[Federal Register: January 31, 2007 (Volume 72, Number 20)]
[Notices]
[Page 4526-4527]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr31ja07-76]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
Intent To Request Approval From OMB of One New Public Collection
of Information: Pipeline Security Awareness (CD-1) Effectiveness
Assessment
AGENCY: Transportation Security Administration, DHS.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Transportation Security Administration (TSA) invites
public comment on a new information collection requirement abstracted
below that we will submit to the Office of Management and Budget (OMB)
for approval in compliance with the Paperwork Reduction Act.
DATES: Send your comments by April 2, 2007.
ADDRESSES: Comments may be mailed or delivered to Katrina Kletzly,
Attorney-Advisor, Office of the Chief Counsel, TSA-2, Transportation
Security Administration, 601 South 12th Street, Arlington, VA 22202-
4220.
FOR FURTHER INFORMATION CONTACT: Katrina Kletzly at the above address,
or by telephone (571) 227-1995 or facsimile (571) 227-1381.
SUPPLEMENTARY INFORMATION:
Comments Invited
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C.
3501 et seq.), an agency may not conduct or sponsor, and a person is
not required to respond to, a collection of information unless it
displays a valid OMB control number. Therefore, in preparation for OMB
review and approval of the following information collection, TSA is
soliciting comments to--
(1) Evaluate whether the proposed information requirement is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
(2) Evaluate the accuracy of the agency's estimate of the burden;
(3) Enhance the quality, utility, and clarity of the information to
be collected; and
(4) Minimize the burden of the collection of information on those
who are to respond, including using appropriate automated, electronic,
mechanical, or other technological collection techniques or other forms
of information technology.
Information Collection Requirement
Purpose of Data Collection
As prescribed by the President in Homeland Security Presidential
Directive 7 (HSPD-7), the Department of Homeland Security (DHS) was
tasked to protect our nation's critical infrastructure and key
resources (CI/KR). Through the National Infrastructure Protection Plan
(NIPP), DHS gives a guidance and direction as to how the Nation will
secure its infrastructure. Furthermore, HSPD-7 and the NIPP assigned
the responsibility for infrastructure security in the transportation
sector to TSA. To this effect, the NIPP further tasks each sector to
build security partnerships, set security goals and to measure their
effectiveness. Through its Corporate Security Review Program, TSA has
conducted reviews of numerous pipeline systems in which various aspects
of each company's security program are analyzed. Through this review
process, TSA has determined that improved security awareness training
for pipeline company employees would be useful. The OMB control number
assigned to the Corporate Security Review Program is 1652-0036. To
increase the security awareness levels across the pipeline industry,
TSA plans to develop and distribute a Security Awareness Training
compact disk (CD-1) to interested pipeline companies. In order to
measure the effectiveness of CD-1 on raising company security
awareness, TSA will solicit voluntary feedback from pipeline companies
seeking to utilize the CD-1.
In order to participate, interested companies may respond to TSA's
announcements regarding the CD-1 availability and ordering instructions
through all applicable pipeline industry Web sites. The CD-1 training
will be available to all pipeline companies upon request to TSA.
Participation in the feedback survey will also be voluntary to those
pipeline companies that requested and received the CD.
TSA will collect the feedback regarding CD-1 performance via online
survey, which will be managed by a contracted third-party survey
company. The survey results will be used to guide TSA on future
pipeline transportation security initiatives. TSA plans to conduct the
data collection over a two- to three-year period in order to allow for
[[Page 4527]]
maximum distribution and use of CD-1 throughout the industry, and for
participating companies to complete full training cycles.
Description of Data Collection
TSA will ask participating companies that complete the Security
Awareness Training CD-1, to log on to a TSA-managed secure Web site to
provide feedback on the effectiveness of the training.
Respondent companies may respond with feedback in one of two ways:
(1) They may choose to submit one subjective, corporate response as to
the employee participation levels or effectiveness of the CD-1 (i.e.,
the CD-1 significantly increased the security awareness levels for a
majority of Company X's employees); or (2) they may provide objective
information based on their company's own survey of its employees. For
metrics purposes, TSA will also request that participating companies
provide the total number of company employees, the number of employees
who have completed the CD-1 training, and the numbers of projected
employees that will complete the training in the future. In many cases,
a single company may own more than one pipeline transmission or local
distribution system, thus, a single CD-1 and corresponding
effectiveness survey responses may represent more than one individual
pipeline system. In order to discern the total number of pipeline
companies utilizing the CD-1, TSA will inquire as to the number of
individual pipeline systems that will be using the CD-1, in the event a
parent company is requesting the CD. However, because participation in
the CD-1 training and providing feedback in voluntary (that is, some
companies that may utilize the CD-1 may not provide feedback), the TSA
metrics will be based solely on companies that provide feedback.
In order for interested companies to submit information, TSA will
set up a separate file for each company on the secure Web site into
which each company can provide feedback. TSA will provide each company
or individual pipeline system with a password in order to access their
individual company or system file. Companies/individual systems may
access and update the information contained within their file at any
time. The name of the participation company or point or contact
information will be collected only for the purpose of setting up the
company feedback file and for identify verification when companies log
onto the Web site.
Use of Results
The primary use of this information is to allow TSA to assess the
effect of the CD-1 project on raising the baseline level of security
awareness within the pipeline industry. The secondary purpose of this
information is for TSA to obtain, based on individual company input, an
indication of CD-1 user participation and employee participation levels
throughout the pipeline industry.
Frequency
Most companies administer their security awareness training
curriculum on an annual or biannual cycle. Therefore, a company would
provide TSA sufficient feedback approximately every two years.
Typically, companies will generate quarterly or annual reports on
employee training progress. Thus, companies may submit updated feedback
between one and four times per year, which TSA equates to an average
frequency for this collection of two times per year. The time companies
expend to respond to this collection will vary slightly depending on
whether a company chooses to submit an overall company subjective
opinion response provided by a knowledgeable corporate official, or an
objective response based on results of its own training feedback
survey. However, if a company chooses to submit one overall company
opinion, it is likely that a person with some familiarity with the
company's security posture will be responsible for providing the
feedback survey. Regardless of whether a company submits an objective
response based on the results of its own training course survey, or an
opinion of one corporate official, the only time expenditure required
would result from electronically entering the requested information on
the TSA survey Web site. This is because the information gathered will
already be in the possession of the company and therefore, impart no
additional burden on the respondent.
Out of approximately 2,200 individual pipeline companies, TSA
estimates that on an annual basis an average of 300 companies will
provide feedback on the CD-1. TSA estimates the average hour burden per
response per pipeline company or system will be approximately 20
minutes. Assuming that, on average, a company will update their
feedback twice per year, TSA estimates the total annual hour burden
will be 40 minutes per pipeline company or system. Therefore, TSA
estimates the total annual hour burden will be approximately 200 hours
per year for all pipeline industry participants [300 companies x 40
minutes = 200 hours].
Dated: Issued in Arlington, Virginia, on January 23, 2007.
Peter Pietra,
Director of Privacy Policy and Compliance.
[FR Doc. 07-369 Filed 1-30-07; 8:45 am]
BILLING CODE 9110-05-M