department of management services · triquetra technologies, inc. department of management services...

Triquetra Technologies, Inc. Department of Management Services

Request for Information - Technical Volume General Service Administration (GSA) - 70

Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.

DEPARTMENT OF MANAGEMENT SERVICES

REQUEST FOR INFORMATION FOR

Cyber-Security Assessment, Remediation, and Identify

Protection, Monitoring and Restoration Services

3 September 2015

Submitted to: [email protected]

Submitted by: Ricky Sowell

Triquetra Technologies, Inc. One Enterprise Parkway, Suite 330

Hampton, VA 23666 Phone: (757) 288-1117

Email: [email protected]

This Informational response includes data that shall not be disclosed outside the Government and shall not be duplicated,

used, or disclosed in whole or in part for any purpose other than to evaluate this response. If, however, a contract is awarded

to the Offeror as a result of, or in connection with, the submission of this data, the Government shall have the right to

duplicate, use, or disclose the data to the extent provided in the resulting contract. This restriction does not limit the

Government’s right to use information contained in this data if it is obtained from another source without restriction. The

data subject to this restriction are contained in all pages and attachments of this response.




TABLE OF CONTENTS 1.0 INRODUCTION ............................................................................................................................. 3

2.0 BACKGOUND ............................................................................................................................... 4

3.0 CONTRACT INFORMATION ...................................................................................................... 5

4.0 RESPONSES TO SECTION IV ..................................................................................................... 5

4.1 PRE-INCIDENT SERVICES ..................................................................................................... 5

4.1.1 Incident Response Agreement ............................................................................ 5

4.1.2 Assessment ......................................................................................................... 6

4.1.3 Preparation .......................................................................................................... 6

4.1.4 Developing Cyber-Security Incident Response Plan ......................................... 7

4.1.5 Training .............................................................................................................. 8

4.2 POST-INCIDENT SERVICES ................................................................................................... 9

4.2.1 Breach Services Toll-Free Hotline ..................................................................... 9

4.2.2 Investigation/Clean-up ....................................................................................... 9

4.2.3 Incident Response ............................................................................................... 9

4.2.4 Mitigation Plan ................................................................................................... 9

4.2.5 Identity Monitoring, Protection, and Restoration ............................................... 9

5.0 RISK ................................................................................................................................................... 10

6.0 CONCLUSION ................................................................................................................................... 10




1.0 INRODUCTION

Team T2 is READY NOW to support the Department of Management Services

1.1 TRIQUETRA TECHNOLOGY, INC. Triquetra Technologies, Inc. (T2) provides unique, creative and innovative services to both the

government and private sectors of the defense industry. Additionally, key members of T2’s staff have

been intimately involved in providing Intelligence Mission Operations Support, Knowledge

Management, Training and Human Performance, Command and Control (C2), Advisory and Assistance,

and Program Management to the warfighter both CONUS and OCONUS. Our focus areas include

Knowledge Management, Cyber Training, Operational Intelligence, Electronic Warfare, Information

Operations, and Sensor/Platform Expertise (Small UAS). Our staff has a wide range of experience in Air

Force, joint and coalition IO planning both as members of the DOD and as contractors.

T2 was established in 2008 in the state of Virginia as a Federally Certified Woman-owned Small

Business providing Intelligence Mission Operations Support, Knowledge Management, Training, and

Human Performance, Command and Control (C2) Advisory and Assistance, and Program Management.

T2 now employs over 30 professionals with revenues averaging $7M per year and has broadened its’

base with expertise in CONUC and OCONUS operations focusing on Knowledge Management, Cyber

Operations and Training, Information Technology and Operational Intelligence. T2 Headquarters is

located in Hampton, Virginia and has a certified Top Secret facility security clearance with all

operational members holding a clearance. T2’s IT and Cyber expertise spans over software and system

development, enterprise architecture, data management, data analytics, content management, system

integration, systems administration, mobility, business intelligence, infrastructure services, security

operations, information assurance, and service desk support.

T2 realizes one of the critical factors in the delivery of top quality services is a strong, highly

experienced and stable workforce. Our team is comprised of multiple topflight companies with

significant IT and Cyber experience that understand the value of a committed and enthusiastic

workforce. The capabilities of these companies bring unsurpassed expertise to provide facilitation and

support to groups at the staff and operational level to the Department of Management Services for

Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration

Services. An example of our team composition, described in Table 1, has a well-deserved reputation for

caring for their employees and motivating them to focus on exceeding customer expectations.

