Text

ADAMS ML18102A087 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

ExLibris Voyager Integrated Library System Date: April 12, 2018 A. GENERAL SYSTEM INFORMATION

1. Provide a detailed description of the system:

Voyager is an integrated library system (ILS) developed by ExLibris (https://www.exlibrisgroup.com/ ). It is a commercial off-the-shelf (COTS) product. The ILS is a software package used to perform the primary daily functions required for smooth and efficient library operations. The COTS software provides an automated approach to: cataloging new books and materials, circulation of items, serials management (checking in journals), acquisitions, and searching of the online catalog (OPAC) for books, journals, or other materials for or by users.

2. What agency function does it support?

Voyager supports the regulatory mission of the agency by providing to all NRC staff, a way to search for information resources needed in their work.

3. Describe any modules or subsystems, where relevant, and their functions.

Voyager provides an online public access catalog (OPAC) for use by all NRC staff, as well as other modules such as Circulation and Cataloging, used only by Technical Library staff to check out materials and maintain the collection.

4. What legal authority authorizes the purchase or development of this system?

The agency needs this system in order to provide Technical Library materials such as books, journals, codes and standards, and technical reports to NRC staff which support their regulatory work. This system supports the agency by 1

enabling NRC staff to easily find and obtain the materials they need.

5. What is the purpose of the system and the data to be collected?

The purpose of the system is to keep track of all Technical Library materials whether they are on the shelf or checked out, to maintain the data about the materials, and to enable NRC staff who use the library to find the materials they need and check them out.

6. Points of

Contact:

Project Manager Office/Division/Branch Telephone Mary Mendiola OCIO/GEMS/ISB 301-415-2821 Business Project Manager Office/Division/Branch Telephone Mary Mendiola OCIO/GEMS/ISB 301-415-2821 Technical Project Manager Office/Division/Branch Telephone Anna McGowan OCIO/GEMS/ISB 301-415-7204 Executive Sponsor Office/Division/Branch Telephone John Moses OCIO/GEMS 301-415-1276

7. Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?

a. New System Modify Existing System X Other (Explain)

b. If modifying an existing system, has a PIA been prepared before?

We have been asked to update the information in the 2006 PIA (ML0602304760, dated 2/15/2006).

(1) If yes, provide the date approved and ADAMS accession number.

Updating PIA - previous PIA (ML0602304760, dated 2/15/2006)

(2) If yes, provide a summary of modifications to the existing system.

Updating 2006 PIA 2

B. INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

1. INFORMATION ABOUT INDIVIDUALS

a. Does this system maintain information about individuals?

Yes.

(1) If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public).

Yes, it maintains information about Federal NRC employees.

(2) IF NO, SKIP TO QUESTION B.2.

b. What information is being maintained in the system about an individual (be specific)?

Employee name, mailstop or office address, NRC organization, NRC phone number, NRC e-mail address.

c. Is information being collected from the subject individual?

Yes.

(1) If yes, what information is being collected?

Employee name, mailstop or office address, NRC organization, NRC phone number, NRC e-mail address.

d. Will the information be collected from 10 or more individuals who are not Federal employees?

No.

(1) If yes, does the information collection have OMB approval?

(a) If yes, indicate the OMB approval number:

3

e. Is the information being collected from existing NRC files, databases, or systems?

No.

(1) If yes, identify the files/databases/systems and the information being collected.

f. Is the information being collected from external sources (any source outside of the NRC)?

No.

(1) If yes, identify the source and what type of information is being collected?

g. How will information not collected directly from the subject individual be verified as current, accurate, and complete?

N/A

h. How will the information be collected (e.g. form, data transfer)?

Directly from the individual. The Technical Library staff register each user into the system upon request from the individual staff member.

2. INFORMATION NOT ABOUT INDIVIDUALS

a. Will information not about individuals be maintained in this system?

Yes.

(1) If yes, identify the type of information (be specific).

Information on books and materials in the Technical Librarys collection are maintained in this system.

b. What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

The Technical Library staff enters the data directly from the books or material as new items are purchased, so that NRC staff can find the materials in the library.

C. USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

4

1. Describe all uses made of the data in this system.

The data is used to make decisions about the items in the librarys collection and to assess what items are being used in general by NRC staff.

