IBM Cloud Framework for Financial Services - Control Requirements
IBM Cloud for Financial Services™ is designed to build trust and enable a transparent public cloud ecosystem with the features for security, compliance, and resiliency that financial institutions require. Financial institutions can confidently host their mission-critical applications in the cloud and transact quickly and efficiently. With a large partner ecosystem of independent software vendors (ISVs), Software as a Service (SaaS), and fintech partners, IBM Cloud for Financial Services offers a new generation of cloud for the enterprise. Financial institutions can now deploy on public cloud to enable innovation and deliver new outstanding customer experiences, while managing stringent industry regulations for sensitive data and complex workloads.
The IBM Cloud Framework for Financial Services provides a comprehensive set of control requirements designed to help address the security requirements and regulatory compliance obligations of financial institutions and cloud best practices. The cloud best practices include a shared responsibility model across financial institutions, application providers, and IBM Cloud.
The technology-agnostic control requirements defined in the framework were built by the industry for the industry. The framework continues to enhance to incorporate evolving industry standards/requirements and currently contains 608 control requirements that span 7 focus areas and 21 control families.
See IBM Cloud Framework for Financial Services - Control Requirements v2.0 for a spreadsheet of the control requirements including change summary.
To refer to the previous version of the IBM Cloud Framework for Financial Services (i.e. v1.1), please click here.
See Getting started with IBM Cloud for Financial Services for reference architectures and prescriptive implementation guidance to help you build solutions on IBM Cloud that meet the control requirements.
Becoming IBM Cloud for Financial Services Validated
IBM designates IBM Cloud services as ‘IBM Cloud for Financial Services Validated’ when the Services have been determined by IBM to materially implement IBM Cloud Framework for Financial Services control requirements. Similarly, IBM designates ecosystem partners as ‘IBM Cloud for Financial Services Validated’ when the partners conform to the IBM Cloud for Financial Services® reference architectures and guidance and have been determined by IBM to materially implement the IBM Cloud Framework for Financial Services control requirements. Clients should review associated documentation made available by IBM and ecosystem partners to conduct their due diligence.
Through the shared responsibility model of the IBM Cloud Framework for Financial Services and the surrounding standardized processes, financial institutions and ecosystem partners get benefits such as:
- Less time that is spent by ecosystem partners demonstrating compliance and more time delivering innovative services.
- Reduction in the time and effort by financial institutions to ensure the compliance of third-party vendors, and more time spent delivering new, innovative services to their customers.
- Streamlined procurement, contracting, and onboarding within the ecosystem that leads to reduced time to market for all parties.
In addition, ecosystem partners (even those who are not yet IBM Cloud for Financial Services Validated) are encouraged to onboard to the IBM Cloud catalog.
Financial Service Validation – IBM Cloud Framework for Financial Services v1.1 vs v2.0
Since only a subset of controls are changing in IBM Cloud Framework for Financial Services v2.0 (refer to FS 2.0 controls spreadsheet above), ecosystems partners and clients leveraging IBM Cloud Services that are validated against IBM Cloud Framework for Financial Services v1.1 can count on the fact that those services are ‘hardened services’ with key security/compliance controls baked into them that meet their security/compliance and regulatory requirements.
Core IBM Cloud Services will be validated against IBM Cloud Framework for Financial Services v2.0 following established roadmap and change management processes. New ecosystem partners going through the Financial Services Validation program will be assessed against IBM Cloud Framework for Financial Services v2.0. Existing ecosystem partners that have successfully completed Financial Services Validation against IBM Cloud Framework for Financial Services v1.1, will be re-validated against IBM Cloud Framework for Financial Services v2.0 in accordance with established processes/roadmap.