SS 584

What is SS 584 multi tiered cloud services (MTCS)?

In order to help businesses understand cloud computing certifications provided by different cloud service providers (CSPs), the SS 584, which is the Multi-Tier Cloud Security Standard for Singapore (MTCS SS), was introduced, and is the world’s first cloud security standard that covers multiple tiers.

While this cloud security standard is voluntary, it is mandatory for CSPs participating in bulk tenders from the Government. TÜV SÜD is one of the qualified certification bodies identified by Infocomm Development Authority of Singapore (IDA) and Enterprise Singapore to conduct the cloud computing certification for CSPs, against the MTCS Standard. SS 584 (MTCS) has three different tiers of cloud security, Tier 1 being the base level and Tier 3 being the most stringent.

• TIER 1:
  Designed for non-business critical data and systems with basic security control, that address security risks and threats targeting low-impact information systems. (e.g.: Web site hosting public information)
• TIER 2:
  Designed for organizations that use cloud services to protect business or personal information, and run critical business data and systems in a moderate impact information systems. CSPs in this tier have more stringent security controls (e.g.: Email / CRM – Customer relation management systems)
• TIER 3:
  Designed for companies with specific needs and more stringent security requirements. Industry specific regulations may also be applied, to supplement and address security risks and threats, in a high impact information systems using cloud services (e.g.: Financial / Medical records)

SS 584 CERTIFICATION PROVIDES YOUR ORGANISATION WITH MULTIPLE BENEFITS:

• Facilitate matching of security needs between companies and cloud service providers
• Increase clarity of security levels and implications
• Help local and foreign cloud service providers to promote their services
• Enhance quality, security and reliability of cloud service

TÜV SÜD IS YOUR CERTIFICATION PARTNER FOR SECURITY OF CLOUD COMPUTING

TÜV SÜD offers a comprehensive range of solutions for the IT industry. As an independent body, we provide objective and farsighted recommendations to optimise our clients’ products and services. We can help customers to ensure that the best practices in information security are being adopted, and to harness the maximum potential that are technologically possible.

Release of SS 584:2020 & New Transition Timeline for SS 584:2020

Below is the Singapore Accreditation Council (SAC) policy for the migration to SS 584:2020 from SS 584:2015.

Transition Timeline 

Organisations with SAC accredited SS 584:2015 certification will be given 2 years to transit to the new SS 584:2020, i.e. by 31 Oct 2022.  All SS 584:2015 certifications shall expire or by withdrawn by 31 October 2022. 

New (Initial) Certification

From 31 Oct 2021 and onwards, all new certification (initial) assessments will be carried out in accordance with the new SS 584:2020 standard.

Existing Certification

Existing certification on SS 584:2015 will remain valid until successful conversion. All affected organisations are to successfully convert to SS 584:2020.

As such, organisation having their surveillance (continuing) or renewal (repeat) assessment that is due on 31 Oct 21 and beyond will have to be assessed and converted to the new SS 584:2020 before 31 Oct 2022.

Additional audit time for transition:

There are no additional man-days added for re-certification (renewal) and surveillance audits.

Prior to the transition audit, organisations are required to take the following actions:

1. Review the new editions and make relevant changes to address the new / updated requirements of energy management systems. 
2. Submit the revised documented system to TÜV SÜD PSB.
3. Conduct an internal audit and management review to the new editions.

For more information or any enquiry, please contact us at [email protected].