This article is part of our Essential Guide: Essential Guide: Data Analytics in Healthcare

Alibaba Cloud earns security credentials in automotive and healthcare sectors

Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules

Alibaba Cloud has bolstered its security credentials with new security and compliance accreditations in the automobile and healthcare industries in a bid to gain a stronger foothold in the global cloud computing market.

In the automotive sector, the cloud supplier earned the highest level 3 certification in Germany’s Trusted Information Security Assessment Exchange (Tisax), a framework used by European automobile companies to assess their service providers’ compliance with information security requirements.

The Tisax certification was awarded after an independent audit by PricewaterhouseCoopers, which inspected Alibaba Cloud’s German datacentres and interviewed Alibaba executives on the company’s security controls and management practices.

Alibaba Cloud said the certification will help automotive companies reduce the cost and effort involved in conducting their own assessments of Alibaba’s ability to handle highly sensitive information. The accolade is also significant given the future of autonomous driving platforms and their use of data, it added.

In the healthcare sector, Alibaba Cloud said it has also met the Good Practice (GxP) quality guidelines and regulations on electronic records and signatures administered by the US Food and Drug Administration.

The GxP audit was conducted by RSM, a US-based supplier of audit, tax and consulting services. Alibaba Cloud’s GxP compliance will apply to all its customers across multiple jurisdictions, however.

“At RSM, we understand the importance of protecting sensitive information, and we were happy to participate in the completion of important compliance efforts to further the robust security programme within Alibaba Cloud,” said Greg Vetter, security principal at RSM.

“As we see with many of our clients, adherence to GxP, including regulations such as HIPAA [Health Insurance Portability and Accountability Act] and 21 CFR Part 11, is one of the cornerstones of a robust cloud solution.”

Zheng Yuanbin, head of security compliance and privacy at Alibaba Cloud, said the latest accreditations will expand the company’s business influence, particularly in automotive and healthcare, which offer some of the biggest opportunities in cloud computing.

Read more about cloud in APAC

Earlier this year, Alibaba Cloud also completed an assessment for compliance with broker-dealer media requirements by the US Securities and Exchange Commission and the Financial Industry Regulatory Authority, extending its reach to more customers in the global financial industry.

Earning security certifications is key for public cloud suppliers to win over public sector and enterprise customers that have strict data protection and compliance rules.  

Besides Alibaba Cloud, other public cloud suppliers, including Amazon Web Services and Microsoft Azure, already comply with Tisax and GxP.

David Burt, senior compliance manager for trust and compliance at Microsoft Azure, said that as the automotive industry rapidly evolves to incorporate new technologies such as the internet of things (IoT), information security, and privacy are more important than ever, making specialised compliance offerings as Tisax critical to winning customer trust.

“Azure’s Tisax compliance allows many companies in the European automotive sector to leverage Azure services more easily, as well as exchange data with suppliers that are also Tisax compliant,” he added.

Read more on Cloud security

Data Center
Data Management