SSPA Assessment - Microsoft DPR Assessments

The Supplier Security and Privacy Assurance (SSPA) and Data Protection Requirement (DPR) previously known as the Vendor Privacy Assurance Program is an assessment for Microsoft suppliers/vendors who process their data on their behalf. SSPA DPR assessment is an initiative taken by Microsoft for their suppliers to ensure that their data which is processed by Microsoft’s suppliers on their behalf is securely stored, transferred or processed. This assessment is required by the Microsoft to ensure that their vendors follow Microsoft’s security and privacy policy which reflect their values. Microsoft will be sharing a link with the supplier organisation annually where you need to update the details about the data you collect, store or process on their behalf. Microsoft has divided these assessment into 3 categories according to the type of data handled by the supplier. The categories are High, medium and low business impact.

Does it apply to your organization

SSPA attestation is applicable for all the companies who are the suppliers of Microsoft. One should get this assessment done if they are planning to get associated with Microsoft in future.

How can Riskpro help and what are the services offered by Riskpro

Riskpro is a member of American Institute of Certified Public Accountants (AICPA) and highly qualified assessors who can do the assessments for your company. SSPA services provided by Riskpro are as follows:

SSPA Consulting

Riskpro will help you to understand the requirements of SSPA and help you to implement the controls in your company. It will ensure that all the controls are implemented as per the requirements of SSPA.

Gap assessment

Riskpro does gap assessments wherein a qualified assessor will visit your company and do a mock assessment of all the controls implemented in your company. This assessment will be in line with SSPA requirements and at the end of which the assessor will provide you with a list of gaps identified. You may fix all the gaps identified and prepare for the actual assessment. This will help you to assess the readiness of your company for the actual assessment.

SSPA assessment

A qualified assessor will visit your company and conduct a formal assessment on the controls implemented by you. This assessment will be conducted as per the requirements of the SSPA assessment expected by Microsoft. At the end of the assessment the assessor will provide you with a assessment report which will include all the controls audited and the assessor conclusions on the same. This report can be used an official document to certify that your company has completed the assessment successfully.

More Info:

Other Services of Interest

  • Cloud Security - Knowledge Snippets

    Riskpro presents a series of 5 articles / newsletters on cloud security. Cloud computing is attractive because it offers agility, resiliency and economy to organisations which adopt it. What is less...
  • Corporate Training Ideas - Risk Management and Compliance

    The following training options are appropriate for Banks, NBFC and small banks. • Basic fundamentals of Risk Management (half day) o Including Fraud, Reputational Risk issues also apart from...
  • Third Party Risk Management (TPRM) - Webinar

    EVENT OVERVIEW: TPRM or Third Party Risk Management is not a new concept, but something that needs to be addressed today. With Cybersecurity, Privacy issues emerging every day, often we find that...
  • Global Compliances - Free Webinar on key Global Regulations

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on how to be future ready with respect to Global Compliances. Alleviate risk and strengthen your control on global compliance with this...
  • Sarbanes Oxley (SOX) Compliance - Free Webinar

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on SOX (Sarbanes Oxley) Compliance which will take you through the applicability and requirements of the SOX 404 and 302 Act. The...
  • Internal Audit and IT Audit on Temporary Basis

    Due to the importance of regulatory compliances, it has become essential that companies are able to audit the business operations effectively. To meet this growing demand, Riskpro India offers...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Fire Safety Assessments and Training

    Some of our features of Fire Safety Assessments and Training • Fire Science • The common causes of fire • Identify fire hazards • Types of fires and extinguishers • Fire...
  • Go to top