1. NESTOA September 20, 2011 Safeguards Program Briefing

2. 2 Safeguards Program The Office of Safeguards ensures that the federal tax information provided outside the Service is protected as if in IRS hands.  Internal Revenue Code (IRC) Section 6103 provides authority for disclosing federal tax administration (FTI) to local, state and federal agencies.  Protecting FTI is a condition of receipt.  IRS Office of Safeguards is responsible for ensuring compliance with Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies.

3. 3 Safeguards Areas of Responsibilities  Safeguarding FTI is a continuous process, evaluating an agency’s current risk profile and assisting them to enhance their protection of FTI  Each agency must comply with IRS safeguarding requirements and interacts with the Office of Safeguards through several work streams:  Safeguards Procedures Report (SPR)  Safeguards Activity Report (SAR)  On-site review & Safeguard Review Report (SRR)  Monitoring of corrective actions (CAP)  Requests for technical assistance

4. 4 Today’s Focus Key Discussion Topics:  Need & Use of Federal Tax Information (FTI)  Incident Management  Safeguards Advisory Counsel (SAC)

5. 5 Need & Use of Federal Tax Information  Governmental Liaison Data Exchange Program (GLDEP) and other IRS data sources  Extracts of individual and business FTI  Distributed electronically (generally) in specified time periods  Disclosure determination versus disclosure verification  Determination done before data released  Verification done after data released as part of on-site review

6. 6 Incident Management  Key components to effective incident management  Labeling and auditing of FTI  Training employees with access to FTI. Training should also include contractors, consolidated data center personnel, off-site storage personnel – all individuals with authorized access to FTI  Timely notification of TIGTA & Safeguards  Annual test of incident management procedure  Learn from the incident – both the agency & Safeguards  Modifications to systems, processes, policies, training  Modifications to requirements, guidance

7. 7 Safeguards Advisory Council (SAC)  Joint FTA/IRS Group  State representatives (11) – computer security professionals (6), disclosure officers (4) & as-assigned member  IRS representatives (7) – four standing & 3 ad hoc  Purpose  Serve as a feedback vehicle regarding development and implementation of safeguards controls or requirements  Recommend mutually agreeable solutions to ensure the protection and privacy of federal tax information  Monthly teleconferences

8. 8 Questions?