• Microsoft SSPA Independent Assessments

Securing trust in business partnerships.

Strong privacy and security practices are the foundation of trust. Applicable to all suppliers who handle Microsoft personal or confidential data on the company’s behalf, Microsoft’s Supplier Security and Privacy Assurance (SSPA) initiative is designed to standardize and strengthen the handling of sensitive information on a global scale. 
As a Microsoft Preferred Assessor, BDO can help current and prospective Microsoft vendors meet SSPA program requirements as they seek to initiate or renew contracts. Having collaborated with the Microsoft SSPA team on the latest program updates, our team of professionals are equipped—and trusted by Microsoft—to counsel clients throughout each stage of the compliance process.
Leveraging BDO’s full suite of cybersecurity and data privacy services, we can help you understand the evolving SSPA program, educate and coach on security and privacy gaps, and maximize the engagement to support ongoing data protection efforts—beyond SSPA.

BDO’s Proven Process for SSPA Independent Assessments:
  1. Microsoft requests SSPA Data Protection Requirements (DPR) self-attestation from Supplier
  2. Supplier completes and submits self-attestation to Microsoft
  3. Microsoft reviews Supplier’s self-attestation and requires an Independent Assessment
  4. BDO works with Supplier to determine scoping, pricing and timing of Independent Assessment
  5. BDO provides Supplier with an artifact and inquiry request list to prepare for the Independent Assessment
  6. BDO schedules Independent Assessment inquiry and artifact inspection dates
  7. BDO performs Independent Assessment inquiries and artifact inspections (can typically be performed remotely)
  8. BDO provides a list of identified compliance gaps for Supplier’s remediation (as-needed)
  9. BDO completes Independent Assessment artifact inspections
  10. BDO provides client with Independent Assessment letter
  11. Supplier provides Independent Assessment letter to Microsoft
  12. BDO is available throughout the year for ongoing support and questions regarding SSPA compliance