OFFICE OF
                               ENVIRONMENTAL
                               INFORMATION
                                                                                          April 2009
For More Information on
this Application Contact:
Gary Haberstroh
NDDoH
ghaberst@nd.gov
701.328.5206

Environmental Exchange
Network
http://www.exchangenetwork.ne
t/index.htm

For More Information on
CROMERR Contact:
Evi Huffer
Office of Information Collection
huffer.evi@epa.gov
202.566.1697

David Schwarz
Office of Information Collection
schwarz.david@epa.gov
202.566.1704

http://www.epa.gov/cromerr/
                CROMERR Success Story

         North Dakota Department of Health
The North Dakota Department of Health, Environmental Health Section (EHS)
received official approval from EPA under the Cross-Media Electronic Reporting
Regulation (CROMERR) for modifications/revisions to their authorized drinking
water program to allow electronic reporting for their Electronic Reporting
Information System (ERIS). ERIS accepts reports of drinking water analytical data
for public drinking water supply systems from laboratories in the state. These
reports are required under 40 CFR Part 141 (Primary National Drinking Water
Regulations). The system does not accept "priority reports" or other reports that
require electronic signatures.

As part of the Safe Drinking Water Act (SOW A) requirements, public water
supply systems are required to do routine sampling and monitoring of drinking
water from their water systems. Prior to the publication of CROMERR, EHS was
receiving this data from many North Dakota laboratories via e-mail. EHS created
ERIS in part so they could receive this data electronically in a CROMERR-
compliant manner.  A U.S. EPA Environmental Exchange Network Grant is
helping to fund ERIS'  development. ERIS is the first approved application for a
system that only accepts reports that do not require electronic signature. Such
systems are not subject to the CROMERR requirements in section 3.2000(b)(5),
specific to electronic signatures. Accordingly, the ERIS system design and
associated CROMERR application checklist do not address these electronic-
signature-specific requirements.

The North Dakota Solution to Meeting CROMERR
Requirements
ERIS' platform is an SQL Server Database accessed through web pages. To
protect against transmission errors and maintain secure internet transmissions,
ERIS uses an SSL (Version 3). Users access the system after submitting a correct
username and password that are supplied by the ERIS administrator. In the ERIS
system users can be associated with multiple facilities, but will have access only to
those facilities with which they are associated. The system calculates a 32-byte
checksum of submitted files using SHA-256 algorithm prior to uploading the
report, and stores this checksum in the database with the copy of record (COR).
The system recalculates the checksum when the COR is saved to the server and
verifies that the original and recalculated checksums match. Matching checksums
provide evidence that no transmission errors occurred and that the document has
not been altered since the time the original checksum was calculated.

The database where each uploaded file is stored has an audit log that tracks all
users who access the database. This log is only accessible to database
administrators and  can not be accessed by any ERIS users or other ERIS

-------
                       OFFICE OF
                       ENVIRONMENTAL
                       INFORMATION:
administrators. The databases where the records are stored are all on the North Dakota Information Technology
Department (ITD) servers. These servers are in a server cluster that used Redundant Array of Independent Disks
(RAID) to ensure data is not lost in the case of a server failure.

-------