What do I need to do to initiate a vendor security assessment with the Information Security Office?
To request a Vendor Security Assessment Program evaluation for a PL2 system that is vendor managed, review the Details of the Vendor Security Assessment Program and then send an email to security@berkeley.edu.
Please include the following information:
- Name of the unit requesting VSAP service
- Project Lead contact information
- UC Provisioning Representative contact information (if applicable)
- Name of third-party vendor/product/service
- Service description
- List of protected data elements that are known to be processed, stored, or transmitted by the service provider (see the UC Data Classification Standard for details)
- Estimated number of records containing PL2 data