Please refer to the On-Site Inspection Procedures (chapter 4) in the Restricted-Use Data Procedures Manual before using this Guideline.
This Guideline is intended to give the licensee a general idea of what to expect during an on-site inspection. The inspector's set of questions will cover the areas given below; however, more license-specific questions may also be asked on a case-by-case basis.
An on-site inspection is an unannounced inspection as agreed too in Section IV.G of the License. The main goal in conducting these inspections is to make sure licensees are in compliance with the requirements of law, the Security Plan form, and the License document requirements. If a licensee is found out of compliance, the objective is to provide advice and assistance to achieve compliance.
The person being interviewed during the inspection will need to provide the inspector with information on the database(s) that the licensee is securing. The interviewee will also need to know the names of the Senior Official (SO), Principal Project Officer (PPO), System Security Officer (SSO), and all other project staff who have access to the data.
The interviewee should be prepared to answer questions regarding the License file. This can include questions about affidavits for users, amendments, the Security Plan form, security procedures, and questions regarding disclosure of subject data to other parties (e.g., legal, investigatory, or unauthorized).
IES reminds licensees that they are required to provide a copy of each publication that contains information based on the licensed data to the IES Data Security Office. If any such publication or other research results could reasonably raise questions about the disclosure of individually identifiable information, copies of such documents must be sent to IES prior to their dissemination or publication. Any document that presents information or has tables showing unweighted sample size numbers must be reviewed and approved by IES prior to any dissemination or publication. If unweighted sample size numbers are given in any document or report, these numbers must be rounded to the nearest ten (nearest 50 for ECLS-B) prior to any dissemination. To avoid potential problems, IES asks that you submit all publications to IES prior to dissemination or publication. The inspector may ask to see draft documents or reports that use the data.
The interviewee should be prepared to answer questions about secure data handling and storage. This will include questions regarding the use of any restricted-use data at unauthorized sites, who has access to the secure room, site monitoring procedures, and any unauthorized access to the data (data breach).
The interviewee should be prepared to answer questions about the computer security at the licensed site. This will include questions about copies being made of the subject data (both digital and print copies), computer password protection, use of a standalone desktop computer, and other data security issues.
Finally, the interviewee will have the chance to report any problems with using the data and give any suggestions for ways to make the licensing process easier (within the confines of the law).
After the inspection, the inspector will record any other relevant information found during the inspection, assist the licensee with any corrections that can be made immediately, and summarize anything out of compliance at the licensee site along with possible reasons for the violations. The IES Data Security Office will use this information to decide on any remedial actions needed and disposition of the license.