Template revised April 12, 2018.

COMMISSION

AGENDA MEMORANDUM

Item No.

ACTION ITEM

Date of Meeting

February 14, 2023

DATE: February 7, 2023

TO: Stephen P. Metruck, Executive Director

FROM: Ron Jimerson, Director Information Security

SUBJECT: Governance Risk, and Compliance (GRC) Software Contract Authorization

Contract Value:

$1,400,000

ACTION REQUESTED

Request Commission authorization for the Executive Director to execute a contract for GRC

software for a period not-to-exceed ten years in an amount not-to-exceed $1,400,000 over the

ten-year period. There is no funding request associated with this authorization.

SUMMARY

The GRC software platform will be procured in 2023 via a competitive procurement to efficiently

manage IT security risks, vendor oversight, policy management, and streamline compliance. It

will be used extensively by Information Security, Information and Communication Technology,

Aviation Maintenance, Maritime Security dedicated personnel to identify, measure, and

remediate risks associated networked technologies. The system will also provide for a policy

strategy that will ensure consistency and adaptability through targeted collaborations hosted by

a centralized repository. This will help finalize dozens of policies in development or currently

being revamped. A GRC tool will help the Port’s compliance requirements that have

overwhelmed staff to keep up with, especially new mandates levied by TSA and Maritime cyber

authorities. In addition, the unique complexities tied to the Payment-Card Industry (PCI), Criminal

Justice Information System (CJIS), WA State Audit Agency, and internal audit initiatives require

this type of tool in order meet the Port’s IT security obligations.

Annual costs will be budgeted in the Information Security Operating Budget.

There are no attachments to this memo.