Compliance and Certification

Compliance with standards, including IMDA regulations, can be exhibited in several ways. The level of assurance differs in objectivity and continuity in time scale while at the same time, the level of visibility, and transparency may also vary.

1. Self-assessment is a process where organisations indicate their standard compliance status after carrying out an internal check and verification, while cloud security certification typically involves a third-party assessment.
2. Certification by 3rd party is usually undertaken by an independent auditing company also known as a certification body. Upon successful completion, a certificate is usually issued valid for a period of time (commonly 3 years) with requirements of a periodic check, known as a surveillance audit, normally done annually to ensure continual compliance.
3. Compliance through continuous monitoring where automated tools are deployed to continuously monitor, near real-time, its fulfilment of compliance to standards. This is the highest level of achievable compliance to standards though it is difficult to comprehensively cover such near real-time monitor on all aspect of the requirements.

Other forms of demonstration of compliance to standards such as attestation by 3rd or 2nd party (e.g. consumers/buyers audit their service providers/suppliers) are also possible. Such demonstration of compliance may be exhibited by posting online its self-disclosure statement, certificate of compliance or summary display of real-time compliance status.

In conjunction with the Singapore Standard SS 584: 2020 Specification for multi-tiered cloud computing security, the MTCS Certification Scheme is developed to

• encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and
• promote the adoption of MTCS standard.

Here are the key steps for CSPs to participate in the scheme.

• CSPs shall source and identify suitable ACCREDITED Certification Bodies (CBs) to undertake the certification (see enclosed list of participating CBs).
• CSPs shall work with the identified ACCREDITED CBs to prepare the following documents after having decided on the scope of certification:
  • Statement on Applicability and Compensating Controls; and
  • MTCS CSP Self-Disclosure (185.10KB).
• CSPs proceed to work with ACCREDITED CBs on the certification.

Upon successful certification, CSP may email a copy of ACCREDITED MTCS certificate and a duly completed disclosure form to nitsc@imda.gov.sg for listing on the IMDA website. Only ACCREDITED MTCS certificates will be listed.

Certification will be valid for 3 years with a yearly surveillance audit to be conducted.

• CSPs who provide MTCS-certified services and wish to have them listed here can submit e-copies of the following documents to nitsc@imda.gov.sg:
1. Accredited MTCS Certificate
2. CSP disclosure form (185.10KB) (duly completed and signed)
• MTCS Certified IaaS/PaaS

No	Service	MTCS Level/Certificate	Company Name/Self-Disclosure Form
1	Alibaba Cloud Computing Services (IaaS)	3-Alibaba-IaaS (865.72KB)	Alibaba Cloud (Singapore) Pte Ltd (3.39MB)
2	Amazon Web Services (IaaS)	3-AWS-IaaS (444.17KB)	Amazon Web Services (408.32KB)
3	Baidu AI Cloud	3-Baidu-IaaS (524.66KB)	Beijing Baidu Netcom Science Technology Co., Ltd. (1.18MB)
4	Google LLC Google Cloud Platform (GCP)	3-Google-IaaS (591.25KB)	Google LLC (4.82MB)
5	Huawei Cloud Computing Services (IaaS)	3-Huawei-Iaas (415.14KB)	Huawei Cloud Computing Technologies Co., Ltd. (4.14MB)
6	IBM Cloud using IaaS model	3-IBM-IaaS (178.99KB)	IBM (244.57KB)
7	Kingsoft Cloud Pte. Ltd.	3-Kingsoft-IaaS (871.13KB)	Kingsoft Cloud Pte Ltd (680.47KB)
8	Microsoft Azure services using IaaS model	3-MS-IaaS (3.78MB)	Microsoft Corporation (740.63KB)
9	NAVER Cloud Platform (IaaS)	3-NAVER-IaaS (843.52KB)	NAVER Cloud Corp. (522.93KB)
10	Oracle Cloud Infrastructure	3-Oracle-IaaS (368.23KB)	Oracle (560.93KB)
11	Orange Business Services	3-Orange Business Services IaaS (261.00KB)	Orange Business Services IaaS (1.11MB)
12	STT Connect Pte Ltd using IaaS Model	3-STT Connect-IaaS (2.51MB)	STT Connect Pte Ltd (361.56KB)
13	Tata Communications - IZO Cloud Platform using IaaS model	3-IZO-IaaS (190.55KB)	TATA Communications International Pte Ltd - IZO (343.23KB)
14	Tencent Cloud Services (IaaS)	3-Tencent Cloud Services using IaaS model (355.69KB)	Aceville Pte.Ltd (896.79KB)
15	VMware Cloud on AWS (IaaS)	3-VMware-IaaS (275.02KB)	VMware (3.71MB)
16	CITIC Telecom CPC SmartCLOUD & BRR Services	1-CITIC-Telecom-CPC-IaaS (209.05KB)	CITIC Telecom CPC (828.89KB)
17	Fujitsu Local Cloud Platform	1-Fujitsu-IaaS (353.99KB)	Fujitsu (1.63MB)
18	ICONZ-Webvisions	1-ICONZ-IaaS (376.74KB)	ICONZ-Webvisions (371.17KB)
19	NEC Cloud Services using IaaS Model	1-NEC-IaaS (113.38KB)	NEC Asia Pacific Pte Ltd (262.87KB)
20	NTT Worldwide Telecommunications Corporation Enterprise Cloud 2.0	1-NTT Enterprise Cloud 2.0 (ECL 2.0) using IaaS model (862.56KB)	NTT Worldwide Telecommunications Corporation (2.34MB)
21	Starhub Argonar	1-Starhub-IaaS (264.05KB)	Starhub (2.81MB)
22	Alibaba Cloud Computing Services (PaaS)	3-Alibaba-PaaS (865.72KB)	Alibaba Cloud (Singapore) Pte Ltd (3.39MB)
23	Amazon Web Services (PaaS)	3-AWS-PaaS (444.17KB)	Amazon Web Services (408.32KB)
24	Google LLC using PaaS Model	3-Google-PaaS (591.25KB)	Google LLC (4.82MB)
25	Huawei Cloud Computing Services (PaaS)	3-Huawei-Paas (415.14KB)	Huawei Cloud Computing Technologies Co., Ltd. (4.14MB)
26	NAVER Cloud Platform (PaaS)	3-NAVER-PaaS (843.52KB)	NAVER Cloud Corp. (522.93KB)
27	Orange Business Services	3-Orange Business Services PaaS (260.99KB)	Orange Business Services PaaS (1.11MB)
28	Tencent Cloud Services (PaaS)	3-Tencent Cloud Services using PaaS model (355.69KB)	Aceville Pte. Ltd. (896.79KB)
29	IIJ Cloud services PaaS	1-IIJ-PaaS (327.53KB)	IIJ (282.23KB)
30	Netpluz Cloud Computing Managed Services using PaaS	1-Netpluz-PaaS (241.89KB)	Netpluz Asia Pte Ltd (622.79KB)

