SAC Launched a New Accreditation Programme on Multi-Tiered Cloud Computing Security (MTCS) Certification

The Singapore Accreditation Council (SAC) has launched a new accreditation programme for Multi-Tiered Cloud Computing Security (MTCS) Certification on 29 October 2014 during the CloudAsia 2014 event.

This Accreditation Programme is to accredit certification bodies (CBs) certifying companies to SS 584:2013 Specification for Multi-tiered Cloud Computing Security. The SS 584, launched by SPRING Singapore last year, provides specifications for Cloud Service Providers (CSPs) to prevent data exposure to unauthorised parties from unintentional administrator actions, change in security settings or lack of proper segmentation of customers. Companies interested to adopt the SS 584 can tap on SPRING’s Capability Development Grant which covers up to 70% of qualifying project costs.

CBs accredited by SAC will be assessed to meet stringent criteria of conducting good certification practices in accordance with international best practices. As such, CSPs which are certified against the SS 584 by SAC accredited CBs will provide greater assurance on cloud security to cloud users. Cloud security is crucial because there is a large amount of important personal and company information stored on the cloud. Leaks in information can lead to potentially significant consequences. As security needs of different cloud users vary across industries and sectors, the certification will cater such varying needs for a trusted environment. The multi-tier standard covers a range of cloud security models, which in turn cover a range of security arrangements from users (including SMEs) with basic requirements similar to industries that require high confidentiality, integrity and availability, such as the financial services industry.

While adopting the MTCS standard is voluntary, certification by an SAC accredited CB will be a requirement for CSPs participating in future public cloud service bulk tenders from IDA. Other stakeholders will also recognize the SAC accreditation scheme after they see the value of accredited certification.