e-services

IRS Resources

e-services

Privacy Impact Assessment (PIA)- e-services

Section 2. Privacy Impact Assessment

2.1 Data in the System

1. Generally describe the information to be used in the system in each of the following categories: Taxpayer, Employee, and Other.

Third Party Community

Taxpayer

The taxpayer information used within the application has not undergone any modifications due to the PeopleSoft 8.8 upgrade. A taxpayer, in the role of registrant or applicant, is required to provide personal taxpayer information for initial identity authentication. e-services will use and collect information about third parties as part of its application and registration processes and will store this data in the Third Party Data Store (TPDS). Registrant information consists of name, address, date of birth, Social Security Number (SSN), Preparer Tax Identification Number (PTIN), correspondence information such as e-mail, fax, or address, and a preferred correspondence code.

The e–file software application requires a SSN and the Date of Birth (DOB) of the Primary Volunteer Income Tax Assistance (VITA) Site Responsible Official (RO) to complete and approve the Electronic Return Originator (ERO) application. The RO is responsible for transmitting the uploaded Tax Returns that have been processed by the VITA Site volunteers.

A detailed description of the taxpayer data that is used within the e-services environment is currently addressed by the response incorporated in Section 2.1 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

Employee

The employee information used within the application has not undergone any modifications due to the PeopleSoft 8.8 upgrade. The Modernized Systems Infrastructure (MSI) uses employee information to accurately identify and authenticate each employee user of the system. The system maintains a set of authorizations regarding what actions each employee user may perform within the applications supported by the system. Each employee’s use of the system is captured in activity records logged to the Security Audit and Analysis System (SAAS) subsystem. These activity logs include the information necessary to identify the employee, as well as the details about each attempted action, and its success or failure. Information about employees is taken from the Corporate Authoritative Directory Service (CADS) and directly from the employee through the employee registration process. A detailed description of the employee data that is used within the e-services environment is currently addressed by the response incorporated in Section 2.1 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

Other

Other information such as third party authentication data used within the application has not undergone any modifications due to the PeopleSoft upgrade. Applicants are required to provide the business name and role within the organization, and professional status information or fingerprint cards to determine suitability. Organizations and designated principles must undergo suitability checks before they are permitted access to e-services offerings. Organization principals can submit evidence of professional status or fingerprint cards. The suitability check also includes an IRS records check to ensure compliance with federal tax regulations and that they meet state and local licensing and/or bonding requirements for the preparation and collection of tax returns A detailed description of the third party data that is used within the e-services environment is currently addressed by the response incorporated in Section 2.1 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

Taxpayer

The taxpayer information used within the application has not undergone any modifications due to the PeopleSoft 8.8 upgrade. Users of the e-services Products are required to self-select a password and a Personal Identification Number (PIN) that is compliant with the business rules established by the IRS for this process. A password and PIN is obtained through the registration process and is used to authenticate their interactions with the system. A detailed description of the taxpayer data that is used within the e-services environment is currently addressed by the response incorporated in Section 2.1 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

Employee

The employee information used within the application has not undergone any modifications due to the PeopleSoft 8.8 upgrade. IRS employee names and identification numbers will be associated with various records under the Electronic Account Resolution (EAR), Taxpayer Identification Number (TIN) matching, Disclosure Authorization (DA), and Transcript Delivery System (TDS) applications A detailed description of the employee data that is used within the e-services environment is currently addressed by the response incorporated in Section 2.1 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

Other

Other information such as third party authentication data used within the application has not undergone any modifications due to the PeopleSoft upgrade. e-services Products will utilize third party information collected as part of the application and registration process for the Third Party Community application. Additionally, third party information pertaining to actual e-services transactions will be stored within the e-services Transaction History Database (THDB).

e-services will also collate IRS program and offering information associated with third-party partners. A detailed description of the third party data that is used within the e-services environment is currently addressed by the response incorporated in Section 2.1 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

2. What are the sources of the information in the system?

a. What IRS files and databases are used?

Third Party Community

The IRS files and databases accessed by e-services application due to the PeopleSoft upgrade are remain the same. e-services Releases will access IRS files via a standard message request using the Application Messaging Data Access Service (AMDAS) and other Enterprise Architecture (EA) approved communications methods. Interfaces to the appropriate modernization and legacy systems complete the data request. The interfaces to the modernized systems data sources are • Enterprise Directory and Authentication Service (EDAS)—Authentication data, such as user ID, password, and PIN will be stored in Enterprise Directory and Authentication Service Database (EDASDB). In addition, role based access control information will be stored on each registrant.

Role based access control information is used to determine which e-service functions a registrant may access
• Transitional Database (XDB)—Validate Adjusted Gross Income (AGI) with prior year tax return data
• Third Party Data Store (TPDS)—This database will store registrant, application, and partnership relationship information
• Transaction History Database (THDB)—Stores application specific transaction elements for use by IRS management and to meet record retention requirements e-services will use business and individual taxpayer-related information. The following list identifies the needed data sources that are contained within the current processing environment files that were established by existing IRS processes:
• Submission Processing—Taxpayer address change input (TC014) to Run 2 data stream for eventual posting on the Individual Master File (IMF)
• IMF— The Automated Suitability Analysis Program (ASAP) will request periodic analysis on all e-file firms and individuals identified as principals, partners, owners and responsible officials. ASAP will request daily analysis on all new firm and individual applicants, provide applicants type indicator to identify information to return suitability, and analyze Masterfile Transcript for “hit” and “no-hit” suitability criteria
• Electronic Management System (EMS) (Applicant Database (ADB))—Provides valid usernames, corporate identification, and authorizations for transmitters, software developers, and reporting agents
• Electronic Bulletin Board System (EBBS) (State Tax Administration)—States participating in the Fed/State e-file program require information on accepted EROs and transmitters to allow participation in the state programs. Provide PTIN cross-reference file

