By vendor · Budgeting / procurement / permitting
OpenGov — budgeting, procurement, permitting
OpenGov is increasingly the modern stack for budget, procurement, and permitting at small and mid-sized municipalities.
Reporting path
- Open a security incident case through your OpenGov customer success manager — they triage to OpenGov's security team.
- Request OpenGov's SOC 2 report and most recent customer-incident summary if not already on file.
- Email security@opengov.com with the incident reference for a written audit trail.
Contract clauses to read first
- OpenGov's MSA includes a security exhibit — read the breach-notification section for the specific clock (usually 72 hours of confirmed exposure of customer data).
- Confirm sub-processor list — OpenGov uses AWS regions you should know.
- Confirm the data export clause covers an unencrypted, structured export of your tenant within a defined window.
Known incident pattern
OpenGov has not publicly disclosed a customer-impacting breach as of writing — but customer-side compromises (phished OpenGov admin credentials) have been the more common vector. Treat SSO trust and admin MFA as the highest-leverage controls.
Descriptive reference only. OpenGov is a trademark of its owner. No affiliation or endorsement is implied.