Case StudyProject

Agency Vendor Compliance

Bread N Butter Microsoft SDPR

Challenge

Bread & Butter is a Seattle-based brand development company focused on creative strategy, development and activation. They have many corporate clients in a wide variety of industries. One prominent client is Redmond-based Microsoft. Bread n Butter plays a pivotal role in helping Microsoft’s internal marketing team build their brand and market the success of Microsoft cloud products. Bread n Butter is the strategy lead for the entire Microsoft Cloud Marketing Social and Blog ecosystem!

Microsoft recently issued a set of Supplier Data Protection Requirements (SDPR) also know as the Supplier Security and Privacy Assurance (SSPA) which are aligned with European GDPR compliance and NIST cybersecurity recommendations. Bread n Butter must comply with these data protection requirements if they want to continue to work with Microsoft. EXP was engaged to provide cybersecurity and compliance services to meet these requirements.  The scope of work included:

  • Performing an initial risk assessment which would then become annual
  • Developing and implementing a security plan of action to close any gaps identified above
  • Formalizing the security program to be a continuous improvement program

Result

After performing the initial risk assessment, EXP set about implementing the resulting security plan of action with clearly defined milestones. As the client was a Mac shop, this required a somewhat unique approach to Microsoft vendor compliance. EXP was able to implement several critical measures for Bread n Butter, including the following:

  • IT Cybersecurity Policy
  • Personal Data Handling Procedures
  • Cybersecurity Incident Response Plan
  • Business Continuity and Data Recovery Plan
  • Annual Cybersecurity Training
  • Multi-factor Authentication for Email and all Personal Data Repositories
  • Encryption on all Devices

Client Feedback

“We are grateful to the EXP team for working with us on this project. We are fully committed to protecting client personal data and this program is evidence of that, ” Jessica Michaels, Bread & Butter Founder & CEO