[Federal Register Volume 72, Number 20 (Wednesday, January 31, 2007)]
[Notices]
[Pages 4526-4527]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 07-369]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration


Intent To Request Approval From OMB of One New Public Collection 
of Information: Pipeline Security Awareness (CD-1) Effectiveness 
Assessment

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) invites 
public comment on a new information collection requirement abstracted 
below that we will submit to the Office of Management and Budget (OMB) 
for approval in compliance with the Paperwork Reduction Act.

DATES: Send your comments by April 2, 2007.

ADDRESSES: Comments may be mailed or delivered to Katrina Kletzly, 
Attorney-Advisor, Office of the Chief Counsel, TSA-2, Transportation 
Security Administration, 601 South 12th Street, Arlington, VA 22202-
4220.

FOR FURTHER INFORMATION CONTACT: Katrina Kletzly at the above address, 
or by telephone (571) 227-1995 or facsimile (571) 227-1381.

SUPPLEMENTARY INFORMATION: 

Comments Invited

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3501 et seq.), an agency may not conduct or sponsor, and a person is 
not required to respond to, a collection of information unless it 
displays a valid OMB control number. Therefore, in preparation for OMB 
review and approval of the following information collection, TSA is 
soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.

Information Collection Requirement

Purpose of Data Collection

    As prescribed by the President in Homeland Security Presidential 
Directive 7 (HSPD-7), the Department of Homeland Security (DHS) was 
tasked to protect our nation's critical infrastructure and key 
resources (CI/KR). Through the National Infrastructure Protection Plan 
(NIPP), DHS gives a guidance and direction as to how the Nation will 
secure its infrastructure. Furthermore, HSPD-7 and the NIPP assigned 
the responsibility for infrastructure security in the transportation 
sector to TSA. To this effect, the NIPP further tasks each sector to 
build security partnerships, set security goals and to measure their 
effectiveness. Through its Corporate Security Review Program, TSA has 
conducted reviews of numerous pipeline systems in which various aspects 
of each company's security program are analyzed. Through this review 
process, TSA has determined that improved security awareness training 
for pipeline company employees would be useful. The OMB control number 
assigned to the Corporate Security Review Program is 1652-0036. To 
increase the security awareness levels across the pipeline industry, 
TSA plans to develop and distribute a Security Awareness Training 
compact disk (CD-1) to interested pipeline companies. In order to 
measure the effectiveness of CD-1 on raising company security 
awareness, TSA will solicit voluntary feedback from pipeline companies 
seeking to utilize the CD-1.
    In order to participate, interested companies may respond to TSA's 
announcements regarding the CD-1 availability and ordering instructions 
through all applicable pipeline industry Web sites. The CD-1 training 
will be available to all pipeline companies upon request to TSA. 
Participation in the feedback survey will also be voluntary to those 
pipeline companies that requested and received the CD.
    TSA will collect the feedback regarding CD-1 performance via online 
survey, which will be managed by a contracted third-party survey 
company. The survey results will be used to guide TSA on future 
pipeline transportation security initiatives. TSA plans to conduct the 
data collection over a two- to three-year period in order to allow for

[[Page 4527]]

maximum distribution and use of CD-1 throughout the industry, and for 
participating companies to complete full training cycles.

Description of Data Collection

    TSA will ask participating companies that complete the Security 
Awareness Training CD-1, to log on to a TSA-managed secure Web site to 
provide feedback on the effectiveness of the training.
    Respondent companies may respond with feedback in one of two ways: 
(1) They may choose to submit one subjective, corporate response as to 
the employee participation levels or effectiveness of the CD-1 (i.e., 
the CD-1 significantly increased the security awareness levels for a 
majority of Company X's employees); or (2) they may provide objective 
information based on their company's own survey of its employees. For 
metrics purposes, TSA will also request that participating companies 
provide the total number of company employees, the number of employees 
who have completed the CD-1 training, and the numbers of projected 
employees that will complete the training in the future. In many cases, 
a single company may own more than one pipeline transmission or local 
distribution system, thus, a single CD-1 and corresponding 
effectiveness survey responses may represent more than one individual 
pipeline system. In order to discern the total number of pipeline 
companies utilizing the CD-1, TSA will inquire as to the number of 
individual pipeline systems that will be using the CD-1, in the event a 
parent company is requesting the CD. However, because participation in 
the CD-1 training and providing feedback in voluntary (that is, some 
companies that may utilize the CD-1 may not provide feedback), the TSA 
metrics will be based solely on companies that provide feedback.
    In order for interested companies to submit information, TSA will 
set up a separate file for each company on the secure Web site into 
which each company can provide feedback. TSA will provide each company 
or individual pipeline system with a password in order to access their 
individual company or system file. Companies/individual systems may 
access and update the information contained within their file at any 
time. The name of the participation company or point or contact 
information will be collected only for the purpose of setting up the 
company feedback file and for identify verification when companies log 
onto the Web site.

Use of Results

    The primary use of this information is to allow TSA to assess the 
effect of the CD-1 project on raising the baseline level of security 
awareness within the pipeline industry. The secondary purpose of this 
information is for TSA to obtain, based on individual company input, an 
indication of CD-1 user participation and employee participation levels 
throughout the pipeline industry.

Frequency

    Most companies administer their security awareness training 
curriculum on an annual or biannual cycle. Therefore, a company would 
provide TSA sufficient feedback approximately every two years. 
Typically, companies will generate quarterly or annual reports on 
employee training progress. Thus, companies may submit updated feedback 
between one and four times per year, which TSA equates to an average 
frequency for this collection of two times per year. The time companies 
expend to respond to this collection will vary slightly depending on 
whether a company chooses to submit an overall company subjective 
opinion response provided by a knowledgeable corporate official, or an 
objective response based on results of its own training feedback 
survey. However, if a company chooses to submit one overall company 
opinion, it is likely that a person with some familiarity with the 
company's security posture will be responsible for providing the 
feedback survey. Regardless of whether a company submits an objective 
response based on the results of its own training course survey, or an 
opinion of one corporate official, the only time expenditure required 
would result from electronically entering the requested information on 
the TSA survey Web site. This is because the information gathered will 
already be in the possession of the company and therefore, impart no 
additional burden on the respondent.
    Out of approximately 2,200 individual pipeline companies, TSA 
estimates that on an annual basis an average of 300 companies will 
provide feedback on the CD-1. TSA estimates the average hour burden per 
response per pipeline company or system will be approximately 20 
minutes. Assuming that, on average, a company will update their 
feedback twice per year, TSA estimates the total annual hour burden 
will be 40 minutes per pipeline company or system. Therefore, TSA 
estimates the total annual hour burden will be approximately 200 hours 
per year for all pipeline industry participants [300 companies x 40 
minutes = 200 hours].

    Dated: Issued in Arlington, Virginia, on January 23, 2007.
Peter Pietra,
Director of Privacy Policy and Compliance.
[FR Doc. 07-369 Filed 1-30-07; 8:45 am]
BILLING CODE 9110-05-M