ML18107A156
| ML18107A156 | |
| Person / Time | |
|---|---|
| Issue date: | 07/10/2018 |
| From: | Anna Mcgowan NRC/OCIO |
| To: | |
| References | |
| Download: ML18107A156 (13) | |
Text
1 ADAMS ML18107A156 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.
E-Gov Travel Services 2 (ETS2)
Date: April 17, 2018 A.
GENERAL SYSTEM INFORMATION
- 1.
Provide a detailed description of the system:
ETS2 or ConcurGov is a GSA sponsored, contractor hosted, travel system. It is a web based, end-to-end travel management service, managed by General Services Administration (GSA), used to plan, authorize, arrange, process, and manage official federal travel. The ConcurGov system is provided by Concur Technologies, Inc. and has been granted a provisional Authority to Operate (ATO) by GSA.
Users access ConcurGov application via a supported web browser. Within the application, travelers and/or arrangers are able to plan and make reservations (air, rail, lodging, car rental, etc.) on-line, prepare travel authorizations and vouchers on-line, produce itineraries, have tickets issued, and store receipts on-line. Travel approvers will also have the ability to view and approve travel documentation of other users. Data from ETS2 is transmitted to the NRCs core financial system, Financial Accounting and Integrated Management Information System (FAIMIS), via a secure file transfer. Concur Technologies protects information transmitted, processed, and stored within the ConcurGov environment in accordance with GSA and NIST policies.
ETS2 is a subsystem of the Office of the Chief Information Officer (OCIO) Third Party System (TPS). TPS provides a framework for managing cybersecurity compliance for the external IT services used by NRC. TPS and its subsystems have no technical components on the NRC infrastructure.
- 2.
What agency function does it support?
2 The system supports the NRCs regulatory mission by providing a management system for official NRC travel.
- 3.
Describe any modules or subsystems, where relevant, and their functions.
N/A
- 4.
What legal authority authorizes the purchase or development of this system?
5 U.S.C. 5701-5709, 5 U.S.C. 5721-5739 Office of Management and Budget Memo M-12-12
- 5.
What is the purpose of the system and the data to be collected?
The system provides control over the expenditure of funds for travel, relocation, and related expenses. Therefore, provisions are made to authorize travel and relocation, provide and account for advances, and to pay for travel and relocation costs. The system contains records that may include, but are not limited to, name, traveler ID (not SSN), date of birth, residence address, dependents names and ages, duty stations, and itinerary.
- 6.
Points of
Contact:
Project Manager Office/Division/Branch Telephone Irani Guita OCFO/DC/FSYSB 301-415-0586 Branch Chief Office/Division/Branch Telephone Jeffrey Sheldon OCFO/DOC/FSB 301-415-5743 Executive Sponsor Office/Division/Branch Telephone Gordon Peterson OCFO/DOC 301-415-7348 Information Security Officer Office/Division/Branch Telephone Natalya Bobryakova OCIO 301-287-0671
- 7.
Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?
- a.
New System X Modify Existing System Other (Explain)
- b.
If modifying an existing system, has a PIA been prepared before?
Yes.
3 (1)
If yes, provide the date approved and ADAMS accession number.
ML16154A280, 6/20/2016 (2)
If yes, provide a summary of modifications to the existing system.
The cybersecurity compliance for ETS2, is now managed under the TPS framework for managing the external IT services used by NRC.
B.
INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.
- 1.
INFORMATION ABOUT INDIVIDUALS
- a.
Does this system maintain information about individuals?
Yes (1)
If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public).
Employees, prospective employees, contractors, and invitational travelers for NRC programs.
(2)
IF NO, SKIP TO QUESTION B.2.
- b.
What information is being maintained in the system about an individual (be specific)?
The individuals name, financial data, address, organization, and credit card data.
- c.
Is information being collected from the subject individual?
Yes To the greatest extent possible, collect information about an individual directly from the individual.
(1)
If yes, what information is being collected?
4 Yes, the users name, financial data, address, traveler ID number, organization, and credit card data can be collected.
- d.
Will the information be collected from 10 or more individuals who are not Federal employees?
Yes (1)
If yes, does the information collection have OMB approval?
ETS2 is a government wide, web-based travel management service. The requirements for the system were developed by GSA based on Federal travel regulations. No OMB clearance is required.
(a)
If yes, indicate the OMB approval number:
- e.
Is the information being collected from existing NRC files, databases, or systems?
No (1)
If yes, identify the files/databases/systems and the information being collected.
- f.
Is the information being collected from external sources (any source outside of the NRC)?
No (1)
If yes, identify the source and what type of information is being collected?
- g.
How will information not collected directly from the subject individual be verified as current, accurate, and complete?
Individuals and supervisors ensure that the data within the system is accurate and complete.
- h.
How will the information be collected (e.g. form, data transfer)?
Information is collected through various forms and receipts.
- 2.
INFORMATION NOT ABOUT INDIVIDUALS
- a.
Will information not about individuals be maintained in this system?
No
5 (1)
If yes, identify the type of information (be specific).
