Directions

Identifying legal and other voluntary requirements and their applicability to your operation is a difficult task. It requires in-depth
knowledge of regulations. Consider hiring a professional consultant for this activity.

1 When evaluating the recycler's legal and other requirements, include the following:
Local Health & Safety
State/Provincial Emergency Planning
Federal/National Storm Water Management
International Waste Water
Air Pollution
Waste
Hazardous Waste
Recycling
Privacy Laws
Data Breach Notification
Transportation

2 Consider each regulatory category on each row. If it does not apply, then hide or delete the row.

3 Add any regulations, laws, or other commitments made by the company to the list on a new row.

4 Identify who has primary responsibility for ensuring the company is in compliance with each legal requirement.

5 Identify any training required by the legal requirement.

6 Identify the operational controls that have been implemented to meet the legal requirement. I.e. written procedures, signage, engineering controls, PPE, etc.

7 Identify any monitoring activities that have been implemented to meet the legal requirement. For example, the forklift pre-use inspection checklist.

8 Identify any reports that are mandated by each legal requirement

9 This list should be reviewed by an experienced legal auditor during your required legal compliance audit to determine if it is complete and accurate.
 EHS Legal and Other Requirements Summary List
United States
TYPE DESCRIPTION REGULATION REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY TRAINING OPERATIONAL CONTROL MONITORING REPORTING
Air Emissions Emissions of Regulated Air Pollutants 40 CFR 51, 52 and 70 - Air Permitting Standard for air permitting requirements, including air permit application, www.epa.gov
permit limits, required monitoring, and reporting and record keeping Operations Manager Shred Personnel Dust Collection Procedure Daily Magnehelic Gauge Reading Annual Report due by Jan 1st of
every year.
requirements.
Emissions of Regulated Air Pollutants LIST STATE REQUIREMENT State Air Pollution Control Requirements for classification of air pollution
sources, registration, permitting, monitoring, inspections, maintenance,
reporting and record keeping.
Operations Manager Shred Personnel Dust Collection Procedure Daily Magnehelic Gauge Reading Annual Report due by Jan 1st of
every year.

Stormwater Stormwater Discharges 40 C.F.R. 122.6 Requirements on the control of stormwater from municipal and industrial www.epa.gov
Discharge stormwater discharges. The stormwater program is under the NPDES
Clean Water Act (National Pollutant Discharge Elimination System) part of the Clean Water Act. Stormwater Pollution Prevention Monthly Stormwater Inspections. Annual Report due by Jan 1st of
The regulation is meant to reduce the amount of pollutants entering streams, Operations Manager All Warehouse Personnel
Plan Quarterly stormwater sampling every year.
lakes and rivers as a result of runoff from residential, commercial and
industrial areas.
Stormwater Discharges LIST STATE REQUIREMENT A National Pollutant Discharge Elimination System (NPDES) Permit is required Stormwater Pollution Prevention Monthly Stormwater Inspections. Annual Report due by Jan 1st of
for the point source discharges of facility surface water to surface waters of Operations Manager All Warehouse Personnel
Plan Quarterly stormwater sampling every year.
the 'State'.
Hazardous and Hazardous Waste - Identification and Listing 40 CFR 261.2-261.4 261.2 - Definition of solid waste www.epa.gov
Universal Resource Conservation and Recovery Act 261.2 - Definition of hazardous waste
Wastes (RCRA) 261. 4a 13&14 - Scrap metals and circuit boards are Operations Manager All Warehouse Personnel Hazardous Waste Procedure Monthly Inspections N/A
FEDERAL excluded from hazardous waste classifications.

Hazardous Waste - Criteria for Listing 40 CFR 261.11 Facilities must identify and document whether their waste is classified as www.epa.gov
Resource Conservation and Recovery Act hazardous or non-hazardous using RCRA-defined waste classification codes. Operations Manager All Warehouse Personnel Hazardous Waste Procedure Monthly Inspections N/A
(RCRA)

Hazardous Waste 40 CFR 262.12 Facilities must obtain a EPA hazardous waste ID number. www.epa.gov
Resource Conservation and Recovery Act Operations Manager All Warehouse Personnel Hazardous Waste Procedure Monthly Inspections N/A
(RCRA)