•Electronic Filing System (ELF) (IMF)—Provide valid ERO IDs. Provide valid software IDs
• Electronic Tax Administration Research and Analysis System (ETARAS)—Provide valid ERO, Internet Service Provider (ISP), transmitter, and software developer information
• Marketing Research Databases (IMF & BMF)—Provide IMF and BMF e -file participant data for marketing research analysis. Provide paid preparer (PTIN) data for marketing research analysis
• ELF8453 Problem Reporting System (EPRS)—Names and addresses of participants for mailing of letters
• ELF-15 Automated Reporting System (EARS)—Receive Electronic Filing Identification Number (EFIN) counts for each ERO/Transmitter
• Distribution Channel Management (DCM)—Provide valid Employer Identification Number (EIN), ERO, and transmitter IDs for e-file return analysis and penetration rates. Provide PTIN cross-reference. Receive level of participation for e-service authorization
• Electronic Fraud Detection System (EFDS)—Provide e-file participant information
• Enrolled Agent (EA) Database—Validate EA identification number and other data. Receive current status codes regarding enrollment
• Fed World—Provide limited data on active e-file participants to populate locator services on the Digital Daily
• Exam Preparer Database—Provide valid PTINs and associated SSNs for Return Preparer Inventory
• National Account Profile (NAP) Data Master-1 (DM-1) file—Validate TIN and Name Control (NC) and DOB. Validate AGI with prior years returnyears-return data. Receive taxpayer’s current address of record as what is currently addressed in detail by the response incorporated in Section 2.1 (Question 2a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

The IRS files and databases accessed by e-services application due to the PeopleSoft upgrade are remain the same. e-services Products will access IRS files via secure standard message requests to AMDAS and other approved communications methods. Interfaces to the appropriate modernization and legacy systems complete the data request. The following list represents certified databases and files currently under design for used with e-services applications
• EDASDB—Authentication data, such as user ID and password will be stored in EDASDB. In addition, access control information will be stored on each registrant or individual user of e-services Products. Role based access control information is used to determine which e-service functions an individual user may access
• TPDS—Provides third party registrant information for use with e services Products
• XDB – storing National Account Profile DM-1, National Account Profile SS, National Account Profile SSN, Spouse’s Cross Reference, Payer Authorization, Return Transaction, and Employer Identification Number Name Control data
• Pending Disclosure Authorization—Temporarily stores pending DA transactions awaiting third party and taxpayer signatures. The data can be accessed by only those who possess the role and are authorized.
• THDB—Stores application specific transaction elements for use by IRS management and the e-services, TIN matching, DA, TDS, and EAR applications (Refer to e-services Security Plan [Section 2.2.5] for additional application details) that record additions and modifications to the records. No personal identifiable data is stored. An extract of this file is sent to the SAAS for detailed forensic analysis.
• Log File Collector (LFC) – storing transaction audit record information

The e-services Products will use business and individual taxpayer related information. RISs have been submitted for each system as required. The following list identifies the data that is needed and interface purpose for the current files
• Standard Corporate Files On Line (CFOL) Access Protocol (SCAP)—Contains Individual Return Tax File On Line (IRTFOL), Business Return Tax File On Line (BRTFOL), Information Return Master File On Line (IRMFOL), Individual Master File On Line (IMFOL), Business Master File On Line (BMFOL), Individual Return Transaction File (IRTF), Business Return Transaction File (BRTF), Individual Return Master File (IRMF), Business Master File (BMF) Retention Register Files, and Individual Master File (IMF) Retention Register Files
• Centralized Authorization File (CAF)—Establishes taxpayer and Third Party relationships for disclosure authorization
• National Account Profile DM-1 File (NAP-DM1)—Validate TIN and Name Control and DOB. Validate AGI with prior year return data. Receive taxpayer’s current address of record
• National Account Profile SS File (NAP-SS)
• National Account Profile SSN File (NAP-SSN)
• Spouse’s Cross Reference File (XREF)
• Payer Authorization File (PAF)—Subset of the Payer Master File (PMF) that holds information about the individual or entity that actually pays a taxpayer obligation
• Return Transaction File (RTF)
• Employer Identification Number Name Control File (EIN/NC)
• Preparer Tax Identification Number (PTIN)
• Enrolled Agent (EA)
• Applicant Database (ADB) migration
• ELF-15 Automated Reporting System (EARS)
• Automated Suitability Analysis Program (ASAP)
• Electronic Filing System /Individual Master File (IMF BMF)
• Marketing Research Database (MRD)
• Electronic Management System (EMS) / 94x
• Distributed Channel Management (DCM)
• Electronic Problem Resolution System (EPRS)
• Exam Preparer – The e-services applications will provide the data needed by the Exam Preparer Database System from the TPDS. A file extract will be used to completely replace prior versions of the PTIN cross reference file associated with the Exam Preparer Database
• ETARAS
• ERO Locator – A program of the U.S. Department of Commerce providing a comprehensive, Web-based, centralized access point for searching, locating, ordering and acquiring government and business information
• Integrated Case Processing (ICP)
• Telephone Routing Interactive System / Interactive Processor (TRIS/IP)
• National Change of Address (NCOA) Transaction Code 014 (TC014) - change of address record that will be created as part of the Registration process
• Transaction Code 120 (TC120) Transactions to Disclosure File – TC120 record of disclosure when a taxpayer’s transcripts are disclosed to a state tax representative as what is currently addressed in detail by the response incorporated in Section 2.1 (Question 2a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

b. What Federal Agencies are providing data for use in the system?

Third Party Community

e-services receives information from the Federal Bureau of Investigation (FBI) as part of the suitability background checks on some applicants who do not have professional credentials. The FBI returns either a negative response if the applicant does not have a criminal record, or they return a note indicating the offense. The Social Security Administration (SSA) provides the information populating the IRS DM-1 file for entity check use. If the information from a check is used to deny a third party individual from participating in the e-services offerings, then that individual will receive a letter that indicates the reason for their sanction. The applicant has 30 days to correct the information. The Federal agencies providing data for use in the system are the same as those described in detail by the response incorporated in Section 2.1 (Question 2b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

The IRS receives SSN, birth date, and other data elements (e.g. Date of death) from the SSA. This information is used to update the NAP DM 1 database that e-services TDS, EAR, DA and TIN Matching applications access for authenticating transactions. The e-services Products access this data after the SSA data has been entered into the TPDS and XDB. If the information from a check is used to deny a third party individual from participating in the e-services offerings, then that individual will receive a letter that indicates the reason for their sanction. The applicant has 30 days to correct the information. The Federal agencies providing data for use in the system are the same as those described in detail by the response incorporated in Section 2.1 (Question 2b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

c. What State and Local Agencies are providing data for use in the system?

Third Party Community

Information is shared at the local (territory) level. IRS, State and local agencies share information about participants who may have been convicted of a crime or showed disreputable conduct as stated under the IRS e-file rules. Approved applicants will receive IRS Publication 1345, Handbook for Authorized IRS e file Providers of Individual Income Tax Returns, which describes the suitability check process, submission requirements, and the reasons that a participant may be rejected from the program. If the information from a check is used to deny a third party individual from participating in the e-services offerings, then that individual will receive a letter that indicates the reason for their sanction. The applicant has 30 days to correct the information. The State and Local agencies providing data for use in the system are the same as those described in detail by the response incorporated in Section 2.1 (Question 2c) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

e-services receives no information from state and local agencies.The State and Local agencies providing data for use in the system are the same as those described in detail by the response incorporated in Section 2.1 (Question 2c) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

d. From what other third party sources will data be collected?

Third Party Community

As part of the suitability evaluation, applicant credentials will be verified through the appropriate professional organization and the FBI National Crime Information Center (NCIC). Additionally, credit agencies will provide credit check information when the IRS suitability analyst determines that a credit check is necessary to qualify the applicant. Credit checks are done at the discretion of the IRS suitability analyst. If the information from a check is used to deny a third party individual from participating in the e-services offerings, then that individual will receive a letter that indicates the reason for their sanction. The applicant has 30 days to correct the information. The third party sources providing data for use in the system are the same as those described in detail by the response incorporated in Section 2.1 (Question 2d) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

For TDS, taxpayers (students, spouses, parents) applying for Federal student aid will complete an electronic consent form and submit it to the Department of Education contractors. Those contractors will be registered with the IRS as authorized users and will forward the consent (unopened or unread) directly to the IRS through the Internet portal in a secure session. The IRS will maintain the consent for a period of six years and ten months as a record of the disclosure. After that time, they will be permanently purged from the system. TIN matching participants will be required to sign a Memorandum of Agreement before having access to this service The third party sources providing data for use in the system are the same as those described in detail by the response incorporated in Section 2.1 (Question 2d) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e. What information will be collected from the taxpayer/employee?

Third Party Community

No taxpayer information will be collected from the registrants other than authentication data (i.e. AGI, DOB, and SSN) as previously stated in Question 1 of this document for Third Party Community Taxpayers. E-file firms and applicant individuals identified as principals, partners, owners and responsible officials will provide proof of credentials. Usually a copy of professional credentials is submitted with the application. Applicants will also identify the person(s) (referred to as delegates) in their firm, organization, or state who are representatives of the company and will be delegated the offered services VITA Site ROs will be required to supply their SSN and DOB in order to complete the Not-for-Profit application (Form 8633). The taxpayer/employee information that is collected from the registrants is the same information as described in Section 2.1 (Question 2e) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

The DA application requires collection of limited taxpayer information. An electronic signature is needed for use with the electronic equivalent to IRS Forms 8821 and 2848. During registration, the taxpayer will be required to provide AGI and a self selected PIN. Additional taxpayer provided data includes address, SSN, daytime telephone number, and employer identification number. Taxpayer AGI and TIN represent the only new information that will be collected during the DA transaction, as all other elements are currently collected on these forms The TDS also requires a taxpayer’s electronic signature (PIN),as described above, on an electronic consent form consistent with the current Form 4506. This form currently requires a taxpayer to provide their name, address, and SSN. No employee information will be collected.The taxpayer/employee information that is collected from the registrants is the same information as described in Section 2.1 (Question 2e) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

3.a. How will data collected from sources other than IRS records and the taxpayer be verified for accuracy?

Third Party Community

If the information collected from the FBI or State agency prevents the applicant from participating in the e-services offerings, the applicant is given the opportunity to respond to the rejection. If the information collected does not prevent the applicant from participating in the e-service offerings then the information is assumed to be correct. Credit check information may not be accurate. If the information from a credit check is used to deny a third party individual from participating in the e-services offerings, then that individual will receive a letter that indicates the reason for their sanction. The applicant has 30 days to correct the information.Data collected from sources other than IRS records and the taxpayer is verified and checked for accuracy utilizing the same techniques as stated in Section 2.1 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

Data entered for all e-services Products is processed and error checked at multiple levels throughout e services transactions to ensure accuracy. The successful authentication and authorization of the third party user of the system provides the first level of data verification entered on behalf of the taxpayer. The second level consists of Internet browser surface editing as the user inputs data for submission to the application. The relevant e-services server will conduct a secondary check on user entered data. Finally, the application will match data against the systems listed in Question 2 of Section 2.1 within this document to determine validity. Bulk files submitted for TIN matching and TDS processing will undergo validity checks at the application level before processing. Any elements determined to be inaccurate will not be processed. The user will be notified and asked to resubmit those portions of the request again at a later time because Bulk file transactions do not allow the user to re-enter the data elements interactively. Data collected from sources other than IRS records and the taxpayer is verified and checked for accuracy utilizing the same techniques as stated in Section 2.1 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

b. How will data be checked for completeness?

Third Party Community

Required information must be provided before an application or registration can be submitted. Field-level error checking will take place during the online session. Registrants will have the ability to edit their own personal data to correct or add missing data. Automated checks have been developed to ensure that the required application is complete is data fields are appropriately filled in before submission. The IRS [employee Tax Examiner (TE) or Customer Service Representative (CSR)] will also manually review the information for suitability and approve the application.Data is checked for completeness using the same process as described in Section 2.1 (Question 3b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

Data fields required for successful interactive e-services transactions will undergo checks during online input. The application will not allow the user to submit incomplete requests, and will provide them the ability to edit incorrect data prior to final submission. Applications allowing bulk file input will verify completeness prior to sending transactions to the processing environment. Bulk file transactions do not allow the user to re-enter the data elements interactively. Therefore, incomplete elements will not be processed. The system will notify the user and ask that those portions of the request be resubmitted at a later time. Data is checked for completeness using the same process as described in Section 2.1 (Question 3b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

c. Is the data current? How do you know?

Third Party Community

It is the responsibility of the applicant and registrant to ensure that the information is current. Applicants and registrants have access to their individual records. Suitability is kept current because the IRS conducts annual suitability checks. Annual suitability checks involve a review of IRS records to ensure that applicants are still complying with federal tax requirements as stated in the IRS Publication 1345, Handbook for Authorized IRS e file Providers of Individual Income Tax Return. With regards to program and offering information, it is the responsibility of designated IRS TE/CSR staff to ensure that the information is current because IRS conducts periodic performance checks to verify that suitability checks are being conducted.It is the responsibility of the data source to ensure that the information is current. To demonstrate and ensure that the information is current, the IRS performs periodic performance checks to verify that suitability checks are being conducted. Refer to the e-services Release 2.0r PIA Version 1.3 [dated January 4, 2004] Section 2.1 (Question 3c) for details.

e-services Products

It is the responsibility of the data source to ensure that the information is current. Disclosure Authorization is the only e-services Product that requires a user to update data already within the IRS environment or to create a new record within the system.

4. Are the data elements described in detail and documented? If yes, what is the name of the document?

Third Party Community

Yes, the data elements are described in detail and are provided listed within the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004] parent document as Appendix A, e-services Data Elements. Additionally, Refer to Section 6.2 of the e-services Data Model View (DMV) identifies for the PeopleSoft 8.8 upgrade data elements pertaining to the e-services application as well as the PeopleSoft CRM 8.8 upgrade.

e-services Products

Yes, the data elements are described in detail and are listed within the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004] as Appendix A, e-services Data Elements. Additionally, the e-services Data Model View (DMV) identifies the data elements pertaining to the e-services application as well as the PeopleSoft CRM 8.8 upgrade.Yes, the data elements are described in detail and are provided within the parent document as Appendix A, e-services Data Elements. Refer to Section 6.2 of the e-services Data Model View (DMV) for the PeopleSoft 8.8 upgrade data elements.

2.2 Access to the Data

1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?

Third Party Community

• System administrators, security administrators, and managers will access Management Information System (MIS) data.
• Database administrators will have access to the TPDS to maintain the database. Each third-party user will have access to their own record.
• Developers will have access to the sanitized TPDS (no access to live data) and interface data to develop the interfaces, test the application, and ensure data integrity among the interfaces. The sanitized data converts the taxpayer’s last name to the names of trees, flowers, and/or vegetables, converts their street name to the names of US colleges and universities, and modifies the last four digits of their SSN to all zeros, or ones, or twos, etc.
• IRS employees (TEs/CSRs) will have access to the information if authorized by their managers. IRS employees must adhere to the IRS 5081 process to have access to TPDS information. Access control mechanisms will prevent all users from accessing unauthorized information. Infrastructure Shared Services (ISS) provides system level auditing.
• Access control mechanisms will prevent all users from accessing unauthorized information. ISS provides system level auditing and intrusion detection to detect authorized accesses. The PeopleSoft application will also log user level transactions to identify modifications to the records (such as: date, time, tracking number – but no personal identifiable data will be in the transaction log.). The same users, managers, system administrators, and developers access the system/application data via Role-based Access Controls (RBAC) and their accesses to the system data are addressed in detail by the response incorporated in Section 2.2 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

The following labor categories are expected to have access to the system:
• IRS employees (Users and Managers)
• Third Party Users
• Database Administrators
• Auditors
• System Administrators
• System Developers (only when required to conduct troubleshooting to fix a defect)

The e-services THDB will provide MIS data accessible by authorized system administrators, IRS managers, and EAR CSRs. Administrators will also have access to the Payer Authorization File (PAF), National Account Profile (NAP), Pending DA Database, and EIN Name Control for maintenance purposes. System developers will also have access to these as well as interface data to develop the interfaces, test the application, and ensure data integrity between the interfaces. Each third party user will have access to their specific record as well as those records specifically designated by the taxpayer via the Disclosure Authorization process or the Department of Education disclosure process outlined previously. The same users, managers, system administrators, and developers access the system/application data via RBAC. Accesses to the system data is addressed in detail by the response incorporated in Section 2.2 (Question 1) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?

Third Party Community

Access for users is controlled through a number of steps. First, the user (through the registration process) is identified and authenticated using IRS specified criteria that are automated by the software. The registration process only grants very limited access to the user. The second step requires that the registered user be affiliated with an IRS-approved business or company (a business entity that holds an EIN or is a sole proprietor). The affiliation with a legitimate business adds to the credibility of the user and allows the IRS to hold a business accountable for the actions of its employees. Third and before any user is authorized a role to use the e- services products, the RO of the business must delegate roles to the user so they may gain authorities to the e-services products (such as DA, EAR, and TDS). Role Based Access Control (RBAC) is a management control that is utilized for the administration of the user’s system authorizations. A defining point in the implementation is that e-services is providing the role definition and authorities but does not assign the roles to any of the users. The assignment of the roles to individuals is the responsibility of the IRS Manager (in the case of the EUP) or the Principal/Responsible Official (in the case of the Registered User Portal [RUP]).RBAC are used to determine access to the data by a user and are implemented consistently with IRS policies and procedures. Detailed information regarding user’s access to system data can be found in Section 2.2 (Question 2) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]).

e-services Products

All users must be authorized (enabled via roles) to use e-services applications. This includes all third parties and IRS employees. Third parties must complete the registration and application process for each e-services function prior to use. IRS employees must be authorized by their respective supervisors or managers to utilize each e-services function. IRS, third party, and administrative users of the e-services releases will be authenticated by using EDAS provided by the MSI. Specific access authorizations will be based on access roles that determine what actions each user may perform and through additional application authorization checks performed against the IRS Centralized Authorization File (CAF) to verify proper Power of Attorney (POA)/Tax Information Authorization (TIA) exist prior to disclosure. RBAC are used to determine access to the data by a user and are implemented consistently with IRS policies and procedures. Detailed information regarding user’s access to system data can be found in Section 2.2 (Question 2) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]).

3. Will users have access to all data on the system or will the users’ access be restricted? Explain.

Third Party Community

Applicants and registrants will only have access to their own records based upon their roles. Authorized applicants will have access to their firm, organization, or state full application as they exist in the system and will include names, addresses, and other application information of members. Applicants will not have access to each other's sensitive information such as PINs and individual passwords. Employee access will be restricted on a need-to-know basis, as designated by their supervisors through the IRS 5081 process. Information system administrators will be given access based on their duties.Users’ access to data will be restricted according to their 5081. Detailed information regarding user’s access to system data can be found in Section 2.2 (Question 3) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]).

e-services Products

e-services software application users will only have access to those functions they are authorized to use based on their role(s) established through application and registration as well as the DA process and memorandum of understanding between the IRS and individual states. Third parties will only have access to taxpayer information they are associated with, based on their CAF number and POA/TIA verification. Users’ access to data will be restricted according to their 5081. Detailed information regarding user’s access to system data can be found in Section 2.2 (Question 3) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]).

4. What controls are in place to prevent the misuse (e.g.,browsing) of data by those having access?

Third Party Community

Audit records will be maintained to identify misuse of access privileges. Intrusion detection systems will also be employed to detect unauthorized use. ISS is responsible for providing intrusion detection and collecting all audit logs for analysis in the SAAS system. IRS security will review audit and intrusion detection logs IRS employees are subject to follow the Taxpayer Browsing Protection Act when accessing taxpayer information. TIN checking (used to prevent unauthorized accessing of taxpayer data) is a capability provided by the Modernized Infrastructure. IRS employees must be trained in IRS procedures regarding Unauthorized Access (UNAX) violations. Audit controls are in place to prevent the misuse of data by users having access. This question is currently addressed in detail by the response incorporated in Section 2.2 (Question 4) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

Audit records, which are under role based access control, will be maintained to identify misuse of access privileges. Intrusion detection systems will also be employed to detect unauthorized use. ISS is responsible for providing intrusion detection mechanismsAudit controls are in place to prevent the misuse of data by users having access. This question is currently addressed in detail by the response incorporated in Section 2.2 (Question 4) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort. IRS employees are subject to follow the Taxpayer Browsing Protection Act when accessing taxpayer information. TIN checking (used to prevent unauthorized accessing of taxpayer data) is a capability provided by the Modernized Infrastructure. IRS employees must be trained in IRS procedures regarding UNAX violations.

5.a. Do other systems share data or have access to data in this system? If yes, explain.

Third Party Community

Yes, a list follows and will evolve as other systems migrate to the modernized infrastructure:
• Indirect Channel Management (ICM) will receive entity information (firm, address, EIN, and other identifying numbers) for the rewards and incentives program
• EDAS authenticates system users
• Electronic Fraud Detection System (EFDS) currently uses applicant database and customer database information to identify e-file system users in monitoring and investigating activities
• Electronic Management System (EMS) for the ETINs and corporate identification
• Modernized e-file (MeF) for the ETINs and corporate identification
• Submission Processing on the Unisys uses Electronic Filing Identification Numbers (EFINs)
• Electronic Bulletin Board System (EBBS) at the Cincinnati Service Center. Valid EFINs are given to states
• Individual Master File (IMF) for TC014 (address change) and TC 120 (transcript disclosure)
• SAAS analyzes the audit and system logs for all of the software components and hardware devices. No additional systems share or access the system data within e-services as a result of the PeopleSoft 8.8 upgrade. Refer to the e-services Release 2.0r PIA Version 1.3 [dated January 4, 2004] Section 2.2 (Question 5a) for a complete listing of system/application interfaces to e-services data and resources.

e-services Products

• EDAS authenticates system users
• Telephone Routing Interactive System (TRIS) provides request for transcript files to the TDS application for processing and delivery to the requestor
• Internally, both the TDS and EAR applications will reference POA/TIA data in the CAF, updated by the DA application, to verify proper third party authorization prior to disclosure of taxpayer informationNo additional systems share or access the system data within e-services as a result of the PeopleSoft 8.8 upgrade. Refer to Question 5a of the e-services Release 2.0r PIA Version 1.3 [dated January 4, 2004] for a complete listing of system/application interfaces to e-services data and resources.

b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?

Third Party Community

The IRS Andover Submission Processing Center has been designated as the steward of the registration and application data and will be responsible for protecting the privacy rights of the taxpayers. Supervisors will be responsible for ensuring employees only have access on a need-to-know basis. The same individuals as identified in Section 2.2 (Question 5b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) will be responsible for protecting the privacy rights of IRS entities.

e-services Products

Supervisors will be responsible for ensuring that employees only have access, on a need to-know basis. Additionally, all authorized users will be required to protect taxpayer data, through terms of agreementThe same users as identified in Section 2.2 (Question 5b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) will be responsible for protecting the privacy rights of IRS entities.

6.a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?

Third Party Community

Other agencies are not providing, sharing, and/or accessing system/application data due to the PeopleSoft 8.8 upgrade. This question is currently addressed in detail by the response incorporated in Section 2.2 (Question 6a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

Other agencies are not providing, sharing, and/or accessing system/application data due to this PeopleSoft 8.8 upgrade. This question is currently addressed in detail by the response incorporated in Section 2.2 (Question 6a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

b. How will the data be used by the agency?

