CROMERR Applied to Industrial Pretreatment

Linko Data Systems, Inc.

Pretreatment & Fats Oil and Grease Software

www.Linkoweb.com

By Skip Feeney

2

Discussion Overview

Background and Goals of CROMERR Electronic Reporting Basics What Applies to Pretreatment Receiving System Requirements Receiving System Approval Process

3

Perspective

This presentation is designed to introduce industrial pretreatment programs to CROMERR. The content is based on Linko’s interpretation of the rule, discussions with EPA and Linko’s experience with Electronic Reporting software.

Programs seeking to implement electronic reporting systems should contact the EPA directly for guidance.

4

What is CROMERR

CROMERR Stands for Cross Media Electronic Reporting Rule

Legal framework allows for the submission and storage of electronic compliance documents

5

What is CROMERR (cont)

Sets mandatory performance based standards for electronic reporting systems

Sets Requirements for reporting to the EPA

Requires EPA approval of electronic reporting systems within approved programs

6

What is CROMERR (cont)

Modification to the Code of Federal Regulations (CFR).

– 40 CFR Part 3 – Cross-Media Electronic Reporting

– 20 Parts to 40 CFR modified, including 403

– Hazardous Waste to Asbestos to Wastewater

7

Who is Affected?

Regulated Industry

EPA

State, Tribe and Local Governments– EPA Authorized Programs – Pretreatment Programs

8

Background of CROMERR

Stems from the Government Paperwork Elimination Act

Proposed August 31, 2001

Federal Registry October 13, 2005

Effective as of January 11, 2006

9

Goals of CROMERR

Reduced cost and burden for entities submitting and receiving documents

Reduces the likelihood of data entry errors

Improved reporting efficiency

Must be legally enforceable

10

Electronic Reporting

An automated exchange of electronic data between two or more organizations in a standardized format

11

Examples of Electronic Reporting

Bank Transfers Tax Submissions California will be receiving municipal SSO

Reports Electronically Alaska has an Electronic Reporting System

for Fishery data

12

What Applies to Industrial Pretreatment

Guidance in section VI.E the final ruling. – Requirements for Electronic Reporting Under EPA-

Authorized Programs

Actual regulation modifications can be found in Subpart D – § 3.1000 and § 3.2000

13

What Applies to Industrial Pretreatment

•40 CFR Part 3 is dedicated to CROMERR

14

What Applies to Industrial Pretreatment

15

Pretreatment Electronic Reports

IUs may submit the following reports:

– Baseline Monitoring Reports – Pretreatment Standards Report – Periodic Compliance Reports – Reports Made By Significant Industrials Users

16

6) Sends Secure/ Encrypted Document

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data2) Enter Data Into System

4) Review Certification Statement

5) Sign Electronic Signature

7) POTW Receives Report

1) Collects Compliance Data

POTWIndustry

Electronic Reporting Process

3) Review Document ContentTo IU

17

Electronic Receiving System Requirements

Receiving system requirements – Section VI.E. of the preamble – 40 CFR, Part 3 §3.2000

Maintain enforceability of paper based systems

Following the requirements of Section VI.E

18

1) Timeliness of Data Generation

System must quickly accept and respond to document submissions

19

2) Copy of Record

True and correct copy of the document that was received

Include all electronic signatures that have been executed

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data

7) POTW Receives Report

POTWBased on program or enforcement staff needs the system must maintain copy of record standards:

20

2) Copy of Record (Cont)

Copy must include date and time of receipt

Must be viewable in human-readable format

Provide timely access to records

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data

7) POTW Receives Report

POTW

21

3) Integrity of the Electronic Document

Once submitted documents may not be changed without detection

Achieved through:– System Security – Deter internet hackers– Access Control – Internal system security– Secure Transmission – Encryption processes– Digital Signature Protections - Hashing

22

4) Document Must be Knowingly Submitted

Provide evidence that the submitter knowingly confirmed the submission process.

