Privacy Impact Assessment - OASAM - OCIO - OutSystems

OVERVIEW

OutSystems is owned by the Office of the Assistant Secretary for Administration and Management (OASAM). OutSystems is a platform software technology with multiple components that come together to provide a powerful solution to deliver secure web applications. This system has been created in CSAM as a placeholder to represent inheritance from this platform only. Therefore, documentation may seem incomplete. OutSystems is hosted on the DOL's own instance of AWS. It is a low code tool used by the DOL to develop, deploy, and manage their own applications (TransitXpress).

OutSystems itself does not collect or contain PII. However, applications that are built on the OutSystems platform may collect or contain PII for various purposes. The following systems are built on OutSystems and collect or contain PII:

TransitXpress
JobCorps Applicant Check System (JACS)
Universal Pre-Employment Suitability Transaction Accountability & Tool (UpSTART)

CHARACTERIZATION OF THE INFORMATION

The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.

Specify whether the System collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.

OutSystems itself does not collect PII. PII is collected by the applications that are hosted on the OutSystems platform.

The information collected is on members of the public (US citizens), Federal contractors and Federal employees.

From whom is information to be collected?

OutSystems itself does not collect PII. PII is collected by the applications that are hosted on the OutSystems platform.

Information is collected from Federal Employees and Contractors and members of the public, including applicants and potential contractors who are likely to be members of the public (U.S. citizens) and/or foreign citizens.

Why is the Information being collected?

OutSystems itself does not collect PII. PII is collected by the applications that are hosted on the OutSystems platform.

The information collected by UpSTART is necessary in order for OASAM-DPSS to determine the suitability and national security determinations, as appropriate, for employment and both physical and network access to DOL assets. JACS collects PII to conduct background checks. TransitXpress collects PII to administer the DOL Transit Subsidy Fringe Benefit Program to all eligible DOL employees who are not also receiving some other transportation fringe benefit i.e. parking or bicycle.

What is the PII being collected, used, disseminated, or maintained?

First, Middle, Last Name, and, as applicable, Suffix
Date of birth
City, State, Country of Birth
Social Security Numbers
Residential address
Personal phone numbers
Mailing address (e.g., P.O. Box)
Personal e-mail address
Current & previous business addresses
Legal documents or notes (e.g., divorce decree, criminal records)
Educational records
Job Title
Employing Agency (within DOL)
Supervisor Name
Supervisor Work Email (DOL)
Position Risk, Sensitivity, and Clearance Level
Duty Station
Gender

How is the PII collected?

OutSystems itself does not collect PII. PII is collected by the applications that are hosted on the OutSystems platform.

JACS: PII is collected from prospective Job Corps students’ inputs on an interest form on the Job Corps Student Enrollment website. Job Corps analysts can also directly enter applicants PII in JACS

TransitXpress: PII is collected from HRConnect data file (name, home & email address). Also, employees build out their commute in the TransitXpress system, which results in a benefit amount requested from Transit Subsidy Benefit (TSB) Program.

UpSTART: The PII will be collected is via webpage which will have PII entered by either a USDOL HR staff member or COR directly into the Application. During this type of entry, an attachment will be submitted to the record in the system by the submitter which will also contain PII

How will the information collected from individua ls or derived from the system be checked for accuracy?

The applications hosted on the OutSystems platform are responsible for checking the accuracy of the information they collect and contain.

JACS: The applicants are responsible for verifying their data is correct. There is no penalty for incorrect data, although it could result in delay of the background investigation.

UpSTART: The webpage that USDOL HR and COR staff use to submit information will have some validation scripts to ensure that data entered matches the right format and structure prior to submission. Upon submission within UpSTART, DPSS will perform a comprehensive review of all data that is received. This will be accomplished by checking the data against the OF-306 that was submitted as an attachment. DPSS staff will also perform validation checks of the data by comparing the submission against external systems (manually, without any data connections) such as USAccess, CVS, and eQIP. Data that is found to be invalid or incorrect will be returned to the submitter for correction prior to proceeding with suitability and security clearance investigations.

