitoring of IT projects on a
module-by-module basis.
5
-------�
ITMRA Requirements
¦ Establish goals for improving agency
operational efficiency and effectiveness
through improved IT usage.
• Submit an annual report on agency
progress in achieving IT goals.
1 Prescribe performance measurements
for IT.
6
-------�
¦ Quantitatively benchmark EPA's
process performance against
comparable public and private-sector
organizations and processes.
¦ Analyze agency mission and, based oh
analysis, revise appropriate mission-
related and administrative processes
prior to making significant investments
in IT.
-------�
Ensure agency information security
policies, procedures, and practices are
adequate.
Establish IRM knowledge and skill
requirements for all agency personnel.
Assess adequacy of IRM knowledge
and skill requirements.
8
-------�
Develop strategies and specific plans
for hiring, training, and professional
development.
Report progress in improving IRM to
the Administrator.
9
-------�
ITMRA
LESS BUREAUCRACY
MORE BUSINESS
-------�
Executive Order 13011: Federal Information Technology
Effective Date: July 16,1996
Summary: This order provides additional policy direction to executive agencies on the implemen-
tation of relevant portions of the Information Technology Management Reform Act (ITMRA) of
1996, the Paperwork Reduction Act (PRA) of 1995, and the Government Performance and
Results Act (GPRA) of 1993. It also establishes three interagency groups: the Chief Information
Officer (CIO) Council, the Government Information Technology (IT) Services Board, and the IT
Resources Board.
Overview:
Section 1. Executive agencies shall:
o significantly improve the management of their information systems through implementation of
the ITMRA, PRA and GPRA.
o refocus IT management to directly support agency strategic missions,
o implement an investment review process that drive budget formulation and execution for
information systems,
o reengineer work processes before investing in IT to support that work,
o establish agency CIOs with clear accountability for IRM, including:
(1) participating in investment review process for information systems;
(2) monitoring and evaluating the performance of those systems;
(3) as necessary, advising the agency head to modify or terminate those systems,
o establish and cooperate in an interagency IT support structure to:
(1) improve productivity government-wide;
(2) promote a coordinated, interoperable, secure and shared Federal IT infrastructure;
(3) promote a well-trained corps of IT professionals.
Section 2. Agency heads shall:
o effectively use IT to improve mission performance and service to the public,
o use integrated analysis, planning, budgeting and evaluation processes to improve the quality of
decisions about IT to support mission needs, including:
(1) before making an IT investment, determine whether Government should be performing the
function; if the private sector or another agency should support the function; and if the
functions needs to be reengineered to improve its efficiency;
(2) established mission-based performance measures for IT investments;
(3) establish accountability structures and processes for IT investments.
(4) support appropriate training for staff.
(5) participate in the interagency IT workgroup noted below.
o select appropriate CIOs and position for maximum effectiveness,
o ensure that information security policies, procedures and practices are adequate,
o structure major IT investments into manageable projects as narrow in scope and brief in
duration as practicable,
o enter into contracts that provide for multi-agency IT acquisitions.
-------�
Section 3. CIO Council:
o purpose: principal interagency forum for improving agency IT practices on matters such as
the design, modernization, use, sharing, and performance of IT.
o chaired by OMB's Deputy Director for Management; vice-chaired by an agency CIO, elected
by the Council on a rotating basis,
o membership: CIOs and Deputy CIOs from major departments and agencies (including EPA);
two representatives from other agencies; the Administrators of OMB's Office of Information
and Regulatory Affairs, Office of Federal Financial Management, and the Office of Federal
Procurement Policy; a Senior representative from the Office of Science and Technology
Policy; Chairs of the IT Resources Board and the Government IT Services Board.
Section 4. Government IT Services Board:
o purpose: continue implementation of the NPR IT recommendations; and identify and promote
the development of innovative technologies, standards, and practices among Federal agencies,
State and local governments, and the private sector,
o chaired by an elected member.
o membership: agency representatives with proven expertise or accomplishments in fields
necessary to achieve the Board's goals; initial selection will be made by OMB; the CIO
Council may nominate two members.
Section 5. IT Resources Board:
o purpose: provide independent assessments to assist in the development, acquisition, and
management of selected major information systems; and to provide recommendations to
agency heads and OMB as appropriate,
o chaired by an elected member.
o membership: individuals from executive branch agencies, selected by OMB, based on then-
knowledge of IT, program or acquisition management within the Federal government.
Sections 6-9. The Executive Order assigns responsibilities and duties to OMB, GSA, Commerce
(implementation of the Computer Security Act of 1987, as amended by the ITMRA), and the
Dept. of State (lead on IT matters with foreign governments, including development of interna-
tional standards).
Implications for EPA:
o reinforces the goals and responsibilities identified in the PRA of 1995, the ITMRA, and the
GPRA, and highlights the need for significant improvements in the management of IT to
support agency mission performance,
o requires that EPA determine before making IT investments, whether EPA and/or Government
should be performing the function; if the private sector or another agency should support the
function; and if the function needs to be reengineering to improve its efficiency and effective-
ness.
o requires active EPA participation in interagency groups, including the CIO Council, and
possibly the Government IT Services Board and the IT Resources Board,
o may result in EPA requesting, or being required by OMB to accept, independent assessments
and assistance from the IT Resources Board for major Agency information system projects.
-------�
******************************************************************************
Attached is an electric copy of the complete order:
THE WHITE HOUSE
Office of the Press Secretary
For Immediate Release
July 17,1996
-------�
EXECUTIVE ORDER
FEDERAL INFORMATION TECHNOLOGY
A Government that works better and costs less requires efficient and effective information
systems. The Paperwork Reduction Act of 1995 and the Information Technology Management
Reform Act of 1996 provide the opportunity to improve significantly the way the Federal Govern-
ment acquires and manages information technology. Agencies now have the clear authority and
responsibility to make measurable improvements in mission performance and service delivery to
the public through the strategic application of information technology. A coordinated approach
that builds on existing structures and successful practices is needed to provide maximum benefit
across the Federal Government from this technology.
Accordingly, by the authority vested in me as President by the Constitution and the laws of the
United States of America, it is hereby ordered as follows:
Section 1. Policy. It shall be the policy of the United States Government that executive
agencies shall:
(a) significantly improve the management of their information systems, including the acquisi-
tion of information technology, by implementing the relevant provisions of the Paperwork
Reduction Act of 1995 (Public Law 104-13), the Information Technology Management
Reform Act of 1996 (Division E of Public Law 104-106) ("Information Technology Act"),
and the Government Performance and Results Act of 1993 (Public Law 103-62);
(b) refocus information technology management to support directly their strategic missions,
implement an investment review process that drives budget formulation and execution for
information systems, and rethink and restructure the way they perform their functions
before investing in information technology to support that work;
(c) establish clear accountability for information resources management activities by creating
agency Chief Information Officers (CIOs) with the visibility and management responsibili-
ties necessary to advise the agency head on the design, development, and implementation
of those information systems. These responsibilities include: (1) participating in the
investment review process for information systems; (2) monitoring and evaluating the
performance of those information systems on the basis of applicable performance mea-
sures; and, (3) as necessary, advising the agency head to modify or terminate those
systems;
(d) cooperate in the use of information technology to improve the productivity of Federal
programs and to promote a coordinated, interoperable, secure, and shared Government-
wide infrastructure that is provided and supported by a diversity of private sector suppliers
and a well-trained corps of information technology professionals; and
-------�
(e) establish an interagency support structure that builds on existing successful interagency
efforts and shall provide expertise and advice to agencies; expand the skill and career
development opportunities of information technology professionals; improve the manage-
ment and use of information technology within and among agencies by developing
information technology procedures and standards and by identifying and sharing experi-
ences, ideas, and promising practices; and provide innovative, multi-disciplinary, pro-
ject-specific support to agencies to enhance interoperability, minimize unnecessary
duplication of effort, and capitalize on agency successes.
Sec. 2. Responsibilities of Agency Heads. The head of each executive agency shall:
(a) effectively use information technology to improve mission performance and service to the
public;
(b) strengthen the quality of decisions about the employment of information resources to meet
mission needs through integrated analysis, planning, budgeting, and evaluation processes,
including:
(1) determining, before making investments in new information systems, whether the
Government should be performing the function, if the private sector or another agency
should support the function, and if the function needs to be or has been appropriately
redesigned to improve its efficiency;
(2) establishing mission-based performance measures for information systems investments,
aligned with agency performance plans prepared pursuant to the Government Perfor-
mance and Results Act of 1993 (Public Law 103-62);
(3) establishing agency-wide and project-level management structures and processes
responsible and accountable for managing, selecting, controlling, and evaluating
investments in information systems, with authority for terminating information systems
when appropriate;
(4) supporting appropriate training of personnel; and
(5) seeking the advice of, participating in, and supporting the interagency support struc-
ture set forth in this order;
(c) select CIOs with the experience and skills necessary to accomplish the duties set out in
law and policy, including this order, and involve the CIO at the highest level of the agency
in the processes and decisions set out in this section;
(d) ensure that the information security policies, procedures, and practices of the executive
agency are adequate;
-------�
(e) where appropriate, and in accordance with the Federal Acquisition Regulation and
guidance to be issued by the Office of Management and Budget (OMB), structure major
information systems investments into manageable projects as narrow in scope and brief in
duration as practicable, consistent with the Information Technology Act, to reduce risk,
promote flexibility and interoperability, increase accountability, and better correlate mis-
sion need with current technology and market conditions; and
(f) to the extent permitted by law, enter into a contract that provides for multiagency acqui-
sitions of information technology as an executive agent for the Government, if and in the
manner that the Director of OMB considers it advantageous to do so.
Sec. 3. Chief Information Officers Council.
(a) Purpose and Functions. A Chief Information Officers Council ("CIO Council") is
established as the principal interagency forum to improve agency practices on such
matters as the design, modernization, use, sharing, and performance of agency informa-
tion resources. The Council shall:
(1) develop recommendations for overall Federal information technology management
policy, procedures, and standards;
(2) share experiences, ideas, and promising practices, including work process redesign and
the development of performance measures, to improve the management of information
resources;
(3) identify opportunities, make recommendations for, and sponsor cooperation in using
information resources;
(4) assess and address the hiring, training, classification, and professional development
needs of the Federal Government with respect to information resources management;
(5) make recommendations and provide advice to appropriate executive agencies and
organizations, including advice to OMB on the Governmentwide strategic plan
required by the Paperwork Reduction Act of 1995; and
(6) seek the views of the Chief Financial Officers Council, Government Information Tech-
nology Services Board, Information Technology Resources Board, Federal Procure-
ment Council, industry, academia, and State and local governments on matters of
concern to the Council as appropriate.
(b) Membership. The CIO Council shall be composed of the CIOs and Deputy CIOs of the
following executive agencies plus two representatives from other agencies:
1. Department of State;
-------�
2. Department of the Treasury;
3. Department of Defense;
4. Department of Justice;
5. Department of the Interior;
6. Department of Agriculture;
7. Department of Commerce;
8. Department of Labor;
9. Department of Health and Human Services;
10. Department of Housing and Urban Development;
11. Department of Transportation;
12. Department of Energy;
13. Department of Education;
14. Department of Veterans Affairs;
15. Environmental Protection Agency;
16. Federal Emergency Management Agency;
17. Central Intelligence Agency;
18. Small Business Administration;
19. Social Security Administration;
20. Department of the Army;
21. Department of the Navy;
22. Department of the Air Force;
23. National Aeronautics and Space Administration;
24. Agency for International Development;
-------�
25. General Services Administration;
26. National Science Foundation;
27. Nuclear Regulatory Commission; and
28. Office of Personnel Management.
The Administrator of the Office of Information and Regulatory Affairs of OMB, the Control-
ler of the Office of Federal Financial Management of OMB, the Administrator of the Office of
Federal Procurement Policy of OMB, a Senior Representative of the Office of Science and Tech-
nology Policy, the Chair of the Government Information Technology Services Board, and the
Chair of the Information Technology Resources Board shall also be members. The CIO Council
shall be chaired by the Deputy Director for Management of OMB. The Vice Chair, elected by the
CIO Council on a rotating basis, shall be an agency CIO.
Sec. 4. Government Information Technology Services Board.
(a) Purpose and Functions. A Government Information Technology Services Board ("Ser-
vices Board") is established to ensure continued implementation of the information
technology recommendations of the National Performance Review and to identify and
promote the development of innovative technologies, standards, and practices among
agencies and State and local governments and the private sector. It shall seek the views of
experts from industry, academia, and State and local governments on matters of concern
to the Services Board as appropriate. The Services Board shall also make recommenda-
tions to the agencies, the CIO Council, OMB, and others as appropriate, and assist in the
following:
(1) creating opportunities for cross-agency cooperation and intergovernmental approaches
in using information resources to support common operational areas and to develop
and provide shared govemmentwide infrastructure services;
(2) developing shared govemmentwide information infrastructure services to be used for
innovative, multiagency information technology projects;
(3) creating and utilizing affinity groups for particular business or technology areas; and
(4) developing with the National Institute of Standards and Technology and with estab-
lished standards bodies, standards and guidelines pertaining to Federal information
systems, consistent with the limitations contained in the Computer Security Act of
1987 (40 U.S.C. 759 note), as amended by the Information Technology Act.
-------�
(b) Membership. The Services Board shall be composed of individuals from agencies based
on their proven expertise or accomplishments in fields necessary to achieve its goals.
Major government mission areas such as electronic benefits, electronic commerce, law
enforcement, environmental protection, national defense, and health care may be repre-
sented on the Services Board to provide a program operations perspective. Initial
selection of members will be made by OMB in consultation with other agencies as
appropriate. The CIO Council may nominate two members. The Services Board shall
recommend new members to OMB for consideration. The Chair will be elected by the
Services Board.
Sec. 5. Information Technology Resources Board.
(a) Purpose and Functions. An Information Technology Resources Board ("Resources
Board") is established to provide independent assessments to assist in the development,
acquisition, and management of selected major information systems and to provide
recommendations to agency heads and OMB as appropriate. The Resources Board shall-
(1) review, at the request of an agency and OMB, specific information systems proposed
or under development and make recommendations to the agency and OMB regarding
the status of systems or next steps;
(2) publicize lessons learned and promising practices based on information systems
reviewed by the Board; and
(3) seek the views of experts from industry, academia, and State and local governments on
matters of concern to the Resources Board, as appropriate.
(b) Membership. The Resources Board shall be composed of individuals from executive
branch agencies based on their knowledge of information technology, program, or
acquisition management within Federal agencies. Selection of members shall be made by
OMB in consultation with other agencies as appropriate. The Chair will be elected by the
Resources Board.
The Resources Board may call upon the department or agency whose project is being
reviewed, or any other department or agency to provide knowledgeable representative^) to the
Board whose guidance and expertise will assist in focusing on the primary issue(s) presented by a
specific system.
Sec. 6. Office of Management and Budget. The Director of OMB shall:
(1) evaluate agency information resources management practices and, as part of the budget
process, analyze, track and evaluate the risks and results of all major capital investments
for information systems;
(2) notify an agency if it believes that a major information system requires outside assistance;
-------�
(3) provide guidance on the implementation of this order and on the management of informa-
tion resources to the executive agencies and to the Boards established by this order; and
(4) evaluate the effectiveness of the management structure set out in this order after 3 years
and make recommendations for any appropriate changes.
Sec. 7. General Services Administration. Under the direction of OMB, the Administrator of
General Services shall:
(1) continue to manage the FTS2000 program and coordinate the follow-on to that program,
on behalf of and with the advice of customer agencies;
(2) develop, maintain, and disseminate for the use of the Federal community, as requested by
OMB or the agencies, recommended methods and strategies for the development and
acquisition of information technology;
(3) conduct and manage outreach programs in cooperation with agency managers;
(4) be a focal point for liaison on information resources management, including Federal
information technology, with State and local governments, and with nongovernmental
international organizations subject to prior consultation with the Secretary of State to
ensure such liaison would be consistent with and support overall United States foreign
policy objectives;
(5) support the activities of the Secretary of State for liaison, consultation, and negotiation
with intergovernmental organizations in information resources management matters;
(6) assist OMB, as requested, in evaluating agencies' performance-based management tracking
systems and agencies' achievement of cost, schedule, and performance goals; and
(7) provide support and assistance to the interagency groups established in this order.
Sec. 8. Department of Commerce. The Secretary of Commerce shall carry out the standards
responsibilities under the Computer Security Act of 1987, as amended by the Information
Technology Act, taking into consideration the recommendations of the agencies, the CIO Council,
and the Services Board.
Sec. 9. Department of State.
(a) The Secretary of State shall be responsible for liaison, consultation, and negotiation with
foreign governments and intergovernmental organizations on all matters related to
information resources management, including Federal information technology. The
Secretary shall further ensure, in consultation with the Secretary of Commerce, that the
United States is represented in the development of international standards and recommen-
dations affecting information technology. In the exercise of these responsibilities, the
Secretary shall consult, as appropriate, with affected domestic agencies, organizations, and
other members of the public.
-------�
(b) The Secretary of State shall advise the Director on the development of United States
positions and policies on international information policy and technology issues affecting
Federal Government activities and the development of international information technol-
ogy standards.
Sec. 10. Definitions.
(a) "Executive agency" has the meaning given to that term in section 4(1) of the Office of
Federal Procurement Policy Act (41 U.S.C. 403(1)).
(b) "Information Technology" has the meaning given that term in section 5002 of the Informa-
tion Technology Act.
(c) "Information resources" has the meaning given that term in section 3502(6) of title 44,
United States Code.
(d) "Information resources management" has the meaning given that term in section 3502(7)
of title 44, United States Code.
(e) "Information system" has the meaning given that term in section 3502(8) of title 44,
United States Code.
(f) "Affinity group" means any interagency group focussed on a business or technology area
with common information technology or customer requirements. The functions of an
affinity group can include identifying common program goals and requirements; identifying
opportunities for sharing information to improve quality and effectiveness; reducing costs
and burden on the public; and recommending protocols and other standards, including
security standards, to the National Institute of Standards and Technology for Government-
wide applicability, for action in accordance with the Computer Security Act of 1987, as
amended by the Information Technology Act.
(g) "National security system" means any telecommunications or information system operated
by the United States Government, the function, operation, or use of which (1) involves
intelligence activities; (2) involves cryptologic activities related to national security; (3)
involves command and control of military forces; (4) involves equipment that is an integral
part of a weapon or weapons system; or (5) is critical to the direct fulfillment of military or
intelligence missions, but excluding any system that is to be used for routine administrative
and business applications (including payroll, finance, logistics, and personnel management
applications).
Sec. 11. Applicability to National Security Systems.
The heads of executive agencies shall apply the policies and procedures established in this
order to national security systems in a manner consistent with the applicability and related limita-
tions regarding such systems set out in the Information Technology Act.
-------�
Sec. 12. Judicial Review.
Nothing in this Executive order shall affect any otherwise available judicial review of agency
action. This Executive order is intended only to improve the internal management of the
executive branch and does not create any right or benefit, substantive or procedural, enforceable
at law or equity by a party against the United States, its agencies or instrumentalities, its officers
or employees, or any other person.
WILLIAM J. CLINTON
THE WHITE HOUSE
July 16,1996.
-------�
GOVERNMENT CONTRACT ADVISOR EXECUTIVE REPORT
important news and views for the federal acquisition community
Lynn Bateman, Managing Editor Vol. II, No. 7, August 1996
Barry McVay, Senior Editor
-------�
FIRMR SET FOR ABOLISHMENT AUGUST 8
With the Information Technology Management Reform Act of 1996
(ITMRA) set to go into effect August 8, 1996, the federal government
is preparing itself for major changes in the way it acquires
computers, software, telecommunications equipment, and related
services. The most significant changes involve the repeal of the
Brooks Automatic Data Processing Act of 1965 (Section S101 of ITMRA),
which governed most federal information technology acquisitions since
its enactment. With the repeal of the Brooks Act, the following will
occur:
• The Federal Information Resources Management Regulation (FIRMR) will
be abolished.
• The General Services Administration (GSA) will no longer have
responsibility for oversight of federal information technology
acquisitions. This responsibility will be assumed by the Office of
Management and Budget (OMB).
• The General Services Administration Board of Contract Appeals
(GSBCA) will no longer have authority to decide protests against
solicitations for information technology. The General Accounting
Office (GAO) will become the sole administrative forum for
solicitation protests.
In addition, Section 5125 of ITMRA requires agencies to appoint
"chief information officers" (CIOs) who will be responsible for their
agency's information resources management activities. Their
responsibilities will include "providing advice and other assistance
to the head of the executive agency and other senior management
personnel of the executive agency to ensure that information
technology is acquired and information resources are managed for the
executive agency in a manner that implements the policies and
procedures of [ITMRA]... and the priorities established by the head
of the executive agency,... developing, maintaining, and
facilitating the implementation of a sound and integrated information
technology architecture for the executive agency, and promoting the
effective and efficient design and operation of all major information
resources management processes for the executive agency, including
improvements to work processes of the executive agency."
-------�
On July 24, GSA announced the abolishment of the FIRMR effective
12:00 midnight on August 8 (although GSA advises that "certain
portions of the FIRMR may be reissued as part of the Federal
Acquisition Regulation and Federal Property Management Regulation").
The notice also stated:
• All contracts awarded under a Brooks Act delegation of procuiement
authority (DPA) will remain in effect until termination or amendment
under ITMRA.
• All Brooks Act DP As for solicitations not yet-awarded will be
superseded by agencies' independent procurement authority under
Section 5124 of ITMRA.
• Any procurements for governmentwide agency contracts under a Brooks
Act DPA may proceed to award.
• All reporting requirements by specific Brooks Act DPAs are canceled,
and all conditions and limitations in specific Brooks Act DPAs may be
modified or terminated by agencies.
However, agencies will still be required to continue using the FTS2000
telecommunications program because it is covered by the Fiscal Year
1996 Treasury, Postal Service, and General Government Appropriations
Act, and is unaffected by the repeal of the Brooks Act.
To provide agencies with policy guidance on the implementation of
ITMRA, President Clinton issued Executive Order 13011 of July 16,
1996, Federal Information Technology. In the executive order, the
president establishes five mandates for all executive agencies:
• Significantly improve the management of information systems.
• Refocus information technology management to directly support
strategic missions, implement an investment review process that drives
the budget for information systems, and rethink and restructure how to
perform functions before investing in information technology.
-------�
• Appoint CIOs and make them accountable for the success of the
agency's information technology activities.
• Cooperate with other agencies in the use of information technology
and promote a "coordinated, interoperable, secure, and shared
governmentwide infrastructure."
• Establish an interagency support structure to provide expertise and
advise.
To establish the interagency support structure, the president
established three-groups:
• Chief Information Officers Council, which will consist of the CIOs
and their deputies from the major agencies as well as representatives
from OMB. The council will be a forum for improving agency practices
on matters like design, modernization, use, sharing, and performance
of information technology resources.
• Government Information Technology Services Board, which will consist
of individuals from agencies with proven expertise or accomplishments
in information technology fields. The board will identify and promote
innovative technologies, standards, and practices among agencies,
state and local governments, and the private sector.
• Information Technology Resources Board, which will consist of agency
personnel with knowledge of information technology management, program
management, or acquisition management. The board will provide
independent assessments of selected major information systems to help
in their development, acquisition, and management.
EDITOR'S NOTE: For more on ITMRA and its provisions, see the
following GOVERNMENT CONTRACT ADVISOR EXECUTIVE REPORT articles:
"Acquisition Reform Acts Approved by Congress," Vol. I, No. 12,
February 1996; "President Agrees to Sign DOD Authorization Act, Enact
Reform," Vol. n, No. 1, March 1996; "President Signs DOD
Authorization Act, FIRMR to Disappear," Vol. II, No. 2, April 1996;
"GAO Proposes Revised Bid Protest Procedures," Vol. II, No. 5, June
1996; and "GSBCA Volunteers to be ADR Forum," Vol. II, No. 6, July
1996.
-------�
SUPREME COURT ISSUES DECISIONS AFFECTING CONTRACTS
During the last week of its current term, the Supreme Court
issued four decisions which, in one way or another, address
contracting issues.
United States v. Winstar Corp., et. al.
This case, handed down July 1, originated with the savings and
loan (S&L) disaster of the 1980s, in which hundreds of S&Ls went
bankrupt because they had made mortgage loans at interest rates that
were overcome by the galloping inflation of the 1970s and early 1980s.
This meant the S&Ls were paying out more in interest for savings (to
stay competitive with banks, savings bonds, etc.) than they were
taking in from their mortgage loans.
The government could not afford to have all these S&Ls go
bankrupt because it insured most of the S&Ls savings accounts (the
insurance program was a result of the bank runs during the Great
Depression in the 1930s which intensified the economic problems). So
the government encouraged healthy S&Ls to purchase the sick ones. As
an inducement, the government allowed the purchasing S&Ls to write off
the debts and losses of the purchased S&Ls as "goodwill" over a set
period of time and to count this goodwill as assets against federal
capital reserve requirements. As a result of this inducement, Winstar
and several other healthy S&Ls purchased sick S&Ls.
In 1989, Congress passed the Financial Institutions Reform,
Recovery, and Enforcement Act (FIRREA), which disallowed the goodwill.
With the enactment of FIRREA, many S&Ls suddenly found that they were
no longer in compliance with capital reserve requirements. Winstar was
seized and liquidated by the government for failing to meet the
reserve requirements, and others had to sell off assets to meet the
reserve requirements. Winstar and two other S&Ls sued the government
for breach of contract.
The government argued it was not liable for breach for two
reasons:
1. Its surrender of sovereign authority (such as a promise to refrain
from regulatory changes) must be in "unmistakable terms" in a contract
to be enforceable; and
2. A "public and general sovereign act" such as FIRREA's alteration of
capital reserve requirements, cannot trigger contractual liability.
-------�
The Supreme Court rejected both defenses, finding that the
government breached its contractual obligations. The decision reads,
"Given that the parties went to considerable lengths... to
incorporate their terms into the contract itself, the Government's
suggestion that the parties meant to say only that the regulatory
treatment laid out in these documents would apply as an initial
matter, subject to later change at the Government's election, is
unconvincing... It would, indeed, have been madness for respondents
to have engaged in these transactions with no more protection than the
Government's reading would have given them, for the very existence of
their institutions would then have been in jeopardy from the moment
their agreements were signed."
This decision prevents the government from changing the rules
after the contract is signed. If the government does change the rules,
it must compensate those affected — the compensation could be as high
as $20 billion for the S&Ls adversely affected by FIRREA. And if you
think the S&L / FIRREA situation was an aberration, think again!
Congress is currently considering a ban on restructuring costs and a
permanent limit on the allowability of executive compensation. Should
either of these be enacted, the Winstar ruling will undoubtedly be
raised by contractors seeking restitution. (EDITOR'S NOTE: For the
latest GOVERNMENT CONTRACT ADVISOR EXECUTIVE REPORT articles on
these two issues, see "Defense Publishes Four DFARS Amendments" in the
May 1996 issue (Vol. n, No. 4), and "$200,000 Limit Placed on
Executive Compensation for DOD" in the July 1996 issue (Vol. n, No.6).
Board of Commissioners, Wabaunsee County v. Umbehr
In this June 28 decision, the Wabaunsee County commissioners
terminated a trash hauling contract with Mr. Umbehr after he
criticized county policies at meetings and in newspaper articles. The
Supreme Court ruled that the board had wrongfully terminated Umbehr's
contract, stating "the threat of retaliation may chill speech on matters of public
concern by those who, because of their dealings with the government, are often
in the best position to know what ails the agencies for which they work."
While this case addresses a local government action, the various
Federal Acquisition Regulation (FAR) termination for convenience
clauses merely state that the contracting officer may terminate any
contract when it is in the government's interest! Silencing a critic
could be considered "in the government's best interest" by some,
especially during this time of "contract streamlining" and "contracting
officer empowerment" in which many federal contracting personnel
seem to think anything is justified as long as it expedites a contract award.
-------�
OUare Truck Service, et. al. v. City of Northlake, et. al.
This case, also handed down June 28, involved a tow truck
operator taken off the Northlake police department's list of companies
authorized to do towing for the city when the owner refused to donate
to the Northlake mayor's reelection campaign — he even worked for the
opponent's election.
While government employees have been protected from retribution
for political activity (within the confines of such laws as the Hatch
Act), the Supreme Court extended this protection to government
contractors. "This Court cannot accept the proposition that those who
perform the government's work outside the formal employment
relationship are subject to the direct and specific abridgment of
First Amendment rights... Allowing the constitutional claim to turn
on a distinction between employees and independent contractors would
invite manipulation by government, which could avoid constitutional
liability simply by attaching different labels to particular jobs..."
the majority wrote.
This ruling is important when one considers all the "outsourcing"
of functions being undertaken to streamline the government and reduce
its costs of operation. Just because contractor employees perform a
government function does not mean they have fewer rights than
government employees.
