To ensure that its suppliers comply with applicable security and confidentiality rules, Microsoft has created the SSPA program. This program helps to maintain a relationship of trust between Microsoft, its suppliers and organizations, and ensures that privacy and security remain protected. To achieve this, Microsoft's service or product providers must demonstrate their compliance with the Data Protection Requirements (DPR), which RSM can help you achieve through an independent assessment.

 

SSPA Program: what is it ?

The Microsoft SSPA program aims to ensure that Microsoft suppliers and partners maintain high standards of security and privacy when handling Microsoft data and systems. 

One of the main objectives of the SSPA program is to help Microsoft suppliers and partners understand and comply with the company's security and confidentiality requirements. This includes regular assessments of Microsoft's suppliers and partners to ensure compliance.

Besides helping Microsoft suppliers and partners maintain high standards of security and confidentiality, the SSPA program also contributes to protecting Microsoft's assets and reputation.

By working with trusted partners and suppliers with a strong commitment to security and privacy practices, Microsoft can protect its systems and data, and offer its customers the highest level of protection they expect.

 

Who is this program for ?

It is primarily intended for Microsoft suppliers and partners that handle the company's data and systems. These suppliers and partners may be third-party companies that provide services or products to Microsoft, or organizations that work in collaboration with Microsoft on various projects.

If you provide services or products to Microsoft, or plan to do so in the near future, you must complete a Data Protection Requirements Assessment (DPR) as part of the program. Compliance with the SSPA is mandatory:

  • For all new Microsoft suppliers at the beginning of a business relationship.
  • For existing Microsoft suppliers, at a regular frequency up to an annual frequency, also contributing to a strong reputation for the supplier program.

The SSPA program may require Microsoft suppliers and partners to provide an independent assessment of their compliance with data protection requirements (DPR).

 

Looking for an SSPA Independant Assessment ? RSM is here to help !

As part of the SSPA program, Microsoft suppliers and partners may be required to provide an independent assessment of their compliance with data protection requirements (DPR), based on their profile.

RSM is certified by Microsoft to support the SSPA and DPR (Data Protection Requirements) programs.

RSM provides an SSPA/DPR assessment for your company, producing a report with detailed findings for each applicable control, enabling your organization to evaluate potential strengths and weaknesses in each area.

Our assessment includes :

  • Assessment of SSPA/DPR applicability.
  • Review of policies and procedures.
  • Review of documentation for each applicable requirement.
  • A letter describing whether your organization is compliant, to share with Microsoft.

Useful links : SSPA: Supplier Security & Privacy Assurance Program 

Author

Jean-Philippe Isemann
Jean-Philippe Isemann
Associé - Transformation digitale