Skip to main content

Breach Response and Management

FRTIB has an obligation to protect the information TSP participants, beneficiaries, and others entrust to the Agency. The Privacy Division takes this obligation very seriously and has developed a policy and procedures to inform FRTIB employees and contractors of their obligation to protect PII and to instruct them specific steps they must take in the event there is an actual or potential compromise of PII. FRTIB’s process for responding to a breach of PII are detailed in the Agency’s Breach Response Policy and Procedures which are based on OMB Memorandum 17-12, Preparing for and Responding to a Breach of Personally Identifiable Information and requires:1

  1. ITSMD maintains a separate Cyber Incident Response Policy and Procedures which details the Agency’s procedures for detecting, containing, responding to, and preventing incidents, in accordance with NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide. The Cyber Incident Response and Breach Response processes work together in the event of a cyber incident involving PII.