- b.
What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.
C.
USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.
- 1.
Describe all uses made of the data in this system.
ConcurGov enables travelers and/or travel arrangers to plan and make reservations (air, rail, lodging, car rental, etc.) on-line, prepare travel authorizations and vouchers on-line, produce itineraries, have tickets issued, and store receipts on-line. Data from ETS2 is transmitted to the NRCs core financial system, Financial Accounting and Integrated Management Information System (FAIMIS), via file transfer.
- 2.
Is the use of the data both relevant and necessary for the purpose for which the system is designed?
Yes
- 3.
Who will ensure the proper use of the data in this system?
ETS2 and administrators employ the concept of least privilege to ensure that access is limited only to functions necessary for the users job function.
- 4.
Are the data elements described in detail and documented?
Yes
- a.
If yes, what is the name of the document that contains this information and where is it located?
The data elements are defined in detail in the data dictionary and reference in the ETS2 - ConcurGov SSP and user guides. Both documents are maintained electronically and available for viewing at the GSA E-Gov Travel PMO in Washington, D.C.
- 5.
Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?
No
6 Derived data is obtained from a source for one purpose and then the original information is used to deduce/infer a separate and distinct bit of information that is aggregated to form information that is usually different from the source information.
Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays).
- a.
If yes, how will aggregated data be maintained, filed, and utilized?
- b.
How will aggregated data be validated for relevance and accuracy?
- c.
If data are consolidated, what controls protect it from unauthorized access, use, or modification?
- 6.
How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier? (Be specific.)
Information will be retrieved by the users name.
- 7.
Will this system provide the capability to identify, locate, and monitor (e.g.,
track, observe) individuals?
No
- a.
If yes, explain.
(1)
What controls will be used to prevent unauthorized monitoring?
- 8.
List the report(s) that will be produced from this system.
Standard reports will be produced on travel authorizations, vouchers, outstanding travel balances, and travel expenditures by organization, and special reports on certain types of travel, such as foreign travel.
- a.
What are the reports used for?
Managing travel balances and funds, complying with Federal Travel Regulations, reconciling between E-Gov Travel and the financial system, reimbursing travelers and closing travel authorizations on a timely basis.
- b.
Who has access to these reports?
Approving officials, program and financial managers, and accountants in the Office of the Chief Financial Officer (OCFO) will have access to reports.
Individual travelers will have access to reports on their individual travel balances.
7 D.
ACCESS TO DATA
- 1.
Which NRC office(s) will have access to the data in the system?
All office employees who travel will have access to the system. Authorizing officials will also have access. Access controls will allow individual travelers to view their own data. Individuals in their approval chain will also have access to view travelers data. Access controls are provided with least level of access to preclude unauthorized viewing of protected data. OCFO accounting personnel will have access to a wider range of data.
(1)
For what purpose?
To plan, authorize, arrange, process, and manage official federal travel.
Travelers can make travel arrangements online, including plan and make reservations (air, rail, lodging, car rental, etc.), prepare travel authorizations and vouchers, produce itineraries, have tickets issued, and store receipts on-line.
Authorizing officials can approve travel authorization and vouchers. OCFO personnel can review and audit travel transactions.
(2)
Will access be limited?
Yes
- 2.
Will other NRC systems share data with or have access to the data in the system?
Yes (1)
If yes, identify the system(s).
FAIMIS (2)
How will the data be transmitted or disclosed?
The data is transmitted via an automated secured file transfer.
- 3.
Will external agencies/organizations/public have access to the data in the system?
Yes (1)
If yes, who?
ETS2 is provided by Concur Technologies, Inc.
(2)
Will access be limited?
8 Yes, access will be limited through the use of user logins and passwords or and role assignments.
(3)
What data will be accessible and for what purpose/use?
Data will be used to plan and make reservations on-line, prepare travel authorizations and vouchers on-line, produce itineraries, have tickets issued, and store receipts on-line.
(4)
How will the data be transmitted or disclosed?
Data will be transmitted by travelers logged in through the ETS2 system.
E.
RECORDS RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.
- 1.
Can you map this system to an applicable retention schedule in NUREG-0910, or the General Records Schedules at http://www.archives.gov/records-mgmt/grs ?
Yes
- a.
If yes, please cite the schedule number, approved disposition, and describe how this is accomplished. For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to a file for transfer based on their approved disposition?
General Records Schedule (GRS) 1.1, 010: Financial transaction records related to procuring goods and services, paying bills, collecting debts, and accounting.
Financial management and reporting administrative records -
transportation and travel requests, authorizations and vouchers.
Disposition: Temporary. Destroy 6 years after final payment or cancellation, but longer retention is authorized if required for business use.
9
- b.
If the answer to question E.1 is yes, skip to F.1. If the response is no, complete question E.2 through question E.7.
- 2.
If the records cannot be mapped to an approved records retention schedule, how long do you need the records? Please explain.
- 3.
Would these records be of value to another organization or entity at some point in time? Please explain.
- 4.
