Privacy Act System of Records: Information System for the Office of Administrative Services, EPA-41
[excerpted from: Federal Register: August 31, 2006 (Volume 71, Number 169)]
System Name: Office of Administrative Services Information System (OASIS).
System Location: Office of Administrative Services, Environmental Protection Agency, Ariel Rios Building, 1200 Pennsylvania Ave., NW., Washington, DC 20460.
Categories of Individuals Covered by the System: Individuals who require regular, ongoing access to EPA-controlled facilities, information technology systems, or information classified in the interest of national security, including applicants for employment or contracts, Federal employees, contractors, grantees, students, interns, volunteers, other non-Federal employees and individuals formerly in any of these positions. The system also covers individuals authorized to perform or use services provided in Agency facilities (e.g., Fitness Center, etc.). The system does not apply to occasional visitors or short-term guests to whom the Agency will issue temporary identification.
Categories of Records in the System: This system maintains records that are used to administer and manage the administrative resources of the EPA. Categories of records include:
- Personal information such as name, home address, telephone number, and date of birth.
- Work related information such as work address, work telephone number, organization/office assignment, and company name.
- Personnel Security Records such as the results of a background investigation, and information derived from documents used to verify applicant's identity.
- Locks and Keys Management information such as combinations, locks, incidents requiring a security report, keys, and safes located at Headquarters.
- Physical Security information such as building vulnerabilities, mitigations, costs associated with mitigation, and risk designation levels at various EPA locations.
- Warehouse Management information such as type of product order, contact information for recipient, and purchase order number.
- Fitness Center information such as photographs, medical information, payroll deductions, and pay grade (GS level only).
- Driver Tracking information such as EPA vehicle license plate numbers, service records, and number of passengers utilizing the Agency buses.
- Parking and Transit information such as carpool members names, addresses, work addresses, license plate numbers, and type of cars as well as transit subsidy information such as subsidy amount, possession of a registered Smart Trip card, and serial number of Smart Trip card if registered.
- Mail Center Management information used to track registered mail. Records include mailing address of the recipient and sender, name of individual who signed for the piece of mail, date and time mail was signed for, and costs of postage for each office.
- Printing information such as name and telephone number of the office requesting print jobs, the budget associated with the print job, and completion and delivery of the print job.
- Trouble Ticket information such as the name and work telephone number of the caller and the nature of the information technology problem.
Authority for Maintenance of the System (includes any revisions or amendments): 5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106, sec. 5113); Electronic Government Act (Pub. L. 104-347, sec. 203); the Paperwork Reduction Act of 1995 (44 U.S.C. 3501); and the Government Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C. 3504); Federal Property and Administrative Act of 1949, as amended.
Purpose(s): The purpose of this system is to administer and manage administrative resources for the EPA. Each module's purpose is described below.
- Physical Security--The purpose of the Physical Security module is to assist the members of the Security Management Division with assessments of the physical vulnerabilities of buildings, risk and cost of exterior/perimeter mitigations, and security access.
- Warehouse Management--The purpose of the Warehouse Management module is to assist the Agency with tracking and recording government property.
- Fitness Center Management System--The purpose of the Fitness Center Management module is to assist team members within the Safety, Health and Environmental Management Division with tracking visitors, fitness center members' information, payment, and equipment inventory and maintenance.
- Parking and Transit System--The purpose of the Parking and Transit module is to assist the members of the Facilities Management and Services Division with tracking of the use of parking spaces provided by EPA. This module also tracks EPA employees' transit subsidy and Smart Trip transactions.
- Combo, Locks, Incidents, Keys, and Safe System--The purpose of the Combo Locks Incident Keys Safe System (CLIKS) module is to assist the members of the Security Management Division with tracking documentation associated with security changes for locks and keys as well as safes and combinations. This system also maintains a log of incidents on the grounds of EPA Headquarters' sites.
- Driver Tracking--The purpose of the Driver Tracking module is to assist the motor pool of the Facilities Management and Services Division with tracking requests, ridership, vehicles and buses. The Driver Tracking module contains information about special requests for the services of an EPA driver or shuttle bus.
- Mail Center--The purpose of the Mail Center module is to track costs associated with the Agency's incoming and outgoing mail as well as route and distribute internal and external mail.
- Personnel Security System--The purpose of the Personnel Security module is to assist the members of the Security Management Division with tracking the documentation associated with security investigations for Federal and non-Federal personnel working for EPA.
Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: General routine uses A, B, C, D E, F, G, H, I, J, and K apply to this system.
Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:
Storage: Records are stored in electronic media and paper files are stored in locked file cabinets.
Retrievability: Records are maintained in a database that requires authorized user login and password to retrieve personal data.
Safeguards: Security controls used to protect personal sensitive data in OASIS are commensurate with those required for a information system rated MODERATE for confidentiality, integrity, and availability, as prescribed in NIST Special Publication, 800-53, "Recommended Security Controls for Federal Information Systems," Annex 2.
Retention and Disposal: Records are retained and disposed of in accordance with EPA's records control schedule approved by the National Archives and Records Administration.
System Manager(s) and Address: Director, Office of Administrative Services, Environmental Protection Agency, MC3201A, 1200 Pennsylvania Avenue, NW., Washington, DC 20460.
Notification Procedures: Any individual who wants to know whether this system of records contains a record about him or her, who wants access to his or her record, or who wants to contest the contents of a record, should make a written request to the EPA FOIA Office, Attn: Privacy Act Officer, MC2822T, 1200 Pennsylvania Avenue, NW., Washington, DC 20460.
Record Access Procedure: Requests for access must be made in accordance with the procedures described in EPA's Privacy Act regulations at 40 CFR part 16. Requesters will be required to provide adequate identification, such as a driver's license, employee identification card, or other identifying document. Additional identification procedures may be required in some instances.
Contesting Records Procedure: Requests for correction or amendment must identify the record to be changed and the corrective action sought. Complete EPA Privacy Act procedures are described in EPA's Privacy Act regulations at 40 CFR part 16.
Record Source Categories: The system of records notice that applies to OASIS is PeoplePlus Payroll, Time and Labor Application (EPA-1). All data not collected from this system is entered manually from employees and contractors via paper or electronic format.
Systems Exempted From Certain Provisions of the Act: Under 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Personnel Security System is exempt from the following provisions of the Privacy Act of 1974 as amended, subject to the limitations set forth in this subsection; 5 U.S.C. 552a(c)(3); (d)(2), (d)(3), and (d)(4); (e)(1), and (f)(2) through (5). Although the Personnel Security System has been exempted, EPA may, in its discretion, fully grant individual requests for access and correction if it determines that the exercise of these rights will not interfere with an interest that the exemption is intended to protect.