MTCS - Multi-Tier Cloud Security Standard for Singapore


Well-known member
  • Apr 9, 2020
    Viet Nam
    The Multi-Tier Cloud Security (MTCS) Standard for Singapore was prepared under the direction of the Information Technology Standards Committee (ITSC) of the Infocomm Development Authority of Singapore (IDA). The ITSC promotes and facilitates national programs to standardize IT and communications, and Singapore's participation in international standardization activities.

    The purpose of the MTCS is to provide:
    • A common standard that cloud service providers (CSPs) can apply to address customer concerns about the security and confidentiality of data in the cloud, and the impact on businesses of using cloud services.
    • Verifiable operational transparency and visibility into risks to the customer when they use cloud services.
    The MTCS builds upon recognized international standards such as ISO/IEC 27001, and covers such areas as data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, and incident management. It also includes a mechanism for customers to benchmark and rank the capabilities of CSPs against a set of minimum baseline security requirements.

    MTCS is the first cloud security standard with different levels of security, so certified CSPs can specify which levels they offer. MTCS includes a total of 535 controls, covering basic security in Level 1, more stringent governance and tenancy controls in Level 2, and reliability and resiliency for high-impact information systems in Level 3.

    AWS, Azure, GCP is now Level 3.

    More information: