1
RESOLVE
Establishment
of
Electronic
Reporting;
Electronic
Records
Informal
Public
Hearing
Chicago,
Illinois
November
9,
2001
[
To
improve
the
succinctness
of
these
transcripts,
the
facilitator's
comments
have
been
minimized
or
deleted.

Comments
by
hearing
participants
that
were
inaudible
or
not
specifically
about
the
subject
matter
have
also
been
deleted.

Minor
edits
have
been
made
to
improve
readability.
Raw
transcripts
are
available
from
RESOLVE
upon
request.
]

Robin
Roberts:
I'm
not
an
employee
of
EPA,
nor
do
I
advocate
for
any
of
their
policies.
I'm
just
here
to
be
sure
that
we
stay
on
track
in
terms
of
time
and
topic
area
indicated
on
the
agenda.

The
purpose
of
this
informal
public
hearing
is
to
provide
you,
the
interested
public,
with
an
opportunity
to
supplement
your
written
formal
comments
to
EPA
with
oral
comments
and
to
seek
clarification
where
needed
on
a
proposed
rule.
The
proposed
electronic
reporting
and
records
rule
was
published
on
August
31.
The
formal
public
comment
period
ends
November
29
and
written
comments
must
be
submitted
to
the
docket
at
that
time.
Instructions
for
submitting
your
comments
to
the
docket
are
included
on
the
notice
of
the
rule.
There's
a
copy
2
at
the
front
desk
if
you'd
like
to
see
what
those
instructions
are.
This
informal
hearing
is
not
intended
in
lieu
of
submitting
formal
written
comments.
Nonetheless
this
hearing
is
being
recorded
and
a
transcript
will
be
provided
to
the
docket.

I'd
just
like
to
turn
to
the
panel
and
introduce
them
at
this
time.
We
have
Joe
Retzer,
Director,
Collections
Services
Division,
Office
of
Environmental
Information
(
OEI);

David
Schwarz,
the
co­
chair
of
the
Electronic
Reporting
and
Record­
keeping
Work
Group,
also
with
OEI;
and
Michael
Le
Desma,
Office
of
General
Counsel's
liaison
to
OEI.
What
I'll
do
if
you'll
just
pull
out
your
agendas,
you'll
see
that
we're
going
to
start
with
an
overview
of
the
rule 

David
Schwarz:
Okay,
well.
Good
morning.
I'd
like
to,
first
of
all,
thank
you
all
for
coming
out.
I
know
that
some
of
you
have
traveled
a
ways
to
be
with
us,
and
I
know
that
in
today's
environment
that
takes
a
certain
amount
of
effort
and
expense.

And
I
wanted
to
thank
you
for
coming
to
share
your
thoughts
with
us.

Subpart
A
­
General
Provisions:

What
I'd
like
to
do
is
to
take
about
20
minutes
and
give
3
you
a
little
background
and
kind
of
an
overview
of
the
rule,

and
then
I'll
sort
of
take
a
breath.
And
then
I'll
launch
into
the
first
section,
which
is
electronic
reporting
to
EPA.

One
thing
I'd
add
to
what
Robin
has
said
is
that
we'll
also
take
questions
and
try
to
answer
them
to
the
best
of
our
ability,
so
if
you
have
questions
as
well
as
comments,
please
feel
free
to
ask
them.

So
we're
going
to
talk
a
little
bit
about
what
reporting
is
like
in
general
under
EPA
rules,
what
our
electronic
government
goals
and
strategy
are,
and
then
a
little
bit
about
the
rule
in
general,
its
scope,
the
approach,
the
interest
affected,
and
the
general
provisions.
And
that
will
be
the
place
where
I'll
kind
of
take
my
breath.
And
then
we'll
launch
into
the
electronic
reporting
to
EPA.
So
why
don't
we
move
into
the
background.

This
is
a
general
point.
We
don't
need
to
dwell
on
it
too
much,
but
why
are
we
interested
in
electronic
reporting,

electronic
recordkeeping.
Well,
obviously
it
makes
sense.
We
hope
it
will
save
us
money,
time,
and
improve
the
quality
of
the
product.
Something
that
you
may
not
know
is
that
there
is
also
a
federal
mandate
in
something
called
the
Government
Paperwork
Elimination
Act
of
1998,
which
mandates
federal
agencies
to
offer
options
for
electronic
reporting
and
record­
4
keeping
by
October
2003.
So
the
timing
of
the
rule
of
CROMERRR
and
our
other
efforts
are
really,
in
part,
aimed
at
making
sure
that
we
can
comply
with
that
mandate
and
meet
the
deadline.

Reporting
and
record­
keeping
under
EPA
rules
is
a
broad
and
complex
body
of
activities.
There
are
more
than
ten
different
statutory
programs,
as
I'm
sure
most
of
you
know,

air
water,
waste,
drinking
water
and
so
on.
And
there
are
many
different
kinds
of
reports.
There
are
many
different
kinds
of
records.
Record
retention
periods
range
from
three
to
as
much
as
30
years
and
that
creates
certain
problems
and
issues.

In
addition,
EPA
is
probably
the
first
federal
agency
to
address
electronic
government
issues
where
programs
are
run
in
fact
by
state
and
local
agencies
through
some
kind
of
authorization.
So
there's
that
added
layer
of
complexity
of
trying
to
address
the
relationship
between
our
regulations
and
the
state
and
local
agencies
that
carry
them
out.

And
another
way
of
thinking
about
the
reporting
and
record­
keeping
and
thinking
about
the
rule
in
the
state
and
local
governments,
the
overwhelming
majority
of
reporting
is
actually
done
to
state
or
local
agencies.
In
total
that's
97%

of
the
reports
coming
in.
EPA
only
collects
sort
of
3%
of
the
5
reports
that
we
actually
require,
about
400,000
reports
coming
from
about
90,000
facilities.
So
the
state
and
local
component
is
very
important.

Moving
on
to
our
strategy,
we
are
trying
both
with
the
rule
and
in
our
systems
development
to
take
an
agency
wide
approach,
rather
than
a
program­
by­
program
approach.
We
think
that
that
will
give
both
industry
and
the
states
and
local
governments
that
we
deal
with
a
consistent
and
predictable
way
for
all
of
you
to
interact
with
us
electronically.

We
have
a
much
better
chance
of
accomplishing
that
if
we
take
an
agency­
wide
approach.
And
then
of
course,
there
are
issues
of
economies
of
scale.
Doing
this
both
from
a
regulatory
and
a
systems
side
is
expensive.
And
we're
much
better
off,
we
think,
doing
it
once
and
trying
to
cover
everything.

So
as
I
suggested,
it's
a
two­
prong
strategy.
There's
a
systems
side
that
we'll
talk
about
a
little
bit
­
the
central
exchange
system,
which
is
a
single
reporting
portal
to
EPA.

And
then
there's
the
legal
side,
which
we're
of
course
going
to
focus
on
here
today,
the
Cross
Media
Electronic
Reporting
and
Record­
keeping
Rule.
You
can
see
that's
where
the
acronym
came
from,
CROMERRR.
So
I'll
call
it
CROMERRR
from
now
on,

but
that's
what
I
mean.
6
It's
worth
saying
a
little
bit
about
why
we
need
a
rule.

And
some
people
might
think
well
you've
got
GPEA,
that
this
Government
Paperwork
Elimination
Act,
but
GPEA
doesn't
really
override
existing
statutes
and
regulations.
So
to
the
extent
that
they
refer
to
paper,
or
impose
requirements
that
imply
paper,
GPEA
doesn't
address
that.
That
requires
some
sort
of
regulatory
action.
And
in
addition,
GPEA
leaves
federal
agencies
to
determine
on
their
own
how
and
where
to
implement
electronic
reporting
and
record­
keeping.
So
again,
we
need
to
do
something
affirmative
in
a
form
of
a
rulemaking,
to
spell
that
out
in
the
case
of
EPA
programs.

I
guess
the
other
concern,
and
it's
one
that
I
think
is
pretty
evident
throughout
the
proposed
rule
that
you've
read,

is
that
among
other
things,
these
compliance
reports
and
records
that
we're
concerned
with
are
legal
documents.
And
we
want
to
make
sure
that
as
we
convert
it
to
the
electronic
environment,
these
legal
documents
electronically
can
play
the
same
role
that
they
historically
played
on
paper.
And
that
requires
certain
standards.
And
that's
partly
what
the
rule
is
aimed
at
providing.

So,
in
terms
of
applicability,
the
rule
is
quite
broad
but
it
doesn't
cover
everything.
It
applies
to
regulated
companies
reporting
to
EPA.
It
applies
to
regulated
companies
7
reporting
to
states.
It
applies
to
regulated
companies
maintaining
compliance
records,
whether
this
is
directly
under
EPA
program
or
under
some
sort
of
state
or
local
program.
And
it
also
applies
to
states
that
are
implementing
electronic
reporting
and
record­
keeping
programs
under
their
EPA
authorization.
So
that's
what
the
rule,
that's
who
the
rule
applies
to.

A
couple
of
cases
where
the
rule
does
not
apply,
however:

It
doesn't
apply
to
the
interaction
between
states
and
EPA
as
we
exchange
information
between
each
other.
Those
are
administrative
relationships;
they
are
not
governed
by
this
regulation,
or
probably
not
by
any
other.
Similarly,
the
rule
does
not
apply
to
current
reporting
that
occurs
using
some
sort
of
magnetic
medium,
like
a
diskette
or
a
CD
or
a
tape.

I
know
there
are
a
lot
of
programs,
particularly
at
the
state
level,
that
take
reports
on
diskettes.
CROMERRR
does
not
affect
those;
it
does
not
address
those.
So
those
will
remain
as
they
are.

Okay,
let's
turn
to
the
general
approach.
On
the
electronic
reporting
side,
the
general
approach
is
to
require
the
use
of
a
specified
system
that
is
managed
or
provided
by
the
environmental
agency
that
receives
the
report
rather
than
specifying
technologies
and
procedures
in
the
rule.
8
The
rule
really
doesn't
get
into
the
issue
of
what
technologies
or
procedures
have
to
be
used.
It
just
says
you've
got
to
report
to
a
specific
system.
And
the
idea
then
is
to
let
the
design
of
the
system
determine
the
technologies
and
procedures
that
you've
got
to
use
in
a
particular
case.

And
we
think
that
if
we
design
our
systems
correctly,
that
will
ensure
that
the
reporting
meets
the
standards
that
we
need
to
make
them
legally
viable.
So
that's
the
general
approach
to
electronic
reporting.

In
the
case
of
electronic
record­
keeping,
we
also
try
to
stay
technology
neutral
to
the
greatest
extent
possible
by
identifying
general
criteria
for
electronic
records
to
ensure
their
integrity,
authenticity
and
to
keep
them
from
being
repudiated
at
some
point.
The
benefits
of
this
approach,
we
think,
are
that
it
gives
us
a
lot
of
flexibility
to
change
as
the
technology
changes.

One
of
the
things
that
we
learned
early
on,
in
earlier
attempts
to
write
a
rule
that
were
more
technology
specific,

is
that
by
the
time
we
were
ready
to
publish
a
proposal,
the
technology
that
we
were
providing
for
was
already
out
of
date.

And
we
have
no
guarantee
that
that
won't
happen
again
and
again
and
again.
So
we
really
wanted
to
keep
technology
out
of
the
rule.
9
And
that
means
that
if
something
new
and
wonderful
comes
along,
for
electronic
reporting,
for
electronic
transactions,

we
can
introduce
that
by
changing
our
systems,
but
we
won't
have
to
go
back
and
change
the
rule
itself.
So
I
think
that's
a
good
thing.
We
think
that
this
will
give
us
a
simpler
and
shorter,
and
I
put
in
parenthesis
quicker,
I
don't
know
we'll
see
if
it's
quicker,
it's
not
as
quick
as
we
hoped,
rule
making
because
again
it's
not
so
complicated.
If
we
get
into
the
nitty­
gritty
of
having
to
specify
particular
technologies
and
procedures,
it
gets
to
be
a
very
long
and
complicated
rule.
And
we're
trying
to
stay
away
from
that.

And
again,
the
reliance
is
really
on
the
EPA
or
the
state
system
to
make
things
work
right,
rather
than
trying
to
get
companies
to
interpret
and
understand
complex
technical
specifications
in
the
rules.
And
we
think
that
that
will
make
life
easier
for
people.
At
least,
that's
the
hope.

The
core
rule
provisions.
This
in
general
is
what
the
rule
tries
to
do.
First
of
all,
maybe
in
some
ways
most
important,
it
removes
sort
of
with
one
sweep
all
the
current
obstacles
in
the
Code
of
Federal
Regulations
to
electronic
reporting
and
record­
keeping,
whether
they're
explicit
or
whether
they're
implicit
just
in
use
of
terms
that
seem
to
imply
paper.
These
are
all
swept
away.
So
that's
one
thing
10
that
CROMERRR
does.

Again,
on
the
electronic
reporting
side,
it
requires
that
electronic
reports
be
submitted
to
EPA
systems
or
to
EPA
approved
state
systems.
And
it
sets
performance
based
criteria
for
the
state
electronic
reporting
system.
It
sets
standards
for
electronic
records.
And
finally,
it
ties
the
approval
of
state
systems
to
the
existing
legal
structure
...

it's
mainly
a
regulatory
structure
...
that
is
involved
in
EPA
approving
the
state
programs
which
we
have
to
oversee,
given
our
statutory
mandates.
So
we
don't
create
any
new
authority
to
oversee
state
programs;
we
simply
say
that
where
a
state's
introduction
of
electronic
reporting
or
record­
keeping
would
require
EPA
approval,
these
are
the
standards
and
criteria
that
a
state
has
to
satisfy.

So
that's
sort
of
an
overview
of
the
rule.
In
terms
of
the
structure,
what
we've
done
is
actually
create
a
new
part
of
40
CFR
Part
3,
and
currently
the
rule
would
create
four
subparts.
Subpart
A
is
general
provisions;
Subpart
B
is
electronic
reporting
to
EPA;
Subpart
C
is
electronic
reporting
under
EPA
programs;
Subpart
D
is
electronic
reporting
and
record­
keeping
under
EPA
approved
state
programs.
That's
where
we
get
into
the
business
of
approving
state
programs
where
we
need
to.
11
Let
me
just
conclude
this
overview
by
talking
a
little
bit
about
the
general
provisions
and
then
we'll
go
on
and
talk
about
electronic
reporting
to
EPA.
The
general
provisions,

are
really
pretty
simple
and
straightforward.
Basically,
the
rule
says
that
we
allow
electronic
reporting
and
recordkeeping
under
any
EPA
program.
Once
the
program
announces
that
it
is
ready
to
receive
electronic
reports
or
allow
electronic
recordkeeping,
and
so
long
as
the
electronic
reporting
or
recordkeeping
satisfies
the
requirements
in
the
rule.

So
the
idea
is
that
without
any
additional
rulemaking
per
se,
any
EPA
program
that
is
ready
to
start
accepting
electronic
reports
or
allow
electronic
recordkeeping,
can
turn
it
on
for
their
program
by
simply
publishing
a
notice
in
the
Federal
Register.
So
there
doesn't
have
to
be
any
additional
rulemaking.
And
we
don't
know
right
now
exactly
how
many
programs
will
be
ready
to
turn
the
switch
when
the
rule
is
final,
but
our
hope
is
that
many
or
most
of
them
in
fact
will
be,
so
that
the
wait
between
the
publication
of
CROMERRR
and
actually
implementing
electronic
reporting
and
recordkeeping
will
be
very
very
small.
So
those
are
the
general
provisions.

And
now
we
can
turn
to
electronic
reporting
to
EPA,
but
since
we
have
a
couple
of
minutes,
I
could
take
any
questions
12
people
might
have
on
just
this
overview,
if
there
are
any.

Barbara
Foy:
Good
morning.
My
name
is
Barbara
Foy
and
I'm
here
from
Monsanto
Company.
And
I'm
also
here
as
a
representative
of
SQA
Society
of
Quality
Assurance,
an
organization
that
has
a
lot
of
members
who
are
reporters
to
the
EPA.
And
my
question
initially
is
about
the
statement
up
on
the
slide,
once
the
program
announces
that
it's
ready
to
allow
electronic
record­
keeping.

And
my
question
about
that
is
that
currently,
a
lot
of
companies
like
ours
are
already
keeping
records
electronically.
And
so
there's
been
some
requests
for
clarification
on
whether
what
we're
currently
doing
is
recognized
and
whether
there
will
be
some
change
when
these
kinds
of
announcements
are
made.

David
Schwarz:
That's
a
good
question.
I
think
that
nothing
we
are
saying
in
the
rule
is
meant
to
imply
that
we
don't
recognize
existing
records
being
maintained
electronically.
I
think,
well
we'll
talk
more
about
this
when
we
talk
about
electronic
record­
keeping.
When
we
wrote
the
proposal,
I
think
we
vastly
underestimated
the
amount
of
electronic
record­
keeping
currently
occurring
in
the
regulated
community.

And
we
realize
that
this
is
an
issue
with
the
rule.
So
it
may
in
some
way
or
another
I
think
this
particular
element
of
the
13
proposal
is
going
to
have
to
be
adjusted.
And
exactly
what
that
adjustment
will
be,
you
know
I
think
we'll
just
have
to
work
out.
But
we
recognize
that
there's
a
problem
here.

Johannes
Corley:
Hi,
I'm
Johanna
Scorley.
I'm
from
IR4
headquarters
at
Rutgers
University.
My
question
is,
is
this
rule
mandatory,
or
is
it
purely
voluntary
as
it
is
specified
as
I've
read
it
in
that
if
we
keep
paper
records,
do
we
have
to
keep
electronic
records?

David
Schwarz:
I
know
where
this
question
is
going.
I
think
that
depends.
I
mean
I
think
that
may
depend
on
how
one
reads
our
definition
of
electronic
records.
The
intention,
again
when
we
wrote
the
record­
keeping
provisions,
was
not
to
force
people
into
the
category
of
electronic
record­
keeping
against
their
will
and
against
everyone's
intention.
It's
been
pointed
out
to
us
that
in
some
cases,
our
definition
may
have
that
consequence
and
we're,
it's
another
area
that
we're
concerned
about.

