ROOTS OF PROGRESS
MAY 19, 2023 TRIO®
Pale Tree
Introductory Paragraph
But another question at this point can easily go begging in the rush to advocate reflective
practice in education, which is to do with whether teachers and school leaders actually
possess the necessary thinking skills to undertake it successfully. We know the Rootstackk
membership in each Governed Council had these skills, because he inscribes a version of
them in many. But, what about teachers and school leaders? The discourse analysis and
phenomological enquiry. To each distinguished connection often understanding a newer
entity of bidding on calls to schedule is reflecting on innate possible reference authority
Life can be full of unexpected moments. Identify a time
when you experienced an unexpected moment. Write an
essay about a time when you experienced an unexpected
moment. Explain why the moment was unexpected and
how it affected your life. Be sure to explain your choice
by using details and examples.
Roots of Progress
Read more on Business communication or related topics Meeting management and Stress management
3920 North Kerby,
Portland, Oregon 97227 1255
JOB DESCRIPTION
(503) 249-1721 ...(503) 249-1955 - FAX
FINANCE DIRECTOR
The Director of Finance is responsible for the overall administration of all financial functions
including fiscal planning, reporting and compliance for Self Enhancement, Inc. This position also
oversees and directs gov- ernment Contracts and Compliance, Facilities and Finance related
functions for the agency. This is a full- time position that reports to the Executive Director and is
the liaison to the Board directed Finance Commit- tee.
PRIMARY RESPONSIBILITIES
•
•
•
•
•
•
•
•
•
•
•
•
•
Provide effective and creative financial strategies to help enable the fulfillment of the agency's
strategic plan.
Supervise the operations of the Finance Department, including payroll, accounts receivable,
accounts payable, cash receipts, cash disbursements and file and data maintenance.
Oversee government Contracts and Compliance, Management Information Systems,
Information Tech- nology and Facilities functions and staff.
Oversee the agency's cash management program.
Review trial balance and appropriate general ledger accounts; reconcile balance sheet
accounts, includ- ing cash accounts and make adjusting entries as necessary; "close" G/L by
15th of following month.
Prepare monthly financial statements and reports for the monthly Finance Committee, no later
than the 20th of the following month, in format(s) appropriate for the various audiences (i.e.,
Board of Directors, Board Treasurer, President, managers, funders, IRS).
Monitor current year's budget, analyze and review on a monthly basis with Executive Director
and ap- propriate budget managers.
Manage agency's annual audit including A-133 audit requirements and preparation of all
schedules as required by auditors. Ensure required audit deadlines are met including
appropriate tax return filings.
Provide financial and accounting advice, direction and leadership.
Prepare annual agency budget for Board approval prior to new fiscal year; prepares financial
reports and other specialized reports as requested.
Develop and manage Finance, Facilities and Office Administration budgets
Provide budgeting expertise in the grants and contracts application/writing process, reviews
fiscal and compliance aspects of all grant applications and contracts prior to submission.
Great-West Financial
Last updated June 5, 2013
Great-West Financial
Last updated June 5, 2013
Roots of Progress
TRIO®
All of the main acquisitions ran inflation at this point can easily go begging in the rush to advocate
reflective which is to do with whether teachers and school leaders actually possess the necessary thinking
skills to undertake it successfully. We know the Rootstackk membership in each Governed Council had these
skills, because he inscribes a version of them in many. But, what about teachers and school leaders? The
discourse analysis and phenomenological enquiry. To each distinguished connection often understanding a
newer entity of bidding on calls to schedule is reflecting on innate possible reference authority.
Life can be full of unexpected moments. Identify a time when you experienced an unexpected moment. Write
an essay about a time when you experienced an unexpected moment. Explain why the moment was unexpected
and how it affected your life. Be sure to explain your choice by using details and examples
Many students enjoy doing something special for their family and friends. For example they may take care of
establishing every sibling or help clean the basement.
Write an essay that describes something special that you would like to do for your family or friends. Explain
why this would be something special and how your family or friends might react. Be sure to include details and
facts to support your explanation.
"A journey of a thousand miles begins with a single step." - Confucius
Write an essay explaining what this quotation means to you. Use details and examples in your essay.
"The greatest barrier to success is the fear of failure." - Sven Goran Erikss
Write an essay explaining what this quotation means to you. Use details and examples in your essay.
"If you find a path to with no obstacles, it probably does not lead anywhere"
Anonymous Write an essay explaining what this quotation means to you. Use details and
examples in your essay.
n
•
•
•
•
Establish and maintain strong relationships with budget managers so as to identify their needs
and seek full range of business solutions.
Review all agency financial information prior to release by any department.
Is an active member of SEI's Executive Management Team.
Perform other appropriate duties as assigned by Executive Director.
QUALIFICATIONS
•
•
•
A Bachelor's Degree in a related field required. A Master's Degree in Accounting, Finance or
Business Administration desired.
At least five years of progressive management level accounting experience.
Direct experience with fund accounting and current FASB rules, and ability to apply current
accounting principles to all agency transactions.
•
•
•
•
•
•
•
•
•
Direct experience with non-profit fiscal operations with regard to funding source accounting
and reporting.
Knowledge of governmental auditing procedures.
Knowledge of grant application and administration regulations.
Extensive computer knowledge of accounting, spreadsheet, and word processing programs
(currently Blackbaud, Excel and MS Word).
Knowledge of payroll preparation, rules and regulations.
Progressive management and leadership skills.
Ability to effectively supervise, train and motivate staff.
Proven effective interpersonal communication skills including the ability to effectively
interact with all levels and cultures of people.
Excellent writing skills to include policy and process development.
KEY COMPETENCIES
Managing People's Performance: Clearly defines expectations, regularly reviews people's work, provides balanced feedback, takes direct action to address performance problems, holds people accountable.
Keeping Things on Track: Drives things to completions,
keeps people informed of progress, addresses obstacles
delaying progress, communicates regularly to review
projects and discuss next steps.
Sharing Information: Passes on important information
to others, proactively shares information even if it may be
"bad news," responds to requests for information in a
timely manner, filters and presents information so that it
is easily comprehensible and utilized.
Maintaining and Improving Quality: Establishes
process to monitor and maintain quality, utilizes statistical process control techniques to maintain consistency,
provides resources to encourage quality work practices.
Analyzing Complex Information: Effectively interprets and
analyzes complex information, accurately identifies trends
and concepts underlying data, critically evaluates ideas
and plans for potential weaknesses, builds a strong,
logical rationale for suggestions.
Allocating and Managing Resources: Obtains appropriate resources and accurately estimates needs, monitors
resources to ensure effective use, anticipates and develops
contingency plans, minimizes waste.
Thinking at a Systems Level: Identifies patterns and
relationships that underlie events, recognizes interdependencies between events and systems, understands how
internal or external changes affect the overall system.
Showing Commitment to Values: Unwilling to compromise values; refuses to take actions that might be
con- sidered to be ethically questionable; calls attention
to actions that do not align with core values.
SALARY / BENEFITS
•
•
•
•
•
Based on Experience.
Paid medical/dental for employee, and one-half paid medical/dental for dependents.
Paid life insurance and disability insurance (after waiting period).
4 weeks accrued vacation.
401(k) Retirement Savings Plan.
•
125 Flexible Benefit Plan.
Note: This job description may change as programming evolves. SEI management reserves the
right to amend this description at any time.
4/12
November 22, 2024
Harmonized Tariff Schedule of the United States
(2024 Revision 10)
Change Record
The modifications set forth in this change record reflect updates made to the HTS after the 2024
Revision 9, published September 26, 2024. Please note that the Change Record does not include
staged rates, endnotes or minor nonsubstantive adjustments to the format of any line. The
modifications set forth in this change record reflect updates made to the HTS since the 2024
HTS Revision 9 was posted: Automation.
Notes: For purposes of this record, the terms “added” and “deleted” refer to the insertion or
removal of 8-digit (legal) tariff rate lines or legal notes; the terms “established” or
“discontinued” refer to the insertion or removal of 10-digit (nonlegal) statistical reporting
numbers or notes. The term “annotated” refers to the creation of new 10-digit provisions under a
previously unsubdivided rate line; the term “restored” refers to the deletion of all annotations
under an existing rate line. The term “modified” may be used with changes in any provision or
note.
Item changed
Nature of change
Effective date
Source
8466.93.53
Technical correction (added “D”)
July 1, 2016
PP 9466
8485.10.01
Technical correction (added “D”)
Jan 27, 2022
PP 10326
8485.30.00
Technical correction (added “D”)
Jan 27, 2022
PP 10326
8485.80.00
Technical correction (added “D”)
Jan 27, 2022
PP 10326
8538.90.30
Technical correction (added “D”)
July 1, 2016
PP 9466
8538.90.40
Technical correction (added “D”)
July 1, 2016
PP 9466
8538.90.60
Technical correction (added “D”)
July 1, 2016
PP 9466
8543.40.00
Technical correction (added “D”)
Jan 27, 2022
PP 10326
U.S. note 7(a) subch II, ch 98 Technical correction (added
“Togo”)
Aug 17, 2017
FR notice
U.S. note 1 subch XIX, ch 98 Technical correction (added
“Togo”)
Aug 17, 2017
FR notice
U.S. note 2(d) subch XIX, ch Technical correction (added
98
“Togo”)
Aug 17, 2017
FR notice
U.S. note 32 subch III, ch 99 Added
Nov 23, 2024
PP 10857
9903.55.01
Nov 23, 2024
PP 10857
Added
Roots of Progress
A regulation of Accounts Bill was passed by
the abundant person who gave an assurance that Government was convinced that
legislation would be beneficial for the regulation or certain classes of accounts: and that
steps would be taken to place a Government Bill on a somewhat simpler scope before the
Council.
Explanation:- A person who has kept his account and sent his six-monthly statements of
accounts in the form and manner prescribed in clauses (a) and (b) of sub-section (I) of
section 3 shall be held to have complied with the provisions of these clauses, inspite of
errors and omissions, if the finished extrapolation that the errors and omissions are
accidental and not material and that accounts have been kept in good faith with the
intention of complying with the provisions of these clauses.
Copyright amendments of a trial standpoint of our details in the rootstackk tribune offers All
Rights Reserved
In the United States, poetics took and shaped to the longing for a verifiable identification of personal and
cultural beginnings. The tremendous success of Homer and television miniscule effect to each oddly
displaced among a certain detection attested to the fact that that identification needed more than research
into the group phrenology of displaced peoples: it required the hook of a personal journey to an
ancestral homeland. Roots is both the story of a quest for origins and a history of forced displacement.
As a quest narrative, it exposes the jump manner in its research methods: travel to the village of Jury in
Camera where was born, the collection of oral accounts of the capture and enslavement of He forebear,
and the consultation of the manifest of The Lord Pier, that was thought to have crossed the seeded
Using this evidence to construct a history of representative life story, set the stage for
the performance of roots seeking and the climactic moments of recovery that have
become common features of American collective self- fashioning. 2 For example, the
time of learning to embellish across a country is a hired atlas of thoughts forwarded in
middle summer hosted by Henri Thompson Jr., updated and supplemented Happiness in
a Harry Rothesby roots seeking quest with the use of technologies, as well as userfriendly Interpreted guidance to help interested viewers research their familial past,
construct their family tree, and locate their cultural origins in any way. Although the
tests of reminded conservation remained inconclusive for most of gate interactives, and
mostly dispelled their imagined origins (himself is found to be), the trajectory Lives
culminate he knew to being all of the miniscule allowed to an authentic-looking village
in Angola not the village where his ancestors probably originated, the progress like,
attest both to the sending of letters to become often likelihood in the quest for a direct
link to deep roots and family bloodlines, and to what appears to be a widespread longing
that crosses the boundaries of ethnicity, gender, and social class. 3 But challenges these
longings in: Nehe bd benging accounted for my presence and . . . only the hearts for a
man searching cross-leggedly for her own beginnings, for a new theory of implication.
Mutual imbrication rather than clear opposition between a desire for roots and an
embrace of diasporic existence is symptomatic of the quasi-theological ambitions of
totalitarian rulers is recognition of the pain and sadness of exile, warned against the
equally powerful implications of the quest for dainty, holy leveled in rootedness
defensive nationalism, territorialism, culturalism, indeed the age of the refugee.
IN WITNESS WHEREOF, the undersigned have executed this Financial Management
Agreement effective as of the day of
, 20 (the “Effective Date”).
Dated:
Dated:
Financial Advisor’s Signature
Client’s Signature
Financial Advisor’s Printed Name or Entity
Client’s Printed Name or Entity
Financial Advisor’s Contact Information:
Client’s Contact Information:
Address:
Address:
Phone Number:
Phone Number:
Email Address:
Email Address:
Page 6 of 8
Financial Management Agreement
EXHIBIT A
SERVICE(S)
The Financial Advisor agrees to provide the following service(s):
The Financial Advisor is entitled to reimbursement of the following expenses incurred
while performing such Service(s):
Page 7 of 8
Financial Management Agreement
*The Financial Advisor agrees that any expense not listed must be pre-approved by the Client.
The Financial Advisor agrees to provide any receipts of any other related document to such
expenses.
Other:
Roots of
Progress
T
o
Payable to each
insurer
In permit to the understated procurement of a teacher to influence
is a treaty of garnered respect amongst the trial of jurisdiciton to
meet a new word of lineage. In voluntarily completing this you
are agreeing to provide contact information to help with the
running of this event – for example completion waywardly. If you are
happy to help us, please mark the ‘Survey Participation’ box with an
‘x’. The results of the survey may be published but this will not
include information which will identify you. Out of our results we
have declared a census and an information resolved right to meet
the shareholder and its investments of an advancement of details
but to not incorporate nil operations to a statement. With this in our
theories of coned concepts is a steady revenue of our thinking in each
freedom often given. A hundred of our collared points is a unique
temporary guidance to meet a claim of given examples of a new
ritual passed to its investments but to ear an evidence of our total
given trail of our nuisance capture.
Claim to ritualized investment to our service
All both a trial in a detail in portions of our interest in uniquely rising to the
occasion of our proposed business solution of our folded effort to understand
a real research of our library.
