Compliance to standards can be exhibited in several ways. Level of assurance differs in objectivity and continuity in time scale while at the same time, level of visibility and transparency may also vary.
- Self-assessment where organisations would indicate their standard compliance status after carrying out an internal check and verification.
- Certification by 3rd party is usually undertaken by an independent auditing company also known as a certification body. Upon successful completion, a certificate is usually issued valid for a period of time (commonly 3 years) with requirements of periodic check, known as surveillance audit, normally done annually to ensure continual compliance.
- Compliance through continuous monitoring where automated tools are deployed to continuously monitor, near real-time, its fulfilment of compliance to standards. This is the highest level of achievable compliance to standards though it is difficult to comprehensively cover such near real-time monitor on all aspect of the requirements.
Other forms of demonstration of compliance to standards such as attestation by 3rd or 2nd party (e.g. consumers/buyers audit their service providers/suppliers) are also possible. Such demonstration of compliance may be exhibited by posting online its self-disclosure statement, certificate of compliance or summary display of real-time compliance status.
MTCS Certification Scheme
In conjunction with the Singapore Standard SS 584: 2020 Specification for multi-tiered cloud computing security, the MTCS Certification Scheme is developed to
- encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and
- promote the adoption of MTCS standard.
Here are the key steps for CSPs to participate in the scheme.
- CSPs shall source and identify suitable ACCREDITED Certification Bodies (CBs) to undertake the certification (see enclosed list of participating CBs).
- CSPs shall work with the identified ACCREDITED CBs to prepare the following documents after having decided on the scope of certification:
- Statement on Applicability and Compensating Controls; and
- MTCS CSP Self-Disclosure (185.10KB).
- CSPs proceed to work with ACCREDITED CBs on the certification.
Upon successful certification, CSP may email a copy of ACCREDITED MTCS certificate and a duly completed disclosure form to email@example.com for listing on the IMDA website. Only ACCREDITED MTCS certificates will be listed.
Certification will be valid for 3 years with a yearly surveillance audit to be conducted.
MTCS Certified Cloud Services
- CSPs who provide MTCS-certified services and wish to have them listed here can submit e-copies of the following documents to firstname.lastname@example.org:
- Accredited MTCS Certificate
- CSP disclosure form (185.10KB) (duly completed and signed)
All enquiries regarding MTCS Certification can also be addressed to email@example.com.
IMDA and United States Federal Communications commission signed MOU to promote bilateral cooperation
The Infocomm Media Development Authority (IMDA) of Singapore and the United States Federal Communications Commission (FCC) have...
Nominations for 3rd edition of 100 Women in Tech list now open
Public invited to nominate women who are making an impact on Singapore’s tech industry “Girls in Tech” category returns for female...
Singapore and the European Free Trade Association launch negotiations on Digital Economy Agreement
Singapore and the European Free Trade Association (EFTA) have launched negotiations on an EFTA-Singapore Digital Economy Agreement...
Singapore and the European Union Sign Digital Partnership
Minister-in-charge of Trade Relations S Iswaran and European Commissioner for Internal Market Thierry Breton signed the...
Singapore firms can now tap on Temus-IMDA's talent conversion programme to fill tech roles
Singapore’s Minister for Communications and Information Mrs Josephine Teo officiated the launch of Temus’ Step IT Up programme...
Enhanced measures against scam SMS
As part of the measures announced by the Infocomm Media Development Authority (IMDA) in October last year, all organisations that...
IMDA and ACMA signed Memorandum of Understanding for enhanced cooperation to combat scam and spam communications
Infocomm Media Development Authority (IMDA) and Australian Communications and Media Authority (ACMA) signed Memorandum of...
The Korea-Singapore Digital Partnership Agreement Enters into force
The Korea-Singapore Digital Partnership Agreement (KSDPA) will enter into force on 14 January 2023. The KSDPA was signed by Second...
IMDA announces a $5 million fund to support Singapore’s media industry to adopt virtual production
To ensure that the local media industry remains competitive as the international partner of choice to create premium IP, the...
20 Industry Digital Plans, which have contributed to the uplifting of more than 85,000 businesses, will be progressively refreshed, with the Food Services Sector being the first to benefit from the refreshed model
The refreshed Food Services Industry Digital Plan will include a refreshed Digital Solution Roadmap, introduction of a roadmap...