At Oracle, we support customers by demonstrating compliance with various recognized schemes, including the International Organization for Standardization (ISO), Cloud Security Alliance (CSA), Service Organization Control (SOC), and others. However, we also acknowledge that customers often require more country-specific certifications. Oracle is constantly expanding its compliance portfolio to help customers meet their local compliance requirements, including in Singapore.

Today, we’re happy to announce that Oracle Cloud Infrastructure (OCI) has achieved Multi-Tier Cloud Security (MTCS) Level 3 certification for our Singapore, Japan East (Tokyo), and Japan Central (Osaka) cloud regions. Customers in Singapore can run their applications on OCI with confidence knowing that Oracle meets MTCS Level 3 security standards.

What is MTCS Level 3?

MTCS is an information security standard developed under the Information Technology Standards Committee for cloud service providers in Singapore. MTCS uses existing international compliance frameworks, such as ISO 27001, and aims to provide increased transparency on the cloud security controls that providers can offer their customers.

MTCS offers different levels of security certifications for cloud service providers, enabling cloud security providers to certify to the level that meets their users’ needs. The following list explains each level:

  • Level 1: This base level requires basic security, designed for businesses with non-critical business needs.

  • Level 2: This level requires more security controls, designed for businesses with moderate impact information systems.

  • Level 3: The most stringent, this level requires strict security controls, designed for regulated organizations with specific security requirements and critical business systems.

With OCI’s MTCS Level 3 certification, customers using Singapore or Japan cloud regions can be confident that strict security controls have been tested and validated by an independent third party.

Services in scope for MTCS

The following OCI services are included in the MTCS certification:

  • Accounts Management

  • Analytics Cloud

  • Anomaly Detection

  • API Gateway

  • Application Performance Monitoring

  • Archive Storage

  • Artifact Registry

  • Audit

  • Autonomous Database on Cloud@Customer

  • Autonomous Database on Dedicated Exadata Infrastructure

  • Autonomous Database on Shared Exadata Infrastructure

  • Bare metal and virtual machine database systems

  • Bastion

  • Block Volume

  • Blockchain Platform

  • Certificates

  • Classic Migration

  • Cloud Advisor

  • Cloud Guard

  • Cloud Shell

  • Compute

  • Console Announcements

  • Container Engine for Kubernetes

  • Content Management

  • Data Catalog

  • Data Flow

  • Data Integration

  • Data Labeling

  • Data Safe

  • Data Science

  • Data Transfer

  • Database Management

  • Database Migration

  • Database Tools

  • DDoS Protection

  • DevOps Build service

  • DevOps deployment pipelines

  • DevOps Project service

  • DevOps source code management

  • Digital Assistant

  • DNS

  • Email Delivery

  • Events

  • Exadata Cloud@Customer

  • Exadata Cloud service

  • FastConnect

  • File Storage

  • Functions

  • Fusion Analytics Warehouse

  • GoldenGate

  • Health Checks

  • Identity and Access Management (IAM)

  • Integration

  • Java Management

  • Language

  • Load Balancing

  • Logging

  • Logging Analytics

  • Management Agent

  • Marketplace: Consumer

  • Monitoring

  • MySQL Database

  • Network Load Balancing

  • Networking

  • NoSQL Database

  • Notifications

  • Object Storage

  • Operations Insights

  • Operator Access Control

  • OS Management

  • Registry

  • Resource Manager

  • Search

  • Security Zones

  • Service Connector Hub

  • Speech

  • Streaming

  • Tagging

  • Threat Intelligence

  • Vault

  • Vision

  • VMware Solution

  • VPN Connect

  • Vulnerability Scanning

  • Web Application Firewall

A focus on resiliency

With three MTCS-certified cloud regions, customers can use a cross-region deployment model to mitigate the risk of a severe region-wide event impacting their applications and cloud workloads. Customers can back up or replicate their data to another Oracle Cloud region or set up a fully active-to-active standby in another region to meet their availability and disaster recovery goals.

To learn more about OCI’s operational practices and security services for data center resilience, read our advisory, Oracle Cloud Infrastructure and the Technology Risk Management Guidelines Issued by the Monetary Authority of Singapore. It outlines OCI services and practices that can help determine the suitability of OCI for your applications and cloud workloads.

Have questions?

Oracle is committed to making our customers successful in the cloud and continue to invest in features and services to help address customers’ security and compliance needs. For more information on OCI compliance programs, see Oracle Cloud Compliance.

To request copies of our compliance reports, such as MTCS, use the compliance documents service in the Oracle Cloud Console.

If you have more questions on using Oracle Cloud in Singapore, contact one of our representatives for more information.