The document discusses the Privacy Impact Assessment Management System (PIAMS) developed by The Canton Group to improve the privacy impact assessment (PIA) process for federal agencies. PIAMS automates the collection, storage, and review of PIA documents to reduce costs and improve transparency. It replaces manual PIA processes and filing with a web-based system. The Internal Revenue Service successfully implemented PIAMS, reducing the time to complete PIAs by a factor of 10 and decreasing labor hours.
1. 1
Protect Personally Identifiable
Information (PII) through process
improvement and automation with the
Privacy Impact Assessment Management
System (PIAMS)
Presented by
www.cantongroup.com
Richard Snyder
Jason Lancaster
Kelly Price
2920 O’Donnell St.
Baltimore, MD 21224
tel: 410.675.5708
fax: 410.675.5111
www.cantongroup.com
2. 2
Problem Statement
•
A Privacy Impact Assessment, or PIA, is an analysis of how
information in identifiable form is collected, stored, protected,
shared and managed...[to] ensure that system owners and
developers have consciously incorporated privacy protection
throughout the entire life cycle of a system.
•
PIA’s expose internal and external threats to the confidentiality of
Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of
Management and Budget (OMB) guidance.
•
This analysis is required on many systems within Federal
Organizations and can result in a significant investment in time
during the preparation and review cycles.
www.cantongroup.com
3. 3
Solution Overview
•
A Privacy Impact Assessment Management System (PIAMS)
collects and stores multiple Privacy Impact Assessment (PIA)
questionnaires for system owners.
•
Types of PIA’s can include specialty questionnaires for
~ Surveys
~ Social networking sites
~ Public internet sites
~ Generic data storage PIA
•
Manual process of filing and reviewing PIAs is replaced by a web
system to store the final deliverable and automate the PIA process.
www.cantongroup.com
4. 4
Workflow Overview
•
Promotes workflow flexibility
An example would be allowing management approval on the “business” side as well
as the “privacy side”.
•
Multiple versions of each type of questionnaire
As the need for stored information changes, each questionnaire can be updated to
reflect those changes. Existing approved or signed PIAs will be linked to the version
of the questionnaire active at the time
•
Dynamic sub-questions based on answers.
For example, if the answer to a question is “yes” display one subset of questions; if
no, show a different subset.
•
Approved (or signed) PIAs stored in a read-only state
~ Minimizes the need for physical storage
~ Allows for statistical analysis and data-mining of PII elements
www.cantongroup.com
6. 6
Technical Architecture
•
Microsoft .NET Framework, version 4.0 or 4.5
•
Pages & functionality developed using C#, JavaScript, and SQL
Stored Procedures
•
Database server running Microsoft SQL Server 2008
•
Web Server(s) running Windows Server® 2012 or Windows Server
®2008 R2
•
Windows Internet Information Services (IIS) 8.0
•
Database Server running Microsoft SQL Server 2008
www.cantongroup.com
7. 7
Key Benefits of PIAMS
• Eliminates the use of paper application submissions (Paper
Reduction)
• Increases the ability of tracking and centrally storing the PIA’s
(Transparency and Accessibility)
• The ability for electronic notifications for PIA renewal or missing
information sent to the system owners (Workflow Automation)
• Increases reporting for individual systems or enterprise wide
(Reporting and Metrics)
• Reduces man hours required to perform initial and subsequent
PIA’s (Sustained Operational Reduction)
•
Facilitates enhanced security of PII Data (Enhanced data security)
www.cantongroup.com
8. 8
Proven Success Story
•
The Canton Group worked with IRS to automate and improve the
existing PIA processes leveraging state of the art web software.
•
The system created by The Canton Group provided the IRS with
new operational capability and allowed the IRS to have more
confidence in assigning security levels for systems as well as
massively decrease the labor hours required to gathering this
information.
•
The implementation of this system has resulted in a sustained
reduction in man hours required to perform Privacy Impact
Assessments (PIAs) and improved the speed to perform PIAs by a
factor of 10.
www.cantongroup.com
9. 9
Summary
• PIAMS improves operational effectiveness
• The Canton Group designed and developed PIAMS
• The IRS has a significant number of systems with PII and is
successfully using PIAMS
• PIAMS can be configured and customized to meet agency specific
requirements
• The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime
Contractor
www.cantongroup.com
10. 10
Contact Canton Group
For more information or to schedule a demonstration please
contact:
Chris Forhan, Director of Digital Strategy
cforhan@cantongroup.com
Ed Peck, Senior Security Engineer CISSP
epeck@cantongroup.com
Or call 410-675-5708 x7117
www.cantongroup.com