Microsoft supplier privacy and assurance standards

If you provide services or products to Microsoft, or plan to in the near future, you will need to complete a Supplier Security and Privacy Assurance (SSPA) Data Protection Requirements (DPR) assessment. 

The SSPA DPR program is an initiative to improve and strengthen the security, transmission and reporting of data across all Microsoft suppliers that process Microsoft Personal Information or Microsoft Confidential Information as part of the execution of an active Master Supplier Services Contract.

As a Microsoft-qualified provider of these services, RSM are well placed to help you navigate the requirements of the assessment.

RSM provides an SSPA DPR assessment that focuses on a scalable and efficient solution for your company. RSM will compile a report for each applicable control to help your organisation evaluate areas of strength and potential weakness. Our SSPA DPR assessment approach includes:

  • an evaluation of SSPA DPR applicability;
  • policy and procedure reviews and updates;
  • data classification reviews; and
  • a letter asserting whether or not your organisation is compliant, to be shared with Microsoft.

With the experience to adapt our assessment to your organisation’s specific size, level of security and regulatory demands, our depth of industry experience and security services allows us to make pragmatic recommendations that allow you to work with one advisor to develop a clear and cohesive data security strategy.

With experience in performing a variety of data governance assessment and advisory projects, our solutions can have an immediate impact on your security and risk position. You will see actionable results that support the needs of your stakeholders from both a technology and executive management perspective.

For more information on how RSM can help with your SSPA DPR requirements please contact Sheila Pancholi.