ML19353B232
| ML19353B232 | |
| Person / Time | |
|---|---|
| Issue date: | 12/19/2019 |
| From: | Anna Mcgowan NRC/OCIO |
| To: | |
| References | |
| Download: ML19353B232 (5) | |
Text
ML19353B232 Privacy Threshold Analysis (To be used to determine whether a privacy impact assessment is required in accordance with the E- Government Act of 2002.)
Date submitted for review: December 16, 2019 Name of Project/System: IdeaScale Gov (ISG)
Sponsoring Office: Office of the Chief Information Officer (OCIO)
Project manager name and phone Amy DAgostino - 301-415-2414 number:
- 1. Describe (in detail) the project/system and its purpose:
IdeaScale Gov is an innovation management software platform provided by IdeaScale to government agencies as a secure solution for soliciting input from personnel and other stakeholders and collaboratively transforming that input into actionable project plans.
IdeaScale Gov is a cloud-based, Software-as-a-Service (SaaS) solution hosted by IdeaScale, the Cloud Service Provider, in a multitenant environment that logically secures and partitions agency data. IdeaScale Gov is authorized by the Federal Risk and Authorization Management Program (FedRAMP).
The Nuclear Regulatory Commissions (NRCs) instance of IdeaScale Gov (ISG) allows the NRC to solicit input from personnel, host community conversations, issue crowdsourced challenges, and collect innovative ideas. NRC employees can submit ideas or vote and comment on ideas from other employees. All users log into the ISG application via a web browser and authenticate through the NRC single sign-on (SSO) authentication service.
- 2. What agency function does it support:
The ISG system provides an environment in which the NRC can collect ideas from personnel and develop innovative ideas and goals. The analysis of that data can provide valuable information to be used for various agency change initiatives.
- 3. Status:
New development effort.
Existing system.
- Date first developed:
- Date last updated:
- Provide ADAMS accession number:
PTA Template (04-2019) 1
ML19353B232 o Provide a general description of the update:
- 4. Do you have an NRC Enterprise Architecture (EA)/Inventory number?
No. ISG is an external service under the Third Party System (TPS) FISMA boundary which does not have an EA/Inventory Number.
- 1. If yes, please provide Enterprise Architecture (EA)/Inventory number.
- 5. Could the project/system relate in any way to individuals?
No Yes
- Provide a general description of the way the project could relate to an individual.
Individuals can submit, vote, and comment on ideas.
- 6. Does this project collect, process, or retain information on: (Check all that apply)
NRC employees?
Other Federal employees?
Contractors working on behalf of NRC?
Members of the public or other individuals?
System does not contain any such information.
- 7. Does this project use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs, such as the last four.)
No Yes
PTA Template (04-2019) 2
- 8. What information about an individual could be collected, generated or retained?
Provide a detailed description of the information that might be collected, generated, or retained such as names, addresses, phone numbers, etc.
ISG contains usernames, agency email addresses, and full names.
- 9. Does the system share personally identifiable information with any other NRC systems?
No Yes
- Identify the systems:
- 10. Does this system relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?
No Yes
- If yes, is there a log kept of communication traffic?
- If yes, what type of data is recorded in the log? List the data elements in the log.
- 11. Can the system be accessed remotely?
No Yes
- If yes, how?
Users can access the system through the NRC network at an NRC facility, via remote access Virtual Private Network (VPN), or the Citrix Broadband Remote Desktop.
- 12. Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule(NUREG-0910), or NARAs General Records Schedules?
Yes
- If yes, please provide the schedule number, approved disposition, and describe how this is accomplished.
GRS 5.2 Transitory and Intermediary Records, Item 020, Intermediary Records.
Destroy upon verification of successful creation of the final document or file, or when PTA Template (04-2019) 3
ML19353B232 no longer needed for business use, whichever is later.
IdeaScale maintains system records in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.
No
- If no, please contact the Records and Information Management (RIM) staff at ITIMPolicy.Resource@nrc.gov.
- 13. Is there an Authority to operate record?
Unknown No In progress Yes: Indicate the impact levels approved by CSO - Computer Security Organization for the following:
Confidentiality: Low Moderate High Undefined Integrity: Low Moderate High Undefined Availability: Low Moderate High Undefined PTA Template (04-2019) 4
ML19353B232 PRIVACY THRESHOLD ANALYSIS REVIEW (To be completed by: Information Services Branch, Governance &
Enterprise Management Services Division, Office of the Chief Information Officer)
System Name: IdeaScale Gov (ISG)
Date reviewed: December 19, 2019 Name of the reviewer: Sally A. Hardy, Privacy Officer
_X_ No, this is NOT a privacy sensitive system - the system contains no personally identifiable information.
___ Yes, this IS a privacy sensitive system. A privacy impact assessment is required.
COMMENTS:
I concur with this analysis:
/RA/ Date: December 19, 2019 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer PTA Template (04-2019) 5