TransitXpress: Employees validate the accuracy of their information in the data file from HRConnect system. Employees are instructed not to proceed with their TSB application if the information is not valid. The Transit Coordinator validates the employee’s benefit amount before approving it.

What specific legal authorities, arrangements, and/or agreements defined allow the collection of PII?

JACS: The DPSS EOD/Investigations team conducts pre-screening activities and initiates background investigations to evaluate the character and conduct of applicants, appointees, and contractors for the purpose of the adjudications team making suitability/fitness determinations under 5 CFR 731 (or equivalent), determines the eligibility of employees for national security positions under EO 13764, Amending the Civil Service Rules, EO 13488, and EO 13467 to Modernize the Executive Branch-wide Governance Structure and Process for Security Clearance, Suitability and Fitness for Employment, and Credentialing, and Related Matters, the eligibility for access to classified information under EO 12968, as amended, Access to Classified Information; EO 13526, as amended, National Security Information, and 5 CFR Part 1400, Designation of National Security Positions.

TransitXpress: Presidential Executive Order 13150, Public Law 103-17; Federal Employees Clean Air Incentives Act (U.S.C., Section 7905); E-Government Act of 2002 (H.R. 2458/S.803)

UpSTART: The Office of Personnel Management (OPM) is authorized to collect this information under US Code Title 5 1302, 3301, 3304, 3328, & 8706. 5 CFR 1104 allows OPM to delegate personnel management functions to other Federal agencies. Public Law 104-134 allows asks Federal agencies to use social security numbers to help identify individuals in agency records. Other controlling guidance relative to personnel security and suitability include 5 CFR 731, 5 CFR 732, and 5 CFR 1400. Also, Executive Orders 12968, 13467, 13488.

Privacy Impact Analysis

OutSystems itself does not collect PII. PII is collected by the applications that are hosted on the OutSystems platform.

For PII collected and used by JACS, possible risks include inappropriate use of the PII collected and malicious theft of data by a motivated outside attacker. The mitigations actions that are currently employed to reduce the potential of exposure of the identified PII are the following: minimize all data collection to the minimum necessary; establish and provide secure access to JACS. The only users that have direct access to this information are the designated Job Corps and DPSS staff; encrypt PII data during file transitions to and from other systems (OASIS and DCSA portal)

Unauthorized disclosure of information within TransitXpress may result in data compromise or impersonation and could lead to fraudulent activities. The risks resulting from PII collection, storage, and maintenance within the electronic environment is mitigated using administrative, technical, and physical safeguards.

The PII stored in UpSTART is subject to a moderate security risk and is hosted in a cloud environment with implementation of the Federal Risk and Authorization Management Program (FedRAMP) baseline security controls for a Moderate system as supported by NIST SP 800-53, Recommended Security Controls for Federal Systems. FedRAMP controls are specifically designed for cloud environment projects and are more stringent than controls for non-cloud projects. The privacy risks identified with the amount and type of data collected can be mitigated through various FedRAMP baseline security controls.

DESCRIBE THE USES OF THE PII

The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.

Describe all the uses of the PII

OutSystems itself does not collect or use PII. PII is collected and used by the applications that are hosted on the OutSystems platform.

PII collected by JACS is used to conduct background investigations on the Job Corps applicants.

TransitXpress uses data from the HRConnect file to identify and link financial benefit to an employee. PII is also used to process TSB for eligible DOL federal employees.

UpSTART uses PII to disclose pertinent information to the appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, when the disclosing agency becomes aware of an indication of a violation or potential violation of civil or criminal law or regulation. To disclose information to any source from which additional information is requested (to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and to identify the type of information requested), when necessary to obtain information relevant to an agency decision to hire or retain an employee, issue a security clearance, and/or to conduct a security or suitability investigation of an individual. To disclose to a Federal agency in the executive, legislative, or judicial branch of Government, in response to its request, or at the initiation of the agency maintaining the records, information in connection with the hiring of an employee, the issuance of a security clearance or determination concerning eligibility to hold a sensitive position, the conducting of an investigation for purposes of a credentialing, national security, fitness, or suitability adjudication concerning an individual, the classifying or designation of jobs, the letting of a contract, the issuance of a license, grant, or other benefit by the requesting agency, or the lawful statutory, administrative, or investigative purpose of the agency to the extent that the information is relevant and necessary to the requesting agency's decision.

