Certification for Enterprise Cloud

Certification overviews

The following will provide an overview of certifications acquired or planned to be acquired for the Enterprise Cloud service.

 

  • ISO 27001 (ISMS)

International standard for information security management systems. This standard systematically organizes standard procedures for establishing a security system to secure information assets and win the trust of stakeholders. ISO is the certification organization. Also known as ISMS (information security management system).

 

  • ISO27017 (Information security controls for cloud services)

Code of practice for information security controls based on ISO27002 for cloud services. ISO27017 also organizes control measures to achieve objectives of information security management that both the customers and NTT Communications as provider of ECL2.0 have.

 

  • ISO 20000 (ITSMS)

International standard for IT service management. This standard systematically organizes standard procedures for establishing a management system to improve the quality and efficiency of IT services. ISO is the certification organization.

 

  • SOC 1

This is a report that evaluates the risk of the internal control of the commissioned party that provides outsourcing services and other commissioned business for the commissioning party and the auditor in order for their audit of financial statements. The following are equivalent standards established by national/regional auditing organizations in each country and region.

 

  • ISAE 3402 – International Standard on Assurance Engagements

International standard for assurance by public accountants that certify the effectiveness of the commissioned company’s internal controls.

  • SSAE 18 – Statement on Standards for Attestation Engagements (American standard for assurance engagements)

American Institute of Certified Public Accountants standard compliant with ISAE 3402.

  • ASCR 18 report

Auditing standard issued by the Japanese Institute of Certified Public Accountants. This is a report by a JICPA-certified auditor that evaluates the effectiveness of internal controls at the commissioned company. Recognized in Japan by the SOC name.

 

  • SOC 2

With regard to the internal control of the commissioned party, risks related to Security, Availability, Processing Integrity, Confidentiality, and Privacy are evaluated based on the Trust Service Standards in outsourcing services and other commissioned business for the commissioning party. Enterprise Cloud services are targeted at Security Type 1 (base date valuation).

 

  • Trust Service Standards

A standard set by the American Institute of Certified Public Accountants (AICPA) that certifies the effectiveness of internal control over the scope of Security, Availability, Processing Integrity, Confidentiality, and Privacy of the commissioned party providing its service. The Security is required, and other ranges can be added as needed at the commissioned party.

  • PCI DSS (Payment Card Industry Data Security Standard)

Global security standard for the credit industry jointly established by five companies (JCB, AMEX, Discover, MasterCard, and Visa) in September 2006 to safely protect the credit card and transaction information of card holders. PCISSC is the certification organization.

 

  • MTCS (Multi-Tiered Cloud Security Management System)

MTCS is a cloud security certification operating in Singapore. Enterprise Cloud 2.0 is certified to be Iaas (Multi-Tiered Cloud Security – Level 1) compliant.

Certification Status for Enterprise Cloud

  • Enterprise Cloud 1.0
Certification/DCJP

(Yokohama No.1)*

JP

(Saitama No.1)

JP

(Kansai1)

UK

(Hemel Hempstead 2)

ISO 27001(ISMS)YYYY
ISO 2000(ITSMS)YYYY
SOC1YYYY
PCI DSSN/AY**N/AN/A

 

Certification/DCFR

(Paris 2)

ES

(Madrid 2)

SG

(Serangoon)

HK

(Tai Po)

MY

(Cyberjaya 3)

TH

(Bangna)

ISO 27001(ISMS)YYYYYY
ISO 2000(ITSMS)YYYYYY
SOC1YYYYN/AN/A
PCI DSSN/AN/AN/AN/AN/AN/A

*Yokohama is not available for new order.

**It is not available in new order. Please use PCI DSS option in Enterprise Cloud 2.0. Please contact our sales department for details.

Please refer here for detailed information of Global Data Centers.

 

  • Enterprise Cloud 2.0
Notification/Region

(DC)

JP1

(Saitama No.1)

JP2

(Osaka No.5)

JP2

(Osaka No.1)

JP4

(Tokyo No.10)

JP5

(Tokyo No.2)

US1

(Ashburn VA1)

ISO 27001(ISMS)Y YYYYY
 ISO27017 (Information security controls for cloud services) YYYYYY
ISO 20000(ITSMS)YYYYYY
SOC1YY YYYY
SOC2YYYYYN/A
PCI DSSYYYYYY
MTCSN/AN/AN/AN/AN/AN/A

Notification/Region

(DC)

UK1

(Hemel Hempstead2)

UK1

(Hemel Hempstead3)

DE1

(Frankfurt1)

FRA1

(France DATA1)

SG1

(Serangoon)

HK1

(HongKong Financial)

ISO 27001(ISMS)Y YYN/AYY
 ISO27017 (Information security controls for cloud services) YYYN/AYY
ISO 20000(ITSMS)YYYN/AYY
SOC1YY YN/AYY
SOC2N/AN/AN/AN/AN/AN/A
PCI DSSYYYN/AYY
MTCSN/AN/AN/AN/AYN/A

Please refer here for detailed information of Global Data Centers.