Supplier Security and Privacy Assurance (Partner Vendor Audit)
BDO can assist current and future Microsoft vendors in meeting SSPA programme
requirements as they seek to establish or renew contracts as a Microsoft Preferred Assessor. Our team of professionals is equipped—and trusted by Microsoft—to guide clients at each stage of the process, having engaged with the Microsoft SSPA team on the newest programme upgrades.
Organizations perform due diligence on third-party ecosystems and security, but they must audit and regularly monitor their providers to truly secure themselves. Not only do companies audit their vendors, but standards and laws frequently demand that the company's vendor management programme be audited as well. Vendor risk management audit methods must be efficient in order for audits of vendor management programmes to go smoothly.
Enjoy a proper audit control from DigiAlert
Professional audit of development
A development audit focuses on areas that require specialised attention and may be used to solve a CAPA. This audit is done after a new vendor/supplier audit or a scheduled audit, and it is usually done when there are observations that need to be corrected. Upon obtaining an audit report, the vendor should have sent a CAPA to the manufacturer. Once on-site, the manufacturer will check to see if the CAPA has been applied and that the issues are being addressed.
The right verification audit
To guarantee compliance with rules, a verification or follow-up audit is conducted to address the implementation of a corrective action. The manufacturer is on-site during this type of audit to check that a corrective action has been taken and that the facility is in conformity with CGMPs or related ISO regulations. The manufacturer is merely there to watch the corrective activities, not the general operation of the vendor or supplier.
The right observations for a better growth
DigiAlert offers the best closing audit to the vendors
What is our methodology?
- SSPA Data Protection Requirements (DPR) self-attestation is required by Microsoft.
- Microsoft receives the completed and submitted self-attestation from the supplier.
- Microsoft examines the self-attestation of suppliers and requires an independent assessment.
- BDO collaborates with the Supplier to define the scope, cost, and timeliness of the Independent Assessment.
- To prepare for the Independent Assessment, BDO offers an artefact and inquiry request list to the Supplier.
- Independent Assessment inquiry and artefact inspection dates are set by BDO.
- Independent Assessment inquiry and artefact inspections are conducted by BDO (can typically be performed remotely)
- For the Supplier's repair, BDO offers a list of discovered compliance deficiencies.
Solutions we serve you with
Why choose us?
- When auditors examine risk assessments, they need proof of the evaluation process as well as monitoring from the Board. This is where our professionals help them.
- When selecting a software vendor for their quality management system, for example, risk thresholds must be established.
- The auditor will analyse the vendor category and concentration as part of the risk assessment approach.