Universal Waste 40 C.F.R. 273 Subp’s. A, B and F
CRT Final Rule 40 CFR Parts 9, 260, 261, and 271
Resource Conservation and Recovery Act
(RCRA)
Standards for the Management of Universal Waste including Waste www.epa.gov
management, Labeling, Accumulation, Training, Release Response, Operations Manager All Warehouse Personnel Universal Waste Procedure Monthly Inspections N/A
Transportation, Record Keeping. Covers fluorescent bulbs, lead acid batteries
and lithium batteries.
"A cathode ray tube (CRT) is the glass video display component of an www.epa.gov
electronic device (usually a computer or television monitor). This final rule
streamlines management and exporting requirements for recycling of used
CRTs and glass removed from CRTs under the Resource Conservation and
Recovery Act (RCRA). The amendments exclude these materials from the Operations Manager All Warehouse Personnel Material Storage and Shipping Monthly Inspections Notify US EPA of intent to export.
RCRA definition of solid waste if certain conditions are met. The rule is Procedure
intended to encourage recycling and reuse of used CRTs and CRT glass."

Discarded Mercury-Containing Equipment Final Rule
40 CFR Parts 260, 261, 264, 265, 268, 270,
and 273
Resource Conservation and Recovery Act
(RCRA)
"This final rule adds mercury-containing equipment to the federal list of www.epa.gov
universal wastes regulated under the Resource Conservation and Recovery
Act (RCRA) hazardous waste regulations. Handlers of universal wastes are
subject to less stringent standards for storing, transporting, and collecting
these wastes. EPA has concluded that regulating spent mercury-containing Operations Manager All Warehouse Personnel Material Storage and Shipping Monthly Inspections N/A
equipment as a universal waste will lead to better management of this Procedure
equipment and will facilitate compliance with hazardous waste
requirements."

Disposal of PCBs Final Rule 40 CFR 761 Standards for storing, accumulation, disposal, reporting and clean up of PCB www.epa.gov
Resource Conservation and Recovery Act wastes containing greater than 50 ppm but less than 500 ppm of PCB Operations Manager All Warehouse Personnel Material Storage and Shipping Monthly Inspections N/A
(RCRA) material. Procedure

Management of Lead Acid Batteries 40 CFR 266.80 Resource Conservation and Standards for handling, storing, labeling, disposal and clean up of lead acid www.epa.gov Material Storage and Shipping
Recovery Act (RCRA) batteries. Operations Manager All Warehouse Personnel Monthly Inspections N/A
Procedure
Management of Used Oils 40 CFR 279 Standards for storing, labeling, disposal and clean up of Used Oil. www.epa.gov
Resource Conservation and Recovery Act Material Storage and Shipping
Operations Manager All Warehouse Personnel Monthly Inspections N/A
(RCRA) Procedure

Superfund SREA Criteria for Recycling Transactions 42 USC 9627 Required recordkeeping to qualify for the Superfund liability exemption for www.epa.gov Downstream Due Diligence
recycling transactions. Operations Manager All Shipping Personnel Annual Review of records N/A
Procedure
TSCA Federal Disposal of PCBs Final Rule 40 CFR 761 Standards for labeling, storing, disposal, spill procedures, clean up, record www.epa.gov
retention, reporting (annual log) of PCB wastes. PCB waste must be disposed
Resource Conservation and Recovery Act of within one year from the date taken out of service. Operations Manager All Warehouse Personnel Material Storage and Shipping Monthly Inspections N/A
(RCRA) Procedure

Notification of PCB Activity
EPCRA Emergency Planning and Community Right-to-Know
Reporting and Release Notification
40 CFR 761 Notification of PCB Activity is required for a generator with onsite storage www.epa.gov Material Storage and Shipping
facility. Operations Manager All Warehouse Personnel Monthly Inspections N/A
Procedure
40 CFR Parts 350 through 372 - SARA Title III Emergency planning and notification, community right to know reporting www.epa.gov
requirements when hazardous chemicals (as defined by OSHA), hazardous
substances (as defined by CERCLA) and extremely hazardous substances (EHS)
exceed threshold planning quantities or reportable quantities (for releases). Currently hazardous chemicals
This facility does not store or use EHS. When the TPQ of any hazardous and hazardous substances are
chemical or hazardous substance is exceeded, hazardous chemical inventory Operations Manager All Warehouse Personnel EPCRA Procedure Annual review of EPCRA below TPQs; facility will continue
reporting is required. If a hazardous chemical or hazardous substance is procedure to monitor incoming hazardous
release at or above the reportable quantity, release reporting is required. The materials and applicability will be
State has adopted the federal requirements. re-evaluated.