What types of tools are used to analyze data and what type of data may be produced?

JACS does not use any analytical tools for the purpose of performing analysis related to the identified PII. No qualitative or quantitative data is generated from the identified PII collected.

TransitXpress stores TSB data in a Relational Database System (RDS) secured in the DOL Cloud. The TransitXpress system contains several predefined reports; only users provisioned with the correct roles can access these reports through TransitXpress. Privileged users within the Office of HR Works and Systems Support (OHRWSS) will be granted “Read Only” access to the RDS to use Standard Query Language (SQL) to produce a custom report and to satisfy ad-hoc data requests.

UpSTART uses MS Excel – computation of service level agreements, processing times, workloads.

Will the system derive new data, or create previously unavailable data, about an individua l through aggregation of the collected information?

Only TransitXpress will generate new data by aggregating known employee HR data with the Transit Benefit data for those participating in the TSB program

If the system uses commercial or publicly available data, please explain why and how it is used.

Only TransitXpress uses publicly available transportation rate tables to calculate the employee’s benefit amount.

Will the use of PII create or modify a “system of records notification” under the Privacy Act?

Only TransitXpress.

Privacy Impact Analysis

JACS: The PII collected is used only for a very specific and limited purpose. It is not used for any form of analysis nor is any data derived from PII collected.

TransitXpress: Access profiles are created based on the principle of need-to-know; users will only have access to the information needed to perform their roles. The Transit Managers determine which individual may have privileged role. No such access will be provided unless there is compliance with the appropriate levels of personnel security as provided by law, regulation, or DOL policies and procedures.

UpSTART: The operational storage and use of PII can create the risk of unauthorized access an disclosure. Limited staff have access to the PII originating in UpSTART. No PII will be transmitted via email which was originally collected by DPSS that is subject to a moderate security risk and is hosted in a cloud environment with implementation of the Federal Risk and Authorization Management Program (FedRAMP) baseline security controls for a Moderate system as supported by NIST SP 800-53, Recommended Security Controls for Federal Systems. FedRAMP controls are specifically designed for cloud environment projects and are more stringent than controls for non-cloud projects.

RETENTION

The following questions are intended to outline how long information will be retained after the initial collection.

What is the retention period for the data in the system?

OutSystems itself does not collect or store PII. PII is collected and stored by the applications that are hosted on the OutSystems platform.

JACS: 3 years

TransitXpress: PII is retained for as long as necessary for meeting the mission purpose according to National Archives and Records Administration (NARA) approved retention schedule. TSB Program data is retained for a period of 5years per the OASAM Records Management Policy.

UpSTART: For the duration of the employment or contract relationship, or 20 years, whichever is longer

Is a retention period established to minimize privacy risk?

JACS: Yes, disposal authority- NC 369-76-2, item 59.

TransitXpress: Yes, a 5-year retention period is established to minimize privacy risk in accordance with NARA schedule. The DOL retention policy for this program data is aligned with the NARA schedule.

UpSTART: Yes. The retention period is established to minimize privacy risk in accordance with OASAM-20, Personnel Investigation Records.

Has the retention schedule been approved National Archives and Records Administration (NARA)?

JACS: Yes, disposal authority- NC 369-76-2, item 59.

TransitXpress: Yes, the retention of PII complies with NARA’s retention schedule.

UpSTART: Yes, UPSTART records are covered under the General Records Schedule 6.1 & 5.6.

Per M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information; what efforts are being made to eliminate or reduce PII that is collected, stored, or maintained by the system if it is no longer required?

JACS: PII is eliminated from the systems in accordance with Job Corps Privacy Act Systems SORN(DOL/GOVT-2). We have reduced PII as much as possible, all PII collected is needed for this background check process.

