Research and Special Programs Administration (RSPA), DOT.
The Research and Special Programs Administration is establishing new requirements to enhance the security of hazardous materials transported in commerce. Shippers and carriers of certain highly hazardous materials must develop and implement security plans. In addition, all shippers and carriers of hazardous materials must assure that their employee training includes a security component.
This final rule is effective March 25, 2003.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Susan Gorsky, (202) 366-8553, Office of Hazardous Materials Standards, Research and Special Programs Administration.End Further Info End Preamble Start Supplemental Information
On May 2, 2002, the Research and Special Programs Administration (RSPA, we) published a notice of proposed rulemaking (NPRM) to enhance the security of hazardous materials in transportation (67 FR 22028). Proposals for amending the Hazardous Materials Regulations (HMR; 49 CFR parts 171-180) included a requirement for motor carriers registered with the agency to maintain a copy of their current registration certificate on each motor vehicle. We further proposed to require shipping papers to include the name and address of the consignor and consignee and the shipper's DOT Hazmat Registration number, if applicable. In addition, we proposed to require shippers and carriers of certain highly hazardous materials to develop and implement security plans. We also proposed to require hazardous materials shippers and carriers to assure that their employee training includes a security component. The NPRM provided a 30-day comment period.
On May 23, 2002, in response to a number of requests, we extended the comment period for the NPRM an additional 30 days (67 FR 36138). The comment period closed July 3, 2002.
In addition, on July 16, 2002, RSPA and the Federal Motor Carrier Safety Administration (FMCSA) published an advance notice of proposed rulemaking (ANPRM) to examine the need for enhanced security requirements for hazardous materials transported by motor carriers (67 FR 46622). The two agencies are seeking comments on the feasibility of specific security enhancements and the potential costs and benefits of deploying such enhancements. Security measures addressed in the ANPRM include escorts, vehicle tracking and monitoring systems, emergency warning systems, remote shut-offs, direct short-range communications, notification to State and local authorities, and operational measures. The comment period for the ANPRM was extended until November 15, 2002. Late-filed comments will be considered to the extent feasible.
In this final rule, we are adopting the following revisions to the HMR to enhance the security of hazardous materials transported in commerce:
—Shippers and carriers subject to the registration requirements in 49 CFR part 107 or who offer or transport select agents and toxins regulated by the Centers for Disease Control and Prevention (CDC) must develop and implement security plans.
—Hazmat employers must provide security training to their hazmat employees. Hazmat employees of companies required to have a security plan under this final rule must be trained in the plan's specifics. All hazmat employees must receive training that provides an awareness of the security issues associated with hazardous materials transportation and possible methods to enhance transportation security. This training must also include a component covering how to recognize and respond to possible security threats.
When conducting inspections at shipper and other facilities, DOT inspectors will be looking for security plans and training records related to security. If violations are found, appropriate penalty action will be initiated. Baseline penalties for these violations will be provided in a civil penalty rulemaking that we expect to issue in the near future.
II. Analysis of Comments
We received over 270 comments on the May 3, 2002, NPRM from hazardous materials shippers, carriers, industry associations, and State and local government agencies. Commenters unanimously support the NPRM's goal of enhancing the secure transportation of hazardous materials. However, most commenters have significant concerns about some or all of the specific proposals in the NPRM. For example, some commenters suggest that the NPRM proposals do not provide an appropriate balance between security and economic goals. In addition, some commenters oppose some or all of the proposed security requirements because they would not have prevented the September 11, 2001, terrorist attacks. Several commenters also suggest that we should defer to the Transportation Security Administration (TSA) or the proposed Department of Homeland Security on security issues. Further, many commenters express reservations about the scope of the NPRM and the applicability of some of its provisions to most shipments of hazardous materials. As well, a significant proportion of commenters oppose some or all of the proposals concerning registration numbers and certificates, shipping documentation requirements, security plans, and security training. Finally, many commenters suggest that we seriously underestimated the potential cost impacts of the proposals in the NPRM. These comments are discussed in detail below.
A. Security Versus Economic Efficiency
Several commenters express concern that the NPRM proposals in the aggregate will result in unacceptable economic burdens on the industry and will adversely affect the efficiency with which hazardous materials are routinely transported. “We also are concerned that the proposed measures will be expensive to implement and will introduce inefficiencies to the manner in which hazardous materials are transported. In responding to the events of September 11th, we must not compromise our ability to move large amounts of hazardous materials in an efficient, cost-effective manner. Introducing inefficiencies to our freight transportation system helps further the terrorists' goals of disrupting the American way of life.” (American Trucking Associations)
As we stated in the NPRM, hazardous materials are essential to the economy of the United States and the well-being of its people. Our goal in this rulemaking is to implement security requirements that will be effective in preventing hazardous materials from being used as tools of destruction and terror while permitting continued transportation of these essential products. We applaud those in the industry who have recognized their responsibility for Start Printed Page 14511enhanced security for the products they manufacture and transport and have developed and implemented thorough and detailed security programs. We do not agree that the imposition of prudent, common-sense security measures will cause massive disruptions in the movement of hazardous materials. We recognize that the provisions proposed in the NPRM and adopted, with modifications, in this final rule, will impose new costs of doing business on both hazardous materials shippers and carriers. As discussed in the following sections, in this final rule we revised certain proposals in response to comments on the NPRM to increase the effectiveness and reduce potential costs impacts of the new security provisions.
Several commenters note that the security measures proposed in the NPRM would not have prevented the September 11th terrorist attacks, the 1993 attack on the World Trade Center, or the 1995 attack on the Murrah Building in Oklahoma City. Nowhere in the NPRM do we state that the proposed security requirements would have prevented past attacks. Rather, we discussed the September 11th terrorist atrocities to indicate the heightened risk of terrorism with which we all now live and the need to reassess and address security vulnerabilities in all areas of our public and private lives. The discussion of the attack on the Murrah Building was intended as an illustration of the devastating consequences that can result from a criminal or terrorist act involving hazardous materials and to provide an estimate of the economic costs of such an act. We cannot limit our actions on security to efforts to prevent terrorist attacks that have already occurred. It is incumbent on everyone responsible for the safety and security of the United States to proactively assess future terrorist threats and take actions to try to prevent future attacks. We believe that the new requirements in this final rule will enhance the security of hazardous materials in transportation and, thus, help to deter and prevent terrorists from using hazardous materials in the transportation system as weapons of destruction or intimidation.
B. Security Authority
Some commenters question whether RSPA is the appropriate agency to issue transportation security regulations. These commenters suggest that the Transportation Security Agency (TSA) or the proposed Department of Homeland Security would be better suited to issue transportation security-related regulations. One commenter points out that TSA has been given the responsibility for security in all modes of transportation, and that TSA has been authorized to issue, rescind and revise such regulations as are necessary to carry out the functions of the Administration.
The HMR are promulgated under the mandate in § 5103(b) of Federal hazardous materials transportation law (Federal hazmat law; 49 U.S.C. 5101 et seq., as amended by § 1711 of the Homeland Security Act of 2002, Pub. L. 107-296) that the Secretary of Transportation “prescribe regulations for the safe transportation, including security, of hazardous material in intrastate, interstate, and foreign commerce.” Section 5103(b)(1)(B) provides that the HMR “shall govern safety aspects, including security, of the transportation of hazardous material the Secretary considers appropriate.”
Hazardous materials shippers and carriers should be aware that this final rule is the first step in what may be a series of rulemakings to address the security of hazardous materials shipments. The joint RSPA-FMCSA ANPRM described above may result in one or more proposals to require specific security measures for hazardous materials that pose a significant security risk in transportation. In addition, TSA is developing regulations that are likely to impose additional requirements beyond those established in this final rule. We consult and coordinate with TSA concerning security-related hazardous materials transportation regulations and will continue to do so after TSA becomes part of the new Department of Homeland Security.
