DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Story image
Alibaba Cloud gains new security accreditations
Thu, 7th Nov 2019
FYI, this story is more than a year old

Alibaba Cloud has obtained two new globally recognised security and compliance accreditations in the automobile and healthcare industries.

These underline Alibaba Cloud's ongoing commitment to meeting the highest standards across sectors and geographies, making it easier for businesses of all sizes to use cloud computing and data intelligence technologies.

Alibaba Cloud obtained the highest Level 3 assessment in TISAX (Trusted Information Security Assessment Exchange) in an audit conducted by PwC in Germany.

Founded in 2017 by the German Automobile Industry Association (VDA) and regulated by the European Network Exchange, TISAX is an automobile industry assessment of service providers' level of compliance with stringent information security requirements.

Independent auditor PwC conducted a thorough on-site inspection of Alibaba Cloud's data centers in Germany and a series of interviews to review the company's controls and management.

For Alibaba Cloud's automotive customers, the assessment will help reduce the effort and expense involved in conducting individual assessments when they engage the company to handle their highly sensitive information.

The accolade is also significant given the future of autonomous driving platforms and their use of data.

“TISAX assessment is an important benchmark for service providers in the automotive industry when it comes to safeguarding customers' highly sensitive data,” says PwC Germany cybersecurity and partner Aleksei Resetko.

“Following a thorough review of Alibaba Cloud's data centers in Germany and its internal controls across the board, we are happy to announce that the currently highest available Level 3 certification of the assessed Alibaba Cloud Services are available via the ENX portal.

Alibaba Cloud has also completed the Good “x” Practice (GxP) readiness assessment for the healthcare industry under the US Food and Drug Administration (FDA) regulations on Electronic Records and Electronic Signatures (ERES).

The audit was conducted by RSM LLC, a US-based independent third-party, but this standard will apply to Alibaba Cloud's customers in multiple jurisdictions.

The review included an assessment of the products offered by Alibaba Cloud, as well as the security controls of the platform itself and the company's ability to maintain compliance in the future.

In addition, Alibaba Cloud issued a whitepaper that looked at the requirements of the Health Insurance Portability and Accountability Act, covering the compliance of multiple products and services.

“At RSM, we understand the importance of protecting sensitive information, and we were happy to participate in the completion of important compliance efforts to further the robust security program within Alibaba Cloud. As we see with many of our clients, adherence to GxP, including regulations such as HIPAA and 21 CFR Part 11, is one of the cornerstones of a robust cloud solution,” says RSM security principal Greg Vetter.

“We continue to strive for the highest international standards and these latest achievements provide clear evidence of the successful ongoing expansion of our services. Alibaba Cloud is also fully committed to inspiring confidence in products from a broader range of customers, which third-party accreditation clearly provides.

Ensuring these high standards in the healthcare and automobile industries is a response to growing customer demand.

It is also a reflection of the levels of dynamism and innovation in these two sectors, which offer some of the biggest opportunities for cloud computing. Other business units within the Alibaba Group will also be able to leverage these accolades for their own work within these industries.

“Achieving these multiple accreditations reflects our alignment with the best providers in these industries and expands our business influence globally,” says Alibaba cloud intelligence security compliance and privacy head Yuanbin Zheng.