Advisory Guidelines for resilience and security of Cloud Services and Data Centres

The Advisory Guidelines for Cloud Service Providers (CSPs) and Data Centres (DCs) are intended to minimise the occurrence and impact of disruptions to these services on our economy and society. The Guidelines set out industry best practices in view of learning points from incidents and technological developments.

Digital infrastructure such as Cloud Services and DCs underpin Singapore’s digital economy and society. Much of our day-to-day activities have become dependent on the continued availability of Cloud Services and DCs. Disruptions to Cloud Services and DCs can lead to significant impact across our economy.

The Advisory Guidelines take reference from existing industry standards including: IMDA’s Multi-Tier Cloud Security Standard, Cloud Security Alliance Cloud Controls Matrix, ISO 27001, and ISO 22301. The Guidelines were developed in consultation with many CSP and DC operators, as well as end-user enterprises that rely on such digital infrastructure. Several major CSP and DC operators have expressed their support for these Guidelines.

CSP and DC operators are strongly encouraged to adopt the recommended measures in the Advisory Guidelines, including dedicating personnel to oversee resilience and security efforts.

The Advisory Guidelines are part of broader efforts to uplift digital resilience and security. The Government will continue its parallel efforts in:

• Working with sectoral regulators to uplift the security and resilience of regulated digital services,
• Strengthening Government digital systems, and
• Educating businesses and citizens on being prepared to handle cyberattacks and disruptions.