- 1.2.11 Policy Statements for Information Technology Activities
- 22.214.171.124 Introduction to Information Technology related Policy Statements
- 126.96.36.199.1 Policy Statement 2-5 (New)
- 188.8.131.52.2 Policy Statement 2-90 (formerly P-1-144)
- 184.108.40.206.3 Policy Statement 2-91 (formerly P-1-227)
- 220.127.116.11.4 Policy Statement 2-92 (formerly P-1-228)
- 18.104.22.168.5 Policy Statement 2-93 (formerly P-1-229)
- Exhibit 1.2.11-1 All Active Policy Statements for Information Technology Activities
Part 1. Organization, Finance, and Management
Chapter 2. Servicewide Policies and Authorities
Section 11. Policy Statements for Information Technology Activities
July 27, 2012
(1) This transmits new IRM 1.2.11, Servicewide Policies and Authorities, Policy Statements for Information Technology Activities.
(1) These policy statements are renumbered according to applicable IRS business processes:
P-2-90 (formerly 1-144), Designing safeguards for computer systems. See IRM 22.214.171.124.2.
P-2-91 (formerly 1-227), Management information needs are to be considered in designing or revising automated systems. See IRM 126.96.36.199.3.
P-2-92 (formerly 1-228),Deviation from compatibility standards for Federal Information Processing (FIP) equipment and software requires Chief Information Officer (CIO) approval. SeeIRM 188.8.131.52.4.
P-2-93 (formerly 1-229),Management and Control of Automated Data Processing (ADP) Property. See IRM 184.108.40.206.5.
(2) A complete inventory of the policy statements for Information Technology Activities now appears at the end of the section.
Kathryn A. Greene
Director, Servicewide Policy, Directives
and Electronic Research
This IRM contains the Policy Statements which relate to Information Technology activities. Each Policy Statement is now categorized by the process to which it belongs. Distribution of the IRM should be to all persons having a need for any of the Policy Statements. The fact that Policy Statements apply to all Service personnel involved in the type of program, activity, function, or work process covered by them remains unchanged.
An initiative is underway to completely overhaul the Commissioner's Policies. Some of them exceed 40 years old and due to changes in IRS climate and technological advancements, no longer serve their original intended purpose. The Office of the Chief Counsel and the Office of Servicewide Policy, Directives, and Electronic Research (SPDER) are working with the division and functional owners of the policy statements to determine which ones are still current, which ones should be cancelled, and which ones need revision.
Any Policy Statement approved after this revision of IRM 1.2.11 is posted to IRS.gov and can be accessed through the ReferenceNet web site under the Instructions to Staff tab at the top and then to "Recently Approved Policy Statements." They will remain on the web until the next revision is made to this IRM. The address is http://rnet.web.irs.gov/index.htm.
If any Policy Statements have been inadvertently omitted from this Section they are still considered official and in full force and effect. Please send any discrepancies found to email@example.com.
For Access to Electronic and Information Technology
The Internal Revenue Service shall take positive and persistent steps to ensure compliance with Section 508 of the Rehabilitation Act of 1973 (29 USC § 794 d). The Internal Revenue Service will ensure that electronic and information technology (EIT) that is developed, procured, maintained, or used by the Service, will meet applicable accessibility standards so that employees with disabilities have access to and use of the EIT to perform their assigned functions that is comparable to the access and use by employees who are not disabled. Executives, managers, and supervisors shall work to provide access to all of its programs, services, and information that is comparable to the level of access provided to employees who are not disabled unless an undue burden would be imposed on the Agency.
For Access to Electronic and Information Technology for Members of the Public with Disabilities
The Internal Revenue Service shall take the necessary action to ensure that members of the public with disabilities have comparable access to its programs, activities, and information as members of the public that are not disabled. The Internal Revenue Service shall comply with all of the requirements of Section 508 of the Rehabilitation Act of 1973 (29 USC § 794 d) and procure, develop, use or maintain electronic and information technology that meets the applicable technical provisions unless an undue burden would be imposed on the Agency.
Designing safeguards for computer systems
The Service relies heavily on automatic data processing systems to meet tax administration, financial, and informational requirements. It is essential that these systems be protected from abuse, fraud, or disruption; and that both the systems software and the data that are processed be afforded adequate physical, procedural, and systemic protection. To provide such protection, employees who design computer systems must ensure that appropriate physical protection, management controls, and systemic security measures that meet Service computer security standards are part of that design.
Management information needs are to be considered in designing or revising automated systems
Service officials will insure that management information needs are considered and incorporated as appropriate into designs of, or revisions to, automated systems. Steps will also be taken to provide uniformity of data elements with other management information systems.
Deviation from compatibility standards for Federal Information Processing (FIP) equipment and software requires Chief Information Officer (CIO) approval
Compatibility of Federal Information Processing (FIP) equipment and software to the maximum extent possible is essential for efficient and effective utilization of FIP resources. The Chief Information Officer (CIO) is responsible for ensuring that FIP equipment and software meet FIP compatibility standards. Compatibility will be a primary consideration in acquisitions of FIP equipment and software. The CIO must approve any deviations from the FIP compatibility standards. Requests for authority to deviate must demonstrate overriding cost/benefit or operational reasons to justify the request.
Management and Control of Automated Data Processing (ADP) Property
To ensure an accurate and complete inventory is maintained, the Chief Information Officer (CIO) is the official responsible for ownership, management and control of all ADP property in the Service. Information Systems (IS) is also responsible for the accounting and recording of all ADP property in the Internal Revenue Service's (IRS) ADP inventory system. IS will conduct an annual inventory by September 30 of each fiscal year and the CIO will certify the accuracy and completeness of the inventory by October 31 of each fiscal year.
Organizations other than IS are not authorized to purchase, acquire, manage, move or maintain ADP property. ADP property is defined as any property that is part of the Information Technology (IT) infrastructure [hardware and software for ADP and Telecommunications (voice and data)] that is in use, in reserve storage, or is awaiting disposal. The Procurement Organization will continue to support the CIO in processing IT acquisition requests.
Implementation of this new policy will be effected during a transition period where IS will continue to require the business organizations' support. Until the transition is completed, business organizations should perform ADP property management duties and responsibilities under the guidance and direction of IS. The CIO, in consultation with the various business organizations, will determine the implementation dates for the phases of the transition period and has the authority to set the schedule for actions taken during these phases. The CIO will also determine when the transition period is complete and it is no longer necessary for the business organizations to perform ADP property management duties.
|New Number||Old Number||Title|
|2-90||1-144||Designing safeguards for computer systems|
|2-91||1-227||Management information needs are to be considered in designing or revising automated systems|
|2-92||1-228||Deviation from compatibility standards for Federal Information Processing (FIP) equipment and software requires Chief Information Officer (CIO) approval|
|2-93||1-229||Management and Control of Automated Data Processing (ADP) Property|