MTCS, a cloud security standard, was developed by the Information Technology Standards Committee (ITSC) in Singapore and published in November 2013 for its first version. The ITSC promotes and facilitates national programs to standardize IT and communications, and Singapore's participation in international standardization activities. Since 2014, Microsoft became one of the first cloud service providers that has received the MTCS certification, for both Microsoft Azure cloud platform and Office 365 services.
In November 2021, Microsoft again successfully attained the Multi-Tier Cloud Security (MTCS) Standard for Singapore Level-3 High Impact certification for Office 365 family of services, this time with the renewed version SS 584:2020. Office 365 services included in scope are:
This renewed SS 584:2020 standard was approved and published in October 2020. Compared with the last SS 584:2015 standard, the renewed version has major updated requirements including:
By providing the implementation details of the management and technical controls in place along with their supporting evidence, Office 365 was able to demonstrate how its information systems can support the Level 3 confidentiality, integrity, and availability requirements from the standard. This Level 3 certification means that in-scope Office 365 cloud services can host high-impact data for regulated organizations with much stricter security requirements. It's required for certain cloud solution implementations by the Singapore government.
Certification is valid for three years with a yearly surveillance audit conducted:
To whom does the standard apply?
It applies to businesses in Singapore that purchase cloud services requiring compliance with the MTCS standard.
What are the differences between MTCS security levels?
MTCS has a total of 535 controls that cover three levels of security:
How do I get started with my organization's own compliance effort?
The MTCS Certification Scheme provides guidance on audit controls and security requirements.
Can I use Microsoft's compliance in my organization's certification process?
Yes. If you have a requirement to certify your services built on these Microsoft cloud services, you can use the MTCS certification to reduce the impact of auditing your IT infrastructure. However, you are responsible for engaging an assessor to evaluate your implementation for compliance, and for the controls and processes within your own organization.
Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with the latest updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.