Spill Reporting Spill Reporting Requirements 40 CFR 110 and 355 Requirements for reporting releases of oil and hazardous chemicals. The State www.epa.gov
has adopted the federal spill reporting requirements. Operations Manager All Warehouse Personnel SPCC Plan Annual review of SPCC Plan As required by SPCC

000000460373056.xls
000000Page 2 of 12
Effective Date: 4-15-15
 EHS Legal and Other Requirements Summary List
United States
TYPE DESCRIPTION REGULATION REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY TRAINING OPERATIONAL CONTROL MONITORING REPORTING
Hazardous, STATE Standards for Hazardous Waste Management
Universal and
Industrial Operations Manager
Wastes STATE

STATE Standards for Used Oil Management

Operations Manager

STATE Universal Waste Management

Operations Manager

Electronics STATE Electronics Recycling Law

Recycling Law
STATE

Operations Manager

TRANSPORT Federal Motor Carrier Safety Regulations CFR 49 Parts 382, 383, 387, 390-397, and 40 Requirements for transporters including; drivers drug and alcohol screening, http://www.fmcsa.dot.gov
Commercial Driver's License Standards; Requirements and Penalties, Federal Operations Manager All Transport Personnel Transportation Procedure Daily & Monthly Inspections Add specific details as required,
Motor Carrier Safety Regulations; General and Qualifications of Drivers by type of license and vehicles

STATE Transportation - Division of Motor Vehicles Requirements for transporters including: Commercial Driver's License
Standards, vehicle registrations, Requirements and Penalties, medical Operations Manager
evaluation, GVWR, motor vehicle safety, and financial responsibility.

Transport of Lithium Batteries 49 CFR 173.185 (d) Packaging requirements for lithium battery shipments. www.epa.gov
Operations Manager All Transport Personnel Battery Shipping Procedure Monthly Inspections N/A

Health and Walking and Working Surfaces - Slips, Trips, & Falls 29 CFR 1910.21 to 1910.30 Verify that all places of employment, passageways, storerooms, and service www.osha.gov
Safety - rooms are kept clean and orderly and in a sanitary condition. The floor of
FEDERAL every workroom shall be maintained in a clean and, so far as possible, a dry
condition. To facilitate cleaning, every floor, working place, and passageway
shall be kept free from protruding nails, splinters, holes, or loose boards.
Where mechanical handling equipment is used, sufficient safe clearances
shall be allowed for aisles, at loading docks, through doorways and wherever
turns or passage must be made. Aisles and passageways shall be kept clear Operations Manager All Warehouse Personnel Housekeeping Procedure Monthly Inspections N/A
and in good repairs, with no obstruction across or in aisles that could create a
hazard. Permanent aisles and passageways shall be appropriately marked.
Protection requirements for floor openings, wall openings, open-sided floors,
platforms, and runways, stair rails, portable step ladders, scaffolding,

Fall Prevention 29 CFR 1910.23 Open-sided floors or platforms 4 feet or more above adjacent floor or ground www.osha.gov
level must be guarded by a standard railing (guardrail) or equivalent.
Employees may work on an extension or step ladder up to the maximum Operations Manager All Warehouse Personnel Fall Prevention Plan Monthly Inspections N/A
working height of the ladder as specified by the ladder manufacturer.

Means of Egress - Exit Routes 29 CFR 1910.35 to 1910.37 Requirements for emergency exits. Exit routes must be free and www.osha.gov
unobstructed. No materials or equipment may be placed, either permanently
or temporarily, within the exit route. Each exit must be clearly visible and
marked by a sign reading "Exit." and illuminated. If the direction of travel to
the exit or exit discharge is not immediately apparent, signs must be posted Operations Manager All Warehouse Personnel Emergency Action Plan Monthly Inspections N/A
along the exit access indicating the direction of travel to the nearest exit and
exit discharge. Additionally, the line-of-sight to an exit sign must clearly be
visible at all times.

