OFFICE OF ENVIRONMENTAL INFORMATION April 2009 For More Information on this Application Contact: Gary Haberstroh NDDoH ghaberst@nd.gov 701.328.5206 Environmental Exchange Network http://www.exchangenetwork.ne t/index.htm For More Information on CROMERR Contact: Evi Huffer Office of Information Collection huffer.evi@epa.gov 202.566.1697 David Schwarz Office of Information Collection schwarz.david@epa.gov 202.566.1704 http://www.epa.gov/cromerr/ CROMERR Success Story North Dakota Department of Health The North Dakota Department of Health, Environmental Health Section (EHS) received official approval from EPA under the Cross-Media Electronic Reporting Regulation (CROMERR) for modifications/revisions to their authorized drinking water program to allow electronic reporting for their Electronic Reporting Information System (ERIS). ERIS accepts reports of drinking water analytical data for public drinking water supply systems from laboratories in the state. These reports are required under 40 CFR Part 141 (Primary National Drinking Water Regulations). The system does not accept "priority reports" or other reports that require electronic signatures. As part of the Safe Drinking Water Act (SOW A) requirements, public water supply systems are required to do routine sampling and monitoring of drinking water from their water systems. Prior to the publication of CROMERR, EHS was receiving this data from many North Dakota laboratories via e-mail. EHS created ERIS in part so they could receive this data electronically in a CROMERR- compliant manner. A U.S. EPA Environmental Exchange Network Grant is helping to fund ERIS' development. ERIS is the first approved application for a system that only accepts reports that do not require electronic signature. Such systems are not subject to the CROMERR requirements in section 3.2000(b)(5), specific to electronic signatures. Accordingly, the ERIS system design and associated CROMERR application checklist do not address these electronic- signature-specific requirements. The North Dakota Solution to Meeting CROMERR Requirements ERIS' platform is an SQL Server Database accessed through web pages. To protect against transmission errors and maintain secure internet transmissions, ERIS uses an SSL (Version 3). Users access the system after submitting a correct username and password that are supplied by the ERIS administrator. In the ERIS system users can be associated with multiple facilities, but will have access only to those facilities with which they are associated. The system calculates a 32-byte checksum of submitted files using SHA-256 algorithm prior to uploading the report, and stores this checksum in the database with the copy of record (COR). The system recalculates the checksum when the COR is saved to the server and verifies that the original and recalculated checksums match. Matching checksums provide evidence that no transmission errors occurred and that the document has not been altered since the time the original checksum was calculated. The database where each uploaded file is stored has an audit log that tracks all users who access the database. This log is only accessible to database administrators and can not be accessed by any ERIS users or other ERIS ------- OFFICE OF ENVIRONMENTAL INFORMATION: administrators. The databases where the records are stored are all on the North Dakota Information Technology Department (ITD) servers. These servers are in a server cluster that used Redundant Array of Independent Disks (RAID) to ensure data is not lost in the case of a server failure. ------- |