2. Is the use of the data both relevant and necessary for the purpose for which the system is designed?

Yes.

3. Who will ensure the proper use of the data in this system?

The project manager and/or ISSO will ensure this.

4. Are the data elements described in detail and documented?

Yes.

a. If yes, what is the name of the document that contains this information and where is it located?

The Voyager 7.1 manuals are saved on the project managers P drive, and on the User Services Teams SharePoint site. They are:

Voyager 7.1 Acquisitions Users Guide Voyager 7.1 Call Slip Dmon Users Guide Voyager 7.1 Cataloging Users Guide Voyager 7.1 Circulation Users Guide Voyager 7.1 Global Index Voyager 7.1 Reporter Users Guide Voyager 7.1 System Administrator Users Guide Voyager 7.1 Technical Users Guide Voyager 7.1 WebVoyage Architecture Overview and Configuration Models Voyager 7.1 WebVoyage Basic Users Guide Voyager 7.1 WebVoyage Customization Highlights

5. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

No.

5

Derived data is obtained from a source for one purpose and then the original information is used to deduce/infer a separate and distinct bit of information that is aggregated to form information that is usually different from the source information.

Aggregation of data is the taking of various data elements and then turning it into a composite of all the data to form another type of data (i.e. tables or data arrays).

a. If yes, how will aggregated data be maintained, filed, and utilized?

N/A

b. How will aggregated data be validated for relevance and accuracy?

N/A

c. If data are consolidated, what controls protect it from unauthorized access, use, or modification?

N/A

6. How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier? (Be specific.)

It can be retrieved by the individuals name or by an identification number (bar code) assigned by the Technical Library staff.

7. Will this system provide the capability to identify, locate, and monitor (e.g.,

track, observe) individuals?

Yes.

a. If yes, explain.

Regarding an individual NRC staff member, this system only records what library items the individual has currently checked out, and when the item is returned to the library, that transaction is removed from the system.

b. What controls will be used to prevent unauthorized monitoring?

Only the seven Technical Library staff members have access to this systems modules, where the data is stored, by using their passwords.

8. List the report(s) that will be produced from this system.

6

The systems project manager uses Voyager pre-packaged queries to run reports, such as total monthly circulation and various cataloging reports on the library materials.

a. What are the reports used for?

They are used to inform decisions made to keep or discard specific library materials and to give a monthly report to the branch chief of how many materials circulated that month.

b. Who has access to these reports?

The project manager has access to these reports and shares the data with other library staff if needed for their library work.

D. ACCESS TO DATA

1. Which NRC office(s) will have access to the data in the system?

Technical Library staff in OCIO.

(1) For what purpose?

The Technical Library staff uses the data for collection development and maintenance of the library collection.

(2) Will access be limited?

Yes, it is only used by Technical Library staff in OCIO.

2. Will other NRC systems share data with or have access to the data in the system?

No.

(1) If yes, identify the system(s).

(2) How will the data be transmitted or disclosed?

3. Will external agencies/organizations/public have access to the data in the system?

No.

(1) If yes, who?

(2) Will access be limited?

7

(3) What data will be accessible and for what purpose/use?

(4) How will the data be transmitted or disclosed?

E. RECORDS RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and are required under 36 CFR 1234.10. The following questions are intended to determine whether the records in the system have an approved records retention schedule or if one will be needed.

1. Can you map this system to an applicable retention schedule in NUREG-0910, or the General Records Schedules at http://www.archives.gov/records-mgmt/grs ?

No, this is a non-records system.

From the GRS 4.4 FAQ, 36 CFR 1222.14 defines most material held in library collections as non-records.

• Copies that a library keeps only for reference are non-records and the agency does not need to schedule them. If the library keeps the RECORDKEEPING COPY, then agency needs to schedule them.

• GRS 4.1, item 010, Tracking and Control Records can be applied to this system: Destroy when no longer needed.

• GRS 4.4 item 020 Library Operations Records applies to records documenting activities of running a library. Destroy when business use ceases.

a. If yes, please cite the schedule number, approved disposition, and describe how this is accomplished. For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to a file for transfer based on their approved disposition?

b. If the answer to question E.1 is yes, skip to F.1. If the response is no, complete question E.2 through question E.7.

