Assessments & Compliance Program

The Assessments & Compliance team partners with stakeholders to ensure compliance with Campus policies, regulatory requirements (e.g. PCI-DSS), and applicable state, federal, and international laws pertaining to information security. We offer several core assessment services to Campus:


  • Security Support for Researchers: assistance for researchers needing to meet the security requirements of third-party data providers such as the California State CPHS, NIH, and more.

  • MSSEI Assessment Service: risk assessments of systems that handle Protection Level 2 (PL2) and Protection Level 3 (PL3) data against UC Berkeley’s Minimum Security Standards for Electronic Information (MSSEI)

  • Application Security Testing Program (ASTP): penetration testing for Campus applications handling PL2 data

  • Vendor Security Assessment Program (VSAP): evaluations of third-party service providers and suppliers that handle PL2 data on behalf of the University

  • InfoSec Consulting: guidance on meeting Campus security requirements, policy and guideline development, and security architecture