Appendix A Glossary A-1 LIST OF ACRONYMS AND ABBREVIATIONS ARDA Advanced Research and Devel

svn之svn：ignore命令⾏设置svn help 中有 propset propget propdel proplist propedit五个关于prop，也就是svn属性的设置。

在当前的svn⼯作拷贝下，svn status有些⽂件总是提⽰? 很烦⼈，所以希望通过设置svn:ignore来避免这种⽆聊的提⽰，试了⼏下命令，不⾏，还是看看 svn help propedit吧，终于弄懂了。

⼀下是svn的这个帮助信息：View Codepropset (pset, ps): Set the value of a property on files, dirs, or revisions.usage: 1. propset PROPNAME PROPVAL PATH...2. propset PROPNAME --revprop -r REV PROPVAL [TARGET]1. Changes a versioned file or directory property in a working copy.2. Changes an unversioned property on a repository revision.(TARGET only determines which repository to access.)The value may be provided with the --file option instead of PROPVAL.Note: svn recognizes the following special versioned propertiesbut will store any arbitrary properties set:svn:ignore - A newline separated list of file glob patterns to ignore.svn:keywords - Keywords to be expanded. Valid keywords are:URL, HeadURL - The URL for the head version of the object.Author, LastChangedBy - The last person to modify the file.Date, LastChangedDate - The date/time the object was last modified.Rev, Revision, - The last revision the object changed.LastChangedRevisionId - A compressed summary of the previous4 keywords.Header - Similar to Id but includes the full URL.svn:executable - If present, make the file executable. Use'svn propdel svn:executable PATH...' to clear.svn:eol-style - One of 'native', 'LF', 'CR', 'CRLF'.svn:mime-type - The mimetype of the file. Used to determinewhether to merge the file, and how to serve it from Apache.A mimetype beginning with 'text/' (or an absent mimetype) istreated as text. Anything else is treated as binary.svn:externals - A newline separated list of module specifiers,each of which consists of a URL and a relative directory path,similar to the syntax of the 'svn checkout' command:/repos/zig foo/barA revision to check out can optionally be specified to pin theexternal to a known revision:-r25 /repos/zig foo/barTo unambiguously identify an element at a path which has beendeleted (possibly even deleted multiple times in its history),an optional peg revision can be appended to the URL:-r25 /repos/zig@42 foo/barRelative URLs are indicated by starting the URL with oneof the following strings:../ to the parent directory of the extracted external^/ to the repository root// to the scheme/ to the server rootThe ambiguous format 'relative_path relative_path'is taken as'relative_url relative_path' with peg revision support.Lines in externals definitions starting with the '#' characterare considered comments and are ignored.Subversion 1.4 and earlier only support the following formatswhere peg revisions can only be specified using a -r modifierand where URLs cannot be relative:foo /repos/zigfoo/bar -r 1234 /repos/zagUse of these formats is discouraged. They should only be used ifinteroperability with 1.4 clients is desired.svn:needs-lock - If present, indicates that the file should be lockedbefore it is modified. Makes the working copy file read-onlywhen it is not locked. Use 'svn propdel svn:needs-lock PATH...'to clear.The svn:keywords, svn:executable, svn:eol-style, svn:mime-type andsvn:needs-lock properties cannot be set on a directory. A non-recursiveattempt will fail, and a recursive attempt will set the propertyonly on the file children of the directory.有效选项:-F [--file] ARG : 从⽂件 ARG 读取属性值--encoding ARG : 将ARG的值视为字符编码-q [--quiet] : 不打印信息，或只打印概要信息-r [--revision] ARG : ARG (⼀些命令也接受ARG1:ARG2范围)版本参数可以是如下之⼀:NUMBER 版本号'{' DATE '}'在指定时间以后的版本'HEAD'版本库中的最新版本'BASE'⼯作副本的基线版本'COMMITTED'最后提交或基线之前'PREV' COMMITTED的前⼀版本--targets ARG : 传递⽂件 ARG 内容为附件参数-R [--recursive] : 向下递归，与 --depth=infinity 相同--depth ARG : 限制操作深度是 ARG ('empty', 'files','immediates', 或'infinity')--revprop : 在版本属性上操作(使⽤-r参数)--force : 强制操作运⾏--changelist [--cl] ARG : 只能对修改列表 ARG 的成员操作全局选项:--username ARG : 指定⽤户名称 ARG--password ARG : 指定密码 ARG--no-auth-cache : 不要缓存⽤户认证令牌--non-interactive : 不要交互提⽰--trust-server-cert : accept SSL server certificates from unknowncertificate authorities without prompting (but onlywith '--non-interactive')--config-dir ARG : 从⽬录 ARG 读取⽤户配置⽂件--config-option ARG : 以下属格式设置⽤户配置选项：FILE:SECTION:OPTION=[VALUE]例如：servers:global:http-library=serfayanmw@ayanmw-desktop:/data/gps-svn/trunk/GPSServer$ svn propset svn:ignore "*.class*.o*.out.gdbinit.cproject.project" .设置属性 “svn:ignore” 于 “.”ayanmw@ayanmw-desktop:/data/gps-svn/trunk/GPSServer$ svn plist“.” 上的属性:svn:ignoresvn:mergeinfoayanmw@ayanmw-desktop:/data/gps-svn/trunk/GPSServer$ svn pget svn:ignore*.class*.o*.out.gdbinit.cproject.project开始我⾃⼰尝试的时候由于没有加上路径. 以为默认会有这个呢。

APPENDIX IINDEXChapter-Page Data ID# of Actuations per Marking5-061407# of Cassettes per Lot7-101522# of Die in Judgment Block6-05244# of Die Inside One Group X2-1012# of Die Inside One Group Y2-1013# of Error Retries7-061107# of Judgment Blocks6-05245# of Multi Test Sites9-13# of Needle Tips9-13# of Pass Dice2-04251# of Pass Dice6-03251# of Pass Die6-28251# of Probing Die6-27710# of Retries at Alignment Error3-031192# of Retries of Marking5-091445# of Sampling Pass Die6-04258# of Skipped Rows for Continuous Fail Check6-09226# of Skipped Rows for Yield Checking6-03247# of Touchdown per Cleaning6-2213394 inch Wafer ID Position 7-0910864 inch Wafer Reference Position 7-091085Appendix I-1COVER/CONTENTS4.5 inch Wafer ID Position 7-0910884.5 inch Wafer Reference Position 7-0910875 inch Wafer ID Position 7-0910905 inch Wafer Reference Position 7-0910896 inch Wafer ID Position 7-0910926 inch Wafer Reference Position 7-0910918 inch Cassette Specification?7-0210098 inch Wafer ID Position 7-0910948 inch Wafer Reference Position 7-091093 AA-PM-6000A Compatible Mode8-072047 Adaptive Device - n9-14Adding Basic Operation Data When dd, du8-072455 Agreement Device Data Settings9-14Alarm Auto Off Time9-092120 Alignment Lighting/Brightness Settings3-05Alignment Main Axis3-0341 Alignment Mode3-0448 Alignment Range3-0443 Alignment Start Position X3-0444 Alignment Start Position Y3-0445 All Lot Finish Signal (EC)8-081965 Amount of Chuck Movement on X axis When6-231375 Needle Cleaning at Contact HeightAmount of Chuck Movement on Y axis When6-231376 Needle Cleaning at Contact HeightAppointment CAT. Yield Check Settings6-07Appendix I-2Appointment of Drive Marker by Category5-061414 Assot. Of Auto Needle Height Setting3-191238 Auto Pad Selection Margin6-15293 BBIN Count Check for DUT of Execute Mode6-06268 BIN Count Check for DUT Setting6-06Block Size for Block Sampling X4-05165 Block Size for Block Sampling Y4-05166 Brightness 6-15291 Brightness for Wafer ID Reading7-071153 Brightness Setting6-15295 Brush Needle Cleaning Sequence Settings6-25Brush Needle Cleaning Settings6-25Bump Height (Standard: 0)2-0764 CCalculate Checksum?7-061102 Calculation of Broken Wafer Center2-071184 Calculation of Measurement Position of Broken Wa2-081185 Card Name9-15Card Preheat Time3-201227 Card Type9-12Cassette # of Characters7-111534 Cassette Spec. for 4, 5 & 6 inch WF.7-021007 Category # for Repeat Touchdown8-041996 Category Check Settings4-13Category Data for Multi Pass Probing4-14Appendix I-3Category Limit Setting6-07Category Numbered?9-102108 Center Area Extent3-24213 Change for contact height by Z-SW at stop of prob4-111262 Character Settings7-08Check BIN No.6-06270 Check Category Settings6-11Check Category Settings6-12Check Lot # of Characters7-111528 Check of Marker Adjustment5-051418 Check Time8-04Check Timing of Marker Actuation Limit5-051416 Chuck Center Offset3-24216 Chuck height revise function changed chuck tempe3-222189 Chuck Position after Lot End7-031017 Chuck Temperature (deg)2-0333 Cleaning Area Margin from Wafer Edge6-242283 Cleaning Contact Interval6-221359 Cleaning Count for Contact Count Wafer Cleaning6-242288 Cleaning Overdrive6-221338 Cleaning Touchdown Limit (Cleaning Limit)6-231341 Cleaning Unit6-221332 Cleaning Unit Height6-221335 Cleaning Wafer Flat/Notch Direction6-241373 Cleaning Wafer Flat/Notch Setting6-241346 Cleaning Wafer Size6-241333Appendix I-4Cleaning Wafer Thickness6-241334 Clear Lot # at Lot End?7-101545 Clearance4-101263 Color of Wafer ID Characters7-061101 Combination of Wafer Management ID7-101523 Command Complete Signal (MC) Settings8-08Confirm of Auto Needle Height Adjustment3-191231 Cont. Fail Mark NG Limit5-091438 Contact Check Method3-171253 Contact Count9-15Contact Count in Wafer2-04218 Contact Die in No Protrude Probing4-122213 Contact Position Control of Probe Card4-121268 Continuous Fail between Chip Settings6-12Continuous Fail between Chip?6-121276 Continuous Fail Tolerant Die #6-14289 Coordinate Origin3-161246 Copy Data changing location?9-112183 Correlation Continual Failcheck Settings6-28Correlation Load from6-27704 Correlation Map Settings6-28Correlation Probing Mode6-27706 Correlation Yield Check Settings6-28DData ID Display?9-092111 DATA IN at Sampling Start Die?3-171243Appendix I-5DATA IN at Sampling Start Die?4-051243 Default Operation Unit9-092109 Delay after Marker Actuation5-051404 Delay after Reaching Temperature2-0337 Delay Time before PIN Up7-031018 Delay Time on Subchuck7-031019 Device2-021 Device Attribute Display?9-102107 Device Data Store after Map Change by Sequence9-102148 Device for Outputting Results5-091459 Device for Outputting Results6-161314 Device List Data Display?9-102113 Dice for Multi Pass Probing4-141381 Die Gross6-03252 Die Gross6-28273 Die Interval for Brush Cleaning6-251351 Die Interval for Cleaning6-221336 Die Interval of Fail Mark Inspection5-081440 Die Interval of Needle Inspection6-151292 Direction of Probing Start4-101261 Display # of Remaining Wafers?9-081954 Display Center Coordinates?6-171305 Display Chuck Height?9-081953 Display Coordinates?9-081952 Display Fail Mark Diameter?5-111451 Display Fail Mark Size?5-111450Appendix I-6Display Map?4-061662 Display Mark Position? (Distance from window)6-171308 Display Marker Status?9-081955 Display Multi Pattern?4-061866 Display Needle Inspection Result?6-171304 Display Needle Mark Size?6-171306 Display OK or NG?5-111452 Display Result of Fail Mark Inspection?5-111449 Display Result?6-171307 Display Total, Pass & Fail?9-081951 Distinction Category Settings8-04Double Wafer ID Check in Cassette7-071128 Dummy Start Signal at:8-031994 DUT BIN Error Count6-06271 DUT Check for Continuous Fail Setting6-10EError Signal (A)8-081962 Evaluation of Multi Pass Probing4-141382 Existence of Adaptive Device Name9-14FFail Mark Die Margin5-091455 Fail Mark Inspection Result Transfer?8-072453 Fail Mark Inspection Size Settings5-10Fail Mark Wafer Margin5-081413 Feedback to Device Parameter?3-182139 Feedback to Device Parameter?3-192140Appendix I-7Flat/Notch Direction (deg)2-028 Flat/Notch Direction (deg)2-066 Font Magnification (Horizontal)7-071157 Font Magnification (Vertical)7-071156 GGenerate Check Characters? (Manual)7-061111 GP-IB I/F Timeout Check Time8-062461 GP-IB Text Delimiter8-052013 Gross of Sampling Die6-04259 Group Index Size X2-1015 Group Index Size Y2-1016 HHigh MAG. Brightness3-0554 High MAG. Lighting3-0551 Hold Time for Chuck Up at Demo Mode9-092101 Iin Wafer Fail Check Execute Mode6-10228 in Wafer Fail Check Setting6-10Index Size Measurement?3-0449 Index Size X2-024 Index Size X9-13Index Size Y2-025 Index Size Y9-13Initial Chuck Height9-092103 Input Format of Map Data9-071908 Input Map Data from:9-071907Appendix I-8Input Map Data?9-071906 Input Map from6-28712 Inspect after Needle Cleaning?6-151296 Inspection Result Display Settings5-11Inspection Result Display Settings6-16Interrupt Infinitive Handshaking Loop?8-052016 Interval of measurement of chuck height3-222191 KKind of Regular & Multi Pass Probing2-03209 LLighting6-15290 Line Category Data Store?9-071912 Locating Direction of Target Die3-1082 Location #9-13Location No. for Tester2-04207 Lot # of Characters7-111526 Lot # of Offset7-111527 Lot # per Loader7-111550 Lot End Signal at:8-031993 Low MAG. Brightness3-0553 Low MAG. Brightness3-15133 Low MAG. Lighting3-0550 Low MAG. Lighting3-15132 MMAG. of Reference Pattern3-1092 Maintenance/Adjustment Mode9-092015Appendix I-9Map Area Calculation3-161259 Map Display Attribute Settings4-07Map Name Setting6-28Map Print Attribute Settings4-09Map Print Heading4-061601 Mark Check Die5-121458 Marker #5-051409 Marker Actuation Current5-051410 Marker Actuation Limit (Marker Limit)5-051412 Marker Actuation Time5-051403 Marker No. for Die Category Settings5-06Marker No. for Reserved Marking Die5-06Marking Clearance5-061408 Marking Die Margin5-02323 Marking Die Setting4-04169 Marking to Marking Die at On Site Marking?8-062025 Max. Tolerant Needle Mark Area Ratio (%)6-14305 Max. Tolerant Needle Mark Size X6-14284 Max. Tolerant Needle Mark Size Y6-14285 Maximum Auto Focus Needles3-14137 Maximum Movement3-24211 Maximum Needle Alignment Pads3-13117 Maximum Temperature at No Control9-102054 Maximum Tolerant Mark Diameter5-101435 Medium Warning Mark Diameter5-101436 Method for Constructing Test Die Map3-161239Appendix I-10Method for Constructing Test Die Map4-041239 Method of Contact Position Alignment 3-181228 Method of Die Attribute Selection3-161240 Method of Die Attribute Selection4-041240 Method of External Control8-01Method of Marking5-051401 Method of Needle Height Setting3-191234 Method of Wafer ID Reading7-061082 Method of Yield Checking for Sample Die6-03255 Min. Tolerant Needle Mark Area Ratio (%)6-14306 Min. Tolerant Needle Mark Size X6-14286 Min. Tolerant Needle Mark Size Y6-14287 Minimum Distance between Pads6-14294 Minimum Movement3-24212 Minimum Tolerant Mark Diameter5-101437 Multi Pass Probing Operation Settings4-14Multi Probing Setting2-04203 NNeedle Alignment Algorithm3-15125 Needle Alignment by Lot Start?3-172178 Needle Alignment Die Coordinate X3-12113 Needle Alignment Die Coordinate Y3-12114 Needle Alignment Die Setting3-12111 Needle Alignment End Time at Chip Unit3-201258 Needle Alignment Fine Adjustment Data X3-13118 Needle Alignment Fine Adjustment Data Y3-13119Appendix I-11Needle Alignment Interval3-201245 Needle Alignment Interval at Chip Unit3-201257 Needle Alignment Mode3-13116 Needle Alignment Settings3-18Needle Cleaning at Contact Height6-221370 Needle Cleaning Count9-15Needle Cleaning Count at Contact Height6-231374 Needle Design Data Settings9-14Needle Height Mode (Auto Focus)3-14136 Needle Height on Probe Card3-12115 Needle Height Position Setting 3-14134 Needle Height Settings3-19Needle Inspection Execution Site Settings6-16Needle Inspection Result Transfer8-072454 Needle Inspection Settings6-15Needle Tip Found at Before Lot3-172177 Number of Adaptive Device Name9-14OOff Site Marking Pos. -X from Die Center5-02337 Off Site Marking Pos. -Y from Die Center5-02338 ON WAFER Determination4-03155 Open Slot Wafer Set Check9-102143 Output EOI?8-052022 Output Format of Map Data9-071903 Output Log Data?9-112155 Output Map Data to:9-071902Appendix I-12Output Map Data?9-071901 Output Message after Unloading to tray7-051026 Output of Needle Alignment Results?3-181229 Output Results of Fail Mark Inspection?5-091464 Output Results of Needle Mark Inspection?6-161313 Output STB for K Command at:8-052021 Output STB Manual Unload?8-052024 Output STB when restart probing after manual test 8-072443 Output To3-181230 Output TTL Signal on GP-IB I/F?8-072040 Overdrive Offset3-24217 PPass Count Check at Every DUT6-07Pass Count Check at Every DUT6-07747 PASS Count Check for DUT of Execute Mode6-06264 PASS Count Check for DUT Setting6-06Pass Count Setting at Every DUT6-07Pass Die Percent. For Sampling2-04257 Pass Die Percent. For Sampling6-04257 Pass Die Percentabe2-04250 Pass Die Percentage6-03250 Pass Die Percentage6-28267 PASS Error Count for DUT6-06266 Pass Fail Category?8-021982 Pass Fail Category?9-031982 Pass/Fail Category Settings8-02Appendix I-13Pass/Fail Category Settings9-03Pause/Conrtinue Signal (PA/CO/PP) Settings8-08Perform 1st Fail Mark Die Inspection?5-081441 Perform Action Pending Except Test End?8-052020 Perform All Site Inspecting in a Lump?6-161315 Perform Appointment Category Yield Checking?6-07275 Perform Auto Brightness Setting?3-041196 Perform Auto Focusing?3-041191 Perform Auto Lot End Managing?7-111547 Perform Brush Cleaning at Wafer Cleaning?6-252295 Perform Brush Needle Cleaning at Lot End?6-252282 Perform Brush Needle Cleaning?6-251347 Perform Card Data Management?9-092105 Perform CONT. Fail Die Inspection?6-151295 Perform Contact Count Wafer Cleaning?6-242287 Perform Continual Fail Checking?6-28222 Perform Continuous Fail Checking?6-09221 Perform Counter Re-Calculating at Wafer End?9-111367 Perform Defocusing?3-041197 Perform Fail Mark Inspection with Time Interval?5-081446 Perform Fail Mark Inspection?5-081431 Perform First Wafer Stopping after Needle Alignme3-171226 Perform Last Fail Mark Die Inspection?5-081442 Perform Last Wafer Inspection of Cassette?6-151299 Perform Lot Management?7-101521 Perform Mark Count?5-121457Appendix I-14Perform Marking after Yield Error?6-031282 Perform Marking At Mark Nonexistence On Wafer 5-12Perform Marking?5-02321 Perform Needle Alignment after TEST HEAD Oper3-171251 Perform Needle Cleaning at Check Back?6-091272 Perform Needle Cleaning at Lot End?6-221345 Perform Needle Cleaning at Lot Start6-241368 Perform Needle Cleaning?6-221331 Perform Needle Mark Inspection?6-14281 Perform One-Point DATA-IN?3-161244 Perform One-Point DATA-IN?4-041244 Perform Perimeter Marking?5-02324 Perform Pin Up/Down at Front Area?9-092104 Perform Printout Items Re-printing?9-062373 Perform Reserved Marking Die Inspection?5-091456 Perform Setting Probing Reference Position?4-122212 Perform Single Direction Probing?4-122211 Perform Site-1 Blink?4-061865 Perform Skipping Dice?4-04160 Perform Slot No. Replacing at Print Out?9-04745 Perform Statistics at Manual Unload?7-021003 Perform STB Changing at Continuous Fail Error?8-062028 Perform STB Code Handshaking?8-052014 Perform Temperature Control?2-0331 Perform Total Print When Lot Interrupt?9-061493 Perform Unit Cleaning at Brush Cleaning?6-252289Appendix I-15Perform Visible Inspection?7-041021 Perform Wafer ID Reading?7-061081 Perform Waiting at Lot Start after Temperature Arri9-102138 Perform Yield Checking?6-03241 Perform Yield Checking?6-28262 Perimeter Marking Area 5-02331 Perimeter Marking Area Determination5-02325 Perimeter Marking Distance from Flat5-02320 Pitch of Wafer ID Character7-071106 Position of Site 1 - X9-13Position of Site 1 - Y9-13Position of Slot No. 17-021053 Prealignment Precision7-071095 Print Format #9-04713 Print Map To4-061664 Print out at Cassette End?9-051477 Print out at CONT. Fail Error?9-051485 Print out at Empty Slot?9-061496 Print out at Error?9-061487 Print out at Lot End?9-051479 Print out at Wafer End?9-051475 Print out at Wafer ID Read Error?9-061490 Print out at Wafer Reject?9-051481 Print out at Yield Error?9-051483 Print out Parameter Data to:9-092102 Print out Probing Results?9-051471Appendix I-16Print out to:9-051472 Print out Wafer Heading?9-051473 Priority Settings?6-121278 Probe Card Center Offset (X)3-14121 Probe Card Center Offset (Y)3-14122 Probe Card Center Position3-13112 Probe Card Thickness3-12126 Probe Sampling 1st Die?4-101265 Prober Mode Setting9-102112 Prober Ready Signal (>)8-082017 Probing Mode2-03201 Probing Overdrive4-10204 Probing Z Up Speed4-10205 Processing after Correlation Probing 6-27709 Processing When Lot # not Input7-101524 RRe-register Mode after Alignment Error3-0452 Reading Window Size (Horizontal)7-071155 Reading Window Size (Vertical)7-071154 Recovery at Alignment Error3-031193 Recovery at Cleaning Limit Over6-231342 Recovery at CONT. Fail Reject6-091273 Recovery at Continuous Fail Error6-091271 Recovery at Loader Vacuum Error7-021006 Recovery at Marker Limit Over5-051406 Recovery at Output Error9-071904Appendix I-17Recovery at Prealignment Error7-021005 Recovery at Print Error9-061489 Recovery at Target Sense Error3-171221 Recovery At Thickness Error2-071183 Recovery at Vacuum Error7-021004 Recovery at Wafer ID Read Error7-061083 Recovery at Yield Error6-031281 Reference Coordinate X3-161248 Reference Coordinate Y3-161249 Reference Die Coordinate X3-0883 Reference Die Coordinate Y3-0884 Reference Die Setting3-0881 Reference Evaluation Value6-15297 Reference Flat (Multiple Flats)2-067 Registration of Mail Mark5-081465 Registration of Reference Pattern3-041194 Registration of Reference Pattern for Taget Sense3-1091 Regular & Multi Pass Probing2-03202 Relative Coordinate (Center Origin) X for Target Se3-1187 Relative Coordinate (Center Origin) Y for Target Se3-1188 Relative Coordinate (Target Die Origin) X for Refer3-1189 Relative Coordinate (Target Die Origin) Y for Refer3-1190 Renewal of Alignment Model in First Wafer3-061200 Repeat Touchdown at:8-031995 Repeat Touchdowns at Fail8-042005 Repeat Touchdowns at Specified Category8-042006Appendix I-18Reprobe at Yield Error?6-081283 Restart Position after Needle Alignment (Hard Ope3-171364 Restart Position after Needle Alignment (Sequence3-171223 Restart Position of Probing4-101264 Retry at Needle Alignment Error (Low Mag.)3-182176 Retry Marking at Error?5-091443 Reverse Print to Internal Printer?9-061492 SSampling Die Selection4-05162 Sampling Die Setting4-05160 Sampling Start Die Coordinate X4-05163 Sampling Start Die Coordinate Y4-05164 Sampling Test Die Settings4-05Screen Auto Redisplay Time Interval7-121876 Screen Display Sequence Settings7-12Selection of Needle Inspection Pads6-161303 Serial # of Characters7-111542 Shift between Touchdowns6-231340 Site & Category Print Setting9-061495 Site 1 ON-WAFER Mode (Multi Probing)8-041997 Size of Block Printed by Stepper - X3-039 Size of Block Printed by Stepper - Y3-0310 Size of Inspection Window X5-101433 Size of Inspection Window Y5-101434 Size of Wafer ID Char. (Horizontal)7-071104 Size of Wafer ID Char. (Vertical)7-071105Appendix I-19Slot # of Characters7-111538 Slot No. (Print) Replacement Settings9-04SOAK TIME Settings3-20Standard Movement3-24210 Starting Die # for Judgment6-05246 STB Code Settings8-07STB Out Delay Time8-062036 Stop Inspection Execute7-051033 Stop Inspection Interval Method7-051034 STOP of Continuous Appointed CAT Settings6-11STOP of Continuous Appointed Category?6-111274 Substitute with Special Symbol?7-061110 Sum Up of Multi Pass Probing4-141386 TTarget Search Range3-1095 Target Sense Method3-1085 Target Sense Settings3-10Temperature Correction Function for Absolute8-072458 Moving Command of X, Y axisTemperature Stability Time Inner Machine3-201250 Temperature Tolerant Deviation2-0334 Test Area Determination4-03151 Test Die at Pass after Needle Cleaning6-132234 Test Die Determination4-03157 Test Die Margin4-03154 Test End Signal (TC) Settings8-08Appendix I-20Test Start Signal (TS) Settings8-08Tester Spec9-102121 Time for Displaying Result5-111453 Time for Displaying Result6-171309 Time for STB Handshaking8-052015 Time Interval (MIN.)5-081448 Timing for Category Checking6-07748 Timing for Clearing Reference Data3-061172 Timing for Correlation Probing6-27702 Timing for Yield Checking6-03242 Timing of Reference Coordinates DATA IN3-161242 Tolerant # of Buffering for Visible Inspection7-051025 Tolerant # of Continual Fails6-28227 Tolerant # of Continuous Fails6-09223 Tolerant # of Continuous?6-111275 Tolerant # of Fail Check Backs6-09224 Tolerant # of Needle Cleaning9-13Tolerant # of Needle Touchdowns9-13Tolerant # of Reject Wafers6-09225 Tolerant # of Wafer Reject6-03260 Tolerant Deviation in Thickness Between Wafers2-071181 Tolerant Deviation in Thickness On Wafer2-071182 Tolerant Error of Needle Position (from Pad Center3-15130 Tolerant Error of Needle Position (from Pad Edge)3-15128 Tolerant Error of Needle Tip Focus Posi. (from Ave3-15129 Tolerant to Missing Needles3-15131Appendix I-21Total Check for Continuous Fail6-10230 Travel of Marking Die by J Command?8-062026 Turnoff Time for Display Back Light9-092106 Type of Camera Used5-081432 Type of Control Code for External Printer9-05Type of GP-IB Test End Commands8-052019 UUnder Shoot at Touchdown4-121269 Unload Flat/Notch Direction7-021013 Unload Stop Wafer Interval7-05Unload Stop?7-051027 Untest Time3-201237 Up or Down Marking Selection5-051402 Upper limit of <Z-UP> switch (Distance from contac3-191233 Upper limit of Auto Needle Height (Distance from c3-191232 Usage Cleaning Wafer Thickness6-242286 Use Data for Cleaning WF Flat/Notch Dir.6-241369 Use Group Index?2-1011 Use Map?6-28711 Use Micro-Probing?2-03208 VVisible Inspection Interval7-041022 Visible Inspection Interval7-051035 Visible Inspection Interval Method7-041030 Visible Inspection Method7-041023 Visible Inspection Wait7-041024Appendix I-22Wafer Auto Load?8-082034 Wafer Count Signal at Manual Unload?8-041998 Wafer Count Signal Output Interval at Prealignmen8-042003 Wafer End Signal (PC)8-082011 Wafer End Signal at CONT. Fail Reject?8-031991 Wafer End Signal at Manual Unloading?8-031992 Wafer Figure Measurement Method?2-081189 Wafer ID Length7-061097 Wafer ID Orientation7-061096 Wafer ID Position Settings7-09Wafer Interval for Brush Cleaning6-251352 Wafer Interval for Cleaning6-221337 Wafer Interval of Fail Mark Inspection5-081439 Wafer Interval of Needle Inspection6-151291 Wafer Interval of Stop before Probing Sta.3-172175 Wafer Load/Unload Method7-021001 Wafer Margin4-03153 Wafer Size2-022 Wafer Thickness Calculation2-0762 Wafer Type for Fixed Used Tray7-021002 Wait for L Command8-052023 Wait time to start measurement of chuck height3-222190 Waiting Time at Lot Start after Temperature Arrival9-10Watch time of measurement of chuck height3-222192 Window Size6-14288Appendix I-23X Coordinate Increment To The3-161224YY Coordinate Increment To The3-161225 Yield Checking Method6-03248 Yield Checking Method6-28263Appendix I-24。

