Changes Coming to GSA’s Breach, Identity Protection Offerings

The General Services Administration is planning to update its schedule offerings for data breach response and identity protection services in an effort to add clarity for vendors and lower prices for agency customers.

The proposed changes to the Data Breach and Identity Protection Services special item number on GSA’s Professional Services Schedule include clarifying certain definitions—such as the difference between an “impacted individual” and “enrollee”—and eliminating redundancies.

The definition issues created “ambiguity resulting in higher pricing exceeding commercial rates offered for same or similar services,” GSA officials wrote in an accompanying document. “The planned changes will provide industry clarity on ‘impacted individual’ and ‘enrollee’ in regards to their usage in the pricing tables and result in better pricing offered to the government mirroring commercial rates.”

Similarly, acquisition officials noticed an overlap between the data breach analysis services on the IPS SIN and breach forensic services offerings on the Risk Assessment and Mitigation Services SIN. GSA plans to streamline this by eliminating the former.

GSA provided a rundown of major changes, set to take effect Aug. 29.

While GSA posted an official notice, the process will be different from a normal mass modification. Interested parties will have until Aug. 29 to submit comments through the Interact page. As of Friday, the post has yet to receive any comments.

There will also be an opportunity to hear more about the changes and get questions answered in real time during a planned Aug. 15 webinar.