Draft SORN

DEPARTMENT OF DEFENSE
Department of the Army
Narrative Statement for a Modified System of Records
Under the Privacy Act of 1974
1.

System name and number: Academy Management System, A150-1 USMA

D

R

AF
T

2.
Nature of proposed modifications for the system: The United States Military Academy
(USMA) requests a new System of Record Notices (SORN) to replace and consolidate other
SORNs. The consolidation is driven by a new Army Regulation (AR), and the consolidation of
multiple information technology (IT) systems into a single IT system of systems. The changes
convey, more accurately and in a single place, the evolved status of the Academy Management
System (AMS). Below is an elaboration of each change.
a. This request reflects an effort to consolidate multiple SORNs into a single SORN which
itself represents a consolidation of formerly independent systems into an integrated system of
systems. The consolidation includes the following SORNs
(1) A0037-104-3 USMA, USMA Cadet Account System
(2) A0351-17a USMA, USMA Candidate Files
(3) A0351-17b USMA, USMA Academy Management System
(4) A0614-100/200 USMA, Evaluation/Assignment of Academic Instructors
(5) A0351-12DAPE, Applicants/Students, USMA Prep School
b. Over the course of years, USMA has sought to combine the functionality of multiple
disconnected and disparate automated and manual systems into a coherent information collection
called the Academy Management System (AMS) that supports decision making by USMA
leadership. As part of recent efforts to improve the auditable implementation of the Risk
Management Framework (RMF), USMA is reducing the number of individual declarations and
consolidating them into a single System of Record Notice (SORN). USMA expects to expend
fewer resource to maintain a single SORN over time, than it previously expended for multiple
SORNs.
3.
Specific authority under which USMA maintains the system of records:
5 U.S.C. 301, Departmental Regulations, 10 U.S.C. 7013 Secretary of the Army; 10 U.S.C. 7440
Quartermaster, 10 U.S.C. 7450 Cadets: Clothing and Equipment, 10 U.S.C. 9431, Establishment:
Superintendent: Faculty; 10 U.S.C. 9432 Departments and Professors: Titles: 10 U.S.C. 9434,
Command and Supervision; US Army Regulation 150-1 USMA Organization, Administration,
and Operation and E.O. 9397 (SSN), Title 7—Fiscal Guidance, General Accounting Office
Policy and Procedures Manual for Guidance of Federal Agencies.
4.
Evaluation of the probable or potential effect on the privacy of individuals: The risk of
unauthorized access to records is medium due to the high impact personally identifiable
information (PII) stored in AMS, the quantities of such PII, the extensive use of AMS throughout
the academy. Compensatory policy and technical controls reduce the residual risk of storing and
maintaining high impact PII to medium.
Individual effects will vary based on the nature of a breach and whether breached data was high,
medium, or low impact PII. High impact PII breaches will create risks of identity theft and

institutional reputational harm to USMA. Low impact PII breaches will create risks of
embarrassment for the leaked parties as well as USMA (e.g., grades for courses).
5.
Routine use compatibility:
Routine Uses are set forth in 32 CFR Appendix C to Part 310 with procedures and sanctions set
forth in 5 U.S.C. 552a(b) of the Privacy Act of 1974.
Further routine use and release of documents include:

D

R

AF
T

a. To contractors, grantees, experts, consultants, students, and others performing or working
on a contract, service, grant, cooperative agreement, or other assignment for the federal
government when necessary to accomplish an agency function related to this system of
records.
b. To the appropriate Federal, State, local, territorial, tribal, foreign, or international law
enforcement authority or other appropriate entity where a record, either alone or in
conjunction with other information, indicates a violation or potential violation of law,
whether criminal, civil, or regulatory in nature.
c. To any component of the Department of Justice for the purpose of representing the DoD,
or its components, officers, employees, or members in pending or potential litigation to
which the record is pertinent.
d. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative
body or official, when the DoD or other Agency representing the DoD determines that
the records are relevant and necessary to the proceeding; or in an appropriate proceeding
before an administrative or adjudicative body when the adjudicator determines the
records to be relevant to the proceeding.
e. To the National Archives and Records Administration for the purpose of records
management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
f. To a Member of Congress or staff acting upon the Member’s behalf when the Member or
staff requests the information on behalf of, and at the request of, the individual who is the
subject of the record.
g. To appropriate agencies, entities, and persons when (1) the DoD suspects or confirms a
breach of the system of records; (2) the DoD determines as a result of the suspected or
confirmed breach there is a risk of harm to individuals, the DoD (including its
information systems, programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with the DoD’s efforts to respond to the suspected or
confirmed breach or to prevent, minimize, or remedy such harm.
h. To another Federal agency or Federal entity, when the DoD determines that information
from this system of records is reasonably necessary to assist the recipient agency or entity
in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or entity (including its
information systems, programs and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
i. To such recipients and under such circumstances and procedures as are mandated by
Federal statute or treaty.

2

OMB public information collection requirements:

R

6.

AF
T

j. To educational institutions for the purpose of admissions to other educational degree
programs and further educational degree programs.
k. To transfer initial commissioning data from USMA as a commissioning source to Human
Resources Command (HRC).
l. To provide and receive data to the New York State Commission of Education in support
of cadets taking the Fundamentals of Engineering (FE) exam, USMA receiving data back
from NY State, and USMA recording the exam results.
m. To provide data exchange with Defense Finance and Accounting Service (DFAS) and the
Internal Review Service (IRS) in support of cadets filing taxes, especially for special pay
received at USMA.
n. To provide data exchange and analysis with HQDA G1’s Office of Economic and
Manpower Analysis (OEMA) and OEMA systems (SORN Registration A0680-31 DSC
G-1).
o. To provide data to NCAA for mandatory reporting and NCAA compliance assessments.
p. To provide data to academic accreditation bodies for the College and for the various
accredited academic programs.
q. To transfer medical information documents received from applicants to the Department
of Defense Health Agency (DHA) for those cadets who accept appointments to USMA
and report for duty at USMA.
r. To publish graduates’ Cullum numbers in the Federal Register
s. To communicate with USMA Field Force and Congressional Offices as part of the
Admissions Process.
t. To provide data to DoD Travel System (DTS) in support of USMA directed and/or
USMA funded travel.

OMB Collection required: Yes
OMB Control Numbers: 0702-0060

D

USMA has no additional control numbers, though in accordance with Army Regulation 25-98
Information Management Control Requirements Program, will apply for such additional control
numbers as necessary.
7.
Name of IT system: Academy Management System, as a named sub-system to the West
Point Research and Education Network (WREN) DITPR 31338.
8.
Is the system, in whole or in part, being maintained, (maintained, collected, used, or
disseminated) by a contractor? Yes.

3