C. Industry Consensus Standards
One commenter suggests that we should work with the hazardous materials industry to develop consensus standards for hazardous materials transportation security. “Instead of implementing its proposals, RSPA should hold one or more public meetings to solicit recommendations from shippers, carriers, and other members of the interested public as to security enhancements, and as to regulatory approaches, that will accomplish more, and do so more efficiently.” (National Small Shipments Traffic Conference, Inc., and the Health and Personal Care Logistics Conference, Inc.) We appreciate this suggestion; indeed, we are aware that a number of industry associations have developed and disseminated recommendations for enhancing the security of hazardous materials and expect that they will form the basis for many individual company plans. However, we do not agree that a consensus-standards approach is appropriate for this rulemaking. Consensus standards generally are specification standards; that is, they set forth specific requirements for achieving a regulatory goal. One of the goals of this final rule is to establish a performance standard for hazardous materials transportation security plans. Performance standards generally permit a regulated entity to determine the specific measures necessary to achieve compliance with the established performance goal. In the case of hazardous materials transportation security, the flexibility provided by a performance standard permits a company to implement a security plan that is tailored to its specific circumstances and operations.
A consensus-standards process is a lengthy process. It can take many months or even years for the parties developing such a standard to reach consensus on the appropriate measures to be implemented. The security threat is real and ongoing. We do not have the time to spend on development of a consensus standard for hazardous materials transportation security.
D. Registration Certificates
Currently, each motor carrier transporting certain classes or divisions of hazardous materials is required to file with RSPA a registration statement and pay an annual fee (49 CFR part 107). A Certificate of Registration (certificate), which includes a U.S. DOT Hazmat Registration Number, is then issued by RSPA to the carrier. A carrier must display its registration number on a document carried on each motor vehicle, but need not maintain a copy of the certificate itself on each vehicle. The NPRM proposed to require each motor carrier registered with RSPA to maintain a copy of its current registration certificate on each motor vehicle used to transport hazardous materials. We suggested that the actual certificate could assist State and local law enforcement personnel to determine whether a carrier is a legitimate transporter of hazardous materials.
Commenters overwhelmingly oppose this proposal, primarily because the registration system as currently structured is not designed to make determinations as to the legitimacy of registrants. “[A] valid registration certificate is no indication that a transporter is ‘legitimate.’ It is not an endorsement of regulatory compliance. It is simply proof of payment.” (Institute of Makers of Explosives) Commenters also note that the registration system has no relevance to transportation security. “[T]he act of registering and obtaining a DOT registration certificate and number * * * does nothing to ensure that the Start Printed Page 14512registrant is not a potential risk to transport security. * * * In no case is any background investigation conducted before registering an applicant, or even investigation to ensure that the applicant is a bona fide company legitimately engaged in the offering for transport and/or transport of hazardous materials.” (The Conference on the Safe Transportation of Hazardous Articles, Inc.) In addition, commenters suggest that a registration certificate can easily be copied or falsified. Even those commenters who support the proposal for motor carriers to maintain a copy of their registration certificates on transport vehicles state that the proposal will not enhance transportation security.
We have reconsidered this issue in light of the overwhelming opposition expressed by commenters to this proposal, and it is not adopted in this final rule. We agree with commenters that, absent significant changes to the current registration system, the mere presence of a registration certificate in a motor vehicle transporting hazardous materials will do little to enhance transportation security or to assist enforcement personnel to verify the legitimacy of hazardous materials carriers.
E. Shipping Papers
Currently, the HMR generally require each person who offers a hazardous material for transportation to describe the material on a shipping paper. However, there is no requirement for a shipping paper to include the name and address of the person offering the shipment or the person to whom the shipment will be delivered. The NPRM proposed to require each shipping paper to include the name of the shipment consignor and the address from which the shipment originates and the name and address of each person to whom the shipment will be delivered. In addition, we proposed to require each shipping paper to include the U.S. DOT Hazmat Registration Number, if applicable, of the person offering the shipment for transportation. The proposal was intended to assure that shipping papers included information to assist law enforcement personnel to promptly ascertain the legitimacy of hazardous materials shipments during routine or random roadside inspections and to identify suspicious or questionable situations where additional investigation may be necessary.
As with the proposal to require motor carriers to maintain copies of registration certificates in vehicles transporting hazardous materials, commenters overwhelmingly oppose the proposal to require shippers to include registration numbers on shipping papers. Commenters say that the registration program is not designed to determine whether shippers are “legitimate” and that the proposed requirement will not enhance shipment security. In addition, commenters suggest that a requirement to include registration numbers on shipping papers would be expensive to implement because many shippers would have to modify computer systems and shipping paper forms to include the new information. “Configuring computer systems to provide new data on shipping documents will cause significant problems for shippers, carriers, freight forwarders, brokers, agents, and others. Available display fields are limited and companies will need to redirect their limited Information Technology (IT) resources to reprogram their information management systems.” (Dangerous Goods Advisory Council) While we believe that commenters have overstated the costs that might be incurred to modify information systems to accommodate the proposed registration number requirement, we agree that the paperwork burden is not justified by the limited security benefits that might result. Therefore, the registration number proposal is not adopted in this final rule.
A number of commenters support the proposal to include the names and addresses of consignors and consignees on shipping papers. “This provision, to include the name of the shipment consignor and the address of the person to whom the shipment will be delivered, is already widely in use by most companies that ship hazardous materials and therefore is readily acceptable.” (Dow Chemical Company) Similarly, “[i]ndustry routinely prepares thousands of shipping papers each year and the requirement that the addresses of the consignor and consignee appear on such documents should not pose a problem or burden.” (Nuclear Energy Institute)
Other commenters, however, express serious reservations about the proposal to require consignor and consignee names and addresses on shipping papers. Most commenters question whether such a requirement would actually make it easier to identify suspicious shipments, as stated in the NPRM, without a system in place to verify the consignor and consignee information provided. “Establishing the legitimacy of any consignor or consignee, and their respective addresses, requires knowledge and information not ‘promptly ascertainable' from the roadside more than a thousand miles from the consignor and consignee as indicated in the shipping paper.” (The Conference on the Safe Transportation of Hazardous Articles, Inc.) As well, commenters suggest that the proposal is unnecessarily broad and would apply to shipments of hazardous materials that pose little or no security threat. In addition, commenters say that, while the proposed requirement for consignor/consignee names and addresses on shipping papers may have some security benefit for motor carrier operations, it is not appropriate for all modes of transportation. Rail carriers, for example, suggest that the proposal would result in little or no security benefit for rail car transportation. “Adding information to the shipping papers might be useful to a law enforcement officer stopping a truck on the highway * * * but would add nothing to rail security. * * * The carload rail network is a fixed network that serves only those shippers connecting to it. The identity and location of every rail car shipper is known and only specific destinations can be reached by rail. The security issues addressed by the proposed street address requirement are simply not present in rail transportation.” (CSX Transportation)
Further, shippers and carriers of specific classes and types of materials cite operational difficulties that they say will make it difficult to comply with the proposed new requirement. Hazardous waste generators suggest that the proposed requirement to include consignor and consignee names and addresses on shipping papers is redundant for hazardous waste shipments because the EPA hazardous waste manifest already includes sufficient information for tracking hazardous wastes from origin to destination. Other commenters are concerned that the NPRM proposal concerning shipping papers did not consider the positive security implications of electronic tracking systems that are utilized by a number of shippers and carriers to monitor shipments. “[There are] superior technology and tracking systems in place that not only track all shipments but also the vehicle or container used to transport the freight. Unfortunately, RSPA does not give indication that it has considered the advanced or enhanced security benefits gained from having such a system in place. RSPA should recognize and waive any proposed requirements for carriers and companies with these type information Start Printed Page 14513systems in place * * * ” (FedEx Express)
