AGENCY:

Office of Mission Support (OMS), Environmental Protection Agency (EPA).

ACTION:

Notice of a new system of records.

SUMMARY:

The U.S. Environmental Protection Agency's (EPA), Office of Mission Support (OMS), Strategic IT Investment Staff (SITIS) is giving notice that it proposes to create a new system of records pursuant to the provisions of the Privacy Act of 1974. EPA has developed the Purchase Card Order Request System (PCORS) to manage the pre-approval process for purchase card transactions and to place orders after approval.

DATES:

Persons wishing to comment on this system of records notice must do so by January 10, 2022. New routine uses for this new system of records will be effective January 10, 2022.

ADDRESSES:

Submit your comments, identified by Docket ID No. EPA-HQ-OMS-2021-0297, by one of the following methods:

Federal eRulemaking Portal: https://www.regulations.gov. Follow the online instructions for submitting comments.

Email: docket_oms@epa.gov. Include the Docket ID number in the subject line of the message.

Fax: 202-566-1752.

Mail: OMS Docket, Environmental Protection Agency, Mail Code: 2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.

Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are only accepted during the Docket's normal hours of operation, and special arrangements should be made for deliveries of boxed information.

Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-2021-0297. The EPA's policy is that all comments received will be included in the public docket without change and may be made available online at https://www.regulations.gov,, including any personal information provided, unless the comment includes information claimed to be Controlled Unclassified Information (CUI) or other information for which disclosure is restricted by statute. Do not submit information that you consider to be CUI or otherwise protected through https://www.regulations.gov. The https://www.regulations.gov website is an “anonymous access” system for the EPA, which means the EPA will not know your identity or contact information. If you submit an electronic comment, the EPA recommends that you include your name and other contact information in the body of your comment. If the EPA cannot read your comment due to technical difficulties and cannot contact you for clarification, the EPA may not be able to consider your comment. If you send an email comment directly to the EPA without going through https://www.regulations.gov,, your email address will be automatically captured and included as part of the comment that is placed in the public docket and made available on the internet. Electronic files should avoid the use of special characters, any form of encryption, and be free of any defects or viruses. For additional information about the EPA public docket, visit the EPA Docket Center homepage at https://www.epa.gov/​dockets.

Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some information is not publicly available, e.g., CUI or other information for which disclosure is restricted by statute. Certain other material, such as copyrighted material, will be publicly available only in hard copy. Publicly available docket materials are available either electronically in https://www.regulations.gov or in hard copy at the OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. The Public Reading Room is normally open from 8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal holidays. The telephone number for the Public Reading Room is (202) 566-1744, and the telephone number for the OMS Docket is (202) 566-1752.

Temporary Hours During COVID-19

Out of an abundance of caution for members of the public and our staff, the EPA Docket Center and Reading Room are closed to the public, with limited exceptions, to reduce the risk of transmitting COVID-19. Our Docket Center staff will continue to provide Start Printed Page 70492 remote customer service via email, phone, and webform. We encourage the public to submit comments via https://www.regulations.gov/​ or email, as there may be a delay in processing mail and faxes. Hand deliveries and couriers may be received by scheduled appointment only. For further information on EPA Docket Center services and the current status, please visit us online at https://www.epa.gov/​dockets.

FOR FURTHER INFORMATION CONTACT:

Please submit questions to Michael Hardy, U.S. EPA, 1200 Pennsylvania Avenue, Room 3352-L, Washington, DC 20460, hardy.michael@epa.gov at 202-564-7899 or Dina Castellon, U.S. EPA, 1200 Pennsylvania Avenue, Room 3352-Q, Washington, DC 20460, castellon.dina@epa.gov at 202-564-4912.

SUPPLEMENTARY INFORMATION:

EPA developed PCORS for use on EPA's Business Automation Platform (BAP), a strategic platform for business process automation. PCORS is accessible through https://forms.epa.gov and https://epaoei.lightning.force.com/​lightning/​page/​home. EPA uses PCORS to manage the pre-approval process for purchase card orders and to place orders once approved. Requesters can submit their requests in PCORS (Interface 1). Requests are then routed to the purchase cardholder (PCH) for an initial review, followed by the cardholder's approving official (AO), and finally the Funds Certifying Officer (FCO) for funding before notifying the cardholder that the request is in Fully Approved—Ready to Order status. The PCH, AO, and FCO are the three mandatory approvers on each purchase request though other roles are available in the system.

SYSTEM NAME AND NUMBER:

Purchase Card Order Request System (PCORS), EPA-88.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Electronic records are maintained at the National Computer Center (NCC), 109 TW Alexander Drive, Research Triangle Park, Durham, NC 27711.

