IBM Cloud completed its 2023 independent review of IBM Cloud services and processes. The review report demonstrates to its clients, partners and other interested parties that IBM Cloud services have implemented and adhere to the technical, administrative and physical control requirements of IBM Cloud Framework for Financial Services.

What is the IBM Cloud Framework for Financial Services?

IBM Cloud for Financial Services® is designed to build trust and enable a transparent public cloud ecosystem with features for security, compliance and resiliency that are required by financial institutions. Financial institutions can confidently host their mission-critical applications on our cloud, enabling faster and more secure transactions.

At the core of our cloud is the IBM Cloud Framework for Financial Services™, a comprehensive set of control requirements spanning 7 Focus Areas and 21 Control Families, designed by the industry to help address security requirements and regulatory compliance obligations of financial institutions.

What is the Agreed-Upon Procedures report?

As IBM Cloud services are onboarded to IBM Cloud for Financial Services®, IBM conducts a rigorous validation assuring that services meet IBM Cloud Framework for Financial Services technical, administrative and physical controls requirements.

IBM engages a third-party professional services firm to complete an independent review of IBM Cloud services and processes against the Agreed-Upon Procedures (AUP). The IBM Cloud for Financial Services AUP Report is issued by a big four public accounting firm in accordance with the American Institute of Certified Public Accountants (AICPA).

The report addresses controls for all Focus Areas of the IBM Cloud Framework for Financial Services, including the following:

  • Active Monitoring & Response
  • Advanced Data Protection
  • Automated Application & Workload Protection
  • Enhanced Authentication & Access Management
  • Focused Risk Management & Compliance
  • Operational Excellence
  • Unified Infrastructure Security & Resilience

Within each focus area, there are multiple control families and controls, and the report provides details on control descriptions, procedures performed and results.

The report demonstrates to IBM Cloud for Financial Services clients that IBM Cloud services have been implemented against, and adhere to, the IBM Cloud Framework for Financial Services technical, administrative and physical control requirements.

In 2023, IBM Cloud expanded the AUP to include additional locations and services that articulate our commitment to expand our portfolio of compliance across IBM Cloud. The AUP report is available to clients for their internal risk management practices and for demonstrating due diligence and oversight of their cloud service providers to their regulators.

Contact your IBM account team to obtain a copy of the AUP report.

In addition to this report, IBM Cloud compliance and trust certifications further affirm IBM’s commitment to the protection of customer data and applications.

Learn more

Learn more about IBM Cloud® compliance programs Learn more about IBM Cloud for Financial Services®

More from

Private cloud use cases: 6 ways private cloud brings value to enterprise business

7 min read - As cloud computing continues to transform the enterprise workplace, private cloud infrastructure is evolving in lockstep, helping organizations in industries like healthcare, government and finance customize control over their data to meet compliance, privacy, security and other business needs.  According to a report from Future Market Insights (link resides outside ibm.com), the global private cloud services market is forecast to grow to USD 405.30 billion by 2033, up from USD 92.64 billion in 2023.  What is a private cloud? A private cloud is…

Hyperscale vs. colocation: Go big or go rent?

9 min read - Here’s the situation: You’re the CIO or similarly empowered representative of an organization. Different voices within your business are calling attention to the awesome scalability and power of hyperscale computing, which you’ve also noticed with increasing interest. Now the word comes down from on high that you’ve been tasked with designing and implementing your company’s hyperscale computing solution—whatever that should be. Your organization already has an ambitious agenda in mind for whatever IT infrastructure you wind up choosing. The company…

Accelerating scope 3 emissions accounting: LLMs to the rescue

4 min read - The rising interest in the calculation and disclosure of Scope 3 GHG emissions has thrown the spotlight on emissions calculation methods. One of the more common Scope 3 calculation methodologies that organizations use is the spend-based method, which can be time-consuming and resource intensive to implement. This article explores an innovative way to streamline the estimation of Scope 3 GHG emissions leveraging AI and Large Language Models (LLMs) to help categorize financial transaction data to align with spend-based emissions factors.…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters