 USDA Integrated Acquisition System 
System of Records Notice

SYSTEM NUMBER:
	005-03-01-81-01-1020-00-405-143

SYSTEM NAME:
  Integrated Acquisition System (IAS)

SECURITY CLASSIFICATION:
	Moderate
  
SYSTEM LOCATION:
      National Information Technology Center (NITC)
      8930 Ward Parkway
      Kansas City, Missouri 64114
      
      George Washington Carver Center (GWCC)
      5601 Sunnyside Avenue 
      Beltsville, Maryland 20705
      


CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:  
 	These records include information about Federal or contractor employees of the United States Department of Agriculture whose procurement records are stored in IAS.   

CATEGORIES OF RECORDS IN THE SYSTEM:
	 Employee and contractor’s names,  tax identification or social security number, and/or other potentially personal identifiable information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
 	 Procurement at USDA is governed by a number of statues: 
      The E-Government Act of 2002, 44.U.S.C. 3541, et seq., the Government Paperwork Elimination Act (“GPEA”), Pub. L. No. 105-277, 5 U.S.C 3504 note; the Paperwork Reduction Act, 44 U.S.C 3501 to 3520

41USC48b governs the requirement for publication in the Federal Register.  

      41 USC is Public Contracts - 41 USC Chapter 7 - Office of Federal Procurement Policy contains information regarding procurement related requirements.
 
      41 USC 414 Establishes the requirements regarding the Chief Acquisition Officers & Senior Procurement Executives.
 
      41 USC 426 (FAR 4.5) establishes the general policy with respect to the use of electronic commerce in Federal Procurement.

      48 CFR Chapter 4 is the AGAR, which is USDA's specific procurement regulation.  CFR Title 7 is the codified rules related to Agriculture, including the delegation by the Secretary of Agriculture.
 
      Departmental Regulation (DR) 5039-7 is the Delegation of Procurement Authority for Information Technology.


PURPOSE(S):
    To authorize system access and verify authorization to access IAS.  This Privacy Act system of records covers employee or contractor name, tax identification or social security number records USDA Office of Procurement and Property Management retrieves using identifiers for individuals.
    
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
    Routine uses of this system are compatible with the purpose for which these records are collected.  Specifically, IAS is routinely used by contracting, requisition, approval and error management personnel to:
    (1) Create requisitions for goods and services;
    (2) Approve requisitions for goods and services;
    (3) Cancel requisitions for goods and services;
    (4) Create purchase orders for goods and services;
(5) Receive and approve invoices for payment to vendor for their goods and services;
(6) Create audit and performance reports on the status of procurement activities for vendors and USDA employees;
    (7) Manage errors and conflicts in the procurement process
DISCLOSURE TO CONSUMER REPORTING AGENCIES
Subject to the above usage, these records, or information there from, may be disclosed as a routine use to:
        (a) Disclose information to the Department of Justice (DOJ) when seeking legal advice or for use in any proceeding, or in preparation for any proceeding, when: (a) the USDA or any component thereof; (b) any USDA employee in his or her official capacity; (c) any USDA employee in his or her individual capacity if the USDA or DOJ has agreed to provide representation for the employee; or (d) the United States is a party to, has an interest in, or is likely to be affected by, the proceeding and the USDA or DOJ determines that the records are relevant and necessary to the proceeding or advice sought. 
	This is compatible with the purpose for which the records are collected because it allows the Department of Justice to represent the USDA during the course of litigation. 
       (b) Disclose information during a proceeding before a court, administrative tribunal, or other adjudicative body when: (a) the USDA or any component thereof; (b) any USDA employee in his or her official capacity; (c) any USDA employee in his or her personal capacity if the USDA or DOJ has agreed to provide representation for the employee; or (d) the United States is a party to, has an interest in, or is likely to be affected by, the proceeding and the USDA or DOJ determines that the information is relevant and necessary to the proceeding. Information may be disclosed to the adjudicative body to resolve issues of relevancy, necessity, or privilege pertaining to the information.
      This is compatible with the purpose for which the records are collected because the disclosure permits the agency to present evidence in a case where the government has a cognizable interest in the resolution of the controversy and the person making the disclosure has determined that the records are relevant and necessary to the resolution and no privilege is asserted.  This routine use also makes clear that if an issue is raised about the relevancy, necessity, or privilege of information, the information may be disclosed to the neutral to resolve such issue.
      (c) Disclosure to a congressional office in response to any inquiry from the congressional office made at the request of that individual
      (d) Disclose information to a contractor, including an expert witness or a consultant, hired by the USDA, to the extent necessary for the performance of a contract. 
	This is compatible with the purpose for which the records are collected because it allows the USDA to use its resources efficiently by allowing disclosure to the extent necessary for the performance of a contract.
		(e) Disclose information to the Office of Government Ethics when the records are relevant and necessary to resolving any conflict of interest, conduct, financial statement reporting, or other ethics matter, within the jurisdiction of this office.  
      This is compatible because it permits the USDA to assist this office with ensuring that employee(s) comply with application ethical mandates.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, 
RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE: 
      Records are maintained electronically on magnetic backup tapes and in an electronic database.
RETRIEVABILITY:
      Data is retrieved by employee or contractor name, Tax identification number or social security number. 


