Certification for Enterprise Cloud

Certification overviews

The following will provide an overview of certifications acquired or planned to be acquired for the Enterprise Cloud service.

 

  • ISO/IEC 27001 (ISMS)

International standard for information security management systems. This standard systematically organizes standard procedures for establishing a security system to secure information assets and win the trust of stakeholders. ISO is the certification organization. Also known as ISMS (information security management system).

 

  • ISO/IEC 27017 (Information security controls for cloud services)

Code of practice for information security controls based on ISO27002 for cloud services. ISO27017 also organizes control measures to achieve objectives of information security management that both the customers and NTT Communications as provider of ECL2.0 have.

 

  • ISO/IEC 20000 (ITSMS)

International standard for IT service management. This standard systematically organizes standard procedures for establishing a management system to improve the quality and efficiency of IT services. ISO is the certification organization.

 

  • SOC 1

This is a report that evaluates the risk of the internal control of the commissioned party that provides outsourcing services and other commissioned business for the commissioning party and the auditor in order for their audit of financial statements. The following are equivalent standards established by national/regional auditing organizations in each country and region.

 

  • ISAE 3402 – International Standard on Assurance Engagements

International standard for assurance by public accountants that certify the effectiveness of the commissioned company’s internal controls.

  • SSAE 18 – Statement on Standards for Attestation Engagements (American standard for assurance engagements)

American Institute of Certified Public Accountants standard compliant with ISAE 3402.

  • ASCR 18 report

Auditing standard issued by the Japanese Institute of Certified Public Accountants. This is a report by a JICPA-certified auditor that evaluates the effectiveness of internal controls at the commissioned company. Recognized in Japan by the SOC name.

 

  • SOC 2

With regard to the internal control of the commissioned party, risks related to Security, Availability, Processing Integrity, Confidentiality, and Privacy are evaluated based on the Trust Service Standards in outsourcing services and other commissioned business for the commissioning party. Enterprise Cloud services are targeted at Security Type 1 (base date valuation).

 

  • Trust Service Standards

A standard set by the American Institute of Certified Public Accountants (AICPA) that certifies the effectiveness of internal control over the scope of Security, Availability, Processing Integrity, Confidentiality, and Privacy of the commissioned party providing its service. The Security is required, and other ranges can be added as needed at the commissioned party.

 

  • PCI DSS (Payment Card Industry Data Security Standard)

Global security standard for the credit industry jointly established by five companies (JCB, AMEX, Discover, MasterCard, and Visa) in September 2006 to safely protect the credit card and transaction information of card holders. PCISSC is the certification organization.

 

Certification Status for Enterprise Cloud

  • Enterprise Cloud 1.0
Certification/DC JP

(Yokohama No.1)*

JP

(Saitama No.1)

JP

(Kansai1)

ISO/IEC 27001(ISMS) Y Y Y
ISO/IEC 2000(ITSMS) Y Y Y
SOC1 Y Y Y
PCI DSS N/A Y** N/A

*Yokohama is not available for new order.

Please refer here for detailed information of Global Data Centers.

 

  • Enterprise Cloud 2.0**
Notification/Region

(DC)

JP1

(Saitama No.1)

JP2

(Osaka No.5)

JP2

(Osaka No.1)

JP4

(Tokyo No.10)

JP5

(Tokyo No.2)

JP6

(Kirakuji)

JP7

(Tokyo No.11)

ISO/IEC 27001(ISMS) Y  Y Y Y Y Y Y
 ISO/IEC 27017 (Information security controls for cloud services)  Y Y Y Y Y Y Y
ISO/IEC 20000(ITSMS) Y Y Y Y Y Y Y
SOC1 Y Y  Y Y Y Y Y
SOC2 Y Y Y Y Y Y Y
PCI DSS Y Y Y Y Y Y Y

**Service in US1, UK1, DE1, SG1 and HK1 regions for customers under contract with NTT Ltd. was terminated on March 31, 2022.

Please refer here for detailed information of Global Data Centers.