department of management services · triquetra technologies, inc. department of management services...
TRANSCRIPT
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 1
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
DEPARTMENT OF MANAGEMENT SERVICES
REQUEST FOR INFORMATION FOR
Cyber-Security Assessment, Remediation, and Identify
Protection, Monitoring and Restoration Services
3 September 2015
Submitted to: [email protected]
Submitted by: Ricky Sowell
Triquetra Technologies, Inc. One Enterprise Parkway, Suite 330
Hampton, VA 23666 Phone: (757) 288-1117
Email: [email protected]
This Informational response includes data that shall not be disclosed outside the Government and shall not be duplicated,
used, or disclosed in whole or in part for any purpose other than to evaluate this response. If, however, a contract is awarded
to the Offeror as a result of, or in connection with, the submission of this data, the Government shall have the right to
duplicate, use, or disclose the data to the extent provided in the resulting contract. This restriction does not limit the
Government’s right to use information contained in this data if it is obtained from another source without restriction. The
data subject to this restriction are contained in all pages and attachments of this response.
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 2
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
TABLE OF CONTENTS 1.0 INRODUCTION ............................................................................................................................. 3
2.0 BACKGOUND ............................................................................................................................... 4
3.0 CONTRACT INFORMATION ...................................................................................................... 5
4.0 RESPONSES TO SECTION IV ..................................................................................................... 5
4.1 PRE-INCIDENT SERVICES ..................................................................................................... 5
4.1.1 Incident Response Agreement ............................................................................ 5
4.1.2 Assessment ......................................................................................................... 6
4.1.3 Preparation .......................................................................................................... 6
4.1.4 Developing Cyber-Security Incident Response Plan ......................................... 7
4.1.5 Training .............................................................................................................. 8
4.2 POST-INCIDENT SERVICES ................................................................................................... 9
4.2.1 Breach Services Toll-Free Hotline ..................................................................... 9
4.2.2 Investigation/Clean-up ....................................................................................... 9
4.2.3 Incident Response ............................................................................................... 9
4.2.4 Mitigation Plan ................................................................................................... 9
4.2.5 Identity Monitoring, Protection, and Restoration ............................................... 9
5.0 RISK ................................................................................................................................................... 10
6.0 CONCLUSION ................................................................................................................................... 10
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 3
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
1.0 INRODUCTION
Team T2 is READY NOW to support the Department of Management Services
1.1 TRIQUETRA TECHNOLOGY, INC. Triquetra Technologies, Inc. (T2) provides unique, creative and innovative services to both the
government and private sectors of the defense industry. Additionally, key members of T2’s staff have
been intimately involved in providing Intelligence Mission Operations Support, Knowledge
Management, Training and Human Performance, Command and Control (C2), Advisory and Assistance,
and Program Management to the warfighter both CONUS and OCONUS. Our focus areas include
Knowledge Management, Cyber Training, Operational Intelligence, Electronic Warfare, Information
Operations, and Sensor/Platform Expertise (Small UAS). Our staff has a wide range of experience in Air
Force, joint and coalition IO planning both as members of the DOD and as contractors.
T2 was established in 2008 in the state of Virginia as a Federally Certified Woman-owned Small
Business providing Intelligence Mission Operations Support, Knowledge Management, Training, and
Human Performance, Command and Control (C2) Advisory and Assistance, and Program Management.
T2 now employs over 30 professionals with revenues averaging $7M per year and has broadened its’
base with expertise in CONUC and OCONUS operations focusing on Knowledge Management, Cyber
Operations and Training, Information Technology and Operational Intelligence. T2 Headquarters is
located in Hampton, Virginia and has a certified Top Secret facility security clearance with all
operational members holding a clearance. T2’s IT and Cyber expertise spans over software and system
development, enterprise architecture, data management, data analytics, content management, system
integration, systems administration, mobility, business intelligence, infrastructure services, security
operations, information assurance, and service desk support.
T2 realizes one of the critical factors in the delivery of top quality services is a strong, highly
experienced and stable workforce. Our team is comprised of multiple topflight companies with
significant IT and Cyber experience that understand the value of a committed and enthusiastic
workforce. The capabilities of these companies bring unsurpassed expertise to provide facilitation and
support to groups at the staff and operational level to the Department of Management Services for
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration
Services. An example of our team composition, described in Table 1, has a well-deserved reputation for
caring for their employees and motivating them to focus on exceeding customer expectations.
Table 1- T2 Teammates Supporting Cyber-Operations
Exceptional experience in providing Cyber-support, Knowledge Management,
Information Operations, Analysis, Strategic Deterrence, Global Strike, and ISR
Provides core DoD support in Knowledge Management (KM) and KM Training
Provides significant tactical Intelligence Support to CONUS & OCONUS locations
Extensive experience supporting the DoD in blending training and technology solutions.