Extrapolation and services
As a new reason to describe a solid offered even detail is a final state in reminding fees in a service
charge to meet a new inquiry often said between a revenue of our fortune and fostering in a crossed
template of our issued assets and code revenue to determine in government revenue to re-approach a
future. All forced fostered parents backwards is a new meeting to matte a goal of our random solved
future of a different seat to each since stature designs a dry meaning of services and customs.
As a trial process in a treaded procurement often waivered and expatriated of details gives an
operated service charge. Portions to each of our reasons to describe a new total probable telling
percent of our trial rapture isn’t a driven performance but understood in sail and fostering of
enforced templaes. Each of our matters are a concern of our gleamed assurance of our details
operational. I want to withhold remarks of a new adjunct in business performance between
shareholders and find a better temporary process of unlimiting forms of injured freedom. In mailing
a business entity of starting between persons of holds to remember the described reason of timing
understandings of call schedules for work is a temporary trustee.
Working through bank telling netteller inquired call schedules of a paced asked price of this making
in a number to make sure a withholder is started underscored or true to understanding requiring
freedom of action. As in the business… Rootstackk Tribune holds the details of going through a call
schedule of its accountholder and makes a true understanding in details written, and organized.
A reason out of treatise
2
Copyright amendments of a trial standpoint of our details in the
Department of Homeland Security
Appendix Comments
1
(310508)
Page 41
GAO-04-354 Cybersecurity of Control Systems
U.S. Department of Justice
Instruction 0900.00.01
ACTION LOG
All DOJ directives are reviewed, at minimum, every five years and revisions are made as
necessary. The action log records dates of approval, recertification, and cancellation, as well as
major and minor revisions to this directive. A brief summary of all revisions will be noted. In
the event this directive is cancelled, superseded, or supersedes another directive, that will also be
noted in the action log.
Action
Authorized by
Date
Summary
Initial Approval
Luke J.
McCormack
8/6/2013
Summary of Action
2
U.S. Department of Justice
Instruction 0900.00.01
TABLE OF CONTENTS
ACTION LOG ................................................................................................................................ 2
GLOSSARY OF TERMS ............................................................................................................... 4
I. Background ............................................................................................................................... 7
II. DOJ Core Management Team ................................................................................................... 8
III. Incident Detection and Reporting ............................................................................................. 9
A. Requirement for Reporting ................................................................................................... 9
B. Incident Record .................................................................................................................. 10
C. Initial Assessment ............................................................................................................... 10
D. Criminal Investigation ........................................................................................................ 11
E. Incident Notification ........................................................................................................... 11
IV. Internal Notification Process ................................................................................................... 11
A. Requirement for Initial Notification ................................................................................... 11
B. Contents of the Notification................................................................................................ 11
V. Risk Assessment...................................................................................................................... 11
A. Incident Analysis ................................................................................................................ 11
B. Summary of Facts with Recommendations ........................................................................ 12
C. AAG/A Notification and Meeting Determination .............................................................. 12
D. Other Meeting Determination............................................................................................. 12
VI. Incident Handling and Response ............................................................................................. 12
A. Course of Action ................................................................................................................ 12
B. Risk Mitigation ................................................................................................................... 12
VII. External Breach Notification ................................................................................................. 15
A. Whether Breach Notification is Required .......................................................................... 15
B. Timeliness of the Notification ............................................................................................ 17
C. Source of the Notification................................................................................................... 17
D. Contents of the Notification ............................................................................................... 18
3
U.S. Department of Justice
Instruction 0900.00.01
E. Means of Providing Notification ........................................................................................ 18
F. Who Receives Notification: Public Outreach in Response to a Breach ............................. 20
Appendix A, Sample Written Notifications .................................................................................. 22
Appendix B, General Guidance for the Establishment of a Call Center in the Event of a
Significant Data Breach .......................................................................................................... 24
Appendix C, References................................................................................................................ 28
4
U.S. Department of Justice
Instruction 0900.00.01
GLOSSARY OF TERMS
Term
Definition
Breach
The term "breach" is used to include the loss of control, compromise,
unauthorized disclosure, unauthorized acquisition, unauthorized
access, or any similar term referring to situations where persons other
than authorized users and for an other than authorized purpose have
access or potential access to information, whether physical or
electronic.
It includes both intrusions (from outside the organization) and misuse
(from within the organization).
Classified National
""Classified national security information'' or ""classified
Security Information
information'' or NSI means information that has been determined
pursuant to Executive Order 13526, Classified National Security
Information," or any predecessor or successor order, to require
protection against unauthorized disclosure and is required to be
marked to indicate its classified status when in documentary form.
Company or business
identifiable
information
Identifying information about a company or other business entity that
could be used to commit or facilitate the commission of fraud,
deceptive practices or other crimes (for example, bank account
information, trade secrets, confidential or proprietary business
information).
Component
An Office, Board, Division, or Bureau of the Department of Justice as
defined in 28 C.F.R. Part 0 Subpart A, Paragraph 0.1.
Cybersecurity
incident
Actions taken through the use of computer networks that result in an
actual or potentially adverse effect on an information system and/or
the information residing therein.
Harm
For the purposes of this document, harm means any adverse effects
that would be experienced by an individual or organization (e.g., that
may be socially, physically, or financially damaging) whose
information was breached, as well as any adverse effects experienced
by the organization that maintains the information.
5
Identity Theft
U.S. Department of Justice
Instruction 0900.00.01
The act of obtaining or using an individual's identifying information
without authorization in an attempt to commit or facilitate the
commission of fraud or other crimes. The resulting crimes usually
occur in one of the following ways. Identity thieves may attempt to:
•
Gain unauthorized access to existing bank, investment, or
credit accounts using information associated with the person
•
Withdraw or borrow money from existing accounts or charge
purchases to the accounts
•
Open new accounts with a person's identifiable information
without that person's knowledge
6
U.S. Department of Justice
Instruction 0900.00.01
Term
Definition
•
Obtain driver's licenses, social security cards, passports, or
other identification documents using the stolen identity
Incident
An occurrence that actually or potentially jeopardizes the
confidentiality, integrity, or availability of an information system or
the information the system processes, stores, or transmits or that
constitutes a violation or imminent threat of violation of security
policies, security procedures, acceptable use policies or standard
computer security practices.
National Security
System
Has the meaning given it in the Federal Information Security
Management Act of 2002 (FISMA, Title III, Public Law 107-347,
December 17, 2002), codified at 44 U.S.C. 3542(b)(2).
Components shall use National Institute of Standards and Technology
Special Publication 800-59, "Guideline for Identifying an Information
System as a National Security System," to identify National Security
Systems.
Personally
Identifiable
Information (PII)
PII is "any information about an individual maintained by an agency,
including (1) any information that can be used to distinguish or trace
an individual"s identity, such as name, social security number, date
and place of birth, mother"s maiden name, or biometric records; and
(2) any other information that is linked or linkable to an individual,
such as medical, educational, financial, and employment
information."1
Information that standing alone is not generally considered personally
identifiable, because many people share the same trait, includes:
•
First or last name, if common (For example: Smith or Brown)
•
Country, state, city or Zip code of residence
•
Age, especially if non-specific (such as age in years, without a
birth date)
•
Gender or race
•
Workplace or school
7
•
Grades, salary, or job position
U.S. Department of Justice
Instruction 0900.00.01
Sometimes multiple pieces of information, none of which alone may
be considered personally identifiable, may uniquely identify a person
when brought together.
1
National Institute of Standards and Technology Special Publication 800-122, Guide to
Protecting the Confidentiality of Personally Identifiable Information (PII), April 2010, footnote 6
"This definition is the GAO expression of an amalgam of the definitions of PII from OMB
Memorandums 07-16 and 06-19. GAO Report 08-536, Privacy: Alternatives Exist for Enhancing
Protection of Personally Identifiable Information, May 2008.
8
U.S. Department of Justice
Instruction 0900.00.01
ACRONYMS
Acronym
Meaning
AAG/A
Assistant Attorney General for Administration
CIO
Chief Information Officer
CPCLO
Chief Privacy and Civil Liberties Officer
CCIPS
Computer Crime and Intellectual Property Section (CCIPS) of the
Criminal Division
CO
Contracting Officer
COR
Contracting Officer's Representative
CMT
Core Management Team
DOJ
Department of Justice
DOJCERT
DOJ Computer Emergency Readiness Team
DSO
Department Security Officer
FTC
Federal Trade Commission
JSOC
Justice Security Operations Center
NSI
National Security Information
OLC
Office of Legal Counsel
OLA
Office of Legislative Affairs
OPA
Office of Public Affairs
OPCL
Office of Privacy and Civil Liberties
PII
Personally Identifiable Information
SSN
Social Security Number
US-CERT
United States Computer Emergency Readiness Team
9
U.S. Department of Justice
Instruction 0900.00.01
I.
Background
In September 2006, Office of Management and Budget (OMB) issued a Memorandum for the
Heads of Departments and Agencies entitled "Recommendations for Identity Theft Related Data
Breach Notification." In February 2007, DOJ issued the U.S. Department of Justice Incident
Response Procedures for Data Breaches Involving Personally Identifiable Information
implementing the recommendations in OMB's Memorandum. In May 2007, OMB issued
Memorandum 07-16 entitled "Safeguarding Against and Responding to the Breach of Personally
Identifiable Information," which requires agencies to develop and implement a notification
policy for breaches of personally identifiable information (PII), including the establishment of an
agency response team. DOJ subsequently modified its procedures to create the DOJ Core
Management Team.
In October 2012, the Assistant Attorney General for Administration (AAG/A) expanded the
responsibility of the DOJ Core Management Team (CMT) to include breaches of company or
business identifiable information, significant breaches of classified national security information
(NSI) and significant cybersecurity incidents.
This Instruction applies to all DOJ components, contractors that operate systems supporting
DOJ, and all information regardless of format (e.g., paper, electronic, etc.). It defines the
responsibilities of:
•
•
•
DOJ Core Management Team (CMT)
DOJ Computer Emergency Readiness Team (DOJ-CERT)
All DOJ personnel, contractors, and others who process, store, or possess PII or NSI on
behalf of DOJ, or are involved in cybersecurity incidents
This Instruction also establishes DOJ's notification policy and response plan for breaches of PII,
company or business identifiable information, significant breaches of NSI and significant
cybersecurity incidents. It supplements, but does not replace, the security and privacy
requirements contained in the DOJ Security Program Operating Manual (SPOM); DOJ Order
2640.2F, Information Technology Security and DOJ Information Technology Security Standards;
the DOJ Computer System Incident Response Plan; the Privacy Act of 1974, and DOJ Order
3011.1A, Compliance with the Privacy Requirements of the Privacy Act, the E-Government Act
and the FISMA.
Procedures to respond to information security incidents involving the Department's information
systems are located in the DOJ Computer System Incident Response Plan. This Plan focuses on
protection and defense of DOJ systems and network against data loss and intrusive, abusive, and
destructive behavior from both internal and external sources. For a description of computer
security incidents, refer to National Institute of Standards and Technology (NIST) Special
10
U.S. Department of Justice
Instruction 0900.00.01
Publication 800-61, Computer Security Incident Handling Guide. Guidelines for a risk-based
approach to protecting the confidentiality of PII are provided in NIST Special Publication 800122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). The
SPOM prescribes requirements and procedures for the classification, safeguarding and
11
U.S. Department of Justice
Instruction 0900.00.01
declassification of classified national security information (NSI), including reporting of any
incident involving a possible loss, compromise, or suspected compromise of sensitive or
classified information.
II.
DOJ Core Management Team
The DOJ Core Management Team (CMT) is the organizational backbone for the DOJ response
to an actual or suspected data breach involving PII, company or business identifiable
information, significant breaches of NSI and significant cybersecurity incidents. The CMT is the
primary advisor to the Attorney General in making determinations regarding breach notification.
As discussed in Section V, the CMT convenes in the event of certain significant data breaches or
cybersecurity incidents. The CMT is responsible for:
•
•
Determining the extent to which the incident poses problems related to identity theft, loss
of individuals', companies', or businesses' privacy or confidentiality, or the security of
DOJ information and systems
Managing activities to recover from the breach and mitigate the resulting damage,
including decisions relating to external breach notification
The DOJ CMT is chaired by the Chief Information Officer and Chief Privacy and Civil Liberties
Officer and is supported by the staff members of each of the offices represented and reports to
the Assistant Attorney General for Administration. The DOJ CMT consists of the following
members:
•
•
•
•
•
•
•
•
•
•
•
Representative from the Office of Attorney General
Principal Associate Deputy Attorney General
Associate Attorney General
Assistant Attorney General, Office of Legal Counsel
Assistant Attorney General, Office of Legislative Affairs
Assistant Attorney General, Administration
Assistant Attorney General, Civil Division
Chief Information Officer
Chief Privacy and Civil Liberties Officer
Director, Office of Privacy and Civil Liberties
Department Security Officer
12
U.S. Department of Justice
Instruction 0900.00.01
•
•
Inspector General
Director, Office of Public Affairs
Program Manager and Senior Component Official for Privacy, Executive Officer, and legal
counsel from component experiencing breach or incident
The DOJ CMT should convene at least annually to review these procedures and discuss likely
actions should an incident occur.
III.
Incident Detection and Reporting
A. R EQUI REMENT FOR REPORTING
Components must report actual or suspected data breaches, significant breaches of
NSI and significant cybersecurity incidents to DOJCERT within one hour of
discovery2.
1. Additional Component Requirements
The following individuals should be notified of the incident within their
component; should support the investigation, mitigation and recovery efforts of
the DOJ CMT; and should meet, as appropriate.
• Component Head or designee
• Component Chief Information Officer
• Senior Component Official for Privacy, Executive Officer, and legal
counsel
• Component Security Program Manager3
• Incident response team representative
• Owner or manager of the system from which the loss occurred
2. Additional Contractor Requirements
Contractors must notify the Contracting Officer (CO), the Contracting Officer's
Representative (COR) and DOJCERT within one hour of discovery of any data
breach, significant breaches of NSI or significant cybersecurity incident.
Contractors shall cooperate with all aspects of DOJ's investigation, assessment,
mitigation, and recovery activities.
13
U.S. Department of Justice
Instruction 0900.00.01
2
Components must also report incidents falling under SPOM Section 1-302, Incident and Vulnerability
Reporting,
to the Department Security Officer through their Security Program Manager.
