In the midst of revelations about a massive data breach at the Office of Personnel Management (OPM), the agency awarded a $4.3 million two-month contract extension to Northrop Grumman for the OPM's Data Warehouse Program (DWP). According to the award documents, the follow-on contract includes "electronic official personnel folder (eOPF) proprietary software, software maintenance and development services, and conforming scanning services." Services to be provided by Northrop Grumman will support 100 federal agencies with up to two million "electronic official personnel folders", including scanned human resources documents.
According to the OPM, the Data Warehouse Program includes, among other things:
- Standardized collection of federal employee data
- Centralized focus on data quality and integration to one system
- Consistent, timely, and secure source for other programs requiring integrated federal employee data, such as the Retirement Systems Modernization program.
- Standard data interfaces for the collection of human resources (HR), payroll, and training data
- Processes to integrate data from the various sources to provide a comprehensive view of a federal employee's career
- Individual employee lookup tool to view history across the employee's Federal career
- Secure systems environment that meets Federal data standards and certification requirements
Although the original contract came about through a competitive bidding process, this two-month follow-on extension was a "Limited Sources" award due to the difficulties of implementing an alternative system to Northrop Grumman's proprietary system. OPM also states that along with the contractor, the agency is designing and deploying system enhancements including a "much anticipated self-service password feature" that the agency's inspector general had recommended to allow secure access to the system through internet browsers.
Beyond these initial reasons, OPM also asserts that changing to a new contractor at this time could actually result in violations of the law by OPM since the transition would result in a "sustained inability" to carry out mandated tasks. The agency also warned of "increased risk to the integrity of the eOPF [electronic official personnel folder]" from the "learning curve" a new vendor would experience bringing a new system online.
The OPM's description of the data breaches does not make clear if the Data Warehouse Program was compromised by the attacks. Emails to OPM and Northrop Grumman requesting comment and further information have so far gone unanswered.