MTCS SS 584 CERTIFICATION

SS 584 MTCS Certification

Multi Tiered Cloud Services (MTCS)

Multi Tiered Cloud Services (MTCS)

What is SS 584 multi tiered cloud services (MTCS)?

In order to help businesses understand cloud computing certifications provided by different cloud service providers (CSPs), the SS 584, which is the Multi-Tier Cloud Security Standard for Singapore (MTCS SS), was introduced, and is the world’s first cloud security standard that covers multiple tiers.

 

While this cloud security standard is voluntary, it is mandatory for CSPs participating in bulk tenders from the Government. TÜV SÜD PSB is one of the qualified certification bodies identified by Infocomm Development Authority of Singapore (IDA) and Enterprise Singapore to conduct the cloud computing certification for CSPs, against the MTCS Standard. SS 584 (MTCS) has three different tiers of cloud security, Tier 1 being the base level and Tier 3 being the most stringent.

 

  • TIER 1:
    Designed for non-business critical data and systems with basic security control, that address security risks and threats targeting low-impact information systems. (e.g.: Web site hosting public information)
  • TIER 2:
    Designed for organizations that use cloud services to protect business or personal information, and run critical business data and systems in a moderate impact information systems. CSPs in this tier have more stringent security controls (e.g.: Email / CRM – Customer relation management systems)
  • TIER 3:
    Designed for companies with specific needs and more stringent security requirements. Industry specific regulations may also be applied, to supplement and address security risks and threats, in a high impact information systems using cloud services (e.g.: Financial / Medical records)

SS 584 CERTIFICATION PROVIDES YOUR ORGANISATION WITH MULTIPLE BENEFITS:

  • Facilitate matching of security needs between companies and cloud service providers
  • Increase clarity of security levels and implications
  • Help local and foreign cloud service providers to promote their services
  • Enhance quality, security and reliability of cloud service

TÜV SÜD PSB IS YOUR SS 584 MTCS CERTIFICATION PARTNER FOR SECURITY OF CLOUD COMPUTING

TÜV SÜD PSB offers a comprehensive range of solutions for the IT industry. As an independent body, we provide objective and farsighted recommendations to optimise our clients’ products and services. We can help customers to ensure that the best practices in information security are being adopted, and to harness the maximum potential that are technologically possible.

RELEASE OF SS 584:2020 & NEW TRANSITION TIMELINE FOR SS 584:2020

Below is the Singapore Accreditation Council (SAC) policy for the migration to SS 584:2020 from SS 584:2015.

Transition Timeline 

Organisations with SAC accredited SS 584:2015 certification will be given 2 years to transit to the new SS 584:2020, i.e. by 31 Oct 2022.  All SS 584:2015 certifications shall expire or by withdrawn by 31 October 2022. 

New (Initial) Certification

From 31 Oct 2021 and onwards, all new certification (initial) assessments will be carried out in accordance with the new SS 584:2020 standard.

Existing Certification

Existing certification on SS 584:2015 will remain valid until successful conversion. All affected organisations are to successfully convert to SS 584:2020.

As such, organisation having their surveillance (continuing) or renewal (repeat) assessment that is due on 31 Oct 21 and beyond will have to be assessed and converted to the new SS 584:2020 MTCS before 31 Oct 2022.

Additional audit time for transition:

There are no additional man-days added for re-certification (renewal) and surveillance audits.

Prior to the transition audit, organisations are required to take the following actions:

1. Review the new editions and make relevant changes to address the new / updated requirements of energy management systems. 
2. Submit the revised documented system to TÜV SÜD PSB.
3. Conduct an internal audit and management review to the new editions.

For more information or any enquiry, please contact us at [email protected].

 

Frequently Asked Questions

 

  • Is MTCS SS 584 Certification mandatory by the Singapore Government?

    No, MTCS SS 584 certification is not mandatory. However, it is a widely recognised and accepted certification for cloud service providers in Singapore. It is recommended by the Government’s Infocomm Media Development Authority (IMDA) for organisations that provide cloud computing services.

    MTCS SS 584 Certification is a Singapore Standard for Multi-Tier Cloud Security that provides comprehensive security controls for cloud service providers to safeguard their clients’ data and systems. It is based on international standards such as ISO/IEC 27001 and 27017. It is designed to ensure that cloud service providers in Singapore adhere to the highest levels of security and compliance.

    Organisations certified under MTCS SS 584 can demonstrate that they have implemented strong security controls and best practices for their cloud services. This can assure customers and stakeholders that their data is being handled securely, giving certified providers a competitive advantage in the marketplace.

     

  • How long is the MTCS SS 584 certification valid?

    The MTCS SS 584 certification is valid for three years from the date of issuance. After the initial certification, a re-certification audit will be conducted every three years to ensure that the cloud service provider meets the MTCS SS 584 certification requirements and maintains a high level of security and compliance.

    In addition to the regular re-certification audits, the Infocomm Media Development Authority (IMDA) may also conduct spot checks and audits to ensure that certified cloud service providers comply with the certification requirements at all times. These audits may be conducted at any time during the three-year certification period.

    It is important for certified cloud service providers to maintain compliance with MTCS SS 584 requirements throughout the certification period to avoid any potential non-compliance issues and to ensure they can renew their certification at the end of the three years.

     

EXPLORE

ISO 9001 2015 guidance
White paper

ISO 9001:2015 Guidance

A comprehensive guideline to ISO 9001:2015.

Learn more

VIEW ALL RESOURCES

Next Steps

Site Selector