5.1.25 IDRS and Data Security for Collection

Manual Transmittal

August 02, 2019

Purpose

(1) This transmits a revised IRM Part 5.1.25, Field Collecting Procedures, IDRS and Data Security for Collection.

Material Changes

(1) Updated organizational name to Collection Automation Support & Security (CASS), from Collection Information Technology & Security, throughout.

(2) Removed all references to Liens throughout as they have been realigned to SB/SE Service Centers.

(3) IRM 5.1.25.1, Program Scope and Objectives: Changed title to conform with Internal Controls and replaces previous section title Overview.

(4) IRM 5.1.25.1.1, Background: Added subsection to conform with Internal Controls.

(5) IRM 5.1.25.1.2, Authority: Added subsection to conform with Internal Controls.

(6) IRM 5.1.25.1.3, Responsibilities: Added subsection to conform with Internal Controls.

(7) IRM 5.1.25.1.4, Program Management and Review: Added subsection to conform with Internal Controls.

(8) IRM 5.1.25.1.5, Program Controls: Added subsection to conform with Internal Controls.

(9) IRM 5.1.25.1.6, Terms/Acronyms: Added subsection to conform with Internal Controls.

(10) IRM 5.1.25.1.7, Related Resources: Added subsection to conform with Internal Controls.

(11) IRM 5.1.25.1(2), Program Scope and Objectives: Replaced Advisory with new organizational name of Civil Enforcement, Advice and Support Operations (CEASO).

(12) IRM 5.1.25.1(2), Program Scope and Objectives: Replaced Finance Research and Strategy with new organizational name of Business Development.

(13) IRM 5.1.25.1(2), Program Scope and Objectives: Replaced Servicewide Operations with new organizational name of Business Support.

(14) IRM 5.1.25.2, IDRS Security Personnel: Changed title to conform with Internal Controls, replacing previous section title Roles and Responsibilities.

(15) IRM 5.1.25.2.2, Annual Assurance Review Process - Federal Managers Financial Integrity Act (FMFIA): Deleted section in its entirety as the review no longer includes questions specific to IDRS security.

(16) IRM 5.1.25.2.2, Data Security Analyst (DSA): Subsection change, formerly 5.1.25.2.3.

(17) IRM 5.1.25.2.3, Alternate Data Security Analyst (DSA): Subsection change, formerly 5.1.25.2.4.

(18) IRM 5.1.25.2.4, Terminal Security Administrator (TSA): Subsection change, formerly 5.1.25.2.5.

(19) IRM 5.1.25.2.6, SB/SE Collection IDRS Data Security Manager: Subsection deleted as it was incorporated in to 5.1.25.1.4, Program Management and Review.

(20) IRM 5.1.25.2.2(2)h, Data Security Analyst (DSA): Removed Remittance Transaction Research (RTR) as the accesses are no longer subject to review and/or certification.

(21) IRM 5.1.25.3(1), IDRS User Support: Updated mailbox name to *SBSE CASS IDRS Security, formerly *SBSE CITS IDRS.

(22) IRM 5.1.25.4.1.3.2(3)a, Weekly Sensitive Access (Other/Spouse): Removed reference to Automated Lien System (ALS) as it is no longer applicable.

(23) IRM 5.1.25.4.1.3.2(10), Weekly Sensitive Access (Other/Spouse): Added a Note: If the DSA sets the Report Level Action to Follow-up Action Needed, they may select Current Certification Status as Remove Certification / Not Certifying.

(24) IRM 5.1.25.6, Security Audit and Analysis System (SAAS): Removed RTR as the accesses are no longer subject to review and/or certification.

(25) IRM 5.1.25.7(5), Form 11377/11377-E, Taxpayer Data Access: Replaced the section in entirety due to the implementation of the electronic Taxpayer Data Access Library repository.

(26) IRM Exhibit 5.1.1.25-1, Acronyms: Removed acronym ALS, Definition Automated Lien System as it is no longer applicable.

(27) IRM Exhibit 5.1.1.25-1, Acronyms: Removed acronym RTR, Remittance Transaction Research as the accesses are no longer subject to review and/or certification.

(28) IRM Exhibit 5.1.1.25-2, Common Command Codes SB/SE Collection Operations and Operations Support: Updated table titles to align with new organizational names.

(29) IRM Exhibit 5.1.1.25-2, Common Command Codes SB/SE Collection Operations and Operations Support: Updated tables by adding or deleting command codes as deemed appropriate for each organization.