Texas v. Hopwood, et. al
This "non-decision," which was handed down July 1, concerns the
Supreme Court's refusal to hear an appeal of a Court of Appeals
decision that the University of Texas' affirmative action admission
policy to its law school violated the Constitution's equal protection
guarantee (by refusing to hear the case, the Supreme Court allows the
decision to stand). Basically, the Texas' admission policy required
white applicants to achieve higher test scores for admission than
minority students. "To believe that a person's race controls his point
of view is to stereotype him ... The law school may not use race as
a factor in law school admissions," ruled the Court of Appeals.
In light of the Supreme Court's refusal to overrule the Court of
Appeals, its decision in Adarand Constructors v. Peta, and its recent
striking down of congressional districts specifically designed to
maximize minority representation in the House of Representatives, it
seems clear that affirmative action programs, as we know them, are not
long for this world!
-------�
CANT FORCE CONTRACTORS TO PAY MORALE FUND, COURT RULES
The Court of Appeals for the District of Columbia ruled on July 5
that the Department of Defense (DOD) cannot require contractors to
contribute to the Morale, Welfare, and Recreation (MWR) Fund as a
condition of contracting. This ruling prevents the government from
using contracts as fundraising vehicles for favored activities.
The case, Scheduled Airlines Ticket Offices, Inc. v. Department
of Defense, CA DC No: 94-5401, involves a contract to operate the
Defense Construction Supply Center commercial travel office. Normally,
in such contracts the government agency provides space, utilities, and
equipment to the contractor at no expense, and the contractor arranges
official travel for the agency's employees. The contractor does not
receive any money from the government for its services, but instead
receives its fees ("commissions") from the airlines, hotels, and car
rental companies it books — this is very similar to the way commercial
travel agencies operate. In return for the free space and equipment, the
contractor gives a portion of its commissions back to the government as
a "concession fee." These fees are either used to reduce the agency's travel
costs or paid directly to the U.S.Treasury.
Recently, some agencies have been allowing contractors to provide
"unofficial" travel arrangements for its personnel, particularly DOD.
DOD began requiring that unofficial travel services be provided along with
official travel services, and that contractors deposit separate concession fees
for the unofficial travel services into MWR funds (non-appropriated funds
used to support military recreational activities which have been depleted
recently with the downsizing of the military).
Scheduled Airlines Ticket Offices, Inc. (SATO) proposed on and
lost several such contracts. It found that DOD awarded the contracts
to competitors that offered to pay higher concession fees into the MWR
funds for unofficial travel than did SATO. In some contracts, the
winning contractor proposed a lower concession fee for official travel
than SATO but a higher fee for unofficial travel. SATO protested,
arguing that the unofficial concession fees for the MWR funds had
become the determining factor in the award of the contracts and, as
such, violated Article I of the Constitution which gives Congress the
sole authority to "appropriate" funds for government operations.
The General Accounting Office (GAO) rejected SATO's argument,
reasoning that the unofficial funds came from the payment for services
acquired through personal funds, not the government's. SATO appealed
to the district court, which upheld the GAO decision.
-------�
However, the Court of Appeals ruled in SATO's favor, finding that
the concession fees into the MWR funds were in violation of the 1849
Miscellaneous Receipts Statute, which directs government officials who
receive "money for the Government from any source" to deposit the
entire amount into the Treasury (emphasis added). "The original source
of the money — whether from private parties or the government — is
irrelevant," wrote the court.
EDITOR'S NOTE: You always have to be on your guard, particularly now
when federal agencies are frantically searching for funds to maintain
their current programs and staffing! This was a particularly clever
way for DOD to get money for a program that was no longer able to
support itself — piggyback it onto a legitimate government
requirement and force contractors to pay for it! Only an 1849 law that
was not intended to protect contractors has stopped this practice.
That's a mighty slender thread — but until the Miscellaneous Receipts
Statute is repealed, it will do.
This practice could have been used with virtually any federal
contract: if an agency needs a product or service, and its employees
need the same product or service in their personal lives, just open up
the contract for "unofficial" purchases and require the contractor to
"kickback" some of the money! How the agencies must be cursing the
Court of Appeals!
AGENCY MUST MAINTAIN ABILITY TO RECEIVE FACNET QUOTES, SAYS GAO
The General Accounting Office (GAO) has decided that an agency
fails to promote competition to the maximum extent practicable when it
fails to maintain adequate procedures for receiving quotations through
the Federal Acquisition Computer Network (FACNET) (S.D.M. Supply, Inc.
B-271492, June 26, 1996).
The Army Aviation Center, Fort Rucker, AL, issued a small
business, small purchase set-aside request for quotation (RFQ) for
aerosol can puncturing systems through FACNET on February 7, 1996. The
RFQ was also mailed to two vendors. The RFQ stated that quotations
could be submitted by February 20 by fax. Only one quotation was
received by February 20, and it was transmitted by fax. Because no
quotations were received through FACNET, the purchasing agency asked
the computer systems administrator to verify that no quotations had
been received. The administrator verified that no quotations had been
received, so a purchase order for $4,473 was issued to the sole
offeror on February 21.
-------�
A notice of award was posted on FACNET. The purchasing office
received three calls from other vendors complaining that their
quotations, which had been sent through FACNET, were lower than
$4,473. When the Aviation Center refused to cancel the purchase order,
S.D.M. filed a protest that it should be issued a purchase order for
$3,080. The protest included the quote and an acknowledgment of
receipt of its quotation dated February 9.
During a telephonic hearing, agency personnel stated they had
discovered computer records showing that the three vendors had
submitted quotations through FACNET which were received by the
Standard Army Automated Contractirsg-System (SAACONS) and relayed to
Ft. Rucker. A SAACONS software technician explained that S.D.M.'s
quotation was "lost" because of a transmission "bottleneck" at the Ft.
Rucker computer system. The February 9 acknowledgment had been
generated by SAACONS and then relayed to Ft. Rucker.
The contracting personnel, who were inexperienced with the
computer system, admitted that they had failed to check computer
system status reports, which would have indicated the existence of the
problem. Finally, the contracting personnel reported several other
instances where FACNET quotations were "lost." The Aviation Center
stated that it allows vendors to submit quotations by fax because of
its problems with FACNET, and asserted that S.D.M. should have availed
itself of this opportunity.
In its decision, GAO wrote, "an agency, in order to satisfy its
obligation under CICA [the Competition in Contracting Act] to promote
competition to the maximum extent practicable, must have adequate
procedures to receive and safeguard quotations actually received, as
well as to give them fair consideration. The record here evidences
that the agency did not have adequate procedures in place to ensure
that quotations received through FACNET would be considered, and we
sustain the protest on this basis ... [W]e think the protester here
was under no obligation to additionally transmit its quotation via
facsimile to the agency... [because] the FAR contemplates that
responses to solicitations and requests for information issued through
FACNET will be submitted through FACNET in furtherance of the goal of
converting the acquisition process from paper-based to an electronic
one."
-------�
MORE CIVILIAN FACNET OFFICES
The following contracting offices have been certified as having an "interim Federal
Acquisition Computer Network (FACNET) capability," and can use any of the simplified
acquisition procedures in FAR Part 13 to make purchases up to $100,000.
HEALTH AND HUMAN SERVICES: National Institutes of Health, Bethesda,
MD; Health Care Financing Administration, Baltimore, MD
COMMERCE: Bureau of the Census, JefFersonville, IN
GOVERNMENT SPENDING UP 3% IN FY95 TO $202.3 BILLION
Fiscal Year 1995 (FY95) was a pretty good year for federal contractors and
agencies, with spending at $202.3 billion, up $5.9 billion from the FY94 total of
$196.4 billion. Particularly noteworthy is this interesting fact: despite all the wailing
about defense spending going down the drain, DOD spending increased 3.3%!
The following are the largest agencies' FY95 spending totals On
billions) and the percent change from FY94:
Defense
$132.2
+3.3%
Energy
$
16.9
-4.9%
National Aeronautics and Space Admin
$
12.0
+3.0%
General Services Administration
$
6.3
+1.7%
Tennessee Valley Authority
$
5.5
+323.6%
Veterans Affairs
$
4.6
+24.8%
Transportation
$
4.0
+3.9%
Health and Human Services
$
3.7
+32.9%*
Agriculture
$
3.0
-13.7%
Justice
$
2.6
+3.5%
Treasury
$
2.1
+3.9%
Interior
$
1.9
-10.1%
Agency for International Development
$
1.3
+8.7%
State
$
r.o
+10.5%
Environmental Protection Agency
$
1.0
-21.3%
Commerce
$
1.0
+11.7%
Labor
$
0.8
+0.9%
Education
$
0.4
+8.6%
Federal Emergency Management Agency
$
0.3
+17.1%
Social Security
$
0.3
*
Housing and Urban Development
$
0.2
+12.7%
Miscellaneous Agencies
$
0.9
+28.6%
* Social Security Administration (SSA) was part of the Department of
-------�
Health and Human Services (HHS) in FY94, but became a separate agency
in FY95. HHS' and SSA's combined spending was 42.1% over HHS' FY94
spending.
The following states received the most federal contract money On
billions), with their FY94 rank in parentheses:
1. California (1)
$25.6
2. Virginia (3)
$16.4
3. Texas (2)
$13.2
4. Maryland (4)
$
8.9
5. Florida (5)
$
8.2
6. Missouri (6)
$
7.0
7. Massachusetts (7)
$
5.9
8. New York (8)
$
5.4
9. Tennessee (12)
$
5.0
10. Pennsylvania (14)
$
4.9
To obtain a copy of the FY95 Federal Procurement Data Center
Report, fax a request with your name and address to 202-401-1546.
INTEREST ON PAYMENTS SET AT 7%
The Department of Treasury has established 7% as the interest
rate for the computation of payments made between July 1 and December
31, 1996, under the Prompt Payment Act and the Contracts Disputes Act.
This rate is also used in facilities capital cost of money
calculations. The interest rate for the prior six-month period
(January 1 — June 30, 1995) was 5 7/8%.
You may want to use the GOVERNMENT CONTRACT ADVISOR CD-ROM to
review the following FAR provisions: FAR Subpart 32.9, Prompt Payment;
FAR Subpart 33.2, Disputes and Appeals; FAR 31.205-10, Cost of Money.
Also see Cost Accounting Standard (CAS) 9904.414, Cost of Money as an
Element of the Cost of Facilities Capital.
EPA REQUIRES CONTRACTORS TO CHECK INTERNET FOR IRM POLICIES
The Environmental Protection Agency (EPA) has amended EPA Acquisition Regulation
(EPAAR) clause 1552.210-79, Compliance with EPA Policies for Information Resources
Management, to require EPA contractors to ascertain the applicable IRM policies by reviewing
the Internet or accessing the dial-up modem when receiving a work request (that is, a delivery
order or work assignment). This will allow EPA to update information as changes occur to insure
contractor compliance with current policies.
-------�
The policies covered are the 2100 series of EPA's Directive System, EPA Order 7500.1A for
the Groundwater Program, and the Enterprise Technology Services Division Operational
Directives Manual. Internet access to these documents may be obtained from gopher.epa.gov. or
World Wide Web access from http://www.epa.gov. Either way, search for "IRM Policy" and
look for "IRM Policy, Standards and Guidance." All documents are available for browsing and
downloading through the dial-up modem at 919-558-0335.
Paper copies of the 2100 series and Order 7100.1A are available from the EPA Office of
Administration Facilities Management and Services Division, Mail Code 3204,401 M Street,
N.W., Washington, DC 20460,202-260-5797.
The Operational Directives Manual is available only through electronic access.
BUDGETARY GUIDE AVAILABLE
The seventh Statement of Federal Financial Accounting Standards, "Accounting for Revenue
and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting,"
has been adopted by OMB and it, along with an accompanying implementation guide, may be
obtained for $18.00 per set from the Superintendent of Documents, Government Printing Office,
Washington, DC 20402-9325 (telephone 202-783-3238), Stock No. 041-001-00475-1.
Though the statement and guide are for federal agencies, contractors may find much of the
information useful.
ORDER FORM
I want to become a subscriber to the GOVERNMENT CONTRACT ADVISOR
EXECUTIVE REPORT and receive 12 monthly issues of federal contracting news and insights
for only $197 ($245 outside the U.S.)!
[ ] Charge my [ ] VISA [ ] MasterCard $
Account No. Exp Date
[ ] Tm enclosing $
(Make check payable to Thomson Legal Publishing)
[ ] Send information on other GOVERNMENT CONTRACT ADVISOR products.
Name
Organization
Address f
City State Zip
Phone FAX
-------�
Mail to:
Thomson Legal Publishing
ATTN: Ordei Department
155 Pfingsten Road
Deerfield, VA 60015-4998
or Order by: Phone 703-719-7602 or FAX 703-719-7048
Your satisfaction is always guaranteed!
(C)1996 by Thomson Legal Publishing. All rights reserved. Reproduction, photo copying,
storage or transmission by any means is prohibited by law without the express written permission
of Thomson Legal Publishing.
GOVERNMENT CONTRACT ADVISOR EXECUTIVE REPORT is published monthly
by Thomson Legal Publishing, 628 IB Old Franconia Road, Alexandria, VA 22310. Subscription
rates: $197 / year in U.S. and Canada; $245 / year elsewhere (air mail).
-------�
REFORM
LEGISLATIVE PROVISIONS
LEGISLATIVE PROVISIONS ADOPTED
Overview
The Senate amendment contained provisions with government-
wide acquisition and management issues related to information
technology. The House bill also contained provisions relating to bid
protest jurisdictions. The conferees considered all of these provi-
sions before agreeing to. include Division E in the conference agree-
ment.
The conferees agree that:
(1) federal lnfomation systems are critical to the lives of
every American;
(2) the efficiency and effectiveness of the federal govern-
ment is dependent upon the effective use of information;
(3) the federal government annually spends billions of dol-
lars operating obsolete information Bystems;
(4) the use of obsolete information systems severely limits
the quality of the services that the federal government pro-
vides, the efficiency of federal government operations, and the
capabilities of the federal ' avernment to account for how tax-
payer dollars aire spent;
(5) the failure to modernize federal government informa-
tion systems and the operations they support, despite efforts to
.do so, has resulted in the waste of billions of dollars that can-
not berecovered;
(6) despite improvements aichieved' through implementa-
tion of the Chief Financial Officers Act of 1990, most federal:
agencies cannot track the expenditures of Federal dollars and,
thus, expose the taxpayers to billions of dollars in waste, fraud,
abuse, and mismanagement; .
(7) poor planning and program management and an over-
burdened acquisition process , nave resulted in the American
taxpayers hot getting their money's worth from the expendi-
ture of $200,000,000,000 on information systems during the
decade preceding the enactment of this Act;
(8) the federal government's investment control .processes
focus too late in the system, lifecycle, lack sound capital plan-
ning,' and pay: inadequate attention to business process im-
Erovement, performance measurement, project milestones, or
enchmarks agai nst comparable organizations;
(9) many federal agencies lack adequate ^personnel with,
the basic skills necessary to effectively and efficiently use in-,
formation tedmology ana other information resources ifi sup-
port of agency programs and missions; .
(10) federal regulations governing information technology
acquisitions are outdated, focus on paperwork and process
rather than results,'and prevent the federal government from
taking time'.y advantage of the rapid advances taking place in
the competitive and fast changing global information tech-
nology industry;
should be a top priority tor teaerai ageucj umuageiueui, ue-
cause of the high potential for the systems to substantially im-
prove Federal Government operations, Including, the delivery of
services to the public; and,
(12) structural changes in the federal government, includ-
ing elimination of the Brooks Act (section 111 of the Federal
Property and Administrative Services Act. of 1949,. as amend-
ed), are necessary in order to improve federal, information man-
agement and to facilitate federal government acquisition of the
state-of-the-art information technology that is critical fo^ im-
proving the efficiency and effectiveness of federal government
operations. .
The conferees agree that action is necessary on the part o!
Congress in order to:
(1) create incentives for the federal government to strategi
catty use information technology in order, to achieve effldeni
ana effective operations of the federal government, and to pro
vide.cost effective and efficient'delivery of federal governmenl
services to the taxpayers;
(2) provide for the cost-effective, and timely acquisition
management, and use of effective information technology' solu-
tions;
(3) transform the process-oriented procurement system o:
the federal government, as it relates to the acquisition of infor
mation technology, into, a results-oriented procurement system
8 ) increase the responsibility and authority" of offldalso
Sice of Management and Budget and other federal gov
ernment agencies, and the accountability of such, officials to
Congress and the public, in the use of information technology
and other information resources in support of agency missions;
(5) ensure that federal government 'agencies are respon
sible and accountable for achleving service delivery levels , anc
project management performance comparable to the.best in thi
private sector;
(6) promote jthe development and operation of multiple
agency and government-wide, inter-operable, shared informa
tion resources to support the performance of federal, govern
hunt missions;
(7) reduce fraud, waste, abuse, and errors resulting fron
-a lade of, or poor implementation of, federal government infor
mation systems;
,(8) increase the capability of the federal government to re
structure and improve processes before applying informatioi
technology;
(9) increase the emphasis placed by federal agency man
agers on completing effective capital planning and process im
provement before applying information technology to the exe
cuting of plans and tne performance of agency missions;
. (10) coordinate, integrate, and, to tne extent practicable
establish uniform federal information resources managemen
policies and practices in order to improve the productivity, effi
dency, and effectiveness of federal government programs am
the delivery of services to the public*/
-------�
974
(11) strengthen the partnership between the federal gov*
ernment and state, local, and tribal governments for achieving
federal government missions, goals, and objectives;
(12) provide for the development of a well-trained core of
professional federal government information resources man-
agers: and,
(13) improve the ability of agencies to share expertise and
best practices and coordinate the development of common ap-
plication systems and infrastructure.
The following is a section-by-section description of the provi-
sions adopted by the conferees. Section 5001 sets forth a short title
"The Information Technology Management Reform Act of 1996"
and Section 6002 sets forth definitions.
Title LI—Responsibility for Acquisition of Information
Technology
Subtitle. A—General Authority
'Repeal of central authority of the Administrator of General Services
(see. 5101) '
Tlie conference agreement includes a provision thai would re-
f>eal section 111 of the Federal Property and Administrative Servi-
ces Act of 1949, as amended.
Subtitle B—Director of the Office of Management and Budget.
Responsibility of Director .(sec. 5111)
The conference agreement includes a provision that would re*
quire the Director of the Office of Management and Budget to'bom*'
ply- with this title. The conferees anticipate that 'these provisions
will be reviewed upon reauthorization of the Paperwork Reduction
Act prior to September 30, 2001.
The conferees agree that in undertaking activities »r»d issuing
guidance in accordance with this subtitle.the Director shall pro-
mote the integration of information technology management with
.the broader information resource management processes in the
.agencies.
The conferees encourage the establishment of -interagency
groups to support the Director by ««mining areas of infiwmaHnu
technology, to include: telecommunications, software engineering,
common administrative and.programmatic applications, computer
security and information policy, ill
-------�
976
utive agency and its mtOor subcomponents institute effective and
efficient capital planning processes for selecting, controlling, and
evaluating the results of all of its mqjor information systems in-
vestments; (2) that the agency maintain a current and adequate in-
formation resources management plan, and to the maximum extent
practicable, specifically identify the method'for acquisition of infor-
mation technology expected to improve agency operations, and oth-
erwise benefit the, agency; (3) that the agency provide for adequate
integration of the agency's information resources management
plans, strategic plans prepared pursuant to S U.S.C. 306, perform-
ance plans prepared pursuant to 31 U.S.C. 1115, financial manage-
ment plans prepared pursuant to 31 U.S.C. 902(a)(5), and the aoeirj
cy budgets for the acquisition and use of information technology
and other information resources. In addition, the conferees' agree
that OMB shall provide the needed oversight, through the byagef
process and Other means, to ensure that executive agencies assume
responsibility, and effectively implement suitable performance and
results-basea management practices.
Subtitle C—Executive Agencies •*
Responsibilities (sec. 5121) .
The conference agreement includes a provision , that would re-1,?
quire the head of «acft executive agency to comply with this sub5
title. The tonferees, ani^ipate that these provisions will be ri-l
viewed upon reautb<''-i:? tion of the Paperwork Reduction Act prior
to September 80,20J!. ' ;
The conferees encourage the establishment and support of- i
independent technical review committees, cbmposed of diverse -;
agency personnel (including users) and outside experts' selected, by! j
the agency , head', to advise an agency head about information i
temS programs.
Capital plannirig and,investment control (sec.' 6122)
The conference agreement includes a provision that would:
quire agencies to develop a process for furthering their respoi
ities under 44 U.S.C. 3506(h). The head of the agency is req_
to design .and develop a process for maximizing the value and
sessing and managing the risk of the agency^ information
nology acquisitions.
Performance and results:based mdhagement (sec. 5123)
The conference agreement includes a provision that would i
quire agencies to establish goals for and report on the pn
improving efficiency and effectiveness of agency operations
use of information technology, as required by 44 U.S.C. -
The head of an executive agency must ensure that perfoi
measures are established to support evaluating- the resu]
benefits of information technology investments.
The conferees agre^ that, In fulfilling the responsibilities
this section, agency heads should ensure that: (1) before 1m
in information technology to support a function, the agency
mines whether that function snduld be performed in the
sector or by an agency of the federal government; (2) the
977
adequately provides for the integration of the agency's information
resources management plans, strategic plans prepared pursuant to
6 U.S.C. 306, performance plans prepared pursuant, to-31 U.S.C.
1116, financial management plans prepared pursuant- to 31 U.S.C.
902(a)(5), and adequately prepares budgets for the acquisition and
use of information technology; (3) the agency maintains a current
and adequate information resources management plan, and to.the
maximum extent practicable, specifically identifies how acquired
information technology would improve agency operations and oth-
erwise benefit' the agency; and (4) the agency invests in efficient.
and effective interagency and government-wide information tech-'
nology to improve the accomplishment of common agency missions
or functions.
' Acquisitions of information technology (sec. 5124)
The conference agreement includes a provision that would au-
thorize the head of an executive agency to acquire information!
. technology and, upon approval of the Director of OMB, enter into
multi-agency information technology investments. The conferees in-
tend that the requirements and limitations of the Economy Act,
»and other provisions of law, apply to these multiagency acquisl-
T tions. This section also authorizes the General Services Adminls-
| (ration (GSA) to continue the management , of the FTS-2000 pro-
ggram and coordinate the foUow-on effort to FTS-2000.
mgency chief information officer (sec. 6125)
I The conference agreement includes a provision that would,
J amend the Paperwork Reduction Act of 1905 by replacing' the "sen-
ator information resources management official position" established
„¦ within each executive agency with an agency Chief Information Of-
5 ficer (CIO). The.agency, Clu.is responsible for.providing informa-
* tion and advice regarding information technology- and information
resources management to the head of the agency, and. for ensuring
that the management and acquisition of agency information tech-
nology Is implemented consistent with the provisions of-this law;
The conferees anticipate .that agencies may establish CIOs for
mqjor subcomponents orbureaus, and expect agency CIOs will bos-
tess knowledge of, and practical experience In, information and in-
formation technology management practices of business or govern-
ment entities. The conferees also intend that deputy, chief informa-
tion officers be appointed by agency heads that nave additional ex-
perience in business process analysis, software and information
lystema development, design and management of information tech-
nology architectures, data and telecommunications management at
government or business entities. The conferees intend that CIOs,
m agendas other, thim thoseiisted in 31 U.S.C. 901(b), perform es-
Mntially the same duties as CIOs In agencies listed in ,81 U.S.C.
90KB),
I The conferees expect that an agency's CIO will meet peripdi-
cally with otl r appropriate agency officials to advise and coordi-
nate the information technology and othdr Information resources
management activities, of the various agencies.
-------�
978
Accountability (sec. 5126)
The conference agreement includes a provision that would re-
quire the head of each agency, in consultation with agency Chief
Information Officers and Chief Financial Officers, to ensure the inr
tegration of financial and information systems. The conferees in-
tend that the Information resources management plan, required
under 44 U.S.C. 3506(bX2), support the performance of agency mis-
sions through the application of information technology and other
information resources, and include the-following: (1) a statement of
goals to improve the extent to which information resources contrfiK
ute to program \ oductivity, efficiency, and effectiveness; (2) the
development of methods to measure progress toward achieving the
goals; (3) the establishment of clear roles, responsibilities, and ae>'
countability to achieve , the goals; (4) a description of an agency^
major existing and planned information technology components
(such as information systems and telecommunications networks):.
(5) the relationship among the information technology components;
and the information architecture; and (6) a summary of thtf
project's status and any changes in name, direction or scope, quiff.-
tifiable results achieved, and current mai' tenance expenditures'lo^fi
each ongoing or completed m^jor information systems investment*
from the previous year. The conferees also intend that agenc^'-i
heads will periodically and improve the accuracy, security^ ,
completeness, and reliability i' information maintained by or for
the agency.
Significant deviations (sec. 5127)
The conference agreement includes a provision that would to**/
quire agencies to identify in their information resources managed
ment plans any mqjor information technology acquisition prog ^
or phase or increment of such program, that has significantly1!
ated from the established cost, performance, or. schedule base
Interagency support (sec. 5128) •','
. The conference agreement includes a provision that woiildau*
thorize the utilization of funds for interagency activities in support)
of the Information Technology .Reform Act
Subtitle D-^-Other Responsibilities. Hi;T
Responsibilities i yarding efficiency, pecurity, and privacy of fed*
computer systems (sec. 5131) :iq
.The conference agreement includes a provision' that 1
forth the authority for the Secretary of Commerce, in con»u
with, the National Institute of Standards and Technology,"1
mulgate standards to improve the operation, security, and j
of Federal information technology systems. "
Sense of Congress (sec. 5132)
The conference agreement includes a provision stat
agencies, over the next five years, should acUeve a five pc
year itojrease in costs incurred for operation and mwinfa
infor^Hra technology, an>i r five percent increase in oj
979
efficiency through improvements in information resources manage-
ment.
Subtitle E—National Security Systems
The conference agreement , includes a provision that would ex-
clude national security systems from provisions of this Act, unless
otherwise provided in this Act.
Title LII—Process for Acquisitions of Information
. Technology
Procurement procedures (sec. 5201)
The conference agreement includes a provision that would di-
rect the Federal Acquisition Regulatory Council to ensure, to the
pmjrfmum extent practicable, that the information technology proc-
ess is simplified, clear, and understandable. The process should.'
specifically address the management of risk, incremental acquisi-
tions, and the need to incorporate commercial information tech-
nology in a timely manner. .
The conferees agree that, in performing oversight of informa-
tion .technology acquisitions, the Director of the Office of Manage-
ment and Budget, agency heads, and agency inspectors general
should emphasize program results and established performance
measurements, rather than reviews of the acquisition process.
Incremental acquisition of information technology (sec. 5202)
The conference agreement includes a provision that would pro-
vide'for procedures in the Federal Acquisition Regulations fpr the.
incremental acquisition of major information technology systems by
the Department of Defense and the civilian executive agencies.
Title LIII—Information Technology Acquisition Pilot
Programs
Subtitle A—Conduct of Pilot Programs
ThO conference agreement includes provisions that would au-
thorize the Administrator of Office of Federal Procurement Policy,
in consultation with the Administrator of Office of Information and
Regulatory Affairs, to: conduct.pilot programs to test-alternative
Acquisition approaches for information technology; conduct no more
than two pilots, not to exceed $750 million for a period not to ex-
ceed five years; require agency heads to develop evaluation and test
plans; prepare and submit test plans to Congress prior to imple-
mentation; report oh results within 180 days after completion; and
make recommendations for legislation.
Subtitle &—Specific Pilot Programs
The conference agreement includes provisions that would pro-
vide for two specific pilot programs, the share-in-savings pilot pro-
gram and the solutions-based contracting pilot program, 'jafe
-------�
980
Title LIV—Additional Information Resources Management
Matters
On-line multiple award schedule contracting (sec. 6401)
The conference agreement includes a provision that would re-
quire the Administrator of General Services to provide for on-line
access to multiple award schedules for information technology. The
system would provide basic information on prices, features, and
similar matters, allow- for information updates, enable comparison
of product information, enable on-line orderingjand invoicing, per-
mit on-line payment, and archive order data. The provision would
also authorize a pilot program' to testr streamlined procedures for
the automated system. The conference agreement directs the Ad*
minlstrator of General Services to incorporate its information tech-
nology multiple award schedules into Federal Acquisition Com-
puter Network (FACNET) by January 1,1998, and would make the
pilot program discretionary. The conferees agree that the proce-
dures established by the Administrator for use of FACNET be con-,
sistent with the Federal Poperty and Administrative Services Act
requirements regarding * .e multiple award schedule (41 U.S.C.
