Because Microsoft is committed to promoting a positive work environment, we expect our suppliers and their employees, agents, and subcontractors to adhere to the same standards of conduct and behavior that we expect from our own employees while they are on Microsoft property or doing business with Microsoft.
We are committed to our mission of helping people and businesses throughout the world realize the highest levels of productivity and success. Achieving our mission isn’t just about building innovative technology, it’s also about who we are as a company and as individuals, how we manage our business internally, and how we work with customers, partners, governments, communities, and suppliers.
Compliance requirements
Through the Standards of Business Conduct (http://aka.ms/microsoftethics), Microsoft has established company standards that include ethical business practices and regulatory compliance. These standards apply to all Microsoft employees, directors, and officers. Similarly, Microsoft expects its suppliers to embrace this commitment to integrity by complying with and training its employees on the Microsoft Supplier Code of Conduct.
Suppliers and their employees, agents, and subcontractors (collectively referred to as “suppliers”) must adhere to this Supplier Code of Conduct while conducting business with or on behalf of Microsoft. Suppliers must promptly inform their Microsoft contact, a member of Microsoft management, or the contacts provided below when any situation develops that causes the supplier to operate in violation of this Code of Conduct. While Microsoft suppliers are expected to self-monitor and demonstrate their compliance with this Code of Conduct, Microsoft may audit suppliers or inspect suppliers’ facilities to confirm compliance.
Microsoft may require the immediate removal of any supplier representative(s) or personnel who behave in a manner that is unlawful or inconsistent with this Code of Conduct or any Microsoft policy. All suppliers are required to comply with this Code of Conduct and complete Microsoft Code of Conduct training, in addition to any other obligations in any agreement a supplier may have with Microsoft.
Please download and review the full requirements of the standards of conduct that suppliers must follow. The terms “vendor” and “supplier” will be used interchangeably.
Download the Supplier Code of Conduct
Supplier Code of Conduct (SCoC) Training Program
Microsoft expects Suppliers to act ethically and with integrity. Suppliers demonstrate this commitment by complying with our Supplier Code of Conduct (SCoC) and ensuring that their employees are trained on the SCoC. Microsoft SCoC training ensures that new External Staff who require Microsoft access credentials to Microsoft corpnet and/or buildings have been trained before they obtain their access rights. This policy is supported by an automated, online training process during External Staff setup. The policy is in effect in the United States, Canada, LATAM, India, Germany, and the United Kingdom.
As part of the External Staff setup process, External Staff workers receive an email notification that provides a link to the e-learning training site and requests that they complete the 30-minute online training. Topics covered in this training include: anti-corruption, accessibility, conflicts of interest, confidentiality, data security and privacy, and business records. Once the External Staff worker completes the training, the process for granting access to Microsoft’s corporate network and/or buildings will proceed. The process is automated; therefore, the only action required of the Supplier/Sponsor is to alert their External Staff that this training must be completed before they can obtain Microsoft access credentials.
*Any External Staff workers who are engaged in services for Microsoft, who will bill time to Microsoft, or who otherwise work on Microsoft matters are required to complete the SCoC training and agree to comply with the SCoC. External Staff includes Vendors/Agency Temps (Contractors), Business Guests, and Outsourced Staff.
Latest news
- Additional country pre-access policy implementations: Future implementations of SCoC training will align to the External Staff Policy international expansion roadmap.
- Refresh training for Outsourced and Business Guests: Refresh training is moving from every 12 months to every 18 months. Microsoft will be requiring Suppliers to ensure their outsourced and business guest staff receive refresh training. Suppliers should stay tuned for more information – no action just yet.
Please note: initial, automated SCoC training during onboarding will continue to be provided by Microsoft, as training completion remains a requirement for all External Staff, prior to receiving Microsoft access credentials (building and/or corpnet).
For additional information, please download and review the SCoC FAQ. Any questions related to the Supplier Code of Conduct Training Program may be directed to [email protected].
The Supplier Guidelines contain policy and procedural requirements for suppliers providing goods or services to Microsoft, in addition to obligations contained in any applicable agreement(s) between Microsoft and supplier, such as the Master Supplier Services Agreement (MSSA).
The Master Supplier Services Agreement (MSSA)
If such a contract is required by Microsoft, this contract must be executed by Microsoft and the supplier prior to doing any work. Because it is an overarching agreement, once the supplier has signed this Agreement, only business specific statements of work or purchase orders are needed. Having a uniform agreement in place helps ensure that Microsoft can consistently rely on certain aspects of its relationships with suppliers without discussion or concern, which frees both parties up for more critical activities—like completing the work! The MSSA outlines, in addition to other things, the following:
- Standard payment terms, which include 2% 10/Net 60.
- Tier X reporting, which helps Microsoft ensure that suppliers at all levels are doing everything they can to ensure as much diversity as possible within the supply chain.
Download the Master Supplier Services Agreement (MSSA)
Supplier guidelines and policies
The Microsoft Supplier Guidelines, an adjunct to the Master Supplier Services Agreement, outline the requirements suppliers are expected to follow.
Download the complete Microsoft Supplier Guidelines
The supplier guidelines and policies include:
Travel Guidelines. Required for all reimbursable travel, the Microsoft Supplier Travel Guidelines are consistent with the employee travel policy and enable the supplier to take advantage of the Microsoft travel program and associated negotiated pricing.
Anti-Corruption Policy. Required for all channel partners (for example, resellers, software advisors, original equipment manufacturers, and distributors), suppliers, vendors, consultants, lobbyists, and any other third-party representative (collectively, "Microsoft representatives") to comply with this policy.
Pre-placement policy. Microsoft requires that Suppliers conduct pre-placement background checks on all their personnel who will perform services or projects that require any access to Microsoft owned or leased facilities or access to Microsoft resources such as email, network access, cardkey, or other access badges. The purpose of such checks is to ensure that those receiving access to Microsoft’s facilities, equipment, networks, or systems do not present undue safety or security risks.
Statement of Work (SOW). SOW parameters help ensure that expectations are understood and agreed upon by all parties up front. Each SOW should include price, delivery dates, and specifications for the work. Legal term should not be included in a SOW. No work should be started without a mutually-signed SOW and an open purchase order (PO) in place.
Supplier security and privacy. Required by Microsoft, the Supplier Security and Privacy Assurance Program (SSPA) delivers Microsoft’s data processing instructions to our suppliers in the form of the Microsoft Supplier Data Protection Requirements (DPR) and assures compliance annually.
Microsoft Supplier Data Protection Requirements. Requirements for the protection of personally identifiable information and Microsoft product information.
Download the Data Protection Requirements