Our
intention,
and
we
have
to
think
about
how
to
adjust
the
rule
to
accurately
reflect
this
intention,
is
that
we
certainly
do
not
want
to
force
anyone
to
keep
records
electronically.
That
we
think
is
a
matter
of
company
or
facility
choice.
So
the
intention
is
that
that
remain
a
voluntary
decision.
14
If
the
decision
is
to
keep
records
electronically
or
to
report
electronically,
then
the
standards
in
the
rule
become
mandatory
in
those
cases.
In
other
words,
we
wouldn't
recognize
those
reports
or
records
as
satisfying
EPA
requirements
unless
they
satisfied
the
standards
in
the
rule.

But
the
more
fundamental
issue
of
whether
you're
keeping
records
or
reporting
on
paper
or
electronically,
that
we
intend
a
matter
of
choice.

Dick
Lowery:
Dick
Lowery
with
British
Petroleum.
I'd
like
to
take
the
question
to
the
opposite
side
of
just
looking
and
wondering
is
there
really
anybody
out
there,
other
than
maybe
a
couple
of
ma
and
pa
operations,
that
has
no
electronic
data
as
you
define
it?
In
other
words,
they
have
no
computer,
they
have
no
voicemail
to
a
managed
system
that
has
a
computer.

They're
just
totally
free
and
they're
total
paper.

The
other
side
would
be
is,
people
may
decide
wow,
if
I
don't
go
electronic,
or
I
don't
like
the
electronic
side
in
containment
here,
it's
too
structured,
or
too
constrained,

what
I
would
like
to
do
then
is
put
it
all
on
paper.
And
I
know
we
have
data
in
our
facilities
that
originate
from
a
computer
operation.
Some
electronic
device
that
measures
something
that
gives
a
piece
of
data,
and
if
I
put
that
on
a
piece
of
paper,
does
that
make
it
a
paper
number?
It
is
a
15
computer
number,
an
electronic
digital
value
that
was
stored
someplace
before
I
put
it
on
paper,
and
I
can't
really
separate
the
two
and
go
all
paper.

In
today's
computer
age,
my
comment
is,
I'll
be
curious
as
this
thing
develops
this
afternoon,
is
there
anybody
that
is
totally
paper
with
no
electronic
at
all
that
would
come
under
this
rule?

David
Schwarz:
That
sounded
more
like
a
comment
than
a
question.

Dick
Lowery:
Well
I'm
looking
for
a
response
this
afternoon
to
fill
that
gap.

Subpart
B
­
Electronic
Reporting
to
EPA:

David
Schwarz:
Okay.
Maybe
we
should
move
on
to
the
electronic
reporting
part.
We'll
come
back
to
electronic
records.
Actually
it
will
be
later
this
morning,
in
fact
right
after
the
break.
Or
maybe
sooner
depending
on
whether
or
not
there
are
comments
on
electronic
reporting.

David
Schwarz:
Okay,
we'll
come
back
to
some
of
these
very
interesting
questions,
I'm
sure,
within
the
hour
perhaps.
But
let's
talk
a
little
bit
about
electronic
reporting
to
EPA.

The
general
provisions
for
submitting
an
electronic
document
16
to
EPA
is
first
of
all,
that
EPA
has
to
announce
for
the
particular
report,
say
something
like
a
discharge
monitoring
report,
that
we're
ready
to
take
it
electronically.
And
then,

the
other
requirement
basically
is
that
the
electronic
document
has
to
be
submitted
to
an
EPA
approved
system,
or
an
EPA
system.
And
it
has
to
bear
a
valid
electronic
signature.

And
that
pretty
much
is
the
long
and
short
of
it,
to
unpack
it
a
little
bit
generally,
the
rule
requires
the
use
of
our
central
exchange
system
or
some
other
specified
system.

It
doesn't
go
beyond
that
in
terms
of
specifying
technologies
or
procedures.
You
know,
that
in
a
sense
will
be
determined
by
the
way
that
central
data
exchange
(
CDX)
is
built
and
what
is
required
to
interact
with
it.
And
we
do
talk
quite
a
bit
about
that
in
the
preamble
and
I'll
get
to
that
in
just
a
moment.

That
will
determine
really
what
the
electronic
reporting
interaction
is
like.
And
as
I
said
earlier,
as
technologies
change,
we
can
change
the
central
data
exchange
and
upgrade
it,
move
it
along
as
the
technology
evolves,
that
will
not
change
the
fundamental
rule
here,
fortunately.
The
only
thing
that's
required
is
that
we
will
have
to
provide
you
with
notice
that
we're
making
those
changes
and
I'll
get
to
that
in
a
minute.
17
For
electronic
signatures,
really
the
only
requirement
is
that
they
have
to
be
signatures
that
we
can
validate.
And
again,
that
will
be
determined
partly
by
how
we
set
up
CDX,

what
kind
of
signatures
we
plan
to
accept.
And
we
specified
that
the
signatures
will
have
the
legal
force
of
a
written
signature.

So
that's
pretty
much
what's
in
that
subpart
B.
Since
however
we
do
place
a
lot
of
weight
on
the
use
of
the
central
data
exchange,
I
thought
I'd
say
a
little
bit
about
that.
We
do
describe
it
extensively
in
the
preamble.
The
rule
and
CDX,

we
like
to
say,
are
kind
of
bound
at
the
hip.
The
rule
in
a
way
sets
many
of
the
requirements
for
the
system,
as
a
system
for
receiving
compliance
reports.
And
it
relies
on
the
system
by
and
large
to
ensure
that
what
we're
going
to
get
are
going
to
be
legally
viable
electronic
transactions.

The
preamble
on
the
proposal
provides
substantial
public
notice
on
how
we
currently,
or
currently
as
of
when
we
wrote
that,
plan
to
build
CDX
and
operate
it.
And
to
the
extent
that
we
change
that
over
the
years,
and
I'm
sure
we
will
as
time
goes
on,
the
rule
requires
that
we
provide
public
notice,

particularly
in
cases
where
the
change
is
going
to
affect
how
it
works
for
you.
So
we're
not
just
going
to
change
it
willy
nilly.
18
The
next
slide
is
an
early
conceptual
picture
of
the
system.
I
don't
know
how
helpful
it
is,
but
the
idea
generally
is
that
we
would
have
what's
sometimes
referred
to
as
an
enterprise
wide
platform
for
accepting
submissions
from
companies
and
states
that
would
probably
be
able
to
accept
them
in
a
variety
of
formats,
some
standard,
some
nonstandard
We'd
also
support
Web­
enabled
transactions,
those
forms
that
you
fill
out
online.
And
the
system
would
also
support
an
electronic
signature
process
which
would
include
validation.

If
we
use
a
public
key
infrastructure
based
digital
signatures,
we
would
probably
try
to
use
those
being
adopted
government­
wide,
under
something
called
ASIS
and
I
can't
remember
what
ASIS
stands
for,
but
it's
meant
to
provide
certificates
that
would
ultimately
be
valid
for
interaction
with
any
federal
agency.
And
that
seems
to
us
like
a
good
idea
because
that
way
we
won't
have
to
manage
a
bunch
of
different
certificates.

And
the
system
would
provide
a
way
of
interacting
with
that.
It
would
interact
with
our
legacy
systems.
It
would
be
kind
of
a
data
pass
through.
For
example,
if
you
submitted
a
discharge
monitoring
report
in
some
sort
of
batch
format,
like
an
Excel
spreadsheet
or
in
XML
format,
the
system
would
19
translate
that
and
pass
it
through
to
our
permits
compliance
system.
So
I
mean
it's
currently
operating
as
a
sort
of
interim
system.
We
are
taking
data
uploads
from
the
states.

We
are
taking
submissions
in
certain
cases,
for
example
the
Toxic
Release
Inventory.
I
think
we
took
about
a
thousand
submissiona.

Joe
Retzer:
About
a
fifth
of
the
companies
were
invited
to,

given
the
opportunity
to
electronically
report
it.

David
Schwarz:
And
as
we
move
forward
with
CROMERRR,
and
as
we
tighten
up
some
of
the
details,
adjust
some
of
the
requirements,
we'll
go
forward
over
the
next
two
years
and
build
this
into
the
production
system.
It
will
manage
all
the
electronic
reporting,
we
hope,
between
companies
and
EPA.
So
that's
CDX
in
general.

Why
we're
taking
this
approach,
well,
probably
a
big
reason,
is
simply
economies
of
scale.
You
know,
a
system
like
that
is
complicated.
It
needs
to
be
managed;
it's
expensive
to
build.
And
we
just
want
to
do
it
once.
So
that's
one
reason.
We
think
that
it
will
simplify
and
standardize
the
agency's
management
of
these
electronic
transactions.
And
it
will
give
us
an
increased
ability
to
integrate
and
distribute
what
we
get
to
the
programs
to
the
public
to
interested
companies
and
so
on.
It
will
be
just
much
more
efficient.
20
I
think
from
the
perspective
of
people
outside
the
agency,
taking
this
approach
will
also
be
beneficial.
It
will
give
you
a
consistent
uniform
user
interface
and
a
consistent,

sufficient
procedures.
You
won't
have
to
do
it
10
or
20
different
ways
if
you
deal
with
10
or
20
different
EPA
programs.
We're
going
to
try
to
make
it
as
uniform
as
possible.
And
I
think,
particularly
for
companies
that
have
high
volume
submissions
across
the
budget
programs,
I
think
that
will
enhance
the
ability,
your
ability
to
automate
your
interaction
with
EPA
to
the
extent
that
you
want
to
down
the
road.
It
will
create
that
opportunity
anyway.
So
those
are
some
of
the
reasons
why
we're
taking
this
approach.

I
guess
the
other
thing
I
should
talk
a
little
bit
about
is
the
CDX
registration
process,
that
is,
what
happens
when
you
initially
sign
up
as
a
user
of
this
system
to
submit
reports
to
EPA.
And
right
now
we're
thinking
about
a
two
phased
process.
One
is
just
an
interaction
between
you
and
us,
where
you
basically
sign
up
to
use
the
system.
And
you
get
an
account
and
password
and
a
log
on
ID.
And
we
create
some
kind
of
section
of
our
Web
site
for
you,
that
has
controlled
access,
that
is
your
mailbox
on
the
system.
So
that's
one
part
of
the
registration
process.

The
other
part
would
be
for
the
assignment
of
an
21
electronic
signature.
If
we
do
use
public
key
infrastructure
certificates,
we
don't
plan
to
be
the
certificate
authority.

And
we
don't
plan
to
take
whatever
data
is
required
to
establish
your
identity
for
purposes
of
issuing
a
certificate.

That
would
be
a
commercial
enterprise.
And
we
will,
as
a
part
of
the
registration
process,
kind
of
link
you
to
them,
but
beyond
that,
that
will
be
an
interaction
between
you
and
whatever
company
(
for
example,
VeriSign
or
Entrust)
that
actually
issues
you
your
certificate.

So
that
would
be
the
two
phases
of
the
process.
One
is
the
registration
with
us;
the
other
is
the
obtaining
of
your
digital
certificate.
And
that's
how
we're
thinking
about
that.

Eric
Van
Gestel:
Eric
Van
Gestel,
CEO
of
Enverity
Corporation
and
we
actually
build
enterprise
software
solutions.
So
it's
very
important
for
me
to
know
when
the
types
of
data,
when
it
would
be
known
what
types
of
data
could
be
received
by
the
system,
so
that
we
make
sure
that
we
don't
build
something
that
would
be
obsolete.
So
my
question
is
two
fold.
One,
and
I
recognize
that
it's
a
little
tough;
it
depends
on
what
kind
of
comments
you
get
and
whether
the
proposed
rule
goes
final
and
all
that,
but
do
you
have
a
rough
idea
of
when
the
kind
of
the
technical
specifications
of
the
CDX
will
be
available
and
22
is
there
any
plan
for
a
pilot
program,
for
a
number
of
companies
and
perhaps
municipalities
to
participate
in
a
first
stage
as
kind
of
a
beta
test?

Joe
Retzer:
We
actually
have
been
doing
a
fair
amount
of
testing
as
David
mentioned.
We
have
sort
of
an
interim
central
data
exchange
that's
up
and
operating
now.
There's
two
major
types
of
reporting
that
are
coming
in.
One,
as
David
mentioned,
the
vast
majority
of
the
reports
under
EPA
regulations
are
received
by
states.
And
then
we
get
huge
uploads
of
that
data
from
states.
So
one
thing
we're
doing
is
working
on
the
state
to
EPA,
and
EPA
to
state
interactions.

And
we
now
have
done
that
for
a
couple
of
programs
there,
and
we're
working
on
bringing
in
the
others.

The
other
is
the
direct
reporting
to
EPA.
And
that's
very
important
to
us
but
there's
less
of
that.
What
we
have
done
there
so
far
is
worked
with
the
Toxic
Release
Inventory
program,
and
we've
actually
tested
a
couple
of
signature
approaches
there.
We
did
a
public
key
infrastructure
(
PKI)

test
just
this
summer
as
well
as
another
approach
where
people
used
a
digital
signature,
not
a
PKI
one,
but
also
mailed
us
a
paper
certification
letter.

For
next
year,
since
we
probably
won't
have
the
regulation
finally
in
place
and
the
collection
is
June
and
the
23
information
technology
(
IT)
decisions
had
to
be
made
this
fall,
basically
for
that
program
is
pushing
this
new
TRI
ME
CD
software
and
we
have
actually
built
electronic
reporting
into
that.

So
just
like
on
your
tax
software,
TurboTax
or
whatever,

where
you
can
just
go
push
on
a
button
and
say,
if
you
want
to
send
it
electronically,
this
is
what
you
need
to
do.
For
TRI
reporters,
next
year,
they
use
TRI­
ME.
They'll
simply
be
able
to
do
that.
If
they
want
to
send
it
through
CDX,
all
they
have
to
do
is
follow
the
directions
that
are
already
built
into
the
software
to
report
electronically.

We're
also
doing
a
few
tests
for
a
couple
of
reports
on
the,
under
the
Toxic
Substances
Control
Act
(
TSCA)
program.

Health
and
safety
studies
are
some,
and
I
think
it's
the
PMN
cover
sheets,
the
non­
confidential
business
information
(
CBI)

part
of
that
program,
to
start
testing
some
of
that.
So
we
do
have
testing
underway.

In
response
to
the
other
part
of
your
question
about
the
broad
specifications
for
CDX,
we
have
made
a
decision
for
purchasing
the
basic
components
of
the
permanent
central
data
exchange.
We've
gone
to
the
GSA
millennia
contract,
which
has
maybe
nine
or
ten
of
the
largest
software
integrators
on
it.

We'll
be
going
out
with
our
request
for
proposal
(
RfP)
for
24
that
around
January.
And
that's
actually
an
interesting
contract
because
folks,
even
though
there's
I
think
only
nine
or
ten
primary
contractors
on
the
GSA
contract,
it's
very
easy
for
them
to
partner
with
a
wide
range
of
other
firms
when
they
come
in
for
their
particular
proposal
to
us.

David
Schwarz:
Let
me
add
one
thing
that,
I
don't
know
if
you
noticed
this.
The
CDX
design
specifications,
as
of
about
maybe
a
year
ago,
I
think
are
in
the
docket.
They're
in
the
docket
for
the
rule.

So
unfortunately
I
don't
know
that
that's
available
electronically,
although
if
you
want
that
electronically,
we
might
be
able
to
provide
it
to
you.
Some
of
the
things
are
still
a
little
bit
in
flux,
of
course,
because
the
requirement,
our
concept
of
the
requirements
is
still
somewhat
in
flux.
But
it
will
give
you
at
least
a
basic
idea
of
what
our
thinking
is,
the
general
architecture
and
so
on.
So
you
could
have
that.

Deanna
Heffron:
Deanna
Heffron
from
Ondeo
Nalco
Company.
I
had
a
quick
question
regarding
the
certificate
authority
and
the
firm
that's
going
to
be
identified
for
handling
that
portion.
Is
that
going
to
be
some
sort
of
partnership
set
up
similar
to
Cass
with
the
registry
service
for
identifying
the
naming
and
such
for
PMNs
where
there's
one
individual
and
we
25
have
to
set
up
ahead
of
time
all
of
the
fees
and
the
payments
and
such.
Or
is
this
going
to
be
some
sidebar
multiple
organizations
that
will
be
handling
this
where
you
have
your
options
for
fees
or
renewals
or
anything
of
that
format?

David
Schwarz:
Yes,
the
basic
idea
for
this
is
to
give
you
a
digital
certificate
that
you
can
use
for
signing
reports
to
EPA.
And
it's
basically
a
part
of
the
registration,
not
like
pesticide
registration,
but
individual
registration
for
you.

And
one
of
the
reasons
that
we're
doing
it
outside
of
EPA
is
that
the
goal
under
this
digital
certificate
program
across
government
is
that
these
certificates
will
be
able
to
be
used
if
you
have
a
report
to
FDA
and
to
EPA
and
to
other
federal
agencies.
Eventually,
you'll
be
able
to
use
that
same
certificate
across
all
federal
agencies.

We're
also
starting
to
look
at
next
year,
there
are
a
number
of
states
that
are
starting
to
be
interested
in
public
key
infrastructure­
(
PKI­)
based
systems
for
signatures.

Illinois
is
one
of
them.
And
we're
looking
at
working
with
some
states,
including
Illinois,
for
using
cross
authentication
for
those
certificates.
So
if
you
got
a
digital
certificate
for
Illinois,
you'd
be
able
to
use
it
for
EPA
and
vice
versa.

And
the
best
way
to
do
that,
we
think,
is
not
to
have
EPA
26
try
and
manage
those
certificates,
but
rather
these
third
party
organizations
that
basically
will
do
that
as
part
of
their
business.
That's
what
they're
about.

Deanna
Heffron:
Would
that
be
partnering
with
one
key
firm
that
would
be
handling
all
of
those
issues
across
the
board,

or
will
they
be,
do
you
envision
having
multiple
firms?

David
Schwarz:
EPA
would
probably
be
working
with
one
firm,

but
other
agencies
might
work
with
other
firms.
In
other
words,
they'll
all
agree
to
use
compatible
software
approaches
so
that
the
certificates
will
be
able
to
work
with
each
other.

Male
Participant:
Has
EPA
identified
a
firm?
If
so,
whom
do
we
contact?

Joe
Retzer:
No.

Male
Participant:
Will
there
be
a
fee
charged
by
this
firm?

Joe
Retzer:
No,
the
way
it
goes
is,
as
David
suggested,
is
you'll
come
to
central
data
exchange
to
register.
And
if
that
particular
program
requires
you
to
get
a
digital
certificate,

because
not
all
programs
will,
but
if
that
program
requires
you
to
get
a
digital
certificate,
it
will
just
do
that
through
the
CDX
site.
It
will
take
you
to
the
other
site.
That
site
will
ask
you
for
some
information,
and
you'll
get
back
a
digital
certificate
within
a
few
days.
It
will
check
whatever
information
you
give
that
basically
guarantees
that
it's
you
27
that
they're
dealing
with.

