Compliance
IBM Cloud® Object Storage actively participates in several industry compliance programs.
This feature is not currently supported in Object Storage for Satellite. Learn more.
An updated list of our compliance certifications can always be obtained by referencing the Data Processing and Protection Datasheet available from IBM Software Product Compatibility Reports.
Clients are responsible for ensuring their own compliance with any applicable laws and regulations and are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business as well as any actions the clients may need to take to comply with such laws and regulations. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
For a listing of available certificates and instructions on obtaining pertinent reports please visit IBM Cloud Compliance page or contact an IBM Sales representative.
International Organization for Standardization (ISO)
IBM Cloud Object Storage is certified for ISO 27001, ISO 27017, and ISO 27018.
For available certificates, please refer to listings titled “IBM Cloud Services (PaaS and SaaS) certificates” on the IBM Cloud Compliance page.
System and Organization Controls (SOC)
IBM Cloud Object Storage is certified for SOC 1 Type 2, SOC 2 Type 2, and SOC 3.
Payment Card Industry (PCI) data security standards
IBM Cloud Object Storage is compliant with the PCI data security standards.
HIPAA readiness
IBM Cloud Object Storage meets the required IBM controls that are commensurate with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Privacy Rule requirements. These requirements include the appropriate administrative, physical, and technical safeguards required of Business Associates in 45 CFR Part 160 and Subparts A and C of Part 164. HIPAA readiness for IBM Cloud Object Storage applies to the following plan:
- IBM Cloud Object Storage – Standard pricing plan
If you or your company is a covered entity as defined by HIPAA, you must enable the HIPAA Supported setting on your IBM Cloud account if you run sensitive workloads that are regulated under HIPAA and the HITECH Act. HIPAA support from IBM requires that you agree to the terms of the Business Associate Addendum (BAA) agreement with IBM for your IBM Cloud account.
After you enable HIPAA Supported setting in your IBM Cloud account, you cannot disable it. See IBM Cloud Docs: Enabling the HIPAA Supported setting for additional information.
General Data Protection Regulation (GDPR) readiness
Please visit IBM's commitment to GDPR readiness page to learn about IBM’s GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey.
Privacy shield
IBM Cloud Object Storage is privacy shield certified. For more information please visit IBM Privacy Shield Privacy Policy for Certified IBM Cloud Services.