Safeguarding information is a subject area related to protecting electronic information from unwanted access (breaches). Several high-profile data breaches involving the release of personal information underscore the need for this type of information security.
Background
The Federal Information Security Management Act (FISMA) requires each federal agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency.
By definition an effective information-security program should include:
Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification or destruction of information and information systems that support the operations and assets of the organization;
Policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system;
Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate;
Security awareness training to inform personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks;
Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually;
A process for planning, implementing, evaluating and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; and,
Procedures for detecting, reporting and responding to security incidents.
Acquiring a Safeguarding Information Solution
GSA Multiple Award Schedules allow customers flexibility to mix-and-match Schedules to provide comprehensive integrated security solutions. Many vendors hold several Schedule contracts, allowing them to provide quotes for complex cross-Schedule procurements. Searching GSA e-Library by Special Item Numbers (SINs) will return a list of vendors who can provide these solutions.
When there are no single vendor solutions, GSA Schedule Contractor Team Arrangements (CTAs) allow customer agencies to order a solution rather than making separate buys from various contractors. A CTA allows the contractor to meet the government agency’s needs by providing a total solution that combines the supplies and/or services from the team members' separate GSA Schedule contracts. A list of the Schedule contracts relevant to safeguarding information are identified below:
Blanket Purchase Agreements (BPAs) eliminate contracting and open market costs such as the search for sources, development of technical documents and solicitations, and evaluation of offers. A BPA may further decrease costs, reduce paperwork, and save time by eliminating the need for repetitive, individual purchases from Schedule contracts or Contractor Teams.
GSA operates the SmartBUY program to consolidate the commercial off the shelf (COTS) software requirements of the federal government for maximum buying discounts. This program includes BPAs for many Data-At-Rest encryption technologies.
GSA acquisition options include Assisted Acquisition Services, an organization within GSA that crafts customized expert solution to information security issues. Assisted Acquisition Services offers fee-based scalable support that brings technical, contracting and project management resources to bear to provide customizable levels of assistance.