Emergency Action Plan 29 CFR 1910.38 An emergency action plan must be in writing, kept in the workplace, and www.osha.gov
available to employees for review. An emergency action plan must include at
a minimum: 1) Procedures for reporting a fire or other emergency; 2)
Procedures for emergency evacuation, including type of evacuation and exit
route assignments; 3) Procedures to be followed by employees who remain to
operate critical plant operations before they evacuate; 4) Procedures to
account for all employees after evacuation; 5) Procedures to be followed by
employees performing rescue or medical duties; and the name or job title of
every employee who may be contacted by employees who need more
information about the plan or an explanation of their duties under the plan. Operations Manager All Warehouse Personnel Emergency Action Plan Monthly Inspections N/A
An employer must have and maintain an employee alarm system. The
employee alarm system must use a distinctive signal for each purpose and
comply with the requirements in § 1910.165. An employer must designate
and train employees to assist in a safe and orderly evacuation of other
employees. An employer must review the emergency action plan with each
employee covered by the plan.

000000460373056.xls
000000Page 3 of 12
Effective Date: 4-15-15
 EHS Legal and Other Requirements Summary List
United States
TYPE DESCRIPTION REGULATION REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY TRAINING OPERATIONAL CONTROL MONITORING REPORTING
Fire Prevention Plan 29 CFR 1910.39 A fire prevention plan must be in writing, be kept in the workplace, and be www.osha.gov
made available to employees for review. Minimum elements of a fire
prevention plan. A fire prevention plan must include: 1)A list of all major fire
hazards, proper handling and storage procedures for hazardous materials,
potential ignition sources and their control, and the type of fire protection
equipment necessary to control each major hazard; 2) Procedures to control
accumulations of flammable and combustible waste materials; 3) Procedures
for regular maintenance of safeguards installed on heat-producing equipment
to prevent the accidental ignition of combustible materials; 4) The name or
job title of employees responsible for maintaining equipment to prevent or Operations Manager All Warehouse Personnel Fire Prevention Plan Monthly Inspections N/A
control sources of ignition or fires; and 5) the name or job title of employees
responsible for the control of fuel source hazards. An employer must inform
employees upon initial assignment to a job of the fire hazards to which they
are exposed. An employer must also review with each employee those parts
of the fire prevention plan necessary for self-protection.

Hearing Conservation 29 CFR 1910.95 Protection against the effects of noise exposure shall be provided when the www.osha.gov
sound levels exceed those shown in Table G-16 . (90 dBA over an eight hour
TWA.) When employees are subjected to sound exceeding those listed in
Table G-16, feasible administrative or engineering controls shall be utilized. If Operations Manager All Warehouse Personnel Hearing Conservation Program Annual Audiograms Testing N/A
such controls fail to reduce sound levels within the levels of Table G-16,
personal protective equipment shall be provided and used to reduce sound
levels within the levels of the table

Hazardous Materials 29 CFR 1910.101 to 1910.126 Requirements for handling hazardous materials including compressed gas and www.osha.gov
flammable and combustible liquids. Each employer shall determine that
compressed gas cylinders under his control are in a safe condition to the
extent that this can be determined by visual inspection. Compressed gas
cylinders, portable tanks, and cargo tanks shall have pressure relief devices
installed and maintained in accordance with Compressed Gas Association Operations Manager All Warehouse Personnel Hazardous Material Training N/A N/A
Pamphlets S-1.1-1963 and 1965 addenda and S-1.2-1963, which is
incorporated by reference as specified in Sec. 1910.6.

Personal Protective Equipment, and Hazard Assessments 29 CFR 1910.132-139
Application. Protective equipment, including personal protective equipment www.osha.gov
for eyes, face, head, and extremities, protective clothing, respiratory devices,
and protective shields and barriers, shall be provided, used, and maintained
in a sanitary and reliable condition wherever it is necessary by reason of
hazards of processes or environment, chemical hazards, radiological hazards,
or mechanical irritants encountered in a manner capable of causing injury or
impairment in the function of any part of the body through absorption,
inhalation or physical contact. The employer shall assess the workplace to
determine if hazards are present, or are likely to be present, which
necessitate the use of personal protective equipment (PPE). If such hazards
are present, or likely to be present, the employer shall: 1)Select, and have
each affected employee use, the types of PPE that will protect the affected Enter details, as determined by
Operations Manager All Warehouse Personnel PPE Procedure N/A
employee from the hazards identified in the hazard assessment; 2) required PPE
Communicate selection decisions to each affected employee; and, 3) Select
PPE that properly fits each affected employee. The employer shall verify that
the required workplace hazard assessment has been performed through a
written certification that identifies the workplace evaluated; the person
certifying that the evaluation has been performed; the date(s) of the hazard
assessment; and, which identifies the document as a certification of hazard
assessment.

