MTCS SS 584:2015/ 2020 - Multi-Tier Cloud Computing Security Management System
The Multi-Tier Cloud Security (MTCS) Singapore standard has been launched in Singapore to provide businesses with greater clarity on the levels of security offered by the different Cloud Service Providers (CSPs). The standard aimed to spur the adoption of cloud computing across the varying industries. The MTCS SS584:2015 is the world’s first cloud security standard that covers multiple tiers.
The standard has three levels of security:
- Tier 1 – Designed for non-business critical data and system, with baseline security controls implemented to address potentially low impact security risks and threats
- Tier 2 – Designed to address the needs of most organization running business critical data and systems through a set of more stringent security controls to address potentially moderate security risks and threats
- Tier 3 – Designed for regulated organizations with specific requirements and more stringent security requirements due to higher impact of risks
Benefits of MTCS:
- Reduce the risks associated with cloud computing
- Provide assurance to cloud service subscribers as they are able to make informed, risk-based decisions relating to adoption of cloud services
Transition from SS 584:2015 to SS 584:2020
The Singapore Accreditation Council has officially published SS 584:2020 Specification for Multi-Tiered cloud Computing Security in October 2020. The transition period is two (2) years from 1 November 2020 till 31 October 2022. Therefore, as of 1 November 2022, SS 584:2015 shall cease.
Kindly note the certificate expiry for SS 584:2015 issued during the transition period shall correspond to the end of the transition period – 31 October 2022. The transition to SS 584:2020 could take place during the initial (new), surveillance, re-certification or non-routine audits. Therefore, it is advisable for you to make the necessary preparation to transit to SS 584:2020 as soon as possible, and to coincide with your upcoming surveillance or recertification audit.
For your information, the key changes to SS 584:2020 are as follows:
- Editorial changes for terms and definition used in the standard
- Introduction of edge node’s definition, integrated requirements, and audit procedures into the standard
- Introduction of applicability and compensatory controls requirements and audit procedures
- Option to extend certification to cover TR 82 on Cloud Native Security
In addition, TR 82 on Cloud Native Security provides additional guidance for relevant controls specified in SS 584:2020 to mitigate vulnerabilities specific to Cloud Native architecture (including Container technologies, Microservices-based technologies, and DevOps pipeline) that are applicable for Cloud Service Provider (CSP) which you may consider for voluntary certification.
Lastly, for more information on the transition process, please contact our Sales Department via phone at 6299 9001 or via email at firstname.lastname@example.org.