EXECUTIVE
OFFICE
OF
THE
PRESIDENT
OFFICE
OF
MANAGEMENT
AND
BUDGET
WASHINGTON
, D. C.
20503
July 1, 2016
M-16-14
MEMORANDUM
FOR
THE
HEAD
Fi.
S
OF
DEPARTMENTS AND AGENCIES
FROM:
Anne E.
Rung
~
United States ยท
fAc
sition Officer
SUBJECT: Category Management Policy 16-2: Providing Comprehensive Identity
Protection Services, Identity Monitoring,
and
Data
Breach Response
This memorandum updates a longstanding Office
of
Management and Budget (OMB)
policy, first implemented in 2006, to maximize federal agency use
of
a government-wide
solution for acquiring identity protection services when needed. This memorandum requires,
with limited exceptions, that when agencies need identity protection services, agencies address
their requirements by using the government-wide blanket purchase agreements (BP As) for
Identity Monitoring Data Breach Response and Protection Services awarded by the General
Services Administration (GSA), referred to below as the "IPS BP As."
For the past decade, GSA has offered commercial credit monitoring services through
government-wide BPAs established under its Federal Supply Schedules (FSS) Program. When
the BP As were launched, OMB instructed agencies to review the pricing and terms and
conditions
of
the BP As in addition to any other credit monitoring services they may be
considering in their market research and notify OMB prior to making an award outside
of
the
BPAs.
1
Last year, GSA partnered with other agencies
on
requirements for new BP As to ensure
that all agencies have access to a pool
of
best qualified contractors capable
of
providing a
comprehensive range
of
identity protection services, including credit monitoring. For details on
the IPS BP As, including task order instructions, offered services, authorized users, order dollar
value limitations, the inclusion
of
agency specific terms, and ordering periods, visit
www.gsa.gov/ipsbpa.
Taking advantage
of
the IPS BP As ensures agencies can meet their needs for expeditious
delivery
of
best-in-class solutions from pre-approved and vetted companies at competitive
pricing and reduced administrative costs. For these reasons, the IPS BP As shall be treated as a
preferred source for Federal agencies when agencies have a need for credit monitoring, breach
response, and identity protection services. Consistent with category management principles,
GSA, as the contract manager, will work with an interagency team to periodically review and
refresh, as appropriate, the contract terms and requirements to ensure the BP As continue to
reflect the best identity protection practices and agencies' needs.
1
See OMB Memorandum M-07-04, Use
of
Commercial Credit Monitoring Services Blanket Purchase Agreements.
1