Executed $60M single-award smart classroom modernization and technology insertion
contract for the Army for 500 classrooms across the Nation.
$100M single-award contract to provide all computer infrastructure support for the U.S.
Department of Agriculture Forest Service to include enterprise architecture, software
engineering, knowledge management, and help desk support.
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 4
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
Our management best practices commit the resources required for effective management and execution while
maintaining a lean, streamlined structure with the flexibility and agility to effectively respond to all contract
requirements to control work and ensure desired results are repeatable. Key elements of our approach are the
appointment of a highly qualified on-site Task Lead to allocate resources and serve as our interface to
Government technical managers. The organizational structure recognizes the imperative of responsive, clear lines
of communication and well-defined delegation of authority. Our team has proven processes and procedures for
effectively managing resources which are embedded in our ISO-9001-2008 certified Quality Management System
(QMS).
2.0 BACKGOUND T2 has more than seven years of successful experience in exploitation (and correlation), collection-
management systems and training. We also have a strong background in new and advanced
methodologies, techniques, and approaches and then transitioning these concepts and systems to
operational environments.
T2 stands out from competitors of all sizes in several important ways. T2 is an agile and flexible
business with personalized attention to the customer at all levels of our organization, while possessing
many of the positive attributes of a large business without the associated drawbacks. T2’s roots are
deeply set in leading edge technology and it has invested heavily over the years in people, facilities, and
resources needed to enhance our technical advantage over our competition, regardless of size. T2 also
has a strong, stable and debt-free financial basis, which allows it to provide a very low-risk and reliable
performance foundation, as well as continued investment in internal capabilities and development
efforts. From this strong technical foundation T2 has evolved the capability to produce, test, field, and
provide logistics support to the products and employees. The combination of these capabilities is
commonly found only in larger defense contractors. Another advantage T2 enjoys is its trusted
reputation with our customers, born of many years of dedicated performance and quality support.
Team T2’s personnel have been leaders in developing and implementing governance models and
documents for DoD. T2 has established and managed NATO’s Knowledge Management and Cyber-
Security (CS) governance and infrastructure in Afghanistan, and we are integral to US Army governance
training and educational efforts. Team T2’s experience is broad and deep in this task area. We have
captured numerous lessons, best practices, and tested methodologies, which Team T2 will apply daily in
how we facilitate forums and workgroups, collaborate with the Department of Management Services,
maintain portals and update strategy and metrics plans. Drawn directly from similar CS infrastructure
support requirements in combat theaters across the globe, Team T2 will integrate critical value add and
trusted CS process improvements proven under fire to deliver the CS results required by the Department
of Management Services. Department of Management Services receives not only the best support
possible, but also the best lessons learned benefits integrated from across the communities of interest.
Team T2 currently provides a broad spectrum of Cyber-Security, Customer Mission Support, Technical
Services and Management within the United States and various mission theaters ranging from Training
Development and Delivery, Logistics, Maintenance and Repair, as well as Test and Engineering support.
Our premier services have gained us direct mission experience that encompasses customer support,
technical management and program management services to include a comprehensive understanding of
the importance of level-of-repair decisions that can greatly impact the mission and program costs.
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 5
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
3.0 CONTRACT INFORMATION
NAME: TRIQUETRA TECHNOLOGIES, INC
PHONE: (763) 354-4879
EMAIL: [email protected]
4.0 RESPONSES TO SECTION IV
4.1 PRE-INCIDENT SERVICES
4.1.1 Incident Response Agreement
T2 will develop, implement and maintain a written plan and process for preventing,
detecting, identifying, reporting, tracking and remediating Security Incidents (“Security
Incident Response Plan” or “SIRP”) for the Department of Management Services. A
Security Incident shall mean an event or set of circumstances that results in a reasonable
expectation of a compromise of the security, confidentiality or integrity of Edison
Personal Information under Contractor’s control (“Security Incident”).
Security Incidents include:
Security breaches to customers network perimeter or to internal applications
resulting in potential compromise of data or information;
Loss of physical devices or media, e.g., laptops, portable media, paper files, etc.,
containing data;
Lapses in, or degradation of, customers security controls, methods, processes
or procedures;
The unauthorized disclosure of Personal Information; and
Any and all incidents adversely affecting customer or its Affiliates’, as the case
may be, information assets.
Customer’s SIRP will include Security Incident handling and response procedures,
specific contacts in an event of a Security Incident, the contacts’ roles and
responsibilities, and their plans to notify customer or its Affiliates, as the case may be,
concerning the Security Incident. The SIRP will be based on and meet all requirements of
the following:
U.S. federal and applicable state laws, statutes and regulations concerning the
custody, care and integrity of data and information. Contractor shall ensure that its
SIRP and its business practices in performing work on behalf of Florida comply with
SIRP Exhibit, Florida Administrative Code, Chapter 71A-1, Florida Information
Technology Resource Security Policies and Standards, which addresses the provision
of notice to Agency Contracts, Providers, and Partners as the case may be, of any
breach of the security of Personal Information if it is reasonably believed to have
been acquired by an unauthorized person.
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 6
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
Department of Management Services information management and information
security policies and procedures as made available to Contractor upon Contractor’s
request (“Florida Statues”).
4.1.2 Assessment:
Metrics are critical to show progress and to focus attention upon behaviors that improve
outcomes for Department of Management Services. In today’s resource constrained
environment, metrics enable improved business processes that generate efficiencies and
cost savings. Showing such results and the impacts of CS will help prove the value of CS
to Department of Management Services leadership. Developing useful CS metrics is
difficult. Team T2 has developed and been implement a new approach to metrics based
on value indicators. Our Metrics Plan approach includes:
Revising the 2014 Metrics plan based on practices and approaches learned
Using the CS Dashboard for monitoring and reporting progress – with automated data
feeds as available
Employing collaborative workgroup sessions with Department of Management
Services personnel for adjusting efforts and analyzing data
Interviewing leaders, inside and outside to Department of Management Services
Proposing business value metrics based on expected outcomes and impacts
Developing quarterly “CS Impacts” presentation on CS value to Department of
Management Services
A monthly EXSUM and action item list that captures significant inputs and outputs
from metrics reports and analyzes for trends and gaps
Implement corrective action based on metrics and expected returns
4.1.3 Preparation
Our Organizational Structure features a simple and efficient approach to management
with clear lines of authority and chain of command. This structure emphasizes the chain
of command between key managers and our support staff, as well as linkages to our
teammates and to the Government. We will carry out all program functions and
responsibilities as a single operating unit.
We will aligned our Team personnel to meet the strategic objectives of the contract
opportunity while maintaining the flexibility to adapt to evolving needs requirements.
Our personnel will be empowered to respond directly to their appropriate Government
counterpart for daily task performance, and will work directly with the leadership to
develop work products and provide mission support.
Team T2 will provide complete management support for the Cyber-security,
Remediation, and Identity Protection, Monitoring and Restoration Services with a PM
who will work effort. The PM will ensure all requirements are satisfied and will integrate,
manage, control and document all phases of the PWS during contract execution. The
Team T2 PM is fully empowered to manage the contract. He will be the focal point for all
day-to-day operations to include addressing issues and contract performance and
customer support. The PM will transparently operate and regularly communicate with the
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 7
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
Government regarding status via written and verbal communication as well as being
available in person.
Team T2 will develop an initial draft CS Execution Plan (CSEP) for this opportunity and
will further develop the Program Management Plan (PMP) for formal delivery within 15
workdays after contract award. We will maintain and update the plan as necessary during
contract performance and communicate all suggested revisions to the Government prior
to adopting the adjustments. Team T2 is prepared to execute on day one of a contract
award. Team T2 will follow a disciplined process approach during contract execution
documenting all critical management steps and plans within the PMP.
Team T2 is prepared to provide highly qualified and experienced Subject Matter Experts
(SMEs) to execute a Department of Management Services contract. The Team’s current
incumbency in like areas of operations, historically high retention rates, current work
force supporting DoD organizations, and access to additional highly experienced security
SMEs postures Team T2 to exceed customer task execution expectations. Our Team
staffing approach is based on hiring only the best qualified SMEs with exceptional
expertise, strong work ethics, demonstrated customer focus, and security.
T2 and our teammates, are at the forefront of defining and enabling the employment of
Cyber-security measures support across spectrum of engagement. Of note is our team’s
ability to provide high quality, on-site expertise, and reach-back to some of the best
Cyber experts available anywhere.
4.1.4 Developing Cyber-Security Incident Response Plan
With the evolving operational environment and infrastructure changes, there is an evident
need for developing a more comprehensive governance strategy. With changing emphasis
resulting from the drawdown, the key is maintaining relevancy and linkage with missions
and initiatives. The governance also provides a unique opportunity to strengthen
connections between leaders and operations, concept developers, implementers, and other
team members. Our Incident Response Plan approach includes:
Developing a strategy and document outline based on researching historical
documents such as Orders, Memos, lessons learned, applicable documents and others.
The strategy and outline will help capture all requirements to ensure completeness and
to meet cyber-security requirements.
