Talent Management System Privacy Impact Assessment

ML19067A187
Person / Time
Issue date:	06/04/2019
From:	Anna Mcgowan Governance & Enterprise Management Services Division
To:
References
Download: ML19067A187 (16)
v • d • e

Text

ADAMS ML19067A187 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

Talent Management System (TMS)

Date: April 4, 2019 A.

GENERAL SYSTEM INFORMATION

1.

Provide a detailed description of the system:

The Talent Management System (TMS) is a Software-as-a-Service (SaaS) cloud solution used to manage the development, delivery, and tracking of training for NRC personnel in addition to employee performance and competency reviews.

The system provides employees, their supervisors, and human resources and training departments with an efficient means to manage the learning aspects of human resource management functions and the automation of performance management tasks.

The Cornerstone Unified Talent Management Suite (CUTMS) is a cloud service from Cornerstone OnDemand, Inc. (CSOD) that provides a Learning Management System for the delivery of web-based and instructor-led training and Performance Management. The CUTMS Learning Management System (LMS) assists NRC in complying with e-Learning standards, while providing a broad range of capabilities to enable program management and tracking relevant to training efforts, curriculum development, and delivery of a variety of training courses. The performance management module will assist in the development of competency models for career development and strategic workforce planning.

2.

What agency function does it support?

The Talent Management System supports the following agency functions:

Storage of training records, schedule training courses and resources, and online course registration Creation, storage and use of competency models and support of individual development plans to close skill gaps Automation of performance management tasks including performance appraisals and competency management

3.

Describe any modules or subsystems, where relevant, and their functions.

CUTMS is comprised of a performance management and learning management module.

4.

What legal authority authorizes the purchase or development of this system?

Federal agencies are required to collect detailed information on training programs and needs, and to electronically report the data to the Office of Personnel Management (OPM) per 5 CFR 410 per; RIN 3206-AK46; 71 Fed.

Reg. 28,545.

5.

What is the purpose of the system and the data to be collected?

OCHCO and NRC staff use the data collected by the system to:

Manage and track training efforts, including training and curriculum development, training delivery, administration, monitoring functions, and reporting requirements Review the status of open and completed training Analyze trends based on training activity Prepare and submit standard reports, NRC-developed reports, ad-hoc query results as needed Performance reviews and appraisals Competency and skills management

6.

Points of

Contact:

Project Manager Office/Division/Branch Telephone Joe Lawson OCHCO/ADHRTD/STTSB 423-855-6645 Technical Project Manager Office/Division/Branch Telephone Andrey Korsak OCHCO/ADHRTD/LTDB 301-287-0574 Performance Module Lead Office/Division/Branch Telephone Alison Tallarico OCHCO/HROP/PLERB 301-287-0740 Information System Security Officer (ISSO)

Office/Division/Branch Telephone Natalya Bobryakova OCIO/ITSDOD/SOB/IAT 301-287-0671 Executive Sponsor Office/Division/Branch Telephone Miriam Cohen OCHCO 301-287-0747 Associate Director of HR Training and Development Office/Division/Branch Telephone Susan Abraham OCHCO/ADHRTD 301-287-0718

7.

Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?

a.

X New System Modify Existing System Other (Explain)

b.

If modifying an existing system, has a PIA been prepared before?

(1)

If yes, provide the date approved and ADAMS accession number.

(2)

If yes, provide a summary of modifications to the existing system.

B.

INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

1.

INFORMATION ABOUT INDIVIDUALS

a.

Does this system maintain information about individuals?

Yes (1)

If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public).

TMS maintains information about NRC employees, NRC contractors, and Agreement State employees.

(2)

IF NO, SKIP TO QUESTION B.2.

b.

What information is being maintained in the system about an individual (be specific)?

TMS maintains the following information about individuals:

Name Social Security Number (SSN)

Date of Birth Office/Organization Training related data Education history E-mail addresses Course history

Performance Reviews

c.

Is information being collected from the subject individual?

Yes. To the greatest extent possible, information maintained in TMS is collected from the subject individual.

(1)

If yes, what information is being collected?

Information from NRC employees: Name, social security number, date of birth, office/organization, position, grade, e-mail address, training dates, course and session info, cost, approvals, training facility.

Information from NRC contractors: Name, office/organization, e-mail address, training dates, course and session info, cost, approvals, training facility.

Information from Agreement State Employees: Name, affiliation, e-mail address, and course/session information.

d.

Will the information be collected from 10 or more individuals who are not Federal employees?

Yes (1)

If yes, does the information collection have OMB approval?

