OMB Provides New Guidance for Agencies Buying Tools to Counter Identity Theft

Continuing its insertion of category management into federal purchasing, the White House Office of Management and Budget last week instructed department and agency heads—with few exceptions—to use the bulk buying approach to providing services in identity protection and data monitoring to ward off breaches.

In a memo updating a 2006 OMB policy, U.S. Chief Acquisition Officer Anne Rung, said agencies—other than those with existing contracts—should meet their requirements to counter identity theft using governmentwide blanket purchase agreements awarded by the General Services Administration.

“For the past decade, GSA has offered commercial credit monitoring services through government-wide BPAs established under its Federal Supply Schedules Program,” she wrote. But recent reviews of pricing and conditions have allowed GSA to modernize the agreements to assure a pool of “best qualified contractors capable of providing a comprehensive range of identity protection services.”

The resulting BPA “shall be treated as a preferred source” for agency needs in identity theft precautions, credit monitoring and other responses to breaches “consistent with category management principles,” Rung said.

Agencies with existing contractors and those with options ready to exercise, however, “may consider the impact on an incumbent small business contractor” of switching to the BPA. “Agencies that require contractors to provide identity protection services, or a subset thereof, as part of the security or safeguarding requirements in their contract are exempt from this guidance.”

Exceptions must be signed off on by senior officials.

The Obama administration for some two years has been pursuing the category management techniques used in the private sector to save money by reducing the number of agency contracts.