Organizations who are or want to become a Microsoft vendor must meet the Supplier Security Privacy Assurance Program (SSPA) requirements. This program requires that any vendor that collects, stores, or processes Microsoft customer, partner or employee information meet the reporting requirements.
The Microsoft SSPA Attestation reporting guidelines group vendors into three categories, “High Business Impact,” “Moderate Business Impact,” and “Low Business Impact.” Businesses that are considered “High Business Impact” must submit a letter of attestation from an approved third-party within 90 days of submission of the annual Microsoft Personal Information Inventory.
Organizations are considered “High Business Impact” if the organization handles the following types of Microsoft data:
- Authentication/authorization credentials
- Financial transaction data
- Financial profiles
- Medical profiles
Why Choose A-LIGN?
- As a licensed CPA firm and approved third-party assessor, A-LIGN can help your organization meet the SSPA Attestation requirements.
- A-LIGN will provide your business with a team of privacy, security, and compliance professionals who will assist you in understanding and meeting the Microsoft SSPA guidelines.
- We will provide you with both a practitioner’s report addressing the assessment criteria, and complete the letter of attestation to ensure you can meet the guidelines.
A-LIGN will hold a strategic discussion with your organization and gather information to thoroughly determine your organization’s unique needs regarding Microsoft SSPA Attestation.