cromerr applied to industrial pretreatment
DESCRIPTION
CROMERR Applied to Industrial Pretreatment. By Skip Feeney. Linko Data Systems, Inc. Pretreatment & Fats Oil and Grease Software www.Linkoweb.com. Discussion Overview. Background and Goals of CROMERR Electronic Reporting Basics What Applies to Pretreatment - PowerPoint PPT PresentationTRANSCRIPT
CROMERR Applied to Industrial Pretreatment
Linko Data Systems, Inc.
Pretreatment & Fats Oil and Grease Software
www.Linkoweb.com
By Skip Feeney
2
Discussion Overview
Background and Goals of CROMERR Electronic Reporting Basics What Applies to Pretreatment Receiving System Requirements Receiving System Approval Process
3
Perspective
This presentation is designed to introduce industrial pretreatment programs to CROMERR. The content is based on Linko’s interpretation of the rule, discussions with EPA and Linko’s experience with Electronic Reporting software.
Programs seeking to implement electronic reporting systems should contact the EPA directly for guidance.
4
What is CROMERR
CROMERR Stands for Cross Media Electronic Reporting Rule
Legal framework allows for the submission and storage of electronic compliance documents
5
What is CROMERR (cont)
Sets mandatory performance based standards for electronic reporting systems
Sets Requirements for reporting to the EPA
Requires EPA approval of electronic reporting systems within approved programs
6
What is CROMERR (cont)
Modification to the Code of Federal Regulations (CFR).
– 40 CFR Part 3 – Cross-Media Electronic Reporting
– 20 Parts to 40 CFR modified, including 403
– Hazardous Waste to Asbestos to Wastewater
7
Who is Affected?
Regulated Industry
EPA
State, Tribe and Local Governments– EPA Authorized Programs – Pretreatment Programs
8
Background of CROMERR
Stems from the Government Paperwork Elimination Act
Proposed August 31, 2001
Federal Registry October 13, 2005
Effective as of January 11, 2006
9
Goals of CROMERR
Reduced cost and burden for entities submitting and receiving documents
Reduces the likelihood of data entry errors
Improved reporting efficiency
Must be legally enforceable
10
Electronic Reporting
An automated exchange of electronic data between two or more organizations in a standardized format
11
Examples of Electronic Reporting
Bank Transfers Tax Submissions California will be receiving municipal SSO
Reports Electronically Alaska has an Electronic Reporting System
for Fishery data
12
What Applies to Industrial Pretreatment
Guidance in section VI.E the final ruling. – Requirements for Electronic Reporting Under EPA-
Authorized Programs
Actual regulation modifications can be found in Subpart D – § 3.1000 and § 3.2000
15
Pretreatment Electronic Reports
IUs may submit the following reports:
– Baseline Monitoring Reports – Pretreatment Standards Report – Periodic Compliance Reports – Reports Made By Significant Industrials Users
16
6) Sends Secure/ Encrypted Document
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data2) Enter Data Into System
4) Review Certification Statement
5) Sign Electronic Signature
7) POTW Receives Report
1) Collects Compliance Data
POTWIndustry
Electronic Reporting Process
3) Review Document ContentTo IU
17
Electronic Receiving System Requirements
Receiving system requirements – Section VI.E. of the preamble – 40 CFR, Part 3 §3.2000
Maintain enforceability of paper based systems
Following the requirements of Section VI.E
19
2) Copy of Record
True and correct copy of the document that was received
Include all electronic signatures that have been executed
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data
7) POTW Receives Report
POTWBased on program or enforcement staff needs the system must maintain copy of record standards:
20
2) Copy of Record (Cont)
Copy must include date and time of receipt
Must be viewable in human-readable format
Provide timely access to records
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data
7) POTW Receives Report
POTW
21
3) Integrity of the Electronic Document
Once submitted documents may not be changed without detection
Achieved through:– System Security – Deter internet hackers– Access Control – Internal system security– Secure Transmission – Encryption processes– Digital Signature Protections - Hashing
22
4) Document Must be Knowingly Submitted
Provide evidence that the submitter knowingly confirmed the submission process.