Send out of band acknowledgement of submission – Record at least the date, time, contact and

the address to where the acknowledgement was sent.

23

5) Opportunity to Review and Repudiate

Submitter must be notified that their submission was received

Ensure the opportunity to review and repudiate their submission

POTW must identify process to address the repudiation of a record

– Identify acceptable repudiation time period

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data

7) POTW Receives Report

POTW

24

6) Validity of Electronic Signature

Electronic Signature is a unique digital ID for a specific person

Electronic Signature Device is software or a set of code which creates a unique and identifiable digital signature

Most common forms of digital signature devices include: PKI (public key infrastructure) certificate and PIN. – VeriSign and Entrust are Third party PKI providers

25

Validity of Electronic Signature (Cont)

Verification of signature device owner prior to accepting electronic signature

Verification that the document is unchanged since the execution of the digital signature.

Must verify the signer has the authority to make such submissions

26

7) Binding Electronic Signature to Document Submission

As discussed in “Copy of Record Provision”, an electronic signature must be bound to the electronic document

Electronic signatures can be used to identify if a document has been modified

Electronic signatures are required wherever the corresponding documents require handwritten signatures

27

8) Opportunity to Review

Similar to # 3 “Opportunity to Review and Repudiate”

Review of content being submitted as truthful and accurate– Must be in a human

readable format 6) Sends Secure/ Encrypted Document

2) Enter Data Into System

4) Review Certification Statement

5) Sign Electronic Signature

1) Collects Compliance Data

Industry

3) Review Document Content

28

9) Understanding Act of Signing

A prominently displayed statement that there are criminal penalties for false certification must be clearly visible at the place of signing

Complete a Subscriber Agreement 6) Sends Secure/

Encrypted Document

2) Enter Data Into System

4) Review Certification Statement

5) Sign Electronic Signature

1) Collects Compliance Data

Industry

3) Review Document Content

29

Example Certification Statement

30

10) Subscriber Agreement

Subscriber must sign an electronic signature

agreement document requiring the individual to:

Protect signature device from compromise– Do not share device information– Do not delegate the use of such device

Be held legally accountable by an electronic signature

31

11) Acknowledgement of Receipt

System must Send out-of-band acknowledgement of document receipt

– Email sent to address on file

– Letter sent to address on file

Must store a record that an acknowledgement of receipt was sent

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data

7) POTW Receives Report

POTW

To IU

32

11) Acknowledgement of Receipt

Common uses of out of band acknowledgements include:

– Bank notifying you if personal information has been altered

– On line account registration notification

– Investment records have been modified

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data

7) POTW Receives Report

POTW

To IU

33

12) Signatory Identity Determination

Verification of signature device owner prior to accepting electronic signature

Verification must be completed with legal certainty

10) Store Copy of Record

9) Valid Signer

8) Valid Electronic Signature

11) Send Acknowledgement

12) Process Report/Data

7) POTW Receives Report

POTW

34

EPA Approval Process

To participate, each IPP must submit an application to the EPA– CROMERR Check List– Fact Sheets

EPA’s Technical Review Committee (TRC) reviews receiving system

35

Application Requirements

Certify legal coverage of electronic reporting

Document receiving system

Systems upgrade schedule

Other information requested by EPA administrator

36

System Review Process

EPA response within 75 days

Amendments reviewed within 30 days

37

Summary

CROMERR enables Pretreatment Programs to receive electronic compliance reports from IUs

Requires a comprehensive application process

CROMERR sets rigorous standards for electronic document receiving systems.

38

Additional Resources

Contact Mrs. Evi Huffer at the Office of Environmental Information within EPA: huffer.evi@epa.gov

Online Copy of Rule is available: http://www.epa.gov/fedrgstr/EPA-GENERAL/2005/October/Day-13/g19601.htm

Skip Feeney can be reached for questions at: skip@linkoweb.com or 877-546-5699