Microsoft SSPA

Demonstrate that your business meets the privacy and security principles required to become a Microsoft vendor with a Microsoft SSPA attestation.

Do you work with Microsoft? Are your security and privacy considerations up to their standards? As a Microsoft Preferred Assessor, A-LIGN has the experience needed to address any of your Microsoft SSPA needs.

Penetration Testing

Leverage ISO 27001 + ISO 27701 to Meet Your Microsoft SSPA Requirements

Microsoft requires that all vendors meet the requirements within the Supplier Security and Privacy Assurance Program (SSPA). This program requires that any vendor that collects, stores, or processes customer, partner, or employee information meet the reporting requirements.

Together the ISO 27001 and ISO 27701 certifications can satisfy the requirements of Microsoft SSPA. These two certifications provide the controls and guidance required for establishing, implementing, maintaining, and continually improving an organization’s privacy information management system (PIMS).

The Benefits of a Microsoft SSPA Attestation:

  • Ensures your Microsoft supplier access is not revoked and business operations are not disrupted
  • Accelerates your revenue and market growth, and helps differentiate your business
  • Provides your customers with the assurance that you have the controls in place to protect their data
  • Assures Microsoft and your clients that your organization meets the privacy and security safeguard requirements set by Microsoft

Microsoft SSPA Services

ISO 27001 + ISO 27701 Certification
Microsoft SSPA Assessment

ISO 27001 + ISO 27701 Certification

ISO 27001 Audit: We review your company’s documentation to confirm that it follows the ISO 27001 standard and check to see that required activities have been completed in Stage 1. During Stage 2 we will test and confirm that your system is conformed to the ISO 27001 standard.

Adding ISO 27701:  As an extension to ISO 27001, this assessment provides the requirements and guidance for establishing, implementing, maintaining and continually improving your organization’s PIMS.

At the completion of the audit a certification will be provided, valid for three years upon completion.

Microsoft SSPA Assessment

We review your organizational controls as they relate to Microsoft’s Supplier Data Protection Requirements (DPR). This includes identification of any gaps against the requirements along with remediation recommendations. At the end of the assessment a practitioner’s report will be provided, valid for one year upon completion.



1K+ ISO Assessments
450+ ISO 27001 Clients
94% Client Satisfaction

It’s been a great experience working with A-LIGN on Microsoft SSPA, and I sincerely appreciate the responsiveness and attention to detail throughout.”

S&P 500 Management Consulting Company

Get started with A-LIGN

Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.