Key Considerations in Using Real-World Evidence to Support Drug Development(Draft for Public Review)Center for Drug Evaluation, NMPAMay, 2019Table of Contents1.INTRODUCTION (1)1.Background and Purpose (1)2.Progress in the development of related regulations or guidelines by domestic and foreign regulatory agencies (3)2.Relevant Definitions of Real-World Research (4)1.Real-World Data (5)2.Real-World Evidence (9)3.Scenarios where real-world evidence supports drug development and regulatory decisions (9)1.Treatment for rare diseases (9)2.Revision of indications or drug combination labeling (10)3.Post-marketing evaluation (11)4.Clinical development of traditional Chinese medicine hospital preparations (12)5.Guiding clinical trial design (13)6.Identify the target population (14)4.The Basics of Real-World Research Design (14)1.Pragmatic clinical trials (14)2.Single-arm trial using real world data as control (15)3.Observational studies (16)5.Evaluation of Real-World Evidence (16)1.Real world evidence and the scientific questions it supports (17)2.How to transform real-world data to real-world evidence (17)References (19)Appendix 1: Glossary (21)Appendix 2: Common Statistical Methods for Real-World Research (24)Appendix 3: Chinese-English Vocabulary (42)Key Considerations in Using Real-World Evidence 1to Support Drug Development231.INTRODUCTION41.Background and Purpose5Randomized Controlled Trials (RCTs) are considered the "gold 6standard" for evaluating drug efficacy and are widely used in clinical 7trials. With strictly controlled trial eligibility criteria and the utilization of 8randomization, RCTs minimize the impact of factors that potentially 9affect the causal inference, and hence result in more definitive 10conclusions and derive more reliable evidence. However, RCTs also have 11limitations: stringent entry criteria may reduce the representativeness of 12the trial population to the target population, the standard trial 13interventions used may not be completely consistent with real world 14clinical practice, the limited sample size and short follow-up time leads to 15insufficient evaluation of rare adverse events. These limitations bring 16challenges when extrapolating the RCT conclusions to real world clinical 17practice. In addition, for some rare and major life-threatening diseases 18that lack effective treatments, conventional RCTs may be difficult to 19implement, require substantial time costs, or raise ethical issues.20Therefore, how to use real-world evidence (RWE) during drug R&D, 21especially as complementary evidence to RCTs in evaluating the efficacy 22and safety of drugs, has become a common and challenging question for 23global regulatory agencies, the pharmaceutical industry and academia.24First, we need to clarify the definition and scope of real-world 25evidence on a conceptual level.26Secondly, can and how will real-world data (RWD), as the 27fundamental basis of real-world evidence, provide sufficient support will 28face many questions that need to be discussed, including data sources, 29data standards, data quality, data sharing mechanism, data infrastructure 30and so on.31Third, the lack of regulatory guidance. At present, there are no 32mature and relevant regulations worldwide. Without sufficient experience, 33how to formulate guidelines that fit the reality of China's pharmaceutical 34industry requires active exploration and innovation.35Fourth, the methodologies for evaluating real-world evidence needs 36to be streamlined. Real-world evidence stems from the correct and 37adequate analysis of real-world data. The analysis methods used are 38mainly for causal inference, which often requires more complex models 39and assumptions, screening of corresponding covariates, identification of 40confounding factors, definition of intermediate variables and instrumental 41variables, etc., All these will put forward higher requirements for 42statistical analysts as well as the urgent needs for regulatory guidelines.43Fifth, the scope of real-world evidence application remains to be 44determined. The main role of real-world evidence is to complement, 45instead of substitute, the evidence provided by conventional clinical trials, 46and to form a complete and rigorous chain of evidence to further improve 47the efficiency and scientific validity of drug development. Therefore, it is 48necessary to clearly define the scope of application of real-world 49evidence according to the stage of drug development, and in the 50meanwhile adopt appropriate adjustment as the actual conditions evolve 51over time.52In light of the above, this guideline aims to provide clarity on the 53definition of real-world research, outline the use and scope of real-world 54evidence in drug R&D, explore the basic principles for the evaluation of 55real-world evidence, and consequently provide scientific and practical 56guidance for the industry to consider when utilizing real-world evidence 57to support drug development.582.Progress in the development of related regulations or guidelines 59by domestic and foreign regulatory agencies60In February 2009, the American Recovery and Reinfection Act 61played a significant role in promoting Comparative Effectiveness 62Research (CER).Accordingly, the concept of real-world research (RWR, 63or real-world study RWS) was proposed given the context of the real 64world environment of CER.65In December 2016, the United States passed the 21st Century Cures 66Act (the Act), encouraging the Food and Drug Administration (FDA) to 67accelerate the development of pharmaceutical products by conducting 68research in the use of real-world evidence. Under the support of the Act, 69during 2017-2018 the FDA issued a series of guidelines, namely "Use of 70Real World Evidence to Support Medical Device Regulatory Decisions", 71"Guidelines for the Use of Electronic Health Record Data in Clinical 72Research" and "Framework for Real World Evidence Solutions".73In 2013, the European Medicines Agency (EMA) released the 74"Qualification opinion of a novel data driven model of disease 75progression and trial evaluation in mild and moderate Alzheimer’s 76disease", discussing the technical details in using real-world observational 77data to establish disease progression models. In 2014, EMA also launched 78the Adaptive Licensing Pilot to assess the feasibility of using 79observational study data to assist decision-making. Later in 2016, the 80“Scientific Guidance on Post-authorisation Efficacy Studies”was 81released.82At the International Council for Harmonisation of Technical 83Requirements for Medicinal Products for Human Use (ICH), Japan’s 84Pharmaceuticals and Medical Devices Agency (PMDA), proposed a 85strategic approach for pharmacoepidemiology studies submitted to 86regulatory agencies to advance more effective utilization of real-world 87data.88The systematic use of real-world evidence to support drug 89development and regulatory decision-making in China is still under 90development. However, the national drug regulatory agencies have 91already begun to utilize real-world evidence in the review practices. For 92example, the extended Bevacizumab treatment regimen in combination 93with platinum-based chemotherapies was approved in 2018, using 94real-world evidence from three retrospective studies. In another case, a 95drug was further evaluated, after marketing, through a prospective, 96observational real-world study to provide additional evidence on efficacy 97and safety.982.Relevant Definitions of Real-World Research99Generally speaking, real-world research includes both research on 100natural populations and on clinical populations; the latter yields 101real-world evidence that can be used both to support medical product 102development and regulatory decisions, as well as for other scientific 103purposes. For that reason, this guidance focuses on real-world research 104that supports healthcare product development and regulatory decisions 105(see figure below).106107Figure 1 The path from RWD to RWE, which supports regulatory108decisions for medical products109We define real-world research as: collecting patient-related data in a 110real-world environment (real-world data), and obtaining clinical evidence 111(real-world evidence) of the value and potential benefits or risks of the 112medical products through analysis. The primary research type is 113observational, but it can also be pragmatic clinical trials.1141.Real-World Data115（1）D efinition116Section 505F (b) of the Federal Food, Drug, and Cosmetics Act (FD&C 117Act) defines real-world data as "data regarding the usage, or the potential 118benefits or risks, of a drug derived from sources other than traditional 119clinical trials". In “Framework for FDA’s Real-World Evidence Program”120and the “Use of Real World Evidence to Support Medical Device 121Regulatory Decisions.", the FDA defines real-world data as "data relating 122to patient health status and/or the delivery of health care routinely 123collected from a variety of sources”. For example, Electronic Health 124Record (EHR) data, Electronic Medical Record (EMR) data, medical 125insurance data, product and disease registry data, patient report data 126(including home environment), and other health tests (such as mobile 127devices) data.128We define real world data as: data collected from patients’ 129medications and health status, and/or derived from various daily medical 130processes.131（2）S ource of real-world data132Common sources of real-world data in China include:1331) Health Information System (HIS): similar to EMR/HER, digital 134patient records including structured and unstructured data fields, such as 135patient demographics, clinical characteristics, diagnosis, treatment, 136laboratory tests, safety and clinical outcomes.1372) Medicare system: structured data such as basic patient 138information, medical service utilization, prescriptions, billing, medical 139claims, and planned health care.1403) Disease Registry System: a database of patients with specific 141(usually chronic) diseases, often derived from a cohort registry of the 142disease population in the hospital.1434) China ADR Sentinel Surveillance Alliance (CASSA): the use of 144electronic data from medical institutions to establish an active monitoring 145and evaluation system for the safety of drugs and medical devices.1465) Natural population cohort database: the (to be) established 147natural population cohort and special disease cohort database.1486) Omics-related databases: databases that collect information on 149the physiology, biology, health, behavior, and possible environmental 150interactions of patients, such as pharmacogenomics, metabolomics, and 151proteomics.1527) Death registration database: a database formed by death 153registries jointly confirmed by hospitals, centers for disease control and 154prevention (CDC), and department of household registration.1558) Mobile devices: mobile devices such as wearable devices that 156measure relevant data.1579) Other special data sources: databases created for special purposes, 158such as national immunization program databases.159（3）D ata Quality Evaluation160The quality of real-world data is mainly assessed by its relevance 161and reliability.1621) Relevance: Important relevant factors to assess the suitability of 163real-world data for regulatory use include, but are not limited to:164①the inclusion of important variables and information related to 165clinical outcomes, such as drug use, patient demographic and clinical 166characteristics, covariates, outcome variables, follow-up duration, sample 167size, etc.;168②whether the definition of clinical outcome is accurate and the 169corresponding clinical significance is meaningful;170③Accurate and representative definition of target population;171④The study hypothesis can be evaluated through the study 172protocol and statistical analysis plan.1732) Reliability: The reliability of real-world data is mainly evaluated 174by data integrity, accuracy, quality assurance, and quality control.175①Integrity: missing data problems are inevitable in the real-world 176setting, but the amount of missing should have a certain limit. For 177different studies, the degree of missing data may vary. When the 178proportion of missing data within a specific study exceeds a certain limit, 179there is a great deal of uncertainty about its impact on the study 180conclusion. At this time, it will be necessary to carefully assess whether 181the data can be used as real-world data that produce real-world evidence. 182②Accuracy: the accuracy of the data is critically important and 183needs to be identified and verified against authoritative sources of 184reference. For example, the measurement of blood pressure requires the 185use of a calibrated sphygmomanometer, for which and the measurement 186process is subject to the operating specifications; whether the endpoint 187event is determined by an independent endpoint event committee, etc.188③Quality Assurance: quality assurance refers to the prevention, 189identification, and correction of data errors that occur during the course of 190the research. Quality assurance is closely related to regulatory compliance 191and should run through every aspect of data management that needs to 192have a corresponding Standard Operating Procedures (SOPs).193④Quality Control: data collection, modification, transmission, 194storage, and archiving, as well as data processing, analysis, and 195submission, are all subject to quality control to ensure that the real-world 196data are accurate and reliable. It is necessary to develop a complete, 197normative and reliable data management process or protocol.198（4）D ata criteria199Data standards, in the form that information technology systems or 200scientific tools can use, help ensure that the submitted data are predictable 201and consistent. In order to manage real-world data from multiple sources, 202it is necessary to convert the data into a common format with a generic 203formulation (e.g., terminology, vocabulary, coding scheme, etc.).204In addition, whether the quality of real-world data can support drug 205development depend on key factors including (but not limited to): 206whether there is a clear process and qualified personnel for data 207collection; whether a common defining framework, i.e., the data 208dictionary, is used; whether the common time frame for key data points 209collection is followed; whether a study plan, protocol and/or analysis plan 210related to the collection of real-world data have been established; whether 211the technical approach used for data element capture, including 212integration of data from various sources, data records of drug use, links to 213claims data etc., is adequate; whether patient recruitment minimizes the 214bias and reflects the true target population; whether data entry and 215transfer are useable and timely; and whether adequate and necessary 216patient protection measures such as patient privacy protection and 217regulatory compliance with informed consent are in place.2182.Real-World Evidence219Real-world evidence is clinical evidence about the use and potential 220benefits or risks of medical products, obtained through the analysis of 221real-world data. This definition is not limited in concept to obtaining 222evidence through retrospective observational studies, but also allows 223prospective access to a wider range of data to form evidence, through 224particular study designs including pragmatic clinical trials (PCTs).2253.Scenarios where real-world evidence supports drug 226development and regulatory decisions227Real world evidence may support drug development through a variety of 228ways, covering pre-marketing clinical development and post-marketing 229evaluation. Any use of real-world evidence for the purpose of product 230registration will require adequate communication in advance with231regulatory authorities to ensure alignment on the study objectives and232methodology.2331.Treatment for rare diseases234In addition to the challenges in subject recruitment, clinical trials for 235rare disease also face difficulties in the choice of control arm, given the 236few or lack of treatment options. Therefore, external controls established 237based on real world data in natural disease cohorts can be considered.238External controls are primarily used for non-randomized single-arm 239trials, as a historical or in-parallel control. Historical external controls are 240based on real-world data obtained earlier; parallel external controls are 241based on data from disease registries constructed simultaneously with the 242single-arm trial. The use of external controls should take into account the 243impact of the heterogeneity and comparability of the target population on 244the corresponding real-world evidence.2452.Revision of indications or drug combination labeling246For drugs that are already marketed, long-term clinical practice may 247find it necessary to expand the indication, and RCTs are often utilized to 248support the indication expansion. When an RCT is not feasible or when 249evidence it generates is not optimal, a PCT could be a reasonable choice. 250For example, clinical practice may find that a new drug for diabetes can 251potentially benefit patients with cardiovascular diseases (such as heart 252failure). In that case the subject recruitment into an RCT will be difficult 253with potential ethical issues and therefore the use of a PCT design may be 254more feasible.255In terms of pediatrics medication, there are often cases of off-label 256usage in clinical practice. For that reason, the use of RWE in supporting 257the expansion of targeted population is also a viable strategy in drug 258development.259A typical use of real-world evidence to support the development of 260Bevacizumab, a humanized monoclonal antibody of the vascular 261endothelial growth factor (VEGF). In 2015, Bevacizumab was approved 262in China in combination with chemotherapy (carboplatin and paclitaxel) 263for the first-line treatment of late stage unresectable advanced, metastatic 264or recurrent squamous non-small cell lung cancer. However, the 265real-world use of chemotherapy with Bevacizumab also includes 266Pemetrexed in combination with platinum, Gemcitabine and Cisplatin. In 267October 2018, Bevacizumab was approved to expand the treatment 268regimen with a combination of platinum-based chemotherapy, based on 269the strong supporting evidence from three real-world studies. These 270studies retrospectively analyzed patient data from three hospitals and 271showed that the combination of Bevacizumab with platinum-based 272chemotherapy significantly prolonged PFS and OS compared with 273chemotherapy alone, and no new safety issues were identified. This 274finding was consistent with global population data. In addition, relevant 275real-world studies have also provided data in different patient subgroups 276such as those with EGFR mutations or brain metastases, confirming the 277efficacy and safety of Bevacizumab combination therapy from multiple 278perspectives.2793.Post-marketing evaluation280Due to factors such as limited sample size, short study duration, 281strict enrollment criteria, and standardization of intervention, drugs 282approved based on RCTs usually have limited safety information, lack of 283generalization of efficacy conclusions, less optimal drug regimen, and 284insufficient health economic benefits. As a result, there is a need to use 285real-world data for more comprehensive assessment of these aspects of 286the approved drugs, and to refine the decision making based on the 287real-world evidence from natural populations on a continuous basis.288For example, a drug for cardiovascular diseases has been approved 289in more than 50 countries/regions worldwide. In the multi-regional 290clinical trials that supported it approval, small number of Chinese 291subjects resulted in limited number of cardiovascular events and short 292drug exposure in the Chinese subgroup. This has led to greater variability 293in the efficacy results in the Chinese population. As an overseas marketed 294drug with clinically urgent needs in China, to further evaluate the efficacy 295of this compound in Chinese patients, the applicant plans to conduct a 296prospective, observational, post-marketing real-world study to evaluate 297the combination of the compound with standard treatment versus standard 298treatment alone, in the prevention of major adverse cardiovascular events 299(MACE) in Chinese patients with cardiovascular disease.3004.Clinical development of traditional Chinese medicine hospital 301preparations302Traditional Chinese medicine prepared and used in hospitals have 303been widely used clinically for a long time without being approved for 304marketing. This is a unique phenomenon in China. For the clinical 305research and development of such drugs, if real-world research and 306randomized controlled clinical trials can be combined, scientific and 307feasible clinical R&D and regulatory decision-making pathways can be 308further explored.309For the development of traditional Chinese medicine hospital 310preparation, there exist multiple R&D strategies that utilize real-world 311evidence. Figures 2 and 3 outline two potentially possible pathways. The 312pathway that combines observational studies and RCTs is illustrated in 313Figure 2. Specifically, stage 1 starts with retrospective observational 314studies. At this stage effort should be made to collect as much as possible 315existing real-world data related to the use of the product including all 316possible covariates, develop data cleaning rules, identify possible controls, 317assess data quality, and conduct comprehensive and detailed analyses 318using appropriate statistical methods. If the retrospective observational 319studies show that the drug has potential benefits for patients in clinical 320use, it may proceed to the next stage of the development, otherwise the 321process should be terminated. In stage 2, prospective observational 322studies can be conducted. Based on the stage 1 research, this second stage 323can be more carefully designed in terms of several aspects, including data 324acquisition and its system, data quality control, data cleaning rules, and 325clearer definition of controls. Once this stage 2 prospective observational 326research has progressed to certain phase, and if the data are consistent 327with the results of stage 1 retrospective observational studies by 328continuing to show clinically meaningful benefits, a third stage of RCT 329can be conducted in parallel. If needed, a pilot RCT may be conducted 330first to acquire sufficient information to support the design of the primary 331RCT. However, if existing evidence from previous observational studies 332is deemed sufficient, a confirmatory RCT may be designed and 333conducted directly. In terms of timing, the duration of the RCT may be 334covered by the stage 2 prospective observational studies, which can be 335completed at the same time as the RCT or extended for some time after 336the end of the RCT, depending on the maturity of the real-world 337evidence.338339Figure 2 Potential development pathway for traditional Chinese medicine 340hospital preparations341Another potentially possible pathway, which combines observational 342studies with PCTs, is outlined in Figure 3. In the first stage, retrospective 343observational studies are conducted first. If it is concluded that the drug 344has potential benefits in clinical practice, it may proceed to the second 345stage, otherwise the process should be terminated. The second offstage 346consists of a PCT research, which provides evidence that can be used to 347support the evaluation of the drug’s clinical efficacy and safety.348349Figure 3 Potential development pathway for traditional Chinese medicine 350hospital preparations3515.Guiding clinical trial design352Compared with other potential applications, using real-world 353evidence to guide clinical trial design has more practical utilization. For 354example, the two potential pathways for the development of 355hospital-prepared traditional Chinese medicines described in the previous 356section have used the real-world evidence generated by retrospective 357observational studies, including for example the disease natural history, 358the disease prevalence in the target population, the effectiveness of 359standardized treatments, and the distribution and variation of key related 360covariates, to provide a basis for the next stage study design. More 361generally, real-world evidence can provide valid reference for inclusion 362and exclusion criteria, parameters for sample size estimation, and 363determination of non-inferiority margins, etc.3646.Identify the target population365Precision medicine aims to better predict the therapeutic benefits and 366risks of drugs to specific populations (subgroups), and real-world 367evidence based on real-world data provides the possibility for the 368development of precision medicine. For example, due to the limited 369sample size, regular clinical trials often ignore or have limited power to 370consider subgroup effects in the research plan. This prevents important 371information on potential treatment responders or high-risk populations 372with serious side effects from being fully recognized. Through a thorough 373analysis of real-world data, the treatment benefits and risks in different 374subgroups can be more adequately assessed, and hence real-world 375evidence can be obtained to support more precise identification of the 376target population.377The identification of biomarker is critical for preclinical and early 378clinical studies of targeted therapies. Using real-world information such 379as omics data, public gene bank information, and related clinical data in 380population cohorts, real-world evidence can be generated through various 381contemporary data mining techniques such as machine learning, which 382can in consequence support the precise identification of population for 383targeted therapies.3844.The Basics of Real-World Research Design3851.Pragmatic clinical trials386Pragmatic Clinical Trials (PCT), also known as practical clinical 387trials, refer to clinical trials that are designed and conducted in an 388environment close to the real-world clinical practice. They represent a 389type of study between RCTs and observational studies. Unlike RCTs, 390PCT interventions can be either standardized or non-standardized; 391subjects in the PCTs can be randomized or allocated per pre-defined 392criteria; the inclusion criteria for the subjects are often less restrict and 393considered more representative of the target population, and the 394evaluation of intervention outcomes may not be limited to clinical 395。

