GSA Federal Acquisition Service
Search:
For general questions, contact:
FAS National Customer Service Ctr
Phone: 1-800-488-3111
E-mail: ncsccustomer.service@gsa.gov

Professional Services
Identity Protection Services
MAS Multiple Award Schedule - Available offerings include commercial goods and services organized by 12 Large Categories, corresponding Subcategories, and SINs.

MAS Category list:

Download Contractors (Excel)
Professional Services - Identity Protection Services
Category Description
541990IPS Data Breach Response and Identity Protection - Services include but are not limited to: breach mitigation and analysis/forensic services, the deployment of financial risk assessment and mitigation strategies and techniques; improvement of capabilities through the reduction, identification, and mitigation of risks; detailed risk statements, risk explanations, and mitigation recommendations; design and development of new business applications, processes, and procedures in response to risk assessments; and ensuring compliance with governance and regulatory requirements.

Firms can also assist the Ordering Agency with preventive measures in protecting Personally Identifiable Information (PII) and Protected Health Information (PHI) through the evaluation of threats and vulnerabilities to PII and PHI type of information; training of Government personnel on how to prevent data breaches and identity theft; vulnerability assessments; privacy impact and policy assessments; review and creation of privacy and safeguarding policies; prioritization of threats; maintenance and demonstration of compliance; and evaluation and analysis of internal controls critical to the detection and elimination of weaknesses to the protection of PII and PHI type of information.

This Scope also provides for Data Breach Response and Identity Protection Services (IPS) which includes an integrated, total solution for services to provide identity monitoring and notification of Personally Identifiable Information (PII) and Protected Health Information (PHI), identity theft insurance and identity restoration services, and protect (safeguard) the confidentiality of PII and PHI. Additional requirements specifically for Identity Protection Services are found in the NAICs document 541990 titled Risk Assessment, Mitigation Services, and Identity Protection - See Notes referenced below.

NOTE 1: Additional Proposal Instructions related to Identity Protection Services (IPS) are found in IPS Requirements Document 1B.

NOTE 2: Any firm offering
541990RISK Risk Assessment and Mitigation Services - Services include: breach mitigation and analysis/forensic services, the deployment of financial risk assessment and mitigation strategies and techniques; improvement of capabilities through the reduction, identification, and mitigation of risks; detailed risk statements, risk explanations and mitigation recommendations; design and development of new business applications, processes, and procedures in response to risk assessments; and ensuring compliance with governance and regulatory requirements. Under this SIN, firms can also assist the Ordering Agency with preventive measures in protecting Personally Identifiable Information (PII) and Protected Health Information (PHI) through the evaluation of threats and vulnerabilities to PII and PHI type of information; training of Government personnel on how to prevent data breaches and identity theft; vulnerability assessments; privacy impact and policy assessments; review and creation of privacy and safeguarding policies; prioritization of threats; maintenance and demonstration of compliance; and evaluation and analysis of internal controls critical to the detection and elimination of weaknesses to the protection of PII and PHI type of information.