Respiratory Program 29 CFR 1910.134 A respirator shall be provided to each employee when such equipment is www.osha.gov
necessary to protect the health of such employee. The employer shall provide
the respirators which are applicable and suitable for the purpose intended.
The employer shall be responsible for the establishment and maintenance of
a respiratory protection program, which shall include the requirements Operations Manager All Warehouse Personnel Respiratory Protection Program Annual Fit Testing N/A
outlined in paragraph (c) of 29 CFR 1910.134. The program shall cover each
employee required by this section to use a respirator.

Lockout/Tagout Program 29 CFR 1910.147 This standard covers the servicing and maintenance of machines and www.osha.gov
equipment in which the energization or start up of the machines or
equipment, or release of stored energy, could harm employees. This standard
establishes minimum performance requirements for the control of such
hazardous energy. Employer shall establish a program and utilize procedures
for affixing appropriate lockout devices or tagout devices to energy isolating Operations Manager All Warehouse Personnel Lockout/Tagout Program Annual Inspections N/A
devices, and to otherwise disable machines or equipment to prevent
unexpected energization, start up or release of stored energy in order to
prevent injury to employees.

Medical Services and First Aid 29 CFR 1910.151 The employer shall ensure the ready availability of medical personnel for www.osha.gov
advice and consultation on matters of plant health. In the absence of an
infirmary, clinic, or hospital in near proximity to the workplace which is used
for the treatment of all injured employees, a person or persons shall be
adequately trained to render first aid. Adequate first aid supplies shall be Annual review of Emergency
readily available. Where the eyes or body of any person may be exposed to Operations Manager All Warehouse Personnel Emergency Action Plan N/A
Action Plan
injurious corrosive materials, suitable facilities for quick drenching or flushing
of the eyes and body shall be provided within the work area for immediate
emergency use.

