An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Cross-Media Electronic Reporting Rule

Lesson 6: Copy of Record (COR)

Back | Next

Checklist items 18 through 20 are grouped under the fifth and final process, the COR Process. These items represent CROMERR requirements that the system must satisfy in creating and maintaining CORs. The items address:

  • What data CORs must capture;
  • How access to CORs must be provided to program and enforcement staff; and
  • How the CORs must be maintained.

Checklist items 18 through 20 are listed below.

18. Creation of COR

§ 3.2000(b)(1) through (2): For each legitimate submittal received, CROMERR requires the system to create a COR. The COR must be a true and correct copy of the submittal, in the sense that it must have exactly the same informational content as the submittal; otherwise, it must document any changes to this content after submittal.

The COR must include all associated signatures, the date and time of receipt, and any other information necessary to interpret the submittal.

Finally, the COR must be viewable in a human-readable format that makes the meaning of each information item clear; although it need not be maintained in this format or in the format in which the submittal was originally received.


19. Timely Availability of COR, as needed

§ 3.2000(b)(1) through (2): CROMERR requires the system to provide program and enforcement staff with timely access to the CORs and the associated documentation.

20. Maintenance of COR

CROMERR requires the system to maintain the CORs for as long as needed by program or enforcement staff. The CORs must be maintained together with any information needed to document their integrity, such as records or logs of associated signature validation processes. Finally, the CORs must be maintained in a way that protects them from alteration or deletion on a system that is electronically and physically secure. 

Back | Next