Data Protection/Credit Protection through GSA's MAS Program

STATEMENT OF
JAMES A. WILLIAMS
COMMISSIONER
FEDERAL ACQUISITION SERVICE
U.S. GENERAL SERVICES ADMINISTRATION
BEFORE THE
COMMITTEE ON VETERANS AFFAIRS
U.S. HOUSE OF REPRESENTATIVES
JULY 18, 2006

Good Morning Chairman Buyer, Ranking Member Evans and Members of the Committee, I am Jim Williams, Commissioner for the Federal Acquisition Service of the General Services Administration (GSA).  I am pleased to have this opportunity to appear before you to discuss the programs we have put in place to assist agencies in being able to respond to data protection/credit protection scenarios.

GSA helps Federal agencies better serve the public by offering the best value, superior workplaces, expert solutions, acquisition services, and management policies.   One of the most important ways that we do this is through the Multiple Award Schedules (MAS, pronounced "M-A-S") program. 

Through the MAS program, GSA establishes contracts with firms, large and small, to provide commercial products and services to the Government at competitive prices.  

GSA’s MAS program is one of the most powerful business tools available to Federal Government agencies.  The schedules can be used by all Federal agencies as a streamlined, convenient, money-saving, and time-saving tool for obtaining the commercial goods and services they need.   To obtain the commercial services offered under the MAS program, agencies need only develop a request outlining the work to be performed, invite schedule contractors to respond, and award task orders.  The MAS program mirrors commercial buying practices more than any other procurement process in the Federal Government; Federal agencies receive fast, direct access to the commercial products and services of all businesses of all sizes and classifications, including numerous small businesses.  When combined with E-Buy, GSA’s electronic request for quote system, the process is also transparent.

The MAS program consists of 43 separate groupings of like products and services, called schedules, and covers everything from office products, furniture, tools and appliances to scientific products, information technology, training, business consulting, security related products, and financial services, to name just a few.  Overall, the MAS program includes over 17,000 thousand contractors providing over 11 million different products and services.   Streamlined ordering procedures, robust e-tools, and efficient processes merge transparency, speed, and efficiency in the Government’s premiere acquisition program.   Agencies will spend over $35 billion through the MAS program this year to meet their needs.

One of the key features of the MAS program allows agencies to establish Blanket Purchase Agreements (BPAs).  BPAs are used to fill recurring needs for supplies or services, while taking advantage of quantity discounts, saving administrative time, and reducing paperwork.

BPA’s eliminate continual contracting solicitation costs for recurring needs.  BPA’s also—

• Provide an opportunity to negotiate improved discounts; 
• Reduce administrative efforts by eliminating repetitive individual orders and payments;
• Let customers obtain better value by leveraging buying power through volume purchasing;
• Enable an ordering agency to use streamlined ordering procedures; 
• Allow for quicker turnarounds on orders; and 
• Permit an ordering agency to incorporate additional terms and conditions which do not conflict with the underlying schedule contract.

A BPA may be set up for all the field offices of an agency across the nation, allowing them to reap additional discounts.   GSA is also able to establish a multi-agency BPA further leveraging the Government’s buying power.

One MAS program schedule which is particularly appropriate to discuss in light of the reasons we’re here today, is the Financial and Business Services Schedule.  This is a schedule of approximately 425 contracts representing expertise in financial areas such as accounting, auditing, budgeting, financial management, loan servicing, debt collection, asset management, asset sales, and business reporting.   In 2005, sales under this schedule totaled approximately $745 million and it continues to rapidly grow.  This schedule also includes 21 contractors with expertise in credit reporting and at least three firms with expertise in credit monitoring.

Over the years, GSA has worked very closely with the Office of Management and Budget (OMB) and the Federal Credit lending agencies in designing and continually improving the Financial and Business Services Schedule.  In past years, the Small Business Administration and the Department of Treasury have used this schedule to sell loans and other assets, the Department of Education has used it for loan servicing and collection of delinquent student loans, and most recently the Internal Revenue Service has awarded a set of contracts for collection of delinquent tax debt.

Based on GSA’s strong track record in this area, I am pleased that GSA was offered the opportunity to lead the procurement of credit monitoring services on behalf of several Government agencies.

