SSPA Compliance and the SSPA Independent Assessment requirement
Microsoft suppliers are required to comply with stringent Privacy and Security requirements. Suppliers who process Personal data and/or Microsoft Confidential information as part of their services for Microsoft need to enroll in the Supplier Security and Privacy Assurance (SSPA) Program.
The SSPA Program is a gateway towards Microsoft Procurement and your company will need to be in good standing with the SSPA – which is an SSPA Compliant or Green status - in order to be available for new engagements/Purchase Orders.
If your SSPA Data Processing Profile includes selections that are considered higher risk to Microsoft, a Self-Attestation against the applicable items of Microsoft's Data Protection Requirements will be followed by an Independent Assessment requirement, too. Profile selection options that will trigger an Independent Assessment are published in the SSPA Program Guide. It is a great idea to check on this each year before you submit your Profile, so you can allocate time and sufficient resources to complete the requirements you will be posted.
Interpreting Microsoft’s Data Protection Requirements (DPR), confirming applicability and compliance might be challenging for suppliers and here's where our in depth knowledge of the SSPA Program and the DPR can save you time and efforts.
Deloitte is a Microsoft selected preferred assessor for SSPA assessments and our dedicated Team is here to help you maintain your compliance with SSPA requirements by interpreting the DPR to your services for Microsoft, assessing compliance of your applied privacy and security controls, and with the expert help of our information security professionals we are able to provide consultation on any portion of the DPR you might only be partially compliant or maybe non-compliant with.
Microsoft takes compliance and deadlines very seriously, which is protective of Microsoft as well as their suppliers and customers and not the least it is crucial for Microsoft suppliers to stay Green in the SSPA to be available for business with Microsoft.
If you need confident and expert help with your Independent Assessment requirement, please see our contacts below and contact at firstname.lastname@example.org.