Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Project Management & Coordination Staff Website

 

Privacy Impact Assessment – Project Management & Coordination Staff Website (PMAC)

PMAC System Overview


The Project Management & Coordination Staff (PMAC) is the single point of entry for all IRS projects that impact End User Equipment Services (EUES). The purpose of this website will be to post relevant information regarding the projects currently assigned to the PMAC staff to keep people updated on the status of any one project of which they have a vested interest in.   Examples of documents that could be posted are Strategic Planning documents, Work Breakdown Structures (WBS), Project White Papers, Project Closeout Documents and Computer Workstation Data Collection information.  This website will be password protected to ensure that authorized user only may view or use the data.

System of Records Number(s)

Treasury/IRS 36.003  General Personnel and Payroll Records

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.  None
B.  Employee Name and/or SEID
C.   None, but site is password protected, and authorized users will have signed into the IRS intranet with their login and password. 
D.   Documents that could be posted are Strategic Planning documents, Work Breakdown Structures (WBS), Project White Papers, Project Closeout Documents and Computer Workstation Data Collection information. 

These reports will reside on a server and will be password protected as to limit the number of people who have access to them.  The passwords will follow the standard Security rules for passwords and permission to access the reports will only be granted to those people who need the information for work purposes.  The Project Owner will have final approval on who is granted permission to view any given report. 

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)


A. IRS: Computer Workstation Data Collection information is retrieved from the Enterprise Systems Management (ESM) Resource of Collective Knowledge (ROCK). 
B.  None
C.  Strategic Planning documents, Work Breakdown Structures, Project White Papers, and Project Closeout Documents are created by PMAC staff.
D.  None
E.  None
F.  None

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  Each will contain information related to specific projects. Such as, vision and strategy, architectural designs, deployment timelines and the end users who are affected by the deployment of the project. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

Members of the PMAC staff will take full responsibility for updating the documents housed on the website as the purpose of our website is to keep key participants up to date with the latest information.  ROCK reports are downloads from MITS most current data regarding end user equipment and ownership.

5. Is there another source for the data?  Explain how that source is or is not used.

No – PMAC staff members will be responsible for providing the data on the website.

6. Generally, how will data be retrieved by the user? 

Data regarding end users can be assessed by their name or SEID. 

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes. But only the Computer Workstation Data Collection information will include data with unique identifiers (name or SEID only).  No SSNs are in the system. 

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?


PMAC staff, EUES Senior Management, EUES Customer Relationship Management (CRM) staff, Project Mgmt. Office, Contractors who have had background investigations, and signed non-disclosure agreement.  Developers, System Administrators.

These reports will reside on a server and will be password protected as to limit the number of people who have access to them.  The passwords will follow the standard Security rules for passwords and permission to access the reports will only be granted to those people who need the information for work purposes.  The Project Owner will have final approval on who is granted permission to view any given report. 

Passwords shall be a minimum of eight (8) alphanumeric characters in length. It shall be a combination of upper and lower case, with at least two (2) non-numeric characters. Passwords must contain at least two (2) alphabetic characters and one (1) numeric or special character. For security purposes, a combination of alphabetic, numeric, and special characters should be used.

9. How is access to the data by a user determined and by whom? 

If an IRS employee or contractor associated with one of PMAC’s projects, has a need to gain access to any report containing SBU data that resides on our server, he/she will need to send an email to the project owner requesting this access.  The project owner will review the request and make a determination on whether to grant access or not. 

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Enterprise Systems Management (ESM) Resource of Collective Knowledge (ROCK).  It shares Computer Workstation Data Collection Information. 

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

The system owner has been notified to complete a PIA.  ROCK is an ESM on-line tool available to all IRS employees.  ESM would be responsible for securing a Security Certification an Accreditation. 

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?


Once a project is complete, the PMAC staff will take responsibility for removing any data or links associated to the project.  Historical data will continue to be stored in a secure location on a server, but will no longer be accessible via  website.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes. PMAC has a valid business purpose.  This project entails identifying IRS employees who currently have computer workstations running the Microsoft NT Operating System.  The goal of the project is to migrate each of these systems to the current Microsoft XP Operating System. 

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No. The PMAC website will not be used to monitor individuals or groups.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?  N/A.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The System is Web-Based, but no persistent cookies or other tracking devices are used.

 


Page Last Reviewed or Updated: July 20, 2005