Privacy Act of 1974; System of Records, 1007-1010 [2022-00087]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 87, Number 5 (Friday, January 7, 2022)]
[Notices]
[Pages 1007-1010]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-00087]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Office of Small & Disadvantaged Business Utilization (OSDBU), 
Department of Veterans Affairs (VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The purpose of this modified system of record is to combine 
SORN 132VAOSDBU with this SORN, 181VAOSDBU, to reflect the merging of 
the system interfaces. The combined system's purpose is fourfold: To 
gather and maintain information on small businesses owned and 
controlled by Veterans, including service-disabled Veterans; provide VA 
personnel with access to resources that allow them to perform market 
research upon Veteran Owned Small Businesses (VOSBs) and Service-
Disabled Veteran Owned Small Businesses (SDVOSBs); provide a platform 
for registration and announcement of Direct Access Program (DAP) 
events; and allow Federal, State, and local government personnel and 
the general public, including private sector companies and corporate 
entities, the ability to locate potential Veteran entrepreneur 
resources through searches of the Vendor Information Pages (VIP). This 
combined system provides the mechanism that enables Veteran owned 
businesses to compete effectively for Federal contracts. It also 
provides the Office of Small & Disadvantaged Business Utilization 
(OSDBU) with the data and reports needed to manage their 
responsibilities under the Veterans Entrepreneurship and Small Business 
Development Act of 1999, as amended. VA personnel may utilize the VIP 
database to counsel and assist Veteran entrepreneurs in starting a 
small business or expanding an existing small business.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Ave. NW, (005R1A), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to Center for Verification and Evaluation (CVE) VA VetBiz 
Vendor Information Pages (VIP) (181VAOSDBU). Comments received will be 
available at regulations.gov for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT: For general questions about the system 
contact Renetta Bradford at Office of Small & Disadvantaged Business 
Utilization at 810 I Street NW, Washington, DC 20420, 
[email protected] and (202) 461-4600.

SUPPLEMENTARY INFORMATION: OSDBU provides numerous services for 
Veterans and service-disabled Veterans who seek to open or expand a 
business. The OSDBU staff coordinates the tasks required of the U.S. 
Department of Veterans Affairs by several Federal laws, including:
     Public Law 108-183 (December 2003), the Veterans Benefits 
Act of 2003, Sections 301, 305, 308.
     Public Law 106-554 (December 2000), Sections 803 and 808.
     Public Law 106-50 (August 1999), the Veterans 
Entrepreneurship and Small Business Development Act of 1999.
     Public Law 105-135 (December 1997), Title VII, Service-
Disabled Veterans Program.
     Public Law 93-237 (January 1974), ``Special Consideration 
for Veterans''.
    Public Law 106-50, Section 302, Entrepreneurial Assistance, 
subsection (5) requires VA to support the ``establishment of an 
information clearinghouse to collect and distribute information, 
including electronic means, on the assistance programs of Federal, 
state, and local governments, and of the private sector, including 
information on office locations, key personnel, telephone numbers, 
mailing and email addresses, and contracting and sub-contracting 
opportunities.''
    The parts of the Veterans Benefits Act of 2003 (Pub. L. 108-183) 
that pertain to Veteran entrepreneurship are contained in Title III--
Education Benefits, Employment Provisions, and Related Matters. They 
are as follows:
     Section 301--Expands the Montgomery GI Bill program by 
authorizing educational assistance for on-job training in certain self-
employment training programs.
     Section 305--Authorizes the use of VA education benefits 
to pay for nondegree/non-credit entrepreneurship courses at approved 
institutions:
    [cir] Small Business Development Centers, and
    [cir] National Veterans Business Development Corporation (also 
known as Veterans Corporation).
     Section 308--Furnishes Federal agencies discretionary 
authority to:
    [cir] Restrict certain contracts to disabled Veteran-owned small 
businesses if at least two such concerns are qualified to bid on the 
contract, and
    [cir] Create ``sole-source'' contracts for disabled Veteran-owned 
small businesses--up to $5 million for manufacturing contract awards 
and up to $3 million for nonmanufacturing contract awards.
    A Web-based application allows Governmental and support sector 
organizations to ``register'' their services. This clearinghouse 
enables any user to search for business support services at the 
Federal, State, and local government levels and private providers in 
their respective category of business development, management, 
financial, technical or procurement assistance.
    The site allows support organizations to update their business 
information and give the Department the ability to upload data from 
other sources to populate the proposed database. Contact information is 
kept as well as a means to extract this information to satisfy the 
Department's need to send out information.
    The Center for Verification and Evaluation (CVE) operates and 
maintains the Department of Veterans Affairs (VA), CVE VetBiz Vendor 
Information Pages (VIP)--VA. This system enables VA to maintain and 
access an automated database containing the information on Veteran 
owned businesses resources set forth in the law (section 302, paragraph 
(5) and section 604, paragraph (b)). Because some information may be 
retrieved by the name or other personal identifiers of individuals 
acting in an entrepreneurial capacity, such as a sole proprietor of a 
small business, VA is using this system of records.
    The information in this system is maintained in electronic form. 
The information in these records are available to government agencies, 
companies, and the general public via the internet.
    The solution uses a combination of commercial off-the-shelf 
software (COTS) and cloud-based applications. These COTS and Cloud 
products

