Microsoft SSPA Attestation

The Supplier Security and Privacy Assurance Program is a Microsoft initiative designed to standardize and strengthen the handling of Microsoft customer, partner, and employee personal information by all Microsoft vendors worldwide. All Microsoft vendors who collect, store or process customer, partner or employee personal information are required to comply with the program. These requirements are detailed in the Microsoft Vendor Data Protection requirements.

Reporting requirements are based on a three-tier rating system. All vendors complete an annual questionnaire, with those vendors handling Moderate Business Impact personal information being required to submit a self-certification and those vendors handling High Business Impact personal information being required to submit a third-party letter of attestation from a licensed CPA firm confirming compliance.

360 Advanced is a boutique, registered CPA firm qualified to complete Microsoft Vendor Privacy engagements. We provide vendor privacy assessment, advisory and attestation services.

Contact us today!