Skip to main content
Please wait...

Microsoft SSPA


The Supplier Security and Privacy Assurance (SSPA) and Data Protection Requirement (DPR) previously known as the Vendor Privacy Assurance Program is an assessment for Microsoft suppliers/vendors who process their data on their behalf.

SSPA DPR assessment is an initiative taken by Microsoft for their suppliers to ensure that their data which is processed by Microsoft’s suppliers on their behalf is securely stored, transferred or processed. This assessment is required by the Microsoft to ensure that their vendors follow Microsoft’s security and privacy policy which reflect their values.

Microsoft will be sharing a link with the supplier organisation annually where you need to update the details about the data you collect, store or process on their behalf. Microsoft has divided these assessment into 3 categories according to the type of data handled by the supplier. The categories are High, medium and low business impact.


Does it apply to your organization?

SSPA attestation is applicable for all the companies who are the suppliers of Microsoft. One should get this assessment done if they are planning to get associated with Microsoft in future.


How can Riskpro help and what are the services offered by Riskpro?

Riskpro is a member of American Institute of Certified Public Accountants (AICPA) and highly qualified assessors who can do the assessments for your company. SSPA services provided by Riskpro are as follows:

SSPA Consulting

Riskpro will help you to understand the requirements of SSPA and help you to implement the controls in your company. It will ensure that all the controls are implemented as per the requirements of SSPA.

Gap assessment

Riskpro does gap assessments wherein a qualified assessor will visit your company and do a mock assessment of all the controls implemented in your company. This assessment will be in line with SSPA requirements and at the end of which the assessor will provide you with a list of gaps identified. You may fix all the gaps identified and prepare for the actual assessment. This will help you to assess the readiness of your company for the actual assessment.

SSPA assessment

A qualified assessor will visit your company and conduct a formal assessment on the controls implemented by you. This assessment will be conducted as per the requirements of the SSPA assessment expected by Microsoft. At the end of the assessment the assessor will provide you with a assessment report which will include all the controls audited and the assessor conclusions on the same. This report can be used an official document to certify that your company has completed the assessment successfully.


Contact us for SSPA Audit Report

To get an independent audit report for SSPA/DRP as per Microsoft requirement, please email at