Supplier Privacy & Assurance Standards (SSPA)
What Is Supplier Privacy & Assurance Standards (SSPA)?
Microsoft believes that security and privacy are critical to its mission and requires their suppliers who handle confidential data to meet a strict set of standards. If you’re doing business with Microsoft and processing Personal Data or Microsoft Confidential Data in the performance of your service, you will need to enroll in Microsoft’s Supplier Privacy & Assurance Standards (SSPA) program. As a supplier, you will need to understand a set of Data Protection Requirements (DPR), attest to the DPR, and gain independent assurance by completing an assessment against the DPR.
Microsoft’s DPR sets out the following requirements in ten domains.
Choice and Consent:
Disclosure to Third Parties:
Monitoring and Enforcement:
For more details on the requirements, download the DPR from Microsoft’s site.
Suppliers that process personal data or Microsoft Confidential Data