FTI Security EnhancementsWork Order – 0527

2012 Annual DRAP Training ConferenceOctober 3, 2012Doris Hartman

2

• Today’s Agenda• Why are we making these changes?

• Safeguard Review Preliminary Findings

• Expected Business Outcomes

• Security Changes

• FTI Security Changes

• Centralized Security Buckets

• Other Security Bucket Changes

• Screen Changes

• FTI Labeled Screens

• Masked Screens

• FSUM Enhancements

FTI Security Enhancements

3

• System Issues identified in the Safeguard Review Preliminary Findings Report issued January 31st, 2012

• BCSE is making unauthorized disclosure of FTI by printing receipt detail information on check stubs.

• BCSE is making unauthorized disclosure of FTI on a telephonic Integrated Voice Response (IVR) system. (The CP receives source of payment information for all payments except FTI payments.)

• BCSE does not restrict access to FTI to authorized individuals on a “need to know” basis.

• BCSE does not label electronic FTI when displayed on PACSES Screens.  

FTI Security Enhancements

4

• BCSE is making unauthorized disclosure of FTI by printing receipt detail information on check stubs.

•All receipt numbers removed from disbursement file and no longer printed on SCDU check stubs.

•Change to check template became effective April 10, 2012.

FTI Security Enhancements

5

• BCSE is making unauthorized disclosure of FTI on a telephonic Integrated Voice Response (IVR) system. (The CP receives source of payment information for all payments except FTI payments.)

•The payment source information has been removed from both the PACSES and SCDU IVRs.

•Change migrated to Production January 12, 2012.

FTI Security Enhancements

6

• Expected Business Outcomes

• PACSES screens are properly labeled so that FTI information appearing on the screens can be properly protected and handled according to the procedures outlined in IRS Publication 1075.

• Access to FTI is now properly restricted to individuals (not teams) authorized to view FTI as part of their routine job functions and who have a need to view FTI data.

• The findings of the IRS Safeguard Review Preliminary Findings Report are being addressed so that there is no interruption of FTROP collections.

• Drill functionality is added back to the Financial Summary (FSUM) screen to allow Domestic Relations Staff to be able to view financial data without viewing FTI data.

FTI Security Enhancements

7

• Today’s Agenda• Why are we making these changes?

• Safeguard Review Preliminary Findings

• Expected Business Outcomes

• Security Changes

• FTI Security Changes

• Centralized Security Buckets

• Other Security Bucket Changes

• Screen Changes

• FTI Labeled Screens

• Masked Screens

• FSUM Enhancements

FTI Security Enhancements

8

• WO-0527 FTI Security Enhancement Changes

• BCSE does not restrict access to FTI to authorized individuals on a “need to know” basis.

• BCSE does not label electronic FTI when displayed on PACSES Screens.  

FTI Security Enhancements

9

• Security will be assigned at a worker level (WACI) only.

• Elimination of Team (TACI), Unit (UACI) and County (CACI) level security assignment. The screens are removed from PACSES. **Counties are still able to use Teams and Units for the purpose of

scheduling and case management.**

• All workers are now required to have a worker level security (WACI) record. SMEs completed outreach with counties July – September 2012 to ensure all workers have WACI records.

• The ability to view FTI data will be ‘access controlled’ based on the security buckets assigned to the worker and based on the security level of the PACSES screen.

• Assignment of FTI Security Buckets and the DRSRTUPD security bucket are now controlled centrally by BCSE. A new form and process will be implemented to allow DRS Directors to request access to these security buckets.

PACSES Security Changes

10

• Three Levels of FTI Access

• No access to FTI Data or Access Controlled Screens• Users receives a “Not Authorized” error when attempting to navigate to

any screen defined as access controlled • Data identifiable as FTI is “masked” or suppressed on other screens

defined as commonly used screens

• No access to FTI Access Controlled Screens but allowed to view FTI data• A new security bucket ‘CFTIINQ’ allows users to view unmasked data

on screens that are commonly used in DRS business.

• Full Access to FTI screens and Data. • These users need the appropriate security buckets to view and/or

update the access controlled screens • These users also require the new CFTIINQ security bucket to view

unmasked data on screens that are commonly used in DRS business.

