Book a Demo
Book a Demo
Customers
Customer Story

University of California, Berkeley

Customer

The University of California, Berkeley

Industry

Higher Education

Company Size

10,000+

Location

USA

Champion

Allison Henry, CISO

Meeting system-wide cybersecurity compliance.

The University of California (UC) is the world’s leading public research university system, with ten campuses, five medical centers, three national labs, and a network of agricultural and natural resource centers. The first campus of the UC system, the University of California, Berkeley (UC Berkeley), was established in 1868 and currently has 14 colleges and schools offering over 350 degree programs to some 31,000 undergraduate and 12,000 graduate students.

The challenge

In late 2018, the University of California Office of the President (UCOP) released the updated and revised Electronic Information Security Policy (IS-3). The policy applies to all UC locations and primarily focuses on risk management, shifting information security risk responsibility to individual units, including vendor risk.

The Information Security Office (ISO) at UC Berkeley needed to figure out a process to help units meet the compliance requirements to comply with the new policy standards.

They needed a centralized and automated solution that would allow them to conduct a custom survey based on ISO 27001, assign permissions to unit risk owners, conduct vendor risk assessments, and roll up data into insightful risk reports and dashboards.

The solution

The UC Berkeley ISO chose Isora GRC from SaltyCloud to help them meet campus-wide compliance with the IS-3.

  • The questionnaire builder allowed them to design custom questionnaires complete with custom answer choices, question weighting, survey logic, and help text.
  • The assessment engine allowed them to assign role-based permissions to risk owners, including heads and information security leads, and launch and manage surveys across dozens of individual units.
  • The inventory manager allowed them to keep track of vendor assessments, products, and details.
  • The API allowed them to quickly upload information, like organizational structure, people, roles, questionnaires, and export assessment data for deeper analysis.

The outcome

Since deploying Isora GRC from SaltyCloud in 2020, the UC Berkeley ISO has seen several positive outcomes:

  • Provided invaluable insights into critical risks across individual units and the entire campus.
  • Helped measure and track unit-level and campus-wide risk improvements year-over-year.
  • Allowed them to streamline and automate their vendor risk management process.
  • Made it possible to build a culture of risk assessment across the campus.
  • Saved hundreds of valuable FTE hours.
Other Relevant Content
Large U.S. Bank: Replacing FFIEC CAT with NIST CSF 2.0 Assessments

A large U.S. bank replaced FFIEC CAT and legacy GRC workflows with department-level NIST CSF 2.0 assessments in Isora GRC, gaining visibility into cybersecurity maturity, streamlining reporting, and building a scalable risk management program.

Learn More
Banks & Credit Unions Information Security Risk Management
Academic Medical Center

A prestigious academic medical center optimizes their third-party security risk management program with Isora

Learn More
Higher Education Third-Party Security Risk Management
Virginia Tech

Virginia Tech matures their campus-wide security posture with the CIS Critical Security Controls and Isora GRC

Learn More
Higher Education ISRM Information Security Risk Management
Let’s Chat
Streamline every step of your org’s security GRC workflows
Book a Demo
Woot!
We got your request. Hang on tight and we'll get back to you!
Thanks!
You successfully subscribed to our newsletter