Service Organization Control (SOC) reports are independent, third-party reports issued by assessors certified by the American Institute of Certified Public Accountants (AICPA) addressing the risk associated with an outsourced service. The AICPA has established Trust Services Criteria (TSC) for security, availability, processing integrity, confidentiality and privacy, against which service organizations may be assessed.
A SOC 2 report evaluates the internal controls that an organization has put in place to protect customer-owned data and provides details about the nature of those internal controls.
Contact an IBM representative to request SOC 2 reports.
A SOC 2 report may be provided for IBM services that have implemented controls in accordance with their selected Trust Service Principles. The SOC 2 report demonstrates that IBM designed controls for the selected Trust Service Principles appropriately and that the controls operated effectively for the report period.
The services listed below have a SOC 2 Type 2 report available, representing a period of time during which controls were assessed. As such reports represent an assessment period in the past, a bridge letter may accompany a SOC 2 Type 2 report, in which IBM attests to service control continued performance since the last reporting period ended.
IBM Service Descriptions (SDs) indicate if a given offering maintains SOC 2 Type 2 compliance status. Services below issue SOC 2 Type 2 reports at least once each year.
Services
- IBM Cloud Activity Tracker (via Mezmo)
- IBM Cloud App ID
- IBM Cloud App Configuration
- IBM Cloud Backup
- IBM Cloud Backup for VPC
- IBM Cloud Bare Metal
- IBM Cloud Bare Metal Servers for VPC
- IBM Cloud Block Storage
- IBM Cloud Block Storage for VPC
- IBM Cloud Block Storage Snapshots for Virtual Private Cloud
- IBM Cloud Code Engine
- IBM Cloud Container Registry
- IBM Cloud Continuous Delivery
- IBM Cloud Databases for DataStax
- IBM Cloud Databases for Elasticsearch
- IBM Cloud Databases for EnterpriseDB
- IBM Cloud Databases for etcd
- IBM Cloud Databases for MongoDB
- IBM Cloud Databases for MySQL
- IBM Cloud Databases for PostgreSQL
- IBM Cloud Databases for Redis
- IBM Cloud Direct Link (1.0; Connect, Dedicated, Dedicated Hosting, Exchange)
- IBM Cloud Direct Link Connect (2.0)
- IBM Cloud Direct Link Dedicated (2.0)
- IBM Cloud DNS Services
- IBM Cloud Event Notifications
- IBM Cloud File Storage
- IBM Cloud Flow Logs for VPC
- IBM Cloud Functions
- IBM Cloud for VMware Solutions (Dedicated)
- IBM Cloud for VMware Solutions Shared
- IBM Cloud Foundry Public
- IBM Cloud Hardware Security Module
- IBM Cloud Hyper Protect Crypto Services
- IBM Cloud Internet Services Enterprise Next (via Cloudflare)
- IBM Cloud Internet Services Enterprise Package (via Cloudflare)
- IBM Cloud Internet Services Enterprise Usage Package (via Cloudflare)
- IBM Cloud Internet Services Standard (via Cloudflare)
- IBM Cloud Kubernetes Service and Red Hat® OpenShift® on IBM Cloud
- IBM Cloud Load Balancer
- IBM Cloud Messages for RabbitMQ
- IBM Cloud Monitoring (via Sysdig)
- IBM Cloud Object Storage
- IBM Cloud Object Storage (IaaS)
- IBM Cloud Platform – Core Services: Account Managment and Billing, IBM Cloud Catalog, IBM Cloud Global Search & Tagging, IBM Cloud Console, IBM Cloud Identity and Access Management and IBM Cloud Shell
- IBM Cloud Satellite
- IBM Cloud Schematics
- IBM Cloud Secrets Manager
- IBM Cloud Security and Compliance Center
- IBM Cloud Security and Compliance Center Workload Protection
- IBM Cloud Transit Gateway
- IBM Cloud Virtual Private Cloud
- IBM Cloud Virtual Private Cloud - Load Balancer for VPC: Application Load Balancer and Network Load Balancer
- IBM Cloud Virtual Private Cloud - VPN for VPC Site-to-Site Gateway and Client-to-Site Server
- IBM Cloud Virtual Private Endpoint for VPC
- IBM Cloud Virtual Server for VPC
- IBM Cloud Virtual Server for VPC - Auto Scale for VPC
- IBM Cloud Virtual Server for VPC - Dedicated Host for VPC
- IBM Cloud Virtual Servers
- IBM Cloudant Dedicated Cluster
- IBM Cloudant for IBM Cloud
- IBM Event Streams for IBM Cloud (Standard)
- IBM Event Streams for IBM Cloud (Enterprise)
- IBM Key Protect for IBM Cloud
- IBM Log Analysis (via Mezmo)
- IPSec VPN
- SAP-Certified Cloud Infrastructure