CDC Home

Project Management Newsletter

CDC Unified Process - Process Guides

Newsletter Archive
Click Here to Subscribe

Volume 2 | Issue 11 | November 2008

Daniel Vitek, MBA, PMP

CDC projects are required to comply with various CDC and Federal regulations, mandates, policies, processes, and standards. Information about these requirements is available from various sources, websites, and supporting documents. However, this information is often not presented from the perspective of the project team and their roles & responsibilities in complying with these requirements. CDC Unified Process (UP) Process Guides provide that perspective.

CDC UP Process Guides help project teams comply with CDC and Federal requirements by:

  • Setting the requirements in the context of their purpose
  • Providing step-by-step instructions for completing the activities required for compliance
  • Illustrating potential integration points between processes
  • Presenting requirements in a concise, easy-to-understand, and consistent format
  • Making that presentation accessible to the CDC community via the CDC Unified Process website

The specific processes a CDC project team must complete for compliance vary from project-to-project based on a number of characteristics. The CDC UP has developed a quick project assessment questionnaire to assist project teams in identifying which processes are required for compliance. This assessment questionnaire is located on the CDC UP website at:

The Process Guide topics listed below are available on the CDC UP website and describe each compliance-related process as it applies to project teams, and outlines the steps required for project teams to complete the process. CDC UP Process Guides include:

  • Certification & Accreditation
  • Classified Information
  • Contracts Procurement
  • Capital Planning and Investment Control
  • Enterprise Architecture
  • MASO Records Control Schedule
  • Operations Designated Server Sites
  • Operations Mid Tier Data Center
  • Privacy Impact Assessment
  • Procurements Overview
  • Secure Data Network Application
  • Secure Data Network Digital Certificate
  • Secure Data Network File Transfer
  • Secure Data Network Overview
  • Section 508
  • Simplified Acquisitions
  • Task Order

During the September 2008 CDC Project Management Community of Practice (PMCoP) meeting, three speakers presented two topics that CDC UP Process Guides summarize. Below is a brief synopsis of these two topics.

Privacy Impact Assessment (PIA)
PIA is a methodology that provides information technology (IT) security professionals with a process for assessing whether appropriate privacy policies, procedures, and business practices – as well as applicable administrative, technical, and physical security controls – have been implemented to ensure compliance with Federal privacy regulations. Related Federal statues and memoranda include:

  • Privacy Act of 1974
  • E-Government Act of 2002
  • Clinger Cohen Act of 1996
  • Health Insurance Portability and Accountability Act of 1996
  • Paperwork Reduction Act of 1995
  • Office of Management and Budget Circular A-130, A-11; memorandum 01-05, 03-22, 05-08, 06-16, and 06-20

PIA is part of the certification and accreditation process (C&A). The purpose of a PIA is to identify which systems contain Information in Identifiable Form (IIF) and which do not. For those systems that do contain IIF, the PIA serves as a platform to:

  • Ensure that information handling conforms to applicable legal, regulatory, and policy requirements regarding privacy
  • Determine the risks and effects of collecting, maintaining, and disseminating IIF in electronic information systems
  • Examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks

IIF is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means except in the case of business contact information. Some IIF categories include name, date of birth, social security number, phone number, mailing address, mother’s maiden name, vehicle identifiers, medical records, email, etc.

Records Management
Federal records are documentary material created and received in the course of the conduct of Federal business regardless of format, which documents agency policies, functions, decisions, procedures, operations or other activities of the government or because of the information value of the data in them, regardless of format. Some examples of Federal records include posters developed with Federal funds, memos containing official CDC policies, published study results, etc.

Basic Federal records management requirements include:

  • Creating records which document substantive actions, decisions, policies, and programs
  • Creating adequate and proper documentation
  • Maintaining and preserving Federal records
  • Maintaining Federal records which protect the rights and interests of the Federal government and the public which it serves
  • Promoting efficient and economical management of Federal records

The management of vital records is an integral part of all Federal agencies’ emergency preparedness responsibility and should be considered in the early phases of a project’s life cycle. Records management activities are performed throughout the life cycle of a project but are particularly crucial when the project ends. This ensures long term preservation and access to records in order to ensure the adequate and proper documentation of CDC programs and activities; to protect the legal rights and interests of CDC and the public which it serves; and to satisfy Federal record keeping legal requirements.

Portions of this newsletter were paraphrased from a presentation by David Knowles and Alice Strickland on PIA; and Jimmy A. Harrison on Records Management performed during the September 2008 meeting of the CDC Project Management Community of Practice.

For more information and tools related to the topic(s) covered in this newsletter, the CDC Unified Process, or the Project Management Community of Practice please visit the CDC Unified Process website at

Please also visit the CDC Unified Process Newsletter Archive located at for access to many additional newsletters, articles, and management related topics and information.


The CDC UP offers a short overview presentation to any CDC FTE or Non-FTE group. Presentations are often performed at your location, on a day of the week convenient for your group, and typically take place over lunch structured as one hour lunch-and-learn style meeting.

Contact the CDC Unified Process at or visit to arrange a short overview presentation for your group.


The CDC Unified Process Project Management Newsletter is authored by Daniel Vitek, MBA, PMP and published by the Office of Surveillance, Epidemiology, and Laboratory Services.

For questions about the CDC Unified Process, comments regarding this newsletter, suggestions for future newsletter topics, or to subscribe to the CDC Unified Process Project Management Newsletter please contact the CDC Unified Process or visit



  • January 25, 2008
    Topic: CDC IR Governance and Health and human Services Enterprise Performance Life Cycle
  • February 29, 2008
    Topic: Project Server
  • March 28, 2008
    Topic: Mid Tier Data center and Designated Server Site
  • April 25, 2008
    Topic: Program Management Professional Certification
  • May 16, 2008
    Topic: Security Issues that a Project Manager at CDC Needs to Address
  • June 27, 2008
    Topic: Procurement and Grants Office Processes
  • July 24, 2008
    Topic: Project Management Career Framework
  • August 22, 2008
    Topic: General Management vs. Project Management
  • September 26, 2008
    Topic: Records Management, Privacy Impact Analysis, and Classified Information
  • October 24, 2008
    Topic: Facilitation - A Key to Project Success
  • December 05, 2008
    Topic: Influence - A Critical Skill for Successful Project Managers


Add This Socialize the CDC Unified Process: The U.S. Government's Official Web PortalDepartment of Health and Human Services
Centers for Disease Control and Prevention   1600 Clifton Rd. Atlanta, GA 30333, USA
800-CDC-INFO (800-232-4636) TTY: (888) 232-6348, 24 Hours/Every Day -

A-Z Index

  1. A
  2. B
  3. C
  4. D
  5. E
  6. F
  7. G
  8. H
  9. I
  10. J
  11. K
  12. L
  13. M
  14. N
  15. O
  16. P
  17. Q
  18. R
  19. S
  20. T
  21. U
  22. V
  23. W
  24. X
  25. Y
  26. Z
  27. #