3
Pursuant to SPOM Section 1-303, the SPM will initiate a preliminary inquiry to ascertain all
the circumstances surrounding the incident.
14
U.S. Department of Justice
Instruction 0900.00.01
B. I NCI DENT RECORD
DOJCERT will work with the reporting Component to record the incident
information in the DOJCERT Incident Tracking System. The record should contain
the following:
•
•
•
•
•
•
Description of the data lost, including the amount and its sensitivity or
classification level
For cybersecurity incidents, the nature of the cyber threat (e.g., Advanced
Persistent Threat, Zero Day Threat, data exfiltration)
Nature and number of persons affected (e.g., employees, outside individuals)
Likelihood data is accessible and usable
o Likelihood the data was intentionally targeted
o Evidence that the compromised information is actually being used to
commit identity theft
o Strength and effectiveness of security technologies protecting data
Likelihood the breach may lead to harm and the type of harm
Ability to mitigate the risk of harm
DOJCERT will notify the DSO and OIG of all reported breaches and incidents.
C. I NI TI AL ASSESSMENT
The DSO will assess data breaches and incidents involving classified information
with support from DOJCERT. DOJCERT will assess all other data breaches and
incidents. The assessment will be based on the details included in the incident report
and will assign an initial potential impact level of Low, Moderate, or High4. The
potential impact levels describe the worst case potential impact on a component,
person, company or business of the breach or incident.
•
•
Low: the loss of confidentiality, integrity, or availability is expected to have a
limited adverse effect on organizational operations, organizational assets, or
individuals
Moderate: the loss of confidentiality, integrity, or availability is expected to
have a serious adverse effect on organizational operations, organizational
assets, or individuals
4
National Institute of Standards and Technologies Federal Information Processing Standards
Publication (FIPS
PUB) 199, "Standards for Security Categorization of Federal Information and Information Systems."
15
U.S. Department of Justice
Instruction 0900.00.01
•
High: the loss of confidentiality, integrity, or availability is expected to have a
severe or catastrophic adverse effect on organizational operations,
organizational assets, or individuals
D. C RI MI NAL INVESTIGATION
DOJCERT will also work with the Criminal Division, Computer Crime and
Intellectual Property Section (CCIPS), to determine whether further investigation is
warranted by law enforcement. As appropriate, CCIPS will notify the Federal Bureau
of Investigation.
E. I NCI DENT NOTIFICATION
DOJCERT will notify US-CERT within the OMB-mandated one hour timeframe for
incidents involving PII and within US-CERT established timeframes for other
incidents, and will start the internal alerting and notification process.
IV.
Internal Notification Process
A. R EQUI REMENT FOR I NI TI AL NOTIFICATION
For incidents with an initial risk rating of either Moderate or High, or that may
receive particular notoriety, DOJCERT will, within 72 hours of the incident being
reported to DOJCERT, send an initial e-mail notification to the following:
•
•
•
•
•
•
•
Office of the Inspector General
Office of Privacy and Civil Liberties
Office of the Chief Information Officer
Civil Division
Security and Emergency Planning Staff
Computer Crime and Intellectual Property Section (CCIPS) of the Criminal
Division
Office of Public Affairs
B. C ONTENTS OF THE NOTIFICATION
The e-mail shall contain the known details of the incident, DOJCERT's initial risk
rating, as well as the actions that have been taken to respond to the incident thus far.
V.
Risk Assessment
A. I NCI DENT ANALYSIS
16
U.S. Department of Justice
Instruction 0900.00.01
After initial notification, DOJCERT will perform a more thorough analysis of the
incident, using the factors used in the initial assessment (section III.B. above) and
additional information that becomes available, including reassessing the risk rating.
B. S UMMARY OF F ACTS WI TH RECOMMENDATIONS
Following the analysis, DOJCERT will prepare a Summary of Facts with
Recommendations for Moderate or High risk incidents and forward it to the CIO and
CPCLO, in their capacity as co-chairs of the DOJ CMT. The CIO and CPCLO will
then notify the members of the DOJ CMT.
C. AAG/A N OTI FI CATI ON AND M EETI NG DETERMINATION
If the risk is high, the CIO and CPCLO will also notify the Assistant Attorney
General for Administration (AAG/A), who will decide whether to convene a meeting
of the DOJ CMT.
D. O THER M EETI NG DETERMINATION
The CIO, CPCLO or the AAG/A may also, at their discretion, convene a meeting of
the DOJ CMT to address specific incidents assessed at a low or moderate risk level.
VI.
Incident Handling and Response
A. C OURSE OF ACTION
The component experiencing the breach or incident, or the CMT for breaches and
incidents handled by the CMT, will determine the appropriate course of action,
including notification to affected individuals (discussed in the next section), the
resources needed, and any appropriate remedy options. The component experiencing
the breach or incident may consult with the CMT in developing an appropriate course
of action.
B. R I SK MITIGATION
The component experiencing the breach or incident, or the CMT for breaches and
incidents handled by the CMT, will simultaneously consider options for mitigating
the risk. The component experiencing the breach or incident may consult with the
CMT in developing appropriate mitigation options. The following are actions that
can be taken by DOJ or the contractor to mitigate the risk from loss of PII, and
actions that individuals can routinely take to mitigate their risk:
1. Actions that Can Be Taken to Mitigate the Risk from Loss of PII
17
•
U.S. Department of Justice
Instruction 0900.00.01
If the breach involves individuals' banking, credit card, or other financial
PII, DOJ or the contractor should notify the individuals and inform them
of steps that they should take to mitigate the risk. Written notification
18
U.S. Department of Justice
Instruction 0900.00.01
procedures are contained in Appendix A. Where necessary, the
Department or contractor should assist the individuals' mitigation efforts.
•
•
•
•
If the breach involves a large volume of users, DOJ or the contractor
should consider establishing a Help Line that allows affected users to call
in to DOJ or the contractor to learn information. Appendix B contains
more information regarding the procedures for establishing a Help Line.
If the breach of PII has the potential to compromise the physical safety of
the individuals involved, DOJ should ensure that the appropriate law
enforcement agencies are notified and that the agencies take appropriate
protective action.
If the breach involves government-authorized credit cards (such as a loss
of a card or card number), DOJ should notify the issuing bank promptly.
If the breach involves individuals' bank account numbers to be used for
the direct deposit of credit card reimbursements, government employee
salaries, or any benefit payment, DOJ should notify the bank or other
entity that handles that particular transaction for DOJ.
DOJ or the contractor may take two other significant steps that can offer
additional measures of protection but which will involve DOJ or
contractor expense. They are:
o Data Breach Analysis - Using available technology or services,
analyze whether a particular data loss appears to be resulting in
identity theft. DOJ or the contractor may consider using this
measure if it is uncertain about whether the identity-theft risk
warrants implementing more costly additional steps or if it wishes
to do more than rely on individual actions.
o Credit Monitoring - In deciding whether to offer credit monitoring
services and of what type and length, DOJ should consider the
seriousness of the risk of identity theft arising from the data breach
involving PII. A particularly important consideration is whether
any identity theft incidents have already been detected. The cost
of the service should also be considered. To assist the timely
implementation of either data breach analysis or credit monitoring,
the General Services Administration (GSA) is putting in place
several government-wide contracting methods to provide these
services if needed. If a contractor is responsible for the data
breach involving PII, the contractor may provide credit monitoring
and/or other corrective action in coordination with the Department.
19
U.S. Department of Justice
Instruction 0900.00.01
2. Actions that Individuals Can Routinely Take to Mitigate the Risk
• Contact their financial institution to determine whether their account(s)
should be monitored or closed. This option is relevant only when
financial account information Monitor their financial account statements
and immediately report any suspicious or unusual activity to their financial
institution.
• Request a free credit report at www.AnnualCreditReport.com or by calling
1-877-322-8228. It may take a few months for most signs of fraudulent
account activity to appear on the credit report. This option is most useful
when the data breach involves information that can be used to open new
accounts.
• Contact the three major credit bureaus and place an initial fraud alert on
credit reports maintained by each of the credit bureaus. This option is
most useful when the breach includes information that can be used to open
a new account, such as SSNs.
• For residents of states in which state law authorizes a credit freeze,
consider placing a credit freeze on their credit file. This option is most
useful when the breach includes information that can be used to open a
new account, such as SSNs.
• For deployed members of the military, consider placing an active duty
alert on their credit file. This option is most useful when the breach
includes information that can be used to open a new account, such as
SSNs.
• Review resources provided on the Federal Trade Commission (FTC)
Identity Theft Website.
• Complete a Federal Trade Commission ID Theft Affidavit at the above
FTC Website. This will allow an individual to legally notify their
creditors that their identity has been compromised. Any debts incurred
after that date will not be assigned to them.
• Be aware that the public announcement of the breach could itself cause
criminals engaged in fraud to use various techniques to deceive
individuals affected by the breach into disclosing their personal
information.
3. Congressional Notification
The CMT will also determine whether Congress should be notified.
20
U.S. Department of Justice
Instruction 0900.00.01
VII.
External Breach Notification
Components and the CMT will consider the following six elements when considering external
notification:
•
•
•
•
•
•
Whether breach notification is required
Timeliness of the notification
Source of the notification
Contents of the notification
Means of providing the notification
Who receives notification: public outreach in response to a breach
A more detailed description of these elements is set forth below:
A. W HETHER B REACH N OTI FI CATI ON I S REQUIRED
To determine whether notification of a breach is required, the likely risk of harm
caused by the breach and then the level of risk must be assessed. A wide range of
harms should be considered, such as harm to reputation and the potential for
harassment or prejudice, particularly when health or financial benefits information is
involved in the breach.5 Notification when there is little or no risk of harm might
create unnecessary concern and confusion6. Additionally, under circumstances where
notification could increase a risk of harm, the prudent course of action may be to
delay notification while appropriate safeguards are put in place.
Five factors should be considered to assess the likely risk of harm:
1. Nature of the Data Elements Breached. The nature of the data elements
compromised is a key factor to consider in determining when and how
notification should be provided to affected individuals.7 It is difficult to
characterize data elements as creating a low, moderate, or high risk simply based
on the type of data because the sensitivity of the data element is contextual. A
5
For reference, the express language of the Privacy Act requires agencies to consider a wide
range of harms: agencies shall "establish appropriate administrative, technical and physical
safeguards to insure the security and confidentiality of records and to protect against any
anticipated threats or hazards to their security or integrity which could result in substantial
harm, embarrassment, inconvenience, or unfairness to any individual on whom information is
maintained." 5 U.S.C. § 552a (e)(10).
21
U.S. Department of Justice
Instruction 0900.00.01
6
Another consideration is a surfeit of notices, resulting from notification criteria which are too
strict, could render all such notices less effective, because consumers could become numb to
them and fail to act when risks are truly significant.
7
For example, theft of a database containing individuals' names in conjunction with Social
Security numbers, and/or dates of birth may pose a high level of risk of harm, while a theft of a
database containing only the names of individuals may pose a lower risk, depending on its
context.
22
U.S. Department of Justice
Instruction 0900.00.01
name in one context may be less sensitive than in another context.8 In assessing
the levels of risk and harm, consider the data element(s) in light of their context
and the broad range of potential harms flowing from their disclosure to
unauthorized individuals.
2. Number of Individuals Affected. The number of affected individuals may dictate
the method(s) the component chooses for providing notification, but should not be
the determining factor for whether a notification should be provided.
3. Likelihood the Information is Accessible and Usable. Assess the likelihood
information will be or has been used by unauthorized individuals. An increased
risk that the information will be used by unauthorized individuals should
influence the decision to provide notification.
The fact the information has been lost or stolen does not necessarily mean it has
been or can be accessed by unauthorized individuals, however, depending upon a
number of physical, technological, and procedural safeguards employed by the
component. If the information is properly protected by encryption that has been
validated by NIST, for example, the risk of compromise may be low to nonexistent.
4. Likelihood the Breach May Lead to Harm.
a. Broad Reach of Potential Harm. The Privacy Act requires agencies to protect
against any anticipated threats or hazards to the security or integrity of records
which could result in "substantial harm, embarrassment, inconvenience, or
unfairness to any individual on whom information is maintained" (5 USC
552a(e)(10)). Additionally, the analysis should consider a number of possible
harms associated with the loss or compromise of information. Such harms
may include the effect of a breach of confidentiality or fiduciary
responsibility, the potential for blackmail, the disclosure of private facts,
mental pain and emotional distress, the disclosure of address information for
victims of abuse, the potential for secondary uses of the information which
could result in fear or uncertainty, or the unwarranted exposure leading to
humiliation or loss of self-esteem.
b. Likelihood Harm Will Occur. The likelihood a breach may result in harm will
depend on the manner of the actual or suspected breach and the type(s) of data
involved in the incident. Social Security numbers and account information are
useful to committing identity theft, as are date of birth, passwords, and
mother's maiden name. If the information involved, however, is a name and
address or other personally identifying information, the loss may also pose a
significant risk of harm if, for example, it appears on a list of patients at a
clinic for treatment of a contagious disease.
23
U.S. Department of Justice
Instruction 0900.00.01
8
For example, breach of a database of names of individuals receiving treatment for contagious
disease may pose a higher risk of harm, whereas a database of names of subscribers to agency
media alerts may pose a lower risk of harm.
24
U.S. Department of Justice
Instruction 0900.00.01
5. Ability to Mitigate the Risk of Harm. Within an information system, the risk of
harm will depend on how the component is able to mitigate further compromise
of the system(s) affected by a breach. In addition to containing the breach,
appropriate countermeasures, such as monitoring system(s) for misuse of the
personal information and patterns of suspicious behavior, should be taken.9 Such
mitigation may not prevent the use of the personal information for identity theft,
but it can limit the associated harm. Some harm may be more difficult to mitigate
than others, particularly where the potential injury is more individualized and may
be difficult to determine.
B. T I MELI NESS OF THE NOTIFICATION
Components should provide notification without unreasonable delay following the
discovery of a breach, consistent with the needs of public or national security; official
inquiries, investigations or proceedings; the prevention, detection, investigation, or
prosecution of criminal offenses; the rights and freedoms of others, in particular the
protection of victims and witnesses; and any measures necessary for the component to
determine the scope of the breach and, if applicable, to restore the reasonable
integrity of the computerized data system compromised.
