Assessments & Compliance Program

The Assessments & Compliance team partners with stakeholders to ensure compliance with Campus policies, regulatory requirements (e.g. PCI-DSS), and applicable state, federal, and international laws pertaining to information security. We offer several core assessment services to Campus:

  • Security Support for Researchers: assistance for researchers needing to meet the security requirements of third-party data providers such as the California State CPHS, NIH, and more.

  • MSSEI Assessment Service: risk assessments of systems that handle UC P3 and UC P4 (formerly UCB PL2) data against UC Berkeley’s Minimum Security Standards for Electronic Information (MSSEI)

  • Application Security Testing Program (ASTP): penetration testing for Campus applications handling UC P4 (formerly UCB PL2) data

  • Vendor Security Assessment Program (VSAP): evaluations of third-party service providers and suppliers that handle UC P3 and UC P4 (formerly UCB PL2) data on behalf of the University

  • InfoSec Consulting: guidance on meeting Campus security requirements, policy and guideline development, and security architecture