AASHTO re:source Q & A Podcast

AASHTO re:source Confidentiality Policy Explained

December 19, 2023 AASHTO resource Season 4 Episode 30
AASHTO re:source Confidentiality Policy Explained
AASHTO re:source Q & A Podcast
More Info
AASHTO re:source Q & A Podcast
AASHTO re:source Confidentiality Policy Explained
Dec 19, 2023 Season 4 Episode 30
AASHTO resource

Learn who, what, where, why, and when we can share specific customer information.

Related information:

Show Notes Transcript

Learn who, what, where, why, and when we can share specific customer information.

Related information:

AASHTO re:source Q&A Podcast Transcript

Season 4, Episode 30: AASHTO re:source Confidentiality Policy Explained

Recorded:  November 30, 2023

Released:  December 19, 2023

Hosts: Brian Johnson, AASHTO Accreditation Program Director; Kim Swanson, Communications Manager, AASHTO re:source 

Note: Please reference AASHTO re:source and AASHTO Accreditation Program policies and procedures online for official guidance on this, and other topics. 

Transcription is auto-generated. 

[Theme music fades in.] 

00:00:02 ANNOUNCER: Welcome to AASHTO resource Q & A. We're taking time to discuss construction materials testing and inspection with people in the know.  From exploring testing problems and solutions to laboratory best practices and quality management, we're covering topics important to you. Now here’s our host, Brian Johnson.

00:00:22 BRIAN: Welcome to AASHTO resource Q&A. I'm Brian Johnson.

00:00:26 KIM: And I'm Kim Swanson. What are we talking about today, Brian?

00:00:29 BRIAN: Well, today I'm going to tell you who the best labs and who the worst labs are.  I'm just kidding. We're actually going to talk about why I can't do that today. We're going to talk about the AASHTO Resource confidentiality policy.

00:00:44 KIM: And this is a relatively new public facing policy.

00:00:48 BRIAN: Recently we posted this policy on our document library on our website under re:university. If you are at your computer right now, you could find it. It is the policy on confidentiality.

00:01:02 KIM: And I will post a link in the show notes to this specific policy as well. If you don't want to have to find it anywhere.

00:01:10 BRIAN: Anywhere we posted this, even though we've been following it, an internal policy for as long as I can remember, but we hadn't publicized it. We decided to do that because it seemed like a  good way to show transparency and a good way for our customers and specifying agencies to understand what the limitations are for what we can say and what we can't say and what actions might prompt us to not follow our policy.

00:01:40 KIM: I think it covers a lot of different scenarios. What do we need to know first? Before we dive into the weeds in this.

00:01:46 BRIAN: We ended up organizing it according to website access. When we started writing it, we were thinking about what individuals can see, what types of customers we have. But then as I was writing this concept was emerge.  Seeing as to Ohh well, we actually have this organized and and controlled on our website so that seems like that has to be explained too. So then instead of just saying customers can see this, it's like well which kind of customers we ended up organizing it according to website access and explaining what is available and what is not available. And it kind of follows that we communicate.  Even outside of the website the same way. So if the website only gives access to certain information, that's really all we can talk about as well or answer via e-mail or however we communicate with you. We would limit it to basically the same rules. It's kind of odd how it evolved and if you just look at it on the surface. You say, well, this is strange that it's organized this way, but that that's why.

00:02:48 KIM: The basic public access that seems to be the most high level access that we have for our website and in general communications as well. So how do we define public access to information in this context?

00:03:04 BRIAN: It's a public access is just if you have no login to our website. So you're just anybody who goes to AASHTOresource.org. And looks around at what is available. So one thing you'll be able to see is the directory of accredited labs, and there's some information there specific to the laboratory, including some contact information locations, accreditation information like what are they accredited for, if there's a suspension that would be listed as well. You can download their certificate of accreditation. And you can see a lot of things that are just policies and procedures. I don't think we got into that though about general information because it's not really relevant to any any level of privilege of information.

00:03:48 KIM: I do want to note as well. Like it said it says laboratory provided contact information, so that's an important distinction. We're not saying as AASHTO resource. That this is the.  Person to contact if you're are interested in using their services, that's just who they. I did as a contact, so I think that's kind of an important distinction to make that that contact information if something's wrong or something's missing, you can let us know. But that was really laboratory provided that is not information that we compiled to then present to the public.

00:04:23 BRIAN: Yeah, that's a good point. We do have links to the laboratory websites and that's where you would probably want to find the actual contact information for the individual location that you're looking for. There is also another wrinkle to the public access that is. I guess it's somewhat related, but I don't think we really addressed it in this policy. Is the false. Claims of accreditation.  But we do have a page that lists that and we do have links to the laboratories website that's making the false claim, but obviously you won't find them on the directory in some cases because they're making a false claim even. Though they're not. Accredited it's so if you're looking like, why aren't they on the directory? Well, that's. Those are not.  That uh or it could be just a clarification. Sometimes we have clarifications of you know. This this company says that all locations are accredited, but only this location is accredited so.  You'd be able to find.  That specific location, but not the others.

00:05:17 KIM: Yeah. And just as a side note, at the time of the recording of this episode, we do actually have a laboratory listed on our false claims of accreditation page. So if you didn't even know that was a thing, maybe go check that out, especially if you are a project owner that is.  Specifying our services, it's important to kind of check that out periodically, so just a plug for that.

00:05:39 BRIAN: That's a good point. I don't even know if we've ever covered that in one of. These podcast episodes.

00:05:43 KIM: Maybe. I don't know. We've done a lot of episodes, so now they're all blending together and I'm not sure what was actually a conversation that we had or if we recorded the conversation. So yeah.

00:05:54 BRIAN: It could be buried in FAQ episode too, because a lot of stuff gets.  Covered in those.

00:05:58 KIM: It seems familiar that we've talked about this, but again, I don't know if that's a recorded conversation or not.

00:06:04 BRIAN: So that's the that's your basic non logged in uh public access view. Let's get in the laboratory access. So if you're a laboratory, you are a registered customer, you have a log in the log in permits you to see a lot more information obviously about your laboratory but not other laboratories or your laboratory. You can manage your contacts so you know shipping.  Billing, primary, secondary, corporate, whatever they are billing information, corrective actions proficiency, sample ratings, reports all sorts of information.

00:06:40 KIM: That is past, present, and future information regarding that so you can see old historic information about the laboratory, all the things that you just said and proficiency samples and reports, you can see the historic view of that. I'm not sure how long we keep all of that information, I think.

00:06:58 BRIAN: Since we started the the website basically.

00:07:01 KIM: OK. So that we have all of that. And then you have what you're currently doing, laboratories have access to like the current things that they're working on and then they can also see when if they've requested future services from us, like a future assessment or things like that, if they put a request and so they can see it for all of that.  If it wasn't clear which, maybe as I'm explaining it, it seems like it was quite obvious, but I'm not sure.

00:07:26 BRIAN: No, I was wondering how our website tells the future though, so I'm glad you explained that man as you're getting into the future part. I was on the edge of my seat figuring out how we're telling the future.

00:07:37 KIM: Ohh, you didn't know? There's a little there's a little button there. Sorry you don't.

00:07:40 BRIAN: Wow, much more, much more.

00:07:41 KIM: You haven't switched that button on.

00:07:43 BRIAN: Powerful than I had anticipated.

00:07:45 KIM: Yes, if you find that button on our website, you win the prize of. Knowing the future.

00:07:50 BRIAN: Beyond that, we also have a corporate access. Did you want to?.

00:07:55 KIM: OK Before we go to corporate, I want to go back to laboratory access a little bit and kind of.  Define a couple of different things for that. How does CCRL inspection and his proficiency sample ratings kind of play into that? Because I know that's part of the accreditation information we have. Part of that information for laboratory access. But can you explain more what is included? What's not included in that, and why?

00:08:21 BRIAN: So yeah, we do have some C serial information. You cannot access your CCL proficiency sample results through our website. And you cannot access your CCRL report in a PDF form on our website, but you can access the individual non conformities and submit your corrective actions through our accreditation events page of the website for those non conformities. Quoted in the CCRL report. We had to remove the access to the CCRLreport just to mitigate risk that the wrong report was not accessed through our website. So we found that that was a a risk that we really didn't want to have.

00:09:12 BRIAN: Our list of risks that we're taking on. So we said, OK, well, if somebody wants to access their CCRL report, they're going to have to go through their CCRL login on CCLR.us to get that information. And they really should anyway to get that and their proficiency sample results.

00:09:29 KIM: For our listeners, it's a manual process currently of uploading the CCRL information. If your laboratory participates in CCRL programs as well, it's a manual process. So that does involve a lot more risk and human error options or chances for human error. I should say on that on that part, as you're still talking about laboratory access. Did want to go into who has access at the laboratory? Who has? Is it one login per user? What's the situation there?