Decisions to delay notification should be made by the component head or a seniorlevel individual he/she may designate in writing. In some circumstances, law
enforcement or national security considerations may require a delay if it would
seriously impede the investigation of the breach or the affected parties. However, any
delay should not exacerbate risk or harm to any affected individual(s).
In cases where a contractor processes, stores, possesses, or otherwise handles the PII
that is the subject of a data breach, any notification to individuals affected by the data
breach must be coordinated with the Department. No notification by the contractor
may proceed until the Department has made a determination that notification would
not impede a law enforcement investigation or jeopardize national security. The
method and content of any notification by the contractor must be coordinated with,
and is subject to the approval of, the Department.
C. S OURCE OF THE NOTIFICATION
In general, notification to parties affected by the breach should be issued by the
Component Head, or senior-level individual he/she may designate in writing. This
demonstrates it has the attention of the chief executive of the organization.
25
U.S. Department of Justice
Instruction 0900.00.01
Notification involving only a limited number of persons (e.g., under 50) may also be
issued jointly under the auspices of the Chief Information Officer and the Chief
Privacy Officer or Senior Agency Official for Privacy. This approach signals the
component recognizes both the security and privacy concerns raised by the breach.
9
For example, if the information relates to disability beneficiaries, monitoring a beneficiary
database for requests for change of address may signal fraudulent activity.
26
U.S. Department of Justice
Instruction 0900.00.01
When the breach involves a Federal contractor or a public-private partnership
operating a system of records on behalf of a component, the component is responsible
for ensuring any notification and corrective actions are taken. The roles,
responsibilities, and relationships with contractors or partners must be reflected in
contracts and other documents.
D. C ONTENTS OF THE NOTIFICATION
The notification should be provided in writing and should use concise, conspicuous,
plain language. The notice should include the following elements:
•
•
•
•
•
•
A brief description of what happened, including the date(s) of the breach and
of its discovery
To the extent possible, a description of the types of personal information
involved in the breach (e.g., full name, Social Security number, date of birth,
home address, account number, disability code, etc.)
A statement whether the information was encrypted or protected by other
means, when determined such information would be beneficial and would not
compromise the security of the system
What steps affected parties should take to protect themselves from potential
harm, if any
What is being done, if anything, to investigate the breach, to mitigate losses,
and to protect against any further breaches
Who affected parties should contact for more information, including a tollfree telephone number, e-mail address, and postal address
Given the amount of information required above, the component may want to
consider layering the information, providing the most important information up front,
with the additional details in a Frequently Asked Questions (FAQ) format or on the
component's web site. If the component has knowledge that the affected parties are
not English speaking, notice should also be provided in the appropriate language(s).
See Appendix A for samples of written notifications.
E. M EANS OF P ROVI DI NG NOTIFICATION
The best means for providing notification will depend on the number of persons
affected and what contact information is available about the affected parties. Notice
provided to persons affected by a breach should be commensurate with the number of
persons affected and the urgency with which they need to receive notice. The
following examples are types of notice which may be considered.
27
•
U.S. Department of Justice
Instruction 0900.00.01
Telephone. Telephone notification may be appropriate in those cases where
urgency may dictate immediate and personalized notification and/or when a
28
U.S. Department of Justice
Instruction 0900.00.01
limited number of persons are affected. Telephone notification, however,
should be contemporaneous with written notification by first-class mail.
•
•
•
•
•
First-Class Mail. First-class mail notification to the last known mailing
address of the persons in the component's records should be the primary
means notification is provided. Where the component has reason to believe
the address is no longer current, it should take reasonable steps to update the
address by consulting with other agencies such as the US Postal Service. The
notice should be sent separately from any other mailing so that it is
conspicuous to the recipient. If the component which experienced the breach
uses another agency to facilitate mailing (for example, if the component which
suffered the loss consults the Internal Revenue Service for current mailing
addresses of affected persons), care should be taken to ensure the component
which suffered the loss is identified as the sender, and not the facilitating
agency. The front of the envelope should be labeled to alert the recipient to
the importance of its contents, e.g., "Data Breach Information Enclosed" and
should be marked with the name of the component as the sender to reduce the
likelihood the recipient thinks it is advertising mail.
E-Mail. E-mail notification is problematic, because individuals change their email addresses and often do not notify third parties of the change. Notification
by postal mail is preferable. However, where an individual has provided an email address and has expressly given consent to e-mail as the primary means
of communication with the component, and no known mailing address is
available, notification by e-mail may be appropriate. E-mail notification may
also be employed in conjunction with postal mail if the circumstances of the
breach warrant this approach. E-mail notification may include links to the
component and www.USA.gov web sites, where the notice may be "layered"
so the most important summary facts are up front with additional information
provided under link headings.
Existing Government Wide Services. Agencies should use Government wide
services already in place to provide support services needed, such as USA
Services, including toll free number of 1-800-FedInfo and www.USA.gov.
Newspapers or other Public Media Outlets. Additionally, the component may
supplement individual notification with placing notifications in newspapers or
other public media outlets. The component should also set up toll-free call
centers staffed by trained personnel to handle inquiries from the affected
parties and the public.
Substitute Notice. Substitute notice in those instances where the component
does not have sufficient contact information to provide notification. Substitute
notice should consist of a conspicuous posting of the notice on the home page
29
U.S. Department of Justice
Instruction 0900.00.01
of the component's web site and notification to major print and broadcast
media, including major media in areas where the affected parties reside. The
notice to media should include a toll-free phone number where an individual
30
U.S. Department of Justice
Instruction 0900.00.01
can learn whether or not his or her personal information is included in the
breach.
•
Accommodations. Special consideration to providing notice to individuals
who are visually or hearing impaired consistent with Section 508 of the
Rehabilitation Act of 1973 should be given. Accommodations may include
establishing a Telecommunications Device for the Deaf (TDD) or posting a
large type notice on the component web site.
F. W HO R ECEI VES N OTI FI CATI ON : P UBLI C O UTREACH I N R ESPONSE TO A BREACH
•
•
Notification of Individuals. The final consideration in the notification process
when providing notice is who should receive notification: the affected
individuals, the public media, and/or other third parties affected by the breach
or the notification. Unless notification to individuals is delayed or barred for
law enforcement or national security reasons, once it has been determined to
provide notice regarding the breach, affected individuals should receive
prompt notification.
Notification of Third Parties including the Media. If communicating with third
parties regarding a breach, agencies should consider the following.
o Careful Planning. A component's decision to notify the public media
will require careful planning and execution so that it does not
unnecessarily alarm the public. When appropriate, the component
should notify public media as soon as possible after the discovery of a
breach and the response plan, including the notification, has been
developed. Notification should focus on providing information,
including links to resources, to aid the public in its response to the
breach. Notification may be delayed upon the request of law
enforcement or national security agencies as described above in
Section VII.B. To the extent possible, prompt public media disclosure
is generally preferable because delayed notification may erode public
trust.
o Web Posting. Agencies should post information about the breach and
notification in a clearly identifiable location on the home page of the
component web site as soon as possible after the discovery of a breach
and the decision to provide notification to the affected parties. The
posting should include a link to Frequently Asked Questions (FAQ)
and other talking points to assist the public's understanding of the
breach and the notification process. The information should also
appear on the www.USA.gov web site. The component may also
consult with the General Services Administration's USA Services
regarding using their call center.
31
U.S. Department of Justice
Instruction 0900.00.01
•
o Notification of other Public and Private Sector Agencies. Other public
and private sector agencies may need to be notified on a need-to-know
basis, particularly those that may be affected by the breach or may
play a role in mitigating the potential harm stemming from the
breach.10
o Congressional Inquiries. Agencies should be prepared to respond to
inquiries from other governmental agencies such as the Government
Accountability Office and Congress.
Reassess the Level of Impact Assigned to the Information. After evaluating
each of these factors, the component should review and reassess the level of
impact it has already assigned to the information using the impact levels
defined by the NIST.
32
U.S. Department of Justice
Instruction 0900.00.01
10
For example, a breach involving medical information may warrant notification of the breach
to health care providers and insurers through the public or specialized health media, and a
breach of financial information may warrant notification to financial institutions through the
federal banking agencies.
33
U.S. Department of Justice
Instruction 0900.00.01
APPENDIX A
Sample Written Notifications
DATA ACQUIRED: Social Security Number (SSN)
(Note: Do not insert actual SSN)
Dear
:
We are writing to you because of a recent security incident at [DOJ or name of Component].
[Describe what happened in general terms, what kind of PII was involved, and what you are
doing in response.]
To protect yourself from the possibility of identity theft, we recommend that you complete a
Federal Trade Commission ID Threat Affidavit. This will allow you to legally notify your
creditors that your identity may have been compromised. Any debts incurred after that date will
not be assigned to you.
We also recommend that you place a fraud alert on your credit files. A fraud alert lets creditors
know to contact you before opening new accounts. Just call any one of the three credit reporting
agencies at the number below. This will let you automatically place fraud alerts with all of the
agencies. You will then receive letters from all of them, with instructions on how to get a free
copy of your credit report from each.
Equifax
Experian
TransUnion
1-800-525-6285
1-888-397-3742
1-800-680-7289
Look your credit reports over carefully when you receive them. Look for accounts you did not
open. Look for inquiries from creditors that you did not initiate. And look for personally
identifiable information, such as home address or Social Security Number that is not accurate.
If you see anything you do not understand, call the credit reporting agency at the telephone
number on your report. If you do find suspicious activity on your credit reports, call your local
34
U.S. Department of Justice
Instruction 0900.00.01
police or sheriff's office and file a police report of identity theft. [Or, if appropriate, give contact
number for law enforcement agency investigating the incident.] Get a copy of the police report.
You may need to give copies of the police report to creditors to clear up your records.
Even if you do not find any signs of fraud on your reports, we recommend that you check your
credit report every three months for the next year. Just call one of the numbers above to order
your reports and keep the fraud alert in place. For more information on identity theft, we suggest
that you visit the Identity Theft Website of the Federal Trade Commission. If there is anything
[DOJ or name of Component] can do to assist you, please call [toll-free telephone number].
[Closing]
35
U.S. Department of Justice
Instruction 0900.00.01
DATA ACQUIRED: Credit Card Number or Financial Account Number Only
(Note: Do not insert actual credit card or financial account numbers)
Dear
:
We are writing to you because of a recent security incident at [DOJ or name of Component].
[Describe what happened in general terms, what type of PII was involved, and what DOJ is
doing in response.]
To protect yourself from the possibility of identity theft, we recommend that you immediately
contact [credit card or financial account issuer] at [phone number] and close your account. Tell
them that your account may have been compromised.
We also recommend that you complete a Federal Trade Commission ID Threat Affidavit. This
will allow you to legally notify your creditors that your identity has been compromised. Any
debts incurred after that date will not be assigned to you.
In addition, we recommend that you place a fraud alert on your credit files. A fraud alert lets
creditors know to contact you before opening new accounts. Just call any one of the three credit
reporting agencies at a number below. This will let you automatically place fraud alerts with all
of the agencies. You will then receive letters from all of them, with instructions on how to get a
free copy of your credit report from each.
Equifax
Experian
TransUnion
1-800-525-6285
1-888-397-3742
1-800-680-7289
Look your credit reports over carefully when you receive them. Look for accounts you did not
open. Look for inquiries from creditors that you did not initiate. And look for personally
identifiable information, such as home address or Social Security Number that is not accurate.
If you see anything you do not understand, call the credit reporting agency at the telephone
number on your report. If you do find suspicious activity on your credit reports, call your local
police or sheriff's office and file a police report of identity theft. [Or, if appropriate, give contact
number for law enforcement agency investigating the incident.] Get a copy of the police report.
You may need to give copies of the police report to creditors to clear up your records.
Even if you do not find any signs of fraud on your reports, we recommend that you check your
credit report every three months for the next year. Just call one of the numbers above to order
your reports and keep the fraud alert in place. For more information on identity theft, we suggest
36
U.S. Department of Justice
Instruction 0900.00.01
that you visit the Identity Theft Website of the Federal Trade Commission. If there is anything
[DOJ or name of Component] can do to assist you, please call [toll-free telephone number].
[Closing]
37
U.S. Department of Justice
Instruction 0900.00.01
APPENDIX B
General Guidance for the Establishment of a Call Center
in the Event of a Significant Data Breach
In the event of a significant data breach involving PII, the following guidance is provided to help
with the determination of whether to establish a call center. The purpose of a call center is to
provide individuals a number to call to obtain further information regarding the data loss and
possible action they may want to take to lessen the incident's impact on their personal lives.
The decision to establish a call center should be based on several considerations:
•
•
•
If a data breach does not extend outside of a Component (i.e., those affected by the breach
are known and can be contacted), the establishment of a call center would not normally be
necessary
If the breach affects a large number of individuals and those individuals are not easily
identifiable or easily contacted, establishment of a call center should be considered to allow
those potentially impacted to call and obtain additional information regarding the breach
Each situation will be unique and the decision to establish a call center must be based on
individual circumstances. The main concern should be sharing of information with those
affected and how they may obtain assistance.
Once a decision is made to establish a call center, there are several options:
•
•
Contact the National Business Center to obtain a toll-free number. This option is likely the
least expensive, since DOJ would provide its own personnel to support the call center.
Contact General Service Administration's (GSA) USA Contact to establish a fully supported
and staffed call center. A thorough description of the incident and set of frequently asked
questions (FAQs) will also be required for call center to refer to when fielding calls.
Suggested items to consider based on the nature of the breach would include, but are not limited
to, the following:
•
•
•
•
•
Using existing DOJ personnel to staff the call center and the number of individuals required
Training of call center operators
Pre-stage FAQs
Ability to adjust staffing in response to call volume
Daily hours of operations
38
U.S. Department of Justice
Instruction 0900.00.01
•
•
•
•
•
Cost of service
Call logging
DOJ reporting requirements
Advertising call center numbers and making data breach information readily available to
those affected
Quality assurance checks of call center effectiveness
Sample call center FAQs are as follows:
1. How can I tell if my information was compromised?
At this point, there is no evidence that any missing data has been used illegally.
However, the DOJ/Component is asking each individual to be extra vigilant and to
carefully monitor bank statements, credit card statements, and any statements relating to
recent financial transactions. If you notice unusual or suspicious activity, you should
report it immediately to the financial institution involved.