Male
Participant:
Sorry.
Is
there
a
Web
site...

Joe
Retzer:
...
rule
is
that
as
EPA
is
ready
to
go,
because
you
know,
shifting
a
program
from
paper
to
electronic,
and
doing
the
software
so
we
can
translate
it
and
get
the
data
actually
back
into
the
program
system.
Each
program
has
a
little
bit
different
kind
of
requirements
in
how
they
want
to
operate.
That
takes
a
fair
amount
of
work,
so
as
each
program
is
ready
to
go,
they
will
announce,
you
will
be
invited
to
come
to
the
site
and
register.

Probably
the
biggest
direct
reporting
program
we
have
now,
and
kind
of
looking
at
the
list
of
who
signed
up
it
probably
doesn't
affect
you,
is
one
that
involves
reporting
of
drinking
water
laboratory
reports.
And
that
involves
the
folks
from
the
laboratories
registering,
folks
from
states
registering,
and
folks
from
the
local
communities
where
the
water
samples
have
come
from
registering.
And
it's
a
fairly
complicated
and
pretty
ingenious
system.

The
laboratories
send
in
data;
they
register,
send
in
data
to
EPA.
Then
the
localities
and
states
can
log
on
in
a
limited
access
site
to
view
that
data
and
okay
it
before
it
actually
goes
into
the
database.
So
there's
three
sets
of
people
actually
who
are
registering
for
that
system.
28
So
we
only
are
sort
of
opening
the
doors
to
registration
when
we
get
each
program
ready
to
go.
And
the
only
ones
right
now
that
we
have
that
are
direct
reporting
to
EPA
are
some
people
in
the
TRI
program
this
year.
Next
year
if
you
use
TRI
ME,
the
program
software,
everybody
can
report
electronically,

that
does
TRI
directly.
We're
also
starting
some
of
that
working
with
the
TSCA
program,
for
some
of
those
reports.

It's
just
still
in
the
testing
stage.

So
we've
invited
a
few
testers
to
work
with
us
on
those
reports.

Dick
Lowery:
Dick
Lowery,
BP.
Again,
you
may
get
into
it
when
you
go
into
more
details.
But
on
the
signature,
I'm
not
familiar
with
it
in
detail.
Is
the
signature
certificate,
is
that
quite
mobile?
If
I
had
one,
could
I
go
to
my
laptop
here,
or
if
I'm
doing
it
from
home,
or
I'm
traveling
and
I'm
on
the
company
computer.
Or
is
it
tied
to
a
specific
C
drive
on
a
computer?

David
Schwarz:
I
think
the
way,
it
can
be
a
number
of
things,
but
I
think
the
way
we're
thinking
of
it
right
now
is
having
it
tied
to
a
C
drive
of
a
particular
computer.

Dick
Lowery:
So
if
my
manager
has
a
desktop
he
needs
to
carry
it
with
him?
I
mean,
we're
in
a
mobile
society
and
we're
in
an
electronic
society.
29
David
Schwarz:
Well
as
far
as
the
rule
is
concerned,
as
opposed
to
the
specific
design
of
CDX,
I
mean,
that
issue
just
isn't
addressed.
Either
way
would
be
okay.
I
think
our
own
thought
right
now
is
to
tie
it
to
a
particular
computer
and
to
make
it
a
software­
based
certificate
as
opposed
to
a
token
based
certificate
like
a
Smart
Card.

My
sense,
based
on
some
of
the
discussions
I've
had
with
the
enforcement
people
who
care
about
this
is
that
a
token,

based
approach
would
give
you
more
mobility
because
you
could
use
it
in
any
machine
that
was
capable
of
reading
it.
But
a
software­
based
approach
would
be
the
machine
that
the
software
was
on.

Male
Participant:
(
inaudible)

David
Schwarz:
Yes,
I
mean
...

Michael
LeDesma:
Probably
for
some
applications.
Again,
we
see
some
distinction
between
those
things
where
signature
seems
to
be
critically
important
for
the
enforcement
community
and
for
those
who
are
likely
to
make
sure
that
we
have
the
PKI
based
approach.
There
are
other
things
for
example,
these
live
drinking
water
laboratory
reports
that
come
in
to
us.

They
never
had
signatures
on
paper.
They
just
had
come
from
such
and
such
lab.
So
for
them
personal
identification
number
(
PIN)
authentication
is
fine.
30
So
it's
probably
going
to
depend
a
lot
on
the
individual
reports.
In
some
cases,
it
may
well
depend
on
...
see,

because
we
typically
will
work
with
some
members
of
the
reporting
community
before
we
put
the
particular
application
in.
It
may
be,
particularly
as
we
move
toward
getting
CBI
related
reports,
that
industry
is
going
to
demand
the
very
most
secure
kind
of
thing,
not
portability.
We'll
just
have
to
see
as
we
move
forward
to
those.
As
David
mentioned,
those
kinds
of
things
really
aren't
a
function
of
the
rule.
Those
are
the
function
of
the
system
that
we
build.

Craig
Blackham:
I'm
Craig
Blackham
and
I
work
with
O2
Blue
and
we
provide
electronic
reporting
systems
for
states,

actually
Web­
based
electronic
reporting
systems.
When
you
talk
about
certificate
authorities
and
PKI
are
you
talking
about
X.
509
digital
certificates?
Is
that
the
standard
that
you're
kind
of
leaning
toward?

David
Schwarz:
Yes.

Craig
Black:
Okay.
Are
you
looking
at
using
an
XML­
based
data
standard
for
the
CDX
system?

David
Schwarz:
Yes.

Craig
Black:
You
are?

David
Schwarz:
Well,
not
exclusively
but
we're
looking
to
support
that.
31
Craig
Black:
Okay.
If
I
can
make
a
comment
also,
we
in
building
some
of
our
application
for
states,
we
have
found
that
digital
certificates
have
in
some
cases
been
a
barrier
to
participation
for
companies.
And
simply
because
it's,
in
many
cases,
well
it's
like
filing
your
taxes.
I
file
mine,
a
lot
of
people
file
their
taxes
electronically.
But
I
think
that
if
the
IRS
required
digital
certificates
in
order
to
participate
in
that,
it
would
have
a
lot
lower
participation
rate,
just
something
to
think
about
as
you
continue.

I
would
try
and
make
this
digital
certificate
requirements
as
lenient
as
possible.
And
I
can
actually
help
answer
the
question
about
the
mobility.
And
X.
509
digital
certificate
can,
it's
a
software
certificate,
but
it
can
reside
on
a
USV
token,
so
the
certificate's
the
same
whether
it's
on
your
hard
drive
or
it's
on
a
key
fob
or
it's
on
a
Smart
Card.
So
you
can
have
absolute
mobility
with
an
X.
509
certificate.

David
Schwarz:
Can
I
ask
you,
could
you
say
a
little
bit
more
about
why
you
find
the
digital
certificate
to
be
a
barrier?

Craig
Black:
Absolutely.
The,
what
we
have
found
is
that
the
process,
the
authentication
process
required
by
most
certificate
authorities
is
such
that
it
makes
it,
for
example
if
I
actually
have
a
couple
of
digital
certificates.
And
for
32
one
of
them,
I
had
to
actually,
I
had
to
physically
go
there
and
authenticate
myself
with
two
forms
of
ID.
And
I
was
actually
quite
interested
in
obtaining
one.
So
I
would
have
gone
to
whatever
length
necessary
to
obtain
the
digital
certificate
because
I
need
them
to
actually
experiment
and
develop
with.

I
think
a
company
who
can
make
the
decision
to
either
file
the
reports
on
paper
the
way
they
always
have
done,
or
jump
through
a
lot
of
hurdles
to
file
electronically,
nine
times
out
of
ten
they're
going
to
choose
to
do
it
the
way
they're
doing.
Because
they're
comfortable
with
it
and
it
doesn't
require
a
lot
of
extra
steps.
If
the
certificate
authority,
if
you
can
issue
some
sort
of
certificate
policy
and
make
the
authentication
a
little
less
stringent,
because
you
already
know
information
about
companies
and
individuals
that
are
already
filing
with
you.

But
most
certificate
authorities,
because
they
are
guaranteeing
the
authenticity
or
the
identity
of
the
certificate
holder,
will
require
some
sort
of
proof
of
identity;
whether
it's
a
credit
card
and/
or
drivers
license.
I
actually
had
one
certificate
that
I
had
to
show,
I
had
to
fax
in
a
copy
of
my
passport,
my
drivers
license
and
a
credit
card,
and
I
had
to
have
the
statement
sheet
notarized
by
a
33
notary
public
in
order
to
obtain
the
certificate.
And
that
type
of
requirement
to
participate
in
obtaining
a
certificate,

is
stringent.
I
don't,
I
just
don't,
we
don't
have
a
high
rate
of
willingness
to
do
that
in
order
to
file
electronically.

David
Schwarz:
Could
I
ask
you
an
involved
question?
I
guess,
I
seem
to
hear
you
saying
that
if
we
went
with
a
certificate
issuance
that
involves
a
very
low
level
of
authentication
or
identity
proofing
that
that
might
not
be
such
a
barrier.

Craig
Black:
That's
correct.
That's
correct.
If
you
had
a
certificate
authority
that
would
be
willing
to
issue
certificates
on
loose
authentication
basis.

David
Schwarz:
Well,
I
think,
I
mean,
I
guess
our
feeling
is
that
we're
the
customer
and
we
would
want
to
drive
that
train
and
not
have
the
certificate
authority
dictate
that.

Male
Participant:
I
will
be
extremely
concerned
about
somebody
issuing
a
certificate
authority
on
very
loose
identification.

Barbara
Foy:
I
just
had
one
more
comment
and
I
wanted
to
give
an
example
before
I
asked
my
question.
For
a
company
that
comes
to
EPA
for
approvals
for
new
products,
it's
not
a
simple
short
form
kind
of
reporting
format
that
we
would
envision.
34
But
it
would
be
the
submission
of
quite
a
bit
of
information,

perhaps
in
volumes,
and
organized
in
such
a
way
...
but
it
would
be
a
large
amount
of
information
that
might
be
submitted.
And
as
I
understand
the
CDX
system,
if
you
want
that
to
take
all
documentation
that
comes
to
EPA,
those
kinds
of
large
submissions
also
would
come
in
through
your
CDX
system.

For
that
kind
of
a
process,
where
multiple
documents
are
required
within
those
documents,
multiple
individuals'

signatures
are
required
as
part
of
the
underlying
EPA
regulation.
And
so
that
kind
of
a
submission
through
CDX
would
involve
many
documents
with
many
signatures,
as
required
by
the
underlying
law.
So
my
question
is,
does
the
CDX
signature
process
that
you're
envisioning,
that
you're
working
to
put
in
place,
envision
that
complicated
of
a
type
of
document
that
you
might
be
receiving
where
you'll
have
a
variety
of
individual
signatures
associated
with
one
submission?

David
Schwarz:
That's
a
good
question.
And
it's
one
that
we've
been
wrestling
with
a
little
bit.
I
guess
the
answer
is
that
currently
we
haven't
really
thought
through
that
process.

And
we
realize
that
we
need
to.
So
I
very
much
encourage
you
to,
well,
your
example
will
be
recorded
here
but
if
you're
35
submitting
comments,
I
think
that's
a
good
example
to
site,

you
know,
as
you're
raising
the
issue.
I
think
we
need
to
address
that.
I
think
that,
I
don't
think
that
there's
anything
in
the
regulation
itself,
the
regulation
criteria,

that
prohibits
that,
but
I
still
think
we
need
to
think
through
the
implementation.

Michael
LeDesma:
Let
me
just
add
to
that.
As
far
as
I
know,

if
you're
talking
about
things
where
companies
are
currently
submitting
data
either
on
paper
or
on
magnetic
media,
that
we
don't
see
that
necessarily
changing
in
the
short
term.
We're
trying
to
address
those
things
where
there's
a
major
advantage
for
being
able
to
submit
electronically,
not
using
magnetic
media,
and
it's
not
clear
that
there's
a
huge
advantage
for
being
able
to
transmit
over
the
wires,
which
are
handing
in
in
a
CD,
if
you're
just
doing
it
once
every
several
months
when
you
come
in
with
a
new
product.

Our
initial
focus
is
on
those
things
such
as
discharge
monitoring
reports
(
DMRs)
or
things
where
there's
masses
of
data
coming
in,
but
in
smaller
kinds
of
chunks,
and
people
could
sign
the
file.

Tom
Neumann:
My
name
is
Tom
Neumann
from
Monsanto.
I
want
to
extend
Barb's
comments
to
include
work
that's
done
at
contract
laboratories.
We
do
a
lot
of
work
outside
and
we
would
be
36
getting
documents
in
that
would
have
signature
requirements
on
those.
We
would
not
have
access
to
electronic
signature
in
that
case
from
other
companies.
How
do
you
plan
to
address
that
particular
issue?

David
Schwarz:
I
guess
it
depends.
Are
the
signatures
on
the
documents
that
you
get
signatures
that
are
required
...

Tom
Neumann:
Study
director
signatures
or
sponsor
signatures,

that
type
of
thing.

David
Schwarz:
So
these
are,
these
are
signatures
that
are
required
by
EPA
to
be
on
the
document?

Tom
Neumann:
That's
correct.

David
Schwarz:
I
think
that's
very
much
like
the
case
that
the
previous
speaker
was
talking
about.
I
mean,
I
don't
have
an
answer
for
you
today.
It's
certainly
the
kind
of
case
that
we
either
need
to
keep
as
Joe
was
saying
on
a
mag
medium
kind
of
submission,
or
we
need
to
think
through
the
implementation.

Male
Participant:
Just
a
comment
on
this.
I
don't
know,
this
is
probably
going
to
be
quite
open
to
discussion
here,
but
after
the
comments
of
others,
when
I
submit
a
report
that's
for
a
(
inaudible)
of
residue
study,
for
a
registration
(
inaudible)
often
you
use.
For
that,
we
have,
currently
we
have,
everything
on
paper
so
we
have
paper
signatures
of
the
laboratory
research
director,
the
analyst
and
possibly
some
of
37
the
chemists
involved
in
the
study.
Then
we
have
the
study
director
signature,
we
have
the
sponsor
signature,
a
submitter
signature
if
different
from
the
study
director,
and
QA
signature,
so
there
are
several
signatures
on
this.

What
I
thought
was,
if
EPA
could
go
about
just
having
a
certificate
of
authority
to
the
submitting
person,
and
each
organization
then
maintains
its
own
files,
digital
files,
on
electronic
signatures,
something
of
that
effect.
I'm
just
throwing
this
out,
open
to
comment.

David
Schwarz:
Is
there
any
comment
on
that
idea
or
other
comments?

Subpart
C
­
Electronic
Record­
keeping
under
EPA
Programs
David
Schwarz:
Okay,
all
right.
Let's
talk
about
what's
probably
everyone's
favorite
topic,
which
is
electronic
record­
keeping.

The
goals
of
electronic
record­
keeping
are
first
of
all,

to
allow
industry
to
keep
electronic
records
in
lieu
of
paper
records,
to
the
extent
that
current
regulations
provide
an
obstacle
to
this.
And
for
EPA,
to
ensure
that
the
electronic
records
maintained
by
regulated
companies
are
reliable
and
trustworthy
and
are
available
to
EPA
or
to
state
agencies
as
38
required
by
the
regulatory
programs.
So
those
are
the
overall
goals.

The
e­
records
approach
in
general:
The
scope
applies
again
to
recordkeeping
by
regulated
entities
under
all
EPA
and
all
EPA­
authorized
state
programs,
although
we
do
leave
room
in
the
rule
for
exceptions.
We
don't
list
any
in
the
proposal.
We
don't
list
any
exceptions
or
exemptions
in
the
current
proposal
but
there's
a
space
for
them,
should
that
prove
to
be
a
good
idea.
And
the
approach
again
is
general
function­
based
criteria
for
electronic
records
that
we
hope,

or
had
hoped,
would
assure
integrity,
authenticity
and
nonrepudiation
We
are
also
concerned
about
being
consistent
with
existing
compliance
practices.

For
example,
under
the
good
automated
laboratory
practices
program
that
addresses
TSCA
and
FIFRA,
and
with
existing
electronic
records
regulations,
and
I
guess
our
main
model,
since
this
was
really
all
that
has
been
out
there,
is
the
Food
and
Drug
Administration
regulations.
And
we
have
tried
to
be
consistent
with
FDA
to
the
extent
that
a
company
subject
to
both
FDA,
that
is
Food
and
Drug
Administration,
and
EPA
regulations
would
comply
with
EPA
record­
keeping
standards,
if
they
were
complying
with
FDA
record­
keeping
standards.
Our
standards,
I
don't
think,
are
as
stringent
as
39
FDA's
but
they
are
compatible
with
them.

Just
conceptually,
in
terms
of
the
difference
between
our
approach
to
electronic
reporting
and
electronic
recordkeeping
In
the
case
of
electronic
reporting,
since
we're
talking
about
a
transaction
between
companies
and
a
state
or
federal
agency,
we
in
that
case
could
rely
on
the
characteristics
of
the
EPA
or
state­
controlled
system.

In
the
case
of
electronic
recordkeeping,
almost
by
definition,
we're
talking
about
things
that
don't
interact
with
us.
So
we're
addressing
things
that
go
on
in
company
systems,
that
is
a
part
of
the
business
practices
of
the
company.
So
there's
a
kind
of
a
different
problem
in
terms
of
setting
standards.

Anyway,
in
terms
of
the
electronic
record­
keeping
provisions,
and
we've
talked
about
this
a
little
bit
earlier,

the
general
provision
is
that
we
would
allow
electronic
record­
keeping
under
any
EPA
program
once
EPA
announces
for
that
program
that
it
is
ready
to
allow
electronic
recordkeeping
And
we
would
allow
electronic
record­
keeping
so
long
as
the
electronic
record
is
generated
and
maintained
by
an
electronic
record­
keeping
system
that
meets
the
criteria.
And
it's
the
criteria
in
Subpart
C
that
provides
the
substantive
requirements.
40
And
the
criteria
are
laid
out
there.
I
don't
know
that
I'm
going
to
read
them
all
off
to
you,
but
you
can
read
them.