Third Party Community

States will use a State Retrieval Identification number and a password to access and retrieve electronically filed state tax returns for comparison against the Federal Tax return. Department of Education contractors will request specific TDS transcript be sent to an authorized college/university representative for processing student loan applicationsHow the data is used by the agency is currently addressed in detail by the response incorporated in Section 2.2 (Question 6b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

The Department of Education contractor will not see taxpayer information, as they will only pass taxpayer consents to the IRS for processing. The IRS will send the taxpayer information directly to the participant colleges/universities. State Tax Representatives will obtain TDS information for state tax administration purposes How the data is used by the agency is currently addressed in detail by the response incorporated in Section 2.2 (Question 6b) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

c. Who is responsible for assuring proper use of the data?

Third Party Community

The IRS and its employees are responsible for assuring the proper use of the data. All authorized users are bound by terms of agreement and their Online 5081 to safeguard taxpayer data. This question is currently addressed in detail by the response incorporated in Section 2.2 (Question 6c) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) and applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?

Third Party Community

The system will ensure that agencies only get the information that they are entitled to under Internal Revenue Code (IRC) 6103 through authoritatively signed agreements (i.e. Interconnection SSecurity AgreementAs [ISAs], Interface Control Documents [ICDs], Technical Contingency Planning Documents [TCPDs]) between interconnected parties.

e-services Products

The system will ensure that agencies only get the information that they are entitled to under IRC 6103 through authoritatively signed agreements (i.e. ISAs, ICDs, TCPDs) between interconnected parties.

2.3 Attributes of the Data

1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

Third Party Community

Yes, the use of the data is both relevant and necessary to the purpose for which the system is designed. The information requested from applicants and registrants is the minimal information necessary to ensure that they are qualified to participate in the third-party e-filing program.

e-services Products

Yes, the information used by the e-services Products is necessary to complete the IRS e-services. Use of taxpayer data by the authorized users will serve to assist in tax administration purposes and to provide income verification information. In addition, program and offering information is necessary to track performance against a plan (no personally identifiable information is used for this performance analysis) and ensures that products and services remain current and relevant.

2.a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

Third Party Community

Yes, the system will be able to determine the number of times that a registrant correctly e filed tax returns. This information is used to determine who and how to market and provide assistance to our registrants to increase their electronic filing. This information will be used to market IRS information and seminars to registrantsYes, the system determines the number of times that a registrant correctly e filed tax returns. This question is addressed in greater detail in Section 2.3 (Question 2a) of the certified e-services Release 2.0r PIA Version 1.3 [dated January 4, 2004] .

e-services Products

Yes, the system will track usage of the system, via Transaction History, for IRS Management Information System (MIS) purposes (i.e. budget development, performance measurement). The system will also track which requests were made on the system for purposes of recording disclosures and whether an individual has made multiple failed requests based on failures in authorization or suspected TIN phishing. Phishing (sometimes called carding or brand spoofing) is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from valid web sites in an effort to phish (prounounced "fish") for personal and financial information from the recipient for misuse.

b. Will the new data be placed in the individual's record (taxpayer or employee)?

Third Party Community

The new data will not be placed in the individual’s personal record.

e-services Products

Yes, for the Transcript Delivery SystemTDS, a Transaction Code 120 (Account Disclosure Code) is posted to the taxpayer’s account in the Master File when a State Tax Representative has requested information.

Yes, a temporary indicator is placed in the user’s security profile after they have been locked out of an application due to repeated authorization failures or duplicate TIN match attempts. The indicator is used to disallow further use of specific e-services products upon logging in to the system through the ISS provided architecture. There are no plans to count frequency of individual occurrences.

c. Can the system make determinations about taxpayers or employees that would not be possible without the new data?

Third Party Community

No, it will be easier to determine registrant-employer associations, but that information could be determined from existing systemsYes, however, it is easier to determine registrant-employer associations from existing systems.

e-services Products

No, it will be easier for the system to determine taxpayer-third party associations and disclosures, but this information could be determined from existing systems.

Yes, however, it is easier for the application to determine taxpayer-third party associations and disclosures that can be determined from existing systems.

d. How will the new data be verified for relevance and accuracy?

Third Party Community

The number of e-filed tax returns is a simple count by EFIN. Counting the number of e-filed tax returns is relevant metric used in determining the success of reaching one of the IRS strategic plan goals. If there is any question regarding the program’s ability to conduct a simple addition, the registrant can contact the Andover Submission Processing Center to verify the data for accuracy.The same procedures and processes for verifying the relevance and accuracy of the new data is addressed in Section 2.3 (Question 2d) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) are utilized to verify data for relevancy and accuracy.

e-services Products

The data is based on a history of transactions in the system that requires multiple layers of authentication and authorization before a user can access taxpayer information. A complete record, to include who initiated the transaction, when it occurred, and what occurred will be kept by both the e-services Transaction History and the ISS project’s SAAS (authoritative) at the time of occurrence. The same procedures and processes addressed in Section 2.3 (Question 2d) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) are utilized to verify data for relevancy and accuracy.

3.a. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?

Third Party Community

IRS business owners require data to be consolidated. Access controls have been established based on “need-to-know” and RBAC mechanisms to protect the system data from unauthorized access and/or use.

e-services Products

IRS business owners require data to be consolidated. Access controls have been established based on “need-to-know” and RBAC mechanisms as described in Section 2.3 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) to protect the system data from unauthorized access and/or use. The same RBAC mechanisms are applicable to the PeopleSoft 8.8 upgrade effort.

b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

Third Party Community

Processes are not being consolidated.

e-services Products

Processes are not being consolidated.

4. How will the data be retrieved? Can it be retrieved by a personal identifier? If yes, explain.

Third Party Community

Yes, TPDS records can be retrieved by TIN (i.e., SSN, EIN), EFIN, PTIN, ETIN, and alphabetically by nameData records will be retrieved using the same personal identifiers (i.e. TINs, ETINs) and authentication credentials as described in Section 2.3 (Question 4) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]), which applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

No single personal identification number allows a user to retrieve information on anyone but that individual and only if they are authorized to obtain that information. A third party registrant must provide a taxpayer’s TIN (SSN, EIN) and address, while also supplying that third party’s CAF number, and user ID and password. All these elements are verified and authenticated against separate data stores prior to receipt of any information via the e-service online service transactions.

