Alibaba Cloud Security & Privacy Compliance Center for Cloud Computing

Security & Privacy Compliance

Alibaba Cloud’s compliance program includes a comprehensive range of certifications, worldwide attestation reports, and our commitment to data protection.

Contact the Trust Center

Attestations & Certifications

Attestations & Certifications
Data Protection & Privacy
Associations

Attestations & Certifications

Global

Alibaba Cloud adheres to international information security standards and is committed to using international best practices.

: CSA STAR

CSA Three-tiered Cloud Security Assurance Program

: ISO 27001

Information Security Management Standard

: ISO 20000

Information Technology Service Management Standard

: ISO 22301

Business Continuity Management Standard

: ISO 9001

Quality Management Systems Standard

: ISO 27017

Code of Practice for Cloud-Specific Information Security Controls

: ISO 27018

Code of Practice for Protecting Personal Data in the Cloud

: ISO 27701

Extension to ISO 27001 for Privacy Information Management

: ISO 29151

Code of Personally Identifiable Information Protection

: BS 10012

Personal Information Management System

: PCI DSS

Payment Card Data Industry Data Security Standards v3.2.1

: PCI 3DS

PCI 3DS Core Security Standard supports 3DS transaction security

: SOC1 Type II Report

Internal Controls Over Financial Reporting

: SOC2 Type II Report

Internal Controls Relevant to Security, Availability, and Confidentiality

: SOC3 Report

General Use Report Relevant to Security, Availability, and Confidentiality

Regional

Alibaba Cloud adheres to all the domestic information security standards of the countries and regions where our cloud services are deployed.

: MTCS SG

Multi-Tier Cloud Security System (MTCS) with Level 3 Certification

: DPTM SG

Data Protection Trustmark in Singapore

: C5 DE

Cloud Computing Compliance Control Catalog in Germany

: AIC4 DE

AI Cloud Service Compliance Criteria Catalog Germany

: Trusted Cloud DE

The Trusted Cloud Label Issued by the Trusted Cloud Competence Network

: NESA/ISR UAE

National Electronic Security Authority & Information Security Regulation

: NIST US

NIST800-53 and NIST CSF

: MLPS 2.0 CN

Multi-Level Protection Scheme (MLPS) 2.0: Level III

: ITSS CN

Cloud Computing Service Certified by ITSS: Level 1

: NISC JP

National Center of Incident Readiness and Strategy for Cybersecurity

: TRUCS CN

Trusted Cloud Services Accreditation Issued by MIIT of China

: CTM SG

Cyber Trustmark Issued by Singapore's Cybersecurity Agency (CSA)

: K-ISMS KR

Korea Information Security Management System (K-ISMS) Certification

Industry

Alibaba Cloud adheres to industry-standard practices, continually conducts self-assessment reviews, and has obtained all of the relevant industry certifications.

: GxP US

US FDA Regulation on Electronic Records and Electronic Signatures (ERES) Part 11 of Title 21 Code of Federal Regulations (CFR)

: TISAX DE

Trusted Information Security Assessment Exchange

: HIPAA/HITECH US

Health Insurance Portability and Accountability Act

: MPA US

Motion Picture Association Guidelines

: SEC Rule-17a US

Securities and Exchange Commission (SEC) Rule 17a

: OSPAR SG

Outsourced Service Provider's Audit Report (OSPAR) in Singapore

: FERPA & HECVAT US

Family Educational Rights and Privacy Act

: COPPA US

Children's Online Privacy Protection Rule

: DPP - Broadcast UK

DPP Committed to Security Programme for Broadcast

: DPP - Production UK

DPP Committed to Security Programme for Production

: FISC JP

Center for Financial Industry Information Systems

Data Protection & Privacy

Alibaba Cloud has completed independent cyber risk assessments to valid Alibaba Cloud’s security posture. Customers can leverage Alibaba Cloud’ third party cyber risk assessment report to reduce their supplier due-diligence burden.

: GDPR EU

General Data Protection Regulation

: EU Cloud CoC EU

Verification-ID: 2020LVL02SCOPE013

: PDPA SG

Personal Data Protection Act in Singapore

: PDPO HK

The Personal Data (Privacy) Ordinance in Hong Kong

: PDPA MY

Personal Data Protection Act in Malaysia

: DPTM SG

Data Protection Trustmark in Singapore

: APEC CBPR SG

APEC Cross Border Privacy Rules System (Singapore)

: APEC PRP SG

APEC Privacy Recognition for Processors System (Singapore)

Associations

Alibaba Cloud is a proud member of and proactively participates in security and privacy associations to share and collaborate the industry best practices.

: Trusted Cloud

Trusted Cloud Network

: MESA

Media & Entertainment Services Alliance

: DPP

Digital Production Partnership

: SRIW

Self-regulation Information Economy

: IAPP

International Association of Privacy Professionals

: EU Cloud CoC

EU Cloud Code of Conduct

: W3C

The World Wide Web Consortium (W3C)

Still have questions?

For requests related to security compliance and privacy, please contact the Trust Center

Contact Trust Center

Security & Privacy Compliance

Attestations & Certifications

Global

CSA STAR

ISO 27001

ISO 20000

ISO 22301

ISO 9001

ISO 27017

ISO 27018

ISO 27701

ISO 29151

BS 10012

PCI DSS

PCI 3DS

SOC1 Type II Report

SOC2 Type II Report

SOC3 Report

Regional

MTCS SG

DPTM SG

C5 DE

AIC4 DE

Trusted Cloud DE

NESA/ISR UAE

NIST US

MLPS 2.0 CN

ITSS CN

NISC JP

TRUCS CN

CTM SG

K-ISMS KR

Industry

GxP US

TISAX DE

HIPAA/HITECH US

MPA US

SEC Rule-17a US

OSPAR SG

FERPA & HECVAT US

COPPA US

DPP - Broadcast UK

DPP - Production UK

FISC JP

Data Protection & Privacy

Associations

Still have questions?

Sales Support

Technical Support

Connect & Report Abuse