Federal Personnel Payroll System (Fpps), Workforce Transformation and Tracking System (Wtts), Entrance on Duty System (Eods), Privacy Impact Assessment (Pia)

ML21217A153
Person / Time
Issue date:	07/28/2021
From:	Governance & Enterprise Management Services Division
To:
References
Download: ML21217A153 (20)
v • d • e

Text

U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

Federal Personnel Payroll System (FPPS)

Workforce Transformation and Tracking System (WTTS)

Entrance on Duty System (EODS)

Date: July 28, 2021 A. GENERAL SYSTEM INFORMATION

1. Provide a detailed description of the system: (Use plain language, no technical terms.)

The Federal Personnel Payroll System (FPPS), the Workforce Transformation and Tracking System (WTTS), and the Entrance on Duty System (EODS) web applications are offered to federal agencies by the Department of the Interior (DOI) Interior Business Center (IBC), a federal shared service provider. The U.S. Nuclear Regulatory Commission (NRC) uses FPPS, WTTS, and EODS to automate payroll and human resources functions.

FPPS processes NRCs personnel, payroll, and time and labor data to facilitate payments, benefits, and pensions. FPPS also provides personnel and payroll data to the FPPS Datamart (a data warehouse) application which NRC uses to perform queries and report on FPPS information.

WTTS and EODS are used to initiate, authorize, and track recruitment, hiring, and on-boarding activities. WTTS allows the NRC Office of the Chief Human Capital Officer (OCHCO) to create and track vacancies and assign, monitor, and approve forms filled out by new hires. EODS provides online forms for new employees submitting required information on entrance on duty. WTTS and EODS enable real-time data exchange via encrypted web connections with other NRC authorized applications such as FPPS, NRCareers, and the Electronic Official Personnel Folder (eOPF).

2. What agency function does it support? (How will this support the U.S.

Nuclear Regulatory Commissions (NRCs) mission, which strategic goal?))

FPPS supports the agencys payroll and benefits processes by accepting time and labor entries from the NRC and processing personnel and payroll transactions. The NRC authorized staff initiate the payroll and personnel actions in FPPS. The data that NRC employees enter in Employee Express are transferred to FPPS automatically.

PIA Template (06-2021)

WTTS and EODS support streamlining of the federal hiring process and reduce data duplication. Information about new hires or selectees is gathered once and is disseminated to other authorized systems that use the data.

3. Describe any modules or subsystems, where relevant, and their functions.

The FPPS Datamart includes reports, queries, pivots, agents, and dashboards to relate personnel, payroll, and time and labor data. Authorized users may create custom ad-hoc reports.

a. Provide ADAMS ML numbers for all Privacy Impact Assessments or Privacy Threshold Analysis for each subsystem.

N/A.

4. What legal authority authorizes the purchase or development of this system? (What law, regulation, or Executive Order authorizes the collection and maintenance of the information necessary to meet an official program mission or goal? NRC internal policy is not a legal authority.)

Pub. L. 104-193, Personal Responsibility and Work Opportunity Reconciliation Act of 1996; 5 United States Code (U.S.C.) 6334; 31 U.S.C. 716, 1104, 1105, 1108, 3325, 3511, 3512.

3701, 3711, 3713, 3718; Executive Order 9397; and 42 U.S.C. 2000e-16.

5. What is the purpose of the system and the data to be collected?

FPPS provides accurate payroll and benefits data to NRC employees.

WTTS and EODS support the hiring process and reduce the duplication of information that is collected during the hiring process.

PIA Template (06-2021)

6. Points of

Contact:

(Do not adjust or change table fields. Annotate N/A if unknown. If multiple individuals need to be added in a certain field, please add lines where necessary.)

Project Manager Office/Division/Branch Telephone Dariele Taswell (FPPS/WTTS) OCHCO/ADHROP/OB 301-287-0728 Business Project Manager Office/Division/Branch Telephone Susan Salter OCHCO/ADHROP 301-287-0545 Technical Project Manager Office/Division/Branch Telephone John Shea OCHCO/HCAB 301-415-0246 Executive Sponsor Office/Division/Branch Telephone Mary Lamary OCHCO 301-415-3300 ISSO Office/Division/Branch Telephone Natalya Bobryakova OCIO/GEMSD/CSB/IAT 301-287-0671 System Owner/User Office/Division/Branch Telephone Susan Salter OCHCO/ADHROP 301-287-0545

7. Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?

a. New System Modify Existing System X Other

b. If modifying or making other updates to an existing system, has a PIA been prepared before?

