How can we do business with Microsoft?

Procurement processes at Microsoft have become increasingly streamlined. This means that we can focus on what is most important: developing relationships with compliant, capable, competitive suppliers that enable us to address our priorities and goals successfully. The policies, guidelines, and program information on this page are central to contracting with Microsoft.

Supplier Security and Privacy Assurance (SSPA)

Strong privacy and security practices are critical to our mission, essential to customer trust, and required by law in several jurisdictions. The standards captured in Microsoft’s privacy and security policies reflect our values as a company, and extend to suppliers who handle Microsoft data on our behalf.

Supplier Security and Privacy Assurance (SSPA) is Microsoft’s corporate program to deliver Microsoft’s data processing instructions to our suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR). SSPA drives compliance to these requirements through an annual compliance cycle; for new suppliers, work cannot start until this is complete. Suppliers may also be selected to provide independent assurance by completing an assessment against the DPR.

The DPR includes a requirement to provide privacy and security awareness training. Companies may download this training storyboard outline to customize for their own purposes. Microsoft provides privacy awareness materials for informational purposes only. Nothing in this material is intended to reflect Microsoft’s internal policies or privacy programs, or to provide legal advice to the recipient. If the recipient uses these materials for its own internal purposes, such use should be in consultation with the recipient’s privacy compliance experts and legal counsel.

Download Privacy Fundamentals 101 training >

Learn more, review the Microsoft SSPA Program Guide. Do you have an independent assessment action? If yes, review the SSPA Program Guide Supplement to learn about the Microsoft preferred assessor list. Are you an enrolled supplier? Go to the Microsoft Supplier Compliance Portal. Have additional questions? Contact

Microsoft Supplier Data Protection Requirements

Requirements for the protection of personally identifiable information and Microsoft product information.

Master Supplier Services Agreement (MSSA)

If a contract is required by Microsoft, this must be executed by Microsoft and the supplier prior to doing work. This is an overarching agreement. After the supplier has signed this agreement, only business-specific statements of work (SOW) or purchase orders (PO) are needed. Having a uniform agreement in place helps ensure that Microsoft and the supplier can consistently rely on certain aspects of their relationship without discussion or concern.

Download the Master Supplier Services Agreement >