Privacy Impact Assessment (PIA) Summary
The United States Agency for International Development (USAID) is the lead U.S. Government agency that works to end extreme global poverty and enable resilient, democratic societies to realize their potential. The USAID mission states: We partner to end extreme poverty and promote resilient, democratic societies while advancing our security and prosperity.
USAID’s Partner Vetting System (PVS) is owned and operated by the Office of Security (SEC), Counterterrorism and Information Security Division (SEC/CTIS). This division is responsible for the following tasks:
- Developing policies and procedures for USAID regarding the screening of USAID’s implementing partners for terrorism ties;
- Managing the counterintelligence, classified national security information, and national industrial security programs;
- Overseeing the handling and storage of classified information; and
- Implementing an Agency inspection program for storage of classified national security information.
The mission of PVS is to ensure that no government dollars fall into the hands of terrorists, terrorist organizations, or individuals/groups who support terrorist activities. The data submitted by the partners is used to identify a specific individual so that a screening can be performed. Potential or current USAID implementing partners use PVS to submit information to USAID about their organizations, subcontractors, and an organization’s principals so that USAID can vet these groups.
PVS is a database that supports the vetting of directors, officers, or other employees of non‐governmental organizations who apply for USAID contracts, grants, cooperative agreements, or other funding and those who apply for registration with USAID as Private and Voluntary Organizations. The information collected from the individuals is specifically used to conduct screening to ensure that USAID funds and USAID‐funded activities are not purposefully or inadvertently used to provide support to entities or individuals deemed to be a risk to the national security of the United States of America. Specifically, PVS is used to uniquely identify an individual whose data is submitted into the system; it is not used to conduct an investigation in regard to a specific individual.
PVS is a USAID major application that is hosted within the USAID Intranet. There are approximately 90 users located in Tel Aviv, Israel, and USAID Washington (USAID/W). PVS currently does not support users external to the Agency. The application has an external‐facing website that is used by partner organizations to enter their data. The servers hosting the application conform to USAID standard policies. The only transactions that are conducted over the Internet are potential partners submit their data. The web interface is located in USAID’s DMZ and allows USAID partners to access a portion of the system to enter their data directly. All transactions performed by USAID personnel are carried out within the USAID network (AIDNET). This system is connected to AIDNET and is accessed by SEC and Mission users through a Web‐based interface.
Note that PVS is not a national security system and bears a FIPS‐199 risk level of “moderate.” None of the information types present in PVS are rated as “high.”