Singapore

Singapore established Personal Data Protection Act (PDPA) on October 15, 2012, which went into effect on July 2, 2014. Singapore Personal Data Protection Commission is responsible for the supervision and implementation of this Act. PDPA generally regulates organizations' collection, use, and disclosure of personal data, safeguards individuals' rights to protect their personal data, and recognizes organizations' need to collect, use, and disclose personal data for legitimate purposes. HUAWEI CLOUD Compliance with Singapore PDPA describes the services provided by Huawei Cloud for Singapore PDPA compliance and how we will help you comply with PDPA requirements.

Financial regulators in Singapore include the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS). MAS is the central bank of Singapore and main regulatory body of the financial industry. It is responsible for the supervision and management of all financial industries in Singapore, including banking, insurance, and capital market intermediaries.

To standardize the use of the information technology in the financial industry, MAS and ABS have released a series of regulatory requirements, guidelines, and notices. These requirements address risk management, outsourcing management, and cloud computing implementation of financial institutions in Singapore. The related regulatory requirements and guidelines include:

• MAS Guidelines on Outsourcing（Bank）

• MAS Technology Risk Management Guidelines

• MAS Notice on Cyber Hygiene

• ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers

• ABS Cloud Computing Implementation Guide

• MAS Notice 658 Management of Outsourced Relevant Services for Banks

• MAS Notice 1121 Management of Outsourced Relevant Services for Merchant Banks

These requirements and guidelines cover the areas of board and senior management responsibility, risk assessment, assessment of service providers, outsourcing agreements, confidentiality and security, business continuity management, and monitoring, auditing and inspection of outsourcing arrangements.

HUAWEI CLOUD Compliance with Singapore Financial Services Regulations & Guidelines describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in Singapore.

Huawei Cloud is committed to providing you with secure infrastructure and services that meet compliance requirements. Each service has built-in security functions and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and service security provided by Huawei Cloud has been reviewed and approved by independent third-party authorities and has earned security certifications from numerous organizations.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

In addition, your services need to meet the corresponding regulatory requirements. If you are under supervision of the MAS, you must submit proof of compliance with the outsourcing guidelines to the MAS.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact us or your account manager.

We have obtained the Singapore MTCS Level 3 certificate and the Outsourced Service Provider's Audit Report (OSPAR).

The Multi-Tier Cloud Security (MTCS) specification is a standard developed by the Singapore Information Technology Standards Committee. This standard requires cloud service providers (CSPs) to adopt sound risk management and security practices in cloud computing. We have earned MTSC level 3 certification, which has the most stringent requirements, for the Singapore region. This certifies that our technical security team and management processes in Singapore region are trustworthy and we can provide you with a secure, reliable, and stable cloud platform and services.

Outsourced Service Provider's Audit Report (OSPAR) is the audit framework required in the ABS Guidelines for Controlling the Objectives and Processes of Outsourcing Service Providers. Huawei Cloud has passed the OSPAR certification and is an outsourcing service provider that complies with ABS guidelines.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.