SENATE BILL REPORT

SB 5455

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Brief Summary of Substitute Bill

Requires Washington Technology Solutions (WaTech) to mutually develop procedures with the Legislature for providing cybersecurity information to members of the Legislature and to conduct an excellence assessment every two years.
Requires the state Chief Information Officer (CIO) to set one- and five-year performance projections, rather than goals, and update the Legislature on performance annually.
Requires inclusion of one-year and five-year projections in the state strategic information technology (IT) plan.

Majority Report: That Substitute Senate Bill No. 5455 be substituted therefor, and the substitute bill do pass and be referred to Committee on Ways & Means.

Signed by Senators Miloscia, Chair; Zeiger, Vice Chair; Pearson.

Background: WaTech. The Legislature established the Consolidated Technology Services agency, most commonly referred to as WaTech, and the Office of the Chief Information Officer (OCIO) in 2011. The CIO serves as Director of WaTech.

The CIO sets performance targets and approves plans for achieving measurable and specific goals for the agency and reports to the Governor on agency performance quarterly, at least.

The OCIO prepares a state strategic IT plan that includes a statewide mission, goals, and objectives for the use of IT, including goals for electronic access to government records, information, and services.

Performance Assessments. A 1987 act established a federal program to evaluate management quality of U.S. businesses. Both the Baldrige Performance Excellence Program and the Malcolm Baldrige National Quality Award are administered by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce. The program currently publishes performance excellence frameworks used by trained examiners to evaluate management in both for-profit and nonprofit organizations, including government entities. Following an assessment, an examiner scores an organization's management quality.

Summary of Bill (First Substitute): CIO. The CIO must set one- and five-year projections, rather than goals, and update the Legislature on performance annually.

OCIO. The OCIO must include one-year and five-year projections in the state strategic IT plan.

WaTech. WaTech must:

mutually develop procedures with the Legislature, including enforceable nondisclosure agreements, for providing cybersecurity information to members of the Legislature to assist them in the performance of their duties; and
conduct an excellence assessment every two years, with a goal of achieving a 60 percent score within seven years.

If the agency meets that goal, WaTech must apply for a quality award and need only conduct assessments every four years. WaTech must report assessment results to relevant legislative committees.

Excellence Assessment. An excellence assessment is an assessment of enterprise security operational performance using a framework approved by the NIST, U.S. Department of Commerce.

EFFECT OF CHANGES MADE BY STATE GOVERNMENT COMMITTEE (First Substitute): Requires an excellence assessment, rather than a cybersecurity excellence assessment, of agency operational performance.

Clarifies that the procedures for providing information about the state's cybersecurity infrastructure, performance, and posture to the members of the Legislature will be developed mutually with the Legislature and include enforceable nondisclosure agreements.

Staff Summary of Public Testimony on Original Bill: The committee recommended a different version of the bill than what was heard. PRO: The goal is for Washington to have the best cybersecurity and performance in the nation.

OTHER: Cybersecurity has moved out of the technology realm and into the policy realm and this bill is a reflection of that. This bill gets the conversation going and we appreciate the intention but want to work through the minutia of the bill.