Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Control-D WebAccess

 

Privacy Impact Assessment – Control-D WebAccess

Control-D WebAccess System Overview

The Control-D/WebAccess servers will be used to pass-through to the Integrated Collection System/Automated Collection System/Print (IAP) mainframes Control-D repository for viewing and printing reports that are stored on the IAP Mainframes.  Control-D WebAccess is a technological enhancement that will significantly reduce the amount of printed output.

System of Records Number(s) 

Treasury/IRS 36.003 – Employee Personnel Source Records
Treasury/IRS 34.037 – Audit Trail Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

Control-D WebAccess is a graphical user interface (GUI) residing on a Windows Server 2003 operating system but it does not process data.  It is a tool which allows authorized users to view and print reports on the Integrated Collection System/Automated Collection System/Print (IAP) mainframes. There is no change in data access configuration; that is, users will have the same access privileges that they currently possess.   

A. Taxpayer: N/A

B. Employee: Certain employee data is used to create network login accounts that enable employees to access the system.  This data is limited to the data gathered when the employee completes a Form 5081: first initial, middle initial (or X if there is no middle name), first 4 characters of the user’s last name, and the user’s district office code. 

C. Audit Trail Information: Accesses to the IAP mainframe and the Resource Access Control Facility (RACF) will be recorded in the existing audit trail records created on that system. 

D. Other: The Recipient Tree is a major security mechanism in CONTROL-D that defines how reports are distributed to users. The administrator can authorize CONTROL-D/Page On Demand users to view mainframe reports by adding the appropriate mainframe logon ID to the AUTHORIZE field in the recipient definitions in the Recipient Tree.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

Control-D WebAccess does not use or process any data elements on the IAP mainframes. The Control-D/WebAccess servers will be used to pass-through to the IAP mainframes Control-D repository for viewing reports that are stored on them. 

A. IRS:  N/A
B. Taxpayer:  N/A
C. Employee:  The only data element utilized by the Recipient Tree is the user’s logonID, which is supplied on a Form 5081.
D. Other Federal Agencies:  N/A
E. State and Local Agencies:  N/A
F. Other third party sources:  N/A

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  As defined above, the only element used by the server as data is the user’s logonID.  This information is used solely to grant access rights to view and print reports.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Of the logonID is incorrect, the employee will notify the appropriate administrative official to correct the erroneous data.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

All users accessing the reports have to complete an OL5081 to obtain access to the mainframe.  To use Control-D WebAccess, users must login (user ID and password) to a workstation on the IRS LAN.  Next, they must also login to RACF on the IAP mainframe with another user ID and password. A list of available reports may be sorted by Category, Decollation Date & Time, Job ID, Job Name, Job Start Date & Time, Order Date, Recipient, Remark, or Report Name.  Any number of available filters, using the previously mentioned fields or pre-defined indexes, may be applied to the list of reports to narrow it down to the desired results.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?   No.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Access to reports on the IAP mainframe will be authorized via user groups established by RACF Security Administrators in the Information Technology (IT) Field Security Organization of Mission Assurance and Security Services (MA&SS) at ECC-Memphis and ECC Martinsburg.  Users will be added to the RACF database on the IAP mainframe by the RACF User Administrators in the IT Field Security Organization of MA&SS at the Kansas City Campus.

9. How is access to the data by a user determined and by whom? 

Data used to access the system will be verified from the Form 5081 completed by the employee and verified by the employee’s manager. 

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.  No.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?    N/A

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

The data is comprised of user login information.  When employees leave the service, user accounts are deleted and proper documentation is maintained for 6 years as required (for possible internal inquiry). IRM 1.15.17 provides records disposition authorizations for records created and accumulated by Information Technology.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

N/A. This system is a GUI used to view and print reports contained on the IAP mainframes.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  N/A

 

 
 


Page Last Reviewed or Updated: July 08, 2005