ML18163A026
ML18163A026 | |
Person / Time | |
---|---|
Issue date: | 06/12/2018 |
From: | Anna Mcgowan Governance & Enterprise Management Services Division |
To: | NRC/OCFO |
References | |
Download: ML18163A026 (5) | |
Text
ML18163A026 Privacy Threshold Analysis (To be used to determine whether a privacy impact assessment is required in accordance with the E-Government Act of 2002.)
Date submitted for review: June 4, 2018 Name of Project/System: OCFO Oracle Planning and Budgeting Cloud Sponsoring Office: Office of the Chief Financial Officer Project manager name and phone number: Jeffrey Sheldon, 301-415-5743
- 1. Describe (in detail) the project/system and its purpose:
Office of the Chief Financial Officer (OCFO) is migrating the on premise Budget Formulation System (BFS) applications to the Oracle Planning and Budgeting Cloud (OPBC), which is going through the FedRAMP authorization process.
- 2. What agency function does it support:
OPBC is a cloud-based system used for simplifying and improving the formulation, development, operation and maintenance of the agencys planning, budgeting and forecasting processes. OPBC applications include budget, commitment plan, salary, spending plan, and staffing forecasts.
- 3. Status:
New development effort. OPBC will be the cloud version of BFS Existing system.
- Date first developed:
- Date last updated:
o Provide a general description of the update:
- 4. Could the project/system relate in any way to individuals?
No Yes
- Provide a general description of the way the project could relate to an individual.
OPBC salary and staffing applications contain NRC employee information. See response to question 7 below.
- 5. Does this project collect, process, or retain information on: (Check all that apply)
NRC employees?
Other Federal employees?
Contractors working on behalf of NRC?
Members of the public or other individuals?
System does not contain any such information.
- 6. Does this project use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs, such as the last four.)
No
- 7. What information about an individual could be collected, generated or retained?
Provide a detailed description of the information that might be collected, generated, or retained such as names, addresses, phone numbers, etc.
Employee ID Employee name Position ID Position Title Salary Series, Grade, Step Organization to which the staff belongs (Office, Division, Branch)
- 8. Does the system share personally identifiable information with any other NRC systems?
No Yes
- Identify the systems:
- 9. Does this system relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?
No Yes
- If yes, is there a log kept of communication traffic?
- If yes, what type of data is recorded in the log? List the data elements in the log.
- 10. Can the system be accessed remotely?
No Yes
- If yes, how? Standard access is through the internet since OPBC is a cloud service
- 11. Is there an approved records retention schedule? (Refer to NUREG-0910, NRC Comprehensive Records Disposition Schedule.)
Yes
- If yes, please provide the schedule number and approved disposition:
No
- If no, contact the Records and Archives Services Section for further guidance.
- 12. Is there a Certification & Accreditation record?
No; On May 23, 2018, the CIO approved a pilot of this cloud service for testing purposes only. Once FedRAMP authorization is granted, OCFO plans to pursue authorization beyond the pilot phase.
Yes: Indicate the determinations for each of the following:
Confidentiality: Low Moderate High Undefined Integrity: Low Moderate High Undefined Availability: Low Moderate High Undefined
ML18163A026 PRIVACY THRESHOLD ANALYSIS REVIEW (To be completed by: Information Services Branch, Governance &
Enterprise Management Services Division, Office of the Chief Information Officer)
Date reviewed: June 11, 2018 Name of the reviewer: Sally A. Hardy, Privacy Officer
_X_ No, this is NOT a privacy sensitive system - the system contains no personally identifiable information.
___ Yes, this IS a privacy sensitive system. A privacy impact assessment is required.
COMMENTS:
The information collected is business related information. Information related to the workplace such as an employees name, title, work telephone number, official work address/location, position, employee and work e-mail address is not treated as PII by NRC.
I concur with this analysis:
/RA/ Date: June 12, 2018 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer