Singapore: New advisory guidelines to strengthen resilience of cloud services and data centres

Singapore: New advisory guidelines to strengthen resilience of cloud services and data centres

The Singapore Infocomm Media Development Authority (“IMDA”), have, in two advisory guidelines dated 25 February 2025, issued best practices on the resilience and security of Singapore’s compute infrastructure, namely Cloud and Data Centres.

The advisory guidelines are:

The Advisory Guidelines for Resilience and Security of Cloud Services (“AG for CS”); and
The Advisory Guidelines for Resilience and Security of Data Centres (“AG for DC”).

For Cloud Services, the AG for CS covers 7 categories of measures to uplift the security and resilience of Cloud Services. Measures that CSPs are encouraged to implement relate to areas such as security testing, user access controls, proper data governance, and planning for disaster recovery.

For Data Centres (“DC”), the AG for DC provides a framework for operators to put in place a robust business continuity management system to minimise service disruptions and ensure high availability for their customers. This includes guidance on implementing business continuity policies, controls and processes, and continuously reviewing and improving them. The AG also sets out measures to address cybersecurity risks in DCs.

Cloud service providers (“CSPs”) and data centres operators (“DCOs”) are encouraged to designate an officer (such as a senior representative) to take charge of implementing the measures.

In this client update, we summarise the key aspects of the two advisory guidelines.

AG for CS

The measures are organised into 7 categories, and are in line with existing international standards (such as MTCS, ISO 27001 and CCM), with some additional measures to better address risks.

To manage the above risks, DCOs should adopt the following process:

Concluding remarks

The advisory guidelines are an additional step to boost the resilience and security of Cloud Services and DCs, following the amendments to the Singapore Cybersecurity Act last year to address the cybersecurity risks of such digital infrastructure.

Additionally, the advisory guidelines complement the upcoming introduction of a new Singapore Digital Infrastructure Act (“DIA”), which will regulate systemically important digital infrastructure such as major CSPs and DC operators.

The advisory guidelines, along with the upcoming DIA, will bolster infrastructure resilience for cloud services and data centres, and create a more secure and reliable digital environment for businesses and consumers.

Register now for your free, tailored, daily legal newsfeed service.

Singapore: New advisory guidelines to strengthen resilience of cloud services and data centres

Filed under

Topics

Industries

Popular articles from this firm

Guide on the Tokenisation of Capital Market Products *

Guidelines on wrongful dismissal of an employee in Singapore *

Further Updates: Singapore’s Tripartite Guidelines on Flexible Work Arrangement Requests to come into effect on 1 December 2024 *

Retirement Age and Re-Employment Age to be raised on 1 July 2026 and other related changes *

Further Changes to the Singapore Companies Act in 2017 *

Professional development

Related practical resources PRO

Related research hubs

Singapore

IT & Data Protection