Understanding compliance in IBM Cloud

Compliance reports

IBM Cloud provides compliance reports for some compliance regulations, for example SOC or PCI, to advise clients. The reports include details of the audit experience and can help users assess and address the high, medium, and low risks identified.

If you have an IBM Cloud account and want an infrastructure compliance report, go to https://cloud.ibm.com/classic/security/compliancereport/request. Complete the form to receive an email with the requested reports attached.

If you don't have an IBM Cloud account or want a PaaS compliance report, go to https://www.ibm.com/account/reg/us-en/signup?formid=MAIL-wcp. Complete the form and you will be contacted by an IBM representative.

General Data Protection Regulation (GDPR)

The GDPR seeks to create a harmonized data protection law framework across the EU and aims to give citizens back the control of their personal data. The GDPR imposes strict rules on those hosting and processing personal data, anywhere in the world.

IBM is committed to providing our clients and IBM Business Partners with innovative data privacy, security, and governance solutions to assist them in their journey to GDPR readiness. Data and data protection are becoming increasingly important to individuals and society. Enterprises must earn the client’s trust in their ability to steward information.

IBM Cloud is agile and scalable with built-in data security, and privacy services and solutions that can be consumed on premises or through public cloud. Our comprehensive data security platform helps safeguard sensitive data wherever it resides and provides a full range of data protection capabilities.

Environmental information

IBM Cloud, as a user and as a provider, is environmentally conscious and strives to provide power efficiency and recycling in our data centers. As such, the servers that are put in service within the IBM Cloud comply with Commission Regulation (EU) 2019/424 of 15 March 2019 laying down ecodesign requirements for servers and data storage products (EU Lot 9).

For details, see the following data sheets on our physical hardware in the cloud:

• Rack Mount Server 618U-TR4T+
• Rack Mount Server 6019U-TN4R4T
• Rack Mount Server 5019C-WR-04
• Rack Mount Server 5019S-W4TR
• Rack Mount Server 628U-TR4T+
• Rack Mount Server 6029U-E1CR4T
• Rack Mount Server 2049U-TR4-06-ST031
• Rack Mount Server 2049U-TR4-04-ST031
• Rack Mount Server 2049U-TR4-02-ST031
• Rack Mount Server SR630_1100W
• Rack Mount Server SR630_750W
• Rack Mount Server SR650
• Rack Mount Server 2U_H11DSU
• Rack Mount Server SR650v3
• Rack Mount Server 221H-TNR
• Rack Mount Server SR630v3

IBM Cloud Security and Compliance Center

For highly regulated industries, such as financial services, achieving continuous security within a cloud environment is an important first step toward protecting customer and application data. Historically, that process has been difficult and manual, which placed your organization at risk. But, with the IBM Cloud® Security and Compliance Center you can integrate automatic security checks into every day workflows that are designed to minimize risk. By monitoring for risks, you can identify security vulnerabilities and quickly work to mitigate the impact and fix the issue.

You can acheive continuous security and compliance within the IBM Cloud platform with the Security and Compliance Center. You can view your security and compliance postures from a unified dashboard. Learn more about Getting started with Security and Compliance Center.

IBM Cloud Framework for Financial Services

IBM Cloud Framework for Financial Services is designed to build trust and enable a transparent public cloud ecosystem with the specific features for security, compliance, and resiliency that financial institutions require. The IBM Cloud Framework for Financial Services is a standard set of controls, controls guidance, and architectures informed by global regulatory requirements for cybersecurity, data security, and risk management, with ongoing governance by an industry council and promontory to ensure currency with new and changed regulations.

IBM Cloud Framework for Financial Services currently applies controls (US NIST 800-53 with IBM financial services guidance) to IBM Cloud services, IBM software, and third-party ISV and SaaS providers that provide a common control approach that can be mapped to regulatory guidelines worldwide. This solution platform and ecosystem program is built on an industry-informed framework of controls, architectures, and operations that mitigates systemic risk in using the IBM public cloud for mission-critical workloads with client-sensitive data. For more informations, see Getting started with IBM Cloud for Financial Services and how to enable your account to use Financial Services Validated products.

EU support for your account

You can add an extra layer of protection to your data in the European Union. Turning on EU support for your account ensures that any support ticket that you create is sent to IBM support teams in Europe. An EU supported account is useful if, for example, you use resources to process personal data for European citizens. For more information, see Enabling EU support for your account.

HIPAA support for your account

The US Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act define standards for handling electronic healthcare transactions and information. If you or your company is a covered entity as defined by HIPAA, you must enable the HIPAA Supported setting if you run sensitive workloads that are regulated under HIPAA and the HITECH Act. By using this setting, you can filter on HIPAA Enabled services in the catalog, indicate to IBM that your account stores protected health information (PHI), and digitally accept the IBM Business Associate Addendum for covered entities. For more information, see Enabling HIPAA support for your account.