The Singapore Standard SS 584: 2015 Specification for multi-tiered cloud computing security, commonly known as MTCS, is the world’s first cloud security standard that covers multiple tiers of cloud security developed under the Information Technology Standards Committee (ITSC) for Cloud Service Providers (CSPs) in Singapore. The MTCS standard specifies 3 different tiers of security certification qualified with types of services (e.g., Infrastructure-as-a-Service).
In conjunction with the MTCS standard, the MTCS Certification Scheme is developed to
- encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and
- promote the adoption of MTCS standard.
How to be Certified?
Here are the key steps for CSPs to participate in the scheme.
- CSPs shall source and identify suitable ACCREDITED Certification Bodies (CBs) to undertake the certification (see enclosed list of participating CBs).
- CSPs shall work with the identified ACCREDITED CBs to prepare the following documents after having decided on the scope of certification:
- CSPs proceed to work with ACCREDITED CBs on the certification.
- Upon successful certification, CSP may email a copy of ACCREDITED MTCS certificate and a duly completed disclosure form to firstname.lastname@example.org for listing on the IMDA website. Only ACCREDITED MTCS certificates will be listed.
Certification will be valid for 3 years with a yearly surveillance audit to be conducted.
MTCS Certified Cloud Services
As of 24 October 2018, a total of 127 cloud services are MTCS certified. Of these, 108 are IaaS/PaaS and 19 are SaaS. Click here
for a list of MTCS-certified cloud services and the associated providers.
All enquiries regarding MTCS Certification can also be addressed to email@example.com.
- Cloud Outage Incident Response Guidelines
- Alignment of MTCS to Healthcare IT Security Policy & Standards
- Harmonization of MTCS SS with IS027018:2014
- MTCS to ISO27001:2013 Cross Certification
- MTCS to CSA STAR Cross Certification
- CSA STAR to MTCS Cross Certification
- Security Guidelines for Design and Implementation of Virtualized Servers
- Identical adoption of ISO/IEC 21878:2018 – Currently in progress