SAFEGUARDS:
      Only authorized USDA procurement personnel will have access to these records.  IAS has been categorized as a Moderate impact system as identified in Federal Information Processing Standard (FIPS) 199.  The security controls implemented within IAS will correspond with those published in the NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Technology Systems (Revision1) for a Moderate impact system. 
      Users are only granted system access upon successful completion of security training and each user is supplied with a unique and strong user-id and password.  The user roles are restrictive and based on the principle of least privilege allowing for adequate performing of job functions and access to information based on a need to know.  
      Due to the financial nature of IAS, the system also adheres to the security controls identified in the Federal Information Security Control Audit Manual (FISCAM).  The mandatory requirements of FIPS 199 and FIPS 200 support the Federal Information Security Management Act (FISMA) and the FISCAM supports the mandated Office of Management and Budget (OMB) Circular A-123, Management of Internal Controls.  
      Moreover, Specific USDA security requirements are adhered to through the USDA Cyber Security Manuals including but not limited to: DM3545-000 Personnel Security, and DM3510-001 Physical Security Standards for Information Technology (IT) Restricted Space. 
      
RETENTION AND DISPOSAL:
	IAS records are retained and disposed of in accordance with General Record Schedule 3 - Procurement, Supply, and Grant Records and General Record Schedule 24 - Information Technology Operations and Management Records.

SYSTEM MANAGER(S) AND ADDRESS:
    Ruby Harvey, Division Chief, DA/OPPM-PSD, 300 7th Street S.W., Room # 262, Washington, DC, 20024, (202) 401-4081.

NOTIFICATION PROCEDURE:
	Direct inquiries as to whether this system contains a record pertaining to an individual to the Privacy Act Officer, Departmental Administration, 1400 Independence Avenue, SW., Washington, DC 20250-9883, in accordance with the procedures set forth in 12 CFR part 913.
.
RECORDS ACCESS PROCEDURES:
	Direct access to a record pertaining to an individual should be directed to the Privacy Act Officer, Departmental Administration, 1400 Independence Avenue, SW, Washington, DC 20250-9883, in accordance with the procedures set forth in 12 CFR part 913.

CONTESTING RECORDS PROCEDURES:
	Contesting a record pertaining to an individual should be directed to the Privacy Act Officer, Departmental Administration, 1400 Independence Avenue, SW, Washington, DC 20250-9883, in accordance with the procedures set forth in 12 CFR part 913.

RECORDS SOURCE CATEGORIES:
      Employee Name, Contractor Name, Home Address, Contractor Office Phone Number, Contractor Address, Tax Identification Number and Social Security Number are derived from a system account application.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
18


1