00:09:59 BRIAN: Yeah, currently we have one login per account. So if you are like most people wishing to have multiple people with logins to your laboratories account, what you have to do is make a shared login. Because we only have access for one right now. One of the things that we realize is that that's not really what people want.  So when we develop a new system, it's going to have access for multiple users to be able to log in. But I will say.  Even with one, we find that our customers don't manage that one account very actively. So sometimes we'll look into changes in personnel issues. And we'll find that the login is registered to somebody who has not. Worked there in.  Several iterations of people who have held that position and they just didn't know how to change it or didn't want to bother with it, which people were more active in in managing those logins.

00:11:02 KIM: Yeah. And I also want to point out another little caveat about logging access. It's who. For you decide at the laboratory, right? It's not our decision who has that login information? Who's the primary account holder? That is a laboratory decision. I will say we do have a little caveat and laboratory access and it's regarding the billing contact and we will send the billing contact listed.  And again, that is laboratory provided information, we will send them invoicing and things like that without a login needed. So the billing contact will get information that doesn't and they don't need to be logged in to access that. So I do want to point out that little caveat regarding laboratory access.

00:11:47 BRIAN: Yeah. Now, even though there's only one person with login access, you can't have multiple contacts. So one thing that people use, we have primary and secondary contact and those contacts receive emails on any accreditation proficiency. Sample issue. Use whatever those issues might be that are relevant to accreditation. Both the primary and secondary contacts do receive those notifications, and some people will set up a a distribution e-mail list like you know AASHTO notifications at whatever the company nameis.com and then they have it set up through their.  Server to to kick those emails to, you know, a group of people that they want to receive, those that that usually works pretty well.  Well, when you're only limited to a primary and secondary.

00:12:34 KIM: And we do have listed contacts for your proficiency, sample enrollments and shipping contact and other things. But for the most part, and they will receive some information regarding notifications of when samples are sent and shipped and things like that, and not necessarily.  Specific data and information regarding that specific laboratory. If I'm correct in that I'm I I'm not 100% as I was saying that.

00:13:04 BRIAN: Yeah. Proficiency, sample. You know, shipping contacts get relevant, shipping information and proficiency. Sample contacts get relevant, you know. Dates, you know, emails about dates relevant to proficient samples.

00:13:16 KIM: Yeah, but not actually any data that the laboratory, anything that would be confidential or not public access.

00:13:24 BRIAN: That is correct. The proficient sample contact does not receive data from the proficiency samples they would receive links. They would have to then log in with to access anything if there was anything like that at all, it would. You would still be required to log in to access that information.

00:13:43 KIM: I'm glad we talked this through as we were recording, but yeah, no, I think that that, that sounds right. We're good. I think that covers most of the laboratory access, right. That's all the important highlights.

00:13:56 BRIAN: It does they're little offshoots of. Of who the laboratory is, right. So.  You've got your your account login, and then you've got corporate people sometimes or overarching managers who are able to access information about that laboratory or ask questions of us about that laboratory. I think this is more handled by communication with people. So like if you are.  A corporate manager or a branch manager or, you know, regional manager over multiple branches and we know who you are and we know the relationship you already have with those specific laboratory. Then we can give you information about, you know if. You're saying hey?  I need to follow up to make sure that they're set to, you know, they submitted their request form so that we're going to get our assessment this tour. Well, if we already know that you are a person who can get that information, then we can give that to you. If you are just a random person calling, we have no idea who you are.

00:14:58 BRIAN: You say that you are the whatever regional manager. Then we would say, OK, well we need to hear from here your the laboratory before we can give you that kind of information. But there are some people that they've just been in the program a long time. They're a known corporate manager and we do give that kind of information to people like that.

00:15:18 KIM: So another type of.  Access that we've identified in the policy is non registered company personnel can. It's a very. Short section of the policy. But can you explain that for our listeners, Brian?

00:15:33 BRIAN: Yeah, this can be really tricky because sometimes people will reach out to us and they'll ask very specific information about a laboratory situation. And we don't have any record that they work there. They're not unknown, they're not on the org chart. The last one we have, they're not a primary secondary contact. They may even have like a Gmail e-mail address that they're reaching out to us and they'll say, hey, I need information about this for certain situation. Well, we'll say no, we can't provide that to you. Or we won't respond until we confirm that that actually is accurate like this. This happened not too long ago, where we had a person contact us and said I am a new hire manager at this company and I need to set up access.  Us and they contacted us with an e-mail account that was not familiar to us, and we're like this seems like.  Either a phishing. Scam. Or maybe some competitors trying to get information. So what we did is we reached out to that laboratory and verified this person's story before we communicated with them, so.

