The Vendor Security Assessment Program (VSAP) is an evaluation service for third-party service providers handling Protection Level 2 (PL2) data on behalf of the university. Campus policy requires that these service providers must comply with the requirements of the UC Berkeley Minimum Security Standard for Electronic Information (MSSEI).
VSAP is intended to ensure that campus third-party service providers adhere to the same baseline level of security practices required for campus systems and applications that contain protected information and are managed and maintained by internal campus resources.
Unit Heads and application Resource Proprietors benefit from the VSAP by assuring that the applications and services that they outsource to third-party service providers meet the campus minimum standard for the protection of sensitive data.
How to Get Started
- Name of requesting unit
- Project Lead contact information
- UC Provisioning Representative contact information (if applicable)
- Name of third-party vendor/product/service
- Service description
- List of protected data elements that are known to be processed, stored, or transmitted by the Service Provider (see the UC Data Classification Standard for details)
- Estimated number of records containing PL2 data