Overview
Compliance to standards can be exhibited in several ways. Level of assurance differs in objectivity and continuity in time scale while at the same time, level of visibility and transparency may also vary.
- Self-assessment where organisations would indicate their standard compliance status after carrying out an internal check and verification.
- Certification by 3rd party is usually undertaken by an independent auditing company also known as a certification body. Upon successful completion, a certificate is usually issued valid for a period of time (commonly 3 years) with requirements of periodic check, known as surveillance audit, normally done annually to ensure continual compliance.
- Compliance through continuous monitoring where automated tools are deployed to continuously monitor, near real-time, its fulfilment of compliance to standards. This is the highest level of achievable compliance to standards though it is difficult to comprehensively cover such near real-time monitor on all aspect of the requirements.
Other forms of demonstration of compliance to standards such as attestation by 3rd or 2nd party (e.g. consumers/buyers audit their service providers/suppliers) are also possible. Such demonstration of compliance may be exhibited by posting online its self-disclosure statement, certificate of compliance or summary display of real-time compliance status.
MTCS Certification Scheme
In conjunction with the Singapore Standard SS 584: 2015 Specification for multi-tiered cloud computing security, the MTCS Certification Scheme is developed to
- encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and
- promote the adoption of MTCS standard.
Here are the key steps for CSPs to participate in the scheme.
- CSPs shall source and identify suitable ACCREDITED Certification Bodies (CBs) to undertake the certification (see enclosed list of participating CBs).
- CSPs shall work with the identified ACCREDITED CBs to prepare the following documents after having decided on the scope of certification:
- Statement on Applicability and Compensating Controls; and
- MTCS CSP Self-Disclosure (167.82KB).
- CSPs proceed to work with ACCREDITED CBs on the certification. Upon successful certification, CSP may email a copy of ACCREDITED MTCS certificate and a duly completed disclosure form to nitsc@imda.gov.sg for listing on the IMDA website. Only ACCREDITED MTCS certificates will be listed.
Certification will be valid for 3 years with a yearly surveillance audit to be conducted.
MTCS Certified Cloud Services
- CSPs who provide MTCS-certified services and wish to have them listed here can submit e-copies of the following documents to nitsc@imda.gov.sg:
- Accredited MTCS Certificate
- CSP disclosure form (167.82KB) (duly completed and signed)
- MTCS Certified IaaS/PaaS
- MTCS Certified SaaS
| No | Service | MTCS Level/Certificate | Company Name/Self-Disclosure Form |
|---|---|---|---|
| 1 | Tencent Cloud Services (IaaS) | 3-Tencent Cloud Services using IaaS model (511.11KB) | Aceville Pte.Ltd (549.93KB) |
| 2 | Alibaba.com Elastic Computing | 3-Alibaba-IaaS-PaaS (989.09KB) | Alibaba.com (525.92KB) |
| 3 | Alibaba.com Relational Database Service | ||
| 4 | Alibaba.com Cloud CDN | ||
| 5 | Alibaba.com Open Storage Service | ||
| 6 | Alibaba.com Auto Scaling | ||
| 7 | Alibaba.com Cloud Monitoring and Cloud Security Service | ||
| 8 | Alibaba.com Server Load Balancer | ||
| 9 | Alibaba.com Virtual Private Cloud | ||
| 10 | Alibaba.com Analytic Database Service | ||
| 11 | Alibaba.com E-MapReduce | ||
| 12 | Alibaba.com Distribute Relational Database Service | ||
| 13 | Alibaba.com Resource Access Management | ||
| 14 | Alibaba.com Key Management System | ||
| 15 | Alibaba.com ActionTrail | ||
| 16 | Alibaba.com NAT Gateway | ||
| 17 | Alibaba.com Express Connect | ||
| 18 | Alibaba.com Cloud Enterprise Network | ||
| 19 | Alibaba.com Message Queue | ||
| 20 | Alibaba.com Application Real-Time Monitoring Services | ||
| 21 | Alibaba.com MaxCompute | ||