000000460373056.xls
000000Page 4 of 12
Effective Date: 4-15-15

TYPE DESCRIPTION
Fire Protection - Portable Fire Extinguishers
Compressed Air
Material Handling and Storage
Powered Industrial Truck Program
Machine Guarding
Hand and Portable Power Tools
Welding and Cutting - Hot Works
Access to Exposure and Medical Records
000000460373056.xls
Effective Date: 4-15-15
REGULATION
29 CFR 1910.157
29 CFR 1910.169
29 CFR 1910.176
29 CFR 1910.178
29 CFR 1910.211 to 1910.219
29 CFR 1910.241 to 1910.244
29 CFR 1910.251 & 252
29 CFR 1910.1020
EHS Legal and Other Requirements Summary List
United States
REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY TRAINING OPERATIONAL CONTROL MONITORING REPORTING
The employer shall provide portable fire extinguishers and shall mount, locate www.osha.gov
and identify them so that they are readily accessible to employees without
subjecting the employees to possible injury. The employer shall assure that
portable fire extinguishers are maintained in a fully charged and operable
condition and kept in their designated places at all times except during use.
Portable fire extinguishers shall be provided for employee use and selected
and distributed based on the classes of anticipated workplace fires and on the
size and degree of hazard which would affect their use. The employer shall be
responsible for the inspection, maintenance and testing of all portable fire Operations Manager All Warehouse Personnel Fire Prevention Plan Annual review of Fire Prevention N/A
extinguishers in the workplace. Where the employer has provided portable Plan
fire extinguishers for employee use in the workplace, the employer shall also
provide an educational program to familiarize employees with the general
principles of fire extinguisher use and the hazards involved with incipient
stage fire fighting.
This section applies to compressed air receivers, and other equipment used in www.osha.gov
providing and utilizing compressed air for performing operations such as
cleaning, drilling, hoisting, and chipping. Every air receiver shall be equipped
with an indicating pressure gage (so located as to be readily visible) and with
one or more spring-loaded safety valves. The total relieving capacity of such
safety valves shall be such as to prevent pressure in the receiver from Operations Manager All Warehouse Personnel Hazardous Material Training N/A N/A
exceeding the maximum allowable working pressure of the receiver by more
than 10 percent. All safety valves shall be tested frequently and at regular
intervals to determine whether they are in good operating condition.
Where mechanical handling equipment is used, sufficient safe clearances www.osha.gov
shall be allowed for aisles, at loading docks, through doorways and wherever
turns or passage must be made. Aisles and passageways shall be kept clear
and in good repair, with no obstruction across or in aisles that could create a
hazard. Permanent aisles and passageways shall be appropriately marked.
Storage of material shall not create a hazard. Bags, containers, bundles, etc.,
stored in tiers shall be stacked, blocked, interlocked and limited in height so Operations Manager All Warehouse Personnel Housekeeping Procedure Monthly Inspections N/A
that they are stable and secure against sliding or collapse. Storage areas shall
be kept free from accumulation of materials that constitute hazards from
tripping, fire, explosion, or pest harborage. Clearance signs to warn of
clearance limits shall be provided.
Safety requirements relating to fire protection, design, maintenance, and use www.osha.gov
of fork trucks, tractors, platform lift trucks, motorized hand trucks, and other
specialized industrial trucks powered by electric motors or internal
combustion engines. The brakes of highway trucks shall be set and wheel
chocks placed under the rear wheels to prevent the trucks from rolling while
they are boarded with powered industrial trucks. The employer shall ensure
that each powered industrial truck operator is competent to operate a
powered industrial truck safely, as demonstrated by the successful completion
of the training and evaluation. Refresher training, including an evaluation of Operations Manager All Forklift Drivers Forklift Training Program Daily and Monthly Inspections N/A
the effectiveness of that training, shall be conducted as required by paragraph
(l)(4)(ii) to ensure that the operator has the knowledge and skills needed to
operate the powered industrial truck safely. An evaluation of each powered
industrial truck operator's performance shall be conducted at least once every
three years.
Machine guarding shall be provided to protect the operator and other www.osha.gov
employees in the machine area from hazards such as those created by point
of operation, ingoing nip points, rotating parts, flying chips and sparks.
Examples of guarding methods are-barrier guards, two-hand tripping devices,
electronic safety devices, etc. Guards shall be affixed to the machine where Operations Manager All Warehouse Personnel Machine Guarding Procedure Monthly Inspections N/A
possible and secured elsewhere if for any reason attachment to the machine
is not possible. The guard shall be such that it does not offer an accident
hazard in itself.
Each employer shall be responsible for the safe condition of tools and www.osha.gov
equipment used by employees, including tools and equipment which may be Operations Manager All Warehouse Personnel Hand and Power Tool Procedure Monthly Inspections N/A
furnished by employees.
Requirements for fire protection and prevention responsibilities of welders www.osha.gov
and cutters, their supervisors (including outside contractors) and those in
management on whose property cutting and welding is to be performed.
Requirements include removal of hazards, availability of fire extinguishers and
designated fire watchers. Before cutting or welding is permitted, the area
shall be inspected by the individual responsible for authorizing cutting and Operations Manager All Hot Works Personnel Hot Works Procedure Hot Work Inspection Records N/A
welding operations. He shall designate precautions to be followed in granting
authorization to proceed preferably in the form of a written permit.
This section applies to each general industry, employer who makes, www.osha.gov
maintains, contracts for, or has access to employee exposure or medical
records, or analyses thereof, pertaining to employees exposed to toxic
substances or harmful physical agents. Includes air monitoring,
biomonitoring, MSDS sheets and respirator fit testing. Whenever an Operations Manager All Warehouse Personnel Access to Medical Records Annual review of Access to N/A
employee or designated representative requests access to a record, the Procedure Medical Records Procedure
employer shall assure that access is provided in a reasonable time, place, and
manner. Records shall be kept for 30 years.
000000Page 5 of 12
 EHS Legal and Other Requirements Summary List
United States
TYPE DESCRIPTION REGULATION REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY TRAINING OPERATIONAL CONTROL MONITORING REPORTING
Blood Borne Pathogens 29 CFR 1910.1030 If employees are reasonably exposed to blood or other potentially infectious www.osha.gov
materials, the employer shall establish a written Exposure Control Plan
designed to eliminate or minimize employee exposure. Requirements
include: (1) an initial and updated exposure determination that evaluates the
potential hazards involving bloodborne pathogens in the workplace (e.g., use
of needles, razors or other sharps); (2) precautions for avoiding exposures
including engineering and work practice controls, the use of personal Operations Manager All Warehouse Personnel Bloodborne Pathogens Procedure Annual review of Bloodborne N/A
protective equipment, etc.; (3) hazard communication for employees Pathogens Procedure
including use of biohazard signs/labels and annual/refresher training
regarding potential hazards and safe/preventive work practices; and (4)
recordkeeping.