259(BX3)). If the Adir'nistrator determines it is not practicable to
provide such access through FACNET, the Administrator shall pro-
vide such access thriugn unother automated system that has the
capability to perform the functions listed in subsection 259(bXl)
and meets the requirement tif subsection 259(bX2).
Disposal of excess computer equipment (sec. .5402)
The conference agreement includes a provision that Would re-
quire agencies to inventory'all agency computer equipment-and to
identify excess or surplus property. The conferees direct that the.
Administrator of General Services, In exercising current authority
under title II of the Federal Property and Administrative. Services
Act of 1949 (40 U.S.C. 481 et seq.), donate federal surplus personal
.property to public organizations. The conferees direct the Adminis-
trator to prescribe regulations that establish a-priority foe the do-
nation of surplus computer equipment- in the -following sequence:
(1) elementary and secondary schools, and . schools Ainded ©y the
Bureau of Indian Affaire; (2) public .libraries; (3) public colleges and
universities; and (4) other entities eligible for donation ,of federal
surplus -personal pn perty "under title II of that Act.
Access of certain information'in information systems to the directory
established under section '4101 of title 44, United States Code
(sec. 6403)
The conference agreement includes a provision that would en-
sure that, for agency information systems that disseminate infor-
mation to the public, an index of information is included in the
Government Pirating Office (GPO) directory established under 44
U;S.C. 410 L-
In 1993, Congress directed the X3PO to. cfpate an online direc-
tory, of federal public information in electronic , form (Public Law
-103-4Q). Today, that &>stcui is p/xesaible to the general public di-
rectly and through-the Fe^er*1 Depository Libraries. Yet. in the
981
moved forward dramatically in its ability to support location anc
search of the physically-distributed, locally-maintained databases
Congress recognized this shift in the Paperwork Reduction Act' o
1995 (Public Law 104-13). That Act requires Federal agencies t»
ensure access to agency public information by "encouraging a diver
sity of public and private sources". It also directs the. Office of Man
agement and Budgetto establish a distributed, electronic, agency
leased Government Information Locator Service (GILS) to Identify
the major information dissemination products of each agency; At
the Senate report noted (S. Rept. 104-112), GILS: will pro
vide multiple avenues for public access to government ihformatidr
by pointing to specific agency information noldings. To make thii
possible, agencies' systems must be compatible. Thus, agency GILS
information should be available-to the. public^ through the Govern
ment Printing Office Locator System (established pursuant to. Pub-
lic Law 103-40) in addition to any other, required'methods; agen-
cies may choose to efficiently and effectively provide public anc
agency access to GILS."
. Section 6403 fUrther clarifies the intent df Congress to ensun
the widest possible access to Federal public information through, i
diversity of compatible sources.
Title LV—Procurement Protest Authority of the
Comptroller General
The conference agreement includes a provision that would re-
quire the Comptroller General to issue a decision relating to a bid
protest within 100 days.
Title LVI—Conforminqand Clerical Amendments
. The conference agreement includes a series of clarifying and
technical changes to acquisition statutes throughout the United
States Code.
Title LVII—Effective Date, Savings Provisions, And Rule op
Construction
Effective date (sec. 6701)
The conference agreement includes a provision that would pro-
vide for this division and the amendments made by this division to
take effect 180 days after the date of the enactment of this Act.
-------�
982
Savings provisions (sec. 5702)
The conference agreement includes a provision that would
allow selected information technology actions and acquisition pro-
ceedings, including claims or applications, that have been initiated
by, or are pending before, Administrator of the General Services or
the General Services Administration Board of Contract Appeals to
be continued under original terms, until terminated, revoked, or
superseded in accordance with law, by the Director of OMB, by a
court, or by operation of law. The Director of OMB is authorized
to establish regulations for transferring such actions and proceed-
ings.
Floyd Spbnce,
Bob Stump,
Duncan Hunter,
Herbert H. Batsman,
Curt Weldon,
G.V. Montgomery;
John M. Spratt, Jr.,.
Managers on the Part of the House.
Strom Thurmond,
John WaKner,
Bill Cohen,
Trent Lott,
Sam Nunn,
Managers on the Part of the Senate.
-------�
(5) Section 2 of the Contract Disputes Act of 1978 (41
U.S.C. 601). isamended in paragraphs (3), (5), (6), and (7), by
striking out "The" and inserting In Beu thereof "the". -
(6) Section 6 of the Contract Disputes Act of 1978 (41
U.S.C. 605) is amended in subsections (d) and (e) by rHni»
after "United States Code" each place it appears the following
"(as ia effect on September 80, 1995)". <
(7) Section 13. of the Contract Disputes Act of 1978 (41
U.S.C. 612) is amended— K
(A) in subsection (a), by striking out "section 1802 at.,
the Act of July 27, 1956, (70 Stat. 694, as amended; 31
U.S.C. 724a)" and inserting in lieu thereof "section 1304 of
title 3], United States Code"; and
- (B) in subsection (c), by striking out "section 1302 of
the Act of July 27, 1956, (70 Stat. 694, as amended; 31
U.S.C. 724ay and inserting in lieu, thereof "section 1304 of
title 81, United States Code,".
TITLE XLIV—EFFECTIVE DATES AND
IMPLEMENTATION
SEC. 4401. EFFECTIVE DATE AND APPLICABILITY.
(a) Effective Date.—Except as otherwise provided in this di-
vision, this division and the amendments maae by *h
(2) Other MATTERS.—An amendment made by thin divi-
sion shall also apply, to the extent and in the manuerpr®-
scribed in the final regulations promu'gated pursuant to sec*
tion 4402 to implement such amendment, with respect to any
matter related to-*-
(A) a contract that is in effect on the date described
in paragraph (3);
(B) ah offer under consideration on the date described
in paragraph (3); or
(C) any other proceeding or action that is ongoing on
.-the date described in paragraph (3).
(3) Demarcation .date.—-The date referred to in para*
graphs (1) and (2) is the date specified in such final regula-
tions. The date so specified shall be Ja-nuary 1, 1997, or any
earlier date that is got within 30 days after the datei on whicn
such final regulations are published.
SEC. 4402. IMPLEMENTINO REGULATIONS.
(a) Proposed Revisions.-1—P -oposed revisions to the Federal
Acquisition Regulation and such other proposed regulations (or re-
.visions to existing regulations) as may be necessary to implement
Ibis Act shall be published in the Federal Register not .later than
10 days after the date of the enactment of this Act.
t:' (b) Public Comment.—The proposed regulations described in
ubsection (a) shall be made available for public Comment for a pe-
itd of not less than 60 days.
¦; (c) Final Regulations.—Final regulations shall be published
in the Federal Register not later than 330 days after the, date of
enactment of this Act.
o-. •'(d) Modifications.—Final regulations promulgated pursuant
:to this section to implement an amendment made by this Act may
provide for modification of an existing contract without consider-
ation upon the request of the contractor.
(e) Savings Provisions.—
(1) Validity of prior actions.—Nothing in this division
shall be construed to affect the validity of any action taken or
any contract entered into before tne date specified in the regu-
lations, pursuant to section 4401(b)(3) except-to the pxtent and
in the manner prescribed in such regulations.
(2) Renegotiation and modification of preexisting
CONTRACTS.—Except as specifically provided in this division,
nothing in thU division shall be construed to require the re-,
negotiation or modification of contracts in existence on the date
of the-enactment of this Act*
(3) Continued applicability of preexisting law.—Ex-
cept as otherwise provided in this division, a law amended by
thiw division shall continue to be applied according to the pro-
visions thereof as such law was in effect on the day before the
date of the enactment of this Act until*—
(A) the date specified in final regulations implement- '
ing the amendment of that law (as promulgated pursuant
to this section); or "
(B) if no such date is specified in- regulations, January
1,1997.
DIVISION E—INFORMATION
technology management reform
SEC. 8001. SHORT TITLE. .
This, division mav be cited as the "Information Technology
Management Reform Act of 1996".
8EC. 8002. DEFINITIONS.
' In thin division:
(1) Director,—'The term "Director" means the Director of
the Office of Management and Budget.
(2) Executive agency.—The term "executive agency" has
the meaning given that term in section 4(1) of the Office of
Federal Procurement Policy Act (41 U.S.C. 403(1)).
(3) Information technology.—(A) The term "information
technology", with respect to an executive agency means any
equipment or interconnected system or subsystem of. equip-
ment, that is used in the automatic acquisition, storage, ma-
ninulntinn. .Tnannrament. movement, control, dinolav. switch-
-------�
512
ing, interchange, transmission, or reception of data or informa-
tion by the executive agency. For purposes of the preceding
sentence, equipment is used by an executive agency if the
equipment is used by the executive agency directly or is used
by a contractor under a contract with tne executive agency
which (i) requires the use of such equipment, or (ii) requires
the use, to a significant extent, of such equipment in the per-
formance of a service or the furnishing of a product.
(B) The term "information technology" includes computers,
ancillary equipment, software, firmware and similar proce-
dures, services (including support services), and related re-
sources.
(C) Notwithstanding subparagraphs (A) and (B), the term
"information technology^ does not include any equipment that
is acquired by a Federal contractor incidental to a Federal con-
tract.
(4) Information resources.—The term "information re-
sources" hna the meaning given such term in section 3502(6)
of title 44, United States Code.
(5) Information resources management.—The term In-
formation resources management" has the meaning given such
term in section 3502(7) of title 44, United States Code.
(6) INFORMATION system.—The term "information system"
has the meaning given such term in section 3502(8) of title 44,
United States Code.
(7) COMMERCIAL ITEM.—The term "commercial item" has
the meaning given that term in section 4(12) of the Office of
Federal Procurement Policy Act (41 U.S.C. 403(12)).
TITLE LI—RESPONSIBILITY FOR ACQUI-
SITIONS OF INFORMATION TECH-
NOLOGY
Subtitle A—General Authority
SEC. 5101. REPEAL OF CENTRAL AUTHORITY OF THE ADMINISTRATOR
OF GENERAL SERVICES. ?
Section 111 of the Federal Property and Administrative Serif-
ices Act of 1949 (40 U.S.C. 759) is repealed. '
Subtitle B—Director of the Office of
Management and Budget
SEC. 5111. RESPONSIBILITY OF DIRECTOR.
In fulfilling the responsibility to administer the functions ^
signed under chapter 35 of title 44, United States Code, the DL.^,
tor shall comply with this title with respect to the specific matten
covered by this title. •
SEC. 5112. CAPITAL PLANN^«G AND INVESTMENT CONTROL,
(a) Federal Lnfc .imation Technology.—The Director
jrform the responsibilities set forth in this section in
513
responsibilities under section 3504(h) of title 44, United States
(b) Use of Information Technology in Federal Pro-
grams.—The Director shall promote and be responsible for improv-
ing the acquisition, use, ana disposal of information technology by
the Federal. Government to improve the productivity, efficiency,
and effectiveness of Federal programs, including through dissemi-
nation of public information and the reduction of information col-
lection burdens on the public.
(c) USE OF Budget Process.—The Director shall develop, a*
part of the budget process, a process for analyzing, tracking, and
evaluating the risks and results of all major capital investments
made by an executive agency for information systems. The process
shall cover the life of each system and shall include explicit criteria
for analyzing the projected and actual costs, benefits, and risks as-
sociated with the investments. At the same time that the President
. submits the budget for a fiscal year to Congress under section
' 1105(a) of title 31, United States Code, the Director shall submit
to Congress a report on the net program performance benefits
; achieved as a result of major capital investments made by execu-
tive agencies in information systems and how the benefits relate to
' the accomplishment of the goals of the executive agencies.
(d) Information Technology Standards.—The Director shall
'.oversee the development and implementation of standards. and
guidelines pertaining to Federal computer systems by the Secretary
¦.of Commerce through the National Institute of Standards and
: '''Technology under section 5131 and section 20 of the National Insti-
:
-------�
514
review by the Administrator of the Office of Information and Regu-
latory Affairs of policy associated with Federal acquisition of infor-
mation technology with the Office of Federal Procurement Policy.
SEC. 5113. PERFORMANCE-BASED AND RESULTS-BASED MANAGE-
MENT.
(a) In General.—The Director shall encourage the use of per-
formance-based and results-based management in fulfilling the re-
sponsibilities assigned under section 3504(h), of title 44, United
States Code.
(b) Evaluation of Agency Programs and Investments.—
(1) REQUIREMENT.—The Director shall evaluate the infor-
mation resources management practices of the executive agen-
cies with respect to the performance and results of the invest-
ments made by the executive agencies in information tech-
nology.
(2) Direction for executive agency action.—The Direc-
tor shall issue to the head of each executive agency clear and
concise direction the the head of such agency snail—
(A) eatablidh effective and efficient capital planning
processes fjr selecting, managing, and evaluating the re-
sults of all of its major investments in information sys-
tems ;
(B) determine, before making an investment in a new
information system—
(i) whether the function to be supported by the
system should be performed by the private sector and,
if so, whether any component of the executive agency
performing that function should be converted from a
governmental organization to a private sector organi-
zation; or
(ii) whether the function should be performed by
the executive agency and, if so, whether the function
should be performed by a private sector source under
contract or by executive agency personnel;
(C) analyze the missions of the executive agency and,
based on the analysis, revise the executive agency's mis-
sion-related processes and administrative processes,' as ap-
propriate, before making significant investments in infor-
mation technology to be used in support of those missions;
and
(D) ensure that the information security policies, pro-
cedures, and practices are adequate.
(3) Guidance for multiaoency investments.—The direc-
tion issued under paragraph (2) shall include guidance for un-
dertaking efficiently and effectively interagency and Govern-
ment-wiae investments in information technology to improve
the accomplishment uf missions that are common to the execu-
tive agencies.
(4) Periodic reviews.—The Director shall implement
through the budget process periodic reviews of selected infor-
mation resources management activities of the executive agen-
cies hi order to ascertain the efficiency and effectiveness of in-
formation technology in improving the performance of the exec-
515
utive agency and the accomplishment of the missions of the ex-
ecutive agency.
(5) Enforcement of accountability.—
(A) In general.—The Director may take any author-
ized action that the Director considers appropriate, includ-
ing an action involving the budgetary process or appropria-
tions management process, to enforce accountability of* the
head of an executive agency for information resources
management and for the investments made by the execu-
tive agency in information technology.
(Bf) Specific actions.—Actions taken by the Director
in the case of an executive agency may include—
(i) recommending,) a reduction or an increase in
any amount for information resources that the head of
the executive agency proposes for the budget submit-
ted to Conjpress under section 1105(a) of title 31, Unit-
ed States Code;
(ii) reducing or otherwise adjusting apportion-
ments and reapportionments of appropriations for in-
formation resources;
(iii) using other authorized administrative controls
over appropriations to restrict the availability of funds
for information resources; and
(iv) designating r~ the executive agency an .execu-
tive agent to con? > ac with private sector sources for
the performance i information resources management,
or the acquisition of information technology.
Subtitle C—Executive Agencies
SEC 5181. RESPONSIBILITIES. ,
In fulfilling the responsibilities assigned under chapter 35 ot
title 44, United States Code, the head of each executive agency,
shall comply with this subtitle with respect to the specific matters
covered by this subtitle.
SEC. SUa. CAPITAL PLANNING AND INVESTMENT CONTROL.
(a). Design of Process.—In fulfilling the responsibilities as-
signed under section 3606(h) of title 44, Tnited States Code, the
head of e?ch executive agency shall design and implement in the
executive agency ? process for maximizing.the value and assessing
and managing the risks of the information technology acquisitions,
of the executive agency.
(b) Content OF Process.—The process of an executive agency
shall—
(1) provide for the selection of information technology in-
vestments to be made by the executive agencyj the manage-
ment of such investments, and the evaluation of the results of
such investments;
(2) be integrated with the processes for making budget, fi-
nancial, and program management decisions within the execu-
tive agency;
(3) include minimum criteria to be applied in considering
whether to undertake a particular investment in information
-------�
516
systems, including criteria related to the quantitatively ex-
pressed projected net, risk-adjusted return on investment and
specific quantitative and qualitative criteria for comparing and
prioritizing alternative information systems investment
projects;
(4) provide for identifying information systems investments
that would result in shared benefits or costs for other Federal
agencies or State or local governments;
(5) provide for identifying for a proposed investment quan-
tifiable measurements for determining the net benefits and
risks of the investment; and
(6) provide the means for senior management personnel of
the executive agency to obtain timely information regarding
the progress of. an Investment in an information system, in-
cluding a system of milestones for measuring progress, on an
independently verifiable basis, in terms of cost, capability of
the system to meet specified requirements, timeliness, and
quality.
SEC. 5X23. PERFORMANCE AND RESULTS-BASED MANAGEMENT.
In fulfilling the responsibilities under section 3506(h) of title
44, United States Code, the head of an executive agency shall—
(1) establish goals for improving the efficiency and effec-
tiveness of agency operations and, as appropriate, the delivery
of services to the public through the effective use of informs- •
tion technology;
(2) prepare an annual report, to be included in the execu-
tive agency's budget submission to Congress, on the progress
in achieving the goals; .
(3) ensure that performance measurements are prescribed
for information technology used by or to be acquired for, the.
executive agency and that the performance measurements
measure how well the information technology supports pr£
grams of the executive agency; " [,
(4) where comparable processes and organizations in the
public or private sectors exist, quantitatively benchmark ageif?
cy process perform wee against such processes in terms of co$t,
speed, productivit>,1 and qualitv of outputs and outcomes; >"
(5) analyze (he missions of the executive agency and, based'
on the analysis, revise the executive agency's mission-related
processes and administrative processes as appropriate before'
making significant investments in information technology th a
is to be used in support of the performance of those missiojr
and ',
(69 ensure that the information security policies, pi™
dures, and practices of the executive agency are adequate.
SEC. 5124. ACQUISITIONS OF INFORMATION TECHNOLOGY. r
(a) In General.—The authority of the head of an executive
agency to conduct an acquisition of information technology include^.
' ^e following authorities: f
(1) To acquire information technology as authori
law.
517
(2) To enter into a contract that provides for multiagency
acquisitions of information technology in accordance with guid-
ance issued by the Director.
(3) If the Director finds that it would be advantageous for
the Federal Government to do so, to enter into a multiagency
contract for procurement of commercial items of information
technology that requires each executive agency covered by the
contract, when procuring such items, either to procure the
items under that Contract or to justify an alternative procure-
ment of the items.
(b) FTS 2000 Program.—Notwithstanding any other provision
of this or any other law, the Administrator of General Services
shall continue to manage.the FTS 2000 program, and to coordinate
the follow-on to that program, on behalf ofand with the advice of
the heads of executive agencies.
8EC. 5125. AGENCY CHIEF INFORMATION OFFICER.
(a) Designation of Chief Information Officers.—Section
3506 of title 44, United States Code, is amended—
(1) in subsection (a)—
(A) in paragraph (2XA), by striking out "senior official"
and inserting in lieu thereof "Chief Information Officer";
(B) in paragraph (2)(B)—
(i) by striking out "senior officials" in the first sen-
tence and inserting in lieu thereof "Chief Information
Officers";
(ii) by striking out "official" in the second sentence
.and inserting in lieu Iiieitof "Chief Information Offi-
cer"; and
(iii) by striking out "officials" in the second sen-
tence and inserting in lieu thereof "Chief Information
ji Officers"; and
° - 'n paragraphs (3) and (4), by striking out "senior
ic' official each place it appears and inserting in lieu, thereof
Chief Information Officer"; and
(2) in subsection (cXl), by striking out "official" in the mat-
* ter^racgdiHg subparagraph (A) and inserting in lieu thereof
(b) General Responsibilities.—The Chief Information Officer
.a an executive agency shall be responsible for—
(1) providing advice and other assistance to the head of the
executive agency and other senior management personnel of
£•: the executive agency to ensure that information technology is
i acquired and information resources are managed for the execu-
tive agency in a manner that implements the policies and pro-
cedures of this division, consistent with chapter 35 of title 44.
United States Code, and the priorities established by the head
d, of the executive agency;
V * • ^ developing, maintaining, and facilitating the implemen-
j.tation of a sound and integrated information technology archi-
tecture for the executive agency; and
(3) promoting the effective and efficient design and oper-
t ation of all meyor information resources management processes
.4 for the executive agency, including improvements tc proc-
i" esseB of the executive agency.
-------�
518
(c) Duties and Qualifications.—The Chief Information Offi-
cer of an agency that is listed in section 901(b) of title 31, United
States Code, shall—
(1) na,re information resources management duties as that
official's primary duty;
(2) monitor the performance of information technology pro-
grams of the agency, evaluate the performance of those pro-
grams on the pasis of the applicable performance measure-
ments, and advise the het d of the agency regarding whether
to continue, modify, or tern tinate a program or project; and
(3) annually, as part lof the strategic planning and per-
formance evaluation process required (subject to section 1117
of title 31, United States Code) under section 306 of title 5,
United States Code, and sections 1105(aX29), 1115, 1116, 1117,
and 9703 of title 31, United States Code—
(A) assess the requirements established for agency
personnel regarding knowledge and skill in information re-
sources management and the adequacy of such require-
ments for facilitating the achievement of the performance
goals established for information resources management;
(B) assess the extent to which the positions and per-
sonnel at the executive level of the agency and the posi-
tions and personnel at management level of the agency
below the executive level meet those requirements;
(C) in order to rectify any deficiency in meeting those
requirements, develop strategies and specific plans for hir-
ing, training, and professional development; and
(D) report to the head of the agency on the progress
made in improving information resources management ca-
pability.
(d) Information Technology Architecture Defined.—In
this section, the term "information technology architecture", with
respect to an executive agency, means an integrated framework for
evolving or maintaining existing information technology and ac-
quiring new information technology to achieve the agency's strate-
gic goals and information resources management goals.
(e) Executive Level IV.—Section 5315 of title 5, United
States Code, is amended by adding at the end the following:
"Chief Information Officer, Department of Agriculture.
"Chief Information Officer, Department of Commerce.
"Chief Information Officer, Department of Defense (unless
the official designated as the Chief Information Officer of the
Department of Defense is an official listed under section 5312,
5313. or 5314 of this title).
Chief Information Officer, Department of Education.
"Chief Information Officer, Department of Energy.
"Chief Information Officer, Department of Health and
. Human Services.
"Chief Information Officer, Department of Housing and
Urban Development.
"Chief Information Officer, Department of Interior.
"Chief Information Officer, Department of Justice.
"Chief Information Officer, Department of Labor.
"Chief Information Officer, Department of State.
519
"Chief Information Officer, Department of Transportation;
"Chief Information Officer, Department of Treasury.
"Chief Information Officer, Department of Veterans Af-
fairs.
"Chief Information Officer, Environmental Protection
Agency.
"Chief Information Officer, National Aeronautics -and
Space Administration.
"Chief Information Officer, Agency for Internationa] Devel-
opment.
"Chief Information Officer, Federal Emergency Maniage-
ment Agency.
"Chief Information Officer, General Services Administra-
tion.
"Chief Information Officer, National Science Foundation.
"Chief Information Officer, Nuclear Regulatory Agency.
"Chief Information Officer, Office of Personnel Manage-
ment.
. "Chief Information Officer, Small Business Administra-
tion."
8EC. 6136. ACCOUNTABILITY.
The head of each executive agency, in consultation with the
Chief Information Officer and the Chief Financial Officer of that
executive agency (or, in the case of an executive agency without a
Chief Financial Officer, any comparable official), shall establish
policies and procedures that—
(1) ensure that the accounting, financial, and asset man-
agement systems and other inl^rmation systems of the execu-
tive agency are designed, f'-.elcped, maintained, and used ef-
fectively to provide tinanc.dl or program performance data for
financial statements of the executive agency;
(2) ensure that financial and related program performance
data are provided on a reliable, consistent, and timely basis to
executive agency financial management systems; and
(3) ensure that financial statements support—
(A) assessments and revisions of mission-related proc-
. esses and administrative processes of the executive agency;
and
(B) performance measurement of the performance in
the case of investments made by the agency in information
systems..
! SEC 6187. SIGNIFICANT DEVIATIONS.
j The head of an executive agency shall identify in the strategic
information resources management plan required under section
_8506(bX2) of title 44, Unitea States Code, .any major information
^technology acquisition program, or any phase or increment of such
;a program, that has significantly deviated from the cost, perform-
jjance, or schedule goals established for the program.
.8EC. 6128. INTERAGENCY SUPPORT.
Funds available for an executive agency for oversight, acquisi-
ytion. and procurement of Information technology may be used by
i the head of the executive agency to support jointly with other exec-
•utive agencies the activities of interagency groups that are estab-
-------�
520
lished to advise the Director in carrying out the Director's respon-
sibilities under this title. The use of such funds for that purpose
shall be subject to such requirements and limitations on uses and
amounts as the Director may prescribe. The Director shall pre-
scribe any such requirements and limitations during the Director's
review or the executive agency's proposed budget submitted to the
Director by the head of the executive agency for purposes of section
1105 of title 31, United States Code.
Subtle D—Other Responsibilities
SEC. 5131. RESPONSIBILITIES REGARDING EFFICIENCY, SECURITY,
AND PRIVACY OF FEDERAL COMPUTER SYSTEMS.
(a) Standards and Guidelines.—
(1) Authority.—The Secretary of Commerce shall, on the
basis of standards and guidelines developed by the National
Institute of Standards and Technology pursuant to paragraphs
(2) and (3) of section 20(a) of the National Institute of Stand-
ards and Technology Act (15 U.S.C. 278g-3(a)), promulgate
standards and guidelines pertaining to Federal computer sys-
tems. The Secretary shall make such standards compulsory
and binding to the extent to which the Secretary determines
necessary to improve tb.f effi :iency of operation or security and
privacy of Federal roj ^uter i systems. The President maydia-
approve or modify ".:h standards and guidelines if the Presi-
dent determines such action to be in the public interest, lie
President's authority to disapprove or modify such standards
and guidelines may not be delegated. Notice of such dis-
approval or modification shall be published promptly in the
Federal Register. Upon receiving notice of such disapproval or
modification, the Secretary of Commerce shall immediately re-,
scind or modify such standards or guidelines as directed by the
President. /
(2) Exercise of authority.—The authority conferred:
upon the Secretary of Commerce by this section shall be exer-
cised subject to direction by the President and in coordination
with the Director v> ensure fiscal and policy consistency. '
(b) Application of More Stringent Standards.—The head
of a Federal agency may employ standards for the cost-effective se-;
curity and privacy of sensitive information in a Federal computer,
system within or under the supervision of that agency that an
more stringent than'the standards promulgated by the Secretary .of
Commerce under this section, if such standards contain, at a mini-
mum, the provisions of those applicable standards made compel
sory and binding by the Secretary of Commerce.
(c) Waiver of Standards.—The standards determined un
subsection (a) to he compulsory and binding may be waived by t)ia
Secretary of Commerce In writing upon a determination that com*:
pliance would adversely affect the accomplishment of the mission
of an operator of a Federal computer system, or cause a mqjor 80?
verse financial impact on the operator which is not offset by Goy*v
ernment~wide savings, The Secretary may delegate to the h
or more Federal agencies authority to waive such stand
extent to which the Secretary determines such action to be
59 L
essary and desirable to allow for timely and effective implementa-
tion of Federal computer system standards. The head of such agen-
cy may redelegate such authority only to a Chief Information Offi-
cer designated pursuant to section 3506 of title 44, United States
Code. Notice of each such waiver and delegation shall be transmit-
ted promptly to Congress and shall be published promptly in the
Federal Register..
(d) Definitions.—In this section, the terms "Federal computer
system" and "operator of a Federal computer system" have the
meanings given such terms in section 20(a) of the National Insti-
tute of Standards and Technology Act (15 U.S.C. 278g-3(d)).
(e) Technical Amendments.—Chapter 35 of title 44, United
States Code, is amended—
(1) in section 3504(g)--
(A) in paragraph (2), by striking out "the Computer
Security Act of 1987 (40 U.S.C. 759 note)" and inserting in
lieu thereoi' "sections 20 and 21 of this National Institute
of Standards and Technology Act (15 U.S.C. 278g-3 and
278g-4), section 5131 of thelnformation Technology Man-
agement Reform Act of 1996, and sections 6 And 6 of the
Computer Security Act of 1987 (40 U.S.C. 759 note)"; and
(B) in paragraph (3), by striking out "the Computer
Security Act of 1987 (40 U.S.C. 759 note)" and inserting in
lieu thereof ^he standards and guidelines promulgated
under section 5131 of the Information Technology Manage-
ment Reform Act of 1996 ar*u sections 6 and 6 of the Com-
puter Security Act of 1987 (40 L .S.C. 759 note)"; and
(2) in section 3518(d), by s'.Jdng out "Public Law 89-306
on the Administrator of the General Services Administration*
the Secretary of Commerce, or" and inserting in lieu thereoi
"section 5131 of the Information Technology Management Re-
form Act of-1996 and the Computer Security Act of 1987 (40
rP' U.S.C. 759 note) on the Secretary of Commerce or".
g&C. 5132. SEN8E OF CONGRESS.
