The business partners you work with are just as important to your Organisation’s security and privacy posture as your employees. Beyond philosophy, new legislation like the HITECH Act codifies your responsibility to include your business associates. Protiviti's Vendor Management and Vendor Due Diligence professionals have extensive experience supporting clients globally with their vendor programs. We can leverage your internally developed programs and ensure uniform global delivery – providing consistency of data and allowing valid year-to-year or partner-to-partner comparisons. We can also assist you in refining your existing approach by introducing industry best practices and agreed-upon procedures. Protiviti can help you build, manage, and/or execute a comprehensive vendor program.
Privacy and security practices are listed by boards amongst their Top 10 board risks. The Supplier Security and Privacy Assurance (“SSPA”) Program is Microsoft’s policy in place to deliver data processing instructions to suppliers, in the form of the Microsoft Supplier Data Protection Requirements. Good for Microsoft yet as a supplier, you have to comply to these rules through an annual compliance cycle. Global risk consultancy Protiviti’s has been vetted by Microsoft Procurement to perform the Supplier Data Protection Requirements independent assessment. Using global standards, a clean bill of health gives all your vendors confidence that your privacy and security practices are top notch. It’s essential you identify a qualified partner who knows their subject to support you and of course, the learnings we provide as we perform the audit review can help you with all your vendor relationships.