Vendor Security Assessment Program

The Vendor Security Assessment Program (VSAP) is an evaluation service for third-party service providers handling UC P3 and P4 (formerly UCB PL1, PL2, and PL3) data on behalf of the university. Campus policy requires that these service providers must comply with the requirements of the UC Berkeley Minimum Security Standard for Electronic Information (MSSEI).

VSAP is intended to ensure that campus third-party service providers adhere to the same baseline level of security practices required for campus systems and applications that contain protected information and are managed and maintained by internal campus resources.

Unit Heads and application Resource Proprietors benefit from the VSAP by assuring that the applications and services that they outsource to third-party service providers meet the campus minimum standard for the protection of sensitive data.

Service details

Service category

Quick Links

home buttonreport a security threat buttoncheck system status buttonsearch the knowledge base button