IBM Cloud Strengthens Compliance Posture, Expanding SOC Audited Services

1 min read

IBM Cloud continues to expand its compliance posture for Platform as a Service (PaaS) offerings with the System and Organization Controls (SOC) framework.

The System and Organization Controls (SOC) framework, developed by the American Institute of Certified Public Accountants (AICPA), is a standard for controls that protect information stored in the cloud. Certified Public Accountants (CPAs) audit cloud service providers (CSPs), resulting in internal control reports on the services provided by a service organization. SOC reports can help users assess and address the risks associated with an outsourced service.

  • SOC 1 is an audit of the internal controls at a service organization that were implemented to protect client-owned data involved in client financial reporting. SOC 1 audits and reports are based on the Statement on Standards for Attestation Engagements (SSAE 18) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402).
  • SOC 2 audits, based on the AICPA Trust Service Principles and Criteria, gauge the internal controls at a service organization that were implemented to protect customer-owned data. SOC 2 reports provide details about the nature of those internal controls.
  • SOC 3 reports are condensed, publicly available versions of the SOC 2 Type 2 audit report of controls put in place by service organizations. SOC 3 reports are intended for users that don't need the full details of a SOC 2 report.

A full list of IBM Cloud services with SOC reports available (published SOC 3 reports and options to request SOC 1 and SOC 2 reports) can be found here.

IBM Cloud Services newly audited for SOC

For SOC 1 Type 2:

For SOC 2 Type 1:

For SOC 2 Type 2:

For SOC 3 (reports published here):

Learn more

Get more information on all IBM Cloud compliance programs.

Be the first to hear about news, product updates, and innovation from IBM Cloud