What are the potential effects on the due process rights of taxpayers and employees of:

a. consolidation and linkage of files and systems;

Third Party Community

The program logic will execute verification routines against the IRS authoritative records and flag a problem so a TEax Examiner/CCustomer Services Representative can take steps with the taxpayer to resolve the issue. Applicants will still have the right to appeal rejection for participation in the e-file program

e-services Products

All e-services Products currently exist and are provided to taxpayers and their designated recipients. No effects have been identified that would detrimentally effect the taxpayer or employeeAll e-services Products exist and are made available for use by taxpayers and their designated recipients. No effects have been identified that would detrimentally effect the taxpayer or employee as stated in Section 2.3 (Question 4a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]).

b. derivation of data;

Third Party Community

There are no anticipated effects on the due process rights of taxpayers resulting from derivation of data.

e-services Products

There are no anticipated effects on the due process rights of taxpayers and employees due to derivation of data.

c. accelerated information processing and decision making;

Third Party Community

e-services applicants who do not pass suitability checks are notified more quickly. Applicants and registrants are able to correct information online immediately

e-services Products

Online or within 72-hour delivery of taxpayer information should provide faster resolution to tax issues or accelerated processing of benefit guarantees for the taxpayer. Data is more timely and accurate than the current system because information is checked for accuracy and validity and edited interactively.

d. use of new technologies.

Third Party Community

No additional technologies are utilized due to the PeopleSoft 8.8 upgrade. Third parties will use a Web-based front-end application via the Internet to access e -services business applications. There are no anticipated effects on the due process rights of taxpayers and employees due to the use of any new technologies. Users of already existing technologies are instructed to follow IRS policies and procedures to reduce the likelihood of attacks such as identity theft.

e-services Products

How are the effects to be mitigated?

Third Party Community

There are no anticipated effects to be mitigated. Non-repudiation techniques (using an electronic signature – Personal Identification Number [PIN]) for disclosure authorizations, terms of agreement, the registration and application and security and auditing architecture mitigate potential concerns

e-services Products

There are no anticipated effects to be mitigated. Non-repudiation techniques (using an electronic signature – PIN) for disclosure authorizations, terms of agreement, the registration and application and security and auditing architecture mitigate potential concerns.

2.4 Maintenance of Administrative Controls

1.a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.

Third Party Community

Business purposes for the collection and use of information are made explicit between the IRS business owner and applicable entities. Equitable treatment of taxpayers and employees is ensured by IRS authorities under 26 United States Code (USC) 3406, and (2) 26 USC 6103, and the Privacy Act of 1974 as amended.

e-services Products

e-services products will be available to registered users and IRS employees 24 hours a day. All users must be authenticated and authorized to access taxpayer information. The application set does not have any technological method to distinguish groups from all of the other records in the database. Disclosure of returns and return information may be made only as provided by 26 USC 3406, and (2) 26 USC 6103, and the Privacy Act of 1974 as amended.

b. If the system is operated at more than one site, how will consistent use of the system and data be maintained in all sites?

Third Party Community

The system/application will operate in only one site. Web access is from several sites, but the data is stored at the XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX).

e-services Products

The application will operate in only one site. Web access is from several sites, but the data is stored only at IRS sites.

c. Explain any possibility of disparate treatment of individuals or groups.

Third Party Community

IRS entities will receive access to third party services based on the roles given to them during initial registration. All participants are treated equally based on their assigned roles.

e-services Products

IRS entities will receive access to third party services based on the roles given to them. All participants are treated equally based on their assigned roles.

2.a. What are the retention periods of data in this system?

Third Party Community

The data in the system will be retained for at least 2 years and will be maintained in accordance with Records Disposition Handbooks, IRM 1.15.59.1 through IRM 1.15.59.32.

e-services Products

The data in the system will be retained for at least 2 years and will be maintained in accordance with Records Disposition Handbooks, IRM 1.15.59.1 through IRM 1.15.59.32.

b. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?

Third Party Community

All data meeting end of retention period requirements will be eliminated, overwritten, degaussed, and/or destroyed in the most appropriate method based upon the type of storage media used based upon documented IRS policies and procedures.

e-services Products

c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

Third Party Community

Applicants and registrants are responsible for ensuring that their data is accurate. Applicants who do not use the e-file system lose access to the e-file program after two consecutive years of inactivity. An applicant’s suitability is reviewed annually to ensure continued compliance. Applicants that are dropped from the e-file program may appeal these sanctions.

e-services Products

Third party users and represented taxpayers are responsible for ensuring that their data is accurate. Records are maintained via the online e-services application interface. Updates and disclosures transactions are made to the processing environment through this means and dictate accuracy, relevancy, timeliness, and completeness. Applicants who do not use the e-file system lose access to the e-file program after two consecutive years of inactivity

3.a. Is the system using technologies in ways that the IRS has not previously employed (e.g., Caller-ID)?

Third Party Community

Yes, it is anticipated that third parties will use a Web-based front-end application via the Internet to access e-services business applications. Although Web technology is used, persistent cookies are not authorized. Session cookies are allowed, but these cookies disappear when the session is terminated. No new technologies are employed within the e-services environment due to the PeopleSoft 8.8 upgrade. Existing technologies as described in-depth in Section 2.4 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) are continuing to be utilized.

e-services Products

Yes, third parties and IRS employees will use a Web-based front-end application via the Internet/Intranet to access e-services Products. Although Web technology is used, persistent cookies (storing user information) are not authorized. No new technologies are employed within the e-services environment due to the PeopleSoft 8.8 upgrade. Existing technologies as described in-depth in Section 2.4 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) are continuing to be utilized.

b. How does the use of this technology affect taxpayer/employee privacy?

