Download:
pdf |
pdfU.S. Department of Transportation
Office of the Chief Information Officer (OCIO)
Privacy Threshold Assessment (PTA)
Federal Aviation Administration (FAA)
Office of Aviation Safety (AVS)
Safety Assurance System (SAS)
signed
KARYN Digitally
by KARYN MARIE
MARIE GORMAN
Date: 2021.07.16
GORMAN 16:17:53 -04'00'
1
U.S. Department of Transportation
Privacy Threshold Assessment (PTA)
The Privacy Threshold Assessment (PTA) is an analytical tool used to determine the scope
of privacy risk management activities that must be executed to ensure that the
Department’s initiatives do not create undue privacy risks for individuals.
The Privacy Threshold Assessment (PTA) is a privacy risk management tool used by
the Department of Transportation (DOT) Chief Privacy Officer (CPO). The PTA
determines whether a Department system1 creates privacy risk for individuals that
must be further analyzed, documented, or mitigated, and determines the need for
additional privacy compliance documentation. Additional documentation can include
Privacy Impact Assessments (PIAs), System of Records notices (SORNs), and Privacy
Act Exemption Rules (Exemption Rules).
The majority of the Department’s privacy risk emanates from its direct collection, use,
storage, and sharing of Personally Identifiable Information (PII),2 and the IT systems
used to support those processes. However, privacy risk can also be created in the
Department’s use of paper records or other technologies. The Department may also
create privacy risk for individuals through its rulemakings and information collection
requirements that require other entities to collect, use, store or share PII, or deploy
technologies that create privacy risk for members of the public.
To ensure that the Department appropriately identifies those activities that may create
privacy risk, a PTA is required for all IT systems, technologies, proposed rulemakings,
and information collections at the Department. Additionally, the PTA is used to alert
other information management stakeholders of potential risks, including information
security, records management and information collection management programs. It is
also used by the Department’s Chief Information Officer (CIO) and Associate CIO for IT
Policy and Governance (Associate CIO) to support efforts to ensure compliance with
other information asset requirements including, but not limited to, the Federal Records
Act (FRA), the Paperwork Reduction Act (PRA), the Federal Information Security
Management Act (FISMA), the Federal Information Technology Acquisition Reform Act
(FITARA) and applicable Office of Management and Budget (OMB) guidance.
Each Component establishes and follows its own processes for developing, reviewing,
and verifying the PTA prior to its submission to the DOT CPO. At a minimum the PTA
must be reviewed by the Component business owner, information system security
1
For the purposes of the PTA the term “system” is used throughout document but is not limited to traditional
IT systems. It can and does refer to business activity and processes, IT systems, information collection, a
project, program and/or technology, and proposed rulemaking as appropriate for the context of the assessment.
2
The term “personally identifiable information” refers to information which can be used to distinguish or trace
an individual's identity, such as their name, social security number, biometric records, etc. alone, or when
combined with other personal or identifying information which is linked or linkable to a specific individual,
such as date and place of birth, mother’s maiden name, etc.
1
U.S. Department of Transportation
manager, general counsel, records officers, and privacy officer. After the Component
review is completed, the Component Privacy Office will forward the PTA to the DOT
Privacy Office for final adjudication. Only PTAs watermarked “adjudicated” and
electronically signed by the DOT CPO are considered final. Do NOT send the PTA
directly to the DOT PO; PTAs received by the DOT CPO directly from program/business
owners will not be reviewed.
If you have questions or require assistance to complete the PTA please contact your
Component Privacy Officer or the DOT Privacy Office at [email protected]. Explanatory
guidance for completing the PTA can be found in the PTA Development Guide found on
the DOT Privacy Program website, www.dot.gov/privacy.
2
U.S. Department of Transportation
PROGRAM MANAGEMENT
SYSTEM name: Safety Assurance System (SAS)
Cyber Security Assessment and Management (CSAM) ID: 1996
SYSTEM MANAGER CONTACT Information:
Name: John Frye
Email: [email protected]
Phone Number: 703-598-9186
Is this a NEW system?
☐ Yes (Proceed to Section 1)
☒ No
☒ Renewal
☐ Modification
Is there a PREVIOUSLY ADJUDICTED PTA for this system?
☒ Yes:
Date: 4/16/2018
☐ No
1 SUMMARY INFORMATION
1.1 System TYPE
☒ Information Technology and/or Information System
Unique Investment Identifier (UII): 021-189475443
Cyber Security Assessment and Management (CSAM) ID: 1996
☐ Paper Based:
☐ Rulemaking
Rulemaking Identification Number (RIN):
Rulemaking Stage:
☐ Notice of Proposed Rulemaking (NPRM)
☐ Supplemental NPRM (SNPRM):
☐ Final Rule:
Federal Register (FR) Notice: Click here to enter text.
3
U.S. Department of Transportation
☐ Information Collection Request (ICR)3
☐ New Collection
☐ Approved Collection or Collection Renewal
☐ OMB Control Number:
☐ Control Number Expiration Date:
☐ Other:
1.2 System OVERVIEW:
This is an update to the Federal Aviation Administration (FAA) Safety Assurance
System (SAS) previously adjudicated Privacy Threshold Assessment (PTA) dated
April 16, 2018. The Office of Aviation Safety (AVS) uses SAS to support the
System Approach for Safety Oversight (SASO) program office’s safety and risk
management operations. SAS is deployed at The Office of Information and
Technology Services Enterprise Data Center (AIT EDC)4 at the Mike Monroney
Aeronautical Center (MMAC) in Oklahoma City, OK.
Since the adjudicated of the previous PTA, the following system changes have
occurred:
SAS now includes the Certificate Application Process, a Risk Assessment
Model, Activity Recording, and the addition of CFR Parts 141, 142, and 147
into SAS.
SAS contains new, hazardous materials reporting module that is used by the
Office of Hazardous Materials Safety (AXH) to conduct surveillance on
Certificate Holders (CHs) and other entities that offer or transport hazardous
materials.
SAS now exchanges data with Accident Incident Data System (AIDS),5
Designee Management System (DMS),6 and Aviation Safety Inspector
Credential Program (110A).7
SAS Modules
SAS is a public-facing, web-based system used by airmen, air carriers, pilot schools,
training centers, air maintenance technical (AMT) schools, repair stations, or any
entity that applies for certificates or holds a certificate from the FAA. Flight
Standards (FS) and AXH personnel use SAS as an oversight tool to capture data
associated with aviation certification, Continued Operational Safety (surveillance),
Other Regulated Entities (ORE) oversight, hazardous material incident reporting and
3
See 44 USC 3201-3521; 5 CFR Part 1320
4
AIT EDC (CSAM ID: 1631) has an adjudicated PTA, dated February 25, 2019.
5
AIDS (CSAM ID: 1911) has an adjudicated PTA, dated November 11, 2016.
6
DMS (CSAM ID: 2022) has an adjudicated PTA, dated September 17, 2018.
7
110A (CSAM ID: 1366) has an adjudicated PTA, dated February 16, 2017 May 19,2021.
