What to Expect From an SSPA Independent Audit

For Microsoft suppliers handling sensitive and/or confidential information, compliance with the Supplier Security and Privacy Assurance (SSPA) program is a complicated and varied annual exercise. As we previously discussed in an article on the annual compliance cycle, one of the steps in the program is an audit – known as an independent assessment in the SSPA program guide.

This article will focus on that assessment and shed some light on the moving parts and ingredients that make a successful audit (i.e., an audit that is accepted by Microsoft in a timely manner). We will discuss each of the three distinct phases of the audit: pre-testing,

 » Read more

What to Expect When Applying for SSPA Compliance

Since the emergence of specialty service providers, data sharing between companies has grown at an exponential rate. As a result, specialty service providers are increasingly being asked to demonstrate their ability to protect confidential corporate data and private personal information as a condition of being hired.

Microsoft, who leverages specialty service providers extensively, has been a leader in driving compliance practices relative to security and privacy concerns with their Supplier Security and Privacy Assurance program (SSPA). According to their program guide, “SSPA is a partnership between Microsoft’s Procurement, Corporate External and Legal Affairs, and Corporate Security groups to ensure privacy and security principles are followed by its suppliers.”

Any supplier that processes Microsoft’s confidential information or the personal data of its employees and/or customers must comply with this program as a condition of being hired by Microsoft.

 » Read more

Media Contact

Dustin VandeHoef
Marketing Manager
Clark Nuber
Phone: 425-454-4919
Contact Dustin