About IBM Cloud compliance programs
IBM Cloud® is designed for organizations that want a security-rich, open, hybrid, multicloud and manageable cloud environment.
IBM Cloud compliance and trust certifications reaffirm IBM's commitment to protection of customer data and applications. Designed with secure engineering practices, the IBM Cloud platform features layered security controls across network and infrastructure. Basic security services are included; advanced services are available as options for high-security environments.
These compliance programs and services include IBM Cloud infrastructure and IBM Cloud Platform-as-a-Service (PaaS) offerings:
| Global | US Federal Government | Industry | Regional |
|---|---|---|---|
| CSA STAR | DoD DISA | FFIEC | BaFin (Germany) |
| ISO 9001 | FedRAMP | FISC (Japan) | C5 (Germany) |
| ISO 22301 | FFIEC | GxP | EBA (EU) |
| ISO 27001 | FISMA | HIPAA | ENISA IAF (EU) |
| ISO 27017 | ITAR | HITRUST | ENS (Spain) |
| ISO 27018 | ITAR | EU Model Clauses | |
| ISO 27701 | PCI | EU-US Privacy Shield | |
| ISO 31000 | SEC Rule 17a-4(f) | FERPA (US) | |
| SOC 1 | FISC (Japan) | ||
| SOC 2 | G-Cloud (UK) | ||
| SOC 3 | GDPR (EU) | ||
| HDS (France) | |||
| IRAP (Australia) | |||
| IT-Grundschutz (Germany) | |||
| K-ISMS (South Korea) | |||
| MTCS (Singapore) | |||
| My Number Act (Japan) | |||
| NIS Directive (EU) | |||
| SCEC (Australia) |
Resource
The importance of data’s physical location
The physical location of data plays a huge role in how quickly and reliably it can be accessed by users. Learn how a global network foundation minimizes latency and strengthens security.