(30) This IRM contains grammatical changes throughout.

Effect on Other Documents

This IRM supersedes IRM 5.1.25 dated August 24, 2016.

Audience

Small Business/Self-Employed, Collection Operations and SB/SE Operation Support Employees.

Effective Date

(08-02-2019)

Robert R. Richards
Director, Quality and Technical Support
Small Business/Self Employed

Program Scope and Objectives

  1. Purpose: This IRM section provides policies and guidance to carry out respective responsibilities regarding security of the Integrated Data Retrieval System (IDRS) and other applications, which contain taxpayer return and return information.

  2. Audience: This IRM is directed toward Small Business/Self Employed (SB/SE), Collection Operations Managers, Operation Support Managers and the IDRS Data Security group. The audience includes the following operations:

    • Collection Operations - Civil Enforcement, Advice and Support Operations

    • Field Collection

    • Headquarters Collection

    • Collection Operations - Planning and Performance Analysis

    • Specialty Collection - Insolvency

    • Specialty Collection - Offer in Compromise

    • Operation Support - Business Development

    • Operation Support - Business Support

    • Operation Support - SB/SE Human Capital

    • Operation Support - Technology Soultions

  3. Policy Owner: The Director, Collection Operations - Headquarters Collection - Quality and Technical Support is responsible for issuing policy.

  4. Program Owner: The program owner is the IDRS Data Security Group, under Collection Automation Support & Security, an organization within SB/SE – Quality and Technical Support.

  5. Primary Stakeholders: The primary stakeholders are SB/SE Collection Operations and Operations Support.

  6. Program Goals: The primary goal of this IRM is to provide procedural guidance, which will ensure a consistency with our work product. This includes the timely review and certification of security reports along with addressing user support inquiries, not detailed in another IRM.

Background

  1. IRM 5.1.25, IDRS and Data Security for Collection, further defines requirements found in IRM 10.8.1, Information Technology (IT) Security, Policy and Guidance and IRM 10.8.34, Information Technology (IT) Security, IDRS Security Controls. In the event of a discrepancy, information in Part 10 takes precedence.

  2. The IRM 10.8.34.3,1.3 , Information Technology (IT) Security IDRS Security Controls, Roles and Responsibilities, Manager, states the managers of IDRS users are responsible for day-to-day implementation and administration of IDRS security in their group. However, to relieve administrative burden on front line managers, SB/SE Collection Operations and Operations Support established dedicated Unit Security Representatives (USRs), known by their organizational title as Data Security Analysts (DSAs).

  3. DSAs are responsible for ensuring all aspects of Data Security are followed and coordinate with the group manager where issues may arise.

Authority

  1. The following three IRMs define overall IDRS security requirements.

    1. IRM 10.8.1, Information Technology (IT) Security, Policy and Guidance.

    2. IRM 10.8.2, Information Technology (IT) Security, IT Security Roles, and Responsibilities.

    3. IRM 10.8.34 , Information Technology (IT) Security, IDRS Security Controls.

  2. In the event of a discrepancy, information in Part 10 takes precedence over this IRM unless requirements within this IRM are more stringent.

Responsibilities

  1. The IDRS Data Security Group is assigned to the Collection Automation Support & Security (CASS) function. DSAs in Collection must perform security duties, which in other functions fall to managers of IDRS users. See IRM 1.1.16.2.3.3.2, Collection Automation Support & Security, for information on the role and mission of the CASS function.

  2. IRM 5.1.25.2, IDRS Security Personnel, further defines the Roles of the Group manager, DSA, Alternative DSA, and Terminal Security Administrator (TSA).

Program Management and Review

  1. SB/SE Collection IDRS Data Security Manager:

    1. monitors and reviews IDRS Online Reports Services (IORS) reports and Security Audit and Analysis System (SAAS) work products to ensure security reports are thoroughly reviewed and timely certified.

    2. collaborates with SB/SE Collection Operations and Operations Support and IT Cybersecurity personnel to address emerging issues.

  2. Chief, Collection Automation Support & Security conducts annual operational reviews following general guidelines in IRM 1.4.50 , Collection Group Manager, Territory Manager and Area Director Operational Aid.

Program Controls

  1. The IORS application will maintain a record of all certifications by the Primary Report Reviewer for each report requiring certification and for each IDRS unit under the Primary Report Reviewer's responsibility.

