Security & Privacy Compliance

Alibaba Cloud’s compliance program includes a comprehensive range of certifications, worldwide attestation reports, and our commitment to data protection.

Contact the Trust Center

Attestations & Certifications

Attestations & Certifications

Global

Alibaba Cloud adheres to international information security standards and is committed to using international best practices.

CSA STAR

CSA Three-tiered Cloud Security Assurance Program

ISO 27001

Information Security Management Standard

ISO 20000

Information Technology Service Management Standard

ISO 22301

Business Continuity Management Standard

ISO 9001

Quality Management Systems Standard

ISO 27017

Code of Practice for Cloud-Specific Information Security Controls

ISO 27018

Code of Practice for Protecting Personal Data in the Cloud

ISO 27701

Extension to ISO 27001 for Privacy Information Management

ISO 29151

Code of Personally Identifiable Information Protection

BS 10012

Personal Information Management System

PCI DSS

Payment Card Data Industry Data Security Standards v3.2.1

PCI 3DS

PCI 3DS Core Security Standard supports 3DS transaction security

SOC1 Type II Report

Internal Controls Over Financial Reporting

SOC2 Type II Report

Internal Controls Relevant to Security, Availability, and Confidentiality

SOC3 Report

General Use Report Relevant to Security, Availability, and Confidentiality

Regional

Alibaba Cloud adheres to all the domestic information security standards of the countries and regions where our cloud services are deployed.

MTCS SG

Multi-Tier Cloud Security System (MTCS) with Level 3 Certification

DPTM SG

Data Protection Trustmark in Singapore

C5 DE

Cloud Computing Compliance Control Catalog in Germany

AIC4 DE

AI Cloud Service Compliance Criteria Catalog Germany

Trusted Cloud DE

The Trusted Cloud Label Issued by the Trusted Cloud Competence Network

NESA/ISR UAE

National Electronic Security Authority & Information Security Regulation

NIST US

NIST800-53 and NIST CSF

MLPS 2.0 CN

Multi-Level Protection Scheme (MLPS) 2.0: Level III

ITSS CN

Cloud Computing Service Certified by ITSS: Level 1

NISC JP

National Center of Incident Readiness and Strategy for Cybersecurity

TRUCS CN

Trusted Cloud Services Accreditation Issued by MIIT of China

Industry

Alibaba Cloud adheres to industry-standard practices, continually conducts self-assessment reviews, and has obtained all of the relevant industry certifications.

GxP US

US FDA Regulation on Electronic Records and Electronic Signatures (ERES) Part 11 of Title 21 Code of Federal Regulations (CFR)

TISAX DE

Trusted Information Security Assessment Exchange

HIPAA/HITECH US

Health Insurance Portability and Accountability Act

MPA US

Motion Picture Association Guidelines

TPN US

Trusted Partner Network

SEC Rule-17a US

Securities and Exchange Commission (SEC) Rule 17a

OSPAR SG

Outsourced Service Provider's Audit Report (OSPAR) in Singapore

FERPA & HECVAT US

Family Educational Rights and Privacy Act

COPPA US

Children's Online Privacy Protection Rule

DPP - Broadcast UK

DPP Committed to Security Programme for Broadcast

DPP - Production UK

DPP Committed to Security Programme for Production

FISC JP

Center for Financial Industry Information Systems

Data Protection & Privacy

Alibaba Cloud is committed to protecting customers' personal information worldwide and complying with applicable laws of countries where our business operates.

GDPR EU

General Data Protection Regulation

EU Cloud CoC EU

EU Cloud Code of Conduct

PDPA SG

Personal Data Protection Act in Singapore

PDPO HK

The Personal Data (Privacy) Ordinance in Hong Kong

PDPA MY

Personal Data Protection Act in Malaysia

DPTM SG

Data Protection Trustmark in Singapore

APEC CBPR SG

APEC Cross Border Privacy Rules System (Singapore)

APEC PRP SG

APEC Privacy Recognition for Processors System (Singapore)

Associations

Alibaba Cloud is a proud member of and proactively participates in security and privacy associations to share and collaborate the industry best practices.

Trusted Cloud

Trusted Cloud Network

MESA

Media & Entertainment Services Alliance

DPP

Digital Production Partnership

SRIW

Self-regulation Information Economy

IAPP

International Association of Privacy Professionals

EU Cloud CoC

EU Cloud Code of Conduct

W3C

The World Wide Web Consortium (W3C)

Still have questions?

For requests related to security compliance and privacy, please contact the Trust Center

Contact Trust Center