SS 584:2020 Multi-Tiered Cloud Computing Security Management System Transition Program
We would like to inform that the Singapore Accreditation Council has officially published SS 584:2020 Specification for Multi-Tiered cloud Computing Security in October 2020. The transition period is two (2) years from 1 November 2020 till 31 October 2022. Therefore, as of 1 November 2022, SS 584:2015 shall cease.
Kindly note the certificate expiry for SS 584:2015 issued during the transition period shall correspond to the end of the transition period – 31 October 2022. The transition to SS 584:2020 could take place during the initial (new), surveillance, re-certification or non-routine audits. Therefore, it is advisable for you to make the necessary preparation to transit to SS 584:2020 as soon as possible, and to coincide with your upcoming surveillance or recertification audit.
For your information, the key changes to SS 584:2020 are as follows:
- Editorial changes for terms and definition used in the standard
- Introduction of edge node’s definition, integrated requirements, and audit procedures into the standard
- Introduction of applicability and compensatory controls requirements and audit procedures
- Option to extend certification to cover TR 82 on Cloud Native Security
In addition, TR 82 on Cloud Native Security provides additional guidance for relevant controls specified in SS 584:2020 to mitigate vulnerabilities specific to Cloud Native architecture (including Container technologies, Microservices-based technologies, and DevOps pipeline) that are applicable for Cloud Service Provider (CSP) which you may consider for voluntary certification.
Lastly, for more information on the transition process, please contact our Sales Department via phone at 6299 9001 or via email at email@example.com.