Privacy Impact Assessment Management System (PIAMS)


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Privacy Impact Assessment Management System (PIAMS)

  1. 1. 1 Protect Personally Identifiable Information (PII) through process improvement and automation with the Privacy Impact Assessment Management System (PIAMS) Presented by Richard Snyder Jason Lancaster Kelly Price 2920 O’Donnell St. Baltimore, MD 21224 tel: 410.675.5708 fax: 410.675.5111
  2. 2. 2 Problem Statement • A Privacy Impact Assessment, or PIA, is an analysis of how information in identifiable form is collected, stored, protected, shared and managed...[to] ensure that system owners and developers have consciously incorporated privacy protection throughout the entire life cycle of a system. • PIA’s expose internal and external threats to the confidentiality of Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of Management and Budget (OMB) guidance. • This analysis is required on many systems within Federal Organizations and can result in a significant investment in time during the preparation and review cycles.
  3. 3. 3 Solution Overview • A Privacy Impact Assessment Management System (PIAMS) collects and stores multiple Privacy Impact Assessment (PIA) questionnaires for system owners. • Types of PIA’s can include specialty questionnaires for ~ Surveys ~ Social networking sites ~ Public internet sites ~ Generic data storage PIA • Manual process of filing and reviewing PIAs is replaced by a web system to store the final deliverable and automate the PIA process.
  4. 4. 4 Workflow Overview • Promotes workflow flexibility An example would be allowing management approval on the “business” side as well as the “privacy side”. • Multiple versions of each type of questionnaire As the need for stored information changes, each questionnaire can be updated to reflect those changes. Existing approved or signed PIAs will be linked to the version of the questionnaire active at the time • Dynamic sub-questions based on answers. For example, if the answer to a question is “yes” display one subset of questions; if no, show a different subset. • Approved (or signed) PIAs stored in a read-only state ~ Minimizes the need for physical storage ~ Allows for statistical analysis and data-mining of PII elements
  5. 5. 5 Process Flow
  6. 6. 6 Technical Architecture • Microsoft .NET Framework, version 4.0 or 4.5 • Pages & functionality developed using C#, JavaScript, and SQL Stored Procedures • Database server running Microsoft SQL Server 2008 • Web Server(s) running Windows Server® 2012 or Windows Server ®2008 R2 • Windows Internet Information Services (IIS) 8.0 • Database Server running Microsoft SQL Server 2008
  7. 7. 7 Key Benefits of PIAMS • Eliminates the use of paper application submissions (Paper Reduction) • Increases the ability of tracking and centrally storing the PIA’s (Transparency and Accessibility) • The ability for electronic notifications for PIA renewal or missing information sent to the system owners (Workflow Automation) • Increases reporting for individual systems or enterprise wide (Reporting and Metrics) • Reduces man hours required to perform initial and subsequent PIA’s (Sustained Operational Reduction) • Facilitates enhanced security of PII Data (Enhanced data security)
  8. 8. 8 Proven Success Story • The Canton Group worked with IRS to automate and improve the existing PIA processes leveraging state of the art web software. • The system created by The Canton Group provided the IRS with new operational capability and allowed the IRS to have more confidence in assigning security levels for systems as well as massively decrease the labor hours required to gathering this information. • The implementation of this system has resulted in a sustained reduction in man hours required to perform Privacy Impact Assessments (PIAs) and improved the speed to perform PIAs by a factor of 10.
  9. 9. 9 Summary • PIAMS improves operational effectiveness • The Canton Group designed and developed PIAMS • The IRS has a significant number of systems with PII and is successfully using PIAMS • PIAMS can be configured and customized to meet agency specific requirements • The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime Contractor
  10. 10. 10 Contact Canton Group For more information or to schedule a demonstration please contact: Chris Forhan, Director of Digital Strategy Ed Peck, Senior Security Engineer CISSP Or call 410-675-5708 x7117