This topic describes the security and compliance certifications for DTS and provides links to the compliance documentation.
Alibaba Cloud DTS adheres to stringent internal and external standards for quality, service, stability, security, and compliance. The service is regularly assessed and validated by authoritative third-party organizations. These certifications help customers meet the security and compliance requirements of their specific regions and industries.
Certification | Description |
This standard defines requirements for developing, implementing, monitoring, maintaining, and improving an IT service management system. It covers areas such as service level management, incident and problem management, change management, availability management, relationship management, and configuration and release management. Alibaba Cloud obtained this certification to ensure its services and support meet business requirements and to improve quality, customer satisfaction, and operational efficiency through standardized processes. | |
The core principle of this standard is customer-centricity, with an emphasis on identifying, managing, and optimizing key business processes to improve efficiency and effectiveness. It covers planning, implementation, monitoring, correction, and improvement activities across the entire pre-delivery lifecycle, including requirement confirmation, design, R&D, testing, and sales. Alibaba Cloud obtained this certification to establish systematic, standardized quality management processes for its products and services, implement continuous improvement, ensure compliant product lifecycle management, reduce defects, and enhance customer satisfaction. | |
As one of the most widely recognized international frameworks for information security management, this standard helps organizations design and implement a comprehensive management system and control measures covering the organization, personnel, physical security, and security technologies. Alibaba Cloud uses this certification to manage physical, network, application, data, and supply chain security risks, thereby protecting information assets and enhancing business security and compliance. | |
This standard provides a management framework for establishing, implementing, maintaining, and continuously improving a business continuity management system to respond to disruptive incidents and ensure that critical business functions can be quickly restored. Alibaba Cloud obtained this certification to systematically identify potential threats, develop preventive and response measures, and refine plans for handling technical failures, cyberattacks, or other incidents. This ensures rapid recovery of critical business capabilities during emergencies and fulfills its responsibilities to customers and stakeholders through effective business continuity management. | |
This standard provides a systematic framework for cloud service security management. Based on the ISO/IEC 27001 information security management system and the ISO/IEC 27002 code of practice for information security controls, it provides additional controls and guidance for both cloud service providers and cloud service users. Alibaba Cloud obtained this certification to enhance cloud-specific controls, such as virtual machine security, data isolation, and data protection after service termination, and to manage information security risks in the cloud environment. | |
CSA STAR is a global cloud security certification and assessment program from the Cloud Security Alliance (CSA). It combines the ISO/IEC 27001 standard with the CSA's Cloud Controls Matrix to provide a transparent and trustworthy cloud security assessment framework for both cloud service providers and users. Alibaba Cloud obtained this certification to assess, improve, and certify its cloud products and services across multiple domains, including infrastructure security, network security, application security, data security, privacy protection, compliance, and risk management. | |
ISO 27701 is a privacy extension to the ISO 27001 information security management and ISO 27002 security controls standards. It integrates privacy protection principles and methods into an information security framework, covering requirements such as privacy risk management, data subject rights, data sharing and transfer, privacy by design, transparency, and incident response. Alibaba Cloud obtained this certification to establish, implement, maintain, and continuously improve its privacy information management system and controls, thereby enhancing the compliance of its data processing activities. | |
ISO 27018 code of practice for PII protection in public clouds | This standard specifically addresses privacy protection requirements for cloud service providers (CSPs) when they process personally identifiable information (PII), enhancing data security and customer trust in public cloud environments. Based on the ISO 27002 code of practice for information security controls, Alibaba Cloud implements an additional set of PII protection controls. These controls emphasize principles such as data minimization, user control, and data subject consent to strictly adhere to privacy principles when processing customer PII. |
This standard provides a best-practice framework for a personal information management system, referencing principles from the EU General Data Protection Regulation (GDPR). It helps organizations implement compliant and reliable management measures throughout the lifecycle of personal information, including its collection, storage, processing, sharing, and destruction. Alibaba Cloud obtained this certification to establish a standardized management system that reduces the risk of data breaches and misuse. This system is crucial for improving privacy management, enhancing customer trust, and meeting compliance requirements. | |
This is a certification standard for compliance management systems. It enables organizations to establish, implement, maintain, and improve their compliance management systems and processes by identifying and assessing compliance risks, ensuring adherence to applicable laws, regulations, industry standards, and internal policies. Alibaba Cloud obtained this certification to improve the efficiency and transparency of its internal compliance management, foster a culture of compliance, and promote engagement from both internal and external stakeholders. | |
The Payment Card Industry Data Security Standard (PCI DSS), developed and maintained by the PCI Security Standards Council (PCI SSC), provides a unified baseline of technical and operational requirements for protecting account data. It covers multiple areas, including security management systems, network security, physical security, and data encryption. As a cloud service provider, Alibaba Cloud adheres to this industry standard, assumes its security responsibilities on the cloud platform, and helps customers build secure data environments with its products and services. | |
MLPS Level 3 - public cloud data and development service platform (PaaS) | China's Multi-Level Protection Scheme (MLPS) requires network operators to fulfill security protection obligations to safeguard networks from interference, damage, or unauthorized access, and to prevent network data from being leaked, stolen, or tampered with. Adhering to the principles of proactive defense and comprehensive control, Alibaba Cloud has established a robust network security protection system. Each year, Alibaba Cloud's public cloud data and development service platform (PaaS) undergoes an MLPS assessment by an authoritative third-party organization to ensure its security implementation, remediation, and accountability meet national network security protection requirements. |
Trusted Cloud - cloud service user data protection capability assessment | The Trusted Cloud assessment is a professional evaluation system in China for cloud services and software, organized by the China Academy of Information and Communications Technology (CAICT). Its core objective is to establish an evaluation system for cloud service providers, help users select secure and trustworthy cloud services, and improve service quality and integrity. Alibaba Cloud has passed the Cloud Service User Data Protection Capability Assessment, demonstrating compliance with requirements for data durability, data privacy, data migration security, intrusion prevention, and service auditability across three stages: proactive prevention, in-event protection, and post-event traceability. |
Trusted Cloud - cloud computing security shared responsibility capability assessment | The Trusted Cloud assessment is a professional evaluation system for cloud services and software in China, organized by the China Academy of Information and Communications Technology (CAICT). Alibaba Cloud has passed the Cloud Computing Security Shared Responsibility Capability Assessment. Based on the Cloud Computing Security Shared Responsibility Capability Requirements standard, this assessment validates its compliance across dimensions such as the responsibility allocation model, security capability support, and service agreement transparency. |
System and Organization Controls (SOC) reports are a series of auditing standards established by the American Institute of Certified Public Accountants (AICPA). They are designed to evaluate the effectiveness of a service organization's controls, such as those at a cloud service provider, data center, or IT service company. Alibaba Cloud SOC reports are independent audit reports issued by third-party auditors that provide customers and their auditors with detailed information about the effectiveness of Alibaba Cloud's internal control mechanisms. SOC reports are available in three types:
|