00:16:37 BRIAN: One statement we have is authorization can be obtained through correspondence with laboratory contacts. That's what I just described.  Is that if we if we don't know anything about the person, we need to confirm that before we can. Give them any information.

00:16:50 KIM: And that kind of segues into the next one as well. I had no follow up questions for that, but we have also listed consultant access. So what kind of information can we give consultants?

00:17:03 BRIAN: Well, I don't want to go too deep into the consultant topic, but I do. I do want to mention that sometimes laboratories will hire consultant to help them with certain aspects of managing their quality management system. Sometimes they don't really know how to write corrective actions properly or they.  Like need help. Organizing certain things or scheduling certain things. To learn how to maintain accreditation. So they'll hire someone to kind of help to help shepherd them through that process, and they can do that to a point. And it's not well defined.  But because it really depends on what we're seeing. So if we're seeing a situation where the consultant appears to be doing everything well, then there's a question as to what exactly are we accrediting at this point? Are we accrediting A consultant who's helping them, or are we accrediting the laboratory? So if we have a question like that, we're probably going to say you need to change this relationship or.

00:18:06 BRIAN: We can't really.  Accredit you, but the consultant can get access to information on the website just like the registered user would have. But what we need to do is get a release.  Form from the laboratory that says that basically. We give this consultant access to everything until we say otherwise, so we actually have a form that we provide the laboratory with that says that we can communicate freely with this consultant.

00:18:31 KIM: Now, does the consultant have their own login or do they have to have the shared?  Login because I'm.

00:18:35 BRIAN: They would have to use the shared login or whatever that login is for the lab, but I mean as far as communicating like with us. We would need to be able to have that release form to provide information to them.

00:18:47 KIM: Gotcha. That's kind of where it's getting at because there is not a separate logging for consultants of anything. So they can if they if your consultant only needs to access.  Like doesn't need to talk to us and only needs to access what's available when you log in. You don't have to fill out that form necessarily, but if you want them to have any conversation with us, then they need to fill out that form and follow those procedures. Then we cannot have those conversations.

00:19:13 BRIAN: That's right. And we wouldn't really know if we don't know who's sending it in honestly, because they log in with one account. All we see is that it's been logged in with that account. We don't exactly know who is uploading because sometimes people have an administrative person upload things for them even though they have to do their. You know, take their own corrective actions and. Describe what happens. But yeah, I mean, ultimately we couldn't know, just like we wouldn't know who's accessing your accounts for whatever it is if you're using that login.

00:19:46 KIM: So that's why it's important to make sure it only appropriate people know your login information in that way. Now the next type of access we have defined in this policy is specifier access.

00:20:01 BRIAN: Yeah, specifier access is a little it well.  It's very different than the laboratory access, so this is something where you've got two phases of access and it might be a little confusing cause we already talked about public access. But this is like a specifier can have public access that gives them a little bit more same information. The easier distribution of the information to them. So uh, if you're registered as a specifier through our system which is free, you can sign up and you can monitor laboratories. Now if you monitor these laboratory.  Is that will mean that you get notified when they have a change to the accreditation directory information which is public information, and that's pretty much all that you get out of that. Otherwise, you're just like anybody else who isn't logged in. So you just know when things happen. Private access is a lot more.

00:21:00 BRIAN: Interesting for you as a specifying agency or somebody's monitoring laboratories and and I also want to mention the specifier could be an agency, it could be a corporate quality manager or regional manager who just wants to really keep tabs on what's going on at the individual. Tabs, but we do have to get those specifiers registered through our system so that like we we actually see who you are and we see the connections that you're making. Private access allows you to log in and access the AASHTO Resource Assessment reports and proficiency sample results.  You know you can also have the public notifications. You can get notified anytime a laboratory receives an assessment report, and you can also get notified anytime all the non conformities have been resolved from an active resource assessment report. That is the most value as a specifier because it will save you a lot of time. In tracking down information from individual labs, especially if you're overseeing a lot of laboratories.

00:22:02 KIM: Similar question that I had regarding CCRL to specifiers with private access. Only have access to when the non conformities are resolved and they don't have access to any proficiencies. Sample information unless an accreditation decision has been made on based on that.

