Microsoft SSPA Assessment Program

RSM is one of Microsoft's certified consultants for the implementation of its Supplier Security and Privacy Assurance (SSPA) and Data Protection Requirements (DPR) program.

What is the SSPA program?

It is Microsoft's corporate supplier security and privacy assurance program to provide its suppliers with instructions on how to handle Microsoft data, in the form of Microsoft Supplier Data Protection Requirements (DPR).

Compliance with the SSPA is mandatory:

  • For all new Microsoft suppliers as a step towards starting a relationship.
  • For existing Microsoft suppliers on an annual basis, also contributing to a good reputation for the supplier program.

Compliance with this regulation also allows the supplier to improve and strengthen their security in the management of their confidential or personal data.

Our SSPA/DPR Proposition

RSM provides an efficient and pragmatic SSPA/DPR assessment for your company, obtaining a report with results for each applicable control, which will allow your organization to evaluate the potential strengths and weaknesses of each area. Our evaluation includes:

  • Evaluation of SSPA DPR applicability.
  • Policy and procedures reviews and updates.
  • Data classification reviews.
  • Letter asserting whether or not your organization is compliant, to be shared with Microsoft.

The RSM advantage

RSM has extensive experience in advising companies and adapting our assessments to the specific size, level of security and regulatory demands of each Organization.

Our in-depth knowledge of Microsoft requirements and of the security and privacy measures to be applied in data processing has enabled us to design an efficient work methodology that provides concrete and valuable recommendations for our clients' security strategy.