4
U.S. Department of Transportation
investigations, and certificate management of certificate holders and applicants
(CH/As).8
The SAS modules provide for initial certification, Continued Operational Safety
(COS), and hazardous materials incident reporting through Configuration, Planning,
Resource Management, Data Collection, and Analysis Assessment Action.
Module 1 – Configuration: This module is the first step in initial certification and
provides information to FAA regarding the identity and particular characteristics of a
certificate applicant. It is accessible by the SAS internal portal
(https://sas.avs.faa.gov) and public portal (https://sas.faa.gov), which are described in
detail below.
Module 2 – Planning: This module allows authorized internal FAA users to
establish oversight plans for inspectors in order to perform regulatory compliance on
certificate holders. Chief Inspectors (CI) plan inspections of certificate holders;
assign inspectors to assess CHs; and schedule inspections using the planning module.
The module maintains designee information, via an interconnection with the
Designee Management System (DMS), to provide workload and resourcing
information so CPMs can view what work designees are conducting and adjust the
workload of these designees as appropriate. Designees are non-FAA employees that
conduct certification oversight on behalf of the FAA. The Planning Module is only
accessible through the SAS internal portal.
Module 3 – Resource Management: This module allows CIs to develop resource
allocation based on established oversight plans. If, for example, an assessment
required resources beyond those available to a Flight Standards District Office
(FSDO), a CI might assign staff from a neighboring FSDO to assist. This module is
only accessible through the SAS internal portal.
Module 4 – Data Collection & Activity Recording: This module, which is
accessible through the internal and public portals, allows Aviation Safety Inspectors
(ASIs) to collect regulatory compliance and safety data on current certificate holders
and allows external users and current certificate holders to provide data on
themselves utilizing the Self-Assessment/Self-Audit for 14 Code of Federal
Regulations (CFR) Part 145s. CH/As, specifically business entities, use DCTs to
submit data on themselves utilizing the Self-Assessment/Self-Audit for 14 CFR Part
121, 135, 141, 142, 145 and 147. A DCT consists of questions designed by the FAA
to determine if a CH/A meets the regulatory requirements and safety standards.
CH/As manually select the correct designations from drop-down text boxes as part of
the self-assessment/audit process. The DCTs do not collect PII, though; they do
contain an open text field in which a Flight Standards (FS) employee could
8
Includes airmen, air carriers, commuter airlines, repair stations, flight schools, air passengers, aircraft
maintenance training schools.
5
Commented [GK(1]: So M of P
Commented [GK(2]: What
U.S. Department of Transportation
inadvertently submit PII. However, SAS Program staff would subsequently redact
the PII.
ASIs use Activity Recording to document inspections and other work associated with
CHs and individual airmen. Unlike DCT, Activity Recording is not shared with
CH/As using the external portal. DCTs are performed both before and after
certification and typically do not contain Personally Identifiable Information (PII);
however, some DCTs contain open text fields that could allow an ASI to
inadvertently enter PII. In the infrequent cases where PII is inadvertently submitted,
SAS program staff redact the PII. The purpose of collecting data is to gather
information that Principle Inspectors use to make informed decisions about the
CH/A’s operating systems (1) before approving or accepting them when required to
do so by regulation, and (2) during recurring Performance Assessments (PAs).
Module 5 – Analysis Assessment Action: This module allows for the analysis and
assessment of design, performance, and level of risk in CH/As. Based on the
information collected through the Data Collection Module and DCTs, SASO
determines whether changes to a CH’s configuration (e.g. equipment at a repair
station; number of seats on an airplane) are necessary and/or whether additional
planning, resource management, and data collection is necessary for further
assessment.
User Registration
CH/As use the SAS public portal, https://sas.faa.gov, to electronically submit an
aviation certificate application, amend an existing certificate, or communicate with
their local FSDO. The certificate application process begins with the applicant
registering for a SAS account on the public portal. FAA personnel, such as ASIs,
Principal Inspectors (PIs) and Hazardous Material Aviation Safety Inspectors (HM
ASIs), use the SAS to help with their certification and safety oversight by providing
tools for planning and scheduling, helping to identify hazards within an environment,
and helping to eliminate or control risk.
CH/As must register for an SAS account at https://sas.faa.gov to submit a certificate
request and receive full access to the website. The CH/A manually enters and
submits their full name, zip code and email address to register for an account. Upon
submission, SAS generates an email notification of receipt to the CH/A, which
includes a User ID, temporary password, and link to log into the SAS public portal.
SAS prompts each CH/A, upon initial login, to complete security questions and
answers (which could contain their mother’s maiden name) and replace the
temporary password with a permanent password. The CH/A clicks on the registration
link (valid for only 24 hours) which takes the applicants to the Application
Submission Page.
6
U.S. Department of Transportation
FAA personnel, such as ASIs, PIs, and HM ASIs access the SAS internal portal via
their Personal Identity Verification (PIV) card through Integrated Windows
Authentication (IWA)9 at https://sas.avs.faa.gov.
System Functionality
The CH/A begins the certificate request at the Application Submission page. The
CH/A manually enters the following information into SAS:
Full name of certificate applicant (individual or authorized individual of
business);
Job title;
Business address;
Country (if foreign);
Business phone number; and
Business email address.
Upon submission, the applicant navigates to the final screen of the Application
Submission page and manually enters information in the Form 8400-6,
Preapplication Statement of Intent and either Form 8420-8, Pilot School
Certification or Form 8310-3, Application for Repair Station Certificate and/or
Rating into SAS depending on the type of certificate requested. These forms collect
PII directly from the CH/A that is detailed in Section 2.2. If CH/As choose not to fill
out these forms electronically in the SAS public portal, they can email or mail the
completed, paper forms to the local FSDO. Once received, the Principal Inspector
(PI) or Certification Program Manager (CPM) manually enter the information from
the emailed or mailed forms into SAS. Upon completion of information submission,
the emailed or mailed forms are either scanned and uploaded into a Knowledge
Services Network (KSN) shared drive accessible by authorized AFS personnel or
stored in a locked file cabinet, based upon preference of the local FSDO.
The FSDO begin the review and approval process in SAS for the submitted
certificate request. The Certification Project Team10 reviews the certificate
submission with the regulatory requirements, FAA’s policy and guidance for the
process, and verifies the accuracy of answers provided by the CH/A, and determines
if the changes in the process design meet the requirements for approval and
acceptance. The Certification Project Team may manually enter comments
regarding their evaluation of the certificate request in an open-text comments box.
This review process allows the CH/A and the FAA to see how the proposed changes
affects the CH/A’s operating profile and Comprehensive Assessment Plan (CAP).11
Once the PI approves the certificate request, SAS updates the CH/A operating profile
9
FAA Directory Services (CSAM ID: 2062) has an adjudicated PTA, dated September 25, 2020.
10
Certification Project Team consists of a Certification Project Manager (CPM) and Aviation Safety Inspectors
(ASIs) and other employees as needed.
11
The CAP is a quarterly plan developed by inspectors and their managers to plan and schedule oversight
activities.
7
U.S. Department of Transportation
and CAP to reflect the new information. SAS sends a notification to the CH/A to
inform them of the approval of their certificate request.
Once approved, the CH use SAS to change their configuration data in the SAS public
portal and submit the proposed changes to their FSDO for approval, known as a
change request. Configuration data is a set of characteristics or attributes that
describe a CH’s scope of operations and specifications. CHs manually enter the
following information in the SAS public portal that consists of their configuration
data:
Operations specifications information includes route structures, fleet size,
number of aircraft in fleet, fleet composition, number of repairmen, facility
locations, and number of seats in aircraft;
Vitals includes the company’s Chief Executive Officer’s (CEO) full name,
address, business phone number, county of operations, fax number, and email
address; and
Contractor’s information includes all the full names, addresses, telephone
numbers, email addresses, fax numbers, and company names for all service
providers that contracts with the certificate holding company.
The FSDO receives the change request in SAS and reviews to determine how the
proposed changes affects the CH’s operating profile and Comprehensive Assessment
Plan (CAP).12 The Operating Profile is a list of systems/subsystems, elements and
questions that are applicable to a CH’s scope of operation. CHs create the Operating
Profile (OP) in the public portal, based on the list of the functions that a CH/A
performs, as well as applicable regulatory requirements, hazard analysis,
configuration information, and performance history. Once the PI approves the
change request, SAS updates the CH/A operating profile and CAP to reflect the new
information.
Once a certificate request or change request has been granted, CHs continue to
access the SAS public portal to perform the following functions:
Schedule of Events
The Schedule of Event tab provides a checklist of events; drop down menus
indication the status of the event; and fields to select proposed, current, accepted
baseline and completion dates using electronic calendars. The CH/A sets a timeline
for the completion of events for their certification process. For example, CH/A
submit proposed dates of completion for each event that is listed. Each event has an
12
The CAP is a quarterly plan developed by inspectors and their managers to plan and schedule oversight
activities.
8
U.S. Department of Transportation
open text field for CH/As to input comments on the status of events, which are
viewed by FAA personnel. These events include meetings and other items needed for
certification.
Document Management
The Document Management tab allows CH/As submitting supporting documentation
to ASIs. If PII is inadvertently included in this documentation, FAA personnel will
redact the PII in accordance with exemption six (6) of the Freedom of Information
Act (FOIA). Folders contained in the Document Management tab are for the
following: Formal Application, Other Certification, Configuration Changes, and
Data Collection. CH/As upload documents in the Formal Application folder for
certificate application review. CH/As upload supporting documents that they believe
are applicable to their certificate application but are not listed in the Formal
Application folder in the Other Certification folder. When uploading documents,
CH/As enter a description of the uploaded document in an open-text comment box.
SAS sends the applicable ASI a notification when the applicant uploads a document
in the Document Management. ASIs and the CH/A can submit documents in this
tab.
Hazardous Materials Incident Reporting
The Office of Hazardous Materials Safety (AXH), as prescribed by 49 CFR Parts
171-180, use the SAS internal portal to conduct surveillance on CHs and other
entities that offer or transport hazardous materials. AXH surveillance includes the
investigation of hazardous materials incidents, or data related to a CH’s discovery of
hazardous materials in a passenger’s baggage. 49 CFR 175.31 requires each person
as defined by 49 CFR 171.8 who discovers a discrepancy13 relative to the
transportation of hazardous materials, to notify the nearest FAA Regional or Field
Security office by telephone or email ([email protected]) outside of SAS. AXH personnel monitor the email
inbox and manually enter reports into the Passenger Module in SAS. AXH
personnel must collect the following data for each hazardous material discrepancy:
Full name and telephone number of the person reporting the discrepancy;
Name of the aircraft operator;
Specific location of the shipment concerned Type of hazardous material
found;
Full name of the airplane passenger (shipper of hazardous material);
Nature of the discrepancy; and
Address of the shipper or individual responsible for the discrepancy, if
known, by the air carrier.
13
Discrepancy involves improperly described, certified, labeled, marked, or packaged hazardous materials.
9
U.S. Department of Transportation
AXH personnel evaluate all the reports for risk based on item reported and the
hazardous material regulations.14 All higher risk items or conditions are processed as
enforcement investigations outside of SAS. Only low-risk items or conditions are
processed within SAS and passengers of record are mailed a stakeholder outreach
letter.15 SAS sends the outreach letter as the only communication to the passenger of
record. The letter states the following information:
(1) the discovery of hazardous material found in the passenger’s bag;
(2) legal citation (49 CFR 175.10) that prohibits the transport of hazardous
materials;
(3) contact information for the passenger to reach out in regards to confiscated
items; and
(4) the notation that the discrepancy matter is closed.
SAS retains all data, including the name and address of the shipper (passenger),
contained in the outreach letters for a period of ten years; however, passenger PII
(name and address) is expunged by AXH via system automation once outreach
letters are mailed to the passenger. SAS retains the name of the aircraft operator,
name of the hazardous material, and location found for trend analysis.
Shipping incidents that deal with hazardous material leakages require the individual
or entity that discovers the spill to report the information to the Department of
Transportation (DOT), and many instances to the FAA. The report is made on DOT
FORM F 5800.1, sent to the DOT, and investigated by AXH personnel if the report
is made to the FAA. AXH personnel would input some of the following information
from FORM F 5800.1 into the SAS Other Regulated Entities (ORE) Module:
Full name of the reporting CH (air operator);
Business address of the reporting CH (air operator);
Full name and mailing address of the shipper;
Full name of the CH’s authorized representative;
Job title of CH’s authorized representative; and
Business address, telephone number, email address and fax number
of the CH’s authorized representative.
AXH personnel conduct the investigation against the person/company that offered
the shipment of the hazardous material(s). AXH personnel manually enter
investigation findings into the comments box within the module. This module would
capture any referral to the AXH enforcement process, which occurs outside of SAS.
If the investigation leads to an enforcement action, AXH personnel complete the
14
The quantity and hazard class of the item determines risk. Explosives are high risk, while aerosols are low
risk, not investigated and entered into the Passenger Module.
15
Records are reviewed and approved for continued processing if the entered data meets the criteria for an
outreach letter and that the hazmat classification is not contradictory.
10
U.S. Department of Transportation
enforcement action in EIS,16 yet, SAS would not annotate the enforcement decision
or disposition.
Section 2.10 fully details all the data exchanges that SAS shares with other internal
and external systems.
SAS generates and maintains various system reports that track application
submissions, CH/A reporting history, activity recordings, hazardous material
reporting, safety investigations, AXH Priority Index Report and other events as
detailed in Appendix A. These reports could contain the following PII:
Full name of CH/A (individual or business entities);
Full name of ASI;
CH/A’s business address;
CH/A’s business email address;
CH/A’s business telephone number;
CH/A’s company name;
Full name of reporting air carrier (for hazardous material reporting); and
Full name of repair station.
SAS generates audit logs that track system login activity, changes to user profiles,
and changes in user roles and functions. Audit logs contain the User IDs of CH/As
or the email addresses of FAA users, depending on the type of user captured in the
logs.
