The General Services Administration (GSA) announced on GSA Interact on January 20, 2017 that it is proposing to redefine Special Item Number (SIN) 520-20 on the Professional Services Schedule (PSS) as its official Data Breach Response and Identity Protection Services (IPS) SIN. This will also mean minor modification to the existing language of SINs 520-16 and 520-17. GSA’s Office of Professional Services and Human Capital Categories (PHSC) cites the increased demand for identity protection services and the ever-changing requirements and needs of ordering agencies as the reason for the proposed changes.
Currently, GSA markets these services under its IPS BPA, which was awarded to three contractor teams in September, 2015. GSA notes that once the planned changes to SIN 520-20 are implemented, the IPS BPA will be cancelled. The hope is that this approach will allow more flexibility to keep up with rapidly evolving IPS technology. Further, contractors who currently hold SIN 520-20 “will be required to submit a modification to reprice their services in accordance with the pricing structure for this SIN in addition to submitting a System Security Plan (SSP).”
GSA is seeking industry input on the proposed changes through a Request for Information (RFI) on FedBizOpps (FBO) that was posted on Thursday, January 19, 2017. This RFI will allow all interested parties the opportunity to provide comments, which are due via email no later than 5:00 pm (ET) on February 21, 2017.
GSA’s Questions for Industry specifically relate to the three areas below:
Here are additional key details:
What is SIN 520-20? SIN 520-20 is currently defined on GSA eLibrary as Comprehensive Protection Solutions which “Allows for customized solutions that integrate the services found under SINs 520-16 Business Information Services (Credit Monitoring Services), 520-17 Risk Assessment and Mitigation Services, 520-18 Independent Risk Analysis and 520-19 Data Breach Analysis.” GSA believes that redefining SIN 520-20 will allow industry to provide current state-of-the-art identity protection services while allowing ordering agencies the ability to meet their individual requirements. It will also mean some modification to existing language of SINs 520-16 and 520-17.
What will SIN 520-20 look like once redefined? Redefined SIN 520-20 will require industry to have the ability to provide an integrated total solution of services that include identity monitoring, identity theft insurance, safeguarding and restoration services, breach mitigation, and forensic services. Once this SIN is awarded, firms will then have the ability to offer all or part of the services listed. In order to provide any services associated with identity protection, each firm will be required to meet the full scope of SIN 520-20 first.
You can review the full information including SIN 520-20 attachments and the proposed pricing structure in GSA’s Request for Information (RFI). A comparison of the existing SIN descriptions vs. the proposed modified/redefined SIN descriptions for 520-16, 520-17 and 520-20 is provided by Aronson here.
When will this SIN be available? GSA anticipates that this SIN will be available for use in Spring 2017.
More information, including how to add the redefined SIN or reprice existing services in accordance with the new pricing structure, is available in the GSA Interact post.
Be sure to subscribe to GSA Interact’s Professional Services Category to get notifications whenever new information like this is posted. For more information, contact Vanessa Payne at (240) 364-2663 or email@example.com.