Draft a charter (which includes selecting workgroup participants) to provide an
authoritative source and define the way ahead through collaborative processes.
Survey/interview leaders, leads and participants on their ideas regarding relevance, any
shift in focus following the drawdown, governance requirements, etc. to ensure the full
suite of comments are captured. Coordinate with workgroup and review with senior
leaders to ensure research and requirements are accurate.
Use a combination of workgroups (live and virtual) and tools for collaborating with
leaders, leads, participants and organizations. Employ best practices learned for cyber-
security responses.
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 8
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
Develop a schedule and series of events for document completion. Write and post
document sections according to schedule to incorporate comments. This helps assure
we complete all actions and efforts.
Post and track Action Items and plans of completion on either designated sites or
SharePoint portal to show progress in completing.
Use a ‘write-a-little/build-a-little’ approach to drafting and editing the final document
identifying actions taken, decisions made and progress of activity. This and the
collaboration approaches dramatically increases success and prevention of future
incidents.
4.1.5 Training
Training and education is one of the four core competencies of T2 and has the potential
of significantly improving knowledge sharing and collaboration throughout the
Department of Management Services. Team T2 has established a Knowledge
Management Training Institute (KMTI) training and education program that provides
KM certifications upon completion. Team T2 develops training strategies, creates
training materials and delivers the training in both on-line and face-to-face formats not
only for Knowledge Management, but also for CS and Intel. Our team of training and
education support professionals incorporate a vast array of best practices, tested
approaches, alternative content and curriculum, and subject matter expertise that will be
available for Department of Management Services consideration and integration where
appropriate. Innovative thinking and a focused training approach to develop and test in
operations and proven effective in combat operations will now be available for “off-the-
shelf” consideration by the Department of Management Services.
T2 training has provided a recent string of successes, both to the broader Cyber
community as well as to overseas personnel. The training has been well received,
additional events are being requested by organizations and recent training is providing a
potential way forward for collaborating with and between leaders and organizations on
developing an overall CS training & education strategy. Through this training,
Department of Management Services demonstrates value added contributions across
organizations, provides tools and techniques that others can actually use. This training
not only enhances operations, it also provides insight into other missions and functions
that might require business process improvement support.
Our approach in developing these CS training products uses multiple sources of feedback
(survey data and handouts/test scores) to improve future versions of the training, thus
making the training materials ‘living’ documents. Some of our key lessons learned
include:
Develop and deliver training in 45-50 minute modules; update constantly as ‘living’
data.
Modules should have two to three 15-20 minute ‘sections’ to match adults' 15-20
minute attention span
Modules should include 6-10 slides max with one or more collaborative exercises and
discussion periods.
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 9
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
Our CS Training approach includes:
Maintaining a 3-6 mo advance schedule to ensure training is scheduled and can be
conducted as required and without impacting other events.
Maintaining all updated materials (briefs and handouts) on Department of
Management Services SharePoint or designated site to ensure the ability to support
rapid response events, e.g., <15 workdays.
Providing an IPR checklist that is reviewed 10 workdays and then 5 workdays prior to
the event. Checklist ensures all variables are covered and are on-track.
Maintaining and updating the 16 hours of training to ensure excellence in content and
delivery. Develop report showing mapping of training to quality requirements.
Consistently review products to ensure consistency with any Department of
Management Services training guidance.
Consistently review and update ‘real world’ simulations and collaborative exercises to
make best use of latest practices, ideas and materials. Updates will be developed in the
1-2 week cycle following a training event.
Developing and administering a practical exam based on learning objectives for each
module. Exam results and student surveys will provide feedback for course updates.
Monitor exam results to show 80% of students receiving a grade of 75% or greater.
For areas that show lowering trends, identify new teaching methods and exercise to
ensure students grasp materials and concepts.
Maintain a trends database that allows rapid generation of trends reports (delivery <2
wks) following completion of training. Trends reports also provide all study feedback,
exam scores and plans for updates.
4.2 POST-INCIDENT SERVICES
4.2.1 Breach Services Toll-Free Hotline
See brochure
4.2.2 Investigation/Clean-up
See brochure
4.2.3 Incident Response
See brochure
4.2.4 Mitigation Plan
See brochure
4.2.5 Identity Monitoring, Protection, and Restoration
See brochure
5.0 RISK All operational delivery’s has inherent risk associated with the successful completion and
implementation of the associated capabilities; therefore, T2 goes to significant lengths to manage and
reduce the risk to ensure a successful outcome. Our Team is proposing to perform these complex tasks
Triquetra Technologies, Inc. Department of Management Services
Request for Information - Technical Volume General Service Administration (GSA) - 70
Page 10
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this Request for Information Document.
has direct knowledge, understanding, and experience at working with Cyber-security efforts, models,
exploitation, and interaction development.
T2’s approach to Risk Management is based upon the Standardized Quantitative Risk Management
Methodology (SQRMM) developed by the Defense Systems Management College. This process,
coupled with our in-depth understanding of the subject domain and extensive experience executing
multiple, simultaneous operations, development, test, and evaluation contracts similar to this effort,
allows us to comprehensively assess and manage the risk associated with this proposed effort. Based on
our assessment of risk, the mitigation plans already implemented on other activities, we believe the risk
associated with the T2 effort is low. Risk Management is an active component of our processes, with the
overall approach evolved into a well understood and effective program. As part of our Risk Management
for this effort, the CEO, and Director, Business Development will oversee all areas of development to
ensure all specific knowledge and execution development task are completed.
Upon completion of this risk identification, risk assessment and ranking process, we
develop a risk mitigation plan. We successfully reduce risk by:
• Assessing quantitative impacts and significance (an expected value of loss given the
consequences and probability of failure)
• Risk mitigation constraints (cost and schedule etc.)
• Potential alternative strategies
• Measurement methods and success criteria and
• Our collective ability to accept risk
• Our risk mitigation planning process will address the following:
• Cost, schedule, technical and other appropriate risks and inter-relationships
• Mitigation strategies for each area of risk identified
• Critical decision points and reasons
• The individual responsible for implementing the plan
• Criteria for success and government/contractor acceptance of risk approach
• We then initiate risk mitigation steps which we monitor using regular program management
• Reviews, government technical interchanges, status reports, and other required deliverables
6.0 CONCLUSION Team T2 includes very experienced and cost efficient companies; we will apply our CS and Government
contracting experience, our processes and our corporate philosophies to the Department of Management
Services to ensure success, and we will focus on all program requirements, to ensure complete customer
satisfaction. We have demonstrated our understanding of the requirements, our abilities, and approach,
and aligned them with the Request For Information requirements. In choosing Team T2, you will gain
the benefit of our experience with CS. Our adherence to processes and formal project management
approach bring stability and reliability to an area that simply cannot risk anything less. Team T2 is a
small, nimble and adaptable organization that will remain responsive and flexible to the needs of the
Department of Management Services.
IDShield offers one of the most comprehensive products on the market for protecting and restoring your identity. The following is a list of IDShield’s specific services and features.
Services and Features
2
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Identity Consultation ServicesMembers have unlimited access to identity consultation services provided by Kroll’s Licensed Private Investigators. The Investigator will advise members on best practices for identity management tailored to the member’s specific situation, and should there be an identity theft event, the investigator will recommend that a case be opened for restoration. Our IDShield advisors and licensed private investigators are available for all matters Monday-Friday, 7 a.m. to 7 p.m. Central Time at 888-494-8519. In the event of a personal identity theft emergency, advisors are available at 866-696-0927 to direct you to an investigator 24/7/365. All members are eligible to receive the following consultative services:
Privacy and Security Best Practice
• Consult on best practices for the use and protection of a consumer’s Social Security number and Personal Identifying Information (PII)
• Provide consultation on current trends related to identity theft and fraud issues• Discuss best practices for financial transactions• Consult on best practices for consumer privacy• Discuss tactics and best practices while shopping and communicating online• Provide the knowledge to best protect the member from identity theft and to be
aware of their rights under federal and state laws• Help members interpret and analyze their credit report • Take steps to reduce pre-approved credit card offers• Consult with members regarding a public record inquiry or background search• Credit Freeze consultation• Consultation on common scams and schemes, including email and social media
Event-Driven Consultation Support
• Lost/stolen wallet assistance• Data Exposure/Data Breach safeguards• With member’s permission, facilitate the placement of 90-day fraud security alerts
with credit reporting agencies; if permission is not given, provide a list of contact phone numbers for placing fraud alerts
•
Alerts and Notifications
• Monthly identity theft updates to help educate and protect• Data breach notifications
3
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Confirm Identity Fraud and Its Severity
• Social Security Number Fraud Detection — Use Social Security Number Skip Trace technique to investigate the member’s name and Social Security Number in identifying potentially fraudulent activity; Skip Trace employs industry-unique database access afforded by the credentials of Kroll’s Licensed Investigators
• Consultation and education on Criminal and Medical Identity Theft• Discovery and consultation on Deceased and Minor Identity Theft• Sex Offender Searches
Emergency Access—Identity Theft Emergency Situations
• Confirmed Check Fraud• Criminal ID Theft • Employment Fraud • ID Theft Discovered through a Monitoring Alert or Otherwise • Medical ID Theft • Minor ID Theft • New Account Opened • Payday Loan • Scam That Resulted in ID Theft • IRS/Tax Fraud • Utilities Fraud • Passport, Personal Information Stolen while Traveling outside of U.S.