TransitXpress: TransitXpress system collects minimal PII data that will only be maintained for 5years and then will be eliminated. PII will be assessed annually for applicability, nonapplicable PII will be eliminated.

UpSTART: UPSTART follows the NARA Capstone approach for data retention and elimination of records (including PII) after the retention record period has expired.

How is it determined that PII is no longer required?

JACS: Per Privacy Act Systems SORN: Job Corps centers will maintain records of terminated students for a period of 3 years unless custodianship is extended or terminated, for administrative reasons, by the regional office.

TransitXpress: PII is determined to be no longer required when a federal employee requests the termination of his/her transit benefit or separate from DOL.

UpSTART: A determination as to when PII is no longer required within the system, is performed as part of periodic program reviews and data calls, annual ATO document review, including System Categorization, Privacy Threshold Analysis and Privacy Impact Assessment.

If you are unable to eliminate PII from this system, what efforts are you undertaking to mask, de-identify or anonymize PII.

JACS: PII is eliminated from the system in accordance with the Job corps record retention schedule.

TransitXpress: Stored data is encrypted to anonymize PII in accordance with NIST standards.

UpSTART: PII is masked using encryption for data in transit and at rest.

Privacy Impact Analysis

JACS: Data can only be accessed by authorized personnel. Implementation of PII data encryption during data transition and at rest - in database as well as other documents storage sites like SFTP and S3 buckets.

TransitXpress: Access is promptly terminated when employees are no longer authorized to have elevated access, due to separation, removal, or reassignment. The need for the collection of data is truncated when an employee no longer requests for TSB. An accurate record of all users who have access to DOL information systems are maintained, and data is encrypted at the database level in accordance to NIST standards.

UpSTART: The risk of unauthorized access and unauthorized disclosure is proportionally increased by the length of time in which the data is retained.

INTERNAL SHARING AND DISCLOSURE

The following questions are intended to define the scope of sharing within the Department of Labor.

With which internal organization(s) is the PII shared, what information is shared, and for what purpose?

OutSystems itself does not collect or use PII. PII is collected and used by the applications that are hosted on the OutSystems platform.

JACS: The PII is shared between Job Corps OASIS system and OASAM DPSS. The data shared are listed below:

Full name
Date of Birth
Place of Birth (US state or territory) if born in US
Place of Birth if foreign
SSN
Gender

The purpose of this information sharing is to conduct background checks on the applicants of the Job Corps student program. These records are maintained to ensure that they are only available to those officials who have a legitimate need for the information in performing their duties and to serve the interests and needs of the students in accordance with 29 U.S.C. 2881 et seq.

TransitXpress: N/A

UpSTART: Office of Human Resources, SOL HR, and OIG HR offices performing staffing functions, and Contracting Officer Representatives onboarding contractors within DOL will be sharing PII with DPSS through UpSTART. The PII is collected for to perform prescreening of federal and contract personnel and to initiate/review/process/adjudicate background investigations and security clearances.

How is the PII transmitted or disclosed?

JACS: DOL Secure File Transfer Protocol (SFTP) will be used with Federal Information Processing Standards (FIPS) compliant encrypted zip files.

TransitXpress: N/A

UpSTART: PII is saved within the UpSTART application and will only be accessed via permissions groups administered by the aforementioned privileged user groups. PII will be disclosed by DPSS in the execution of day-to-day business to perform reciprocity checks using CVS and initiate background investigations via eQIP, where appropriate and within DPSS’s existing authority and jurisdictional purview.

Does the agency review when the sharing of personal information is no longer required to stop the transfer of sensitive information?

JACS: Yes, Job Corps reviews the information when the sharing of personal information is no longer required- after determining the student is no longer with the student program.

TransitXpress: N/A

UpSTART: DPSS will undertake periodic program reviews aimed at addressing the sharing of PII to determine if the information is no longer required, and as appropriate, to stop the transfer of sensitive information. Additionally, DPSS has implemented functionality to withdrawal a subject from further suitability and clearance adjudications. In doing so, DPSS will terminate agency actions relevant to the applicant processing and stop the transfer of sensitive information.

Privacy Impact Analysis

JACS: Yes. Privacy Impact Analysis is conducted every 3 years for JACS

TransitXpress: N/A

UpSTART: When information is shared, there is always a risk that the sharing partner does not have the appropriate authorized access level resulting in unauthorized disclosure. The PII stored in UPSTART is subject to a moderate security risk and is hosted in a cloud environment with implementation of the Federal Risk and Authorization Management Program (FedRAMP) baseline security controls for a Moderate system as supported by NIST SP 800-53, Recommended Security Controls for Federal Systems. FedRAMP controls are specifically designed for cloud environment projects and are more stringent than controls for non-cloud projects.

EXTERNAL SHARING AND DISCLOSURE

The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state, and local government, and the private sector.

With which external organization(s) is the PII shared, what information is shared, and for what purpose?

OutSystems itself does not collect or use PII. PII is collected and used by the applications that are hosted on the OutSystems platform.

JACS: Defense, Counterintelligence and Security Agency (DCSA) shares Name, Social Security Number, Date of Birth, City of Birth, State of Birth, County of Birth, Country of Birth, and gender. The PII is shared in order for DCSA to conduct background check.

TransitXpress: PII is not shared with any external organizations – governmental or otherwise

UpSTART: System streamlines existing process where PII is shared with the investigating agency, currently Department of Defense, to conduct investigations to determine suitability for employment/contract work with the federal government. However, this sharing will take place outside of the application and will not involve any data connections.

Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.

JACS: Yes, Job Corps Privacy Act Systems SORN (DOL/GOVT-2)

TransitXpress: No

UpSTART: Yes; SORN OASAM 20 – Personnel Investigation Records.

How is the information shared outside the Department and what security measures safeguard its transmission?

JACS: FTP+, Secure+, and ODS software are used to ensure confidentiality and integrity of the data being transmitted. eDelivery packages the contents of an investigative file in a 256- bit encrypted ZIP file, the Distributed Investigative File (DIF).

TransitXpress: N/A

UpSTART: Information is used to access/route investigations to non-DOL systems: USAccess, CVS and eQIP. Security of these systems are maintained by DOD and access is governed by a portal accessed via an approved user’s PIV card, then additional login to each system respectively.

How is the information transmitted or disclosed?

JACS: The file transfer will occur either by DCSA pushing the files to DOL’s server (Secure+), or by DOL pulling the files from a DCSA server (FTS+ and ODS).

TransitXpress: N/A

UpSTART: System entry/routing through non-DOL systems: USAccess, CVS and eQIP. Security of these systems are maintained by DOD and access is governed by a portal accessed via an approved user’s PIV card, then additional login to each system respectively.

Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared? If the answer is yes, be prepared to provide a copy of the agreement in the event of an audit as supporting evidence.

JACS: Yes

TransitXpress: N/A

UpSTART: Yes, an MOU is in place and the agreement reflects the scope of information shared. Please reference 19-MOU-215 between the OASAM Security Center and DOD, Defense Counterintelligence Security Agency. The agreement is in effect through 9/30/2024.

How is the shared information secured by the recipient?

JACS: DCSA is designated as a Non-Criminal Justice Agency and has been informed by the Federal Bureau of Investigation (FBI) of the responsibility for ensuring that PII data is protected while in the DCSA’s possession.

TransitXpress: N/A

UpSTART: DOL submits the information to the recipient (DOD) via the recipient’s secure systems (i.e., USAccess, CVS and eQIP).

What type of training is required for users from agencies outside DOL prior to receiving access to the information?

JACS: Only DCSA staff who passed security background check can access

TransitXpress: N/A

UpSTART: Non-DOL users will not have access to this OutSystems subsystem.

Privacy Impact Analysis

JACS: Possible privacy risks include the following: 1. Inappropriate use of the PII collected 2. Malicious theft of data by a motivated outside attacker. The mitigations actions that are currently employed to reduce the potential of exposure of the identified PII are the following: 1. Minimize all data collection to the minimum necessary. 2. The only users that have direct access to this information are the designated DCSA staff. 3. Encrypt PII data during file transitions to and from DCSA portal.

TransitXpress: N/A

UpSTART: UPSTART does not share PII with external outside organizations as part of the normal business process. This system will be used as a case management system to streamline existing processes where PII is shared with external organizations via secure non-DOL systems. However, in the unlikely event that information needs to be shared, there is always a risk that the sharing partner does not have the appropriate authorized access level which could result in unauthorized disclosure.

NOTICE

The following questions are directed at notice to the individua l of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.

Was notice provided to the individua l prior to collection of PII? If yes, please provide a copy of the notice as an appendix. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal

OutSystems itself does not collect or use PII. PII is collected and used by the applications that are hosted on the OutSystems platform.

JACS: No. The collection of the PII from individuals is outside of JACS. When Job Corps analysts enters PII on behalf of applicants in JACS, there is not possible to provide notice to the applicants. The student information is collected when an applicant applies for the Job Corps student program via an online student's application system.

TransitXpress: Yes, the Privacy Act statement is used to advise the eligible federal employees on the routine use of PII.

UpSTART: While UPSTART does not provide notice to individuals, they are notified prior to collection of PII via the information stated on the OF-306 and introductory web pages of the eQIP application. This information is documented on SORNs OASAM-20 and OPM Central 9. For DOL Systems which transmit PII via UPSTART email, including Privacy Act requests, DOL has provided appropriate public notice of the collection of information necessary to process requests under the statutes in full compliance with the law and OMB guidance.

Do individua ls have the opportunity and/or right to decline to provide information?

JACS: Yes. There is no regulatory requirement which mandates the collection of the identified PII. Applicants can choose to decline to provide information by not signing the release form.

TransitXpress: Yes, individuals may choose not to request for TSB.

UpSTART: Yes.

Do individua ls have the right to consent to particular uses of the information? If so, how does the individua l exercise the right?

JACS: An individual has the right to consent to the collection of data since this data collection is a voluntary component of filling online interest form.

TransitXpress: Yes, individuals have the right to consent when requesting for TSB.

UpSTART: Individual submission of the information is voluntary. Forms utilized to capture the information describes the intended use of the information.

Privacy Impact Analysis

JACS: This Notice is provided through the external website in Job Corps at the time of filling of online form. It is visible through the user information page.

TransitXpress: The system provides a privacy statement informing individuals that the PII provided is voluntary and provides the consequences of choosing not to participate with the information collection. The privacy statement is publicly available at https://www.dol.gov/general/privacy

UpSTART: The privacy risk is unauthorized access and disclosure of PII. DOL shall not disclose, nor make available, any personal data except with the consent of the individual concerned or by authority of law. DOL shall, when appropriate and required by law, provide access to, and a process for amending, personal information in accordance with the Privacy Act of 1974. DOL policy provides guidance for use of notice and collection of data, and advising DOL Federal and contractor support of penalties regarding improper use of DOL information via notifications and confidentiality agreements (e.g., system access notification, computer security and privacy awareness training, contractor Confidentiality/Nondisclosure Agreement, System Access Request Forms, and Rules of Behavior).

INDIVIDUAL ACCESS, REDRESS, AND CORRECTION

The following questions are directed at an individua l’s ability to ensure the accuracy of the information collected about them.

What are the procedures that allow individua ls to gain access to their own information?

OutSystems itself does not collect or use PII. PII is collected and used by the applications that are hosted on the OutSystems platform. The responsibility for this lies with the application owners. Refer to the application PIAs.

JACS: Outside of JACS. An external website in Job Corps for applicants to fill an online form.

TransitXpress: DOL federal employees may gain access to their benefit information by contacting the TransitXpress System Coordinator or logging into the TransitXpress system

UpSTART: Individuals would need to contact the DOL organizations(s) with which they interact, to gain access to their information. For investigative records, individuals would submit a first-party FOIA request directly to the investigation service provider, DoD.

