The Office of Personnel Management inspector general again found flaws in the agency’s contracting for the credit monitoring and ID theft services it provides to the more than 21.5 million federal employees and applicants affected by the 2015 data breaches.
OPM has gone through two different contracts for post-breach protections. The IG found “significant deficiencies” in the contracting process of the first one, a $20 million contract to Winvale Group and subcontractor CSID. When that contract expired, OPM opted for a contract with ID Experts to provide services for three years with a potential value of $330 million.
For the ID Experts contract, auditors found the agency’s Office of Procurement Operations bypassed some of the Federal Acquisition Regulation and the agencies’ purchasing rules. Areas of noncompliance included designating the contracting officer representative after the award, and failing to check the System for Award Management and data-entry errors. Auditors also found incomplete or unapproved contractual documents, including the acquisition plan, market research plan and technical evaluation plan.
In response to the IG report, OPM has agreed to update its procurement policies and strengthen oversight.