Certainly
a
couple
of
these
we
know
are
controversial,

particularly
the
requirement
that
there
be
an
audit
trail
and
the
requirement
that
archiving
include
the
audit
trail
and
preserve
the
audit
trail
and
other
related
information
if
the
records
are
migrated
to
a
new
system.

There
are
some
special
criteria
in
the
case
where
the
erecords
are
signed.
And
they
include
indicating
enough
information
about
the
signature
so
that
we
know
what
the
signature
means,
for
example,
whether
it
was
a
signature
of
the
reviewer,
an
approver,
et
cetera.
And
we
need
to
be
able
to
link
the
electronic
signature
that's
a
part
of
the
record
to
the
electronic
record
in
a
way
that
the
link
cannot
be
lost.
The
signature
has
to
be
bound
to
the
record
in
some
way.

And
generally
the
electronic
signature
information
that
we
specify
has
to
be
subject
to
the
same
controls
as
the
electronic
records
generally.
So
those,
in
a
nutshell,
are
the
criteria
for
electronic
records
and
we
might
as
well
go
ahead
to
the
comments.

Johannes
Corley:
Johannes
Corley
IR4
headquarters,
Rutgers
University.
Come
back
to
the
point,
which
I
started
with
in
41
the
first
question.
I
think
we
need
to
talk
about
the
definition
of
data
because
as
a
gentleman
here
just
remarked,

a
lot
of
our
data
is
generated
on
computers.
So
is
it
the
zeros
and
ones
that
the
computer
generates
that
would
be
the
original
raw
data,
or
would
...
if
the
organization
was
to
define
it,
the
paper
record
that
is
printed
out,
initialed
and
dated,
suffice
as
the
original
raw
data?
I
think
we
need
some
guidance
on
that
issue
for
starters.

Joe
Retzer:
I
just
have
a
question.
This
is
the
case
where
the
data
is
generated
electronically
but
then
printed,
right?

Johannes
Corley:
Correct.
Let
me
explain.
In
most
cases
nowadays,
data
is
generated
electronically.
I
had
a
discussion
with
some
of
our
labs
a
few
days
ago.
And
they
were
reading
this
and
of
course
a
lot
of
them
didn't
understand
it
completely,
and
said,
you
know
what?
We're
going
to
go
out
and
buy
strip
chart
recorders.
But
that's
beside
the
point.

I
think
we
need
to
define
...
does
EPA
have
any
comment
what
would
be
the
original?
Would
you
like
...
I
mean,
FDA
has
interpreted
it
in
some
ways.
I
don't
know
what's
EPA's
comments.

David
Schwarz:
I
don't
know
that
we
have
a
comment
as
to
what
is
the
original.
I
think
that
we
become
aware
of
the
fact
42
that
as
the
definition
is
written;
a
record
generated
as
you
describe
it
would
probably
fall
within
the
scope
of
the
electronic
record­
keeping
requirements.
And
you
might
very
well
be
required
to
maintain
the
original,
the
originally
generated
electronic
record
of
...
and
maintain
it
under
these
criteria.

Part
of
the
answer,
and
this
is
one
of
the
things
that
makes
the
subject
difficult,
may
depend
on
the
program
specific
regulatory
definitions
of
what
records
are
required
to
be
maintained.
And
in
some
cases,
the
regulations
are
quite
specific,
that
the
originally
generated
raw
data
is
part
of
what
needs
to
be
maintained.
In
other
cases,
this
is
not
specified.
And
that
of
course
would
have
to
determine
the
answer
as
well.

So
I
can't
give
you
an
across
the
board
answer,
but
we
do
recognize
that
this
is
an
area
where
we
need
to
go
back
and
sort
things
out.

Deanna
Heffron:
Deanna
Heffron
with
Ondeo
Nalco
Company.
I
have
a
question
or
request
for
clarification
for
one
of
the
items
specified
in
the
proposed
rule.
It
stated
in
here
that
the
audit
trail
documentation
needs
to
be
retained
for
a
period
at
least
as
long
as
that
required
for
the
subject
electronic
records.
So
does
that
mean
that
there
is
potential
43
that
the
audit
trail
documentation
would
need
to
be
required
and
retained
for
longer
than
the
electronic
record
retention
requirement?

David
Schwarz:
I
don't
know.

Michael
LeDesma:
I
can't
think
of
any
instances
in
which
that
would
be
the
case.
I
think
we
were,
I
think
the
language
there
was
intended
to
allow
folks
to
of
course
keep
it
longer
if
they
thought
it
was
important
for
business
purposes.
But
I'm
not
sure
I
can
answer
that
question
across
the
board
and
say
that
that's
going
to
be
true
in
all
cases.

I
can't
personally
envision
any
instances
within
which
we
would
invoke
that
provision
to
require
that
the
audit
data
needed
to
be
maintained
longer
than
is
required
by
the
underlying
record­
keeping
requirement
in
the
program.

But
I
would
encourage
you
to
make
that
comment
in
writing
so
that
we
can,
so
that
we
can
put
that
to
our
program
folks
and
say
is
there
ever
any
instance
where
you
would
want
us
to
keep
the
audit,
or
require
that
the
audit
data
be
kept
longer
than
the
existing
record­
keeping
requirement?
My
suspicion
is
the
answer
would
be
a
resounding
no,
that
the
record­
keeping
requirement
specifies
the
period
of
time
that
that's
required
for
the
record
retention.
I
think
there
would
frankly
be
no
reason.
I
mean,
the
goal
here
is
to
create
a
parallel
or
an
44
equivalency
between
paper
and
electronic
record­
keeping.
And
not
to
exceed
that
equivalency.

Craig
Black:
Craig
Black
I'm
with
O2
Blue.
It
sounds
like
the
data
definitions
for
CDX
have
not
yet
been
rigidly
defined,
is
that
the
case?

David
Schwarz:
I
think
the
definition
that's
causing
us
some
trouble
is
the
definition
of
an
electronic
record.
And
we,

just
to
give
you
a
little
bit
of
history,
in
taking
over
FDA's
overall
approach
to
electronic
record­
keeping,
we
took
over
some
of
their
definitions,
as
well.
And
I
guess,
in
the
light
of
comments
that
we've
gotten,
and
reflection,
we
now
feel
that
we
need
to
reexamine
some
of
this
in
the
context
of
EPA
programs.

But
I
think
that's
the
kind
of
question
that
you've
been
hearing
the
last
couple
of
minutes
that
goes
back
to
what's
the
definition
of
an
electronic
record.

Craig
Black:
I
think
so.
And
I
think
that's
what
a
lot
of
us
here
are
interested
in:
what
format
do
our
electronic
records
need
to
be
in
in
order
to
be
submitted
to
CDX?
And
that's,

what
we
software
companies
are
concerned
about.

David
Schwarz:
Let
me
just
respond
to
that.
I
think
that's
a
different
question.
The
format
specifications
for
sufficient
submissions
to
CDX
are
not
a
part
of
the
rule,
per
se.
45
They're
a
part
of
the
implementation
design
of
CDX.
And
we
talk
about
some
of
the
formats
we're
considering
supporting
in
the
preamble.

And
they
would
include,
I
guess
we
mention
standard
EDI
transaction
sets
under
ANSI
X.
12
for
example.
We,
I
don't
know
if
we
mention
this,
but
we've
been
considering
accepting
the
output
of
Excel
spreadsheets
and
probably
some
XML
formatted
files,
whether
standard
or
non­
standard.
I
guess
we'll
see
how
that
plays
out,
maybe
some
other
things
as
well.

And
I
guess
the
one
thing
to
bear
in
mind
if
you're
looking
at
this
as
a
software
developer,
is
that
the
bulk
of
the
data
transaction
volume
is
going
to
be
with
the
state
systems
and
your
question,
I
think,
really
needs
to
consider
what
formats
are
the
states
going
to
recognize.
Because
they
will
be,
within
broad
limits,
free
to
make
their
own
decisions
about
that.

So,
what
we're
talking
about
now
are
records
that
are
not
transferred
to
us,
but
records
as
they're
maintained
by
regulated
companies.
So
it's
a
different
question.

Craig
Black:
Okay,
thank
you.

Johannes
Corley:
Going
back
to
the
issue
of
records
which
are
maintained
by
us:
one
of
the
problems
that
we
would
face
if
we're
talking
about
the
electronic
record
being
the
point
of
46
generation
of
the
data,
we're
not
talking
about
simple
programs
that
are
very
widely
available
like
Excel
and
Word.

We're
talking
about
very,
very
instrument
specific
programs.

And
even
today,
when
they
start
standardizing
all
the
computers,
you
know,
we
have
either
IBMs
or
MACs.
You
still
have
very
program,
instrument
specific
programs.
So
this,

would
this
then
involve
archiving
the
entire
computer
or
the
software
or
the
instrument?
Because
sometimes
a
computer
may
not
run
without
being
linked
to
the
instrument.
I
know
they're
changing
some
of
that
now,
but
you
know,
I
mean,
this
raises
a
whole
different
...
I'm
just
trying
to
raise
some
of
the
issues
and
ask
what
you'll
think
about
this.
Thanks.

David
Schwarz:
I
think
it's
a
good
comment
that
you
know,
I
hope
that
it's
one
that
you
put
in
writing
as
well.
I
guess
part
of
the
answer,
I
think,
is
going
to
be
driven
again
by
the
requirements
of
the
particular
EPA
program.

If
for
example,
a
monitoring
report
involves
the
maintenance
of
records,
including
the
raw
data
that
was
used
to
generate
the
values
of
that
report,
like
you
know,
paper
world's
strip
charts.
And
if
these
need
to
be
available
under
the
regulation,
these
are
not
regulations
that
we
write,
but
these
are
the
regulations
that
we're
trying
to
accommodate.

If
these,
in
the
paper
world,
if
they
need
to
be
available
for
47
a
certain
number
of
years,
you
know,
to
be
viewed
by
inspectors
coming
around
to
inspect
whatever
they
inspect.

Then
if
you
move
to
the
electronic
environment,
I
think
you
do
have
to
consider
the
possibility
that
you
know,
if
for
example,
you
have
an
electronic
counterpart
of
the
paper
record
that's
required,
and
it's
only
viewable
or
accessible
by
using
the
piece
of
equipment
or
software,
then
I
think
that
will
be
an
issue.
And
I
don't
think
that
will
be
an
issue
because
of
CROMERRR.
I
think
that
would
be
an
issue
because
of
the
predicate
regulation.

Barbara
Foy:
Barbara
Foy,
Monsanto.
I
had
another
question
to
follow
up
on
the
archiving
aspect
that
CROMERRR
would
be
applicable
to.
And
it
has
to
do
with
some
unique
circumstances
with
some
of
the
EPA
programs
in
that
the
EPA
programs
have
some
of
the
longest
retention
periods
of
any
programs
that
have
been
covered
by
this
kind
of
a
regulation
before.
And
I
think
it
presents
some
unique
challenges
to
the
folks
who
have
to
comply
with
the
archival
requirements.

And
as
I
understand
the
CROMERRR
regulation,
and
the
extent
of
process
that
would
be
involved
in
certifying
that
what
you
archive
is
authentic
and
contains
all
of
the
contextual
information
about
the
electronic
record,
and
so
on
and
so
forth,
it
appears
that
what's
being
presented
would
be
48
an
enormous
change
in
the
program
that's
currently
going
on
in
many
EPA
compliant
companies.

And
along
with
that
would
involve
an
enormous
new
expense
for
those
companies.
And
so
those
concerns
about
the
cost
and
the
extensiveness
of
how
to
comply
with
this
rule,
combined
with
technology
questions
about
is
the
technology
really
available
at
this
time,
to
archive
these
records
for
this
length
of
time,
are
there
ways
to
do
this?
Is
anyone
able
to
demonstrate
that
they
can
actually
comply
with
the
requirements
in
CROMERRR
as
far
as
archiving
is
concerned?

It
just
raised
a
whole
multitude
of
questions
about
archiving
and
the
thought
that
came
to
me
about
that
was
that
it,
at
some
point,
there
would
be
a
way
to
allow
companies
to
transfer
all
of
their
electronic
records
to
paper
for
archival
purposes
only.
It
might
be
a
way
that
companies
could
even
begin
to
conceive
trying
to
keep
good,
complete,
authentic
records
from
electronic
sources
in
a
way
that
we
might
be
able
to
imagine
being
able
to
comply
with
at
this
time.

It
just
seems
like
if
one
of
the
goals
of
CROMERRR
is
to
be
consistent
with
the
Paperwork
Elimination
Act
that
when
it
comes
to
archiving,
it
certainly
is
not
going
to
eliminate
paperwork.
Companies
will,
at
least
at
that
point,
rely
on
paper
records
for
archiving
purposes.
And
it
will
actually
49
result
in
another
process
step,
another
attempt
to
archive
in
an
electronic
manner,
but
at
this
point
in
time,
I
can't
imagine
any
company
will
rely
on
untested
technology
for
archival
purposes.
They'll
probably
still
back
up
and
use
paper
copies
for
archiving
purposes.

Joe
Retzer:
Okay,
thank
you.
I
think
it
might
be
helpful
if,

hopefully
you'll
make
that
comment
written
as
David
said.
If
you
could
be
a
little
specific
about
your
circumstances,
for
example,
what
the
current
requirement
is
in
terms
of
number
of
years
and
how
you
handle
...
this
is,
you're
talking
about
pesticide
registrations?
I
know
it's
a
long
retention,
like
20,
40
years
...

Barbara
Foy:
The
life
of
the
product.
This
can
be
those
30
year,
you
mentioned
30
years
...
those
are
those
kinds
of
timelines.

Joe
Retzer:
So
if
you
could
maybe
talk
about
how
you're
addressing
that
now,
because
I
know
a
lot
of
that
data
is
submitting
electronically.
And
under
the
current
circumstances
whether
you
print
that
out
after
a
certain
number
of
years,
or
whatever,
I
think
that
would
be
really
useful.

Barbara
Foy:
If
I
could
make
another
comment,
I'd
like
to
go
back
to
the,
some
of
the
discussion
about
the
connection
50
between
the
definitions
of
an
electronic
record
and
the
definition
of
raw
data,
for
those
EPA
programs
particularly
in
the
FIFRA
area.
And
I
think
if
there's
one
area
that
it
might
really
be
very
helpful
for
you
folks
to
consider
is
exploring
and
discussing
those
connections
more
fully,
as
you
develop
responses
to
some
of
these
questions.

Because
the,
there
seems
to
be
no
doubt
that
the
FIFRA
GLP
(
phonetic)
part
of
the
agency
has
a
very
definite
interpretation
of
raw
data
as
being
an
electronic
signal.
If
you're
gathering
data
electronically,
the
raw
data
is
the
electronic
signal
and
there
seems
to
be
no
argument
about
that.
And
so
in
that
case,
when
you
connect
that
with
CROMERRR,
you
will
be
required
to
comply
with
CROMERRR
for
those
types
of
electronic
records.
And
so
you
can
go
from
that
point
back
to
the
issue
of,
is
this
rule
voluntary,
and
say
if
the
only
way
to
collect
that
information
is
through
an
electronic
device,
which
is
the
case
for
many
sophisticated
analytical
methods,
that
it
is
not
voluntary.
It
is
mandatory.
All
of
the
bells
and
whistles
are
included
if
you
use
the
technology
that's
currently
very
much
in
practice.

Joe
Retzer:
I
also
have
a
question
to
ask
the
group
to
think
about
either
here
or
not.
One
of,
as
David
mentioned
earlier,

one
of
our
primary
purposes
here
in
doing
this
rule
was
to
51
enable
electronic
activities,
reporting
or
record­
keeping,

where
current
regulations
prohibit
it.
And
it
seems
like,
in
trying
to
do
that,
we
you
know,
in
the
record­
keeping
area,

we
hit
a
lot
of
areas
that
people
are
already
doing
electronic
stuff.

If
anybody
has
any
ideas
or
things
that
they
want
to
let
us
know
about,
or
areas
on
record­
keeping
where
you
now
interpret
the
regulations
as
requiring
you
to
do,
keep
paper
records,
and
where
that's
a
problem,
where
you'd
not
like
to
have
to
keep
paper
records,
we'd
like
to
hear
specifically
about
that.
Because
that's
one
of
the
things
we
still
don't
want
to
lose
as
we
move
forward
on
this,
is
to
make
sure
that
if
there
are
cases,
as
under
the
Government
Paperwork
Elimination
Act,
which
is
the
focus
on
trying
to
enable
electronic
record­
keeping
where
current
regulations
require
paper.
So
if
you
have
some
ideas
on
any
of
those
areas,
in
any
of
your
work
you're
dealing
with,
we'd
like
to
know
about
that.

Deanna
Heffron:
Actually
I
had
a
quick,
hopefully
quick
and
easy
question
for
you.
Deanna
Heffron
with
Ondeo
Nalco
Company.
In
the
section
here
for
the,
under
the
storage
media
issues,
it
had
mentioned
that
there
was
going
to
be
some
criteria
put
in
place
for
transferring
of
the
electronic
data
52
from
one
electronic
media
to
another.
Are
those
criteria
also
envisioned
to
imply
for
the
transfer
of
data
from
one
internal
electronic
system
to
another?
In
that
regards,
many
companies
have
databases
where
they're
retaining
the
information,
so
if
the
records
are
transferred
from
one
database
to
another,

where
they're
then
further
manipulated
or
stored
or
additional
data
is
entered,
are
those
transfer
criteria
going
to
apply
in
that
case?

Joe
Retzer:
Just
so
I
understand
the
question,
you're
not
talking
about
migration
from
one
system
to
another,
but
you're
talking
more
about
the
case
where
you
take
the
output
of
some
kind
of
reading
device
and
you
put
it
into
an
Excel
spreadsheet
for
data
manipulation,
or
...?

Deanna
Heffron:
Actually,
it's
transfer
of
raw
data
into
say,

an
Excel
spreadsheet,
Oracle
database,
Access
database,
and
migration
from
one
computer
system
to
another
where
certain
companies
may
be
employing
multiple
systems
to
currently
comply,
or
to
manage
the
data
that
they
have
on
hand.

Joe
Retzer:
I
think
that's
an
area
that
we
plan
to
do
more
analysis
of.
So
that,
whether
we'll
issue
standards
for
that,

or
whether
we'll
decide
that
we
want
to
use
that
analysis
to
restrict
the
scope
of
the
criteria.
I
mean,
I
could
imagine
that
being
an
outcome
as
well.
So
I
don't
know
what
the
53
outcome
will
be
but
we
know
that
we
need
to
look
more
closely
at
those
kinds
of
scenarios.
Does
that
answer
your
question?