It is the sense of Congress that, during the next five-year pe-
.nod beginning with 1996, executive agencies should achieve each
year at least a 5 percent decrease in the cost (in constant fiscal
year 1996 dollars) that is incurred by the agency for operating and
'maintaining information technology, and each year a o percent in-
in the efficiency of the agency operations, by reason of im-
ements in information resources management by the agency.
V, Subtitle E—National Security Systems
r-. 5141. applicability to national security systems.
(a) In General.—Except as provided in subsection (b), this
title does not apply to national security systems.
.(b) Exceptions.—
(1) IN GENERAL.—Sections 5123, 5125, and 5126 apply to
national security systems.
>" (2) Capital planning and investment cont The
gV. heads of executive agencies shall apply sections 5112 J122
to national security systems to the extent practicable.
-------�
522
(3) Performance and results of information tech-
nology investments.—(A) Subject to subparagraph (B), the
heads of executive agencies shall apply section 5113 to national
security systems to the extent practicable.
(B) National security systems shall be subject to section
5113(bX5) except for subparagraph (BXiv) of that section.
SEC. 5142. NATIONAL SECURITY SYSTEM DEFINED.
(a) Definition.—In this subtitle, the term "national security
system" means any telecommunications or information system op-
erated by the. United States Government, the function, operation,
or use of which—
(1) involves intelligence activities;
(2) involves cryptologic activities related to national secu-
rity;
(3) involves command and control of military forces;
(4) involves equipment that is an integral part of a weapon
or weapons system; or
(5) subject to subsection (b), is critical to the direct fulfill-
ment of military or intelligence missions.
(b) Limitation.—Subsection (aXH does not include a system
that is to be used for routine administrative and business applica-
tions (including payroll, finance, logistics, and personnel manage-
ment applications).
TITLE LII—PROCESS FOR ACQUISI-
TIONS OF INFORMATION TECH-
NOLOGY
SEC. 8201. PROCUREMENT PROCEDURES.
The Federal Acquisition Regulatory Council shall ensure that
to the maximum extent practicable, the process for acquisition or
information technology is a simplified, clear, and understandable
process that specifically addresses the management of risk, incre-
mental acquisitions, and the need to incorporate commercial infor-
mation technology! in a timely manner.
SEC. 5202. INCRE&iENTAL AC QUISITION OF INFORMATION TECS'
NOLOGY. | . 1
(a) PoiY.—The Office of Federal Procurement Policy Act (41 ]
U.S.C. 401 et seq.) is amended by adding at the end the following]
new section: J
"SEC. 30. MODULAR CONTRACTING FOR INFORMATION TECHNOLOOl]
"(a) In General.—The head of an executive agency should,
the maximum extent practicable, use modular contracting for aaj
acquisition of a major system of information technology. .,>1
"(b) Modular Contracting Described.—Under modular coo-1
tracting, an executive agency's need for a system is satisfied in suc-
cessive acquisitions of interoperable increments. Each increment'
complies with common or commercially accepted standards applica-
ble to information technology so that tne increments are compatible'
with other increments ->f information technology comprising tbe|
system. * •:
523
"(c) Implementation.—The Federal Acquisition Regulation
shall provide that—
"(1) under the modular contracting process, an acquisition
of a meyor system of information technology may be divided
into several smaller acquisition increments that—
"(A) are easier to manage individually than would be
one comprehensive acquisition;
"(B) address complex information technology objectives
incrementally in order to enhance the likelihood of achiev-
ing workable solutions for attainment of those objectives;
"(C) provide for delivery, implementation, and testing
of workable systems or solutions in discrete increments,
each of which comprises a system or solution that is not
dependent on any subsequent increment , in order to per-
form its principal functions; and
"(D) provide an opportunity for subsequent increments
of the acquisition to take advantage of any evolution in
technology or needs that occur during conduct of the ear-
lier increments;
"(2) a contract for an increment of an informationvtech-
nology acquisition should, to the maximum extent practicable,
be awarded within 180 days after the date on which th6 solici-
tation is issued and, if the contract for that increment cannot'
be awarded within such period, the increment should be con-
sidered for cancellation; and
"(3) the information technology provided for in a Contract
for acquisition of information technology should be delivered
within 18 months after the date on which the solicitation re-
sulting in award of the contract was issued.".
(b) Clerical Amendment.—The table of contents in section
1(b) of such Act is amended by inserting after the item relating to
section 34 the following new item:
"Sec. 38. Modular contracting for information technology.".
TITLE LID—INFORMATION TECH-
NOLOGY ACQUISITION PILOT PRO-
GRAMS
Subtitle A—Conduct of Pilot Programs
8EC. 8301. AUTHORITY TO CONDUCT PILOT PROGRAMS.
(a) In General.—
(1) PURPOSE.—The Administrator for Federal Procurement
Policy (hereinafter referred to as the "Administrator"),-in con-
sultation with the Administrator for the Office of Information
and Regulatory Affairs, may conduct pilot programs in order to
test alternative approaches for acquisition of information tech-
nology by executive agencies.
(2) MULTIAGENCY, MULTI-ACTIVITY CONDUCT OF EACH PRO-
GRAM.—Except as otherwise provided in this title, each pilot
program conducted under this title shall be carried out in not
more than two procuring activities in each of the executive
-------�
530
- (iii) agrees to establish and update prices, fea-
tures, and performance and to accept orders electroni-
cally through the automated system established pur-
suant to subsection (a).
(3) Comptroller general review and report.—(A) Not
later than three years after the date on which the )>ilot pro-
gram is established, the Comptroller General of the United
States fthall review the pilot program and report to the Con-
gress on the results of the pilot program.
(B) The report shall include the following:
(i) An evaluation of the extent to which there is com-
petition for the orders placed under the pilot program.
(ii) The effect that the streamlined procedures under
the pilot program have on prices charged under multiple
award schedule contracts
(iii) The!, effect that such procedures have on. paper-
work requirements for multiple award schedule contracts
and orders.
(iv) The, impact of the pilot program on small busi-
nesses and' socially and economically disadvantaged, small
businesses.
(4) WlTHDRA AL OF 8CHEDULE OR PORTION OF 8CHEDULE
from PILOT I iogram.—The Administrator may withdraw a
multiple awaH Module or portion of a schedule from the pilot7
program , if the Administrator determines that (A) price com-
petition is not available under such schedule or portion thereof,
Or (9) the cost to the Government for that schedule or portion
thereof for the previous year was higher than it would /have
been if the contracts for such schedule or portion thereof had
been awarded using procedures that woula apply if the pilot
program were not in effect The Administrator shall notify'
Congress at least SO days before the date on which the Admin-
istrator withdraws, a schedule or . portion thereof itader this
paragraph. The' authority under this paragraph may not be
delegated.
(5) Termination, of pilot program.—Unless reauthorized
by law, the authority of the Administrator to award contracts'
under-the pilot program shall expire four years after'the .date,,
on which the- pilot pxpgram is established. Contracts entered?
into before the authority (expires shall remain in effect in aev
cordance v.^-h their terms notwithstanding -the expiration of
the authority to award new contracts under the pilot program.
"(d) Definition.—In this section, the term "FACNEt" means
the. Federal Acquisition Computer Network established under sec-
tion 30 of. thn, Office of Federal Procurement Policy Act (41 U.S.C.
,426). v
SEC. 6402. IDENTIFICATION OF .-EXCESS AND. SURPLUS COMPUTER'
. EQUIPMENT.
Not later than six mdnths after the date of , the enactment of
this Act, the head of an executive agency shall inventory all com-;
puf 'ipment under the control of that official. After completion .
of entory, the head oi* the executive agency shall maintain,
"ln\ ancs with title Jl of.-the Federal _Prot>ertv nnd Administra-
531
tive Services Act of 1949 (40 U.S.C. 481 et seq.), an inventory
any such equipment that is excess or surplus property.
SEC. 6403. ACCESS OF CERTAIN INFORMATION IN INFORMATION 8Y
TEMS TO THE DIRECTORY ESTABLISHED UNDER SECTIO
4101 OF TITLE 44, UNITED STATES CODE.
Notwithstanding any other provision of this division, if in di
signing an information technology system pursuant to this divisioj
the head of an executive agency determines that a purpose of tbi
system is to disseminate information to the public, then, the nea'
of such executive agency shall reasonably ensure that an index (
information: disseminated .by such system is included in the dire<
tory created pursuant ' to section 4101 .of title 44, United State
Code. Nothing in this section authorizes the dissemination of infoi:
mation to the public unless otherwise authorized.
TITLE LV—PROCUREMENT PROTEST
AUTHORITY OP THE~ COMPTROLLEI
GENERAL
SEC. 5801. PERIQD FOR PROCESSING PROTESTS.
Title 31, United States Code. is amended asfoUows:
(1) Section 3563(bX2XA) is amended'by striking out "35
and inserting in lieu thereof "30";
(2) Section 3554 is amended— •
'. (A) in subsection (aXl)t by striking out " 125" and in
'sertiu in lieu thereof "100"; and
(B) in subsection (e)— .
(i) in paragraph (1), by striking .out "Governmen
Operations" ana inserting in lieu , thereof "Government
Reform and Oversight"; and
(ii) in paragraph (2), by striking, out W125M and in
serting in lieu thereof "100 .
SEC 6503. AVAILABILllY OF FUNDS FOLLOWING CUO RESOLUTION
OF CHALLENGE TO CONTRACTING ACTION,
(a). In General.—Section 1558 of title 31, United States Code
is amended—v
(l).1n the first sentence of subsection (a)—
. (A) by .inserting "or other action referred to in sub*
section (br after "protest" the first place ft appears;
- (B) by striking out "90 working days" ana inserting in
lieu thereof "100 days"; and
(C) by inserting "or other action" after "protest" the
second place it appears; and
. (2) by striking out,subsection (b) and inserting in/lieu
thereof the following:
"(b) Subsection (a) applies with respect to—
- <"(l) any protest filed under subchapter V of chapter 35 of
this title; or
*X2). an action commenced under administrative procedures
or for. a judicial remedy if—
• "(A) the action involves a challenge to—
"fiVa Rolidtation for »
-------�
532
"(ii) a proposed award of a contract;
"(iii) an award of a contract; or
"(iv) the eligibility of an offeror or potential offeror
for a contract or of the contractor awarded the con-
tract; and
"(B) commencement of the action delays or prevents
an executive agency from making an award of a contract
or proceeding with a procurement.".
(b) Conforming Amendment.—The heading of such section is
amended to read as follows:
M§ 1558. Availability of funds following resolution of a formal
protest or other challenge".
(c) Clerical Amendment.—The item relating to such section
in the table of sections at the beginning of chapter 15 of title 31,
United States Code, is amended to read as follows:
"1558. Availability of funds following resolution of a formal protest or other chal-
lenge.".
TITLE LVI—CONFORMING AND
CLERIC AT AMENDMENTS
8EC. 5601. AMENDMEf rs TO TITLE 10, UNITED STATES CODE.
(a) PROTEST File.—Section 2305(e) is amended by striking out
paragraph (3).
(b) Multiyear Contracts.—Section 2306b of such title is
amended—
(1) by striking out subsection (k): and
(2) by redesignating subsection (1) as subsection (k).
(c) Law Inapplicable to Procurement op Information
Technology.—Section 2315 of title 10, United States Code, is
amended by striking out "Section 111" and all that follows through
"use of equipment or services if," and in serting in lieu thereof the
following; "For the purposes of the Information Technology Man-
agement Reform A£t of 1996, the term 'national security systems'
means those telecommunications and information systems operated
by the Department of Defense, the functions, operation or use of
which".
SEC. 5602. AMENDMENTS TO TITLE 29, UNITED STATES CODE.
(a) References to Brooks Automatic Data Processing
Act.—Section 612 of title 98, United States Code, is amended—
(1) in subsccticr. (f) by striking out "section 111 of the
Federal Property and Administrative Services Act of 1949 (40
U.S.C. 759a and inserting in lieu thereof "the provisions of
law, policies, and regulations applicable to executive agencies
under the Information Technology Management Reform Act of
1996 ;
(2) in subsection (g), by striking out "sections 111 and 201
of the Federal Property and Administrative Services Act of
1949 (40 U.S.C. 481 and 759)" and inserting in lieu thereof
"section 201 of the federal Property and Administrative Serv-
ices Act of 1949 v40 U.S.C. 481rj
533
(3) by striking out subsection (1); and
(4) by redesignating subsection (m) as subsection (1).
(b) References to Automatic Data Processing.—Section
612 of title 28, United States Code, is further amended—
(1) in the heading, by striking out the second word and in-
serting in lieu thereof "Information Technology";
(2) in subsection (a), by striking out "Judiciary Automation
Fund" and inserting in lieu thereof "Judiciary Information
Technology Fund"; and
(3) by striking out "automatic data processing" and insert-
ing in lieu thereof "information technology" each place it ap-
pears in subsections (a), (b), (cX2), (e), (f), and (hXl).
SEC. 6603. AMENDMENT TO TITLE 31, UNITED STATES CODE.
Section 3552 of-title 31, United States Code, is amended by
striking out the second sentence.
SEC. 5604. AMENDMENTS TO TITLE 38, UNITED STATES CODE.
Section 310 of title 38, United States Code, is amended to read
as follows:
"5 310. Chief Information Officer
"(a) The Chief Information Officer for the Department is des-
ignated pursuant to section 3506(aX2) of title 44.
"(b) The Chief Information Officer performs the duties provided
for chief information officers of executive agencies under chapter 35
of title 44 and the Information Technology Management Reform
Act of 1996".
SEC 5605. PROVISIONS OF TITLE 44, UNITED 8TATES CODE, RELAT-
ING TO PAPERWORK REDUCTION.
(a) Definition.—Section 3502 of title 44, United States Code,
is amended by striking out paragraph (9.) and inserting in lieu
thereof the following; - l
"(9) the term 'information technology' has the meaning
given that term in section 5002 of the Information Technology
Management Reform Act of 1996 but does not include national
security systems as defined in section 5142 of that Act;".
(b) Development of Standards and Guidelines by Na-
tional Institute of Standards and Technology.—Section
3504(hXlXB) of such title is amended by striking out "section
111(d) of the Federal Property and Administrative Services Act of
1949 (40 U.S.C. 759(d))" and inserting in lieu thereof "section 5131
of the Information Technology Management Reform Act of 1996".
(c) Compliance With Directives.—Section 3504(hX2) of such
title is amended by striking out "sections 110 and 111 of the Fed-
eral Property and Administrative Services Act of 1949 (40 U.S.C.
757 and 759)" and inserting in lieu thereof "the Information Tech-
nology Management Reform Act of 1996 and directives issued
under section 110 of the Federal Property and Administrative Serv-
ices Act of 1949 (40 U.S.C. 757T-
(d) Collection of Information.—Section 3507(jX2) of such
title is amended, by striking out "90 days" in the second sentence
and inserting in lieu thereof "180 days".
-------�
534
SEC. 6606. AMENDMENT TO TITLE 40, UNITED STATES CODE.
Section 40112(a) of title 49, United States Code, is amended by
striking out "or a contract to purchase property to which section
111 of the Federal Property and Administrative Services Act of
1949 (40 U.S.C. 759) applies".
SEC. 6607. OTHER LAWS.
(a) National Institute of Standards and Technology
Act.—Section 20 of the National Institute of Standards and Tech-
nology Act (15 U.S.C. 278g-3) is amended—
(1) in subsection (a)—
(A) by striking out "section 3502(2) of title 44" each
place it appears in- paragraphs (2) and (3XA) and inserting
in lieu thereof "section 3502(9) of title 44"; and
(B). in paragraph (4), by striking out "section 111(d) of
the Federal Property and Administrative Services Act of
1949" and inserting in lieu thereof "section 6131 of the In-
formation Technology Management Reform Act of 1996";
(2) in subsection lb)—
(A) by striking out paragraph (2);
(B) in paragraph (3), by striking out "section 111(d) of
the Federal Propert' and Administrative Services Act of
1949" and inserting —
(A) in paragraph (lXBXv), by striking out "as defined"
and all that follows and inserting in lieu thereof a semi-
colon; and
(B) in paragraph (2)—
(i) by striking out "system'—" and all that follows
through "means" in subparagranh (A) and inserting in
lieu thereof "system' means"; and
(ii) by striking out and" at the end of subpara-
graph (A) and all that follows through the end of sub-
paragraph (B) and inserting in lieu thereof a. semi-
"olon.
(b) Computer Security Act of 1987.—
(1) Purposes.—Section 2(bX2) of the Computer Security
Act of 1987 (Public Law 100-235; 101 Stat. 1724) is amended
by striking out "by amending section 111(d) of the Federal
Property and Administrative Services Act of 1949 (40 U.S.C.
759(d)r.
(2) Security plan.—Section 6(b) of such Act (101 Stat
1729; 40 U.S.C. 759 note) is amended—
(A) by striking out "Within one year after the date of
enactment of this Act, each such agenpy shall, consistent
with the standards, guidelines, policies, and regulations
prescribed.nursupnt *3 section 111(d) of the Federal Prop-
erty and Admin' ,ti _»tive Services Act of 1949," and insert-
ing in lieu t^err >f "Each such agency shall, consistagtarith
the standards, piiiri Alines, policies, and regulati^Hpe-
535
scribed pursuant to section 5131 of the Information Tech?
nology Management Reform Act of 1996,"; and
(B) by striking out "Copies" and all that follows
through "Code.".
(c) Federal Property and Administrative Services Act of
1949.—Section 303B(h) of the Federal Property and Administrative
Services Act of 1949 (41 U.S.C. 253b(h)) is amended, by striking out
paragraph (3).
(d) Office of Federal Procurement Policy Act.—Section
6(hXl) of the Office of Federal Procurement Policy Act (41 U.S.C.
405(h)(1)) is amended by striking out "of automatic data processing
and telecommunications equipment and services or".
(e) National Energy Conservation Policy Act.—Section
801(b)(3) of the National Energy Conservation Policy Act (42 U.S.C.
8287(bX3)) is amended by striking out the second sentence.
(f) Central Intelligence Agency Act of 1949.—Section 3 of
the Central Intelligence Agency Act of 1949 (50 U.S.C. 403c) is
amended by striking out subsection (e).
SEC. 6608. CLERICAL AMENDMENTS.
(a) Federal Property and Administrative Services Act of
1949.—The table of contents in section 1(b) of the Federal Property
and Administrative Services Act of 1949 is amended by striking out
the item relating to section 111.
(b) Title 38, United States Code.—The table of sections at
the beginning of chapter 3 of title 38, United States Code, is
amended by striking out the item relating to section 310 and in-
serting in lieu thereof the following:
*310. Chief Information Officer.".
TITLE LVII—EFFECTIVE DATE, SAVINGS
PROVISIONS, AND RULES OF CON-
STRUCTION
8EC. 5701. EFFECTIVE DATE.
This division and the amendments made by this division shall
take effect 180 days after the date of the enactment of this Act.
8EC, 6708.8AVINGS PROVISIONS.
(a) Regulations, Instruments, Rights, and Privileges.—All
rules, regulations/ contracts, orders, determinations, permits, cer-
tificates, licenses, grants, and privileges—
(1) which nave been issued, made, granted, or allowed to
become effective by the Administrator of General Services or
the General Services Board of Contract Appeals, or by a court
of competent jurisdiction, in connection witn an acquisition ac-
tivity carried out under the section 111 of the Federal Property
and Administrative Services Act of 1949 (40 U.S.C. 759). and
(2) which are in effect on the effective date of this dmsion,
shall continue in effect according to their terms until modified, ter-
minated, superseded, set aside, or revoked in accordance with law
by the Director or any other authorized official, M^fccourt of coiri-
petent jurisdiction, or by operation of law. -
-------�
536
(b) Proceedings.—
(1) Proceedings generally.—This division and the
amendments made by thiB division shall not affect any pro-
ceeding, including any proceeding involving a claim, applica-
tion, or protest in connection with an acouisition activity car-
ried out under section 111 of the Federal Property and Admin-
istrative Services Act of 1949 (40 U.S.C. 759) that is pending
before the Administrator of General Services or the General
Services Boar<' of Contract Appeals on the effective date of this
division.
(2) Orders.—Orders may be issued in any such proceed-
ing, appeals may be taken therefrom, and payments may be
made pursuant to such orders, as if this division had not Deen
enacted. Ah order issued in any such proceeding shall continue
in effect until modified, terminated, superseded, or revoked in
accordance with law by the Director or any other authorized of-
ficial, by a*court of competent jurisdiction, or by operation of
law.
(3) DiScontinu .nce or modification of proceedings
not prohibited.—Nothing in this subsection prohibits the dis-
continuance or modification of any such proceeding under the
same terms and conditions and to the same extent that such
proceeding could have been discontinued or modified if this Act
had not been enacted.
(4) Other AUTHORITY and prohibition.—Section 1558(a)
of title 31, United States Code, and the second sentence of sec-
tion 3552 of such title shall continue to apply with respect to
a protest process in accordance with this subsection.
(5) Regulations for transfer of proceedings.—The Di-
rector may prescribe regulations providing for the orderly
transfer of proceedings continued under paragraph (1).
(c) Standards and Guidelines for Federal computer Sys-
tems.—Standards and guidelines that are in effect for Federal com-
puter systems under section 111(d) of the Federal Property and Ad-
ministrative Services Act of 1949 (40 U.S.C. 759(d)) on the day be-
fore the effective date of this division shall remain in effect until
modified, terminated, superseded, revoked, or disapproved under
the authority of section 6131 of this Act.
SEC. 5703. RULES OF CONSTRUCTION.
(a) Relationship to Title 44, United States Code.—Nothing
in this division shall be construed to amend, modify, or supersede .
any provision of title 44, United States Code, other than chapter
35 orsuch title.
(b) Relationship to Computer Security Act of 1987.—
Nothing in this division shall afreet the limitations on authority
that is provided for in the administration of the Computer Security
Act of 1987 (Public Law 100-235) and the amendments made by
such Act.
And the House agree to the same.
That the Senate recede from its disagreement to the amend-
ment of the House to the tit'e of the bill and agree to the
with an amendment as foUnv j:
In lieu of the House amendment, amend the title so as to read:
"An Act to authorize appropriations for fiscal year 1996 for militaiy
537
activities of the Department of Defense, for military construction,
and for defense activities of the Department of Energy, to prescribe
personnel strengths for such fiscal jrear for the Armed Forces; to
reform acquisition laws and information technology management of
the Federal Government, and for other purposes.
And the House agree to the same.
Floyd Spence,
Bob Stump,
Duncan Hunter,
Herbert H. Bateman,
Curt Weldon,
G.V. Montgomery,
John M. Spratt, Jr.,
Managers on the Part of the House.
Strom Thurmond,
John Warner,
Bill Cohen,
Trent Lott,
Sam Nunn,
Managers on the Part of the Senate.
-------�
Notes for the presentation by...
Tom Fioramonti
wsst
• ' ' N
-------�
Say Good-Bye to GSA
Federal Information Resource Management
Regulation (FIRMR) is obsolete as of 12 Midnight, August 7,
1996...
Say HELLO to OMB — Office of Management and Budget
HELLO to CIO — Chief Information Officer
Information Technology Management Reform Act
(IMTRA) of 1996 is effective 12:01AM August 8,1996
Qualify Assurance in Information Management //Augusi, 1996//Tom Fioramonti
1
-------�
PCAM — Punch Card Accounting Machines
EAM — Electronic Accounting Machines
EDP — Electronic Data Processing
ADP — Automated Data Processing
FIP — Federal Information Processing Resources
1RM — Information Resource Management
IT — Information Technology
Qualify Assurance in Information Management //August, 1996//Tom Fioramonti
2
-------�
About the FIRMR --
Carry-over of terms and thinking has some value
Federal Acquisition Regulation (FAR)
Environmental Protection Agency Acquisition Regulations
(EPAAR)
They are alive, well and continue to prescribe "How to
Buy"
Qualify Assurance in Information Management //August, 1996//Tom Pioramonti
3
-------�
Information Technology Resources Include:
EPA FTE Staff
and Acquired Resources including:
Equipment/Hardware
Software
Services
Support Services (People)
Planners
Software Developers/Maintainers
User Support
LAN Support/Operations
Hardware Maintenance
Information Support
Records Management
Dockets
Information Support (Libraries, PICs) and
Others
Qualify Assurance in Information Management//August, 1996//Tom Fioramonti
4
-------�
OMB is looking for agencies to manage IT in two areas
They require agencies to manage their IT portfolio
They require agencies to have an Investment Process for
Significant IT Projects
OMB will have a CIO
EPA's CIO Nomination - Mr. A1 Pesachowitz
Reports directly to the Agency Administrator
Views IT Portfolio components as
1. Region/Program Managed Activities
2. Agency IT Initiatives - Infrastructure, Cross
Program Initiatives, etc.
3. Significant Projects, ie.
Risk
Critical Mission Support
Significance Investment
Qualify Assurance in Information Management //August, 1996//Tom Fioramonti
5
-------�
Program Acquisitions for IT are either^
For Information Technology Resources
or
Mission Support with an IT Component
Quality Assurance in Information Management//August, 1996//Tom Fioramonti
6
-------�
Mission Support with an IT Component
Need Access to EPA Technical Support
Review of WA for "Data Bases"
Review of WA for Access/Compatibility to
Information
Technical Risk Assessment of Contractor Plans
(Contract/WA/DO)
Security
Records Management Requirements
Other Information Issues (Docket, Information
Collected from the Public, etc.)
Software Issues — Rights of Ownership, Use,
Distribution of Proprietary Software
Reporting to CIO as a component of IT Portfolio
Quality Assurance in Information Management //August, 1996//T om Kioramonti
7
-------�
Volume A
« m
e
a>
i>
B V)
n
n c/i
Volume B
Volume C
C0
e
c O
a 2
" w'
•». B
o
(I
<
£
ST
ta
B
«
0
Operations and Maintenance Manual
-------�
Software Life Cycle and Acquisition - The ITMRA encourages a modular approach when
contracting (to minimize risk).
Life Cycle Component
Possible Options
Requirements
Program Contracts, Others
available thru OfM/Other
Agencies
Feasibility
Analysis and Design
NDPD's Information Technology
Architectural Support
Other Agencies
Software Construction
Software Development Center
(MOSES Contract) or Contracting
Special Efforts
8a - - SBA contractors
Operations, Maintenance GSA Zone Contract,
or Enhancements Lockheed/Martin, LAGs, etc
Qualify A ssurance in Information Management //August, 1996//Tom Fioramonti
9
-------�
Your Acquisition Process
What do I need?
Requirements
How car. I get it?
Alternatives
Going for it?
Pre-Award
Award
Post-Award
Tracking/Reporting within the Agency Portfolio
Progress
Milestones
Cost
Performance Measures
Pre-Award
Contract Execution
Mission Support
Others
Quality Assurance in Information Management //August, 1996//Tom Fioramonti
10
-------�
Requirements Analysis
1. Information Needs *
2. Systems Life *
3. Description of Requirements *
4. Compatibility Limited Requirements
5. Justification for Specific Make and Model
6. Security Requirements **
7. Accessibility Requirements for the Disabled
8. Space and Environmental Requirements *
9. Workload and Related Requirements *
10. Records Management Requirements
11. Energy Star Compliance
* These may be addressed in the products developed in the Software Life Cycle
** Not just CBI and National Security
Include access and protection from loss or destruction
Qualify Assurance in Information Man agement //August, 1996//T om Kioramonti
11
-------�
Alternatives Analysis
Used to be:
Reuse of existing resources
Sharing of existing resources
Contracting for new resources
ITMRA and OMB now suggest --
Do we still need to do it"
Who can do it best?
This Agency
Other Agencies
Contractor
Combination of Above
Has the process being automated been
Re-Engineered
What are the possible options?
Agency/OIRM Contracts
Other Program Contracts
GSA Programs (GWACs, Schedules, Others)
IAGs with Other Agencies (OMB Emphasis)
Small Business Administration
New Contract
Others
What was Your Choice?
Why is that the BEST Option?
Quality Assurance in Information Management //August, 1996//Tom Fioramonti
12
-------�
Implementation
Project Management
Other Resource Needs
Minimization of Risk
Support to Pre-Award, Award and Post Award Activities.
Statement of Work (SOW) Development
RFP Development
OAM Interaction
Technical Plans
Technical Panels
Conversion Plans
Contract Management
Contract Administration
Size of the project, level of risk and other factors
determine the level of effort required.
