Singapore’s Infocomm Media Development Authority (IMDA) has released new Advisory Guidelines (AGs) aimed at enhancing the resilience and security of Cloud Service Providers (CSPs) and Data Centre (DC) operators. These guidelines outline best practices to minimise service disruptions, reduce cybersecurity risks, and ensure business continuity across the country’s critical digital infrastructure.
Strengthening Digital Infrastructure
As digital services like online banking, ride-hailing, and e-commerce increasingly rely on cloud and data center operations, disruptions to these systems can adversely impact both businesses and society. The AGs recommend a proactive approach to addressing risks such as:
- Technical misconfigurations that can lead to service failures.
- Physical hazards including fires, water leaks, and cooling system failures.
- Cybersecurity threats like data breaches and hacking attempts.
To mitigate these risks, CSPs and DC operators are encouraged to implement risk assessments, business impact analysis, business continuity planning, and cybersecurity protocols aligned with international and industry standards.
Key Measures for Cloud Services and Data Centers
The AGs establish seven categories of security and resilience measures for Cloud Service Providers, covering:
- Security testing to prevent vulnerabilities.
- User access controls for data protection.
- Proper data governance to ensure compliance.
- Disaster recovery planning to facilitate rapid restoration of services.
For Data Centers, the guidelines focus on:
- Developing a business continuity management framework to minimize disruptions.
- Implementing cybersecurity risk measures to protect critical infrastructure.
- Regular review and enhancement of security protocols based on evolving threats.
Part of a Larger Digital Resilience Initiative
These guidelines complement existing cybersecurity regulations, including last year’s amendments to the Cybersecurity Act and the upcoming Digital Infrastructure Act (DIA), which will regulate major CSPs and DC operators. Developed in consultation with industry stakeholders, including banks, healthcare providers, and digital platforms, the AGs aim to ensure high service availability while strengthening Singapore’s digital security landscape.
IMDA has emphasized that the AGs will be continuously updated to reflect technological advancements and industry feedback, encouraging companies to conduct risk assessments and develop business continuity plans to mitigate potential disruptions.
For this article’s source information and any product certification guidance, please contact Global Validity.
Quick Country Facts
Singapore
Certification Body: Infocomm Media Development Authority (IMDA)
Certification Type: Mandatory
License Validity: 60 Months
Application Language: English
Legal License Holder: Local Representative
In-Country Testing Requirement: Testing Not Required
Access in-depth regulatory knowledge on over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form!
Global Validity is your partner for global certification success
Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch!