Loading...
Skip to main content
PhoneCall Us: 800-835-4603 AvatarLogin
Login Window
Forgot your password?

RFI - Identity Protection/Identity Monitoring Services

Location
Maryland
Publication Date
11/14/2024 03:49 PM EST
Closing Date
11/25/2024 12:00 PM EST
Issuing Organization
LockedRegistered members only
Solicitation Number
LockedRegistered members only
Description

Please review and read the following attachments: "ID Protection ID Monitoring RFI" and "PWS ID Protection ID Moniroring".

Introduction

This is a Request for Information (RFI) -- hereinafter Notice. This is NOT a solicitation for proposals, proposal abstracts, request for bids or quotations, nor a promise to issue a solicitation in the future. The purpose of this RFI is for the Government to obtain knowledge and information for project planning purposes only.

No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondent. The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s). Do Not Submit any Proposals / Offers / Quotes in response to this Notice.

At a summary level, the Government has interest in and is seeking information regarding the capability of firms who can provide services pertaining to identity protection/ identity monitoring services that shall support an undetermined number of future taxpayer data breaches for the period specified.  

Request for Information Number: 24-65-A-PMO-OBSA 

Project Title / Short Description:  IDENTITY PROTECTION/IDENTITY MONITORING SERVICES

PSC or FSC Code:  R611 - Support- Administrative: Credit Reporting

NAICS Codes: 541990 - All Other Professional, Scientific, and Technical Services

Release Date: November 14, 2024

Response Date: November 25, 2024 at 12:00 noon EST

Please submit all information to:

Name:  Maria Hagedorn

Title:  Government Facilitator

Email:  maria.c.hagedorn@irs.gov

&

Name: Katherine Diaz

Title: Government Facilitator

Email: katherine.diaz@irs.gov

*In the Subject Line of the email, please put: RFI - Identity Protection/Identity Monitoring Service** 

DESCRIPTION OF CONTEMPLATED SERVICES

Governmental policy requires all federal agencies and bureaus to notify individuals when their Personally Identifiable Information (PII) has been compromised and placed them at risk of identity theft. In January 2017, OMB Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (PII), rescinded and replaced OMB M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, instructing Federal agencies to enhance their safeguards for PII and to enact incident handling and data breach notification policies. It updated the existing OMB data breach notification policies and guidelines in accordance with the Federal Information Security Modernization Act of 2014 (FISMA), and implemented recommendations included in OMB Memorandum M-1604, Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government.

Standard credit monitoring services assists individuals in early detection of instances of identity theft and typically notifies individuals of changes that appear in his/her credit report, such as the creation of a new account or new inquiries to his/her credit file.  Due to the dramatic increase in attempts of identity theft, the IRS determined that a more appropriate offer for protection was to expand beyond the monitoring of information contained in a credit report (credit monitoring) and to provide three (3) years of coverage/protection. The government seeks a contract that includes other fraud detection services that monitor additional sources, e.g., internet sites, for compromised data so that an individual is fully protected.

The contractor shall provide Identity Protection/ Identity Monitoring, with established appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of individual credit information and to protect against any anticipated threats or hazards to the credit information which could result in substantial harm, embarrassment, inconvenience or unfairness to any individual on whom information is maintained. 

The contractor shall support an undetermined number of future data breaches for the period specified. These data breaches occur sporadically throughout the year and range from minor breaches consisting of 20 identities or fewer per week to major breaches consisting of 100,000+ identities. The coverage shall be continuous for a period of three (3) years from the date the impacted individual requests data breach analysis services.

Responses to this RFI are requested in two (2) parts:

Part I Company Profile Information - IRS seeks company profile information about the firms that provide services positioned to address the requirements discussed above.

Part II Capability - IRS seeks Industry responses to specific questions. Do not include any support documentation for any company other than your own.  This is an analysis of your company’s abilities.

Part I: Company Profile Information

Responders to this Notice must provide the following company information:

  1. Company Name and Address
  2. Company technical Point of Contact (POC) information to include name, title, telephone number, and email address.
  3. Applicable NAICS (North American Industry Classification System) Code 
  4. List of active governmentwide contracts that your company has been awarded (GWACs, IDIQs, and BPAs – include applicable SIN)
  5. Business Classification / Socio-Economic Status (e.g., large, small, 8(a), women owned, hub-zone, SDB, Service-Disabled Veteran Owned)
  6. Subcontracting / partnering / teaming possibilities

Part II: Capability

Responses to this Notice must include the following:

Request Structure

  1. What is the vendor’s maximum capacity to support data breaches?
  2. Pricing - The IRS has identified three levels of identity protection and identity monitoring redemptions needed.

