Pt. 505, App. G
Appendix G to Part 505
—Management Control Evaluation Checklist
(a) Function. The function covered by this checklist is DA Privacy Act Program.
(b) Purpose. The purpose of this checklist is to assist Denial Authorities and Activity Program Coordinators in evaluating the key management controls listed below. This checklist is not intended to cover all controls.
(c) Instructions. Answer should be based on the actual testing of key management controls (e.g., document analysis, direct observation, sampling, simulation, other). Answers that indicate deficiencies should be explained and corrective action indicated in supporting documentation. These management controls must be evaluated at least once every five years. Certificate of this evaluation has been conducted and should be accomplished on DA Form 11-2-R (Management Control Evaluation Certification Statement).
a. Is a Privacy Act Program established and implemented in your organization?
b. Is an individual appointed to implement the Privacy Act requirements?
c. Are provisions of AR 25-71 concerning protection of OPSEC sensitive information regularly brought to the attention of managers responsible for responding to Privacy Act requests and those responsible for control of the Army's records?
d. When more than twenty working days are required to respond, is the Privacy Act requester informed, explaining the circumstance requiring the delay and provided an appropriate date for completion.
e. Are Accounting Disclosures Logs being maintained?
Comments: Assist in making this a better tool for evaluating management controls. Submit comments to the Department of Army, Freedom of Information and Privacy Division.