ML21022A294

From kanterella
Jump to navigation Jump to search
E-Gov Travel Services 2 (ETS2) Privacy Impact Assessment (Pia)
ML21022A294
Person / Time
Issue date: 02/06/2021
From: Nalabandian G
NRC/OCIO/GEMSD/CSB
To:
Natalya Bobryakova, 301-287-0671
References
Download: ML21022A294 (17)
v  d  e


Text

U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

E-Gov Travel Services 2 (ETS2)

Date: January 6, 2021 A. GENERAL SYSTEM INFORMATION

1. Provide a detailed description of the system: (Use plain language, no technical terms.)

E-Gov Travel Services 2 (ETS2) is a web-based, end-to-end travel management system (ConcurGov) sponsored by the U.S. General Services Administration (GSA). ConcurGov is operated by SAP Concur under GSAs oversight in accordance with the GSA ETS2 Master Contract. The U.S. Nuclear Regulatory Commission (NRC) uses ETS2 to plan, authorize, arrange, process, and manage official federal travel.

The ConcurGov application enables travelers and/or travel arrangers to plan and make reservations (air, rail, lodging, car rental, etc.) online, prepare travel authorizations and vouchers online, produce itineraries, have tickets issued, and store receipts online. Travel approvers have the ability to view and approve travel documentation of other users. Data from ETS2 is transmitted to the NRCs core financial system, the Financial Accounting and Integrated Management Information System (FAIMIS), via a secure file transfer. ETS2 is a subsystem of the NRC Office of the Chief Information Officer (OCIO) Third Party System (TPS). TPS provides a framework for managing cybersecurity compliance for the external IT services used by the NRC. TPS and its subsystems have no technical components on the NRC infrastructure.

2. What agency function does it support? (How will this support the U.S.

Nuclear Regulatory Commissions (NRCs) mission, which strategic goal?))

The system supports the NRCs regulatory mission by providing a management system for official NRC travel.

PIA Template (01-2021)

3. Describe any modules or subsystems, where relevant, and their functions.

ETS2 includes the ETS2 Mobile application which can be installed on Government Furnished Equipment or Bring Your Own Device mobile devices.

The ETS2 Mobile application enables NRC personnel to access ETS2 from authorized mobile devices.

4. What legal authority authorizes the purchase or development of this system? (What law, regulation, or Executive Order authorizes the collection and maintenance of the information necessary to meet an official program mission or goal? NRC internal policy is not a legal authority.)

5 United States Code (U.S.C.) 5701-5709, 5 U.S.C. 5721- 5739 Office of Management and Budget Memo M-12-12

5. What is the purpose of the system and the data to be collected?

The system provides control over the expenditure of funds for travel and related expenses. Provisions are made to authorize travel, provide and account for advances, and to pay for travel costs. The system contains records that may include, but are not limited to, name, traveler identification (ID) number (not Social Security Number (SSN)), date of birth, residence address, dependents names and ages, duty stations, and itinerary.

PIA Template (01-2021)

6. Points of

Contact:

(Do not adjust or change table fields. Annotate N/A if unknown. If multiple individuals need to be added in a certain field, please add lines where necessary.)

Project Manager Office/Division/Branch Telephone Susan Hayden OCFO/DOC/FSB 301-415-6206 Business Project Manager Office/Division/Branch Telephone Technical Project Manager Office/Division/Branch Telephone Executive Sponsor Office/Division/Branch Telephone Kimberly Darling OCFO/DOC 301-415-3299 ISSO Office/Division/Branch Telephone Natalya Bobryakova OCIO 301-287-0671 Primary Office ISSO Office/Division/Branch Telephone Tung Truong OCFO/DOC/FSB 301-415-8490 System Owner/User Office/Division/Branch Telephone Thomas Ashley OCIO/ITSDOD 301-415-0771

7. Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?
a. New System Modify Existing System X Other
b. If modifying or making other updates to an existing system, has a PIA been prepared before?

Yes.

PIA Template (01-2021)

(1) If yes, provide the date approved and the Agencywide Documents Access and Management System (ADAMS) accession number.

A PIA was approved on July 10, 2018, ADAMS accession number Main Library (ML) ML18107A156.

(2) If yes, provide a summary of modifications or other changes to the existing system.

The system description and points of contact information have been updated.

8. Do you have an NRC system Enterprise Architecture (EA)/Inventory number?

Yes.

a. If yes, please provide the EA/Inventory number.

The TPS EA number is 20180002.

b. If, no, please contact EA Service Desk to get the EA/Inventory number.

B. INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

1. INFORMATION ABOUT INDIVIDUALS
a. Does this system maintain information about individuals?

Yes.

(1) If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public (provide description for general public (non-licensee workers, applicants before they are licenses etc.)).

Employees, prospective employees, contractors, and invitational travelers for NRC programs.

(2) IF NO, SKIP TO QUESTION B.2.

PIA Template (01-2021)

b. What information is being maintained in the system about an individual (be specific - e.g. Social Security Number (SSN), Place of Birth, Name, Address)?

The individuals name, gender, address, phone number, email address, emergency contact name and address, organization, financial and credit card data, passport information (nationality, number, date issued, expiration date, place issued [city, state and country]), travel preferences, and frequent traveler account numbers are maintained by the system.

c. Is information being collected from the subject individual? (To the greatest extent possible, collect information about an individual directly from the individual.)

Yes.

(1) If yes, what information is being collected?

The users name, financial data, address, traveler ID number, organization, and credit card data may be collected.

d. Will the information be collected from individuals who are not Federal employees?

Yes, information will be collected through NRC Form 149.

(1) If yes, does the information collection have the Office of Management and Budgets (OMB) approval?

NRC Form 149 is pending OMB review.

(a) If yes, indicate the OMB approval number:

N/A.

e. Is the information being collected from existing NRC files, databases, or systems?

No.

(1) If yes, identify the files/databases/systems and the information being collected.

N/A.

f. Is the information being collected from external sources (any source outside of the NRC)?

No.

PIA Template (01-2021)

(1) If yes, identify the source and what type of information is being collected?

N/A.

g. How will information not collected directly from the subject individual be verified as current, accurate, and complete?

All information is collected directly from the individuals who are the traveler or a travel arranger. It is the responsibility of the traveler and travel arrangers to monitor user data and ensure that the information is still accurate.

h. How will the information be collected (e.g. form, data transfer)?

Information is collected through various forms and receipts.

2. INFORMATION NOT ABOUT INDIVIDUALS
a. Will information not about individuals be maintained in this system?

No.

(1) If yes, identify the type of information (be specific).

N/A.

b. What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

N/A.

C. USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

1. Describe all uses made of the data in this system.

ConcurGov enables travelers and/or travel arrangers to plan and make reservations (air, rail, lodging, car rental, etc.) on-line, prepare travel authorizations and vouchers on-line, produce itineraries, have tickets issued, and store receipts on-line. Data from ETS2 is transmitted to FAIMIS via file transfer.

2. Is the use of the data both relevant and necessary for the purpose for which the system is designed?

Yes.

PIA Template (01-2021)

3. Who will ensure the proper use of the data in this system?

NRC authorized personnel and ETS2 system administrators employ the concept of least privilege to ensure that access is limited only to functions necessary for the users job function.

4. Are the data elements described in detail and documented?

Yes.

a. If yes, what is the name of the document that contains this information and where is it located?

The data elements are defined in detail in the GSA ETS2 Master Contract Section C, Attachment 14. This information can be provided for viewing by the GSA E-Gov Travel Service (ETS) Program Management Office (PMO) located at GSA Headquarters in Washington, D.C.

5. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

No.

Derived data is obtained from a source for one purpose and then the original information is used to deduce/infer a separate and distinct bit of information that is aggregated to form information that is usually different from the source information.

Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays).

a. If yes, how will aggregated data be maintained, filed, and utilized?

N/A.

b. How will aggregated data be validated for relevance and accuracy?

N/A.

c. If data are consolidated, what controls protect it from unauthorized access, use, or modification?

N/A.

6. How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier (name, unique number or symbol)?

(Be specific.)

Yes, information will be retrieved by the users name.

PIA Template (01-2021)

a. If yes, explain, and list the identifiers that will be used to retrieve information on the individual.

The username will be used to retrieve individual information.

7. Has a Privacy Act System of Records Notice (SORN) been published in the Federal Register?

Yes.

a. If Yes, provide name of SORN and location in the Federal Register.

A GSA/GOVT-4 (Contracted Travel Services Program) SORN has been published in the Federal Register.

8. If the information system is being modified, will the SORN(s) require amendment or revision?

There are no modifications that would require an amendment to the SORN.

9. Will this system provide the capability to identify, locate, and monitor (e.g., track, observe) individuals?

The system does not actively track, observe or monitor individuals. The system does contain data on an individuals location.

a. If yes, explain.

The system produces a report on individuals on travel at a given time and will maintain information regarding the individuals work site, hotel information, and the method the travel reservation was made.

(1) What controls will be used to prevent unauthorized monitoring?

