The Assessments & Compliance team partners with stakeholders to ensure compliance with Campus policies, regulatory requirements (e.g. PCI-DSS), and applicable state, federal, and international laws pertaining to information security. We offer several core assessment services to Campus:
-
Security Support for Researchers: assistance for researchers needing to meet the security requirements of third-party data providers such as the California State CPHS, NIH, and more.
-
MSSEI Assessment Service: risk assessments of systems that handle UC P3 and UC P4 data against UC Berkeley’s Minimum Security Standards for Electronic Information (MSSEI)
-
Application Security Testing Program (ASTP): penetration testing for Campus applications handling UC P4 data
-
Vendor Security Assessment Program (VSAP): evaluations of third-party service providers and suppliers that handle UC P3 and UC P4 data on behalf of the University
-
InfoSec Consulting: guidance on meeting Campus security requirements, policy and guideline development, and security architecture