Appendix CKeys to Translation Exercises for Independent WorkI. 英译汉II. 汉译英BACKI. 英译汉1. 论读书读书可以怡情，足以博采，足以长才。

其怡情也，最见于独处幽居之时；其博采也，最见于高谈阔论之中；其长才也，最见于处事判事之际。

练达之士虽能分别处理细事或一一判别枝节，然纵观统筹、全局策划，则舍好学深思者莫属。

读书费时过多易惰，文采藻饰太盛则矫，全凭条文断事乃学究故态。

读书补天然之不足，经验又补读书之不足，盖天生才干犹如自然花草，读书然后知如何修剪移接，而书中所示，如不以经验范之，则又大而无当。

有一技之长者鄙读书，无知者羡读书，惟明智之士用读书，然书并不以用处告人，用书之智不在书中，而在书外，全凭观察得之。

读书时不可存心洁难作者，不可尽信书上所言，亦不可只为寻章摘句，而应推敲细思。

书有浅尝者，有可吞食者，少数则须咀嚼消化。

换言之，有只须读其部分者，有只须大体涉猎者，少数则须全读，读时须全神贯注，孜孜不倦。

书亦可请人代读，取其所作摘要，但只限题材较次或价值不高者，否则书经提炼犹如水经蒸馏，淡而无味矣。

读书使人充实，讨论使人机智，笔记使人准确。

因此不常作笔记者须记忆特强，不常讨论者须天生聪颖，不常读书者须欺世有术，始能无知而显有知。

读史使人明智，读诗使人灵秀，数学使人周密，科学使人深刻，伦理使人庄重，逻辑修饰之学使人善辩：凡有所学，皆成性格。

人之才智但有滞碍，无不可读适当之书使之顺畅，一如身体百病，皆可借相宜之运动除之。

滚球利辜肾，射箭利胸肺，慢步利肠胃，骑术利头脑，诸如此类。

如智力不集中，可令读数学，盖演题须全神贯注，稍有分散即须重演；如不能辨异，可令读经院哲学，盖是辈皆吹毛求疵之人；如不善求同，不善以一物阐证另一物，可令读律师之案卷。

如此头脑中凡有缺陷，皆有特药可医。

（王佐良译）2. 美国总统林肯在葛底斯堡的演讲词87年前，我们的先辈们在这个大陆上创立了一个新国家，它孕育于自由之中，奉行一切人生来平等的原则。

Journal of Logic,Language,and Information7:228–229,1998.228 Book ReviewLogic for Applications,Anil Nerode and Richard A.Shore,Graduate Texts in Computer Science, New York:Springer-Verlag,1997(2nd edition).Price:DM78.00,xiii+438pages,Index of symbols, Index of terms,ISBN:0-387-94893-7.In this impressive monograph,onefinds a thorough approach to logic infive chapters,organised along the following topics:Propositional and Predicate Logic,PROLOG,Modal and Intuitionistic Logic.Then,there is a sixth chapter(Elements of Set Theory),which,according to the diagram of dependencies between chapters,can be read and studied more or less independently from the other chapters.Appendix A provides a historical overview of logic and the foundations of mathematics(to appreciate this fully,the reader might also want to read thefirst six sections of the chapter on set theory),whereas Appendix B provides a genealogical database of PROLOG facts of the form “fatherof(a,b),”based on the Chronicles from the Hebrew Bible.These facts are used for various programming problems and exercises.Finally,the book contains an extensive bibliography,ordered by subject,and an index of symbols and one of terms.Moreover,exercises are provided at the end of each section,and each chapter ends with“Suggestions for Further Reading.”Whereas a computer scientist’s approach to logic is mirrorred in tableaux proofs,resolution and unification in thefirst two chapters,in Chapter III on PROLOG the real computational application starts with the specialization of resolution to Horn clauses.Negation as failure is then used as a bridge to a brief introduction to nonmonotonic logic.In spite of this single section on the topic(one nonmontonic formal system is introduced,similar to default logic),the authors are able to apply their setup to stable models.Chapters IV and V are devoted to nonclassical logics that are important for reasoning about computation:Intuitionistic and Modal Logic.The second edition of1997differs from the1993first edition in having the above mentioned Chapter VI on set theory.This chapter can be“either used as a reference to standard set-theoretic notations and concepts”but is“also a self-contained introduction to axiomatic set theory.”Thefirst six sections of this chapter treat standard notions from elementary set theory like functions, relations,orderings(the concept of order and,more specifically,tree,is also introduced in Section I.1) and sequences,whereas the remainingfive sections are devoted to transfinite induction,ordinals, cardinals and variations on the axiom of choice.Of course,in adding a specific foundational chapter, dangers of bootstrapping problems always arise.For instance,in order to formalize set theory,some notation from predicate logic is already presumed.Another,more dangerous example is given by the treatment of the principle of induction.In Section I.2,it is demonstrated how to perform a proof by induction on the structure of formulas.It is left as an exercise in Chapter I to show that this method can be related to the procedure of induction on numbers.However,the latter procedure is only defined in Section VI.4,in a rather abstract setting, that of inductive sets.According to its cover the book is“afirst introduction to mathematical logic[]no previous exposure to logic is assumed.”The introduction says that the book aims at upper level undergrad-uate and beginning graduate students of mathematics or computer science.I like to underscore that such students should at least be familiar with some mathematical notation and also some standardBOOK REVIEW229 arguments in reasoning.In my(Dutch)context of teaching logic,I see a tendency to introduce logic in a semi-formal way:students should play with reasoning patterns,get experienced with manipulations on quantifier sequences and should be able to easily come up with counterexamples for incorrect arguments.The focus of the book under review is not so much on these techniques,and personally,I would prefer to use it in an advanced logic class.The book is definitely written in the spirit of what the authors see as the applications of logic to computer science:instead of reasoning patterns,logic is about resolution theorem proving and deduction as computation.Models typically have ground terms in their domain,and attention for implementation issues(searching and backtracking,control of implementation,termination condi-tions)is justified in such a setup.I am particularly excited about the chapter on PROLOG;I am not aware of any comparably thorough and still accessible approach in thisfield.Thefirstfive sections of this chapter are very rigid and clear,extensive proofs are provided(completeness of several forms of resolution,including lifting and independence lemmas).These rather hard theoretical results are accompanied with several examples and SLD-trees.And if one decides to give a course on logic programming,Chapters I and II seem to be suitable for putting the student in the“right logical mood.”I doubt whether I would use these chapters as afirst introduction to logic,though.It is generally accepted that modal and intuitionistic logic are important for computer scientists, but I feel that in Chapters IV and V this importance is only mentioned,not really demonstrated. What kind of reasoning is offered by dynamic logic?How is epistemic logic exactly used?What are the mechanisms of constructive proof checkers and reasoning systems?How natural are proofs in a system like NUPRL?All in all,the book seems a good buy.If not for students in computer science,it is for teachers in this and related areas(expert systems,AI),because of its composition,the thoroughness of proofs and the many valuable references for further reading.Wiebe van der HoekDepartment of Computer ScienceUtrecht UniversityP.O.Box800893508TB UtrechtThe NetherlandsE-mail:************.nl。