Table 1- T2 Teammates Supporting Cyber-Operations

Exceptional experience in providing Cyber-support, Knowledge Management,

Information Operations, Analysis, Strategic Deterrence, Global Strike, and ISR

Provides core DoD support in Knowledge Management (KM) and KM Training

Provides significant tactical Intelligence Support to CONUS & OCONUS locations

Extensive experience supporting the DoD in blending training and technology solutions.

Executed $60M single-award smart classroom modernization and technology insertion

contract for the Army for 500 classrooms across the Nation.

$100M single-award contract to provide all computer infrastructure support for the U.S.

Department of Agriculture Forest Service to include enterprise architecture, software

engineering, knowledge management, and help desk support.




Our management best practices commit the resources required for effective management and execution while

maintaining a lean, streamlined structure with the flexibility and agility to effectively respond to all contract

requirements to control work and ensure desired results are repeatable. Key elements of our approach are the

appointment of a highly qualified on-site Task Lead to allocate resources and serve as our interface to

Government technical managers. The organizational structure recognizes the imperative of responsive, clear lines

of communication and well-defined delegation of authority. Our team has proven processes and procedures for

effectively managing resources which are embedded in our ISO-9001-2008 certified Quality Management System

(QMS).

2.0 BACKGOUND T2 has more than seven years of successful experience in exploitation (and correlation), collection-

management systems and training. We also have a strong background in new and advanced

methodologies, techniques, and approaches and then transitioning these concepts and systems to

operational environments.

T2 stands out from competitors of all sizes in several important ways. T2 is an agile and flexible

business with personalized attention to the customer at all levels of our organization, while possessing

many of the positive attributes of a large business without the associated drawbacks. T2’s roots are

deeply set in leading edge technology and it has invested heavily over the years in people, facilities, and

resources needed to enhance our technical advantage over our competition, regardless of size. T2 also

has a strong, stable and debt-free financial basis, which allows it to provide a very low-risk and reliable

performance foundation, as well as continued investment in internal capabilities and development

efforts. From this strong technical foundation T2 has evolved the capability to produce, test, field, and

provide logistics support to the products and employees. The combination of these capabilities is

commonly found only in larger defense contractors. Another advantage T2 enjoys is its trusted

reputation with our customers, born of many years of dedicated performance and quality support.

Team T2’s personnel have been leaders in developing and implementing governance models and

documents for DoD. T2 has established and managed NATO’s Knowledge Management and Cyber-

Security (CS) governance and infrastructure in Afghanistan, and we are integral to US Army governance

training and educational efforts. Team T2’s experience is broad and deep in this task area. We have

captured numerous lessons, best practices, and tested methodologies, which Team T2 will apply daily in

how we facilitate forums and workgroups, collaborate with the Department of Management Services,

maintain portals and update strategy and metrics plans. Drawn directly from similar CS infrastructure

support requirements in combat theaters across the globe, Team T2 will integrate critical value add and

trusted CS process improvements proven under fire to deliver the CS results required by the Department

of Management Services. Department of Management Services receives not only the best support

possible, but also the best lessons learned benefits integrated from across the communities of interest.

Team T2 currently provides a broad spectrum of Cyber-Security, Customer Mission Support, Technical

Services and Management within the United States and various mission theaters ranging from Training

Development and Delivery, Logistics, Maintenance and Repair, as well as Test and Engineering support.

Our premier services have gained us direct mission experience that encompasses customer support,

technical management and program management services to include a comprehensive understanding of

the importance of level-of-repair decisions that can greatly impact the mission and program costs.




3.0 CONTRACT INFORMATION

NAME: TRIQUETRA TECHNOLOGIES, INC

PHONE: (763) 354-4879

EMAIL: [email protected]

4.0 RESPONSES TO SECTION IV

4.1 PRE-INCIDENT SERVICES

4.1.1 Incident Response Agreement

T2 will develop, implement and maintain a written plan and process for preventing,

detecting, identifying, reporting, tracking and remediating Security Incidents (“Security

Incident Response Plan” or “SIRP”) for the Department of Management Services. A

Security Incident shall mean an event or set of circumstances that results in a reasonable

expectation of a compromise of the security, confidentiality or integrity of Edison

Personal Information under Contractor’s control (“Security Incident”).

Security Incidents include:

Security breaches to customers network perimeter or to internal applications

resulting in potential compromise of data or information;

Loss of physical devices or media, e.g., laptops, portable media, paper files, etc.,

containing data;

Lapses in, or degradation of, customers security controls, methods, processes

or procedures;

The unauthorized disclosure of Personal Information; and

Any and all incidents adversely affecting customer or its Affiliates’, as the case

may be, information assets.