Quality Assurance in Information Management //August, 1996//Tom Fioramonti
13
-------�
IT Acquisition Thresholds and Approval
Used to be GSA/OIRM -
Very Limited Delegation to Programs
Recently, Increased EPA Authority
$2,500,000.00 — Before October 1994
$10,000,000.00 - October, 1994
$100,000,000.00 - June, 1995
No Limit — August, 1996 (OMB Reporting)
Quality Assurance in Information Man agemeni //August, 1996//T om Fioramonti
14
-------�
For the Future - CIO is Expected to Provide —
Local Portfolio Activities
Routine, Recurring^Non-Significant IT Management
Acquisition Responsibility to be at Program/Region
Program/Regional IT Authority can be spread within
Organization (By Position, Experience, Training, etc.)
Program/Regional Management of IT Portfolio with
Reporting to CIO
Qualify A 88urance La Information Man agemeni //August, 1996//T om Fioramonti
15
-------�
CIO Involvement on Significant IT Projects —
Cxecu/W ¦
Chairs Investment Board (ESC) Review '
Full Life Cycle View of Projects
Reporting to Administrator
Time-Out or Stop Recommendations
Performance Measure Validation
Qualify Assurance in Information Management //August, 1996//Tom Fioramonti
16
-------�
Other Sources of Information
Internet Locations
GSA IT Policy On-Ramp
http://www.itpolicy.gsa.gov/
The White .House Virtual Library
http://www.whitehouse.gov/WH/html/library.html
U.S. House of Representatives Internet Law Library
http://law.house.gov/cfr.htm
Government Accounting Office (Publications/Guides)
http://www.gao.gov/special.pubs/gpra.htm
Environment Protection Agency
http://www.epa.gov/
Trade Press
Government Computer News
Federal Computer Week
Qual ity Assurance in Information Management //August, 1996//Tom Fioramonti
17
-------�
Notes for the presentation by...
Jerry Widdowson
-------�
I q v EPA System Life Cycle
Management
Jerry Widdowson
Office of Information Resources
Enterprise Systems Division
Systems Support Branch
SSB-JW-AUG1996
1
-------�
Overview
Familiarize you with life cycle concept
Introduce you to EPA life cycle
Highlight EPA life cycle documentation
Answer questions
SSB-JW-AUG1996 2
-------�
System Life Cycle—Definition
The complete time span of a system
from the origin of the idea that leads to
the creation of the system to the end of
its useful life.
SSB-
11996
-------�
System Life Cycle—Purpose
Divide a project into smaller, more
manageable pieces—to avoid management
indigestion
Meal Stages
Course 1 Course 2 Course 3 Course 4
Bring order and step-wise approach
to problem solving
SSB-JW-AUG1996 4
-------�
System Life Cycle—Management
A process by which managers are directly
accountable for making key decisions about how
resources are expended for system development
and enhancement efforts.
SSB- M996
5
-------�
Generic Life Cycle Example
I
Based on needs
Life Cycle
Sytfem DtadpUn^^^.
Reqti
Definition
Dttign
Cod»
Operational
Ilit
*
Ktnrment
Management
(Task)
(Task)
Qlask^
Development
^Taak)
[Tuk)
QTask^
Qalj
(Task)
Product Assurance
(TiA)
[Tck]
[Tut]
(Tut)
Identifies life cycle stages
Details management, development, and product
assurance tasks
Provides framework for developing information
system
SSB-JW-AUG1996
-------�
System Life Cycle—Variations
There are many life cycle variations. EPA has its
variation of a life cycle.
SSB ^flG1996
0^1
-------�
i
EPA Life Cycle Management Policy
Thou shalt
• Follow a life cycle
• Document
• Have management involvement,
review, & sign-off
SSB-JW-AUG1996
8
-------�
EPA Life Cycle—Stages
Initiation—request for system development to meet a need or solve a
problem
Requirements Analysis—determination of what is required to
automate function(s) identified
Design—specify automated & manual functions & procedures,
computer programs (modules), data bases, security & system controls
Programming—coding of program modules called out in design
Testing & Quality Assurance—ensuring that system works as
intended (i.e., meets requirements—functionality, performance,
reliability, security, etc.)-
Installation & Operation—"plugging in" and using to support EPA
mission
Maintenance & Enhancement—resolving problems (bugs,
requirements mismatches), improving performance, accommodating
requirements changes
Retirement—ends system use. This stage usually followed by revisit
to predecessor stages to bring a replacement system into being
SSB- 1996
-------�
Requirements Analysis—Most Important
Stage
THE WIZARD OF ID
by Brant p&rker and Johnny hart
WHAT l£lT"Y0U
Z&MIY WAtT?
1) o0 0
" o o ° °
SSB-JW-AUG1996
10
-------�
EPA Life Cycle Documentation—Management
Appropriate levels of management shall review and approve or
disapprove system development or enhancement/replacement
projects.
These reviews by management shall occur, at a minimum, at
the end of each life cycle stage as implemented for the chosen
methodology.
These management decisions shall be documented by means of
signatures on formal decision papers.
• System Charter Decision Paper
• System Management Plan
• Decision Papers
SSD '11996
11
-------�
EPA Life Cycle Documentation—Technical
To maximize the return on the Agency's investment in its
information systems, sufficient documentation is needed at
each stage of the life cycle to support effective management of
EPA resources and to facilitate the interchange of information
among managers, developers, programmers, operators, and
users. The following are key documents produced at different
life cycle stages:
Needs Statement and Initiation Request Quality Assurance Plan Software Maintenance Plan
Feasibility Study System/Subsystem, Program and Post Implementation Review Plan
Risk Analysis Diabase Specifications
_ ' , , _ _ . Evaluation and Assessment of
Cost/Benefit Analysis Schedules for Each Phase Information System
Functional Requirements Analysis User Manual Obsolescence
Functional Security and Internal Operations/Maintenance Manual Change Control Memos
Control Requirements Analysis
Data Requirements Analysis Installation Conversion Plan System Security Plan
Data Management Plan Test Analysis and Security Disaster Recovery Plan
Evaluation Report
SSB-JW-AUG1996
12
-------�
Eight-Stage EPA Life Cycle
Reduced to simplest terms, systems development iteratively evolves
through eight stages and involves the prescriptive use of management,
development, and product assurance disciplines.
EPA Directive 2100 Chapter 17
V Life Cycle
^aga
Systems \
Disdplln«s\
H
H
lH
SI
m
¦8
I
System
Charter Plan
System
Management
Plan
Decision
Paper
Decision
Paper
Decision
Paper
Decision
Paper
Decision
Paper
Decision
Paper
Needs
Statement
Feasibility
Study
Requirements
Analysis
Specifications
System
Design
Data
Design
Computer Code
DataBase
User Manual
Installation Man
Maintenance
Plan
Operations &
Maintenance
Manuals
System
Maintenance
Post
Implementation
Review Plan
Evaluation of
Obsolescence
Risk Analysis
Quality Assurance
Plan
System Acceptance
Plan
Data Management
Plan
Test Plan
Disaster
Recovery
Plan
System Security
Plan
Change Control
Forms
Test Procedures
Test Analysis
Security
Evaluation
Test Analysis
Evaluation of
Obsolescence
Managing the life cycle boils down to deciding what to do next in
response to activity within a stage.
SSB- 11996 13
-------�
Key Management Documentation—Decision Paper
• Documents fact that EPA has reviewed work in a stage and
made an internal decision
• For first two stages (Initiation and Requirements Analysis),
special kind required
• Remaining decision papers are used at end of each stage or as
otherwise determined to address following:
- Current status
- Next stage cost
- Description of next stage
- Decisions needed to address constraints
- Alternatives analysis
It is the EPA staffs responsibility to prepare the
decision papers.
SSB-JW-AUG1996 14
-------�
Decision Paper for Initiation Stage—
System Charter
• Needs to be met
• Users
• Sponsor(s)
• Timeframe
• System category
• Life cycle costs
• Review levels for Decision Papers
• System Manager
SSB-r UG1996 15
-------�
Decision Paper for Requirements Analysis
Stage—System Management Plan (subsumes the System Charter)
• Purpose—management decision: go/no-go, change, revisit
• System scope—primary and secondary user community
• Assumptions and constraints
• Life cycle methodology and key decision points
• Levels of review
• Timeframe
• Total life cycle costs and cost-benefit analysis
• System's architecture, technical and data requirements,
anticipated security issues
SSB-JW-AUG1996 >6
-------�
Summary
.• System life cycle management required for
all EPA information systems
• Goal is to produce effective, efficient, and
economical systems to support the
Agency's mission
SSB
31996
-------�
(a
^4/r- tji/f
Exhibit 17-A
SYSTEM
CATEGORY
THRESHOLD CRITERIA
(System category Is determined by the highest
threshold reached under either the scope OR
cost criteria.)
SYSTEM
MANAGEME
NT
PLAN(SMP)
MUST BE
REVIEWED
BY:
Scope
Cost
1. Major
Agency System
Mission Critical for Multiple AAships or
Regions; or Agency Core Financial System
>$25 million
throughout the
lifecycle or $5
million
annuallyFundin
g Org. AA/RA,
Dir. OIRM,
Exec. Steering
Comm. for
ERM.
2. Major
AAship or
Regional System
Mission Critical for 1 AAship or Regional Office
>$10 million
throughout the
lifecycle or >
$1 million
annuallyFundin
g Org.
SIRMO(s) &
AA/RA
3. Significant
Program Office
System
Mission Critical in Program Office
> $2 million
throughout the
lifecycle or
>$100,000
annuallyFundin
gOrg.
SIRMO(s)
16
-------�
4. Local Office
Systems Below Category 3 Thresholds
<$100,000
or Individual Use
annually for
System
one project
S1RMO or
official
designee
-------�
C1RM Contacts
• Mike Carpentier (202) 260-2415
• Jerry Widdowson (703) 908-2660
SSB-JW-AUG 1996
-------�
Notes for the presentation by...
Larry Fitzwater
, < " pp ,
;ik.
MMMbi
illliU!!
.
:: ; .,
=?ixv
til li 11 itilllii
mr.,:
m a ¦ ¦¦ s? ¦
I:-""
^ 1 11
!li|;,.:
¦ :': ' iltlflf
®ilP!
;%.r/ i '• m § <
; |f§|§|||
:i::W:
V- ' v ' ^
' - < ' " ' sw, "
I . 'i .//¦¦¦;•:¦:.;;¦:¦ !;:
• :.: • . '•. '
¦¦'!:¦¦¦:;' "¦!' -:;
..siiilfis,.
will
, rinls
,, ^ :^-,v - .
*
-------�
Information and D
QA/QC Conference, August 21-23,1996
Larry Fitzwater
EPA/OIRM/EIM Division
Tel: (202)
fitzwater.larry@eparrudLepa.gov
OIRM/Entemrise Information Management Division
-------�
%
i , v ' : . v ¦
Information and Data
• •' • .... '¦ ¦ . ¦ -C-
Management Policy
¦ :
-------�
Policy Sources
Federal IRM Policy
EPA Strategic Plan
EPA Information Management/Data Administration
A0Q2 5 Jul 1904
-------�
p§ •.
m S
**.
¦
Federal Policy
r,--
•V-
>;¦: ¦
.-r. Fr,f
ii .'?.Sf" .
' t
¦;\
• v - -•
Paperwork Reduction Act of
1980
Office of Management and
Budget
Circular A-130
EPA Information Management/Data Administration
AQ03 5 J
W.
-------�
Information
Management
Information Systems and 9
Information Technology \
Management
A004 5 Jul 1904
Federal Policy
-------�
-
\ ¦
1DM Policy
Assure the Utility of
EPA Data
Establish
Management
Principles
Implement A-130
t
i '
• • ••
Assign
Responsibility
Establish the
Information and Data Management
Program
¦ i £;;:
¦A
o'-m
Ip? if
| lis®
' " - ..i'iv
. V * • •.., '.-J:
? fci E
.x«i
>J.
.
A005 S.
t
EPA Information Manaaement/Data Administration
• •' v f»'r -i-. •••if.'- ' • •¦¦•¦-'' ..
-------�
Policy
Strategic Alignment
of Information anc)
Data Resources
1
EPA information and data resources will support Agency
missions and programs as agreed upon in Agency
strategic plans.
EPA Information Management/Data Administration
A006 5 Jul 1804
-------�
Policy
Common Ownership
of Information and
Data Re'
i >
j ;>j:
EPA nformatjon and data resources will be treated as Agency
resources and managed in an efficient, effective, and
economical manner.
EPA Information Management/Data Administration
A007 5 J
-¦m
-------�
Policy
Shared
Informatio
and D
A008 S Jul 1804
-------�
Policy
I ¦
Known
Information and Data
Needs
and date requirements will be identified,
defined, and documented.
Information and data collected and stored by EPA will be
identified, cefined, and documented.
EPA Information Management/Data Administration
AOOO 5
I
-------�
4 ——¦
K Policy
Information and
Data of
Known Quality
AOIO 5 Jul 1994
Documentation of EPA information and data requirements and
collections will address issues of data quality.
EPA Information Management/Data Administration
-------�
Policy
Control through
Agencywide
Standard
I «
.•' -• -, ¦
¦"i.-r.
EPA will use agency-wide standards to establish essential
information and data resources management controls.
EPA Information Management/Data Administration
r'fU
A011 5
-------�
• A012 5 Jul 1804 i
i-f ' r.:!», •. v: ••. ¦> *-• •' '• -¦ .:V-* v, Vr--;:; ¦¦ ~v«-' i^^5i«Sp'
Policy
Employee Training
in Data Management
-------�
Responsibilities
5
Designated Senior Official for IRM
•' "CV v
- ^
Ensure that information requirements are addressed in the Agency
strategic plan.
Lead development^ an agencywide information architecture.
Lead compilation of an inventory of information and data resources.
Lead development of agencywide data standards.
Establish and support the Information and Data Management
Program. '
Appoint an officer to administer the I DM Program.
ERA Information Management/Data Administration
A013 5.
-------�
m Responsibilities
EPA Primary Organization Heads
Ensure participation of the primary organization in the development
of an Agency IRM strategic plan.
Ensure that the primary organization's strategic plan addresses
information requirements.
- • ¦ ' .. / '
Sponsor the development of a primary organization information
architecture.
Implement the IDM Program within the primary organization.
Contribute to the development of data standards.
Share documentation of information and data requirements and
collections.
Ensure that information and data documentation addresses data
quality.
Ensure that employees have appropriate information and data
management training.
EPA Information Management/Data Administration
v.
A014 5 Jul 1904
ivj •; *.1-.
y < ¦ ¦
, V-
-------�
-------�
Key Components
• Mission Statement
• Values
• Vision
• Goals/Objectives
• Strategies
• Environmental Business Analysis
• Critical Success Factors
• Five-year Implementation Plan
• Performance Measurements
• Organizational Structure
v • *
AOlfc ' 5 Jul 1004
I
-------�
IDM SERVICE CENTER
M&M Z \
~r
¦
-------�
IDM Service Center
Understands what needs to be
i • . * • . , i . : -.¦, . Kt.
. „ ' • . '
and how to do it
7 ' •: - ¦ ' t
Provides fee services to Program Offices
• Standardize data elements
• Operate data registry
• Develop data architecture
<¦ • * ' ' - • •'/ . '*¦" V • v • ' *: ' >: •- ' - . * ' ' . ' ' - ¦ . • • "**
• ; -• • • ' : '. , • -r . / • •• • • • .t ; - J • . • «' ± r . •. .. , . .. y 1 ' '<
• Data Model integration services
• Technical assistance
/ . . ' ; - •
i- ' • • • ' i ' "i • . • ' ; V • '
EPA Information Management/Data Administration
/ •
it
-------�
Notes for the presentation by...
Mike Miller
-------�
SERA Committee on Integrity and Management Improvement
Management and Disposition
of Federal Records
This Awareness Bulletin summarizes Agency employee,
responsibilities and requirements concerning the
maintenance and disposition of official Agency records. It is
intended to promote compliance with Federal law and. Agency
policy. All Federal agencies are required to create and
maintain documentation of their organization, functions,
policies, decisions, procedures, and essential transactions.
Federal records are Government property and may not be
disposed of except in accordance with approved records
disposition schedules. These schedules specify the authorized
retention periods for Agency records and instructions for
disposition. Employees who are transfening to other EPA
organizations or leaving the Agency should remember that the
documents they have accumulated - except for personal papers
- belong to the Agency, and they may not remove them without
authorization. This includes records maintained in private
offices as well as those filed centrally.
What are My Records Management
Responsibilities?
As an EPA employee, you have three specific records
management responsibilities. You must
• create records sufficient to document your activities;
• maintain official Agency records separately from your
personal files and other nonrecord materials; and
• follow the retention and disposition guidance specified in
the records disposition schedules and the recordkeeping
requirements documented to your organization within
EPA. Employees may not destroy or remove records
except in accordance with the approved records disposition
schedules.
Employees do not have to retain records beyond the
requirements listed in the records disposition schedules. If
Agency records have been legally destroyed according to these
schedules, no attempt need be made to reproduce such records
for any subsequent request (such as FOIA).
Managers or supervisor have an additional responsibility for
the overall documentation of the activities of their program or
unit. They should ensure that recordkeeping requirements exist
for all records, that the records are being mjuntained according
to Federal regulations and Ageiicy policy, and that custodians
and Hie stations are identified for all records.
What Exactly are Federal Records?
. According to law, Federal records are defined as
documentary materials, regardless of physical form or
characteristics, made or received by an agency of the United
States Government under Federal law or in corutection witft (
the transaction of public business and preserved or
appropriatefor preservation, .as evidence of the organization,
functions, policies, decisions; procedures, operations-, or other
activities ofthe Government or because of the infbnnational
value of the data in them" : This definition is intentionally
broad to ensure that documentation of Federal Government
activities is sufficient to serve as a record of the conduct of
Government business!. It is also important to be aware that
"preservation" does not always iriean permanent preservation
and that some documents are still records even if they only
have very short life spans.
Records can be in several forms, such as: working files, drafts,
electronic mail messages, data and spreadsheet files, computer
output, data from test equipment, results of computer modeling,
videos, maps, architectural drawings, microfilm, as well as
paper documents Employees must apply the definition of a
record to such documents to determine whether they merit
retention as records. Employees should remember thatofficial
Agency records include both final products and documentation,
supporting the decision trail.
Are Copies of My Work Considered Federal
Records?
Extra copies of documents which employees have drafted,
reviewed, or otherwise acted upon for their own convenience
are considered nonrecord material. [NOTE: Extra copies may
be considered records for the purposes of the Freedom of
Information Act (FOIA); consult the Agency FOIA Manual/
the FOIA Office or the Office of General Counsel for
additional information or clarification.] A document is only a
-------�
nonrecord if a record copy is stored elsewhere. Accordingly,
employees are allowed to keep extra copies of these documents
provided that they do not contain sensitive information such as
confidential business information, enforcement sensitive
information, or Privacy Act information, and if the Agency has
no further use for the documents. For example, employees-
leaving EPA may take existing extra copies with them but may
not create extra copies in anticipation of leaving.
What Are Personal Papers?
Personal documents which employees keep at wok are their
own property and may be removed without prior approval.
Personal papers are documentary materials of a private nature
that do not pertain to or have any impact on Agency business.
They generally include the following categories:
• materials created before entering Government service (and
not subsequently used in the conduct of Agency business);
• materials relating solely to the employee's private affairs;
and
• personal notes or correspondence not related to the
transaction of Agency business.
Personal papers must be clearly designated as such and
maintained separately from Agency records. Labeling a
document "personal" or "private" does not make it a personal
paper. For example, correspondence marked "personal" but
relevant to the conduct of public business is an Agency record
and subject to the provisions of Federal law governing the
maintenance and disposition of Federal records.
What About Documents That Contain Both
Personal And Official Record Information?
Documents containing some Agency record and some personal
information are to be maintained as records. For example,
daily calendars containing personal as well as professional
appointments are at least partially record material and should
be treated as such. Ideally, personal papers should be kept
separate from official records on all documents. [NOTE: If a
FOIA request is received for documents containing both
personal and Agency information, the personal material may
be deleted or edited. It is important to remember that the FOIA
definition of records is more inclusive than the definition used
for records management Employees should contact the
Agency FOIA office or the Office of General Counsel for
guidance when responding to a FOIA request]
Who is Responsible for Agency Records
Held by EPA Contractors?
Project Officers, Work Assignment Managers and other
technical representatives should take a
-------�
Office of Information Resources Management.
U.S. Environmental Protection Agency
February 1995
EPA-220-F-95-001
TEN
FREQUENTLY ASKED QUESTIONS ABOUT RECORDS
Q. What are my basic records responsibilities as a manager or employee?
A. There are only three major ones:
¦ Create the records necessary, to document the activities for which you are responsible,
¦ File those records in a manner that allows for them to be safely stored and efficiently
retrieved when necessary, and
¦ Dispose of records in accordance with Agency and Federal regulations.
Q. What is a record?
A. Books (and laws) have been written on this subject The basic definition is found in die
Federal Records Act. Records are defined as "all books, papers, maps, photographs,
machine readable materials, or other documentary materials, regardless of physical form or
characteristics, made or received by an agency of the United States Government" [44 U.S.
Code, Chapter 33, Section 3301] and needed to document Agency activities or actions.
Q. Is all of the paper I have in my office record material?
A. No. In most programs, probably a quarter of the paper volume is actually record material
that needs to be retained for any length of time. Much of what is in most offices is
reference material which can be destroyed when no longer needed. Even working papers
are records, although they generally need to be maintained for a shorter period of time.
Q. What should I treat as a record in my office?
A. From a records management perspective, a document is a record in your office if:
¦ Your office created it.
¦ Your office acted on it
¦ Your office received it for action.
¦ Your office is designated as the custodian because of oversight duties or for other
reasons.'
¦ Your office needs it to document its activities or decisions.
Q. I have a lot of records around. I don't need them any more and they are fairing up
space. Am I free to recycle ojfdestroy them?
A. No. Federal records are government property. They can not be loaned, recycled, or
otherwise destroyed without authorization.
Q. How can I reduce the volume of records I have in my office?
A. Use records disposition schedules as a guide to eliminating unnecessary records. Retention
of each type of records maintained in your office is governed by a records disposition
schedule which has been rigorously reviewed to. ensure the records are kept a sufficient
length of time. Schedules are reviewed and approved by the Agency and the Archivist of
the United States and serve as the legal authority for destruction of records or their transfer
National Records Management Program ¦
-------�
Office of Information Resourced Management
U.S. Environmental Protection Agency
February .1995
EPA^220-F-9£401
TEN
1
2
3
4
5
6
7
8
9
10
FREQUENTLY ASKED QUESTIONS ABOUT RECORDS
to die National Archives: Here areDther methods for reducing the amount of paper in your
office:
¦ Review yourfiles for-outdated referencematerialsand discard (recycle) superseded or
obsolete items-
¦ Microfilm your/records. In most cases if they are properly filmed, thepaper original can
be destroyed.
¦ Use image technology to eliminate'the need to keep-massive amounts of*paper on site.
Q. Does this apply only to paper?
A. No..A record can be any physical format: microfilm, videotape,.maps, photographs,
electronic .records'(word processing, spreadsheets, electronic mail, etc.), or othermedia.
For example, electronic mail messages that meet the definition of a record must be retained
in' either paper or electronicform as long as the records disposition schedule specifies.
Records in media other, than paper are alsocovered in the records disposition schedules
and often require specialliandling due to the fragility ofthe medium,
Q. Why do wehaveto do records management?
A. Three reasons - it makes sense from ail economy andefficiency^tandpoinf; it enables the
Agency {and you) to fully document its actions and.decisipns; and it lsreqUiredbyi Federal
statute and regulation..
Q. How do I benefit flrom good records management?,
A. Y6i^t)enefif several ways.
¦ Free up office space for other purposes.
¦ Allow quicker retrieval of documents.
¦ Provide better documentation with less paper.
¦ Save money on. space,'equipment, and staff time.
¦ Comply with Federal and Agency requirements.
Q. Who do I contact for help?
A. Each program office has a Records Contact or Liaison who can assist you with your
records questions. Assistance is also available from the National Records Management
Program in the form of:
¦ Records contact listing
iJ
¦ Training and briefings
¦ Copies of records disposition schedules
¦ Records management publications
¦ FHe plahs'and other model documents
Contact the National Records Management Program (NRMP) at:
£202) 260-5911 or 5912
National Records Management Program 2
-------�
EPA Records ManaflomentTecfinical Leaflets
A Practical
Guide
to Personal
Papers
The Environmental Protection Agency is
required by statute to "make acid preserve
records containing adequate and proper
documentation" of its activities (44 U.S.C.
Chapter 31). Tbe documentation necessary to
do so constitutes our official records, and staff
should be aware of the Agency policies
concerning the management and disposition of
official records. Officials may also maintain
personal collections of papers that theyhave
accumulated white in office. Both the official
records and file personal collections of papers
are important: both may have historical
significance. But it is sometimes difficult to
distinguish between the two.
The National Archives and Retards
Administration's (NARA) Personal Papers of
Executive Branch Officials, the most recent
installment in its continuing Management
Guide Series, can help determine which
documents must be incorporated into Agency
files and which materials may be considered
personal papers.
Persona! Papers
Officials of advisory and regulatory agencies
of tiie Federal Government create and maintain
official records during the course of their
Government service. By law official Federal
records are all documentary materials,
regardless of physical form, that
... are made or received by an agency
of the U.S. Government under Federal
law or in connection with the transaction
of public business, and
... are preserved or appropriate for
preservation as evidence of agency
activities or because of the value of the
information that they contain
(44 U.S.C. 3301).
Once officials have fulfilled their responsibility
to adequately document the agencyfe
organization, functions and activities in the
records of the agency questions may arise about
what work-related and other materials may be
considered personal papers. Most officials
accumulate and keep some personal papers at
the office. Certain materials are clearly personal,
and officials may cieariy claim them as such. In
the more difficult cases you may wish to consult
the agency records officer, legal counsel, or
other designated official to help determine if the
materials in question are personal papers or
agency records.
Some of the guidance expressed in the
NARA Management Guide is based upon court
decisions that define agency records under the
Freedom of information Act (FOIA). At this time
these decisions are the most pertinent guidance
available for determining which work-related
documents may constitute personal papers.
Future court decisions may produce different
results and revised guidance.
This Technical Leaflet summarizes the information contained in the NARA Guide.
For a copy of the Guide itself please contact Michael L. Miller, Agency Records
Officer, at (202) 260-5911.
National Records Management Program July 1994
Information Management and Services Division, U.S. Environmental Protection Agency EPA-220-F-92-019
Printed on Recycled Pcper
-------�
There Are Penalties
Statutory taw prohibits the destructioncr
removal from Government custody of any
Federal records Without the approval of the
Archivist of the United States <44 U.S.C.3303
and 44 U.S.C. 3314). 44 U.S.C. 3105 requires
the heads of Federal agencies to establish
safeguards against the removal or loss of
records. Criminal penalties are provided for fte
unlawful loss, removal, or destruction of Federal
records (18 U.S.C. 2071). The heads of Federal
agencies are required to notify the Archivist of
any actual, tmpencfing or threatened unlawful
removal, alteration or destruction of records in
their custody. The Archivist will assist agency
heads in initiatingaction through the Attorney
General of the .United Stales for the recovery of
records unlawfully removed.
What Are Personal Papers?
Personal papers are defined as documentary
materials, or any reasonably segregabfe portion
thereof, of a private or nonpublic character that
do not relate to, or have an effect upon, the
conduct of agency business (36 CFR
1222.20(d)). (t should be noted that personal
papere may refer to or comment on the subject
matter of agency business, provided that they
are not used in the oonduct of that business.
Marry EPA employees do have personal
papers in their file cabinets or computers.
Traditionally, there are three generally accepted
classes of personal papers:
~ Materials acctffnulated beforeentering
Government service that are not subsequently
used in the transaction of Govemmentbusiness,
e.g. previous work files, political materials and
referencefiles.
~ Materials brought into, or created or
received while in office that relate solely to an
Irefividuafs private affairs, e.g. outside business
pursuits, professional affiliations, volunteer and
Continued cm page 4
iHow Does One Determine]
In determining the status of a document as
an agency record or a work-related persona!
paper, agency employees can use the following
questions as guidelines:
Creation
Q:Was the documentcreated or received by an
agency employee on agency time, with agency
materials, at agency expense?
A: If not then the document very Ukety is not an
agency record on that basis alone. H the answer
is yBs, the document may or may not be an
agency record, depending upon other
considerations.
Content
Q; Does the document contain substantive
information about agency business? Does the
document contain personal as well as official
information?
A: if ft does not contain official Information, then
it very likely is not an agency record on lhat basis
alone, if it does, then additional factors should
be considered in determining whether theT
document is an agency record.
Purpose
Q: Was the document created solely for an
individual employee's personal convenience?
A: if so, then it is very Hkety that It is not an
agency record.
Q: Was the docMment created to facilitate agency
business?