| 22 | Alibaba.com Table Store | ||
| 23 | Alibaba.com Message Service | ||
| 24 | Alibaba.com Data Transmission | ||
| 25 | Alibaba.com API Gateway | ||
| 26 | Alibaba.com Resource Orchestration Service | ||
| 27 | Alibaba.com ApsaraDB for Redis | ||
| 28 | Alibaba.com Machine Learning | ||
| 29 | Alibaba.com DataWorks | ||
| 30 | Alibaba.com Enterprise Distributed Application Service | ||
| 31 | Alibaba.com Log Services | ||
| 32 | Alibaba.com HybridDB for PostgreSQL | ||
| 33 | Alibaba.com Data Integration | ||
| 34 | Alibaba.com Data Lake Analytics | ||
| 35 | Alibaba.com Elasticsearch Services | ||
| 36 | AWS (IaaS) | 3-AWS-IaaS (196.81KB) | Amazon Web Services (555.76KB) |
| 37 | Baidu AI Cloud | 3-Baidu-IaaS (524.66KB) | Beijing Baidu Netcom Science Technology Co., Ltd. (1.18MB) |
| 38 | Google LLC Google Cloud Platform (GCP) | 3-Google-IaaS (318.26KB) | Google IaaS (2.05MB) |
| 39 | Elastic Cloud Server (ECS) | 3-Huawei-IaaS (890.59KB) | Huawei Software Technology Co., Ltd (8.14MB) |
| 40 | Bare Metal Server (BMS) | ||
| 41 | Dedicated Host (DeH) | ||
| 42 | Auto Scaling (AS) | ||
| 43 | Image Management Service (IMS) | ||
| 44 | Object Storage Service (OBS) | ||
| 45 | Volume Backup Service (VBS) | ||
| 46 | Elastic Volume Service (EVS) | ||
| 47 | Dedicated Distributed Storage Service (DSS) | ||
| 48 | Cloud Backup and Recovery (CBR) | ||
| 49 | Cloud Server Backup Service (CSBS) | ||
| 50 | Storage Disaster Recovery Service (SDRS) | ||
| 51 | Dedicated Computing Cluster (DCC) | ||
| 52 | Virtual Private Cloud (VPC) | ||
| 53 | Elastic Load Balance (ELB) | ||
| 54 | NAT Gateway (NAT) | ||
| 55 | IP Elastic IP (EIP) | ||
| 56 | Direct Connect (DC) | ||
| 57 | Virtual Private Network (VPN) | ||
| 58 | Cloud Connect (CC) | ||
| 59 | VPC Endpoint (VPCEP) | ||
| 60 | Relational Database Service (RDS) | ||
| 61 | Anti-DDoS, Identity and Access Management (IAM) | ||
| 62 | Cloud Eye (CES) | ||
| 63 | Simple Message Notification (SMN) | ||
| 64 | Huawei HiLens (HiLens) | ||
| 65 | Cloud Search Service (CSS) | ||
| 66 | MapReduce Service (MRS) | ||
| 67 | Data Lake Insight (DLI) | ||
| 68 | Data Warehouse Service (DWS) | ||
| 69 | CloudTable Service (CloudTable) | ||
| 70 | Data Ingestion Service (DIS) | ||
| 71 | Data Lake Factory (DLF) | ||
| 72 | Optical Character Recognition (OCR) | ||
| 73 | Conversational Bot Service (CBS) | ||
| 74 | Face Recognition Service (FRS) | ||
| 75 | Image Search (ImageSearch) | ||
| 76 | Cloud Data Migration (CDM) | ||
| 77 | Web Application Firewall (WAF) | ||
| 78 | Anti-DDoS | ||
| 79 | Data Encryption Workshop (DEW) | ||
| 80 | IBM Bare Metal Servers | 3-IBM-IaaS (178.99KB) | IBM (244.57KB) |
| 81 | IBM Virtual Servers (Private & Public) | ||
| 82 | IBM Hardware Security Modules | ||
| 83 | IBM VMWare | ||
| 84 | IBM Content Delivery Network | ||
| 85 | IBM Direct Link | ||
| 86 | IBM DNS | ||
| 87 | IBM Cloud Internet Services | ||
| 88 | IBM Load Balancers | ||
| 89 | IBM Virtual Router | ||
| 90 | IBM Fortigate Security Appliance | ||
| 91 | IBM Hardware Firewall (Shared) | ||
| 92 | IBM Cloud File Storage | ||
| 93 | IBM Cloud Block Storage | ||
| 94 | IBM Cloud Object Storage | ||
| 95 | IBM eVault Backup | ||
| 96 | Microsoft Azure Compute (refer certificate for details) | 3-MS-IaaS (5.08MB) | Microsoft Azure (607.82KB) |
| 97 | Microsoft Azure Networking (refer to certificate for details) | ||
| 98 | Microsoft Azure Storage (refer to certificate for details) | ||
| 99 | Microsoft Azure Web + Mobile (refer to certificate for details) | ||
| 100 | Microsoft Azure Containers (refer to certificate for details) | ||
| 101 | Microsoft Azure Databases (refer to certificate for details) | ||
| 102 | Microsoft Azure Analytics (refer to certificate for details) | ||
| 103 | Microsoft Azure AI + Machine Learning (refer to certificate for details) | ||
| 104 | Microsoft Azure Internet of Things (refer to certificate for details) | ||
| 105 | Microsoft Azure Integration (refer to certificate for details) | ||