PACSES Security Changes

11

Access Controlled Screens

Screen Name FTI Data Displayed Updated By

AHLD Address Hold Release Receipt Number payment source (I). County/SCDU

BATH Batch Control History Payment method (I) and Payment Source (IRS). Read Only

CBAT Batch Control Batch Collection origination (I). Payment method (I) and Payment Source (IRS). SCDU

CPOS Post Collections Batch Collection origination (I). Payment method (I) and Payment Source (IRS). SCDU

CPUD Unidentified Receipts – By Date Batch Collection origination (I) and Payment method (I). Read Only

CPUN Unidentified Receipts – By Name Batch Collection origination (I), Payment method (I) and Receipt Number payment source (I). Read Only

CPUR Post Unidentified Receipts Batch Collection origination (I), Payment Source (IRS), Payment method (I) and Joint tax and TANF indicators. County/SCDU

DISB Disburse Receipt Receipt Number including payment source (I) as key (required entry). SCDU

DISR Disbursement Hold Release Intercept Type as key (I), Disb Hold Date (reveals collection dates for FTROP). SCDU

FCLG IRS Full Collection Log Legacy FTI CountyHIRA Held IRS Disbursement History Legacy FTI Read OnlyHIRS Held IRS Disbursements Legacy FTI SCDUIOVR IRS Offset Status and Override Legacy FTI CountyIRCR Tax Collection Detail Legacy FTI Read OnlyIRML IRS Member Transaction Log Legacy FTI Read OnlyIRSL IRS Case Transaction Log Legacy FTI Read Only

12

Access Controlled Screens

Screen Name FTI Data Displayed Updated By

MDST Manual DistributionReceipt Number including payment source (I) as key (required entry), Payment Source (IRS), IRS Fed Fee, Worker ID (batch program associated specifically with FTROP processing).

County/SCDU

PARR Reverse Partial ReceiptReceipt Number, including payment source (I) as key (required entry), Payment method (I) and EFT/Item Number (FTROP distinctive trace number).

SCDU

PDOV Passport denial Status/Override Legacy FTI County

PHLD Disbursement Payee Hold Receipt Number payment source (I). County/SCDU

POFF Payee Offset History Receipt Number payment source (I). Read Only

RREV Receipt Reversal Receipt Number including payment source (I) as key (required entry) and Payment method (I). SCDU

SACF Annual Federal User Fee Receipt Number payment source (I). SCDU

SUDS Suspended Disbursements Receipt Number payment source (I). SCDU

TRNL Financial Transaction LogPayment source (I) in the reference ID for receipt transactions, unique log entries associated with FTROP only, short transaction descriptions.

Read Only

13

• Assignment of FTI Security Buckets and the DRSRTUPD security bucket are now controlled centrally by BCSE.

PACSES Security Changes

Security Bucket DescriptionCFTIINQ (new) Confidential Federal Tax Information InquiryDRSRTUPD (modified) DRS Reference Table UpdateIRSINQ (modified) IRS Coordinator InquiryIRSUPD IRS Coordinator UpdatePHLDUPD (new) Payee Hold UpdateRAFININQ (new) Restricted Access Financial InquiryRAFINUPD (new) Restricted Access Financial Update

The below security buckets are for Non-DRS UsersDISRUPD DISR UpdateFXUUPD FXU UpdateMDSTUPD MDST UpdatePARTUPD PA State Reference Table UpdateSCDUAUPD SCDU Administrator UpdateSCDUFUPD SCDU Financial Update

14

• Additional Changes included in this work order

• A new form and process allows DRS Directors to request access to these security buckets.

• To ADD, CHANGE, or DELETE one of the 13 centrally controlled security buckets the FTI / Administrative Security Request Form needs to be submitted

• The form is available on the PACSES Home Page / IRS Security Suite (left Hand Navigation Panel) / FTI Security Enhancements

FTI Security Enhancements

15

• Additional Changes included in this work order

•A comprehensive review of all PACSES Security buckets has been completed to align security with individual job responsibilities and to remove duplication.  Based on this review new security buckets were created, existing security buckets were modified, and some security buckets were deleted.   

•The appropriate security buckets were ascertained during the county outreach and all workers were set with worker level security (WACI) with the security buckets designated as required for each individual’s job duties.

FTI Security Enhancements

16

• Today’s Agenda• Why are we making these changes?

• Safeguard Review Preliminary Findings

• Expected Business Outcomes

• Security Changes

• FTI Security Changes

• Centralized Security Buckets

• Other Security Bucket Changes

• Screen Changes

• FTI Labeled Screens

• Masked Screens

• FSUM Enhancements

FTI Security Enhancements

17

Screens Labeled as ‘FTI’

Screen. Name FTI Data DisplayedAHLD Address Hold Release Receipt Number payment source (I).ADJL Adjustment Detail Transaction Adjustment type, Receipt Number including payment

source (I), Worker ID, and Offset Type (F)BATH Batch Control History Payment method (I) and Payment Source (IRS).CBAT Batch Control Batch Collection origination (I), Payment method (I) and

Payment Source (IRS).

CINQ Collections Inquiry by PayorReceipt Number, including payment source (I), County Code (00 associated with intercepts), Payment Method (I), Payment Source (IRS), EFT/Item Number (distinctive FTROP trace number)

CPOS Post Collections Batch Collection origination (I), Payment method (I) and Payment Source (IRS).

CPUD Unidentified Receipts – By Date Batch Collection origination (I) and Payment method (I).CPUN Unidentified Receipts – By Name Batch Collection origination (I), Payment method (I) and

Receipt Number payment source (I).CPUR Post Unidentified Receipts Batch Collection origination (I), Payment Source (IRS),

Payment method (I) and Joint tax and TANF indicators.DISB Disburse Receipt Receipt Number including payment source (I).DISR Disbursement Hold Release Intercept Type as key (I), Disb Hold Date (reveals

collection dates for FTROP).

18

Screens Labeled as ‘FTI’

Screen Name FTI Data DisplayedDSBL Detail Transaction Log Receipt Number, including payment source (I).FCLG IRS Full Collection Log Legacy FTIHIRA Held IRS Disbursement History Legacy FTIHIRS Held IRS Disbursements Legacy FTIHRCT Release Receipt on Hold County, Batch Collection origination (I), Payment

Source (IRS), TANF Indicator, Joint Tax IndicatorICOL Interstate Collection Data CSENet Payment SourceIOVR IRS Offset Status and Override Legacy FTIIRCR Tax Collection Detail Legacy FTIIRML IRS Member Transaction Log Legacy FTIIRSL IRS Case Transaction Log Legacy FTIIVAL Welfare Distribution Log Receipt Number, including payment source (I)

MDST Manual DistributionReceipt Number including payment source (I), Payment Source (IRS), IRS Fed Fee, Worker ID (batch program associated specifically with FTROP processing).

PARR Reverse Partial ReceiptReceipt Number, including payment source (I), Payment method (I) and EFT/Item Number (FTROP distinctive trace number).

19

Screens Labeled as ‘FTI’

Screen Name FTI Data Displayed

PDOV Passport denial Status/Override Legacy FTI

PHLD Disbursement Payee Hold Receipt Number payment source (I).

POFF Payee Offset History Receipt Number payment source (I).

RCTL Receipt Distribution DetailReceipt Number, including payment source (I), Payment Source (IRS), Worker ID (batch program associated specifically with FTROP processing), EFT/Check Number (distinctive FTROP trace number)

RREV Receipt Reversal Receipt Number including payment source (I) and Payment method (I).

SACF Annual Federal User Fee Receipt Number payment source (I). SUDS Suspended Disbursements Receipt Number payment source (I).

TRNL Financial Transaction LogPayment source (I) in the reference ID for receipt transactions, unique log entries associated with FTROP only, short transaction descriptions.

20

Screens Labeled as ‘FTI’

21

Screens Labeled as ‘FTI’

22

Commonly Used Screens

Screen Name FTI Data Displayed Updated By

ADJL Adjustment Detail Transaction

Receipt Number, including payment source (I) visible in header and/or detail information, Adjustment Type (description), Worker ID (batch program associated specifically with FTROP processing) and Offset Type (F).

Read Only

CINQ Collections Inquiry by Payor

Receipt Number, including payment source (I), County Code (00 associated with intercepts), Payment Method (I), Payment Source (IRS), and EFT/Item Number (distinctive FTROP trace number).

Read Only

DSBL Detail Transaction Log Receipt Number, including payment source (I). County/SCDU

HRCT Release Receipts on Hold Batch Collection origination (I), Payment Source (IRS), TANF and Joint tax Indicators. County/SCDU

ICOL Interstate Collection Data CSENet Payment source. Read Only

IVAL Welfare Distribution Log Receipt Number, including payment source (I). Read Only

RCTL Receipt Distribution Detail

Receipt Number, including payment source (I) as key (required entry), Payment Source (IRS), Worker ID (batch program associated specifically with FTROP processing) and EFT/Check Number (distinctive FTROP trace number).

Read Only

23

ADJL Masking Example

24

CINQ Masking Example

25

DSBL Masking Example

26

HRCT Masking Example

27

ICOL Masking Example

28

IVAL Masking Example

29

RCTL Masking Example

30

FSUM Enhancements

Drills toADJLACCLRCTLDSBLADJLHRCTIVAL

31

FTI Security Enhancements

QUESTIONS?