Streamline Microsoft SSPA to Meet Contractual Requirements
As part of its overall commitment to security and privacy, Microsoft requires suppliers to provide an annual Supplier Security and Privacy Assurance (SSPA) report proving they follow the Microsoft Supplier Data Protection Requirements (DPR).
With Drata’s platform, you can get compliant faster because we provide visibility into additional controls you need to implement, and monitor whether controls function as intended. You can provide our shareable security report to auditors or Microsoft, giving them at-a-glance visibility into your security-first approach.
Use a Simple, Central Platform for SSPA Monitoring
Manual processes and audit documentation can reduce the value of your Microsoft contract. Save time and increase revenue by centralizing all monitoring activities and documentation within Drata’s easy-to-use platform.
Using our shared controls framework, you can map your existing controls from other frameworks, like ISO 27001, to Microsoft SSPA. Our central readiness dashboard provides quick visibility into compliance gaps so that you know what actions to take to achieve your business objectives.
Map Custom Controls to Automate Testing and Document Efforts
In some cases, suppliers may have to meet additional organizational level requirements outside the SSPA. The Microsoft group responsible for the engagement communicates these with the supplier. You can create customized controls with Drata to respond to these requests and document your activities.
When you map your custom controls to our automated tests, you can continuously monitor and document your compliance efforts as you iterate your program. Leveraging our Jira integration, you delegate and track compliance-related tasks to ensure you have robust governance over processes.
What's Included With Microsoft SSPA
Everything you need to comply with Microsoft Supplier Security and Privacy Assure Programs (SSPA).
Continuous Monitoring
Drata displays the necessary requirements associated with Microsoft SSPA. We always stay up-to-date on the latest information, so you don’t have to worry about falling out of compliance.
One Central Dashboard
Our Framework Readiness Dashboard tracks the real-time progress you're making toward your framework requirements and controls, so you always know where you stand.
Customization for Your Needs
Microsoft SSPA can be customized to meet the needs of your business through features like custom controls and mapping automated tests to controls.
Shared Controls
Make immediate progress toward your Microsoft SSPA framework by implementing controls already enabled for your other frameworks.
Trusted Advisors
Every customer receives access to former auditors, solution architects, and compliance advisors. You’ll have a trusted team to answer your questions.
One Complete Solution
Compliance made easy. Build, manage, maintain, and automate all your GRC needs in a single platform.
The Latest Resources
Blog
New Frameworks: CCPA, ISO 27701, & More
We've added frameworks to the Drata platform including CCPA, ISO 27701, Microsoft SSPA, NIST CSF, NIST 800-171, NIST 800-53, CMMC, and FFIEC.
Blog
7 Tips to Manage Data Privacy With a Lean Team
Many organizations rely on one or two people for all data privacy responsibilities. Here are seven tips on prioritizing your initiatives.
Frequently Asked Questions About Microsoft SSPA
Is Microsoft SSPA a law?
Microsoft SSPA is not a law it is a requirement by Microsoft from suppliers that process any crucial information.
How do I know if I need to comply with Microsoft SSPA?
Any vendor that processes what Microsoft considers as Microsoft Personal Data or Microsoft Confidential Data must be SSPA compliant.
How does Microsoft define Personal Data?
Microsoft Personal Data includes:
Sensitive data (government identifiers, location data, health data, ethnic origin, etc.)
Customer content data
Captured and generated data
Account data
End-user pseudonymized information (Identifiers created by Microsoft to identify users of Microsoft products and services)
Online customer data
Can I create controls for each of the requirements?
Yes, with Drata's custom control feature, you can create controls for each framework based on your individual scope of work.
Automate Your Journey
Drata's platform experience is designed by security and compliance experts so you don't have to be one.
Connect
Easily integrate your tech stack with Drata.
Configure
Pre-map auditor validated controls.
Comply
Begin automating evidence collection.
Put Security & Compliance on Autopilot®
Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.