[[Page 1008]]

leverage market-tested products that are currently listed as enterprise 
solutions in the VA environment and comply with the VA's technology 
standards for enterprise-class software.
    The VetBiz/VIP solution provides an internet-facing portal for 
submitting data and tracking the progress of the verification team as 
well as an integrated customer relationship management (CRM) system 
with strong document management, collaboration, notification, and 
reporting functionality in alignment with the security requirements 
dictated by the collection, capture, and distribution of sensitive 
material.
    This SORN has been modified to include information collected by 
Event Management Scheduling System (EMSS), include data elements 
stored, changes in Routine Uses, as required, by Office of Management 
and Budget (OMB), and combining SORN 132VAOSDBU VETBIZ APP into this 
SORN.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Neil C. 
Evans, M.D., Chief Officer, Connected Care, Performing the Delegable 
Duties of the Assistant Secretary for Information and Technology and 
Chief Information Officer, approved this document on November 28, 2021 
for publication.

    Dated: January 4, 2022.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME AND NUMBER:
    Center for Verification and Evaluation (CVE) VA VetBiz Vendor 
Information Pages (VIP)--VA (181VAOSDBU).

SECURITY CLASSIFICATION:
    Information in this SORN is not classified information.

SYSTEM LOCATION:
    The system is hosted on the Veterans Affairs (VA) Enterprise Cloud 
(EC), Microsoft Azure Government (MAG). The VA EC MAG is in Azure 
Government Region 1 and Region 2, or Region 3, and is designed to allow 
U.S. government agencies, contractors and customers to move sensitive 
workloads into the cloud for addressing specific regulatory and 
compliance requirements.

SYSTEM MANAGER(S):
    Renetta Bradford, Information Technology Systems Integration (ITSI) 
Program Manager, Department of Veterans Affairs (VA), Office of Small & 
Disadvantaged Business Utilization (OSDBU), 810 Vermont Ave. NW, Room 
1064, Washington, DC 20420. [email protected], 
[email protected], and (202) 461-4600.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 8127 and Public Law 106-50, as amended.

PURPOSE(S) OF THE SYSTEM:
    1. Gather and maintain information on small businesses owned and 
controlled by Veterans, including service-disabled Veterans.
    2. Provide VA personnel with access to resources that allow them to 
perform market research upon Veteran Owned Small Businesses (VOSBs) and 
Service-Disabled Veteran Owned Small Businesses (SDVOSBs).
    3. Provide a platform for registration and announcement of Direct 
Access Program (DAP) events.
    4. Allow Federal, State, and local government personnel and the 
general public, including private sector companies and corporate 
entities, the ability to locate potential Veteran entrepreneur 
resources through searches of the Vendor Information Pages (VIP).
    5. VA personnel may utilize the VIP database to counsel and assist 
Veteran entrepreneurs in starting a small business or expanding an 
existing small business.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system of records will cover Veteran entrepreneurs who have 
applied to have their small businesses included in the VIP database, 
and, if deceased, their surviving spouses, that wish to be a part of 
the information clearinghouse. Programs of Federal, State, and local 
governments, and private sector organizations and companies offering 
business or business assistance services to Veteran businesses will be 
accessing the information to improve Veteran business opportunities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records will contain data on Veteran-owned companies who have 
contacted the Center for Verification and Evaluation or have been 
extracted from e-government databases to which the companies have 
voluntarily submitted the data as a part of the marketing efforts to 
the federal government. The records may include: Access Roles, AD 
Domain, Address, Address City, Address Country, Address Postal Code, 
Address State, agency Contract. Are you currently doing business or 
have a contract with the VA? (Yes/No), Assurance Level, Authentication 
Authority, Authentication Method, Authentication Time, Authorization 
Data (DS Logon only), Award Rating, BIRLS Disability Rating, BIRLS File 
Number, Business Email, Business Name, Business Type, category 
Contract, CCR_Registration Number, Cell Phone, Certifications, City, 
Common Name, Company Address, Company City, Company Country, Company 
Name, Company Phone, Company State/Province, Company website URL, 
Company Zip, company Certification, company Contact, Core Competency/
Strength, Corporate Participant ID, Credential Service Identifier, 
Credential Service Provider (CSP) Traits Only Indicator, CSP Object, 
Current Password, CVE Verification Expiration Date, Data Universal 
Numbering System DUNS[supreg], Date of Birth (DOB), Defense Contract 
Audit Agency number (optional), Discharge Type, Do you have a Defense 
Contract Audit Agency Compliant Account, DoD Electronic Data 
Interchange Personal Identifier (EDIPI), DoD Sponsor ED IPI, Duty 
Location, EIN, Email, Environment Identifier, Excluded Parties Flag, 
extent Contract, Fax Number, fedbizopps, Federal Supply Contracting 
Vehicle, Fedmine Module, FirstName, Gender, Government Category, GSA 
Contract, GSA Schedule Contract, Hash, Have you had a contract with the 
VA in the last 5 years? (Yes/No), Header Version, Highest Level of 
Personal Security Clearance, Home city, Home State, Home street 
address, Home Zip Code, IAM Role One, IAM Role Three, IAM Role Two, IAM 
Service Down Indicator, IDV Contract, Industry, Integration Control 
Number (ICN), Issue Modified, Issue instant, Last Name, Level of 
Assurance, Mailing Address, MHV identifier (IEN), Middle Name, Middle 
Name, Initial, NAICS, NAICS Contract, Name, Office, office Contract, 
Owner Name, Person ID (PID), Personal Email Address, Personal Fax 
Number, Personal Mailing Address, Personal Phone Number(s), Phone 
Number, Position, Prefix, pricing Contract, Product Service Code, 
Profile Photographs, Proofing authority, PSC, PSC Contract, 
Registration Email, Salutation, samAccountName, SDVOSB_Flag, Security 
ID (SecID),

[[Page 1009]]

Session Scope, socio Contract, Socio-Economic Category, Sponsor 
Electronic Data Interchange Personal Identifier, SSOi Landing URL, SSOi 
Logged Out URL, State, States in which you do Business, subaward Agency 
Contract, subaward Duns Contract, subaward NAICS Contract, subaward POP 
Contract, Subject Organization, Subject Organization ID, Subject Role, 
Suffix, System for Award Management (SAM) Unique Entity Identifier 
(UEI), System Permissions, Tax Identification Number, Transaction ID, 
type Of Set Aside Contract, UPN, User Hash, User ID, VAUID, Veteran ID/
Service Number, Veteran Status, VISN, Vista Id, VOSB, Flag, Year 
Business was established, and Zip Code.

