Microsoft requiring vendors to meet tougher SSPA security standards; 360 Advanced offers IT audit exams to assess SSPA compliance
TAMPA, Fla., Jan. 21, 2015 /PRNewswire/ -- Because Microsoft Corporation is requiring its outside data management vendors to be in compliance with Microsoft's Supplier Security and Privacy Assurance Program (MSSPA) as a condition of doing business with Microsoft, leading Tampa-based IT audit firm 360 Advanced announces it is offering MSSPA attestation services to help vendors achieve compliance.
The Microsoft SSPA initiative is designed to standardize and strengthen the handling of Microsoft customer, partner, and employee personal information by Microsoft vendors worldwide. Microsoft vendors who collect, store or process customer, partner or employee personal information are required to comply with the program.
"In terms of personal data security requirements and third parties, Microsoft is becoming one of the most attentive companies in the world, and that means its vendors must meet a set of rigorous standards of compliance that must be assessed and confirmed by an outside firm like ours with significant experience in more than a dozen levels of specialized IT audits," commented Dan Collins, President of 360 Advanced, P.A. (www.360advanced.com), a national, multi-service, licensed Certified Public Accounting (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers.
"We are very good with educating our clients about this process and developing a strategy that meets short and long term goals and requirements. And, we can collaborate on an initiative that will keep Microsoft at bay until compliance can be properly achieved," Collins said.
Collins explained that in lieu of compliance with MSSPA, Microsoft may accept alternative compliance attestation or assessments such a third-party Health Insurance Portability and Accountability Act (HIPAA) assessment, the American Institute of Certified Public Accountants Service Organization Control Reports (SOC 1 or SOC 2), and/or the Payment Card Industry Data Security Standard (PCI), depending on the nature and sensitivity of the data.
ABOUT 360 ADVANCED
360 Advanced P.A. is a national, multi-service, licensed Certified Public Accounting (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers related to internal controls, security, confidentiality, privacy, processing integrity, availability and other elements critical to information surety.
Known for its responsiveness, collaboration, and professionalism, 360 Advanced P.A. has clients in more than 40 states and several countries that are major service providers in various industries, including cloud and SAAS based organizations. 360 Advanced is one of only a few specialized firms in the U.S. that assist service providers as their independent assessor/advisor in developing, maintaining and communicating security and compliance to their clients, the trusted handshake.
360 Advanced's services are provided, but not limited to, the following industries: Hosted and Managed IT, Data Center and Colocation, Software as a Service (SAAS), Security and, Development, Healthcare, Financial Services, Insurance, HR | Payroll | PEO, Legal and Collections, Bulk Mail Printing and Distribution, Business Process Outsourcing, Manufacturing, Retail.
Services provided by 360 Advanced include SOC 1: SSAE 16 (SAS 70); SOC 2: AT 101 Attestation; SOC 3: SysTrust & WebTrust; PCI DSS, Experian E13PA; HIPAA Security/HITECH; ISO 27001, 2700; Microsoft Vendor Policy; Security Consulting.
SOURCE 360 Advanced P.A.
Share this article