Send out of band acknowledgement of submission – Record at least the date, time, contact and
the address to where the acknowledgement was sent.
23
5) Opportunity to Review and Repudiate
Submitter must be notified that their submission was received
Ensure the opportunity to review and repudiate their submission
POTW must identify process to address the repudiation of a record
– Identify acceptable repudiation time period
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data
7) POTW Receives Report
POTW
24
6) Validity of Electronic Signature
Electronic Signature is a unique digital ID for a specific person
Electronic Signature Device is software or a set of code which creates a unique and identifiable digital signature
Most common forms of digital signature devices include: PKI (public key infrastructure) certificate and PIN. – VeriSign and Entrust are Third party PKI providers
25
Validity of Electronic Signature (Cont)
Verification of signature device owner prior to accepting electronic signature
Verification that the document is unchanged since the execution of the digital signature.
Must verify the signer has the authority to make such submissions
26
7) Binding Electronic Signature to Document Submission
As discussed in “Copy of Record Provision”, an electronic signature must be bound to the electronic document
Electronic signatures can be used to identify if a document has been modified
Electronic signatures are required wherever the corresponding documents require handwritten signatures
27
8) Opportunity to Review
Similar to # 3 “Opportunity to Review and Repudiate”
Review of content being submitted as truthful and accurate– Must be in a human
readable format 6) Sends Secure/ Encrypted Document
2) Enter Data Into System
4) Review Certification Statement
5) Sign Electronic Signature
1) Collects Compliance Data
Industry
3) Review Document Content
28
9) Understanding Act of Signing
A prominently displayed statement that there are criminal penalties for false certification must be clearly visible at the place of signing
Complete a Subscriber Agreement 6) Sends Secure/
Encrypted Document
2) Enter Data Into System
4) Review Certification Statement
5) Sign Electronic Signature
1) Collects Compliance Data
Industry
3) Review Document Content
30
10) Subscriber Agreement
Subscriber must sign an electronic signature
agreement document requiring the individual to:
Protect signature device from compromise– Do not share device information– Do not delegate the use of such device
Be held legally accountable by an electronic signature
31
11) Acknowledgement of Receipt
System must Send out-of-band acknowledgement of document receipt
– Email sent to address on file
– Letter sent to address on file
Must store a record that an acknowledgement of receipt was sent
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data
7) POTW Receives Report
POTW
To IU
32
11) Acknowledgement of Receipt
Common uses of out of band acknowledgements include:
– Bank notifying you if personal information has been altered
– On line account registration notification
– Investment records have been modified
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data
7) POTW Receives Report
POTW
To IU
33
12) Signatory Identity Determination
Verification of signature device owner prior to accepting electronic signature
Verification must be completed with legal certainty
10) Store Copy of Record
9) Valid Signer
8) Valid Electronic Signature
11) Send Acknowledgement
12) Process Report/Data
7) POTW Receives Report
POTW
34
EPA Approval Process
To participate, each IPP must submit an application to the EPA– CROMERR Check List– Fact Sheets
EPA’s Technical Review Committee (TRC) reviews receiving system
35
Application Requirements
Certify legal coverage of electronic reporting
Document receiving system
Systems upgrade schedule
Other information requested by EPA administrator
37
Summary
CROMERR enables Pretreatment Programs to receive electronic compliance reports from IUs
Requires a comprehensive application process
CROMERR sets rigorous standards for electronic document receiving systems.
38
Additional Resources
Contact Mrs. Evi Huffer at the Office of Environmental Information within EPA: [email protected]
Online Copy of Rule is available: http://www.epa.gov/fedrgstr/EPA-GENERAL/2005/October/Day-13/g19601.htm
Skip Feeney can be reached for questions at: [email protected] or 877-546-5699