As this hearing and the Committee's draft legislation signify, identity theft is a serious issue.  When an agency experiences a data loss, there can be serious problems for our employees and the citizens of this Nation.  The Federal Government must be in a position to respond to situations quickly and effectively.  Federal agencies do not have the luxury of time to embark upon a prolonged procurement process on their own. 

With GSA's BPA for credit monitoring in place, an affected agency has quick and ready access to the industry experts it needs.  In recent months, numerous agencies, including the Department of Veterans Affairs, the Department of Agriculture, the Federal Trade Commission, the Department of Energy, and the Department of the Navy have all faced situations where sensitive personnel information such as employee names, addresses, and social security numbers were potentially compromised.

When VA decided that it would offer free credit monitoring to any veteran whose personal information was potentially compromised, it turned to GSA for help in providing services to complete this task. 

GSA identified the Financial and Business Services schedule as the best way that GSA could help VA.  GSA employees immediately went to work and have continued to work closely with VA to create and develop a performance based Statement of Work for commercial credit monitoring services.

Because this is a Governmentwide problem, we also worked closely with OMB to offer GSA’s help in providing a Governmentwide solution.  This way, all agencies facing a data breach will have a fast and cost effective remedy available.

The requirement for credit monitoring services is a very real requirement across the Government, and I am delighted to report that GSA and VA have continued to work closely to establish a Governmentwide solution to provide protection in the event of future security breaches.

On July 10, 2006, GSA invited 21 contractors under the Financial and Business Services Schedule to compete for Multiple Blanket Purchase Agreements.   Under this competition, these 21 firms have been asked to propose three different levels of remedy, based on the extent of the risk of exposure.  The firms have been asked to quote different levels of credit monitoring services, ranging from basic (single monitoring) to comprehensive coverage (reports called three-in-one which cover all three of the major credit bureaus).  A key feature will be that, based on the degree of vulnerability, risk and protection, ordering agencies will be able to select the most appropriate level of credit monitoring services.

Some of the other features we are looking for in credit monitoring include the following:

• Providing credit reporting services,
• Implementing solutions to detect early signs of fraudulent activity and identity theft,
• Reporting lost or stolen Social Security numbers to the three national credit bureaus and requesting fraud alerts and statements on all credit files,
• Contacting the victims' creditors and law enforcement agencies,
• Making dedicated fraud resolution representatives available for victims of identity theft,
• Placing extended alerts on credit reports,
• Reviewing credit files every 30 days,
• Providing credit alerts within 24 hours of fraudulent activity,
• Providing updated credit scores with data compiled from all three national credit agencies, 
• Providing important contact information and addresses to affected individuals for use in resolving identity theft issues,
• Identify theft insurance, and
• Outlining various levels of credit monitoring services based on the degree of vulnerability, risk and protection with an explanation for the degree of monitoring selected. 

Contractors will be held to high standards, including compliance with the Privacy Act of 1974, to guarantee strict confidentiality of the information provided by the Government during the performance of the task order.   We are also requiring rigorous restrictions on the contractors' authorization to disclose information.

Responses to the BPA request are due on Monday, July 24, 2006.  GSA will then evaluate the responses to be sure that we award to companies demonstrating the knowledge, understanding and technical capability required to perform the credit monitoring services.   We plan to make awards in August and expect several Federal agencies to begin placing orders the same month.

In conclusion, I would like to state that this situation is a good example of the important mission that GSA plays in helping our Government stop identity theft and protect the privacy of individuals.  We are bringing together the best talents of the private sector to recognize and remedy a problem.

We are mobilizing and providing a shared services solution, so that we can leverage the Government’s buying power, drive down prices, drive up service delivery, and provide a fast and agile response to security breaches. 

I am very proud of the hard work that the GSA team has already put into this effort and look forward to a highly successful award of several BPAs next month.  We join the Committee in its commitment to better protect the sensitive personal information of veterans.  While GSA is still studying the impact of the draft legislation, we look forward to working with this Committee to ensure that any legislation and our current procurement efforts are properly coordinated and mutually supportive of our common goal of protecting sensitive government data and obtaining needed credit protection services.  I look forward to answering any questions you might have.