A: If so, it may be an agency record depending
on its distribution and use by other agency
employees.
2
-------�
tfson;
Distribution
4 '£k $
:&&&
,.
Q: Was the document distributed to anyone else
for agency business or official purpose?
A: If it was distributed to other employees for an
official purpose, it may be an agency record.
¦- swifti ^ jg«SL v 5
Q: To what extent did the document's author
actually use the document to conduct agency
business? Did others use it?
A: Materials brought into the agency for reference
use do not become agency records merely
because they relate to official matters or because
they influence the employee's work. (On the other
hand, as influence becomes reliance or use by
other officials, a document is more likely to be an
agency record.)
Maintenance
M Was the document kept fn the author's
possession, or was it placed in the agency files?
A: If it was placed in an official agency file, it is
likely to be an agency record.
Disposition
Q: Was the document's author free to dispose of it
at his or her personal discretion?
A: If so, it is unlikely to be an agency record.
However, if the authority to dispose of the
document is based on an agency disposition
schedule, the document most likely is a record
despite the fact that the author had the authority
under this disposition schedule to destroy the
document. With agency permission, however,
officials may retain nonrecord copies of
documents as part of their personal papers.
.
Control
Si Wm
Q: Has the agency attempted to exercise
"institutional control" over the document through
applicable maintenance or disposition
regulations? Did it do so by requiring the
document to be created in the first place?
A: If so, the document is most likely an agency
record.
Segregation
. V !":V - !• ¦
Q: is there any practical way to segregate
personal information in the document from
official business information?
A: If so, the official portion of the document
should be copied or extracted and placed in the.
agency files. ~
***« i j 3 \i-V
Jf< T | tfcli
„ ** W'fl
W5
-------�
What Are ~ from page 2
community sendee records or private political
associations that do not relate to agency
business.
~ Diaries, journals, notesand personal
calendars and appointment schedules that are
not prepared or used for, or circulated and
communicated in die course of, transacting
Government business.
Care should be taken with all of the above
categories to file personal papers separately
from the records of the agency and to keep in
mind that some of these materials could later be
determined to be agency records, depending on
the circumstances surrounding their creation,
maintenance and use, and disposition. Labeling
materials as personal," "private," or "confidential"
does not necessarily make them persona!
papers. Documents marked with those or similar
designations are indeed Federal records and not
personal papers if they are used In the
transaction of agency business.
General Principles
Several general principles may be drawn with
regard to agency records/personal papers
issues. These issues include:
~ Private materials not created within an
agency but brought into it by an employeefor
reference purposes do not become agency
records by mere incidence of location.
~ A document created within an agency
cannot be regarded as "personaf merely
because its author is free to dispose of it
~ Use alone is not conclusive. The only
consideration that may be conclusive is the
assertion of agency control over a document
through institutional requirements mandating its
creation or retention. ~
For Additional information:
A ERA. Ethics Advisory 89-2, Disposition of
Federal Records and Personal Papers,
January 18,1989.
~ NARA Bulletin 93-2, Proper Disposition of
Federal Records and Personal Papem,
National Archives and Records
Administration, November 13,1992.
~ Persona! Papers of Executive Branch
Officials: A Management Guide
[Management Guide Series], Office of
Records Administration, National Archives
and Records Administration, 1992,
~ What Makes Papers Personal? [flyer]
National Records ^nagement Program,
Information Access Branch, Office of
Information Resources Management, U.S.
Environmental Protection Agency, August
1992, ER* 22D-F-92-013.
For further information contact Manker R. Harris
at (202) 260-5272.*
National Records Management Program 4
July 1994
-------�
Office of Information Resources Management
U.S. Environmental Protection Agency
July 1994
EPA 220-F-82-016
Managing Working Files
When it comes to describing working files the old saw about art comes to mind:
"I cant define what it is, but I know it when I see W
\nrmp/
According to the National Archives and
Records Administration (NARA), working
files consist of documents "such as rough
notes, calculations, or drafts assembled or
created and used to prepare or analyze other
documents." But ask most EPA employees,
and they will say that the files in their fiiing
cabinets are their "working files." So who is
right?
The answer is that NARA is right in
theory, and EPA's definition fits far too
many offices at EPA. Why? Because too
many EPA programs have lost the distinction
between "official files" and "working files."
One of die biggest challenges to records
management in EPA is to reintroduce this
vital distinction which is fundamental to
effective management of our records. This is
done by developing recordkeeping
requirements for each of the Agency's major
programmatic and administrative files, an
initiative that EPA will be implementing
over the next five years.
One function of recordkeeping
requirements is to identify what documents
need to be included in the official file. In
fact the easiest way to define working files is
to define official files first Within EPA,
official records are defined as
... any final product related to
administration, management,
enforcement, regulation or other
Agency function and all documentation
necessary to support that document, the
decision trail leading up to it and die
. actions that result from it.
Working papers are everything else.
National Records Management Program
Tbo many EPA programs have lost the
distinction between "official files" and
"working files." One of the biggest
challenges to records management in
ERA is to reintroduce this vita}
distinction which is fundamental to
effective management of our records.
Why is the working files question
important? As long as they consist only of
"rough notes, calculations, or drafts" working
files are not a major problem. But
professional staff frequently maintain a
substantial portion of their project
documentation in "Working files."
When working files contain records
needed to document program activities they
pose two problems. If working files are
poorly organized and inscrutable to anyone
but the creator (which they often are)
identifying record material to document
program activity is difficult. If.staff mix
record and non record materials in one
voluminous "working file" (as they frequently
do) the Agency is forced to manage an even
larger volume of material than is necessary.
Everyone creates working files and they
are necessary to keep operations running
smoothly. How to manage them is the
question. The basic considerations are to make
sure that records needed to document Agency
activity are separated out from working
documents and filed in official files, and that
the volume of working files is kept to a
minimum by constant weeding.
Printed on Recycled Papef
-------�
Office of friformatton Resources Management
U.S. Environmental Protection Agency
Programs often take one of two
approaches to manage working files.The
first approach is to minimize their existence
by having staff create an official file when
the action Is initiated, and file the'offici?!
records and only, official records in it This
is the best solution from a theoretical
perspective, and.it works especially well for
repetitive actions where approvals are
required, such as the issuing of pennits,
travel vouchers, purchase requests, or the
approval of directives.
In other cases, staff retain most or all of
the papers until a specified milestone is
reached or die activity or task is completed.
At that time an official file is compiled. This
works well when several individuals are.
contributing to one product or result, or
when projects are unique. Some programs
also use this approach in compiling
administrative records.
S'ajpji^rtin]g':Mc^rfal8^ind
^Sdpp(^ngvm^^^^^;nbtworidng
materials ait'
dopnterats tfiaCJffeineces^ryrtp -
4bri»idntrail;8t^^
gart4>f
-------�
Office of Information Resources Management
U.S. Environmental Protection Agency
July 1994
EPA 220-F-92-016
Some Basic Questions and Answers Concerning Working Files
Q. Are working files records?
A. As discussed in the article, working files
usually contain a mixture of record and non
record materials. Uptil the holder of the fifes
separates out and files all records, the
working files themselves must beconsidered
record.
Q. Are working files thesame as
personal papers?
A. No. Personal papers are nonofiBcitd»There is no simple answer to this question. As
noted ^n the article^ some working file
-materials caar be defrayed jvhen no longer
1 needed. Other portions should be retained for-
a brief .time, usually fail months after the
project is completed, and then destroyed.
Check your records diiposi tiotJschedtlle. If
documents, are worth retaining for a longer
period of time, thpy .'should ^fte Jcept as part of
'the officid^le. If '*Working files" are to be
retained, they should be pruned of non record
material and organized so that they can be
understood by someone other than the creator.
Otherwise there is no reason to keep them
beyond their immediate usefulness.,
National Records Management Program
-------�
Office of Information Resources Management
U.S. Enulionmeirtal Protection Agency
July 1994
EPA.220-F-92-016
tl
For Further Reading
You may wish to consult the following
publications for information on related
issues.
¦ A Basic Approach to Improving Your
Files, [flyer] June 1992.
¦ EPA Records Management Tools, [flyer]
Revised August 1992. EPA 220-F-92-Q09
¦ INFO ACCESS: Records and Library
Network Communications, [monthly]
¦ Information Resources Management
Policy Manual (2/00)—Chapter 10:
Records Management. November 1987.
¦ A Practical Guide to Developing Records
Disposition Schedules. August 1992. EPA
220-F-92-008
¦ Records Management Manual (2160),
1984. Updates in 1986 and 1988.
¦ . Safeguarding and Disposition of Official
Records. ERA Notice 88-1.
Environmental Protection Agency,
September 12,1988.
¦ ' 10 Frequently Asked Questions About
Records, [flyer} August 1992. EPA 220-
F-92-010.
¦ 10 Quick ways to Improve Records
Management in Any Office, [flyer]
August 1992. EPA 220-F-92-011.
¦ Using the Federal Records Center. A
Guide for Headquarters Staff. July 1991.
EPA/IMSD/91r004
¦ What is a Record? {poster] February
1992. EPA-220-E-92-001.
¦ What Makes Papers Personal? [flyer]
August 1992. EPA 220-F-92-013.
Contact the National Records Management
Program at (202) 260-5272 for copies of
these publications. ¦'
Managing Working Filestiram page 2
to be completed by a certain date
should be destroyed once the action has
been completed.
¦ Telephone slips, notes* E-mail
messages that are facilitative not
substantive in nature (e.g. "Mike,
please call Ann about the project").
Destroy when no longer needed.
«r Telephone slips, notes, E-mail
messages that are substantive in nature.
Either retain or create official
documents, such as memos for the
record summarizing substantive
conversations, meetings, telephone
calls, and the like, and destroy the
notes.
¦ Drafts that are not circulated for
comment or review cm be destroyed
when no longer needed.
¦ Drafts that contain only editorial
changes suggested by others can be
destroyed when no longer needed.
¦ Drafts that contain substantive changes
need more analysis. If the changes are
important, you may- wish to retain
them as supporting the documentation.
In most cases, however, it .is sufficient
to summarize the comments in a memo
foe record. In the case of documents
circulated for comment, you can
always keep an o: i nal full copy and'
then retain only annotated pages of
the copies with «&•' ments. ¦
National Records Management Program
-------�
Draff Framework for Recordkeeping Requirements
at the Environmental Protection Agency
Level 1 Recordkeeping Requirements
Purpose: Provide overall framework for
' Agency documentation
Issued by: National Records Management Program
(OIRM)
How: Agency IRM Policy Manual
Agency Records Management Manual
Agency Records Disposition Schedules
Policy Papers
Subjects to Cover:
1. Describe Agency responsibilities for
documenting activities including the
recordkeeping requirements program.
2. Define:
~ Records
~ Non records
~ Personal papers
3. Provide general overall policy on the
management of records in specific media.
Examples:
~ Electronic
~ Audiovisual
~ Cartographic
4. Provide general overall policy on the
management of certain types of records held/
created Agency-wide. This would be similar to
that described under Level 3 Recordkeeping
Requirements discussed below. Examples:
~ Electronic mail
~ Working papers
~ Contract records
~ FOIAs
~ Contractor-maintained records
~ Dockets
5. Identify broad categories of records necessary to
document Agency activities. Examples:
~ Controlled correspondence
~ Schedules of activities
~ Rulemaking records/Dockets
~ Administrative records under the APA
~ Permits
~ Directives
~ System development documentation
6. Provide retentions and dispositions
for Agency records.
Level 2 Recordkeeping Requirements
Purpose: Provide program specific guidance on the
need for recordkeeping requirements, and
what records are neededfor program
documentation.
Issued by: Assistant and Associate Administrators
and Regional Administrators
How: Program Directive
Subjects to Coven
1. Identify specific categories/series of records
necessary to document program activities based on
program needs and program specific legislation.
Examples:
~ RCRA Permits
~ Superfund Site Files
~ RCRA Docket
~ Office Director files in specific offices
~ CERCLIS automated system
2. For records series maintained at multiple locations
(e.g., RCRA permit files) resolve issues discussed
in Points 1 and 2 under Level 3 Recordkeeping
Requirements (below).
National Records Management Program, Information Access Branch
Office of Information Resources Management, U.S. Environmental Protection Agency
EPA 220-N-94-003
February 1994
-------�
Level 3 Recordkeeping Requirements
Issued by: Laboratory, Office and/or
Division Directors
How: Program Directive Records disposition
schedules Program records management
manual
Purpose: Provide specific detailed information
about the management of individual
records series.
Subjects to Coven
1. Identify the types of documents to be included in
individual files such as those listed.in Level 2,
above. Resolve question such as:
~ What documents need to be retained?
~ Which commonly held documents can be
discarded?
~ How should documents be arranged in the file
folder?
~ Should drafts be included?
> When and how to incorporate email messages,
notes of meetings, telephone memoranda?
~ Whether the records should be divided between
an Official file of primary documentation and a
Working file of supporting documentation?
2. Provide records management guidance in areas
such as:
~ Sensitivity status/access restrictions
~ Vital recordsstatus
~ Arrangement schemes for. the series
~ Hie plans
3. Identify files custodians/filing stations.
4. Provide complete recordsdisposition information
This Draft Framework was developed by the National Records Management Program. Please direct ybur
comments to Mike Miller, Agency Records Officer, via telephone (202-260-5911), fax (202-260-3923), or
All-in-1 (MILLER.MICHAEL-OIRM).
-------�
DRAFT OP 12/27/93
U.S. EPA RECORDS CONTROL SCHEDULE
SERIES TXXLEs Source Data Files Relating to Zn-house Research Projects
PROGRAM: Research and Development Laboratories
EPA SERIES NO: 503L
KARA SCHEDULE NO. NC1-412-85-23/7
(Use this number to retire records to the PRC)
APPLICABILITY! Agencywide
IDKHTIFYTNa INFORMATIONS
DESCRIPTION: Includes data files, exclusive of records in the Zn-house
Project Case Files or information in the Laboratory Notebooks, usually
consisting of research findings, test results, magnetic tapes, .large volumes
of survey questionnaires, or recurring reports in paper format used in the
collection and processing of raw data generated by experimental observations
to arrive at conclusions or scientific determinations during the course of a
research project. There are two types of data files:
a. Data files of continuing research value - Contain basic scientific data in
sufficient detail that, if not documented in published reports in the Project
Case File or Laboratory Notebooks, would be needed for continued research
purposes.
b. Other data files - Contain data determined by competent scientific or
technical personnel either to be duplicated or sufficiently summarized in
technical reports or elsewhere in the Project Case File or Laboratory
Notebooks, or to be of such a routine, repetitive, or fragmentary nature that
they would not be needed for continued research purposes.
ARRANGEMENT:
TYPE OF RECORDS: SPECIFZC RESTRZCTZONSI
Data files
MEDIUM: VITAL RECORD:
Paper, electronic
FUNCTIONS SUPPORTED:
Program operations
SPECIFIC LEGAL REQUIREMENTS:
-------�
EPA SERIES NO. 503L
DISPOSITION INFORMATION:
FINAL DISPOSITIONS TRANSFER TO PRC PERMITTED:
a. Disposable Yes
b. Disposable No
FILE BREAK INSTRUCTIONS:
a. Break file upon completion of research project.
b. See disposition instructions.
DISPOSITION INSTRUCTIONS!
a. Keep inactive materials in office up to 3 years after file break, then
retire to FRC. Destroy when 20 years old.
b. Destroy upon completion of research project or sooner if no longer needed
for research purposes.
APPLICATION OUTDANCE:
REASONS FOR DISPOSITION: Disposition previously approved by the National
Archives.
AGENCYWIDE GUIDANCE: Data files should be identified so they can be linked to
specific projects and/or laboratory notebooks.
See EPA 502L for Laboratory Notebooks and EPA SOIL for Research Project Case
Files - In-house Projects. Sampling and Analytical Data Files - Superfund
Site Specific are scheduled as EPA 018A, and for programs other than Superfund
as EPA 223R.
PROGRAM OFFICE GUIDANCE/DESCRIPTIVE INFORMATION:
CUSTODIAL INFORMATION:
CONTROLLING UNIT:
Name:
Location:
Inclusive Dates:
Volume on Hand (Feet):
Annual Accumulation:
(feet or inches)
CONTACT POINT:
Name:
Mail Code:
Telephone:
Office:
Room:
CONTROL INFORMATION:
RELATED ITEMS: EPA 018A, EPA 223R, EPA SOIL, EPA 502L
PREVIOUSLY APPROVED BX
NARA SCHEDULE NOS:
Approval
Date EPA
4/1/85
Approval
Date NARA
8/26/87
Entry
Date
6/14/93
Last
Modified
12/27/93
-------�
Notes for the presentation by...
Lee Manning
m-' iMwisMsf vwI
. , -j -s . i
. - ;
jV^Xvi " V.J sX-C^
-------�
STORET Modernization
o - Process
o - Progress
o - Problems
Lee J. Manning.
OW/OWOW/AWPD
STORET System
(202)260-6082
(800)424-9067
L JM @ epaibm.rtpnc.epa.gov
-------�
Process
Methodology
Gather requirements
CASE environment
Cumulative prototyping
Deliver finished product
-------�
Progress
Monitoring Sites
Organizations and Projects
Samples and Results
Production System
-------�
Problems
Continuity of staff
Standlrds of Reference
QA/QC Mandatory/Optional
Client/Server Uncertainty
-------�
Notes for the presentation by...
Joan Novak
»,r
. . y/:<' Afer-.v'SV-'-l1:1""--¦ - V*-",.
mm
;« . -
-------�
National Technical Workshop on Quality
Assurance in Information Technology
Quality Assurance for Development
of EPA's Models-3
Joan Novak
US Environmental Protection Agency
National Exposure Research Laboratory
Research Triangle Park, NC
August 21,1996
-------�
Presentation Overview
Modeis-3 project background
Models-3 objectives and scope
Models-3 planning & development process
Quality Assurance approach
-------�
Community Environmental
Decision Making
Human
Ecological
Socio-economic
Technologies
-------�
Models-3 Initial Implementation
Air Quality Modeling
Multi-pollutant —~ Ozone, Acid Deposition,
Fine Particulate
Multi-scale ~ Regional, Urban, Plume
¦ Interchangeable science module
¦ Emissions control strategy planning
¦ Embedded meteorology modeling
¦ Sensitivity and uncertainty analysis
-------�
Models-3: Evolving
Environmental Modeling Framework
Multi-discipline
¦ Air, water, ecology, emissions
¦ Economics, exposure, risk
Multi-scale
¦ Regional, urban, plume
Multi-user
¦ Community environmental
management
-------�
Models-3 Users
Community Stakeholders
Federal Agencies
European and Third World Countries
-------�
Environmental Modeling
& Decision Support
-------�
General Modeling Framework
i Object-oriented design & implementation
i Graphical human-computer interface
Automated execution
Multi-platform computing
Distributed data management
Integrated analysis & visualization tools
-------�
Benefits of Software QA
Ensure quality of generated information
Ensure system performance
Meet objectives within budget & on-time
Capture project knowledge
Enable rapid adaptation of emerging
technology
Enable software reuse & expandability
-------�
Models-3 Project Planning & QA
¦ Vol. 1: Concept
¦ Vol. 2: Project Management Plan
¦ Vol. 3: Project Risk Management
¦ Vol. 4: Project Verification and Validation
n Vol. 5: Project Configuration Management
-------�
Models-3
System Specification & Operation
Vol. 6: Scientific Concepts & Requirements
Vol. 7: System Requirements
Vol. 8: System Design
Vol. 9: System Install., Operation, & User
Manuals
Vol. 10: System Implementation &
Maintenance
Volume 11: Project Summary & Evaluation
-------�
Volume 2: Project Management Plan
Project Organization
- Goals, constraints
- Participants, roles
Product Structure, project stages, deliverables
Managerial process
- Objectives & priorities
- Software development process
- Monitoring & controlling mechanisms
- Standards & procedures
Resources, schedules
Quality Assurance Approach - Vol. 3, 4, 5
-------�
Evolutionary Prototyping &
Development
-------�
Models-3 System Life Cycle
i
Acceptance
Test
-------�
Monitoring & Control Mechanisms
Configuration Control Board (CCB)
- Review status & resolve issues
- Identify & evaluate project risks
- Review & evaluate
> Problem reports, change requests, test results
> Prioritize actions
- Review & approve/disapprove products
Independent Product Assurance Group
- Review all documents
- Prepare system test & acceptance procedures
- Execute system acceptance
-------�
Project Risk Management
Identify, assess and eliminate risks to
schedule, cost, functionality, adequacy, and
quality
-All participants identify risks
- CCB assesses magnitude, sets priorities,
plans resolution
- Resolution tracked and status reported
-------�
Project Communication
Newsgroups
Project file server
- CCB and project team minutes
- Document libraries
- Software libraries
SDC software development internal web site
-------�
Highlights of Models-3 Software
Development Internal Web Site
Object Oriented Approach
- Rumbaugh et. al. notation
- CASE Tool: OMT Software Through pictures
- OODB: Objectstore
- System communications via CORBA
- Reusable C++ class libraries
Software Development
- Subsystem files
- Tools, metrics
Project Progress and Diary
Peer Review Artifacts
Global Design & Implementation Decisions
-------�
Standards and Procedures
Coding standards (5)
Change control (5)
-------�
Code Review Procedures
Purpose
- Identify improvements and/or errors
- Achieve uniform coding
- Ensure system integration
Ground rules
- Materials available 24 hours before review
- Reviews less than 2 hours
- Discussions over 10 min. taken off-line
- Review notes published within 24 hours
(template)
- Defects entered bito tracking tool
-------�
Example Code Review Output
Review Date
Review Facilities
Review Type
Material Name
Materials to Review
Role
Moderator:
Author:
Principal:
Scribe:
PA:
Othei':
: 5/9/95
: SDC Huddle Room
: Code
: Datset Manager Interface to M3GI Server
: M3DSID.cc
M3DSID.hh
M3DS.idl
Name
Enoch Chuang
Becky Bagdasarian
Wilson Varga
Sherrie Girton
Christina Brundage
Kirk Baldwin
Ted Liu
Init
wee
rkb
vww
slg
cvb
kdb
tel
Hrs Preparation
30 minutes
30 minutes
1.5
20 minutes
y\ eg
-------�
Example Code Review Output
VARIANCE
File Name
Line
Severity
Category
M3DSGI.cc 45 non-critical
Initialize pointer to null
M3DSGI.cc
Flip lines
241-243
serious
comment
logic
M3DSGI.cc 567-576 non-critical standard
Delete these lines - automatic variables are deleted by orbix.
M3DSGI.cc 1278 non-critical logic
Put assert in Black to check that input parameters exist.
Severity Codes: critical, serious, non-critical
Variance Categories: exception, memory, simplicity,
comment, standard, requirement, logic
-------�
Configuration Management
Identify items to be controlled & how they are
grouped into application configurations
- Source & object code
- Test plans & data, data libraries
- Data base structures & elements
- Control directives, job control
- Procedures, rules
- Development, operation & maintenance documentation/data
Control release, access, and changes
•
Record & report status of items, configurations,
and change requests
Verify completeness & correctness through reviews
& audits
-------�
Organization of Software Libraries
PERSONAL
Unit Test OK?
Peer Review OK?
UNOFFICIAL
Yes
CCB Review OK?
PO Approval?
Yes
OFFICIAL
development^
Acceptance Test
CCB Approval?
PO Approval?
No
-------�
Software Development Verification
& Validation (V&V)
Products of development phases are inputs to V&V
- Concept document
- Prototypes
- Requirements Definition
- Design
- Code and test
- Acceptance test
- Maintenance
¦ Requirements Traceability via CASE Tool
-------�
V & V Activities For Code & Test
-------�
Requirements Tracer Utility
Example Output
Mandatory
Targeted
# req.
58
82
# alloc, to
design % alloc.
55
58
95
71
Extended
38
11
Unallocated Mandatory
4.1.4.11 47
4.3.1.2 76
4.3.1.3 73
-------�
Development Metrics
Requirements
•# Requirements
•# Testable Requirements
•# Requirement Changes
•# Proposed Changes
•# Current Open Proposed
Changes
•# Hours Spent on
Requirements
Design
•# Requirements Allocated
•# Classes
•# Functions per Class
•# Attributes per Class
•# Hours Spent on Design
-------�
Implementation Metrics
# Test Procedures
# Requirements Tested
# Hours Spent on
Testing
Teste
-------�
Models-3 Change Control Process
Tools: gnats and tkgnats
Options
~Create Problem Report
•Query Problem Report
Tracking Ttems
•Action items
•Risks
•Change requests
•Documents
-------�
Science Model
Verification & Validation
Verification: ensures correctness & reliability
- Equation & code consistent/error free
- Efficient use of computer resources
Validation: ensures traceability to user needs
Evaluation: ensures adequacy of the science
- Ensures right answers for right reasons
- Compares predictions vs observations
Performance evaluation: ensures validity of use for
specific user questions
- Controlled experimental testing
- Precise measures of performance
- Explicit evaluation criteria
- Systematic analysis
-------�
Models-3 QA Summary
Document driven approach
Parallel prototyping and development
Unit & integrating testing
Change control & tracking with metrics
Independent system acceptance testing
Formal evaluation for regulatory acceptance
QA in every phase
-------�
Notes for the presentation by...
Joe Eidelberg
.
m
%? - - » :
•; ^ -
!®s
.: . VV.'^
• . / ' ' . ' . .^vc.5
; . - ,
MP*" jA ¦H*'
' v>,X I %^VS^4%;" * |
NX x- x *||&S, v 1 ;
, " > * T ^ ¦
¦ --¦¦ - < - ^'Ki ''4.'Vc" *
V'% ''lj'£™%(. % 'i,;.«
- ^ w <
I
-------�
-m
Notes for the presentation by...
Bob Ambrose
tIMlilfgp
»Mr
'wmmMfimmmm.
mammm
A J
- * ** -
i ¦ ' v; .-X-" • &v
yr'XM
vK ' ;
¦P
* ' - ..
< ...
.....
-------�
Water Models
Case Histories in Software
Development Life Cycle Management
Robert B. Ambrose. Jr.
WHAT IS A MODEL?
A REPRESENTATION OF REALITY
THAT CAN BE MANIPULATED TO
GAIN INSIGHT
" all models are wrong! Some,
occasionally, may be useful; the
trick is not only to know how, but
when, and why....."
Bill James, University of Guelph
WHAT CAN WATER
QUALITY MODELS DO?
i DESCRIBE AND INTERPOLATE
EXISTING DATA
' DESCRIBE UNDERLYING PROCESSES
»PREDICT CONDITIONS FOR
GENERIC SCENARIOS
. PREDICT SITE-SPECIFIC
CONDITIONS
GENERAL STEPS IN
WATER QUALITY
ANALYSIS
i HYDRODYNAMICS - where does the
water got
' MASS TRANSPORT -- where do the
chemical and solids constituents go?
¦ WATER QUALITY KINETICS -- how do
the constituents interact in the water?
¦ ENVIRONMENTAL TOXICOLOGY --
how do concentrations affect people,
biota, and ecosystems?
