How do I get started?

What do I need to do to initiate a vendor security assessment with the Information Security Office?

To request a Vendor Security Assessment Program evaluation for a PL2 system that is vendor managed, review the Details of the Vendor Security Assessment Program and then send an email to

Please include the following information:

  • Name of the unit requesting VSAP service
  • Project Lead contact information
  • UC Provisioning Representative contact information (if applicable)
  • Name of third-party vendor/product/service
  • Service description
  • List of protected data elements that are known to be processed, stored, or transmitted by the service provider (see the UC Data Classification Standard for details)
  • Estimated number of records containing PL2 data