...
under current system logbook gets plugged into modeling future OY, where fishing is is, patterns, and etc. takes 1.5 years to get logbook and observer data into the models
move to e-reporting, gps integration, all thats left is stock comp of hauls
More.... The more could include what business benefit they derive from the permit and what business risk they incur if they break NMFS rules. Is this the spot for cycle times?
...
NIST 800-30: Risk Management Guide for Information Technology Systems defines risk as a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. The threat and vulnerability identification process that follows is based on NIST 800-30.
Users and functionality
Trawl fleet (whiting) is most technology sophisticated.
Longline has some 66-70 ft, also some 16' participating in live fishery in CA, no sophistication at all, using rod and reel,
e-reporting from vessel through VMS, but immediate plan is software on a PC that they send as email attachments from the vessel, as required at end of day or trip
some vessels don't currently have email
could accept some info transferred on thumb drive then take to home office and transfer via email
reconciling and corrections?
Permit holders range from large multinational corporations to small family businesses. But generally fishing and processing permit holders are technologically sophisticated, as the fishing industry is competitive and participants have strong incentives to leverage available technology. However, fishing is frequently a lifestyle choice of action-oriented individualists, and most of the participants would rather be on deck fishing than in the wheelhouse complying with record-keeping and report requirements. It is probably safe to assume that technology that makes record-keeping and reporting compliance less burdensome will be well accepted, while any technology that increases the burden would be unacceptable.
Data sensitivity and security FISMA and Privacy Act issues
In general these permit applications do not contain highly sensitive information. However, most have some personally identifying information (PII) and some few applications may contain proprietary business information.data is confidential
Mitigating controls
Registration will be open to new permit applicants, existing permit holders, and agents of both. From the system perspective, there is little difference between permit holders and agents of permit holders. (Agents should file a notarized letter of authorization from each permit owner that the agent represents. The permit owner is responsible for transactions pertaining to their permit, and if they have delegated to an agent without submitting the authorization letter, that doesn't absolve them of any responsibility.) New permit applicants will not be identifiable with the same level of assurance as existing permit holders, but, as the permit application is processed, the confidence in the permit holder's identity will grow. And as a new permit applicant starts out with no value in the system, there is little at risk for these participants whose identity is less certain.
...