Customer’s SIRP will include Security Incident handling and response procedures,

specific contacts in an event of a Security Incident, the contacts’ roles and

responsibilities, and their plans to notify customer or its Affiliates, as the case may be,

concerning the Security Incident. The SIRP will be based on and meet all requirements of

the following:

U.S. federal and applicable state laws, statutes and regulations concerning the

custody, care and integrity of data and information. Contractor shall ensure that its

SIRP and its business practices in performing work on behalf of Florida comply with

SIRP Exhibit, Florida Administrative Code, Chapter 71A-1, Florida Information

Technology Resource Security Policies and Standards, which addresses the provision

of notice to Agency Contracts, Providers, and Partners as the case may be, of any

breach of the security of Personal Information if it is reasonably believed to have

been acquired by an unauthorized person.




Department of Management Services information management and information

security policies and procedures as made available to Contractor upon Contractor’s

request (“Florida Statues”).

4.1.2 Assessment:

Metrics are critical to show progress and to focus attention upon behaviors that improve

outcomes for Department of Management Services. In today’s resource constrained

environment, metrics enable improved business processes that generate efficiencies and

cost savings. Showing such results and the impacts of CS will help prove the value of CS

to Department of Management Services leadership. Developing useful CS metrics is

difficult. Team T2 has developed and been implement a new approach to metrics based

on value indicators. Our Metrics Plan approach includes:

Revising the 2014 Metrics plan based on practices and approaches learned

Using the CS Dashboard for monitoring and reporting progress – with automated data

feeds as available

Employing collaborative workgroup sessions with Department of Management

Services personnel for adjusting efforts and analyzing data

Interviewing leaders, inside and outside to Department of Management Services

Proposing business value metrics based on expected outcomes and impacts

Developing quarterly “CS Impacts” presentation on CS value to Department of

Management Services

A monthly EXSUM and action item list that captures significant inputs and outputs

from metrics reports and analyzes for trends and gaps

Implement corrective action based on metrics and expected returns

4.1.3 Preparation

Our Organizational Structure features a simple and efficient approach to management

with clear lines of authority and chain of command. This structure emphasizes the chain

of command between key managers and our support staff, as well as linkages to our

teammates and to the Government. We will carry out all program functions and

responsibilities as a single operating unit.

We will aligned our Team personnel to meet the strategic objectives of the contract

opportunity while maintaining the flexibility to adapt to evolving needs requirements.

Our personnel will be empowered to respond directly to their appropriate Government

counterpart for daily task performance, and will work directly with the leadership to

develop work products and provide mission support.

Team T2 will provide complete management support for the Cyber-security,

Remediation, and Identity Protection, Monitoring and Restoration Services with a PM

who will work effort. The PM will ensure all requirements are satisfied and will integrate,

manage, control and document all phases of the PWS during contract execution. The

Team T2 PM is fully empowered to manage the contract. He will be the focal point for all

day-to-day operations to include addressing issues and contract performance and

customer support. The PM will transparently operate and regularly communicate with the




Government regarding status via written and verbal communication as well as being

available in person.

Team T2 will develop an initial draft CS Execution Plan (CSEP) for this opportunity and

will further develop the Program Management Plan (PMP) for formal delivery within 15

workdays after contract award. We will maintain and update the plan as necessary during

contract performance and communicate all suggested revisions to the Government prior

to adopting the adjustments. Team T2 is prepared to execute on day one of a contract

award. Team T2 will follow a disciplined process approach during contract execution

documenting all critical management steps and plans within the PMP.

Team T2 is prepared to provide highly qualified and experienced Subject Matter Experts

(SMEs) to execute a Department of Management Services contract. The Team’s current

incumbency in like areas of operations, historically high retention rates, current work

force supporting DoD organizations, and access to additional highly experienced security

SMEs postures Team T2 to exceed customer task execution expectations. Our Team

staffing approach is based on hiring only the best qualified SMEs with exceptional

expertise, strong work ethics, demonstrated customer focus, and security.

T2 and our teammates, are at the forefront of defining and enabling the employment of

Cyber-security measures support across spectrum of engagement. Of note is our team’s

ability to provide high quality, on-site expertise, and reach-back to some of the best

Cyber experts available anywhere.

4.1.4 Developing Cyber-Security Incident Response Plan

With the evolving operational environment and infrastructure changes, there is an evident

need for developing a more comprehensive governance strategy. With changing emphasis

resulting from the drawdown, the key is maintaining relevancy and linkage with missions

and initiatives. The governance also provides a unique opportunity to strengthen

connections between leaders and operations, concept developers, implementers, and other

team members. Our Incident Response Plan approach includes:

Developing a strategy and document outline based on researching historical

documents such as Orders, Memos, lessons learned, applicable documents and others.

