The contract with the 3rd-party service provider has already been signed and the UCOP Data Security & Privacy Appendix was not included. How will this affect the vendor security assessment?
For all UC contracts involving third-party access to covered data, the University of California Office of the President (UCOP) requires the inclusion of the Data Security and Privacy Appendix. The appendix establishes baseline protection for the University in the event of a data breach. Campus units that engage with service providers to handle covered data must ensure the appendix is included in new contracts without edits.
For VSAP engagements that...