Rate Our Information

Was this Information useful?






Compliance and Certification

last updated 24 May 2019

Compliance to standards can be exhibited in several ways. Level of assurance differs in objectivity and continuity in time scale while at the same time, level of visibility and transparency may also vary. Certification is one of the means to demonstrate compliance to the customers that the products or services meet their expectations. Specifically in the area of cloud computing standards, IMDA has developed an MTCS certification scheme to encourage the adoption of SS 584: 2015 Specification for multi-tiered cloud computing security (MTCS).

Overview

Compliance to standards can be exhibited in several ways. Level of assurance differs in objectivity and continuity in time scale while at the same time, level of visibility and transparency may also vary.

  1. Self-assessment where organisations would indicate their standard compliance status after carrying out an internal check and verification.

  2. Certification by 3rd party is usually undertaken by an independent auditing company also known as a certification body. Upon successful completion, a certificate is usually issued valid for a period of time (commonly 3 years) with requirements of periodic check, known as surveillance audit, normally done annually to ensure continual compliance.

  3. Compliance through continuous monitoring where automated tools are deployed to continuously monitor, near real-time, its fulfilment of compliance to standards. This is the highest level of achievable compliance to standards though it is difficult to comprehensively cover such near real-time monitor on all aspect of the requirements.

Other forms of demonstration of compliance to standards such as attestation by 3rd or 2nd party (e.g. consumers/buyers audit their service providers/suppliers) are also possible. Such demonstration of compliance may be exhibited by posting online its self-disclosure statement, certificate of compliance or summary display of real-time compliance status.

MTCS Certification Scheme

In conjunction with the Singapore Standard SS 584: 2015 Specification for multi-tiered cloud computing security, the MTCS Certification Scheme is developed to

  • encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and
  • promote the adoption of MTCS standard.

Here are the key steps for CSPs to participate in the scheme.

  • CSPs shall source and identify suitable ACCREDITED Certification Bodies (CBs) to undertake the certification (see enclosed list of participating CBs).
  • CSPs shall work with the identified ACCREDITED CBs to prepare the following documents after having decided on the scope of certification:
  • CSPs proceed to work with ACCREDITED CBs on the certification.
  • Upon successful certification, CSP may email a copy of ACCREDITED MTCS certificate and a duly completed disclosure form to nitsc@imda.gov.sg for listing on the IMDA website. Only ACCREDITED MTCS certificates will be listed.

Certification will be valid for 3 years with a yearly surveillance audit to be conducted.

MTCS Certified Cloud Services

  • CSPs who provide MTCS-certified services and wish to have them listed here can submit e-copies of the following documents to nitsc@imda.gov.sg:

