Privacy Impact Assessment

Template Version Number: 01-2021

U.S. Department of Commerce
National Institute of Standards and Technology
(NIST)

Privacy Impact Assessment
for the
450-01 Baldrige Performance Excellence Program System (BPEP)

Reviewed by:

Claire Barrett, Chief Privacy Officer

Concurrence of Senior Agency Official for Privacy/DOC Chief Privacy Officer
Non-concurrence of Senior Agency Official for Privacy/DOC Chief Privacy Officer

______________________________________________________________________________
Signature of Senior Agency Official for Privacy/DOC Chief Privacy Officer
Date

Template Version Number: 01-2021

U.S. Department of Commerce Privacy Impact Assessment
National Institute of Standards and Technology (NIST)
Unique Project Identifier: 450-01
Introduction: System Description
Provide a brief description of the information system:
The Baldrige Performance Excellence Program (BPEP) oversees the nation's only
Presidential award for performance excellence while offering a wide array of awardwinning products and services, including the world-renowned Baldrige Excellence
Framework. The function/purpose of the system is to support the electronic needs and
activities of the internal and external customers in support of this mission. PII
processing components of this system include:
American Society for Quality (ASQ)
Web Applications
o Baldrige Examiner Applicant (BEA)
o Bridge Application (formerly Baldrige Online Scorebook Solution
(BOSS))
a. Whether it is a general support system, major application, or other type of system.
The 450-01 Baldrige Performance Excellence Program System (BPEP) is a general
support system.
b. System location
The ASQ component resides in a datacenter in Milwaukee, Wisconsin. All other
components of the 450-01 Baldrige Performance Excellence Program System (BPEP)
are located at the NIST Gaithersburg, Maryland facility within the continental
United States.
c. Whether it is a standalone system or interconnects with other systems (identifying and
describing any other systems to which ii interconnects)
The 450-01 Baldrige Performance Excellence Program System (BPEP) is a standalone
system.
d. The way the system operates to achieve the purpose(s) identified in Section 4
ASQ provides services in support of the BPEP. Tasks include process
management support, typesetting, printing, and distribution of program
documents, Award Cycle Evaluation Stages (including receipt of eligibility and
Award applications, Examiner assignments, scorebook checks (Bridge)),
Judges’ meetings notebook preparation, and site visit logistics). All functions
performed for NIST are carried out internally within ASQ, meaning they do
not maintain an external application to provide services to NIST.
1

Template Version Number: 01-2021

BEA is a public-facing web application that allows potential Baldrige
examiners (external users) to complete an online application. It also includes
an internal portion that is used to administer the site and review the
examiners.
Bridge is a public-facing web application that allows examiners and judges to
create and manage review of applicants throughout the award process.
e. How information in the system is retrieved by the user.
Authorized users enter and/or retrieve data directly from the components in the
system. Users must authenticate to each system component. Access to information is
restricted based on the user's role.
ASQ: Information is provided via hardcopy and/or exchanged through secure
file transfer service for ASQ to provide contracted services.
BEA: This site allows potential Baldrige examiners (external users) to
complete an online application. It also includes an internal portion that is used
to administer the site and review the applications. The site is operational only
during selection periods and will ask examiner applicants to enter their
qualification information into the website where it can be reviewed by the
Examiner Selection Committee at NIST.
Bridge: This web application allows examiners to create and manage review
of one applicant through the award process. Judges gain access to prepare for
their recommendation meeting. The Baldrige Primary System Administrator
and designated members of the Baldrige Staff have administrative privileges
within the application.
f. How information is transmitted to and from the system.
ASQ is provided information via hardcopy and/or exchanged through secure
file transfer service for ASQ to provide contracted services.
BEA and Bridge components use the Transport Layer Security (TLS)
protocol, which encrypts communications.
g. Any information sharing conducted by the system.
The system does not share information with other internal NIST business units.
h. The specific programmatic authorities (statutes or Executive Orders) for collecting,
maintaining, using, and disseminating the information.
The National Institute of Standards and Technology Act, as amended, 15
U.S.C. 271 et seq. (which includes Title 15 U.S.C. 272) and section 12 of the
Stevenson-Wydler Technology Innovation Act of 1980, as amended, 15 U.S.C.
371Oa, The "Federal Information Security Management Act of 2002 (FISMA).
The Baldrige Awards Program was created under public law 100-107 The
Malcolm Baldrige National Quality Improvement Act of 1987.
5 U.S.C. App.-Inspector General Act of 1978, § 2; 5 U.S.C. App.Reorganization Plan of 1970, § 2; 13 u.s.c. § 2; 13 u.s.c. § 131; 15 u.s.c. § 272;
15 u.s.c. § 1151; 15 U.S.C. §
2

Template Version Number: 01-2021

1501; 15 U.S.C. § 1512; 15 U.S.C. § 1516; 15 U.S.C. § 3704b; 16 U.S.C. § 1431;
35 U.S.C.
2; 42 U.S.C. § 3121 et seq.; 47 U.S.C. § 902; 50 U.S.C. App. § 2401 ct seq.; E.O.
11625;
77 FR 49699 (Aug. 16, 1012).
5 U.S.C. 301; 44 U.S.C. 3101; E.O. 12107, E.O. 13164, 41 U.S.C. 433(d); 5
U.S.C. 5379; 5 CFR Part 537; DAO 202-957; E.O. 12656; Federal
Preparedness Circular (FPC) 65, July 26, 1999; DAO 210-110; Executive
Order 12564; Public Law 100-71, dated July 11, 1987.
5 U.S.C. App.—Inspector General Act of 1978, § 2; 5 U.S.C. App.—
Reorganization Plan of 1970, § 2; 13 U.S.C. § 2; 13 U.S.C. § 131; 15 U.S.C. §
272; 15 U.S.C. § 1151; 15 U.S.C. § 1501; 15 U.S.C. § 1512; 15 U.S.C. § 1516; 15
U.S.C. § 3704b; 16 U.S.C. § 1431; 35 U.S.C. § 2; 42 U.S.C. § 3121 et seq.; 47
U.S.C. § 902; 50 U.S.C. App. § 2401 et seq.; E.O. 11625; 77 FR 49699 (Aug. 16,
1012).
i. The Federal Information Processing Standards (FIPS) 199 security impact category for
the system is Moderate.

3

Template Version Number: 01-2021

Section 1: Status of the Information System
1.1

Indicate whether the information system is a new or existing system.
This is an existing information system in which changes do not create new privacy risks,
and there is a SAOP approved Privacy Impact Assessment (version 01-2017 or later).
Changes That Create New Privacy Risks (CTCNPR)
Other changes that create new privacy risks:

Section 2: Information in the System
2.1
Indicate what personally identifiable information (PII)/business identifiable information
(BII) is collected, maintained, or disseminated. (Check all that apply.)
Identifying Numbers (IN)

File/Case ID
Other identifying numbers:
Explanation for the business need to collect, maintain, or disseminate the Social Security number, including
truncated form:

General Personal Data (GPD)

Name
Home Address
Telephone Number
Email Address
Education
Other general personal data:

Work-Related Data (WRD)

Occupation
Job Title
Work Address
Work Telephone Number
Work Email Address
Work History
Other work-related data:

Distinguishing Features/Biometrics (DFB)

Photographs
Other distinguishing features/biometrics:

System Administration/Audit Data (SAAD)

4

Template Version Number: 01-2021
Other system administration/audit data:

Other Information

2.2

Indicate sources of the PII/BII in the system. (Check all that apply.)

Directly from Individual about Whom the Information Pertains

Hard Copy - Mail/Fax
Online
Other:

Government Sources
Other:

Non-government Sources
Other:

2.3 Describe how the accuracy of the information in the system is ensured.
Each user enters his/her own data and are responsible for its initial accuracy. Data
inaccuracies are corrected via access and redress controls. In turn, this corrected data is
pulled into the 450-01 system as accurate data.
450-01 has several checks within the examiner application form process including
involvement from the data source (examiners) to verify accuracy. This ensures the
highest data integrity/quality on 450-01 partners is maintained.
2.4 Is the information covered by the Paperwork Reduction Act?
Yes, the information is covered by the Paperwork Reduction Act.
The OMB control number and the agency number for the collection:

OMB Control #0693-0079
OMB Control #0693-0006
OMB Control #0693-0033
2.5 Indicate the technologies used that contain PII/BII in ways that have not been previously
deployed. (Check all that apply.)
No
Technologies Used Containing PII/BII Not Previously Deployed (TUCPBNPD)
Other:

5

Template Version Number: 01-2021

Section 3: System Supported Activities
3.1
Indicate IT system supported activities which raise privacy risks/concerns. (Check all
that apply.)
No
The IT system supported activities which raise privacy risks/concerns.
Activities
Other:

Section 4: Purpose of the System
4.1
Indicate why the PII/BII in the IT system is being collected, maintained, or disseminated.
(Check all that apply.)
Purpose

For administrative matters
Other:

Section 5: Use of the Information
5.1
In the context of functional areas (business processes, missions, operations, etc.)
supported by the IT system, describe how the PII/BII that is collected, maintained, or
disseminated will be used. Indicate if the PII/BII identified in Section 2.1 of this document is in
reference to a federal employee/contractor, member of the public, foreign national, visitor or
other (specify).
The BEA web application collects General Personal Data and Work-Related Data for
applicants (e.g., members of the public) seeking the examiner role.
The Bridge web application enables review of program applicant information by the
examiner role.
ASQ receives paper-based program applicant information.
5.2

Describe any potential threats to privacy, such as insider threat, as a result of the
bureau’s/operating unit’s use of the information, and controls that the bureau/operating
unit has put into place to ensure that the information is handled, retained, and disposed
appropriately. (For example: mandatory training for system users regarding appropriate
handling of information, automatic purging of information in accordance with the
retention schedule, etc.)

6

Template Version Number: 01-2021

Unauthorized access could result in a breach of information.
Mitigating controls:
450-01 implements a data retention schedule and disposal plan. Only data required for
the 450-01 mission is used in 450-01. All 450-01 users are subject annual training
requirements and rules of behavior which can raise the necessary awareness to mitigate
data mishandling.
450-01 use is strictly limited to the 450-01 purpose. 450-01 authorized users are either
a NIST employee, contractor (e.g., associate), or examiner selected through a rigorous
process. Role based access controls are used.
All users are verified on an annual basis for continued authorization.
Section 6: Information Sharing and Access
6.1
Indicate with whom the bureau intends to share the PII/BII in the IT system and how the
PII/BII will be shared. (Check all that apply.)
No, the PII/BII in the system will not be shared.
The recipients the bureau intends to share the PII/BII in the IT system and how the PII/BII will
be shared.
Other:

6.2

Does the DOC bureau/operating unit place a limitation on re-dissemination of PII/BII
shared with external agencies/entities?

Yes
6.3

Indicate whether the IT system connects with or receives information from any other IT
systems authorized to process PII and/or BII.
No, this IT system does not connect with or receive information from another IT
system(s) authorized to process PII and/or BII.
The name of the IT system and description of the technical controls which prevent PII/BII leakage:

6.4

Identify the class of users who will have access to the IT system and the PII/BII. (Check
all that apply.)

Class of Users

Government Employees
Contractors
Other:

Section 7: Notice and Consent
7.1
Indicate whether individuals will be notified if their PII/BII is collected, maintained, or
7

Template Version Number: 01-2021

disseminated by the system.
Yes, notice is provided pursuant to a system of records notice published in the Federal
Register and discussed in Section 9.
Yes, notice is provided by a Privacy Act statement and/or privacy policy.
Yes, notice is provided by other means.
The Privacy Act statement and/or privacy policy can be found at:

The Privacy Act statement and/or site privacy policy can be found at:
https://www.nist.gov/oism/site-privacy.
The reason why notice is/is not provided:

Applicants are notified in the application, to include consent for collection of
photographs of Examiners and Judges.
7.2 Indicate whether and how individuals have an opportunity to decline to provide PII/BII.
Yes, individuals have an opportunity to decline to provide PII/BII.
The reason why individuals can/cannot decline to provide PII/BII:

Individuals may decline to provide information by not completing the application
process. However, doing so would result in an incomplete application which would not
be accepted.
7.3

Indicate whether and how individuals have an opportunity to consent to particular uses of
their PII/BII.
Yes, individuals have an opportunity to consent to particular uses of their PII/BII.
The reason why individuals can/cannot consent to particular uses of their PII/BII:

Individuals have opportunity to consent to particular uses of their information within
the application process.
7.4

Indicate whether and how individuals have an opportunity to review/update PII/BII
pertaining to them.
Yes, individuals have an opportunity to review/update PII/BII pertaining to them.
The reason why individuals can/cannot review/update PII/BII:

Since the award cycle is annual, information is updated in alignment with this cycle
(reapplication occurs each year). However, individuals also have opportunity to
review/update their information by contacting a BPEP support member.
Section 8: Administrative and Technological Controls
8.1
Indicate the administrative and technological controls for the system. (Check all that
apply.)
All users are required to sign a confidentiality agreement or non-disclosure
agreement.
All users are subject to a Code of Conduct that includes the requirement for
confidentiality.
Staff (employees and contractors) received training on privacy and confidentiality
policies and practices.
Access to the PII/BII is restricted to authorized personnel only.
8

Template Version Number: 01-2021

Access to the PII/BII is being monitored, tracked, or recorded.
The information is secured in accordance with the Federal Information Security
Modernization Act (FISMA) requirements.
The Federal Information Processing Standard (FIPS) 199 security impact category
for this system is a moderate or higher.
NIST Special Publication (SP) 800-122 and NIST SP 800-53 Revision 5
recommended security and privacy controls for protecting PII/BII are in place and
functioning as intended; or have an approved Plan of Action and Milestones
(POA&M).
A security and privacy assessment report has been reviewed for the supporting
information system and it has been determined that there are no additional privacy
risks.
Contractors that have access to the system are subject to information security and
privacy provisions in their contracts required by DOC policy.
Reason why access to the PII/BII is being monitored, tracked, or recorded:

Access logs are kept and reviewed for anomalies.
The information is secured in accordance with FISMA requirements.

Is this a new system? No
Below is the date of the most recent Assessment and Authorization (A&A).
8/31/2023
Other administrative and technological controls for the system:

8.2

Provide a general description of the technologies used to protect PII/BII on the IT system.
(Includes data encryption in transit and/or at rest, if applicable).
BEA is used by members of the public to apply to become examiners. It is in the Public
Sensitive Zone, and access from the internet is directed through a reverse proxy device.
Bridge is used by NIST employees and examiners to create and manage a review of one
applicant through the award process. Access is restricted based on a user's examiner
assignment.
The application is accessible on internal NIST networks protected by multiple layers of
firewalls. Unauthorized use of the system is restricted by user authentication. Access
logs are kept and reviewed for anomalies on an as needed basis. Data is stored on
servers located at the NIST Gaithersburg, Maryland facility within the continental
United States. Data on the servers is encrypted at rest and in transit.
When users access the system, PII is transferred in a secure fashion. To guard against
the interception of communication over the network, the components use the Transport
Layer Security (TLS) protocol which encrypts communications. Access to 450-01
requires NIST issued credentials because access is restricted by user authentication.
NIST remote and other agency users access 450-01 from an authorized DOC network,
or via connecting to the NIST network through a Virtual Private Network (VPN).

Section 9: Privacy Act
9

Template Version Number: 01-2021

9.1
Is the PII/BII searchable by a personal identifier (e.g, name or Social Security number)?
Yes, PII/BII is searchable by a personal identifier.
9.2

Indicate whether a system of records is being created under the Privacy Act, 5 U.S.C.
§ 552a. (A new system of records notice (SORN) is required if the system is not covered
by an existing SORN).
As per the Privacy Act of 1974, “the term ‘system of records’ means a group of any records under the control of any agency from which
information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned
to the individual.”

Yes, this system is covered by an existing system of records notice (SORN).
SORN name, number, and link:

COMMERCE/DEPT-18: Employees Personnel Files Not Covered by Notices of Other
Agencies
COMMERCE/DEPT-23: Information Collected in Connection with Department of
Commerce Activities, Events, and Programs.
SORN submission date to the Department:

Section 10: Retention of Information
10.1 Indicate whether these records are covered by an approved records control schedule and
monitored for compliance. (Check all that apply.)
Yes, there is an approved record control schedule.
Name of the record control schedule:

NIST Records Schedule N1-167-09-0 l: Malcolm Baldrige National Quality Award
Program
The stage in which the project is in developing and submitting a records control schedule:

Yes, retention is monitored for compliance to the schedule.
Reason why retention is not monitored for compliance to the schedule:

10.2 Indicate the disposal method of the PII/BII. (Check all that apply.)
Disposal

Shredding
Overwriting
Deleting
Other disposal method of the PII/BII:

Section 11: NIST Special Publication 800-122 PII Confidentiality Impact Level
11.1 Indicate the potential impact that could result to the subject individuals and/or the
organization if PII were inappropriately accessed, used, or disclosed. (The PII
Confidentiality Impact Level is not the same, and does not have to be the same, as the
Federal Information Processing Standards (FIPS) 199 security impact category.)
Low – the loss of confidentiality, integrity, or availability could be expected to have a
limited adverse effect on organizational operations, organizational assets, or individuals.
10

Template Version Number: 01-2021

11.2 Indicate which factors were used to determine the above PII confidentiality impact level.
(Check all that apply.)
Factors that were used to determine the above PII
confidentiality impact levels

Explanation

Context of Use

General Personal Data and WorkRelated Data collected is for the annual
award cycle.

Section 12: Analysis
12.1 Identify and evaluate any potential threats to privacy that exist in light of the information
collected or the sources from which the information is collected. Also, describe the
choices that the bureau/operating unit made with regard to the type or quantity of
information collected and the sources providing the information in order to prevent or
mitigate threats to privacy. (For example: If a decision was made to collect less data,
include a discussion of this decision; if it is necessary to obtain information from sources
other than the individual, explain why.)
Threats to privacy could arise from collecting more data than is necessary by not
employing data minimization. Threats could exploit data secondary use (using personal
information for a purpose other than the purpose for which it was collected). An
administrator (data handler) could inadvertently combine multiple data sets resulting
in aggregation (combining various pieces of personal information).
Mitigating controls:
450-01 implements a data retention schedule and disposal plan. Only data required for
the 450-01 mission is used in 450-01. All 450-01 users are subject to annual training
requirements and rules of behavior which can raise the necessary awareness to mitigate
data mishandling.
12.2 Indicate whether the conduct of this PIA results in any required business process changes.
No, the conduct of this PIA does not result in any required business process changes.
Explanation
12.3 Indicate whether the conduct of this PIA results in any required technology changes.
No, the conduct of this PIA does not result in any required technology changes.
Explanation

11