Yes.

(1) If yes, provide the date approved and the Agencywide Documents Access and Management System (ADAMS) accession number.

A PIA was approved on February 23, 2021. The ADAMS Main Library (ML) accession number is ML21021A391.

PIA Template (06-2021)

(2) If yes, provide a summary of modifications or other changes to the existing system.

A view access to the Social Security Number (SSN) field in FPPS has been removed. Access to FPPS has been restricted to only NRC supervisors.

8. Do you have an NRC system Enterprise Architecture (EA)/Inventory number?

Yes.

a. If yes, please provide the EA/Inventory number.

FPPS/WTTS/EODS is a subsystem of the NRCs Third-Party System (TPS). The TPS EA number is 20180002.

b. If, no, please contact EA Service Desk to get the EA/Inventory number.

B. INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

1. INFORMATION ABOUT INDIVIDUALS

a. Does this system maintain information about individuals?

Yes.

(1) If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public (provide description for general public (non-licensee workers, applicants before they are licenses etc.)).

NRC and other federal employees including new hires and individuals selected for NRC positions.

(2) IF NO, SKIP TO QUESTION B.2.

b. What information is being maintained in the system about an individual (be specific - e.g. Social Security Number (SSN), Place of Birth, Name, Address)?

FPPS stores personnel records, payroll records, time and labor data, and earnings and leave statements including SSN, name, address, grade, salary, hourly rate, leave balances, deductions, tax information, PIA Template (06-2021) awards data, performance ratings, benefits information, hours recorded each pay period, and retirement plan information.

WTTS/EODS stores new hire employment forms including personnel, benefits, and payroll forms, direct deposit bank information, benefits elections, beneficiary forms, federal income tax withholding information, and federal/military service records.

c. Is information being collected from the subject individual? (To the greatest extent possible, collect information about an individual directly from the individual.)

Yes.

(1) If yes, what information is being collected?

SSN, name, address, banking information, age, sex, race, tax exemptions, handicap status, and health and life insurance enrollments.

d. Will the information be collected from individuals who are not Federal employees?

Yes, the EODS components collects information from prospective employees.

(1) If yes, does the information collection have the Office of Management and Budgets (OMB) approval?

Yes.

(a) If yes, indicate the OMB approval number:

OMB Control Number 3206-0219 and various OMB approved employment forms (personnel, benefits, and payroll).

e. Is the information being collected from existing NRC files, databases, or systems?

Yes, (WTTS/EODS).

(1) If yes, identify the files/databases/systems and the information being collected.

Information in WTTS/EODS is populated from NRCareers through secure encrypted web interconnections operated by DOI/IBC.

PIA Template (06-2021)

f. Is the information being collected from external sources (any source outside of the NRC)?

Yes.

(1) If yes, identify the source and what type of information is being collected?

NRC time and labor data are provided to FPPS through a biweekly interface file and employee submissions are collected from the Employee Express system.

g. How will information not collected directly from the subject individual be verified as current, accurate, and complete?

Time and labor information is verified by an employees approving official. Human Resources Management System (HRMS) verifies that the data is accurate, and the information is also reviewed by FPPS, DOI, and the NRC payroll staff. Weekly Quality Assurance reports ensure the completeness and accuracy of information.

specialists verify and approve data entered into WTTS by hiring officials. Selectees can review and update their personal information in EODS using electronic signatures to certify accuracy.

FPPS and WTTS provide online edits throughout the data input process to ensure required data is complete.

h. How will the information be collected (e.g. form, data transfer)?

Personnel and payroll forms are entered in FPPS by DOI and NRC staff. NRC employees enter transactions in Employee Express for actions such as tax exemptions and enrollment into a Thrift Savings Plan, direct deposit, and health benefits. A file transfer occurs between Employee Express and FPPS.

Selectees utilizing EODS enter data into forms which are transferred electronically via secure web connections to WTTS and FPPS.

2. INFORMATION NOT ABOUT INDIVIDUALS

a. Will information not about individuals be maintained in this system?

Yes.

PIA Template (06-2021)

(1) If yes, identify the type of information (be specific).

FPPS stores organization names and personnel action information to facilitate in-depth reporting.

