Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

Microsoft’s Supplier Security and Privacy Assurance (SSPA)

Microsoft’s SSPA program requires vendors that process Microsoft personal and/or confidential information to comply with Microsoft’s Data Protection Requirements (DPR) on an annual basis.

Contact an SSPA Specialist Understanding the Cost of MS DPR

SOC for Cyber Middle

Why MS DPR?

If your organization is a current or aspiring Microsoft vendor, you’re probably familiar with the Microsoft Supplier Security and Privacy Assurance (SSPA) program (previously called the Vendor Privacy Assurance Program). You might be wondering what this requirement means for your business and what to expect during a Microsoft Data Protection Requirements (MS DPR) assessment.

SOC for Cyber Middle
Completing the Attestation Process

Completing the Attestation Process

Before the attestation, check the Data Protection Requirements (DPR) and make any necessary changes to meet the criteria. Your auditor will ask for some evidence to show that you’ve met these requirements, so be sure to keep some documentation of your work and controls. When the assessment is complete, you’ll be given a letter of attestation which you can submit to Microsoft. If you choose Schellman as an assessor, your auditor can point out areas for improvement and help you identify weaknesses in your current practice to avoid jeopardizing your Microsoft contract. If your organization is subject to other types of IT audits, discuss the option of combining the Microsoft DPR attestation with other audits or assessments to determine if there is an overlap in testing efforts or documentation to ease the burden of multiple audits.

Completing the Attestation Process
Considering a Readiness Assessment

Considering a Readiness Assessment

If you’re anticipating a requirement to provide a letter of attestation for the Microsoft DPR but aren’t yet prepared, Schellman can help you identify control gaps where your organization doesn’t meet the criteria with a readiness assessment. You’ll have an opportunity to identify potential issues before committing to a formal attestation. When you’ve remediated the gaps, your auditor can return to complete the formal attestation. A readiness assessment could also be a benefit if you’re currently bidding on a Microsoft contract and want to show your competitive, proactive approach to privacy compliance.

Wherever you are in compliance with the Microsoft Supplier Security and Privacy Assurance Program requirements, Schellman can help. Speak with an SSPA specialist about your organization’s Microsoft Supplier needs today.

Considering a Readiness Assessment

How much will your MS DPR assessment cost?

In this video, Debbie Zaller explains the cost for an MS DPR assessment as well as the two primary factors that could influence the price:

  1. The first factor is the requirements that are mandated by Microsoft.
  2. The other factor is the scope of services that are provided to Microsoft.

What to expect for your MS DPR Assessment

We begin each project with your end goals in mind and a thorough understanding of all key project activities. Effective communication and timely coordination throughout the engagement are central to our methodology with all clients.

Image

Planning and Kickoff

The first phase of any engagement is planning. This ensures that we’re aligned on the who, what, where, when, why, before we kick off any actual testing.

Proper planning is imperative to the success of the project and Schellman has standard frameworks and processes that clearly outline the “how” and help us accelerate the work for the collective team. Once we’ve aligned on planning and finalized any outstanding items, we’re ready to kick-off the engagement in earnest.

This upfront work helps minimize the likelihood of any last-minute changes to the project or team and gives you a reliable plan prior to the testing and on-site visit (if applicable).

Image

Testing and Gathering

Testing and gathering are core components of any compliance engagement. Based on our aligned agreement during the planning and kickoff phase, we’ll gather the evidence required to meet the objectives.

Schellman has a “no surprise” policy and has daily contact with the stakeholders during the testing and gathering activities. What’s more, Schellman documents everything in real time and even starts to draft the final deliverable as findings become evident. This allows us to provide you with the draft report as efficiently as possible at the conclusion of this phase.

Image

Reporting

The final phase of the engagement is reporting. But again, we focus our entire assessment process on the timely delivery of a final report that’s clear, concise, and accurate.

We consider the entire process and customize our final reports for each Client. You can expect your final report within 30 days of the conclusion of the Testing and Gathering phase.

Your SSPA (MS DPR) Specialist,
Chris Lippert

Chris is a Privacy Technical Lead and Senior Manager at Schellman based out of Atlanta, GA. With nearly a decade of experience in information assurance, Chris has a concentration in privacy-related engagements.

Lippert-1

 

Your SSPA (MS DPR) Specialist,
Chris Lippert

Chris is a Privacy Technical Lead and Senior Manager at Schellman based out of Atlanta, GA. With nearly a decade of experience in information assurance, Chris has a concentration in privacy-related engagements.

Contact Us

Fill out this form to talk with one of our specialists. We'll be in touch soon to continue the conversation and help you find what you're looking for.

Contact Us

Fill out this form to talk with one of our specialists. We'll be in touch soon to continue the conversation and help you find what you're looking for.