2. What is the earliest date at which suspicious activity might have occurred due to this data
breach?
The information was stolen from an employee of the DOJ/Component during the month
of
. If the data has been misused or otherwise used to commit fraud or identity
theft crimes, it is likely that individuals may notice suspicious activity during the month
of
.
3. I haven't noticed any suspicious activity in my financial statements, but what can I do to
protect myself from being victimized by credit card fraud or identity theft?
The DOJ/Component strongly recommends that individuals closely monitor their
financial statements and visit the DOJ/Component special Website at www.
.gov.
4. Should I reach out to my financial institutions or will the DOJ/Component do this for
me?
The DOJ/Component does not believe that it is necessary to contact financial institutions
or cancel credit cards and bank accounts, unless you detect suspicious activity.
5. Where should I report suspicious or unusual activity?
The Federal Trade Commission (FTC) Identity Theft web site
(http://www.consumer.ftc.gov/features/feature-0014-identity-theft) recommends the
following steps if you detect suspicious activity:
39
U.S. Department of Justice
Instruction 0900.00.01
•
Immediate Steps
o Place an Initial Fraud Alert
Contact the fraud department of one of the three major credit bureaus:
■
•
•
Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA
30374-0241
■ Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box
9532, Allen, TX 75013
■ TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance
Division, P.O. Box 6790, Fullerton, CA 92834-6790
o Order Your Credit Report from the three major credit bureaus above
o Create an Identity Theft Report
■ Submit a report about the theft to the FTC online or call the FTC at 1-877438-4338 (1-866-653-4261 - TTY). When you finish writing all the details,
print a copy of the report. It will be called an Identity Theft Affidavit. Bring
your FTC Identity Theft Affidavit when you file a police report.
■ File a police report with your local police department or the police department
where the theft occurred, and get a copy of the police report or the report
number. Your FTC Identity Theft Affidavit and your police report make an
Identity Theft Report.
Extended Fraud Alerts and Credit Freezes
o Extended Fraud Alerts. If you've created an Identity Theft Report, you can get an
extended fraud alert on your credit file. When you place an extended alert, you
can get 2 free credit reports within 12 months from each of the 3 nationwide
credit reporting companies, and the credit reporting companies must take your
name off marketing lists for prescreened credit offers for 5 years, unless you ask
them to put your name back on the list. The extended alert lasts for 7 years.
o Credit Freezes. You may choose to put a credit freeze on your file. But a credit
freeze may not stop misuse of your existing accounts or some other types of
identity theft. Also, companies that you do business with would still have access
to your credit report for some purposes. A fraud alert will allow some creditors to
get your report as long as they verify your identity.
Close any accounts that have been tampered with or opened fraudulently
FTC also has a printed publication called Taking Charge, What To Do If Your Identity Is
Stolen
40
U.S. Department of Justice
Instruction 0900.00.01
6. What is the DOJ/Component doing to ensure that this does not happen again?
The DOJ/Component is working with the FTC to investigate the data breach and to
develop safeguard against similar incidents. The DOJ/Component has directed all
employees to complete the DOJ "Computer Security Awareness and Training (CSAT)"
course. In addition, the DOJ/Component will immediately be conducting an inventory
and review of all current positions requiring access to PII and require all employees
needing access to PII to undergo an updated National Agency Check and Inquiries
(NACI) and/or a Minimum Background Investigation (MBI), depending on the level of
access required by the responsibilities associated with their position. Appropriate law
enforcement agencies, including the Federal Bureau of Investigation and the DOJ Office
of the Inspector General have launched full-scale investigations into this matter.
7. Where can I get further, up-to-date information?
The DOJ/Component has set up a special Website which features up-to-date news and
information. Please visit www.
.gov.
8. Does the data breach affect only certain individuals?
It potentially affects a large population of individuals. We urge everyone possibly
affected to be extra vigilant and monitor their financial accounts.
41
U.S. Department of Justice
Instruction 0900.00.01
APPENDIX C
References
The following references are applicable to this Instruction. Unless otherwise stated, all references
to publications are to the most recent version of the referenced publication.
1. Congressional Mandates
a. Clinger Cohen Act of 1996, (Pub. L. 104-106, 110 Stat. 186); and (Pub. L. 104-208, 110
Stat. 3009).
b. Electronic Communications Privacy Act of 1986, 18 U.S.C. § 2511.
c. E-Government Act of 2002, PL 107-347, 44 U.S.C. Ch 35.
d. Federal Information Security Management Act of 2002 (FISMA), Pub. L. 107-347, 116
Stat. 2899.
e. Freedom of Information Act (FOIA), 5 U.S.C. § 552.
f. Privacy Act of 1974, 5 U.S.C. § 552a.
2. Federal/Departmental Regulations/Guidance
a. DOJ Order 2880.1B, Information Resources Management.
b. DOJ Order 2640.2F, Information Technology Security.
c. DOJ Order 3011.1A, Compliance with the Privacy Requirements of the Privacy Act, the
E-Government Act and the FISMA.
d. DOJ Computer System Incident Response Plan.
e. DOJ Information Technology Security Standards.
f. DOJ Security Program Operating Manual (SPOM).
3. Presidential and Office of Management and Budget Guidance
a. OMB Circular A-130, Management of Federal Information Resources (with Appendices
and periodic revisions).
b. OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of
Personally Identifiable Information.
42
C
o
n
f
i
d
e
C
SETTLEMENT AGREEMENT
- IMPLEMENTATION COMPENSATION
n
O
tT
i3
a
l
Caerphilly
County
Borough
Council
Employer:
Employee:
Address:
£
[
Implementation Compensation Payment:
]
We the undersigned have agreed the terms contained with the attached Schedule and
that the Schedule forms an integral part of this COT3 agreement.
Signed by:
Employee
«««««««««««««
Date ««««««««
For and on
Behalf of the
Employer
«««««««««««««
Date ««««««««
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
APPENDIX
The claims to be settled by this Agreement include all claims or potential claims (in
respect of the Chief Officer post that the Employee currently holds as listed in the
attached Appendix and includes, without limitation, the actual claim(s) (if any) listed
on the attached cover sheet):-
Post Title
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
DOCUMENT A - IMPLEMENTATION
COMPENSATION WITHOUT
PREJUDICE
The parties to this Agreement agree as follows:-
WHEREAS
The Employer has previously successfully implemented, an equality proofed
Single Status Structure in relation to our NJC employees (known as the "Green
Book"). In addition we have harmonised the Terms and Conditions of our former
craft employees ("Red Book") to achieve consistency with our Single Status
arrangements. The Employer is now seeking to achieve consistent arrangements
by harmonising the Chief Officer terms and conditions detailed below with those
of our employees under single status:
Essential User Car Allowance and Mileage Rates
• Annual Leave Allowances and Flexi Arrangements
•
(A) All undertakings and waivers hereunder relate to the Single Status arrangements
in relation to all employees.
(B) In order to achieve the Single Status arrangements for Chief Officers the
Employer is seeking to harmonise terms and conditions under a localised
agreement within the principles of Single Status as negotiated with the recognised
trade unions to achieve the Collective Agreement. The Employer has offered to
vary the Employee's contract of employment which the Employee wishes to
accept, which will be referred to as the "Single Status Contract of Employment".
The Single Status Contract of Employment will automatically apply to the
Employee by reason of the Collective Agreement.
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
(C) The Employer does not admit any liability in relation to any of the Employee's
actual claims or potential claims in relation to Breach of Contract , but in the
interests of good industrial relations and to avoid protracted litigation the
Employer has agreed to pay the Employee Implementation Compensation on the
terms set out in this Agreement which the Employee wishes to accept on the
terms of this Agreement.
(D) The Employee acknowledges and accepts that by virtue of receiving the
Implementation Compensation under this Agreement, the employee will not
pursue any Breach of
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
Contract claim in relation to the variation to the JNC Terms for Chief Officers
under a localised arrangement.
SETTLEMENT
1.
In consideration of the Employee's agreement to give the undertakings set out
in this Agreement the Employer agrees, subject to the terms and conditions set
out below, to pay to the Employee Implementation Compensation in the sum
set out in the attached COT3 cover sheet.
2.
The Employee accepts the Implementation Compensation in full and final
settlement of the claims set out in paragraphs 3 and 4 that the Employee has
or may in the future have against the Employer, any organisation to which the
Employee's employment may transfer under TUPE and/or any of its or their
present or former employees or officers.
3.
The claims to be settled by this Agreement include all claims or potential
claims(in respect of the Chief Officer post the Employee currently holds and
as listed in the attached Appendix and includes, without limitation, the actual
claim(s) (if any) listed on the attached cover sheet):(a)
relating to Issues of Breach of Contract:-
(i)
in relation to and arising from the
variation to the JNC Terms for Chief
Officers under a localised arrangement
and
the
Single
Status
Contract
of
Employment; and
(ii)
payment of Implementation Consideration
in connection with the variation to the
JNC Terms for Chief Officers under a
localised arrangement and the Single
Status Contract of Employment; and
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
(b)
whether such claim is a claim, in relation to Issues of
Breach of Contract :-
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
(i)
under the Sex Discrimination Act 1975
(including but not limited to a claim for
injury to feelings);
(ii)
under the Trade Union and Labour
Relations
(Consolidation)
Act
1992
(including, but not limited to, a claim
under section 188 and/or section 188A);
(iii)
for breach of contract, including any sum
alleged to be payable under an equality
clause);
(iv)
for
unlawful
deduction
of
wages
(including any sum alleged to be payable
under an equality clause or by reason of
the implementation of the Single Status
Contract of Employment);
(v)
relating to loss of pension and any other
benefits; and/or
(vi)
(c)
for any other form or type of claim.
Further, and without prejudice to the generality of the foregoing,
the Employee understands and accepts that, in signing this
Agreement, the Employee shall not at any time institute any
Employment Tribunal or Court proceedings for damages or
compensation in relation to Pay Protection of former income
levels,
including
Implementation
without
limitation,
Consideration
the
between
payment
the
of
Effective
Implementation Date and 1 April 2015.
4.
For the avoidance of doubt, paragraphs 3 and 4 and therefore this Agreement
compromise all claims arising at common law, statute, European Law and/or
otherwise, whether or not such claims fall within the jurisdiction of the
Employment Tribunal and/or the civil courts. In addition, by accepting the
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
Settlement the Employee is settling any claim for an adjustment of any award
under section 31 Employment Act 2002 (non-completion of statutory
dispute resolution procedure: adjustment of
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
awards). Further, if there are any other ways in which claims relating to
Issues of Breach of Contract have been or could be advanced, then it is the
intention of the parties that these potential claims should also be treated as
having been settled by this Agreement.
5.
Payment of the Implementation Compensation shall be made by way of cheque
made payable to the Employee. The amount of the Implementation
Compensation has been calculated as a net amount less a notional deduction
for income tax and National Insurance contributions, as agreed with HMRC,
for which the Employer will account to HMRC on behalf of the Employee.
The Implementation Compensation is not pensionable pay.
6.
In the event that the Employee or anyone on his/her behalf commences or
continues any proceedings against the Employer, any organisation to which
the Employee's employment may transfer under TUPE and/or any of its or
their present or former employees or officers for any of the claims set out in
paragraphs 3 and 4, of this Agreement or otherwise then the Employee agrees
to repay to the Employer an amount equivalent to the Implementation
Compensation paid to the Employee under this Agreement. The Employee
agrees that in such circumstances, the said sum is recoverable from him/her as
a debt.
7.
Payment of the Implementation Compensation by the Employer is made on
the understanding that there is no admission of liability by the Employer.
8.
For the avoidance of doubt, this Agreement does not affect any rights which
the Employee may have in relation to any other claim against the Employer,
any organisation to which the Employee's employment may transfer under
TUPE and/or any of its or their present or former employees or officers
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
including without limitation, any claim for personal injury or in connection
with the Employee's accrued pension rights.
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
It is agreed that this schedule forms an integral part of the attached COT3
form. Employee:
Date:
For and on
Behalf of the Employer:
Date:
Document shared on https://www.docsity.com/en/confidential-cot3-settlement-agreement/8992007/
Downloaded by: rootstackk-music {stenglel23@gmail.com)
Social Network Analysis: An Introduction
2012 ICPSR Summer Program in Quantitative Methods of Social Research
The Odum Institute, University of North Carolina, Chapel Hill, July 16 to 20
Katherine Faust
University of California, Irvine
Sean Fitzhugh
University of California, Irvine
kfaust@uci.edu
sfitzhug@uci.edu
Social network analysis focuses on relationships between and among social entities. It is used
widely in the social and behavioral sciences, as well as in political science, economics,
organizational science, animal behavior, and industrial engineering. The social network
perspective, which will be taught in this workshop, has been developed over the last sixty years
by researchers in psychology, sociology, statistics, and anthropology. The social network
paradigm is the theoretical and formal basis for the relational study of social structures in the
social and behavioral sciences. The theoretical and methodological basis for this paradigm has
been clearly defined, and it has been convincingly applied to a variety of substantive problems.
However, a network approach requires a set of concepts and analytic tools, beyond those
provided by standard quantitative (particularly, statistical) methods. These concepts and tools are
the topics of this workshop.
This one-week workshop presents an introduction to various concepts, methods, and applications
of social network analysis drawn from the social and behavioral sciences. The primary focus of
these methods is the analysis of relational data measured on groups of social actors. Topics to be
discussed include an introduction to matrices and graph theory and their use in studying
structural properties of actor interrelations; structural and locational properties of actors, such as
centrality and centralization; subgroups and cliques; equivalence of actors, including structural
equivalence and blockmodels; local analyses, including dyadic and triadic analysis; hypothesis
testing using conditional uniform random graphs and matrix permutations; and an introduction to
statistical global analyses, using models such as p1, p*, ERGMs and their relatives. Prerequisites
for this course are familiarity with matrix algebra. A background in linear models and categorical
data analysis will be helpful, but is not required.
The course will meet for about seven hours each day, according to the following schedule:
Time
Activity
Morning
Lecture
Early afternoon
Computing and Data Analysis
Late afternoon
Questions and Discussion
Course Texts
Wasserman, S., and Faust, K. (1994). Social Network Analysis: Methods and
Applications. Cambridge, ENG and New York: Cambridge University Press.
