SSPA Compliance

Thinking about becoming a supplier for Microsoft? Then you’ll need a Supplier Security and Privacy Assurance (SSPA) certification.

Microsoft requires strict security protocols from its suppliers to protect information it defines as Confidential Data and Personal Data. Their SSPA program is designed to drive adoption of these rigorous security standards through an ongoing annual compliance cycle. Enrolling in the program means reviewing up to 53 Data Protection Requirements (DPR) and achieving compliance with each requirement applicable to your business.

For those working through an SSPA certification, the process can be daunting. Clark Nuber’s professionals will help you navigate the process by:

• Interpreting the intent of each requirement and the practical application for your business
• Guiding you through the DPR and the necessary documentation using our custom tools
• Consulting with you on improving cybersecurity protocols
• Understanding the deadlines and options for extensions of time

At a minimum, the SSPA program provides assurance to Microsoft about the ongoing state of security and privacy controls in place at your business. Beyond that, the program helps you understand the additional responsibilities that come along with the work Microsoft awarded you.

Next Steps

Clark Nuber is designated as a Preferred Assessor by Microsoft. As such, we are well versed in SSPA requirements, cybersecurity best practices, and methods for maintaining your compliance annually. If you have any questions on SSPA compliance, or you’re ready to get started, send us an email.