Security & Compliance Center

We are committed to providing reliable, secure, and compliant cloud computing products and services.

Contact Security & Compliance Center

Security Compliance

Global

Alibaba Cloud adheres to international information security standards and is committed to using international best practices.

ISO 27001

Information Security Management Standard

ISO 20000

Information Technology Service Management Standard

ISO 22301

Business Continuity Management Standard

ISO 9001

Quality Management Systems Standard

ISO 27017

Code of Practice for Cloud-Specific Information Security Controls

CSA STAR

CSA Three-Tiered Cloud Security Assurance Program

SOC1 Type II Report

Internal Controls over Financial Reporting

SOC2 Type II Report

Internal Controls Relevant to Security, Availability and Confidentiality

SOC3 Report

General Use Report Relevant to Security, Availability and Confidentiality

PCI DSS

Payment Card Industry Data Security Standards version 3.2.1

Regional

Alibaba Cloud adheres to all the domestic information security standards of the countries and regions where our cloud services are deployed.

C5 DE

Cloud Computing Compliance Controls Catalog in Germany

Trusted Cloud DE

The Trusted Cloud label issued by the Trusted Cloud Competence Network

MTCS SG

Multi-Tier Cloud Security System (MTCS) Level 3 IaaS Certification

MLPS 2.0 CN

Multi-Level Protection Scheme (MLPS) Tiered Protection System 2.0: Level III

ITSS CN

Cloud Computing Service Capability certified by ITSS: Level 1

NESA/ISR UAE

National Electronic Security Authority & Information Security Regulation

Industry

Alibaba Cloud adheres to industry standard practices, continually conducts self-assessment reviews, and has obtained the relevant industry certifications.

GxP

US FDA Regulations on Electronic Records and Electronic Signatures (ERES) Part 11 of Title 21 Code of Federal Regulations (CFR)

HIPAA/HITECH

Health Insurance Portability and Accountability Act

MPAA

Motion Picture Association of America

SEC Rule-17a

Securities and Exchange Commission (SEC) Rule 17a

TISAX

Trusted Information Security Assessment Exchange

TPN

Trusted Partner Network

More Information on Regulatory Compliance in the Financial Sector

Privacy Protection

Alibaba Cloud's privacy policy is entirely transparent, and we are committed to the protection of personal information, and guarantee that personal information is only used for the purposes agreed to by our customers.

General Data Protection Regulation (GDPR)

Alibaba Cloud is GDPR ready by the effective date of May 25, 2018.
Learn More>

ISO 27018

Code of Practice for Protecting Personal Data in the Cloud

ISO 27701

Extension to ISO/IEC 27001/27002 for Privacy Information Management

ISO 29151

Code of Practice for Personally Identifiable Information Protection

BS 10012

Personal Information Management System

EU Cloud COC

Founding Member of EU Cloud Code of Conduct

PDPA

Personal Data Protection Act in Singapore

DPTM

Data Protection Trustmark in Singapore

PDPO

The Personal Data (Privacy) Ordinance in Hong Kong

Security Solutions & Best Practices

Shared Security Responsibilities Model

Alibaba Cloud and its customers are jointly responsible for the security of customers' applications built on Alibaba Cloud. With security responsibilities shared between Alibaba Cloud and its customers, Alibaba Cloud provides a secure infrastructure to decrease the enterprise security burden of customers. As such, customers can configure and use cloud products in a secure manner, thus relieving much of the underlying security burdens while allowing customers to focus more on their core business needs.

Learn more at Alibaba Cloud Security Whitepaper - The International Version>
Alibaba Cloud has newly published 2020 Alibaba Cloud Security Whitepaper - The China Gateway Version which introduces the public cloud security system of Alibaba Cloud, specifically for Alibaba Cloud’s security capabilities and offerings in Mainland China.

Learn more at Alibaba Cloud Security Whitepaper - The China Gateway Version>

HOT

Whitepaper

Alibaba Cloud Security Whitepaper - The International Version

This whitepaper introduces the security of Alibaba Cloud public cloud platform.

HOT

Solutions

Alibaba Cloud Security Solutions and Benefits

Alibaba cloud help you to thwart attacks large or small and defend against online or offline threats.

Whitepaper

The CyberSphere I: an Alibaba Cloud Security Report

This report tells how cloud security offers the best way to protect your business from cyber threats.

Whitepaper

Securing the Data Center in a Cloud First World

This whitepaper looks at steps to protect your data center infrastructure.

Whitepaper

2018 Cryptocurrency Mining Hijacker Report

Cryptocurrency value might depreciated, but mining is still popular.

NEW

Whitepaper

The CyberSphere II: an Alibaba Cloud Security Report

The report provides the latest trends in Chinese cyberattacks discovered by our security team.

NEW

Whitepaper

Manage and Protect Your Critical Data in the Cloud

This whitepaper describes the benefits of using Sensitive Data Discovery and Protection (SDDP) system to manage and protect critical data.

Still have questions? For requests of reports or information related to compliance and privacy, please contact the Security & Compliance Center >