Your SlideShare is downloading. ×

Privacy Impact Assessment Management System (PIAMS)

163

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
163
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 Protect Personally Identifiable Information (PII) through process improvement and automation with the Privacy Impact Assessment Management System (PIAMS) Presented by www.cantongroup.com Richard Snyder Jason Lancaster Kelly Price 2920 O’Donnell St. Baltimore, MD 21224 tel: 410.675.5708 fax: 410.675.5111 www.cantongroup.com
  • 2. 2 Problem Statement • A Privacy Impact Assessment, or PIA, is an analysis of how information in identifiable form is collected, stored, protected, shared and managed...[to] ensure that system owners and developers have consciously incorporated privacy protection throughout the entire life cycle of a system. • PIA’s expose internal and external threats to the confidentiality of Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of Management and Budget (OMB) guidance. • This analysis is required on many systems within Federal Organizations and can result in a significant investment in time during the preparation and review cycles. www.cantongroup.com
  • 3. 3 Solution Overview • A Privacy Impact Assessment Management System (PIAMS) collects and stores multiple Privacy Impact Assessment (PIA) questionnaires for system owners. • Types of PIA’s can include specialty questionnaires for ~ Surveys ~ Social networking sites ~ Public internet sites ~ Generic data storage PIA • Manual process of filing and reviewing PIAs is replaced by a web system to store the final deliverable and automate the PIA process. www.cantongroup.com
  • 4. 4 Workflow Overview • Promotes workflow flexibility An example would be allowing management approval on the “business” side as well as the “privacy side”. • Multiple versions of each type of questionnaire As the need for stored information changes, each questionnaire can be updated to reflect those changes. Existing approved or signed PIAs will be linked to the version of the questionnaire active at the time • Dynamic sub-questions based on answers. For example, if the answer to a question is “yes” display one subset of questions; if no, show a different subset. • Approved (or signed) PIAs stored in a read-only state ~ Minimizes the need for physical storage ~ Allows for statistical analysis and data-mining of PII elements www.cantongroup.com
  • 5. 5 Process Flow www.cantongroup.com
  • 6. 6 Technical Architecture • Microsoft .NET Framework, version 4.0 or 4.5 • Pages & functionality developed using C#, JavaScript, and SQL Stored Procedures • Database server running Microsoft SQL Server 2008 • Web Server(s) running Windows Server® 2012 or Windows Server ®2008 R2 • Windows Internet Information Services (IIS) 8.0 • Database Server running Microsoft SQL Server 2008 www.cantongroup.com
  • 7. 7 Key Benefits of PIAMS • Eliminates the use of paper application submissions (Paper Reduction) • Increases the ability of tracking and centrally storing the PIA’s (Transparency and Accessibility) • The ability for electronic notifications for PIA renewal or missing information sent to the system owners (Workflow Automation) • Increases reporting for individual systems or enterprise wide (Reporting and Metrics) • Reduces man hours required to perform initial and subsequent PIA’s (Sustained Operational Reduction) • Facilitates enhanced security of PII Data (Enhanced data security) www.cantongroup.com
  • 8. 8 Proven Success Story • The Canton Group worked with IRS to automate and improve the existing PIA processes leveraging state of the art web software. • The system created by The Canton Group provided the IRS with new operational capability and allowed the IRS to have more confidence in assigning security levels for systems as well as massively decrease the labor hours required to gathering this information. • The implementation of this system has resulted in a sustained reduction in man hours required to perform Privacy Impact Assessments (PIAs) and improved the speed to perform PIAs by a factor of 10. www.cantongroup.com
  • 9. 9 Summary • PIAMS improves operational effectiveness • The Canton Group designed and developed PIAMS • The IRS has a significant number of systems with PII and is successfully using PIAMS • PIAMS can be configured and customized to meet agency specific requirements • The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime Contractor www.cantongroup.com
  • 10. 10 Contact Canton Group For more information or to schedule a demonstration please contact: Chris Forhan, Director of Digital Strategy cforhan@cantongroup.com Ed Peck, Senior Security Engineer CISSP epeck@cantongroup.com Or call 410-675-5708 x7117 www.cantongroup.com

×