Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

EP/EO Determination System

 

Privacy Impact Assessment – Employee Plans/Exempt Organizations Determination System (EDS)

EDS System Overview

EDS is an automated system for processing determination application received in Tax Exempt/Government Entities, Employee Plans and Exempt Organizations Divisions. EDS tracks and monitors applications, controls inventory and records time spent on each case. The information entered on EDS is retrieved from the power of attorney’s form and taxpayer’s application. 

The information allows TE/GE to manage their workload, generate a determination letter and enter the data to add the applicant to the Employee Plans Master File (EPMF) or the Exempt Organization Business Master File (EO/BMF).

Data is sent to EPMF and EO/BMF via the EP/EO Application Control System (EACS) which runs on the UNISYS at the Tennessee Computing Center (TCC).

EDS is a menu-driven system with four available subsystems.  The subsystems are Data Transcription Subsystem (DTS) Inventory Control Subsystem (ICS), Letter Generation Subsystem (LGS) and Management Information Subsystem (MIS).

Systems of Records Notice (SORN): 

Treasury/IRS 50.222 - Tax Exempt/Government Entities (TE/GE) Case Management Records
Treasury/IRS 34.037 – IRS Audit Trail and Security Records System

Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer:
* Plan Sponsor Name or Organization Name
* Employer Identification Number
* Plan Name
* Address
* Person to Contact
* Name of Employer
* Employer’s tax year end (Month)
* user fee amount
* Name of POA
* POA Address
* Plan Number
* Vesting Code
* Reversion Amount
* Reason for Termination (Application 5310 Only)
* Document Locator Number
B. Employee:
* Employee Grade
* Position
* Employee Group Number
C. Audit Trail Information:  EDS can identify, locate, and monitor IRS users of the application through the use of the Action History log. 
D. Other: N/A. 

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third-party sources (Describe)

A. EDS does not contain IRS-specific data.
B. Taxpayer information collected will be taken from a variety of applications, and Power of Attorney Forms 2848 and Form 8821.  Other forms utilized include Forms 1023, 1024, 1025, 1026, and 1028 for Exempt Organization entries and Forms 4461, 4461A 5300, 5303, 5307, 5310, 5310A, and 6406 for Employee Plans entries.
C. EDS data is maintained in tables on EDS. Some data is automatically entered based on employee’s logging into the system.  The employee number can also be entered by the employee.
D. EDS does not contain other Federal Agencies data.
E. EDS does not contain data from State or local agencies.
F. No other third-party sources provide data to EDS.

3. Is each data item required for the business purpose of the system?  Explain.
Yes, all information is essential.  All data in EDS is necessary for its business functions, as well as the data that comes into EDS from the LINUS System. No data is redundant or unnecessary.

4. How will each data item be verified for accuracy, timeliness, and completeness?

EDS limits user inputs for designated fields within the application. The valid syntax of the application inputs (e.g., character set, length, numerical range, acceptable values) are in place to ensure that inputs match specified definitions for format and content. For example, date fields are limited to date formats (e.g. MM/DD/YYYY).  The application has a mechanism in place to check for accuracy, completeness, and validity. 

The EDS application provides built-in error handling functions that notify the user with a response corresponding to the user performed action. The user error messages generated by the application provide timely and useful information to users without revealing information that could be exploited by adversaries. The responses are contingent upon how the database administrator configured the application to accept/respond to inputs into the application.  The application server uses an internal logging system for security issues or application-level errors and notifies the user(s) accordingly.

5. Is there another source for the data?  Explain how that source is or is not used.

EDS receives data from the following systems:
* Letter and Information Network User-fee System (LINUS)
* Tax Exempt Determination System (TEDS).

The information from LINUS and TEDS are supplied to EDS through Extracts or input through the FTP process.  Although there are other sources for some data fields in EDS, the actual information contained in EDS regarding determinations is not available from other sources.

6. Generally, how will data be retrieved by the user? 

Data will be retrieved by users through the IRS LAN via intranet access only using Powerterm or Infoconnect programs.  

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Data may be retrieved by Name, Employer Identification Number (EIN), Document Locator Number (DLN) or Case Number.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Only individuals who have been identified in the application’s database table are authorized to access EDS information.  These users are IRS employees performing data entry, Secretaries, Determination Reviewer, Determination Agents/Technical Specialists, and Customer Account Service Representatives.  Managers, System Administrators, and Developers have access to all data, system files, and functions required to carry out their assigned tasks and responsibilities.

9. How is access to the data by a user determined and by whom? 

Access to the data is determined by the Manager.  Completion of Form 5081, Information System User Registration/Change Request, containing the appropriate signature and approval are needed prior to receiving a system account.  Additional controls include restriction of user access based on job functions and responsibilities, “need-to-know” and separation of duties.  Users are assigned to groups that are permitted to access specific data dependent on job functions and responsibilities.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

LINUS sends data to EDS including user fee amount paid and entity information.  LINUS is a TE/GE Application.  The Returns Inventory Control System (RICS) receives data via electronic file from EDS.  RICS is a TE/GE Application. EDS send information to the EP/EO Application Control System (EACS); however, this is an IRS system.  EACS generates the Master File transactions.  EDS receives data from applications processed on TEDS.  When TEDS is fully operational it will replace EDS.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Certification and Accreditation (C&A):
* LINUS:  In the process of completing  security certification.
* RICS:  In the process of completing a security certification.
* EACS:  Has been certified as part of the GSS that contains the master file.
* EPMF and BMF:   Have a security certification.
* TEDS:  Has a security certification and is in the process of having that certification revised due to a new release of the TEDS application.

Privacy Impact Assessment (PIA):
* LINUS:  In the process of completing a PIA.
* RICS:   In the process of updating the PIA.
* EACS:  Has been certified as part of the GSS that contains the master file.
* EPMF and BMF:  Both have a valid PIA.
* TEDS:  Has a PIA and that PIA is being revised based on the ongoing certification process.

12.  Will other agencies provide, receive, or share data in any form with this system?

No other agency will be accessing or sharing data in the EDS application.  The application is limited to trusted domains within the TCP/IP Network and the Consolidated Data Network of the IRS.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

The Data in the system is permanently archived, not eliminated.  There is currently no automatic process built into EDS to dispose of records.  EDS will be replaced by the TEDS application on or around 9-30-2007.  TEDS will ensure that records within the application are disposed of correctly.  The records in EDS is covered by IRM 1.15.2.1(74) Employee Plans Application Case Files that calls for data to be destroyed ~ 10 years after the closing date and 1.15.2-1(77) Exempt Organizations Application case files that calls for some records to be retained indefinitely.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. 

The EDS application does not employ the use of any new technology that falls within the scope of the application and its processes.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

The EDS application does not perform any function that affects the treatment of  taxpayers and employees.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Yes.  For a “negative determination” as to exemption/qualification, the applicant is notified of a proposed adverse determination and is given an opportunity to protest before any final action is taken.  Additionally, the applicant has the right to appeal a determination through Appeals Division, (or EO Technical or EP Examination for certain cases). 

19.  If the system is Web-based, does it use persistent cookies or other tracking devices to identify web visitors?

EDS is not a Web-based system.
 


Page Last Reviewed or Updated: May 10, 2006