Yes (a)

If yes, indicate the OMB approval number:

This collection of information is covered under OMB Clearance Number 3150-0029. Around October 1st each year, the Office of Nuclear Material Safety and Safeguards (NMSS) sends a memo to all Agreement States notifying them of upcoming NRC training courses. Agreement States wishing to participate in these courses fill out a training application and submit the application to NMSS. NMSS gathers information regarding course participants and enters the information into TMS. Agreement State information consists of student name and Agreement State abbreviation.

e.

Is the information being collected from existing NRC files, databases, or systems?

Yes (1)

If yes, identify the files/databases/systems and the information being collected.

TMS collects information about individuals from Electronic Official Personnel Folder (eOPF), the Human Resource Management System

(HRMS), Federal Personnel Payroll System (FPPS), and Enterprise Identity Hub (EIH).

f.

Is the information being collected from external sources (any source outside of the NRC)?

No (1)

If yes, identify the source and what type of information is being collected?

g.

How will information not collected directly from the subject individual be verified as current, accurate, and complete?

Information collected from HRMS and an employees personnel folder has been verified by the employee as well as an approving official.

Employees can modify some data within their personnel folder through Employee Express. All human resource (HR) data is reviewed and verified by HR personnel.

EIH data has been verified by the Identity, Credential, and Access Management System.

h.

How will the information be collected (e.g. form, data transfer)?

Information about individuals is transferred from existing NRC files and databases. Information about individuals is also collected in forms, such as the Agreement State application forms.

2.

INFORMATION NOT ABOUT INDIVIDUALS

a.

Will information not about individuals be maintained in this system?

Yes (1)

If yes, identify the type of information (be specific).

The TMS contains the NRC training catalog with descriptions of the provided courses, agency training requirements, computer-based training, live training courses, and training reviews.

b.

What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

Web-based training and curriculum information is provided by internal agency personnel with access to the system. TMS also incorporates courses provided by other organizations or government agencies.

C.

USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

1.

Describe all uses made of the data in this system.

The data will be used to manage the development, delivery, and tracking of training under the direction of OCHCO, identify skills gaps and competency models for career development and workforce planning. For instance, the data input to and collected by the system will be used by OCHCO to manage and track training efforts, review the status of open and completed trainings, potentially to analyze trends based on training activity, to prepare and deploy a variety of trainings, and to run ad-hoc queries as needed.

In addition, TMS will report performance appraisals and training compliance in accordance with Office of Personnel Management (OPM) mandates, and will allow for the implementation, management, tracking, and reporting of performance-related tasks and items, including performance plans and appraisals.

2.

Is the use of the data both relevant and necessary for the purpose for which the system is designed?

Yes. Without the data maintained in TMS, OCHCO would not be able to fulfill its mission to collect detailed information on training programs and electronically reporting the data to OPM through the Enterprise Human Resources Integration (EHRI) program, per 5 CFR 410 per; RIN 3206-AK46; 71 Fed. Reg. 28,545.

3.

Who will ensure the proper use of the data in this system?

TMS has been assigned an Information System Security Officer (ISSO) as part of the Third Party System. The TMS administrators ensure that users are only assigned the privileges or permissions required by their job function.

4.

Are the data elements described in detail and documented?

Yes

a.

If yes, what is the name of the document that contains this information and where is it located?

TMS is a FedRAMP authorized system and has an approved authorization package available through the OMB Max Portal that describes the data elements that are permitted within the system.

5.

Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

Yes, queries could be transformed into reports that can be aggregated.

Derived data is obtained from a source for one purpose and then the original information is used to deduce/infer a separate and distinct bit of information that is aggregated to form information that is usually different from the source information.

Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays).

a.

If yes, how will aggregated data be maintained, filed, and utilized?

Data is validated through controls implemented by the cloud service provider. Data is reviewed by authorized users and can only be modified to address discrepancies by staff with the necessary permissions within the system. NRC makes training completion reports available on the OCHCO website and reports performance and training data to OPM.

b.

How will aggregated data be validated for relevance and accuracy?

Data is validated through system edits implemented by the Cloud Service Provider (CSP) and reviewed by authorized, authenticated users, and can only be modified to address discrepancies by those staff with that responsibility and access. NRC does not aggregate self-reported data within TMS.

c.

If data are consolidated, what controls protect it from unauthorized access, use, or modification?

Consolidated data can only be accessed by authorized, authenticated users, and can only be modified by those staff with that responsibility and access. Role-based access control (RBAC) is implemented in TMS to control access to the system and to prevent unauthorized use.

Administrators follow the annual Privacy Act guidance for storage and disposition of data and reports. Regular audits of data and records are also performed.

6.

How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier? (Be specific.)

Training records data can be retrieved by a personal identifier, such as Employee ID, LAN ID, or by the individuals name. Data can only be retrieved by authorized, authenticated user with the required accession permissions.

7.

Will this system provide the capability to identify, locate, and monitor (e.g.,

track, observe) individuals?

No

a.

If yes, explain.

