Overview
Compliance with standards, including IMDA regulations, can be exhibited in several ways. The level of assurance differs in objectivity and continuity in time scale while at the same time, the level of visibility, and transparency may also vary.
- Self-assessment is a process where organisations indicate their standard compliance status after carrying out an internal check and verification, while cloud security certification typically involves a third-party assessment.
- Certification by 3rd party is usually undertaken by an independent auditing company also known as a certification body. Upon successful completion, a certificate is usually issued valid for a period of time (commonly 3 years) with requirements of a periodic check, known as a surveillance audit, normally done annually to ensure continual compliance.
- Compliance through continuous monitoring where automated tools are deployed to continuously monitor, near real-time, its fulfilment of compliance to standards. This is the highest level of achievable compliance to standards though it is difficult to comprehensively cover such near real-time monitor on all aspect of the requirements.
Other forms of demonstration of compliance to standards such as attestation by 3rd or 2nd party (e.g. consumers/buyers audit their service providers/suppliers) are also possible. Such demonstration of compliance may be exhibited by posting online its self-disclosure statement, certificate of compliance or summary display of real-time compliance status.
MTCS Certification Scheme
In conjunction with the Singapore Standard SS 584: 2020 Specification for multi-tiered cloud computing security, the MTCS Certification Scheme is developed to
- encourage adoption of sound risk management and security practices by CSPs through MTCS certification; and
- promote the adoption of MTCS standard.
Here are the key steps for CSPs to participate in the scheme.
- CSPs shall source and identify suitable ACCREDITED Certification Bodies (CBs) to undertake the certification (see enclosed list of participating CBs).
- CSPs shall work with the identified ACCREDITED CBs to prepare the following documents after having decided on the scope of certification:
- Statement on Applicability and Compensating Controls; and
- MTCS CSP Self-Disclosure (185.10KB).
- CSPs proceed to work with ACCREDITED CBs on the certification.
Upon successful certification, CSP may email a copy of ACCREDITED MTCS certificate and a duly completed disclosure form to nitsc@imda.gov.sg for listing on the IMDA website. Only ACCREDITED MTCS certificates will be listed.
Certification will be valid for 3 years with a yearly surveillance audit to be conducted.
MTCS Certified Cloud Services
- CSPs who provide MTCS-certified services and wish to have them listed here can submit e-copies of the following documents to nitsc@imda.gov.sg:
- Accredited MTCS Certificate
- CSP disclosure form (185.10KB) (duly completed and signed)
- MTCS Certified IaaS/PaaS
- MTCS Certified SaaS
| No | Service | MTCS Level/Certificate | Company Name/Self-Disclosure Form |
|---|---|---|---|
| No 1 | Service Alibaba Cloud Computing Services (IaaS) | MTCS Level/Certificate 3-Alibaba-IaaS (865.72KB) | Company Name/Self-Disclosure Form Alibaba Cloud (Singapore) Pte Ltd (3.39MB) |
| No 2 |
Service Amazon Web Services (IaaS) |
MTCS Level/Certificate 3-AWS-IaaS (444.17KB) | Company Name/Self-Disclosure Form Amazon Web Services (408.32KB) |
| No 3 | Service Baidu AI Cloud |
MTCS Level/Certificate 3-Baidu-IaaS (524.66KB) | Company Name/Self-Disclosure Form Beijing Baidu Netcom Science Technology Co., Ltd. (1.18MB) |
| No 4 | Service Google Cloud Services (IaaS) | MTCS Level/Certificate 3-Google Workspace-IaaS (469.00KB) 3-Google Cloud Platform-IaaS (524.56KB) |