Commenters representing shippers and carriers of hazardous materials used in agricultural applications note that many of the locations to which they deliver do not have street addresses, making it difficult to complete a shipping paper as proposed in the NPRM. “[Agricultural retailers] often deliver their product to farm fields that don't have addresses, or to farms with rural addresses, and in some cases in one State, no addresses. * * * Many applicators intimately know the customer's fields they are delivering to and thus don’t need addresses. Some use maps or air photos that show the fields or sections of fields that need the products applied.” (Agricultural Retailers Association) Representatives of shippers and carriers of hazardous materials used at construction sites have similar concerns. Shippers and carriers of compressed gas cylinders used in medical care and heating oil, diesel fuel, propane, gasoline, and similar materials that use individual motor vehicles to deliver product to multiple locations point out that drivers frequently make changes to their delivery schedules or make emergency or unscheduled deliveries in the course of a single day, so that a shipping paper with a list of delivery locations completed in the morning would have to be significantly altered by the driver during the course of the day as his delivery schedule is modified. “It is common practice to have multiple deliveries of fuel throughout the day. The shipment locations may be known for some deliveries, but there are numerous instances where the location of a particular delivery is not known until the truck has already begun its route. In other words, not every gallon of petroleum is accounted for when loaded at the bulk plant.” (BOC Oil Company and others) Finally, shippers of so-called “blind shipments” of hazardous materials suggest that they would be adversely affected by the proposal. Blind shipments are transported under product trading transactions in which the receiving person is not provided information about the true origin of the shipments delivered to them and the shipper may not know the true destination of the shipment. “Thousands of shipments are made from unnamed locations or from shippers acting as agents for suppliers who do not wish to be identified for business reasons. Perhaps an equal number of shipments are made to unnamed consignees. This NPRM would eliminate this practice resulting in the loss of millions of dollars in revenue annually for shippers with no increase in security.” (Compressed Gas Association)
We do not agree with commenters that the proposed requirement for consignor and consignee names on shipping papers would provide little or no security benefit. In the absence of requirements for route plans or electronic tracking, the name and address of the shipment consignor and consignee can help law enforcement personnel determine whether a shipment has been unreasonably diverted and, thus, whether further investigation is warranted. However, having considered the adverse comments received on this proposal, we are not adopting it in this final rule. Instead, we are considering modified procedures for making consignor and consignee information available to law enforcement personnel. A modified procedure may be proposed in a future rulemaking. We note in this regard that the UN Recommendations on the Transport of Dangerous Goods require the name and address of both the shipment consignor and consignee to be included on shipping papers (chapter 18.104.22.168). A similar requirement is also in the International Civil Aviation Organization's Technical Instructions for the Safe Transport of Dangerous Goods by Air (chapter 4.1.6). Moreover, a provision to require the consignor and consignee name and address has been adopted by the International Maritime Organization for inclusion in Amendment 3.1 of the International Maritime Dangerous Goods Code. We also note that the U.S. Customs Service has issued a final rule to require consignor/consignee information on bills of lading for all cargoes entering the United States (67 FR 66318; October 31, 2002).
F. Security Plans
The NPRM proposed a new subpart I in part 172 to require persons subject to the registration requirements in subpart G of part 107 and persons who offer or transport select agents and toxins regulated by CDC in 42 CFR part 73 to develop and implement written security plans. Those persons required to register under subpart G of part 107 include persons who offer for transportation or transport: (1) A highway route-controlled quantity of a Class 7 (radioactive) material; (2) more than 25 kg (55 lbs) of a Division 1.1, 1.2, or 1.3 (explosive) material; (3) more than 1 L (1.06 qt) per package of a material poisonous by inhalation in Hazard Zone A; (4) a shipment in a bulk packaging with a capacity equal to or greater than 13,248 L (3,500 gal) for liquids or gases or greater than 13.24 cubic meters (468 cubic feet) for solids; (5) a shipment in a non-bulk packaging of 2,268 kg (5,000 pounds) gross weight or more of one class of hazardous materials for which placarding is required; and (6) a shipment that requires placarding. Select agents and toxins are materials regulated by CDC because they have the potential to pose a severe threat to the public health and safety. We suggested that a security plan should focus not only on the potential threats posed by the material being transported, but on personnel, facility, and en route security issues, as well. The NPRM did not include a prescriptive list of actions that must be included in a security plan. Rather, we proposed that a company should implement a plan that is appropriate to its individual circumstances, considering the types and amounts of hazardous materials shipped or transported and the modes used for transportation.
Commenters generally support the proposed requirement. However, commenters are concerned about certain details of the proposal. A major concern for many commenters is the language used in the NPRM to describe the security plan and its purpose. In the words of one commenter, “The written plan requirement is too strongly worded. [We are] deeply concerned with much of the language in the security plan component of the NPRM. The purpose of any planning, whether for security or safety, is to reduce and mitigate risks. However, the NPRM as worded mandates ‘assurance’ of 100% risk-free operations. This is not possible.” (National Propane Gas Association) Other commenters express similar reservations. “The security plan should ‘address’ various subjects, but no requirement of the regulations should require that the plan ‘assure’ that unauthorized or unlawful actions will not take place. The word ‘assure’ has a strong legal content, and would serve to impose undue strict liability on anyone who had the misfortune to experience a security incident, no matter how unavoidable that incident was.” (Sulfur Dioxide Mutual Assistance Response Team) We agree that the term “assure,” as used in the NPRM to describe the purposes and goals of a security plan, was inappropriate. No plan, no matter how comprehensive and detailed, can provide absolute assurance that each shipment of hazardous materials to which it applies will be transported without incident. In this final rule, we are modifying subpart I, as suggested by commenters, to more properly Start Printed Page 14514characterize a security plan in terms of addressing and reducing security risks presented by the transportation of certain hazardous materials in commerce.
Related to the liability concern, commenters ask how the proposed security plan requirement would be enforced. “Any measurement of a security plan would be entirely subjective. * * * If our products were somehow involved in a terrorist act, does this mean our security plan failed? And if so, what enforcement action will be taken?” (Airgas, Inc.) Other commenters ask what standard will be used to determine whether security plans comply with regulatory requirements.
Each security plan will differ because each security plan will be based on a company's assessment of the security risks associated with the materials it ships or transports. There is no “one-size-fits-all” security plan that will be appropriate for each company's individual circumstances; similarly, there is no “one-size-fits-all” enforcement standard that can be applied to individual companies. We will examine a company's security plans, including the vulnerability assessment on which the security plan is based, as necessary to ascertain that a company has a plan in place, that it includes the components specified in this final rule, and that its personnel have been trained concerning the plan's specific components.
The fact that a product is used in a terrorist, criminal, or destructive action does not automatically mean that the security plan failed or that Federal security requirements are inadequate. A security plan should represent a company's best, good-faith effort to address identified security risks. However, plans must be updated as new information and technology become available. Compliance with Federal regulatory standards may constitute an effective defense in private litigation. However, failure to comply with those standards can be argued to constitute negligence.
Several commenters suggest that the requirement for security plans should be applied more narrowly than proposed in the NPRM. For example, shipments of bulk packagings that contain residues of certain hazardous materials must be placarded and, thus, would be subject to the proposed security plan requirement. Similarly, shipments of certain corrosive or flammable materials in Packing Groups II or III, such as institutional cleaning products, must be placarded in some circumstances and, thus, would be subject to the proposed security plan requirement. Commenters suggest that “the requirement for an offeror or transporter to develop and implement a security plan should more appropriately be predicated upon the types (in terms of hazard) and/or quantities of hazardous materials offered or transported by the person, rather than on whether that person is required to register. * * * [S]ecurity plans should only be required for offerors and transporters of hazardous materials that have the potential to pose a significant threat from a security perspective if those hazardous materials were to fall into the wrong hands.” (Conference on Safe Transportation of Hazardous Articles, Inc.) We agree that a requirement for security plans should apply only to those materials that present significant security threats. The registration and select agent and toxins lists cover the materials that present the most significant security threats in transportation and provide a relatively straightforward way to distinguish materials that may present a significant security threat from materials that do not. Further, the requirements for security plans proposed in the NPRM and adopted in this final rule permit a shipper or carrier to develop a security plan that assesses the specific security risks of the materials to be transported and put into place measures that are commensurate with the assessed risks. If a shipper or carrier determines that the security risks of the materials it handles are relatively small, then its security plan may well be limited in scope and complexity.
One commenter suggests that materials such as propane do not present a security risk sufficient to require development of shipper and carrier security plans. “Propane has an excellent safety record both at the storage site and in transit. Propane's narrow range of flammability, its tendency to disperse rapidly if released, and the robust, Federally-regulated systems used to contain the product all support the assertion that propane should not be considered a weapon of mass destruction.” (National Propane Gas Association) We disagree. Propane is among the liquefied compressed gases most commonly transported throughout the nation. When liquid propane is released into the atmosphere, it quickly vaporizes into the gaseous form that is its normal state at atmospheric pressure. This happens very rapidly, and in the process, the propane combines readily with air to form fuel-air mixtures that are ignitable over a range of 2.2 to 9.5 percent propane by volume. If an ignition source is present in the vicinity of a highly flammable mixture, the vapor cloud ignites and burns very rapidly (characterized by some experts as “explosively”). Based on these characteristics and the frequency with which propane is transported in this country, we believe that propane presents a sufficient security risk to warrant the imposition of security plan and security training requirements.
Another commenter requests an exception from the proposed security plan requirements for petroleum marketer transporters “given the already heightened level of security practiced by this unique branch of hazardous materials transporters.” (Ohio Petroleum Marketers Association) In support of this request, the commenter cites regulations such as State fire codes, workers compensation laws, and Federal transportation safety laws “that reduce the potential for certain hazardous materials to be targets for terrorists, and that maintain a high level of security awareness for hazardous materials employees.” Again, we disagree. The regulations cited by the commenter are focused on safety, not security. Products transported by petroleum marketers, such as fuel oil and motor fuel, can potentially be used as weapons of opportunity or can be combined with other materials to construct weapons of mass destruction. Indeed, trucks loaded with petroleum products have been used in terrorist attacks on at least two occasions in recent months overseas. In addition, on June 21, 2002, the Federal Bureau of Investigation disclosed that it had information that terrorists using fuel tanker trucks might try to attack fuel depots or Jewish schools or synagogues. The warning was based on interviews with captured al Qaeda fighters and other sources. Therefore, we reject the requested exceptions.
A number of commenters note that, as drafted, the NPRM suggests that the proposed security plan requirements apply to every shipment offered for transportation or transported in commerce by a person required to register by subpart G of part 107. For example, one commenter says, “A corporation subject to the hazmat registration requirements may easily have more than one facility—some of which might perform operations that would benefit from a security plan, others of which might not. It would be patently unreasonable to require each facility operated by the same corporation subject to hazmat registration requirements * * * develop and implement a security plan regardless of whether the particular facility transports hazardous materials Start Printed Page 14515subject to those requirements.” (Utility Solid Waste Activities Group) We agree. Our intention in the NPRM was for those shipments that are listed as triggering the registration requirements in subpart G of part 107 to be subject to security plan requirements, not for every shipment transported by a registered entity or every facility operated by a registered entity. This final rule clarifies that persons who offer for transportation or transport any of the materials listed in subpart G of part 107 or a select agent or toxin regulated by CDC must develop and adhere to security plans applicable to the listed materials.
The NPRM proposed that a security plan address the security of shipments stored incidental to movement in transportation. Several commenters are concerned about the applicability of the security plan requirement to persons that do not offer or transport hazardous materials in commerce, but who may operate facilities at which hazardous materials are stored during transportation. One commenter notes that “[i]n many situations, HAZMAT are delivered to or through facilities operated by entities that are not subject to the security plan requirements because they may not be legally required to register.” (Dangerous Goods Advisory Council) We agree that the final rule should clarify responsibility for security plans applicable to hazardous materials stored incidental to movement in transportation. Generally, these hazardous materials will be stored at a shipper or carrier-owned or -operated facilities, and the shipper or carrier will be responsible for developing a security plan. In this final rule, the requirement for developing and adhering to a security plan applies to persons who offer for transportation or transport hazardous materials in commerce, including loading, unloading, or storage operations incidental to the movement of hazardous materials in commerce.
Another commenter proposes that we adopt a definition for “storage incidental to movement” to distinguish storage that is part of transportation, and therefore subject to security plan requirements, from storage that is not part of transportation. For purposes of this final rule, storage incidental to movement of a hazardous material in commerce is storage that takes place between the time that a hazardous material is offered for transportation to a carrier and the time it reaches its destination. This definition is consistent with long-standing administrative determinations and letters of interpretation concerning the applicability of the HMR to materials stored incidental to their movement in commerce. We note in this regard that this agency is currently engaged in a rulemaking to clarify the applicability of the HMR to specific functions and activities, including storage of hazardous materials during transportation (HM-223; RSPA-98-4952). The NPRM issued under HM-223 proposed to define “storage incidental to movement” to mean “storage of a transport vehicle, freight container, or package containing a hazardous material between the time that a carrier takes physical possession of the hazardous material for the purpose of transporting it until the package containing the hazardous material is delivered to the destination indicated on a shipping document, package marking, or other medium, or, in the case of a private motor carrier, between the time that a motor vehicle driver takes physical possession of the hazardous material for the purpose of transporting it until the driver relinquishes possession of the package containing the hazardous material at its destination and is no longer responsible for performing functions subject to the HMR.” We are currently in the process of evaluating comments to the HM-223 NPRM. If a final rule issued under docket HM-223 revises the definition of “storage incidental to movement” in a way that affects the applicability to such storage of the security plan requirements in this final rule, we will address such revision, including its implications for security plans and any transition time necessary to implement changes, in the HM-223 final rule.
Most commenters support “the flexibility RSPA provides in [the] proposal to regulated entities in how they go about meeting [the security plan] requirement.” (National Association of Chemical Distributors) These commenters agree that “the regulated community needs the flexibility to select those elements [of a security plan] that are consistent with their methods of operation.” (Independent Fuel Terminal Operators Association) Other commenters, however, are concerned that the elements suggested in the NPRM for possible inclusion in a security plan are “extremely general. In fact, they are so general as to be either unenforceable, or worse, subject to widely varying interpretations by field inspectors and adjudicators. The security plans and codes that have been developed by industry and are being further refined at the current time are far more specific and useful in addressing the security issues facing the various hazardous materials moving in commerce. If it is RSPA's purpose simply to require security plans for transporters and offerors without specifying the nature or content of those plans, [we] have no objection. If on the other hand, RSPA intends to somehow oversee the substance of such plans, the proposed requirements are too vague to be enforced.” (The Chlorine Institute) Similarly, other commenters do not agree with the NPRM approach to list non-mandatory items in the regulatory text for security plans, such as the specific elements listed in the NPRM for possible inclusion in a security plan to address en route shipment security issues. These commenters suggest that recommendations should not be made part of regulatory text because of enforcement and liability concerns. Additionally, commenters are concerned that establishing specific requirements for security plans could be counter-productive. One commenter cites as an example the proposal in the NPRM that a security plan must include a process to verify information provided by job applicants. “While a natural temptation would be to specify exactly the kind of checks to be applied, doing so would merely lay out a road map for the potential terrorist seeking employment with a carrier. If a check of X, Y, and Z is required, the terrorist organization will select operatives who can pass a check of X, Y, and Z, but perhaps not A or B. The essence of security is unpredictability—concept in conflict with regulatory precision.” (CSX Transportation)
We carefully considered the comments offered concerning the security plan requirements proposed in the NPRM. We continue to believe that, if it is to be effective, a regulation mandating development and implementation of a security plan must provide sufficient flexibility so that a shipper or carrier can adapt its requirements to individual circumstances. Thus, the requirement for a security plan adopted in this final rule sets forth general requirements for a security plan's components rather than a prescriptive list of specific items that must be included. In this final rule, the proposed security plan requirements are modified as follows:
Applicability. The security plan requirement applies to persons who offer for transportation or transport in commerce one or more of the hazardous materials listed in subpart G of 49 CFR part 107 or a select agent or toxin regulated by CDC. The security plan requirement also applies to persons who operate facilities at which one or more Start Printed Page 14516of the hazardous materials listed in subpart G of 49 CFR part 107 or select agent or toxin regulated by CDC is stored incidental to the movement of the hazardous material(s) in commerce. As indicated above, for purposes of this final rule, “storage incidental to movement” is storage that takes place between the time that a hazardous material is offered for transportation to a carrier and the time it reaches its destination. The security plan requirement applies only to shipments of the specified hazardous materials and to facilities at which the specified hazardous materials are prepared for transportation or stored during transportation.
