About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Understanding your responsibilities when using Security and Compliance Center
Effective 15 Dec 2025, Security and Compliance Center is end of support. Any existing service instances on that date will be non-functional. Start your transition now to Security and Compliance Center Workload Protection, which is readily available and offers advanced cloud security posture management (CSPM). For more see, see Transitioning to Security and Compliance Center Workload Protection.
Learn about the management responsibilities and terms and conditions that you have when you use IBM Cloud® Security and Compliance Center. For a high-level view of the service types in IBM Cloud and the breakdown of responsibilities between the customer and IBM for each type, see Shared responsibilities for IBM Cloud offerings.
Review the following sections for the specific responsibilities for you and for IBM when you use Security and Compliance Center. For the overall terms of use, see IBM Cloud Terms and Notices.
Incident and operations management
Incident and operations management includes tasks such as monitoring, event management, high availability, problem determination, recovery, and full state backup and recovery.
| IBM Responsibilities | Your Responsibilities | |
|---|---|---|
| Ensuring high availability | Operate Security and Compliance Center in accordance with IBM Cloud Public Service Level Agreements (SLAs). | Follow high availability best practices for Cloud Object Storage, including using cross regional or global buckets as needed |
| Monitor the system | Provide integration with select third-party partnership technologies, such as IBM Cloud Logs. | Use the provided tools to review instance logs and activities. |
| Incident management | Provide notifications for planned maintenance, security bulletins, or unplanned outages. | Set preferences to receive emails about platform notifications, and monitor the IBM Cloud status page for general announcements. |
Change management
Change management includes tasks such as deployment, configuration, upgrades, patching, configuration changes, and deletion.
| IBM Responsibilities | Your Responsibilities | |
|---|---|---|
| Updates, fixes, and new features | IBM provides regular updates and bug fixes, as well as new features following a continuous delivery model in a manner transparent to the customer. | |
| Updates, fixes, or the delivery of new profiles | Release updates and new profiles in accordance with changing compliance requirements. Notify customers of changes made through release notes and change logs. | Review change logs to understand the updates and migrate to the new profile by creating new attachments. |
Identity and access management
Identity and access management includes tasks such as authentication, authorization, access control policies, and approving, granting, and revoking access.
| IBM Responsibilities | Your Responsibilities | |
|---|---|---|
| Restricting access | Provide the ability to control user access based on role. | Use Identity and Access Management (IAM) to assign access. |
Security and regulation compliance
Security and regulation compliance includes tasks such as security controls implementation and compliance certification.
| IBM Responsibilities | Your Responsibilities | |
|---|---|---|
| Meet security and compliance objectives | Provide a secure service that complies with key standards. For more information about data security, see How do I know that my data is safe? | Ensure that you are properly securing your workloads and data so that you are meeting the regulatory standards for your organization. For more information about bucket requirements for results storage, see Storing and processing data. |
Disaster recovery
Disaster recovery includes tasks such as providing dependencies on disaster recovery sites, provision disaster recovery environments, data and configuration backup, replicating data and configuration to the disaster recovery environment, and failover on disaster events.
| IBM responsibilities | Your responsibilities | |
|---|---|---|
| Back up of management and configuration data | Conduct backups of configurations such as attachments and scan settings. | |
| Back up of scan results | Conduct backups of your Cloud Object Storage data according to best practices. | |
| Recovery of configuration | Conduct recovery in the original region when availability is returned. | |
| Recovery of scan results | Conduct recovery of your Cloud Object Storage data according to best practices. |