Vendor Risk Assessments

UC and UC Davis IT security policies require a Vendor Risk Assessment (VRA) for any acquisition of software, IT services, or data.

The VRA process assesses vendors’ conformity to information security standards, better assuring:

Effectiveness of security controls over sensitive information
Prioritization of countermeasures in the context of threat mitigation
Elimination of detected vulnerabilities

For most Vendor Risk Assessments, start with your local IT provider. You can identify your local IT provider on this page: https://kb.ucdavis.edu/?id=00457

Alternately, you can submit your VRA request directly to the campus Information Security Office (ISO).

In many cases, going through your local IT provider will be faster that going through ISO.