IBM Cloud Trust and Security
Customer data privacy commitment
- Your data is yours.
- We do not use your data for any reason except to deliver services and support to you.
- Access to your data is only granted as necessary to deliver services and support to you (i.e., least required privilege).
- Our services are designed to protect your proprietary content.
External validation commitment
- Many of our services are certified against SSAE16 SOC 2, as well as against other industry standards, as they apply.
- Many of our services are self-certified under Safe Harbor (U.S.-EU & U.S.-Switzerland), where Safe Harbor applies.
- Our own security standards are regularly reviewed against and informed by broadly accepted, industry standard best practices including:
SSAE 16 SOC 2
- Protecting your data is a top priority to us. We have standards, processes, and tools in place to protect your data, ranging from system architecture to monitoring, detection, and prevention of unauthorized access.
- We also apply our industry leading security expertise to our security standards and regularly audit our services against them.
- We provide security education and annually require IBM employees to certify that they will comply with established Business Conduct Guidelines.
- We have a world-wide security incident handling process monitored 24/7/365 by trained personnel.
High availability commitment
Services are designed to be available 24/7 subject to maintenance. You will be notified of scheduled maintenance.
Data residency commitment
- Geographic flexibility is a strength of cloud environments.
- For many of our cloud offerings, we will communicate to you where your service data is hosted.
Prior to completion of transition and integration, offerings from recent acquisitions may have different practices than those described above. The commitments defined above may be altered as required by law or regulatory structure.
To learn more about our commitment to data privacy, please visit: IBM Software Products and Software-as-a-Service Privacy Statement, the IBM Online Privacy Statement, and the terms and conditions of your service.