Security plan components. A security plan must address risks related to the transportation of hazardous materials in commerce. Thus, this final rule requires persons subject to the security plan requirement to perform an assessment of the transportation security risks associated with the materials they handle. As we stated in the preamble to the NPRM, we have developed a security template to illustrate how risk management methodology can be used to identify points in the transportation process where security procedures should be enhanced within the context of an overall risk management strategy. The security template is posted on our website at http://hazmat.dot.gov/rmsef.htm. Other risk assessment tools are equally valid, however. This final rule does not require persons subject to the security plan requirement to use a specific risk assessment tool to meet the risk assessment requirement.
Using risk assessment methodology, a company will select an appropriate level of detail for its security plan based on the assessed risks identified for such material or materials. Factors that may be considered are the type or types of materials transported, the quantity of material transported, the area from or to which the material is shipped, and the mode of transportation used.
A security plan must include a method or methods for confirming information provided by applicants for jobs that involve access to or handling of the hazardous materials covered by the plan. In response to commenters' concerns, we revised this aspect of the security plan to substitute the term “confirm” for the term “verify.” Commenters are concerned that the standard implied by the term “verify” may be impossible to meet. In addition, this final rule requires employers to confirm information provided by job applicants who are hired to perform jobs that involve access to or handling of the hazardous materials covered by the plan. Read literally, the NPRM language would have required employers to confirm information provided by all job applicants.
Also in response to commenters, we have added language to indicate those persons to whom the requirement applies. Some commenters suggest that we should specify that the requirement applies to hazmat employees, as defined in § 171.8 of the HMR. We do not believe that this is necessary, although an employer may decide to include all hazmat employees. The requirement in this final rule is limited to applicants for hazmat employee positions that involve access to or handling of the hazardous materials covered by the security plan. We do not believe it necessary to include persons whose sole responsibility is preparing shipping documentation, for example, nor do we believe it necessary to include persons who manufacture, maintain, or requalify packagings.
We do not expect companies to confirm all of the information that a job applicant may provide as part of the application process. However, employers should make an effort to check information related to an applicant's recent employment history, references, and citizenship status. In short, we expect companies to take reasonable and prudent measures to address personnel security issues. In response to commenters, in this final rule we added a requirement that efforts to confirm information provided by job applicants must be consistent with applicable Federal and State laws concerning employment practices and individual privacy.
A security plan must also include methods to address the possibility that unauthorized persons may attempt to gain access to hazardous materials or transport vehicles being prepared for transportation. Some commenters suggest that we include a definition of “unauthorized persons” in this final rule. The term “unauthorized persons” as used in this final rule includes persons who are not employed by the company or members of the general public, unless such persons are specifically authorized by the company to have access to hazardous materials or transport vehicles being prepared for transportation. Beyond these persons, however, each entity to whom the security plan requirement applies will need to define the universe of unauthorized persons to account for the nature of the facility and the type of activity that takes place there. An unauthorized person is any person who is not authorized by the shipper or carrier to have access to hazardous materials or transport conveyances being prepared for transportation.
The third element of a security plan is a method or methods to address en route security risks. As noted above, commenters express a number of concerns about this provision of the NPRM. Many commenters address the shared responsibility of shippers and carriers for reducing security risks related to the transportation of hazardous materials in commerce. In particular, some commenters suggest that “[r]esponsibility for the security of a shipment in transit should in the final analysis rest with the transporter. The shipper does not ultimately determine the routes for movement of cargo or the locations for incidental stops or storage. This responsibility appropriately rests with the carrier.” (Boeing Company) Other commenters agree that en route security should primarily be the responsibility of the carrier. “[T]o a great extent, shippers must rely on the carriers to generate en route security plans. This may mean that in some cases there would be two separate plans instead of a joint shipper and carrier plan. * * * [We] believe that shippers and carriers should have the flexibility to determine the best way to address en route security.” (American Chemistry Council) Other commenters suggest that the proposal places “too much emphasis on the shipper and recipient, and effectively absolves the transporter of responsibility for security. The carrier has control of the HM for the majority of any shipment, and should also bear the responsibility for ensuring an adequate safety plan and implementation of same.” (CF Industries)
We agree that a hazardous materials transporter's security plan will address en route security issues in some detail. However, we do not agree that shippers need not address this aspect of transportation security. As one commenter suggests, “[C]arrier ‘security plans’ must involve considerable input from the shipper community. It is the shipper who has best access to information relative to the hazardous properties of the commodity. It is the shipper who controls: Carrier selection and order entry; loading; time and method of dispatch; and, destination.” (National Tank Truck Carriers) At the same time, we recognize that “the carrier has the best information relative to the route taken and the security along that route. This includes driving time, route deviations, and rest stop selection.” (American Chemistry Council) We expect shippers to work with carriers to address en route security risks of the materials covered Start Printed Page 14517by their security plans. In some cases, a shipper and carrier may have a joint plan; in others, a shipper and carrier may have two separate security plans. This final rule provides shippers and carriers with the flexibility necessary to determine the best methods for addressing en route security issues.
A number of commenters object to the NPRM language that a security plan should include a system for verifying that a carrier has an on-going transportation security program. “In effect, this aspect of the proposal would require that customers of carriers take an active role in ensuring that carriers are in compliance with the security plan requirements proposed by RSPA. In effect, RSPA is deputizing offerors of hazmat to police their carrier's compliance efforts.” (International Sanitary Supply Association) We are not requiring shippers to compel compliance by carriers. At a minimum, however, a shipper should satisfy itself that the carrier that will be transporting its material has a security plan in place that adequately addresses the assessed security risks of the material to be transported, including risks related to storage of the material during transportation.
Relationship to other requirements. The NPRM included a provision permitting security plans that conform to regulations of other Federal or international agencies to be used to satisfy the requirement proposed for the HMR. All commenters support this provision. Several suggest that we specify that plans that conform to requirements of the Department of Defense or the Nuclear Regulatory Commission are acceptable. We do not think it is necessary to specifically list in the regulation Federal or international agencies that have now or may in the future impose security plan requirements on persons who handle hazardous materials. A security plan that conforms to regulations issued by any other Federal agency is acceptable, so long as it includes the requirements for security plans in this final rule. Other commenters request that we include plans developed by industry associations, such as the American Chemistry Council or the Association of American Railroads. Certainly, we expect that many companies will develop security plans using guidance and recommendations developed by the industry. In fact, we encourage companies to take advantage of existing guidance, model security plans, and the like when developing security plans tailored to their own operations. This includes industry-developed protocols or guidelines and recommendations issued by other Federal or international agencies. This provision is modified in this final rule to clarify that regulations, protocols, guidelines, or standards developed by other Federal agencies, international organizations, or industry are acceptable, provided such regulations or guidelines address the specific security vulnerabilities of the company.
We note in this regard that, while a security plan developed in conformance with regulations issued by another Federal agency may suffice to meet the requirements of this final rule, the reverse is not necessarily true. For example, air cargo security requirements promulgated by TSA are more stringent than the security requirements in this final rule. Similarly, requirements promulgated by NRC to address the transportation security of radioactive materials may be more stringent than the requirements in this final rule. Shippers and carriers should be aware that they may be subject to additional, more stringent security requirements promulgated by other Federal agencies, depending on the materials they transport and the mode of transportation.