    1. Accredited MTCS Certificate
    2. CSP disclosure form (duly completed and signed)
  • MTCS Certified IaaS/PaaS

  • No ServiceMTCS Level/Certificate Company Name/Self-Disclosure Form
    1Alibaba.com Elastic Computing
    3-Alibaba-IaaSAlibaba.com
    2Alibaba.com Relational Database Service
    3Alibaba.com Open Data Process Service
    4Alibaba.com Open Storage Service
    5Alibaba.com Open Table Service
    6Alibaba.com Cloud Monitoring and Cloud Security Service
    7Alibaba.com Server Load Balancer
    8Alibaba.com Virtual Private Cloud
    9Alibaba.com Analytic Database Service
    10Alibaba.com Archive Storage
    11Alibaba.com Distribute Relational Database Service
    12Alibaba.com Resource Access Management
    13Alibaba.com Key Management System 
    14Alibaba.com ActionTrail using IAAS Public Cloud Model
    15
    AWS Direct Connect
    3-AWS-IaaSAmazon Web Services
    16Amazon DynamoDB
    17Amazon Elastic Block Store
    18Amazon Elastic Compute Cloud
    19Amazon Elastic MapReduce
    20Amazon ElastiCache
    21Amazon Glacier
    22AWS Identity & Access Management
    23Amazon Redshift
    24Amazon Relational Database Service
    25Amazon Simple Storage Services
    26Amazon SimpleDB
    27Amazon Storage Gateway
    28Amazon Virtual Private Cloud
    29Amazon VM Import/Export
    30ClearManage
    3-ClearManage-IaaSClearManage
    31Google Asia Pacific Pte Ltd using IaaS Model (GCP)
    3-Google-IaaSGoogle IaaS
    32Microsoft Application Gateway
    3-MS-IaaSMicrosoft Azure
    33Microsoft Application Insights
    34Microsoft Azure Active Directory B2C
    35Microsoft Azure Active Directory (Free and Premium)
    36Microsoft Azure Management Portal
    37Microsoft Azure Core Services (RDFE, Fabric and SMAPI)
    38Microsoft Azure Media Services
    39Microsoft Azure Rights Management
    40Microsoft Azure Storage (including Premium)
    41Microsoft Azure Site Recovery
    42Microsoft Azure Backup
    43Microsoft Azure API Management
    44Microsoft Azure App Services (Mobile and Web Apps)
    45Microsoft Azure Automation
    46Microsoft Azure Batch Service
    47Microsoft Azure Cloud Services (Web and Worker Roles) 
    48Microsoft Azure Cosmos DB
    49Microsoft Azure DevTest Labs
    50Microsoft Azure DNS
    51Microsoft Azure Event Hubs
    52Microsoft Azure ExpressRoute
    53Microsoft Azure HDInsight
    54Microsoft Azure InTune
    55Microsoft Azure Load Balancer
    56Microsoft Azure Multi-Factor Authentication
    57Microsoft Azure Notification Hubs
    58Microsoft Azure Redis Cache
    59Microsoft Azure Resource Manager
    60Microsoft Azure Scheduler
    61Microsoft Azure Service Bus
    62Microsoft Azure SQL (Database and VM)
    63Microsoft Azure Traffic Manager
    64Microsoft Azure Virtual Machines 
    65Microsoft Azure Virtual Network
    66Microsoft Azure Workflow
    67Microsoft Azure Biztalk Services
    68Microsoft Azure Cloud Apps Security
    69Microsoft Azure Container Service
    70Microsoft Azure Data Catalog
    71Microsoft Azure Data Factory
    72Microsoft Azure Genomics
    73Microsoft Azure Graph
    74Microsoft Azure Data Lake Analytics
    75Microsoft Azure Data Lake Store
    76Microsoft Azure Flow
    77Microsoft Azure Functions
    78Microsoft Azure Import/Export
    79Microsoft Azure Key Vault
    80Microsoft Azure Log Analytics (Formerly Operational Insights)
    81Microsoft Azure Machine Learning
    82Microsoft Azure Power BI
    83Microsoft Azure PowerApps
    84Microsoft Azure IoT Hub
    85Microsoft Azure Security Centre
    86Microsoft Azure Service Fabric
    87Microsoft Azure SQL Server Stretch Database
    88Microsoft Azure SQL Warehouse
    89Microsoft Azure StorSimple
    90Microsoft Azure Stream Analytics
    91Microsoft Azure Virtual Machine Scale Sets
    92Microsoft VPN Gateway
    93 Orange Business Services 3-Orange Business Services IaaSOrange Business Services IaaS
    94STT Connect Pte Ltd using IaaS Model
    3-STT Connect-IaaS STT Connect Pte Ltd
    95IZO Private Cloud3-IZO-IaaS TATA Telecommunications International Pte Ltd - IZO
    96VPDC Cloud Services using IaaS model3-VPDC-IaaS TATA Telecommunications International Pte Ltd - VPDC
    97Softlayer Cloud Services
    2-Softlayer-IaaSSoftlayer Technologies Inc and IBM Singapore Pte. Ltd
    98Acclivis Stratum Cloud
    1-Acclivis-IaaSAcclivis
    99Fujitsu Local Cloud Platform
    1-Fujitsu-IaaS Fujitsu
    100ICONZ-Webvisions
    1-ICONZ-IaaS ICONZ-Webvisions
    101NEC Cloud Services using IaaS Model
    1-NEC-IaaS NEC Asia Pacific Pte Ltd
    102NewMedia Express
    1-NewMedia-IaaSNewMedia Express
    103ReadySpace
    1-ReadySpace-IaaS ReadySpace
    104
    Starhub Argonar
    1-Starhub-IaaSStarhub
    105Telin
    1-Telin- IaaSTelin
    106Google Asia Pacific Pte Ltd using PaaS Model3-Google-PaaSGoogle PaaS
    107Orange Business Services
    3-Orange Business Services PaaSOrange Business Services PaaS
    108IIJ Cloud services PaaS
    1-IIJ-PaaS IIJ

     

  • MTCS Certified SaaS

  • No ServiceMTCS Level/CertificateCompany Name/Self-Disclosure Form
    1Google Asia Pacific Pte Ltd using SaaS Model (G Suite)3-Google-SaaSGoogle SaaS
    2Microsoft Office Online
    3-MS Office-SaaS Microsoft Office
    3Microsoft Exchange Online
    4Microsoft Sharepoint  Online
    5Microsoft Information Protection

    6Microsoft Skype for Business
    7Microsoft Office Services Infrastructure (OSI)
    8Microsoft Suite User Experience
    9Microsoft Domain Name Service (DNS)
    10Microsoft CRM Online using SaaS model3-MS Dynamics-SaaS Microsoft Dynamics
    11Microsoft Dynamics 365 – for Sales,
    Customer Service, Field Service
    and Project Service Automation)
    12Ribose Collaboration-as-a-Service
    3-Ribose-SaaSRibose Group Inc
    13ServiceNow services using SaaS model
    3-ServiceNow-SaaS ServiceNow
    14SESAMi (Singapore) Pte Ltd2-SESAMi-SaaS SESAMi
    15Wizlearn E-Learning
    2-Wizlearn-SaaSWizlearn
    16Clearmanage Video Streaming
    1-Clearmanage-SaaSClearmanage
    17Evvo Cloud Video Streaming Service
    1-Evvo-SaaS Evvo
    18Inspire-Tech EasiShare
    1-Inspire-Tech-SaaS Inspire-Tech
    19Reachfield Video Streaming
    1-Reachfield-SaaSReachfield

Enquiries

All enquiries regarding MTCS Certification can also be addressed to nitsc@imda.gov.sg.

Related Links