The strategy and outline will help capture all requirements to ensure completeness and

to meet cyber-security requirements.

Draft a charter (which includes selecting workgroup participants) to provide an

authoritative source and define the way ahead through collaborative processes.

Survey/interview leaders, leads and participants on their ideas regarding relevance, any

shift in focus following the drawdown, governance requirements, etc. to ensure the full

suite of comments are captured. Coordinate with workgroup and review with senior

leaders to ensure research and requirements are accurate.

Use a combination of workgroups (live and virtual) and tools for collaborating with

leaders, leads, participants and organizations. Employ best practices learned for cyber-

security responses.




Develop a schedule and series of events for document completion. Write and post

document sections according to schedule to incorporate comments. This helps assure

we complete all actions and efforts.

Post and track Action Items and plans of completion on either designated sites or

SharePoint portal to show progress in completing.

Use a ‘write-a-little/build-a-little’ approach to drafting and editing the final document

identifying actions taken, decisions made and progress of activity. This and the

collaboration approaches dramatically increases success and prevention of future

incidents.

4.1.5 Training

Training and education is one of the four core competencies of T2 and has the potential

of significantly improving knowledge sharing and collaboration throughout the

Department of Management Services. Team T2 has established a Knowledge

Management Training Institute (KMTI) training and education program that provides

KM certifications upon completion. Team T2 develops training strategies, creates

training materials and delivers the training in both on-line and face-to-face formats not

only for Knowledge Management, but also for CS and Intel. Our team of training and

education support professionals incorporate a vast array of best practices, tested

approaches, alternative content and curriculum, and subject matter expertise that will be

available for Department of Management Services consideration and integration where

appropriate. Innovative thinking and a focused training approach to develop and test in

operations and proven effective in combat operations will now be available for “off-the-

shelf” consideration by the Department of Management Services.

T2 training has provided a recent string of successes, both to the broader Cyber

community as well as to overseas personnel. The training has been well received,

additional events are being requested by organizations and recent training is providing a

potential way forward for collaborating with and between leaders and organizations on

developing an overall CS training & education strategy. Through this training,

Department of Management Services demonstrates value added contributions across

organizations, provides tools and techniques that others can actually use. This training

not only enhances operations, it also provides insight into other missions and functions

that might require business process improvement support.

Our approach in developing these CS training products uses multiple sources of feedback

(survey data and handouts/test scores) to improve future versions of the training, thus

making the training materials ‘living’ documents. Some of our key lessons learned

include:

Develop and deliver training in 45-50 minute modules; update constantly as ‘living’

data.

Modules should have two to three 15-20 minute ‘sections’ to match adults' 15-20

minute attention span

Modules should include 6-10 slides max with one or more collaborative exercises and

discussion periods.




Our CS Training approach includes:

Maintaining a 3-6 mo advance schedule to ensure training is scheduled and can be

conducted as required and without impacting other events.

Maintaining all updated materials (briefs and handouts) on Department of

Management Services SharePoint or designated site to ensure the ability to support

rapid response events, e.g., <15 workdays.

Providing an IPR checklist that is reviewed 10 workdays and then 5 workdays prior to

the event. Checklist ensures all variables are covered and are on-track.

Maintaining and updating the 16 hours of training to ensure excellence in content and

delivery. Develop report showing mapping of training to quality requirements.

Consistently review products to ensure consistency with any Department of

Management Services training guidance.

Consistently review and update ‘real world’ simulations and collaborative exercises to

make best use of latest practices, ideas and materials. Updates will be developed in the

1-2 week cycle following a training event.

Developing and administering a practical exam based on learning objectives for each

module. Exam results and student surveys will provide feedback for course updates.

Monitor exam results to show 80% of students receiving a grade of 75% or greater.

For areas that show lowering trends, identify new teaching methods and exercise to

ensure students grasp materials and concepts.

Maintain a trends database that allows rapid generation of trends reports (delivery <2

wks) following completion of training. Trends reports also provide all study feedback,

exam scores and plans for updates.

4.2 POST-INCIDENT SERVICES

4.2.1 Breach Services Toll-Free Hotline

See brochure

4.2.2 Investigation/Clean-up

See brochure

4.2.3 Incident Response

See brochure

4.2.4 Mitigation Plan

See brochure

4.2.5 Identity Monitoring, Protection, and Restoration

See brochure

5.0 RISK All operational delivery’s has inherent risk associated with the successful completion and

implementation of the associated capabilities; therefore, T2 goes to significant lengths to manage and

reduce the risk to ensure a successful outcome. Our Team is proposing to perform these complex tasks




has direct knowledge, understanding, and experience at working with Cyber-security efforts, models,

exploitation, and interaction development.