WTTS stores information about vacancies including position, title, pay plan, series, grade, performance level, pay basis, organization, supervisory status, vacancy number, Fair Labor Standards Act category, and drug test code.

b. What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

Organizational information comes from internal OCHCO sources; vacancy information comes from internal hiring and OCHCO officials.

C. USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

1. Describe all uses made of the data in this system.

The information is used to pay employees, manage their employment benefits, and to satisfy statutory collection and reporting requirements.

Reports can be produced from FPPS and from the DOI FPPS Datamart.

Both contain personnel and payroll data. NRC HR and Office of the Chief Financial Officer staff use the reports to perform their duties.

WTTS/EODS data are used for management actions and decisions related to workforce planning, recruitment activities, full-time equivalent projections, hiring statistics, new hire on-boarding, and personnel transaction processing.

2. Is the use of the data both relevant and necessary for the purpose for which the system is designed?

Yes.

3. Who will ensure the proper use of the data in this system?

The Chief of the Financial Services and Operations Branch of the Division of the Comptroller and the NRC Chief Human Capital Officer.

4. Are the data elements described in detail and documented?

Yes.

PIA Template (06-2021)

a. If yes, what is the name of the document that contains this information and where is it located?

FPPS Data Dictionary:

https://fppsinfo.ibc.doi.gov/datadict/webhelp/data_dict.cfm The WTTS/EODS Users Guide, which is maintained and updated by the system owner, DOI/IBC.

5. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

Yes, (FPPS).

Derived data is obtained from a source for one purpose and then the original information is used to deduce/infer a separate and distinct bit of information that is aggregated to form information that is usually different from the source information.

Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays).

a. If yes, how will aggregated data be maintained, filed, and utilized?

Data are processed biweekly when the payroll process runs. This results in earnings and leave statements and completed personnel actions for the pay period. The data are maintained in FPPS and is backed up to protect against data loss. The data are used to maintain the personnel history of each employee and provide them with biweekly salary payments.

b. How will aggregated data be validated for relevance and accuracy?

Data are validated through system edits and reviewed by OCHCO and payroll staff. Employees review their earnings and leave data in Employee Express which records and informs the payroll help desk of any discrepancies. Annual audits of data and records are also performed.

c. If data are consolidated, what controls protect it from unauthorized access, use, or modification?

Data can only be accessed by authorized users that have a valid user identification (ID) number and password and can only be modified by those staff with the required responsibility and access.

PIA Template (06-2021)

6. How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier (name, unique number or symbol)?

(Be specific.)

Yes.

a. If yes, explain, and list the identifiers that will be used to retrieve information on the individual.

FPPS information is retrieved using a query menu or various data entry screens. Employee information may be only retrieved by an employees name or the Employee Common Identifier which is identical to the Employee ID in HRMS. A set of standard reports satisfy most inquiries. Additional reports are created as needed.

Information can be retrieved on WTTS/EODS reports by; WTTS record ID, FPPS transaction number, report type, WTTS status, selectee last name, organization code, entrance on duty date, position title, series, supervisor/hiring official ID, employee type (permanent/non-permanent), vacancy announcement number, record modified date, or fiscal year.

7. Has a Privacy Act System of Records Notice (SORN) been published in the Federal Register?

Yes.

a. If Yes, provide name of SORN and location in the Federal Register.

NRC 21 - Payroll Accounting Records (84 FR 71552)

NRC 11 - Reasonable Accommodations Records (84 FR 71545)

OPM/Govt General Personal Records OPM/Govt Employee Performance File System Records OPM/Govt Recruiting, Examining and Placement Records

8. If the information system is being modified, will the SORN(s) require amendment or revision?

No.

9. Will this system provide the capability to identify, locate, and monitor (e.g., track, observe) individuals?

No.

a. If yes, explain.

N/A.

PIA Template (06-2021)

(1) What controls will be used to prevent unauthorized monitoring?

N/A.

10. List the report(s) that will be produced from this system.

FPPS Datamart contains complete personnel and payroll data that can be used to create a report using any of the available data fields. WTTS/EODS online reports include:

80-day Hiring Activity Report Drug Testing Report Facilities and IT Security Report HR Reports In-Processing, and New Hire Report

a. What are the reports used for?

FPPS reports are used for personnel, payroll, and time and attendance processing. They are also used to research or confirm a payroll or human resources issue regarding a specific employee.

b. Who has access to these reports?

FPPS reports can be accessed by HR Specialists, data administrators, and supervisors in the OCHCO and payroll offices and by the DOI systems staff.

