© 2019 RSM US LLP. All rights reserved.
Microsoft SSPA Audit Program
If you provide services or products to Microsoft, or plan to in the near future, then you need to complete a Supplier Security and Privacy Assurance (SSPA) Data Protection Requirements (DPR) assessment. The SSPA DPR program is an initiative to improve and strengthen the security, transmission and reporting of data across all Microsoft suppliers that process Microsoft Personal Information or Microsoft Confidential Information as part of the execution of an active Master Supplier Services Contract. RSM is a Microsoft-qualified provider of these services and can help you navigate the requirements in a scalable fashion.
RSM provides an SSPA DPR assessment that offers a scalable and efficient approach for your company. RSM will provide a report with results for each applicable control to help your organization evaluate areas of strength and potential weakness. Our SSPA DPR assessment approach includes:
- Evaluation of SSPA DPR applicability
- Policy and procedures reviews and updates
- Data classification reviews
- A letter asserting whether or not your organization is compliant, to be shared with Microsoft
The RSM advantage
RSM is focused on the middle market, with the experience to adapt our assessment to your organization’s specific size, level of security and regulatory demands. Our depth of industry experience and security services allows us to design pragmatic recommendations that allow you to work with one advisor to develop a clear, cohesive cybersecurity strategy.
Our experience in performing a wide range of cyber governance assessment and advisory projects means that our solutions can have an immediate impact on your security and risk posture, with actionable results that support the needs of your stakeholders from both a technology and executive management perspective.