The travel operations team reviews reports bi-weekly to find and disable any inactive accounts. System accounts are created, enabled, modified, disabled, and removed in accordance with organization-defined procedures. ETS2 staff receive training on the consequences of unauthorized use or sharing of data. SAP Concur monitors the system for unauthorized local, network, and remote connections.

10. List the report(s) that will be produced from this system.

Standard reports will be produced on travel authorizations, vouchers, outstanding travel balances, travel expenditures by organization, and special reports on certain types of travel, such as foreign travel.

PIA Template (01-2021)

a. What are the reports used for?

The reports are used for managing travel balances and funds, complying with Federal travel regulations, reconciling between ETS2 and the financial system, reimbursing travelers, and closing travel authorizations on a timely basis.

b. Who has access to these reports?

Approving officials, program and financial managers, and accountants in the Office of the Chief Financial Officer (OCFO) will have access to reports. Individual travelers will have access to reports on their individual travel balances.

D. ACCESS TO DATA

1. Which NRC office(s) will have access to the data in the system?

All office employees who travel will have access to the system. Access controls will allow individual travelers to view their own data. Authorizing officials in the approval chain will have access to view travelers data as well. Access controls are provided with least level of access to preclude unauthorized viewing of protected data. OCFO accounting personnel will have access to a wider range of data.

(1) For what purpose?

To plan, authorize, arrange, process, and manage official federal travel:

  • Travelers can make travel arrangements online including; plan and make reservations (air, rail, lodging, car rental, etc.), prepare travel authorizations and vouchers, produce itineraries, have tickets issued, and store receipts on-line.
  • Authorizing officials can approve travel authorization and vouchers.
  • OCFO personnel can review and audit travel transactions.

(2) Will access be limited?

Yes.

2. Will other NRC systems share data with or have access to the data in the system?

Yes.

PIA Template (01-2021)

(1) If yes, identify the system(s).

FAIMIS.

(2) How will the data be transmitted or disclosed?

The data is transmitted via an automated secured file transfer.

3. Will external agencies/organizations/public have access to the data in the system?

Yes.

(1) If yes, who?

ETS2 is operated by an external service provider, SAP Concur.

In general, the GSA ETS2 Master Contract calls for data generated by and/or stored in the system to be transmitted to GSA or third-party vendors designated by GSA. In particular, the NRC does transmit data generated by ETS2 to a third-party vendor or Travel Management Center, El Sol. However, El Sol does not have direct access to the NRCs instance of ETS2.

(2) Will access be limited?

Yes, access is limited through the use of user logins and passwords and role assignments.

(3) What data will be accessible and for what purpose/use?

Data will be used to plan and make reservations on-line, prepare travel authorizations and vouchers on-line, produce itineraries, have tickets issued, and store receipts on-line.

(4) How will the data be transmitted or disclosed?

Per the GSA Master Contract, data will be transmitted securely by travelers logged in through the ETS2 system.

PIA Template (01-2021)

E. RECORDS AND INFORMATION MANAGEMENT (RIM) - RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and NARA statutes (44 United States Code (U.S.C.), 36 Code of Federation Regulations (CFR)). Under 36 CFR 1234.10, agencies are required to establish procedures for addressing records management requirements, including recordkeeping requirements and disposition, before approving new electronic information systems or enhancements to existing systems. The following question is intended to determine whether the records and data/information in the system have approved records retention schedule and disposition instructions, whether the system incorporates Records and Information Management and NARAs Universal Electronic Records Management requirements, and if a strategy is needed to ensure compliance.

1) Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule (NUREG-0910), or NARAs General Records Schedules (GRS)?

Yes.

a. If yes, please cite the schedule number, approved disposition, and describe how this is accomplished (then move to F.1).
  • For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to an approved file format for transfer to the National Archives based on their approved disposition?

GRS 1.1, 010: Financial transaction records related to procuring goods and services, paying bills, collecting debts, and accounting.

Financial management and reporting administrative records -

transportation and travel requests, authorizations and vouchers.

Disposition: Temporary. Destroy 6 years after final payment or cancellation, but longer retention is authorized if required for business use.

b. If no, please contact the RIM staff at ITIMPolicy.Resource@nrc.gov.

PIA Template (01-2021)

F. TECHNICAL ACCESS AND SECURITY

1. Describe the security controls used to limit access to the system (e.g., passwords).

SAP Concur protects information transmitted, processed, and stored within the ConcurGov environment in accordance with the GSA ETS2 Master Contract, which includes requirements to comply with the National Institute of Standards and Technology Special Publication (SP) 800-53, Revision 4, at the Moderate impact level. Access controls, including user IDs and passwords, are used to protect personal and other data. Access to travelers personal data is limited to those included in the approval chain.

