SSPA

SSPA  section K AI systems requirement - balancing balls

Supplier Security & Privacy Assurance (SSPA) Program Guide: Understanding the new Section K requirements

In a rush..

Microsoft has updated its SSPA requirements. Suppliers who are part of the SSPA program are now required to be assessed (self or independent) against the new version 10 data protection requirements (DPRs).

One of the most significant differences from version 9 is the introduction of DPRs targeted at artificial intelligence (AI). Section K, ‘AI Systems’, has seventeen new requirements.

If you are a Microsoft supplier, and you provide services to Microsoft involving ‘AI Systems’, including using tools, systems, or platforms with AI Technology to train and build intelligent systems to create entirely new content such as images, sounds, videos, insights, analysis, and/or text, you will need to address Section K.

This supplier profile requires that you have specific AI Systems terms in place with Microsoft. It automatically triggers the requirement for an independent assessment of compliance.

Call us for more in depth guidance.

comparison chart screenshot

SSPA DPRs version 9. What you need to know.

Microsoft updates its SSPA data protection requirements (DPRs) to version 9. What you need to know.

SSPA assessment portal and evidence vault

New iCompli SSPA assessment ‘portal’

Reduce time and effort with our new SSPA evidence vault. 

sspa-audit-evidence-checklist

How to ace your external Microsoft SSPA assessment

SSPA assessment key to success

Have you been asked to independently verify your SSPA compliance? Are you a small, agile company that does not really have a lot of documented processes and procedures?

If you are, please read on, we have some useful advice for you.

sspa-audit-evidence-checklist

Remote SSPA assessment challenges tackled

Whilst COVID-19 means we may be working from home, the need to manage the Microsoft supply chain has not changed. Our clients are still being challenged with meeting the compliance requirements set out in the Microsoft Supplier Security & Privacy Assurance Program (SSPA). The assessment deadlines are still in place as is the need for some, to have a third-party attestation of compliance to the Data Protection Requirements (DPRs).

SSPA-data-protection-requrements-microsoft

Microsoft's SSPA and DPR Explained

Guide to the Supplier Security and Privacy Assurance (SSPA) programme audit requirements