Statement of Financial AccountingStandards No. 19FAS19 Status PageFAS19 Summary Financial Accounting and Reporting by Oil and GasProducing CompaniesDecember 1977Financial Accounting Standards Boardof the Financial Accounting Foundation401 MERRITT 7, P.O. BOX 5116, NORWALK, CONNECTICUT 06856-5116Copyright © 1977 by Financial Accounting Standards Board. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the Financial Accounting Standards Board.Statement of Financial Accounting Standards No. 19Financial Accounting and Reporting by Oil and Gas Producing Companies December 1977CONTENTSParagraphNumbers Introduction.....................................................................................................................1–5 Scope.............................................................................................................................6–9 Standards of Financial Accounting and Reporting:Definitions (10)Basic Concepts................................................................................................11–14 Accounting at the Time Costs Are Incurred....................................................15–26 Acquisition of Properties (15)Exploration......................................................................................................16–20 Development...................................................................................................21–22 Production.......................................................................................................23–25 Support Equipment and Facilities. (26)Disposition of Capitalized Costs.....................................................................27–41 Assessment of Unproved Properties (28)Reclassification of an Unproved Property (29)Amortization (Depletion) of Acquisition Costs of Proved Properties (30)Accounting When Drilling of an Exploratory Well Is Completed..................31–32 Accounting When Drilling of an Exploratory-Type StratigraphicTest Well Is Completed.................................................................................33–34 Amortization and Depreciation of Capitalized ExploratoryDrilling and Development Costs (35)Depreciation of Support Equipment and Facilities (36)Dismantlement Costs and Salvage Values (37)Amortization of Costs Relating to Oil and Gas ReservesProduced Jointly (38)Information Available after the Balance Sheet Date (39)Surrender or Abandonment of Properties........................................................40–41 Mineral Property Conveyances and Related Transactions..............................42–47 Disclosure........................................................................................................48–59 Disclosure of Reserve Quantities....................................................................50–56 Disclosure of Capitalized Costs. (57)Disclosure of Costs Incurred in Oil and Gas Producing Activities.................58–59Accounting for Income Taxes.........................................................................60–62 Effective Date and Transition..........................................................................63–64 Appendix A: Background Information.......................................................................65–96 Appendix B: Basis for Conclusions..........................................................................97-269 Appendix C: Glossary.............................................................................................270-275FAS 19: Financial Accounting and Reporting by Oil and Gas Producing CompaniesINTRODUCTION1. This Statement establishes standards of financial accounting and reporting for the oil and gas producing activities of a business enterprise. Those activities involve the acquisition of mineral interests in properties, exploration (including prospecting), development, and production of crude oil, including condensate and natural gas liquids, and natural gas (hereinafter collectively referred to as oil and gas producing activities).2. Existing authoritative accounting pronouncements do not explicitly or comprehensively establish standards of financial accounting and reporting for those activities. Numerous alternative accounting practices are presently followed by oil and gas producing companies, and the nature and extent of the information they disclose in their financial statements about their oil and gas producing activities vary considerably from company to company. The Board is issuing this Statement to address the financial accounting and reporting issues that led to the alternative practices.3. Appendix A contains background information. Appendix B sets forth the basis for the Board's conclusions, including alternatives considered and reasons for accepting some and rejecting others. Appendix C is a glossary of terms.4. The accounting standards in this Statement adhere to the traditional historical cost basis. Although the Board considered both discovery value and current value as alternative bases of accounting for oil and gas reserves, it determined for the reasons discussed in paragraphs 133-141 that any decision on applying value accounting to oil and gas companies should await resolution of the broader issue of the general applicability of value accounting in the Board's project, "Conceptual Framework for Financial Accounting and Reporting."5. This Statement supersedes FASB Statement No. 9, "Accounting for Income Taxes—Oil and Gas Producing Companies."Copyright © 1977, Financial Accounting Standards Board Not for redistributionSCOPE6. This Statement applies only to oil and gas producing activities; it does not address financial accounting and reporting issues relating to the transporting, refining, and marketing of oil and gas. Also, this Statement does not apply to activities relating to the production of other wasting (nonregenerative) natural resources; nor does it apply to the production of geothermal steam or to the extraction of hydrocarbons as a by-product of the production of geothermal steam and associated geothermal resources as defined in the Geothermal Steam Act of 1970; nor does it apply to the extraction of hydrocarbons from shale, tar sands, or coal.7. Accounting for interest on funds borrowed to finance an enterprise's oil and gas producing activities is excluded from consideration in this Statement because the broader subject of accounting for interest costs in general is a project presently on the Board's technical agenda. 8. This Statement prescribes disclosures related to an enterprise's oil and gas producing activities that are considered necessary for fair presentation of the enterprise's financial position, results of operations, and changes in financial position in conformity with generally accepted accounting principles. Those disclosures are only part of the information that may be needed for investment, regulatory, or national economic planning and energy policy decisions.9. The Addendum to APB Opinion No. 2, "Accounting for the 'Investment Credit'," states that "differences may arise in the application of generally accepted accounting principles as between regulated and nonregulated businesses, because of the effect in regulated businesses of the rate-making process" and discusses the application of generally accepted accounting principles to regulated industries. Accordingly, the provisions of the Addendum shall govern the application of this Statement to those oil and gas producing operations of a company that are regulated for rate-making purposes on an individual-company-cost-of-service basis. STANDARDS OF FINANCIAL ACCOUNTING AND REPORTINGDefinitions10. The glossary in Appendix C defines the following terms as they are used in this Statement:a. Proved reserves.b. Proved developed reserves.c. Proved undeveloped reserves.Copyright © 1977, Financial Accounting Standards Board Not for redistributiond. Field.e. Reservoir.f. E xploratory well.g. Development well.h. Service well.i. S tratigraphic test well.i. Exploratory-type.ii. Development-type.j. P roved area.Basic Concepts11. An enterprise's oil and gas producing activities involve certain special types of assets. Costs of those assets shall be capitalized when incurred. Those types of assets broadly defined are:a. Mineral interests in properties (hereinafter referred to as properties), which include feeownership or a lease, concession, or other interest representing the right to extract oil or gas subject to such terms as may be imposed by the conveyance of that interest. Properties also include royalty interests, production payments payable in oil or gas, and other nonoperating interests in properties operated by others. Properties include those agreements with foreign governments or authorities under which an enterprise participates in the operation of the related properties or otherwise serves as "producer" of the underlying reserves (see paragraph 53); but properties do not include other supply agreements or contracts that represent the right to purchase (as opposed to extract) oil and gas. Properties shall be classified as proved or unproved as follows:i. U nproved properties - properties with no proved reserves.ii. Proved properties - properties with proved reserves.b. Wells and related equipment and facilities,1 the costs of which include those incurred to:i. D rill and equip those exploratory wells and exploratory-type stratigraphic test wells thathave found proved reserves.ii O btain access to proved reserves and provide facilities for extracting, treating, gathering, and storing the oil and gas, including the drilling and equipping of development wells and development-type stratigraphic test wells (whether those wells are successful or unsuccessful) and service wells.c. Support equipment and facilities used in oil and gas producing activities, such as seismicequipment, drilling equipment, construction and grading equipment, vehicles, repair shops, warehouses, supply points, camps, and division, district, or field offices.d. Uncompleted wells, equipment, and facilities, the costs of which include those incurred to:i. D rill and equip wells that are not yet completed.ii. Acquire or construct equipment and facilities that are not yet completed and installed.12. The costs of an enterprise's wells and related equipment and facilities and the costs of the Copyright © 1977, Financial Accounting Standards Board Not for redistributionrelated proved properties shall be amortized as the related oil and gas reserves are produced. That amortization plus production (lifting) costs become part of the cost of oil and gas produced. Unproved properties shall be assessed periodically, and a loss recognized if those properties are impaired.13. Some costs incurred in an enterprise's oil and gas producing activities do not result in acquisition of an asset and, therefore, shall be charged to expense. Examples include geological and geophysical costs, the costs of carrying and retaining undeveloped properties, and the costs of drilling those exploratory wells and exploratory-type stratigraphic test wells that do not find proved reserves.14. The basic concepts in paragraphs 11-13 are elaborated on in paragraphs 15-41. Accounting at the Time Costs Are IncurredAcquisition of Properties15. Costs incurred to purchase, lease, or otherwise acquire a property (whether unproved or proved) shall be capitalized when incurred. They include the costs of lease bonuses and options to purchase or lease properties, the portion of costs applicable to minerals when land including mineral rights is purchased in fee, brokers' fees, recording fees, legal costs, and other costs incurred in acquiring properties.Exploration16. Exploration involves (a) identifying areas that may warrant examination and (b) examining specific areas that are considered to have prospects of containing oil and gas reserves, including drilling exploratory wells and exploratory-type stratigraphic test wells. Exploration costs may be incurred both before acquiring the related property (sometimes referred to in part as prospecting costs) and after acquiring the property.17. Principal types of exploration costs, which include depreciation and applicable operating costs of support equipment and facilities (paragraph 26) and other costs of exploration activities, are:a. Costs of topographical, geological, and geophysical studies, rights of access to properties toconduct those studies, and salaries and other expenses of geologists, geophysical crews, and others conducting those studies. Collectively, those are sometimes referred to as geological and geophysical or "G&G" costs.b. Costs of carrying and retaining undeveloped properties, such as delay rentals, ad valoremtaxes on the properties, legal costs for title defense, and the maintenance of land and lease records.c. Dry hole contributions and bottom hole contributions.Copyright © 1977, Financial Accounting Standards Board Not for redistributiond. Costs of drilling and equipping exploratory wells.e. Costs of drilling exploratory-type stratigraphic test wells.218. Geological and geophysical costs, costs of carrying and retaining undeveloped properties, and dry hole and bottom hole contributions shall be charged to expense when incurred.19. The costs of drilling exploratory wells and the costs of drilling exploratory-type stratigraphic test wells shall be capitalized as part of the enterprise's uncompleted wells, equipment, and facilities pending determination of whether the well has found proved reserves. If the well has found proved reserves (paragraphs 31-34), the capitalized costs of drilling the well shall become part of the enterprise's wells and related equipment and facilities (even though the well may not be completed as a producing well); if, however, the well has not found proved reserves, the capitalized costs of drilling the well, net of any salvage value, shall be charged to expense.20. An enterprise sometimes conducts G&G studies and other exploration activities on a property owned by another party, in exchange for which the enterprise is contractually entitled to receive an interest in the property if proved reserves are found or to be reimbursed by the owner for the G&G and other costs incurred if proved reserves are not found. In that case, the enterprise conducting the G&G studies and other exploration activities shall account for those costs as a receivable when incurred and, if proved reserves are found, they shall become the cost of the proved property acquired.Development21. Development costs are incurred to obtain access to proved reserves and to provide facilities for extracting, treating, gathering, and storing the oil and gas. More specifically, development costs, including depreciation and applicable operating costs of support equipment and facilities (paragraph 26) and other costs of development activities, are costs incurred to:a. Gain access to and prepare well locations for drilling, including surveying well locations forthe purpose of determining specific development drilling sites, clearing ground, draining, road building, and relocating public roads, gas lines, and power lines, to the extent necessary in developing the proved reserves.b. Drill and equip development wells, development-type stratigraphic test wells, and servicewells, including the costs of platforms and of well equipment such as casing, tubing, pumping equipment, and the wellhead assembly.c. Acquire, construct, and install production facilities such as lease flow lines, separators,treaters, heaters, manifolds, measuring devices, and production storage tanks, natural gas cycling and processing plants, and utility and waste disposal systems.d. Provide improved recovery systems.22. Development costs shall be capitalized as part of the cost of an enterprise's wells and Copyright © 1977, Financial Accounting Standards Board Not for redistributionrelated equipment and facilities. Thus, all costs incurred to drill and equip development wells, development-type stratigraphic test wells, and service wells are development costs and shall be capitalized, whether the well is successful or unsuccessful. Costs of drilling those wells and costs of constructing equipment and facilities shall be included in the enterprise's uncompleted wells, equipment, and facilities until drilling or construction is completed.Production23. Production involves lifting the oil and gas to the surface and gathering, treating, field processing (as in the case of processing gas to extract liquid hydrocarbons), and field storage. For purposes of this Statement, the production function shall normally be regarded as terminating at the outlet valve on the lease or field production storage tank; if unusual physical or operational circumstances exist, it may be more appropriate to regard the production function as terminating at the first point at which oil, gas, or gas liquids are delivered to a main pipeline, a common carrier, a refinery, or a marine terminal.24. Production costs are those costs incurred to operate and maintain an enterprise's wells and related equipment and facilities, including depreciation and applicable operating costs of support equipment and facilities (paragraph 26) and other costs of operating and maintaining those wells and related equipment and facilities. They become part of the cost of oil and gas produced. Examples of production costs (sometimes called lifting costs) are:a. Costs of labor to operate the wells and related equipment and facilities.b. Repairs and maintenance.c. Materials, supplies, and fuel consumed and services utilized in operating the wells andrelated equipment and facilities.d. Property taxes and insurance applicable to proved properties and wells and relatedequipment and facilities.e. Severance taxes.25. Depreciation, depletion, and amortization of capitalized acquisition, exploration, and development costs also become part of the cost of oil and gas produced along with production (lifting) costs identified in paragraph 24.Support Equipment and Facilities26. The cost of acquiring or constructing support equipment and facilities used in oil and gas producing activities shall be capitalized. Examples of support equipment and facilities include seismic equipment, drilling equipment, construction and grading equipment, vehicles, repair shops, warehouses, supply points, camps, and division, district, or field offices. Some support equipment or facilities are acquired or constructed for use exclusively in a single activity—exploration, development, or production. Other support equipment or facilities may serve two or more of those activities and may also serve the enterprise's transportation, refining, and marketing activities. To the extent that the support equipment and facilities are used in oil Copyright © 1977, Financial Accounting Standards Board Not for redistributionand gas producing activities, their depreciation and applicable operating costs become an exploration, development, or production cost, as appropriate.Disposition of Capitalized Costs27. The effect of paragraphs 15-26, which deal with accounting at the time costs are incurred, is to recognize as assets: (a) unproved properties; (b) proved properties; (c) wells and related equipment and facilities (which consist of all development costs plus the costs of drilling those exploratory wells and exploratory-type stratigraphic test wells that find proved reserves); (d) support equipment and facilities used in oil and gas producing activities; and (e) uncompleted wells, equipment, and facilities. Paragraphs 28-41 which follow deal with disposition of the costs of those assets after capitalization. Among other things, those paragraphs provide that the acquisition costs of proved properties and the costs of wells and related equipment and facilities be amortized to become part of the cost of oil and gas produced; that impairment of unproved properties be recognized; and that the costs of an exploratory well or exploratory-type stratigraphic test well be charged to expense if the well is determined not to have found proved reserves.Assessment of Unproved Properties28. Unproved properties shall be assessed periodically to determine whether they have been impaired. A property would likely be impaired, for example, if a dry hole has been drilled on it and the enterprise has no firm plans to continue drilling. Also, the likelihood of partial or total impairment of a property increases as the expiration of the lease term approaches if drilling activity has not commenced on the property or on nearby properties. If the results of the assessment indicate impairment, a loss shall be recognized by providing a valuation allowance. Impairment of individual unproved properties whose acquisition costs are relatively significant shall be assessed on a property-by-property basis, and an indicated loss shall be recognized by providing a valuation allowance. When an enterprise has a relatively large number of unproved properties whose acquisition costs are not individually significant, it may not be practical to assess impairment on a property-by-property basis, in which case the amount of loss to be recognized and the amount of the valuation allowance needed to provide for impairment of those properties shall be determined by amortizing those properties, either in the aggregate or by groups, on the basis of the experience of the enterprise in similar situations and other information about such factors as the primary lease terms of those properties, the average holding period of unproved properties, and the relative proportion of such properties on which proved reserves have been found in the past.Reclassification of an Unproved Property29. A property shall be reclassified from unproved properties to proved properties when proved reserves are discovered on or otherwise attributed to the property; occasionally, a single property, such as a foreign lease or concession covers so vast an area that only the portion of the property to which the proved reserves relate—determined on the basis of geological structural Copyright © 1977, Financial Accounting Standards Board Not for redistributionfeatures or stratigraphic conditions—should be reclassified from unproved to proved. For a property whose impairment has been assessed individually in accordance with paragraph 28, the net carrying amount (acquisition cost minus valuation allowance) shall be reclassified to proved properties; for properties amortized by providing a valuation allowance on a group basis, the gross acquisition cost shall be reclassified.Amortization (Depletion) of Acquisition Costs of Proved Properties30. Capitalized acquisition costs of proved properties shall be amortized (depleted) by the unit-of-production method so that each unit produced is assigned a pro rata portion of the unamortized acquisition costs. Under the unit-of-production method, amortization (depletion) may be computed either on a property-by-property basis or on the basis of some reasonable aggregation of properties with a common geological structural feature or stratigraphic condition, such as a reservoir or field. When an enterprise has a relatively large number of royalty interests whose acquisition costs are not individually significant, they may be aggregated, for the purpose of computing amortization, without regard to commonality of geological structural features or stratigraphic conditions; if information is not available to estimate reserve quantities applicable to royalty interests owned (paragraph 50), a method other than the unit-of-production method may be used to amortize their acquisition costs. The unit cost shall be computed on the basis of the total estimated units of proved oil and gas reserves. (Joint production of both oil and gas is discussed in paragraph 38.) Unit-of-production amortization rates shall be revised whenever there is an indication of the need for revision but at least once a year; those revisions shall be accounted for prospectively as changes in accounting estimates—see paragraphs 31-33 of APB Opinion No. 20, "Accounting Changes."Accounting When Drilling of an Exploratory Well Is Completed31. As specified in paragraph 19, the costs of drilling an exploratory well are capitalized as part of the enterprise's uncompleted wells, equipment, and facilities pending determination of whether the well has found proved reserves. That determination is usually made on or shortly after completion of drilling the well, and the capitalized costs shall either be charged to expense or be reclassified as part of the costs of the enterprise's wells and related equipment and facilities at that time. Occasionally, however, an exploratory well may be determined to have found oil and gas reserves, but classification of those reserves as proved cannot be made when drilling is completed. In those cases, one or the other of the following subparagraphs shall apply depending on whether the well is drilled in an area requiring a major capital expenditure, such as a trunk pipeline, before production from that well could begin:a. Exploratory wells that find oil and gas reserves in an area requiring a major capitalexpenditure, such as a trunk pipeline, before production could begin. On completion of drilling, an exploratory well may be determined to have found oil and gas reserves, but classification of those reserves as proved depends on whether a major capital expenditure can be justified which, in turn, depends on whether additional exploratory wells find a sufficient quantity of additional reserves. That situation arises principally with exploratory Copyright © 1977, Financial Accounting Standards Board Not for redistributionwells drilled in a remote area for which production would require constructing a trunk pipeline. In that case, the cost of drilling the exploratory well shall continue to be carried as an asset pending determination of whether proved reserves have been found only as long as both of the following conditions are met:i. The well has found a sufficient quantity of reserves to justify its completion as aproducing well if the required capital expenditure is made.i i. D rilling of the additional exploratory wells is under way or firmly planned for the nearfuture.T hus if drilling in the area is not under way or firmly planned, or if the well has not found a commercially producible quantity of reserves, the exploratory well shall be assumed to be impaired, and its costs shall be charged to expense.b. All other exploratory wells that find oil and gas reserves. In the absence of a determinationas to whether the reserves that have been found can be classified as proved, the costs of drilling such an exploratory well shall not be carried as an asset for more than one year following completion of drilling. If, after that year has passed, a determination that proved reserves have been found cannot be made, the well shall be assumed to be impaired, and its costs shall be charged to expense.32. Paragraph 31 is intended to prohibit, in all cases, the deferral of the costs of exploratory wells that find some oil and gas reserves merely on the chance that some event totally beyond the control of the enterprise will occur, for example, on the chance that the selling prices of oil and gas will increase sufficiently to result in classification of reserves as proved that are not commercially recoverable at current prices.Accounting When Drilling of an Exploratory-Type Stratigraphic Test Well Is Completed33. As specified in paragraph 19, the costs of drilling an exploratory-type stratigraphic test well are capitalized as part of the enterprise's uncompleted wells, equipment, and facilities pending determination of whether the well has found proved reserves. When that determination is made, the capitalized costs shall be charged to expense if proved reserves are not found or shall be reclassified as part of the costs of the enterprise's wells and related equipment and facilities if proved reserves are found.34. Exploratory-type stratigraphic test wells are normally drilled on unproved offshore properties. Frequently, on completion of drilling, such a well may be determined to have found oil and gas reserves, but classification of those reserves as proved depends on whether a major capital expenditure—usually a production platform—can be justified which, in turn, depends on whether additional exploratory-type stratigraphic test wells find a sufficient quantity of additional reserves. In that case, the cost of drilling the exploratory-type stratigraphic test well shall continue to be carried as an asset pending determination of whether proved reserves have been found only as long as both of the following conditions are met:Copyright © 1977, Financial Accounting Standards Board Not for redistribution。