2 INFORMATION MANAGEMENT
2.1 SUBJECTS of Collection
Identify the subject population(s) for whom the system collects, maintains, or
disseminates PII. (Check all that apply)
☒ Members of the public:
☒ Citizens or Legal Permanent Residents (LPR)
☐ Visitors
☒ Members of the DOT Federal workforce
☒ Members of the DOT Contract workforce
☐ System Does Not Collect PII. If the system does not collect PII, proceed
directly to question 2.3.
16
EIS (CSAM ID: 1374) has an adjudicated PIA dated August 29, 2012.
11
Commented [GK(3]: So M of P?
U.S. Department of Transportation
2.2 What INFORMATION ABOUT INDIVIDUALS will be collected, used,
retained, or generated?
Members of the Public (includes airmen, air carriers, certificated pilot schools,
training centers, air maintenance technical schools, repair stations, and air
passengers)
CH/A’s full name
Business email address
Business address with zip code
Business telephone number
Job title
Airman certificate number and type
User ID
Password
Password recovery security questions and answers
FAA tracking number (FTN)
CH’s Chief Executive Officer’s (CEO’s) full name
CEO’s email address
CEO’s business address
County of CH’s operations
Full name of all CH’s contractors (repair stations only)
Business contact information (email address, business address, and
telephone number) of all CH’s contractors (repair stations only)
FAA precertification number
FAA Designator code17
Instructor’s full name and certificate number
Examiner’s full name
Main operating base address
Satellite location address
Aircraft make, model, and series
Full name of simulator sponsor
Full name of person responsible for scheduling simulator
Simulator region ID (FAA region where simulator exists)
Enforcement Investigative Report (EIR) number and status
17
The FAA designator code is an FAA-issued code for certificated entities.
12
U.S. Department of Transportation
Full name of FAA Designee
FAA Designee identification number and type
FAA Designee expiration date
FAA Designee office code
FAA Designee fax number
Hazardous material registration number18
Form 8400-6, Preapplication Statement of Intent (completed by all applicants)
Full name of business
Mailing address of business
Address of principal base where operations will be conducted
Requested three-letter company identifier
Business email address
Doing Business As (DBA)
Management personnel information (full name, title, telephone number,
and email address)
Aircraft serial number and types
Aircraft make, model, and series
Open-text comments box to enter additional information to provide FAA
a better understanding of proposed operation or business (FAA personnel
will redact any unnecessary PII upon review contained in this box)
Full name and title of authorized point of contact (POC) for company
Authorized POC’s signature and date
Form 8420-8, Application for Pilot School Certification
Full name of school
Telephone number of school
Address of principal business office
Location of main operations base
Location of satellite base(s)
Reason for application submission – issuance, renewal or amending to
pilot school certificate
Identification of training courses
Signature and job title of authorized POC
Form 8310-3, Application for Repair Station Certificate and/or Rating
Full name of repair station;
Repair station certificate number (if applicable)
13
U.S. Department of Transportation
Location where business is conducted
Official mailing address;
Doing business as (DBA)
Open-text comment box for the repair station to list of maintenance
functions contracted to outside agencies (FSDO personnel will redact any
unnecessary PII upon review contained in this box)
Full name of owner(s)
Date, full name of authorized POC, job title, and signature
Hazardous Material Reporting Module (airplane passengers and air carriers)
Full name of airplane passenger (shipper of hazardous material)
Airplane passenger’s home address (shipper of hazardous material)
Location of shipping incident (city, state, country, zip code)
Reporting air carrier’s full name
Reporting air carrier’s address
Hazardous material destination address
Agency name and report number (if report submitted to another DOT
agency)
Authorized representative’s full name and job title
Authorized representative’s telephone number
Members of the Federal and Contract Workforce
Full name
Telephone number
Email address
Title
FSDO office and location
FSDO representative’s full name
ASI’s full name and signature
ASI’s region and office code
Supervising inspector’s full name and signature
Open-text comments box for FAA inspectors to include remarks in their
evaluation of certificate requests
2.3 Does the system RELATE to or provide information about individuals?
☒ Yes: SAS collects information pertaining to certificate holders, certificate
applicants, airplane passengers, and organizations involved in aviation surveillance
activities (described above in the System Overview). The system also collects
information pertaining to FAA employees tasked with inspection, certification,
and/or management of inspection and certification (also described above in the
System Overview). SAS maintains audit logs for its Internet Information Services
18
This number is not considered PII, as it is not linked or linkable to any individual.
14
U.S. Department of Transportation
(IIS) server, which contains no PII and a Database Audit Log that contains the PII
saved in the SAS database (described above).
☐ No
If the answer to 2.1 is “System Does Not Collect PII” and the answer to 2.3 is “No”,
you may proceed to question 2.10.
If the system collects PII or relate to individual in any way, proceed to question 2.4.
2.4 Does the system use or collect SOCIAL SECURITY NUMBERS (SSNs)?
(This includes truncated SSNs)
☐ Yes:
Authority:
Purpose:
☒ No: The system does not use or collect SSNs, including truncated SSNs.
Proceed to 2.6.
2.5 Has an SSN REDUCTION plan been established for the system?
☐ Yes:
☐ No:
2.6 Does the system collect PSEUDO‐SSNs?
☒ Yes: SAS collects Airman Certificate Numbers that, in some cases, may be the
airman’s Social Security Number (SSN). For their convenience, some airmen
have kept their SSN as their certificate number. The Civil Aviation Registry
discontinued the practice of using the SSN as a certificate number for original or
new certificates in June of 2002. The Civil Aviation Registry web site provides
instructions for requesting a new certificate that does not include the SSN. The
airman can complete the request online or mail a completed AC Form 8060-67
(10/09), Request for Change of Certificate Number to the Airmen Certification
Branch, AFS-760.
☐ No: The system does not collect pseudo-SSNs, including truncated SSNs.
15
U.S. Department of Transportation
2.7 Will information about individuals be retrieved or accessed by a
UNIQUE IDENTIFIER associated with or assigned to an individual?
☒ Yes
Is there an existing Privacy Act System of Records notice (SORN) for the
records retrieved or accessed by a unique identifier?
☒ Yes:
SORN:
DOT/FAA 801, Aircraft Registration Records, 81 FR 54187 (August 15,
2016)
DOT/FAA 847, Aviation Records on Individuals, 75 FR 68849 (November 9,
2010)
DOT/ALL 13, Internet/Intranet Activity and Access Records, 67 FR 30757
(May 7, 2002)
☐ No:
Explanation:
Expected Publication:
☐ Not Applicable: Proceed to question 2.9
2.8 Has a Privacy Act EXEMPTION RULE been published in support of any
Exemptions claimed in the SORN?
☒ Yes
Exemption Rule: DOT/FAA 847, Aviation Records on Individuals, November
9, 2010 75 FR 68849. Records in this system that relate to administrative actions
and legal enforcement actions are exempted from certain access and disclosure
requirements of the Privacy Act of 1974, pursuant to 5 U.S.C. 552a(k)(2).
☐ No
Explanation:
Expected Publication:
☐ Not Applicable: SORN does not claim Privacy Act exemptions.
2.9 Has a PRIVACY IMPACT ASSESSMENT (PIA) been published for this
system?
☐ Yes:
☒ No: A PIA is in development.