Deanna
Heffron:
I
guess
I'm
just
trying
to
get
a
feel
for
if,

in
the
rule,
those
criteria,
the
data
transfer
criteria
was
truly
intended
to
apply
to,
say,
transferring
from
CD
ROM,
or
from
a
server
onto,
burning
onto
a
CD,
or
electronic
tape
onto
a
CD,
or
from
electronic
to
electronic
database,
one
server
to
another
server,
another
database.

Joe
Retzer:
I
think
it
would.
I
think
what
we
had
in
mind
when
we
wrote
the
criteria
was
more
the
former
than
the
latter,
but
what
we
discovered
was
that
the
latter
also
raises
important
issues.

Deanna
Heffron:
So
then
...

Joe
Retzer:
I
don't
want
to
make
you
nervous.
I
mean,
I
don't
think
that
the
result
will
be
the
addition
of
yet
additional
more
stringent
criteria,
but
I
think
we
need
to
understand
better
the,
what
the
life
of
the
data
is,
from
raw
data
all
the
way
to
say,
report,
and
try
not
to
pick
up
things
that
we
don't
need
to
pick
up.

Deanna
Heffron:
But
if
you
were,
in
your
analysis,

determining
that
further
supporting
documentation,
or
whatever,
is
needed
for
the
life
of
the
data,
would
it
meet
the
criteria
as
...
or
would
the
criteria
that's
outlined
in
54
the
proposed
rule
apply
to
that
data
transfer,
or
would
there
be
some
additional
or
expanded
criteria
that
would
be
forthcoming
in
the
final
rule?

Joe
Retzer:
I
guess
I'd
have
to
say
that
I
just
don't
know
at
this
point.
I
think
it's
unlikely
that
there
will
be
additional
expanded
criteria
in
the
final
rule.
But
I
think
until
we
go
back
and
reanalyze
this
area
based
on
comments,

which
have
been
very
helpful,
it's
hard
to
say
exactly
what
we're
going
to
be
doing.

Bruce
Carlson:
Yes,
Bruce
Carlson.
I'm
with
Illinois
EPA
Division
of
Legal
Council.
On
this
Subpart
C,
dealing
with
electronic
record­
keeping,
where
it
refers
to
both
electronic
records
and
electronic
documents,
it
seems
to
me
one
area
where
it's
potentially
ambiguous
is
that
while
electronic
documents
specifically
excludes
the
magnetic
media,
electronic
record
is
a
much
more
broad
term
and
it
doesn't
exclude
electronic
media,
so
the
question
would
be
then,
whether
these
record­
keeping
requirements
might
be
made
applicable
to
both
facilities
and
the
states
where
they
are
doing
reporting
with
regard
to
magnetic
media.

Do
you
have
an
idea
on
that
presently,
or
is
that
something
you
need
to
consider
further
in
the
final
rule
on
this.
55
David
Schwarz:
Well,
I
have
an
idea.
I
don't
know
if
it's
the
answer
you're
looking
for
or
not.
I
think
the
distinction
between
electronic
reporting
and
magnetic
media
submission,
or
mag
media,
makes
sense
in
the
context
of
reporting
because
we're
talking
about
a
vehicle
for
transfer.
And
you
know,

it's
different
if
the
data
comes
in
over
a
network,
and
whether
there's
actually
a
physical
object
that
you
put
in
an
envelope
­
a
diskette
or
something
­
and
send
off
to
us.
I
think
that's
a
clear
distinction.

In
the
case
of
record­
keeping,
I
mean
the
truth
is
that
all
electronic
record­
keeping,
except
for
I
suppose
records
directly
in
the
random
access
memory
of
a
computer,
are
in
what
one
could
refer
to
as
mag
media.
So
I
don't
know
that
there's
the
same
distinction
to
be
made.
I
think.

Dick
Lowery:
Dick
Lowery
with
BP.
Michael,
you
made
a
comment
that
the
intent
of
CROMERRR
was
to
not
make
electronic
record­
keeping
any
more
...
I
don't
know
if
restrictive
is
the
right
word
...
not
to
put
any
more
criteria
on
electronic
record­
keeping
than
there
currently
is
on
the
paper
trail.

And
until
CROMERRR
was
proposed,
there
was
no
specific
criterion
for
the
electronic
form
versus
paper.

And
again,
as
we
were
talking
today,
what
I
put
on
paper
I
may
have
gotten
off
electronically.
And
we're
trying
to
56
revisit,
or
will
in
the
future,
revisit
what
the
definition
of
what
data
or
electronic
data
is.

But
let
me
ask
the
question.
Are
you
really
saying
that
for
people
out
in
the
facilities
that
have
a
lot
of
electronic
data
on
their
computers,
and
they
have
it
on
paper
or
they
put
it
on
mag
media
or
anything
else,
are
you
really
saying
that
there
is
going
to
be
absolutely
no
more
restrictions
or
criteria
put
on
top
of
storing
that
data
or
having
that
data
electronically
than
there
was
before
CROMERRR?

Michael
LeDesma:
Well,
when
I
made
the
original
comment,
I
was
responding
to
a
question
about
record
retention
periods,

and
whether
an
audit
data
would
be
required
to
be
maintained
for
longer
than
the
record
itself,
or
longer
than
existing
record­
keeping
requirements.
I
guess
your
question
is
more
geared
toward
the
overall
burden
of
electronic
record­
keeping
versus
paper
record­
keeping.

I
think
the
goal,
or
the
intent,
was
to
create
an
equivalence
between
electronic
records
and
paper
records.
Now
of
course,
as
we're
all
learning
here,
electronic
recordkeeping
if
it's
to
be
done
right,
whatever
that
means,
if
it
is
basically
to
have
a
certain
measure
of
forensic
value,
does
entail
some
bells
and
whistles
and
there
will
be
costs
associated
with
that.
57
The
task
that
we're
all
struggling
with
is
trying
to
find
the
right
balance
between
forensic
integrity
in
a
document,
in
an
electronic
document,
and
the
cost
associated
with
providing
that
degree
of
forensic
integrity.

And
the
goal
is
to,
again,
create
an
equivalence.
But
I'm
using
the
word
equivalence
intentionally
because
of
course
it's
not
possible
to
create
an
equal.
The
paper
world
and
the
electronic
world
are
really
apples
and
oranges.
Because
in
the
paper
world
you
have,
on
the
paper
itself,
a
great
deal
of
forensic
information
that
isn't
necessarily
available
in
the
electronic
world
if
you
don't
provide
for
it.

So
I
can't
say
that
we're
talking
about
not
requiring
you
to
do
things
that
you
didn't
have
to
do
in
the
paper
world.

Again,
all
I'm
saying
is,
and
all
I
intended
to
say
in
response
to
the
earlier
question
is
that
our
goal
is
to
provide
some
sort
of
equivalence.

Barbara
Foy:
Barbara
Foy,
Monsanto.
I
have
a
question
about
consistency
between
the
FDA's
electronic
records
requirements
stated
in
their
Part
11
rule,
versus
what
CROMERRR
might
be
proposing
and
how
consistent
those
two
might
be
particularly
for
companies
that
need
to
be
compliant
with
both
FDA
and
EPA
electronic
records
and
reporting
requirements.

And
the
question
that
I
had,
or
the
example
that
I'll
58
give,
is
sort
of
a
funny
one.
I
was
in
a
meeting
where
there
was
a
compare
and
contrast
presentation
between
Part
11
and
CROMERRR
being
presented
to
a
room
full
of
people
who
almost
exclusively
only
work
with
the
FDA.
And
so
they
had
experience
with
Part
11
and
they
were
giving
this
presentation
and
the
reaction
at
the
end
of
the
presentation
was
that
they
all
wanted
to
work
for
companies
that
worked
with
the
EPA
because
there
were
virtually
no
requirements
described
by
CROMERRR.

And
so,
I
thought
that
was
ironic.
And
I
had
not
heard
that
before,
and
certainly
the
people
who
are
working,
trying
to
be
EPA
compliant
don't
believe
that
that's
the
case
with
CROMERRR
but
I
think
it
highlights
the
interpretation
people
have
because
the
two
regulations
are
written
so
differently.

Whereas
Part
11
has
a
lot
of
detail
in
it
and
more
specific
instruction
about
how
to
comply
with
those
requirements,

CROMERRR
is
written
in
a
much
different
style
with
functional
criteria
described.

And
so
I
think
that
if
EPA
proceeds
with
CROMERRR,
and
I
can
see
the
benefits
of
writing
it
in
a
way
that's,
as
you
described,
technology
neutral,
or
criteria­
based,
there
are
benefits
to
that.
But
the
problem
comes
in
when
people
try
to
take
it
home
with
them
to
their
particular
job
and
interpret
59
it.

If
as
you
say,
you're
trying
to
be
very
consistent
with
the
FDA
Part
11
requirements,
you
perhaps
may
get
more
information
or
guidance
on
specifically
the
corresponding
part
of
Part
11
and
how
that
is
perhaps
one
way
that
EPA
reporting
agencies
can
comply
with
CROMERRR.
Draw
a
real
item­
by­
item
kind
of
comparison
and
say
while
this
may
not
be
the
only
way
to
comply
with
CROMERRR,
it
would
be
an
acceptable
way.
So
that
people
can
easily
make
that
translation
between
what
they
may
currently
be
doing
for
the
FDA
and
where
that
would
fit
in
their
attempt
to
comply
with
CROMERRR.

David
Schwarz:
Thanks.
Interesting.

David
Keyes:
I'm
Dave
Keys
from
Dow
Agra
Sciences
and
I
work
in
the
quality
assurance
group.
I
handed
to
David
a
number
of
copies
for
you
of
my
written
comments.
And
I
didn't
know
exactly
what
the
format
was
and
how
you
wanted
me
to
just
go
through
the
highlights
of
the
document.
I
don't,
how
did
you
want
to
handle
that?

David
Schwarz:
Whatever
you
think
would
be
most
effective.

David
Keyes:
All
right.
Well
I'll,
you've
got
the
documents
in
writing
and
I'll
try
and
go
through
and
hit
the
key
points
that
I
was
trying
to
make.
The
direction
of
CROMERRR
is
obviously
critical
to
Dow
Agra
Sciences
and
the
rest
of
the
60
agricultural
chemical
industry,
as
well
as
many
EPA
entities.

Mark
Duvall,
for
the
legal
counsel
for
the
Dow
Chemical
Company,
presented
his
testimony
to
you
at
the
Washington
DC
meeting,
and
I
wanted
to
go
on
record
to
support
everything
that
he
said.
And
at
this
meeting,
I
wanted
to
cover
some
of
the
real
life
examples
of
the
impact
this
would
have
on
us
in
the
agricultural
chemistry
industry.

We
believe
EPA
should
sever
the
record­
keeping
provisions
and
withdraw
them
for
further
analysis.
And
the
reasons
are
that
CROMERRR
although
presented
as
voluntary,
as
we've
said,

many
people
have
stated
here,
applies
to
any
EPA­
captured
record
maintained
on
a
computerized
system.
Therefore,
it
would
be
a
mandatory
thing,
not
voluntary.

Another
point
would
be
legacy
systems
would
therefore
have
to
be
refitted
or
new
systems
purchased
to
meet
CROMERRR
requirements.
In
many
field
situations,
certified
systems
to
meet
the
proposed
record­
keeping
requirements
do
not
exist.

Another
point
is
the
costs
in
retrofitting
or
purchasing
new
systems
have
been
grossly
underestimated.

Another
topic
I
wanted
to
touch
on
was
the
Organization
of
Economic
Cooperation
and
Development
(
OECD)
comment
that
there
were
no
other
guidance
things,
but
there
is.
We
have
tremendous
involvement
with
OECD
and
they
do
have
guidance
on
61
computerized
systems.
And
they
do
allow
for
the
definition
of
raw
data
to
include
computer
and
instrument
printouts.

Therefore,
OECD
allows
flexibility
in
the
definition
in
retention
of
raw
data
because
the
OECD
GLP
guideline
studies
are
accepted
by
EPA.

The
new
record­
keeping
requirements
would
lead
to
a
competitive
disadvantage
for
U.
S.
based
companies
compared
to
their
European
competitors
who
are
still
able
to
use
the
paper
version.
Governmental
efforts
over
the
past
years
have
been
to
harmonize
requirements
globally,
not
separate
them.

GLP
raw
data
for
FIFRA
studies
has
been
brought
up
several
times.
It
needs
to
be
retained
for
the
lifetime
of
the
registration,
which
could
be
decades.
Verified
paper
printouts
of
the
raw
data
have
always
been
the
safest
method
of
data
retention
for
these
long
periods
of
time
and
any
migration
of
these
electronic
records
runs
the
actual
risk
of
data
loss
or
corruption.
And
data
may
need
to
be
migrated
several
times
over
the
lifetime
of
a
registration.

I
wanted
to
go
through
on
the
record­
keeping
part.

Again,
the
mandatory
versus
voluntary
choice.
And
CROMERRR
indicates
that
a
facility
can
choose
to
keep
all
the
records
electronically,
but
if
the
choice
is
made
then
all
CROMERRR
requirements
apply.
What
is
implicit
is
the
choice
in
the
62
method
of
collecting
the
scientific
or
electronic
data.
And
if
an
electronic
sensor
signal
is
captured,
processed
and
stored
or
transmitted
by
an
instrument,
then
the
electronic
record­
keeping
choice
was
made
by
default.
If
any
data
is
generated
or
maintained
on
a
computer
then
the
record­
keeping
provisions
would
apply
and
printing
out
that
data
for
purpose
of
record
retention
would
not
be
allowable.

Electronic
record­
keeping
has
long
been
a
necessary
part
of
data
collection
and
is
essential
in
collecting
many
aspects
of
the
required
regulatory
studies.
Data
collection
in
the
laboratory
and
in
the
field
requires
these
types
of
systems.

Many
of
these
requirements
occur
over
10
to
15,
every
10
to
15
seconds,
for
long
periods
of
time
generating
massive
amounts
of
data
which
are
collected
and
summarized
for
the
time
period
for
reporting.
This
required
data
collection
could
not
be
achieved
in
any
practical
sense
without
the
use
of
computers.

And
since
computerized
data
capture
processing
archival
have
been
used
for
decades
the
statement
that
CROMERRR
is
totally
voluntary
is
a
failure
of
the
agency
to
face
reality
and
present
a
true
impact
of
the
proposed
rule
to
regulated
parties
and
the
public.

I
wanted
to
talk
about
the
legacy
systems.
And
just
an
example,
this
is
part
of
our
normal
business,
just
in
the
63
three
laboratory
areas
that
are
adjacent
to
my
office.
I
went
around
and
counted
them
up,
and
we
have
50
different
standalone
analytical
instruments
which
are
gas
chromatographs,

HPLC
liquid
simulation,
GCMS
balances
robotics.
These
are
integrated
with
PCs
and
printers,
providing
an
immediate
hard
copy
printout.
They're
approved
by
the
operator,
signed
and
dated.
The
paper
data
is
maintained
as
the
raw
data
and
this
has
been
an
EPA­
accepted
procedure
since
GLPs
became
effective
in
agricultural
areas,
since
1989.

We
have
also
approximately
130
separate
instruments
used
for
field
studies
which
capture
and
store
electronic
data
such
as
data
loggers
of
weather
stations,
temperature
monitoring
systems,
flow
meters,
soil
sensors,
survey
equipment,
water
samplers,
flow
meters,
hydro
labs.
Each
of
these
would
be
considered
a
separate
system
of
electronic
data
capture.
And
these
types
of
systems
are
essential
in
conducting
these
short­
and
long­
term
field
studies.
The
data
could
be
collected
in
time,
from
seconds
to
hours
and
go
over
years
for
the
length
of
the
study.

I've
also
participated
in
some
fumigation
studies
where
the
treated
area
is
set
up
and
monitored
for
various
wind,

weather,
all
the
different
conditions.
These
go
around
the
clock
and
extend
over
long
periods
of
time.
Electronic
data
64
collection
is
our
only
option.

We
also
have
studies
called
runoff
studies
where
you
set
up
an
entire
field
on
a
slope
with
all
the
electronic
monitoring
down
at
the
bottom
of
a
sloped
portion
of
ground
and
you're
waiting
for
this
runoff
event.
You
don't
know
when
the
storm
is
going
to
come
and
hit
it
and
wash
everything
to
where
it's
going.
But
once
it
does,
it
triggers
the
different
systems
through
the
use
of
these
electronic
things.
We
can't
maintain
people
out
there
all
the
time,
but
once
the
event
occurs
then
everything
kicks
in
and
collects
the
samples.

So,
as
I
said,
these
things
are
critical
in
doing
this
kind
of
work.
The
current
technology
for
these
types
of
electronic
data
capture,
although
they
meet
GLP
requirements,

they
do
not
have
the
capability
to
meet
CROMERRR
requirements.

A
little
earlier
I
was
showing
David,
I
brought
just
as
an
example,
a
Hobo
Temperature
Monitor.
And
this
is
an
electronic
capture
device
that's
very
useful
in
monitoring
temperatures
in
freezers
and
refrigerators,
or
you
can
send
it
along
with
samples
to
maintain
or
get
a
record
of
the
temperature
during
the
transport
of
samples.
The
data
is
captured,
downloaded.
It
cannot
be
altered.
And
it's
signed
off
and
approved
by
their
originator
as
raw
data.

But
this,
so
it
meets
GLP
requirements,
does
not
have
the
65
capacity
to
have
audit
trails
and
the
other
things
that
you're
asking
for.
So
this
is
just
an
example
of
a
small
electronic
capture
device
that
would
be
impossible
for
meeting
CROMERRR
the
standards.

I
wanted
to
talk
about
the
cost
estimates
and
how
I
feel
that
these
have
been
grossly
underestimated.
And
the
agency
only
considered
reporting
the
storage
of
data
in
the
cost
benefit
analysis,
and
ignored
the
direct
or
indirect
capture
of
data
from
automated
instruments
or
devices,
data
processing
and
the
different
types
of
computerized
systems
that
go
along
with
these
activities.
In
addition,
the
agency
did
not
address
the
different
needs
and
requirements
for
each
case,

but
instead
used
a
one
size
fits
all
approach.

The
scope
of
CROMERRR
is
extremely
large
and
it
sweeps
across
multiple
environments,
laboratory
practices
as
well
as
non
laboratory
practices
processes
are
affected
by
this
rule.