Appendix AA Specification for an Object-Oriented Distributed Banking SystemAbstractThis paper proposes a partial specification for a distributed banking system. The system has been designed to operate in an object-oriented middleware platform, such as the CORBA plat-form from the Object Management Group or the COM platform from Microsoft. The purpose of the paper is to illustrate how existing middleware architectures can be used for implement-ing systems that have traditionally been implemented with minicomputer and mainframe based architectures. We point out improvements that the use of object-oriented middleware may bring, but we also indicate some of the difficulties that may result.The specification is organized according to the five viewpoints proposed in the Reference Model for Open Distributed Processing (RM-ODP). The Open Distributed Processing stan-dardization effort has introduced these viewpoints for specifying arbitrary distributed systems. The paper illustrates the use of the RM-ODP in the context of a complex commercial informa-tion system. In particular, we provide an example of embedding several system configurations within a single ODP system specification.An additional result of the presentation is related to the design process of distributed sys-tems. We indicate how the ODP viewpoints are related together during the design process of a commercial system. These observed dependencies can be used to simplify the design of other distributed systems, but they can also provide input for creating a full development methodol-ogy for ODP based distributed systems.1IntroductionThis paper outlines a specification for a distributed banking system. Functionally, the system supports the traditional way of performing banking activities. Technically, however, the sys-tem is based on recent results in the technology of object-oriented middleware. The purpose of the presentation is to indicate how the object-oriented middleware approach can be applied to complex and relatively large systems that have previously been solved with mainframe or minicomputer based technologies. During the discussion, we indicate how middleware can be used to improve the resulting system but, on the other hand, we also discuss the problems thatmay arise. In particular, we illustrate design solutions that support the distributed maintenance and processing of critical information in a banking system (i.e. user accounts and banking transactions). For each proposed technique, we also consider the security, data integrity, and performance requirements that are inherent to any banking system. In addition, we briefly dis-cuss how the design process was affected by use of object-oriented middleware.The proposed design is based on the use of a common infrastructure (i.e. the object bus) that hides large parts of the distribution technology from software developers and end users. This approach is used in many commercial object-oriented middleware platforms, such as the CORBA from Object Management group [OMG97, Orf96] and the COM from Microsoft [Mic94, Mic95]. Consequently, this paper provides a pragmatic example for applying the ob-ject-oriented middleware technology to a relatively complex business-oriented distributed system. In addition, the paper can also offer some hints for those who plan to develop their own distributed banking applications1.Since the field of banking is too large for a single specification, a small subset of banking activities has been selected as the topic of this specification. We selected the area of current accounts (or checking accounts) because it is a fairly well established area of banking and, moreover, a central service for those banks that operate in the retail banking market. In the specification, we have omitted many of those details that are not relevant for the goals of this paper. This way, the specification is reasonably short but it allows the treatment of all relevant issues that are related to object-oriented distributed computing.As in all banking-related activities, many important design choices depend on the banking practices of the target country or on the decisions taken by the bank’s management [Koh94]. Consequently, the proposed specification is open-ended and it supports different kinds of poli-cies and solutions. Due to the limitations of space, however, we do not cover the full range of possibilities. Instead, we only indicate typical choices and point out the essential factors that affect the choices to be made.2The Structure of the SpecificationThis specification uses the viewpoints proposed in the Reference Model for Open Distributed Processing [ISO95a, ISO95b, ISO95c]. According to the RM-ODP, a system can be specified with the following five viewpoints:•The enterprise viewpoint focuses on the purpose, scope, and policies of the system.•The information viewpoint focuses on the semantics of information and its processing.•The computational viewpoint separates the system into objects that interact at interfaces.•The engineering viewpoint focuses on the support of distributed interactions.•The technology viewpoint focuses on the choice of technology.The rest of this presentation is structured according to the ODP viewpoints. Sections 3 and 4 discuss the enterprise and information viewpoints and provide an overview of the proposed banking system. In section 5, we present the computational specification without going into 1 The author has been involved in the design and implementation of several banking systems, including a flull-scale system for small and medium sized retail banks.the details of system configuration. Instead of concentrating on a single computational con-figuration, we specify the computational objects in a way that supports more than one configu-ration alternative. In section 6, a brief overview of the engineering viewpoint is given. Section 7 concentrates on the configuration issues that have been excluded from the computational and engineering sections. Three possible configurations are presented and, for each configura-tion, the missing parts of the computational and the engineering viewpoints are given. This section also briefly mentions the technology viewpoint, although the presentation is not in-tended to provide any detailed technology-specific information. Section 8 indicates how the use of object-oriented middleware has influenced the design process, and section 9 concludes the discussion.3The Enterprise SpecificationThis section specifies the objectives, policies, and requirements for the current account sys-tem. The primary objective of the system is to provide facilities for the bank to offer current account services for its customers. In addition, the system must allow the bank to organize its work between branches. Consequently, the structure of the system is visible through two sepa-rate aspects: functional and organizational. To support this distinction, we identify two com-munities of enterprise objects2. The communities are the following:•The functional community focuses on providing current account services to the bank’s customers.•The organizational community focuses on supporting of the bank’s organization and working practices.There are two additional motivations for this distinction. First, different authorities regulate the communities. The first community is regulated by the banking legislation of the target country while the second community depends on prevailing business practices and the bank’s desire to operate efficiently. Second, the communities have different life cycles: the bank’s organization may change completely while the current account services remain unchanged. This may happen, for example, if the bank is taken over by another bank. For both communi-ties, we list the enterprise objects that play an important role in the system and indicate how the system operates in terms of the identified objects.Functional CommunityThe functional community models the business operations related to current accounts. We identify the following roles in the community:•Bank is the organization providing current account services to its customers.•Customer is an individual or a company that owns a current account in a bank.•Account is a legal agreement between the bank and the customer stating the conditions for using the current account.2 In RM-ODP, a community denotes a configuration of objects formed to meet an objective [ISO95b].Figure 1. The functional community.These roles are illustrated in Figure 1 using the Unified Modeling Language (UML) notation [Rat97].The functional community performs the following activities that guide the life cycle of cur-rent accounts:•creation and maintenance of current account policies,•opening an account,•account detail maintenance,•applying deposits and withdrawals,•effectuating payments,•fee charging,•interest maintenance and accrual,•statement and confirmation production,•closing an account, and•canceling changes effectuated in the other activities.Creation and maintenance of current account policies allows the bank’s management to ex-plicitly determine the policies that that the bank follows in its current account operations. These policies determine the limits from overdraft facilities, applied interest rates, and the level of customer service. For example, the base interest rate of current accounts needs to be updated regularly in order to follow the fluctuations in the financial markets.Opening an account establishes an agreement between the bank and the customer. The agreement determines the terms of the account, such as the currency of the account, the fre-quency for producing statements, the amount of credit facility, allowed transaction types and the rules for charging fees and accruing interest.Account detail updating consists of making changes to the initial agreement between the bank and the customer. In addition, it is also possible to lock the account from any attempt to use it, and to re-enable it later.Applying deposits and withdrawals consists of updating the states of all affected accounts and keeping record of the transaction details. All requested operations may be suspended tem-porarily and effected later.Effectuating payments consists of transferring money either between two current accounts or between a current account and some other account. If payments involve accounts in exter-nal systems, the necessary additional information is recorded together with the current account transaction details, but the current account system is not responsible for implementing the nec-essary procedures related to the external accounts.Fee charging may be attached to any other activity, such as an automatic withdrawal fee, or it may be an independent activity, such as a monthly fee. Fees may be charged from a different account than the one that is the target of transactions.Customers are paid interest on positive balances and charged interest on negative balances. There may be different algorithms for calculating the interest, such as a fixed rate, a floating rate or a tiered rate. The accrual may also have variations, such as monthly or yearly due dates. There may be a different account for receiving the interest due to a current account.Statements and confirmations are produced automatically as defined in the account agree-ment. In addition, a number of statements and reports must be available on demand. These in-clude statements of interest, customer notifications for changes of a floating interest rate, and the reproduction of any previously generated statements or confirmations.Closing an account terminates the agreement between the bank and the customer. The sys-tem calculates the final position of the account and produces the final statement. All account information is maintained for later reference.It is possible to cancel changes made in any of the other activities. A cancellation consists of generating a chain of actions that reverses the effects of the activity to be cancelled. Both the original actions and the reverse actions are captured and stored for later inspection.There are two main sources for policies that regulate the functional community:•banking legislation of the target country, and•the bank’s management.The banking legislation determines the limits for the policies to be followed by the bank and the customer. This legislation is typically intended for regulating the banking business in gen-eral and, consequently, has little impact on current accounts. Some general regulations may still influence the current account system. For example, there is often a requirement for the bank to maintain a full record of the transaction history for a given number of years, and the requirement to maintain the privacy of all customer information. In addition, there may be regulations for controlling the permissible range of interest rates, the taxation of paid interest, etc. During the recent years, there has been a global trend of deregulation due to the interna-tionalization of capital markets [Koh94].The bank’s management determines many of those policies that are followed by the func-tional community. There are often variations in these policies and the customer may be al-lowed to choose between different alternatives when opening the account. Corporate custom-ers have typically different options than private customers, and the customer’s creditworthi-ness may also affect the available choices. The essential policies are related to the accrual of interest (how much, how often), the charging of fees (how much, on what basis), and the granting of overdraft facilities (to whom, how much). These three factors allow the manage-ment to maintain a balance between profitability and risk, and thereby ensure the bank’s com-petitiveness.Organizational CommunityAs the bank is divided both geographically and administratively, we need to consider the or-ganization of the bank when specifying the current account system. The organizational com-munity models the bank’s organization and working practices that are related to the mainte-nance of current accounts. The community contains the following roles:•Bank’s management is responsible for setting the organization and policies for the bank’s operation. It also coordinates the cooperation between the branch offices.•Branch office is the unit of business administration within the bank. Every current ac-count is the responsibility of a single branch office. Each branch office forms a security domain of its own, and access to information in other branch offices is restricted by the policies set by the bank’s management.•Teller is an individual working for the bank in one of its branch offices.•Current account system is the information system responsible for supporting the bank’s current account operations.•The IT environment represents all those information systems within the bank that need information from the current account system or provide information for it. These sys-tems include the management information system for supporting decision-making, the general ledger for bookkeeping, the SWIFT front-end for interacting with foreign banks, etc.We could have split the IT environment into several components, each representing a single external information system. However, we have decided to shrink the IT environments into a single role because there is no need for the current account system to be aware of the compli-cations that exist in the other information systems.The organizational community is involved with the following activities that support the bank’s organization and working practices:•assignment of responsibilities and security constraints,•storage and retrieval of transaction details,•monitoring the bank’s operation,•production of management information,•production of bookkeeping information, and•exchange of transactions.The assignment of responsibilities and security constraints takes place at two levels. At higher level, the bank’s management determines the responsibilities and constraints for each branch office. For example, there are limits to the amount of credit that a branch can grant to its cus-tomers. There may also be limitations to the access of information within other branches. At the lower level, the branch may impose additional security constraints and responsibilities for individual tellers. For example, a second teller or an appointed clerk must approve all transac-tions that exceed a predefined limit. In addition, some important accounts are often assigned to a few tellers only.Storage and retrieval of transaction details consists of capturing and maintaining a full his-tory of all transactions that affect the bank’s current accounts. Access to the transaction his-tory is subject to the security constraints imposed in the previous activity.Monitoring the bank’s operation consists of capturing and maintaining a full history of events in the current account system. Typical events to be captured include user logins, user logouts, changes of responsibilities and security constraints, batch run starts, etc.Production of management information consists of creating reports at different levels of detail: customer-level reports, branch-level reports, and summary reports for the whole bank. Special reports are needed for credit risk assessment at customer, branch and bank levels. The contents of the reports are determined either by external regulators or by the bank’s manage-ment. Many of these reports are regularly created and sent to the other information systems within the IT environment, but facilities are needed to produce some of them on demand.Production of bookkeeping information consists of creating summary reports for the bank’s general ledger. The goal is to propagate accurately the bank’s current account operations to the balance sheet and income statement. The information contents and the data transfer format depend on the receiving general ledger system.Exchange of transactions takes place in two different ways. On one hand, cooperation with the bank’s other information systems (such as the trade finance and the lending systems) is of-ten implemented with on-line connections. On the other hand, cooperation with external trans-action clearing systems is typically implemented with off-line file exchange. Each system has its own protocols and procedures for exchanging transactions. For example, SWIFT requires that transactions be inspected by at least two employees before the SWIFT front-end can for-ward them to the target system.The policies followed by the organizational community come from multiple sources. At least the following sources need to be considered:•bank’s working procedures,•security requirements,•IT environment, and•geographical limitations,Bank’s working procedures and security requirements are tightly interconnected because secu-rity has to be taken into account during all operations, whether automated or manual. An ac-count is at the responsibility of exactly one branch office, the account's home branch, and other branches have only limited access to it. By default, tellers are allowed to make deposits, withdrawals, and money transfers with all accounts in the system independent of their home branch. In addition, tellers are allowed to create new accounts for their own branch, close ac-counts in that branch, and make changes to the account agreements in their home branch. All branches need to have access to those banking transactions that have affected their accounts. Consequently, if a banking transaction (a payment) influences accounts in more than one branch, the transaction must be accessible to all of them.It is not uncommon that the branches of a banking organization use the same information system, but still compete against themselves in the marketplace. This imposes additional poli-cies for the proposed system. The system is required to be secure across branch boundaries. All requests coming from outside branches must be authenticated and tellers of another branch do not have access to vital business information. Typically, tellers are allowed to enter trans-actions for any accounts in the system but only tellers in the account’s home branch can in-spect and change the account agreement. In addition, some accounts can be made invisible to all other branches except its home branch.A third source of policies originates from the IT environment. These policies determine how the current account system deals with incoming and outgoing data. For example, the treatment of incorrect transactions needs to be explicitly stated for each interface between the current account system and other systems.The fourth source of policies is imposed by geographical limitations. In a typical system configuration, a branch is implemented within a single Local Area Network, while two branches can only communicate trough Wide Area Network connections. This configuration is prone to partial system failures where the branches are operational while the WAN connec-tions are lost to some or all other branches. It is typically required that branches remain opera-tional even when they are partially or completely isolated from the rest of the system. This means that tellers are allowed to enter banking transactions at all times, but those remote transactions that cannot be effectuated immediately (off-line transactions) are postponed until a later moment when the remote branch can be reached again. There may be some additional restrictions for off-line transactions, such an upper limit for the amount that can be debited from an account when its balance is not known.4The Informational SpecificationThis section specifies the information contents of the current account system and how the in-formation is processed. For the sake of simplicity, we only describe those aspects that are needed for understanding the basic operation of the system. A full specification would contain much more details, such as a complete list of attributes for each information object and de-tailed algorithms for describing the processing of information objects.Although not required by the RM-ODP, we still preserve the distinction between the func-tional community and the organizational community introduced in the enterprise specification. This allows us to break down the specification into smaller and more manageable sections. In any case, the specification indicates clear links between the objects in both communities. Functional Information SpecificationWe now identify information objects that are directly related to the provision of current ac-count services to customers. They correspond to the information needs of the functional com-munity in the enterprise specification. Later, we will also discuss the rules for processing them. The identified information objects are:•Account type is a template for account agreements.•Account agreement represents a legal agreement between the customer and the bank.•Account represents the monetary position regulated by an account agreement.•Customer is an individual or company that owns an account.•Banking transaction is an activity that changes the state of one or more accounts.•System event is an activity to be registered that does not change the state of accounts. The account type object is a template for creating account agreements. It carries the policies determined by the bank’s management and it also indicates the choices available for the cus-tomer when he opens an account. The policies indicated by the account type object include the ones applied when charging fees, accruing interest, and granting overdraft facilities.The account agreement object concerns exactly one current account. The object maintains all identification information for the account, such as the home branch and the account num-Figure 2. An invariant schema of the functional information objects.ber. It also indicates the owner of the account and other possible account users. In addition, the agreement indicates account usage restrictions, rules for interest calculations and interest accrual, and rules for fee calculations and fee charging. Changes in the account agreement are registered as system events since they do not change the monetary position of the account.The account object maintains all information concerning the monetary position and the banking transactions of the account. This includes the current account balance, the non-ac-crued interest balance, the timestamp for the last transaction, etc. All changes in the account object are registered as banking transactions.The customer object maintains the customer’s identifier, name, address, type, and other similar information. There may be customers that do not own any accounts in the system, but are simply users of some accounts.The banking transaction object stores all information that is related to the change of one or more current accounts. This includes a timestamp, a transaction type, a teller identifier, an amount, related fees, etc. All banking transactions are registered permanently to maintain the history of all accounts. The system recognizes at least the following types of transactions: withdrawal, deposit, interest accrual, fee charging, various types of money transfer, and ac-count closing.The system event object stores information related to an action that does not change the state of any account but still needs to be registered. Such actions are, for example, changes in account types and account agreements. A system event includes a timestamp, an event type, a teller identifier, and other event-dependent details. All system events are registered when they occur but some of them, such as account queries, are not stored permanently.Permanent relationships between the functional information objects are illustrated in the in-variant schema in Figure 2. System events are excluded from the figure because they are also related to the organizational information objects. They will be shown in a separate schema.Now that the functional information objects have been enumerated, we informally present the rules for processing them. When described in full detail, the rules would constitute the dy-namic schemata for the current account system. The rules can be seen as an elaboration of the activities given in the enterprise viewpoint. Now they can be expressed more accurately in terms of the information objects introduced above. To make the comparison between the viewpoints easier, we follow the order of the functional activities in the enterprise viewpoint.The creation and maintenance of current account policies gives birth to new account type objects or changes the existing account types. Every maintenance operation is recorded as a system event. Changes in the account type influence new accounts and the subsequent mainte-nance of existing account. It may also affect fee charging and interest accrual.Opening an account creates two new objects: an account agreement and an account. The procedure starts by selecting an appropriate account type and by filling in the details that de-pend on the customer, such as the account currency, a list of account users, and the frequencyof producing statements. As a result, a new account agreement object is created. Once the ac-count agreement exists, the corresponding account object is created with zero balance and zero interest balance.Account detail maintenance changes the details of an existing account agreement object and creates a system event that indicates the effectuated changes. The related account type object limits the possible changes that can be made the account agreement. This way, the sys-tem can ensure that the account agreements follow the policies set by the bank’s management.Applying a deposit or a withdrawal changes the monetary position of one or more account objects and creates a banking transaction that indicates the effectuated changes. The related account agreement may limit the type or the amount of deposits and withdrawals that can be applied to the account. A deposit typically affects only one account while withdrawals may af-fect several accounts if fees are not charged from the same account as the amount.Effectuating a payment changes the monetary position of one or more accounts and creates a banking transaction that indicates the changes. If the payment takes place between a current account and an account in an external system (e.g. an account in another bank), only one ac-count is affected in the present system but the banking transaction still keeps record of all transaction details.Deposits, withdrawals, and payments are implemented in two steps. During the first step, the banking transaction object is created, transaction details are recorded, and the transaction is marked as pending. The related accounts remain unchanged. During the second step, the changes are effectuated to all accounts and the transaction is marked as completed. Alterna-tively, it is possible to cancel a pending transaction and leave the accounts unchanged.Fee charging changes the monetary position of one or more current accounts and creates a banking transaction that indicates the changes. Fee charging may take place as a side effect of a deposit, withdrawal, or a payment. In this case, there is no need to create a separate banking transaction. However, if fees are charged, say, once a month, explicit banking transactions need to be created.Interest maintenance takes places when effectuating deposits, withdrawals, payments and fee charging. During each operation, the interest balance and other similar information is up-dated for the account. For fixed interest rates, an accurate interest balance can be maintained. For other kinds of interest algorithms, such as when calculating interest for the lowest balance of each month, the interest balance cannot be maintained during normal transaction processing and separate operations are needed to maintain the interest balance when all needed informa-tion is available. Interest accrual adds the current interest balance to the account’s balance, clears the interest balance and related information, and finally creates a banking transaction that indicates the effectuated changes.Statement and confirmation production has no direct effect for the contents of the informa-tion objects. In some cases, however, the production of an extra statement is charged from the customer and this is treated like a special case of fee charging.Closing an account has three effects. First, the unpaid interest is calculated and added to the account balance. Second, depending on the sign of the final balance, a withdrawal or de-posit transaction object is created. Finally, the account and interest balances are cleared, and the account is marked as closed.Canceling the effects of other activities can be done in two ways. For those activities that have changed a single object, the effects can be cancelled simply by updating the object again to restore its original state. For those activities that have changed more than one information object, a banking transaction has been created. In this case, the cancellation is implemented by。