Company Name/Self-Disclosure Form Google LLC (501.86KB) |
| No 5 | Service Huawei Cloud Computing Services (IaaS) | MTCS Level/Certificate 3-Huawei-Iaas (416.62KB) | Company Name/Self-Disclosure Form Huawei Cloud Computing Technologies Co., Ltd. (5.77MB) |
| No 6 | Service IBM Cloud using IaaS model | MTCS Level/Certificate 3-IBM-IaaS (178.99KB) | Company Name/Self-Disclosure Form IBM (244.57KB) |
| No 7 | Service Kingsoft Cloud Pte. Ltd. | MTCS Level/Certificate 3-Kingsoft-IaaS (871.13KB) |
Company Name/Self-Disclosure Form Kingsoft Cloud Pte Ltd (680.47KB) |
| No 8 | Service Microsoft Azure services using IaaS model | MTCS Level/Certificate 3-MS-IaaS (3.78MB) | Company Name/Self-Disclosure Form Microsoft Corporation (740.63KB) |
| No 9 | Service NAVER Cloud Platform (IaaS) | MTCS Level/Certificate 3-NAVER-IaaS (843.52KB) | Company Name/Self-Disclosure Form NAVER Cloud Corp. (522.93KB) |
| No 10 | Service Oracle Cloud Infrastructure | MTCS Level/Certificate 3-Oracle-IaaS (368.23KB) | Company Name/Self-Disclosure Form Oracle (560.93KB) |
| No 11 | Service Orange Business Services | MTCS Level/Certificate 3-Orange Business Services IaaS (261.00KB) | Company Name/Self-Disclosure Form Orange Business Services IaaS (1.11MB) |
| No 12 | Service STT Connect Pte Ltd using IaaS Model |
MTCS Level/Certificate 3-STT Connect-IaaS (2.51MB) | Company Name/Self-Disclosure Form STT Connect Pte Ltd (361.56KB) |
| No 13 | Service Tata Communications - IZO Cloud Platform using IaaS model | MTCS Level/Certificate 3-IZO-IaaS (190.55KB) | Company Name/Self-Disclosure Form TATA Communications International Pte Ltd - IZO (343.23KB) |
| No 14 | Service Tencent Cloud Services (IaaS) | MTCS Level/Certificate 3-Tencent Cloud Services using IaaS model (355.69KB) | Company Name/Self-Disclosure Form Aceville Pte.Ltd (896.79KB) |
| No 15 | Service VMware Cloud on AWS (IaaS) | MTCS Level/Certificate 3-VMware-IaaS (275.02KB) | Company Name/Self-Disclosure Form VMware (3.71MB) |
| No 16 | Service CITIC Telecom CPC SmartCLOUD & BRR Services | MTCS Level/Certificate 1-CITIC-Telecom-CPC-IaaS (227.24KB) | Company Name/Self-Disclosure Form CITIC Telecom CPC (1.27MB) |
| No 17 | Service Fujitsu Local Cloud Platform |
MTCS Level/Certificate 1-Fujitsu-IaaS (353.99KB) | Company Name/Self-Disclosure Form Fujitsu (1.63MB) |
| No 18 | Service ICONZ-Webvisions |
MTCS Level/Certificate 1-ICONZ-IaaS (376.74KB) | Company Name/Self-Disclosure Form ICONZ-Webvisions (371.17KB) |
| No 19 | Service NEC Cloud Services using IaaS Model |
MTCS Level/Certificate 1-NEC-IaaS (128.06KB) | Company Name/Self-Disclosure Form NEC Asia Pacific Pte Ltd (692.27KB) |
| No 20 | Service NTT Worldwide Telecommunications Corporation Enterprise Cloud 2.0 |
MTCS Level/Certificate 1-NTT Enterprise Cloud 2.0 (ECL 2.0) using IaaS model (862.56KB) | Company Name/Self-Disclosure Form NTT Worldwide Telecommunications Corporation (2.34MB) |
| No 21 | Service Starhub Argonar |
MTCS Level/Certificate 1-Starhub-IaaS (264.05KB) | Company Name/Self-Disclosure Form Starhub (2.81MB) |
| No 22 | Service Alibaba Cloud Computing Services (PaaS) | MTCS Level/Certificate 3-Alibaba-PaaS (865.72KB) | Company Name/Self-Disclosure Form Alibaba Cloud (Singapore) Pte Ltd (3.39MB) |
| No 23 | Service Amazon Web Services (PaaS) |
MTCS Level/Certificate 3-AWS-PaaS (444.17KB) | Company Name/Self-Disclosure Form Amazon Web Services (408.32KB) |
| No 24 | Service Google Cloud Services (PaaS) |
MTCS Level/Certificate 3-Google Workspace-PaaS (469.00KB) 3-Google Cloud Platform-PaaS (524.56KB) |
Company Name/Self-Disclosure Form Google LLC (501.86KB) |
| No 25 | Service Huawei Cloud Computing Services (PaaS) |