EPA'S INSTITUTIONAL FRAMEWORK
FOR SURFACE WATER QUALITY
MODELS:
The Center for Exposure Assessment
Modeling (CEAM)
-------�
CENTER FOR EXPOSURE
ASSESSMENT MODELING
CEAM provides proven predictive exposure
assessment techniques for aquatic,
terrestrial, and multimedia pathways for
conventional pollutants, organic chemicals
and metals
Analysis techniques range from screening
analysis techniques to sophisticated,
state-of-the-art simulation models ,
SOFTWARE DISTRIBUTION
DISKETTE
3.5 In floppy disks for IBM PC compatibles
Exchange Policy
Electronic Bulletin Board
Electronic Distribution
Technical Assistance
INTERNET
Distribution Only
CEAM Software Distribution by Media
7,000
6,000
5,000
4,000
3,000
2,000
1,000
0
m INTERNET
¦ DISKETTE
m BBS
¦ TAPE
CEAM Distribution by User
Private 63 8%
Surface Water Models
• Storm Water Management Model (SWMM)
-Comprehensive Model for Urban Runoff Analysis
• Hydrologic Simulation Program - FORTRAN
(HSPF)
•-Comprehensive Model of Watershed Hydrology, Water Quality,
end Instream Transport
• Water Analysis Simulation Program (WASP)
-Generalized Modeling Framework for Contaminant Fate and
Transport
Surface Water Models
> Exposure Analysis Modeling System
(EXAMS)
- General Chemical Fate
¦ Food and Gill Exchange of Toxic
Substances (FGETS)
- Fish Bloaccumulatlon
• Stream Water Quality Model QUAL2E
- Wasteload Allocation of Conventional Pollutants
-------�
Surface Water Models
• CORnell Mixing Zone Model (CORMIX)
- Mixing Zone Models with and Expert System Shell
• PLUME
- Ocean Discharge Plume Models
• MINTEQ
-Geochemteai Equilibrium Spedatlon Model
PREDOMINANT DEVELOPMENT
CHARACTERISTIC:
EVOLVED:
- QUAL2E
• WASP
¦ SWMM
CREATED:
¦ HSPF
-EXAMS
•FGETS
• CORMIX
WATER QUALITY ANALYSIS
SIMULATION PROGRAM - WASP5.I
¦ EUTRO -- DO, BOD, eutrophication
¦ TOXI — organic chemicals, solids, metals
(simple treatment)
¦ DYNHYD — branching hydrodynamics
¦ PREDYN -- preprocessor for DYNHYD
• WISP — operations shell
¦ W5DSPLY - Interactive plotting package
STREAM WATER QUALITY MODEL,
QUAL2EU
¦ QUAL2E -- DO, BOD, eutrophication, T
¦ UNCAS — uncertainty analysis module
¦ AQUAL -- preprocessor
¦ Q2PLOT -- postprocessor/graphics
STORM WATER MANAGEMENT
MODEL, SWMM 4.3
- RUNOFF Block
¦ STORAGE/TREATMENT Block
. - TRANSPORT/EXTRAN Block
¦ STAT Block — statistical summary
• see history and literature at
http://www.eos.uoguelph.ca/-james
-------�
HISTORY OF WASP DEVELOPMENT
Great Lakes Modeling (1970fs)
- Hydroscience, Inc., Manhattan College
- eutropliication kinetics
Potomac River Model (1982)
- Hydroscience, Manhattan College
- eutropliication, DO kinetics
WASP (1982)
- Hydroscience, EPA Grosse lie
- general structure
TOX1WASP (1983)
- EPA Athens
- solids, EXAMS organic chemical processes
WASP3 (1986)
- EPA Athens
- TOXIWASP algorithms
- Potomac eutropliication algorithms
- DYNHYD2 hydrodynamics
WASP4, 5 (1988,1993)
- EPA Athens updates
-------�
IS WASP A MODEL?
COMPONENT
WASP 4
Computer program
WASP 4
Kinetic Subroutine
(ie T0XI4, EUTR04,
T OXI4, etc +
Input data
REPRESENTS
Conservation of
mass principle
General behavior
of set of water
quality constituents
Specific behavior
of constituents
in specific
aquatic system
-------�
THE BASIC WASP 4 SYSTEM
>UT DATA
MODEL
OUTPUT DATA
TRACER
TOXIC ORGANICS
EUTROPHICATION
-------�
MODEL NETWORK
~QZ,
XX
<-
XX
^7
xx
Hb
3
3
n
A
,v.v.-'v.v4~
« , ¦
4*-2_
EI
-------�
SPATIAL SCALES USED IN
LAKE ONTARIO ANALYSIS
HORIZONTAL
MODEL NUMBER OF SCALE (km 2)
DESIGNATION SEGMENTS EPILIMNION
SEGMENTS
LAKE 1
13,000
-------�
PHYSICAL - CHEMICAL PROCESSES
Dispersion
Speciation, Transport and Transformation Processes
in the Aquatic Environment
-------�
PARTICULATE MATERIAL
TRANSPORT
PROCESSES
0
1
SETTLING
U FLOW
DISPERSION
E
, -
Wd| DEPOSITION Wr1 RESUSPENSION
SEDIMENTATION
SED
-------�
EUTR04 STATE VARIABLES
-------�
HISTORY OF QUAL2E DEVELOPMENT
QUAL-I (1970)
- F. D. Masch and Assoc. for TWDB
- DO, BOD, and Conservatives
- Dynamic Numerical Solution
QUAL-II (1972)
- Water Resources Engineers for USEPA
- Algae, Nutrients, Non-conservatives
QUAL-II/SEMCOG (1978)
- CDM/WRE for Southeast Michigan Council of
Governments
- Diurnal Averaging for Algae and Temperature
- Steady State Solution
QUAL-II/NCASI (1980)
- Detailed Documentation and Commentary
- Corrections to SEMCOG Code
QUAL2E (1985)
- NCASI for USEPA
- Enhancements to Algae-Nutrient-DO Interactions
- New Output Formats -Hydraulics, Temperature
- Microcomputer Application
QUAL2E-UNCAS (1987)
- Uncertainty Analysis
Sensitivity, First Order, Monte Carlo
- Reach Variable Climatology
QUAL2EU (1990)
- Pre-processor (AQUAL)
- Post-processor/Graphics (02PL0T)
QUAL2EU (1993)
- Fast Versions for 386/486 Microprocessors
-------�
QUAL2E CAPABILITIES
SIMULATES 15 WATER QUALITY CONSTITUENTS
Dissolved Oxygen
Temperature
Nitrogen (4 forms)
Organic, Ammonia,
Nitrite, Nitrate
Phosphorus (2 forms)
Organic, Dissolved
Algae (Chlorophyll-a)
Arbitrary Non-conservative
CBOD (Ultimate or 5-Day)
Conservative Minerals (3)
Coliform Bacteria
MODELS DENDRITIC STREAM SYSTEMS
Tributary Streams
- Junctions
ACCEPTS MULTIPLE
LOADS
TRIBUTARIES
- Point Discharges
Distributed Loads/Losses
Unsimulated Tributaries
Withdrawals
COMPUTES FLOW AUGMENTATION REQUIREMENTS
FOR DO CONTROL
MAINSTREAM
SIMULATES STEADY STATE OR DIURNAL WATER
QUALITY RESPONSES TO CLIMATOLOGY
1-2
-------�
TYPICAL QUAL2E USES
* Stream Assimilative Capacity
* Wasteload Allocation Studies
- Point source
- Non-point source
* Diurnal Response to Climatology
- Temperature
- Algae
- Dissolved oxygen
QUAL2E LIMITATIONS AND CONSTRAINTS
* Input Loads and Flows are Constant Over Time
* Flows are Steady Over Time
* One-Dimensional System (Stream Well Mixed
Vertically and Laterally)
-------�
QUAL2E CONSTITUENT SCHEMATIC
(Reaeration)
r
ORG-N
V
S
a 1 (f 1)
;
no2
^AV^XivXXvtv.^Xv.V.
c=>
0
1
"
NO*
(1-f 1)
IwvvlvMSv! !'avm\>wv!' !
(1H
CLr li-
r)
mmismmm)
¦¦ - \. -
I
mmmmPt
. <
n
wmmm
St\\\yK£'y.\*.'.*.
y
lt;iillillt
' G
C
j\f
H
IWMp®
a3n
k4 (SOD)
CBOD
Tim
!CC\vXwylvsvXv!v'vi
Sip
>A¥ftW:»=::
>
1
<¦
°2/-~
lUMT
s.
IlliPlltf
-DIS-P
s .
cup
ai H
ai p
¦ Chi
a
isl®®
!\F - '
a2 H
a 2 P
I-4
-------�
Most Upstream
Point
Headwater
\
jHeadwater
Junction
1
Headwater
x
Junction
2
-SS_
58
_52_
Computational
Element Number
_64_
_£5_
3L
£L
i Reach
Number
JSQ_
3L
SL 9
CONCEPTUAL REPRESENTATION
STREAM NETWORK OF COMPUTATIONAL ELEMENTS AND REACHES
2-4
-------�
UNCERTAINTY ANALYSIS
OBJECTIVES
- Quantify errors in using models
- Bias and precision
> Expected values
> Variances
TECHNIQUES
- Sensitivity analysis (SENS)
- First order error analysis (FOEA)
- Monte carlo simulation (MCS)
APPLICATIONS
- Precision of model calibration
- Precision of model forecasts
- Risk assessments
SOURCES OF UNCERTAINTY
- Inputs
> Forcing functions (loads)
> Parameters
> Initial state
- Measurements
> Analytical
> Temporal
> Spatial
- Model error
> Lack of knowledge
> Resolution
-------�
FLOW CHART FOR QUAL2E - UNCAS
2U-1
-------�
HISTORY OF SWMM DEVELOPMENT
SWMMI (1969-1971)
- Metcalf and Eddy, Inc.
- Water Resource Engineers, Inc.
- University of Florida
WRE Transport (EXTRAN) (1973)
- WRE (Now CDM, Inc.)
SWMM II (1975)
- University of Florida
SWMM II with EXTRAN (1977)
- University of Florida, CDM
SWMM 3 (1981)
- University of Florida, CDM
SWMM 3.3 (1983)
- EPA Center for Water Quality Modeling
-------�
HISTORY OF SWMM DEVELOPMENT.
continued
* SWMM 4,4.05 (1988,1991)
- University of Florida, CDM
* SWMM 4.2 (1992)
- EPA CEAM
* SWMM 4.21 (1993)
- Oregon State University
* SWMM 4.3 (1994)
- EPA CEAM
* SWMM 4.31 (1995)
- OSU, CDM, and others
-------�
From:
Tot
Dates
Subject:
Wayne C. Huber
Multiple recipients of list SWMM-USERS
7/31/96 3:57pm
SWMM Maintenance — An Essay!
You're welcome for the corrections.
Regarding SWMM maintenance, EPA paid 20-30k per year for this to the
University of Florida, from the mid 70s to the mid 80s and then ran
out of funds. Versions 3 and 4 are due directly to EPA funding out of
CEAM. Since then I have continued to do it on a time available basis,
and several other groups have made their own ad hoc improvements.
Some of these improvements have come my way and are included in the
EPA/OSU version; others have not. One consequence of the lack of
funding is the lack of a good user interface in the "official" EPA/OSU
release. The EPA Office of Science and Technology Windows interface
serves this purpose to some extent (and the price is rightl), but it
too needs maintenance support and a way to consistently link it to
changes to the model engine made here. Fortunately, good options are
also available for SWMM in the private sector. But there is no
denying that the old interface and lack of modern graphics in the
"official" model turns off a lot of potential users.
Making modeling changes and mucking about in the Fortran is lots of
fun for me, and quite literally, a form of relaxation. Unfortunately,
I can't afford such time during most of the year. These recent
changes are the first I've made since October 95. Several persons
have sent problems to me during the winter and spring, to which I have
not responded, and I send my apologies for that. The recent
Statistics Block problems came at a time when I was going to work on
the model anyway, so it is fortuitous that I was able to solve them in
a timely manner. Unhappily, that is not the norm.
There are historical reasons why I am still a logical person to
continue this time-available effort, but, obviously, there are
problems when I don't have the time. Because there are no external
funds, I don't have students changing the code, although I do have
occasional masters projects involving SWMM. As I indicated earlier,
there are many capable programmers working on the model, but some
QA/QC is still necessary before releasing new revisions.
If I am continue to serve in this unofficial role as "official" model
overseer, what is most convenient is to have persons send me
suggestions for code changes (in magnetic form as well as printed).
(Also, don't forget the documentation!) I can often insert these
changes easily into my code. I have some changes sitting around from
Reid Crowther, CH2M-Hill, and CDM that I just need to understand, and
then I can place these changes in the "official" model. This should
be the fastest, easiest way to get changes into the model, but it
still happens only when I have the time, and I haven't had any, or at
least taken any, since October. It will always take longer to find
and make corrections to the code myself.
The bottom line is that I'd like to continue doing this, but because I
can't usually perform this function in a timely manner, at least not
-------�
without some support for a student, I am willing to consider help from
other persons. COM sort of serves this function, but not completely,
because I still perform the job of integrating their changes with my
version, and their interests are not always everone's interests.
Anyhow, it's a problem.
One additional comment about code modifications relates to
modifications that change the output, especially for Extran. This has
happened in the past three years, and users are understandably
disturbed if there are large differences in output between two
versions. Even as we speak,' I have received some suggested changes
for Subroutine HEAD that, might change the results by a few percent.
The reason for making changes in general is that they are supposedly
more correct than what was there previously. But if a firm has spent
mucho dinero calibrating version 4.05 and then finds that version 4.3
gives heads that are a foot different (I'm making up these numbers),
what are they and their clients to believe? One option, I believe
used by XP, is to include previous versions as options, seemingly a
coding nightmare, but leaving the choice to the user. This would only
work if the changes are fully explained to the user — seldom the
case. The user expects the model developer to have thought these
changes out and accept some responsibility for placing them in the
public domain. I'm afraid I haven't always done this as thoroughly as
I should and I actually rely on user feedback for some QA/QC that
should be done in-house.
I don't have a good answer for the questions raised in the last
paragraph except to say that in general, changes are supposed to be
for the better, and newer versions should be "more correct,"
computationally at least, than older ones (keeping in mind Bill James'
quote at the end of his messages). I also find it easier to accept
Extran changes from groups intimately involved in the model
development, such as CDM.
So, a long response to the question about maintenance, and I invite
your feedback. A few models, notably the HEC models, enjoy the luxury
of consistent, capable, long-term maintenance by experienced
professionals. This is a principal reason for their stature and
success. SWMM (and HSPF to some extent) have prospered in large part
because of good feedback from the user community and ad hoc changes
offered by the community. For SWMM, it appears as if this mode will
continue, at least for the near future. Fortunately, the model is
mostly a lot of funl
Wayne Huber
-------�
Notes for the presentation by...
John Irwin/Joan Novak
- •'¦*- " ¦: ,
.... -m; - - \ -
: *¦' r ~* ! ¦
v ... • . . ¦ . .
' ' ' •• .,* - - . . V ;
, f
V-
-------�
National Technical Workshop
on Quality Assurance and
Information Management
August 20-22, 1996
Omni Europa Hotel, Chapel Hill, NC
by
John S. Irwin, NOAA, OAQPS, EPA
We can not prove a model is right; we can only prove it is 'wrong', where
'wrong' is defined using measured values which have no guarantee of
themselves being right.
Our comparison data is so sparse. We have a poor understanding of how bad
our definition is of 'reality.' We have no standard for comparison. Agreement
may have little meaning because there are compensating errors. The use of
tolerance limits for acceptance may have little relevance.
Since ail models are used outside of the domain of data used to develop and
evaluate them, getting the science right is most important. Bias is more
important than precision. Scientific judgement and weight of evidence is very
important.
Evaluation is not a pass-fail exercise. It is an exercise to develop caveats
relative to applications. Testing the science is not typically amenable to a
tolerance limit test. Attempting to calibrate away bias may destroy the fidelity
of the science interactions contained in the model structure. Tolerance limits
for acceptance is the wrong message.
Experience (or policy) is the main approach used to defined an 'acceptable'
model. Acceptance for new models begins with a demonstration that they are
as good as or better than the current approved model. However, better may
not be amenable to a tolerance limit test because different science can give
the same answer for the current domain of the data.
Models simulate the ensemble condition. Some past evaluations have failed to
recognize this or have improperly pooled results coming from field studies of
differing quality. Accounting for atmospheric stochastic effects with sparse
field data is an evolving art.
-------�
Point Source
Tracer Experiments
Surface Releases
• 1956 Prairie Grass S02 (68)
50 - 800 m
• 1959 Green Glow FP (36)
200 - 25600 m
• 1960/62 Hanford 30 FP (25)
200 - 3200 m
• 1983 Hanford SF6/FP (6)
200 - 3200 m
Elevated Releases
• 1964 Hanford FP (14)
(12) 56m, (2) 111m, 800 m - 12.8 km
• 1977/78 Cabauw SF6 (10)
(8) 200m, (2) 80 m, 3.5 km
• 1978/79 Copenhagen SF6 (10)
115m, 2, 4, 5.5 km
• 1980/81 Kincaid SF6 (129)
186 m stack, 3 - 30 km
• 1985 Teruel SF6 (9)
343 m stack, 10, 25 and 45 km
-------�
Notes for the presentation by...
Phil Strobel
-------�
Notes for the presentation by...
Rick Johnson
"US SlliSlk
'" 'apf"*"""—
'ME
jJ/K/SSk
v "
m
r
,
nmmm*
'
-------�
Notes for the presentation by...
Bob Shepanek
—k
hrHHmhHHHK
M
>,y*§
•\<^~ S"r •„
Mr
ISP*
|^^Msp||S'
< <
-------�
Notes for the presentation by...
Andy Baffin
A - J
,m mm.-.. y-rnxm.
" - -- - —r- -v.' - 5 V vfjj. ^ v.
.
"
'. -• ; : ' ¦ • • ' , r .- . :¦ . ::
% M$;lsll
®§|i8F
-------�
MANAGING SPATIAL DATA
AT THE
U.S. ENVIRONMENTAL PROTECTION
AGENCY
mmmm
David Catlin, National GIS Program
National Technical Workshop on Quality Assurance and
Information Management
August 22, 1996
SDC-65-DC-026
-------�
Mission Statement for the
National GIS (NGIS) Program
Centrally manage EPA's national spatial data
and GIS applications.
Support discovery and retrieval of EPA spatial
data and GIS applications.
Document EPA's spatial data holdings.
Provide standardized spatial data management.
Support Agency initiatives.
Support Federal mandates and EPA policies.
SnC-65-DC-026
-------�
National GIS Program Initiatives
Support community-based environmental protection.
Support ENVIROFACTS Information Warehouse.
- Secondary use of enterpirse data systems.
- Access to derived data products.
- Consistent data structures and formats.
- Complete data content documentation.
- Intranet and Internet access.
- Integration of multiple data formats.
Improve locational accuracy in EPA Program Systems.
Provide public access.
SDC-65-DC-026
-------�
Federal Spatial Data Mandates
Coordination of surveying, mapping, and related
spatial data activities (OMB Circular A-16).
Coordinating geographic data acquisition and
access: The National Spatial Data Infrastructure
(Executive Order 12906).
Federal Geographic Data Committee (FGDC)
Standards.
SDC-65-DC-026
-------�
OMB Circular A-16
• Develop a national digital geographic
information resource, reducing duplication and
expense.
• Establish the Federal Geographic Data
Committee to coordinate development, use,
sharing, and dissemination of geographic data.
• Assign lead roles for developing data
standards, assisting information and data
exchange, and coordinating data collection.
SDC-65-DC-026
-------�
Executive Order 12906
Content Standard for Digital Geospatial
Metadata.
FGDC Geospatial Data Clearinghouse.
National Spatial Data Infrastructure (NSDI).
-------�
FGDC Standards
Endorsed Standards -
• Content Standards for Digital Geospatial Metadata.
• Spatial Data Transfer Standard (SDTS), FIPS Pub. 173.
Proposed / In Development -
• Geospatial Positioning Accuracy Standards.
• Content Standards for Cultural and Demographic Data
Metadata.
• Soils Geographic Data Standard.
• Vegetation Classification Standards.
• Classification of Wetlands and Deepwater Habitat in the U.S.
• Facility ID Code.
(URL: http://www.fgdc.gov/SWG/swg.html)
-------�
EPA Spatial Data Policies
• Locational Data Policy.
• Spatial Data Management Plan.
• Mission Oriented Systems Engineering
Support (MOSES) Product Assurance Policies
and Procedures.
SDC-65-DC-026
-------�
Locational Data Policy
Document latitude and longitude coordinate
information for EPA-regulated facilities and
sites, operable units, and environmental
monitoring and observation locations.
The accuracy goal is +/- 25 meters.
-------�
Spatial Data Management Plan
Data Inventory
User Needs
Assessment
Data Production
SPATIAL DATA
LIFE CYCLE
Data Maintenance
& Archiving
MOU
IAG
Data Acquisition
Data Storage &
Dissemination
Data Preparation
SDC-65-DC-026
-------�
Relevant GIS Projects
• EPA Geospatial Data Clearinghouse.
• EPA's Spatial Data Library System (ESDLS).
• Locational Data Improvement Project.
SDC-65-DC-026
-------�
EPA Spatial Data Clearinghouse
Welcome to the U.S. KaviraanaaUJ PratectM Agwcjr iKPA) N.d. rf tke Nrioui
Ceisyattial Data Ckarm{h«ut. a componoit ofthe Nawwi Spassl DatebfrartPJct-jrc
IltSOlr' eitem»l tot), lbs aod* prondei a pathway to Sod nfonaalioQ about geospiiul data
¦valabk &ou> the EPA. Gtotpalul data it usee m Geoaapbc Irfoniutjoc Systems (QIS) to tdettfy
ttte geogryhc locitMO end rherartrrulm of gjtual or aun-maJe fceftro md boundniet oa the
ent Eawplci aftfcc me afgeoyitiel
-------�
EPA Spatial Data Library System
(ESDLS)
N«lsr;i|M- ((t'ANCittil SOI 'ij
£He E<>t yiew fio Boofcmarfcs Options Directory jtfndow Help
1W1
^"ftOg^/aoa/'nqispf"/ aid'ls" hi
£?A ^Kcic-nxl CIS Prqgrsuu
EPA Spatial Data Library System (ESDLS)
EPA Oicc of Hbnrwbco Reiowcei M«*genwt (OEM). iloog with the EPA QIS Work Group,
or rt loped the EorrooDatal Protect on Agency's Spatial Dab Lbnry Sjntetu (ESDLS) tut a i
Electronic access, discovery, and
retrieval of:
- EPA national spatial data (ARC/INFO
format).
- Agency national GIS applications.
- Data acquistion and processing
standards.
National spatial data sets that are
consistent, revisable, sustainable,
seamless, and standardized.
(URL: http://www.epa.gov/docs/ngispr)
SDC-65-DC-026
-------�
I|||§\
RlL Locational Data Improvement Project
• Method, Accuracy, and Description (MAD)
codes, version 6.1.
• LOCATE tool development - collect, verify,
and submit facility point data.
• Improved facility location database
development.
SDC-65-DC-026
-------�
Summary
• NGIS Program has made significant progress
towards supporting standards-based spatial data
management.
• NGIS Program is aware that changing and
emerging standards require continued attention
and support.
• NGIS Program continues standards-support
through cooperative efforts with Information
Management/Data Administration Program and
other federal efforts to standardize data elements.
SDC-65-DC-026
-------�
Notes for the presentation by...
Larry Fitzwater
I*. '
* *
| £&&§{
*•> ;¦>
*" -:- ¦A-O .
r-'v;-^ ' ;
. * < h -V ¦' «•§ ""' ,NV 'c *4
¦p^
'
J, » \
-------�
5 2
5 \NWpp' / £
'"ij T
¦ I. ^iWIP'^wooWF v ,
£& p^
Data Standard
-23, 1
Larry Fitzwaier
EPA/OIRM/EIM Division
Tel: (202) 260-3071
Jitzwater.lany@epamaiLepa.gov
OIRM/Entemrise Information Management Division
-------�
Y gifi
¦ - ' • ' ' ¦ ' "
.
Information & Data Management
f
1
• IDM Policy
^Establishes IDM Principles for EPA
^Establishes IDM Program
SAssigns responsibilities
• IDM Program
SStandards-based approach
^Implemented through
^Environmental Data Registry
v^Data Registration Authority
^IDM Service Centers
" •: ' : ' ¦' ... . • • ..... •" ~ \ ' '* . • <-• • ' , -• V : ' •
- . i . .. , _ '• : - . ,
OIRM/Entemrise Information Management Df "'in
-------�
Data Standards
• Standard reference data
^Enumerated data
¦SStates, counties, hydrologic unit codes, environmental
hazards, landcover, chemicals, materials (ISO, FIPS,
ANSI, industry...)
® AxiomaticaIly defined data
Dissolved 02, Benthic indicators, financial data (some
ISO, ANSI 4
• Data identification, naming, definition,
description (ISO)
• Data registration authority, data registry (ISO)
• Data classification
• Data messages
v'EDI, EDIFACT
OIRM/Enterorise Information Management Division
-------�
Data Element Standards
Status '
• Data Element Definition
tested using EPA data, developing a new adoption procedure
• Data Element Identification
v'IS, tested using EPA data, proposed adaptation, adopting
• Classification for Data Elements
v^Test beginning, still Working draft level
• Data Element Registration
v^DIS out for ISO ballot, bootstrapping within EPA
• Data Element Representation Metamodel
^Through ANSI public review, using for EPA data registry,
working with FGDC and EDI to adopt
• New work on data values and NII/GII
OIRM/Enterorise Information Management Div^^n
iW-Wh- - »s.<» ^ ^
-------�
Information & Data Management
Standard Data Elements
• Agencywide data architecture
^Year 2000 date
SAddress
\
v^Key ID/One-Stop data dements
5 j v ~ ..... '• '!¦' ' . ... .... V ¦
SStandard Reference Domains
• Demonstrate in Warehouse
• Implement Agencywide
OIRM/Entemrise Information Management Division
-------�
'@1
^ IJ Database of Standar
Shared standard domains
• A Standard Domain is a standardized code set such
as State Names, State Codes, or Zip Codes.
• Considerable time and money can be saved by
purchasing and maintaining the standard domains
only once
• EPA applications can point at the standard domains
• A prototype database of standard domains has been
built in DB2
• The database of standard domains can be replicated
on other servers
• The database of standard domains is available for
testing now
OIRM/Enterprise Information Management Di ' m
-------�
"M
-
Environmental Data Registry
i > : ¦' : :
Select:
Geographic areas
Time periods
Standard industry code
Environmental Insult
Specific corporation
Analyze. Model
and Display:
Chart
Timeline
Map
m
Nil
m
m
WWW
i.
fl"
and ,
Enyirofacts
Capabilities
Environmental
J
Data Registry
jk
^ —..
Data
Data
W"
External DB
„.»vv
rtiP:
m
¦' it ,
Sflfc
ft
~ "* \
Operational DB Warehouse DB
'¦<; > -
OIRM/Entemrise Information Management Division
. ' . . ' '• !,. • ' ' ' <• t - " ' "
_ ,t Sr -V K- "-©wV* " • ¦ A:-"¦ 1
-------�
¦ .
\."-r
Data Registry
What it is
• A descriptive catalog of standard data "parts"
that can oe assembled to order into messages,
databases, reports, etc.
- ' . •
• A structured store of metadata that can be
accessed and utilized by WWW browsers and
intelligent middleware
• Organized documentation about the data, e.g., name,
definition, domain, unique identifier
• A record of the status of the data (recorded,
certified, standardized)
• Associated with data engineering tools, e.g., CASE
tools
• , j • ' - ¦ ' ; ' / . V". y . ; . ' ¦ • • .
OIRM/Entemrise Information Management Div^^n
-*•' . •• . . ".'-W ' * . - • v. , t- - ' . " .....
m
wr.
-------�
mmi
Environmental Data Registry
Purposb:
• Implementation system for the Information and
Data Management Program
^Engineer data, standardize data
v^Low level architecture > standard architecture
• Means for publishing
SStandard Reference domains
v^Data architectures
, ! 1,
^Descriptions of EPA data
• Means for making EPA data visible
•" - i • - ' ¦
v^WWW Browsers (Internet/Intranet)
OIRM/Entemrise Information Management Division
• *
••• «
-------�
Environmental Data Registry
Purpose (cont)
• Means to support intelligent software
^Intelligent Information Services
^Intelligent Integration of Information
• Serve as the metadata store for Envirofacts
• Provide foundation for One-Stop Reporting
SA collection of standard data "parts" that can
be assembled to order into messages
OIRM/Entemrise Information Management Div'~i
-------�
Data Registry
How it
• Operated by Registration Authority (e.g. an
organization)
• RA assigns unique identifier to data
• Records metadata about data
• Data Sponsors, under RA, standardize data
according to data standards
(
OIRM/Entemrise Information Management Division
-------�
Benefits vf a data registry
• Identifies reusable data within and between
organizations
• Organizes documentation about data
^Facilitate human understanding
ii -
^Preserves meaning over time
^Facilitate intelligent software processing
- v -
• Enables access and understanding by users
¦ ¦ -" ' *
¦ ¦ . ; J
OIRM/Entemrise Information Management Division
-------�
Notes for the presentation by...
Jeff Worthington
:
i;. igit ' . ' xj?:
J
JL,
¦: • ^t«P - #r A^W<
: , ' ¦ ' '.,
JilMM
SSWS S?
m
Mi
#S M
¦
' .: ...