Toxic Substances Control Act (TSCA) Compliance Guide© 2008 – 2011 University of New HampshireOffice of Environmental Health and Safety. All rights reserved.The most current version of this document can be found online at:/research/chemical-safety-plans-and-programsTable of ContentsI. Introduction (3)II. Roles and Responsibilities (3)A. Principal Investigators/Researchers/Laboratory Staff (3)B. Laboratory Safety Officer (3)C. Office of Environmental Health and Safety (3)III. Regulatory Requirements (4)IV. TSCA Research and Development Exemption (4)V. Domestic Shipments of TSCA-Regulated Chemicals (5)A. Applicability Determination (5)B. TSCA Domestic Shipment Form (5)C. Labeling and Recordkeeping (6)VI. Importation of Chemical Substances (6)A. Applicability Determination (7)B. Imports not regulated under TSCA (7)C. Completion of the Import Certification Form (7)VII. Exportation of Chemical Substances (8)A. Applicability Determination (8)B. TSCA Export Form (8)C. Recordkeeping (9)VIII. Adverse Reactions and Risks Notifications (9)A. Allegations of Adverse Reactions (9)B. Substantial Risk Notification (9)IX. Research and Development Grants and Material Transfer Agreements (10)Appendix A - Glossary (11)Appendix B – TSCA Domestic Shipment Form (13)Appendix C – TSCA Import Certification Form (14)Appendix D – TSCA Export Notification Form (15)I.IntroductionThis manual has been developed to assist laboratory personnel in complying with requirements of the federal Toxic Substances Control Act (TSCA). The main objective of TSCA is to identify and address the potential effects of new chemical substances to human health and the environment prior to their introduction into commerce.The UNH TSCA Compliance Guide focuses on those activities taking place in research laboratories where chemical substances may be imported, exported, or shipped domestically. This document is specifically designed to provide a mechanism for evaluating the applicability of the TSCA rules to laboratory activities. It also provides guidance for adhering to federal requirements under TSCA.The purpose of the UNH TSCA Compliance Guide is to:•Provide information for determining the applicability of TSCA in laboratories at UNH;•Explain the TSCA Research & Development exemption; and•Provide guidelines for importing, exporting, and making domestic shipments.A glossary of terms has been provided in Appendix A. All questions regarding the TSCACompliance Guide should be directed to the UNH Office of Environmental Health and Safety.II.Roles and ResponsibilitiesThe roles and responsibilities of those who may be involved in TSCA-regulated research activities are listed below.A.Principal Investigators/Researchers/Laboratory StaffPrincipal investigators, researchers, and all laboratory personnel are responsible for:•Reviewing the UNH Laboratory Safety Plan and complying with best management practices;•Completing all applicable documentation (e.g., import forms, export forms) for chemical substances brought into, shipped out of, or delivered to another organization, person, orfacility.•Reporting all adverse health effects and seeking medical treatment when necessary; and•Notifying the UNH Office of Environmental Health and Safety if non-compliance is discovered.•Maintain copies of required documentation for three years.boratory Safety OfficerThe Laboratory Safety Officer is responsible for ensuring that:•The prudent practices requirement of the TSCA research and development exemption is satisfied through the Laboratory Safety Plan;•The required documentation for chemical use and transfer is maintained; and•The corrective action is taken when a deficiency is identified.C.Office of Environmental Health and SafetyThe UNH Office of Environmental Health and Safety shall:•Place the UNH TSCA Compliance Guide on the UNH website and distribute the link to all affected laboratory personnel;•Provide assistance and guidance as necessary for compliance with this document;•Review allegations of adverse health and/or environmental effects and make a determination as to whether or not the U.S. EPA should be notified; and•Maintain and update the UNH TSCA Compliance Guide.III.Regulatory RequirementsThe U.S. Environmental Protection Agency’s (U.S. EPA) Office of Pollution Prevention and Toxics (OPPT) administers the TSCA regulations. Unlike other federal statutes which regulate a chemical risk after the chemical has been introduced into commerce, the major objective of TSCA is to characterize and understand the risks a chemical poses to humans and the environment before it is introduced into commerce. TSCA applies to persons, facilities, and companies that manufacture, process, distribute, use or dispose regulated chemicals. Chemical substances regulated by TSCA include:“Any organic or inorganic substances of a particular molecular identity, including anycombination of such substances occurring, in whole or in part, as a result of chemicalreaction or occurring in nature, and any element or uncombined radical.”Note: All organic and inorganic substances used in research laboratories meet this definition.The U.S. EPA compiles and maintains a list or “inventory” of chemical substances manufactured, imported, or processed in the United States for commercial purposes. The TSCA inventory contains more than 82,000 chemicals and is updated semi-annually by adding and/or delisting chemicals. Any chemical that is not listed on the EPA’s inventory of chemical substances is considered a “new chemical” and therefore is regulated under TSCA. The UNH Office of Environmental Health and Safety should be contacted to determine if a chemical is on the TSCA inventory.Any chemical substance, which is manufactured or processed only in small quantities solely for purposes of scientific experimentation, is specifically excluded from the TSCA inventory. Scientific experimentation includes analysis or chemical research on, or analysis of, such substance or another substance, including such research or analysis for the development of a product.IV.TSCA Research and Development ExemptionEPA regulations set forth in 40 CFR 730.36 provide an exemption from certain notification and “new use” requirements. This exemption only applies when small quantities of new chemicals are imported, exported, and/or used solely for Research and Development (R&D) purposes while under the supervision of a technically qualified individual.According to the U.S. EPA, the following may be considered R&D activity:•Chemical synthesis and physical/chemical properties testing in the laboratory;•Health and environmental effects testing;•Tests or demonstrations of equipment or production processes; or•Efficacy and performance tests.Laboratory activities meet the requirements for the R&D exemption when the following conditions are met:1.R&D chemicals must be used in small quantities only.2.R&D chemicals must be used under the supervision of a technically qualified individual.3.All new chemicals for which little or no environmental, health, or safety data exists must bepresumed a hazardous substance. All individuals within the laboratory with the potential tocome into contact with the chemical must be notified of its risks. This notification may becommunicated verbally but should be documented to demonstrate compliance with TSCArequirements.4.R&D chemicals may be sold or distributed for further R&D without losing the R&Dexemption status. However, it is critical that the recipient use the substance solely for R&D.5.Material Safety Data Sheets (MSDS) must be available in UNHCEMS™ for all new chemicalsbrought into the laboratory. Copies of all MSDS’s, along with any vendor safety data, must besubmitted to the UNH Office of Environmental Health and Safety if available.6.If a new chemical, for which little or no environmental, health or safety data exists, will betransferred to another laboratory, the researcher must inform the recipient, in writing, of anyknown or potential risks associated with the substance.7.Adverse reactions to human health or the environment are documented (see Section IX).8.Import, export, and domestic transfer procedures for R&D chemicals must be followed (seeSections VI, VII, and VIII).9.Relevant documents are kept on file for a minimum of three (3) years.UNH researchers must be able to demonstrate that their activities are eligible for the R&D exemption.The TSCA R&D Exemption does not provide research laboratories with a complete exemption from compliance with these regulations. Refer to the following sections to determine compliance issues related to chemical shipments and adverse reactions.V.Domestic Shipments of TSCA-Regulated ChemicalsShipments of TSCA-regulated chemicals to locations within the United States must be accompanied by documentation that informs the recipient of potential or actual hazards. This includes transfers to other laboratories for R&D purposes.A.Applicability DeterminationDomestic shipment of chemical substances within the U.S. includes the following:•Carrying the chemical on your person or in your baggage. This practice is not recommended, and may violate domestic or international law, contact OEHS for more information; or •Shipping the chemical through the mail or express delivery service (e.g., FedEx, UPS, etc.).A completed and signed TSCA Domestic Shipment Form provided in AppendixB mustaccompany all such shipments.B.TSCA Domestic Shipment FormThis form includes text required by TSCA stating that the chemicals to be transferred must beused for R&D purposes only. If the chemical to be transferred is not to be used for R&D only,please contact the UNH Office of Environmental Health and Safety for guidance as there maybe additional requirements.1.Shipment ContentsAttach additional sheets that identify the structure of the compound(s), formula and nameChemical Abstract Service (CAS) numbers if available, and any other additional informationavailable regarding the composition of the material.2.Health or Physical HazardsIf little or no known environmental, health, or safety data exists, at a minimum, theresearcher must provide in writing any known hazards or risks associated with the substanceas indicated on the TSCA Domestic Shipment Form, including:•Material Safety Data Sheet (MSDS), if available;•Physical properties of the chemical, if known;•Classes of compounds with similar properties, if known;•Suspected hazards as applicable; and•Indication that the hazards associated with the chemical have not been fully evaluated.3.Shipper/Recipient InformationComplete the shipper’s information as well as the recipient’s contact information. Thissection includes:•Shipper’s name;•Shipper’s telephone number;•Ship date; and•Recipient’s name and contact number.beling and Recordkeeping1.If little or no known environmental, health, or safety data exists, label the chemical containeras follows:“The hazards associated with this chemical have not been fully evaluated. Thischemical is to be used for research and development purposes only, under thesupervision of a technically qualified individual.”bel the outside of the shipping package with the words, “Contents to be used for Researchand Development Purposes Only.” Follow U.S. Department of Transportation (DOT) andInternational Air Transport Association (IATA) requirements as appropriate.3.Maintain a copy of the signed TSCA Domestic Shipment Form and copies of anyenvironmental, health, or safety data/information provided, in the laboratory for three (3)years.VI.Importation of Chemical SubstancesShipments of TSCA-regulated chemicals into the United States from foreign countries must be accompanied by information that informs the recipient of potential or actual hazards. This includes transfers from other laboratories for R&D purposes.A.Applicability DeterminationThe TSCA Import Certification Form (see Appendix C) must be completed for any chemical that is brought into the U.S. by any means, including:•Chemicals brought into the U.S. through Customs;•Chemicals shipped to the U.S. from a foreign location (including materials shipped by a colleague, friend, coworker, etc.);•Chemicals that are hand carried or are in personal baggage (not recommended); or•Independent imports (i.e., arrangements with a foreign vendor to send a chemical from outside the U.S.).Note: In cases where a chemical is imported through a vendor/supplier/distributor (i.e., VWR, Fisher, etc.), the importer will complete the TSCA Import Certification Form. No action from the researcher is required.B.Imports not regulated under TSCAThe following substances are not regulated for import under TSCA:•Food, drugs, cosmetics, medical devices, or other materials regulated by the Food and Drug Administration or chemicals that are manufactured exclusively for these uses;•Firearms, ammunition, and other materials, regulated under the Bureau of Alcohol, Tobacco, and Firearms including Tobacco/tobacco products;•Nuclear or other radioactive material that is regulated by the Nuclear Regulatory Commission;•Pesticides that are registered under the Federal Insecticide, Fungicide, and Rodenticide Act (pesticide intermediates and individual components of a pesticide are covered);•Items containing a chemical substance or mixture that is not intended to be removed from the item and that has no end use or commercial purpose separate from the item (fluids and particles are not considered articles).When importing a substance that is not regulated by TSCA, contact the Office of Environmental Health and Safety.pletion of the Import Certification FormThe researcher must forward a completed Import Certification Form with a Purchase Order to the foreign vendor/shipper. The Purchase Order must include the following text: “This chemical substance will be used for research and development purposes only.”The Purchase Order must also include:•The identity of the substance;•The Chemical Abstract Service (CAS) number if available; and•The quantity of the substance ordered.The vendor/shipper must be instructed to include the Import Certification Form with the shipment so that it will be available to the Customs officer when it enters the country. The researcher must keep the import certification and the Purchase Order on file for three (3) years.A copy of the Import Certification Form should also be forwarded to the UNH Office ofEnvironmental Health and Safety.VII.Exportation of Chemical SubstancesChemicals listed in the U.S. EPA’s Chemicals on Reporting Rule (CORR) Database that are shipped from the United States to foreign countries must be accompanied by a UNH TSCA Export Notification Form. This includes transfers to laboratories abroad for R&D purposes.A.Applicability DeterminationThe TSCA Export Notification Form in Appendix D must be completed when a chemical to beexported is listed in the TSCA CORR Database. Contact OEHS to query the CORR Database.A chemical is considered to be exported when:•Chemicals are shipped to a foreign location (including materials shipped to a colleague, friend, coworker, etc.); or•Chemicals are hand carried or are transported in personal baggage (not recommended).B.TSCA Export Notification Form1.OEHS will find your chemical in the TSCA CORR Database and notify you which is theappropriate TSCA Section for your chemical:•Section 4, which pertains to new chemical Test Rules and is a one time notification for the destination country; or•Sections 5, 6, or 7, which pertain to new chemical Pre-Manufacture and Significant New Uses regulations and is an annual notification to the destination country.2.Specific information must be listed on the form, including:•Chemical structure and formula;•CAS number, if applicable;•Name and address of exporter;•Country of import;•Name and address of recipient; and•Date of export.Postmark Note: OEHS will mail the Export Notification Form; it must be postmarkedwithin seven (7) days after accepting a definite contractual obligation or reaching a finaldecision to export. When the actual export occurs less than seven (7) days after the exportobligation or agreement has been executed, the notice must be submitted to the U.S. EPAno later than the same day as the export.3.Contact information for the sender and recipient must be included on the form. Thisinformation includes:•The name and contact information for the person submitting the chemical substance for export;•The name and contact information for the recipient.C.RecordkeepingThe researcher must keep one copy of the Export Notification Form and submit a second copyto OEHS. OEHS will submit the form. Copies of all export notifications must be kept on file forthree (3) years.VIII.Adverse Reactions and Risks NotificationsA.Allegations of Adverse ReactionsAllegations of significant adverse reactions to health and the environment alleged to have beencaused by a chemical substance used for R&D purposes in the laboratory must be kept on fileand submitted to OEHS immediately.Types of reactions considered significant by the U.S. EPA include, but are not limited to:1.Human Health Reactions•Long-lasting or irreversible damage, such as cancer or birth defects;•Partial or complete impairment of bodily functions, such as reproductive disorders;•An impairment of normal activities experienced by all or most of the persons exposed at one time; or•An impairment of normal activities that is experienced each time an individual is exposed.2.Environmental Reactions•Gradual or sudden changes in the composition of animal or plant life, including fungal or microbial organisms in the area;•Abnormal number of deaths by organisms (e.g., fish kills);•Reduction of the reproductive success or the vigor of a species;•Reduction in agricultural productivity, whether crops or livestock;•Alterations in the behavior or distribution of a species; or•Long lasting or irreversible contamination of components of the physical environment, especially in the case of groundwater, and surface water, and soil resources that havelimited self-cleansing capability.B.Substantial Risk NotificationThe U.S. EPA must be informed if there is information that reasonably supports the conclusionthat a chemical substance presents a significant risk of injury to health or the environment. Theperson reporting allegations of significant adverse reactions must document it in writing, sign it,and forward a copy to the Office of Environmental Health and Safety. If warranted, OEHS willsubmit a report to the U.S. EPA within 30 calendar days and will include:•The name and address of the site which received the allegation;•The date of the allegation;•The implicated substance, mixture, article, process or operation, or site discharge;• A description of the “alleger” (e.g., employee, student). If the allegation involves a health effect, the sex and year of birth of the individual should be recorded, if ascertainable;• A description of the alleged health effect(s). The description must relate how the effect(s) became known and the route of exposure, if explained in the allegation; and• A description of the nature of the alleged environmental effect(s), identifying the affected plant and/or animal species, or contaminated portion of the physical environment.Allegations concerning the health of any employee arising from any employment-relatedexposure must be maintained for 30 years from the date the report is submitted to the U.S. EPA.All other allegations must be maintained for five (5) years.IX.Research and Development Grants and Material Transfer AgreementsUNH receives more than $100 million in research by government, non-government, and private sector organizations. The Office of Sponsored Research uses the “Request for Internal Approval of Grant or Contract Application to External Sponsor,” or “Yellow Sheet,” to manage the acquisition and distribution of the majority of those funds. This form is available on the UNH website at /research/get-approvals.Additionally, Material Transfer Agreements (MTA) are required for materials used in research in instances where no third party controls transfer by an existing agreement. The MTA serves as supporting documentation for R&D activities that are regulated under TSCA to certify that the material will be used for R&D only. The MTA is administered and processed through the UNH Office of Research Partnerships and Commercialization (ORPC). This form is available on the UNH website at /research/material-transfer-agreements-mtas.Appendix A - GlossaryAllegation: A statement, made without formal proof or regard for evidence, that a chemical substance or mixture has caused a significant adverse reaction to health or the environment.”Article: A manufactured item (1) which is formed to a specific shape or design during manufacture, (2) which has end use function(s) dependent in whole or in part upon its shape or design during end use, and (3) which has either no change of chemical composition during its end use or only those changes of composition which have no commercial purpose separate from that of the article and that may occur as described in 40 CFR 720.36(g)(5), except that fluids and particles are not considered articles regardless of their shape or design.Byproduct:A chemical substance produced without a separate commercial intent during the manufacture, processing, use or disposal of another chemical substance or mixture.Chemical substance:Any organic or inorganic substance of a particular molecular identity, including any combination of such substances occurring in whole or in part as a result of a chemical reaction or occurring in nature, and any chemical element or uncombined radical, except that “chemical substance” does not include:1.Any mixture;2.Any pesticide when manufactured, processed, or distributed in commerce for use as a pesticide;3.Tobacco or any tobacco product;4.Any source material, special nuclear material, or byproduct material;5.Any pistol, firearm, revolver, shells or cartridges; or6.Any food, food additive, drug, cosmetic, or device, when manufactured, processed, or distributedin commerce for use as a food additive, drug, cosmetic or device.Dispose: To get rid of something.Distribute: To sell, introduce or deliver a chemical substance for introduction into commerce.Importer: Any person who imports a chemical substance, including a chemical substance as part of a mixture or article, into the customs territory of the United States. “Importer” includes the person primarily liable for the payment of any duties on the merchandise or an authorized agent acting on his or her behalf. The term also includes, as appropriate:1.The consignee;2.The importer of record;3.The actual owner if an actual owner’s declaration and superseding bond has been filed inaccordance with Subpart C of 19 CFR Part 144.Impurity: A chemical substance, which is unintentionally present with another chemical substanceIntermediate: Any chemical substance that is consumed, in whole or in part, in chemical reactions used for the intentional manufacture of another chemical substance(s) or mixture(s), or that is intentionally present for the purpose of altering the rates of such chemical reactions. Manufacture: To produce or manufacture in the United States or import into the customs territory of the United States. TSCA jurisdiction over manufacturers is limited to persons who manufacture a chemical substance “for commercial purposes”.Manufacture or Import for Commercial Purposes: To import, produce, or manufacture with the purpose of obtaining an intermediate or eventual commercial advantage for the manufacturer or importer, and includes, among other things, “manufacture” of any amount of a chemical substance or mixture:1.For commercial distribution, including test marketing;2.For use by the manufacturer, including use for product research and development or as anintermediate.Mixture: Any combination of two or more chemical substances if the combination does not occur in nature and is not, in whole or in part, the result of a chemical reaction, except “mixture” does include:1.Any combination which occurs, in whole or in part, as a result of a chemical reaction if thecombination could have been manufactured for commercial purposes without a chemical reaction at the time the chemical substances comprising the combination were combined, and if all of the chemical substances comprising the combination are not new chemical substances, and 2.Hydrates of a chemical substance or hydrated ions formed by association of a chemicalsubstance with water, so long as the non-hydrated form is itself not a new chemical substance. New Chemical Substance: Any chemical substance not included on the TSCA inventory. Process: The preparation of a chemical substance or mixture, after its manufacture, for distribution in commerce.Significant Adverse Reactions:Reactions that may indicate a substantial impairment of normal activities or long lasting or irreversible damage to health or the environment.Small Quantities Solely for Research and Development: Quantities of a chemical substance manufactured, imported, or processed or proposed to be manufactured, imported, or processed solely for research and development that:1.Are not greater than reasonable necessary for such purposes; and2.Are used by, or directly under the supervision of, a technically qualified individual(s). Technically Qualified Individual: A person or persons who:1.Because of education, training, or experience, or a combination of these factors, is capable ofunderstanding the health and environmental risks associated with the chemical substance which is used under his or her supervision,2.Is responsible for enforcing appropriate methods of conducting scientific experimentation,analysis, or chemical research to minimize such risks, and3.Is responsible for the safety assessments and clearances related to the procurement, storage, use,and disposal of the chemical substance as may be appropriate or required within the scope of conducting a research and development activity.Test Marketing:The distribution in commerce of no more than a predetermined amount of a chemical substance, mixture or article containing that chemical substance or mixture, by a manufacturer or processor, to no more than a defined number of potential customers to explore market capability in a competitive situation during a predetermined testing period prior to the broader distribution of that chemical substance, mixture, or article in commerce.Use: The act or practice of employing something.。