However,
the
cost
of
compliance
in
the
non­
GLP
areas
may
be
greater
due
to
the
different
requirements
in
those
areas.

The
cost
estimates
attached
to
Mark
Duvall's
presentation
when
he
handed
it
in
to
you
in
Washington,
DC,
estimated
$
10,000
per
analytical
instrument
to
retrofit
software
to
meet
CROMERRR
requirements,
if
it
was
possible
to
do
so.

Otherwise,
the
entire
instrument
would
need
to
be
replaced
66
and,
like
I
said,
the
example
I
gave
here,
the
technology
doesn't
exist
to
do
that.

So
overall
the
estimate
of,
he
had
presented,
was
one
million
dollars
per
facility
for
getting
all
systems
to
be
retrofitted
or
purchased
to
meet
CROMERRR
requirements.
This
far
exceeds
the
$
40,000
per
facility
cost
estimated
by
EPA.

And
in
our
case,
the
one
million
dollars
estimate
would
be
low
by
a
factor
of
five,
since
the
above
estimates
were
for
ten
users
and
twenty
instruments.
We
have
at
least
180
instruments
combined
in
the
laboratory
and
field,
and
an
estimated
50
users.
In
either
case,
the
$
40,000
estimate
is
off
by
orders
of
magnitude.
This
only
estimates
the
cost
for
one
aspect
of
our
company
and
does
not
even
reach
the
others,

which
would
be
potentially
impacted
by
this.

I
wanted
to
now
touch
about
OECD.
The
key
point
in
OECD
is
that
it
does
allow
the
flexibility
in
defining
raw
data
for
each
system
and
that
computer
instrument
printouts
are
included
in
that
definition.
My
current
facts
in
the
United
Kingdom
indicate
the
definition
of
print
outs
as
raw
data
as
common
and
used
to
meet
the
OECD
requirements.
Therefore,

OECD
allows
flexibility
in
the
definition
and
retention
of
raw
data.
Due
to
this
difference,
additional
CROMERRR
requirements
would
lead
to
a
competitive
disadvantage
for
67
U.
S.­
based
companies
compared
to
their
European
competitors.

The
OECD
application
of
principles
of
GLP
and
computerized
systems,
Monograph
116,
Section
5
indicates,
and
I
quote,
`
computerized
systems
operating
in
compliance
with
GLP
principles
may
be
associated
with
raw
data
in
a
variety
of
forms.
For
example,
electronic
storage
media,
computer
or
instrument
printouts
and
microfilm
fiche.
It
is
necessary
that
the
raw
data
are
defined
for
each
computerized
system.'

Section
5
also
states,
`
where
a
system's
obsolescence
forces
the
need
to
transfer
electronic
raw
data
from
one
system
to
another,
then
the
process
must
be
well
documented
and
its
integrity
verified.
Where
such
migration
is
not
practical,
then
the
raw
data
must
be
transferred
to
another
medium
and
this
verified
as
an
exact
copy
prior
to
any
destruction
of
original
electronic
records.'

Another
subject
that
has
come
up
here
a
couple
times
is
the
archiving
for
long
periods
of
time,
and
problems
with
the
retention
of
magnetic
media
have
existed
since
the
use
of
computers.
The
accepted
system
under
GLP
has
allowed
the
flexibility
of
defining
raw
data
as
electronic
or
verified
hard
copy
printouts
approved
by
the
originators.
Retention
of
the
raw
data
to
support
FIFRA
registrations
must
be
kept
for
the
duration
of
the
registration
lasting
decades.
Our
record
68
retention
policy
is
75
years,
and
the
only
stable
option
has
been
paper
print­
outs.

Corruption
of
electronic
records
over
time
during
migration
to
different
media
all
have
the
high
risk
of
data
loss.
Our
only
safe
and
permanent
solution
today
is
to
maintain
approved
paper
print­
outs
of
the
raw
data
and
archive
these
in
secure
areas
with
proper
environmental
conditions
to
prevent
deterioration
of
the
records.

We
recognize
that
electronic
record­
keeping
cannot
be
safely
implemented
at
this
point
in
time.
But
although
we
are
in
support
of
future
electronic
record
systems,
that
are
fully
safe
and
secure,
for
these
important
records,
the
CROMERRR
proposal
would
force
high­
risk
practices
long
before
the
appropriate
instruments
and
software
technology
are
ready.

We
anticipate
it
would
require
at
least
five
years
from
the
start
of
a
well­
funded
EPA
initiative
for
validating
commercial
systems
to
be
available
to
industries
regulated
by
EPA.
In
some
situations,
it
may
never
be
possible
to
obtain
changes,
which
would
fulfill
all
requirements.
In
the
interim,
the
record­
keeping
provision
should
be
withdrawn.

So,
in
conclusion,
the
points
that
I've
tried
to
hit
are
the
record­
keeping
aspects
are
mandatory.
Legacy
systems
would
have
to
be
retrofitted
or
new
systems
purchased.
The
69
cost
estimates
are
grossly
underestimated.
And
as
I
said,

OECD
allows
a
definition
of
raw
data
as
paper
print­
outs.
And
the
archiving
for
decades
or
using
multiple
migrations
could
lead
to
actual
data
loss
or
corruption.
So
due
to
these
reasons,
we
believe
the
record­
keeping
portion
of
CROMERRR
should
be
severed
and
sent
back
for
further
analysis.

David
Schwarz:
I
was
wondering
if
I
could
ask
Mr.
Keyes
a
question.
I'm
wondering
if
we
address
the
definition
of
raw
data
and
adopted
the
OECD
approach,
would
that,
would
that
in
your
mind
mitigate
many
of
the
objectionable
features
of
our
electronic
record­
keeping
criteria?

David
Keyes:
I
think
that
that
would
be
a
good
move,
to
go
that
direction,
and
would
go
towards
the
harmonization
that
everybody
has
been
trying
to
achieve.
Because
our
studies
are
usually
transferred
globally
under
the
memorandum
of
understanding
with
OECD,
things
are
accepted
between
Europe
and
the
United
States,
and
that
would
be
one
significant
thing.
Because
I
think
their
flexibility
of
allowing
the
print
outs
of
paper
within
that
definition
has
allowed
them
to
fulfill
their
requirements.

David
Schwarz:
Thanks.

Michael
LeDesma:
If
I
could
add
something.
You
know,
as
you
say,
Washington,
DC,
we
heard
similar
recommendations
that
we
70
should
sever
the
record­
keeping
provisions
of
the
rule.
And
I
would
ask
all
of
you
in
submitting
written
comments
to
kind
of
go
beyond
that.
It's
very
helpful,
for
example,
you
brought
this
device
and
gave
specifics
about
individual
instances
where
this
is
a
problem
for
you.

But
of
course,
and
we
are
certainly
considering
the
options,
all
of
our
options
including
severing
the
recordkeeping
element
of
the
rule,
but
it's
helpful
in
addressing
that
issue
and
making
these
sorts
of
determinations,
to
know
what
we
would
be
severing
it
for.
What
are
the
alternatives?

What
would
you
have
us
do
in
a
final
rule?
Because
as
I'm
sure
you're
aware,
and
as
David
mentioned
earlier,
we
have
the
Government
Paperwork
Elimination
Act
with
a
mandate
that
we
can
finish
this
process
up
by
2003.

And
it's
helpful
in
making
that
decision
to
know
what
sort
of
alternative
record­
keeping
criteria
you
would
envision
that's
not
sort
of
triggering
concerns
that
you
have
with
CROMERRR.
If
it's
issues
of
redefining
what
a
record
is,

those
are
helpful
comments.
If
it's
stripping
off
particular
criteria
from
those
that
are
enumerated
in
the
rule,
that's
helpful.
Bearing
in
mind,
of
course,
as
I'm
sure
you're
aware,
the
agency
has
another
clientele
in
addition
to
those
in
the
regulated
community.
Those
in
our
enforcement
71
community
also
are
going
to
have
competing
concerns.

And
to
the
extent
that
you
can
anticipate
those
sort
of
concerns
and
address
them
in
solutions
that
you
recommend
to
the
agency,
that
would
be
extremely
helpful.
Because
the
task
that
we
all
have
is
to
reconcile
these
competing
interests.

And
to
the
extent
that
you've
helped
us
do
that,
it's
more
likely
that
we
will
succeed.

David
Keyes:
Again,
OECD
allows
the
flexibility
of
your
definition
of
raw
data
and
I
think
that's
a
key
element
in
trying
to
be
able
to
meet
what
you're
looking
for.
And
as
I
said,
if
you
have
that
allowance
for
definition
of
raw
data,

then
in
the
case
where
we
have
these
small
types
of
Hobo
instruments
or
other
things,
as
long
as
we
can
define
what
the
raw
data
is,
we
would
be
able
to
work
with
that.

Jim
McClain:
Good
morning.
My
name
is
Jim
McClain;
I'm
from
Abbott
Laboratories.
And
as
a
FDA
regulated
community
or
entity,
I'd
like
to
make
a
couple
of
comments
regarding
this
rule.
First
of
all,
we
support
EPA
in
an
effort
here
to
try
to
do
something
relative
to
appropriate
electronic
reporting
and
record­
keeping.
We
think
that's
an
appropriate
undertaking.
But
having
had
some
experience
with
the
FDA
Part
11
rules,
we're
very
concerned
with
some
of
the
issues
that
have
been
pointed
out
this
morning
which
deal
with
72
interpretation
of
the
definition
of
data
and
the
extent
of
the
rule.

We're
very
concerned
with
just
how
far
upstream
these
requirements
may
go,
as
has
been
pointed
out.
At
least
one
of
the
interpretations
here
is
that
keeping
any
form
of
electronic
record
takes
it
out
of
being
a
voluntary
rule
to
being
a
mandatory
rule.
And
if
you
are
going
to
parallel
FDA
Part
11
rules,
that
implies
that
there
are
going
to
be
requirements
for
validation
and
documentation
of
all
of
those
systems.

And
the
cost
of
that
validation
and
documentation
of
those
systems
can
be
enormous.
And
if
that
is
not
taken
into
consideration
as
part
of
the
cost
of
this,
then
you've
missed
a
major
portion
of
the
cost
to
the
industries.
It's
already
been
mentioned
that
there's
some
concern
that
the
cost
estimates
were
significantly
underestimated.
I
don't
know
what
went
into
this
particular
cost
that's
listed
in
the
rule
here.
I
haven't
done
any
study
about
it,
but
we
would
be
concerned
that
that
number
does
not
include
some
of
these
additional
costs
and
expenses
to
a
company
to
follow
up
on
the
validation
and
the
documentation
requirements
for
such
systems.

We
have
found
that
FDA
Part
11
rules
have
required,
in
73
some
cases,
significant
numbers
of
additional
head
count
to
follow
up
on
their
requirements.
And
that
is
an
expense
to
the
company.
So
I
think
the
EPA
has
to
think
very
carefully
about
just
how
far
upstream
do
they
really
intend
for
these
requirements
to
go.
What
is
the
benefit
to
the
entire
community
for
those
expenses
to
the
companies?
And
what
are
the
real
expenses
associated
with
that?
Just
a
word
of
caution.

Subpart
D
­
Electronic
Reporting
and
Record­
keeping
under
EPAApproved
State
Programs:

David
Schwarz:
The
last
part
of
the
rule
is
on
electronic
reporting
and
record­
keeping
under
EPA­
approved
state
programs.
The
general
question
is,
why
address
state
programs.
The
answer
is
that
under
most
environmental
statutes,
the
relationship
between
EPA
and
states
that
implement
EPA
programs
is
governed
by
regulations
under
which
EPA
approves
particular
aspects
of
state
programs.

And
our
understanding,
based
on
legal
analysis,
is
that
in
many
cases,
where
a
state
introduces
electronic
reporting
or
electronic
record­
keeping,
under
its
programs
that
EPA
authorizes,
that
this
constitutes
a
change
that
needs
EPA
74
approval.

I
guess
that's
a
long­
winded
way
of
saying
that
we've
written
CROMERRR
against
the
background
where
there
is
some
oversight
of
state
programs
provided
for
under
various
program
specific
regulations.
CROMERRR
doesn't
create
that
oversight
relationship
but
since
it
exists,
CROMERRR
attempts
to
provide
some
criteria
in
the
cases
where
the
oversight
involves
approving
electronic
reporting
and
record­
keeping
programs.

And
what
the
rule
does,
what
CROMERRR
does,
is
to
offer
criteria
for
these
approvals.
And
we
have
a
couple
of
goals.

One
is
to
try
to
foster
consistent
electronic
government
across
state
lines.
We
think
that's
good
government,

international
interest.
And
we'd
also
like
to
offer
to
the
states,
who
are
our
partners
in
implementing
these
programs,
a
consistent
set
of
standards
and
perhaps
the
possibility
of
a
streamlined
approval
process
across
their
programs
that
uses
the
same
criteria
and
process
in
each
case.
So
it's
sort
of,

again,
an
attempt
at
consistency,
uniformity
and
efficiency.

And
that's
really
the
goal
of
these
electronic
reporting
criteria.

I
guess
I
should
probably
say
as
a
background
to
the
criteria
themselves
that,
as
with
EPA's
standards
for
electronic
reporting
and
record­
keeping
under
our
programs,
75
one
of
the
goals,
or
one
of
the
things
we
always
have
to
keep
in
mind
is
the
fact
that
the
documents
that
states
take
as
electronic
reports
in
their
systems
have
to
be
able
to
play
whatever
role
their
paper
counterparts
play
in
all
legal
context,
including
in
some
cases,
enforcement
proceedings.
So
the
criteria
for
their
electronic
reporting
systems
is
meant
to
ensure
that
what
they
get
meets
these
same
general
goals
that
have
informed
our
own
approach.

I
guess
the
other
thing
is
that
the
criteria
that
we
lay
out
are
meant
to
be
technology
neutral.
They
also
are
criteria
that
we've
attempted
to
adhere
to
ourselves
as
we
developed
our
own
central
exchange
system.
So
that's
a
bit
of
background.

Anyway,
the
topics
covered
are
system
security,
the
method
of
electronic
signature,
the
submitter
registration
process,
the
electronic
signature
certification
scenario,
what
we
call
a
transaction
record
and
a
system
of
archives.
Again,

I
should
stress
these
are
criteria
that
apply
to
states,
or
in
some
cases
local
government
agencies.
These
are
not
criteria
that
are
meant
to
apply
to
regulated
companies
submitting
electronic
reports.
So
just
view
them
in
that
light.

Well,
let's
go
through
some
of
them.
In
the
case
of
general
system
security,
nothing
here
is
too
unusual
or
76
remarkable.
It's
basically
good
system
management.
So
I
don't
know
what
I'm
going
to
dwell
on
those
here.

Let's
move
on
to
electronic
signature
method.
This
is
perhaps
a
little
bit
more
interesting.
Clearly
the
signature
method
has
to
provide
a
way
of
uniquely
identifying
the
individual
signer.
Otherwise
it
doesn't
sort
of
(
inaudible)

signature.
The
signature
method
has
to
provide
for
binding
of
the
signature
to
the
document
signed.
That
is,
once
the
signature
is
signed,
it
can't
be
possible
to
change
the
document
that
was
signed
without
it
being
detectable.

We
have
that
on
paper
because
we
can
see,
well
we
have
it
to
some
extent
on
paper
although
it's
not
perfect.
But
you
can
sometimes
see
when
things
have
been
erased
and
inked
over.

If
you
can
sign
an
electronic
document
and
then
it
can
be
changed
afterwards
by
someone
else,
then
the
signature
really
doesn't
mean
anything.
So
that's
very
important
to
us.

Then,
there
have
to
be
protections
against
unauthorized
use,
protections
against
the
signature
itself
being
excised
or
changed
once
it's
affixed.
And
the
method
has
to
link
or
support
some
of
the
other
criteria,
the
registration
process
and
what
we
call
the
signature
certification
scenario.
So
let's
move
on
to
those
then.

In
the
case
of
the
registration
process,
and
this
is
77
something
that
goes
back
to
doing
what
we
talked
about
in
the
context
of
CDX,
the
process
has
to
provide
evidence
that
the
prospective
identity.
It
has
to
create
a
unique
connection
between
the
signature
device
and
the
submitter
so
that
it
is
his
or
her
signature.
We
think
that
there
needs
to
be
an
explicit
electronic
signature
agreement,
specifying
the
force
of
electronic
signature
and
the
submitter's
obligations
to
maintain
the
electronic
signature
device.

I
should
probably
say
parenthetically
that
the
reason
why
we
require
this
is
that
in
the
context
of
our
culture,
where
we
are
at
the
beginning
of
the
21st
century,
electronic
signatures
are
still
new
and
people
don't
always
understand
them
the
same
way
and
we
can't
be
sure.
I
think
we're
all
very
used
to
wet
ink
on
paper
signatures,
but
in
the
case
of
the
electronic
environment,
we
feel
that
we
really
need
to
make
explicit
what
this
thing
is,
what
it
means,
how
you
have
to
handle
it.
And
that
requirement
may
be
less
and
less
important
as
we
go
along.
But
we
think
it's
important
right
now.

Finally,
it
has
to
be
possible
to
de­
authorize
a
signature.
I
mean,
if
there
are
problems,
then
you
have
to
be
able
to
do
something
about
it.
So
that's
the
registration
process.
78
David
Schwarz:
...
And
it
should
be
possible
in
retrospect
to
be
reasonably
certain
what
the
intention
was
of
the
signer.
And
so
if
the
scenario
doesn't
somehow
create
an
artifact
that
enables
you
to
tell
retrospectively
what
was
going
on,
then
there's
a
problem.

So
to
begin
with,
the
system
has
to
make
sure
that
the
signer
knows
what
he
or
she
is
doing,
that
they
know
what
they're
certified
to.
And
the
way
we
put
it
is
that
there
at
least
has
to
be
an
opportunity
to
review
what's
being
signed
in
a
human
readable
form.
We're
not
going
to
stand
over
your
shoulder
and
make
sure
that
you
read
it,
but
you
at
least,

just
as
when
you
sign
several
discharge
monitoring
reports,
no
one
stands
over
you
and
makes
sure
that
you
look
at
every
value.
But
at
least
we
need
to
know
that
you
could
have
if
you
wanted
to,
that
it
was
there
in
human
readable
form.
So
that's
one
aspect
of
the
scenario.