RECORD SOURCE CATEGORIES:
    The information in this system of records is obtained from the 
following sources:
    a. Information voluntarily submitted by the business;
    b. Information gathered from official VA data sources such as 
Identity Access Management (IAM), Master Personnel Index (MPI), and 
Beneficiary Identification Records Locater Subsystem (BIRLS);
    c. Public information extracted from other business databases, 
System for Award Management (SAM), and Dun and Bradstreet (D&B).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress
    VA may disclose information to a Member of Congress or staff acting 
upon the Member's behalf when the Member or staff requests the 
information on behalf of, and at the request of, the individual who is 
the subject of the record.
    2. Data Breach Response and Remediation, for VA
    VA may disclose information from this system to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), and the Federal Government, or 
national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with VA's efforts to respond to the suspected or confirmed breach or to 
prevent, minimize, or remedy such harm.
    3. Data Breach Response and Remediation, for Another Federal Agency
    VA may disclose information to another Federal agency or Federal 
entity, when VA determines that the information is reasonably necessary 
to assist the recipient agency or entity in (1) responding to a 
suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    4. Law Enforcement
    VA may disclose information that, either alone or in conjunction 
with other information, indicates a violation or potential violation of 
law, whether civil, criminal, or regulatory in nature, to a Federal, 
state, local, territorial, tribal, or foreign law enforcement authority 
or other appropriate entity charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing such law. The disclosure of the names and addresses of 
Veterans and their dependents from VA records under this routine use 
must also comply with the provisions of 38 U.S.C. 5701.
    5. DoJ for Litigation or Administrative Proceeding
    VA may disclose information to the Department of Justice (DoJ), or 
in a proceeding before a court, adjudicative body, or other 
administrative body before which VA is authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components,

    is a party to such proceedings or has an interest in such 
proceedings, and VA determines that use of such records is relevant and 
necessary to the proceedings.

    6. Contractors
    VA may disclose information to contractors, grantees, experts, 
consultants, students, and others performing or working on a contract, 
service, grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. OPM
    VA may disclose information to the Office of Personnel Management 
(OPM) in connection with the application or effect of civil service 
laws, rules, regulations, or OPM guidelines in particular situations.
    8. EEOC
    VA may disclose information to the Equal Employment Opportunity 
Commission (EEOC) in connection with investigations of alleged or 
possible discriminatory practices, examination of Federal affirmative 
employment programs, or other functions of the Commission as authorized 
by law.
    9. FLRA
    VA may disclose information to the Federal Labor Relations 
Authority (FLRA) in connection with: The investigation and resolution 
of allegations of unfair labor practices, the resolution of exceptions 
to arbitration awards when a question of material fact is raised; 
matters before the Federal Service Impasses Panel; and the 
investigation of representation petitions and the conduct or 
supervision of representation elections.
    10. MSPB
    VA may disclose information to the Merit Systems Protection Board 
(MSPB) and the Office of the Special Counsel in connection with 
appeals, special studies of the civil service and other merit systems, 
review of rules and regulations, investigation of alleged or possible 
prohibited personnel practices, and such other functions promulgated in 
5 U.S.C. 1205 and 1206, or as authorized by law.
    11. NARA
    VA may disclose information to NARA in records management 
inspections conducted under 44 U.S.C. 2904 and 2906, or other functions 
authorized by laws and policies governing NARA operations and VA 
records management responsibilities.
    12. Federal Agencies, for Research
    VA may disclose information to a Federal agency for the purpose of 
conducting research and data analysis to perform a statutory purpose of 
that Federal agency upon the prior written request of that agency.
    13. Federal Agencies, for Computer Matches
    VA may disclose information from this system to other federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of Veterans receiving VA 
benefits or medical care under Title 38, U.S.C.
    14. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings
    VA may disclose information to another federal agency, court, or 
party in litigation before a court or in an administrative proceeding 
conducted by

[[Page 1010]]

