Blog

SSPA  section K AI systems requirement - balancing balls

Supplier Security & Privacy Assurance (SSPA) Program Guide: Understanding the new Section K requirements

In a rush..

Microsoft has updated its SSPA requirements. Suppliers who are part of the SSPA program are now required to be assessed (self or independent) against the new version 10 data protection requirements (DPRs).

One of the most significant differences from version 9 is the introduction of DPRs targeted at artificial intelligence (AI). Section K, ‘AI Systems’, has seventeen new requirements.

If you are a Microsoft supplier, and you provide services to Microsoft involving ‘AI Systems’, including using tools, systems, or platforms with AI Technology to train and build intelligent systems to create entirely new content such as images, sounds, videos, insights, analysis, and/or text, you will need to address Section K.

This supplier profile requires that you have specific AI Systems terms in place with Microsoft. It automatically triggers the requirement for an independent assessment of compliance.

Call us for more in depth guidance.

Microsoft SSPA DPRs version 10 coming! What you need to know.

Learn about the new Microsoft SSPA data protection requirements (DPRs)

comparison chart screenshot

SSPA DPRs version 9. What you need to know.

Microsoft updates its SSPA data protection requirements (DPRs) to version 9. What you need to know.

GDPR for Marketers online training course

GDPR for Marketing Practitioners online course

New 3-hour online course for marketing practitioners to all things GDPR. Hosted by The Chartered Institute of Marketing (CIM) and delivered by the Head of iCompli, this is an essential course for anyone working in marketing.

SSPA assessment portal and evidence vault

New iCompli SSPA assessment ‘portal’

Reduce time and effort with our new SSPA evidence vault. 

sspa-audit-evidence-checklist

How to ace your external Microsoft SSPA assessment

SSPA assessment key to success

Have you been asked to independently verify your SSPA compliance? Are you a small, agile company that does not really have a lot of documented processes and procedures?

If you are, please read on, we have some useful advice for you.

sspa-audit-evidence-checklist

Remote SSPA assessment challenges tackled

Whilst COVID-19 means we may be working from home, the need to manage the Microsoft supply chain has not changed. Our clients are still being challenged with meeting the compliance requirements set out in the Microsoft Supplier Security & Privacy Assurance Program (SSPA). The assessment deadlines are still in place as is the need for some, to have a third-party attestation of compliance to the Data Protection Requirements (DPRs).

SSPA-data-protection-requrements-microsoft

Microsoft's SSPA and DPR Explained

Guide to the Supplier Security and Privacy Assurance (SSPA) programme audit requirements

gdpr-legitimate-interests-personal-data

Lead Generation from Publicly Available Data

Using legitimate interests and balancing tests for the personal data you find in the public domain...

EU, Brexit and data protection

Data Protection Brexit Planning

What’s happening, what do I need to do, where can I get more information?