  2. Business organizations shall achieve at least a 90% certification rate for their security reports.

  3. Cybersecurity IDRS Security Analysts shall:

    1. Review IORS utility reports to determine whether IORS Primary Report Reviewers in their campus domain(s) are reviewing IDRS Security reports in a timely manner, certifying the reports, and taking the appropriate action, as needed.

    2. At least weekly provide business organizations in their campus domain(s) with a report of uncertified reports.

    3. Work with business organizations in their campus domain(s) to address IDRS security report certification related issues.

    4. Advise business organizations in their campus domain(s) of any units where a Primary Report Reviewer has not been designated.

  4. IDRS Security Program Management Office shall perform a compliance review of IDRS security report certifications at least once every six months to determine the certification rate and timely certification rate of business organizations.

Terms and Acronyms

  1. This IRM section contains the following terms:

    Term Definition
    Audit Trail A chronological record of transactions entered on IDRS or related applications.
    Campus A centralized Internal Revenue Service processing site.
    Certification Refers to the process by which an IDRS user’s sensitive accesses and security violations have been verified as appropriate or addressed.
    Command Codes A five-character terminal input on IDRS to extract a specific set of data or used to input an action.
    IDRS Integrated Data Retrieval System – a computer system with the capability to obtain or update information on taxpayer accounts.
    Timely In accordance with established due dates.
  2. A list of commonly used acronyms and their definitions may be found in IRM Exhibit 5.1.25-1.

  3. Additional acceptable acronyms and abbreviations are found in the ReferenceNet, which may be viewed at: http://rnet.web.irs.gov/Resources/Acronymdb.asp.

Related Resources

  1. IRM References:

    • IRM 2.3, IDRS Terminal Responses.

    • IRM 2.4, IDRS Terminal Input.

  2. Website References:

    • CFOL Express at: http://serp.enterprise.irs.gov/databases/job-aids/misc/cfol-express.pdf .

    • Collection Automation Support & Security (CASS) SharePoint site at: https://program.ds.irsnet.gov/sites/SbCHqCass/_layouts/15/start.aspx#/SitePages/Home.aspx.

    • Document 6209, IRS Processing Codes and Information at:http://serp.enterprise.irs.gov/databases/irm.dr/current/6209/6209.html.

    • IDRS Command Code Job Aid at: http://serp.enterprise.irs.gov/databases/irm-sup.dr/job_aid.dr/command-code.dr/idrs_command_codes_job_aid.htm.

    • IDRS Online Report Services (IORS) at: https://iors.web.irs.gov.

    • IDRS Unit and USR Database (IUUD) at: https://iors.web.irs.gov/HomeIUUD.aspx.

    • Taxpayer Data Access Library at: https://portal.ds.irsnet.gov/sites/PGLD11377/Assets/home.aspx.

IDRS Security Personnel

  1. This section provides supplemental roles and responsibilities for personnel who have IDRS security-related responsibilities. These roles are further defined in IRM 10.8.34.3, Roles and Responsibilities.

Managers of IDRS Users

  1. SB/SE Collection Operations and Operations Support Managers must:

    1. Coordinate with the DSA to ensure IDRS security is effectively implemented for the unit/group.

    2. Advise the DSA when a user is transferred in or out of the workgroup.

    3. Arrange periodic IDRS and Data Security awareness presentations for the workgroup. You may also contact your assigned DSA for a group presentation.

    4. Ensure the DSA is notified immediately when an IDRS user no longer requires system access.

    5. Respond within five business days to the DSA with findings related to questionable accesses and/or other security report inquiries.

  2. SB/SE Collection Operations and Operations Support Managers may:

    1. Request secondary permissions in IORS to view, add comments, and/or print their own unit reports.

    2. Be designated as an Alternate USR or Terminal Security Administrator.

    3. Designate a bargaining unit employee (e.g. Lead) to be an Alternate USR. However, a bargaining unit Alternate USR shall not review another employee’s IDRS actions.

    Note:

    This designation does not impact the roles and responsibilities of the DSA.

Data Security Analyst (DSA)

  1. The DSA:

    1. Is the IORS Primary Reviewer and the Primary USR and must be reflected as such on the IDRS Unit and USR Database (IUUD) for all Collection Operations and Operations Support IDRS units.