October 1994Revised May 2003Page 1of 13MAINTENANCE AND INSPECTIONTable of ContentsPage1.0SCOPE (2)1.1Changes (2)2.0LOSS PREVENTION RECOMMENDATIONS (2)2.1Introduction (2)2.2Operation and Maintenance (2)2.2.1General (2)2.2.2Managed Maintenance (3)2.2.3Failure Analysis (6)2.3Contingency Planning (6)2.4Training (6)3.0SUPPORT FOR RECOMMENDATIONS (6)3.1Loss History (6)4.0REFERENCES (7)APPENDIX A GLOSSARY OF TERMS (7)APPENDIX B DOCUMENT REVISION HISTORY (7)APPENDIX C SUPPLEMENTARY INFORMATION (7)C.1Program Review (7)C.1.1General (7)C.1.2Equipment Related (8)C.1.3Facility Related (9)C.2Contingency Planning (9)C.2.1Facility Contingency Plan (9)C.2.2Equipment Contingency Plan (10)C.3Risk Based Inspection (RBI)an FM Global Overview .................................................................10List of FiguresFig.1.Log-log plot of consequence vs.likelihood with lines of constant risk...........................................13List of TablesTable 1.Typical Boiler and Machinery (B&M)and Fire and Extended Coverage (F&EC)Exposures (7)Table 2.Scenario Development,Consequence Measurement,and Risk (12)Table 3.Semi-quantitative Risk Matrix .........................................................................................................13FM Global9-0Property Loss Prevention Data Sheets 17-0©2003Factory Mutual Insurance Company.All rights reserved.No part of this document may be reproduced,stored in a retrieval system,or transmitted,in whole or in part,in any form or by any means,electronic,mechanical,photocopying,recording,or otherwise,without written permission of Factory Mutual Insurance Company.1.0SCOPEThe purpose of this data sheet is to provide guidance for developing cost effective loss prevention maintenance and inspection programs for facilities,systems,and equipment.It also provides guidance for evaluating the adequacy of existing maintenance and inspection programs and is a reference for initiating programs or making needed improvements to existing programs.Guides for evaluating maintenance and inspection programs and contingency planning are provided in Appendix C.Design of equipment,systems,and facilities is beyond the scope of this data sheet.However,decisions made at the design stage can have a great impact on the structure,cost,and effectiveness of any maintenance and inspection rmation on the design of maintainable assets(facilities,equipment,systems,etc.) can be found in data sheets and other documentation specific to the application.Recommended maintenance and inspection for specific equipment,systems,and facilities may be found in the data sheets for these items.1.1ChangesMay2003.Revised section titled‘‘3.1Loss History’’.Also made minor editorial changes.2.0LOSS PREVENTION RECOMMENDATIONS2.1IntroductionThe basic philosophy of managed maintenance1is to economically maintain equipment and facilities in proper condition identifying problems in their incipient stage,making appropriate adjustments,and correcting problems at the first opportunity while minimizing unplanned shutdowns.This requires attention to detail and considerable planned inspection and monitoring activity.For equipment,this includes idle,shutdown,and operating periods;for buildings,both occupied and unoccupied facilities.When purchasing new equipment, maintainability is a key consideration.2.2Operation and Maintenance2.2.1General2.2.1.1Every organization should have a clearly defined written maintenance program which includes:a)a policy statement and a maintenance manual,or equivalent,spelling out a definite assignment of responsibilities and accountabilities;and b)preventive maintenance practices and procedures.2.2.1.2Maintenance practices and procedures should address:a)Equipment records;b)Maintenance requirements for each piece of equipment critical to production2,valuable equipment3and for the facility itself.2.2.1.3Facility personnel should ensure that equipment is operated within design parameters and preferably within control limits.Exceeding design parameters should not be done without concurrence of the manufac-turer.All necessary testing and monitoring programs should be implemented in a logical manner(i.e., following manufacturer’s recommended practices and data sheets).1Managed maintenance includes not only planning the maintenance program,but also implementing and controlling it. Therefore,the term managed maintenance is preferred,over planned maintenance.2Equipment critical to production is defined as that equipment which,regardless of its replacement cost,would inhibit production or otherwise adversely affect the operation of a facility.3Valuable equipment,in the context used,is defined as equipment having a high replacement cost,but which will not necessarily impact production or facility operations.2.2.1.4Planned inspection and testing activities are an integral part of equipment condition evaluation and need the commitment and backing of both local and corporate management to ensure their success.When inspection and testing are necessary,there should be a commitment to perform a thorough evaluation using qualified personnel.When repair work is necessary,the personnel involved should be qualified for the work to be done.There are numerous tools and approaches for planning inspection and testing activities,many of which are integrated into maintenance scheduling and planning tools.Refer to Appendix C.3for an FM Global overview of Risk Based Inspection,a methodology used at some facilities.2.2.1.5Building and support systems should receive visual inspection and routine servicing in accordance with recognized engineering practices(i.e.,periodic examination of roof areas to determine condition,build-up of debris,condition of flashings,etc.).Special consideration should be given to seasonal concerns such as clearing roof drains,clearing snow from the lower areas of multilevel roofs,checking for freeze potential, and in wind-prone areas,checking the securement of roofs,wall panels,etc.2.2.1.6Equipment should be supervised to ensure that performance is within its design specifications and control limits.At a minimum,parameters critical to operations should be appropriately monitored.Operating personnel must also be aware of the proper response to prevent or control damage when operating param-eters reach their limits or change drastically.They should be authorized to act accordingly.2.2.1.7Operating records should be regularly reviewed and evaluated by trained,qualified personnel who are empowered to take appropriate actions.2.2.1.8To ensure accuracy of machinery condition monitoring and control,supervisory and safety equipment, such equipment and systems should be regularly checked and calibrated in accordance with the equip-ment manufacturer’s specifications.Calibration should be performed within prescribed time periods.All items requiring calibration should be identified by use of either dated calibration stickers or by listing them in a calendar-driven log.2.2.1.9Provide a maintenance schedule for all equipment and facilities requiring maintenance actions.The frequency and extent of activity should be determined on the basis of experience with similar equipment and buildings and of the recommendations of equipment manufacturers,user groups,data sheets and trade and technical associations.All abnormal occurrences should be documented and carefully evaluated;and corrective measures(repairs, modifications,improvements,etc.),completed in a timely manner.2.2.1.10All maintenance activity,operation history and equipment modifications,as well as the types and quantities of replacement parts(spares),should be recorded.2.2.1.11After completion of repair work,suitable testing should be carried out prior to operation to establish and record new baselines for monitoring.2.2.1.12To facilitate equipment identification,suitable tags should be permanently attached in visible locations,where applicable.2.2.2Managed MaintenanceManaged maintenance applies to production equipment,support equipment,and facilities.Breakdown (unplanned)maintenance is generally unacceptable.However,it can be an acceptable part of managed maintenance when the equipment or facility:•is low cost,•is readily available in the market place,•has negligible time element/business interruption(TE/BI)impact,and•presents minimal potential for consequential damage(whether from mechanical or electrical breakdown, fire,collapse,etc.).The necessary sophistication of a managed maintenance program varies with the complexity and size of a facility.However,regardless of size,complexity or sophistication,to be effective,a program should embody certain basic elements,which are described in the section that follows:2.2.2.1A written statement of commitment(maintenance policy)to preserve and protect the assets of a com-pany should be generated on as high a management level as possible.It should mandate written procedures and adherence to them.The statement should be distributed to and be understood by all employees to whom it applies.A sample policy statement reads:‘‘It is the policy of XYZ Corporation to have a managed maintenance program.Written maintenance policies and practices based on sound engineering practices and economic principles describe the program.Docu-mented maintenance decisions are to be made for all equipment,systems,and buildings with priority given to critical support systems and/or production equipment.’’2.2.2.2A written maintenance program describing the methods,policies and practices by which maintenance is to be conducted should include the following,plus background and support information where necessary:1.A statement of scope,purpose and intent.2.A description of the maintenance organization including functional descriptions and assignment of responsibilities.3.In addition,the maintenance manual could address:a)equipment and building records,b)equipment and building maintenance requirements,c)the work order system,d)maintenance procedures,e)maintenance reports and records,f)maintenance schedules,g)one-line electrical diagrams,h)piping and instrumentation diagrams for mechanical systems;andi)design information(including method for controlling and tracking revision levels).2.2.2.3All facilities and equipment covered by the program should be listed on a master maintenance list or in program segment master lists as defined in the program.The list is the foundation of the mainte-nance system and should be kept up-to-date.The following data should be documented for each listed item:1.Identification(item or building no.)2.Equipment manufacturer’s details(name,model,and serial number)3.Technical details(rated speeds,rated power,capacities,frame size,etc.)4.Location of building and systems plans,equipment manuals and drawings,technical manuals,and special maintenance procedures5.Location and condition of major spare parts6.Local supplier or agent information7.Protective devices and their functions2.2.2.4Analysis of Operations2.2.2.4.1Operations should be analyzed to identify equipment,components,and support services whose failure would cause a complete or significant disruption of operations.Block or flow diagrams should be developed showing all important equipment,processes and support services,e.g.,HVAC,air,electrical,etc.Equipment important to facility operation and support and any other equipment with a high replacement cost should be identified for priority attention.To aid in the decision making process,manufacturers’technical manuals,industry standards,and data sheets should be consulted for recommended maintenance actions and frequencies.Input based on experience from maintenance personnel and operators should also be provided.Maintenance requirements should be documented for each system,piece of equipment,major component and building.2.2.2.5Planning and SchedulingMaintenance can be scheduled either by manual or automated means,either of which will generate a work order.The required work order should be concise and clear to the worker and should provide adequate infor-mation for the task required.The work order should be designed to include feedback.Feedback is essential on each activity and should be entered into the equipment record.Employee identification and actual time used should be included.Unscheduled maintenance is normally handled via a maintenance work order.Provision for feedback on this form is also essential and,like scheduled maintenance,required information should be entered into the equip-ment record.The current status of all active work orders should be known.2.2.2.6RecordsRecords(historical data)pertinent to equipment and facilities covered by the program should be maintained, including at a minimum:building blueprints,equipment nameplate data,purchasing information,age,design and installation information,acceptance test data,and applicable data from the manufacturer’s technical manuals.Also record inspections and tests completed and their results,scheduled and unscheduled maintenance and cost,repair parts and materials used and cost,modifications and capital improvements completed,and application changes.A record of spare parts available on-site should be maintained.A list of names,addresses,and telephone numbers of parts and equipment suppliers,technicians available to service,and rental possibilities(if applicable)should also be maintained.2.2.2.7AuditAn audit,including maintenance performance checks,should be performed on a planned basis by a knowl-edgeable person,preferably from outside the maintenance organization.The audit should include,but not be limited to the following:•Equipment operating records•Maintenance activity records•Maintenance activity backlog lists•Previously made recommendations(FM Global,maintenance,manufacturer,etc.)•Letters and bulletins from equipment manufacturers and FM Global•Equipment records•Planned dismantle inspections of major equipment•Periodic tour through the facilityAudit activities should involve an intensive review of records to determine if maintenance activities or frequencies should be altered.2.2.2.8Contract MaintenanceWhere contract maintenance services are utilized,management should be clear on exactly what services and servicing equipment are provided.Also,management should identify which equipment and what activi-ties remain the responsibility of the facility and how facility and contractor personnel will interface.Both the service requirements and completed work records should be provided to the facility in documented form and reviewed by the facility on a regular basis to ensure that contract requirements are met.2.2.3Failure AnalysisAs an aid to preventing recurrence of similar incidents and for revision of the maintenance program,inves-tigations should be made into the root causes of significant equipment breakdowns or building problems. The investigation should result in a report which should contain specific recommendations to prevent recurrence.Application of these recommendations to similar equipment and facilities should be evaluated. Records concerning failures should be reviewed.Items pertinent to failure analysis include:•Equipment records•Problem reports and repair/alteration history•Statement of maintenance requirements•Systems and equipment dismantle inspection reports•Original equipment manufacturer(OEM)technical letters and bulletins•Maintenance records,including procedural details.These should be examined carefully to ensure that there are no flaws or omissions in the procedures that would allow a similar occurrence in the future •The backlog of related maintenance items•Any report(s)produced in connection with the failure,i.e.,:—Analysis/inspection of failed parts—Description of symptoms—Troubleshooting report2.3Contingency Planning2.3.1A contingency plan should be developed for any equipment or support service that is used,directly or indirectly,in the production process or facility operation,whose being out of service could result in significant interruption of operations and/or damage to itself or other equipment.The plan should be used whenever such equipment is out of service.It can also be used to expedite maintenance outages.2.4Training2.4.1Maintenance and operating personnel should be appropriately trained.Programs should be designed to familiarize personnel with the performance characteristics of the equipment,as well as with mechanical components and the work of other disciplines.Training must be an ongoing process to maintain acceptable levels of competence.3.0SUPPORT FOR RECOMMENDATIONS3.1Loss HistoryLoss experience with maintenance related incidents is extensive.FM Global experience shows that,all too often,maintenance is not effectively applied.Typical B&M and F&EC exposures are shown in Table1.Table1.Typical Boiler and Machinery(B&M)and Fire and Extended Coverage(F&EC)Exposures B&M Exposures F&EC ExposuresMechanical breakdown Electrical breakdown(primary) Pressure vessel breakdown Service interruptionEscaped liquidsFiresCollapse Molten materialsExplosionFreeze-ups Windstorm damageMost frequently reported reasons for the occurrences were:•Testing/inspections not performed•Maintenance not performed•Inadequate maintenance•Failure to document maintenance actions•Electrical failures•Improper installation or construction•Failure to adapt to change of function or use4.0REFERENCESThere are no references for this document.APPENDIX A GLOSSARY OF TERMSFSE:Facilities,Systems,and Equipment.Managed maintenance:includes not only planning the maintenance program,but also implementing and controlling it.RBI:Risk Based Inspection.APPENDIX B DOCUMENT REVISION HISTORYSeptember2002.An FM Global overview of Risk Based Inspection was added as Appendix C.3,Risk Based Inspection an FM Global Overview,and a reference to this Appendix has been added to Recommendation 2.2.1.4.Also,the title and Scope of this Data Sheet have been editorially changed from Maintenance to Main-tenance and Inspection to highlight the importance of inspection in any maintenance program.May2001.Editorial changes only.No technical changes were made.January2000.The October1994edition of this document was reorganized to provide a consistent format. No technical changes were made.APPENDIX C SUPPLEMENTARY INFORMATIONC.1Program ReviewThe following questions are suggested as a guide to evaluate an overall maintenance program.Based upon response to the questions,improvements may be needed.C.1.1GeneralC.1.1.1Is there a written Maintenance Policy Statement?If yes,:1.Does it mandate written procedures and adherence to them2.Is it understandable3.Has it been distributed to all employees to whom it appliesC.1.1.2Is there a Maintenance Management Program?If yes,does it address:1.A work order and follow-up system2.A maintenance system or system,3.Planning and schedulinganization5.TrainingC.1.1.3Is the written Maintenance Program:able(understandable)ed3.Up-to-dateC.1.1.4Are there Master Maintenance Lists for facilities and/or equipment?Are there complete building plans available?If yes,have the lists and plans been updated within the last five years?C.1.1.5Is the location of all building systems plans and equipment technical manuals known?C.1.1.6Are technical manuals and/or written procedures readily available to operating and maintenance personnel?If yes,are they current and are they understandable?C.1.1.7Is there a work order system in place for:1.Routine corrective maintenance2.Planned maintenanceC.1.1.8Do planned maintenance work orders contain:1.Location of systems and/or equipment2.Procedure(or reference)3.List of required tools,parts,materials,test equipment4.Adequate space for feedback5.Expected time to complete taskC.1.1.9Are persons doing maintenance required to document feedback information on the work order? C.1.2Equipment RelatedC.1.2.1Do equipment maintenance records contain:plate data2.Modifications3.Test information4.Description of repairs,including frequency5.Repair costC.1.2.2Is equipment availability documented for all critical equipment,processes,and systems?If yes,is this information used to adjust maintenance requirements?C.1.2.3Have breakdowns of critical and valuable equipment been thoroughly investigated and the results documented?Was the root cause determined,and was corrective action taken to prevent recurrence?C.1.2.4Concerning equipment operating records:1.Are they kept up-to-date2.Are operating limits indicated on logs3.Are completed logs reviewed by supervisorsC.1.2.5Is all valuable equipment and equipment vital to operations on a documented maintenance schedule? If not,briefly describe priorities used.C.1.2.6For each piece of equipment receiving managed maintenance,is there documentation listing:1.All required maintenance and testing2.Frequencies for maintenance and testing3.Craft and skill level required4.Any related maintenance and testingC.1.2.7Are equipment inspections geared toward validating the maintenance effort and assessing equipment operating condition?C.1.3Facility RelatedC.1.3.1Is there a documented maintenance,inspection and testing program for all property loss,fixed suppression)?If yes,are all prevention/control systems and equipment(e.g.,sprinkler systems,CO2systems and equipment entered in the Master Maintenance list?C.1.3.2Are there documented records of completed maintenance actions,inspections,and tests(including findings and results)?C.1.3.3Does the facility have an active Emergency Response Organization(ERO)?If yes,is the ERO call list and list of assigned personnel current?C.1.3.4Does a freeze exposure potential exist?If yes,does a freeze prevention plan exist?C.1.3.5Does a roof overload potential exist from either snow,rainwater,or product?If yes,is there a plan for drainage or accumulation removal?C.1.3.6Does a flood potential exist for this facility?If yes,is there a plan to minimize flood damage to buildings and equipment(e.g.,closing off ground level openings)?If provided,are berms,dikes,floodgates, flood shields,pumps,equipment hoists,etc.considered in the maintenance plan?C.1.3.7Are all planned building occupancy changes evaluated for impact on existing structures,roof load potential,and/or adequacy of fire protection?C.1.3.8Are the building roof systems regularly evaluated for leakage and wind damage potential.If yes, are the results documented?C.1.3.9Is there a regular inspection and maintenance plan in place to ensure the continued structural integrity of the buildings at the facility?C.1.3.10Is existing security adequate to deter theft and arson?C.2Contingency PlanningThe purpose of a contingency plan is to prepare for an incident or loss so that a minimal amount of time and expense is incurred to restore operations.With a properly prepared contingency plan,minimal time, expense and frustration are spent recovering from the incident.The plan contains information needed to expedite recovery and reduce the loss exposure.C.2.1Facility Contingency PlanA facility contingency plan contains two parts:(1)an itemized index of the processes and equipment at the location(a copy of the master maintenance list would be acceptable)and any associated hazard potential, and(2)a contingency plan for each process or piece of equipment listed in the index.To be effective,a facility contingency plan must also consider handling of fires,explosions,and the effects of naturally occurring phenomena.C.2.2Equipment Contingency PlanTo be effective an equipment contingency plan should contain at least the following for each listed piece of equipment:• plate data,plant equipment name and number,location(building number,floor,etc.).•Installation,removal and dismantle specifications and requirements.•Name(s)of employee(s)responsible and/or knowledgeable about or qualified to work on the equipment.•Location of technical manuals and owners information.•Supplier information(names,addresses,telephone and fax numbers,agreements concerning spares availability and service.•Transportation constraints(weight and height limits for roads,bridges,etc.,special conveyance vehicle requirements).•Plans/agreements with carriers and shipping companies(possible/potential shipping problems,agreements to expedite).•Building structural modifications required(removal of roof,walls,etc.).•Special rigging requirements(crane,helicopter,bridging,etc.).•Foundations,supports,frame sizes and partial disassembly requirements.Can available(not identical) spares be installed on existing foundation or support structure without major modifications?C.3Risk Based Inspection(RBI)an FM Global OverviewRisk Based Inspection(RBI)is a methodology used to prioritize inspections and was founded on the premise that the most effective use of inspection activity and dollars is to focus first on those facilities,systems or equipment(FSE)that present the highest risk.The following is an overview of RBI.Key features of RBI are presented including those aspects that are crucial if a customer’s RBI program is to be an effective tool in focussing loss prevention and control efforts.As used in RBI,‘‘risk’’is a qualitative,semi-quantitative,or fully quantitative measure determined by multi-plying the consequences of an event scenario by the likelihood of its ed this way,an event that has low consequences but a high likelihood of occurring can have the same or even higher‘‘risk’’than an event that has greater consequences but a lower likelihood.[This‘‘risk’’is somewhat different than the way the term is used by FM Global and the insurance industry where‘‘risk’’is a qualitative or quantitative measure of the consequences if the scenario identified as a ‘‘Hazard’’occurs.Such risk doesn’t have to be expressed in dollars,and often isn’t.It could be the time dura-tion or extent of business interruption;area of impact,the number of buildings involved;the loss of market share;etc.]While the ASME Center for Research and Technology Development(CRTD)provided Development Guidelines in the early1990’s,the petroleum/chemical industries have led RBI application.API RP581, Base Resource Document on Risk-Based Inspection,first published in1996as a preliminary draft and API RP580,Risk-Based Inspection,published as a second draft in May2000,are leading documents for using this methodology.Additionally,ASME has created a draft document Inspection Planning Standard Guidelines for Post Construction Pressure Containing Equipment that tracks much of the API material but expands it beyond the petroleum and petrochemical industries.When properly applied,RBI can meet its primary goal of overall plant budget reduction while at the same time accomplishing the synergistic goal of focussing and enhancing loss prevention.RBI is a performance based methodology.As such,guidelines created to assist users in applying RBI tell what has to be done,but not how to do it.And while it is possible to provide both cost savings and higher avail-ability,it is also possible for RBI to reduce inspection costs but at the expense of larger loss exposures and higher likelihoods of occurrence.This happens when an analysis understates or fails to fully quantify an exposure,uses inappropriate methods for measuring consequence,makes incorrect assumptions when establishing likelihood,or uses an inappropriate rating scheme.。