00:22:24 BRIAN: That's right. And they also don't have access to the individual decisions, like the accreditation decisions. They'd say why, you know, they'll know the laboratory accreditation was suspended, but they might not know why without notifying laboratory. I think that's probably something we would upgrade in a future iteration because that's a.  That's a typical conversation that that we get, especially from corporate managers where they just want to see that information so that they can then follow up with the individual lab. The reason we left it out though is because we thought that conversation between the specifying agency in the lab was a good thing to force instead of just having it kind of happen. On its own, but I think it it seems that there's definitely an interest in having that information easier to access before so that they can plan on the conversation they're going to have with the leverage.

00:23:17 KIM: As you were talking that through, I was like, I don't know. I feel like you. It's no matter why a laboratory gets suspended or revoked, the specifier should have a conversation, whether it's an unpaid invoice or whether it is a failure to resolve a non conformity or something like that. So. But I do see there's value in that, but I do want to make sure that we point out with the specifier private access. Yes, that that does require specific approval from the laboratory and from their primary contact of the laboratory.

00:23:51 BRIAN: That's. Yeah, that's right. It's it's kind of like a social media friending process where you reach out to that laboratory and you say I want private access and they'll get a notification that says this person wants private access. Do you want to give? It to them and if you ignore it, or are you saying no, then they don't get. But if you say yes, then they do have it and you can revoke it at anytime.

00:24:15 KIM: So now the last couple of accesses the categories of access that we have in the policy is AASHTO staff access and. We'll start with that one, because there's another, there's another one after that, but.

00:24:33 BRIAN: OK, well, that one's easy. We have everything we have access to everything because we need. It to do. Our job so we can see. We can see. It all now there is a little caveat cause some of the stuff we also need requires. Permission from CCRL so national credit station program and credits labs based on AASHTO resource and CCRL assessment and proficiency sample reports. So if you are working with CCRL and you want to get asked accredited for the scopes of testing you performed through there through their services.  Then you would have to sign a release form for them to give us a.

00:25:12 KIM: Yes, and without that release form, you cannot be asked to accredited for those.  Because of right. OK.

00:25:18 BRIAN: That's right, because we can't see it if we can't see. It we can't do anything. With it not help you.

00:25:23 KIM: Exactly. And as I was saying it, it was like that's the obvious. But then you had to pause and I. Was like, wait am I wrong?

00:25:29 BRIAN: No, you're not wrong it and it is obvious, but it's like I feel like even when things are obviously they, there's always somebody that it's not obvious to right.

00:25:36 KIM: Needs to be stated.  Yes, that's why I asked most of the my questions.

00:25:42 BRIAN: Yeah. And sometimes I'm that person. Ohh so I can relate.

00:25:44 KIM: Ohh, I'm often that person. Yeah, I'm often that person. So. All right and. Then we do have another AASHTO kind of access to some information and this that's for the AASHTO resource Administrative task group and appeals panel access, so.  Without going too into the weeds, what kind of information would those groups have access to and when?

00:26:11 BRIAN: Just broadly, these are the groups that would be decision makers on anything that is not like your standard programmatic. Type activity, so if there was an appeal or if there was a issue, we weren't really sure how to handle. We had to present it to the Oversight Committee, which is the ATG, and they need to see some privileged information to be able to make a complete decision on whatever that is. So the first level. We present the information, but we hide who the people of the operatories are, just so we make sure that there isn't some sort of conflict of interest and that they can make an objective decision based on just the facts of the situation. When you get to the second level of appeal process, you actually are having it like a hearing. So then they have to know who it is because they're going to be meeting with the person. So at that point we just kind of open it up and we let them see whatever it is because they need to know who they're going to be talking to anyway. And I don't think that they at that point where it's a second level appeal. That's a request made by the laboratory, and I think at that point they really. They want the appeals panel to know who They are.

00:27:21 KIM: To clarify even further, we would manually be giving this information.

00:27:26 BRIAN: There's one ATG member that has login access, but their login is very limited.  To whatever we present to them. So they can't access laboratory account information unless they're also a specifier. But if they go in, we have an interface just for the ATG chair to make decision. Ones and we have an area where we would upload documents for them to review and and their view is just limited to that.

00:27:49 KIM: I just wanted to make that clarification as well, even with the second level appeal, it's not like they have like a master log in and can access everything. It's the information that we present to them or that the laboratory themselves present.

