COMMISSION 
AGENDA MEMORANDUM                        Item No.          8g 
ACTION ITEM                            Date of Meeting     February 14, 2023 
DATE:     February 7, 2023 
TO:        Stephen P. Metruck, Executive Director 
FROM:    Ron Jimerson, Director Information Security 
SUBJECT:  Governance Risk, and Compliance (GRC) Software Contract Authorization 
Contract Value:                       $1,400,000 
ACTION REQUESTED 
Request Commission authorization for the Executive Director to execute a contract for GRC 
software for a period not-to-exceed ten years in an amount not-to-exceed $1,400,000 over the
ten-year period. There is no funding request associated with this authorization. 
SUMMARY 
The GRC software platform will be procured in 2023 via a competitive procurement to efficiently
manage IT security risks, vendor oversight, policy management, and streamline compliance. It
will be used extensively by Information Security, Information and Communication Technology,
Aviation Maintenance, Maritime Security dedicated personnel to identify, measure, and
remediate risks associated networked technologies. The system will also provide for a policy
strategy that will ensure consistency and adaptability through targeted collaborations hosted by 
a centralized repository. This will help finalize dozens of policies in development or currently
being revamped. A GRC tool will help the Port’s compliance requirements that have
overwhelmed staff to keep up with, especially new mandates levied by TSA and Maritime cyber
authorities. In addition, the unique complexities tied to the Payment-Card Industry (PCI), Criminal
Justice Information System (CJIS), WA State Audit Agency, and internal audit initiatives require
this type of tool in order meet the Port’s IT security obligations. 
Annual costs will be budgeted in the Information Security Operating Budget. 
There are no attachments to this memo. 



Template revised April 12, 2018.