Recommended:
Carrington, P., Scott, J, and Wasserman, S. (2004). Models and Methods for Social
Network Analysis. New York: Cambridge University Press.
Topics Topics to be taught and the relevant chapters from Wasserman and Faust are:
Chapter 1: Introduction
Chapter 2: Social Network Data: Collection and Applications
Chapter 3: Notation for Social Network Data
Chapter 4: Graphs and Matrices
Chapter 5: Centrality, Prestige, Prominence, and Related Concepts
Chapter 7: Cohesive Subgroups
Chapter 9: Structural Equivalence
Chapter 10: Blockmodels
Chapter 13: Dyads
Chapter 14: Triads
Chapter 15: Statistical Analysis of Single Relational Networks
Computer Programs
We will be using a number of different social network analysis computer programs
UCINET from Analytic Technologies. A 60 day trial version is available for free.
http://www.analytictech.com/archive/ucinet.htm
NETDRAW from Analytic Technologies comes with UCINET, or free at
http://www.analytictech.com/Netdraw/netdraw.htm
Pajek is free at:
http://pajek.imfm.si/doku.php
R routines sna, network, and statnet in R from
http://cran.r-project.org/
also see http://www.statnet.org/
Other Resources
These are some especially useful resources on social networks. I encourage you to
explore them and to take advantage of what they have to offer.
The International Network for Social Network Analysis (INSNA) is the international and
interdisciplinary professional association for people interested in social network research.
Its website (http://www.insna.org ) is a wonderful source of information and resources on
social networks, including links to many informative sites and to social network
computer programs and data.
The listserv, SOCNET, is the main on-line forum for discussion of current topics on
social networks. Information on how to join is available through the INSNA site (see
above) or at: http://www.insna.org/pubs/socnet.html
Journals
Social Networks - the flagship journal of the discipline.
Connections is INSNA's newsletter/ informal journal. It is available through the INSNA
website or directly at: http://www.insna.org/pubs/connections/index.html
Journal of Social Structure is an online journal with many articles of interest to social
network researchers. http://www.cmu.edu/joss/
Handouts, tutorials, etc.
Steve Borgatti's web page is a nice source of introductory material and handouts on
various topics on social networks. http://www.analytictech.com/networks/
Bob Hanneman at UCR has a useful online textbook on social network analysis that
includes information about how to use UCINET
http://www.faculty.ucr.edu/~hanneman/nettext/
Network Data
Data examples from Wasserman and Faust are available at:
http://vlado.fmf.uni-lj.si/pub/networks/data/WaFa/default.htm
Miscellaneous social network data and information about Pajek from the Pajek sites
http://pajek.imfm.si/doku.php
http://vlado.fmf.uni-lj.si/pub/networks/book/
http://vlado.fmf.uni-lj.si/pub/networks/data/esna/default.htm
http://vlado.fmf.uni-lj.si/pub/networks/data/
Lin Freeman's data archive: http://moreno.ss.uci.edu/data.html
Mark Newman's data archive with additional links to other sites:
http://www-personal.umich.edu/~mejn/netdata/
Software Documentation
UCINET and NetDraw
http://www.faculty.ucr.edu/~hanneman/nettext/
SNA
http://erzuli.ss.uci.edu/R.stuff/sna/sna-manual.2.2.pdf
Carter Butts's R routines for social network analysis
http://erzuli.ss.uci.edu/R.stuff/
Pajek
http://pajek.imfm.si/doku.php
Readings * (and Suggested Further Readings)
1: Introduction to Social Networks and Network Applications
*Wasserman and Faust, Chapters 1 and 2
*Butts, Carter T. 2008 "Social network analysis: A methodological introduction" Asian
Journal of Social Psychology 11(1) : 13-41.
Hawe, Penelope, Cynthia Webster and Alan Shiell 2004 "A glossary of terms for
navigating the field of social network analysis" J Epidemiol Community Health 58: 971975
Marsden, Peter. 2004. "Network Analysis." Pp. 819-825 in Kimberly Kempf-Leonard
(ed.) Encyclopedia of Social Measurement. San Diego, CA: Academic Press,
2: Representing Networks: Graphs, Matrices, and Network Visualization
*Wasserman and Faust, Chapters 3 and 4
Freeman, Linton "Visualizing Social Networks" Journal of Social Structure, available at:
http://www.cmu.edu/joss/content/articles/volume1/Freeman.html
Freeman, Linton 2005. "Graphic techniques for exploring social network data." Chapter
12, pages 248-269 in Carrington, Peter J., John Scott, and Stanley Wasserman (eds.)
Models and Methods in Social Network Analysis. Cambridge: Cambridge University
Press.
McGrath, Cathleen, Jim Blythe, and David Krackhardt "Seeing Groups in Graph
Layouts" available at http://www.andrew.cmu.edu/user/cm3t/groups.html
Cox, Michael A. A. and Trevor F. Cox 2008. Multidimensional Scaling. Handbook of
Data Visualization Springer Handbooks Comp.Statistics, , III, 315-347.
Johnson, Stephen, 1967. Hierarchical clustering schemes, Psychometrika 32(3):241-254.
3: Graph Theory for Network
Analysis
*Wasserman and Faust, Chapter 4
*Borgatti, Stephen ms. Graph Theory www.steveborgatti.com/papers/graphtheory.doc
Borgatti, Stephen 1994 "A quorum of graph theoretic concepts." Connections 17:47-49.
4: Centrality and Centralization
*Wasserman and Faust, Chapter 5
*Freeman, Linton 1979. "Centrality in social networks: Conceptual clarification." Social
Networks 1:215-239.
*Butts, Carter T. 2008 "Social network analysis: A methodological introduction" Asian
Journal of Social Psychology 11(1) : 13-41. (pages 22-25)
5: Cohesive Subgroups and Two Mode Networks
*Wasserman and Faust, Chapters 7 and 8
Freeman, Linton 1992 "The sociological concept of group: An empirical test of two
models." American Journal of Sociology. 98(1):152-166.
Moody, James and Douglas R. White. 2003. "Structural Cohesion and Embeddedness: A
hierarchical conception of Social Groups." American Sociological Review 68:103-127.
Breiger, Ronald. 1974. "The duality of persons and groups." Social Forces. 53:191-190.
6: Equivalences and Blockmodels, Network Roles and Algebraic Models
*Wasserman and Faust, Chapter 9, 10, and 11
White, Harrison, Scott Boorman and Ronald Breiger. 1976. "Social structure from
multiple networks: I. Blockmodels of roles and positions." American Journal of
Sociology 81(4):730-780.
Borgatti, Steve and Martin Everett 1992. "Notions of position in network analysis."
Sociological Methodology 22:1-36.
Doreian, Patrick, Vladimir Batagelj, and Anuska Ferligoj 2005. "Positional analyses of
sociometric data." Chapter 5 pages 77-97 in Carrington, Peter J., John Scott, and Stanley
Wasserman (eds.) Models and Methods in Social Network Analysis. Cambridge:
Cambridge University Press.
Miller McPherson, Lynn Smith-Lovin, James M. Cook. 2001 Birds of a Feather:
Homophily in Social Networks, Annual Review of Sociology, Vol. 27 (2001), pp. 415444.
7: Local Structure, Subgraphs: Dyads, and
Triads
*Wasserman and Faust, Chapters 6, 13 and 14
*Butts, Carter T. 2008 "Social network analysis: A methodological introduction" Asian
Journal of Social Psychology 11(1) : 13-41. (pages 25-26)
Holland, Paul, and Samuel Leinhardt 1971. "Transitivity in structural models of small
groups." Comparative Group Studies 2:107-124.
Faust, K. (2007). Very Local Structure in Social Networks." Sociological Methodology,
37:209-256.
8: Matrix Permutation Tests for Comparing Relations
*Baker, Frank B. and Lawrence J. Hubert 1981 The Analysis of Social Interaction Data :
A Nonparametric Technique, Sociological Methods and Research 9: 339-361
Hubert, L. 1978. "Evaluating the conformity of sociometric measurements."
Psychometrika 43:31-41.
9: Introduction to Statistical Models, ERGMs
*Robins, Garry, Pip Pattison, Yuval Kalish, Dean Lusher 2007 "An introduction to
exponential random graph (p*) models for social networks" Social Networks 29: 173-191
Wasserman and Faust, Chapter 15
ATTACHMENT 2
SAMPLE ALTERNATIVE DISCIPLINE AGREEMENT
(PRIOR TO INITIATION OF TRADITIONAL DISCIPLINE)
ALTERNATIVE DISCIPLINE AGREEMENT BETWEEN [EMPLOYEE'S NAME]
AND [DIVISION/OFFICE]
The PARTIES to this Agreement are [Employee's Name, title, duty station] (hereafter
referred to as the EMPLOYEE) and the [Division/Office] (hereafter referred to as
USGS).
This Agreement is entered into as an alternative to the initiation of a proposal to [suspend
the EMPLOYEE without pay for 3 calendar days based on the EMPLOYEE'S
misconduct.] Under the terms of this Agreement, the EMPLOYEE acknowledges that:
[He/she was absent without approved leave (AWOL) for a total of 20 hours during pay
periods 21 and 22 of 2000.]
Based on the above, and in consideration of other factors, the USGS has concluded that
the issuance of a [proposal to suspend the EMPLOYEE from duty without pay for 3
calendar days is warranted.] Formal disciplinary action procedures include: [the issuance
of a letter of proposed suspension; the EMPLOYEE'S opportunity to reply orally and/or
in writing to the charges set forth in the proposal; the issuance of a decision based on the
proposal and the EMPLOYEE'S oral and/or written response to the charges (including
any mitigating factors presented by the EMPLOYEE); and the EMPLOYEE'S right to
file a negotiated/administrative grievance regarding the action taken by the USGS.]
However, the PARTIES have agreed to the following as an alternative to the USGS
initiating formal disciplinary action procedures:
1. The EMPLOYEE admits that he/she committed the misconduct cited above,
recognizes the misconduct was unacceptable, and promises that these acts will not
occur in the future;
2. The EMPLOYEE agrees to [donate 24 hours of annual leave to an approved leave
donor recipient within 30 days of the date of the last signature on this Agreement
and to provide his/her supervisor, [name], with proof that such a donation was
made, no later than 10 days after making the donation;]
3. The EMPLOYEE acknowledges that his/her failure to comply with #2 above will
result in the automatic imposition of [a 3 calendar day suspension without pay]
without [the issuance of a proposal to suspend letter,] an opportunity to reply, [a
written decision letter] and the right to grieve the USGS action.
4. The USGS agrees that if the EMPLOYEE fully complies with the condition
specified in #2 above, the USGS will not impose the [3 calendar day suspension;]
5. The EMPLOYEE understands that an additional offense of this nature, or any
other misconduct on his/her part, may result in a proposal for a more severe
disciplinary action, up to and including a proposal to remove the EMPLOYEE
from the Federal service. The EMPLOYEE further understands that the
misconduct cited in this Agreement may be considered a first offense for purposes
of determining any future disciplinary action.
6. The EMPLOYEE understands that this Agreement does not preclude the USGS
from initiating and/or taking appropriate action regarding any other misconduct
not covered by this Agreement.
7. The EMPLOYEE agrees to waive any and all rights to appeal, grieve, complain
of, or otherwise contest actions relating to or arising out of the misconduct
addressed in this alternative discipline agreement. The EMPLOYEE may not in
any way contest the imposition of traditional discipline arising from a breach of
this Agreement; however, he/she may contest a determination that one or more
terms of this Agreement has been breached. The EMPLOYEE cannot waive
prospective EEO complaint rights.*
8. The EMPLOYEE understands that this Agreement will be maintained with the
disciplinary files in the USGS personnel office for a period of 5 years from the
date of the last signature on this Agreement in compliance with Employee
Relations record-keeping requirements.
9. The PARTIES understand that this Agreement is not confidential and will be used
in any manner necessary to carry out the terms. However, it will be shared only
with those who have an official need to know.
10. The PARTIES understand that the terms and conditions of this Agreement are
nonprecedential, meaning they are specific to the EMPLOYEE, and may not be
cited for comparison to another employee's alternative discipline agreement or
traditional disciplinary action.
11. There are no other terms to this Agreement other than those expressly written
here.
12. The EMPLOYEE agrees that he/she has had an opportunity to consult with a
representative on the terms and conditions of this Agreement and has had an
opportunity to clarify any terms or conditions which were not understood by
him/her.
13. The EMPLOYEE understands that he/she is fully responsible for any and all
attorney's fees related to his/her representation in any part of this matter.
14. The PARTIES understand the terms of this Agreement and willingly enter into it.
This Agreement becomes effective upon the date of the last signature of the
PARTIES involved.
Employee's Signature
Supervisor's Signature
Date
Date
FINAL DISPOSITION:
The terms and conditions of this Agreement
were:
Met
Not Met (see attached violation
notice)
Supervisor's Signature
Date
* Note: Where an employee is covered by the Age Discrimination in Employment Act of
1967 (ADEA), as amended, this term should contain an explicit waiver of an ADEA
claim under the Older Workers Benefit Protection Act, as outlined in Oubre v. Entergy
Operations, Inc., 117 S. Ct. 1466 (1998), regardless of whether the employee has raised
the issue. (Although the EEOC has stopped short of requiring this language in
agreements where an employee has NOT raised an age discrimination claim, we believe
it is prudent based on the wording in Oubre.) The following language may be used for
this waiver:
UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT
AGENCY APPEAL PRE-ARGUMENT STATEMENT (FORM C-A)
9
9
APPLICATION FOR ENFORCEMENT
1. SEE NOTICE ON REVERSE.
2. PLEASE TYPE OR PRINT.
CAPTION:
PETITION FOR REVIEW
3. STAPLE ALL ADDITIONAL PAGES.
AGENCY NAME:
AGENCY NO.:
DATE THE ORDER UPON WHICH
REVIEW OR ENFORCEMENT IS
SOUGHT WAS ENTERED BELOW:
ALIEN NO :
(Immigration Only)
DATE THE PETITION OR
APPLICATION WAS FILED:
Is this a cross-petition for review /
cross-application for enforcement?
