New report validates IBM Cloud services are implemented against, and adhere to, the IBM Cloud Framework for Financial Services.

At IBM Cloud, we understand the importance of being able to demonstrate the effectiveness of our processes and controls to clients who look to us to help them transform and run mission-critical workloads and sensitive data on our cloud. It is paramount IBM Cloud services, datacenters, operations, technology, security and risk management practices meet industry standards and client expectations. This is especially important for highly regulated industries, including financial services, that must keep up with the ever-evolving regulatory landscape.

IBM Cloud for Financial Services™ is a first-of-its-kind cloud designed by the industry to help clients as they work to mitigate risk and accelerate cloud adoption. Central to our cloud is the IBM Cloud Framework for Financial Services developed in collaboration with industry experts, to help clients automate and monitor their security and compliance posture through security and controls built into the platform. As IBM Cloud services are onboarded to IBM Cloud for Financial Services, IBM conducts a rigorous validation process that assures the services meet IBM Cloud Framework for Financial Services technical, administrative and physical controls requirements.

In addition, IBM engages a third-party professional services firm to complete an independent review of IBM Cloud services and processes. The IBM Cloud for Financial Services Agreed Upon Procedures (AUP) Report was commissioned by IBM and completed by a big four public accounting firm in accordance with the American Institute of Certified Public Accountants (AICPA). The report demonstrates to IBM Cloud for Financial Services clients that IBM Cloud services have been implemented against, and adhere to, the IBM Cloud Framework for Financial Services technical, administrative and physical control requirements.

The report addresses controls for all Focus Areas of the IBM Cloud Framework for Financial Services including:

  • Active Monitoring & Response
  • Advanced Data Protection
  • Automated Application & Workload Protection
  • Enhanced Authentication & Access Management
  • Focused Risk Management & Compliance
  • Operational Excellence
  • Unified Infrastructure Security & Resilience

Within each focus area, there are multiple control families and controls, and the report provides details on control descriptions, procedures performed and results.

Clients can leverage the report as part of their internal risk management practices while also demonstrating due-diligence and oversight of their cloud service providers to their regulators. With this report, we aim to continue to help clients use IBM Cloud for Financial Services with a high degree of confidence and transparency.

Contact your IBM account team to obtain a copy of the AUP report.

In addition to this report, IBM Cloud compliance and trust certifications further affirm IBM’s commitment to the protection of customer data and applications.

Learn more about IBM Cloud compliance programs.


More from Cloud

IBM Tech Now: October 2, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 86 On this episode, we're covering the following topics: AI on IBM Z IBM Maximo Application Suite 8.11 IBM NS1 Connect Stay plugged in You can check out the IBM Blog Announcements for a…

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…