We
want
to
make
sure
that
acknowledgment
is
provided
for,

and
that's
partly
a
protection
because
in
the
electronic
environment,
at
least
right
now,
it's
always
conceivable
that
one's
electronic
signature
device,
whether
it's
a
PIN
or
a
code
or
a
digital
signature,
might
have
been
compromised.

Someone
else
might
have
gotten
access
to
it.
And
so
we
want
to
make
sure
that
you
have
a
way
of
knowing
after
the
fact
79
that
a
report
has
been
submitted
with
your
name,
and
that's
what
the
acknowledgment
provides
for.

And
then
finally,
going
back
to
the
idea
of
this
artifact,
if
you
will,
this
is
meant
to
be
the
counterpart
of
the
original
document.
We're
not
going
to
have
a
piece
of
paper,
but
what
we
do
want
to
have
is
a
file,
which
is
the
record
of
the
transaction.
It
includes
sufficient
contextual
information,
so
that
we
know
what
the
submission
means.
It
includes
your
signature.
And
it's
something
that
we
think
we
may
not
have
expressed
quite
correctly.
But
the
idea
is
that
we
think
that
the
receiving
agency
ought
to
sign
over
that,
to
as
it
were,
lock
the
file
so
that
it
cannot
be
tampered
with
down
the
road,
so
that
we
can
be
absolutely
sure
that
this
is
the
thing
that
you
submitted.

And
of
course,
we
want
to
make
sure
that
this
can
be
made
available
to
the
submitter
for
review,
or
re­
review,
in
case
there
is
some
problem
or
discrepancy.
We
want
to
make
sure
that
people
have
a
chance
to
raise
their
hand
and
say
look,

that's
not
what
I
sent
or
it's
not
what
I
intended
to
send.

So
that's
the
signature
certification
scenario.

The
transaction
record,
basically
is
just
primarily
a
copy
of
the
record,
as
much
routing
and
transmission
information
as
is
practical
to
capture,
and
to
the
extent
that
80
we
can
have
it,
the
date
and
time
of
the
transaction.
So
that's
sort
of
the
transaction
record.
That's
what
we
expect
the
system,
whether
it's
our
system
or
state
system,
to
archive.
And
again,
this
is
an
archiving
and
record­
keeping
requirement
on
us
and
the
state.
Thanks.

We
want
the
system
to
maintain
the
transaction
records
for
as
long
as
we
need
them,
and
that
might
be
a
very
long
time.
We
may
find,
we
may
find
that
our
states
have
some
of
the
same
electronic
archiving
issues
that
you're
struggling
with,
in
thinking
about
our
records.
But
somehow
that
requirement
has
to
be
satisfied
directly
or
be
a
migration
to
some
other
medium.
Records
need
to
be
preserved
without
modification
and
made
readily
available
when
we
need
them.

So
those,
in
broad
overview,
are
the
various
categories
of
kinds
of
criteria
that
we
think
any
government
run
electronic
report
receiving
system
needs
to
satisfy
if
it's
going
to
meet
our
needs
for
legally
filed
documents.
That's
the
criteria
against
which
we
will
look
at
the
state
systems.

Those
are
our
contact
email
addresses
and
phone
numbers
and
I
encourage
you
to
keep
in
touch
if
you
have
any
additional
thoughts
to
share
with
us,
please
feel
free
to
call
or
send
us
an
email.

Male
Participant:
Yes,
David,
was
there
any
difference
as
we
81
look
at
these
slides,
this
is
what
the
states
have
to
abide
by,
maintain,
whatever.
Is
there
any
real
difference
between
what
they
have
to
do
and
what
we
have
to
do,
as
a
company
and
reporting
community?

And
the
second
part
of
the
question
I
guess
would
be
is,

are
these
requirements
for
them
to
transfer,
CDX
whatever
you
want
to
call
it,
to
transfer
the
data
from
their
state
databases
to
the
EPA?
Or
is
this
designed,
are
all
of
these
criteria
are
designed,
on
how
to
manage
data
that
companies
send
to
the
states?

David
Schwarz:
Let
me
take
those
in
order.
These
are
not
meant
to
be
the
same
as
requirements
that
companies
have
to
satisfy
when
they
submit
reports.
What
exactly
a
company
has
to
do
will
depend
on
the
particular
system
they
report
to,
but
for
example,
and
I
know
this
doesn't
cover
all
the
cases,
but
if
you're
submitting
a
relatively
short
report
to
EPA
electronically,
one
way
to
do
it
is
simply
to
take
your
browser,
go
online,
log
in
to
your
mailbox
on
CDX,
fill
out
the
form,
apply
your
electronic
signature,
and
submit.
You
don't
have
to
worry
about
all
this
stuff.
If
you're
submitting
things
in
some
kind
of
a
batch
file
transfer
mode,

as
opposed
to
filing
out
a
form
online,
again,
that
will
depend
on
the
supporting
software.
82
But
one
possible
scenario
would
be
that
we
would
provide
you
with
a
sort
of
signature
module,
and
I'll
give
you
a
possible
example.
Suppose
you
want
to
send
us
a
file
in
an
XML
format.
Well,
XML
formats
are
readable
if
you
use
the
appropriate
style
sheet.
You
can
read
them,
you
can
review
them
on
your
browser.
We
might
give
you
a
style
sheet
or
an
XML
conversion
that
would
allow
you
to
do
that,
and
just
ask
you
to
sign
in
that
framework.
And
you
would
sign
the
file
and
send
it
off
to
us.

I
think
there
are
a
number
of
possible
scenarios,

depending
on
how
we
implement
our
system,
how
a
state
implements
their
system.
But
in
none
of
them
would
you
have
to
worry
about
most
of
the
things
that
we've
been
talking
about
here.
These
are
things
that
I
hope
very
much
will
be
transparent
to
the
submitter.
You
know,
there
are
things
that
you
have
to
take
account
of
if
you're
constructing
one
of
these
systems
to
receive
reports,
but
once
you
do
that,
you
shouldn't
have
to
worry
about
it
as
a
submitter.

I
guess
your
second
question
is,
will
the
states
have
to
worry
about
these
when
they
transfer
their
data
to
us.
And
the
answer
there
is
no,
as
well.
I
mean
it's
the
same
thing.

When
they're
playing
the
role
as
a
submitter,
they
just
need
to
worry
about
whatever's
required
to
get
the
file
to
CDX
and
83
we're
trying
to
make
CDX
as
user
client
friendly
as
possible.

So
again,
they
don't
have
to
worry
about
the
bells
and
whistles
behind
the
scenes
that
make
it
work.
And
that's
not
something
that
user
clients
should
have
to
worry
about.

Male
Participant:
Let
me
ask
another
question.
We
have,
we
had
two
public
hearings;
this
is
the
second
one,
Washington,

DC,
being
the
first
one.
We
have
one
state
representative
from
EPA
state
here
from
Illinois.
How
many
states
were
represented,
knew
enough
about
the
rule,
or
were
concerned
enough
about
the
rule
to
participate
in
the
public
hearing
in
DC?

David
Schwarz:
Well,
rather
than
answer
that
directly,
let
me
answer
it
by
saying
that
in
addition
to
the
public
meetings,

we
had
a
state
meeting
convened
by
the
National
Governors'

Association.
We
also,
and
I
believe
something
like
ten
to
fifteen
states
participated,
but
leading
up
to
the
writing
of
the
proposal,
we
had
an
NGA
sponsored
two­
year
process
in
which
35
states
participated
that
led
in
many
ways
to
the
development
of
CROMERRR
as
you
see
it.
And
that's
an
ongoing
process.

There
are
a
couple
of
state
organizations
through
which
we
consult
with
states,
and
we're
very
glad
to
have
Bruce
Carlson
here
from
Illinois,
but
we
have
other
venues
through
84
which
we
consult
with
the
states.

Craig
Black:
Craig
Black,
I'm
O2
Blue.
Is
the
EPA
publishing
an
XML
standard
for
states
to
abide
by
in
submitting
data
electronically?

Joe
Retzer:
Yes,
we
actually,
what
we're
doing
is
there's
EPA
is
forming
a
network
with
states
called
the
National
Environmental
Information
Network
for
exchanging
data
with
states.
We've
been
working
with
them
about
how
we're
going
to
administer
this
network
and
right
now
the
discussions
are
leading
toward
a
joint
state/
EPA
group
to
do
that.
And
as
we
go
forward
with
each
individual
report
or
set
of
reports
to
implement,
we
are
coming
up
with
an
XML
standard,
and
a
registry
to
put
those
standards
into,
so
that
they'll
be
available
to
any
state
or
really
to
any
person
who
would
be
interested
in
them.

Craig
Black:
Are
you
going
to
invite
other
stakeholders
to
participate
in
the
development
of
that
standard?

Joe
Retzer:
The
way
that
we
have
been
doing
this
so
far,
we
just
have
done
a
couple;
one
for
the
error
omissions
(
phonetic)
inventory
as
one.
We're
working
on
another
one
for
permit
compliance
data
and
water
for
the
PCS
system.
We
haven't
been,
because
it's
really
just
a
state
EPA
communication,
we
haven't
been
inviting
external
folks
to
85
this.

Craig
Black:
Right.
Other
companies
have
to
report
to
states,
though,
and
so
what
you
decide
actually
does
affect
the
constituency
of
the
state
agencies.

Joe
Retzer:
Okay,
I
mean
the
idea
is
that
states
may
internally
have
any
kind
of
database
that
they
may
be
storing
that
data
in
and
it's
a
wide
variety
of
different
approaches.

The
idea
is,
they
need
to
be
able
to
get
from
whatever
their
state
system
is
into
this
XML
format.

Craig
Black:
Thank
you.

Dick
Lowery:
You
do
have
copies
of
mine;
I
have
some
extras
if
anybody
else
is
interested.

Good
afternoon,
I'm
Dick
Lowery,
L­
O­
W­
E­
R­
Y,
a
senior
environmental
coordinator
and
an
IT
project
manager
at
BP
in
Lisle,
IL
it's
a
suburb
out
here
in
the
west
suburbs.
I'm
pleased
to
have
this
opportunity
to
offer
our
comments
on
EPA's
proposed
CROMERRR
rule.

BP
is
a
global
petroleum
and
petrol
chemical
company
with
many
facilities
in
the
United
States
that
are
subject
to
EPA
reporting
and
record­
keeping
requirements.
In
general,
BP
supports
EPA's
effort
towards
electronic
environmental
reporting,
electronic
signatures
and
electronic
recordkeeping
Your
intentions
mesh
well
with
our
goal
to
be
a
86
progressive
company
whose
operations
are
open
and
accessible
to
our
communities
and
customers.
But
as
proposed,
CROMERRR
won't
work
for
three
main
reasons.

First,
it's
not
a
voluntary
program
as
EPA
says
it
is.

And
this
means
that
there
are
large
numbers
of
businesses
who
don't
yet
know
they're
affected.
Second,
CROMERRR
is
far
too
prescriptive.
And
third,
it's
going
to
be
expensive,
and
for
what
result.
Therefore,
we
suggest
as
a
minimum
that
EPA
should
sever
the
record­
keeping
provisions
from
the
rest
of
the
proposal,
withdraw
them
for
further
analysis.
Also,
EPA
should
provide
a
60­
day
extension
on
the
comment
period
for
the
reporting
and
signature
sections.
Let
me
explain
why.

Is
CROMERRR
really
voluntary?
We
think
not.
EPA
proposes
CROMERRR
to
apply
to
any
computer
managed
record
that
supports
or
documents
any
EPA
compliance
requirement
either
to
support
data
in
a
required
report
or
to
document
data
use
to
find
the
decision
that
you
don't
have
to
report.
So
virtually
the
entire
reporting
community
is
involved.
Regulated
community
is
involved.

But
electronic
records
are
already
almost
everywhere
in
the
business.
So
meeting
EPA's
applicability
requirement
would
mean
either
reverting
to
paper
records
...
and
we
discussed
that,
which
I
don't
think
you
can
really
do
...
or
87
modifying
existing
electronic
record­
keeping
systems.
In
practice,
therefore,
CROMERRR
would
be
mandatory
for
some
8.2
million
facilities
that
are
regulated
under
40
CFR.

The
burden
would
be
greatest
for
the
1.7
million
facilities
that
are
obligated
and
actually
submit
reports
under
40
CFR.
So
there's
a
large
community
out
there
that
are
regulated
in
reporting
that
CROMERRR
would
affect.

Most
of
these
affected
facilities
have
no
idea
that
they
would
be
prohibited
from
using
a
computer
to
keep
any
EPA
records.
Most
states,
and
this
may
be
wrong
because
I
don't
have
your
information
there,
so
thanks
for
sharing
it
David,

but
most
states
we
thought
did
not
realize
the
impact
of
EPA
making
on
their
current
electronic
reporting
null
and
void.

Now
maybe
Illinois
recognizes
that,
that
according
to
the
rule
as
CROMERRR
set
out,
until
EPA
decides
to
say
yes
you
can
start
electronic
reporting,
that
all
of
the
electronic
reporting
systems
they
have
would
be
null
and
void.
So
we
think
it's
necessary
for
EPA
to
extend
the
comment
period
by
60
days.
And
conduct
an
intensive
outreach
effort
to
allow
the
affected
reporting
community
time
to
realize
CROMERRR
is
not
voluntary
and
that
they
are
affected
in
very
significant
ways.

Why
do
we
think
CROMERRR
is
overly
prescriptive?
In
many
88
places,
CROMERRR
specifies
new
ways
to
do
record­
keeping,

reporting
and
signatures,
when
suitable
methods
already
exist.

For
example,
why
not
use
the
relatively
simple
current
esignature
legislation?
Public
law
106­
229,
rather
than
generating
a
new
nine
step
criteria
for
CROMERRR.
And
again,

my
boss
is
not
going
to
carry
his
desktop
with
him
in
order
to
do
signatures.

And
will
it
be
expensive?
BP
thinks
so.
We
are
a
fairly
sophisticated
user
of
electronics
and
some
of
our
sites
have
hundreds
of
computer
applications
dealing
with
environmental
record­
keeping
and
reporting.
And
we
have
thousands
of
sites.

If
we
assume
we
have
to
look
at
each
of
our
applications
in
a
fashion
similar
to
what
we
had
to
undertake
for
Y2K,
and
I
think
we're
calling
that
the
very
bottom
low
level
floor
of
cost,
it
would
only
cost
our
company
$
150
million
to
try
to
implement
the
record­
keeping
portion
of
CROMERRR.
And
again,

we
think
that
is
the
very
bottom
floor.

Even
EPA
thinks
it's
expensive.
The
conservative
estimate,
using
EPA's
own
$
40,000
per
site
estimate,
plus
$
17,000
maintenance
every
year.
If
you
take
those
two
numbers,
what
is
that,
$
57,000
of
the
first
year,
the
reporting
facilities
...
1.7
million
...
they
would
only
have
to
come
up
with
$
68
billion
this
first
year.
And
you
also
89
have
the
other
facilities,
the
small
facilities
who
don't
have
to
report,
but
they
do
need
to
manage
their
data
and
if
they
have
any
computers
at
all,
it
will
apply
to
CROMERRR
and
they
will
have
to
have
all
of
this
additional
auditrail,
and
using
EPA's
numbers
of
$
57,000
for
the
first
year,
that
would
only
come
to
an
additional
260
billion
dollars.
So
we're
already
up
over
$
300
billion
of
the
first
year
for
something
that
EPA
wanted
to
promote
as
a
money­
maker
and
able
to
go
on
without
doing
any
cost­
benefit
analysis.

Amazingly,
EPA
seems
not
to
have
supported
the
need
for
such
huge
expenditures.
For
there
is
little
or
nothing
in
the
public
record
addressing
the
impact
of
the
record­
keeping
provisions
on
regulated
facilities.
What
excessive
electronic
fraud
...
this
is
getting
back
to
mike
on
the
legal
side
...

what
is
the
overlying
pressing
requirement
that
EPA
feels
that
there
is
so
much
electronic
fraud
out
in
industry
that
we
have
no
ethics
and
no
morals,
that
they
must
require
this
detail?

And
I'm
going
to
come
back
and
say,
maybe
we're
wrong
Mike,
but
we
don't
have
this
amount
of
detail
of
documenting
date
time
stamping,
user
stamping
every
piece
of
paper
that
we've
got.
I
would
like
to
say
that
you're,
pick
up
on
what
you've
got
and
say
that
the
electronic
data,
boy
if
you
could
make
that
the
same
as
the
paper
data,
we
wouldn't
have
this,
90
you
know,
we'd
be
on
the
same
page.

Thus,
regretfully,
BP
cannot
support
CROMERRR
as
proposed
by
EPA.
We
urge
the
EPA
to
extend
the
comment
period
for
the
reporting
and
signature
sections
and
conduct
outreach
to
the
many
facilities
that
may
not
know
that
they're
affected.
And
we
urge
EPA
to
sever
the
record­
keeping
sections
of
the
rule
and
withdraw
it
for
further
work.

I
would
like
to
take
an
opportunity,
less
than
five
minutes,
to
give
a
couple
of
concrete
numbers
on
the
recordkeeping
side
if
you
would.
Just
for
EPA
to
get
a
sample
or
idea
of
how
large
of
a
problem
this
is,
and
what
the
cost
is.

We're
in
a
....
everybody
out
here
knows
that
we're
in
a
computer
age.
I
mean
we've
been
in
it
for
decades.

Everything
you've
got
is
on
a
computer
someplace.
According
to
the
rule
here,
I
believe
that
you're
audix
messages,
your
electronic
telephone
messages
that
gets
managed
through
a
telephone
system
with
a
computer,
you're
probably
going
to
have
to
archive
all
your
audio
messages
for
the
next
five
years.
Let's
see.

Electronic
signatures
do
need
to
be
simple.
Again,
I
don't
think
it
can
be
tied
to
...
it's
got
to
go
from
that
one
particular
computer.
There's
some
way
to
make
a
little
simpler;
you
may
not
like
it
for
the
records,
but
put
a
pin
91
number
or
something.
If
you
can
set
stuff
up
and
you
don't
have
to
go
down
and
have
two
IDs
and
all
that
stuff
to
get
it,

and
my
boss
does
not
have
to
give
out
his
credit
card
number
to
somebody,
you
know.
We
would
be
happy
with
that.
For
him
to
come
in,
sign
the
signature,
you
know,
it
doesn't
require
that
he
have
that
now.
And
if
that
is
a
big
overriding
factor
for
legality
purposes,
we're
more
than
willing
to
send
you
a
one
sheet
of
paper
with
a
signature
on
it
saying
we
sent
you
the
electronic
data.

