Understanding data portability for Security and Compliance Center
Effective 15 Dec 2025, IBM Cloud® Security and Compliance Center is deprecated. Any existing service instances are non-functional. Start your transition now to Security and Compliance Center Workload Protection, which is readily available and offers advanced cloud security posture management (CSPM). For more information, see Transitioning to Security and Compliance Center Workload Protection.
Data portability involves a set of tools and procedures that enable you to export the digital artifacts you need to implement similar workload and data processing on different service providers or on-premises software. It includes procedures for copying and storing the service customer content, including the related configuration that is used by the service to store and process the data, in your location.
Responsibilities
IBM Cloud services provide interfaces and instructions that guide you through the process of copying and storing the service customer content, including the related configuration, in your selected location.
You are responsible for the use of the exported data and configuration for data portability to other infrastructures, which includes:
- The planning and execution for setting up alternative infrastructure on different cloud providers or on-premises software that provide similar capabilities to the IBM services.
- The planning and execution for the porting of the required application code on the alternative infrastructure, including the adaptation of your application code, deployment automation, and so on.
- The conversion of the exported data and configuration to the format that's required by the alternative infrastructure and adapted applications.
For more information about your responsibilities, see Shared responsibilities for Security and Compliance Center.
Data export procedures
Security and Compliance Center provides mechanisms to export settings and configurations that are used to process your content. The Security and Compliance Center API documents the commands to interact with your data.
- List attachments provides a structured way to retrieve and export all relevant attachment configurations associated with an instance.
- List rules with the
type=user_definedquery parameter provides a structured way to retrieve and export all relevant custom rule configurations associated with an instance. - Settings provides a structured way to retrieve and export all relevant settings associated with an instance.
Export result data
Scan results are stored in the IBM Cloud Object Storage bucket you have configured in your instance settings. For detailed information about exporting your results, see IBM Cloud Object Storage data export procedures.
Exported data formats
Security and Compliance Center supports the following data format and schema of the exported data and configurations.
Attachment configurations
- Format: JSON
- Schema: List attachments API response
Custom rule configurations
- Format: JSON
- Schema: List rules API response
Settings
- Format: JSON
- Schema: Settings API response
Data ownership
All exported data is classified as customer content. Apply the full customer ownership and licensing rights, as stated in the IBM Cloud Service Agreement.