OMB reminds agencies to use BPA for credit monitoring services

Agencies that are victimized by a data breach of personal information should use a new blanket purchase agreement set up by the General Services Administration, according to a new Office of Management and Budget memo.

Karen Evans, OMB's administrator for e-government and IT, and Paul Denett, administrator of the Office of Federal Procurement Policy, co-signed a memo to the heads of all agencies that requires agencies to use the BPA or justify to GSA and OMB why they did not.

The directive said if agencies do not use the BPA, they must notify GSA and Evans 10 days before they make the award to explain 'how the proposed contract offers a better value to the agency.' The notice should include pricing and terms and conditions of the potential award.

GSA then will review the contract to see if there is a way to improve the BPA.

GSA awarded the BPA to three vendors in August.

'The BPAs offer a variety of protection levels, depending on the degree of risk, vulnerability and exposure encountered, and supports a consistent approach to mitigating the adverse impacts of personal data loss,' the OMB memo said.

OMB also reminded agencies to follow the recommendations of the President's Identity Theft Task Force to determine if credit monitoring services are needed.

OMB also included BPA ordering procedures with the memo.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.