Skip to main content
Case studies

Microsoft SSPA

Microsoft SSPA Case Study

Requirement

Assist a large Microsoft supplier for ensuring it was fully compliant with Microsoft’s Supplier Security and Privacy Assurance (SSPA) program as prescribed by the Microsoft Supplier Data Protection Requirements (DPR).

Issues

The supplier recently began working with Microsoft, and because they process data deemed confidential by Microsoft, they wanted assurances they were fully compliant, and if not, expert consulting and advisory services for remediating any gaps or issues found - and immediately.

Additional issues for the client

No Experience with Compliance at this Level: Microsoft immediately became their biggest client, but they were also unprepared for many of Microsoft’s strict compliance requirements as noted in the MS DPR. They had worked with large corporations before, but never an organization as large as Microsoft. Naturally, they had real concerns about meeting all of Microsoft’s strict SSPA/DPR measures.

No Security Documentation: The client had hardly any existing information security policies and procedures. Additionally, they had not formalized any programs or plans relating to incident response, contingency planning, and other critical IT areas as needed for the MS DPR requirements.

No Privacy Documentation: Additionally, the client had no formalized policies and procedures relating to data privacy, and no data privacy program measures in place that were documented.

Unclear Roadmap: The client was also unsure of where to even begin in terms of such a daunting compliance project. There were different opinions and recommendations, all of which had a number of challenges.

Solution

Centris deployed a team of experts specializing in the Microsoft Supplier Data Protection Requirements (DPR) program that successfully accomplished the following:

  • Performed a comprehensive gap analysis for determining areas requiring remediation and other necessary measures.
  • Defined project scope and client participation in terms of developing an action-plan for remediation.
  • Completely reviewed all current information security, cybersecurity, and data privacy policy documentation, making necessary updates as required.

Outcome

  • Built and deployed an all-new set of information security and cybersecurity policies, procedures, and processes as required by Microsoft’s DPR.
  • Created a true culture of compliance where employees now understand and value information security, cybersecurity, data privacy and the importance of protecting consumer information.
  • Implemented a continuous monitoring program for ensuring data privacy controls are properly monitored long after the consultants are gone.

Duration: 5 Months

Get the case study

Download the case study
Why Centris
As an internationally recognized business consulting firm, our highly trained employees work in every conceivable industry/sector in the global business arena. Centris has the knowledge and expertise you need for solving the challenges you’re facing. Our professionals are at the forefront of many of today’s most pressing risk, privacy, cybersecurity and compliance issues affecting organizations. We have a deep bench of talented professionals ready to go to work for you.
Ready to talk?