Alibaba Cloud Obtains Global Security and Compliance Accreditations in Multiple Industries

Oct 31, 2019

Assessments support customer expansions as well as inspiring confidence in moving onto Cloud

Hangzhou, China, October 31, 2019 – Alibaba Cloud, the data intelligence backbone of Alibaba Group, today announced that it had obtained two new globally recognised security and compliance accreditations in the automobile and healthcare industries. These underline Alibaba Cloud's ongoing commitment to meeting the highest standards across sectors and geographies, making it easier for businesses of all sizes to use cloud computing and data intelligence technologies.

Completing Level 3 assessment in TISAX

Alibaba Cloud obtained the highest Level 3 assessment in TISAX (Trusted Information Security Assessment Exchange) in an audit conducted by PwC in Germany. Founded in 2017 by the German Automobile Industry Association (VDA) and regulated by the ENX, TISAX is an automobile industry assessment of service providers' level of compliance with stringent information security requirements.

Independent auditor PwC conducted a thorough on-site inspection of Alibaba Cloud's data centers in Germany and a series of interviews to review the company's controls and management. For Alibaba Cloud's automotive customers, the assessment will help reduce the effort and expense involved in conducting individual assessments when they engage the company to handle their highly sensitive information. The accolade is also significant given the future of autonomous driving platforms and their use of data.

"TISAX assessment is an important benchmark for service providers in the automotive industry when it comes to safeguarding customers' highly sensitive data. Following a thorough review of Alibaba Cloud's data centers in Germany and its internal controls across the board, we are happy to announce that the currently highest available Level 3 certification of the assessed Alibaba Cloud Services are available via the ENX portal," said Aleksei Resetko, Partner in Cybersecurity & Privacy at PwC Germany.

GxP readiness recognized

Alibaba Cloud has also completed the Good "x" Practice (GxP) readiness assessment for the healthcare industry under the US Food and Drug Administration (FDA) regulations on Electronic Records and Electronic Signatures (ERES). The audit was conducted by RSM LLC, a US-based independent third-party, but this standard will apply to Alibaba Cloud's customers in multiple jurisdictions.

The review included an assessment of the products offered by Alibaba Cloud, as well as the security controls of the platform itself and the company's ability to maintain compliance in the future. In addition, Alibaba Cloud issued a whitepaper that looked at the requirements of the Health Insurance Portability and Accountability Act, covering the compliance of multiple products and services.

"At RSM, we understand the importance of protecting sensitive information, and we were happy to participate in the completion of important compliance efforts to further the robust security program within Alibaba Cloud. As we see with many of our clients, adherence to GxP, including regulations such as HIPAA and 21 CFR Part 11, is one of the cornerstones of a robust cloud solution," said Greg Vetter, Security Principal at RSM.

"We continue to strive for the highest international standards and these latest achievements provide clear evidence of the successful ongoing expansion of our services. Alibaba Cloud is also fully committed to inspiring confidence in products from a broader range of customers, which third-party accreditation clearly provides. Achieving these multiple accreditations reflects our alignment with the best providers in these industries and expands our business influence globally," said Yuanbin Zheng, Head of Security Compliance and Privacy at Alibaba Cloud Intelligence.

Ensuring these high standards in the healthcare and automobile industries is a response to growing customer demand. It is also a reflection of the levels of dynamism and innovation in these two sectors, which offer some of the biggest opportunities for cloud computing. Other business units within the Alibaba Group will also be able to leverage these accolades for their own work within these industries.

Earlier this year, Alibaba Cloud also completed an assessment for compliance with the broker-dealer media requirements put into effect by the US's Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA). Alibaba Cloud's Object Storage Service (OSS) is the only cloud service in China that has passed the audit compliance assessment run by the US-based Cohasset Associates and can meet the regulators' requirements for retaining electronic records. Although originated in the US, these regulatory standards allow Alibaba Cloud to serve more customers across the global financial industry.

These international recognitions are key to Alibaba Cloud's ongoing expansion and drives engagement and understanding between the company, regulators and clients in new markets. As part of its commitment to complying with local regulations and industry standards across 20 global regions, Alibaba Cloud has obtained more than 70 security and compliance accreditations worldwide.

About Alibaba Cloud

Established in 2009, Alibaba Cloud (, the data intelligence backbone of Alibaba Group, is among the world's top three IaaS providers, according to Gartner. It is also the largest provider of public cloud services in China, according to IDC. Alibaba Cloud provides a comprehensive suite of cloud computing services to businesses worldwide, including merchants doing business on Alibaba Group marketplaces, start-ups, corporations and public services. Alibaba Cloud is the official Cloud Services Partner of the International Olympic Committee.

A Free Trial That Lets You Build Big!

Start building with 40+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free Get Started for Free