T2’s approach to Risk Management is based upon the Standardized Quantitative Risk Management

Methodology (SQRMM) developed by the Defense Systems Management College. This process,

coupled with our in-depth understanding of the subject domain and extensive experience executing

multiple, simultaneous operations, development, test, and evaluation contracts similar to this effort,

allows us to comprehensively assess and manage the risk associated with this proposed effort. Based on

our assessment of risk, the mitigation plans already implemented on other activities, we believe the risk

associated with the T2 effort is low. Risk Management is an active component of our processes, with the

overall approach evolved into a well understood and effective program. As part of our Risk Management

for this effort, the CEO, and Director, Business Development will oversee all areas of development to

ensure all specific knowledge and execution development task are completed.

Upon completion of this risk identification, risk assessment and ranking process, we

develop a risk mitigation plan. We successfully reduce risk by:

• Assessing quantitative impacts and significance (an expected value of loss given the

consequences and probability of failure)

• Risk mitigation constraints (cost and schedule etc.)

• Potential alternative strategies

• Measurement methods and success criteria and

• Our collective ability to accept risk

• Our risk mitigation planning process will address the following:

• Cost, schedule, technical and other appropriate risks and inter-relationships

• Mitigation strategies for each area of risk identified

• Critical decision points and reasons

• The individual responsible for implementing the plan

• Criteria for success and government/contractor acceptance of risk approach

• We then initiate risk mitigation steps which we monitor using regular program management

• Reviews, government technical interchanges, status reports, and other required deliverables

6.0 CONCLUSION Team T2 includes very experienced and cost efficient companies; we will apply our CS and Government

contracting experience, our processes and our corporate philosophies to the Department of Management

Services to ensure success, and we will focus on all program requirements, to ensure complete customer

satisfaction. We have demonstrated our understanding of the requirements, our abilities, and approach,

and aligned them with the Request For Information requirements. In choosing Team T2, you will gain

the benefit of our experience with CS. Our adherence to processes and formal project management

approach bring stability and reliability to an area that simply cannot risk anything less. Team T2 is a

small, nimble and adaptable organization that will remain responsive and flexible to the needs of the

Department of Management Services.

IDShield offers one of the most comprehensive products on the market for protecting and restoring your identity. The following is a list of IDShield’s specific services and features.

Services and Features

2

Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.

Identity Consultation ServicesMembers have unlimited access to identity consultation services provided by Kroll’s Licensed Private Investigators. The Investigator will advise members on best practices for identity management tailored to the member’s specific situation, and should there be an identity theft event, the investigator will recommend that a case be opened for restoration. Our IDShield advisors and licensed private investigators are available for all matters Monday-Friday, 7 a.m. to 7 p.m. Central Time at 888-494-8519. In the event of a personal identity theft emergency, advisors are available at 866-696-0927 to direct you to an investigator 24/7/365. All members are eligible to receive the following consultative services:

Privacy and Security Best Practice

• Consult on best practices for the use and protection of a consumer’s Social Security number and Personal Identifying Information (PII)

• Provide consultation on current trends related to identity theft and fraud issues• Discuss best practices for financial transactions• Consult on best practices for consumer privacy• Discuss tactics and best practices while shopping and communicating online• Provide the knowledge to best protect the member from identity theft and to be

aware of their rights under federal and state laws• Help members interpret and analyze their credit report • Take steps to reduce pre-approved credit card offers• Consult with members regarding a public record inquiry or background search• Credit Freeze consultation• Consultation on common scams and schemes, including email and social media

Event-Driven Consultation Support

• Lost/stolen wallet assistance• Data Exposure/Data Breach safeguards• With member’s permission, facilitate the placement of 90-day fraud security alerts

with credit reporting agencies; if permission is not given, provide a list of contact phone numbers for placing fraud alerts

•

Alerts and Notifications

• Monthly identity theft updates to help educate and protect• Data breach notifications

3


Confirm Identity Fraud and Its Severity

• Social Security Number Fraud Detection — Use Social Security Number Skip Trace technique to investigate the member’s name and Social Security Number in identifying potentially fraudulent activity; Skip Trace employs industry-unique database access afforded by the credentials of Kroll’s Licensed Investigators

• Consultation and education on Criminal and Medical Identity Theft• Discovery and consultation on Deceased and Minor Identity Theft• Sex Offender Searches

Emergency Access—Identity Theft Emergency Situations

• Confirmed Check Fraud• Criminal ID Theft • Employment Fraud • ID Theft Discovered through a Monitoring Alert or Otherwise • Medical ID Theft • Minor ID Theft • New Account Opened • Payday Loan • Scam That Resulted in ID Theft • IRS/Tax Fraud • Utilities Fraud • Passport, Personal Information Stolen while Traveling outside of U.S.