• MTCS Certified SaaS

No	Service	MTCS Level/Certificate	Company Name/Self-Disclosure Form
1	Alibaba Cloud Computing Services (SaaS)	3-Alibaba-SaaS (865.72KB)	Alibaba Cloud (Singapore) Pte Ltd (3.39MB)
2	Amazon Web Services (SaaS)	3-AWS-SaaS (444.17KB)	Amazon Web Services (408.32KB)
3	Google LLC Google Workspace Core and Non-Core Services	3-Google-SaaS (727.69KB)	Google LLC (4.82MB)
4	Huawei Cloud Computing Services (SaaS)	3-Huawei-Saas (415.14KB)	Huawei Cloud Computing Technologies Co., Ltd. (4.14MB)
5	Microsoft Office 365 & Dynamics 365 services using SaaS model	3-MS Office 365-SaaS (3.49MB) 3-MS Dynamics-SaaS (3.53MB)	Microsoft Corporation – MS Office (850.71KB) Microsoft Corporation - MS Dynamics (621.77KB)
6	NAVER Cloud Platform (SaaS)	3-NAVER-SaaS (843.52KB)	NAVER Cloud Corp. (522.93KB)
7	Oracle Cloud Applications	3-Oracle-SasS (409.59KB)	Oracle (6.66MB)
8	ServiceNow services using SaaS model	3-ServiceNow-SaaS (1.75MB)	ServiceNow (2.61MB)
9	Zscaler Zero Trust Exchange	3-Zscaler-SaaS (97.33KB)	Zscaler, Inc. (668.31KB)
10	Enable Business Pte Ltd	2-Enable Business-SaaS (1.82MB)	Enable Business (2.84MB)
11	Info-Tech Systems Integrators Human Resource related Solutions and Services using SaaS model	2-Human Resource related Solutions and Services-SaaS (1.82MB)	Info-Tech Systems Integrators (5.39MB)
12	SESAMi (Singapore) Pte Ltd	2-SESAMi-SaaS (1.65MB)	SESAMi (291.18KB)
13	Wizlearn E-Learning	2-Wizlearn-SaaS (1.69MB)	Wizlearn (638.40KB)
14	Reachfield IT Solutions Pte Ltd	1-Video Hosting and Streaming Service (512.89KB)	Reachfield IT Solutions (583.09KB)

All enquiries regarding MTCS Certification can also be addressed to nitsc@imda.gov.sg.

• MTCS Singapore Standard (Singapore Standards eShop)
• Download MTCS Self-Disclosure Form (185.10KB)
• Accredited MTCS Certification Bodies