Tablestore has obtained certifications in and outside the Chinese mainland to help you meet compliance requirements. The following table describes the compliance certifications with which Tablestore complies.
Compliance certification | Description |
ISO9001 | ISO9001 is a series of quality management requirements that apply to the following scenarios:
|
ISO20000 | ISO20000 is a service management system (SMS) standard that specifies requirements for service providers to plan, establish, implement, operate, monitor, review, maintain, and improve a service management system. |
ISO22301 | ISO 22301 is a business continuity standard that helps enterprises establish an integrated management procedure. This standard helps enterprises identify and protect against potential business disruptions and establish an effective management mechanism to prevent or offset consequences when disruptions occur. |
ISO/IEC 27001 | ISO/IEC 27701 is a privacy protection extension to ISO 27001 and provides guidance for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) to strengthen privacy information management and mitigate privacy information threats. |
ISO27017 | ISO27017 provides guidelines for information security controls that are applicable to the use of cloud services by providing:
|
ISO27018 | ISO27018 is a Personally Identifiable Information (PII) standard that establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect PII. ISO27018 specifies applicable PII requirements based on the information security risks that are described in ISOIEC 27002. |
ISO29151 | ISO29151 provides many practical guidelines for enterprises to secure personal privacy and mitigate compliance risks to meet the requirements for PII protection and security assessment. |
BS10012 | The BS 10012 standard demonstrates compliance with the General Data Protection Regulation (GDPR). BS 10012 specifies the requirements for a personal information management system that is aligned to recognized best practices and helps organizations appropriately use personal information while respecting personal privacy and securing personal records related to individuals. For more information, visit the BS 10012 Personal Information Management website. |
CSA STAR | The Cloud Security Alliance Security, Trust, Assurance, and Risk (CSA STAR) is based on ISO/IEC 27001 certification and uses the maturity model and evaluation method provided by BSI to comprehensively evaluate cloud security management and technical capabilities. The CSA STAR certification program is a third-party attestation. For more information, visit the CSA-STAR official website. |
PCI DSS | The Payment Card Industry Data Security Standard (PCI DSS) specifies security requirements for assessing payment card data, including credit card numbers and Card Verification Value 2 (CVV2) codes. This standard also specifies requirements for securing accounts and storing and transmitting passwords. The PCI DSS helps secure payment card and account data. The PCI DSS sets business and technical guidelines for organizations to accept or process payment card information. The standard is intended for software developers as well as applications and device manufacturers involved in payment transactions. For more information, see PCI DDS. |
SOC 1, SOC 2, and SOC 3 | Alibaba Cloud has been issued a Cloud Service Organization Controls (SOC) report by an independent third-party auditor after the inspection and assessment of cloud services provided by Alibaba Cloud. The report explains the key controls and control objectives of Alibaba Cloud to Alibaba Cloud customers and their auditors to help customers better assess the internal control mechanisms of Alibaba Cloud and effectively manage outsourcing risks. |