4


Potential Emergencies

Call Type Next Business Day

Potential Emergency

Not Fraud Related

Lost or Stolen Credit/Debit Card or

Unauthorized ChargesMember should place fraud alerts right away and

let the Investigator follow up

Breached/Compromised Data

Precautionary CallMember should place fraud alerts right away and

let the Investigator follow up

Unconfirmed ID Theft*

Confirmed Check Fraud

Criminal ID Theft

Employment Fraud

ID Theft Discovered Through a Monitoring Alert or Otherwise

Medical ID Theft

Minor ID Theft

New Account Opened

Payday Loan

Scam That Resulted In ID Theft

IRS/Tax Fraud

Utilities Fraud

Passport, Personal Information Stolen while traveling outside of US

*If identity theft is only suspected and not confirmed, Investigators on-call after hours will not be able to make the telephone calls necessary to confirm the probability of actual fraud. The best, and most productive, Investigator experience occurs during normal business hours when corporate fraud departments are open and conference calls may be conducted.

Consultation Services are limited to the solutions, best practices, legislation, and established industry and organizational procedures in place in the United States and Canada as determined beneficial or productive by a Kroll Licensed Private Investigator.

Privacy Monitoring

Black Market Website Surveillance (Internet Monitoring)

Monitors global black market websites, IRC (internet relay chat) channels, chat rooms, peer-to-peer sharing networks, and social feeds for a member’s Personally Identifiable Information (PII), looking for matches of:

• Name

5


• Date of birth• Social Security Number• Emails (up to 10)• Phone numbers (up to 10)• Driver’s License number• Passport Number• Medical ID numbers (up to 10)

When an exact match for the monitored information is found, the member is alerted with an email notification. The detail of the alert can be accessed via the service portal dashboard.

Address Change Verification

Keeps track of a personal mailing address and alerts when a change of address has been requested through the United States Postal Service. An initial baseline report is provided of activity within the last 18 months, and monitoring thereafter provides alerts whenever a new change of address request is made. The detail of the alert can be accessed through the member dashboard on www.myidshield.com. This service can be accessed immediately by the member via the service portal dashboard.

Security Monitoring

Black Market Website Surveillance (Internet Monitoring)

Monitors global black market websites, IRC (internet relay chat) channels, chat rooms, peer to peer sharing networks, and social feeds for a member’s Personally Identifiable Information (PII), looking for matches of:

• SSN

• Credit card numbers (up to 10)

• Bank account numbers (up to 10)

When an exact match for the monitored information is found, the member is alerted with an email notification. The detail of the alert can be accessed through the member dashboard on www.myidshield.com.

Court Records Monitoring

Detects criminal activity that may be associated with an individual’s personal information, alerting them to signs of potential criminal identity theft. This service searches for online court records that match the member’s name and date of birth from county courts, Department of Corrections (DOC), Administration of the Courts (AOC), and other legal agencies—approximately 350 million criminal records searched. Court records are sourced from county, state and federal data sources. County records are sourced from the 250 most populous counties along with arrest records, court records, correctional records and State Department records. If an incident appears associated with the member’s information, they will be notified via alert.

6


Credit Monitoring

Members have access to continuous credit monitoring through TransUnion only. Monitoring can be accessed immediately by the member via the service portal dashboard. Credit activity will be reported promptly to the member via an email alert. Monitoring does not affect an individual’s credit score, nor does it appear as a hard inquiry on his or her credit report when accessed by a third party. The credit monitoring service will alert members to activity up to and including new delinquent accounts, fraud alerts, improved account, new account, new address, new bankruptcy, new employment, new account inquiry, and new public records.

Credit Inquiry Alerts

Members will be notified via email when a creditor requests their TransUnion credit file for the purposes of opening a new credit account. Alerts may also be triggered when a creditor requests a member’s credit file for changes that would result in a new financial obligation, such as a new cell phone account, a lease for a new apartment, or even for an application for a new mortgage. Inquiry alerts can be helpful in determining when an identity thief is opening a new account without the member’s authorization.

