MS SSPA Icon

Achieve and Maintain Compliance With Microsoft SSPA Standards

Get and stay Microsoft SSPA compliant to maintain your Microsoft supplier and partner status.

Continuously test controls to comply with Microsoft SSPA Requirements

Streamline Microsoft SSPA to Meet Contractual Requirements

As part of its overall commitment to security and privacy, Microsoft requires suppliers to provide an annual Supplier Security and Privacy Assurance (SSPA) report proving they follow the Microsoft Supplier Data Protection Requirements (DPR).


With Drata’s platform, you can get compliant faster because we provide visibility into additional controls you need to implement, and monitor whether controls function as intended. You can provide our shareable security report to auditors or Microsoft, giving them at-a-glance visibility into your security-first approach.

Streamline Microsoft SSPA Compliance To Meet Contractual Requirements Image
Optimize revenue from Microsoft contracts by reducing compliance costs

Use a Simple, Central Platform for SSPA Monitoring

Manual processes and audit documentation can reduce the value of your Microsoft contract. Save time and increase revenue by centralizing all monitoring activities and documentation within Drata’s easy-to-use platform.


Using our shared controls framework, you can map your existing controls from other frameworks, like ISO 27001, to Microsoft SSPA. Our central readiness dashboard provides quick visibility into compliance gaps so that you know what actions to take to achieve your business objectives. 

Use A Simple, Central Platform For SSPA Monitoring And Documentation Image
Customize controls to respond to Microsoft group engagement requests

Map Custom Controls to Automate Testing and Document Efforts

In some cases, suppliers may have to meet additional organizational level requirements outside the SSPA. The Microsoft group responsible for the engagement communicates these with the supplier. You can create customized controls with Drata to respond to these requests and document your activities.


When you map your custom controls to our automated tests, you can continuously monitor and document your compliance efforts as you iterate your program. Leveraging our Jira integration, you delegate and track compliance-related tasks to ensure you have robust governance over processes. 

SSPA - Create And Map Custom Controls To Automated Tests Image
Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality.
Jonathan Jaffe-Lemonade-pl1hsmgs4v19wk5yps2425mwmo8l8dsvzt7qn25wn4

Jonathan Jaffe

CISO

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality.
Jonathan Jaffe-Lemonade-pl1hsmgs4v19wk5yps2425mwmo8l8dsvzt7qn25wn4

Jonathan Jaffe

CISO

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality.
Jonathan Jaffe-Lemonade-pl1hsmgs4v19wk5yps2425mwmo8l8dsvzt7qn25wn4

Jonathan Jaffe

CISO

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Drata also worked to understand our audit needs and matched us with an auditor who has been terrific. Drata is a luxury limousine for your compliance journey.
Headshot - Joshua Peskay

Joshua Peskay

vCIO

Having centralized and detailed visibility of all our personnel, assets, and being able to see what compliance requirements need our attention has streamlined the entire process.
Headshot - Lola Kureno

Lola Kureno

Cyber Security Engineer

Drata helped us to seamlessly transition into a fully integrated compliance program and was essential to our SOC 2.
Diana Cohen

Diana Cohen

Head of Legal & Compliance

The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality.
Jonathan Jaffe-Lemonade-pl1hsmgs4v19wk5yps2425mwmo8l8dsvzt7qn25wn4

Jonathan Jaffe

CISO

The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!
The quality and philosophy of support at Drata are unparalleled. Drata is superb in usability, design and integrations.
Headshot - David Caughill

David Caughill

DevOps Engineer

Logo - RoundTable Technology
Logo - INE
Lilt logo
Lemonade Logo
NextED-padding
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
Lilt logo
Lemonade Logo
NextED-padding
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
Lilt logo
Lemonade Logo
NextED-padding
Logo - Red Rover
Logo - RoundTable Technology
Logo - INE
Lilt logo
Lemonade Logo
NextED-padding
Logo - Red Rover

Join the thousands of companies that trust Drata

Abnormal Logo
Airbase
BambooHR Logo
BigID Logo
Clearbit Logo
Clearco Logo
Fivetran Logo
Lemonade Logo
Notion Logo
SoFi Logo
Vercel Logo
Wordpress VIP

What's Included With Microsoft SSPA

Everything you need to comply with Microsoft Supplier Security and Privacy Assure Programs (SSPA).

Continuous Control Monitoring Icon

Continuous Monitoring

Drata displays the necessary requirements associated with Microsoft SSPA. We always stay up-to-date on the latest information, so you don’t have to worry about falling out of compliance.

Readiness Dashboard

One Central Dashboard

Our Framework Readiness Dashboard tracks the real-time progress you're making toward your framework requirements and controls, so you always know where you stand.

Customization to Meet Your Needs

Customization for Your Needs

Microsoft SSPA can be customized to meet the needs of your business through features like custom controls and mapping automated tests to controls.

Shared Controls

Shared Controls

Make immediate progress toward your Microsoft SSPA framework by implementing controls already enabled for your other frameworks.

World Class Support

Trusted Advisors

Every customer receives access to former auditors, solution architects, and compliance advisors. You’ll have a trusted team to answer your questions.

One Complete Solution

One Complete Solution

Compliance made easy. Build, manage, maintain, and automate all your GRC needs in a single platform.

The Latest Resources

Blog

Frameworks-Blog-Image-1200-x-628@2x-1-2048x1072

New Frameworks: CCPA, ISO 27701, & More

We've added frameworks to the Drata platform including CCPA, ISO 27701, Microsoft SSPA, NIST CSF, NIST 800-171, NIST 800-53, CMMC, and FFIEC.

Learn More

Blog

How-to-Manage-Data-Privacy-With-a-Lean-Team

7 Tips to Manage Data Privacy With a Lean Team

Many organizations rely on one or two people for all data privacy responsibilities. Here are seven tips on prioritizing your initiatives.

Learn More

Blog

Blog-Featured-Images-25

What is Vulnerability Scanning? + Frequently Asked Questions

Vulnerability scanning is a key control within most security frameworks. Here's everything you need to know about vulnerability scanning.

Learn More

Frequently Asked Questions About Microsoft SSPA

Microsoft SSPA is not a law it is a requirement by Microsoft from suppliers that process any crucial information.

Any vendor that processes what Microsoft considers as Microsoft Personal Data or Microsoft Confidential Data must be SSPA compliant.

Microsoft Personal Data includes:

  • Sensitive data (government identifiers, location data, health data, ethnic origin, etc.)

  • Customer content data

  • Captured and generated data

  • Account data

  • End-user pseudonymized information (Identifiers created by Microsoft to identify users of Microsoft products and services)

  • Online customer data

Yes, with Drata's custom control feature, you can create controls for each framework based on your individual scope of work.

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.

Connect

Easily integrate your tech stack with Drata.

Configure

Pre-map auditor validated controls.

Comply

Begin automating evidence collection.

Put Compliance on Autopilot

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.