Third Party Community

No new technologies are employed within the e-services environment due to the PeopleSoft 8.8 upgrade. Existing technologies such as Secure Sockets Layer (SSL) V3 are described in-depth in Section 2.4 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) are continuing to be utilized. With the establishment of the proper controls in place to control access and ensure secure communications, the use of this technology is not expected to affect the privacy of IRS entities. Data transmissions are encrypted from the user’s browser all the way through the system using SSL V3 mechanisms.

e-services Products

No new technologies are employed within the e-services environment due to the PeopleSoft 8.8 upgrade. Existing technologies such as SSL V3 as described in-depth in Section 2.4 (Question 3a) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]) are continuing to be utilized. With the establishment of the proper controls in place to control access and ensure secure communications, the use of this technology should not affect their privacy of users. Data communications paths are encrypted until the data enters an IRS site, at which point the system provides secure transmission of data using SSL V3 mechanisms.

4.a. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

Third Party Community

Yes, the system provides information that enables the IRS (sanctioned by the Taxpayer Browsing Protection Act of 1997) to identify, locate, and monitor both firms and individuals for the purpose of auditing and to prevent the misuse of e-services Products.

e-services Products

b. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.

Third Party Community

Yes, participants will continue to be grouped by type (e.g., ERO, VITA Site, software developer, and transmitter) and monitored on site and through returns filed.

e-services Products

Yes, participants continue to be grouped by type (e.g., ERO, VITA Site, software developer, and transmitter) and monitored on-site and through returns filed.

c. What controls will be used to prevent unauthorized monitoring?

Third Party Community

Access controls based upon user profile information prevent unauthorized monitoring of IRS entities. Audit records, and intrusion detection systems are used by management as a deterrent as well as a monitoring tool. Management’s commitment to employee UNAX training keeps them aware of the need to be good stewards of the public trust.Auditing controls and intrusion detection systems used by management as a deterrent are the same as the controls described in Section 2.4 (Question 4c) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]), which applies to the PeopleSoft 8.8 upgrade effort.

e-services Products

Access controls based upon user profile information prevent unauthorized monitoring of IRS entities. Audit records, and intrusion detection systems are used by management as a deterrent as well as a monitoring tool. Management’s commitment to employee UNAX training keeps them aware of the need to be good stewards of the public trust.Access controls based upon user profile information prevent unauthorized monitoring of IRS entities. Auditing controls and intrusion detection systems used by management as a deterrent are the same as the controls described in Section 2.4 (Question 4c) of the certified e-services 2.0r PIA (Version 1.3 [dated January 7, 2004]), which applies to the PeopleSoft 8.8 upgrade effort.

5.a. Under which Systems of Record notice (SOR) does the system operate? Provide number and name.

Third Party Community

• Treasury/IRS 24.030—Individual Master File (IMF), Taxpayer Services (formerly Individual Master File (IMF), Returns Processing)
• Treasury/IRS 24.046—Business Master File (BMF), Taxpayer Services (formerly Business Master File (BMF), Returns Processing)

e-services Products

b. If the system is being modified, will the SOR require amendment or revision? Explain.

Third Party Community

A new SORN is not needed at this time because the existing SORN is sufficient.

e-services Products

A new SORN is not needed at this time because the existing SORN is sufficient.

Abbreviations and Acronyms

ADB Applicant Database
AMDAS Application Messaging Data Access Service
AGI Adjusted Gross Income
ASAP Automated Suitability Analysis Program
ASEC eFile Security Manager
BMF Business Master File
BMFOL Business Master File On Line
BRTF Business Return Transaction File
BRTFOL Business Return Transaction File On Line
CAF Centralized Authorization File
CFOL Corporate Files On Line
COTS Commercial off-the-shelf
CR Change Request
CRM Customer Relationship Management
CSR Customer Service Representative
DA Disclosure Authorization
DCM Distribution Channel Management
DM-1 Data Master-1
DMV Data Model View
DOB date of birth
EA Enterprise Architecture, Enrolled Agent
EAR Electronic Account Resolution
EARS ELF-15 Automated Reporting System
ECC-MTB Enterprise Computing Center (Martinsburg)
EDAS Enterprise Directory and Authentication Service
EBBS Electronic Bulletin Board System
EFDS Electronic Fraud Detection System
EFIN Electronic Filing Identification Number
EIN Employer Identification Number
ELF Electronic Filing System
EMS Electronic Management System
EPRS Electronic Problem Reporting System
EAR Electronic Account Resolution
ECC-MTB Enterprise Computing Center (Martinsburg)
ERO Electronic Return Originator
ETARAS Electronic Tax Administration Research and Analysis System
ETIN Electronic Transmitter Identification Number
EUP Employee User Portal
FBI Federal Bureau of Investigation
ICM Indirect Channel Management
ID Identification
IMF Individual Master File
IMFOL Individual Master File On Line
IRC Internal Revenue Code
IRM Internal Revenue Manual
IRMF Individual Return Master File
IRMFOL Individual Return Master File On Line
IRS Internal Revenue Service
IRTF Individual Return Transaction File
IRTFOL Individual Return Transaction File On Line
ISP Internet Service Provider
ISS Infrastructure Shared Services
MCC Martinsburg Computing Center
MFT Master File Tax Account Code
MIS Management Information System
MS4 Milestone 4
NAP National Account Profile
NCIC FBI National Crime Information Center
OPA Office of the Privacy Advocate
PAF Payer Authorization File
PIA Privacy Impact Assessment
PIN Personal Identification Number
PMF Payer Master File
POA Power of Attorney
PS PeopleSoft
PTIN Preparer Tax Identification Number
RBAC Role-based Access Control
RIS Requests for Information Services
RUP Registered User Portal
SAAS Security Audit and Analysis System
SBU Sensitive but Unclassified
SCAP Standard CFOL Access Protocol
SDLN Source Document Locator Number
SOR Systems of Record
SORN Systems of Record Notice
SSA Social Security Administration
SSL Secure Sockets Layer
SSN Social Security Number
STIR Security and Technology Infrastructure Release
TDS Transcript Delivery System
THDB Transaction History Database
TIA Tax Information Authorization
TIN Taxpayer Identification Number
TPDS Third Party Data Store
UNAX Unauthorized Access
USC United States Code
VITA Volunteer Income Tax Assistance
WR Work Requests
XDB Transitional Database

Page Last Reviewed or Updated: August 09, 2007