The Cost of an MS DPR Assessment

If you are a vendor or a supplier of Microsoft and have been asked to go through their supplier security and privacy assurance program, you may be wondering how much does this assessment cost? In this video, we will break down the price range of the assessment cost and the factors that could influence the price.

Hi, my name is Debbie Zaller and I am the Chief Operating Officer at Schellman. Schellman has been performing Microsoft Data Protection Requirements or MS DPR assessments for quite a number of years. We are actually one of the preferred assessors on Microsoft's website. We have actually performed over 100 MS DPR assessments. So you might be wondering how much do these independent MS DPR assessments cost? Here at Schellman, the price range is from $12,000 up until about $25,000 to $30,000. There are essentially two factors that will increase or affect that price.

  1. The first factor is the requirements that are mandated by Microsoft. Microsoft will determine what your requirements are that are applicable to the organization as you go through the self-assessment process. Those requirements are heavily dependent on the price and the scope of the assessment.
  2. The other factor is the scope of services that are provided to Microsoft. For example, if your organization is providing multiple services to Microsoft over several different business units and your controls are really not centralized, that will increase the price of the assessment as multiple controls will be assessed for each individual requirement.

So I know the price range of $12,000 to $30,000 is a pretty wide range and you're probably asking yourself, how much is my specific assessment going to cost? Go to our website and complete the form, the contact us form and one of our privacy team professionals will reach out to you and discuss those two factors to determine what your specific cost will be. 

About the Author

Debbie Zaller

Debbie Zaller is Chief Operating Officer at Schellman. Debbie is responsible for maintaining and driving operational results and executing the firm's strategic goals. Debbie oversees all daily operations of the firm while spearheading the development, communication and implementation of effective growth strategies and processes. Debbie has over 21 years of IT compliance and attestation experience. Debbie led the firm's Midwest, Southeast, and Northeast regions along with the national service lines of SOC 2 and Privacy service lines as Managing Principal before assuming the position of COO in 2021. Debbie holds a Master of Accounting degree from the University of Florida. She is a Certified Public Accountant, Certified Information Privacy Professional/United States, Certified Data Privacy Solutions Engineer, Certified Information Systems Security Professional, Certified Information Systems Auditor, and Certified Cloud Security Knowledge. She is currently an AICPA-approved and nationally listed SOC Specialist and speaker on various privacy topics. Debbie was on the AICPA Task Force for the Advanced SOC for Certification Exam, was a member of the Florida Institute of Certified Public Accountants Board of Governors and served on the Finance and Office Advisory Committee.

More Content by Debbie Zaller
Previous Video
Do You Need a Penetration Test?
Do You Need a Penetration Test?

Next Video
The Risks of a Low-Cost Audit Partner
The Risks of a Low-Cost Audit Partner