SSPA Assessment - Microsoft DPR Assessments

The Supplier Security and Privacy Assurance (SSPA) and Data Protection Requirement (DPR) previously known as the Vendor Privacy Assurance Program is an assessment for Microsoft suppliers/vendors who process their data on their behalf. SSPA DPR assessment is an initiative taken by Microsoft for their suppliers to ensure that their data which is processed by Microsoft’s suppliers on their behalf is securely stored, transferred or processed. This assessment is required by the Microsoft to ensure that their vendors follow Microsoft’s security and privacy policy which reflect their values. Microsoft will be sharing a link with the supplier organisation annually where you need to update the details about the data you collect, store or process on their behalf. Microsoft has divided these assessment into 3 categories according to the type of data handled by the supplier. The categories are High, medium and low business impact.

Does it apply to your organization

SSPA attestation is applicable for all the companies who are the suppliers of Microsoft. One should get this assessment done if they are planning to get associated with Microsoft in future.

How can Riskpro help and what are the services offered by Riskpro

Riskpro is a member of American Institute of Certified Public Accountants (AICPA) and highly qualified assessors who can do the assessments for your company. SSPA services provided by Riskpro are as follows:

SSPA Consulting

Riskpro will help you to understand the requirements of SSPA and help you to implement the controls in your company. It will ensure that all the controls are implemented as per the requirements of SSPA.

Gap assessment

Riskpro does gap assessments wherein a qualified assessor will visit your company and do a mock assessment of all the controls implemented in your company. This assessment will be in line with SSPA requirements and at the end of which the assessor will provide you with a list of gaps identified. You may fix all the gaps identified and prepare for the actual assessment. This will help you to assess the readiness of your company for the actual assessment.

SSPA assessment

A qualified assessor will visit your company and conduct a formal assessment on the controls implemented by you. This assessment will be conducted as per the requirements of the SSPA assessment expected by Microsoft. At the end of the assessment the assessor will provide you with a assessment report which will include all the controls audited and the assessor conclusions on the same. This report can be used an official document to certify that your company has completed the assessment successfully.

Contact us for SSPA Audit Report

To get an independent audit report for SSPA/DRP as per Microsoft requirement, please email at

More Info:

Other Services of Interest

  • Prevention of Insider Trading- Training

    Overview of Insider Trading The trading of the company shares based on the inside information about the company (which is not available to the general public) is known as Insider Trading. In...
  • Third Party Due Diligence

    What is Third-Party Due Diligence? If you are a business owner, there is a high chance you’re dependent on third parties to run your business. Conducting a background check on third parties is...
  • Webinar- State of Governance in Today's World of Business

    While more discussions are taking place on governance, corporate frauds are in fact becoming larger, deeper, and wider. Every day, the media will disclose some new fraud or the other. Be it...
  • Cybersecurity Maturity Model Certification (CMMC)

    If you have never heard of the words CMMC, don't worry. You are not alone. It is a recent regulation and it is not yet fully in force. But, if will gain momentum in the information security and data...
  • Webinar- India's Personal Data Protection Regulation - It's the Final Countdown

    The webinar covers the salient features of the Indian Personal Data Protection (PDP) Bill. The webinar also covers the alignment of Indian regulation to global data privacy practices. The webinar...
  • Webinar- Manage Supply Chain Disruptions and Mitigate Vendor Risks

    The pandemic has created uncertainty in the quality and reliability of supply chain partners and the logistics challenges. As you look on to onboard a new set of suppliers, learn what are the...
  • Self Assessment Software Login - India Data Protection Regulation

    Riskpro India has developed a Self Assessment tool to evaluate and manage the compliance gaps against the almost here regulation on Data Protection. The Free Login access provides you the ability...
  • 21 CFR Part 11 Consulting Services

    Implementing a CFR 21 part 11 software /system helps you to achieve compliance with FDA regulation and also provide you inroads to more clients who can trust your system. Riskpro's 21 CFR Part 11...
  • Procurement Fraud - Riskpro can help

    If you suspect procurement fraud, do contact Riskpro India and we can help to unearth the suspicious activity. Following are some of the ways in which we can help. 1. Review of onboarding...
  • Go to top