Microsoft Supplier Security and Privacy Assurance (SSPA) Program

If you provide services or products to Microsoft, or plan to in the near future, then you need to complete a Supplier Security and Privacy Assurance (SSPA) Data Protection Requirements (DPR) assessment. The SSPA DPR program is an initiative to improve and strengthen the security, transmission and reporting of data across all Microsoft suppliers that process Microsoft Personal Information or Microsoft Confidential Information as part of the execution of an active Master Supplier Services Contract. RSM is a Microsoft-qualified provider of these services and can help you navigate the requirements in a scalable fashion.

    RSM provides an SSPA DPR assessment that offers a scalable and efficient approach for your company. RSM will provide a report with results for each applicable control to help your organization evaluate areas of strength and potential weakness. Our SSPA DPR assessment approach includes:

    • Evaluation of SSPA DPR applicability
    • Policy and procedures reviews and updates
    • Data classification reviews
    • A letter asserting whether or not your organization is compliant, to be shared with Microsoft


    Microsoft SSPA Program

    Microsoft SSPA Process Flow

    Requirements for suppliers

    The RSM advantage

    RSM is focused on the middle market, with the experience to adapt our assessment to your organization’s specific size, level of security and regulatory demands. Our depth of industry experience and security services allows us to design pragmatic recommendations that allow you to work with one advisor to develop a clear, cohesive cybersecurity strategy.

    Our experience in performing a wide range of cyber governance assessment and advisory projects means that our solutions can have an immediate impact on your security and risk posture, with actionable results that support the needs of your stakeholders from both a technology and executive management perspective.

    Contact us

    Information on the handling of the data entered here can be found in our data protection declaration.


    Dr. Oliver Bungartz

    Partner - RAS, Hamburg


    Scan the QR code to save the contact details.

    Gregor Strobl

    Partner - RAS, Hamburg


    Scan the QR code to save the contact details.

    Internet Explorer 11 is not supported.

    We have detected that you are using an outdated browser. We recommend that you use an up-to-date browser to increase your security and to be able to use all the functions of the RSM website.

    We recommend the following browsers: