Accessibility Skip to Top Navigation Skip to Main Content Home  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Advanced Search   Search Tips

Calling Card Ordering System

 

Privacy Impact Assessment – Calling Card Ordering System (CCOS)

CCOS System Overview:

The IRS Calling Card Ordering System (CCOS) is an Internal Revenue Service (IRS) minor application/system.  CCOS is an automated Intranet service wide inventory, ordering, and tracking system for calling cards.  Employees can access the Intranet and order a calling card through the Designated Agency Representative (DAR) Staff located at the Enterprise Computing Center - Detroit (ECC-Detroit).  The DAR Staff consolidation effort supports field responsibilities for calling card order processing and focuses on service wide inventory control, vendor coordination, annual database validation, and processing and control of approximately 35,000 Calling Cards.

Employees access the CCOS web site and complete the automated Intranet Calling Card order form and enter their immediate manager’s email address.  An email message is sent to the immediate manager that a Calling Card order form was completed and to go to a specific Intranet address to review and take action on the employee request.  The manager will review the information for accuracy and, assuming the manager concurs that the employee should receive a calling card, approves the request and enters the email address of the second level approving manager or designee.  The second level manager or designee will review, approve, and forward the automated request to the DAR Staff for processing.  The DAR Staff will add mailing address and the billing hierarchy code for each calling card order form and transmit the order to the calling card vendor.  Notification of approval by the immediate and second level managers is mandatory before the DAR Staff is authorized to order a Calling Card.  The Total Automated Personnel System / Human Resources Connect (TAPS/HRRC) provides a daily data import for purposes of updating manager employee relationship data in CCOS application.  Any IRS employee with a valid standard employee identifier (SEID) can access CCOS.  CCOS is not used by parties outside of the IRS, nor is it accessible outside of the IRS Intranet.

Systems of Records Number(s): 

Treasury/IRS 90.16 Counsel Automated Tracking System (CATS)
Treasury/IRS 34.037 IRS Audit Trail & Security Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.  None.

B.  Employee (end user requesting calling card):
* Standard Employee Identifier (SEID)
* Employee name (first, last, middle initial)
* Office address (street number, street, city, state, zip code, country, mailstop, building, floor, workstation number)
* An employee can request that the calling card be sent to the employee’s home address (street number, street, city, state, zip code); otherwise, it goes to the Immediate manager’s office address
* Office telephone number
* Office fax number
* Work e-mail address
* Organization symbols
* Functional Business Unit
* Personal Identification Number (PIN) for calling card (The PIN can be any four-digit number, but cannot start with 0 or 1.)
* Domestic or International (checkbox) type of calling card
* Business Operating Division
* Employee signature
* Calling card number

Immediate review manager (first level) and second review manager (second level):
* Name
* Signature and date
* Office telephone number
* Work e-mail address
* Immediate review manager only: Office address (street number, street, city, state, zip code, country, mailstop, building, floor, workstation number)

C.  There is no direct audit capability in the CCOS application.  Rather, CCOS relies on the MITS-2 General Support System (GSS) to provide audit functionality.  Although MITS-2 is outside of the scope of the CCOS Certification and Accreditation boundary and this assessment, MITS-2 audit functionality details are presented below for reference purposes.

MITS-2 GSS auditing records log on/off activities.  It also logs system administrator and security administrator activities while in their specific roles.  The audit logs have critical event information (type of event, source of event, time and date of event, user accountable for event (e.g., SEID)) useful in intrusion detection and system forensics should an attack occur.  Audit logs are reviewed daily for Tier II and TIER III servers.  Any suspicious behavior is detected by the security administrator and reported immediately to the appropriate individuals.  Audit logs are saved, backed up regularly, and stored.  Access to audit mechanisms and configuration parameters is restricted to only allow authorized changes to the audit process.  Access to audit logs is also restricted to only the appropriate individuals to prevent unauthorized deletion or change of audit events.  However, privileged users are authorized to select relevant events to be audited.  Audit reports can also be generated using different criteria, for example, by a user ID or terminal ID.

D.  Other:
* Billing hierarchy code (per Business Operating Division)
* Data within CCOS sent to the telecommunications provider, AT&T:
SEID, agency bureau code, Lead Dial Number (LDN), agency order number, hierarchy, manager’s name (immediate and second reviewer), manager’s telephone number (immediate and second reviewer), manager’s business address (immediate reviewer) who the card will be mailed to, second address line with org symbols, mailstop, cardholder (i.e., the employee name to be printed on the calling card), domestic or international card type, PIN, reservation conference card status, cardholder/employee e-mail address to the Telecommunications Provider (AT&T) to match up the calling card to the employee from a hardcopy spreadsheet as processed by the Designated Agency Representative (DAR) staff.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A.  CCOS checks the Corporate Authoritative Directory Service (CADS) as-needed to match the employee (i.e., employee name) with their respective immediate manager (i.e., immediate manager name) as noted in the employee’s record (within CADS).

As an additional check, the Total Automated Personnel System / Human Resources Connect (TAPS/HRRC) provides a daily data import for purposes of updating immediate manager and employee relationship data in the CCOS application.  It also contains the Separation Clearance Report which notes employees who are no longer work for the IRS.

B.  Not applicable.

C.  When an employee places an online order for a calling card, s/he provides the data items listed in Item 1B through the CCOS web interface (order form) via the IRS Intranet site.

An employee may also submit orders by telephone to a member of the Designated Agency Representative (DAR) staff who will help facilitate an order through the online CCOS Intranet site.  All data items listed in 1B are included in this type of order as well.

