The license authorizes IES Security Officials to make unannounced and unscheduled inspections of the Licensee's facilities, including any associated computer center, to evaluate compliance with the terms the license and security procedures. HLA is the current Security Official representative for IES.
Chapter Contents
Under the provisions of the license, IES may conduct unannounced and unscheduled inspections of the license site to assess compliance with the terms of the license.
Specifically, Security Officials will visit the Licensee's facilities to evaluate compliance in the following two areas, which are explained in detail in this section:
Appendix K contains an On-Site Inspection Interview Guideline.
IES Data Security Officials will review the project operations with the Principal Project Officer, or the Senior Official, at the Licensee's facility. This review will focus on the agreements set forth in the actual license, memorandum of understanding, or Department of Education contract. This includes an inspection of the current status of the project, as discussed below.
IES Data Security Officials will review with the Licensee all aspects of the Licensee's security procedures for the restricted data. These procedures are documented in the Security Procedures.
IES Data Security Officials will also review the Licensee's submitted Security Plan Form, which is the on-site implementation document for the Security Procedures.
IES Data Security Officials will review these procedures for compliance. A basic outline of these procedures, in the form of the On-Site Inspection Guideline, is presented in the next section below.
The On-Site Inspection Guideline in appendix K presents a standard set of questions that will be asked by IES Data Security Officials when performing an on-site inspection. Since this is a guide, more license-specific questions may be asked on a case-by-case basis.
The On-Site Inspection Guideline is offered to ensure consistency among interviews and to ensure that all appropriate questions and topics are covered during the interview. A basic outline of the topics covered in the inspection guide follows.
Assignment of Security Responsibilities
Development and Implementation of Security Plan
Form
Restriction of Access to Data
Use of Data at Licensed Site Only
Return of Original Data to IES
Protection of Machine-Readable Media and Printed Material
Avoidance of Disclosure from Printed Material
Restrictions on Copying of Data
Restrictions on Methods of Transporting Data
The on-site inspection will include a tour of the Licensee's computer facilities.
Alleged violations of the Privacy Act of 1974 or IES-specific laws are subject to prosecution by the United States Attorney after first making reasonable efforts to achieve compliance.
Any violation of this license may also be a violation of Federal criminal law under the Privacy Act of 1974, 5 U.S.C. 552a, and may result in a misdemeanor and a penalty of up to $5,000.
Anyone violating the confidentiality provisions of section 183 of the Education Sciences Reform Act of 2002 (P.L. 107-279), or making an unauthorized disclosure, when using the data shall be found guilty of a class E felony and can be imprisoned up to five years, and/or fined up to $250,000.
Penalties, fines and imprisonment, may be enforced for each occurrence of a specific violation.