Skip to main content

Microsoft Supplier Security & Privacy Assurance Program (SSPA) Consulting Advisory | Assessments | Data Protection Requirements (DPR)

Microsoft Supplier Requirements

Centris offers numerous services relating to Microsoft’s Supplier Security & Privacy Assurance Program (SSPA) Supplier Data Protection Requirements (MS DPR), including gap assessments, remediation services, independent reports, and more. A large part of complying with the MS DPR provisions within Microsoft’s SSPA is contingent upon having well-formalized, documented data privacy and information security policies, procedures, and processes – measures that Centris can assist with.

Microsoft SSPA DPR Help When You Need it Most

Centris offers comprehensive services for helping suppliers meet all applicable ‘sections’ as outlined in the Microsoft Supplier Data Protection Requirements (MS DPR).

Choice and Consent:

Centris can develop all required data privacy policies, procedures, and processes relating to the ‘consent’ requirements. Specifically, Centris can help suppliers in developing documentation that shows evidence of choice and consent measures in place.

Collection:

Centris can develop all required data privacy policies, procedures, and processes relating to the ‘collection’ requirements. Specifically, Centris can help suppliers in developing documentation that shows evidence of collection measures in place.

Retention:

Centris can develop data retention and disposal policies, procedures, and processes and any other retention documentation as needed.

Data Subjects:

Data subjects have far-reaching rights as outlined by the MS DPR – and other data privacy regulations. As such, Centris can develop all required data subjects rights policies, procedures, and processes.

CENTRIS

Leaders in Security & Regulatory Compliance

Risk Strategies & Methodologies
Risk management planning reduces exposure to a wide-range of issues that could have detrimental effects on a business. Not knowing, planning, or responding to risks and related issues can leave an organization with few options in combating risks when they actually surface.
Strategic Planning & Integration
Every organization is moving towards a digitized business model, so isn’t it time to strategize on some of the most critically important elements for your business?
Regulatory Compliance Experts
Build scalable, adaptable, and efficient compliance solutions for increased organizational efficiency, while also improving core InfoSec, cybersecurity, operational and data privacy controls and best practices.

Microsoft Supplier Data Protection Requirements


Per Microsoft, “The Microsoft Supplier Data Protection Requirements” apply to each Microsoft supplier that Processes Personal Data or Microsoft Confidential Data in connection with that supplier’s performance (e.g., provision of services, software licenses, cloud services) under the terms of its contract with Microsoft.” When reading the details of the MS DPR document, it’s full of requirements pertaining to data subject rights and information security.

Disclosure to Third-Parties:

With strict provisions mandated on suppliers regarding disclosure to third-parties, Centris can develop a comprehensive Third-Party Risk Management (TPRM) program for ensuring all required MS DPR mandates for ‘Disclosure to Third Parties’ are being met.

Monitoring and Enforcement:

Centris can develop an incident response plan that includes measures for identifying and responding to incidents, along with numerous other supporting measures.

Security:

Per the MS DPR, “The supplier must establish, implement, and maintain an information security program that includes policies and procedures…”. Centris can develop all required information security and cybersecurity policies, procedures, and processes. From access control to vulnerability management, whatever the InfoSec requirement is per the MS DPR, we have you covered. To be clear, Section J (Security) of the MS DPR is the most comprehensive and in-depth set of requirements put forth on suppliers. With Centris, we offer a full lifecycle of services for developing all required information security measures.

With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programsdata governancedata mappingPIADPIAGDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.

"The scope of the SSPA Program covers all suppliers globally that process Personal Data or Microsoft Confidential Data in connection with that supplier’s performance under the terms of its contract with Microsoft."
- Microsoft

Why Centris for Microsoft Supplier Data Protection Requirements Assistance?

  • Proven methodology that’s quick, comprehensive, and with fixed-fee pricing.
  • Experts at remediating privacy and security gaps, along with documentation deficiencies.
  • Deep experience in working with all industries and sectors relating to privacy and security.

Additional Related Services


    Protect Your Digital Systems & Ensure Compliance at All Levels

    From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.