Personnel Security Activities Management System (PSAMS)/Integrated Security Management System (ISMS)
- By Grey McKenzie
- Published Wednesday 30th 2008
- Cyber Security Government Watch
- Unrated
Uses of the System and the Information
The overall use(s) of personally identifiable information has not changed with the introduction of the ISMS update.
However, in addition to the list of uses outlined in the PSAMS PIA, the ISMS system provides support to the following other security clearance related processes:
• Special Access
• Separation
• Periodic Reinvestigations
• Reinstate Security Clearance
• Security Clearance Downgrade
• Suspend/Withdraw
• Deny/Revoke Clearance
• Appeals
The only additional risk associated with this update is that additional information is being collected as described
in the sections above.
These risks are mitigated with the following security controls:
• Specific security roles have been defined and implemented within the application to control access to the additional information.
• Any additional information stored in large text fields will be stored in an encrypted form in the database
• When this additional information is stored as an attachment on the server, file access will be restricted by file permissions to prevent access by those without an appropriate requirement for access.
• Network access to the application is made via a Secure Sockets Layer (SSL) connection to the ISMS environment.
However, in addition to the list of uses outlined in the PSAMS PIA, the ISMS system provides support to the following other security clearance related processes:
• Special Access
• Separation
• Periodic Reinvestigations
• Reinstate Security Clearance
• Security Clearance Downgrade
• Suspend/Withdraw
• Deny/Revoke Clearance
• Appeals
The only additional risk associated with this update is that additional information is being collected as described
These risks are mitigated with the following security controls:
• Specific security roles have been defined and implemented within the application to control access to the additional information.
• Any additional information stored in large text fields will be stored in an encrypted form in the database
• When this additional information is stored as an attachment on the server, file access will be restricted by file permissions to prevent access by those without an appropriate requirement for access.
• Network access to the application is made via a Secure Sockets Layer (SSL) connection to the ISMS environment.