7


Quarterly Credit Score Tracker

A quarterly credit score from TransUnion that plots the member’s score quarter-by-quarter on a graph. Upon enrollment and quarterly thereafter, members will be able to see how their credit scores have changed over time, along with score factors that provide insight into what events may have caused their specific credit score to change.

Payday Loan Monitoring

Alerts the subscriber when their personal information is associated with short-term, payday, or similar cash-advance loans. The service monitors 21,000 online, rent-to-own, and payday lender storefronts for unauthorized activity. An initial report is provided, and monitoring continues on a monthly basis. An alert is generated whenever new loans or inquiries are detected.

Minor Identity Protection

(Formerly Safeguard for Minors) Allows parents/guardians of up to 8 minors under the age of 18 to monitor for potential fraudulent activity associated with their child’s SSN. Unauthorized names, aliases and addresses that become associated with a minor’s name and date of birth may be detected. The service monitors public records in all 50 states, including real estate data, new mover information, property and recorder of deed registration, county assessor/record data, internet job site providers, state occupational license data providers, voter information, public records/court proceedings, bankruptcies, liens, and judgments. Parents/guardians are provided a baseline scan, subsequent alerts and notifications thereafter.

Identity RestorationLicensed Investigators

Kroll’s Licensed Private Investigators perform the bulk of the restoration work required to restore a member’s identity to pre-theft status. The following list outlines Kroll’s typical identity restoration process. Please note that each case is unique, and Kroll Licensed Private Investigators will typically address a variety of issues during a restoration case.

8


Within one business day of receiving a fully executed Limited Power of Attorney and copies of the Member’s Social Security card, driver’s license, identity theft police report and most recent utility statement—complete with the Member’s current name and address—Kroll shall:

• Notify the Social Security Administration (SSA), the Federal Trade Commission (FTC), and the U.S. Postal Inspection Service in cases where there is evidence the U.S. Postal Service was used in connection with the suspected fraud

• Place/confirm that 90-day fraud security alerts have been placed with the three credit bureaus

After receiving the Credit Authorization Form, Kroll shall:

• Order a copy of the Member’s credit report• Review credit history and document if fraud includes items such as:

° Public records: liens, judgments, bankruptcies ° Credit accounts: new and/or derogatory ° Addresses ° Prior employment

• Issue Fraud Alert and notification of fraud dispute—Work with affected financial institutions, collection agencies, check clearinghouse companies, landlords and property managers, and/or credit card companies, where warranted

9


• Issue Fraud Victim Statements—Work with all three credit bureaus to restore credit accuracy and place seven-year fraud victim statements with the permission of the victim

Where warranted, Kroll will:

• Search victim’s local county criminal data to detect criminal activity being committed in member’s name

• Use the U.S. Criminal Records Indicator to search a wide variety of national criminal databases

• Search victim’s state’s Department of Corrections records, court records, and arrest logs from numerous states

• Perform a driver license search using public records and commercially available data to find associated reports from numerous states

• Perform a Social Security trace to look for additional addresses that may be attached to the victim’s name

• Perform a death indicator search using public records and commercially available data sources to determine if the victim has been reported as deceased for insurance fraud or other reasons

• Perform a check-clearinghouse search to determine if victim’s name has been submitted as having been involved in fraudulent banking activities

• Notify the DMV and instruct victim on proper procedures in dealing with the DMV• Notify and work with creditors who have extended credit due to misuse of the

victim’s identifying information• Notify and work with the collection agencies of those creditors• Notify and work with law enforcement personnel, both local and federal

If disputes are not resolved according to the victim’s legal rights, Kroll may escalate disputes to the appropriate government/regulatory agencies, including:

• Federal Trade Commission• State Attorney General office by state• Consumer Financial Protection Bureau• Association of Collection Professionals International• Comptroller of the Currency• Federal Reserve Bank• Office of Thrift Supervision• Office of the Inspector General• Provide the additional assistance of investigators who can reasonably assist based

on the victim’s issues

In all cases, Kroll provides:

• Follow-up credit reports • Subscriber updates

10


Restoration Preparation

BenefitLimited

POANo

POA

Assist in organizing details of issues

Explain fraud victim’s rights

Educate you on the process and your responsibilities

Assist in gathering and completing paperwork, including police reports

Send Fraud Packet to victimList of Contact Numbers (for immediate fraud alerts):

Equifax Fraud Center • Experian Fraud Center • TransUnion Fraud Center • Federal Trade Commission • Social Security Administration • United States Postal Service