4
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Potential Emergencies
Call Type Next Business Day
Potential Emergency
Not Fraud Related
Lost or Stolen Credit/Debit Card or
Unauthorized ChargesMember should place fraud alerts right away and
let the Investigator follow up
Breached/Compromised Data
Precautionary CallMember should place fraud alerts right away and
let the Investigator follow up
Unconfirmed ID Theft*
Confirmed Check Fraud
Criminal ID Theft
Employment Fraud
ID Theft Discovered Through a Monitoring Alert or Otherwise
Medical ID Theft
Minor ID Theft
New Account Opened
Payday Loan
Scam That Resulted In ID Theft
IRS/Tax Fraud
Utilities Fraud
Passport, Personal Information Stolen while traveling outside of US
*If identity theft is only suspected and not confirmed, Investigators on-call after hours will not be able to make the telephone calls necessary to confirm the probability of actual fraud. The best, and most productive, Investigator experience occurs during normal business hours when corporate fraud departments are open and conference calls may be conducted.
Consultation Services are limited to the solutions, best practices, legislation, and established industry and organizational procedures in place in the United States and Canada as determined beneficial or productive by a Kroll Licensed Private Investigator.
Privacy Monitoring
Black Market Website Surveillance (Internet Monitoring)
Monitors global black market websites, IRC (internet relay chat) channels, chat rooms, peer-to-peer sharing networks, and social feeds for a member’s Personally Identifiable Information (PII), looking for matches of:
• Name
5
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
• Date of birth• Social Security Number• Emails (up to 10)• Phone numbers (up to 10)• Driver’s License number• Passport Number• Medical ID numbers (up to 10)
When an exact match for the monitored information is found, the member is alerted with an email notification. The detail of the alert can be accessed via the service portal dashboard.
Address Change Verification
Keeps track of a personal mailing address and alerts when a change of address has been requested through the United States Postal Service. An initial baseline report is provided of activity within the last 18 months, and monitoring thereafter provides alerts whenever a new change of address request is made. The detail of the alert can be accessed through the member dashboard on www.myidshield.com. This service can be accessed immediately by the member via the service portal dashboard.
Security Monitoring
Black Market Website Surveillance (Internet Monitoring)
Monitors global black market websites, IRC (internet relay chat) channels, chat rooms, peer to peer sharing networks, and social feeds for a member’s Personally Identifiable Information (PII), looking for matches of:
• SSN
• Credit card numbers (up to 10)
• Bank account numbers (up to 10)
When an exact match for the monitored information is found, the member is alerted with an email notification. The detail of the alert can be accessed through the member dashboard on www.myidshield.com.
Court Records Monitoring
Detects criminal activity that may be associated with an individual’s personal information, alerting them to signs of potential criminal identity theft. This service searches for online court records that match the member’s name and date of birth from county courts, Department of Corrections (DOC), Administration of the Courts (AOC), and other legal agencies—approximately 350 million criminal records searched. Court records are sourced from county, state and federal data sources. County records are sourced from the 250 most populous counties along with arrest records, court records, correctional records and State Department records. If an incident appears associated with the member’s information, they will be notified via alert.
6
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Credit Monitoring
Members have access to continuous credit monitoring through TransUnion only. Monitoring can be accessed immediately by the member via the service portal dashboard. Credit activity will be reported promptly to the member via an email alert. Monitoring does not affect an individual’s credit score, nor does it appear as a hard inquiry on his or her credit report when accessed by a third party. The credit monitoring service will alert members to activity up to and including new delinquent accounts, fraud alerts, improved account, new account, new address, new bankruptcy, new employment, new account inquiry, and new public records.
Credit Inquiry Alerts
Members will be notified via email when a creditor requests their TransUnion credit file for the purposes of opening a new credit account. Alerts may also be triggered when a creditor requests a member’s credit file for changes that would result in a new financial obligation, such as a new cell phone account, a lease for a new apartment, or even for an application for a new mortgage. Inquiry alerts can be helpful in determining when an identity thief is opening a new account without the member’s authorization.
7
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Quarterly Credit Score Tracker
A quarterly credit score from TransUnion that plots the member’s score quarter-by-quarter on a graph. Upon enrollment and quarterly thereafter, members will be able to see how their credit scores have changed over time, along with score factors that provide insight into what events may have caused their specific credit score to change.
