The Contractor shall support the development, execution and maintenance of a comprehensive department-wide VA Privacy Program. The Contractor shall support activities to ensure compliance with applicable privacy requirements; evaluate and monitor privacy policies, procedures and processes; and manage privacy risks. This includes the development, implementation and maintenance of a Department-wide Privacy Continuous Monitoring Strategy and Privacy Continuous Monitoring Program to ensure ongoing awareness of privacy risks and assessment of privacy controls. This also includes supporting the Privacy Program Management Office (PPMO) focused on ensuring the Department-wide VA Privacy Program delivers high quality and high value services and products to Veterans and other VA internal and external stakeholders through using Federal and industry standards and best practices in program and project management. Additionally, the Contractor shall support activities related to social security reduction efforts, privacy controls and Privacy Act activities.
The Contractor shall provide internal program support for VA Privacy Service staff in relation to privacy controls and overlays. These activities include:
- Monitoring policy and guidance changes affecting privacy controls and overlays to include the management of transitions between NIST guidance revisions. The Contractor shall document these changes in a Privacy Controls and Overlays Change Management Report to include recommendations on how to implement the new or revised requirements.
- Developing and maintaining Privacy Controls and Overlays Information within VA’s security control explorer to include drafting VA-specific control correlation identifiers (implementation guidance, supporting policies, responsibilities, inheritance, etc.). The Contractor shall coordinate the review and approval of the Privacy Controls and Overlays Information with the Office of Information Security (OIS) and VA Privacy Service leadership and incorporate all edits received, until approved. The Contractor shall also work with OIS and IT stakeholders to ensure all updates to the Privacy Controls and Overlays Information is posted to the security control explorer.
- Coordinating input from stakeholders in the development and preparation of the Processes, Plans and Procedures approved by the VA Privacy Service. The Processes, Plans and Procedures shall provide VA privacy controls and overlays stakeholders with tools and materials that are useful for day-to-day work activities demonstrating the knowledge, understanding, and skills to implement compliance with privacy control and overlays requirements. These Processes Plans and Procedures may include the drafting of business process maps, development of workflows, business process reengineering and analysis, operational and tactical plans, checklists and standard operating procedures. There are estimated to be approximately 10 Processes, Plans and Procedures in total and these documents are updated quarterly…