Multi-Tiered Cloud Computing Security SS584
How can we help you?Request information
Know what you need?Request quote
We offer both certification and training for SS584. Find an upcoming course in your country or request for a certification quote.
What is the SS 584 standard?
The Multi-Tiered Cloud Security (MTCS) Singapore Standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation's cloud security system.
This standard is the first cloud security standard in the world that covers multiple tiers.
For Criteria for MTCS Auditors, Duration of MTCS Audits [Minimum Initial Audit Duration (Man-day), Impact Level, Multi-sites Audit, for Organisations with ISO/IEC 27001 certification], and Scope Statement, please visit Singapore Accreditation Council - SAC Accreditation scheme for management systems certification bodies, CT 14 SAC Criteria for Certification Bodies (Multi-Tiered Cloud Computing Security).
Mandatory by the Singapore Government
While certification is voluntary, it is mandatory for CSPs participating in bulk tenders published from Government Agencies.
MTCS is supported by Enterprise Singapore and IMDA Singapore.
3 levels of security
- LEVEL 1: Designed for non-business critical data and systems, with basic security controls addressing security risks and threats in low impact information systems using cloud services (e.g. Web site hosting public information).
- LEVEL 2: Designed as a set of more stringent security controls for organizations using cloud services to protect business or personal information, and run critical business data and systems in a moderate impact information systems. (e.g.: Credit Card Data, Emails, CRM – Customer relation management systems, PII - Personal Identifiable Information)
- LEVEL 3: Designed for regulated companies with specific requirements and more stringent security requirements. Applicable to industry-specific high impact information systems using cloud services. (e.g. Financial / Medical records)
Transition from SS 584:2015 to SS 584:2020
The revised Singapore Standard, SS 584:2020 - Specification for Multi-tiered Cloud Computing Security (MTCS), has been published in end October 2020.
Organisations with SAC accredited SS 584:2015 certification will be given 2 years to transit to the new SS 584:2020, i.e. by 31 Oct 2022. All SS 584:2015 certifications shall expire or be withdrawn by 31 October 2022.
The transition to SS 584:2020 could take place during the initial (new) or surveillance or re-certification audits.
Key changes to the revised CT 14 include:
- Alignment on the terms and definition used in the ISO Cloud Computing standard
- Option to extend certification to cover TR 82 on Cloud Native Security
- Provide examples on provision for exclusion of controls and design/use of compensating controls (informative annex)
- Provide guidance on scoping and certification for different types of cloud services (informative annex)
How can we help you?
Contact us to understand which level best suits your business.
DNV Business Assurance Singapore Pte Ltd is a 3rd-party Certification body accredited to the MTCS standard.
Complaints and appeals procedure
DNV - Business Assurance has an established and documented process to ensure that complaints and appeals from stakeholders are handled in a timely and structured way. We appreciate any feedback that may help us to improve our work. All complaints are taken seriously, and we will do our utmost to perform according to what is expected from us.
Unless a local contact person is known for the complainant, please contact us through email, contact form or use the following address: DNV Business Assurance Singapore Pte Ltd, 16 Science Park Drive, Singapore 118227
Policy on Impartiality
DNV Business Assurance Singapore is committed to ensuring impartiality in all auditing activities undertaken by its auditors and shall not allow commercial, financial and other pressures to compromise impartiality.