Microsoft Supplier Security & Privacy Assurance (SSPA) Program

Strong privacy and security practices are required by Microsoft. Supplier Security and Privacy Assurance (SSPA) is Microsoft’s corporate program to deliver Microsoft’s data processing instructions to their suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR). SSPA drives compliance to these requirements through an annual compliance cycle for new and returning suppliers.

In the few years since GDPR we’ve seen other privacy initiatives take place – including the California Consumer Privacy Act (CCPA). Both privacy laws continue to have a profound impact on how consumers view their personal information and how they can control what is done with the information. The change hasn’t only occurred with consumers but also with companies processing their information. More and more, companies are being required to re-examine their data privacy and security practices and take steps to ensure their supply chain has implemented similar measures.

The SSPA program ensures alignment between suppliers’ data protection practices and Microsoft requirements. Suppliers are evaluated against 53 Data Protection Requirements (DPR) and have to show, for all applicable controls, measures implemented at the organization to address the particular risk.

Armanino has experts to help your organization achieve SSPA program compliance. Our team is versed in SSPA requirements, industry best practices and methods to demonstrate and sustain compliance. Talk to us and let’s work together on your DPR journey.