Microsoft Supplier Security & Privacy Assurance Program (SSPA) Consulting Advisory | Assessments | Data Protection Requirements (DPR)
Microsoft Supplier Requirements
Centris offers numerous services relating to Microsoft’s Supplier Security & Privacy Assurance Program (SSPA) Supplier Data Protection Requirements (MS DPR), including gap assessments, remediation services, independent reports, and more. A large part of complying with the MS DPR provisions within Microsoft’s SSPA is contingent upon having well-formalized, documented data privacy and information security policies, procedures, and processes – measures that Centris can assist with.
Microsoft SSPA DPR Help When You Need it Most
Choice and Consent:
Centris can develop all required data privacy policies, procedures, and processes relating to the ‘consent’ requirements. Specifically, Centris can help suppliers in developing documentation that shows evidence of choice and consent measures in place.
Collection:
Centris can develop all required data privacy policies, procedures, and processes relating to the ‘collection’ requirements. Specifically, Centris can help suppliers in developing documentation that shows evidence of collection measures in place.
Retention:
Centris can develop data retention and disposal policies, procedures, and processes and any other retention documentation as needed.
Data Subjects:
Data subjects have far-reaching rights as outlined by the MS DPR – and other data privacy regulations. As such, Centris can develop all required data subjects rights policies, procedures, and processes.
CENTRIS
Leaders in Security & Regulatory Compliance
Microsoft Supplier Data Protection Requirements
Per Microsoft, “The Microsoft Supplier Data Protection Requirements” apply to each Microsoft supplier that Processes Personal Data or Microsoft Confidential Data in connection with that supplier’s performance (e.g., provision of services, software licenses, cloud services) under the terms of its contract with Microsoft.” When reading the details of the MS DPR document, it’s full of requirements pertaining to data subject rights and information security.
Disclosure to Third-Parties:
With strict provisions mandated on suppliers regarding disclosure to third-parties, Centris can develop a comprehensive Third-Party Risk Management (TPRM) program for ensuring all required MS DPR mandates for ‘Disclosure to Third Parties’ are being met.
Monitoring and Enforcement:
Centris can develop an incident response plan that includes measures for identifying and responding to incidents, along with numerous other supporting measures.
Security:
Per the MS DPR, “The supplier must establish, implement, and maintain an information security program that includes policies and procedures…”. Centris can develop all required information security and cybersecurity policies, procedures, and processes. From access control to vulnerability management, whatever the InfoSec requirement is per the MS DPR, we have you covered. To be clear, Section J (Security) of the MS DPR is the most comprehensive and in-depth set of requirements put forth on suppliers. With Centris, we offer a full lifecycle of services for developing all required information security measures.
With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programs, data governance, data mapping, PIA, DPIA, GDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.
"The scope of the SSPA Program covers all suppliers globally that process Personal Data or Microsoft Confidential Data in connection with that supplier’s performance under the terms of its contract with Microsoft."
Why Centris for Microsoft Supplier Data Protection Requirements Assistance?
- Proven methodology that’s quick, comprehensive, and with fixed-fee pricing.
- Experts at remediating privacy and security gaps, along with documentation deficiencies.
- Deep experience in working with all industries and sectors relating to privacy and security.
Additional Related Services
Protect Your Digital Systems & Ensure Compliance at All Levels
From robust security and compliance solutions to risk analysis and corporate strategy - partner with CENTRIS for enterprise resilience.