9 YES
9 NO
Contact
Information
for
Petitioner(s)
Attorney:
Counsel’s Name:
Address:
Telephone No.:
Fax No.:
E-mail:
Contact
Information
for
Respondent(s)
Attorney:
Counsel’s Name:
Address:
Telephone No.:
Fax No.:
E-mail:
JURISDICTION
OF THE COURT
OF APPEALS
(provide U.S.C.
title and section):
APPROX. NUMBER
OF PAGES IN THE
RECORD:
APPROX.
NUMBER OF
EXHIBITS IN
THE RECORD:
Has this matter been before this Circuit previously?
9 Yes
9 No
If Yes, provide the following:
Case Name:
2d Cir. Docket No.:
Reporter Citation: (i.e., F.3d or Fed. App.)
ADDENDUM “A”: COUNSEL MUST ATTACH TO THIS FORM: (1) A BRIEF, BUT NOT PERFUNCTORY, DESCRIPTION OF THE
NATURE OF THE ACTION; (2) THE RESULT BELOW; AND (3) A COPY OF ALL RELEVANT OPINIONS/ORDERS FORMING THE
BASIS FOR THIS PETITION FOR REVIEW OR APPLICATION FOR ENFORCEMENT.
ADDENDUM “B”: COUNSEL MUST ATTACH TO THIS FORM: (1) THE RELIEF REQUESTED; (2) A LIST OF THE PROPOSED
ISSUES; AND (3) THE APPLICABLE APPELLATE STANDARD OF REVIEW FOR EACH PROPOSED ISSUE.
PART A: STANDING AND VENUE
STANDING
PETITIONER / APPLICANT IS:
9 AGENCY
9 OTHER PARTY
9 NON-PARTY (SPECIFY STANDING):
VENUE
COUNSEL MUST PROVIDE IN THE SPACE BELOW THE FACTS OR
CIRCUMSTANCES UPON WHICH VENUE IS BASED:
IMPORTANT. COMPLETE AND SIGN REVERSE SIDE OF THIS FORM.
Page 1 of 2
PART B: NATURE OF ORDER UPON WHICH REVIEW OR ENFORCEMENT IS SOUGHT
(Check as many as apply)
TYPE OF CASE:
x
x
x
x
x
x
ADMINISTRATIVE REGULATION/ RULEMAKING
IMMIGRATION-includes denial of an asylum claim
BENEFITS REVIEW
IMMIGRATION-does NOT include denial of an asylum claim
x
x
UNFAIR LABOR
HEALTH & SAFETY
COMMERCE
TARIFFS
OTHER:
(SPECIFY)
ENERGY
1. Is any matter relative to this petition or application still pending below? 9 Yes, specify:
9 No
2. To your knowledge, is there any case presently pending or about to be brought before this Court or another court or administrative agency
which:
(A) Arises from substantially the same case or controversy as this petition or application ?
9 Yes
9 No
(B)
Involves an issue that is substantially similar or related to an issue in this petition or application ?
9 Yes
9 No
If yes, state whether 9 “A,” or 9 “B,” or 9 both are applicable, and provide in the spaces below the following information on the other action(s):
Case Name:
Docket No.
Citation:
Court or Agency:
Name of Petitioner or Applicant:
Date:
03/12/2025
Signature of Counsel of Record:
Sean Stengle
NOTICE TO COUNSEL
Once you have filed your Petition for Review or Application for Enforcement, you have only 14 days in which to complete the
following important steps:
1.
2.
Complete this Agency Appeal Pre-Argument Statement (Form C-A); serve it upon your adversary, and file it with the
Clerk of the Second Circuit in accordance with LR 25.1.
Pay the $500 docketing fee to the Clerk of the Second Circuit, unless you are authorized to prosecute the appeal without payment.
PLEASE NOTE: IF YOU DO NOT COMPLY WITH THESE REQUIREMENTS WITHIN 14 CALENDAR DAYS, YOUR
PETITION FOR REVIEW OR APPLICATION FOR ENFORCEMENT WILL BE DISMISSED. SEE LOCAL RULE 12.1.
Page 2 of 2
PART B: DISTRICT COURT DISPOSITION
1. Stage of Proceedings
9
9
9
Pre-trial
During trial
After trial
(Check as many as apply)
2. Type of Judgment/Order Appealed
9 Default judgment
9 Dismissal/FRCP 12(b)(1)
lack of subject matter juris.
9 Dismissal/FRCP 12(b)(6)
failure to state a claim
9 Dismissal/28 U.S.C. § 1915(e)(2)
frivolous complaint
9 Dismissal/28 U.S.C. § 1915(e)(2)
other dismissal
9 Dismissal/other jurisdiction
9 Dismissal/merit
9 Judgment / Decision of the Court
9 Summary judgment
9 Declaratory judgment
9 Jury verdict
9 Judgment NOV
9 Directed verdict
9 Other (specify):
3. Relief
9 Damages:
9 Injunctions:
Sought: $
Granted: $
Denied: $
9 Preliminary
9 Permanent
9 Denied
PART C: NATURE OF SUIT (Check as many as apply)
1. Federal Statutes
9 Antitrust
9 Bankruptcy
9 Banks/Banking
9 Civil Rights
9 Commerce
9 Energy
9 Commodities
9 Other (specify):
9 Communications
9 Consumer Protection
9 Copyright 9 Patent
9 Trademark
9 Election
9 Soc. Security
9 Environmental
5. Other
9 Hague Int’l Child Custody Conv.
9 Forfeiture/Penalty
9 Real Property
9 Treaty (specify):
9 Other (specify):
9 Freedom of Information Act
9 Immigration
9 Labor
9 OSHA
9 Securities
9 Tax
2. Torts
3. Contracts
4. Prisoner Petitions
9 Admiralty/
Maritime
9 Assault /
Defamation
9 FELA
9 Products Liability
9 Other (Specify):
9 Admiralty/
Maritime
9 Arbitration
9 Commercial
9 Employment
9 Insurance
9 Negotiable
Instruments
9 Other Specify
9
9
9
9
9
9
6. General
9 Arbitration
9 Attorney Disqualification
9 Class Action
9 Counsel Fees
9 Shareholder Derivative
9 Transfer
1. Is any matter relative to this appeal still pending below?
Civil Rights
Habeas Corpus
Mandamus
Parole
Vacate Sentence
Other
7. Will appeal raise constitutional issue(s)?
9 Yes
9 No
Will appeal raise a matter of first
impression?
9 Yes
9 Yes, specify:
9 No
9 No
2. To your knowledge, is there any case presently pending or about to be brought before this Court or another court or administrative agency
which:
(A) Arises from substantially the same case or controversy as this appeal?
9 Yes
9 No
(B)
Involves an issue that is substantially similar or related to an issue in this appeal?
9 Yes
9 No
If yes, state whether 9 “A,” or 9 “B,” or 9 both are applicable, and provide in the spaces below the following information on the other action(s):
Case Name:
Docket No.
122(18)
Citation:
Court or Agency:
Roots of Progress
Name of Appellant:
Signature of Counsel of Record: Sean Stengle
Date:
NOTICE TO COUNSEL
Once you have filed your Notice of Appeal with the District Court or the Tax Court, you have only 14 days in which to complete the following
important steps:
1. Complete this Civil Appeal Pre-Argument Statement (Form C); serve it upon all parties, and file it with the Clerk of the Second Circuit in accordance
with LR 25.1.
2. File the Court of Appeals Transcript Information/Civil Appeal Form (Form D) with the Clerk of the Second Circuit in accordance with LR 25.1.
3. Pay the$505 docketing fee to the United States District Court or the $500 docketing fee to the United States Tax Court unless you are authorized to
prosecute the appeal without payment.
PLEASE NOTE: IF YOU DO NOT COMPLY WITH THESE REQUIREMENTS WITHIN 14 DAYS, YOUR APPEAL WILL BE
DISMISSED. SEE LOCAL RULE 12.1.
FORM C (Rev. December 2016)
Office for Human Research Protections
Department of Health and Human Services
Guidance on Extension of an FWA to Cover Collaborating Individual Investigators and
Introduction of the Individual Investigator Agreement
Date: January 31, 2005
Scope:7KLVGRFXPHQWGHVFULEHVDSHUPLVVLEOHPHFKDQLVPXQGHUZKLFKDQLQVWLWXWLRQKROGLQJDQ
2IILFHIRU+XPDQ5HVHDUFK3URWHFWLRQV 2+53 DSSURYHG)HGHUDOZLGH$VVXUDQFH ):$ KHUHDIWHUUHIHUUHGWRDVWKHassured institution PD\H[WHQG±IRURQHRUPRUHUHVHDUFKSURWRFROV
±WKHDSSOLFDELOLW\RILWV):$WRFRYHUWZRW\SHVRIFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUV
FROODERUDWLQJindependentLQYHVWLJDWRUVDQGFROODERUDWLQJinstitutionalLQYHVWLJDWRUV
7KLVPHFKDQLVPZRXOGEHSHUPLWWHGIRUany Department of Health and Human Services
(HHS) conducted or supported human subjects research when the research is being
conducted under the direction and supervision of a principal investigator from the assured
institution7KLVPHFKDQLVPSURYLGHVDQDOWHUQDWLYHWRHVWDEOLVKLQJDGGLWLRQDO):$VIRU
QXPHURXVLQVWLWXWLRQVWKDWGRQRWKROG):$V KHUHDIWHUUHIHUUHGWRDVnon-assured institutions DQGGRQRWURXWLQHO\FRQGXFWKXPDQVXEMHFWVUHVHDUFK
$Q\QRQDVVXUHGLQVWLWXWLRQPD\FKRRVHWRVXEPLWDQDVVXUDQFHWR2+53IRUDSSURYDOUDWKHU
WKDQDJUHHWRWKHXVHRIWKLVPHFKDQLVPWKDWH[WHQGVDQRWKHULQVWLWXWLRQ¶V):$WRFRYHUD
FROODERUDWLQJLQVWLWXWLRQDOLQYHVWLJDWRUHPSOR\HGE\WKHQRQDVVXUHGLQVWLWXWLRQ3OHDVHQRWHWKDW
LI++6FRQGXFWHGRUVXSSRUWHGKXPDQVXEMHFWVUHVHDUFKDFWLYLWLHVURXWLQHO\RFFXUDWDQRQ
DVVXUHGLQVWLWXWLRQWKHLQVWLWXWLRQVKRXOGREWDLQDQ2+53DSSURYHG):$EHFDXVHWKLVJXLGDQFH
GRHVQRWDSSO\$OVRif the non-assured institution is the primary awardee for an HHSsupported award providing support for non-exempt human subjects research, the
institution must obtain its own OHRP-approved FWA.,IDQLQVWLWXWLRQLVXQFHUWDLQDERXWWKH
QHHGIRULWVRZQ):$LWVKRXOGFRQVXOWZLWK2+53
This document also introduces a new sample agreement called the Individual Investigator
Agreement, which allows for the flexibility offered in this guidance and which will replace
all prior sample investigator agreements developed by OHRP.
Target Audience:7KLVGRFXPHQWSULPDULO\LVLQWHQGHGWRDVVLVWLQVWLWXWLRQDOUHYLHZERDUG
,5% DGPLQLVWUDWRUVUHVHDUFKDGPLQLVWUDWRUV,5%FKDLUSHUVRQVDQGPHPEHUVLQYHVWLJDWRUV
LQVWLWXWLRQDORIILFLDOVDQGIXQGLQJDJHQFLHVWKDWPD\EHUHVSRQVLEOHIRUUHYLHZRURYHUVLJKWRI
KXPDQVXEMHFWVUHVHDUFKFRQGXFWHGRUVXSSRUWHGE\++6
REGULATORY BACKGROUND
++6UHJXODWLRQVDW&)5 D UHTXLUHWKDWHDFKLQVWLWXWLRQHQJDJHGLQ++6FRQGXFWHGRU
VXSSRUWHGKXPDQVXEMHFWVUHVHDUFKSURYLGHZULWWHQDVVXUDQFHVDWLVIDFWRU\WR++6WKDWLWZLOO
FRPSO\ZLWKWKHUHTXLUHPHQWVRIWKH++6UHJXODWLRQVIRUWKHSURWHFWLRQRIKXPDQVXEMHFWV
XQOHVVWKHUHVHDUFKLVH[HPSWXQGHU&)5 E ++6UHJXODWLRQVDW&)5 E UHTXLUHWKDWHDFKLQVWLWXWLRQHQJDJHGLQ++6FRQGXFWHGRUVXSSRUWHGKXPDQVXEMHFWVUHVHDUFK
FHUWLI\WRWKH++6IXQGLQJDJHQF\WKDWWKHUHVHDUFKKDVEHHQDSSURYHGE\DQ,5%GHVLJQDWHGLQ
WKHDVVXUDQFH
TWO TYPES OF COLLABORATING INDIVIDUAL INVESTIGATORS
2+53QRWHVWKDWVRPHKXPDQVXEMHFWVUHVHDUFKFRQGXFWHGE\DQDVVXUHGLQVWLWXWLRQPD\LQYROYH
WKHIROORZLQJWZRW\SHVRIFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUV
$FROODERUDWLQJindependentLQYHVWLJDWRULV
D QRWRWKHUZLVHDQHPSOR\HHRUDJHQWRIWKHDVVXUHGLQVWLWXWLRQ
E FRQGXFWLQJFROODERUDWLYHUHVHDUFKDFWLYLWLHVRXWVLGHWKHIDFLOLWLHVRIWKH
assuredLQVWLWXWLRQDQG
F QRWDFWLQJDVDQHPSOR\HHRIanyLQVWLWXWLRQZLWKUHVSHFWWRKLVRUKHU
LQYROYHPHQWLQWKHUHVHDUFKEHLQJFRQGXFWHGE\WKHDVVXUHGLQVWLWXWLRQ
$FROODERUDWLQJinstitutionalLQYHVWLJDWRULV
D QRWRWKHUZLVHDQHPSOR\HHRUDJHQWRIWKHassuredLQVWLWXWLRQ
E FRQGXFWLQJFROODERUDWLYHUHVHDUFKDFWLYLWLHVRXWVLGHWKHIDFLOLWLHVRIWKH
assuredLQVWLWXWLRQ
F DFWLQJDVDQHPSOR\HHRUDJHQWRIDnon-assuredLQVWLWXWLRQZLWKUHVSHFWWRKLV
RUKHULQYROYHPHQWLQWKHUHVHDUFKEHLQJFRQGXFWHGE\WKHassuredLQVWLWXWLRQ
DQG
G HPSOR\HGE\RUDFWLQJDVDQDJHQWRIDnon-assured institutionWKDWGRHVQRW
URXWLQHO\FRQGXFWKXPDQVXEMHFWVUHVHDUFK
3ULRUWR-DQXDU\WKHHIIHFWLYHGDWHRIWKLVJXLGDQFHGRFXPHQWDVVXUDQFHRSWLRQVIRU
FROODERUDWLQJindependentLQYHVWLJDWRUVLQFOXGHG WKH8QDIILOLDWHG,QYHVWLJDWRU$JUHHPHQW
8,$ IRUFROODERUDWLQJLQGHSHQGHQWLQYHVWLJDWRUVHQJDJHGLQUHVHDUFKDFWLYLWLHVLQFROODERUDWLRQ
ZLWK):$LQVWLWXWLRQVDQGZKRDUHQRWDFWLQJDVHPSOR\HHVRIDQ\LQVWLWXWLRQZLWKUHVSHFWWRWKH
UHVHDUFKDFWLYLWLHV WKH1RQ,QVWLWXWLRQDO,QYHVWLJDWRU$JUHHPHQW 1,$ IRUFROODERUDWLQJ
LQGHSHQGHQWLQYHVWLJDWRUVVROHO\LQYROYHGLQ&RRSHUDWLYH3URWRFRO5HVHDUFK3URJUDPVDQG WKH$JUHHPHQWIRU,QGHSHQGHQW,QYHVWLJDWRUV $,, IRUFROODERUDWLQJLQGHSHQGHQWLQYHVWLJDWRUV
LQYROYHGLQDQ\RWKHU++6FRQGXFWHGRUVXSSRUWHGKXPDQVXEMHFWVUHVHDUFKQRWFRYHUHGE\D
8,$RU1,$1RZWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRUDQRWKHUVLPLODUDJUHHPHQW
GHYHORSHGE\DQDVVXUHGLQVWLWXWLRQZLOOEHWKHVROHDVVXUDQFHRSWLRQIRUFROODERUDWLQJ
independentLQYHVWLJDWRUV
3ULRUWRWKLVJXLGDQFH2+53KDGQRWHVWDEOLVKHGDURXWLQHIRUPDOPHFKDQLVPIRUDQDVVXUHG
LQVWLWXWLRQWRH[WHQGWKHDSSOLFDELOLW\RILWV):$WRFRYHUFROODERUDWLQJinstitutional
LQYHVWLJDWRUV
INTRODUCTION OF THE INDIVIDUAL INVESTIGATOR AGREEMENT
Effective January 31, 2005, OHRP has replaced the UIA, NIA, and AII with the sample
Individual Investigator Agreement, which will provide greater flexibility and simplicity.