Recommendations of the National Institute of Standards and T echnologyKaren ScarfoneMurugiah SouppayaAmanda CodyAngela OrebaughReports on Computer Systems TechnologyThe Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology (IT). ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.AcknowledgementsThe authors, Karen Scarfone and Murugiah Souppaya of the National Institute of Standards and Technology (NIST) and Amanda Cody and Angela Orebaugh of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors would like to acknowledge John Connor, Tim Grance, Blair Heiserman, Arnold Johnson, Richard Kissel, Ron Ross, Matt Scholl, and Pat Toth of NIST and Steve Allison, Derrick Dicoi, Daniel Owens, Victoria Thompson, Selena Tonti, Theodore Winograd, and Gregg Zepp of Booz Allen Hamilton for their keen and insightful assistance throughout the development of the document. The authors appreciate all the feedback provided during the public comment period, especially by Marshall Abrams, Karen Quigg, and others from MITRE Corporation; William Mills of SphereCom Enterprises; and representatives from the Financial Management Service (Department of the Treasury) and the Department of Health and Human Services (HHS).Trademark InformationAll names are registered trademarks or trademarks of their respective companies.Table of ContentsExecutive Summary..............................................................................................................ES-1 1.Introduction......................................................................................................................1-11.1Authority...................................................................................................................1-11.2Purpose and Scope.................................................................................................1-11.3Audience..................................................................................................................1-11.4Document Structure.................................................................................................1-22.Security Testing and Examination Overview................................................................2-12.1Information Security Assessment Methodology.......................................................2-12.2Technical Assessment Techniques.........................................................................2-22.3Comparing Tests and Examinations........................................................................2-32.4Testing Viewpoints...................................................................................................2-42.4.1External and Internal....................................................................................2-42.4.2Overt and Covert..........................................................................................2-53.Review Techniques..........................................................................................................3-13.1Documentation Review............................................................................................3-13.2Log Review..............................................................................................................3-13.3Ruleset Review........................................................................................................3-23.4System Configuration Review..................................................................................3-33.5Network Sniffing.......................................................................................................3-43.6File Integrity Checking.............................................................................................3-43.7Summary..................................................................................................................3-54.Target Identification and Analysis Techniques.............................................................4-14.1Network Discovery...................................................................................................4-14.2Network Port and Service Identification...................................................................4-34.3Vulnerability Scanning.............................................................................................4-44.4Wireless Scanning...................................................................................................4-64.4.1Passive Wireless Scanning..........................................................................4-84.4.2Active Wireless Scanning.............................................................................4-94.4.3Wireless Device Location Tracking..............................................................4-94.4.4Bluetooth Scanning....................................................................................4-104.5Summary................................................................................................................4-105.Target Vulnerability Validation Techniques..................................................................5-15.1Password Cracking..................................................................................................5-15.2Penetration Testing..................................................................................................5-25.2.1Penetration Testing Phases.........................................................................5-25.2.2Penetration Testing Logistics.......................................................................5-55.3Social Engineering...................................................................................................5-65.4Summary..................................................................................................................5-76.Security Assessment Planning.......................................................................................6-16.1Developing a Security Assessment Policy...............................................................6-16.2Prioritizing and Scheduling Assessments................................................................6-16.3Selecting and Customizing Techniques...................................................................6-36.4Assessment Logistics..............................................................................................6-46.4.1Assessor Selection and Skills.......................................................................6-56.4.2Location Selection........................................................................................6-66.4.3Technical Tools and Resources Selection...................................................6-86.5Assessment Plan Development.............................................................................6-106.6Legal Considerations.............................................................................................6-126.7Summary................................................................................................................6-127.Security Assessment Execution.....................................................................................7-17.1Coordination.............................................................................................................7-17.2Assessing.................................................................................................................7-27.3Analysis....................................................................................................................7-37.4Data Handling..........................................................................................................7-47.4.1Data Collection.............................................................................................7-57.4.2Data Storage................................................................................................7-57.4.3Data Transmission........................................................................................7-67.4.4Data Destruction...........................................................................................7-78.Post-Testing Activities....................................................................................................8-18.1Mitigation Recommendations...................................................................................8-18.2Reporting.................................................................................................................8-18.3Remediation/Mitigation............................................................................................8-2List of AppendicesAppendix A— Live CD Distributions for Security Testing..................................................A-1 Appendix B— Rules of Engagement Template....................................................................B-1 Appendix C— Application Security Testing and Examination...........................................C-1 Appendix D— Remote Access Testing.................................................................................D-1 Appendix E— Resources.......................................................................................................E-1 Appendix F— Glossary..........................................................................................................F-1 Appendix G— Acronyms and Abbreviations.......................................................................G-1List of TablesTable 3-1. Review Techniques.................................................................................................3-5 Table 3-2. Baseline Skill Set for Review Techniques...............................................................3-5 Table 4-1. Target Identification and Analysis Techniques......................................................4-10 Table 4-2. Baseline Skill Set for Target Identification and Analysis Techniques....................4-11Table 5-1. Target Vulnerability Validation Techniques.............................................................5-7 Table 5-2. Security Testing Knowledge, Skills, and Abilities....................................................5-7 Table A-1. BackTrack Toolkit Sample......................................................................................A-1 Table A-2. Knoppix STD Toolkit Sample.................................................................................A-2 Table E-1. Related NIST Documents.......................................................................................E-1 Table E-2. Online Resources...................................................................................................E-1List of FiguresFigure 5-1. Four-Stage Penetration Testing Methodology........................................................5-3 Figure 5-2. Attack Phase Steps with Loopback to Discovery Phase........................................5-4An information security assessment is the process of determining how effectively an entity being assessed (e.g., host, system, network, procedure, person—known as the assessment object) meets specific security objectives. Three types of assessment methods can be used to accomplish this—testing, examination, and interviewing. Testing is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors. Examination is the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence. Interviewing is the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence. Assessment results are used to support the determination of security control effectiveness over time.This document is a guide to the basic technical aspects of conducting information security assessments. It presents technical testing and examination methods and techniques that an organization might use as part of an assessment, and offers insights to assessors on their execution and the potential impact they may have on systems and networks. For an assessment to be successful and have a positive impact on the security posture of a system (and ultimately the entire organization), elements beyond the execution of testing and examination must support the technical process. Suggestions for these activities—including a robust planning process, root cause analysis, and tailored reporting—are also presented in this guide. The processes and technical guidance presented in this document enable organizations to: Develop information security assessment policy, methodology, and individual roles and responsibilities related to the technical aspects of assessmentAccurately plan for a technical information security assessment by providing guidance on determining which systems to assess and the approach for assessment, addressing logisticalconsiderations, developing an assessment plan, and ensuring legal and policy considerations are addressedSafely and effectively execute a technical information security assessment using the presented methods and techniques, and respond to any incidents that may occur during the assessment Appropriately handle technical data (collection, storage, transmission, and destruction) throughout the assessment processConduct analysis and reporting to translate technical findings into risk mitigation actions that will improve the organization’s security posture.The information presented in this publication is intended to be used for a variety of assessment purposes. For example, some assessments focus on verifying that a particular security control (or controls) meets requirements, while others are intended to identify, validate, and assess a system’s exploitable security weaknesses. Assessments are also performed to increase an organization’s ability to maintain a proactive computer network defense. Assessments are not meant to take the place of implementing security controls and maintaining system security.To accomplish technical security assessments and ensure that technical security testing and examinations provide maximum value, NIST recommends that organizations:Establish an information security assessment policy. This identifies the organization’s requirements for executing assessments, and provides accountability for the appropriateindividuals to ensure assessments are conducted in accordance with these requirements. Topics that an assessment policy should address include the organizational requirements with which assessments must comply, roles and responsibilities, adherence to an established assessment methodology, assessment frequency, and documentation requirements.Implement a repeatable and documented assessment methodology. This provides consistency and structure to assessments, expedites the transition of new assessment staff, and addresses resource constraints associated with assessments. Using such a methodology enables organizations to maximize the value of assessments while minimizing possible risks introduced by certain technical assessment techniques. These risks can range from not gathering sufficient information on the organization’s security posture for fear of impacting system functionality to affecting the system or network availability by executing techniques without the propersafeguards in place. Processes that minimize risk caused by certain assessment techniquesinclude using skilled assessors, developing comprehensive assessment plans, logging assessor activities, performing testing off-hours, and conducting tests on duplicates of production systems(e.g., development systems). Organizations need to determine the level of risk they are willing toaccept for each assessment, and tailor their approaches accordingly.Determine the objectives of each security assessment, and tailor the approach accordingly.Security assessments have specific objectives, acceptable levels of risk, and available resources.Because no individual technique provides a comprehensive picture of an organization’s security when executed alone, organizations should use a combination of techniques. This also helps organizations to limit risk and resource usage.Analyze findings, and develop risk mitigation techniques to address weaknesses. To ensure that security assessments provide their ultimate value, organizations should conduct root cause analysis upon completion of an assessment to enable the translation of findings into actionable mitigation techniques. These results may indicate that organizations should address not only technical weaknesses, but weaknesses in organizational processes and procedures as well.1.1 AuthorityThe National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347.NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets; but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b (3), “Securing Agency Information Systems,” as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III.This guideline has been prepared for use by federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright, though attribution is desired.Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority; nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official.1.2 Purpose and ScopeThe purpose of this document is to provide guidelines for organizations on planning and conducting technical information security testing and assessments, analyzing findings, and developing mitigation strategies. It provides practical recommendations for designing, implementing, and maintaining technical information relating to security testing and assessment processes and procedures, which can be used for several purposes—such as finding vulnerabilities in a system or network and verifying compliance with a policy or other requirements. This guide is not intended to present a comprehensive information security testing or assessment program, but rather an overview of the key elements of technical security testing and assessment with emphasis on specific techniques, their benefits and limitations, and recommendations for their use.This document replaces NIST Special Publication 800-42, Guideline on Network Security Testing.1.3 AudienceThis guide is intended for use by computer security staff and program managers, system and network administrators, and other technical staff who are responsible for the technical aspects of preparing, operating, and securing systems and network infrastructures. Managers can also use the information presented to facilitate the technical decision-making processes associated with security testing and assessments. Material in this document is technically oriented, and assumes that readers have at least a basic understanding of system and network security.1.4 Document StructureThe remainder of this document is organized into seven major sections:Section 2 presents an overview of information security assessments, including policies, roles and responsibilities, methodologies, and techniques.Section 3 provides a detailed description of several technical examination techniques, including documentation review, log review, network sniffing, and file integrity checking.Section 4 describes several techniques for identifying targets and analyzing them for potential vulnerabilities. Examples of these techniques include network discovery and vulnerabilityscanning.Section 5 explains techniques commonly used to validate the existence of vulnerabilities, such as password cracking and penetration testing.Section 6 presents an approach and process for planning a security assessment.Section 7 discusses factors that are key to the execution of security assessments, including coordination, the assessment itself, analysis, and data handling.Section 8 presents an approach for reporting assessment findings, and provides an overview of remediation activities.This guide also contains the following appendices:Appendix A describes two live operating system (OS) CD distributions that allow the user to boota computer to a CD containing a fully operational OS and testing tools.Appendix B provides a template for creating Rules of Engagement (ROE).Appendix C briefly discusses application security assessment.Appendix D contains recommendations for performing remote access testing.Appendix E offers a list of resources that may facilitate the security assessment process.Appendix F features a glossary of terms used throughout this document.Appendix G provides a list of acronyms and abbreviations.2.An information security assessment is the process of determining how effectively an entity being assessed (e.g., host, system, network, procedure, person—known as the assessment object) meets specific security objectives. Three types of assessment methods can be used to accomplish this—testing, examination, and interviewing. Testing is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors. Examination is the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence. Interviewing is the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence. Assessment results are used to support the determination of security control effectiveness over time.This publication addresses technical testing and examination techniques that can be used to identify, validate, and assess technical vulnerabilities and assist organizations in understanding and improving the security posture of their systems and networks. Security testing and examination is required by FISMA1 and other regulations. It is not meant to take the place of implementing security controls and maintaining system security, but to help organizations confirm that their systems are properly secured and identify any organization security requirements that are not met as well as other security weaknesses that should be addressed.This section provides an overview of information security assessment methodologies and technical testing and examination techniques.2.1 Information Security Assessment MethodologyA repeatable and documented security assessment methodology is beneficial in that it can:Provide consistency and structure to security testing, which can minimize testing risksExpedite the transition of new assessment staffAddress resource constraints associated with security assessments.Because information security assessment requires resources such as time, staff, hardware, and software, resource availability is often a limiting factor in the type and frequency of security assessments. Evaluating the types of security tests and examinations the organization will execute, developing an appropriate methodology, identifying the resources required, and structuring the assessment process to support expected requirements can mitigate the resource challenge. This gives the organization the ability to reuse pre-established resources such as trained staff and standardized testing platforms; decreases time required to conduct the assessment and the need to purchase testing equipment and software; and reduces overall assessment costs.A phased information security assessment methodology offers a number of advantages. The structure is easy to follow, and provides natural breaking points for staff transition. Its methodology should contain at minimum the following phases:1Section 3544 requires the “periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices, to be performed with a frequency depending on risk, but no less than annually.” FISMA is available at /drivers/documents/FISMA-final.pdf.Planning. Critical to a successful security assessment, the planning phase is used to gather information needed for assessment execution—such as the assets to be assessed, the threats ofinterest against the assets, and the security controls to be used to mitigate those threats—and todevelop the assessment approach. A security assessment should be treated as any other project, with a project management plan to address goals and objectives, scope, requirements, team roles and responsibilities, limitations, success factors, assumptions, resources, timeline, anddeliverables. Section 6 of this guide covers planning.Execution. Primary goals for the execution phase are to identify vulnerabilities and validate them when appropriate. This phase should address activities associated with the intendedassessment method and technique. Although specific activities for this phase differ byassessment type, upon completion of this phase assessors will have identified system, network,and organizational process vulnerabilities. This phase is discussed in more depth in Section 7.Post-Execution. The post-execution phase focuses on analyzing identified vulnerabilities to determine root causes, establish mitigation recommendations, and develop a final report. Section8 of this guide addresses reporting and mitigation.Several accepted methodologies exist for conducting different types of information security assessments. References to several of these methodologies are found in Appendix E.2 For example, NIST has created a methodology—documented in Special Publication (SP) 800-53A, Guide for Assessing the Security Controls in Federal Information Systems—which offers suggestions for assessing the effectiveness of the security controls outlined in NIST SP 800-53.3 Another widely used assessment methodology is the Open Source Security Testing Methodology Manual (OSSTMM).4 Because there are numerous reasons to conduct assessments, an organization may want to use multiple methodologies. This publication offers recommendations for technical testing and examination techniques that can be used for many assessment methodologies and leveraged for many assessment purposes.2.2 Technical Assessment TechniquesDozens of technical security testing and examination techniques exist that can be used to assess the security posture of systems and networks. The most commonly used techniques from the standpoint of this document will be discussed in more depth later in this guide, and are grouped into the following three categories:Review Techniques. These are examination techniques used to evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities, and are generally conductedmanually. They include documentation, log, ruleset, and system configuration review; networksniffing; and file integrity checking. Section 3 provides additional information on reviewtechniques.Target Identification and Analysis Techniques. These testing techniques can identify systems, ports, services, and potential vulnerabilities, and may be performed manually but are generallyperformed using automated tools. They include network discovery, network port and service2NIST does not endorse one methodology over another; the intent is to provide organizations with options that will allow them to make informed decisions to adopt an existing methodology or combine several to develop a unique methodology that suits the organization.3NIST SP 800-53A discusses the framework for development of assessment procedures, describes the process of assessing security controls, and offers assessment procedures for each control. NIST SP 800-53A was developed to be used inconjunction with NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems.NIST SPs 800-53, 800-53A, and 800-37 are available at /publications/PubsSPs.html.4More information on OSSTMM is available at /osstmm/.。