00:28:03 BRIAN: That's correct. Yeah. They don't have staff level access at any. The next thing we're going to talk about is external assessment providers. So right now we've got C0 that provides assessments. We talked about them earlier. They don't typically need information from our website, but there are times when they might be curious about when an assessment is coming are you know.  Are we overlapping so they can see some information or like one person typically looks at that their scheduling manager usually does have access to our website to see some of that information, but we also have accreditation meetings where.  We invite a member of CCRL staff to participate in those meetings, and we often discuss accreditation issues so they they're made aware of things and we often are soliciting their advice on technical issues and some of those. Some of those conversations. So they would be able to see certain information that is staff. In those discussions.

00:29:07 KIM: All right. Now what are some of the exceptions? We've gone through all of the different levels of access, and now I'm we're part of the policy that talks about the exceptions to the rules because every rule has an exception. So what are some of the exceptions?

00:29:22 BRIAN: We have this caveat about, you know, we don't intentionally release assessment report information or proficient sample report information or other private information, but if there's an issue with integrity, then that kind of goes out the window. So if we think that that there is a risk posed to the DOT's. Or other specifier. There's by this laboratory obtaining work under false pretenses. We can communicate information to those entities. So let's say we found out that there was some widespread falsification going on, and we knew that that laboratory was working for. This particular dot then we would you know we would have. A duty to report that to them. So that would be one way that we have an exception. And there are other more severe issues that could take place if we found out that there was actual fraud or or let's say that we found out that there were illegal activities going on at the laboratory, then we would.

00:30:26 BRIAN: Have to report. That as well. So I'll give you an example. If we were notified or an assessor. Locked in and found out that they were. Making drugs or or or selling drugs at a laboratory. Then we would have to notify the police about that, right? So that that seems like an obvious thing that we, would they say, OK, well, you we are. We are not allowing you to have some sort of like privilege here to have us protect you from whatever you've been doing.

00:30:56 KIM: So it was just a crazy scenario. I hope that that is not pulled from a real life example. OK, your look says I don't want the answer to that question, so moving on from that, there is another part of the legal exception is that if we are also subpoenaed for things, is that correct? We will do, we will participate and give everything that we are able.

00:31:07 BRIAN: Let's move on.

00:31:21 KIM: To for that.

00:31:22 BRIAN: Yeah, and that probably goes without saying and I think that was one of the things years ago we had a similar statement that we we're going to put in the procedures manual and that was voted down. At the committee level, because they said you don't really have to say. That because like the. : Law prevails over your document anyway, so but my my point is, you know, if we know that to be true, we should just put it in here just so that everybody's on the same page. But but of course we're going to comply with the subpoena if we were given one. About something that we have to do, obviously they're they're probably cases. Where we could get a solicitation from a lawyer that is not required to be adhered to, and then we can have to figure out if we're going to. But if it was like a federal court order reason to submit information that we would have to. Comply with it?

00:32:16 KIM: And then the.  Last exception listed on the policy is for unpaid invoices. If a laboratory has unpaid invoices that become delinquent, and that's not after like the first missed payment, it's we give. You a while. For you have to do this, unfortunately, but then we will send the relevant billing information to a third party debt collection agency. So that is some information if you have unpaid invoices.

00:32:46 BRIAN: If that's another one, that's probably obvious. You know, if we if somebody is getting sent to collections, obviously we have to share that invoice with them and it includes private information about that laboratory. But yeah, we have, we would have to share that in order for the debt to get collected.

00:33:01 KIM: Anything else we didn't cover on this episode?

00:33:03 BRIAN: I really wanted to make sure that it was clear to people that we do have this policy on our website. There probably could be some additions made to this and there may be in the future because it's.

00:33:12 BRIAN: It's a controlled document. It's a living document, subject to change in the future, but we do want to be as transparent as possible with it, our customers and the specifying agencies that use our services.

00:33:24 KIM: So I don't have anything else for you. You don't have anything else for me, so I'm going to put in a little bit of a plug for our technical exchange that will be happening in March 2024. And if you want information about that, it'll be in the Boston area. You can go to our website AASHTOresource.org/events.

[Theme music fades in.]   

00:33:45 ANNOUNCER: Thanks for listening to AASHTO re: source Q & A. If you'd like to be a guest or just submit a question, send us an email at podcast@aashtoresource.org or call Brian at 240-436-4820. For other news and related content, check out AASHTO re:source's social media accounts or go to aashtoresource.org.