An employee may also submit a hardcopy Form 12836 “Calling Card Order Form”.  When this form is submitted for approval and processing, it is always mailed in a confidential envelope.  All data items listed in 1B are included in this type of order as well.

D.  Not applicable.
E.  Not applicable.
F.  Not applicable.

3. Is each data item required for the business purpose of the system?  Explain.

Yes.  All data items are necessary to process a transaction and get the appropriate management approval (immediate and second review managers) for an employee to receive a calling card.  Other data elements are also required to cross-check employees to their respective immediate and second review managers, as well as to support billing, calling card delivery, and inventory tracking as necessary.  Resultantly, all data items are essential to support of the business purpose of the system.

4. How will each data item be verified for accuracy, timeliness, and completeness?

The immediate review manager and second review manager perform a manual check for data accuracy and completeness of data in the calling card order form.

Automated data verification checks include:

The system will not allow a 0 or 1 to be selected for the first digit of the PIN nor will it allow an SEID to be used more than once.  The immediate review manager and second review manager are matched to the employee initially, but can be overridden manually if necessary.

The employee e-mail address is not checked for accuracy or completeness. 

5. Is there another source for the data?  Explain how that source is or is not used.

No.  There are no other sources used to provide data to CCOS beyond what has been previously mentioned.

6. Generally, how will data be retrieved by the user? 

Employees can access their data by logging on to the CCOS Intranet portal.

DAR staff system users retrieve data through the CCOS Intranet for a certain employee calling card order as well.  Other system users –including DAR Staff (front-end only), Program Manager, and Developers-- do not routinely retrieve individual records directly through the backend database.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Technically, data can be retrieved from any field within the database; however, the most commonly used identifiers to retrieve data are the SEID and calling card number.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Employee (end users requesting a calling card):
Users (i.e., employee end users) are only permitted to access the calling card order and calling card validation functions of CCOS.

Designated Agency Representative (DAR) Staff (System Users):
The CCOS Designated Agency Representative (DAR) Staff can access all application functions, add/delete information from the database, and input information into the application for reports from the front-end of the CCOS web portal.

Program Manager (System Users):
The Program Manager (also known as: Application Administrator) has system privileges to view/add/delete data, but cannot change database structure.

System Administrators and Developers (System Users):
Developers have full access to the application and can update the application. Developers and System Administrators can make changes to tables, reports, queries, data, and can also assign/delete databases and assign user privileges within CCOS.  Contractors do hold positions as Developers (not System Administrators) as part of web services.

9. How is access to the data by a user determined and by whom? 

All potential CCOS employee end users must have an IRS account (e.g., an assigned SEID).  However, CCOS does not follow the Online 5081 (OL5081) process for granting access to the application for employee end users.  Calling Card account access is granted by an employee end user logging into his/her account via the CCOS Intranet site.  However, an SEID is necessary to process a calling card order (Obtaining an SEID in the first place may require OL5081 registration by the IRS employee end user.)

System users, including System Administrators, developers, and application administrators do have to go through OL5081 process.  The OL5081 is used to document access requests, modifications, and terminations for all types of users, including System Administrators.  When a new user needs access to IRS systems or applications, the user’s manager or designated official, completes an OL5081 requesting access for the new user.  OL5081 is an online form, which includes information, such as the name of the system or application, type of access, and the manager’s signature approving authorization of access.  Before access is granted, the user is required to digitally sign OL5081 acknowledging his/her security responsibilities when using the system.

Concerning contractors who serve in developer positions, before they receive access credentials to the system and authorization to enter the system, contractors within web services (i.e., Developers) must be approved with a moderate risk background investigation in accordance with IRM 1.23.2.2.3.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

As mentioned previously, the CCOS application shares information with the Corporate Authoritative Directory Service (CADS).  CCOS checks CADS as-needed to match the employee with their respective manager and their employee record (within CADS). 

TAPS/HRRC provides a daily data import for purposes of updating manager employee relationship data in the CCOS application.  It also contains the Separation Clearance Report which notes employees who are no longer working for the IRS.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Certification and Accreditation (C&A):
* CADS has a current C&A approved on February 4, 2005, expiring on February 4, 2008.
* HRRC does not have a current C&A listed in the Mission Assurance Master Inventory.

Privacy Impact Assessment (PIA):
* CADS does not have a current PIA listed in the Office of Privacy PIA Inventory
* HRRC does not have a current PIA listed in the Office of Privacy PIA Inventory

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Transaction data is retained for 60 months.  Then CCOS media destruction and disposal controls are implemented at the facility level.  All CCOS users abide by the policy that information system digital media is sanitized or destroyed prior to disposal or reuse as defined by IRM 1.15.1, Records Management.

Employee end users who no longer work for the IRS are delineated in the Separation Clearance Report (obtained from TAPS/HRRC).  This report is compared against the CCOS user list, and records are eliminated for employees who no longer work for the IRS according to internal standard operating procedures.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes.  CCOS is used to identify and locate employee end users to provide them with calling cards they request.  The employee’s name is used to identify who the calling card is going to and the immediate manager’s office address is necessary to mail the calling card once approved.  These functions are necessary to support the business purpose of the system.  However, it is also noted that the employee end user may make a request to have the calling card mailed to his/her home mailing address location.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No.  The CCOS system does not provide the capability to monitor individuals or groups.  It only maintains a list of active employee end users who hold calling cards.   

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  This system cannot be used to treat employees disparately.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Not applicable.  CCOS does not process negative determinations on employee end users.  Also, employee end users do have the ability to correct and edit their own information by accessing their account on the CCOS Intranet site. 

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No.