000000460373056.xls
000000Page 6 of 12
Effective Date: 4-15-15
 Data Security Legal Requirements List

TYPE DESCRIPTION REGULATION

Data Security Privacy Acts NIST 800-88 Compliance

Financial Privacy Act Gramm Leach Bliley - GLB

Financial Privacy Act Sarbanes Oxley - SOX

Personal Health Privacy Act Health Insurance Portability and

Accountability Act - HIPAA

Privacy Act USA Patriot Act

000000460373056.xls
000000Page 7 of 12
Effective Date:
 Data Security Legal Requirements List

TYPE DESCRIPTION REGULATION

Educational Privacy Act Family Educations Rights and Privacy Act
FERPA
Credit Privacy Act Fair and Accurate Credit Transactions Act
FACTA

000000460373056.xls
000000Page 8 of 12
Effective Date:
 Data Security Legal Requirements List

REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY

Must possess data security method of wiping and/or destruction compliant to csrc.nist.gov/nistpubs/800-
NIST 800-88 standards 88/nistp800-88-revl.pdf Operations Manager

Requires that each financial institution has an affirmative and continuing www.banking.senate.gov
obligation to respect the privacy of its customers and to protect the security Operations Manager
and confidentiality of those customers' nonpublic personal information.

Act is designed to oversee the financial reporting landscape for finance www.sec.gov
professionals. Its purpose is to review legislative audit requirements and to
protect investors by improving the accuracy and reliability of corporate
disclosures. The act covers issues such as establishing a public company
accounting oversight board, auditor independence, corporate responsibility Operations Manager
and enhanced financial disclosure. It also significantly tightens accountability
standards for directors and officers, auditors, securities analysts and legal
counsel.

Establishes national standards to protect individuals’ medical records and www.hhs.gov

other personal health information and applies to health plans, health care
clearinghouses, and those health care providers that conduct certain health
care transactions electronically. The Rule requires appropriate safeguards to
protect the privacy of personal health information, and sets limits and
conditions on the uses and disclosures that may be made of such information Operations Manager
without patient authorization. The Rule also gives patients rights over their
health information, including rights to examine and obtain a copy of their
health records, and to request corrections.

To deter and punish terrorist acts in the United States and around the world, http://epic.org/privacy/terr
to enhance law enforcement investigatory tools, and for other purposes. orism/hr3162.html Operations Manager

000000460373056.xls
000000Page 9 of 12
Effective Date:
 Data Security Legal Requirements List

REQUIREMENT SUMMARY REGULATION LOCATION RESPONSIBILITY

Federal U.S. law that protects the privacy of student education records. https://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
Operations Manager

FACTA amended the existing Fair Credit Reporting Act providing consumers, http://www.gpo.gov/fdsys/pkg/PLAW-108publ159/html/PLAW-108publ159.htm
companies, consumer reporting agencies and regulators with new tools to
expand consumer access to credit, enhance the accuracy of consumer Operations Manager
financial information, and help fight identity theft.

000000460373056.xls
000000Page 10 of 12
Effective Date:
 TRAINING OPERATIONAL CONTROL MONITORING REPORTING ADDITIONAL NOTES

All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

000000460373056.xls
000000Page 11 of 12
Effective Date:
 TRAINING OPERATIONAL CONTROL MONITORING REPORTING ADDITIONAL NOTES
All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

All Data Destruction Personnel Data Destruction Procedure Annual Data Validaition N/A

000000460373056.xls
000000Page 12 of 12
Effective Date: