IBM Cloud’s compliance department works with independent auditors and third-party organizations to meet the industry’s most stringent guidelines, and we provide you with the reports and information you need for your own compliance needs. The physical and virtual controls of our facilities, network, and customer portal are an extension of your own, and we make it easy for you to get the information you need for your own audits. SOC 2 Secure Document Transfer
IBM Cloud provides a Service Organization Controls 2 (SOC 2), Type II report, an evaluation of IBM Cloud operational controls’ compliance to criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for services providers such as IBM Cloud to safeguard their customers’ data and information. Customers may request the current IBM Cloud SOC 2 report to contact our sales team.
Safe Harbor is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides “adequate” privacy protection, as defined by the Directive.
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. One of the mechanisms the Cloud Security Alliance uses in pursuit of its mission is the Security, Trust, and Assurance Registry (STAR) – a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings. SoftLayer STAR Consensus Assessment Initiative Questionnaire: https://cloudsecurityalliance.org/star-registrant/softlayer/
If you store or process your customers’ credit cards or banking information, data, and network security are of primary concern to your business. To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA). All of SoftLayer’s internal systems are PCI Compliant because we store and process cardholder data. We also help our customers attain PCI compliance by providing documentation of our data center and network controls to supplement their internal security controls to meet PCI standards.
The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The SoftLayer cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side. For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your SoftLayer environment. SOC 2 Secure Document Transfer
The Criminal Justice Information Systems (CJIS) Division is a division of the United States Department of Justice Federal Bureau of Investigation. CJIS Division created and published a Security Policy (CJISD-ITS-DOC-08140-5.4), which contains minimum information security requirements, guidelines, and agreements reflecting the will of law enforcement and criminal justice agencies for protecting the sources, transmission, storage, and generation of Criminal Justice Information