Drug Enforcement Administration (DEA)
Office of Diversion Control
Controlled Substance Ordering System (CSOS)
Revision 7, July 12, 2005
The information requested is being collected to certify registration status of a DEA Registration Certificate Holders or a Powers of Attorney (POA) representing aforementioned holders who desire to participate within CSOS.
3. Routine Uses of System Records, Including Categories of Users and Purposes for Using the System
Information from this system may be disclosed to the following parties:
a) To DEA’s CSOS contractors to compile and maintain documentation on applicants for proofing applicants' identity and their authority to handle controlled substances.
b) To DEA’s CSOS contractors to establish and maintain documentation on information sources for verifying applicants' identities.
c) To DEA personnel participating in CSOS to determine the validity of applicants' digital signature certificates in an on-line, near real time environment.
d) To DEA personnel and CSOS contractors, for ensuring proper management, ensuring data accuracy, and evaluation of the system.
e) To federal, state or local agencies along with state medical and licensing boards responsible for investigating, prosecuting, enforcing, or carrying out a statute, rule, regulation, or order when the DEA Office of Diversion Control becomes aware of a violation or potential violation of civil or criminal law or regulation.
f) To a member of Congress or to a congressional staff member in response to a request from the person who is the subject of the record.
g) To a DEA employee, an expert consultant, or contractor of DEA in the performance of a federal duty to which the information is relevant.
h) Persons registered under the Controlled Substances Act (P.L. 91-513) for the purpose of verifying the registration of customers and practitioners.
4. Policies and Practices for Storing, Monitoring, Retrieving, Retaining, Disposing, and Changing of System Records
The CSOS website does not utilize “cookies,” banner ads, or otherwise collect or track your personal information, except through the application process, and for purposes of administering the CSOS program and CSOS certificates. The CSOS website is not set up to track, collect or distribute personal information about you, other than information gathered through the application for and use of CSOS certificates, or provided in connection with emails, comments, or other communications with DEA. DEA may track aggregated information about visits to the CSOS website, such as statistics that show the daily number of visitors and the daily requests received for particular files or information. These aggregated statistics are used internally to better provide services to the public, and may also be provided to others, but these statistics contain no personal information about you and cannot be used to gather such information.
We make no attempts to identify individual users of this site unless we suspect illegal behavior. To keep this service available and secure, we monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage to the website. By using this website you consent to such monitoring. Unauthorized attempts to upload information and/or change information on this website are strictly prohibited and are subject to prosecution under the Computer Fraud and Abuse Act of 1986 and Title 18 USC Sections 1001 and 1030.
Records are retrievable by a personal identifier or by other appropriate type of designation approved by DEA and made available to CSOS PKI participants at the time of their application for CSOS PKI services. The DEA will make available to CSOS participants all information it has collected following an appropriate request for information or correction if necessary. However, information provided by the DEA to conduct CSOS business contained within your CSOS certificate along with related status information is not considered to be private. Should you wish a copy of any records subject to these confidentiality requirements, please submit a request, in writing, to
Drug Enforcement Administration
Attn: Chair, Policy Management Authority
Washington, DC 20537
System records are safeguarded in accordance with the requirements of the Privacy Act of 1974, OMB Circular A-130, Appendices I and III and section 2.8 of the CSOS CPS. Technical, administrative, and personnel security measures are implemented to ensure confidentiality and integrity of the system data stored, processed, and transmitted. The CSOS System Security Plan, which was approved by DEA, provides for inspections, testing, continuity of operations, and technical certification of security safeguards. An authorized accrediting firm accredits and annually re-accredits the CSOS system. Accrediting standards are outlined in the CP.
System records are retained according to CSOS records maintenance and disposition schedules outlined in the CP.
DEA may disclose such certificate-related identification information to Qualified Relying Parties. Disclosure of system records to consumer reporting systems is not permitted.
4.7 Information Change
Only the individual subscriber whose information pertains to them is allowed to make a request for information change except cases of POAs where the Registrant must approve the information change. Information that may be reviewed includes only that information pertaining to the individual subscriber submitting the request that is maintained by the DEA in a system of records. A system of records is a grouping of records under the control of the DEA from which information can be retrieved by means of the individual subscriber’s name or an identifying number assigned to the individual subscriber.
Detailed instructions for making requests for access to records are provided on the CSOS website. In response to a proper request for access, CSOS will notify the requesting individual subscriber whether the CSOS system of records contains any records pertaining to him or her, and if so, the manner in which those records may be reviewed.
The following discusses how a request to amend a CSOS record is processed. Requests for an amendment must include:
a) The name of the individual subscriber requesting the amendment,
b) A description of the item or items to be amended,
c) The specific reason for the amendment,
d) The type of amendment action sought (e.g., deletion, correction or addition), and
e) Copies of available documentary evidence supporting the request.
DEA maintains a record of each request for amendment that it receives, including the date and time the request was received, the name of the record, and information provided in support of the request.
DEA will provide to the requesting individual subscriber written or e-mail acknowledgment of the receipt of his/her request for amendment within ten (10) working days of the date of receipt of that request. DEA will also notify the CSOS CA of the receipt of a request for amendment of a record, in writing or by e-mail, within ten (10) working days of the date of receipt of that request. A copy of the acknowledgment and the notice to the CSOS CA will be made a part of the record of the request for amendment.
DEA will make any appropriate corrections to any record or portion thereof that are required to ensure that the record is accurate, relevant, timely, and/or complete, within twenty (20) working days of the date of receipt of a request for amendment of that record. A copy of the corrections made, if any, will be made a part of the record of the request for amendment and a copy of which will be forwarded to the CSOS RA. Written or e-mail notification of the correction will also be provided within (10) days to any person or agency to whom that record was previously disclosed, and a copy of that notification will be made a part of the record. CSOS will notify the individual Subscriber making the request in writing or by e-mail of any amendments that are made to the record. A copy of the notification will be made a part of the record of the request for amendment.
Return to previous screen