(1)

What controls will be used to prevent unauthorized monitoring?

8.

List the report(s) that will be produced from this system.

Standard and NRC-developed reports will be produced from this system and include Training Completion Reports, External Training Reports, User Reports, skills competency and performance reports.

a.

What are the reports used for?

Automated reports regarding training and performance management are sent to OPM in compliance with federal reporting requirements.

Training Reports provide data on training items, registrations, training completions, curricula status, scheduled offerings, exams, and training evaluations. External Training Reports provide data on external training requests, approvals, and verification status.

Performance reports will contain information regarding performance appraisals, skills gaps, and career development.

System Reports provide data on general system functionality such as system transactions and audit logs.

b.

Who has access to these reports?

The access to the reports is managed through implementation of role-based permissions. Each group of administrators has access to reports based on their job requirements and business needs. In addition, reports on completed trainings are stored on a shared drive and made available on the OCHCO website. Automated reports regarding training are also sent to OPM.

D.

ACCESS TO DATA

1.

Which NRC office(s) will have access to the data in the system?

OCHCO administrators, employees and supervisors across all NRC offices have non-privileged access to data that pertains to them individually as part of their role in the system.

(1)

For what purpose?

Authorized NRC office staff and NRC contractors will have access to take available agency training. Role-based access control (RBAC) allows OCHCO administrators, NRC office employees, supervisors, and potentially NRC contractors to perform program management functions including:

tracking relevant training efforts developing curriculums delivery and development of training courseware content management of individual competencies and skills performance appraisals (2)

Will access be limited?

Yes. User access is restricted. RBAC limits access to the authorized users depending on their limits to the data individually as part of their role in the system. TMS users are authorized to utilize the training development and performance information. Other privileged users will be able to use administrative functions, which include a compliance tracking capability and account administration.

2.

Will other NRC systems share data with or have access to the data in the system?

Yes (1)

If yes, identify the system(s).

The Enterprise Identity Hub (EIH).

(2)

How will the data be transmitted or disclosed?

A scheduled report of security awareness training compliance is run daily and sent via email to the ICAMSupport.Resource@nrc.gov resource mailbox.

3.

Will external agencies/organizations/public have access to the data in the system?

Yes (1)

If yes, who?

Training completion data is transmitted to OPMs EHRI Data Warehouse.

(2)

Will access be limited?

No external agencies/organizations/public have direct access to the data in the system.

(3)

What data will be accessible and for what purpose/use?

Training and performance records will be used by OPM to manage and track training efforts and individual performance and competencies.

(4)

How will the data be transmitted or disclosed?

The CSP transmits the data via secure, encrypted connections as specified by OCHCO on behalf of OPM.

E.

RECORDS RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.

1.

Can you map this system to an applicable retention schedule in NUREG-0910, or the General Records Schedules at http://www.archives.gov/records-mgmt/grs ?

Yes

a.

If yes, please cite the schedule number, approved disposition, and describe how this is accomplished. For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to a file for transfer based on their approved disposition?

Type of Record GRS Number Records Title Disposition Training GRS 2.6 item 010 Non-mission employee training program records Temporary. Destroy when 3 years old, or 3 years after superseded or obsolete, whichever is appropriate, but longer retention is authorized if required for business use.

Training GRS 2.6 item 020 Ethics training records Temporary. Destroy when superseded, 3 years old, or 1 year after separation, whichever comes first, but longer retention is authorized if required for business use.

Training GRS 2.6 item 030 Individual training records Temporary. Destroy when 6 years old or when superseded, whichever is later, but longer retention is authorized if required for business use.

Performance GRS 2.2 item 070 Employee performance file system records. Acceptable performance appraisals of non-senior executive service employees.

Temporary. Destroy no sooner than 4 years after date of appraisal, but longer retention is authorized if required for business use.

Performance GRS 2.2 item 071 Employee performance file system records. Unacceptab le performance appraisals of non-senior executive service employees.

Temporary. Destroy after employee completes 1 year of acceptable performance from the date of written advance notice of proposed removal or reduction-in-grade notice. This disposition instruction is mandatory; deviations are not allowed.

Performance GRS 2.2 item 072 Employee performance file system records. Records of senior executive service employees.

Temporary. Destroy no sooner than 5 years after date of appraisal, but longer retention is authorized if required for business use.

Performance GRS 2.2 item 073 Employee performance file system records. Performanc e records superseded through an administrative, judicial, or quasi-judicial procedure.

Temporary. Destroy when superseded. This disposition instruction is mandatory; deviations are not allowed.

System Reports GRS 3.1 item 020 Information technology operations and maintenance records.

Temporary. Destroy 3 years after agreement, control measures, procedures, project, activity, or transaction is obsolete, completed, terminated or superseded, but longer retention is authorized if required for business use.

b.