. :.; : :' ' : ^v-1
-------�
INFORMATION
MANAGEMENT
SYSTEMS
AUDITS
PRE-ASSESSMENT
&
PLANNING
Jeffrey C. Worthington
National Risk Management Research Laboratory
Office of Research & Development
US EPA
(513) 569-7166
US EPA Annual National Training
for Quality Assurance
August 22, 1996
l
-------�
OVERVIEW
o Preliminary Assessment
o Areas to Consider
o Research Requirements
o Develop Criteria
o Info Mgt., Records, Mgt., & QA
o Pre-Planning & Training
o Auditing Observations
-------�
PRELIMINARY ASSESSMENT
0
Meet with
- management
- information management staff
- purchasing group
- records management
0
Identify
past problem areas
- hardware /software used
- internal sources of information
- external sources of information
- current roles and responsibilities
regarding information
management, hardware, and
software
0
Locate all relevant documentation
3
-------�
AREAS TO CONSIDER
What Information is in Data Bases?
o Analytical Data
o Non-Analytical Data
o Data from outside sources
Look At Internal Sources
o Laboratory Information Management
Systems (LIMS)
o Analytical Instrumentation
o Reporting Software
What Are the Related Laboratory
Products?
o Electronic versions of reports
o Data bases
o Home Pages on the Internet
-------�
RESEARCH THE
REQUIREMENTS
0
Review location-specific existing
criteria
0
Review criteria in GALP
0
Review criteria in E-4
0
i
Review criteria with existing
software
0
Review criteria with existing data
bases
0
Review EPA Policies
5
-------�
DEVELOP
CRITERIA
THE SYSTEM
o Software documentation
o Hardware maintenance
o Documentation of software
o Security
o Data Base Accuracy
THE AUDIT
o Audit scheduling
o Audit procedures
o Auditor qualifications
o Acceptable corrective action
o Statistical inspection technique
-------�
PRE-PLANNING
& TRAINING
o Discuss criteria during training
meetings before audits
o Help set up systems to ensure
information management issues are
dealt with before audits
o Develop Checklists/Reporting
Formats
o Plan Audit Schedule
o Establish any current roles and
responsibilities regarding information
management, hardware, and software
7
-------�
POSSIBLE TYPES OF
AUDITS
0
System-wide
0
Process
- all laboratory operations
- all instrument systems
- all data bases
0
Project-Specific
0
Data Base
0
External Sources
(suppliers)
0
Products
8
-------�
INFORMATION MANAGEMENT,
RECORDS MANAGEMENT &
QUALITY ASSURANCE
o EPA Records Management
Policy
o Archive Policy for
Electronic Data
o Records Manager = Info.
Mgrs. = Quality Manager
o Quality Assurance &
Records Mgrs. as partners
-------�
AUDITING
OBSERVATIONS
o Security
- none
- minimal
- not enforced
o Data Base Information
- not qualified
- unknown quality
- not comparable to other data systems
o Software
- developed Ad Hoc
- no documentation
o Hardware
- maintenance records
- inconsistent records
o Change controls
o Files Traceability
10
-------�
Data Administration for the
Lake Michigan Mass Balance
1996 .\ational W orkshop on Quality Assurance
in Information Management
Phii Strobel
USEPA - Great Lakes National Program OSicf
Presentation Objectives r>^.
—— I
~ Describe the LMMB Project
~ Data Management & QA/QC
Challenges
~ LMMB Data Management Strategy
i W7 ?,
Lviic* Sductal i^ogmn: Ojjtc:
LMMB Study Design:
Sampling and Analysis
~ Built on Green Bay Mass Balance Study
~ Multi-media monitoring
- Air deposition
- Tributaries
-- Sediment
-- Open water
- Biological/food web
~ Mass-balance modeling
Gnat Xafif-nal Y'r.Mrnrr. Office
Mass Balance
Retention/Transform at ton
•Air depo*mon
•Sediment rtleas«
•Tributary loadings
Vr^-
Parameters
~PCBs
•Trans nonuchtor
•Atrazlne
•Hg
OUtPUt
•Btola
•Sediments
•Volatilization
•Ountow
Lake Michigan Mass
Balance Collaborators
¦ U.S. EPA Great Lakes National Program Office
• U.S. EPA Region V
• National Oceanic and Atmospheric Administration
• U.S. Fish and Wildlife Service
¦ National Biological Survey
• U.S. Geological Survey
¦ Michigan Department of Natural Resources
• Wisconsin Department of Natural Resources
-.Illinois Department of Environmental Conservation
• Indiana Department of Environmental Management
mi
(jrf'Jt/. vices Sarioftti' .JV~rrs««: Office
LMMB Samples Collected
1994-1995
ft--
Over 500,000 data points expected!
1
-------�
Past Experience
CsStl
(jreat Lakei iWir.onal fyf/^ram Office
QA/QC Challenges
~ Coordinating sample collection
across media
r»-
~ Ensuring Measurement Quality
~ Consistent use of qualifying remarks
~ Trace levels require method
development
~ Use of Performance Based Methods
L'jU c> Sanoiol i'» o^mrr. Ojjicc-
QA/QC Tools
~ LMMB Work Plan
~ QA Management Plan
~ QA Project Plans
• For each Investigator
• Modeling QA Project Plan !!!
~ Methods Compendium Report
~ Final QA/QC Reports
Tir^at t^ikcA >\(i!:rnal Program Office
Data Quality Tools
~ P.I. and Methods Used
~ QC Sample Results w/ Standardized
Lab and Field Remark Codes
~ Measurement Quality Achieved
(PARCCS)
• precision
• replicability
• comparability
- accuracy
• completeness
- sensitivity
''Jreai Lckis National Program iJ/ftcc
Environmental Monitoring Data
Management Vision
~ Cross-program/project utility
~ Known quality data
~ Long-term value
~ Avoid duplication of effort
f jO's
< jreat i.uiktt Sojckom! Program Office
Great Lakes
STORET Prototype
~ Shared vision
~ National environmental monitoring data
system
~ Integration: USGS, Drinking Water, etc.
STORET Modernization Contact Bob King (202)260-70IS
m
(j'rc.7? Lake.i frotfram Off;,:?
-------�
Underlying Principles
n
~ Extensive user requirements analysis
» Standardized data submission & data entry
- Data entry applications
- Data reporting formats
- Lists of allowable values
(ireui Lukes A ationul Program Office
Lake Michigan Mass
Balance Data Reporting
fl-
Standardized electronic reporting format
that includes:
~ QC data
~ Correction factors
~ Field collection information
~ Analytical remarks and flags
i&7I
> ¦ A Great Lakes National Program Office
Data Verification and Validation
~ Research Data Management &
Quality Control System (RDMQ)
~ Identify and plot outliers
~ Verify researcher assigned flags
~ DQO attainment
~ Outlier assessment
~ Data reduction
V ,<£' Great Lakes Manorial Program Office
Future Directions
*tk
\\
~ Expand database to accommodate
other major Great Lakes monitoring
programs
~ Work with States and other customers
to improve access to Great Lakes
environmental monitoring information
Great Laka .\ational Program Office
Data Management
Contacts
A
*~*
~ QA/QC Manager:
Lou Blume, 312-353-2317
~ LMMB Data Base Project.
Phil Strobel, 312-353-7996
~ Application Development & ORACLE RDBMS
George Mbogo, 312-353-7463
Great Lukes SatinnaI Program Office
Lake Michigan Mass Balance:
Data Base Structure
Projeot
Station
It
Station \/lolt
CE
Sample
Sam pie ResuH
(ireui Lukes Sationu/ Program Office
-------�
LMMB Data Sources
Data Entry Applications
Data Reporting Standards
Great L-*hc« A'lino.iiii I'ro^ram OlYie
\
C:rr!Qt t^tkcA \(i!i!'nai Program
System Environment
n
~ Relational data base management system.
ORACLE
~ Application development tools
PowerBuilder
~ Data base platform:
Data General 5240 UNIX server
~ CASE tool: IEF and ERWIN ERX
GrzotLai*«.*> Sattpnol i'rognin: Ujfii
-------�
National Technical Workshop on
Quality Assurance and Information Management
Wednesday, August 21, 1996
ONSITE REGISTRANTS
James Flanagan, Ph.D.
Research Triangle Institute
P.O. Box 12194
Research Triangle Park, NC 27709
(919)541-6417
Fax. (919) 541-8830
E-mail: jamesf@rti.org
Judith Ford
QA Specialist
EPA - APPCD/ NRMRL
Research Triangle Park, NC 27711
(919) 541-2550
Monica D. Jones
Environmental Scientist
U.S. EPA - Region 3, OASQA
201 Defense Highway - Suite 200
Annapolis, MD 21214
(410) 573-2747
Fax: (410)573-2771
E-mail: jones.monica@epamail.epa.gov
Monica Nees, Ph.D.
Environmental Scientist
Monitoring & Quality Assurance Group
U.S. EPA - NCBA, OAQPS
Research Triangle Park, NC 27711
(919) 541-4268
Fax: (919) 541-1903
Mary J. O'Donnell, M.A.
Environmental Scientist
Policy & Management Division
Quality Assurance Management
U. S. EPA - Region 9
75 Hawthorne Street, (P-3-2)
San Francisco, CA 94805
(415)744-1533
Fax: (415)744-1476
E-mail: odonnell.mary@epamail.epa.gov
Jeff Ryan
Chemist
U. S. EPA - NRMRL
MD - 91
Research Triangle Park, NC 27711
(919) 541-1437
Fax: (919) 541-0496
E-mai 1: j ryan@engineer. aeerl. epa. gov
Richard Shores
Chemist
U.S. EPA - NRMRL
APPCD/TSB
86 TW Alexander -MD91
Research Triangle Park, NC 27711
(919) 541-4983
Fax: (919) 541-0496
Carvin D. Stevens
U.S. EPA - NERL/AMRD/QAB
MD-77B
Research Triangle Park, NC 27711
(919) 541-1515
Stuart Vandiviere, M.A.
Research Technician
U.S. EPA - HSD/EPID-Bio.
2900 Dairyland Road
Hillsborough, NC 27278
(919)966-7547
Fax: (919) 966-7584
E-mail: cajema@prodigy.com
Malcolm Wilkins
Engineering Technician
U.S. EPA - MD 76
Research Triangle Park, NC 27711
(919) 541-3651
Fax: (919)541-3451
E-mail: wilkins.malcolm@epamail.epa.gov
-------�
Notes for the presentation by...
George Brilis/RoJeanne Liu
....
y;: „ si x.
>- ¦>„<*?
; ' '
xillllSt
M&--
ii§ll:ti:::ii
11
hhhhiM!
Vs*
i«ir
~,f r; \\
y , >
WSmi
*ii8®p?
m0smiMr:r ... «s
IIP' ¦
^¦1 .
Mmmam
:
mm-iMmm
.JmMMM
^ ~ -S P
vS'' <~
:, ^ >
-------�
AUDITING COMPUTER OPERATIONS
George Michael Brilis
Quality Assurance Scientist
Characterization Research Division
National Exposure Research Laboratory
U.S. Environmental Protection Agency
P.O. 93478
Las Vegas, NV 89193
It is evident that we are becoming increasingly dependent upon computers in many aspects
of our working and personal lives. The U.S. Environmental Protection Agency (EPA) heavily
depends upon computers for the transformation of data that are used to make critical management
decisions upon which the public health and safety and the fate of the environment may depend.
Yet, many computer operations continue to operate without QA/QC assessments to examine their
adequacy and effectiveness.
The author has developed an audit approach based on the EPA's proposed Good
Automated Laboratory Practices (GALP) requirements and his experience in conducting over
three hundred quality assurance audits. The author has removed the "laboratory" as the sole
focus of these GALP requirements so that the requirements may be applied more broadly. The
presentation will include a summary of the modified GALP requirements and a checklist which
can be customized to assess various computer operations.
About the Author
George Michael Brilis holds degrees in chemistry, business administration, and criminal justice. He
is the recipient of the EPA Silver Medal Award for his efforts in quality assurance in the EPA's Superfund
Program. Mr. Brilis received EPA's Scientific and Technological Achievement Award for his research in the
characterization of nitrogen-containing aromatic compounds in soil and sediment.
Notice: The U.S. Environmental Protection Agency (EPA), through its Office of Research and Development (ORD),
funded this research and approved this abstract as a basis for an oral presentation. The actual presentation has ndt been
peer reviewed by the EPA. Mention of trade names or commercial products does not consutute endorsement or
recommendation for use.
-------�
_jj— Miiiiiiii ; *
'••¦T AUDITING nil
§f AUTOMATED
I OPERATIONS
iiiLji ^ " ji
George Brilis
QA Scientist
EPA/CRD - Las Vegas
Rojeanne Liu
SeniorE valuator/Computer Specialist
MEM US GAO pj
irTlr'rr=
OVERVIEW
Conducting Computer Audits
Review the Checklist
Common Non-Conformances
Corrective Actions
irrimrrr:
CONDUCTING COMPUTER
AUDITS
get copies of SOP's
provide checklist to auditee
schedule date(s)
- contact audi tees
iTJUlfJJ
CONDUCTING COMPUTER
AUDITS
Audit hardware and software
involve personnel in completion of
checklist
-------�
REVIEWING THE CHECKLIST
¦ PERSONNEL
— a computer scientist or
other professional of
appropriate education,
training, and experience
or combination thereof as
the individual primarily
responsible for die
computer operations
system(s).
^^-:;nnrfr _
REVIEWING THE CHECKLIST
¦ QUALITY ASSURANCE
— A Quality Assurance Manager should inspect and audit the
computer system to ensure integrity.
irnuirrj"——
REVIEWING THE CHECKLIST
DATA VERACITY
— Mechanism(s) should be in place to ensure the integrity
of the computer-resident data collected, analyzed,
processed, or maintained on the system.
WAH! Nobody
believes me.
-------�
uMfn ' —
REVIEWING THE CHECKLIST
i SOFTWARE
— Vetfication and validation procedures should De applied
on a routine basis.
Tjuwr
REVIEWING THE CHECKLIST
HARDWARE
— Shot Id be of adequate design and capacity and shomlc be
ade<|uately tested, inspected and maintained.
REVIEWING THE CHECKLIST
' COMPREHENSIVE TESTING
— Process a set of known data widi known results and compare
and document the results.
TJimrrr
REVIEWING THE CHECKLIST
FACILITIES
- The facilities should protect the system from data loss
due to environmental conditions and have adequate
storage capability for archiving data.
-------�
. .:ut- rnfiiffl • -
REVIEWING THE CHECKLIST
STANDARD OPERATING PROCEDURES
(SOPs)
— Documentation of methods used to ensure the qua
integrity of computer operations and related data.
nrrmir"
CORRECTIVE ACTION
1 Written SOPs
- Write, update, revise and distribute new SOPs.
OiW —
CORRECTIVE ACTION
* Procedural
- Management
communicates the
proper
procedure(s)
Dose of Reality
CORRECTIVE ACTION
Documentation
— Develop new documentation and provide examples
-------�
"rarrr
SUMMARY TIPS
m
i Communicate with the people.
1 Let them "help" you complete the checklist.
1 Be flexible!
Tfiraur;
SOURCES
1 2185 - Good Automated Labora:cry Practices -
EPA/ORIM
— http://www.epa.gov/docs/IRMPo icy html
¦ Auditing Environmental Data Systems -
Worthington, Coll
> Planning, Preparing, Document ng, and Referencin >
SAS Products - Liu,Foreman
-(202) 512-6000 FAX (301) 258-406.
Jr
Trnnrrr
SOURCES
1 George Brilis
- Office (702) 798-3128
-FAX(702) 798-2233
— brilis-georgc@wpmail.las.epa.gov
"A Lucky U"
-------�
ITEM
Y
N
COMMENT
MANAGEMENT When data are collected, analyzed, processed, or maintained, laboratory does management
[§GALP 8.1]:
8.1.1 ensure that personnel clearly understand the fiinction(s) they are to
perform with the computer system?
8.1.2 ensure that there is a Quality Assurance Manager that oversees
computer operations?
8.1.3 ensure that personnel, resources, and facilities are adequate and
available as scheduled
8.1.4 ensure that internal QA audits of the system and/or data performed,
and that corrective actions are promptly taken in response to any
deficiencies?
8.1.5 approve the standard operating procedures (SOPs that assure data
integrity, and that any deviations from SOPs and are appropriately
documented and that corrective actions are taken and documented, and
approve subsequent changes to SOPs?
Comments:
PERSONNEL When Data are collected, analyzed, processed, or maintained, does management ensure that
all computer systems support staff and users [§GALP 8.2]:
8.2.1 have adequate education, training, and experience to perform assigned
computer systems functions?
8.2.2 have a current summary of their training, experience, and job
description, including their knowledge relevant to computer systems design
and operation, maintained at the facility?
8.2.3 are of sufficient number for timely and proper operation of the
computer system?
Comment:
QUALITY ASSURANCE When data are collected, analyzed, processed, or maintained, does the Quality
Assurance Manager [§GALP 8.3]:
8.3.1 maintain independence of the computer systems personnel, and shall
report directly to laboratory management?
8.3.2 have access to the data, SOPs, and other records pertaining to the
operation and maintenance of the computer systems?
8.3.3 conduct periodic inspection, report problems that may affect data
' tegrity, recommend actions to be taken and schedule dates for
nspection?
8.3.4 determine that no deviations from approved SOPs were made without
proper authorization and sufficient documentation?
-------�
ITEM
Y
N
COMMENT
8.3.5 periodically audit the data to ensure integrity?
8.3.6 ensure that his/her own records are documented, and indexed?
Comments:
DATA VERACITY Does Management ensure that [§GALP 8.4]:
8.4.1 storage media on which data reside are identified and documented?
8.4.2 the individual(s) responsible for entering and recording data is (are)
uniquely identified when the data are recorded, and the time(s) and date(s)
are documented?
8.4.3 the instrument transmitting data is uniquely identified when the data
are recorded, and the time and date are documented?
8.4.4 procedures and practices to verify the accuracy of data are
documented and managed as described in the SOPs?
8.4.5 procedures and practices for making changes to data are documented
and provide evidence of change, preserve the original recorded
documentation are dated, indicate the reason for the change, identify the
person who made the change and, if different, the person who authorized
the change?
Comment:
SOFTWARE When software is used to collect, analyze, process, or maintain data, does management ensure that
[§GALP 8.5]:
8.5.1 SOPs are established, approved, and managed as described in 8.11 for:
8.5.1.1 development methodologies?
8.5.1.2 testing and quality assurance methods that ensure all software
accurately performs its intended functions?
8.5 .1.3 problems that may arise from upgrading or replacing software?
8.5.1.4 version control methods that document the software version
currently used?
8.5 .1.5 maintaining a historical file of software, software operating
procedures (manuals), software changes, and software version numbers?
8.5.2 documentation is established and maintained to demonstrate the validity of software:
8.5.2.1 for existing and commercially-available systems?
8.5.2.2 for new computer system development or modification of existing
system?
Comments:
-------�
ITEM
Y
N
COMMENT
SECURITY Extent of security is dependent upon the sensitivity of information. For further guidance refer to the
EPA's Information Security Policy [§Galp 8.6]
Is the system physically secure?
Is the system password changed periodically?
Is the system only accessible to authorized personnel?
Is authorization to change the system password tightly controlled?
Are log-ons, passwords, etc. used to restrict access to authorized
personnel?
Do system users periodically change their passwords?
Are access categories established for various levels?
Is there a list of authorized personnel and their level of access?
Comments:
HARDWARE Does management ensure that computer hardware and communications equipment [§GALP
8.7]:
8.7.1 is of adequate design and capacity, and a description is documented
nd maintained?
8.7.2 is installed and operated in accordance with manufacturer's
recommendations and at installation undergo acceptance testing that
conforms to acceptance criteria?
8.7.3 adequately tested, inspected, and maintained?
Comments:
COMPREHENSIVE TESTING Does management ensure that [§GALP 8.8]:
8.8.1 a comprehensive testing of system performance is conducted, at least
once every 24 months or more frequently as a result of software or
hardware changes or modifications?
8.8.2 these tests are documented and the documentation retained and
available for inspection or audit?
Comments:
RECORDS RETENTION Does management ensure that:
8.9.1 retention of data, documentation, and records pertaining to the
computer system complies with EPA contract, statute, or
regulation?
| Comments:
-------�
ITEM
Y
N
COMMENT
FACILITIES Does Management ensure that [§GALP 8.10]:
8.10.1 the environmental conditions of the facility housing the computer
systems are regulated to protect against data loss?
8.10.2 environmentally adequate storage capability for retention of data
storage media, documentation, and records pertaining to the computer
system are provided?
Comments:
STANDARD OPERATING PROCEDURES Does management ensure that:
8.11.1 SOPs include, but are not limited to, those specified in 8.4.1, 8.4.4,
8.4.5,8.5.1.1 through 8.5.1.5, 8.7.2, 8.7.3, and 8.9. And that current SOP
is readily available where the procedure is performed?
8.11.2 SOPs are periodically reviewed at a frequency adequate to ensure
that they accurately describe the current procedures?
8.11.3 SOPs are authorized and changed in accordance with 8.1.5?
8.11.4a historical file of SOPs is maintained?
Comment:
Reviewer
Date
-------�
^ RoJeanne Liu, GAO
George Brilis, EPA
DATA VERACITY
Planning, Preparing, Documenting,
and Referencing Analytical Work
Using SAS Products
lllllllllljiq
illi nia
11111
Mill
111 I I
mil
i • 111
iiiiiiiii
-------�
GAO Information Derived From
Data is Evidence
^ Testing Factors
Three Requirements ot Evidence
Sufficiency
Competency
ReHabHtty
~
RjWa-nc
5
Amount of Data Testing
Depends Upon:
• Level of Reliability
• Level of Risk
*
^ Data Reliability
Data reliability is a state
that exists when data are
sufficiently complete and
error free to be convincing
for their purpose and context.
This is a relative concept.
0/0 Data Risk
Things to Consider:
• The significance of information from
this data needed to meet audit t
objectives and support findings.
• The knowledge and experience with
the data or system which the data
resides in.
GAD Data Testing
• Directly test the data;
• Test the effectiveness of controls over
the system that produced the data;
• Use previous work that has established
the validity and reliability of the data;
• If none of the above, qualify trie data in
the report cr study.
GAD Data Testing
Data testing is done to determine if
particular data produced by a computer
system are valid and reliable.
Data testing does not establish the
existence or adequacy of system
controls.
Data testing may reveal control
weakness.
-------�
^ Principles of Data Veracity
1-Planning your analytical work
2-Ensuring correctness in that work
3-Entering data into your environment
from varying formats
4-Transferring data between computers
5-Documenting analytical work
6-Reviewing analytical work
7-Archiving work papers including
computer files
^ Planning Your Analytical Work
• Develop a Data Analysis Plan
• Plan for it in the early stages of the job
• Identify data sources
• Methodology 1st; Tool to implement 2nd
• Determine available resources
^ Ensuring Correctness
Checking Your Data
• Reasonableness checks
• Missing data checks
• Record error checks
^ Reasonableness Checks
SAS can select a sample of data to
compare for consistency with the source
file.
IF (_N_ LT10) OR
(_N_GT 10000) OR
(RANUNI(O) LT .05);
PROC PRINT;
whore _N_ Is a SAS variable to count observations and
RANUNI is a SAS random number generator.
^ Missing Data Checks
SAS will check for missing data in
numeric variables with the PROC
MEANS or PROC UNIVARIATE
procedure.
PROC UNIVARIATE;
VAR NUMVAR;
where NUMVAR Is the numeric
variable being checked.
^ Record Error Checks
SAS can help to locate unexpected duplicate
observations.
PROC SORT;
BY GAOID;
DATA; SET;
BY QAOID;
IF NOT (LAST.GAOID AND FIRST.GAOID) THEN
PUT GAOIDa'Possibie Duplicate';
whara QAOID ta tha vartaMa wtim a duplicate vaiua la poaalMa,
F1RST.QAOID la a vartaWa Indicating 0ta QAOID la lha flrat ottaa>vation
In a group wtth tha aama valua of QAOfD, and
LAST.GAOID la a vartaMa Indteatlng tha QAOID la (ha laat obaarvatfan
wtth tha aama valua ol QAOtO.
-------�
7 Ensuring Correctness
Program Checking
• Program Structure
• Program Testing
• Program Efficiency
• Readability
• Logical and Statistical Correctness
^ Program Checking
Readability
• Put a program description in the beginning of
every program and a description before every
major logical grouping.
Review at Medical Costa
(Job Coda 123456)
Programmer: J.D. Proyainmat
Data: August 22.1996
Purpoaa:TMa program odita the coat Ne for bad entry codas.
Bad codea are Uatad an a print file lor manual validation.
Source: MEDCT000 Coat FDa
' J' 1
^ Program Checking
Logical and Statistical Correctness
• When defining categories for SAS
procedures, explicitly define the
/ groupings as mutually exclusive and
^collectively exhaustive.
DATA FEMALE MALE ERROR; SET;
IF GENDER EQ 'F THEN OUTPUT FEMALE;
ELSE IF GENDER EQ M' THEN OUTPUT MALE;
ELSE OUTPUT ERROR;
^ Entering Data from Other Formats
• Raw data
• Data formats from other
software packages
• Self-generated data
^ Data Entry
Raw Data
• a complete description of the data file
is needed
a use fixed format data entry over free
formatted data entry
• be careful of short records
• In SAS, use MISSOVER modifier In the INFILE
statement; or use LOSTCARD statement to
synchronize multi-card Input
• compare raw data to your results
L
^ Data Entry
Data Formats from Other Software
Points to be aware of:
• conversion maintains consistency
between the value of the variable and
its format;
• conversion of field or variable names;
I* truncations;
• redefinitions of missing data;
• changes in date conventions; and
• format inconsistencies.
-------�
010 Data Entry
Self-generated Data
• Make sure routines in your software
have the same reliability as external
sources.
• GAO has approved the RANUNI random
number generator function and subroutine.
Interactive Data Entry
• Interactive sessions are fine, but on
final runs, produce a clean log.
^ Transferrence of Data
• Use the best method to retain integrity of
the data.
• Avoid operating system utilities.
• Data should be in a truly transportable
format.
• When copying files between systei
use the software's procedure.
• In SAS, use PROC UPLOAD and PROC
DOWNLOAD
GAO Documentation
• Work papers should be complete,
accurate, clear, neat, relevant, and
understandable.
• Documentation of a program includes at
least the log and output.
• Use software options that display logic
or program resolution on the log.
m
GfD Review of the Work
• Supervisory Review
• Independent Review
• A reviewer must have a reasonable
understanding of the programming
language. If not, one can obtain a
technical reviewer.
• One review does not substitute for the
another.
0/0 Disposition of Work Papers
Refer to your agency or organization's
guidelines.
When archiving computer files, avoid
operating system utilities.
0/0 Office of Policy
Planning, Preparing,
Documenting, and Referencing
SAS Products
GAO/IMTEC-11.1.2
To request a book: 202-512-6000
-------�
I
Notes for the presentation by...
Marcus Kantz
: . pi
.pil
;:p
¦
?-!M: i !¦'. • .:i:!; i';: <
, > mm-*** jmmttm
M
' '
• -• ¦
> - • • . .' :
- /. . ' ,:>¦¦¦
•••• •: " . -:¦ ¦ •:.¦:¦•? « ? ¦¦ -"s- 1 - .\ . - ' •
v'>*\ N- >» -t - =•' <>'^- >i •¦ >"v ^s- ,.'¦< i#
1 M 1
-------�
Auditing in the IM Cycle
Marcus E. Kantz
US EPA Region II
Air & Water QA Team
908-321-6690
Kantz.Marcus@EPAMAIL.EPA.GOV
-It ain't data till we say it's data
-You can't use the data till the Auditor Sings
-There's no proof like current proof.
-You can type but you can't hide.
Auditing in Air Compliance
3 Points of Attack:
Field (sampling & anal.)
Lab (analysis)
Report (data)
All 3 Important, and go together
All must follow Approved QAPP!
Audits of Field and Lab: Technical System Audits (TSAs)
On-site observations
to determine if QAPP being followed in sampling and in analysis.
Data Quality Audit (DQA):
In the office
to determine if the reported information matches and/or follows from the
collected information (the connection to the field and lab TSAs)
to assess the usability of the data for determining compliance.
-------�
DQA - A closer look
Does reported raw, data, m^tch collected raw data?
Qo calculations make sense?
Are the results usable?
Straight?
With limitations?
Matching Raw
with Reported Data
Automated reporting (telemetering from the stack)
Semi-automated reporting (electronic data logging)
Manual reporting (look/see/write)
Most Stack Tests:
A combination
Acid Rain:
Mostly semi-automatic, with certified data handling system
-------�
Reality Check:
Almost all 'important' stack tests and CEMS PSTs have approved protocols
(QAPPs), are observed (Field TSA) and have DCfAs (Report Reviews).
Almost all DQAs involve at least spot checks of data.matching &
calculations
Acid Rain CEMS receive rigorous matching and calculation cnecKS.
Acid Rain CEMS:
All data real-time
All data electronic
Some states, all data telemetered
All report formatting and calculations pre-approved, using certified data
analysis and handling system (DAHS)
Results in the best data allowances can buy.
-------�
Analytical Audits for Air Compliance
Method 6 - S02
Method 7 - NO*
Method 11 - H2S
Method 15 - TRS
Method 18 - organic gases by GC
Method 23 - dioxins & furans
Method 25 - TGNMO
Method 26 - HCI
Method 28 - wood heater integrity
80 specific gases, in 4 concentration
ranges (20ppb - xOO ppm)
Audits for RCRA Air Compliance
Method 0030 - VOST
Multiple Hazardous Methods Method
Four groups of gases
-------� |