Microsoft SSPA Attestation

Organizations who are or want to be a Microsoft vendor must meet the requirements within the Supplier Security and Privacy Assurance Program (SSPA). Formerly known as the Vendor Privacy Assurance Program, this program requires that any vendor that collects, stores, or processes customer, partner, or employee information meet the reporting requirements.

About Microsoft SSPA Attestation

The Microsoft SSPA Attestation reporting guidelines group vendors into three categories, “High Business Impact,” “Moderate Business Impact,” and “Low Business Impact.” Businesses that are considered “High Business Impact” must submit a letter of attestation from an approved third-party within 90 days of submission of the annual Microsoft Personal Information Inventory.

An approved third-party must be:

  • A member in good standing with the American Institute of Certified Public Accountants (AICPA) or the International Federation of Accountants (IFAC)
  • Qualified to conduct a GAPP assessment

Organizations are considered “High Business Impact” if the organization handles the following types of Microsoft data:

  • Authentication/authorization credentials
  • Financial transaction data
  • Financial profiles
  • Medical profiles

As a licensed CPA firm and approved third-party, A-LIGN can help your organization meet the Microsoft SSPA Attestation requirements through the following assessment activities:

  • Assessment of your organization’s controls as they relate to the Microsoft SSPA requirements
  • Identification of any gaps against the SSPA requirements
  • Issuance of the practitioner’s report, which addresses the following assessment criteria:
    • Management
    • Notice
    • Choice and Consent
    • Collection
    • Retention
    • Access
    • Disclosure to Third Parties
    • Quality
    • Monitoring and Enforcement
    • Security
  • Remediation recommendations based upon assessment and gap findings
  • Completion of the letter of attestation

Microsoft SSPA Attestation Solutions Tailored to Your Company

Choosing A-LIGN as your partner benefits your organization by:

  • Ensuring that your organization can meet the privacy and security principles set by Microsoft
  • Providing your organization with a team of privacy, security, and compliance professionals to assist you in understanding the Microsoft SSPA guidelines
  • Allowing your organization to conduct business with Microsoft

The A-LIGN Edge

Our customized compliance solutions and streamlined audit process allow you to meet all of your audit and compliance needs with a single service provider. One-stop shopping means a stress-free audit process for you, as you work with one team who understands the unique needs of your organization. See what our clients have to say:

Benefit from Our Expertise