Updates on SSPA Version 10

Microsoft’s SSPA Program has evolved to version 10, bringing crucial updates in data security and compliance to meet modern cybersecurity demands. Here’s a quick overview of the key changes:

• Enhanced Security Controls: SSPA v10 now includes more granular security measures aligned with major frameworks like ISO 27001 and SOC 2, offering suppliers tailored guidance for compliance.

• Advanced Data Privacy: With stricter protocols to align with global privacy laws (e.g., GDPR, CCPA), SSPA v10 focuses on data minimization and shorter retention periods, ensuring privacy is a top priority.

• Risk-Based Supplier Tiers: Suppliers are categorized by risk level, allowing more focused compliance efforts, while new automated risk assessment tools streamline this process.

• Simplified Compliance Processes: Suppliers will find a more intuitive self-attestation process and centralized documentation management, making it easier to track and prove compliance.

• Supply Chain Transparency: Stronger oversight on third-party vendors and real-time risk insights bolster security across the supply chain.

• Enhanced Support: Microsoft offers updated training, workshops, and direct support, enabling suppliers to navigate the new requirements confidently.

• AI Enhanced Focus: 17 new requirements for AI suppliers providing services to Microsoft.

These updates make compliance easier and more efficient for suppliers, creating a more resilient, privacy-focused supply chain. Suppliers meeting these rigorous standards can strengthen trust with Microsoft and clients while future-proofing their practices.

Complete your assessment form today to get started on your SSPA new attestation or renewal.