a Federal agency, when the government is a party to the judicial or 
administrative proceeding.
    15. Governmental Agencies, for VA Hiring, Security Clearance, 
Contract, License, Grant
    VA may disclose information to a Federal, state, local, or other 
governmental agency maintaining civil or criminal violation records, or 
other pertinent information, such as employment history, background 
investigations, or personal or educational background, to obtain 
information relevant to VA's hiring, transfer, or retention of an 
employee, issuance of a security clearance, letting of a contract, or 
issuance of a license, grant, or other benefit. The disclosure of the 
names and addresses of Veterans and their dependents from VA records 
under this routine use must also comply with the provisions of 38 
U.S.C. 5701.
    16. State or Local Agencies, for Employment
    VA may disclose information to a state, local, or other 
governmental agency, upon its official request, as relevant and 
necessary to that agency's decision on the hiring, transfer, or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit by that agency. The disclosure of the names and addresses of 
Veterans and their dependents from VA records under this routine use 
must also comply with the provisions of 38 U.S.C. 5701.
    16. SSA, HHS, for SSN Validation
    VA may disclose information to the Social Security Administration 
and the Department of Health and Human Services for the purpose of 
conducting computer matches to obtain information to validate the 
social security numbers maintained in VA records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The VetBiz VIP will be stored in a computerized database. The 
system will operate on servers, located on the VA EC MAG, Region 1 and 
Region 2, or Region 3. Data backups will reside on appropriate media, 
according to normal system backup plans for VA Enterprise Operations. 
The system will be managed by VA OSDBU, in VA Headquarters, Washington, 
DC.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Automated records may be retrieved by:
    1. Organization Name.
    2. Contact Name.
    3. Email Address.
    4. Web Address.
    5. Area Code and Phone Number.
    6. Zip Code.
    7. County Code (NaCO).
    8. State(s).
    9. Type of Organization: Government (Federal; State; County; 
Municipal; Other); Nongovernmental Organization; Commercial.
    10. Type of Assistance: (Paperwork packaging; grants/loans; 
procurement assistance; management/technical assistance; mentoring/
incubator; contract opportunities; other).
    11. Service Area Limits (if any).
    12. Service limited to Veterans.
    13. Fees.
    14. Organization Funding Limits: (None; term--funding expires on a 
specific date).
    15. Year Established.
    16. Full-time/part-time.
    17. Days and Hours of Service.
    18. Other Professional Staff Available.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records will be maintained and disposed of, in accordance with the 
records disposal authority approved by the Archivist of the United 
States, the National Archives and Records Administration, and published 
in Agency Records Control Schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Read access to the system is via internet access, while VA staff, 
and contractor personnel will have access to the system, via VA 
Intranet and local connections, for operations, management and 
maintenance purposes and tasks. Access to the Intranet portion of the 
system is via VA PIV authentication and role-based access control, at 
officially approved access points. Veteran-owned small businesses will 
establish and maintain user-ids and passwords for accessing their 
corporate information under system control using VA's DS Logon or ID.me 
through Access VA. Policy regarding issuance of user-ids and passwords 
is formulated in VA by the Office of Information and Technology, 
Washington, DC. Security for data in the VetBiz database complies with 
applicable statutes, regulations and government-wide and VA policies. 
The system is configured so that access to the public data elements in 
the database does not lead to access to the non-public data elements, 
such as Veteran social security number.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records about themselves, contained 
in this system of records, may access the records via the internet, or 
submit a written request to the system manager.

CONTESTING RECORD PROCEDURES:
    An individual who wishes to contest records maintained under his or 
her name or other personal identifier may write or call the system 
manager. VA's rules for accessing records and contesting contents and 
appealing initial agency determinations are published in regulations 
set forth in the Code of Federal Regulations. See 38 CFR 1.577, 1.578.

NOTIFICATION PROCEDURES:
    Individuals wishing to inquire, whether this system of records 
contains information about themselves, should contact the Deputy 
Director, IT Systems Integration (OSDBU), 810 Vermont Ave. NW, 
Washington, DC 20420.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    There are no exemptions for the system.

HISTORY:
    The previous SORN only applied to Vendor Information Pages that 
involved collecting Veteran Owned business information. It was 
published as 85 FR 22798. Publication date was 04/23/2020.
    VAF 29-0877, VETBIZ VENDOR INFORMATION PAGES VERIFICATION PROGRAM, 
OMB Control No. 2900-0675, Expiration Date: 03/31/2021 and VA VetBiz 
Assistance Program Pages--VA (132VA00VE), published as 69 FR 62936, 10/
28/2004, was the last full publication of OSDBU's SORN 132VA00VE which 
provided updated information regarding OSDBU's records.

[FR Doc. 2022-00087 Filed 1-6-22; 8:45 am]
BILLING CODE P