What is the purpose of the Vendor Security Assessment Program?

The Vendor Security Assessment Program is intended to ensure that service providers who handle UC P4 (formerly UCB PL2) data on behalf of the University meet campus security policy requirements.  This is achieved in two ways:

  • By evaluating the vendor's security controls in comparison to campus policy.
  • Ensuring that the UCOP Data Security & Privacy Appendix is included in the vendor contract to provide baseline protection for the University in the event of a data breach.