• 1 min read

Microsoft expands scope of Singapore MTCS certification

I am pleased to announce the renewal of the Singapore Multi-Tier Could Security (MTCS) Certification Level 3.

I am pleased to announce the renewal of the Singapore Multi-Tier Cloud Security (MTCS) Certification Level 3. As part of its commitment to customer satisfaction, Azure has adopted the MTCS standard to meet different cloud user needs for data sensitivity and business criticality. Azure has maintained its MTCS certification for the fourth consecutive year. This year, the scope has increased by 30% catching up with the latest ISO 27001 scope covering the latest data storage and analytics services including Data Lake Store, Data Lake Analytics, SQL Server Stretch Database, Azure Cosmos DB, Azure Container Service, etc.

Developed by the Infocomm Media Development Authority (IMDA) of Singapore, the MTCS Standard 584:2015 is the world’s first cloud security standard that covers three different tiers of security requirements spanning different service types including PaaS, IaaS and SaaS.  The standard comprises a total of 535 controls closely mapped to ISO 27001 Information Security Management System (ISMS) standard, covering basic security in Level 1, more stringent governance and tenancy controls in Level 2, and reliability and resiliency for high-impact information systems in Level 3.

The MTCS standard seeks to drive cloud adoption across industries by giving clarity around the security service levels of Cloud Service Providers (CSPs) while increasing the level of accountability and transparency from CSPs and encouraging the adoption of sound risk management and security practices. Certification is valid for three years with a yearly surveillance audit to be conducted by an independent third party.

Microsoft relies on its MTCS Level 3 certification to provide the level of assurance and transparency required by verticals such government, financial and healthcare with more stringent security and regulatory requirements. Such organizations are encouraged to supplement MTCS level 3 with their own industry specific requirements to help mitigate high impact risks associated with the handling of highly sensitive data.

More information on the services covered, the Azure self-disclosure form and the MTCS certification are available on the Azure Trust Center as well as the IMDA Singapore site.