Hello Vince, and thank you for the question.

The Secure Controls Framework (SCF) developed by Compliance Forge does not currently have an officially published mapping of SCF controls to the Microsoft Supplier Data Protection Requirements (DPR) - thought it does appear to have roots related to other privacy frameworks such as GDPR, CCPA, etc.

As such, Reciprocity doesn’t currently have a mapping but it would be interesting to hear if anyone within the Community has put this together and what their experience has been in using this within a ZenGRC environment. (I would envision using ZenGRC for testing the controls against the DPR, documenting and remediating issues, etc. while confirming compliance using Microsoft’s online service).

I hope this helps!

Mark Guthart
Enterprise Product Implementation Expert
Reciprocity