Issue Fraud Alert to all three credit repositories

Provide fraud victim assistance material

Assist you with questions as you work through the process

Whenever A Fraud Issue Warrants

BenefitLimited

POANo

POA

Determine if creditors extended credit due to misuse of your identifying information

Confirm creditor contact information

Contact creditors and collection agencies to dispute all fraudulent accounts

Notify and work with the collection agencies of creditors holding fraudulent accounts

Turn over any current accounts to fraud, requesting affidavits of documentation forwarded to you

Search Criminal Data in your country of residence to look for criminal activity being committed in your name

Search U.S. Criminal Records indicator to search a wide variety of national criminal databases

Search Department of Motor Vehicles records in your state

Perform a Social Security trace to look for additional addresses that may be attached to your name

Perform a Social Security Death Index search to verify if you have been submitted to Social Security

Determine if you have been submitted as having been involved in fraudulent banking activities

Assist you in working with law enforcement personnel

Use licensed attorneys where appropriate to perform these duties

Offer additional assistance that can be reasonably provided based on your issue

Provide a list of attorneys who may be able to help you with legal issues—any subsequent relationship is exclusively between you and the attorney

Restoration ProcessWithin 24 hours of receiving the signed Limited Power of Attorney, Kroll will:

BenefitLimited

POANo

POA

Issue Fraud Alert to Social Security Administration (SSA)

Issue Fraud Alert to Federal Trade Commission (FTC)

Issue Fraud Alert to U.S. Postal Service (USPS)

Case Closing Process

BenefitLimited

POANo

POA

Provide a tri-merged credit bureau report follow up 120 days after resolution of your identity theft issues

Update member

Continue restoration until complete

Responsibility for Kroll’s Fraud Solutions Practice will cease when Kroll receives verification from you that the issue is resolved

After receiving both signed Limited Power of Attorney and tri-merged credit report, Kroll will:

BenefitLimited

POANo

POA

Issue Fraud Victim statements and work with all three national repositories (Experian, TransUnion, Equifax) to restore credit accuracy

Review credit history with you and verify if fraud includes items like: • Public Records (Liens, judgments,

bankruptcies) • Credit Accounts (New and/or

derogatory) • Address • Prior employment

Issue Fraud Alert to and work with affected financial institutions and credit card companies

11


Theft Restoration Service Exclusions

The following are excluded from the Services:

Legal Remedy—Any Stolen Identity Event where the member is unwilling or unable to prosecute or otherwise bring a civil or criminal claim against any person culpable or reasonably believed to be culpable for the fraud or its consequences.

Dishonest Acts—Any dishonest, criminal, malicious or fraudulent acts, if the member(s) that suffered the fraud personally participated in, directed or had knowledge of such acts.

Financial Loss—Any direct or indirect financial losses attributable to the Stolen Identity Event, including but not limited to, money stolen from a wallet, unauthorized purchases of retail goods or services online, by phone, mail or directly.

Pre-Existing Stolen Identity Event Limitations—Any circumstance wherein the member had knowledge of, or reasonably should have had knowledge of a pre-existing Stolen Identity Event based on information provided to them prior to enrollment in the program.

Business—The theft or unauthorized or illegal use of any business name, DBA or any other method of identifying business (as distinguished from personal) activity.

Third Parties Not Subject to U.S. or Canadian Law—Restoration services do not remediate issues with third parties not subject to United States or Canadian law that have been impacted by an individual’s Stolen Identity Event, such as financial institutions, government agencies, and other entities.

©2015 LegalShield. Ada, OK

$5MILLION

SERVICE GUARANTEE

$5MILLION

SERVICE GUARANTEE

$5MILLION

SERVICE GUARANTEE

IDShield GuaranteeService Guarantee

We don’t give up until your identity is restored.

We’re confident in our ability to help protect your identity, but no one can prevent all identity theft. If you become a victim of identity theft while an IDShield member, we’ll spend up to $5 million using Kroll’s industry-leading licensed private investigators to do whatever it takes for as long as it takes to help recover and restore your identity to its pre-theft status.

You will have access to our U.S.-based Member Services agents during business hours and in emergency situations, 24 hours a day, 7 days a week, 365 days a year. And Kroll’s Licensed Private Investigators are available to support you every step of the way.

Our industry-leading identity restoration experts are ready and waiting to help restore your identity. Unlike other providers in the market, we don’t waste time retaining an insurer to restore your identity as we have a fully integrated partnership allowing Kroll’s Licensed Private Investigators to handle your identity restoration needs.

We understand how important it is to be prepared for the worst. We are ready to take action immediately.

department of management services · triquetra technologies, inc. department of management services...

Documents