16
U.S. Department of Transportation
☐ Not Applicable: The most recently adjudicated PTA indicated no PIA was
required for this system.
2.10 Does the system EXCHANGE (receive and/or send) DATA from another
INTERNAL (DOT) or EXTERNAL (non‐DOT) system or business activity?
☒ Yes:
Internal Data Exchanges:
Accident and Incident Data System (AIDS)
SAS receives aviation accident-related data from AIDS via Transmission Control
Protocol (TCP). AIDS sends the following information related to the aviation
accident or incident:
Airman’s full name;
Airman’s date of birth (DOB);
Airman certificate number (may include Airman’s social security number);
Certificate type;
Air operator’s full name;
Domicile zip code;
Aircraft registration number;
Aircraft serial number;
Aircraft make and model name;
Type of injury;
Full name of ASI (Inspector-in-Charge, or IIC);
IIC region and office code; and
Number of casualties or injuries for an accident or incident.
The purpose of this data exchange is to provide a count of the number of Accident
and Incidents for all CH/As over a period of five years and assist in the calculation of
a risk score for each CH/A in SAS. A MOU is in effect for this data exchange.
Civil Aviation Registry Applications (AVS Registry) (Aircraft Registry System
(ARS) subcomponent)19
SAS receives aircraft registration data from the ARS subcomponent of AVS Registry
via a Structured Query Language (SQL) service replication in real time. ARS sends
the following information:
Aircraft serial number (N-number);
Full name of aircraft owner;
Business address;
Aircraft make/model/serial number;
Aircraft manufacturer name;
19
AVS Registry (CSAM ID: 1416) has an adjudicated PTA, dated April 10, 2019.
17
U.S. Department of Transportation
Engine manufacturer/model name to SAS; and
Certificate class and date.
The purpose of the data exchange is to validate the aircraft information within SAS.
A MOU is in effect for this exchange (and the CAIS exchange referenced below).
Aviation Safety Inspector Credential Program (110A)
SAS sends 8430-13 en route inspection book data to the 110A system every four
hours via a Structured Query Language (SQL) Server Integration Services (SSIS)
protocol. SAS sends the following information:
Full name of inspector;
8430-13 number (8 digit number on a physical paper form); and
DCT ID.
The purpose of the data exchange is to assure that all of the ten coupons in the ASI’s
8430-13 inspection book have been completed prior to the return of the book to the
110A program office. A MOU between SAS and 110A has been drafted and waiting
approval from each Program office.
Comprehensive Airman Information System (CAIS), subcomponent of AVS
Registry
SAS receives airmen information from CAIS, a subcomponent of AVS Registry, via
a SQL server replication. CAIS sends the following information daily:
Full name of airman;
Airman certificate number; and
Certificate type.
The purpose of the exchange is for oversight and validating airmen information
within SAS. A MOU is in effect for this data exchange with AVS Registry.
Designee Management System (DMS)
SAS receives read-only designee data sent nightly by DMS via SQL server
replication. DMS sends the following information:
Full name of designee;
Designee number and type;
Designee expiration date;
Aircraft make and model name (associated with designee oversight activity);
Designee office code;
Designee oversight activity type name; and
Designee oversight activity tracking number.
18
U.S. Department of Transportation
The purpose of this data exchange is to provide workload and resourcing information
on the Office Workload list so CPMs can view what work designees are conducting
and adjust the workload of these designees as appropriate. Designees conduct
certification oversight on behalf of the FAA. A MOU is in effect between DMS and
SAS.
Enhanced Flight Standards Automation System (eFSAS)20
SAS sends and receives configuration information about CHs with eFSAS via an
automated call. CFR Parts 121, 135, and 145 configuration data is replicated to
SAS. eFSAS sends the following information to SAS:
Full name of air operator company;
Full name of CEO;
DBA name;
Business address;
Inspector name;
Inspector office;
Designator code; and
ODA.
SAS users update the CH configuration information in SAS with changes sent to
eFSAS via a web service. The purpose of the data exchange is to provide updated
CH information in eFSAS. A MOU is not in effect for this data exchange.
Enforcement Information System (EIS)
SAS receives enforcement investigative report (EIR) data from EIS nightly via SQL
remote-stored procedure. EIS sends the EIR Number, designator code, and status to
SAS. The purpose of the exchange is to supply SAS with any valid open EIR
numbers relevant to a certificate in its system. A MOU is in effect for this data
exchange.
FAA Management Information System (FAAMIS)21
SAS sends and receives data with FAAMS nightly via SQL service broker. SAS
receives National airman reference, aircraft, and simulator data from FAAMIS.
FAAMIS receives all PTRS and activity reference data from SAS, such as:
Full name of inspector;
Record ID;
Activity number;
Designator code;
Aircraft make/model/series;
Airman certificate number;
20
eFSAS (CSAM ID: 1896) has an adjudicated PTA, dated June 29, 2018.
21
FAAMIS (CSAM ID: 1981) does not have an adjudicated PTA. The FAA Privacy Office is currently
developing a PTA with the FAAMIS Program Office.
19
U.S. Department of Transportation
Full name of airman;
Examiner full name;
Instructor full name;
Instructor certificate number;
Aircraft serial number; and
Aircraft manufacture name.
SAS sends data to FAAMIS for use by other downstream systems that FAAMIS
provides information. A MOU is in effect for this data exchange.
Flight Standards Information System (FSIMS)22
SAS sends and receives inspection data with FSIMS via File Transfer Protocol
(FTP). SAS receives the FAA Order 8900.1 data to inform inspection duties. No PII
is exchanged between the two systems. SAS sends DCTs to the FSIMS via FTP for
the FSIMS librarian to manually upload from an Excel spreadsheet into FSIMS. A
MOU is in effect for this data exchange.
Integrated Airmen Certification and Rating Application (IACRA)23
SAS receives Program Tracking and Reporting Subsystem (PTRS) data and sends
eFSAS data using New Technology (NT) Local Area Network (LAN) manager
protocol. SAS sends and receives the following PII data:
DBA full name;
Inspector code;
Office code;
Airman certificate number;
Full name of CH/A;
Examiner name;
Full name of instructor; and
Instructor certification number.
The purpose of the data exchange is to accurately plan surveillance, investigation,
and certification work activities. A MOU is in effect for this data exchange between
the two systems.
Simulator Inventory and Evaluation Scheduling System (SIESS)24
SAS receives data from SIESS via SQL server replication on a weekly basis. SIESS
sends the following information to SAS:
Simulator ID;
Simulator manufacture ID;
22
FSIMS (CSAM ID: 1395) has an adjudicated PTA, dated October 1, 2015. The FAA Privacy office is
currently developing an updated PTA with the FSIMS Program Office.
23
IACRA (CSAM ID: 1398) has an adjudicated PTA, dated October 25, 2020.
24
SIESS (CSAM ID: 1420) has an adjudicated PTA, dated November 20, 2018July 16, 2021.
20
U.S. Department of Transportation
Aircraft make, model, and series;
Simulator location (city);
Full name of simulator sponsor;
Full name of person responsible for scheduling simulator;
Simulator region ID (FAA region where simulator exists); and
Simulator designator code.
