Privacy Policy

The Exercise Information System (EXIS) is an official website of the United States Department of Homeland Security (DHS) and the Transportation Security Administration (TSA). This privacy policy (Policy) explains how EXIS collects, uses, stores, and discloses personally identifiable information (Information) through this website, application services, and/or when you otherwise​ contact support. This Policy is intended to be read in conjunction with our Terms of Use. By accessin​g EXIS' resources, y​ou are accepting the terms that explicitly stated in this Policy and the Terms of Use.

Privacy Act Statement

AUTHORITY: 49 USC § 114(f)(15); 6 USC §§ 1136(a), 1167, and 1183.
PRINCIPAL PURPOSE(S): This information will be used to grant individuals access to EXIS.

ROUTINE USE(S): This information may be shared i​​n accordance with the Privacy Act of 1974, 5 USC § 552(a), for routine uses identified i​n the DHS system of records, DHS/ALL-004 General Information Technology Access Account Records System and DHS/ALL 002 DHS Mailing and Other Lists System, or as further described in the Privacy Impact Assessment, DHS/ALL/PIA-006 DHS General Contact Lists and subsequent updates, available at

DISCLOSURE: Furnishing this information is voluntary; however, failure to provide the requested information will prevent TSA from being able to grant an individual's access request to EXIS.

Paperwork Reduction Act Statement

This collection of information is voluntary pursuant to Implementing Recommendations of the 9/11 Commission Act of 2007. It is estimated that the time to design and conduct an exercise is approximately 3.5 hours and the time to complete the survey is .25 hours. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The OMB control number assigned to this collection is 1652-0057, which expires 03/31/2025. Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to TSA PRA Officer, 6595 Springfield Center Dr, Springfield, VA 22150​. ATTN: PRA 1652-0057.

Information Collected

EXIS collects Information that can be classified under two different categories: personal Information and technical Information. Personal Information is data that can identify you as an individual, while technical Information is data that can identify the device you are using to access the EXIS application. Personal Information is provided by the individual. No Information is collected from an individual until they have registered for an account.

Personal Information

During the account registration process, the individual must complete an interactive form in order to receive access to the EXIS application. The individual must provide the following Information in order to complete the form: first name, last name, preferred transportation sector, employer, job title, physical address, phone numbers, email address, login information, and security questions.

Technical Information

After you have registered for an account, the EXIS application automatically begins collecting technical Information. Specifically, the following technical Information is collected and stored: your IP address; your operating system; your device type; your web browser; the datetime of your access; the content you viewed, visited, or downloaded; and the domain or referral source from which you accessed the EXIS application.

The Office of Management and Budget (OMB) Memorandum M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, allows federal information systems to use cookies. Cookies are small data files stored on your device that allow websites to remember individuals' preferences, browsing patterns, and behavior while accessing the website. There are two types of cookies: single-session (temporary) and multi-session (persistent). Session cookies last only as long as your web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your device for longer periods of time. Temporary cookies are used for technical purposes that allow us to provide a better user experience for individuals, while persistent cookies are used to differentiate between new and returning visitors to the website.

Furthermore, OMB Memorandum M-17-06, Policies for Federal Agency Public Websites and Digital Services, requires federal information systems to participate in the General Services Administration's (GSA) Digital Analytics Program (DAP). DAP is a free analytics service that measures digital services for the federal government. The program offers a website analytics tool, a scalable infrastructure for measuring website traffic, training, and support to federal agencies. Moreover, DAP utilizes Google Analytics: a third-party analytics service provided by Google. The EXIS application has implemented DAP and Google Analytics in order to provide a better user experience that is based around user needs with data-driven analysis influencing management and development decisions. For more information on our implementation of Google Analytics, refer to the "Contact Us" section below.

Using of Collected Information

The EXIS application collects the minimum amount of Information necessary in order to provide, maintain, improve the services that the EXIS application offers. Per the "Information Collected" section above, the collected personal Information is solely used to maintain your account, while the collected technical Information is solely used improve the user experience. For more information on our use of collected Information, refer to the "Contact Us" section below.

Sharing of Collected Information

The EXIS application shares collected Information internally with DHS and TSA for the purposes of compliance, reporting, research, and analytics. Due to the implementation of Google Analytics, the EXIS application shares collected Information with this third-party. Specifically, the only Information that is actually shared with this third-party is the Information that is required for the EXIS application to be compliant with the requirements enforced by DHS and GSA's DAP. For more information on GSA's DAP and our implementation of Google Analytics, refer to the "Contact Us" section below.

Information Retention

The EXIS application retains Information for as long as it is useful for carrying out the information dissemination and collaboration purposes for which that Information was collected. Due to the implementation of Google Analytics and GSA's DAP, your Information provided to GSA may be subject to different retention schedules. For more information on GSA's DAP and their own privacy policy, refer to their website. After EXIS has determined your Information to be passed the applicable retention period, your Information will be securely deleted and/or destroyed with technology that is in accordance with NIST SP 800-88, Guidelines for Media Sanitization.

Information Security

The program takes a variety of precautions to ensure the confidentiality and integrity of your Information by implementing a variety of technical controls (e.g. account access controls, technical access controls, information security and privacy training to personnel, encryption of data-at-rest and data-in-transit, etc.); furthermore, the program has implemented a variety of automated technical controls to further increase the security of your Information (e.g. next-generation firewalls, intrusion detection systems and intrusion prevention systems, etc.). Lastly, OMB Memorandum M-08-05, Implementation of Trusted Internet Connections, requires federal information systems to implement a Trusted Internet Connection (TIC) to further increase the security of network access and encryption. EXIS utilizes the OneNet TIC to help ensure the confidentiality and integrity of all collected Information.

Personal Rights
Account and Personal Information

You can update, correct, and delete Information about you at any time by logging into your online account or by contacting us directly. If you wish to delete or deactivate your account, then email us at It should be noted that we may retain Information as required by federal law or for other legitimate business purposes. Also, we may retain cached or archived copies of your Information for a defined period of time. Ultimately, you reserve the right to your Information and can have it deleted at any time. For more information on your rights, refer to the "Contact Us" section below.


As explicitly stated in the "Technical Information" section above, the EXIS application uses cookies. Most web browsers (e.g. Google Chrome, Internet Explorer, Mozilla Firefox, etc.) are configured to accept cookies by default. If you would prefer to remove or reject browser cookies, then refer to the following website. It should be noted that removing or rejecting browser cookies can affect the availability and functionality of the EXIS application.

Contact Us

In order to exercise your rights regarding your Information, or if you have any questions regarding this Policy, contact the EXIS helpdesk by emailing or by calling (855) 447-8392. It should be noted that any Information that is provided to us over email is subject to use in accordance with the methods explicitly defined in this Policy. As an information system under the Department of Homeland Security and the Transportation Security Administration, you can direct any questions regarding their own privacy policies by clicking their respective links.​

Last modified at 7/6/2022 8:40:40 PM

Privacy Policy   |   Accessibility   |   Terms of Use   |   Contact Us   |   FirstGov   |   TSA   |   DHS
Official website of the U.S. Department of Homeland Security / Transportation Security Administration
OMB Control Number: 1652-0057