Availability to the public. Several commenters express concern about the possibility that security plans may become publicly available. “It is critical that carrier and shipper plans remain confidential; not subject to public disclosure and Freedom of Information Act requests.” (CSX Transportation) Commenters are particularly concerned about plans that may be obtained by enforcement personnel during a compliance inspection.
Generally, RSPA will not collect or retain security plans. With regard to security plans, our enforcement focus during the compliance inspection is to ensure that companies have developed a security plan. Inspectors will review the existing plan on site and generally will not take copies with them or require companies to submit security plans.
In the rare instance that RSPA enforcement personnel identify a need to collect a copy of a security plan, or if a company voluntarily submits a copy of its security plan, we will analyze all applicable laws and Freedom of Information Act exemptions to determine whether the information or portions of information in the security plan can be withheld from release. Prior to submission of a security plan to DOT in these unusual instances, companies should follow the procedures described in 49 CFR 105.30 for requesting confidentiality. Under those procedures, a company should identify and mark the information it believes is confidential and explain why. We will then determine whether the information may be released or protected under the law.
Timing of implementation. Commenters are concerned that the final rule provide sufficient time for development and implementation of security plans. The NPRM did not specify a transition period. We agree that a transition period is necessary. Therefore, in this final rule, we provide persons subject to the security plan requirement 6 months from the effective date of the final rule to develop and implement security plans.
The HMR currently require hazmat employees to be trained so they are: (1) Familiar with the general provisions of the HMR and can recognize and identify hazardous materials; (2) knowledgeable about specific HMR requirements applicable to functions performed; and (3) knowledgeable about emergency response information, self-protection measures, and accident prevention methods. A hazmat employee is one who directly affects hazardous materials transportation safety (§ 171.8). Hazmat employers must ensure that their hazmat employees are trained. For new employees, training must be completed within 90 days after employment or a change in job function. All hazmat employees must receive recurrent training every three years.
The safety training provided by hazmat employers may include the physical security of hazardous materials and ways to prevent vandalism and theft. However, such training may not be adequate to meet current threats. Because many hazardous materials transported in commerce may potentially be used as weapons of mass destruction or weapons of convenience, it is critical to the assurance of public safety that training for persons who offer and transport hazardous materials in commerce include a security component. Therefore, in the May 2, 2002 NPRM, we proposed to add a provision to § 172.704 to require the training of each hazmat employee to include a security component. We proposed that hazmat employees of persons required to have a security plan must be trained in the plan's specifics. In addition, we proposed that all hazmat employees must receive training that provides an awareness of the security issues associated with hazardous materials transportation and possible methods to enhance transportation security. As proposed in the NPRM, all hazmat employees would be required to Start Printed Page 14518be trained within three months of issuance of a final rule.
Commenters generally support the proposal to require hazmat employee training to include a security component. However, commenters suggest that three months is not sufficient to implement and conduct training programs, particularly for hazmat employees of companies subject to the requirement for security plans. ARequiring security training for each hazmat employee within three months of the final rule effective date will be very difficult to implement. Once the requirements are published by DOT, companies will then be able to finalize development of their security training by combining components of the final rule with other requirement[s] of the hazmat employer's circumstances. Subsequently, training must be approved, disseminated within the company, trainers educated on the module's requirements, and hazmat employees scheduled for training.” (Air Products) Some commenters suggest that security training should be required on a schedule consistent with current 3-year training cycles for hazmat employees. Others request implementation periods ranging from 6 months to one year.
We do not agree with commenters that development and implementation of transportation security awareness training will require a lengthy period for development and implementation. As we stated in the NPRM, to assist hazmat employers to meet any new security training requirements, we are developing a Hazardous Materials Transportation Security Awareness Training Module directed at law enforcement, industry, and hazmat personnel. Imminently, this training module will be available for distribution and use, free of charge. The module takes one hour to complete. This training module or similar training programs that may be developed by commercial vendors or hazmat employers will be sufficient to meet the security awareness training requirement in this final rule. However, we are sympathetic to the industry's concerns about the time required to complete training for all affected hazmat employees. Therefore, this final rule permits hazmat employers to provide security awareness training on the same 3-year schedule as other types of required hazmat training; thus, security awareness training must be provided an at employee's next scheduled retraining at or within the 3-year training cycle. However, we strongly encourage hazmat employers to provide security awareness training to hazmat employees on an accelerated schedule wherever possible.
We agree with commenters that 3 months from the effective date of a final rule does not provide sufficient time for training of hazmat employees by hazmat employers who are subject to the new requirement for security plans. However, once a security plan is implemented, we believe that employee training about its provisions should be completed no later than 3 months after the plan's implementation. Therefore, in this final rule, we are providing up to 9 months (6 months to develop and implement a security plan plus 3 months to train employees) for completion of training for these hazmat employees. As with the new requirement for security awareness training, it is not necessary to test or retain records concerning this new security plan training requirement until an employee's next scheduled retraining at or within the 3-year training cycle.
III. Regulatory Analyses and Notices
A. Executive Order 12866 and DOT Regulatory Policies and Procedures
This final rule is a significant regulatory action under Executive Order 12866 and the regulatory policies and procedures of the Department of Transportation (44 FR 11034) because of substantial public interest. The Office of Management and Budget reviewed this final rule.
Compliance costs resulting from this final rule are associated with the new requirements for certain shippers and carriers to implement security plans and for hazmat employee training to include a security component. An analysis of the costs and benefits of this final rule is included in the rulemaking docket. The cost-benefit analysis also addresses comments we received on the estimates included in the May 2, 2002 NPRM.
Costs. We estimate that companies subject to the security plan requirement in this final rule will incur first-year compliance costs totaling about $54.3 million to develop and implement security plans and subsequent-year costs totaling about $11 million/year for annual updates to the plans. Each security plan will be unique; thus, it is difficult to develop cost estimates for the measures that companies may implement to enhance hazardous materials transportation security. Ultimately, we expect each company to make reasonable decisions on measures it can take to improve security. Because companies will set security priorities and factor costs into their decisions, we believe the measures they choose will be cost-effective. Accordingly, we have not attempted separately to cost out or justify these actions as part of this rulemaking.
For the security training mandated in this final rule, we estimate that companies will incur first-year compliance costs totaling about $34 million, with subsequent-year costs totaling about $18 million/year for recurrent training.
Benefits. Safety benefits of regulatory changes frequently can be estimated with some degree of precision. Incident and accident history often provide a basis for estimating fatality, injury, property damage, environmental damage, and similar costs to society that can be avoided by the implementation of new requirements. Models can even estimate the costs to society of high consequence, low probability accidents. Benefit estimates can then be balanced against the estimated costs of new requirements to determine whether the changes are justified.
Estimating the security benefits of new requirements is much more challenging. Accident causation probabilities, based on previous accident histories and analysis, can be estimated in a way that the chances of a criminal or terrorist act cannot. Indeed, the threat of attack is virtually impossible to assess from a quantitative standpoint. That hazardous materials in transportation are a possible target of terrorism or sabotage is undeniable; the probability that hazardous materials in transportation will be targeted is, at best, a guess. Similarly, the projected outcome of a terrorist attack cannot be precisely estimated. Given a decision to attack the system, one must assume that choices will be made to maximize consequences and damage.
It is possible to envision scenarios where hazardous materials in transportation could be used to inflict hundreds or even thousands of fatalities. Direct costs and those attributable to transportation system disruption that would surely result could easily total in the billions of dollars. We are operating under the premise that, in today's environment, it is necessary to take reasonable measures to reduce the likelihood that such events will be successful. The presence of such measures should, in fact, help deter potential attacks. The provisions we are adopting have been crafted with this in mind.
