All suppliers partnering with Microsoft need to meet an enterprise-wide set of requirements in security and privacy. These are governed by the Microsoft Supplier Security and Privacy Assurance (SSPA) program.

The Microsoft Supplier Data Protection Requirements (DPR) apply to all Microsoft suppliers processing Personal Data and/or Microsoft Confidential Data as part of their services provided to Microsoft.

Suppliers have to confirm their compliance to these requirements annually. Their Data Processing Profile selection will determine the services a supplier may be eligible for and influence the applicability of DPR requirements. Some profile combinations require the Supplier to get an independent verification on their compliance with the DPR.

As a Microsoft Preferred Assessor, Compasso specializes in SSPA Independent Assessments.

During the assessment process we review your profile selection in connection with the services provided and assess your compliance with each of the applicable DPR items.

The length of the assessment may vary based on the number of applicable controls, but also on the readiness and availability of your documentation and processes. Additional assurance documentation, like an ISO27001 certification, may also reduce the time required.