IBX® Certifications and Standards

ISO 45001, is the internationally accepted and recognised management standard for occupational health and safety. The standard is used as a method of assessing and auditing occupational health and safety management systems.

FISC Security Guidelines (Japan) The Center for Financial Industry Information Systems established the "FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions" as security guidelines for financial institutions in Japan. It describes controls and security measures related to facilities, operations and technical infrastructure.

Hosting of health data is regulated under French law and aimed at protecting the confidentiality, integrity and availability of patients’ data. Such hosting activity can only be implemented by a hosting service provider (“HSP”) previously approved by the French Ministry of Health's Shared Healthcare Information Systems Agency (ASIP) via a Healthcare Data Hosting (HDS).

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes: covered entities (CE); all treatment providers; healthcare payment and operations; business associates; personnel with access to patient information to provide support in treatment, payment or operations. Subcontractors and business associates must also follow HIPAA compliance.

ISO 14001, the most current version being ISO 14001:2015, specifies the requirements for an environmental management system that an organisation can use to enhance its environmental performance in a systematic manner that contributes to the environmental pillar of sustainability.

An international standard for Business Continuity Management (BCM), ISO 22301 replaces British standard (BS) 25999. It specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events such as natural disasters, environmental accidents, technology mishaps and man-made crises.

An internationally recognised best practice framework that specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). ISMS is a systematic approach to managing sensitive company information including people, processes and IT systems.

ISO 50001, the most current version being ISO 50001:2011, specifies requirements for establishing, implementing, maintaining and improving an energy management system, whose purpose is to enable an organisation to follow a systematic approach in achieving continual improvement of energy performance, including efficiency, use and consumption. It has been designed to be used independently, but it can be aligned or integrated with other management systems.

ISO 9001 is a certified quality management system (QMS) for organisations who want to demonstrate their ability to consistently provide products and services that meet the needs of their customers and other relevant stakeholders.

NIST 800-53 is published by the National Institute of Standards and Technology, which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security.

Financial Institutions ('FIs') rely on the outsourced service providers to perform certain business functions. Loss of customer information or confidential data, or disruptions to critical bank services may result in reputational risk impacts or regulatory breaches. Outsourcing risks must be managed to safeguard the FIs’ operations and customers. The Association of Banks in Singapore ('ABS') has established these Guidelines on Control Objectives and Procedures for the FIs’ Outsourced Service Providers ('OSPs') operating in Singapore.

The PCI Security Standards Council offers comprehensive standards and supporting materials to enhance data security for payment cards. They include a framework of specifications, tools, measurements and support resources to help organisations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents.

SOC1 is an American Institute of Certified Public Accountants (AICPA) report used to document controls relevant to an organisation’s Internal Controls over Financial Reporting (ICFR). The report focuses on an organisation's services provided, along with supporting processes, policies, procedures, personnel and operational activities that constitute the core activities relevant to users. The auditing standards for an SOC1 report include SSAE 18 and ISAE 3402.

A standard designed for technology companies, including: data centres, IT managed services, SaaS vendors, cloud-computing based businesses and other technology. SOC2 criteria is based on the Trust Services Principles (TSP) of security, availability, processing integrity, confidentiality and privacy as well as controls outside of financial reporting.

Singapore Standard for Information and Communications Technology Disaster Recovery Services (SS507) specifies requirements for the ICT DR services. These include both those provided in-house and outsourced and covers facilities and services capability and provides fallback and recovery support to an organisation’s ICT systems. It includes the implementation, testing and execution aspects of disaster recovery but does not include other aspects of business continuity management.

SS 564 helps organisations in Singapore establish systems and processes to improve the energy efficiency of their data centres. The standard, modelled after the global ISO 50001 certification system, outlines a detailed framework for data centre energy and environmental management that's tailored to conditions in Singapore.

Trusted Site Infrastructure (TSI) is an assessment and certification program to evaluate the physical security and availability of data centers. TÜV Informationstechnik GmbH (TÜViT │ TÜV NORD GROUP) has established criteria catalogues such as the TSI.STANDARD or TSI.EN50600, which take into account international guidelines and standards and address the critical aspects of a data centre like the environment, construction, fire detection and extinguishing systems, security, cabling, power supply, air conditioning systems, organisation and documentation. The criteria catalogues are being continuously developed in order to always represent the current state of the art.

The Threat and Vulnerability Risk Assessment (TVRA) is a set of requirements issued by the MAS for all Singapore-based financial institutions with overseas physical presences. It is mandated as a control in the OSPAR and MAS documents. Its standard reference is the Singaporean Ministry of Home Affairs’ Guidelines for Enhancing Building Security in Singapore (GEBSS).

​As an independent advisory organisation, Uptime Institute is focused on improving the performance, efficiency and reliability of the business critical infrastructure that underlies today’s global information economy. Uptime Institute is recognised worldwide for the creation and administration of the Tier Standards & Certifications for Data Centre Design, Construction (Facility) and Operational Sustainability.