The URL can be used to link to this page

Home My WebLink AboutJackson, Ryan 2025-07-01; Amendment 1 2025-11-20COU No. 2526-095-A1 CITY OF UKIAH AMENDMENT NO. 1 TO PROFESSIONAL SERVICES CONTRACT 2526-095 BETWEEN RYAN JACKSON and THE CITY OF UKIAH This Amendment No. 1, entered on November 20, 2025 revises the Agreement for Professional services dated July 1st, 2025 between the City of Ukiah and Ryan Jackson, for professional services relating to IT Support. This Amendment No. 1 adds additional Scope of Work per Exhibit 1 and adds an additional not-to-exceed amount of $40,000. This revises the total, not-to-exceed amount to $80,000. Except as expressly amended by this Amendment, all other terms remain unchanged and in full force and effect. IN WITNESS WHEREOF, THE PARTIES HAVE EXECUTED THIS AMENDMENT ON THE EFFECTIVE DATE: RYAN JACKSON BY: DATE: PRINT NAME: CITY OF UKIAH BY: DATE: SAGE SANGIACOMO, CITY MANAGER ATTEST BY: DATE: KRISTINE LAWLER, CITY CLERK Attachment 2 12/10/2025 Kristine Lawler (Dec 11, 2025 07:22:50 PST)Kristine Lawler 12/11/2025 Amendment to Statement of Work (SOW) Cybersecurity Implementation and Compliance Support for the Ukiah Police Department Consultant: Ryan Jackson 1.IntroductionThis Amendment supplements the existing Statement of Work between the City of Ukiah and Ryan Jackson. The purpose of this engagement is to address immediate cybersecurity compliance and operational needs within the Ukiah Police Department (UPD) network infrastructure. This work will focus on the implementation, monitoring, and remediation of cybersecurity vulnerabilities and threats to meet Department of Justice (DOJ), California Law Enforcement Telecommunications System (CLETS), and Criminal Justice Information Services (CJIS) compliance requirements. 2.Objectives •Implement cybersecurity tools, systems, and configurations necessary to strengthen theUPD network security posture. •Establish continuous vulnerability and threat monitoring for the UPD network andassociated systems. •Audit access and activity logs related to critical systems, including RIMS, CJIS, DOJ, andCLETS environments. •Identify and remediate vulnerabilities, threats, or non-compliance issues as they arisethrough systematic patching and risk mitigation processes. •Engage with third-party contractors and vendors as needed to support, coordinate, andlead cybersecurity initiatives on behalf of the Ukiah Police Department. •Facilitate transition planning and knowledge transfer once internal staffing orpermanent cybersecurity personnel are appointed. 3.Scope of Work 3.1 Critical Tasks 1.3.1.1 Cybersecurity Tool ImplementationImplement and configure cybersecurity monitoring and management tools, including but not limited to vulnerability scanners, endpoint protection, and network monitoring solutions. Ensure all deployed systems align with DOJ, CLETS, and CJIS technical standards. 2.3.1.2 Vulnerability and Threat MonitoringEstablish ongoing threat detection and vulnerability scanning procedures for the UPD network. This includes proactive monitoring for zero-day vulnerabilities, CVE alerts, and other indicators of compromise across critical systems. 3.3.1.3 Log Auditing and Access ReviewConduct recurring audits of security and access logs related to systems containing protected criminal justice information (RIMS, CJIS, DOJ, CLETS). Ensure that all logging, alerting, and review procedures meet federal and state standards for access control and data protection. 4.3.1.4 Vulnerability Remediation and Patch ManagementCollaborate with the City IT Department and external vendors to apply patches, configuration changes, or mitigation measures to remediate vulnerabilities identified through assessment or monitoring processes. Document all remediation efforts for compliance verification. 5.3.1.5 Contractor Coordination and Cybersecurity LeadershipEngage with vendors, managed service providers, and consultants to lead or assist in the implementation of cybersecurity initiatives affecting the UPD network. Ensure that all external engagements align with compliance frameworks and organizational objectives. 4.Deliverables •Cybersecurity Implementation Report – detailing the tools, configurations, andintegrations deployed. •Vulnerability Assessment & Monitoring Report – outlining active scans, findings, andprioritized risk items. •Log Audit Summary Report – documenting access reviews and anomalies identified inprotected system logs. •Remediation and Patch Summary – showing vulnerabilities resolved and actionspending. •Transition Plan and Documentation – to ensure effective handoff and training ofinternal personnel once staffing becomes available. 5.Responsibilities6.Consultant (Ryan Jackson): •Perform cybersecurity tool deployment, configuration, and validation. •Conduct monitoring, log auditing, and remediation oversight. •Document and report all findings, actions, and recommendations. •Provide consultation and leadership to City and UPD IT staff and contractors. •Facilitate training and knowledge transfer to internal staff upon transition.7.City of Ukiah / Ukiah Police Department: •Provide access to systems, staff, and data as necessary for audit and monitoringfunctions. •Procure or license required cybersecurity tools and platforms. •Coordinate with consultant and external vendors for scheduling and system access. 6.Timeline & MilestonesThe duration of this engagement is dependent upon internal staffing and the remediation of identified vulnerabilities. Initial tool implementation and monitoring setup are expected within 4–6 weeks, followed by a continued monitoring and remediation phase extending until proper hand-off is completed. 7.DisclaimerThis engagement serves as a temporary remediation and compliance support measure to ensure the Ukiah Police Department maintains DOJ, CLETS, and CJIS security standards. Ryan Jackson has accepted delegated cybersecurity responsibilities for this purpose. These duties are intended to address immediate compliance needs and operational risks. Ongoing consultation, training, and documentation will be provided.