Authorized users of WTTS/EODS will have access to these reports including HR representatives at NRC Headquarters (HQ) and Regional offices, NRC management officials, and corporate support representatives. Level of access to reports and/or report content will be based on roles, responsibility, and a need-to-know.

D. ACCESS TO DATA

1. Which NRC office(s) will have access to the data in the system?

All NRC offices and Regions have access to the systems.

(1) For what purpose?

Personnel and payroll functions are performed by NRC OCHCO staff from HQ and each Region. The Office of Small Business and Civil Rights uses the system to run reports. OCHCO personnel use WTTS to manage the hiring process. All office supervisors use FPPS to request and approve personnel actions for submittal to OCHCO for processing.

PIA Template (06-2021)

(2) Will access be limited?

Access is limited to OCHCO and payroll staff that have duties related to personnel and payroll functions. Supervisors have access to FPPS to request, approve, and forward vacancies. Access is based on user roles, which are assigned during account creation.

2. Will other NRC systems share data with or have access to the data in the system?

Yes.

(1) If yes, identify the system(s).

Government Retirement & Benefits Platform, HRMS, NRCareers, eOPF, and Employee Express.

(2) How will the data be transmitted or disclosed?

The DOI/IBC employs secure, encrypted web connections and secure file transfer between its products (FPPS/WTTS/EODS), Government Retirement & Benefits Platform, HRMS, NRCareers, eOPF, and Employee Express, and the NRC network.

3. Will external agencies/organizations/public have access to the data in the system?

Yes.

(1) If yes, who?

The DOI owns the systems and has access to the information and provides information to other agencies including the Social Security Administration, U.S. Treasury, Thrift Investment Board, state and local tax authorities, Office of Personnel Management (OPM), and OPM contractors for health benefits, long-term care, and flexible spending accounts.

(2) Will access be limited?

Yes, access is limited to allow only authorized access in direct support of required activities.

New hires and selectees for NRC positions will be granted access to EODS.

PIA Template (06-2021)

(3) What data will be accessible and for what purpose/use?

Banking information is provided to the U.S. Treasury to implement direct deposit for payroll. Taxable earnings and withholdings are shared with the Treasury. OPM receives biweekly personnel and benefit information relating to NRC employees (4) How will the data be transmitted or disclosed?

FPPS information is transmitted using encrypted interface files or secure file transfer. WTTS/EODS information is transmitted using secure, encrypted web connections.

E. RECORDS AND INFORMATION MANAGEMENT (RIM) - RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and NARA statutes (44 United States Code (U.S.C.), 36 Code of Federation Regulations (CFR)). Under 36 CFR 1234.10, agencies are required to establish procedures for addressing records management requirements, including recordkeeping requirements and disposition, before approving new electronic information systems or enhancements to existing systems. The following question is intended to determine whether the records and data/information in the system have approved records retention schedule and disposition instructions, whether the system incorporates Records and Information Management and NARAs Universal Electronic Records Management requirements, and if a strategy is needed to ensure compliance.

1) Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule (NUREG-0910), or NARAs General Records Schedules (GRS)?

Yes.

a. If yes, please cite the schedule number, approved disposition, and describe how this is accomplished (then move to F.1).

For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to an approved file format for transfer to the National Archives based on their approved disposition?

FPPS:

Subject to Non-Disclosure - Category 3, Non-Public Information Properly destroy in accordance with the GRS/DOI Combined Records Schedule (MS-1220, Appendix 2)

PIA Template (06-2021)

WTTS/EODS Old GRS New GRS Citation / New GRS Retention Citation Record Series 1/4a 2.1 item 050 Job Temporary. Destroy 2 Vacancy CaseFiles. years after selection Records of one-time certificate is closed or final competitive and Senior settlement of any Executive Service (SES) associated litigation announcements/elections. whichever is later.

2.1 item 051 Job Vacancy Temporary. Destroy 2 Case Files. years after termination of Records of standing register register.

competitive files for multiple positions filled over a period.

1/4b1 2.1 item 060 Job Temporary. Destroy 1 year application after date of submission.

packages.

1/4b2 2.1.060 Job application Temporary. Destroy 1 year packages. after date of submission.

1/4b3 2.1.060 Job application Temporary. Destroy 1 year packages. after date of submission.