Payday Loan Monitoring
Alerts the subscriber when their personal information is associated with short-term, payday, or similar cash-advance loans. The service monitors 21,000 online, rent-to-own, and payday lender storefronts for unauthorized activity. An initial report is provided, and monitoring continues on a monthly basis. An alert is generated whenever new loans or inquiries are detected.
Minor Identity Protection
(Formerly Safeguard for Minors) Allows parents/guardians of up to 8 minors under the age of 18 to monitor for potential fraudulent activity associated with their child’s SSN. Unauthorized names, aliases and addresses that become associated with a minor’s name and date of birth may be detected. The service monitors public records in all 50 states, including real estate data, new mover information, property and recorder of deed registration, county assessor/record data, internet job site providers, state occupational license data providers, voter information, public records/court proceedings, bankruptcies, liens, and judgments. Parents/guardians are provided a baseline scan, subsequent alerts and notifications thereafter.
Identity RestorationLicensed Investigators
Kroll’s Licensed Private Investigators perform the bulk of the restoration work required to restore a member’s identity to pre-theft status. The following list outlines Kroll’s typical identity restoration process. Please note that each case is unique, and Kroll Licensed Private Investigators will typically address a variety of issues during a restoration case.
8
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Within one business day of receiving a fully executed Limited Power of Attorney and copies of the Member’s Social Security card, driver’s license, identity theft police report and most recent utility statement—complete with the Member’s current name and address—Kroll shall:
• Notify the Social Security Administration (SSA), the Federal Trade Commission (FTC), and the U.S. Postal Inspection Service in cases where there is evidence the U.S. Postal Service was used in connection with the suspected fraud
• Place/confirm that 90-day fraud security alerts have been placed with the three credit bureaus
After receiving the Credit Authorization Form, Kroll shall:
• Order a copy of the Member’s credit report• Review credit history and document if fraud includes items such as:
° Public records: liens, judgments, bankruptcies ° Credit accounts: new and/or derogatory ° Addresses ° Prior employment
• Issue Fraud Alert and notification of fraud dispute—Work with affected financial institutions, collection agencies, check clearinghouse companies, landlords and property managers, and/or credit card companies, where warranted
9
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
• Issue Fraud Victim Statements—Work with all three credit bureaus to restore credit accuracy and place seven-year fraud victim statements with the permission of the victim
Where warranted, Kroll will:
• Search victim’s local county criminal data to detect criminal activity being committed in member’s name
• Use the U.S. Criminal Records Indicator to search a wide variety of national criminal databases
• Search victim’s state’s Department of Corrections records, court records, and arrest logs from numerous states
• Perform a driver license search using public records and commercially available data to find associated reports from numerous states
• Perform a Social Security trace to look for additional addresses that may be attached to the victim’s name
• Perform a death indicator search using public records and commercially available data sources to determine if the victim has been reported as deceased for insurance fraud or other reasons
• Perform a check-clearinghouse search to determine if victim’s name has been submitted as having been involved in fraudulent banking activities
• Notify the DMV and instruct victim on proper procedures in dealing with the DMV• Notify and work with creditors who have extended credit due to misuse of the
victim’s identifying information• Notify and work with the collection agencies of those creditors• Notify and work with law enforcement personnel, both local and federal
If disputes are not resolved according to the victim’s legal rights, Kroll may escalate disputes to the appropriate government/regulatory agencies, including:
• Federal Trade Commission• State Attorney General office by state• Consumer Financial Protection Bureau• Association of Collection Professionals International• Comptroller of the Currency• Federal Reserve Bank• Office of Thrift Supervision• Office of the Inspector General• Provide the additional assistance of investigators who can reasonably assist based
on the victim’s issues
In all cases, Kroll provides:
• Follow-up credit reports • Subscriber updates
10
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Restoration Preparation
BenefitLimited
POANo
POA
Assist in organizing details of issues
Explain fraud victim’s rights
Educate you on the process and your responsibilities
Assist in gathering and completing paperwork, including police reports
Send Fraud Packet to victimList of Contact Numbers (for immediate fraud alerts):
Equifax Fraud Center • Experian Fraud Center • TransUnion Fraud Center • Federal Trade Commission • Social Security Administration • United States Postal Service
Issue Fraud Alert to all three credit repositories
Provide fraud victim assistance material
Assist you with questions as you work through the process
Whenever A Fraud Issue Warrants
BenefitLimited
POANo
POA
Determine if creditors extended credit due to misuse of your identifying information
Confirm creditor contact information
Contact creditors and collection agencies to dispute all fraudulent accounts