The purpose of the data exchange is to assist inspectors with the assessment of CH’s
aircraft. SAS displays the list of simulators in the DCT module. A MOU is in effect
for this data exchange.
Safety Performance Analysis System (SPAS)25
SAS sends inspection/National Transportation Standards Bureau (NTSB) data on
CHs to SPAS through SQL server replication in real time. SAS sends the following
PII data elements to SPAS:
CH/A’s full name;
CH/A’s email address;
Company name;
Title;
Employee position;
Address;
Telephone number;
Airman certificate number and type;
Aircraft registration number;
Aircraft make/model/serial number;
Aircraft manufacturer name;
Engine manufacturer/model name; and
Aircraft owner’s full name and address.
The purpose of the data exchange is to count the number of fatal accidents and nonfatal accidents for all CH/As over a period of five years and calculate a score for
three risk factors, comprising the Certificate Holder Index (CHI), for each CH/A in
SAS. SPAS is the subscriber to SAS published database. A MOU is required for
this data exchange.
Web-based Operations Safety System (WebOPSS)26
SAS receives inspection data from WebOPSS via SQL server replication.
WebOPSS sends the following data elements to SAS:
CH/As operator information
Areas of operation;
25
26
SPAS (CSAM ID: 1422) has an adjudicated PTA, dated June 26, 2019.
WebOPSS (CSAM ID: 1410) has an adjudicated PTA, dated September 26, 2018.
21
U.S. Department of Transportation
Type of operation (passenger and/or cargo);
Airport data (Airport ID and Location);
Deviations and exemptions;
Aircraft listings;
Types and numbers of aircraft;
Inspector ID;
Designator code;
Aircraft serial number;
Certificate ID;
Certificate holder name; and
Aircraft registration number.
The purpose of the data exchange is to enable SAS to produce a CH operating profile
(CHOP) for each CH/A by SIESS sending authorizing information and aircraft
listing that apply for each CH/A. The CHOP provides a list of applicable
assessments for each certificate holder. A MOU is in effect for this data exchange.
FAA Directory Services (FAA DS)
SAS connects to FAA DS for the purpose of identity access and authentication for
FAA users. FAA DS sends the email address to SAS to authenticate all FAA users
into the system. DOT/ALL 13 provides SORN coverage for this exchange. An
enterprise-wide data sharing agreement is needed for the data exchange with FAA
DS.
External Data Exchanges:
U.S Government Publishing Office (GPO) Federal Digital System (FDsys)
SAS receives CFR data manually on an ad-hoc basis in XML format from the FDsys
website. FDsys is a system offered by the U.S. Government Publishing Office
(GPO) that provides free online access to official publications from all three
branches of the Federal Government. SAS uses FDsys as the statement of record
regarding Title 14 Code of Federal Regulations Parts 121, 135, and 145 covering Air
Carrier Certifications, Air Operator Certifications, and Air Agency Certifications. A
MOU is not required because the information is public available. There is no PII
obtained through this exchange.
☐ No
2.11 Does the system have a National Archives and Records Administration
(NARA)‐approved RECORDS DISPOSITION schedule for system records?
☒ Yes:
Schedule Identifier:
General Records Schedule (GRS) 3.2, Information System Security Records,
Approved September 2016.
22
U.S. Department of Transportation
Schedule Summary:
Item 30. System access records. Temporary. Destroy when business use ceases.
DAA-GRS-2013-0006-0003.
☐ In Progress:
NARA, DAA-0237-2020-0034
DAA-0237-2020-0034
SAS.pdf
Item 1: Certification (includes data concerning certification and applicants).
Temporary. Destroy five years after certificate is no longer active or when no longer
needed for reference, statistics or when information is superseded or becomes
obsolete, whichever is sooner.
Item 2: Risk assessment. Temporary. Destroy five years after certificate is no
longer active or when no longer needed for reference, statistics or when information
is superseded or becomes obsolete, whichever is sooner.
Item 3: Planning. Temporary. Destroy ten years or when no longer needed for
reference, statistics or when information is superseded or becomes obsolete,
whichever is sooner.
Item 4: Resource Worklist. Temporary. Destroy ten years or when no longer
needed for reference, statistics or when information is superseded or becomes
obsolete, whichever is sooner.
Item 5: Data Collection Tool Data. Temporary. Destroy after ten years, or when
no longer needed for reference, statistics or when information is superseded or
becomes obsolete, whichever is sooner.
Item 6: Analysis, Assessment, and Action Data. Temporary. Destroy after ten
years or when no longer needed for reference, statistics or when information is
superseded or becomes obsolete, whichever is sooner.
Item 7: On the Job Data. Temporary. Destroy after ten years or when no longer
needed for reference, statistics or when information is superseded or becomes
obsolete, whichever is sooner.
Item 8: Internal User/External User Information. Temporary. Destroy ten years
after the employee has departed the FAA and after all related records have been
disposed.
Item 9: Passenger Module Data (includes passenger and related hazardous
goods violations). Temporary. Destroy related content after ten years, passenger
PII is expunged after evaluated or letter processed.
Item 10: Certification, configuration and data collection data provided by
external users. Temporary. Certification and Configuration data: Destroy five
years after certificate is no longer active. Data Collection: Destroy after ten years
23
U.S. Department of Transportation
The FAA Records Information Management (RIM) office and SAS Program Office
have drafted the above referenced records schedule. The records schedule has yet to
be finalized and submitted to NARA.
☐ No:
3 SYSTEM LIFECYCLE
The systems development life cycle (SDLC) is a process for planning, creating,
testing, and deploying an information system. Privacy risk can change
depending on where a system is in its lifecycle.
3.1 Was this system IN PLACE in an ELECTRONIC FORMAT prior to 2002?
The E-Government Act of 2002 (EGov) establishes criteria for the types of
systems that require additional privacy considerations. It applies to systems
established in 2002 or later, or existing systems that were modified after 2002.
☐
Yes:
☒
No:
☐Not Applicable: System is not currently an electronic system.
Proceed to Section 4.
3.2 Has the system been MODIFIED in any way since 2002?
☒ Yes: The system has been modified since 2002.
☒ Maintenance.
☐ Security.
☒ Changes Creating Privacy Risk:
SAS now includes the Certificate Application Process, a Risk Assessment
Model, Activity Recording (PTRS was moved from eFSAS to SAS), and the
addition of CFR Parts 141,142, and 147 into SAS.
SAS installed a hazardous materials incident reporting module that is used by
the Office of Hazardous Materials Safety (AXH) to conduct surveillance on
Certificate Holders (CHs) and other entities that offer or transport hazardous
materials.
SAS now exchanges data with Accident Incident Data System (AIDS),
Designee Management System (DMS), and Aviation Safety Inspector
Credential Program (110A).
☐ Other:
☐ No: The system has not been modified in any way since 2002.
24
U.S. Department of Transportation
3.3 Is the system a CONTRACTOR‐owned or ‐managed system?
☐ Yes: The system is owned or managed under contract.
Contract Number:
Contractor:
☒ No: The system is owned and managed by Federal employees.