2. What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

Access controls protect data in motion and data at rest against unauthorized access or modification. Reports containing personal data are clearly marked with sensitive data banners. Automated audit logs and reports are monitored to identify unauthorized access.

3. Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?

Yes.

(1) If yes, where?

The System Security Plan documents the security requirements of the system and describes the controls in place or planned, and responsibilities regarding access to the system. The GSA ETS2 security documentation is maintained by the GSA ETS PMO Information System Security Officer (ISSO). The NRC ETS2 security documentation is maintained by the NRC TPS ISSO.

4. Will the system be accessed or operated at more than one location (site)?

No.

a. If yes, how will consistent use be maintained at all sites?

N/A.

5. Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

Travelers, approving officials, system administrators, OCFO functional staff (Travel Arrangers) have access to the system.

PIA Template (01-2021)

6. Will a record of their access to the system be captured?

Yes, audit logs are collected and monitored.

a. If yes, what will be collected?

ETS2 captures a record of the user ID with a time and date stamp and the table, form or transaction accessed. ETS2 also maintains records of any batch, report, or file transfer job run.

7. Will contractors be involved with the design, development, or maintenance of the system?

Yes.

If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or Personally Identifiable Information (PII) contract clauses are inserted in their contracts.

  • Federal Acquisition Regulation (FAR) clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
  • PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.
8. What auditing measures and technical safeguards are in place to prevent misuse of data?

ETS2 has the following controls in place for limiting system access:

  • Access forms are completed
  • User access levels are determined based on the user's organization profile
  • Access and password protections are in place to secure the system
  • A process for system change requests is in place to maintain documentation of changes
  • Access to sensitive information such as bank account numbers is limited to only small subset of users with the appropriate permission PIA Template (01-2021)
9. Is the data secured in accordance with the Federal Information Security Management Act (FISMA) requirements?

Yes.

a. If yes, when was Certification and Accreditation last completed?

The GSA Authorizing Official granted an Authorization to Operate (ATO) for ConcurGov on August 11, 2020. This ATO is valid until June 12, 2023.

The NRC Authorizing Official granted an Authority to Use for ETS2 on May 1, 2015 (ADAMS accession number ML16264A498).

PIA Template (01-2021)

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMSD/CSB Staff)

System Name: E-Gov Travel Services 2 (ETS2)

Submitting Office:

A. PRIVACY ACT APPLICABILITY REVIEW Privacy Act is not applicable.

X Privacy Act is applicable.

Comments:

This is covered under Government-wide SORN - GSA/GOVT-4 (Contracted Travel Services Program).

Reviewers Name Title Signed by Hardy, Sally on 02/19/21 Privacy Officer B. INFORMATION COLLECTION APPLICABILITY DETERMINATION No OMB clearance is needed.

X OMB clearance is needed.

Currently has OMB Clearance. Clearance No. 3150-XXXX (NRC Form 149)

Comments:

OMB approval of the information collection request for NRC Form 149 is pending. NRC Form 149 will be used to collect travel information from non-Federal travelers.

Reviewers Name Title Signed by Cullison, David on 02/11/21 Agency Clearance Officer PIA Template (01-2021)

C. RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

Needs to be scheduled.

X Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Reviewers Name Title Signed by Dove, Marna Sr. Program Analyst, Electronic Records on 02/19/21 Manager D. BRANCH CHIEF REVIEW AND CONCURRENCE This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

X This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

Signed by Nalabandian, Garo on 02/19/21 Chief Cyber Security Branch Governance and Enterprise Management Services Division Office of the Chief Information Officer PIA Template (01-2021) 16

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Kimberly Darling, Comptroller, Office of the Chief Financial Officer (OCFO)

Name of System: E-Gov Travel Services 2 (ETS2)

Date CSB received PIA for review: Date CSB completed PIA review:

January 25, 2021 February 19, 2021 Noted Issues:

Chief Signature/Date:

Cyber Security Branch Governance and Enterprise Management Signed by Nalabandian, Garo Services Division on 02/19/21 Office of the Chief Information Officer Copies of this PIA will be provided to:

Thomas G. Ashley, Jr.

Director IT Services Development and Operations Division Office of the Chief Information Officer Jonathan R. Feibus Chief Information Security Officer (CISO)

Office of the Chief Information Officer PIA Template (01-2021) 17

Retrieved from "https://kanterella.com/w/index.php?title=ML21022A294&oldid=3417782"