City IT staff recommended the commission approve a three-year subscription with UpGuard, a third-party risk-management platform, to monitor vendor cybersecurity posture across city software.

IT staff said the platform performs continuous security scoring and real-time monitoring of vendors the city uses, which currently number more than 40 different software tools. Staff said the service would flag weak vendor security postures and help the city reduce operational, regulatory and compliance risks tied to outsourced software. Staff recommended a three-year contract at $15,199 per year (total $45,597) and said the item is budgeted in fiscal year 2025.

Commissioners asked whether the vendor had been vetted and whether it appears on National League of Cities vendor lists; staff responded they would follow up with that information. Staff also provided examples of vendor risks the platform detects, including substandard security scores that contributed to a high-profile airline vendor breach the presenter cited.

The item was presented for commission approval; no formal vote was recorded during the workshop.