Notify and work with the collection agencies of creditors holding fraudulent accounts
Turn over any current accounts to fraud, requesting affidavits of documentation forwarded to you
Search Criminal Data in your country of residence to look for criminal activity being committed in your name
Search U.S. Criminal Records indicator to search a wide variety of national criminal databases
Search Department of Motor Vehicles records in your state
Perform a Social Security trace to look for additional addresses that may be attached to your name
Perform a Social Security Death Index search to verify if you have been submitted to Social Security
Determine if you have been submitted as having been involved in fraudulent banking activities
Assist you in working with law enforcement personnel
Use licensed attorneys where appropriate to perform these duties
Offer additional assistance that can be reasonably provided based on your issue
Provide a list of attorneys who may be able to help you with legal issues—any subsequent relationship is exclusively between you and the attorney
Restoration ProcessWithin 24 hours of receiving the signed Limited Power of Attorney, Kroll will:
BenefitLimited
POANo
POA
Issue Fraud Alert to Social Security Administration (SSA)
Issue Fraud Alert to Federal Trade Commission (FTC)
Issue Fraud Alert to U.S. Postal Service (USPS)
Case Closing Process
BenefitLimited
POANo
POA
Provide a tri-merged credit bureau report follow up 120 days after resolution of your identity theft issues
Update member
Continue restoration until complete
Responsibility for Kroll’s Fraud Solutions Practice will cease when Kroll receives verification from you that the issue is resolved
After receiving both signed Limited Power of Attorney and tri-merged credit report, Kroll will:
BenefitLimited
POANo
POA
Issue Fraud Victim statements and work with all three national repositories (Experian, TransUnion, Equifax) to restore credit accuracy
Review credit history with you and verify if fraud includes items like: • Public Records (Liens, judgments,
bankruptcies) • Credit Accounts (New and/or
derogatory) • Address • Prior employment
Issue Fraud Alert to and work with affected financial institutions and credit card companies
11
Pre-existing Stolen Identity Event Limitations — If the victim either had knowledge of, or reasonably should have had knowledge of, the misuse of his/her identity, credit, or other personal information based on information provided, or reasonably available, to the individual prior to enrollment in the program (each a “Prior Misuse”), such Prior Misuse or the consequences caused by it are not covered by the restoration services. However, individuals who have merely experienced the loss or unauthorized exposure of personal identifiers, including credit or debit card data, such as a data breach event, with no indication of actual misuse or identity theft resulting from that event, are not subject to the Prior Misuse exclusion hereunder.
Theft Restoration Service Exclusions
The following are excluded from the Services:
Legal Remedy—Any Stolen Identity Event where the member is unwilling or unable to prosecute or otherwise bring a civil or criminal claim against any person culpable or reasonably believed to be culpable for the fraud or its consequences.
Dishonest Acts—Any dishonest, criminal, malicious or fraudulent acts, if the member(s) that suffered the fraud personally participated in, directed or had knowledge of such acts.
Financial Loss—Any direct or indirect financial losses attributable to the Stolen Identity Event, including but not limited to, money stolen from a wallet, unauthorized purchases of retail goods or services online, by phone, mail or directly.
Pre-Existing Stolen Identity Event Limitations—Any circumstance wherein the member had knowledge of, or reasonably should have had knowledge of a pre-existing Stolen Identity Event based on information provided to them prior to enrollment in the program.
Business—The theft or unauthorized or illegal use of any business name, DBA or any other method of identifying business (as distinguished from personal) activity.
Third Parties Not Subject to U.S. or Canadian Law—Restoration services do not remediate issues with third parties not subject to United States or Canadian law that have been impacted by an individual’s Stolen Identity Event, such as financial institutions, government agencies, and other entities.
©2015 LegalShield. Ada, OK
$5MILLION
SERVICE GUARANTEE
$5MILLION
SERVICE GUARANTEE
$5MILLION
SERVICE GUARANTEE
IDShield GuaranteeService Guarantee
We don’t give up until your identity is restored.
We’re confident in our ability to help protect your identity, but no one can prevent all identity theft. If you become a victim of identity theft while an IDShield member, we’ll spend up to $5 million using Kroll’s industry-leading licensed private investigators to do whatever it takes for as long as it takes to help recover and restore your identity to its pre-theft status.
You will have access to our U.S.-based Member Services agents during business hours and in emergency situations, 24 hours a day, 7 days a week, 365 days a year. And Kroll’s Licensed Private Investigators are available to support you every step of the way.
Our industry-leading identity restoration experts are ready and waiting to help restore your identity. Unlike other providers in the market, we don’t waste time retaining an insurer to restore your identity as we have a fully integrated partnership allowing Kroll’s Licensed Private Investigators to handle your identity restoration needs.
We understand how important it is to be prepared for the worst. We are ready to take action immediately.