3.4 Has a system Security Risk CATEGORIZATION been completed?
The DOT Privacy Risk Management policy requires that all PII be protected
using controls consistent with Federal Information Processing Standard
Publication 199 (FIPS 199) moderate confidentiality standards. The OA Privacy
Officer should be engaged in the risk determination process and take data types
into account.
☒ Yes: A risk categorization has been completed.
Based on the risk level definitions and classifications provided above,
indicate the information categorization determinations for each of the
following:
Confidentiality:
☐ Low
☒ Moderate
☐ High
☐ Undefined
Integrity:
☐ Low
☒ Moderate
☐ High
☐ Undefined
Availability:
☐ Low
☐ Moderate
☒ High
☐ Undefined
Based on the risk level definitions and classifications provided above,
indicate the information system categorization determinations for each of
the following:
Confidentiality:
☐ Low
☒ Moderate
☐ High
☐ Undefined
Integrity:
☐ Low
☒ Moderate
☐ High
☐ Undefined
Availability:
☐ Low
☐ Moderate
☒ High
☐ Undefined
☐ No: A risk categorization has not been completed. Provide date of
anticipated completion. Click here to enter text.
3.5 Has the system been issued an AUTHORITY TO OPERATE?
☒ Yes:
Date of Initial Authority to Operate (ATO): 3/30/2020
Anticipated Date of Updated ATO: 3/30/2023
☐ No:
☐ Not Applicable: System is not covered by the Federal Information Security
Act (FISMA).
25
U.S. Department of Transportation
4 COMPONENT PRIVACY OFFICER ANALYSIS
The Component Privacy Officer (PO) is responsible for ensuring that the PTA is as
complete and accurate as possible before submitting to the DOT Privacy Office for
review and adjudication.
COMPONENT PRIVACY OFFICER CONTACT Information
Name: Essie L. Bell
Email: [email protected]
Phone Number: 202-267-6034
COMPONENT PRIVACY OFFICER Analysis
SAS is a public-facing, privacy sensitive system that monitors and manages aviation
certificate holders, applicants for certificates, continued operational safety (COS)
surveillance activities, and hazardous materials reporting. SAS collects and maintains PII
from members of the public, such as airmen, aircraft owners, certificated repair stations,
training schools, airplane passengers, and flight instructors, and the FAA employee and
contract workforce. A Privacy Impact Assessment is required for the collection of PII from
members of the public acting within an individual capacity.
SORN coverage is required for the individual certificate holder and applicant records
because a unique identifier, such as the CH/A’s full name and/or credential number,
retrieves records about these individuals. DOT/FAA 847, Aviation Records on Individuals,
75 FR 68849 (November 8, 2010) and DOT/FAA 801, Aircraft Registration Records 81 FR
54187 (August 15, 2016) provides SORN coverage for the CH/A records. SORN coverage
for FAA network access records falls under DOT/ALL 13, Internet/Intranet Activity and
Access Records, 67 FR 30757 (May 7, 2002).
Certain records in SAS come from individual aviators, business entities, and data exchanges
with various FAA systems. The Program Office and FAA RIM have determined these
records to be certification, risk assessment & planning, surveillance, and hazardous material
reporting records covered under DAA-0237-2020-0034, Items 1-10. National Archives and
Records Administration (NARA) has not finalized or approved this schedule. Additionally,
the IT access records are covered under NARA, General Records Schedule 3.2, approved
January 2017, Information System Security Records, Item 30 System Access Records are
temporary records that may be destroyed when business use ceases.
The following Plan of Action and Milestones (POA&Ms) are recommending to remediate
the following privacy risks:
AR-2(b) Privacy Impact and Risk Assessment (PIA)
o Issue: SAS collects PII from members of the public acting in an
individual capacity as airmen, air passengers, business entities, and
aircraft owners.
o Requirement: A PIA is required for the SAS system.
DM-2 Data Retention and Disposal/Retention/Scheduling/Secure
Destruction
26
U.S. Department of Transportation
o Issue: Referenced records schedule in the last adjudicated SAS PTA
did not match FAA declaration that records are about individuals nor
did it match the stated purpose of the system. Local FSDOs do not
retain or maintain SAS Forms in a consistent manner. Emailed or
mailed forms are either scanned and uploaded into a KSN shared
drive or paper copies are maintained in a locked file cabinet at the
FSDO. The Program office and FAA RIM developed a new Records
File Plan and Disposition Schedule (DAA-0237-2020-0034).
o Requirement: The SAS Program Office and FAA RIM developed a
new Records File Plan and Disposition Schedule (DAA-0237-20200034). The SAS Records Retention Plan was approved by the DOT
CPO and presented to NARA. The Records Retention Plan has yet to
be approved by NARA.
UL-1 Internal Use
o Issue: There is not a PII Data Sharing Agreement in place with
110A, eFSAS, SPAS, and FAA DS.
o Requirement: The SAS Program Office has been notified and is
developing PII Data Sharing Agreements with 110A, eFSAS, and
SPAS. An FAA enterprise-wide sharing agreement is needed for the
data exchange with FAA DS.
Note: AIDS adjudicated PTA does not cite the data exchange
with SAS and needs to be updated to account for the
interconnection.
Note: Form 8130-3, Application for Repair Station Certificate
and/or Rating, has an expired OMB control number, dated
October 31, 2018. The Paper Reduction Act (PRA) office
instructed that Form 8130-3 has a rolling month-to month
expiration date until OMB provides final approval.
The FAA is working to realign privacy risk management activities with the security
authorization process. In support of this effort, the SAS privacy risk management
assessment schedule is as follows:
March 2020 – New ATO issued (no privacy risk assessment completed)
June 2021- New PTA (this document)
March 2022 – Privacy Continuous Monitoring (PCM) Assessment
March 2023 – New PTA (when receiving new ATO)
27
U.S. Department of Transportation
5 COMPONENT REVIEW
Prior to submitting the PTA for adjudication, it is critical that the oversight offices
within the Component have reviewed the PTA for completeness, comprehension and
accuracy.
Component Reviewer
Name
Business Owner
John Frye
5/21/2021
General Counsel
Sarah Leavitt
7/7/2021
Information System
Security Manager (ISSM)
Click here to enter text.
Privacy Officer
Essie Bell
6/28/2021
Records Officer
Richard Allen
4/7/2021
Review Date
28
U.S. Department of Transportation
Control
#
Control Name
Primary PTA
Question
AP‐1
Authority to Collect
1.2 ‐ Overview
Satisfied
X
Other
than
Satisfied
N/A
DOT CPO Notes
14 CFR Part 121, 135, 141, 142, 145 and 147
49 CFR Parts 171‐180, 49 CFR 175.31, 49 CFR 171.8
DOT/FAA 847 ‐ Aviation Records on Individuals ‐ 75 FR 68849 ‐
November 9, 2010
DOT/FAA 801, Aircraft Registration Records, 81 FR 54187 ‐ August
15, 2016
AP‐2
Purpose Specification
1.2 ‐ Overview
X
AR‐1
Governance and Privacy Program
Common Control
X
Program
Management
Records created for the purposes of account creation, logging,
auditing, etc. are covered by DOT/ALL‐13.
Purpose defined.
Addressed by DOT CPO.
POA&M
Issue: System meets eGov requirements for PIA because it collects
and maintains information from members of the public.
Requirement: submit PIA. Timeline: 180 days.
The system is owned and managed by Federal employees.
AR‐2
Privacy Impact and Risk
Assessment
AR‐3
Privacy Requirements for
3.3 ‐ Contractor
Contractors and Service Providers System
AR‐4
Privacy Monitoring and Auditing
Common Control
X
Addressed by DOT CPO.
AR‐5
Privacy Awareness and Training
Common Control
X
Addressed by DOT CPO.
X
1
X
U.S. Department of Transportation
Control
#
Control Name
Primary PTA
Question
AR‐6
Privacy Reporting
Common Control
AR‐7
Privacy‐Enhanced System Design
and Development
2.5 ‐ SSN Reduction
AR‐8
Accounting of Disclosures
2.7 ‐ SORN
Satisfied
X
Other
than
Satisfied
N/A
DOT CPO Notes
Addressed by DOT CPO.
DI‐1
Data Quality
1.2 ‐ System
Overview
DI‐2
Data Integrity and Data Integrity
Board
3.4 ‐ Security Risk
Categorization
DM‐1
Minimization of PII
2.2 – Information
About Individuals
X
X
X
X
SAS collects Airman Certificate Numbers that, in some cases, may be
the airman’s Social Security Number (SSN). The Civil Aviation
Registry discontinued the practice of using the SSN as a certificate
number for original or new certificates in June of 2002. The Civil
Aviation Registry web site provides instructions for requesting a new
certificate that does not include the SSN.
Business owner is responsible for ensuring DOT Privacy Risk
Management Policy and the FIPPs are applied to all data holdings
and systems.
FAA is responsible for accounting of disclosures consistent with
SORNs ‐ DOT/FAA 847, Aviation Records on Individuals, November 9,
2010 75 FR 68849 and DOT/FAA 801, Aircraft Registration Records,
81 FR 54187 ‐ August 15, 2016.
Records created for the purposes of account creation, logging,
auditing, etc. are covered by DOT/ALL‐13.
Data quality is determined by OA information system owners.
X
Activity does not constitute sharing covered by the CMA.
Collection of PII commensurate with purpose of the system.
2
U.S. Department of Transportation
Control
#
Control Name
Primary PTA
Question
DM‐2
Data Retention and Disposal
2.11 ‐ Records
Disposition
Schedule
Satisfied
X
Other
than
Satisfied
DM‐3
Minimization of PII Used in
Testing, Training, and Research
2.2 – Information
About Individuals
IP‐1
Consent
2.7 ‐ SORN
X
IP‐2
Individual Access
2.8 – Exemption
Rule
X
3
N/A
DOT CPO Notes
Retention schedule in progress.
X
Note: Any unscheduled records, and records with schedules pending
NARA’s approval, must be kept indefinitely until NARA has approved
the applicable schedule. PIA must be updated to reflect schedules
once approved.
System not used for testing, training, research.
DOT/FAA 847 ‐ Aviation Records on Individuals ‐ 75 FR 68849 ‐
November 9, 2010
DOT/FAA 801, Aircraft Registration Records, 81 FR 54187 (August
15, 2016)
Information is collected directly from individual to the extent
practicable and authorized by law.
Records created for the purposes of account creation, logging,
auditing, etc. are covered by DOT/ALL‐13.
DOT/FAA 847, Aviation Records on Individuals, November 9, 2010
75 FR 68849. Records in this system that relate to administrative
actions and legal enforcement actions are exempted from certain
access and disclosure requirements of the Privacy Act of 1974,
pursuant to 5 United States Code 552a(k)(2). The exemption is
published in 49 CFR Part 10, Appendix (“B. The following systems of
records are exempt from subsections (c)(3) (Accounting of Certain
Disclosures) and (d) (Access to Records) of 5 U.S.C. 552a, in
accordance with 5 U.S.C. 552a(k)(2): 1. General Air Transportation
U.S. Department of Transportation
Control
#
Control Name
Primary PTA
Question
Satisfied
Other
than
Satisfied
N/A
DOT CPO Notes
Records on Individuals, maintained by various offices in the Federal
Aviation Administration (DOT/ FAA 847).”
IP‐3
Redress
2.7 ‐ SORN
X
IP‐4
Complaint Management
Common Control
X
SE‐1
Inventory of PII
Common Control
X
SE‐2
Privacy Incident Response
Common Control
X
TR‐1
Privacy Notice
2.7 ‐ SORN
X
TR‐2
System of Records Notices and
Privacy Act Statements
2.7 ‐ SORN
X
4
Records created for the purposes of account creation, logging,
auditing, etc. are covered by DOT/ALL‐13.
Privacy Act processes in place to support redress requests for
records maintained under DOT/FAA 847 and DOT/FAA 801. Records
created for the purposes of account creation, logging, auditing, etc.
are covered by DOT/ALL‐13.
Addressed by DOT CPO.
SAS is a privacy sensitive, PII system. System categorization at
Moderate Confidentiality is appropriate. The Adjudicated PTA or
copy of controls/POA&Ms should be included in the risk acceptance
package for the system.
The Adjudicated PTA should be uploaded into CSAM as evidence
that the required privacy analysis for this system has been
completed. POA&Ms from assessment must be entered in CSAM.
The PTA should be updated not later than the next security
assessment cycle and must be approved by the DOT CPO prior to
the authorization decision. Component policy or substantive
changes to the system may require that the PTA be updated prior to
the next security assessment cycle.
Addressed by DOT CPO.
DOT/ALL‐13, DOT/FAA 847 and DOT/FAA 801 published on
Departmental website; transportation.gov/privacy
Records created for the purposes of account creation, logging,
auditing, etc. are covered by DOT/ALL‐13.
U.S. Department of Transportation
Control
#
Control Name
Primary PTA
Question
TR‐3
Dissemination of Privacy Program Common Control
Information
UL‐1
Internal Use
2.10 ‐ Internal and
External Use
UL‐2
Information Sharing with Third
Parties
2.10 ‐ Internal and
External Use
Satisfied
Other
than
Satisfied
5
DOT CPO Notes
X
X
X
N/A
Addressed by DOT CPO.
POA&M
Issue: SAS does not have PII Data Sharing Agreement with 110A,
eFSAS, SPAS, DS. Requirement: Establish Data Sharing Agreement.
Timeline: 365 days or prior to next accreditation cycle.
Records created for the purposes of account creation, logging,
auditing, etc. are covered by DOT/ALL‐13
Note: AIT EDC, AIDS, DMS, DS, EIS, AVS Registry, eFSAS, FAAMIS,
FSIMS, IACRA, SPAS, WebOPSS, and AVS Registry require updated
PTA/PCM as appropriate. POA&Ms need to be entered into CSAM
for each system under AR‐2.
No PII exchanged.
File Type | application/pdf |
File Title | Microsoft Word - Privacy-FAA-SAS-PTA-06.04.2021.docx |
Author | karyn.gorman |
File Modified | 2021-07-16 |
File Created | 2021-07-16 |