Vendor Security Assessment Program


The Vendor Security Assessment Program (VSAP) is an evaluation service for third-party service providers handling UC P3 and P4 data on behalf of the university. Campus policy requires that these service providers must comply with the requirements of the UC Berkeley Minimum Security Standard for Electronic Information (MSSEI).

VSAP is intended to ensure that campus third-party service providers adhere to the same baseline level of security practices required for campus systems and applications that contain protected information and are managed and maintained by internal campus resources.

Unit Heads and application Resource Proprietors benefit from the VSAP by assuring that the applications and services that they outsource to third-party service providers meet the campus minimum standard for the protection of sensitive data.

How to Get Started

Review the Details of the Vendor Security Assessment Program and then send a request email to  Please include the following information:

  • Name of requesting unit
  • Project Lead contact information
  • UC Provisioning Representative contact information (if applicable)
  • Name of third-party vendor/product/service
  • Service description
  • List of protected data elements that are known to be processed, stored, or transmitted by the Service Provider (see the UC Data Classification Standard for details)
  • Estimated number of records containing UC P3 or P4 data

Service Details and Additional Information

Service category