What are the procedures for correcting inaccurate or erroneous information?

JACS: Job Corps analysts or DPSS analysts of JACS.

TransitXpress: Employees may contact the TransitXpress System Coordinator to correct inaccurate Transit Benefits information and their servicing HR Office to correct HR related data.

UpSTART: DOL DPSS staff perform a review of the information provided and check non-DOL systems. Any inaccurate or erroneous information is corrected via updated documents with supporting identification materials, as needed.

How are individua ls notified of the procedures for correcting their own information?

JACS: Outside of JACS. Job Corps analysts will inform the admission counselor of the applicant, who will then contact the applicant.

TransitXpress: DOL federal employees may contact the servicing HR Office for assistance with locating procedures to correct their personal information. Employees are also notified that they can log into the HR system to correct their HR information via FAQs and user guide.

UpSTART: Processes are documented in the Division of Personnel Security & Suitability Standard Operating Procedures and the DPSS Business Process Guide.

If no formal redress is provided, what alternatives are available to the individua l?

JACS: Outside of JACS. Job Corps analysts will inform the admission counselor of the applicant, who will then contact the applicant.

TransitXpress: The information maintained by the TransitXpress system consists of two parts, non-PII Personnel data, and Transit Benefit data. Employees that identify inaccurate Personnel data can contact their Servicing HR Office, User Employee Self Service in the HR System, or Employee Personal Page in the Pay system to correct most personnel data contained in TransitXpress. Email Address and Name Changes must go through the employee’s Servicing HR Office. The employee can correct transit Benefit data within TransitXpress by submission of a modification or by contacting the Transit Benefits Coordinator for assistance.

Privacy Impact Analysis

JACS: N/A

TransitXpress: Eligible DOL federal employees requesting for TSB must complete the online application accurately. An incomplete application could result in negative consequences such as the application not getting processed promptly, thereby impacting the employee’s ability to receive TSB. Additionally, employees must register their Smartcard with WMATA; the benefit will not be received if the Smartcard is unregistered

UpSTART: There is minimal risk to the data integrity of PII stored in the UPSTART because it is well protected by numerous security controls. Data integrity is primarily accomplished through authorized restrictive access to information in the system

TECHNICAL ACCESS AND SECURITY

The following questions are intended to describe technical safeguards and security measures.

Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)

OutSystems platform users do not access application data beyond what is required for troubleshooting and support. Application owners are responsible for provisioning and monitoring access to their data.

Will contractors to DOL have access to the system? If so, please include a copy of the contract describing their role to the OCIO Security with this PIA.

Yes, the information is accessed by DOL contractor support staff within OCIO, for the purpose of providing platform support and authorized contractors will have access to application data if required based on their assigned duties. See Appendix B for a copy of the security and privacy requirements that is included in DOL contracts.

Does the system use “roles” to assign privileges to users of the system? If yes, describe the roles.

Yes, OutSystems has platform administrators. Each application is responsible for assigning roles for their application.

What procedures are in place to determine which users may access the system and are they documented?

Access Control procedures are in place and documented in accordance with DOL policy. A formally documented user access and account management procedures are in place to grant access to OutSystems and supporting applications. Highlights of the access procedures include:

Rules of Behavior
Two-factor authentication
Access provided strictly based on approved authorizations
Automatic removal of inactive access accounts
Least privilege access based on role.

How are the actual assignments of roles and Rules of Behavior, verified according to established security and auditing procedures? How often training is provided? Provide date of last training.

Assignment of roles within each application built on OutSystems are authorized by the application owners. Rules of behavior are required to be acknowledged by each user prior to being granted access to the application. Additionally, application logs capture system interactions and are reviewed periodically to ensure only authorized person access the information system. Semi-annual account reviews are performed to ensure all active accounts are required based on user need and rights. Cybersecurity and Privacy Awareness (CSPA) Training is required for all DOL employees and contractors annually through the DOL Learning Link system. Training assigned to users must be completed by the deadline as established in LearningLink. The deadline to complete the FY22 training was June 30, 2022.

Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?

Basic privacy awareness training is included in the DOL new hire computer awareness and as part of the annual CSPA training. Users with significant security responsibilities are required to complete annual Role-Based Training.

What auditing measures and technical safeguards are in place to prevent misuse of data?

Within each application built on OutSystems there are specific users’ roles (groups) defined which provide varying levels of access to data stored in the applications. Auditing functionality exists within OutSystems applications to allow for user, account management, and privileged user actions to be recorded in an audit log and backed up for a specified period.

Audit information stored includes: type of audit event, date and time audit event occurred, User ID, command used to initiate the audit event, success or failure of audit event and event result. System logs are reviewed periodically to ensure only authorized persons access information.

Is the data secured in accordance with FISMA requirements? If yes, when was Security Assessment and Authorization last completed?

Yes. OutSystems is operating in Ongoing Authorization. The last security assessment was in June 2022.

Privacy Impact Analysis

JACS: The risks identified are directly related to the collection and use of the PII by designated JACS analysts. Access is limited to Job Corps and DPSS staff. Possible risks include the following: o Inappropriate use of the PII collected o Malicious theft of data by a motivated outside attacker. The mitigations actions that are currently employed to reduce the potential of exposure of the identified PII are the following: o Establish and provide secure access to JACS. o Users participate in mandatory Privacy Act and Records Management training annually. This is provided by Learning Link. o Minimize all data collection to the minimum necessary to conduct investigations. o Encrypt PII data during file transitions to and from other systems (OASIS and DCSA portal).

TransitXpress: The security risks associated with maintaining data in an electronic environment are mitigated through management, technical, operational, and privacy security controls in proportion to the risk and magnitude of harm that could result from the loss, misuse, unauthorized access, or modification of PII. In compliance to DOL requirement, information system accounts (privileged and non-privileged) are reviewed every six months to ensure users only possess rights/privileges required for their assigned roles and terminated/transferred employees do not retain access to the system.

UpSTART: The PII stored within UPSTART is limited to information necessary for the Agency to carry out its duties. It is well protected in a cloud environment with implementation of the Federal Risk and Authorization Management Program (FedRAMP) baseline security controls for a Moderate system as supported by NIST SP 800-53, Recommended Security Controls for Federal Systems. FedRAMP controls are specifically designed for cloud environment projects and are more stringent than controls for non-cloud projects. UPSTART does not interface with any other systems except its hosting network infrastructure.

TECHNOLOGY

The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, biometrics, and other technology.

Was the system built from the ground up or purchased and installed?

OutSystems is a low code Commercial Off-the-Shelf (COTS) platform that allows DOL to develop, deploy, and manage customized applications.

Describe how data integrity, privacy and security were analyzed as part of the decisions made for your system.

Data integrity, privacy and security were analyzed during the early phases of the System Development Lifecycle by evaluating the information types needed to successfully achieve functional requirements, categorizing the information types in accordance with the methodology outlined in NIST Special Publications, the Department of Labor Manual Series and DOL Computer Security Handbook, and determining the risk impacts associated with those information types to arrive at a high watermark. This was used to determine the applicable security control baseline. This baseline was then tailored to the system architecture and other business security factors. Controls were implemented and assessed for effectiveness, and the residual risk was analyzed and mitigating factors documented.

What design choices were made to enhance privacy?

Implementation of encryption technologies, architectural enhancements to provide information flow control, Role-Based Access Control, using two-factor authentication and SSO for logins, using automatic account deactivation for inactive accounts, and requiring Security and Privacy Training for users

For systems in development, what stage of development is the system in, and what project development life cycle was used?

N/A. OutSystems is in Operations and Maintenance (O&M).

For systems in development, does the project employ technology which may raise privacy concerns? If so please discuss their implementation?

N/A. OutSystems is in Operations and Maintenance (O&M).

DETERMINATION

As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?

OCIO has completed the PIA for OutSystems which is currently in operation.
OCIO has determined that the safeguards and controls for this moderate system adequately protect the information.
OCIO has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.