What We Do
Information Security and Policy's (ISP) Vendor Security Assessment Program (VSAP) is an evaluation service for third-party service providers that handle Protection Level 2 (PL2) data on behalf of the university. Campus policy requires that these service providers must comply with the requirements of the UC Berkeley Minimum Security Standard for Electronic Information (MSSEI).
Why We Do It
The Vendor Security Assessment Program is intended to ensure that campus third-party service providers adhere to the same baseline level of security practices required for campus systems and applications that contain protected information and are managed and maintained by internal campus resources.
Unit Heads and application Resource Proprietors benefit from the VSAP by assuring that the applications and services that they outsource to third-party service providers meet the campus minimum standard for the protection of sensitive data.
How to Get Started
To request a VSAP evaluation for a PL2 system that is vendor managed, review the Details of the Vendor Security Assessment Program and then send an email to firstname.lastname@example.org. Please include the following information:
- Name of unit requesting VSAP service
- Project Lead contact information
- UC Provisioning Representative contact information (if applicable)
- Name of third-party vendor/product/service
- Service description
- List of protected data elements that are known to be processed, stored, or transmitted by the service provider (see the UC Data Classification Standard for details)
- Estimated number of records containing PL2 data