    2. Is assigned a range of IDRS unit numbers aligned with the SB/SE Collection Operations and Operations Support areas.

    3. Shall maintain an active IDRS profile on both the Enterprise Computing Center - Martinsburg (ECC-MTB) and Enterprise Computing Center - Memphis (ECC-MEM) to ensure unrestricted backup support.

    4. Shall be profiled with ALLOW permissions to support users on all SB/SE home campuses.

    5. Is responsible for the review and certification of IORS and Security Audit and Analysis System (SAAS) reports.

  2. The DSA must also perform the following unit and account administration related tasks:

    1. Support the program goals of IT Cybersecurity by providing assistance, analysis and recommendations for action to SB/SE Collection Operations and Operations Support management.

    2. Process requests to add and/or delete IDRS command codes for unit and/or individual user profiles.

    3. Request new IDRS command codes using Form 9937, IDRS Unit Request.

    4. Respond to user requests to unlock IDRS profiles and terminals.

    5. Support related functions, such as the IDRS Password Management Capability and the Integrated Automation Technologies (IAT) Toolbar.

    6. Maintain a centralized storage of Form 11377 and Form 11377-E, Taxpayer Data Access for each SB/SE Collection Operations and Operations Support area.

    7. Use IORS to monitor IDRS usage and security.

    8. Use Security Audit and Analysis System (SAAS) to monitor accesses to the Transcript Delivery System (TDS) and Modernized e-File Return Request & Display (MeF-RRD).

    9. Approve Online 5081 (OL5081) requests to add, delete or modify IDRS user profiles.

    10. Coordinate with other CASS functions to support reorganizations through the SB/SE Request for Organizational Change process.

    11. Submit updates to the IUUD to reflect current managerial contact information.

Alternative Data Security Analyst (DSA)

  1. At management’s discretion, a cadre of alternate DSAs must perform the functions of the primary DSA as a collateral duty. Additionally, they:

    1. Are non-bargaining unit employees.

    2. Maintain active profiles on the ECC-MTB and ECC-MEM.

    3. Are profiled with ALLOW permissions to support users on all SB/SE home campuses.

Terminal Security Administrator (TSA)

  1. A Terminal Security Administrator (TSA) is designated by area management to provide additional IDRS user support in unlocking IDRS user profiles and terminals only. They may be bargaining or non-bargaining employees.

IDRS User Support

  1. IDRS users or their managers are encouraged to submit all requests to a centralized mailbox at *SBSE CASS IDRS Security. The mailbox is generally staffed from 6:00 a.m. to 6:00 p.m. (Central) Monday through Friday.

  2. Routine requests submitted by e-mail are generally completed within thirty minutes of receipt, except where final approval is required by the Campus IDRS Security Analyst.

  3. Upon receipt of an e-mail request from an IDRS user or manager, the DSA is responsible for providing IDRS user support as follows:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    Exception:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. The actions requested below require the IDRS user or manager to submit an OL5081.

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡
    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    Note:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

IDRS Unit Profiles

  1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

IDRS Command Codes

  1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Requests for Common Command Codes
  1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Requests for Uncommon Command Codes
  1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
      1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

      2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

      3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

      4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

IDRS Online Reports Services (IORS)

  1. IORS is a web based application that makes IDRS security reports available online to IDRS security staffs and authorized business reviewers.

  2. The DSA is designated as the IORS Primary Reviewer for all Collection Operations and Operations Support IDRS units.

  3. Managers of IDRS users may be granted secondary permissions in IORS to view, add comments, and print IORS reports for their assigned unit.

Types of IORS Reports

  1. There are four weekly security reports available to authorized users for review and necessary actions.

    • Employee Count by Site/Unit

    • Master Register of Active IDRS Users

    • Security Violations

    • Sensitive Access (Other/Spouse)

  2. There are three monthly reports available to authorized users for review and necessary actions.

    • Automated IDRS Sign-Offs Due to User Inactivity

    • Monthly IDRS Security Profile Report

    • Password Management Activations

Weekly Security Reports - Review and Action (No Certification Required)
  1. The Employee Count by Site/Unit report lists the number of active users in each unit. The DSA must review this report and take action as warranted, such as deleting empty units that are no longer required to support the area footprint.

  2. The Master Register of Active IDRS Users report lists numerous fields of information for all active users in the unit. The DSA must incorporate the Master Register of Active IDRS Users report in their monthly security review activities.