1/5 2.1 item 050 Job Temporary. Destroy 2 Vacancy CaseFiles. years after selection Records of one-time certificate is closed or final competitive and SES settlement of any announcements/elections. associated litigation whichever is later.

2.1 item 051 Job Vacancy Case Files. Temporary. Destroy 2 Records of standing years after termination of register competitive files for register.

multiple positions filled over a period.

1/7a1 Position Classification Non-record technical Standards Files reference in all agencies but OPM, where they are Rescinded per mission records.

Transmittal 28 1/7a2a 2.1 item 010 Classification Temporary. Destroy 2 years standards after standard is superseded, canceled, or disapproved by OPM (as appropriate) but longer retention is authorized if required for business use.

1/9 2.2 item 072 Employee Temporary. Destroy no performance file system sooner than 5 years after records. Records of SES date of appraisal, but longer employees. retention is authorized if required for business use.

PIA Template (06-2021)

WTTS/EODS Old GRS New GRS Citation / New GRS Retention Citation Record Series 1/14a 2.2 item 050 Notifications Temporary. Destroy when of personnel actions. business use ceases.

(Exclusion: Standard Form (SF) SF-50s filed in the OPF. Items 040 and 041 of GRS 2.2 cover these records).

1/14b 2.5 item 050 Phased Temporary. Destroy when 3 retirement administrative years old or 3 years after records. revision or replacement, as appropriate, but longer retention is authorized if required for business use.

1/24a 2.3 item 020 Reasonable Temporary. Destroy 3 years accommodation program after employee separation files. from the agency or all appeals are conducted whichever is later, but longer retention is authorized if required for business use.

(2,3 item 021 no longer exists) 1/33a 2.1 item 050 Records of Temporary. Destroy 3 years delegation of authority for after agreement terminates examination and but longer retention is certification. authorized if required for business use.

1/33b 2.1 item 150 Records of Temporary. Destroy 3 delegation of authority for years after agreement examination and terminates but longer certification. retention is authorized if required for business use.

1/33c 2.1 item 050 Job Temporary. Destroy 2 years Vacancy Case Files. after selection certificate is Records of one-time closed or final settlement of competitive and SES any associated litigation announcements/elections. whichever is later.

2.1 item 051 Job Temporary. Destroy 2 years Vacancy Case Files. after termination of register.

Records of one-time competitive and SES announcements/elections.

1/33f 2.1 item 050 Job Temporary. Destroy 2 years Vacancy Case Files. after selection certificate is Records of one-time closed or final settlement of competitive and SES any associated litigation announcements/elections. whichever is later.

PIA Template (06-2021)

WTTS/EODS Old GRS New GRS Citation / New GRS Retention Citation Record Series 2.1 item 051 Job Temporary. Destroy 2 years Vacancy Case Files. after termination of register.

Records of one-time competitive and SES announcements/elections.

1/33g 2.1 item 050 Job Temporary. Destroy 2 years Vacancy Case Files. after selection certificate is Records of one-time closed or final settlement of competitive and SES any associated litigation announcements/elections. whichever is later.

2.1 item 051 Job Temporary. Destroy 2 years Vacancy Case Files. after termination of register.

Records of one-time competitive and SES announcements/elections.

1/33h Letters to Applicants OPM Form 4896 is obsolete Denying Transfer of and the entire work process Eligibility - Rescinded per no longer exists.

Transmittal 28

b. If no, please contact the RIM staff at ITIMPolicy.Resource@nrc.gov.

F. TECHNICAL ACCESS AND SECURITY

1. Describe the security controls used to limit access to the system (e.g., passwords).

An FPPS username and password are required to gain access, and different levels of access are authorized based on the users job function. FPPS relies on a separate application (ezPIV) to generate single-use, two-factor passwords. The ezPIV application is installed on NRC laptops and the Citrix environment. To generate a password, users open the ezPIV application, insert their Personal Identity Verification (PIV) card into their card reader and enter their PIV card PIN. ezPIV presents a randomized password that is valid for 60 minutes.

The same credentials are used to access WTTS, which also utilizes user roles to enforce different levels of permissions.

EODS is accessible by new hires who receive a username and password.

Limited access is granted to view and modify personal information.

PIA Template (06-2021)

2. What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

Access is limited based on job function and/or assigned roles and enforced by the Resource Access Control Facility Time Sharing Option for FPPS and by ColdFusion for WTTS. An audit record of all user activity is created.

3. Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?

Yes.

(1) If yes, where?

