An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to www.epa.gov. This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Cross-Media Electronic Reporting Rule

Lesson 7: Key Decision 2 - Defining the Copy of Record (COR)

What the system defines as the COR determines:

  • How the COR is Shown to be "True and Correct"
    • The closer the COR is to the file received, the easier a "true and correct" showing may be, since there will be few or no transformations of that file to account for.
    • For CORs that do not have an associated hash value, a "true and correct" showing will depend heavily on how their access is secured, controlled, and logged.
    • If CORs can incorporate changes to their content—for example, to accommodate submitter corrections—then a "true and correct" showing will depend heavily on a chain of custody that documents all such changes and their circumstances.
  • How Opportunity to Review is Provided
    • The COR's format will determine what processing is needed for a "human-readable" version.
    • The medium in which the COR is maintained (e.g. electronic or paper) will affect how it can be provided for review.

For example, consider the following ways a system can define the COR:

  • A PDF capture of the on-screen appearance of the file submitted, associated with the signature, the date and time of submission, and a hash value of the file submitted
  • The submitted data as stored in a database, associated with the signature and the date and time of submission
  • A print-out of the submitted data, including the signature and the date and time of submission
Defining the COR
Example Solutions Solution A
PDF Capture of the Submitted File
Solution B
Data in a Database
Solution C
A Paper Print-Out
Opportunity to Review the COR Requires making the PDF available online or sending it to the signer or submitter—as an email attachment or by other means—assuming the PDF captures a human-readable format. Requires: (1) system functions to put the data into a human-readable format; and (2) making the formatted data available online or sending it to the signer or submitter by other means, such as an email attachment. Requires procedures to: (1) receive requests; (2) produce paper copies; and (3) deliver the copies.
COR is Shown to be "True and Correct" Requires a demonstration of the integrity of the PDF file, for example, by showing that it has been secured against tampering or that a hash value calculated from the file matches the hash calculated when it was received. Requires a demonstration that: (1) the processing that placed the data in the database did not, in any way, affect its informational content; and (2) that the database has been secured against tampering and any undocumented changes. Requires procedures to: (1) produce an accurate print-out of the submittal; (2) certify the print-out's accuracy; and (3) secure the print-out against any tampering or destruction.

Back | Next