Jump to main content.

The Inspector General Enterprise Resource (TIGER)

I. Data in the System

  1. Generally describe what data/information will be collected in the system.

    The integrated system, TIGER shall feature the following functions: project management, project analysis, resource management (which includes users' name, social security number, date of birth, work hours, and security clearance level), knowledge management/collaboration management, project/cost accounting, workflow management, document management, reports and analysis, time management, and expense management.

  2. What are the sources and types of the information in the system?

    The data sources of the privacy information are from the OIG managers and staff. Other data sources are from reports of OIG investigative activities.

  3. How will the data be used by the Agency?

    TIGER will automate the workflow, track project, and cost information associated with problems, abuses, and deficiencies relating to EPA programs and operations, and progress of corrective actions that are reported to the EPA Administrator and Congress.

  4. Why is the information being collected? (Purpose)

    The EPA Office of Inspector General (OIG) uses TIGER to report on the efficiency of EPA programs and operations. The OIG provides independent audit, evaluation, investigative and advisory services that promote economy, efficiency, effectiveness, and prevent and detect fraud, waste, and abuse to add value in EPA programs and operations. The OIG has further interpreted this statutory mission through its strategic and annual performance goals for contributing to environmental quality, human health, and good government that inspires public confidence in the integrity of EPA operations.

II. Access to the Data

  1. Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?

    The OIG TIGER database administrator and system administrator have direct access to the data. The OIG users have access to the data only through the system application.

  2. What controls are in place to prevent the misuse of data by those having authorized access?

    The TIGER Rules of Behavior is a security control that prevents the misuse of data. Security training will be given to users regarding the use of sensitive information.

  3. Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)

    No, TIGER will not interface external system, nor directly share data to other systems.

  4. Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)

    The system manager is responsible for protecting the privacy rights of the individuals.

  5. Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)

    No.

III. Attributes of the Data

  1. Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.

    The data collected is necessary to track individual audit, program evaluation, and investigative assignments, time, and cost associated with the OIG assignments. The assignment data is used to provide information in the EPA Semiannual Report to Congress.

  2. If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.

    Management controls are in place to ensure that data is not consolidated for unauthorized use or access.

  3. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

    Data and unauthorized access is controlled through technical software security access rights. Therefore, only certain people with prior management approval will be given access rights to certain data. Management controls and data quality procedures are in place to ensure that data is not consolidated for unauthorized use or access.

  4. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)

    No, there is no mean of retrieving data via using a personal identifier in TIGER. Each TIGER record has a system generated number.

  5. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)

    A privacy policy warning note will be displayed at the application logon screen.

IV. Maintenance of Administrative Controls

  1. Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)

    A retention schedule for the data of the system is being developed by the Agency.

  2. While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

    The managers review the data for accuracy prior to making decisions. The OIG has developed a draft data quality policy that ensures the proper management responsibilities are in place to comply with the EPA's Information Quality Guidelines (OMB Section 515). Annually, the Deputy Inspector General for the OIG will certify as a part of the OIG Annual Performance Report, that all data reported through OIG information systems meets the EPA data quality standards.

  3. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

    TIGER system allows one to identify the name, location of individuals, and time associated with a project.

  4. Does the system use any persistent tracking technologies?

    No.

  5. Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. A list of Agency SORs are posted at http://www.epa.gov/privacy/notice/. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)

    N/A. TIGER record is not retrieved by using a personal identifier.

Local Navigation

Jump to main content.