SYSTEM MANAGER(S):

Michael Hardy, hardy.michael@epa.gov at 202-564-7899, Director, OMS-ARM, Strategic IT Investment Staff (SITIS), Environmental Protection Agency, William Jefferson Clinton—North Building, 1200 Pennsylvania Avenue NW, Washington, DC 20460.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Environmental Protection Agency Acquisition Guide, EPAAG—Chapter 13, Subsection 13.3.1, “Government-wide Commercial Purchase Card”; Executive Order 12072 (Aug. 16, 1978); Federal Property and Administrative Services Act of 1949, 40 U.S.C. 121; Executive Order 9397 (Nov. 22, 1943). 42 U.S.C. 290dd-1, 290ee-1; 5 U.S.C. 7901; Executive Order 12564 (Sept. 15, 1986); Office of Federal Procurement Policy Act of 1974, 41 U.S.C. 414; Public Law 107-67, Section 630; Executive Order 9397.5 U.S.C. 1104, 5 U.S.C. 1302, 5 U.S.C. 3301, 5 U.S.C. 3304, 5 U.S.C., 3320, 5 U.S.C. 3327, 5 U.S.C. 3361, and 5 U.S.C. 3393; The Telework Enhancement Act of 2010 (December 9, 2010); and Public Law 111-292.

PURPOSE(S) OF THE SYSTEM:

The purpose of the Purchase Card Order Request System (PCORS) is to manage the pre-approval process for purchase card transactions. EPA also uses PCORS to place orders once approved by the three mandatory approvers: The Purchase Cardholder, the Approving Official, and the Funds Certifying Officer.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

EPA employees, contractors, and grantees.

CATEGORIES OF RECORDS IN THE SYSTEM:

Order request ID, requester, request status, office/lab, branch, request type, name, contact, customer account number, email, phone, address, city, state, shipping name, shipping address, cardholder, approving official, Funds Certifying Official, deputy director, director/division director, human resource official, Information Management Officer (IMO)/IT reviewer, printing reviewer, facilities reviewer, 508 reviewer, property reviewer, health and safety reviewer.

RECORD SOURCE CATEGORIES:

The sources of data within PCORS are from the user and other Agency systems, including, the Enterprise Identity Data Warehouse (EIDW)—managed by the Agency's Enterprise IT Service Desk (EISD), the Federal Personnel and Payroll System (FPPS)—managed by the U.S. Department of the Interior, the Electronic Product Environmental Assessment Tool (EPEAT) Site Link—managed by the Green Electronics Council, the Information Management Officer (IMO) Reference List—managed by the EPA Chief Information Officer's Senior Advisory Council, and the System for Award Management (SAM)—managed by U.S. General Services Administration.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The routine uses below are both related to and compatible with the original purpose for which the information was collected. The following general routine uses apply to this system: A, B, C, D, E, F, G, H, I, J, K, L, and M.

A. Disclosure for Law Enforcement Purposes: Information may be disclosed to the appropriate Federal, State, local, tribal, or foreign agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information is relevant to a violation or potential violation of civil or criminal law or regulation within the jurisdiction of the receiving entity.

B. Disclosure Incident to Requesting Information: Information may be disclosed to any source from which additional information is requested (to the extent necessary to identify the individual, inform the source of the purpose of the request, and to identify the type of information requested,) when necessary to obtain information relevant to an agency decision concerning retention of an employee or other personnel action (other than hiring,) retention of a security clearance, the letting of a contract, or the issuance or retention of a grant, or other benefit.

C. Disclosure to Requesting Agency: Disclosure may be made to a Federal, State, local, foreign, or tribal or other public authority of the fact that this system of records contains information relevant to the retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit. The other agency or licensing organization may then make a request supported by the written consent of the individual for the entire record if it so chooses. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the agency or to another Federal agency for criminal, civil, administrative, personnel, or regulatory action.

D. Disclosure to Office of Management and Budget: Information may be disclosed to the Office of Management and Budget at any stage in the legislative coordination and clearance process in connection with private relief legislation as set forth in OMB Circular No. A-19.

E. Disclosure to Congressional Offices: Information may be disclosed to a congressional office from the record of an individual in response to an inquiry Start Printed Page 70493 from the congressional office made at the request of the individual.

F. Disclosure to Department of Justice: Information may be disclosed to the Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before which the Agency is authorized to appear, when:

1. The Agency, or any component thereof;

2. Any employee of the Agency in his or her official capacity;

3. Any employee of the Agency in his or her individual capacity where the Department of Justice or the Agency have agreed to represent the employee; or

4. The United States, if the Agency determines that litigation is likely to affect the Agency or any of its components.

Is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the Agency is deemed by the Agency to be relevant and necessary to the litigation provided, however, that in each case it has been determined that the disclosure is compatible with the purpose for which the records were collected.