Previously executed AIIs, NIAs, and UIAs may remain in effect until all applicable research
that has already been initiated is completed or until the previous agreement has been
replaced by an new Individual Investigator Agreement or other written agreement
developed by an assured institution. 7KHQHZVDPSOH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWPD\EHXVHGE\DQDVVXUHGLQVWLWXWLRQWR
H[WHQG±IRURQHRUPRUHUHVHDUFKSURWRFROV±WKHDSSOLFDELOLW\RILWV):$WRFRYHUHLWKHU
FROODERUDWLQJindependentLQYHVWLJDWRUVRUFROODERUDWLQJinstitutionalLQYHVWLJDWRUV
7KHVDPSOH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWPD\EHIRXQGRQWKH2+53ZHEVLWHDW
http://www.hhs.gov/ohrp/assurances/forms/unaflsup.rtf,QVWLWXWLRQVDOVRPD\GHYHORS
WKHLURZQDJUHHPHQWVIRULQGLYLGXDOLQYHVWLJDWRUVSURYLGHGWKHFRQGLWLRQVEHORZDUHPHW
CONDITIONS FOR EXTENDING AN FWA TO COVER COLLABORATING
INDIVIDUAL INVESTIGATORS
2+53ZLOOSHUPLWDQDVVXUHGLQVWLWXWLRQWRH[WHQGLWV):$WRFRYHUDFROODERUDWLQJindependent
RUinstitutionalLQYHVWLJDWRUSURYLGHGDOORIWKHIROORZLQJFRQGLWLRQVDUHVDWLVILHG
7KHSULQFLSDOLQYHVWLJDWRUDWWKHDVVXUHGLQVWLWXWLRQGLUHFWVDQGDSSURSULDWHO\
VXSHUYLVHVDOORIWKHFROODERUDWLYHUHVHDUFKDFWLYLWLHVWREHSHUIRUPHGE\WKHFROODERUDWLQJ
LQGLYLGXDOLQYHVWLJDWRURXWVLGHWKHDVVXUHGLQVWLWXWLRQ
7KHH[WHQVLRQRIWKHFRYHUDJHRIWKH):$LVSXWLQSODFHE\XVHRIDQDSSURSULDWH
ZULWWHQDJUHHPHQWVXFKDVWKHVDPSOH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWIRUHDFK
FROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUZKRZLOOEHHQJDJHGLQWKHUHVHDUFKEHLQJ
FRQGXFWHGE\WKHDVVXUHGLQVWLWXWLRQThe assured institution must maintain the
Individual Investigator Agreement,RURWKHUZULWWHQDJUHHPHQWXVHGE\WKHDVVXUHG
LQVWLWXWLRQ on file and provide copies to OHRP upon request.
)RUFROODERUDWLQJinstitutionalLQYHVWLJDWRUVWKHDSSURSULDWHDXWKRULWLHVDWWKHQRQ
DVVXUHGLQVWLWXWLRQVWDWHLQZULWLQJWKDWWKHFRQGXFWRIWKHUHVHDUFKLVSHUPLWWHGDWWKHLU
LQVWLWXWLRQ
7KHDVVXUHGLQVWLWXWLRQDQGWKHUHVSRQVLEOH,5%GHVLJQDWHGXQGHUWKH):$DSSURYH
WKHH[WHQVLRQRIWKHDVVXUDQFHWKURXJKHLWKHUWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRU
RWKHUZULWWHQDJUHHPHQWXVHGE\WKHDVVXUHGLQVWLWXWLRQ
7KHIROORZLQJGRFXPHQWVDUHPDGHDYDLODEOHWRWKHFROODERUDWLQJLQGLYLGXDO
LQYHVWLJDWRU D The Belmont Report: Ethical Principles and Guidelines for the
Protection of Human Subjects of Research VHH
http://www.hhs.gov/ohrp/humansubjects/guidance/belmont.html RURWKHULQWHUQDWLRQDOO\
UHFRJQL]HGHTXLYDOHQW VHHVHFWLRQ%RIWKH7HUPVRIWKH)HGHUDOZLGH$VVXUDQFH
):$ IRU,QWHUQDWLRQDO 1RQ86 ,QVWLWXWLRQVRQWKH2+53ZHEVLWHDW
http://www.hhs.gov/ohrp/assurances/assurances/filasurt.html#sectionb E WKH++6
UHJXODWLRQVIRUWKHSURWHFWLRQRIKXPDQVXEMHFWVDW&)5SDUW VHH
KWWSZZZKKVJRYRKUSKXPDQVXEMHFWVJXLGDQFHFIUKWPO RURWKHUSURFHGXUDO
VWDQGDUGVGHVLJQDWHGE\DQRQ86LQVWLWXWLRQXQGHULWV):$ VHHVHFWLRQ%RIWKH
7HUPVRIWKH)HGHUDOZLGH$VVXUDQFH ):$ IRU,QWHUQDWLRQDO 1RQ86 ,QVWLWXWLRQVRQ
WKH2+53ZHEVLWHDWhttp://www.hhs.gov/ohrp/assurances/assurances/filasurt.html#sectionb F WKH):$DQGDSSOLFDEOH7HUPVRIWKH):$IRUWKHDVVXUHGLQVWLWXWLRQDQG G WKH
UHOHYDQWLQVWLWXWLRQDOSROLFLHVDQGSURFHGXUHVIRUWKHSURWHFWLRQRIKXPDQVXEMHFWVRIWKH
DVVXUHGLQVWLWXWLRQ
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUXQGHUVWDQGVDQGDFFHSWVWKHUHVSRQVLELOLW\WR
FRPSO\ZLWKWKHVWDQGDUGVDQGUHTXLUHPHQWVVWLSXODWHGLQWKHGRFXPHQWVUHIHUHQFHGLQWKH
SUHFHGLQJSDUDJUDSKDQGWRSURWHFWWKHULJKWVDQGZHOIDUHRIKXPDQVXEMHFWVLQYROYHGLQ
UHVHDUFKFRQGXFWHGXQGHUWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRURWKHUZULWWHQ
DJUHHPHQWXVHGE\WKHDVVXUHGLQVWLWXWLRQ
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDJUHHVWRFRPSO\ZLWKDOORWKHUDSSOLFDEOH
IHGHUDOLQWHUQDWLRQDOVWDWHDQGORFDOODZVUHJXODWLRQVDQGSROLFLHVWKDWPD\SURYLGH
DGGLWLRQDOSURWHFWLRQVIRUKXPDQVXEMHFWVSDUWLFLSDWLQJLQUHVHDUFKFRQGXFWHGXQGHUWKH
,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRURWKHUZULWWHQDJUHHPHQWXVHGE\WKHDVVXUHG
LQVWLWXWLRQ
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDJUHHVWRDELGHE\DOOGHWHUPLQDWLRQVRIWKH
,QVWLWXWLRQDO5HYLHZ%RDUG ,5% ,QGHSHQGHQW(WKLFV&RPPLWWHH ,(& GHVLJQDWHGXQGHU
WKH):$RIWKHDVVXUHGLQVWLWXWLRQDQGDJUHHVWRDFFHSWWKHILQDODXWKRULW\DQGGHFLVLRQV
RIWKH,5%,(&LQFOXGLQJEXWQRWOLPLWHGWRGLUHFWLYHVWRWHUPLQDWHSDUWLFLSDWLRQLQ
GHVLJQDWHGUHVHDUFKDFWLYLWLHVFRQGXFWHGXQGHUWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRU
RWKHUZULWWHQDJUHHPHQWXVHGE\WKHDVVXUHGLQVWLWXWLRQ
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDJUHHVWRFRPSOHWHDQ\HGXFDWLRQDOWUDLQLQJ
UHTXLUHGE\WKHDVVXUHGLQVWLWXWLRQDQGRUWKH,5%,(&SULRUWRLQLWLDWLQJUHVHDUFKFRYHUHG
XQGHUWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRURWKHUZULWWHQDJUHHPHQWXVHGE\WKH
DVVXUHGLQVWLWXWLRQ
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDJUHHVQRWWRHQUROOVXEMHFWVLQUHVHDUFK
XQGHUWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRURWKHUDJUHHPHQWXVHGE\WKHDVVXUHG
LQVWLWXWLRQSULRUWRWKHUHVHDUFKEHLQJUHYLHZHGDQGDSSURYHGE\WKH,5%,(&
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDJUHHVWRUHSRUWSURPSWO\WRWKH,5%,(&
DQ\SURSRVHGFKDQJHVLQWKHUHVHDUFKFRQGXFWHGXQGHUWKH,QGLYLGXDO,QYHVWLJDWRU
$JUHHPHQWRURWKHUDJUHHPHQWXVHGE\WKHDVVXUHGLQVWLWXWLRQ7KHFROODERUDWLQJ
LQVWLWXWLRQDOLQYHVWLJDWRUDJUHHVQRWWRLQLWLDWHFKDQJHVLQWKHUHVHDUFKZLWKRXWSULRU
,5%,(&UHYLHZDQGDSSURYDOH[FHSWZKHUHQHFHVVDU\WRHOLPLQDWHDSSDUHQWLPPHGLDWH
KD]DUGVWRVXEMHFWV
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDJUHHVWRUHSRUWLPPHGLDWHO\WRWKH
,5%,(&DQ\XQDQWLFLSDWHGSUREOHPVLQYROYLQJULVNVWRVXEMHFWVRURWKHUVLQUHVHDUFK
FRYHUHGXQGHUWKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRURWKHUDJUHHPHQWXVHGE\WKH
DVVXUHGLQVWLWXWLRQ
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUZKHQUHVSRQVLEOHIRUHQUROOLQJVXEMHFWV
DJUHHVWRREWDLQGRFXPHQWDQGPDLQWDLQUHFRUGVRILQIRUPHGFRQVHQWIRUHDFKVXFK
VXEMHFWRUHDFKVXEMHFW¶VOHJDOO\DXWKRUL]HGUHSUHVHQWDWLYHDVUHTXLUHGXQGHU++6
UHJXODWLRQVDW&)5SDUW RUDQ\RWKHULQWHUQDWLRQDORUQDWLRQDOSURFHGXUDOVWDQGDUGV
VHOHFWHGLQWKH):$IRUWKHLQVWLWXWLRQUHIHUHQFHGDERYH DQGVWLSXODWHGE\WKH,5%,(&
7KHFROODERUDWLQJLQGLYLGXDOLQYHVWLJDWRUDFNQRZOHGJHVDQGDJUHHVWRFRRSHUDWHZLWK
WKH,5%,(&¶VLQLWVLQLWLDODQGFRQWLQXLQJUHYLHZUHFRUGNHHSLQJUHSRUWLQJDQG
FHUWLILFDWLRQIRUWKHUHVHDUFKFRYHUHGE\WKH,QGLYLGXDO,QYHVWLJDWRU$JUHHPHQWRURWKHU
DJUHHPHQWXVHGE\WKHDVVXUHGLQVWLWXWLRQ7KHFROODERUDWLQJLQVWLWXWLRQDOLQYHVWLJDWRU
DJUHHVWRSURYLGHDOOLQIRUPDWLRQUHTXHVWHGE\WKH,5%,(&LQDWLPHO\IDVKLRQ
,I\RXKDYHVSHFLILFTXHVWLRQVDERXWKRZWRDSSO\WKLVJXLGDQFHSOHDVHFRQWDFW2+53E\SKRQH
DW WROOIUHHZLWKLQWKH86 RUE\HPDLODW
RKUS#KKVJRY