SSPA

The Supplier Security and Privacy Assurance (SSPA) Program delivers Microsoft's data processing instructions, through the Microsoft Supplier Data Protection Requirements (DPR), to suppliers working with Personal Data and/or Microsoft Confidential Data. SSPA drives compliance to these requirements through an annual compliance cycle; for new suppliers, work cannot start until this is complete. If a supplier is processing Personal Data and/or Microsoft Confidential Data, they will partner with their business sponsor to enroll in the SSPA Program. Suppliers may also be selected to provide independent assurance by completing an assessment against the DPR.

MS SSPA Requirements

Enrolling in Microsoft’s Supplier Privacy and Assurance Standards program
Understanding and attesting to Microsoft’s Data Protection Requirements (DPR)
Completing an independent assessment against the DPR
Renewing compliance tasks annually for continuous compliance with SSPA