If the measures adopted by this rule have the potential of reducing the likelihood of success of such an attack, we believe they are worthwhile. Moreover, the American public has an expectation that reasonable measures will be taken to help ensure the security Start Printed Page 14519of chemicals and substances present in our society so that they are not used for nefarious purposes. We believe many, if not most, companies are taking or have already taken steps to develop systematic security plans and security awareness training. These requirements will help ensure a consistent approach in the area while permitting flexibilities that are important in keeping costs at reasonable levels.
In the end, when security measures are evaluated, an element of judgment is required to determine whether the costs of the measures are justified by the benefits that will accrue. We believe that the relatively small costs imposed on individual companies by the new security requirements in this final rule are more than offset by the potential benefits if there is a finite chance that these measures might avert a successful attack. The new requirements are not onerous. They are prudent, common-sense security measures that are in line with public expectations about the need to take action to protect hazardous materials shipments from terrorist acts.
B. Regulatory Flexibility Act
The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires an agency to review regulations to assess their impact on small entities unless the agency determines that a rule is not expected to have a significant impact on a substantial number of small entities. A complete analysis of the small business impacts of this final rule is available in the rulemaking docket. I hereby certify that, while the requirements in this final rule apply to a substantial number of small entities, there will not be a significant economic impact on those small entities.
This final rule has been analyzed in accordance with the principles and criteria contained in Executive Order 13132 (“Federalism”). This final rule preempts State, local, and Indian tribe requirements but does not impose any regulation with substantial direct effects on the States, the relationship between the National government and the States, or the distribution of power and responsibilities among the various levels of government. Therefore, the consultation and funding requirements of Executive Order 13132 do not apply.
In the NPRM, we invited comments on whether, and to what extent, State or local governments or Indian tribes should be permitted to impose similar additional requirements to those proposed in the NPRM. Commenters who address this issue unanimously agree that State, local, or tribal governments should not be permitted to impose hazardous materials transportation security requirements that differ from or are in addition to those adopted in this final rule. We agree. Therefore, in the absence of a waiver of preemption by the Secretary under 49 U.S.C. 5125(e) or unless it is authorized by another Federal law, a hazardous materials transportation security requirement of a State, political subdivision of a State, or Indian tribe is explicitly preempted if: (1) Complying with a requirement of the State, political subdivision or Indian tribe and a requirement of this chapter or a regulation issued under this chapter is not possible; or (2) the requirement of the State, political subdivision, or Indian tribe, as applied or enforced, is an obstacle to accomplishing and carrying out this chapter or a regulation prescribed under this chapter.
This final rule has been analyzed in accordance with the principles and criteria contained in Executive Order 13175 (“Consultation and Coordination with Indian Tribal Governments”). Because this final rule does not significantly or uniquely affect the communities of the Indian tribal governments and does not impose substantial direct compliance costs, the funding and consultation requirements of Executive Order 13175 do not apply.
E. Unfunded Mandates Reform Act of 1995
This final rule does not impose unfunded mandates under the Unfunded Mandates Reform Act of 1995. It does not result in annual costs of $100 million or more, in the aggregate, to any of the following: State, local, or Indian tribal governments, or the private sector. This rule is the least burdensome alternative to achieve the objective of the rule.
F. Paperwork Reduction Act
We submitted the information collection and recordkeeping requirements contained in this final rule to the Office of Management and Budget (OMB) for approval under the provisions of the Paperwork Reduction Act of 1995, section 1320.8(d). Title 5, Code of Federal Regulations requires us to provide interested members of the public and affected agencies an opportunity to comment on information collection and recordkeeping requests. Under the Paperwork Reduction Act, no person is required to respond to an information collection unless it has been approved by OMB and displays a valid OMB control number.
The May 2, 2002, NPRM included the following estimate for the information and recordkeeping burden resulting from the development and maintenance of security plans:
Hazardous Materials Security Plans
OMB No. 2137-xxxx
First Year Burden:
Total Annual Number of Respondents: 44,000.
Total Annual Responses: 44,000.
Total Annual Burden Hours: 880,000.
Total Annual Burden Cost: $26,400,000.
Subsequent Year Burden:
Total Annual Number of Respondents: 44,200.
Total Annual Responses: 44,200.
Total Annual Burden Hours: 48,000.
Total Annual Burden Cost: $1,440,000.
In the NPRM, we estimated that most companies would require about 20 hours to develop and implement a security plan conforming to the new regulatory requirements. This estimate was based on our understanding, confirmed by commenters to the NPRM, that many industry groups have developed guidance and model security plans for use by their members. Further, to assist persons to perform the risk management analysis required by this final rule, we designed a security template for the Risk Management Self-Evaluation Framework (RMSEF), developed to assist regulators, shippers, carriers, and emergency response personnel to examine their operations and consider how they assess and manage risk. The security template illustrates how risk management methodology can be used to identify points in the transportation process where security procedures should be enhanced within the context of an overall risk management strategy. Because of the widespread availability of tools to assist persons to develop and implement security plans, we concluded that the cost to an individual company to comply with the security plan requirement would average about $600 per affected entity.
Commenters who address security plan costs disagree with our conclusion. For example, one commenter estimates that, “[f]or the 6000 (15% of the total registrants) large HAZMAT registrants, [we] estimate that it will take a minimum of 200 hours to develop a comprehensive security plan (estimated cost for the 6000 registrants: $100 per hour x 200 hours = $120 million).” (Dangerous Goods Advisory Council) Other commenters offered similar cost estimates.Start Printed Page 14520
As commenters themselves point out, a number of industry associations have developed guidelines and model security plans that can be readily adapted to meet a company=s individual circumstances, thereby reducing individual company costs. Indeed, on June 5, 2002, the American Chemistry Council (ACC) made enhanced security activities mandatory for its members, to help assure the public that all member facilities are involved in making their neighbors and America more secure. The ACC Board approved a new Security Code under Responsible Care ®, the industry's initiative for improving performance, that consists of increased specific commitments to further safeguard chemical operations from potential terrorist attacks. The Security Code includes measures to enhance chemical transportation security. Over 200 chemical companies are ACC members; in addition, nearly 40 industry associations are Responsible Care ® Partner Associations.
Further, the Association of American Railroads has developed a “comprehensive Terrorism Risk Analysis and Security Management Plan. The industry formed a security task force * * * Outside consultants with expertise in intelligence and counter-terrorism were retained to provide advice on best practices. * * * The task force undertook a comprehensive risk analysis which identified critical assets, vulnerabilities, and threats, and assessed the overall risk to people, national security, and the nation's economy. The task force then proceeded to identify over fifty countermeasures. The Terrorism Risk Analysis and Security Management Plan * * * is now in effect. * * *” The Association of American Railroads includes 14 Class I railroads and 10 non-Class I railroads.
Many companies will not need to perform sophisticated analyses or develop complicated security plans in order to comply with the new requirement. Companies that only occasionally transport one of the hazardous materials to which the security plan requirement applies may be able to utilize one of the off-the-shelf security manuals now being marketed by several vendors. These manuals include information and guidelines that assist companies to identify and address areas of concern, including concerns related to personnel safety and security, site security, en route security, and training. One such security manual sells for $165, with regular updates available under an annual subscription costing about $80.
Because there is such a wealth of information and assistance available to companies subject to the security plan requirements of this final rule, we do not agree with commenters who suggest that our cost estimate for developing hazardous materials transportation security plans in the May 2 NPRM was “greatly under-estimated.” Actual per-company costs will vary, depending on the nature of the materials transported and the size and complexity of a company's operations. We estimate that the time necessary to develop a security plan will range between our initial estimate of 20 hours per company and the industry estimate of 200 hours per company. For purposes of this analysis, we believe that, on average, a large company, using information available from RSPA, industry associations, or vendors, will require about 50 hours to develop a security plan that meets the requirements of this final rule. A smaller company, on average, will require about 25 hours to develop a security plan that meets the requirements of this final rule. Using Bureau of Labor Statistics information on employee compensation (March 2001), we estimate that the cost per hour of developing a security plan is $45.00 (one professional plus one administrative support staff). Thus, for the large companies subject to the security plan requirements of this final rule, we estimate that the costs to develop a security plan will total $14,512,500 (6,450 large entities × 50 hours/entity × $45/hour) or $2,250 per entity. For the small companies subject to the security plan requirements of this final rule, we estimate that the costs to develop a security plan will total $41,118,750 (36,550 small entities × 25 hours/entity × $45/hour) or $1,125 per entity.
This final rule requires companies to update security plans as necessary to account for changing circumstances. We expect that most companies will update their security plans at least once a year. We estimate the hours required to update a security plan will average 10 hours for a large company and 5 hours for a small entity. Thus, for large companies, we estimate the costs to update a security plan will total $2,902,500/year (6,450 large entities × 10 hours/entity × $45/hour), or $450 per entity. For small companies, we estimate the costs to update a security plan will total $8,223,650/year (36,550 small entities × 5 hours/entity × $45/hour), or $225 per entity.
Our revised estimate of the information collection and recordkeeping burden related to the security plan requirements in this final rule is shown below. This new information collection, “Hazardous Materials Security Plans”, will be assigned an OMB control number after review and approval by OMB. We estimate that the new total information collection and recordkeeping burden resulting from the development and maintenance of security plans under this rule is as follows.
Hazardous Materials Security Plans
OMB No. 2137-xxxx
First Year Annual Burden:
Total Annual Number of Respondents: 42,000.
Total Annual Responses: 42,000.
Total Annual Burden Hours: 1,207,500.
Total Annual Burden Cost: $54,337,500.
Subsequent Year Burden:
Total Annual Number of Respondents: 42,200.
Total Annual Responses: 42,200.
Total Annual Burden Hours: 247,250.
Total Annual Burden Cost: $11,126,250.
Requests for a copy of this information collection should be directed to Deborah Boothe, Office of Hazardous Materials Standards (DHM-10), Research and Special Programs Administration, Room 8422, 400 Seventh Street, SW., Washington, DC 20590-0001. Telephone (202) 366-8553. We will publish a notice advising interested parties of the OMB control number for this information collection when assigned by OMB.
G. Regulation Identifier Number (RIN)
A regulation identifier number (RIN) is assigned to each regulatory action listed in the Unified Agenda of Federal Regulations. The Regulatory Information Service Center publishes the Unified Agenda in April and October of each year. The RIN contained in the heading of this document can be used to cross-reference this action with the Unified Agenda.
H. Environmental Assessment
There are no significant environmental impacts associated with this final rule. An environmental assessment is available in the docket for this rulemaking.Start List of Subjects
List of Subjects in 49 CFR Part 172
- Hazardous materials transportation
- Hazardous waste
- Packaging and containers
- Reporting and recordkeeping requirements
In consideration of the foregoing, we are amending title 49, chapter I, subchapter C, as follows:End Amendment Part Start Part Start Printed Page 14521
PART 172—HAZARDOUS MATERIALS TABLE, SPECIAL PROVISIONS, HAZARDOUS MATERIALS COMMUNICATIONS, EMERGENCY RESPONSE INFORMATION, AND TRAINING REQUIREMENTSEnd Part Start Amendment Part
1. The authority citation for part 172 continues to read as follows:End Amendment Part Start Amendment Part
2. In § 172.704, paragraph (a) introductory text is revised, paragraphs (a)(4) and (a)(5) are added, and paragraph (b) is revised to read as follows:End Amendment Part
(a) Hazmat employee training must include the following:
(4) Security awareness training. No later than the date of the first scheduled recurrent training after March 25, 2003, and in no case later than March 24, 2006, each hazmat employee must receive training that provides an awareness of security risks associated with hazardous materials transportation and methods designed to enhance transportation security. This training must also include a component covering how to recognize and respond to possible security threats. After March 25, 2003, new hazmat employees must receive the security awareness training required by this paragraph within 90 days after employment.
(5) In-depth security training. By December 22, 2003, each hazmat employee of a person required to have a security plan in accordance with subpart I of this part must be trained concerning the security plan and its implementation. Security training must include company security objectives, specific security procedures, employee responsibilities, actions to take in the event of a security breach, and the organizational security structure.
(b) OSHA, EPA, and other training. Training conducted by employers to comply with the hazard communication programs required by the Occupational Safety and Health Administration of the Department of Labor (29 CFR 1910.120 or 1910.1200) or the Environmental Protection Agency (40 CFR 311.1), or training conducted by employers to comply with security training programs required by other Federal or international agencies, may be used to satisfy the training requirements in paragraph (a) of this section to the extent that such training addresses the training components specified in paragraph (a) of this section.
3. Subpart I is added to read as follows:End Amendment Part
Subpart I—Security Plans
(a) Purpose. This subpart prescribes requirements for development and implementation of plans to address security risks related to the transportation of hazardous materials in commerce.
(b) Applicability. By September 25, 2003, each person who offers for transportation in commerce or transports in commerce one or more of the following hazardous materials must develop and adhere to a security plan for hazardous materials that conforms to the requirements of this subpart:
(1) A highway route-controlled quantity of a Class 7 (radioactive) material, as defined in § 173.403 of this subchapter, in a motor vehicle, rail car, or freight container;
(2) More than 25 kg (55 pounds) of a Division 1.1, 1.2, or 1.3 (explosive) material in a motor vehicle, rail car, or freight container;
(3) More than one L (1.06 qt) per package of a material poisonous by inhalation, as defined in § 171.8 of this subchapter, that meets the criteria for Hazard Zone A, as specified in §§ 173.116(a) or 173.133(a) of this subchapter;
(4) A shipment of a quantity of hazardous materials in a bulk packaging having a capacity equal to or greater than 13,248 L (3,500 gallons) for liquids or gases or more than 13.24 cubic meters (468 cubic feet) for solids;
(5) A shipment in other than a bulk packaging of 2,268 kg (5,000 pounds) gross weight or more of one class of hazardous materials for which placarding of a vehicle, rail car, or freight container is required for that class under the provisions of subpart F of this part;
(6) A select agent or toxin regulated by the Centers for Disease Control and Prevention under 42 CFR part 73; or
(7) A quantity of hazardous material that requires placarding under the provisions of subpart F of this part.
(a) The security plan must include an assessment of possible transportation security risks for shipments of the hazardous materials listed in § 172.800 and appropriate measures to address the assessed risks. Specific measures put into place by the plan may vary commensurate with the level of threat at a particular time. At a minimum, a security plan must include the following elements:
(1) Personnel security. Measures to confirm information provided by job applicants hired for positions that involve access to and handling of the hazardous materials covered by the security plan. Such confirmation system must be consistent with applicable Federal and State laws and requirements concerning employment practices and individual privacy.
(2) Unauthorized access. Measures to address the assessed risk that unauthorized persons may gain access to the hazardous materials covered by the security plan or transport conveyances being prepared for transportation of the hazardous materials covered by the security plan.
(3) En route security. Measures to address the assessed security risks of shipments of hazardous materials covered by the security plan en route from origin to destination, including shipments stored incidental to movement.
(b) The security plan must be in writing and must be retained for as long as it remains in effect. Copies of the security plan, or portions thereof, must be available to the employees who are responsible for implementing it, consistent with personnel security clearance or background investigation restrictions and a demonstrated need to know. The security plan must be revised and updated as necessary to reflect changing circumstances. When the security plan is updated or revised, all copies of the plan must be maintained as of the date of the most recent revision.
To avoid unnecessary duplication of security requirements, security plans that conform to regulations, standards, protocols, or guidelines issued by other Federal agencies, international organizations, or industry organizations may be used to satisfy the requirements in this subpart, provided such security plans address the requirements specified in this subpart.
Issued in Washington DC on March 19, 2003, under authority delegated in 49 CFR part 1.
Ellen G. Engleman,
Administrator, Research and Special Programs Administration.
[FR Doc. 03-7080 Filed 3-24-03; 8:45 am]
BILLING CODE 4910-60-P