ML19213A134

From kanterella
Jump to navigation Jump to search
Rocis Privacy Threshold Analysis
ML19213A134
Person / Time
Issue date: 12/18/2019
From: Anna Mcgowan
NRC/OCIO
To:
References
Download: ML19213A134 (5)
v  d  e


Text

Privacy Threshold Analysis (To be used to determine whether a privacy impact assessment is required in accordance with the E-Government Act of 2002.)

Date submitted for review: September 18, 2019 Regulatory Information Service Center (RISC) /

Name of Project/System:

Office of Information and Regulatory Affairs (OIRA)

Combined Information System (ROCIS)

Sponsoring Office: Office of the Chief Information Officer (OCIO)

Project manager name and N/A phone number:

1. Describe (in detail) the project/system and its purpose:

ROCIS is an external IT system operated by the Regulatory Information Service Center (RISC) within the General Services Administration (GSA) to support the publication of the Unified Agenda in the Federal Register. The system provides uniform reporting of regulatory actions for 64 reporting agencies and 300-400 sub-agencies. NRC Users can access the web application at https://www.rocis.gov/.

ROCIS contains modules to support the reporting of data regarding agency regulatory actions, information collections requests in support of the Paperwork Reductions Act, and the submission of regulations to OMB for approval. Records are reviewed by the Office of Information and Regulatory Affairs (OIRA), a statutory part of the Office of Management and Budget (OMB) within the Executive Office of the President.

The Privacy Impact Assessment developed by GSA can be found at https://www.gsa.gov/cdnstatic/ROCIS_PIA%20May%202018.pdf.

2. What agency function does it support:

The agency utilizes ROCIS to provide regulatory data for review and publication in the Unified Agenda and Regulatory Plan and to submit information collection requests and system of records notices (SORN) for review.

3. Status:

New development effort.

Existing system.

  • Date first developed:
  • Date last updated:
  • Provide ADAMS accession number:

o Provide a general description of the update:

4. Do you have an NRC Enterprise Architecture (EA)/Inventory number?

PTA Template (04-2019) 1

1. If yes, please provide Enterprise Architecture (EA)/Inventory number.
2. If no, please contact EA Service Desk to get Enterprise Architecture (EA)/Inventory number.

No, ROCIS is an external service.

5. Could the project/system relate in any way to individuals?

No Yes

  • Provide a general description of the way the project could relate to an individual.

ROCIS stores the contact information of federal employees. Users can find other users through the systems search capability.

6. Does this project collect, process, or retain information on: (Check all that apply)

NRC employees?

Other Federal employees?

Contractors working on behalf of NRC?

Members of the public or other individuals?

System does not contain any such information.

7. Does this project use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs, such as the last four)

No Yes

  • Why is the SSN collected or used? Provide the function of the SSN and the legal authority to do so. N/A
  • Is the SSN full or partial SSN? N/A
8. What information about an individual could be collected, generated, or retained?

Provide a detailed description of the information that might be collected, generated, or retained such as names, addresses, phone numbers, etc.

ROCIS includes the following contact information of federal employees:

  • First and last name
  • Agency and Role PTA Template (04-2019) 2
  • Agency email address
  • Agency telephone number
9. Does the system share personally identifiable information with any other NRC systems?

No Yes

  • Identify the systems: N/A
10. Does this system relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]

No Yes

  • If yes, is there a log kept of communication traffic? N/A
  • If yes, what type of data is recorded in the log? List the data elements in the log. N/A
11. Can the system be accessed remotely?

No Yes

  • If yes, how?

NRC Users can access the ROCIS web application at https://www.rocis.gov/.

12. Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule(NUREG-0910), or NARAs General Records Schedules?

Yes

  • If yes, please provide the schedule number, approved disposition, and describe how this is accomplished.

No

  • If no, please contact the Records and Information Management (RIM) staff at ITIMPolicy.Resource@nrc.gov.

According to the ROCIS Privacy Impact Assessment developed by GSA, the system does not maintain any official records.

PTA Template (04-2019) 3

13. Is there an Authority to operate record?

Unknown No In progress Yes: Indicate the impact levels approved by CSO - Computer Security Organization for the following:

Confidentiality: Low Moderate High Undefined Integrity: Low Moderate High Undefined Availability: Low Moderate High Undefined PTA Template (04-2019) 4

PRIVACY THRESHOLD ANALYSIS REVIEW (To be completed by: Information Services Branch, Governance & Enterprise Management Services Division, Office of the Chief Information Officer)

System Name: Regulatory Information Service Center (RISC) / Office of Information and Regulatory Affairs (OIRA) Combined Information System (ROCIS)

Date reviewed: December 13, 2019 Name of the reviewer: Sally A. Hardy, Privacy Officer

_X_ No, this is NOT a privacy sensitive system - the system contains no personally identifiable information.

___ Yes, this IS a privacy sensitive system. A privacy impact assessment is required.

COMMENTS:

I concur with this analysis:

/RA/ Date: 12/18/2019 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer PTA Template (04-2019) 5

Retrieved from "https://kanterella.com/w/index.php?title=ML19213A134&oldid=2312768"