Based upon the below predetermined levels, provide estimated pricing and proposed CLIN structure:

  • Day-to-day data breaches. The contractor must be able to support up to 1,500 redemptions. (Note: The number of redemptions is based on 7,500 notifications and a 20% redemption rate)

  • Large data breaches. The contractor must be able to support up to 360,000 redemptions. (Note: The number of redemptions is based on 1,800,000 notifications and a 20% redemption rate)

  • Catastrophic data breaches. The contractor must be able to support up to 15,638,500 redemptions. (Note: The number of redemptions is based on 78,192,500 notifications and a 20% redemption rate)

Experience / Expertise

  1. Customer Support Services – Describe your firm’s means of enrollment, e.g., does your firm include a means of enrollment via internet, telephone, and live agent?
  2.  Customer Support Services – Describe your dedicated toll-free customer assistance line, e.g., is the customer assistance line available 24 hours a day, 7 days a week? What kind of assistance is provided by the personnel at the call center? Is the call center located in the United States?
  3. Identity Theft Resolution – Describe your firm’s ability to provide access to dedicated Fraud Specialists. Also describe the services and expertise/experience provided to the consumer.
  4. Identity Support Services – Is daily credit file monitoring provided? What do the alerts consist of? How often are the alerts sent to the customer? Are customizable alerts available, e.g., can the customer customize the frequency of messaging and vehicle of delivery, e.g., US mail, text, or email?
  5. Identity Support Services – Does your firm have the capability to advise and assist the customer in placing fraud alerts on the customer’s credit file?
  6. Identity Support Services – Is your firm providing a 3-in-1 Credit Report (triple-bureau credit report) to the customer?
  7. Identity Protection/Identity Monitoring Services – What kind of PII monitoring is provided by your firm, e.g., PII in credit applications, public records, websites, etc.? What kind of personal information is monitored, e.g., bank account information, Social Security Number, driver’s license, passport, etc.?
  8. Identity Theft Insurance – How much identity theft insurance is provided? Is there a deductible? What does the coverage include?
  9. Ordering Enrollment Codes (Individual Unique Identifiers) – How soon can your firm provide  enrollment codes once requested by the Program Office? Is there a maximum number that can be requested?

General

  1. Please provide any additional insights that would help us craft the requirement(s) to best meet our needs to provide the contemplated services.

Terms and Conditions regarding this Notice

This Notice does not obligate the Government to award a contract or otherwise pay for the information provided in response.  All costs associated with responding to this Notice are solely at the responding party's expense.  The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate.  Further, the Government may contact the vendor for additional information regarding the information submitted as part of this market research effort.  Any organization responding to this notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization’s qualifications to perform the work.  Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted.  After a review of the responses received, a pre-solicitation synopsis and solicitation may be published in Government Point of Entry or other similar source (e.g., GSA E-buy).  However, responses to this notice will not be considered adequate responses to a solicitation.

Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract or agreement.  The Government will not be obligated to pursue any particular acquisition alternative as a result of this notice.  Responses to the notice will not be returned.  Not responding to this notice does not preclude participation in any future solicitation if one is issued.

No proprietary, classified, confidential, or sensitive information should be included in responses to this Notice, unless otherwise appropriately marked by the Respondent.  The Government reserves the right to use any non-proprietary technical information received in response to this Notice in any resultant solicitation(s). 

Do Not Submit any Proposals/Offers in response to this Notice.

Thank you for your response to this Request for Information.

Source
https://sam.gov/opp/74c34f63ee5c465e9d7966f26a5c6da6/view (opens in a new window)
Get instant access to solicitation details & future business opportunities.

Get instant access

to solicitation details & future business opportunities.

Get Access

Vendor packages with access to similar open solicitations

Matching bid notifications & access to all Statewide & Group bid details

Statewide

Matching bid notifications & access to all Statewide & Group bid details
Matching bid notifications from participating agencies

Group

Matching bid notifications from participating agencies
Access participating agency bids

Basic

Access participating agency bids

We use cookies and other similar technology to deliver our online services. Essential cookies are used to enable you to access and navigate our site. These are necessary and are always on. We also use functional, analytics, and marketing cookies when we have your consent to do so. For more information on how we use cookies, please consult our Privacy Policy.