G. Disclosure to the National Archives: Information may be disclosed to the National Archives and Records Administration in records management inspections.

H. Disclosure to Contractors, Grantees, and Others: Information may be disclosed to contractors, grantees, consultants, or volunteers performing or working on a contract, service, grant, cooperative agreement, job, or other activity for the Agency and who have a need to have access to the information in the performance of their duties or activities for the Agency. When appropriate, recipients will be required to comply with the requirements of the Privacy Act of 1974 as provided in 5 U.S.C. 552a(m).

I. Disclosures for Administrative Claims, Complaints and Appeals: Information from this system of records may be disclosed to an authorized appeal grievance examiner, formal complaints examiner, equal employment opportunity investigator, arbitrator or other person properly engaged in investigation or settlement of an administrative grievance, complaint, claim, or appeal filed by an employee, but only to the extent that the information is relevant and necessary to the proceeding. Agencies that may obtain information under this routine use include, but are not limited to, the Office of Personnel Management, Office of Special Counsel, Merit Systems Protection Board, Federal Labor Relations Authority, Equal Employment Opportunity Commission, and Office of Government Ethics.

J. Disclosure to the Office of Personnel Management: Information from this system of records may be disclosed to the Office of Personnel Management pursuant to that agency's responsibility for evaluation and oversight of Federal personnel management.

K. Disclosure in Connection With Litigation: Information from this system of records may be disclosed in connection with litigation or settlement discussions regarding claims by or against the Agency, including public filing with a court, to the extent that disclosure of the information is relevant and necessary to the litigation or discussions and except where court orders are otherwise required under section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).

The two routine uses below (L and M) are required by OMB Memorandum M-17-12.

L. Disclosure to Persons or Entities in Response to an Actual or Suspected Breach of Personally Identifiable Information: To appropriate agencies, entities, and persons when (1) EPA suspects or has confirmed that there has been a breach of the system of records, (2) EPA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, EPA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with EPA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

M. Disclosure to Assist Another Agency in Its Efforts to Respond to a Breach of Personally Identifiable Information: To another Federal agency or Federal entity, when EPA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

These records are maintained electronically on computer storage devices which are located at EPA, OMS-ARM, Strategic IT Investment Staff (SITIS). SITIS manages the system, which is located at the National Computer Center (NCC) in Research Triangle Park, North Carolina in access-controlled rooms, areas, and buildings. Digital backups will be maintained at a disaster recovery site. Computer records are maintained in a secure password protected environment. Access to computer records is limited to those who have a need to know. Permission level assignments will allow users access only to those functions for which they are authorized.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The primary retrieval method is by searching the employee's name and EPA Order Request ID (form ID).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

PCORS and the requests within PCORS fall under EPA's Records Control Schedule 0042. Cardholders are to download the PDF version of their requests and save them for their records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Security controls used to protect Personally Identifiable Information (PII) in PCORS are commensurate with those required for an information system rated MODERATE for confidentiality, integrity, and availability, as prescribed in National Institute of Standards and Technology (NIST) Special Publication, 800-53, “Security and Privacy Controls for Information Systems and Organizations,” Revision 5.

1. Administrative Safeguards: EPA personnel are required to complete annual agency Information Security and Privacy training. EPA personnel are instructed to lock their computers when they leave their desks.

2. Technical Safeguards: Electronic records are maintained in a secure, password protected electronic system. PCORS access is limited to authorized, authenticated users integrated with the Agency's single-sign-on. This integration uses the user's LAN credentials to identify the user prior to granting access to the platform and PCORS system. All the system's electronic communication utilizes the agency's Secure Sockets Layer (SSL) encryption for all transactions.

3. Physical Safeguards: All records are maintained in secure, access-controlled areas or buildings.

RECORD ACCESS PROCEDURES:

Individuals seeking access to information in this system of records Start Printed Page 70494 about themselves are required to provide adequate identification ( e.g., driver's license, military identification card, employee badge or identification card). Additional identity verification procedures may be required, as warranted. Requests must meet the requirements of EPA regulations that implement the Privacy Act of 1974, at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:

Requests for correction or amendment must identify the record to be changed and the corrective action sought. Complete EPA Privacy Act procedures are described in EPA's Privacy Act regulations at 40 CFR part 16.

NOTIFICATION PROCEDURE:

Individuals who want to know whether this system of records contains information about them should make a written request to the EPA, Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, privacy@epa.gov.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.