Privacy Impact Assessment for the Integrated Grants Management System
On this page:
- I. Data in the System
- II. Access to the Data
- III. Attributes of the Data
- IV. Maintenance of Administrative Controls
I. Data in the System
Generally describe what information will be collected in the system.
IGMS contains information on the recipient of the grant, fellowship, cooperative agreement and interagency agreement, including the name of the entity accepting the award. This is usually an organization, with the exception of fellowships, which are awarded to persons, and interagency agreements which are awarded to other federal agencies. We maintain information on the organization, including the business address, business phone number, mail code, Dun and Bradstreet and tax identification numbers. We also maintain professional contact information on the people in that organization involved in the grant, including mail code, phone number, email address and the roles they are authorized to hold in the IGMS system. In the case of the fellowship recipient, the tax identification number is also the social security number and mailing information may be the mailing information for their home.
We maintain the following information on EPA employees involved in the grant process in the system, name, EPA location, mail code, email address, phone number, and IGMS roles.
Additionally, IGMS contains grant guidance, recipient work plans, interagency agreements, statements of work, grant application information, approval and signature information, comments, decision memoranda and accounting data, award data, reporting data, grantee past performance data and closeout data.
What are the sources and types of the information in the system?
Lotus Notes ID information for EPA employees, is pulled from the Notes National Address Book to support integrated E-mail functions.
The accepted financial data is inherited into the Grant Award. For fellowships there is only one set of modules in IGMS. Data on new fellowship awards are entered in the Fellowship Working Module. The IAG Modules work like the Fellowship Modules.
How will the data be used by the Agency?
The Integrated Grant Management System (IGMS) is designed to streamline and automate the grant and interagency agreement award and management processes from initiation to closeout.
Grantees are able to electronically submit and negotiate work plans, prepare and submit applications and receive award notifications through IGMS. They may also apply electronically through the Grants.gov website.
EPA employees are able to negotiate work plans; review and comment on applications; prepare, review and approve funding recommendations, commitment notices and awards, establish milestones and monitor post award activity. In addition to the electronic process, the system also supports creation of grant, IAG and fellowship awards, based on hard copy applications.
Why is the information being collected? (Purpose)
The information provided by the applicant describes the grant and the funding requested so that the Agency can assess the viability of the grant. Applicant contact information is used by the Agency to communicate with the applicant. Tax Identification Number is collected so that the finance office can disburse grant funds to the applicant.
The system improves efficiency by eliminating re-keying of data, mail and photocopy costs, and separate grant tracking systems and activities. It facilitates electronic commerce with grantees. It also increases the availability of grant information for Agency managers, providing them a basis for sound decision-making and oversight and improving the speed with which they can respond to information queries from Congress and the public. In addition, IGMS enforces data consistency, improving the quality of reports.
II. Access to the Data
Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?
The following groups will have access to various parts of the data in the system: users, managers, system administrators, and developers. EPA acquisition and FAR privacy clauses are included in IGMS contract.
What controls are in place to prevent the misuse of data by those having authorized access?
Users are required to take security training when they are initially trained to use the system. They also are required to sign user rules which define general security rules of behavior and additional rules of behavior for specialized roles, such as contractors and managers who approve transactions. All users are required to take annual security refresher training. Contractors are required to sign confidentiality agreements requiring them not to disclose system information.
Do other systems share data or have access to data in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)
Yes, grant award information is uploaded into the Grants Information and Control System, which is the legacy reporting database for IGMS and to the Grants Data Mart which will replace GICS. Tax ID information and name of fellow are not uploaded to the Grants Data Mart. The Office of Grants and Debarment Information Security Officer is responsible for ensuring the integrity of the data and the protection of applicant privacy rights relative to the transferred data.
Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)
Yes, selected state agencies have access to IGMS but only to data on their own grants. Access is only granted with a registered Notes ID or SSL name and password.
Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is a notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)
There is no public access.
III. Attributes of the Data
Explain how the use of data is both relevant and necessary to the purpose for which the system is being designed.
All the data is directly relevant to the application, approval, award, analysis and management of grants, fellowships, and interagency agreements. Data on the project is used to determine if the project should be funded. Tax Identification Numbers are required for the payment process. Applicant contact information is necessary to award and manage the grant.
If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.
We do consolidate award data and make it available for broader examination. We protect the data as follows:
Data on awards is not made visible until after the 5 day Congressional Notification Period.
Fellowship data is stripped of the fellows name and Taxpayer Identification Number before it is added to the Electronic Grant File. The school the fellow is attending becomes the identifier for the fellow in these data sets.
Data during the pre-award stage is not made broadly available. During this phase, a user must be identified on the document by name to have access to that document. All access is granted on a need to know basis.
If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.
IGMS automates the grant process. Each phase of the grant process results in documents which are reviewed and approved and, in most cases, signed. Roles dictate who can approve and sign documents in the system. Assignment of roles is under the control of management. Every document clearly shows who are in the review group for the document and if and when they approved the document. The signer can see whether the appropriate review was completed and determine whether to clear the document for the next phase or to disapprove or modify it. The process is similar to the review process commonly conducted in paper with hardcopy grants.
How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)
Data can be retrieved by recipient name, which in the case of the fellowship module, is the name of the individual and by Taxpayer Identification Number, which is the Social Security Number for fellows. It can also be retrieved by grant number, program code, project officer, grant specialist, by awarding organization, etc. However the Fellowship Module has tightly controlled access, including the grants specialists in Headquarters who award the fellowships, and the IGMS system managers and hot line employees who support them, about 35 people in all. Grants specialists only have access to those fellowship documents for which they are the specialist or delegate.
No public access
IV. Maintenance of Administrative Controls
Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)
EPA Records Schedule 009 for IGMS has been approved by the National Archives/Federal Records Center.
While the data is maintained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely and complete to ensure fairness in making determinations?
Decisions on grant awards, interagency agreements and fellowships are made primarily on the merits of the current proposal. However, IGMS contains the results of administrative reviews of recipients. Grant specialists must check these reviews prior to award of the grant to determine if there are unresolved findings. If unresolved findings are present additional funding may not be granted. The Grants Management Officers are responsible for closing out administrative reviews in the system when findings have been resolved. The OGD Compliance staff monitors open administrative reviews monthly with the Grants Management Officers to ensure the data are up-to-date.
Will the system provide the capability to identify, locate, and monitor individuals. If yes, explain.
Yes. The system can sort by the role the person has been given in IGMS, e.g., project officer or by type of recipient agency with which they work, e.g., non-profit.
Does the system use any persistent tracking technologies?
Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)