How are actions taken on the records? For example, is new data added or updated by replacing older data on a daily, weekly, or monthly basis?
- 5.
What is the event or action that will serve as the trigger for updating, deleting, removing, or replacing information in the system? For example, does the information reside in the system for three years after it is created and then is it deleted?
- 6.
Is any part of the record an output, such as a report, or other data placed in ADAMS or stored in any other location, such as a shared drive or MS SharePoint?
- 7.
Does this system allow for the deletion or removal of records no longer needed and how will that be accomplished?
F.
TECHNICAL ACCESS AND SECURITY
- 1.
Describe the security controls used to limit access to the system (e.g.,
passwords).
Access controls, including user IDs and passwords, will be used to protect personal and other data. Access to travelers personal data will be limited to those included in the approval chain.
- 2.
What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?
User access controls will protect unauthorized access to or modification of personal data. Reports containing personal data will be clearly marked with sensitive data banners, automated audit logs and reports will be reviewed to identify unauthorized access.
- 3.
Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?
Yes (1)
If yes, where?
System documentation contains a description of the criteria and how the access controls function. ETS2 Security documentation is located at the Government
10 Services Administration (GSA) Federal Acquisition Service (FAS) E-Gov Travel Program Management Office (E-Gov Travel PMO).
- 4.
Will the system be accessed or operated at more than one location (site)?
No
- a.
If yes, how will consistent use be maintained at all sites?
- 5.
Which user groups (e.g., system administrators, project managers, etc.)
have access to the system?
Travelers, approving officials, system administrators, OCFO Functional Staff (Travel Arrangers)
- 6.
Will a record of their access to the system be captured?
Yes, audit logs will be maintained by the system.
- a.
If yes, what will be collected?
ETS2 captures a record of the User ID with a time and date stamp and the table, form or transaction accessed. The ETS2 also maintains records of any batch, report, or file transfer job run.
- 7.
Will contractors be involved with the design, development, or maintenance of the system?
Yes If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses are inserted in their contracts.
FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.
- 8.
What auditing measures and technical safeguards are in place to prevent misuse of data?
ETS2 has the following controls in place for limiting system access:
Access forms are completed User access levels are determined based on the user's organization
11 profile Access and password protection is in place to secure the system A process for system change requests is in place to maintain documentation of changes Access to sensitive information such as bank account numbers is limited to only to small subset of users with the appropriate permission
- 9.
Are the data secured in accordance with FISMA requirements?
Yes
- a.
If yes, when was Certification and Accreditation last completed?
The GSA Authorizing Official granted a provisional authorization to operate on June 15, 2016. This provisional ATO covers the ConcurGov common controls only, and does not authorize the use of the ConcurGov information system for any specific Federal Agency. This provisional ATO is good for three years (until June 2019).
12 PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMS/ISB Staff)
System Name: E-Gov Travel Services 2 (ETS2)
Submitting Office: OCIO A.
PRIVACY ACT APPLICABILITY REVIEW Privacy Act is not applicable.
X Privacy Act is applicable.
Comments:
This system will collect, maintain, and disseminate information about individuals other than NRC Employees such as perspective employees, contractors, invitational travelers for NRC Programs, etc. This system is covered under System of Records, NRC-20, Official Travel Records.
Reviewers Name Title Date Sally A. Hardy Privacy Officer 6/28/2018 B.
INFORMATION COLLECTION APPLICABILITY DETERMINATION No OMB clearance is needed.
X OMB clearance is needed.
Currently has OMB Clearance. Clearance No.
Comments:
Previously ETS2 did not collect information from non-federal employees and did not need a clearance. Since March 2018, ETS2 has replaced the NRC Form 64 as the collection point for non-federal employees. As a result, ETS2 and its supporting forms need an OMB clearance. NRC Form 64 is still used to collect information from employees.
Reviewers Name Title Date David Cullison Agency Clearance Officer 6/14/18
13 C.
RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.
Additional information is needed to complete assessment.
Needs to be scheduled.
X Existing records retention and disposition schedule covers the system - no modifications needed.
Comments:
Reviewers Name Title Date Marna B. Dove Sr. Program Analyst, Electronic Records Manager 5/31/18 D.
BRANCH CHIEF REVIEW AND CONCURRENCE This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.
X This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.
I concur in the Privacy Act, Information Collections, and Records Management reviews:
/RA/ Date July 10, 2018 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer
14 TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/
PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Gordon Peterson, Controller, Division of the Controller, Office of the Chief Financial Officer Name of System: E-Gov Travel Services 2 (ETS2)
Date ISB received PIA for review:
April 17, 2018 Date ISB completed PIA review:
June 28, 2018 Noted Issues:
This system is covered under System of Records, NRC-20, Official Travel Records.
However, this may be a duplicate system of GSA/GOVT-4, if confirmed after OGCs review we may need to update PIA.
Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer Signature/Date:
/RA/ July 10, 2018 Copies of this PIA will be provided to:
Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO)
Governance & Enterprise Management Services Division Office of the Chief Information Officer