If the answer to question E.1 is yes, skip to F.1. If the response is no, complete question E.2 through question E.7.

2.

If the records cannot be mapped to an approved records retention schedule, how long do you need the records? Please explain.

3.

Would these records be of value to another organization or entity at some point in time? Please explain.

4.

How are actions taken on the records? For example, is new data added or updated by replacing older data on a daily, weekly, or monthly basis?

5.

What is the event or action that will serve as the trigger for updating, deleting, removing, or replacing information in the system? For example, does the information reside in the system for three years after it is created and then is it deleted?

6.

Is any part of the record an output, such as a report, or other data placed in ADAMS or stored in any other location, such as a shared drive or MS SharePoint?

7.

Does this system allow for the deletion or removal of records no longer needed and how will that be accomplished?

F.

TECHNICAL ACCESS AND SECURITY

1.

Describe the security controls used to limit access to the system (e.g.,

passwords).

The OCHCO Administrator is responsible for managing rights and permissions that are controlled at the customer level. The Administrator is also responsible for assigning administrative privileges within the NRC domain. Users authenticate to the system with their NRC LAN credentials. TMS relies on the Information Technology Infrastructure (ITI) Identity, Credential, and Access Management (ICAM) authentication gateway to authenticate all users.

Any users without NRC LAN credentials such as Agreement State employees will require a separate username and ID.

2.

What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

Access to TMS is role-based. Agency administrators are responsible for ensuring that users are only assigned the least role(s) and permissions

necessary for them to perform their job. The system ISSO reviews and approves all privileged roles and permissions. CUTMS enforces role-based access authorizations after the accounts have been provisioned.

3.

Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?

Yes (1)

If yes, where?

The System Security Plan (SSP) will document the criteria, procedures, controls, and responsibilities regarding access.

4.

Will the system be accessed or operated at more than one location (site)?

TMS can be accessed at all NRC sites and outside of the NRC network.

a.

If yes, how will consistent use be maintained at all sites?

All access will still require NRC personnel to authenticate using their LAN credentials.

5.

Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

Employees, contractors, and supervisors across all NRC offices will have access to information that pertains to them individually. Different roles exist within the system for various levels of privileged access.

6.

Will a record of their access to the system be captured?

Yes

a.

If yes, what will be collected?

NRC relies on CSOD to regularly analyze audit records and monitor the system for inappropriate or unusual activity. NRC can request audit records containing access records and changes made by each user.

7.

Will contractors be involved with the design, development, or maintenance of the system?

Yes. CSOD is the cloud service provider responsible for the development and maintenance of the TMS.

If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses are inserted in their contracts.

FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.

PII clause, Contractor Responsibility for Protecting Personally Identifiable

Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.

8.

What auditing measures and technical safeguards are in place to prevent misuse of data?

NRC relies on the CSP to secure all data in accordance with agency wide mandates and ensure that only authorized users can access the system. The CSP implements functional requirements into the technical design and implementation of the system and undergoes annual assessments to test the current safeguards.

9.

Are the data secured in accordance with FISMA requirements?

Yes.

a.

If yes, when was Certification and Accreditation last completed?

CUTMS SaaS received a FedRAMP authorization on September 17, 2015.

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMS/ISB Staff)

System Name: Talent Management System (TMS)

Submitting Office: Office of the Chief Human Capital Officer A.

PRIVACY ACT APPLICABILITY REVIEW Privacy Act is not applicable.

X Privacy Act is applicable.

Comments:

Covered under System of Records, NRC-19, Official Personnel Training Records.

Reviewers Name Title Date Sally A. Hardy Privacy Officer 6/04/2019 B.

INFORMATION COLLECTION APPLICABILITY DETERMINATION X No OMB clearance is needed.

OMB clearance is needed.

Currently has OMB Clearance. Clearance No.

Comments:

Currently the TMS does not need an OMB Clearance since it does not collect information directly but uses information on non-Federal employees provided by other sources. If changes are made to the system to directly collect information from non-Federal employees, the need for an OMB clearance will need to be revisited.

Reviewers Name Title Date David Cullison Agency Clearance Officer 4/22/19

C.

RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

Needs to be scheduled.

X Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Reviewers Name Title Date Marna B. Dove Sr. Program Analyst, Electronic Records Manager 4/09/19 D.

BRANCH CHIEF REVIEW AND CONCURRENCE This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

X This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

/RA/ Date June 4, 2019 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Miriam Cohen, Director, Office of the Chief Human Capital Officer Name of System: Talent Management System (TMS)

Date ISB received PIA for review:

March 28, 2019 Date ISB completed PIA review:

June 4, 2019 Noted Issues:

Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer Signature/Date:

/RA/ June 4, 2019 Copies of this PIA will be provided to:

Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO)

Governance & Enterprise Management Services Division Office of the Chief Information Officer