How is access to SBU/PII determined and by whom?
Bank Secrecy Act (BSA) users apply for access to a user specific domain via BEARS
process. During the BEARS approval process, the BSA functional BEARS administrator
determines appropriateness of user group. There are additional access controls within the
user group table within the application. Data access is limited to the approved user group
role.
RECORDS RETENTION SCHEDULE
Are these records covered under a General Records Schedule (GRS, IRS Document 12829), or
has the National Archives and Records Administration (NARA) approved a Records Control
Schedule (RCS, IRS Document 12990) for the retention and destruction of official agency
records stored in this system?
Yes
How long are the records required to be held under the corresponding GRS or RCS, and how
are they disposed of? In your response, please provide the GRS or RCS chapter number, the
specific item number, and records series title.
Title 31 data is approved for destruction when 20 years old or when no longer needed for
administrative, legal, audit or other operational purposes, whichever is later (Job No. DAA-
0058-2012-0007). These data disposition instructions, along with dispositions approved for
Title 31 inputs, outputs, system documentation, audit logs and system backups will be
published in Document 12990 under Records Control Schedule (RCS) 28, item 242c for
Collection when next updated/published.
SA&A OR ASCA
Has the system been through SA&A (Security Assessment and Authorization) or ASCA (Annual
Security Control Assessment)?
Yes
What date was it completed?
5/18/2021
Describe the system's audit trail.
A complete audit trail of the use of the system is captured and includes every login, logoff,
file access and database query. The system monitors for security risks and compliance
violations to ensure that the use of the system takes place only for an approved purpose that
is within the professional responsibility of each user. Title 31 is following the appropriate
audit trail elements pursuant to current Audit Logging Security Standards.