ML18172A121

From kanterella
Jump to navigation Jump to search
Library Services Platform Privacy Threshold Analysis
ML18172A121
Person / Time
Issue date: 06/25/2018
From: Anna Mcgowan
NRC/OCIO
To:
References
Download: ML18172A121 (5)
v  d  e


Text

Privacy Threshold Analysis Template (To be used to determine whether a privacy impact assessment is required in accordance with the E-Government Act of 2002.)

Date submitted for review: June 21, 2018 Name of Project/System: Library Services Platform (LSP)

Sponsoring Office: Office of the Chief Information Officer (OCIO)

Project manager name and phone number: Bebbie Rhodes - 301-415-5785

1. Describe (in detail) the project/system and its purpose:

The Library Services Platform (LSP) consists of Ex Libris Alma and Primo, components of a cloud-based integrated library system. The Ex Libris Alma is used to manage back end library operations while the Ex Libris Primo is used for front end discovery services. The system operates in a private cloud maintained by Ex Libris cloud personnel and will have no hardware components hosted on the NRC infrastructure.

NRC staff with the appropriate permissions can navigate from one area of the system to another through a supported web browser. The Library team use Ex Libris Alma to manage the acquisition, sharing, cataloging, and use of various resources, including physical and electronic books, physical and electronic periodicals, and other digital resources. Alma is only available to members of the Library staff that are responsible for managing the various library resources and publishing that data to Primo. The Primo Front End interface is available agency wide on the NRC network to provide search capabilities for title, subject heading, author and call number, and a virtual shelf browse.

LSP is a subsystem of the Office of the Chief Information Officer (OCIO) Third Party System (TPS). TPS provides a framework for managing cybersecurity compliance for the external IT services used by NRC. TPS and its subsystems have no technical components on the NRC infrastructure. The Ex Libris FedRAMP authorization is sponsored by the Department of Health and Human Services (HHS).

2. What agency function does it support:

The LSP is used by the Library Team to catalog new books and materials, circulation of items, serials management, acquisitions, and searching of the online catalog for books, journals, or other materials.

3. Status:

New development effort.

Existing system.

  • Date first developed:
  • Date last updated:

o Provide a general description of the update:

4. Could the project/system relate in any way to individuals?

No Yes

  • Provide a general description of the way the project could relate to an individual.
5. Does this project collect, process, or retain information on: (Check all that apply)

NRC employees?

Other Federal employees?

Contractors working on behalf of NRC?

Members of the public or other individuals?

System does not contain any such information.

6. Does this project use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs, such as the last four.)

No Yes

  • Why is the SSN collected or used? Provide the function of the SSN and the legal authority to do so.
7. What information about an individual could be collected, generated or retained?

The LSP does retain some information about individuals; however the user information is limited to the users name, NRC location, NRC e-mail address, and NRC phone number.

8. Does the system share personally identifiable information (PII) with any other NRC systems?

No Yes

  • Identify the systems:
9. Does this system relate solely to infrastructure? (For example, is the system a Local Area Network [LAN] or Wide Area Network [WAN])?

No Yes

  • If yes, is there a log kept of communication traffic?
  • If yes, what type of data is recorded in the log? List the data elements in the log.
10. Can the system be accessed remotely?

No Yes

  • If yes, how?

The LSP uses Ex Libris, a cloud-based Software-as-a-Service (SaaS) solution.

Since it is externally hosted, access to the system only occurs remotely through a supported web browser.

11. Is there an approved records retention schedule? (Refer to NUREG-0910, NRC Comprehensive Records Disposition Schedule.)

Yes

  • If yes, please provide the schedule number and approved disposition:

No

  • If no, contact the Records and Archives Services Section for further guidance.
12. Is there a Certification & Accreditation record?

Unknown

No Yes: Indicate the determinations for each of the following:

Confidentiality: Low Moderate High Undefined Integrity: Low Moderate High Undefined Availability: Low Moderate High Undefined

PRIVACY THRESHOLD ANALYSIS REVIEW (To be completed by: Information Services Branch, Governance &

Enterprise Management Services Division, Office of the Chief Information Officer)

Date reviewed: June 21, 2018 Name of the reviewer: Sally A. Hardy, Privacy Officer

_X_ No, this is NOT a privacy sensitive system - the system contains no personally identifiable information.

___ Yes, this IS a privacy sensitive system. A privacy impact assessment is required.

COMMENTS:

Library Services Platform (LSP) does not collect personally identifiable information. LSP only collects business related information to include: users name, NRC location, NRC e-mail address, and NRC phone number.

I concur with this analysis:

/RA/ Date: June 25, 2018 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer

Retrieved from "https://kanterella.com/w/index.php?title=ML18172A121&oldid=1928392"