About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
IBM Cloud® compliance: ISO 20243
What is ISO 20243?
ISO/IEC 20243-1:2018 is a set of guidelines, requirements and recommendations to help assure the integrity of hardware and software products and protect them from the risk of malicious threats and counterfeiting.
Although issued by the International Organization for Standardization (ISO), the standard was originally created by the Open Group as the "Open Trusted Technology Provider Standard" (O-TTPS) and is still sometimes known by that name.
ISO 20243 dictates best practices for security throughout every phase of a product’s lifecycle: design, sourcing, build, fulfillment, distribution, sustainment and disposal. A product that has achieved O-TTPS certification has demonstrated strict compliance with all of ISO 20243's security guidelines.
Reports and other documentation
ISO 20243 – IBM self-assessment certifications - Open Trusted Technology Provider™ Standard (O-TTPS)
IBM’s software products—all standardized and shared multi-tenant IBM cloud offerings, as well as IBM Systems Hardware Products—are all certified under The Open Group O-TTPS Certification Program Self-Assessed tier for O-TTPS and ISO/IEC 20243:2018. This demonstrates that IBM’s product lifecycle has implemented control requirements across three families: (1) product development; (2) secure engineering; and (3) supply chain security. IBM ISO 20243 certificates are published and generally available.