Supplier privacy & assurance standards
Strong privacy and security practices are critical to our mission, essential to customer trust, and required by law in several jurisdictions. The standards captured in Microsoft’s privacy and security policies reflect our values as a company, and extend to suppliers who handle Microsoft data on our behalf.
Supplier Security and Privacy Assurance (SSPA) is Microsoft’s corporate program to deliver Microsoft’s data processing instructions to our suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR). SSPA drives compliance to these requirements through an annual compliance cycle; for new suppliers, work cannot start until this is complete. If a supplier is processing Microsoft Personal and/or Confidential data, they will partner with their business sponsor to enroll in the SSPA program. Suppliers may also be selected to provide independent assurance by completing an assessment against the DPR.
The DPR includes a requirement to provide privacy and security awareness training. Companies may download this training storyboard outline to customize for their own purposes. Microsoft provides privacy awareness materials for informational purposes only. Nothing in this material is intended to reflect Microsoft’s internal policies or privacy programs, or to provide legal advice to the recipient. If the recipient uses these materials for its own internal purposes, such use should be in consultation with the recipient’s privacy compliance experts and legal counsel.
Microsoft Supplier Data Protection Requirements (DPR), SSPA Program Guide, and Preferred Assessors List
Explore the DPR to understand requirements for Microsoft Personal and/or Confidential data and learn more about the SSPA program through the program guide. The current DPR is available below in multiple languages, these documents are refreshed annually in November.
Privacy Fundamentals 101 training
We need data to innovate. Customers will only give us their data if they trust us. That’s why we have to get privacy and security right.
SSPA Preferred Assessors List
Companies on this list have been vetted by Microsoft Procurement to perform a Microsoft Supplier Data Protection Requirements independent assessment. These companies understand the Microsoft Suppler Data Protection, will provide competitive pricing and are qualified to perform a SSPA assessment.
SSPA Program Guide
Learn more about the SSPA program through the program guide (located above).
Microsoft Privacy Resources
Privacy at Microsoft
At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. We are doing this by building an intelligent cloud, reinventing productivity and business processes and making computing more personal. In all of this, we will maintain the timeless value of privacy and preserve the ability for you to control your data.
Microsoft Trust Center
The future is in the Trusted Cloud. We built our Trusted Cloud on four foundational principles: security, privacy, compliance, and transparency.
Microsoft Privacy Statement
Your privacy is important to us. This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.