Monthly Security Reports - Review and Action (No Certification Required)
  1. The Automated IDRS Sign-Offs Due to User Inactivity report lists those users whose IDRS sessions terminated after 120 minutes of inactivity. The DSA must take the following actions:

    1. Identify IDRS users with more than 15 automatic sign-offs in a month.

    2. Advise those users to sign-off IDRS when not in use to prevent an unauthorized access.

    3. Instruct users how to periodically refresh their IDRS session if IDRS is required on a continuous basis.

    Note:

    While this report is not certified independently, it is incorporated as an aspect of certifying the Monthly IDRS Security Profile Report.

  2. The Password Management Activations report lists the number of users in each unit who have activated this capability. Where a unit fails to reflect a 100% activation rate, the DSA must research IDRS to determine if Password Management has been activated since the report was generated.

    • If it has, no further action is warranted.

    • If it has not, the DSA must send an e-mail to the user with a copy to the group manager requesting the user to activate the Password Management Capability. The DSA must attach the instructions to assist the user with activation.

Security Reports Requiring Certification
  1. The DSA is required to review and certify the following security reports:

    • Weekly Security Violations Report

    • Weekly Sensitive Access (Other/Spouse)

    • Monthly IDRS Security Profile Report

Weekly Security Violations Report
  1. This report lists all security violations recorded by IDRS users, such as:

    • Password Mismatch

    • Name Mismatch

    • SINON Error (PWMGT)

    • Response Error (PWMGT)

    • Command Code Not in Profile

    • Locked Profile

  2. This report must be certified within 14 calendar days to be considered timely.

  3. The DSA is required to complete the research and take appropriate actions as follows:

    1. The report reflects a user with SINON violations.

      If ... Then ...
      The research shows a user has four or more violations with any combination of:
      • Password Mismatch

      • Name Mismatch

      • SINON Error (PWMGT)

      • Response Error (PWMGT)

      (1) Send an e-mail to the user, with a courtesy copy (cc:) to the manager to confirm the following:
      • The user committed these errors

      • The violations were not the result of an unauthorized attempt to access IDRS

      (2) Advise Treasury Inspector General for Tax Administration (TIGTA) of the user's response if the user does not agree they committed the violations.
    2. The report reflects a user with four or more Command Code Not in Profile violations. Research the user's profile to determine if the command code(s) were previously added.

      If ... Then ...
      Command Codes(s) were previously added No further action is required
      Command Code(s) were not previously added (1) Determine if the command code(s) is authorized for SB/SE Collection Operations and Operations Support function and position use (Refer to IRM 5.1.25.3.2, IDRS Command Codes).
      (2) If authorized, e-mail the user with a cc: to the manager stating:
      • The command code(s) accessed resulted in a security violation

      • If the command code is needed for their position, to obtain managerial approval to have the command code added to their profile.

        Note:

        If not needed or it was an input error, no further action is required.


      (3) If not authorized, e-mail the user, with a courtesy copy (cc:) to the manager, advising the command code is restricted and/or not allowed in SB/SE Collection Operations and Operations Support profiles.
    3. The report shows a user with a Locked Profile violation. Research the user's profile to determine the current status.

      Example:

      System Lock due to inactivity, Security Lock, or the employee initiated a Self-Lock.

      If ... Then ...
      The IDRS profile is unlocked No further action is required.
      A System Inactivity Lock exists Contact the manager to determine if account should be unlocked or remain locked.
      A Security Lock exists Contact the manager to request the current status of the user.
      A Self-Lock was initiated Review the dates the Self Lock was set and date the violation occurred. On a case-by-case basis, the DSA may contact the Manager to determine if the employee is out of the office for the period in question.
  4. The DSA must document IORS for every actionable event.

  5. In the comments area, the DSA must document all research, contacts made with the user or manager, and their conclusion.

  6. For each individual action taken, the DSA must select the appropriate action for the event from the drop down menu:

    • Review Completed - No Follow-up Needed

    • Review Completed - Follow-up Performed

    • Follow-up Action Required

    • Other (Comment Required)

  7. The DSA must address Report Level Actions, Report Level Comments and Current Certification Status, which apply to all displayed units.

    Report Level Items Actions
    Report Level Actions
    • Reviewed and Validated - No Follow-up Action Needed

    • Follow-up Action Needed

    • Follow-up Action Completed

    • Referred to AWSS or TIGTA

    • Other (Comment Required)

    Report Level Comments
    • The DSA must summarize actions taken to review the Weekly report.

    Current Certification Status
    • Report Certified

    • Remove Certification / Not Certifying

Weekly Sensitive Access (Other/Spouse)
  1. This report lists users who have attempted to or accessed other employees’ or the spouses/ex-spouse of other employees’ accounts.

  2. The DSA is required to review each unique Social Security Number (SSN) to ensure all accesses to other Internal Revenue Service (IRS) employees' and/or their spouses' accounts are business-related.

  3. Each access must be supported by one of the following indicators:

    Note:

    Justification may have been recorded on a prior IORS report

    1. Direct case assignment in SB/SE Collection inventory applications, such as the Integrated Collection System (ICS), Automated Insolvency System (AIS), or Automated Offers in Compromise (AOIC)

    2. Related case assignment on SB/SE Collection inventory applications

    3. Evidence of cross compliance checks

    4. Department of Justice or other official requests

    5. Confirmed input error supported by the identification of another assigned case with similar Taxpayer Identification Number (TIN), such as a transposition or formatting error

  4. The DSA is required to certify all accesses through collection case assignment by querying the SSN on SB/SE Collection inventory applications. When the accessing user is assigned the case or is another member of the same group the DSA shall certify the access.

    Note:

    The DSA must leave a history on ICS identifying the purpose of the access.

  5. This report must be certified within 14 calendar days to be considered timely.

  6. The DSA must take the actions shown in the following table if unable to certify the access.

    If ... Then ...
    No record is located on the inventory applications Research Forms 11377E on the Taxpayer Data Access Library.
    A document exists with sufficient explanation Certify the access.
    No document exists Research IDRS and/or other applications, such as Accounts Management Services (AMS) to locate a cross-reference TIN.
    A cross-reference TIN is located Research inventory applications to determine whether the related TIN controls case assignment.

    Note:

    The DSA must prepare Form 11377 or Form 11377-E for all IDRS accesses of employee/spouse accounts. Submit the form to the SB/SE Collection IDRS Data Security Manager.

  7. If the research performed above does not confirm or certify the access the DSA must e-mail the manager of the accessing user to validate the access. The DSA shall request a response within five business days and include in the e-mail:

    • Specific information to identify the user

    • The date and time stamp of the access

    • The account accessed

    • The command codes accessed

    • The DSA's research

    Based on the e-mail response, the DSA must take the actions in the following table:

    If ... Then ...
    The manager provides a valid reason for the access The DSA must conduct additional research to confirm a related case assignment.

    Example:

    If the response states the access is a cross compliance check to a business entity or a transposition error, the DSA must independently confirm the actual case assignment.

    Exception:

    Centralized Campus Operations receive recorded phone calls, which may be reviewed locally, for up to 30 days after the contact.

    The manager cannot provide a valid reason for the access The DSA must initiate Form 9936, Request for Audit Trail Extract, to view what actions were recorded before and after the access in question.

    Note:

    If a manager requires an IDRS audit trail for any reason not associated with a security report, they may request it through the DSA or by direct contact with IT Cybersecurity.

    The manager has not replied within five business days The DSA must send a copy of the initial e-mail to the territory manager with a cc: to the manager.
    The DSA does not receive a response within an additional five business days The DSA must notify the SB/SE Collection IDRS Data Security Manager.
    The DSA cannot certify an access through independent research, managerial response and/or reviewing audit trails The DSA must submit a referral to TIGTA for follow up in accordance with IRM 10.8.34.6.3.1.2.3.
  8. In the comments area on IORS, the DSA must clearly and concisely document all research conducted and actions taken in sufficient detail, including research results and any contacts with or information provided by the user or the manager. Comments must provide sufficient detail to enable any reviewer to determine how the DSA certified the access or why the DSA referred the access to TIGTA.

    Note:

    If a TIGTA referral is required, the DSA shall certify the report and subsequently record the complaint number upon receipt from TIGTA.

  9. For each unique SSN, the DSA must select the appropriate action for the event from the drop-down menu:

    • Review Completed - No Follow-up Needed

    • Review Completed - Follow-up Performed

    • Follow-up Action Required

    • Other (Comment Required)

  10. The DSA must address all Report Level Items, Report Level Comments and Current Certification Status, which apply to all displayed units as shown in IRM 5.1.25.4.1.3.1(7).

    Note:

    If the DSA sets the Report Level Action using “Follow-up Action Needed,” they may select the radio button “Remove Certification / Not Certifying.” However, the DSA must ensure the report is monitored through certification.

Monthly IDRS Security Profile Report

  1. The Monthly Security Profile Report provides a summary of various IDRS security aspects. Every unit must be reviewed for the following categories:

    • Locked Profiles

    • Automated Command Code Access Control

    • Sensitive Command Code Combinations

    • Security Command Code Usage

    • Master Register of Active IDRS Users

    • Command Code Activity

  2. This report must be certified within 28 calendar days to be considered timely.

Locked Profiles

  1. The DSA must review locked IDRS profiles of 28 days or more due to inactivity. Research IDRS to determine if the user has been deleted from IDRS or if the profile is still locked.

    1. If the user profile has since been unlocked or deleted, no further action is required.

    2. If the user profile is still locked, the DSA must send an e-mail to the manager to determine if the user still requires IDRS access.

  2. Based on the manager's response, the DSA must perform the following actions:

    1. If the manager confirms the user requires IDRS access, the user shall be unlocked upon request.

    2. If the manager determines the user no longer requires IDRS access, the DSA must delete the user from IDRS. OL5081 shall update overnight, removing IDRS as an active application.

Automated Command Code Access Control

  1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    Note:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    Exception:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Sensitive Command Code Combinations

  1. SB/SE Collection Operations and Operations Support IDRS units may contain sensitive command code combinations, which require increased oversight. See IRM Exhibit 10.8.34-6, Sensitive Command Code Combinations, for the list of codes.

  2. The DSA must ensure the UCCP does not contain any sensitive command code combinations.

  3. The DSA shall send the Sensitive Command Code Combination reports to the manager for monitoring.

Security Command Code Usage

  1. The DSA must query their units to identify the use of security command codes to ensure they are apprised of all users approved by local management to function as Alternate USRs or TSAs.

  2. If security command codes have not been used for over six months, contact the user's manager to confirm the user's security role. Based on the manager's response, perform the following actions:

    1. If the manager concurs with the user's continued security role, no further action is required.

    2. If the manager determines the user no longer requires security command codes, direct the manager to initiate an OL5081 Modify User Profile request to delete the user's security command codes.

    Exception:

    The Centralized Campus Operations may be exempt as each Manager and/or Lead typically has access to their own unit and/or may be second shift when no other coverage is available.

Master Register of Active IDRS Users

  1. The Master Register lists active IDRS users in the unit.

  2. The DSA shall validate each workgroup’s Master Register in any way they deem appropriate to identify discrepancies.

  3. The DSA is responsible for taking any corrective actions necessary, such as: moving the user to another unit, updating the user’s phone number in IDRS and confirming approved pseudonym names are reflected in IDRS.

Command Code Activity

  1. The DSA must review Unit and Individual command code usage to determine:

    1. If the MPAF command codes are appropriate for the work performed by the users in the unit.

    2. Whether UCCP command codes are used by at least 90 percent of IDRS users in the unit. The UCCP must not contain any sensitive command codes unless 100 percent of the employees in the unit need the command code to do their work.

  2. The DSA must review the profile of each IDRS user to identify any unauthorized command codes. See Exhibit 5.1.25-2 for a list of command MPAF production command codes approved for use by SB/SE Collection Operations and Operations Support.

  3. Based on results of the Unit and Individual command code review, take the following action, if appropriate:

    1. Request the IDRS Security Account Administrator modify or delete the command codes that are not authorized, used or no longer needed in the MPAF or UCCP.

    2. Review users with command code REPTS in their profile, especially users in IORS specific units, to determine if IORS access is still needed.

      Exception:

      The Centralized Campus Operations may be exempt as each Manager typically has access to their own unit and are required to periodically access and review their own report.

    3. Report questionable patterns of command code activities to the group manager.

IORS Documentation

  1. The DSA shall only enter comments at the Report Level Items, as the Monthly Security Profile Report is certified in its entirety.

  2. The DSA must summarize actions taken to address each security aspect. The monthly review may include the entire area or a specific unit range.

  3. The DSA must address all Report Level Items, Report Level Comments and Current Certification Status which apply to all displayed units as shown in IRM 5.1.25.4.1.3.1(7).

Security Audit and Analysis System (SAAS)

  1. Audit trails for modernized applications are stored in the SAAS.

  2. In compliance with each application's audit plan, business units are responsible for reviewing SAAS audit trails and certifying accesses to taxpayer data.

  3. The IDRS Data Security Group currently monitors the audit trail extracts for access to TDS and MeF-RRD. Security reviews in SAAS may be expanded at any time to include additional applications.

  4. For each application there is a General Access and Access to Employee report. The General Access report is subject to a sample review and certification. The business unit determines the sample percentage, which is subject to change. The Access to Employee report is subject to 100% review and certification.

  5. The DSA must generally certify sample reports within 14 calendar days of receipt. Management may approve longer certification dates, as appropriate.

  6. The DSA must follow the established certification procedures by attempting to confirm case/related case assignment in SB/SE Collection Operations and Operations Support inventory applications. If case assignment is not independently confirmed, the DSA must contact the group manager to justify the access.

  7. If the DSA is unable to certify an access through independent research or managerial response, the DSA must submit a referral to TIGTA for follow-up in accordance with IRM 10.8.34.6.3.1.2.3.

  8. Unlike IORS, SAAS does not have the capability to capture review comments. The review notes documented by the DSA are maintained by the SB/SE Collection IDRS Data Security Manager for 90 days. Certification results are submitted to IT Cybersecurity as directed.

Form 11377/11377-E, Taxpayer Data Access

  1. The purpose of Form 11377 or Form 11377-E, Taxpayer Data Access, is to provide employees with a method to document accesses to taxpayer return information, when the accesses:

    1. Are not supported by direct case assignments

    2. Are performed in error

    3. May raise suspicion

  2. Use of Form 11377 or Form 11377-E is voluntary.

  3. If the employee completes the Form 11377 or Form 11377-E , the manager must forward the IRS copy to the designated Head of Office Designee (HOD) by close of business or as soon as possible. In SB/SE Collection Operations and Operations Support, the HOD is the assigned area DSA.

  4. Copies of Form 11377 or Form 11377-E containing taxpayer data, may not be retained by the employee, the manager, or in any location other than with the IDRS Data Security Staff.

  5. The DSA will upload the Form 11377 or Form 11377-E, along with any attachments to the Taxpayer Data Access Library. HODs must upload Forms 11377/11377-E within five business days of receipt. Files are retained for six years from the date they are uploaded. The naming convention is SEID-MMDDYYYY-##.

    • SEID is the accessing employee

    • MMDDYYYY is the date of the access, even if the form is completed later. Use leading “0”s and no hyphens. For example, January 1st 2019 will be 01012019

    • ## is the number of forms submitted on the same day for the same accessing employee; i.e. use 01 if it is the first submission and, 02 if it is the second submission, etc.

  6. The DSA must respond promptly to requests from Labor Relations or TIGTA and provide copies of any Form 11377 or Form 11377-E needed for an ongoing UNAX investigation.

Acronyms

Following is a list of acronyms used throughout this IRM.

Acronym Definition
AIS Automated Insolvency System
AMS Accounts Management Services
AOIC Automated Offers In Compromise
CASS Collection Automation Support & Security
CFOL Corporate Files on-Line
DSA Data Security Analyst
ECC-MEM Enterprise Computing Center - Memphis
ECC-MTB Enterprise Computing Center - Martinsburg
IAT Integrated Automation Technologies
ICS Integrated Collection System
IDRS Integrated Data Retrieval System
IORS IDRS Online Reports Services
IT Information Technology
IUUD IDRS Unit and USR Database
Mef-RRD Modernized e-File Return Request and Display
MPAF Maximum Profile Authorization File
OL5081 Online 5081
PAR Personnel Action Request
SAAS Security Audit and Analysis System
SSN Social Security Number
TIGTA Treasury Inspector General for Tax Administration
TDS Transcript Delivery System
TIN Taxpayer Identification Number
TSA Terminal Security Administrator
TSID Terminal Security Identification
UCCP Unit Command Code Profile
UNAX Unauthorized Access
USR Unit Security Representative

Common Command Codes - SB/SE Collection Operations and Operations Support

The following tables list the common command codes approved for use by SB/SE Collection Operations and Operations Support employees.

Note:

Some command codes are marked as Sensitive in the IDRS Command Code Table or have a Sensitive Connotation and may only be placed in the Limited MPAF.

≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡    
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡      
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡        
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡  
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡  
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