On
your
stuff,
if
you
want
to
turn
to
your
last
three
pages
there
where
I
really
talk
about
numbers
and
cost,
we
have
several
large
programs.
We'll
spend
two
million
dollars
and
fifteen
man­
years
of
effort
to
put
together
a
program
so
our
refineries
can
try
to
calculate
TRI
to
the
best
we
can.

Toxic
release
inventory.
And
so
with
that
purpose,
we
spent
two
million
dollars
and
it
will
cost
a
quarter
of
a
million
dollars
just
to
be
able
to
time
date
stamp
user
stamp
all
the
information
that's
in
there.
So
that
comes
out
to
be
about
10
or
15
percent.

My
comment
is
if
you're
looking
for
some
sort
of
a
ball
park
number,
on
what
it's
going
to
cost
you
to
modify
simple
programs
that
don't
cost
very
much
or
large
programs
that
are
quite
complex,
that
do
cost
a
lot,
use
a
15%
...
10,
15
92
percent
of
development
costs.
That's
probably
what
it's
going
to
cost
you
to
repair
this
if
you
don't
have
your
date
time
user
stamping.

We've
got
some
large
facilities.
One
of
our
large
facilities
has
324
separate
applications.
And
Dave,
I
don't
know
if
we've
gone
into
the
lab
and
got
every
single
software
that's
on
all
of
the
instruments,
so
that's
probably
no
included
in
there.
At
our
local
refinery
here
in
Whiting
(
phonetic)
we
collect
processed
data.
We
did
an
average
piece
of
data,
an
average
temperature,
and
average
snapshot
for
the
day.
We
collect
61,000
pieces
of
data,
put
it
into
this
one
system
and
that's
the
daily
average.
And
if
you
go
down
and
see
that
the
daily
average,
but
if
it
came
from
just
one
minute
averages,
I'm
sure
there's
some
out
there
that
have
every
six
seconds
they're
taking
stuff,
but
if
it's
just
one
minute
averages,
that
only
increases
that
database
by
1400,
a
factor
of
1400.
So
over
a
five
year
period
all
we
have
to
do
is
store
150
billion
pieces
of
data;
150
billion
records
have
to
be
tagged,
stored
and
easily
retrievable.

Right
now,
if
you
have
a
process
engineer
that
wants
that
piece
of
data
from
yesterday,
how
easily
retrievable
is
it
for
you
to
give
him
that
when
he
needs
it?
But
say
for
five
years,
the
EPA
is
requesting
that
this
data
be
easily
93
retrievable.

Okay,
in
addition
to
those
kinds
of
costs,
in
addition
to
the
initial
cost,
you
also
have
to
maintain
these
systems.

You
also
have
to
when
you
do
make
a
change,
to
put
the
simple
stuff
in,
you
have
to
hope
that
they
didn't
screw
up
the
rest
of
the
program
and
that
it
doesn't
screw
up
your
process,
if
these
computer
programs
are
used
for
any
process
control.

Your
email.
Are
you
going
to
maintain
...
how
much
email
do
you
keep?
Do
you
keep
everything?
Do
you
purge
80%
of
it?

Do
you
have
records
much
longer
than
a
year
old?
You're
now
going
to
keep
all
100%
for
five
years.
Can
you
imagine
the
servers
your
company's
going
to
buy
to
maintain
all
of
the
electronic
data
that
you're
going
to
have
to
keep
for
that?

What's
going
to
happen
to
your
performance?
What's
going
to
happen
to
your
performance
on
these
applications?
It's
going
to
go
right
down
the
toilet.

So
anyway,
I
guess
where
I'm
coming
from
is,
it
has
great,
great
impact.
And
if
I
understood
what
the
initial
message
was,
is
EPA
is
managing
three
percent
of
it.
The
states
have
80%.
And
if,
and
they're
really
going
after
the
paper
pieces,
not
the
magnetic
media
piece.
And
my
comment
is,
is
well
let's
go
to
magnetic
media
as
a
first
step.
It's
not
quite
electronic
but
damn
close
to
it.
94
Let's
go
to
the
electronic
step
and
have
people
turn
in
their
data
on
CD
ROMs
or
diskettes,
and
you're
almost
there.

All
you
have
to
do
is
instead
of
me
pushing
the
button
to
upload
the
data
is
to
have
a
clerk
that
you
have
that
can
push
the
button
when
the
diskette
is
in
the
computer
and
upload
the
data.
You're
getting,
I
was
going
to
say
80%,
but
you're
probably
getting
95%
of
the
bang
for
almost
no
cost.

And
if
you
want
to
stay
with
paper,
charge
the
ma
and
pa
cleaners
out
there
$
25,
$
50
if
they
want
to
submit
in
paper,

or
give
them
the
discount
if
they
submit
on
diskette.
If
you
want
that
electronic
transfer,
build
something
in
your
rules
to
manage
that
electronic
transfer.
Don't
go
all
the
way
back
to
when
my
data's
created
when
I
took
a
temperature
on
a
reactor,
and
say
we're
going
to
hold
you
more
responsible
for
that
than
we
do
right
now
when
it's
on
paper.

It
is
tremendous.
And
so
I'm
anticipating
my
company,
if
we
had
to
abide
by
this
thing,
we're
going
to
spend
hundreds
of
millions
of
dollars
to
do
this
and
virtually
no
benefit.

And
I
don't
think
my
company's
committing
(
inaudible)
they're
not
committing
fraud,
they're
not
being
electronic
data
fraudulent
intentionally
at
all.
And
if
you
got
somebody
out
there,
go
after
them.
Put
these
rules
on
them
and
let
them
spend
the
$
100
million
so
you
can
track
them.
95
You're
welcome
to
come
to
our
facilities
and
inspect
as
you
have
in
the
past,
and
we
will
give
you
the
data
that
supports
what
we've
done.
Thank
you.

Joe
Retzer:
I
guess
I
have
just
one
thing
and
that
is,
you're
asking
here
sort
of
why
didn't
we
just
use
the
e­
sign
legislation.
Well,
unfortunately
the
e­
sign
legislation
...
I
say
unfortunately,
because
that
would
have
been
very
simple
if
we
could
have
done
that.
But
unfortunately
company
to
government
reporting
is
specifically
excluded
from
that
legislation.
That's
why
there's
GPEA
and
a
set
of
guidance
related
to
Government
Paperwork
Elimination
Act
provided
by
the
Office
of
Management
and
Budget
and
if
you
read
through
that
guidance,
it
looks
like
there's
a
wider
range
of
considerations
that
agencies
need
to
take
into
account
for
the
government
company
relationship
as
opposed
to
commercial
transactions.

Dick
Lowery:
Joe,
if
you
can't
use
that
law,
maybe
you
can
use
that
law
as
your
straw
man
and
put
a
new
name
on
it,
and
maybe
you
need
to
change
a
few
words,
maybe
you
need
to
add
something.
I
don't
know
if
you
need
to
add
seven
more
steps
to
the
two
that
are
there,
but
make
it
simple
if
you
can.
As
you
pointed
out
front,
if
you
make
it
simple,
they're
going
to
use
it.
If
you
build
a
Cadillac
and
it's
difficult
to
get
96
that
garage
door
open,
nobody's
going
to
go
in
and
use
it.

We
support
you
on
what
you're
doing;
we
just
don't
want
to
be
prescriptive.
Let
us
be
able
to
transfer
the
data
to
you
and
if
we
build
it,
if
you
have
an
interface
that
won't
corrupt
that
data,
we're
happy.
I
can
put
a
34
cent
stamp
on
that
CD
ROM
and
get
it
to
you
guys
great.
But
if
I've
got
to
go
out
and
spend
hundreds
of
millions
of
dollars
in
order
to
push
the
button
and
get
it
to
you
faster,
it's
not
worth
it
to
me.
We
do
support
you
in
your
efforts.

Michael
LeDesma:
I
should
probably
add
something
as
well
in
response
to
your
comments,
principally
because
I
mean,
there's
certainly
a
great
deal
of
concern
with
the
record­
keeping
provisions
and
I
don't
want
people
to
go
away
with
a
mistaken
impression
of
what
the
rule
does.
You
made
a
comment
that
this
rule
would
potentially
invalidate
ongoing
state
electronic
reporting.
And
I
wanted
to
be
clear
that
this
rule,
in
certainly
intent
and
I
believe
the
wording
as
well,

has
no
impact
on
ongoing
electronic
reporting
to
states.

We
know
it's
going
on.
We
have
devaluated
it
and
we
think
it
would
be
unfair
to
the
states,
in
particular,
and
invalidate
the
reporting
that's
going
on
in
those
instances.

Of
course,
as
David
explained,
there
are
record­
keeping
provisions
that
govern
state
programs
that
will
eventually
97
kick
in
under
the
existing
regulations
where
there
is
usually
a
phase
in
period.
They
get
one
year
to
revise,
or
two
years,

if
they
need
to
go
to
their
state
legislatures
for
revisions
of
state
law.

That's
generally
the
case.
So
I
mean
to
be
clear,
we're
not
impacting
that
at
all
in
this.
We're
not
blessing
it,

we're
not
saying
it's
invalid.
We're
just
not
speaking
to
it.

Dick
Lowery:
I
just
wish
you'd
do
the
same
on
my
electronic
data
that
I
have
that
I've
been
using
for
years
and
years
and
years
to
support
paper
or
magnetic
media.
I
sure
would
appreciate
if
you
took
the
same
approach
with
me
and
said,
you
know
I've
got
it,
you
know
I'm
using
it,
it
was
good
enough
yesterday.
I
sure
hope
it's
good
enough
tomorrow.
Thank
you.

General
Discussion
Joe
Retzer:
...
a
version
of
what
we
thought,
while
the
FDA
rules
are
pretty
prescriptive
in
terms
of
the
technologies,

what
we
came
up
with
was
a
version
of
that
that's
based
on
criteria
or
performance
criteria.
That's
our
approach,
that's
basically
parallel.
And
we
had
some
public
meetings
with
industry
appearing
and
what
folks
urged
us
to
do
was
to
be
consistent
with
that
approach.
So
people
did
have
a
chance
to
98
appear
at
those
public
meetings
and
we
did
hear
a
lot
of
comments.
And
that
was
last
year,
last
fall
around
this
time.

Maybe
it
was
even
earlier.

David
Schwarz:
(
inaudible)
we
haven't
heard
any
comments
that
make
us
think
we
can't
go
forward
at
least
on
the
reporting
side.
And
you
know
on
the
record­
keeping
side,
I
guess
we'll
just
have
to
put
our
thinking
caps
on.
We
do
want
to
get
all
the
comments.
We
know
the
kinds
of
issues
that
have
come
up
in
this
room
today
are
issues
that
have
come
up
in
other
places
and
we
have
to
take
them
seriously.
And
what
exactly
we
do,
I
think,
will
depend
on
how
easily
we
think
we
can
resolve
the
questions.

Deanna
Heffron:
I
don't
really
have
any
comments,
I
just
have
some
questions.
Under
the
additional
options
of
the
proposed
rule
of
the
record­
keeping,
on
page
46170,
one
of
the
bits
that
was
included
was
that
EPA
may
determine
that
additional
provisions
are
required
for
electronic
records.
And
then
on
the
following
page,
it
goes,
outlines
some
of
the
items.
I'm
guessing
they're
in
the
current
FDA
regulations.
I'm
not
familiar
with
the
FDA
requirements
for
electronic
recordkeeping

David
Schwarz:
Yes,
I
think
these
were
pulled
from
the
FDA
regulations.
99
Deanna
Heffron:
What
is
the
likelihood
that
these
additional
requirements
for
the
record­
keeping,
electronic
record­
keeping
will
be
put
into
place
in
the
final
rule.

Joe
Retzer:
What
is
the
likelihood?
Not
high.

David
Schwarz:
I'll
give
you
my
basic
understanding
of
the
difference
between
our
and
FDA's
approach.
Theirs
is
a
lot
more
detailed
than
ours.
The
other
thing
is,
they
have
a
lot
of
focus
on
things
like
verifying
and
certifying
(
inaudible)

while
we're
not
putting
anything
prescriptive
in
here
that
says
how
company
must
verify
or
do
that.
For
example,
I
think
FDA's
interested
in
certifying
particular
(
inaudible)
and
we're
not
interested
(
inaudible).

Joe
Retzer:
Just
one
other
follow
up
comment.
Although
I
don't
think
we're
going
to
change
the
CROMERRR
criteria
in
the
direction
of
greater
stringency,
we
may
make
them
more
specific
in
the
sense
of
narrowing
the
scope
of
certain
requirements
or
identifying
more
specifically
where
they
apply.
It
may
turn
out
that,
beyond
that,
that
CROMERRR
may
address
sort
of
baseline
requirements
for
electronic
recordkeeping

And
then
in
the
case
of
individual
programs
where
for
programmatic
reasons,
the
feeling
is
that
they
need
more
stringency,
that
they
set
up
on
a
program­
by­
program
basis,
100
these
would
be
regulatory
activities
of
other
parts
of
the
agency.
So
that
would
always
be
a
possibility.

Deanna
Heffron:
So
then
at
this
point
in
time,
there's
no
intention
for
CROMERRR
to
include
any
of
the
current
FDA
items
with
the
written
policies
governing
education
and
training
of
personnel
and
certification
of
persons
who
develop,
maintain
or
use
electronic
records
signatures
systems
and
verifying
that
they
have
all
that
education
and
establishing
training
programs
and
retraining
or
anything
like
that?

David
Schwarz:
I
think
that's
unlikely
to
be
in
the
regulatory
text.
It's
conceivable.
There
was
a
woman
from
Monsanto
who
made
a
couple
of
suggestions
that
if
we
were
going
to
base
our
approach
generally
on
FDA
that
it
would
be
good
to
cross
reference
our
more
generic
requirements
with
specific
requirements
in
FDA.
If
we
end
up
continuing
with
that
approach,
I
could
imagine
in
the
preamble
or
in
a
guidance
document
referring
to
some
of
these
things
as
ways
among
others
to
meet
some
of
our
general
criteria.
But
I
think
it's
unlikely
that
it
would
get
to
that
level
of
prescriptive
specificity
in
the
regulatory
language
itself.

Deanna
Heffron:
So
at
this
point
in
time
are
you
expecting
comments
from
the
public
regarding
this
proposed
additional
record­
keeping
or
electronic
record
requirements?
101
David
Schwarz:
You
know,
we
would
certainly
welcome
those
comments,
I
mean
if
it
turns
out
that
there
is
a
community
out
there,
or
a
constituency
that
really
feels
strongly
one
way
or
the
other,
in
favor
or
opposed,
that
would
be
useful
information.
I'm
not
hearing
a
groundswell
of
support
for
including
these,
but
we
haven't
gotten
all
the
mail
yet,
so.

Joe
Retzer:
Yes,
we've
really
done,
probably
just
like
anything
else,
the
vast
majority
of
the
comments
are
going
to
come
in
the
last
week,
so
we
don't
really
know.

Lynn
Calvin:
I'm
Lynn
Calvin,
I'm
actually
an
EPA
person
from
a
region.
Isn't
that
education
and
training
language,
David,

from
the
ISO
9000
language?

David
Schwarz:
It
may
be.
Some
of
it.
I'm
sure
that
we
pulled
things
from
a
variety
of
sources,
so
it's
possible
that
that's
where
it's
from.

Lynn
Calvin:
Okay,
I'll
pursue
that
later.
But
that
phrase
sounded,
if
it
isn't
ISO
9000,
there's
stuff
real
like
it
in
ISO
9000.

David
Schwarz:
Let
me
ask
you
a
question.
If
it
is
in
ISO
9000,
does
that
have
any
implications
we
should
be
aware
of?

Lynn
Calvin:
Well,
if
entities
are
ISO
9000
certified,
they
have
some
baseline
records
management
in
place.
And
basically
they
have
policies
and
procedures
for
records
management,
102
paper
or
electronic
and
some
mechanism
for
monitoring
that
there
is
some
compliance
and
education
in
those.
That's
part
of
what
ISO
9000
does.
It's
at
the
10,000
foot
level,
but
it
indicates
that
there
is
records
management.
And
that's,
but
the
CROMERRR
language
about
education
and
training
sounds
like
ISO
9000.
I'm
not
sure.

John
Bernstein:
John
Bernstein,
I'm
from
EPA
region
5.
If
the
language
is
not
from
ISO
9000,
it
could
very
well
be
ISO
49,
which
is
a
records
management
standard
that
ISO
has
developed
separate
from
14000
and
9000.

David
Schwarz:
If
some
of
these
things
are
specified
in
ISO
standards,
are
there
EPA
programs,
whether
through
regulation
or
guidance,
that
refer
to
these
ISO
standards.
Or
is
this
just
something
that's
out
there
that
some
people
try
to
comply
with?

John
Bernstein:
I
would
say
it's
the
latter.
Some
people
try
and
comply
with
them.
On
the
other
hand,
it's
my
own
feeling
that
businesses
that
do
business
internationally
are
trying
to
comply
with
ISO
9000,
or
for
that
matter
14000.
I
don't
know
how
many
businesses
out
there
are
complying.
I
haven't
heard
anything
at
least
in
my
contact
list
with
EPA.

David
Schwarz:
Okay,
thanks.

David
Keyes:
This
is
David
Keyes
from
Dow
Agra
Sciences.
I
103
had
talked
to
David
a
little
earlier,
but
I
wanted
to
ask
this
as
officially:
if
you
would
be
amenable
to
consider
the
60­
day
extension
for
comments.
Dick
Lowery
brought
that
up
in
his
piece
but
I
wanted
to
just
make
sure
to
ask
that
question
separately.

Michael
LeDesma:
I
guess
the
answer
is,
we
can
consider
it.

I
don't
know
what
the
real
benefit
would
be.
But
if
we
decide
to
do
that,
we
would
publish
a
notice
in
the
Federal
Register
that
says
we
were
going
to
do
that.

Joe
Retzer:
I'm
sorry,
what's
your
special
concern
for
why
we
need
a
longer
comment
period?

David
Keyes:
Just
due
to
the
far
reaching
scope
and
the
amount
of
people
that
are
involved
with
this.
It's
taking
time
to
get
everybody
to
get
their
comments
in
and
be
aware
of
this.

Deanna
Heffron:
I
just
wanted
to
make
one
comment.
With
some
of
the
questions
I
realize
that
this
proposed
rule
is
just
supposed
to
be
a
framework
and
allow
for
quite
a
bit
of
flexibility.
(
inaudible)

End
of
Informal
Hearing