FPPS/WTTS/EODS Subsystem Security Plan (ML18338A371) version 3.1, August 7, 2020.

4. Will the system be accessed or operated at more than one location (site)?

No. FPPS, WTTS and EODS are web-based solutions operated by DOI.

Each application is accessed via a product-specific URL. FPPS and WTTS are accessed via the internet through the NRC network.

a. If yes, how will consistent use be maintained at all sites?

N/A.

5. Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

The NRC Financial Services and Operations Branch staff, the DOI payroll office, NRC Managers, and NRC OCHCO staff have access to FPPS.

NRC OCHCO system administrators, HQ and Regional representatives, and hiring officials have access to WTTS/EODS.

6. Will a record of their access to the system be captured?

Yes.

a. If yes, what will be collected?

The system records the username for FPPS transactions and the username, date and time of system access, and transaction type in WTTS/EODS.

7. Will contractors be involved with the design, development, or maintenance of the system?

The DOIs IBC is responsible for all design, development, and maintenance of the systems.

PIA Template (06-2021)

If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or Personally Identifiable Information (PII) contract clauses are inserted in their contracts.

Federal Acquisition Regulation (FAR) clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.

PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.

8. What auditing measures and technical safeguards are in place to prevent misuse of data?

Technical safeguards in place include separation of duties, unique IDs and passwords, and annual audits of the system.

9. Is the data secured in accordance with the Federal Information Security Management Act (FISMA) requirements?

Yes.

a. If yes, when was Certification and Accreditation last completed?

And what FISMA system is this part of?

NRC issued an Authority to Operate for FPPS/WTTS/EODS as a subsystem of TPS on March 21, 2018.

b. If no, is the Certification and Accreditation in progress and what is the expected completion date? And what FISMA system is this planned to be a part of?

N/A.

c. If no, please note that the authorization status must be reported to the Chief Information Security Officer (CISO) and Computer Security Offices (CSOs) Point of Contact (POC) via e-mail quarterly to ensure the authorization remains on track.

N/A.

PIA Template (06-2021)

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMSD/CSB Staff)

System Name: Federal Personnel Payroll System (FPPS), Workforce Transformation and Tracking System (WTTS), Entrance on Duty System (EODS)

Submitting Office: OCIO A. PRIVACY ACT APPLICABILITY REVIEW Privacy Act is not applicable.

X Privacy Act is applicable.

Comments:

FPPS/WTTS/EODS contains Privacy Act Records covered under NRC 21 - Payroll Accounting Records, NRC 11 - Reasonable Accommodation Records, OPM/Govt General Personal Records, OPM/Govt Employee Performance File System Records, and OPM/Govt Recruiting, Examining and Placement Records.

Reviewers Name Title Signed by Hardy, Sally on 10/22/21 Privacy Officer B. INFORMATION COLLECTION APPLICABILITY DETERMINATION No OMB clearance is needed.

X OMB clearance is needed.

Currently has OMB Clearance. Clearance No.

Comments:

OCHCO has committed to obtain an information collections clearance for NRCareers.

This should address the long-standing PRA non-compliance.

Reviewers Name Title Signed by Cullison, David on 10/21/21 Agency Clearance Officer PIA Template (06-2021)

C. RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

Needs to be scheduled.

X Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Reviewers Name Title Signed by Dove, Marna Sr. Program Analyst, Electronic Records on 08/16/21 Manager D. BRANCH CHIEF REVIEW AND CONCURRENCE This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

X This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

Signed by Nalabandian, Garo on 10/26/21 Chief Cyber Security Branch Governance and Enterprise Management Services Division Office of the Chief Information Officer PIA Template (06-2021) 19

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Mary Lamary, Office of the Chief Human Capital Officer Name of System: Federal Personnel Payroll System (FPPS), Workforce Transformation and Tracking System (WTTS), Entrance on Duty System (EODS)

Date CSB received PIA for review: Date CSB completed PIA review:

July 28, 2021 October 22, 2021 Noted Issues:

Chief Signature/Date:

Cyber Security Branch Governance and Enterprise Management Signed by Nalabandian, Garo Services Division on 10/26/21 Office of the Chief Information Officer Copies of this PIA will be provided to:

Thomas G. Ashley, Jr.

Director IT Services Development and Operations Division Office of the Chief Information Officer Jonathan R. Feibus Chief Information Security Officer (CISO)

Office of the Chief Information Officer PIA Template (06-2021) 20