Download:
pdf |
pdfFrom:
Sent:
To:
Cc:
Subject:
Leeb, Karen M. (CDC/OD/OCSO)
Tuesday, September 15, 2009 3:28 PM
Thomas, Cheryll C. (CDC/CCHP/NCCDPHP)
Coble, Cheryl A. (CDC/OD/OCSO)
RE: 308(d) and in-progress ICR package for NPCR CSS
Hi Cheryll,
We wanted to follow up with you on the two outstanding questions from last week re: position
descriptions and the OMB question.
For 308(d) purposes, Confidentiality has established that the Technical Steward is the individual
who is intimately knowledgeable of all of the aspects of the project. They are very familiar with
the day-to-day workings of the system and are in a position to realize when uses of the data
appear appropriate.
The Business Steward is a person in line management, generally Branch Chief level or above,
who has the authority to obligate individuals to comply with measures. We require a Business
Steward so that were there a breach of confidentiality, this person would be in a position to
impose sanctions on the individual (e.g. if a staff member were found to violate the pledge of
confidentiality that will be obtained during the training, the Business Steward would be able to
decide on disciplinary measures that might be taken, such as possible suspension, etc.)
Both stewards would be involved in obtaining the pledges that are included in the Security
Statement, ensuring that they are signed by all of the members of a component who have access
to the data.
As for the communication with OMB, you can tell them that your extension application is being
processed, and that it has been CDC practice to consider that the 308(d) protection continues as
long as the Project Officer has indicated that the protection is still needed and a request for
extension is being prepared.
Please let us know if you have any questions.
Karen
File Type | application/pdf |
File Modified | 2009-09-18 |
File Created | 2009-09-18 |