2. If the records cannot be mapped to an approved records retention schedule, how long do you need the records? Please explain.

We need the NRC staffs records as long as an NRC staff member is using the library to check out materials. When NRC staff leave the agency, they are 8

removed from the system. Cataloging records on individual materials are retained as long as the library owns that material.

3. Would these records be of value to another organization or entity at some point in time? Please explain.

No. They are only used by OCIO Technical Library staff for our particular needs.

4. How are actions taken on the records? For example, is new data added or updated by replacing older data on a daily, weekly, or monthly basis?

Circulation and cataloging data is updated and new data is added daily as the Technical Library staff interacts with the system.

5. What is the event or action that will serve as the trigger for updating, deleting, removing, or replacing information in the system? For example, does the information reside in the system for three years after it is created and then is it deleted?

No. Data is updated, deleted or replaced as needed when an NRC staff member checks out materials or returns them, or new materials are added or removed from the librarys collection.

6. Is any part of the record an output, such as a report, or other data placed in ADAMS or stored in any other location, such as a shared drive or MS SharePoint?

No.

7. Does this system allow for the deletion or removal of records no longer needed and how will that be accomplished?

Yes. It is done manually by the Technical Library staff.

F. TECHNICAL ACCESS AND SECURITY

1. Describe the security controls used to limit access to the system (e.g.,

passwords).

Technical Library staff use passwords to log in to the Voyager modules.

2. What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

9

Access to the Voyager modules is restricted by user id and password. Library staff are the only ones with passwords. Staff access to Voyager modules are limited to licensed computers.

3. Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?

Yes.

(1) If yes, where?

BASS Voyager ILS FY18 Q1 Subsystem Security Plan v2.2, dated 11/8/2017, ADAMS accession number ML17341B086

4. Will the system be accessed or operated at more than one location (site)?

No.

a. If yes, how will consistent use be maintained at all sites?

5. Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

System Administrators

6. Will a record of their access to the system be captured?

Yes

a. If yes, what will be collected?

Any alerts, history, actions, within the system.

7. Will contractors be involved with the design, development, or maintenance of the system?

There is one contractor who manages the Voyager servers but does not interact with the Voyager modules (client interface).

If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses are inserted in their contracts.

• FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.

• PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor 10

access to NRC owned or controlled PII.

8. What auditing measures and technical safeguards are in place to prevent misuse of data?

Audit logs are maintained on the server and provided to ISSO for review. All devices are also scanned by Tenable Security Center which produces audit reports on server activity.

9. Are the data secured in accordance with FISMA requirements?

Yes.

a. If yes, when was Certification and Accreditation last completed?

Voyager Integrated Library System C&A Package, dated 10/25/2010, ADAMS accession number ML102980083. Also, Voyager is a subsystem of the Business Application Support System (BASS) system.

11

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMS/ISB Staff)

System Name: ExLibris Voyager Integrated Library System Submitting Office: OCIO A. PRIVACY ACT APPLICABILITY REVIEW X Privacy Act is not applicable.

Privacy Act is applicable.

Comments:

Only business related information is collected (office email, office phone number) no personally identifiable information is collected.

Reviewers Name Title Date Sally A. Hardy Privacy Officer 5/14/18 B. INFORMATION COLLECTION APPLICABILITY DETERMINATION X No OMB clearance is needed.

OMB clearance is needed.

Currently has OMB Clearance. Clearance No.

Comments:

Reviewers Name Title Date David Cullison Agency Clearance Officer 4/24/18 12

C. RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

Needs to be scheduled.

X Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Reviewers Name Title Date Marna B. Dove Sr. Program Analyst, Electronic Records Manager 5/10/18 D. BRANCH CHIEF REVIEW AND CONCURRENCE X This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

/RA/ Date May 15, 2018 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer 13

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: John Moses, OCIO Name of System: ExLibris Voyager Integrated Library System Date ISB received PIA for review: Date ISB completed PIA review:

April 12, 2018 May 14, 2018 Noted Issues:

Anna T. McGowan, Chief Signature/Date:

Information Services Branch Governance & Enterprise Management /RA/ May 15, 2018 Services Division Office of the Chief Information Officer Copies of this PIA will be provided to:

Tom Rich, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO)

Governance & Enterprise Management Services Division Office of the Chief Information Officer 14