MTCS Level/Certificate 3-Huawei-Paas (416.62KB) | Company Name/Self-Disclosure Form Huawei Cloud Computing Technologies Co., Ltd. (5.77MB) |
| No 26 | Service NAVER Cloud Platform (PaaS) | MTCS Level/Certificate 3-NAVER-PaaS (843.52KB) | Company Name/Self-Disclosure Form NAVER Cloud Corp. (522.93KB) |
| No 27 | Service Orange Business Services |
MTCS Level/Certificate 3-Orange Business Services PaaS (260.99KB) | Company Name/Self-Disclosure Form Orange Business Services PaaS (1.11MB) |
| No 28 | Service Tencent Cloud Services (PaaS) | MTCS Level/Certificate 3-Tencent Cloud Services using PaaS model (355.69KB) | Company Name/Self-Disclosure Form Aceville Pte. Ltd. (896.79KB) |
| No 29 | Service IIJ Cloud services PaaS |
MTCS Level/Certificate 1-IIJ-PaaS (327.53KB) | Company Name/Self-Disclosure Form IIJ (282.23KB) |
| No 30 | Service Netpluz Cloud Computing Managed Services using PaaS | MTCS Level/Certificate 1-Netpluz-PaaS (241.89KB) |
Company Name/Self-Disclosure Form Netpluz Asia Pte Ltd (622.79KB) |
| No | Service | MTCS Level/Certificate | Company Name/Self-Disclosure Form |
|---|---|---|---|
| No 1 | Service Alibaba Cloud Computing Services (SaaS) | MTCS Level/Certificate 3-Alibaba-SaaS (865.72KB) | Company Name/Self-Disclosure Form Alibaba Cloud (Singapore) Pte Ltd (3.39MB) |
| No 2 | Service Amazon Web Services (SaaS) | MTCS Level/Certificate 3-AWS-SaaS (444.17KB) | Company Name/Self-Disclosure Form Amazon Web Services (408.32KB) |
| No 3 | Service Google Cloud Services (SaaS) | MTCS Level/Certificate 3-Google Workspace-SaaS (469.00KB) 3-Google Cloud Platform-SaaS (524.56KB) |
Company Name/Self-Disclosure Form Google LLC (501.86KB) |
| No 4 | Service Huawei Cloud Computing Services (SaaS) | MTCS Level/Certificate 3-Huawei-Saas (416.62KB) | Company Name/Self-Disclosure Form Huawei Cloud Computing Technologies Co., Ltd. (5.77MB) |
| No 5 | Service Microsoft Office 365 & Dynamics 365 services using SaaS model |
MTCS Level/Certificate 3-MS Office 365-SaaS (3.49MB) 3-MS Dynamics-SaaS (3.53MB) |
Company Name/Self-Disclosure Form Microsoft Corporation – MS Office (850.71KB) Microsoft Corporation - MS Dynamics (621.77KB) |
| No 6 | Service NAVER Cloud Platform (SaaS) | MTCS Level/Certificate 3-NAVER-SaaS (843.52KB) | Company Name/Self-Disclosure Form NAVER Cloud Corp. (522.93KB) |
| No 7 | Service Oracle Cloud Applications | MTCS Level/Certificate 3-Oracle-SasS (409.59KB) | Company Name/Self-Disclosure Form Oracle (6.66MB) |
| No 8 | Service ServiceNow services using SaaS model |
MTCS Level/Certificate 3-ServiceNow-SaaS (1.75MB) | Company Name/Self-Disclosure Form ServiceNow (2.61MB) |
| No 9 | Service Zscaler Zero Trust Exchange | MTCS Level/Certificate 3-Zscaler-SaaS (96.05KB) | Company Name/Self-Disclosure Form Zscaler, Inc. (827.63KB) |
| No 10 | Service Enable Business Pte Ltd |
MTCS Level/Certificate 2-Enable Business-SaaS (1.82MB) |
Company Name/Self-Disclosure Form Enable Business (2.84MB) |
| No 11 | Service Info-Tech Systems Integrators Human Resource related Solutions and Services using SaaS model |
MTCS Level/Certificate 2-Human Resource related Solutions and Services-SaaS (1.82MB) | Company Name/Self-Disclosure Form Info-Tech Systems Integrators (5.39MB) |
| No 12 | Service SESAMi (Singapore) Pte Ltd | MTCS Level/Certificate 2-SESAMi-SaaS (1.65MB) | Company Name/Self-Disclosure Form SESAMi (291.18KB) |
| No 13 | Service Wizlearn E-Learning |
MTCS Level/Certificate 2-Wizlearn-SaaS (1.69MB) | Company Name/Self-Disclosure Form Wizlearn (638.40KB) |
| No 14 | Service Reachfield IT Solutions Pte Ltd | MTCS Level/Certificate 1-Video Hosting and Streaming Service (512.89KB) | Company Name/Self-Disclosure Form Reachfield IT Solutions (583.09KB) |
Enquiries
All enquiries regarding MTCS Certification can also be addressed to nitsc@imda.gov.sg.
.webp)