Skip to content

Engaging Suppliers

Units and their Suppliers play an important role in protecting UC’s Institutional Information and IT Resources. When selecting and working with Suppliers, it is important to manage cybersecurity risks related to that Supplier and the anticipated use case(s). This page outlines some important responsibilities.

Engage Procurement Services. Procurement Services can guide the Supplier selection process and help Units make sure they are following the correct process.

Ensure Suppliers Meet Requirements. Select a Supplier that meets compliance requirements, including security and privacy. Before engaging a Supplier, make sure it is clear that they understand and have a plan for protecting UC. You should select a Supplier by considering a broad range of functional and performance capacities, including the ability to protect UC and to carry out Supplier responsibilities. Units must include security planning in the entire solution lifecycle. Consult your Location Security Office or CISO if you need help.

Include the Proper Agreements and Appendixes. Supplier contracting plans must include the appropriate agreements and appendices to ensure security, compliance, and privacy. Appendix DS is required whenever a Supplier accesses, collects, processes, or maintains Institutional Information and/or accesses or provides IT Resources. Other types of appendices may be necessary for specific cases, including BAA, GDPR, or Cloud Services, among others.

For UC contract language, including data security and privacy terms and conditions, please visit UC's Procurement Services website.

Copyright © Regents of the University of California | Terms of use