| 106 | Microsoft Azure Security + Identity (refer to certificate for details) | ||
| 107 | Microsoft Azure Developer Tools (refer to certificate for details) | ||
| 108 | Microsoft Azure Monitoring + Management (refer to certificate for details) | ||
| 109 | Microsoft Azure Online Services (refer to certificate for details) | ||
| 110 | Microsoft Azure Supporting Infrastructure Services | ||
| 111 | Orange Business Services | 3-Orange Business Services IaaS (261.00KB) | Orange Business Services IaaS (1.11MB) |
| 112 | STT Connect Pte Ltd using IaaS Model | 3-STT Connect-IaaS (2.51MB) | STT Connect Pte Ltd (361.56KB) |
| 113 | IZO Private Cloud | 3-IZO-IaaS (267.73KB) | TATA Telecommunications International Pte Ltd - IZO (1.72MB) |
| 114 | VPDC Cloud Services using IaaS model | 3-VPDC-IaaS (267.73KB) | TATA Telecommunications International Pte Ltd - VPDC (1.72MB) |
| 115 | CITIC Telecom CPC SmartCLOUD & BRR Services | 1-CITIC-Telecom-CPC-IaaS (219.48KB) | CITIC Telecom CPC (5.78MB) |
| 116 | Fujitsu Local Cloud Platform | 1-Fujitsu-IaaS (620.91KB) | Fujitsu (407.31KB) |
| 117 | ICONZ-Webvisions | 1-ICONZ-IaaS (376.74KB) | ICONZ-Webvisions (371.17KB) |
| 118 | NEC Cloud Services using IaaS Model | 1-NEC-IaaS (113.38KB) | NEC Asia Pacific Pte Ltd (262.87KB) |
| 119 | NTT Worldwide Telecommunications Corporation Enterprise Cloud 2.0 | 1-NTT Enterprise Cloud 2.0 (ECL 2.0) using IaaS model (862.56KB) | NTT Worldwide Telecommunications Corporation (2.34MB) |
| 120 | Starhub Argonar | 1-Starhub-IaaS (264.05KB) | Starhub (2.81MB) |
| 121 | Tencent Cloud Services (PaaS) | 3-Tencent Cloud Services using PaaS model (511.11KB) | Aceville Pte. Ltd. (549.93KB) |
| 122 | AWS (PaaS) | 3-AWS-PaaS (197.12KB) | Amazon Web Services (555.76KB) |
| 123 | Google LLC using PaaS Model | 3-Google-PaaS (318.26KB) | Google PaaS (2.05MB) |
| 124 | Orange Business Services | 3-Orange Business Services PaaS (260.99KB) | Orange Business Services PaaS (1.11MB) |
| 125 | IIJ Cloud services PaaS | 1-IIJ-PaaS (327.53KB) | IIJ (282.23KB) |
| 126 | Netpluz Cloud Computing Managed Services using PaaS | 1-Netpluz-PaaS (241.89KB) | Netpluz Asia Pte Ltd (622.79KB) |
| No | Service | MTCS Level/Certificate | Company Name/Self-Disclosure Form |
|---|---|---|---|
| 1 | Alibaba.com Quick BI | 3-Alibaba-SaaS (989.09KB) | Alibaba.com (525.92KB) |
| 2 | Alibaba.com DataV Services | ||
| 3 | AWS (SaaS) | 3-AWS-SaaS (190.74KB) | Amazon Web Services (555.76KB) |
| 4 | Google LLC G Suite Core and Non-Core Services | 3-Google-SaaS (456.53KB) | Google SaaS (2.05MB) |
| 5 | Microsoft Office Web Applications | 3-MS Office 365-SaaS (4.91MB) | Microsoft Office (614.48KB) |
| 6 | Microsoft Exchange | ||
| 7 | Microsoft Sharepoint Online | ||
| 8 | Microsoft Information Protection | ||
| 9 | Microsoft Skype for Business | ||
| 10 | Microsoft Office Services Infrastructure (OSI) | ||
| 11 | Microsoft Suite User Experience | ||
| 12 | Microsoft Teams (MSTeam) and Delve/Loki | ||
| 13 | Microsoft Dynamics 365 using SaaS model – Customer Engagement Sales, Customer Service, Field Service and Project Service Automation) | 3-MS Dynamics-SaaS (4.90MB) | Microsoft Dynamics (458.79KB) |
| 14 | ServiceNow services using SaaS model | 3-ServiceNow-SaaS (1.75MB) | ServiceNow (2.61MB) |
| 15 | Enable Business Pte Ltd | 2-Enable Business-SaaS (1.82MB) | Enable Business (2.84MB) |
| 16 | Info-Tech Systems Integrators Human Resource related Solutions and Services using SaaS model | 2-Human Resource related Solutions and Services-SaaS (1.82MB) | Info-Tech Systems Integrators (5.39MB) |
| 17 | SESAMi (Singapore) Pte Ltd | 2-SESAMi-SaaS (1.65MB) | SESAMi (569.79KB) |
| 18 | Wizlearn E-Learning | 2-Wizlearn-SaaS (1.69MB) | Wizlearn (638.40KB) |
| 19 | Reachfield IT Solutions Pte Ltd | 1-Video Hosting and Streaming Service (512.89KB) | Reachfield IT Solutions (583.09KB) |
| 20 | RMA Infoworks Pte Ltd | 1-RMA DMS Services-SaaS (516.34KB) | RMA Infoworks (644.14KB) |
Enquiries
All enquiries regarding MTCS Certification can also be addressed to nitsc@imda.gov.sg.
