Privacy Services

Microsoft Supplier Security & Privacy Assurance (SSPA) Program

Doing business with Microsoft requires strong privacy and security policies. Microsoft suppliers or vendors who handle personal or confidential information must comply with the Microsoft Supplier Data Protection Requirements (DPR).

Talk to an Expert

SSPA Program Requirements

Plan Ahead, Be Requirements-Ready

Strong privacy and security practices are required by Microsoft. Supplier Security and Privacy Assurance (SSPA) is Microsoft’s corporate program to deliver Microsoft’s data processing instructions to their suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR). SSPA drives compliance to these requirements through an annual compliance cycle for new and returning suppliers.

In the few years since GDPR we’ve seen other privacy initiatives take place – including the California Consumer Privacy Act (CCPA). Both privacy laws continue to have a profound impact on how consumers view their personal information and how they can control what is done with the information. The change hasn’t only occurred with consumers but also with companies processing their information. More and more, companies are being required to re-examine their data privacy and security practices and take steps to ensure their supply chain has implemented similar measures.

The SSPA program ensures alignment between suppliers’ data protection practices and Microsoft requirements. Suppliers are evaluated against 53 Data Protection Requirements (DPR) and have to show, for all applicable controls, measures implemented at the organization to address the particular risk.

Armanino has experts to help your organization achieve SSPA program compliance. Our team is versed in SSPA requirements, industry best practices and methods to demonstrate and sustain compliance. Talk to us and let’s work together on your DPR journey.

Pippa Akem - Senior Manager - San Francisco, CA
Senior Manager
Pippa has over 10 years of governance, risk and compliance experience in healthcare, technology and other sectors.

San Francisco, CA
Mirena Taskova - Risk Assurance & Advisory - San Jose CA | Armanino
Managing Director, Head of Privacy
Mirena Taskova has over 15 years of wide-ranging privacy & cybersecurity experience

San Jose, CA
Liam Collins - Partner, Audit - San Francisco CA | Armanino
Liam has more than 18 years of assurance and consulting experience, including 10 years with Big Four firms.

San Francisco, CA
News, Tips & Insights
How to Start Building a Secure Data Privacy Program
Aligning to a framework, such as Microsoft’s SSPA, can help you protect internal and customer data.

June 29, 2021

Complete the Form to Speak to an Expert