Security & Privacy Compliance

Alibaba Cloud’s compliance program includes a comprehensive range of certifications, worldwide attestation reports, and our commitment on data protection.

Contact the Trust Center

Attestations & Certifications

Attestations & Certifications

Global

Alibaba Cloud adheres to international information security standards and is committed to using international best practices.

CSA STAR

CSA Three-tiered Cloud Security Assurance Program

ISO 27001

Information Security Management Standard

ISO 20000

Information Technology Service Management Standard

ISO 22301

Business Continuity Management Standard

ISO 9001

Quality Management Systems Standard

ISO 27017

Code of Practice for Cloud-Specific Information Security Controls

ISO 27018

Code of Practice for Protecting Personal Data in the Cloud

ISO 27701

Extension to ISO 27001 for Privacy Information Management

ISO 29151

Code of Personally Identifiable Information Protection

BS 10012

Personal Information Management System

PCI DSS

Payment Card Data Industry Data Security Standards v3.2.1

PCI 3DS

PCI 3DS Core Security Standard supports 3DS transaction security

SOC1 Type II Report

Internal Controls Over Financial Reporting

SOC2 Type II Report

Internal Controls Relevant to Security, Availability, and Confidentiality

SOC3 Report

General Use Report Relevant to Security, Availability, and Confidentiality

Regional

Alibaba Cloud adheres to all the domestic information security standards of the countries and regions where our cloud services are deployed.

MTCS SG

Multi-Tier Cloud Security System (MTCS) with Level 3 Certification

C5 DE

Cloud Computing Compliance Control Catalog in Germany

Trusted Cloud DE

The Trusted Cloud Label Issued by the Trusted Cloud Competence Network

MLPS 2.0 CN

Multi-Level Protection Scheme (MPLS) 2.0: Level III

NESA/ISR UAE

National Electronic Security Authority & Information Security Regulation

ITSS CN

Cloud Computing Service Certified by ITSS: Level 1

TRUCS CN

Trusted Cloud Services Accreditation Issued by MIIT of China

DPTM SG

Data Protection Trustmark in Singapore

Industry

Alibaba Cloud adheres to industry-standard practices, continually conducts self-assessment reviews, and has obtained all of the relevant industry certifications.

GxP

US FDA Regulation on Electronic Records and Electronic Signatures (ERES) Part 11 of Title 21 Code of Federal Regulations (CFR)

TISAX

Trusted Information Security Assessment Exchange

HIPAA/HITECH

Health Insurance Portability and Accountability Act

MPAA

Motion Picture Association of America

TPN

Trusted Partner Network

SEC Rule-17a

Securities and Exchange Commission (SEC) Rule 17a

OSPAR SG

Outsourced Service Provider's Audit Report (OSPAR) in Singapore

Data Protection & Privacy

Alibaba Cloud is committed to protecting the personal information of customers worldwide and to complying with applicable laws of countries where our business operates.

General Data Protection Regulation (GDPR)

Alibaba Cloud has been GDPR-ready since May 25, 2018.

EU Cloud Code of Conduct

Alibaba Cloud is a Founding Member of the EU Cloud Code of Conduct and adheres to the EU Cloud Code of Conduct.

PDPA SG

Personal Data Protection Act in Singapore

PDPO HK

The Personal Data (Privacy) Ordinance in Hong Kong

DPTM SG

Data Protection Trustmark in Singapore

APEC CBPR SG

APEC CROSS BORDER PRIVACY RULES SYSTEM
SINGAPORE

APEC PRP SG

APEC
PRIVACY RECOGNITION
FOR PROCESSORS SYSTEM
SINGAPORE

Associations & Frameworks

Alibaba Cloud proactively participates in the security compliance associations. While some of the requirements are not subject to attestation or certification schemes, Alibaba Cloud provides ready-to-use features, capabilities, or documentation to demonstrate compliance.

NISC

National Center of Incident Readiness and Strategy for Cybersecurity

FISC

Center for Financial Industry Information Systems

Trusted Cloud

The Trusted Cloud Label Issued by the Trusted Cloud Competence Network

MPAA

Motion Picture Association of America

Still have questions?

For requests related to security compliance and privacy, please contact the Trust Center

Contact Trust Center